[106053] in North American Network Operators' Group
RE: Cisco vs Adtran vs Juniper
daemon@ATHENA.MIT.EDU (Eric Van Tol)
Fri Jul 18 11:50:42 2008
From: Eric Van Tol <eric@atlantech.net>
To: "'Paul Stewart'" <pstewart@nexicomgroup.net>, nanog <nanog@merit.edu>
Date: Fri, 18 Jul 2008 11:49:58 -0400
In-Reply-To: <89D27DE3375BB6428DDCC2927489826A0166CF01@nexus.nexicomgroup.net>
Errors-To: nanog-bounces@nanog.org
> -----Original Message-----
> From: Paul Stewart [mailto:pstewart@nexicomgroup.net]
> Sent: Friday, July 18, 2008 11:18 AM
> To: nanog
> Subject: Cisco vs Adtran vs Juniper
>
> Hi there..
>
> I'm looking for some constructive feedback on **real world**
> experiences
> please...
We use all three, so hopefully my experience can help.
> We're primarily a Cisco shop today - our core and distribution are
> all
> Cisco driven and will continue to be (won't change that so not worth
> discussing today).
>
> My question is oriented towards two other markets primarily:
>
> Security Devices
> Remote Office/Customer Site Devices
>
> Let me elaborate a bit more...
>
> Security - today, we've been deploying Cisco ASA boxes (was PIX
> before
> that) with pretty good success. However, in comparison to Juniper
> the
> Cisco boxes are *really* expensive - at least to us anyways. Juniper
> has nice products so I'm looking at proposing a solution internally
> to
> move towards the Juniper security appliances. Feedback from folks on
> them vs Cisco ASA??
They both have their pros and cons, obviously. The ASA is a big step in th=
e right direction from the PIX. SSL VPN capabilities, antivirus, and minim=
al IDS. Juniper SSGs don't do SSL VPN, but do antivirus, antispam, expanda=
ble ports (on the SSG-20) for T1/ADSL/ISDN, etc. We use more PIX and Junip=
er than ASA, but from what I've seen, the ASA is pretty decent. VPN upgrad=
es are expensive, as are other various licenses.
The Juniper SSG is also nice and reliable, but the web GUI sucks. It works=
on some computers and not others and it's all dependent upon stupid Java, =
so you'll have to learn the CLI in order to reliably do anything with them.=
Also, they charge you for their IPSec VPN client, which is nickel-and-dim=
ing, if you ask me. When you do install it, you can't have it co-exist wit=
h the Cisco VPN client, at least not a couple years ago when I tried it.
We're split pretty evenly between Cisco and Juniper boxes and are happy wit=
h both. It all really depends on the services you want to sell or support =
for your customers, as each box can do different things.
> Remote Office/Customer Site Devices - today, we do a lot of "managed
> routers" to customer sites. Again, cost driven, I'm being pushed
> towards looking at Adtran devices for customer sites that we
> maintain.
> I have nothing against Adtran but haven't viewed them to date as
> being
> in the same "arena" as Cisco/Juniper etc.. these routers are mainly
> providing basic firewalling/NAT and some very small VPN activity at
> times.
Both Cisco and Juniper offer great options for this. CPE from both is typi=
cally very solid. Juniper has the added benefit of being able to convert t=
heir J-series boxes to Netscreen SSG firewalls and the cards are interchang=
eable between the security/J-series platforms. Of course, this does cost y=
ou in license fees. NAT on the J-series is a pain to set up and unfortunat=
ely, the default 256M flash on them is just too small to support an easy JU=
NOS upgrade.
The Adtran routers are very Cisco-like. Haven't done VPN and last time (ye=
ars ago) we used the firewall, it continually crashed the router. I'm sure=
things have improved. Main reason to use Adtran is price. I'm personally=
more biased towards Juniper because JUNOS blows IOS out of the water, but =
Cisco CPE in our experience is very reliable. Believe it or not, we still =
have 2500s out in the field!
> To take this one step further, some of our voice folks are really
> enjoying the Adtran boxes as it offers an "all in one solution" which
> is
> a router, firewall, "voice" box (many options - PRI handoff, T1,
> FXS/FXO) and in some of their boxes 24 POE switch ports as well.
> This
> is kinda cool I'll admit but the approach in the past has been to
> drop
> in a Cisco router, Adtran for voice applications, and then Cisco POE
> switches if required. This is very costly compared to Adtran's all
> in
> one approach.... so am I being stubborn on this or is the Adtran
> products in this case in the same league?? I had some terrible track
> record with Adtran a number of years ago so my back gets up when
> their
> name is mentioned...;)
Adtran makes *decent* products. We have hundreds of 900s and 600s deployed=
and physical/network stability is excellent. With VoIP, they are reliable=
and depending on what type of signalling you're using them with, along wit=
h what type of softswitch, you might see some bugs and have to provide thei=
r support with debug info. The SNMP support on them is pretty horrible, th=
ough. We use the TotalAccess 600s and 900s, but I've tested the NetVanta s=
witch before. It's a decent switch, but I couldn't attest to its voice cap=
abilities as we were only testing PoE and basic layer-2 and layer-3 capabil=
ities at the time. One awesome thing about Adtran is their support - they =
do have a good support team and have 10-year warranties on their products. =
And one more annoying thing about them - console access is done by proprie=
tary DB-9 connectors and cables which they don't actually ship with the box=
es.
As for the Cisco VoIP solution, I can tell you that we investigated Cisco a=
couple years ago and their solutions were so cost-prohibitive that it was =
an impossibility for our customer base. They also required a certified CVP=
on-staff just to be able to order certain equipment. Not sure if that's c=
hanged over the years, but it was not an option for us at all at the time.
-evt
