12/12/2006 -- Cisco Systems Inc. last week announced a round of enhancements to its Integrated Service Routers, including Group Enhanced Transport (GET) VPN capabilities, a new Cisco Network Analysis Module and new interface cards, as well as security and reliability enhancements for voice and video services.

Add it all up, analysts say, and you have a fairly important update from Cisco. "[T]he GET VPN represents a significant feature for its access router line. While many of the improvements are incremental within themselves, the new software and hardware features advance the product line significantly in comparison to rival products," noted Tere Bracco and Steven Schuchart, analysts with Current Analysis. "[A]s Cisco keeps adding functionality and new modules to the ISR series, it will become increasingly difficult for competitors to catch up and explain to customers why their products do not contain similar functionality."

Take the new GET VPN module, for example. It provides tunnel-less VPN services between group members. "This trust and encryption between group members eliminates overlay networks and point-to-point tunnels, allowing for much more flexibility in QoS and MPLS implementations," the two noted.

In this respect, they continue, GET VPN is a Very Big Deal -- for Cisco in particular and for the industry as a whole.

"The GET VPN technology is the single most important feature in this announcement. This feature allows companies to securely connect without the traditional tunneling VPN method, and that allows for much better latency as well as the ability to use standard routing methodologies resulting in a much simpler to maintain network," they wrote.

Elsewhere, Cisco announced support for Session Initiation Protocol (SIP) trunking, consolidated voice, video and data on a single primary rate interface (PRI), Survivable Remote Site Telephony (SRST), and integrated voice XML (VXML). These are much-needed, if incremental, improvements, Bracco and Schuchart said. "Customers will have an easier time securing voice and video as well as ensuring that those services are available at all times. It is a clear competitive advantage for Cisco to drive additional functionality into the ISR series," they continued, noting that Cisco quietly released new interfaces for the ISR, too. "These include a DOCSIS-compliant cable card, a G.SHDSL card and HWIC Ethernet ports. These new modules allow customers to take advantage of more types of broadband connections, and the HWIC Ethernet ports save valuable module space on the router."

So much for the good -- or the unalloyed good -- at any rate. "The only real concern presented by this announcement, particularly for the GET VPN portion, is 'does it work?'" the duo concluded. "Cisco is currently working on performance tests for its GET VPN technology. However, because it uses the same IPsec hardware engine as a tunneled solution, performance should be nearly identical."

Finally, GET VPN -- like MPLS or frame relay today -- requires a private network, whereas IPsec can run over any network. That could be a problem, Bracco and Schuchart concede, although carriers have been building MPLS capability into their networks for years.

"An estimated 40 percent of Cisco's customers are currently connected to a carrier MPLS network -- and now that Cisco has made a 'common man's' use for MPLS, there should be no problem rolling it out," they concluded. --Stephen Swoyer