Enterprise grade router, when to get it?

Solution 1:

You will know that an enterprise grade router is what they need after you've:

  1. Analyzed ingress and egress traffic patterns and plotted them out over time.
  2. Taken sflow or netflow samplings and considered what the results mean for your organization
  3. Sampled data to determine who is using the network connection for what types of traffic.
  4. Implemented QOS to prioritize more important traffic and determine if that could solve the problem.
  5. Analyzed the latency of the network at all times of day to determine what could be an ISP issue and what is likely congestion on the local network.

Oh wait, a random router from bestbuy for $100 can't do those things. Ayup, it's time for an enterprise router. =)

In seriousness, you may be able to pull off a few of the above things with an off-the-shelf SOHO router. They're becoming increasingly advanced - but don't let that deceive you. Raw feature sets do not imply reliability or accuracy. I've seen more than my share of SOHO routers that touted a broad feature set but couldn't actually deliver the goods when it came crunch time.

Most importantly, you need traffic samples to determine who is doing what and when. You'll then likely want to use QOS as your first line of defense against congestion. Outright blocking of trouble sites could also be used depending on the leadership's backing. Finally, simply determine how much bandwidth they reasonably need to use and compare it to the available bandwidth on their ISP connection. If it's not enough, you'll need to discuss with them the possibility of upgrading their WAN connection.

Also consider rogue latency in the equation. I'd set up SmokePing and bounce ICMP off of several distant systems to get a long term understanding of the network's issues with latency.

One possibility is to get a cheap, low-cost connection and divert junk traffic over it. Then get a line that has an SLA and divert the most important traffic over that. As an example, at one organization I worked for we had two 20Mb Cable connections as our junk traffic connection for web browsing and other non-essential services. We had a leased T connection with an SLA as our pipe for important services like email, interfacing with our bank and etc. Most business class routers/firewalls can handle WAN failover for a reasonable price (less than $1,000).

You don't need to go bonkers and get an ASA 5510 or anything. SonicWall makes good firewalls for SMBs as well as large enterprises. You could roll your own edge device using a Linux Firewall distro like Pfsense or you could use a UTM distribution like Untangle or ClearOS. Another option is a UTM appliance like Endian. All of those devices can be done for well under $1,000 and have a litany of services you can offer your employer.

Solution 2:

Don't just assume that buying a new router is going to help. It doesn't sound like you have any usage statistics for the Internet connection. If your users are saturating the connection (downloads, Internet "radio", etc) then buying a new router won't help the problem. While a consumer-grade router may be a bottleneck it's far more likely that the Internet connection itself is the problem.

If your Ethernet switch is managed you should be able to, at the very least, get transfer counts on the port where the current router is connected. That could be helpful in determining how much of the slowness is due to exhausted bandwidth on your Internet connection (by showing the traffic flowing in and out of that port).

If your switch isn't managed you might consider using a disused PC with a couple of NICs and a Linux-based router distribution as a stopgap until you can gather data. As long a your Internet connection is less than 100Mb/sec a PC of even early 2000's vintage would be able to keep up.