Thick And Thin Routers


Most of us know the difference between a thick and thin client; the terms refer to the amount of software and the size of the operating system that is running on our desktop computers. Terminals and Java-based workstations (remember ThinkNic?) are thin. Windows-based PCs are thick. We are now seeing the concept evolve with routers and wireless access points, a term that I first saw in a white paper by my colleague Jim Metzler and a briefing by wireless newcomer Trapeze Networks.

Thick routers are the old familiar Cisco variety, running their own command-line operating system with thousands of parameters to tweak and tune. Thick routers need plenty of expertise to manage and maintain, which is why an entire cottage industry has been created to help people get their Cisco-certification.

Thin routers are also becoming familiar. These are the things I called "frhubs" in my Home Networking Survival Guide book two years ago. They are a combination firewall, router, hub and even switch all in a small, usually plastic package the size of a large book. Netgear, Linksys, D-Link and others have all become quite fat from selling these thin routers. These don't have all the features of their cousins -- in some cases they don't much more in the way of routing than network address translation and the most rudimentary of packet filtering. And they don't need lots of expertise. In most cases, the default settings will do the job just fine. If you need to change something, you just fire up a Web browser and with a few mouse clicks do the job. Usually, thick routers cost more than thin ones.

There are even routers that are semi-thin, such as the ones from Watchguard and Sonicwall. They offer many of the thicker features, but are easier to manage and don't require command-line gurus to setup. As you would expect, these routers cost somewhere between the expensive thick routers and the cheaper thin ones.

Thick routers are better for enterprise-class deployments than thin ones. They have more controls, more flexibility and can be managed as a group far better, too. Thin routers are best for SOHO and home applications, or where there is little to no IT staff around to deal with them. The semi-thin routers in some cases can also be easily managed centrally.

The concept becomes a little harder to explain when we talk about wireless access points (AP) being thick and thin. According to Metzler, a thick AP is something that has a radio, adds routing features and handles authentication and encryption as well as overall management of the network clients. The thin AP just has the radio and rudimentary features on the other things, and is designed to work with external software tools to manage authentication and encryption elements.

You would think that the way I have explained things, thick trumps thin on the wireless AP side as well, but this isn't always true. In fact, it is usually the exact opposite of the router situation. The thick APs can be harder for enterprises to manage as a collective group, especially as users try to roam among different wireless subnets as they move about a campus and go in and out of coverage between different APs. Because each AP does its own authentication, it is a lot more work for a network administrator to maintain overall network security, which is why most wireless APs have their security turned off and why it is so easy for anyone with a wireless laptop to get access to the random urban corporate network these days.

So thin APs, because they are thin, offload the authentication and encryption management to a centralized network control point that sits at the core of the network. I want to spend some more time trying out these products before I give you any further advice here, but it is worth some additional thought.

Another company to watch is Sonicwall, which has done well in the semi-thin router market and is now branching out into the semi-thin wireless AP market as well with a new product called the Soho TZW. The company offers a secured separate network for the wireless users, which is a neat solution and something I will be looking into more when I get my hands on a unit.

Of all the networking companies around these days, Cisco actually has the most interesting story, especially when you consider its pending acquisition of Linksys. Cisco can claim products in all four areas -- thick and thin routers, and thick and thin APs. Well, almost. I have a hard time figuring out which of its APs are thick and which are thin as it transition its Aironet product line. Take a look at two Cisco APs: the 1100 (which lists for about $599 and only does 802.11b right now) and the 1200 (which lists for about $1,399 for both 802.11a/b frequencies). The 1100 runs Cisco's IOS, the operating system that is found throughout its router product line. The 1200 runs on Vxworks, the embedded OS that Cisco got with the Aironet product line. Which one is thin and which one is thick? Both are somewhat in-between.

And unlike router pricing, it is harder to determine the thickness of a wireless AP based just on price. Part of the problem is that the radio is probably the most expensive part of the product. With the blooming 802.11 standards, many companies are hedging their bets by including multiple radios in their APs. This quickly drives up the cost. And companies that have been on the lower-end of the scale, like Netgear, are now selling wireless APs that are combined with its thin routers, making it harder to figure out what is going on.

Maybe differentiating thick and thin wireless APs isn't such a good idea. But certainly this product space is getting a lot of play, and I look forward to seeing more products in the coming months. All of this is good news for wireless network administrators who are trying hard to secure their networks from unauthorized users.