edge router

What is an edge router?

An edge router is a specialized router located at a network boundary that enables an internal network to connect to external networks. They are primarily used at two demarcation points: the wide area network (WAN) and the internet.

How edge routers work

The edge router typically sends or receives data directly to or from other organizations' networks, using either static or dynamic routing capabilities. Handoffs between the campus network and the internet or WAN edge primarily use Ethernet -- typically, Gigabit Ethernet (GbE) over copper or over single or multimode fiber optics.

In some instances, an organization maintains multiple isolated networks of its own and uses edge routers to link them together instead of using a core router.

Edge routers are often hardware devices, but their functions can also be performed by software running on a standard X86 server.

At its most essential level, the internet can be viewed as the sum of all the interconnections of edge routers across all participating organizations, from its periphery -- small business and home broadband routers, for example -- all the way to its core, where major telecom provider networks connect to each other via massive edge routers.

edge router corporate deployment
A typical corporate deployment of an edge router, in which the edge router connects the corporate LAN and DMZ to the public internet through a series of firewall policies that filter potentially malicious traffic.

Uses of edge routers

In general, edge routers accept inbound customer traffic into the network. Edge routers play a fundamental role as more services and applications begin to be managed on an organization's network edge rather than in its data center or in the cloud. Services considered suitable for edge router management include wireless capabilities often built into network edge devices, Dynamic Host Configuration Protocol (DHCP) services and domain name system (DNS) services.

Types of edge routers

Edge routers are divided into two different types: subscriber edge routers and label edge routers.

Subscriber edge routers function in two ways:

  1. as external Border Gateway Protocol (BGP) routers that connect one autonomous systemto other ASes, which includes connecting an enterprise network to the network edge of its internet service provider (ISP); and
  2. as small or midsize business (SMB) or consumer broadband routers connecting a home network or small office to an ISP's network edge.

Label edge routers, which are used at the edge of Multiprotocol Label Switching (MPLS) networks, act as gateways between a local network and a WAN or the internet and assign labels to outbound data transmissions. Edge routers are not internal routers that partition a given AS network into separate subnets. To connect to external networks, routers use the Internet Protocol (IP) and the Open Shortest Path First (OSPF) protocol to route packets efficiently.

Edge routers vs. core routers

Edge devices characterize and secure IP traffic from other edge routers, as well as core routers. They provide security for the core.

By comparison, core routers offer packet forwarding between other core and edge routers and manage traffic to prevent congestion and packet loss. To improve efficiency, core routers often employ multiplexing.

Core routers are generally larger routers that perform centralized routing for subnetworks within a business. Although core routers and edge routers both move packets between networks, the way they operate is vastly different, due to their locations within the network and routing duties. Core routers tend to move packets as fast as possible because they interact less with the outside access network and, therefore, have less novel security threats to consider. Edge routers encounter more complex configuration and security issues and, therefore, focus on those challenges over speed.

Edge routers vs. branch routers

The definitions of edge router and branch router can sometimes overlap depending on their application. Any router model can fit into any of these descriptions -- edge, branch or core. The distinctions between them come not from the specific capabilities of a given router but from the role it plays given its context in network deployments.

The term branch router usually refers to a router that exists in a remote branch of an enterprise's network. They interface primarily with other network routers, distinguishing them from edge routers. They do so from a remote branch, however, distinguishing them from core routers, which primarily route information within centralized subnetworks. A remote branch can be defined as a piece of the network that has been segmented using a virtual local area network (VLAN) or as one LAN within a WAN. Branch routers often exist at remote sites at the edge of a WAN and connect to the corporate LAN.

Many vendors that market branch routers integrate multiple services into a single platform, eliminating the need for additional hardware to run their product.

Security considerations

Since edge routers serve as a connection point between external networks, security is an issue for enterprises that need to control who might try to access the corporate network.

To ensure security, edge routers can either be configured with tools that include access control lists (ACLs) or can be purchased with built-in support for firewalls. This enables more advanced security safeguards, including virtual private network (VPN) tunnels and signature matching through intrusion prevention systems (IPSes) and intrusion detection systems (IDSes).

Benefits of edge routers

The main benefits of edge routers are:

  • Improve quality of service (QoS). Edge routers play an essential role in mitigating the bottlenecks and traffic slowdowns that differing bandwidth levels between networks cause. They manage data flow by queuing it.
  • Enable remote accessibility. Edge routers enable remote employees to connect to the corporate LAN through the network edge.
  • Provide security. Edge routers are a crucial part of the edge firewall, protecting the enterprise network by securing and characterizing incoming IP traffic. This, in turn, helps defend against network attacks, like spoofing.

Edge router challenges

The main challenges of implementing an edge router revolve around edge security. As mentioned, enterprises can't control who might try and access the corporate network. If purchased with built-in firewall support, firewall rules should be configured to satisfy the security needs of a corporate network. IT administrators should also ensure that all router firmware is up to date, as outdated routers might pose a security risk when faced with newer attacks. Edge routers should also be configured to have high availability (HA), meaning they should be structured to hand over workloads to other working routers in the event of a failover.

Popular products and vendors

Some popular router vendors and their respective products include the following:

  • Cisco. One of the most respected networking companies, Cisco has a variety of router offerings, including its ISR series, marketed as branch routers, and its ASR series, marketed as edge routers.
  • Juniper. Juniper is another respected networking product vendor with a variety of router selections, including the Juniper MX series and the ACX series, which are prized for their durability.
  • Hewlett Packard Enterprise (HPE). HPE offers two main router lines, the MSR series and the VSR series, both cost-effective options.
  • Dell. Dell offers a cost-efficient and energy-efficient option in its most popular offering, the N series router.
  • Ubiquiti. Ubiquiti offers its EdgeRouter X, which is supported by its EdgeOS. Its intuitive graphical user interface (GUI) makes it easy for users to configure their devices' web interface settings.
This was last updated in September 2021

Continue Reading About edge router

Dig Deeper on Network infrastructure

Unified Communications
Mobile Computing
Data Center