Not the sharpest switch in the drawer

It only takes one hand to count the core requirements of any LAN: performance, security, and scalability. Add a few beneficial yet nonessential services, such as load-balancing and traffic shaping, and things can get pricey. In the RN20, Ranch Networks attempts to bolster essential networking capabilities with a host of extras. The effort is valiant, but the execution is lacking and not worth the hefty price tag.

The internal structure of the RN20 differs from a standard switch because it introduces the concept of “zones” that cross physical boundaries and have VLANs assigned to them. This is intended to allow administrators to implement packet filtering and traffic shaping within a VLAN, rather than just between VLANs. It’s possible to replicate this approach using switches from other vendors, but they generally cost more than the $20,000 RN20, and they typically don’t include load-balancing and traffic-shaping features. Other products that offer these features generally do so à la carte — at three or four times the cost.

Ranch has the right idea in that most networks don’t require client systems to be able to communicate with one another. Adding packet filtering at the core to prevent this action can help stop intruders and the spread of viruses.

Despite the solid concept, the solution has problems. The duplex issues are a hassle, the management interface isn’t mature, and the documentation needs to be improved.

Set ’em up

The RN20 is a 2U rack-mount device with 12 copper 10/100 ports, a true out-of-band management port, a DB9 console connection, and an LCD panel. Initial configuration requires navigating through a menu on the LCD panel and configuring a management IP address and default gateway. My test unit came without a down arrow; one of the triangular buttons had been rotated 45 degrees. This couldn’t be fixed without opening the unit.

Once the interface was configured, a patch cable was run from the management port into the network, and the unit was available for configuration via a Web interface. Basic configuration is simple if one grasps the relationship between zones and VLANs, but the coordination between the two should be simpler.

Unfortunately, the Web interface is quirky and browser-specific, requiring Internet Explorer 5.5 or higher on Windows XP or 2000. Some functions of the configuration, such as drop-lists of configured zones, are available in the Network Services Configuration section but not in the Bandwidth Accounting and Control section. Some sections of the configuration contain buttons for functions that aren’t yet available, such as the ability to modify an existing firewall rule.

Other sections of the GUI contain a surprisingly vast array of configuration options, including some not found on most firewalls. In the firewall configuration, for example, it’s possible to create rules that filter specific TCP header contents well beyond source/destination IP and port. This is a nice feature, but of limited value.

One noticeably absent function was the ability to forward DHCP broadcasts to a DHCP server. The RN20 cannot accommodate a single DHCP server with multiple scopes. To implement DHCP, a DHCP server must exist on every VLAN. Ranch hopes to remedy this problem by building a DHCP server into a later firmware release.