RE: Cisco vs Adtran vs Juniper

[Eric Van Tol <eric () atlantech net>]

> -----Original Message-----
> From: Paul Stewart [mailto:pstewart () nexicomgroup net]
> Sent: Friday, July 18, 2008 11:18 AM
> To: nanog
> Subject: Cisco vs Adtran vs Juniper
>
> Hi there..
>
> I'm looking for some constructive feedback on **real world**
> experiences
> please...

We use all three, so hopefully my experience can help.

> We're primarily a Cisco shop today - our core and distribution are
> all
> Cisco driven and will continue to be (won't change that so not worth
> discussing today).
>
> My question is oriented towards two other markets primarily:
>
> Security Devices
> Remote Office/Customer Site Devices
>
> Let me elaborate a bit more...
>
> Security - today, we've been deploying Cisco ASA boxes (was PIX
> before
> that) with pretty good success.  However, in comparison to Juniper
> the
> Cisco boxes are *really* expensive - at least to us anyways.  Juniper
> has nice products so I'm looking at proposing a solution internally
> to
> move towards the Juniper security appliances.  Feedback from folks on
> them vs Cisco ASA??

They both have their pros and cons, obviously.  The ASA is a big step in the right direction from the PIX.  SSL VPN 
capabilities, antivirus, and minimal IDS.  Juniper SSGs don't do SSL VPN, but do antivirus, antispam, expandable ports 
(on the SSG-20) for T1/ADSL/ISDN, etc.  We use more PIX and Juniper than ASA, but from what I've seen, the ASA is 
pretty decent.  VPN upgrades are expensive, as are other various licenses.

The Juniper SSG is also nice and reliable, but the web GUI sucks.  It works on some computers and not others and it's 
all dependent upon stupid Java, so you'll have to learn the CLI in order to reliably do anything with them.  Also, they 
charge you for their IPSec VPN client, which is nickel-and-diming, if you ask me.  When you do install it, you can't 
have it co-exist with the Cisco VPN client, at least not a couple years ago when I tried it.

We're split pretty evenly between Cisco and Juniper boxes and are happy with both.  It all really depends on the 
services you want to sell or support for your customers, as each box can do different things.

> Remote Office/Customer Site Devices - today, we do a lot of "managed
> routers" to customer sites.  Again, cost driven, I'm being pushed
> towards looking at Adtran devices for customer sites that we
> maintain.
> I have nothing against Adtran but haven't viewed them to date as
> being
> in the same "arena" as Cisco/Juniper etc..  these routers are mainly
> providing basic firewalling/NAT and some very small VPN activity at
> times.

Both Cisco and Juniper offer great options for this.  CPE from both is typically very solid.  Juniper has the added 
benefit of being able to convert their J-series boxes to Netscreen SSG firewalls and the cards are interchangeable 
between the security/J-series platforms.  Of course, this does cost you in license fees.  NAT on the J-series is a pain 
to set up and unfortunately, the default 256M flash on them is just too small to support an easy JUNOS upgrade.

The Adtran routers are very Cisco-like.  Haven't done VPN and last time (years ago) we used the firewall, it 
continually crashed the router.  I'm sure things have improved.  Main reason to use Adtran is price.  I'm personally 
more biased towards Juniper because JUNOS blows IOS out of the water, but Cisco CPE in our experience is very reliable. 
 Believe it or not, we still have 2500s out in the field!

> To take this one step further, some of our voice folks are really
> enjoying the Adtran boxes as it offers an "all in one solution" which
> is
> a router, firewall, "voice" box (many options - PRI handoff, T1,
> FXS/FXO) and in some of their boxes 24 POE switch ports as well.
> This
> is kinda cool I'll admit but the approach in the past has been to
> drop
> in a Cisco router, Adtran for voice applications, and then Cisco POE
> switches if required.  This is very costly compared to Adtran's all
> in
> one approach.... so am I being stubborn on this or is the Adtran
> products in this case in the same league??  I had some terrible track
> record with Adtran a number of years ago so my back gets up when
> their
> name is mentioned...;)

Adtran makes *decent* products.  We have hundreds of 900s and 600s deployed and physical/network stability is 
excellent.  With VoIP, they are reliable and depending on what type of signalling you're using them with, along with 
what type of softswitch, you might see some bugs and have to provide their support with debug info.  The SNMP support 
on them is pretty horrible, though.  We use the TotalAccess 600s and 900s, but I've tested the NetVanta switch before.  
It's a decent switch, but I couldn't attest to its voice capabilities as we were only testing PoE and basic layer-2 and 
layer-3 capabilities at the time.  One awesome thing about Adtran is their support - they do have a good support team 
and have 10-year warranties on their products.  And one more annoying thing about them - console access is done by 
proprietary DB-9 connectors and cables which they don't actually ship with the boxes.

As for the Cisco VoIP solution, I can tell you that we investigated Cisco a couple years ago and their solutions were 
so cost-prohibitive that it was an impossibility for our customer base.  They also required a certified CVP on-staff 
just to be able to order certain equipment.  Not sure if that's changed over the years, but it was not an option for us 
at all at the time.


-evt