Web Informant #323, 10 April 2003: Thick and thin routers

Most of us know what the difference between a thick and thin client is: the terms refer to the amount of software and the size of the operating system that is running on our desktop computers. Terminals and Java-based workstations (remember ThinkNic?) are thin, Windows-based PCs are thick. We are now seeing the concept evolve with routers and wireless access points, a term that I first saw in a white paper by my colleague Jim Metzler and a briefing by wireless newcomer Trapeze Networks.

Thick routers are the old familiar Cisco variety: running their own command-line operating system with thousands of parameters to tweak and tune. The thick routers need plenty of expertise to manage and maintain, which is why this entire cottage industry has been created to help people get their Cisco-certification. Because of their complexity and popularity, you can now find classes teaching IOS and routing concepts even at the high school level. I should know: I taught the equivalent of one last year at my local high school. (Well, almost: the courseware was developed by 3Com and vendor neutral, but we still got into many of the same concepts about routing and networks.)

Thin routers are also becoming familiar: these are the things that I called "frhubs" in my Home Networking Survival Guide book two years ago: a combination firewall, router, hub and even switch all in a small, usually plastic package the size of a large book. Netgear, Linksys, D-Link and others have become all quite fat from selling these thin routers. These don't have all the features of their cousins, in some cases they don't much more in the way of routing than network address translation and the most rudimentary of packet filtering. And they don't need lots of expertise: in most cases the default settings will do the job just fine. If you need to change something you don't have to mess around with the messy syntax of command lines. Instead, you can fire up a Web browser and with a few mouse clicks do the job. Usually, thick routers cost more than thin ones.

There are even routers that are semi-thin, such as the ones from Watchguard and Sonicwall. They offer many of the thicker features, but are easier to manage and don't require command-line gurus to setup. As you would expect, these routers cost somewhere in between the expensive thick routers and the cheaper thin ones.

Thick routers are better for enterprise-class deployments than thin ones: they have more controls, more flexibility, and can be managed as a group far better too. Thin routers are best for SOHO and home applications, or where there is little to no IT staff around to deal with them. The semi-thin routers in some cases can also be easily managed centrally.

The concept becomes a little harder to explain when we talk about wireless access points being thick and thin. According to Metzler, a thick AP is something that has a radio, adds routing features and handles authentication and encryption as well as overall management of the network clients. The thin AP just has the radio and rudimentary features on the other things, and is designed to work with external software tools to manage authentication and encryption elements.

You would think that the way I have explained things, thick trumps thin on the wireless AP side as well, but this isn't always true. In fact, it is usually the exact opposite of the router situation. The thick APs can be harder for enterprises to manage as a collective group, especially as users try to roam among different wireless subnets as they move about a campus and go in and out of coverage between different APs. Because each AP does its own authentication, it is a lot more work for a network administrator to maintain overall network security, which is why most wireless APs have their security turned off and why it is so easy for anyone with a wireless laptop to get access to the random urban corporate network these days.

So thin APs, because they are thin, off-load the authentication and encryption management to something else (this is where vendors like Trapeze come into the picture, in case you were wondering), and this something else is a centralized network control point that sits at the core of the network. I want to spend some more time trying out these products before I give you any further advice here, but it is worth some additional thought.

Another company to watch is Sonicwall, which has done well in the semi-thin router market and is now branching out into the semi-thin wireless AP market as well with a new product called the Soho TZW. They offer a secured separate network for the wireless users, which is a neat solution and something that I will be looking into more when I get my hands on a unit.

Of all the networking companies around these days, Cisco actually has the most interesting story, especially when you consider their pending acquisition of Linksys. Cisco can claim products in all four areas (thick and thin routers, and thick and thin APs). Well, almost. I have a hard time figuring out which of their APs are thick and which are thin, as they transition their Aironet product line. Take a look at two Cisco APs: the 1100 (which sells for about $599 list and does 802.11b only right now) and the 1200 (which sells for about $1399 list for both 802.11a/b frequencies). The 1100 runs Cisco's IOS, the operating system that is found throughout their router product line. The 1200 runs on Vxworks, the embedded OS that Cisco got with the Aironet proeduct line (although it will be upgraded to IOS later this year). Which one is thin and which one is thick? They both are somewhat in-between.

And unlike router pricing, it is harder to determine the thickness of a wireless AP based just on price. Part of the problem is that the radio is probably the most expensive part of the product and with the blooming 802.11 standards, many companies are hedging their bets by including multiple radios in their APs. This drives up the cost quickly. And then companies that have been on the lower-end of the scale, like Netgear, are now selling wireless APs that are combined with their thin routers, making it harder to figure out what is going on.

Maybe differentiating thick and thin wireless APs isn't such a good idea. But certainly this product space is getting a lot of play, and I look forward to seeing more products in the coming months. All of this is good news for wireless network administrators, who are trying hard to secure their networks from unauthorized users.