Why Cisco, Not Juniper? OpEx, CapEx and the Frankenkluge in the Branch Office Closet

January 17, 2012 - 12 Comments

One of the great things about being at Cisco HQ in Silicon Valley is the wonderful diversity we have here. Although you don’t really get seasons you do get an awesome mix of people. A recent stroll around the lake at Shoreline Park revealed people speaking English, Russian, German, Japanese, Chinese, Korean, Vietnamese, Hindi and some other languages I could not identify. Similarly sushi, butter chicken and naan, pho, bulgoki and bahn mi are all easy to find for the diversified, international foodie.

However, when I go out for Indian food with my friends, they almost always insist on going to a buffet in Mountain View called Passage to India. Partially because they usually have a huge assortment of “desi-chinese” dishes such as Gobi Manchurian and Chilli Chicken but largely because they see the buffet being a tremendous value. Little chicken tikka masala, little tandoori, little goat curry, some gulab jamun – enjoy them all, they are all included in a well integrated package. A la carte approaches make it hard to enjoy such variety, as each additional dish is usually priced like the main part of a meal.

Reminds me of the whole Cisco vs Juniper thing for the branch.

We took a look at the cost of building a modern, secure, integrated services network for the branch, incorporating the functionality and services that you would want in a new branch deployment, you know, things like security (firewall, IPS, VPN), video, server virtualization, WAN optimization, video optimization, 4G backup and Unified Communications. Doing all this with Cisco was pretty easy, all you need is an ISR, which we spec’ed out as an ISR 3945 for our hypothetical 150 person branch (with a 45Mbps WAN bandwidth). Implementation was cheap and easy, particularly when you consider all the capabilities that you were getting.

With Juniper, the experience is a lot more like trying to put together a coherent meal from an a la carte menu, except you can’t get everything you want from the same restaurant. Oh, and yes, you are going to pay and pay dearly. Just like this IT manager who was finally saved by our IT hero, Ike, in this video!

And now, lets jump into the numbers. A 5 year CapEx for the Cisco solution (remember, we are supposed to be expensive) was right around $88K while a competitive solution delivering the same capabilities ended up being close to $155K. But that is just where the ugliness starts – never fear, it gets worse.

A big part of the overall cost of owning and operating a network is the care and feeding beyond the initial cost of the equipment, things like implementation, cost of management, power and facilities – OpEx. The Cisco solution, integrated from a single vendor with a single throat to choke, reduces complexity, cost and uncertainty. The uncertainty bit may seem trivial, but it isn’t. Not all things that should play nicely together actually do. For example, unified communications and firewalls are common sources of pain – unless, of course, you are dining at the Cisco buffet.

Five years of OpEx paints a similar picture – about $52K for the Cisco branch and a far less pocket friendly $121K for the offering from Juniper et al, with a big chunk, over half, going to maintenance services contracts and downtime expenses. Clearly complexity has costs and they are manifested in implementation, ongoing support and downtime.  Overall – when you add up the CapEx and OpEx, a Cisco solution turns out to be 49% more cost effective than an equivalent Juniper solution.

At our tribute to Juniper, http://www.overpromisesunderdelivers.net/, we have put together some things that help explain our take on the costs of complexity and the advantages of an integrated, architectural approach to networks and the services they support.

For folks interested in getting a breakdown of these CapEx and OpEx numbers, we have a white paper explaining just that here. If you want to get into the weeds and want a complete data dump of bill of materials (BOM) we used for crunching these numbers, please reach out to your Cisco account representative and we’ll be happy to provide you that.

And a generic version of a calculator to help you customize these numbers for your deployment scenario can be found here.

So what do you think? Are we here at Cisco just eating our own buffet food or does it make sense to you?

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. talking bout indian food, hmmm… am loving it.. hahaha

  2. Interesting blog… I do like the fact that we are able to put all of these services on a G2 ISR, but to be honest most branches don’t need that many services.. Remote Access is usually centralized, IPS is not “really” needed at the branch level, WAAS – Bandwidth is too cheap to send money on that technology. I do see Voice, VPN and FW – but a 3945 at a branch… A little overkill I’d say.

    Branches these days also redundancy – so there is nothing wrong with distributing services across two boxes and using them to failover each other.

    • Hi Heath,
      Thanks for your comments. Based on several customer discussion we’ve had over the past few years, the requirements for a branch office router vary greatly from vertical to vertical and across different geographies. As a example, bandwidth is still a primary concern and expensive in parts of LATAM and Asia. So the need for an integrated bandwidth optimizer without all the bells and whistles of a complete WAN Opt solution is a very relevant solution to these customers. WAAS Express (a bandwidth optimization solutions integrated into our IOS and available across both fixed and modular ISR G2) is one such solution that has got a lot of traction precisely for this situation.

      3g/4g wireless is another use case where companies who are setting up temporary sites or remote branch offices where fiber / ethernet is hard to find use their SP certified 3G/4G HWIC card on the ISR G2 for either primary or backup WAN connection. And having unified access – wired and wireless – gives you the deployment flexibility, policy consistency across different type of devices and users.

      Having all these integrated in a single box gives you a tremendous amount of operational efficiency – lower real estate, power required, single maintanence contract (Cisco SMARTNET services), interoperability between key features – apply QoS and optimize video/data traffic with integrated WAAS before you go over your 3g/4g WWAN without needing 3 boxes to do that at the same performance.

      Of course, for high availability you can have two ISRs multi-homing to different carriers/ISPs but without the need to do the same for your WAN Opt, UC appliances (benefits of integration).


  3. Hi Prashanth,

    I’m looking at the visitor traffic to Cisco’s website reference link:


    I mean, it appears Cisco will need to implement “LIFE SUPPORT” fast in order to keep this website from being pronounced DEAD:


    Prashanth, any thoughts about the death spiral of this Cisco website?

    My own website has died many times, but since I’m NOT the mighty Cisco, what gives?


    Brad Reese

    • Hi Brad,
      Maybe we are looking at different things, but the video featured on the site ( http://youtu.be/35qnouOazDI ) has over 85,000 hits in just a few
      weeks — that seems to show quite a bit of life to me.

      Thanks for reading,


  4. hi please send to me i about differnce information between switch cisco and industrial switch ?
    kind regard
    eng . rahmani

  5. Its all fine and dandy, but would you really run all of those services on a single device? Yikes…I don’t know about you, but I want the best of breed for every technology and, while Cisco is very good, they are most definitely not the best at everything. Me personally, I chose Juniper for all layers of switching (except for industrial ethernet applications where we use Cisco IE-3000’s), Cisco for routers, Mitel for VoIP, Vidyo for Video, Aerohive for wireless and 3G/4G site failover, Silver-Peak for WAN optimization, and Palo Alto Networks for firewall/IPS. All of this is very easy to setup, operate, and maintain. With the exception of the Nexus platform, there is really nothing that separates Cisco from a Juniper, Brocade, or HP and this is coming from a guy that is planning to sit my CCIE at the end of 2012.

    • Thanks for your comments, KoolAid.
      Please see the reply below I gave to Patrick on some of the reasons why we strongly believe in the integrated services approach.
      As for running all these on a single device, we’ve come a long way from the days of 1600,2600,3600 access routers to the ISR G2 of today where the horse power, memory, and the architecture of these boxes make it viable to run multiple services at once without stressing the platform. And this is even true for our WAN/Internet Edge platforms like the ASR 1K where the multi-core QFP (quantum flow processor) lets us provide line rate performance on some key security (like Firewall) and routing services needed at the edge while providing multi-gig performance for CPU intensive features like deep packet inspection (NBAR), IPsec encryption etc.

      Your comment “there is really nothing that separates Cisco from a Juniper, Brocade, or HP” will need me to write a separate blog outlining our differentiators. But to start off with, this blog was specifically addressing our integrated services approach for our enterprise routers – the ISR and ASR product lines – and some of the vendors you mention don’t even have a respectable play in this space and other vendors who have routing products in the enterprise space are still trying to play catch up to our ISR and ASR platforms when it comes to feature richness in security, wireless (WLAN and WWAN (3G/4G), application performance (with features like citrix-ready WAN optimization integrated in our ISR), UC, virtualization services (with UCS Express on ISR) etc.

      As for our overall architectural approach, our integrated strategy and the TCO benefits, I would encourage you to read the

      Benefits of our Borderless Networks (per Forrester study)

      Benefits of an Integrated Application Acceleration Approach (as per the Forrester study):

      For a whole list of other material on this topic:

      All the best for your CCIE!


  6. Why do guys always have to bash equipment from other vendors?
    Allow industry experts to test and comment.

    • Hi Patrick,
      Thanks for your comments. The blog, video, and the white paper weren’t meant to bash any vendors. It was to focus a fundamental difference between how Cisco approaches our enterprise routing strategy and products we develop vs other vendors. We, here at Cisco, have had the integrated services approach as a corner stone for our ISR and ASR product lines. With cloud services, BYOD etc getting more prominent , having security, UC, wireless, and WAN optimization integrated and working seamless in your branch and WAN infrastructure is becoming more and more important. We hear this repeatedly from our customers at EBCs, customer advisory boards, and events. The opex savings due to reduced maintanence, real estate, contract expense, downtime etc and capex savings due to reduced number of devices have made it even more attractive for our customers to embrace this integrated approach. We have 12million of these ISRs and 500K+ global customers who have deployed them successfully so far. So that should say something about the validity of our approach.

      As for the industry expert comment – we’ve had independent tests/reviews from NetworkWorld on ASR (which won the ClearChoice aware from them), Miercom (for both ISR and ASR) etc . You can find those reports and links on our product pages.

  7. Prashanth, awesome blog, particularly the title 😉