Your network edge is what connects your network to the internet, allows remote employees to VPN in, and can connect your campus to other branches of your enterprise. Because the network edge is quite literally the edge of your network, it can be vulnerable to outside attacks. One connection between your network and the internet beyond your WAN is an edge router.

What is an Edge Router?

Edge routers are gateways that accept inbound traffic into your network. Edge routers work to secure the network edge and protect the core by characterizing and securing IP traffic from other edge routers as well as core routers. They differ from core routers in that core routers forward packets between routers to manage traffic and prevent packet loss, often using multiplexing.

Edge routers also referred to as access or branch routers, are specialized routers that act as gateways at the network edge. They enable connectivity between an enterprise network and an external network. They are typically used at the wide area network (WAN) or the Internet.

How Does an Edge Router Work?

An edge router uses static or dynamic routing to send or receive data from other networks. Data transfer between the network and Internet or WAN edge typically use Ethernet, such as Gigabit Ethernet via copper or over single or multimode fiber optic. Organizations that have multiple locations or isolated networks may use edge routers rather than a core router.

Most edge routers are hardware devices. However, the functions of an edge router can also be performed by a standard server, using specific software for that function.

Edge Routers are Essential For:

Quality of Service (QoS)

Bandwidth levels between the LAN and WAN differ, which can create traffic slowdowns and bottlenecks. Edge routers queue data to prevent this. A QoS strategy is essential for managing the flow and queueing of data.

Security

As previously mentioned, edge routers work to secure the network by characterizing and securing IP traffic as it flows into the network. Edge routers are the first line of defense against spoofing and other network attacks, playing a vital role in the edge firewall. An edge firewall protects the enterprise network from intrusions and other security threats using perimeter security services (traffic inspection, network address translation, security policies, and IPsec).

Remote Access

Remote employees need to access the network in order to do their jobs effectively. For this, local area network (LAN) services must be available through the network edge. Commonly, VPN is used as a secure method of access to the network.

Edge Router Configuration

The specific configuration depends on your network, business needs, and your ISP but there are some things to take into consideration.

Routing Protocols

An edge router should support edge interconnect protocols:

  • IPv4
  • IPv6
  • ISO
  • MPLS

It should also support routing protocols:

  • Static routes
  • OSPF
  • OSPF-TE
  • OSPFv3
  • IS-IS
  • BGP

Security Features

As part of the edge firewall and the first line of defense, an edge router should be able to:

  • Limit the type of traffic that accesses the control plane
  • Enforce packets per second (PPS) limitations
  • Police traffic, including penalizing or discarding traffic that exceeds bandwidth limits
  • Support granular access control lists
  • Support unicast reverse path forwarding modes:
    • Loose
    • Strict
    • VRF
  • Support SSH, IPsec, GRE, and IP tunneling

Network Address Translation (NAT)

An edge router should support a variety of NAT techniques, such as:

  • NAT44 – The static translation of source IPv4 without port mapping
  • NAT 64 – The translation of addresses between IPv6 and IPv4
  • NAPT44 – The static translation of source IPv4 addresses with port mapping
  • NAPT66 – The static translation of source IPv6 addresses with port mapping
  • Twice NAT44 – The static translation of source and destination IPv4 addresses

Additional Features

Because the edge router serves as the gateway for data coming into the network and data leaving, it should also support account data collection, such as:

  • Average traffic flows
  • Bytes or packets received per application
  • Bytes or packets transmitted per application

Properly installing and configuring your edge router can help keep traffic flowing smoothly into and out of your network, allow remote employees to securely connect to the network and protect your network from threats. Hopefully, this guide has helped inform you of the importance of edge routers, and the part they play in your network.