As long as Cisco Systems Inc. leads the router market, competitors will continue to come up with differentiators. With Adtran Inc.’s new NetVanta 4305 access router, the differentiators are price, price, price.
Depending on configuration, the NetVanta 4305 — which Adtran began shipping in late September — can cost thousands of dollars less than similarly equipped Cisco models.
As our exclusive Clear Choice tests show, the NetVanta 4305 is a modest performer. The beta routing software still has some rough spots, including scalability issues, but the price advantage might offset these, especially for managers of small or midsize enterprise networks.
The 1U systems we tested were equipped with two fixed-port Fast Ethernet interfaces and an optional module supporting eight T-1 (1.544Mbps) serial interfaces. The NetVanta 4305’s base price includes support for IPv4 routing protocols and a stateful firewall. IPSec support is optional, as is a DSX-1 module for interconnection with PBXs.
The base NetVanta 4305 costs US$2,500, and the system as tested is priced at US$5,000. In contrast, a comparable Cisco 3725 base model lists at US$8,500.
The NetVanta’s command-line interface strongly resembles IOS, but lacks some features of its Cisco counterpart, such as redirecting command output through a pipe.
We measured performance of the NetVanta 4305 in seven ways: static routing; small- and large-table routing information protocol (RIP) routing; small-, medium- and large-table open shortest path first (OSPF) routing. We also tested IPSec tunnel capacity.
The static routing test was a best-case scenario; the goal was to show the maximum rate at which the NetVanta 4305 boxes would forward traffic without dynamic routing enabled. We then repeated the same test using either RIP or OSPF, and routing tables of various sizes. We tested in a back-to-back configuration, linking two routers with up to eight T-1 interfaces, and then repeated the tests on one router with traffic flowing between two Fast Ethernet interfaces.
In the two-router tests, throughput was slightly lower than line rate with medium or large frames, regardless of the presence or absence of dynamic routing. Tests with 256-byte frames are the most noteworthy, because that size is close to the average frame length on many enterprise networks.
These tests uncovered two anomalies. First, Adtran’s beta software supported only seven T-1s in the multilink PPP link, when dynamic routing was enabled.
Second, throughput with RIP routing didn’t scale as high as OSPF, especially when we threw short frames at the NetVanta pair. Short-frame throughput with a 240-route table (the largest we attempted) was noticeably lower than with a smaller 64-route table.
Even with RIP’s 15-hop limit, our “maximum” test case represented a relatively small network. Route redistribution and multiple paths easily can swell table size well beyond the maximum levels we used with the NetVanta 4305. With OSPF, throughput for both small and large frames degraded as table size grew.
Degraded throughput with RIP also was pronounced when we offered traffic between two Fast Ethernet interfaces on one router, where frame rates are much higher. However, tests with short frames place the greatest strain on the device being tested, and no production network carries traffic made up exclusively of 64-byte frames.
Then again, even an entry-level US$400 PC can saturate a 100Mbps circuit. Given the relatively low cost of processing power, control-plane routing events should have little if any effect on data-plane packet forwarding. Moreover, the choice of routing protocol should not have a marked effect on throughput.
Adtran officials say the company is working to optimize the routing code in the final release of this new code at the end of this month.
Another key metric — latency — improved in most cases when we enabled OSPF or RIP. For example, in two-router tests with static routing, we measured average latency of 2.017 millisec when forwarding 64-byte frames. But with RIP routing and 240 routes, average latency actually fell to 1.352 millisec.
In general, latency tests of a single router moving packets between Ethernet interfaces showed very constant results: about 0.460 millisec for 256-byte frames for most test cases. However, when we used OSPF and a 5,000-entry routing table, latency shot up nearly threefold to 1.439 millisec.
Latency in the low milliseconds is unlikely to affect performance of any application by itself, but latency is cumulative. In a network made up of many NetVanta routers, latency might grow with routing table size.
The NetVanta 4305 doesn’t match Cisco 3700 series routers when it comes to features or robustness of its routing code, but then again it doesn’t cost nearly as much. While the routing code we tested had a few unresolved issues, the NetVanta 4305 might be a cost-effective alternative in small to midsize networks.
Newman is president of Network Test, an independent benchmarking consultancy in Westlake Village, Calif.. He can be reached at [email protected].
How we did it
We tested performance of the Adtran NetVanta 4305 in seven different configurations: static routing, small- and large-table Routing Information Protocol routing, small- and medium-, and large-table Open Shortest Path First routing, and IPSec tunnel capacity.
In all routing tests, we used a pair of NetVanta 4305s connected back-to-back via up to eight T-1 circuits. Adtran engineers configured the T-1 circuits to form a single logical circuit using multilink PPP (MLPPP).
We offered traffic to each of four 100Base-T Ethernet interfaces (two on each router) using a Spirent Communications PLC’s SmartBits traffic generator/analyzer. We configured one IPv4 subnet on each Ethernet interface and offered traffic in a bidirectional, partially meshed pattern. This means traffic offered to Ethernet interfaces on one router was routed to both Ethernet interfaces on the other router, and vice versa.
In the static routing tests, we used the SmartFlow application for SmartBits to offer traffic between subnets. We measured throughput and latency for 64-, 256- and 1,518-byte Ethernet frames.
The MLPPP link between routers consisted of eight T-1 circuits in the static routing tests. In the dynamic routing tests, it consisted of only seven circuits because of a problem with the beta version of routing software on the NetVanta 4305s.
In the RIP tests, we used Spirent’s TeraRouting Interactive to bring up RIPv2 routing sessions on each Ethernet interface. We advertised either 64 or 240 routes (for the small- and large-table cases, respectively) and verified that the NetVanta routers propagated all routing information. Then we offered traffic to all routes advertised. As in the static routing tests, we measured throughput and latency for 64-, 256- and 1,518-byte Ethernet frames.
In the OSPF tests, we configured the routers so that the T-1 links were in OSPF Area 0, and the Ethernet interfaces of each router were in OSPF Area 1 and 2, respectively. We again used TeraRouting to form one OSPF adjacency with each Ethernet interface. We advertised either 64; 3,000; or 5,000 external (Type 5) link state advertisements and then offered traffic to all routes advertised. Here again, we measured throughput and latency for 64-, 256- and 1,518-byte Ethernet frames.
In the IPSec tunnel capacity tests, we used just one NetVanta 4305 router and configured the SmartBits and Spirent’s TeraVPN 4.0 software to emulate multiple remote VPN gateways. We configured TeraVPN to use the most computationally intense authentication and encryption methods, secure hashing algorithm 1 (SHA-1) and 256-bit Advanced Encryption Standard (AES-256). However, we used pre-shared keying and not the more challenging XAUTH authentication method because of a problem with the test tool.
Adtran specified that the NetVanta 4305 would support up to 1,000 concurrent tunnels, which we attempted to verify by bringing up the tunnels and sending data over each.
Testing the NetVanta 4305’s IPSec wares
In addition to its routing duties, the NetVanta 4305 also can function as an IPSec VPN gateway when equipped with an optional enhanced feature pack. This configuration is useful when connecting branch offices using IPSec tunnels or giving remote users secure access to enterprise networks. (Adtran sells an IPSec client software client for the latter purpose.)
We measured the scalability of the NetVanta 4305 router by attempting to establish 1,000 IPSec tunnels, its maximum rated capacity, and trying to send data through all tunnels using Spirent’s TeraVPN application.
The NetVanta 4305 brought up 996 of the 1,000 tunnels we attempted to set up. The remaining four tunnels never were established because of timeouts.
While no tunnel failure is desirable, network managers might be willing to live with the relatively low failure rate, especially because VPN gateways devices seldom operate at 100 percent of capacity.
It is also worth noting that we used the most stressful combination of authentication and encryption algorithms in our tests — secure hashing algorithm 1 (SHA-1) for message authentication and 256-bit Advanced Encryption Standard (AES-256) for encryption. It is possible the NetVanta 4305 would have set up the maximum 1,000 tunnels with a less stressful authentication or encryption methods, but we did not verify this.
Network World gratefully acknowledges the support of Spirent Communications, which supplied the SmartBits traffic generator/analysis and TeraRouting, SmartFlow and Tera VPN test applications.