English
中文 The idea that Cisco's products are "hardware based" when compared to the two software-based routers reviewed here is a little misleading. Cisco's routers contain a power supply, internal bus, memory (main), storage (flash), a processor and an operating system -- just like any PC. They also have specialized network cards (contained in "modules") capable of handling just about every connection imaginable. In short, Cisco's hardware is nothing more than a specialized computer with modular plug-ins. The major difference is that Cisco's operating system (they call it an "IOS") includes the routing software, whereas the softrouter products we reviewed operate on the Windows family of operating systems. As a result, compatibility problems between the various subsystems of a Cisco router are all but nonexistent. Here are some other comparisons:
认为思科的产品是“基于硬件”的想法相比,这里审查的两个软件路由器是有点误导。思科的路由器包括电源、内部总线、内存(主)、存储器(闪存)、处理器和操作系统——就像任何 PC 一样。它们还有专门的网卡(包含在“模块”中) ,能够处理几乎所有可以想象的连接。简而言之,思科的硬件只不过是一台具有模块化插件的专用计算机。主要区别在于思科的操作系统(他们称之为“ IOS”)包括路由软件,而我们评论的软水槽产品运行在 Windows 系列的操作系统上。因此,Cisco 路由器的各个子系统之间的兼容性问题几乎不存在。下面是一些其他的比较:
COST: Cisco routers will run the small to midsize organization anywhere between $300 and $6,000, depending upon the number of and throughput support of subnets, the type and speed of the uplink, the security options and whether you need voice support. Let's take one of the more common routers in use today -- the Cisco 4500-M. Its throughput capabilities are similar to the systems we tested. The 4500-M supports one 155M bit/sec ATM OC-3 Module, two T-1 ports supporting up to 2.048M bit/sec and up to 16 128K bit/sec low-speed ports. An 800-MHz PC can handle this much bandwidth, which is hardly surprising. Although the 4500-M's components are optimized to do just one thing -- route -- its Reduced Instruction Set Computing processor is only 100 MHz, and its main memory tops out at 32M bytes. If you compare the cost difference for the memory alone, 256M bytes of PC-133 memory for high-end Pentium III's cost just $100, less than one-twentieth the cost per megabyte for that used in the Cisco router.
成本: 根据子网的数量和吞吐量支持、上行链路的类型和速度、安全选项以及是否需要语音支持,Cisco 路由器将在300美元到6000美元之间的任何地方运行中小型组织。让我们以目前使用较为普遍的路由器之一—— Cisco 4500-M 为例。它的吞吐量能力与我们测试的系统相似。4500-M 支持一个155m 位/秒的 ATM oc-3模块,两个 t-1端口支持高达2.048 m 位/秒和高达16个128k 位/秒的低速端口。一台800兆赫的 PC 能够处理这么大的带宽,这并不令人惊讶。尽管4500-m 的组件被优化为只能做一件事情---- 路由---- 它的精简指令集处理器只有100mhz,而且它的主存最高可达32m 字节。如果你比较一下内存的成本差异,2.56亿字节的 pc-133内存的高端奔腾 III 的成本只有100美元,不到思科路由器每兆字节成本的二十分之一。
However, cost isn't everything, and appearances can be deceiving. The 4500-M has a lot of advantages over a comparably equipped software/PC product, including more built-in LAN and WAN protocols, optimized WAN services, and the ability to centrally install and manage your internetworking infrastructure. Besides -- you'll gain a greater uptime rating with a Cisco or other mainstream router product than you will with one that runs as an application or a service on Windows. It still costs $2,000 more than either of the softrouters (including the server hardware) we reviewed, and that doesn't include hiring the services of a Cisco-certified installer. Before making a decision, first consider the target market.
然而,成本并不是一切,外表可能具有欺骗性。4500-M 比同等配备的软件/PC 产品有许多优点,包括更多内置的局域网和广域网协议、优化的广域网服务,以及集中安装和管理互联网基础设施的能力。除此之外---- 你使用思科或其他主流路由器产品的正常运行时间会比使用 Windows 应用程序或服务的正常运行时间更长。它仍然比我们评测的任何一款软件(包括服务器硬件)贵2000美元,这还不包括聘请思科认证的安装程序员。在作出决定之前,首先要考虑目标市场。
PRODUCT POSITION: Tiny Software's WinRoute Pro is more appropriate for a branch office, while Vicomsoft's Internet Gateway is lends itself toward the corporate office, particularly because it can handle multiplee connections from branch offices, or even dial-up users (via a pooled remote-access server). Some corporations are beginning to take their workgroups, with their specific security requirements, and throw them behind software-based network address translation (NAT) routers such as these.
产品定位: Tiny Software 的 WinRoute Pro 更适合分支机构,而 Vicomsoft 的 Internet Gateway 则适用于公司办公室,特别是因为它可以处理来自分支机构的多路连接,甚至可以处理拨号用户(通过汇集的远程访问服务器)。一些公司开始利用他们的工作组,以及他们特定的安全需求,把它们放在基于软件的网络地址转换(NAT)路由器之后。
Can either product handle the needs of a large corporation, say, with 5,000 users or more? Many such corporations often connect to the Internet with nothing more than one or two T-1 lines, for less than 5M bit/sec bandwidth. Both products can handle up to six times that throughput on a fast PC. Still, Internet Gateway limited itself to 1,024 users if DHCP was being used, and WinRoute Pro's e-mail services would add significant overhead if used by more than a few dozen people. Whether you would ever use either of these products in that large and diverse of an environment would depend entirely upon your current and future internetworking needs. Most such corporations would require the significantly more diverse capabilities delivered by Cisco's line of higher-end routers.
这两种产品都能满足大公司的需求吗? 比如说,拥有5000或更多用户的公司?许多这样的公司通常只用一条或两条 t-1线连接互联网,带宽不到5m 位/秒。这两种产品在一台快速个人电脑上的吞吐量都可以达到这个数字的六倍。尽管如此,如果使用 DHCP,Internet Gateway 将自身限制为1024个用户,而且如果超过几十人使用 WinRoute Pro 的电子邮件服务,将增加大量开销。您是否会在如此庞大和多样化的环境中使用这两种产品中的任何一种,将完全取决于您当前和未来的网络互联需求。大多数这样的公司将需要思科系列高端路由器提供的更多样化的功能。
RELIABILITY: If you installed these products on a clean system, with the latest service packs and security patches, and didn't load any other software, and enabled NAT, they'd be just as secure as any offering by Cisco. The "blue screen of death" is a phenomenon usually related to cutting-edge video cards (and their newly written drivers) or buggy network card drivers.
可靠性: 如果你将这些产品安装在一个干净的系统上,使用最新的服务包和安全补丁,并且不加载任何其他软件,同时启用 NAT,那么它们将和思科提供的任何产品一样安全。“蓝屏死机”是一种现象,通常与尖端视频卡(及其新编写的驱动程序)或有缺陷的网卡驱动程序有关。
Although NAT was originally designed for IP consolidation and conservation, it doesn't operate from within the operating system, but installs itself between the hardware layer and the IP stack, and so has unfettered access to and control over all packets before they can be of any harm. The result is increased security. NAT is integral to Internet Gateway and WinRoute Pro, while Cisco uses NAT in its IOS with full NAT capability in IOS Versions 12.0 and beyond. Both implementations adhere to RFC 1631, which describes IP NAT in detail.
虽然 NAT 最初是为 IP 整合和保护而设计的,但它并不是在操作系统内部运行,而是在硬件层和 IP 栈之间安装自己,因此在所有数据包可能造成任何危害之前,它可以自由访问和控制所有数据包。其结果是安全性得到提高。NAT 是 Internet Gateway 和 WinRoute Pro 不可或缺的一部分,而 Cisco 在 IOS 版本12.0和更高版本中使用了全面的 NAT 能力。两个实现都遵循 RFC 1631,其中详细描述了 IP NAT。
Cisco's depth of experience in internetworking is clear in its implementation of NAT because it not only hides the IP address of internal users from the outside, but it can also hide the IP address of external source addresses from those on the inside, which is a good way to keep key internetworking resources hidden from potentially malicious employees.
思科在网络互联方面的丰富经验在 NAT 的实现上是显而易见的,因为它不仅可以对外隐藏内部用户的 IP 地址,而且还可以对内部用户隐藏外部源地址的 IP 地址,这是保护关键网络资源不被潜在的恶意雇员发现的好方法。
If you want to keep the bad guys out of your network, there's really no difference between the two in terms of their level of security. Even Cisco's use of NAT in PIX is fundamentally the same as its use in its IOS. Still, Cisco's routers are significantly better at resisting denial-of-service attacks, mainly because Cisco's IOS is both the operating system and the routing/security software in one package. Not only is this far more condensed and less complicated than Windows, but it also tends to be significantly faster, and can be quickly updated by Cisco whenever it learns of a new type of attack -- much like Symantec can update its virus definition files several times an month. The Cisco approach is far more condensed and less complicated than Windows, and tends to be significantly faster. It also can be quickly updated whenever Cisco learns of a new type of attack -- much like Symantec can update its virus definition files several times an month.
如果你想让坏人远离你的网络,这两者在安全级别上真的没有什么区别。甚至思科在 PIX 中使用的 NAT 和它在 IOS 中使用的 NAT 是完全一样的。不过,思科的路由器在抵御拒绝服务攻击方面明显优于其他路由器,这主要是因为思科的 IOS 既是操作系统,又是一个路由/安全软件包。它不仅比 Windows 更简洁、更简洁,而且速度更快,一旦思科发现新型攻击,它就可以迅速更新---- 就像赛门铁克一个月可以更新几次病毒定义文件一样。思科的方法远比 Windows 更简洁、更简单,而且往往要快得多。它还可以在思科发现新型攻击时迅速更新——就像赛门铁克每月可以更新病毒定义文件数次一样。
This story, "Soft vs. hard routers" was originally published by Network World.
这个故事,“软与硬路由器”最初由网络世界出版。
