For the past five years I’ve been in a relationship that I’ve had no business getting involved with. That is, with Cisco networking equipment. Back in 2010, a friend decided to begin learning Cisco and to obtain his CCNA with a view to becoming a network engineer. Because I can’t resist fiddling with technology, I soon picked up enough to build networks, and eventually had built four of them using Cisco routers and switches. Unfortunately, there’s a few downsides to using Cisco, which I’ll cover below. In part two of the Networking 2015 series, I’ll introduce the technology I’m replacing the Cisco equipment with.
Cost, Licensing, and basic functionality
Back in 2010, there wasn’t a whole lot of choice for good routers beyond the cheap, plastic consumer-grade ones. There was Draytek which did and continue to make a nice range of routers, but they were expensive. This made the initial proposition for using Cisco much easier, in 2010, for around the £50 range, you could get a 2600XM series, which was a mid-range 10/100 two port router. In 2015, you can buy a 2820 or 2850 which are gigabit routers supporting a much wider range of accessories and interfaces, plus offer two gigabit ports as standard.
Where Cisco falls down is if you want to move beyond the base configuration, which remains somewhat limited. Out of the box, all the devices can give you rock solid routing, but if you want a VPN end point, or some of the real clever functionality, then you need to upgrade to a higher version of the IOS operating system. Once upon a time, this meant finding the image on the internet and flashing it to the device. For students this was great since it meant you could easily access the advanced features you may have found in commercial networks. With the newest series of Cisco routers and switches however, this has all changed. No longer can you upgrade by flashing a newer version of the operating system. Now you have to purchase cryptographically singed licence keys from Cisco, at considerable cost.
Sticking on the topic of cost, adding ports to a device remains considerably expensive. On eBay today, a single 10/100 expansion port sells for £160, meaning a cheap router can still become very expensive to configure. The costs are worse though if we look at new off the shelf equipment. A 24 port L3 gigabit switch with dual 10 gigabit uplinks costs around £1250 from TP-Link, and around £4000 from Cisco. Given that switches, even at layer 3 are generally dumb devices, that is a huge premium to justify. It also goes a long way to explaining why many companies are shying away from solely using Cisco.
Network design and configuration
Once you’ve got your equipment properly specified and licenced, it’s time to build your network. With Cisco equipment this means you have two choices. The command line via a serial terminal, although some of the newest devices do offer a USB serial connection. Or you can use the hideous Cisco Configuration Professional. This is not to be recommended however, since it makes use of the unholy trinity of Java, Flash, and Internet Explorer. Add to that the fact it is slow, and occasionally decides to lose the SSH keys it needs to communicate with the device, neither choice is appealing.
Looking back at some of the previous Cisco configurations I have done for routers, you:
- Set the global settings and secure the device
- Configure your interfaces
- Configure dialers
- Configure Access Control Lists
- Curse at the blasted thing until it works properly
If you then want to take the configuration further, perhaps with a VPN, and you’ve not done the Cisco certification then you’re in real trouble. Whereas with a Draytek, you can work figure it out, with the Cisco devices, there’s no help.
What’s good about Cisco
In the interest of balance, let’s revisit the reason I initially chose Cisco network devices: Reliability. When you look at a half decent domestic-grade router, you are actually buying multiple devices bundled into a single, usually tacky, plastic case. There’s a network router, firewall, a switch, wireless access point, and in some cases, print and storage servers. This is all good, especially when it only costs £60. There is however a flip-side. I have had many domestic class routers, all of which at one point or another begin to misbehave until such point that they’re rebooted. Not so with Cisco, one of the routers I look after, an 1841 had an uptime well over a year, and the only reason it was shut down was that the UPS it run off needed a battery change.
This brings us to another advantage of enterprise class network hardware. The devices are generally supported for a long period of time, well after they’ve gone off sale. This means that you can generally get security patches for your network for 5-7 years. With a domestic router, as soon as it’s off sale, it’s like it never existed in terms of support. That said, if you ask most people when they updated their router, they’d look at you as if you’re some sort of crazy person.