When doing a vendor evaluation it is never fun process, especially if it is a company you are working with the first time. First the vendor comes in with their sales guy, even though you specifically asked to have a technical resource to come instead, they insist they want to “get a feel” for you are looking for. You get the nice brochure, you have that waste of a meeting, and if you are like me, you partially torture the guy, in mostly good fun. Then they bring their “expert” who is still unable able to answer your questions you are asking. Now finally after 2 face to face meetings, you have a 3rd with someone on the phone who has most of your answers, with the normal normal dose of kool-aid.
After all that, it is not a few week’s or months later, you want to be sure you don’t waste your time evaluating products that don’t suit your needs. So over the years, I have come across this list of evaluation criteria, that was mostly not been put together by me, but I have been using as a template. This will cross between routers, switches and firewalls, so it is more a jack of all trades list, then an all inclusive list.
If you have anything to add, please leave it in the comments.
| Feature Set | Feature |
|---|---|
| FW Core Services | |
| Zone Based policies | |
| Intra-Zone policies | |
| Object Oriented policies | |
| Time Based Policies | |
| Intrustion detection | |
| Anti Virus | |
| Anti Spam | |
| Content Filtering | |
| Web Content Filtering | |
| Web Content Filtering – Local DB | |
| Deep Packet Inspection | |
| Application Identificaion | |
| Application Profiling | |
| Caching | |
| Virtual Server Firewalling | |
| Attack Detection/reporting | |
| NAT/PAT | |
| Virtual Firewall's | |
| Unified Access Control | |
| Group Based policies | |
| User Based Policies | |
| performance | |
| Chipset | |
| L2 – High Availibility | |
| L3 – High Availabity | |
| High Availibility – MLAG | |
| Store & Forward vs Cut Through | |
| NUMBER of transactions persecond | |
| Amount of Bandwidth | |
| Express forwarding | |
| Latency Impact | |
| latenecy impact with all services turned on | |
| Maximum transmission unit (MTU) | |
| Jumbo frames support | |
| Forwarding Rate default | |
| Forwarding Rate 64byte 512byte 1500byte Jumbo frames | |
| L3 QoS physical queues | |
| L2 QoS physical queues | |
| QoS Buffers | |
| Queue depth size for priority queue | |
| Queue depth per port | |
| Queueing models support | |
| Describe physical ports to backplane architecture | |
| Describe physical ports to other physical ports architecture | |
| Packet Shapers | |
| SRR-Queue | |
| QoS – Marking/Classification – TOS | |
| QoS – Marking/Classification – DSCP | |
| QoS – Priority-Queuing | |
| QoS – Policing | |
| QoS Bypass | |
| Number of 40Gb interfaces | |
| Number of 10Gb interfaces | |
| Number of 10/100/1000Mb interfaces | |
| management | |
| CLI | |
| Dedicated Management Interface | |
| Console Access | |
| Remote CLI Access | |
| API | |
| Web management | |
| Central Management | |
| USB Console | |
| Netflow ~= SFLOW | |
| Logging | |
| Syslog | |
| AAA | |
| RADIUS | |
| SNMP/MIB2 | |
| TACACS | |
| SSHv2 | |
| Privilege Level Access | |
| L3 Support | |
| Virtual Routers? | |
| IGMP groups and multicast routes | |
| Total unicast routes | |
| Directly connected hosts | |
| TCAM | |
| Security access control entries | |
| QoS access control entries | |
| PBR access control entries | |
| Default Route/Static Route | |
| BGP – Weight | |
| BGP – AS-Filter | |
| BGP – Community (New Format) | |
| BGP – Prefix-list | |
| Route-Map ~= Route Import/Export | |
| OSPF | |
| EIGRP | |
| RIP | |
| IS-IS | |
| MPLS | |
| Multicast | |
| IPv6 | |
| L2 Support | |
| VXLAN | |
| Ethernet Autonegotiation – 10/100/1000Mb | |
| POE support | |
| Etherchannel ~= Aggregate Interface | |
| Etherchannel Hashing Mechanism | |
| Helper Address | |
| LLDP/CDP | |
| 802.1x | |
| dot1.q Trunking | |
| Native VLAN | |
| Total VLAN can define/support | |
| VTP Domain Name ~= MSTP | |
| VTP Server/Client/Transparent ~= MSTP | |
| Private VLAN | |
| Maximum number of VLANs | |
| Maximum # VLAN IDs | |
| Switched virtual interfaces (SVIs) | |
| Physical Requirments | |
| Connectors and Cabling | |
| Power Connectors | |
| Per-port status LEDs | |
| System-status LEDs | |
| Dimensions (inches) | |
| Operating temperature | |
| Operating relative humidity | |
| Acoustic Noise (range) | |
| Mean Time Between Failure (MTBF) | |
| Measured 100% Throughput Power Consumption | |
| (with Maximum PoE Loads) | |
| AC Input Voltage and Current | |
| Service and Support | |
| Redundant power supply | |
| Power Locking Mechanism | |
| Air Flow | |
| Flash memory | |
| Cost | |
| License Fee | |
| Device Cost | |
| Added Services Cost | |
| Central Management Cost | |
| Maintenance/Support Cost | |
| Additional Protocol Support | |
| NTP | |
| SPAN/RSPAN | |
| DHCP Server | |
| DHCP Relay | |
| DNS/Domain-Lookup | |
| Banner | |
| STP Portfast | |
| STP Portfast Trunking | |
| Portfast BPUDGuard | |
| LoopGuard/RootGuard | |
| Bridge Assurance | |
| QinQ | |
| Rapid STP | |
| PVST | |
| Sniffer =~ tcpdump | |
| MST |
0 Comments.