-----Original Message----- From: Paul Stewart [mailto:pstewart@nexicomgroup.net] Sent: Friday, July 18, 2008 11:18 AM To: nanog Subject: Cisco vs Adtran vs Juniper
Hi there..
I'm looking for some constructive feedback on **real world** experiences please...
We use all three, so hopefully my experience can help.
We're primarily a Cisco shop today - our core and distribution are all Cisco driven and will continue to be (won't change that so not worth discussing today).
My question is oriented towards two other markets primarily:
Security Devices Remote Office/Customer Site Devices
Let me elaborate a bit more...
Security - today, we've been deploying Cisco ASA boxes (was PIX before that) with pretty good success. However, in comparison to Juniper the Cisco boxes are *really* expensive - at least to us anyways. Juniper has nice products so I'm looking at proposing a solution internally to move towards the Juniper security appliances. Feedback from folks on them vs Cisco ASA??
They both have their pros and cons, obviously. The ASA is a big step in the right direction from the PIX. SSL VPN capabilities, antivirus, and minimal IDS. Juniper SSGs don't do SSL VPN, but do antivirus, antispam, expandable ports (on the SSG-20) for T1/ADSL/ISDN, etc. We use more PIX and Juniper than ASA, but from what I've seen, the ASA is pretty decent. VPN upgrades are expensive, as are other various licenses. The Juniper SSG is also nice and reliable, but the web GUI sucks. It works on some computers and not others and it's all dependent upon stupid Java, so you'll have to learn the CLI in order to reliably do anything with them. Also, they charge you for their IPSec VPN client, which is nickel-and-diming, if you ask me. When you do install it, you can't have it co-exist with the Cisco VPN client, at least not a couple years ago when I tried it. We're split pretty evenly between Cisco and Juniper boxes and are happy with both. It all really depends on the services you want to sell or support for your customers, as each box can do different things.
Remote Office/Customer Site Devices - today, we do a lot of "managed routers" to customer sites. Again, cost driven, I'm being pushed towards looking at Adtran devices for customer sites that we maintain. I have nothing against Adtran but haven't viewed them to date as being in the same "arena" as Cisco/Juniper etc.. these routers are mainly providing basic firewalling/NAT and some very small VPN activity at times.
Both Cisco and Juniper offer great options for this. CPE from both is typically very solid. Juniper has the added benefit of being able to convert their J-series boxes to Netscreen SSG firewalls and the cards are interchangeable between the security/J-series platforms. Of course, this does cost you in license fees. NAT on the J-series is a pain to set up and unfortunately, the default 256M flash on them is just too small to support an easy JUNOS upgrade. The Adtran routers are very Cisco-like. Haven't done VPN and last time (years ago) we used the firewall, it continually crashed the router. I'm sure things have improved. Main reason to use Adtran is price. I'm personally more biased towards Juniper because JUNOS blows IOS out of the water, but Cisco CPE in our experience is very reliable. Believe it or not, we still have 2500s out in the field!
To take this one step further, some of our voice folks are really enjoying the Adtran boxes as it offers an "all in one solution" which is a router, firewall, "voice" box (many options - PRI handoff, T1, FXS/FXO) and in some of their boxes 24 POE switch ports as well. This is kinda cool I'll admit but the approach in the past has been to drop in a Cisco router, Adtran for voice applications, and then Cisco POE switches if required. This is very costly compared to Adtran's all in one approach.... so am I being stubborn on this or is the Adtran products in this case in the same league?? I had some terrible track record with Adtran a number of years ago so my back gets up when their name is mentioned...;)
Adtran makes *decent* products. We have hundreds of 900s and 600s deployed and physical/network stability is excellent. With VoIP, they are reliable and depending on what type of signalling you're using them with, along with what type of softswitch, you might see some bugs and have to provide their support with debug info. The SNMP support on them is pretty horrible, though. We use the TotalAccess 600s and 900s, but I've tested the NetVanta switch before. It's a decent switch, but I couldn't attest to its voice capabilities as we were only testing PoE and basic layer-2 and layer-3 capabilities at the time. One awesome thing about Adtran is their support - they do have a good support team and have 10-year warranties on their products. And one more annoying thing about them - console access is done by proprietary DB-9 connectors and cables which they don't actually ship with the boxes. As for the Cisco VoIP solution, I can tell you that we investigated Cisco a couple years ago and their solutions were so cost-prohibitive that it was an impossibility for our customer base. They also required a certified CVP on-staff just to be able to order certain equipment. Not sure if that's changed over the years, but it was not an option for us at all at the time. -evt