The Network Hub

A blog

August 16, 2010  2:30 PM

Are you still feeling pain from the Cisco supply chain?

Posted by: Shamus McGillicuddy
Cisco, Cisco supply chain shortage, Networking

During his latest earnings call with Wall Street analysts, Cisco CEO John Chambers put a good spin on the supply chain issues that have plagued his company and many other IT vendors for more than a year as component manufacturers have struggled to meet demand. (On a side note, I’m still waiting for someone to explain to me why suppliers aren’t able to ramp up production to meet demands from Cisco and other vendors. Are they struggling to find raw materials? Are they afraid to expand capacity for fear of another downturn gutting demand and forcing them to make extraordinary cuts a second time since the recession began?)

Chambers said Cisco’s supply chain constraints are improving but remain challenging, with supplier lead times stabilized but still longer than ideal. He said Cisco has made significant progress with this and product lead times are now within a normal range for the majority of the company’s products.  Note that he said the majority of products are within normal lead times now, but not all. Chambers didn’t specify which products still have long lead times… whether or not they include the high volume products that networking pros have been griping about such as the Adaptive Security Appliance (ASA) 5000 series devices.

Chambers said the number of components that are scarce in Cisco’s supply chain has decreased. At the beginning of the last quarter Cisco was “chasing” 550 parts that were hard to acquire in its supply chain, he said. By the end of the quarter that number was down to around 300. Chambers noted that in normal times Cisco chases about 100 components in its supply chain.

Also, Cisco has clearly taken extraordinary steps to get products into the hands of its customers faster. Chambers admitted that profit margins have suffered as the company has spent money on speeding up its supply chain with more use of airfreight and other unspecified methods.

Despite chasing parts and trying to grease the wheels of supply chain, customers still have gripes. As we reported recently, some networking pros have turned to Cisco competitors rather than wait for Cisco to deliver. They aren’t willing to leave Cisco behind, but for some parts of the network they are willing to try a new vendor. Of course, if they like what they see from these new vendors, their use of Cisco alternatives could increase if the supply chain issues get worse again.

So are customers seeing improvement? It’s not just Chambers saying this. I’ve heard from networking pros who say the delays aren’t as bad as they were on many products.

If you’re still feeling the pinch, let us know in the comments section.

August 12, 2010  4:30 PM

Fibre Channel over Token Ring: Converged storage dilemma solved

Posted by: rivkalittle
802.5qZ, FCoTR, fibre channel over token ring

The FCoE debate is over. At last there is an answer to converged storage networking that leaves tiresome Ethernet behind: Fibre Channel over Token Ring (FCoTR).

The newly launched FCoTR Alliance is working feverishly to develop the 802.5qZ standard, which will soon be submitted to a standards body.

The alliance “is responding to growing industry pressure from a diverse group of networking and storage professionals” with the primary goal of furthering “the awareness, adoption, and commercial support of FCoTR.”

More importantly, the alliance aims to prevent storage professionals from ever having to learn burdensome Ethernet technology while enabling long-time networking admins to remain comfortable in a technology they know and love – Token Ring.

“The adoption of Fibre Channel technology means an opportunity for network convergence. Leveraging my existing Proteus token ring network for use with storage is a very desirable proposition,” said Jose Chavez, director of information technology for Superannuated Systems, Inc.

FCoTR also enables both storage and networking purists to keep the Ethernet gene pool clean.

“Many Fibre Channel gurus balk at the idea of Ethernet being capable of guaranteeing the right level of lossless delivery and performance required for the SCSI data their disks need. IP Junkies like Greg Ferro ofEthereal Mind balk at the idea of changing Ethernet in any way and insist that IP can solve all the world’s problems including world hunger (Sally Struthers over IP SSoIP.) Additionally there is a fear from some storage professionals of having to learn Ethernet networks or being displaced by their Network counterparts,” writes esteemed Define the Cloud blogger Joe Onisick.

Ferro – who is one of a team engineers drafting the standard – is only attempting to help storage professionals maintain their Fibre Channel investment.

“For all those Storage Nut Jobs who can’t imagine their precious FibreChannel frames crossing an Ethernet network, we are proposing the development of FibreChannel over Token Ring. That’s right, the second best networking protocol ever invented (after FDDI), offers everything you sad, attention deficit ridden, storage losers ever wanted in shared network. Deterministic delivery, over engineered cabling, layer 2 troubleshooting. We can even improve the FC protocol by isochronous transmission for serial clocking performance and guaranteed delivery,” writes Ferro. “Last known Token Ring standards were developed to Gigabit performance, and it shouldn’t be too hard to dust them off and ramp them to 10Gigabit and more.”

Once the 802.5qZ standard is established, it is very likely vendors will launch a series of product (most of which promise not to be interoperable, but will be launched with lavish press events, maybe even one on the New York Stock Exchange floor). Here are some predicted product launches:

· EMC SLOW (It’s the version of FAST that supports Token Ring)

· NetApp SMTR (SnapManager for Token Ring)

· HDS UPS (It is to USP what UPS is to FedEX)

· 3PAR HeyNow! (3Par requires each disk to say “Hey Now!” if they want the token)

· Compellent Frozen Data (It’s the Fluid Data line slowed down so much it freezes)

· IBM WHU (The Prequel to XIV)

· HP StorageDoesntWork (Just saying)


Learn more about the lossless storage over token ring in this in-depth and well-explained video on FCoTR.

[kml_flashembed movie="" width="400" height="225" wmode="transparent" /]

August 9, 2010  1:07 PM

VMware to make serious network virtualization news at VMworld?

Posted by: Shamus McGillicuddy
data center networks, Networking, vFabric, Virtualization, virtualization network, VMware, VMworld, vswitches

A nice find by Stu Miniman at Wikibon. He dug up this video in which VMware’s director of research and development Howie Xu previews his session at VMworld, “The Future Direction of Networking Virtualization.

In the video below, Xu talks about VMware’s plans to announce an “open, extensible networking virtual chassis platform so that anyone can develop the on-demand networking service on top of vSphere.”

[kml_flashembed movie="" width="425" height="350" wmode="transparent" /]

Hit pause at the beginning of that video and look at the white board. As Stu pointed out in his blog, you’ll see the term “vFabric” at the top, to the right. Stu thinks this could be the name of a new virtual networking OS from VMware.

August 9, 2010  11:59 AM

HP CEO transition: Media hand-wringing and internal HP morale

Posted by: Shamus McGillicuddy
Cisco, HP 3com acquisition, HP Cisco battle, HP Networking, HP ProCurve, Networking, scandal

When something like the Mark Hurd scandal happens, we in the media spend a lot of time quoting pundits about what impact the event could have on the markets we cover. For instance, ITWorld Canada quotes Rick Sturm, CEO of Enterprise Management Associates, about how Hurd’s departure could throw a wrench in the integration of 3Com into the company.

If [HP] brings in someone who says, ‘I’m not so sure [3Com] was a smart idea,’ they could have a few bumps in the road.

That’s for sure. Of course, given the amount of money laid out this year for the 3Com deal and the Palm acquisition, I think the board of directors will want to hire a new CEO who is committed to making those investments work. At the same time, a new CEO will probably be more willing to cut his losses with an acquisition that isn’t working if said acquisition didn’t happen on his watch.

So the board will probably hire a CEO who will commit to HP Networking’s 3Com/H3C/TippingPoint integration at least for a few years. But what about the rest of the company?

Over at CTOEdge, Mike Vizard pointed out that HP employees were suffering from low morale even before this Hurd scandal hit. He points to, a site where employees rate their CEOs and review what it’s like to work at their companies. HP has a Glassdoor rating of 2.4 on a scale of 1 to 5, based on 1,353 ratings. Hurd has an approval rating of just 34%. Employees tell the site that executives focus too much on numbers.

HP has enjoyed a lot of success under Hurd’s leadership. It has solidified its position as the #2 enterprise networking vendor, grown its share of server sales and made a lot of money on services with its EDS acquisition. But whispers of poor morale combined with this dramatic loss of its CEO certainly justifies some hand-wringing — by the media and by HP customers — especially since Cisco is being so aggressive in competing directly with it on networking and servers. As Vizard asks in his CTOEdge column: “Can an HP that is already pretty divided internally come together to drive the innovations needed to compete across a range of business segments that to one degree or another are under siege?”

August 6, 2010  4:39 PM

HP loses its CEO in a scandal just as networking business is poised for war

Posted by: Shamus McGillicuddy
3Com, H3C, HP Networking, HP ProCurve, Networking, scandal, TippingPoint

Yikes, multiple publications, including BusinessWeek, are reporting that HP CEO Mark Hurd has abruptly resigned following an internal investigation into whether he had violated the company’s sexual-harassment policy. Hurd (Update: Hurd’s bio has been scrubbed from Now he’s on a page which lists former HP CEOs) was reportedly cleared in the sexual harassment allegation but had violated a personal conduct policy.

HP’s CFO Cathie Lesjak will act as CEO on an interim basis while the company looks for a replacement.

I’m not going to bother looking into the details of what Hurd allegedly did. He’s gone now. And that’s huge. This is one of the biggest technology companies in the world. It is poised to compete for a huge share of the networking market. And suddenly the CEO who is credited with turning HP around after some years of struggle under mediocre leadership (*cough* Carly Fiorina *cough*) is gone.

What happens now?

HP ProCurve has long been a niche, low-cost networking vendor popular among small and midsized businesses and enterprise campus networks. Under Hurd’s leadership, the ProCurve business became the number two enterprise networking vendor, and took an even bigger leap forward earlier this year when it closed a deal to acquire 3Com and its promising H3C networking and TippingPoint network security brands.

Now Hurd is gone. There is no way of knowing what direction a new CEO would take the company. It’s probably safe to say HP’s board of directors will expects a new CEO to maintain a commitment to networking, given the sizable investment HP made in 3Com. HP has a lot of momentum in that area, but will we see some shifts in strategy under new leadership? Who knows?

It will be important to watch how other key HP executives respond to this scandal. Senior Vice President Marius Haas, general manager of HP Networking, has been widely credited with the rise of HP’s networking business. Above him is Executive Vice President Dave Donatelli, general manager of HP’s Enterprise Servers, Storage and Networking. If either of those guys jump ship, take note.

Also, HP is a public company. When a public company has a leadership shakeup in the midst of a run of success, Wall Street balks. If the stock price stumbles badly, HP’s leadership may be forced to make some short-range scrambling in response.

August 5, 2010  1:45 PM

Catalyst to Nexus data center migration

Posted by: Shamus McGillicuddy
Catalyst, Cisco, data center networks, Nexus

Are you at the point where you need to update the old Cisco Catalyst 6509s in the core of your data center? If you are, you’re probably looking at the Nexus line of data center switches that Cisco has been promoting for the last couple years. Many enterprises are trying to decide whether to migrate from Catalyst to Nexus or to look at Cisco alternatives — either one of the newly risen big guys like Juniper and HP Networking or some of the long time data center networking specialists like Force10 or Brocade (formerly Foundry).

Jeremy Filliben, CCIE @3851 just blogged about his experience in migrating from Catalyst to Nexus in his data center. Basically he built a new Nexus LAN, with dual Nexus 7010s in his core, alongside his legacy Catalyst LAN and interconnected them before cutting over the Layer 3 Functionality in his network from his old core Catalyst 6509s to his new Nexus 7010s.

Jeremy goes into detail about the problems he’s encountered during this project, including some glitches with extranet BGP peering and spanning tree root migration. The BGP issue was caused by a overlapping third-party BGP Autonomous System (AS) numbers, which in Catalyst he had always handled by enabling the “allowas-in” knob on his internal routers. The feature isn’t available on Nexus yet.  He traced the spanning tree issue to the fact that Nexus switches handle Bridge Protocol Data Units (BPDUs) in a way that is different from how Catalyst handles them.  The issue will force him to keep the Catalyst 6509s in production longer than he wanted.  Check out his blog about the Catalyst-Nexus migration to find out how he fixed these issues and learn about some other minor but annoying things he has discovered during the project.

Jeremy also pointed out a nice resource by Carole Warner Reece on her blog at Chesapeake Netcraftsmen which provides side-by-side comparison of the differences between IOS and NX-OS command line interface.

July 30, 2010  4:35 PM

New WPA2 vulnerability a wireless version of ARP spoofing, says Wi-Fi Alliance

Posted by: Shamus McGillicuddy
Network security, Network testing and hacking, Wi-Fi, wireless LAN

When researchers say they’ve found a vulnerability in WPA2 (WiFi Protected Access) security standard, wireless LAN administrators stand up and take notice. Md. Sohail Ahmad, a researcher with wireless security vendor Airtight Networks, presented a WPA2 vulnerability dubbed Hole 196 at Black Hat yesterday and DEFCON 18 this weekend.

Details on the vulnerability remain somewhat fuzzy, but the Wi-Fi Alliance says Hole 196 appears to be a wireless version of ARP spoofing, the exploit in Address Resolution Protocol that allows hackers to perpetrate man-in-the-middle attacks.

Matthew Gast, chairman of the Wi-Fi Alliance’s Security Task Group (and director of product management for Aerohive Networks), said Hole 196 is an exploit that only authorized network users can use to bypass WPA2 encryption.

An insider on the network can set up a hack to trick a client into perceiving the hacker’s client devices as an access point. The victim will send its data to the hacker, who can observe it while forwarding it on to the access point.

“Since this is a vulnerability that’s been around since the beginning of Ethernet, network admins are already accustomed to dealing with it,” Gast said.

Gast said network performance monitoring can detect the latency caused by the extra hops associated with the attack.  Also, network admins can enable the client isolation filter found on most LAN infrastructure, which won’t be fooled by an ARP spoofing attack. An AP will look directly at the destination MAC address, recognize the problem and cut the connection. The victim’s client device will immediately experience a loss of connectivity. The user will call help desk and it’s only a matter of time before a network admin tracks down the MAC address of the hacker.

July 23, 2010  4:11 PM

CCIE Emeritus: Did Cisco give into complaints from CIOs and product managers?

Posted by: Shamus McGillicuddy
career, CCIE, CCIE Emeritus, Cisco, Cisco certification

When I set out to write about Cisco’s new CCIE Emeritus program a few weeks ago, I spoke to three CCIE-certified engineers, all at different stages of their career, to get a variety of perspectives on the program. CCIE Emeritus is a program for CCIE-certified engineers who are no longer working closely with networking technology on a daily basis and don’t have the up-to-date technical skills required for passing the biannual recertification exam. Instead, if they’ve been in the CCIE program for at least 10 years, they can opt into the Emeritus program, which allows them to maintain a connection to the CCIE program without being fully certified. Instead, they demonstrate that they’ve taken on more of a leadership role in the industry, as technology executives, authors, lecturers or mentors. they keep the CCIE badge on their resumes, but potential employers know that these people are no longer living in the network on a daily basis. Instead they’ve advanced into other types of careers.

Mostly the engineers I talked to thought it was a nice option for Cisco to offer to people and they could see scenarios in which going in this Emeritus program would work for them. No one seemed to object to it.

However, i got some reader feedback recently that presented a different view. Robert DuBell (CCIE#9105), a consulting systems engineer with World Wide Technology Inc., had this to say:

The written recertification test is definitely not a “hands on” test like the lab is. The written test can purely be passed simply by studying the material written in the study material listed on the Cisco CCIE written prep suggestions. You don’t have to be in the CLI all day every day in order to complete the recertification. Simply spend a few hours of your free time studying the proper material and you can recert. If you want to keep your CCIE valid, then you should have no problem keeping up with the technology.

Just because you have moved into a management position does not mean you should let your knowledge of cutting edge technology slip! I have completed the recertification test four times and I have taken different track tests to broaden my working knowledge of the different technologies. I think I have done the Routing and Switching CCIE recert test once since achieving my CCIE.

The CCIE is the best cert out there because Cisco has not given into rules changes on how they run their program. I think this is a shame that they have given into the CIOs and PMs [product managers] so they can keep their number active.

July 21, 2010  2:20 PM

HP’s old ProCurve lifetime warranties extend to just a few 3Com/H3C gear

Posted by: Shamus McGillicuddy
3Com, 3com acquisition, H3C, HP Networking, HP ProCurve, TippingPoint, warranties

HP Networking recently posted this handy little warranty chart (PDF) to help customers understand the warranties on all its products, both the old ProCurve-branded gear and the recently acquired H3C and TippingPoint products that came over in the 3Com acquisition.

Historically, the major appeal of the HP ProCurve line was its low total cost of ownership. The lifetime warranty that HP applied to most of the ProCurve products was very straightforward. You buy it, we guarantee the thing will work for as long as you own it and will provide technical support forever. No need for expensive support contracts. I’ve heard from more than one network manager who said they switched from Cisco to HP ProCurve because the lower TCO was too tempting to pass up.

When HP bought 3Com and its young but promising sub-brand of H3C, it was hard to imagine that all of the high end 3Com products would find their way under the umbrella of HP’s lifetime warranty approach. And judging from this chart, that’s exactly the case.

You’ll find that the fixed-configuration H3C switches have been moved into the lifetime warranty program, including the A5810, A5800, A5500, A3600 and A3100 switches (Back in their H3C days, these switches started with the letter “S” rather than “A”).

The modular H3C switches are a different story. The big A12500 and A9500 chassis switches and the smaller A7500 and A5820 modular switches all have one-year warranties, with lifetime software and OS maintenance coverage and one year of free technical support.

The 3Com fixed-configuration switches, such as the E5500, E4800G, E4500G and E4200G are all covered under the lifetime warranty.

It looks like most of the TippingPoint network security products (IPS appliances, gateways and firewalls) will have one-year warranties.

Some folks worried that the old ProCurve lifetime warranty would disappear with the 3Com acquisition. It appears to remain in effect for the most part. It’s just not as broad as it used to be.

July 16, 2010  4:49 PM

Magic Quadrant for Network Access Control: Crowded, but leaders stand alone

Posted by: Shamus McGillicuddy
Avaya, Avenda Systems, Bradford Networks, Cisco, Enterasys, ForeScout, Gartner, HP Networking, InfoExpress, Juniper, Magic Quadrant, Network access control, Network security

Gartner’s 2010 Magic Quadrant for network access control (NAC) is remarkably crowded for a market that reportedly generated just $200 million in annual revenue in 2009. Gartner has included 18 vendors in this year’s quadrant. For many of these companies, NAC revenue is a drop in the bucket. For others, NAC revenue is everything (Bradford Networks, ForeScout, Avenda Systems, InfoExpress, Impulse Point, Nevis Networks). How the heck are they all making enough money to stay in the NAC business?

Gartner says that NAC gets a bad wrap because it’s not generating a ton of revenue and many vendors have disappeared. The most recent exit was ConSentry Networks, which mysteriously still has a live website even though it went out of business in August 2009.  But enterprises are using NAC. Guest access is a hugely popular use case, and Gartner believes the “consumerization” of IT will only drive up NAC adoption. With end users bringing personal devices into work, enterprises will need to provide secure access to them.

Gartner is actually projecting a flat market for NAC in 2010, with no revenue growth. Total adoption of NAC is increasing but the revenue is flat because many vendors are offering NAC as part of a larger product or service. As we first pointed out while covering the first NAC Magic Quadrant a year ago, There are the infrastructure vendors like Cisco, Juniper, Enterasys, HP and Avaya, who embed NAC in their switching or security products. There are endpoint security and network security vendors like McAfee, Sophos, Symantec, Check Point Software, who bundle NAC in their products. The indie vendors have to compete against all these guys, many of whom might throw in NAC for free just to close a deal on some switches or some malware protection software. (Does anyone remember how popular Netscape Navigator was before Microsoft decided to bundle Internet Explorer with Windows for free?)

So what does this crowded quadrant look like?

The Leaders

Cisco and Juniper stand alone here. These are the companies who have both excellent technological vision and the ability to deliver on that vision to their customers.  Symantec, a leader last year, was bumped into the challenger quadrant because its guess access capabilities are weak. Gartner kept Cisco in the leaders’ spot even though it says Cisco’s NAC solution is too complex and expensive. Gartner noted many Cisco customers have turned to NAC competitors recently. However, Gartner gave Cisco points for its roadmap, noting that the company will release a new line of NAC appliances later this year that consolidates many of the functions that were spread out over too many products. Gartner complimented Juniper for its early embrace of the Trusted Computing Group‘s protocols for NAC interoperability and its IF-MAP specification.

The Challengers

These are the companies that have the ability to close deals but whose technological vision needs a little refinement. As mentioned above, Symantec got bumped from into here for a poor approach to guest networking, which many industry observers see as a major use case for NAC. The only other vendor here is Sophos lost points because its NAC Advanced product, the high end choice of its two NAC products, requires agent software separate from its endpoint protection agent. Its counterparts (McAfee and Symantec) have integrated their NAC products into their overall endpoint protection agents.

The Visionaries

These are the companies who are leading the market in terms of what they are doing with their technology but don’t have the robust sales, marketing and support capabilities required for closing deals against bigger companies. Here we find McAfee, the other major endpoint protection vendor in the space, along with NAC specialists ForeScout, Bradford Networks and Avenda Systems. Avenda is new to the MQ, it’s just four years old. Gartner gave it high marks for its embrace of interoperability and its focus on guest access. Bradford scores high in these areas, too. ForeScout is known for being easy to use and having an out-of-band approach that allows companies to move from one use case to another easily.

The Niche Players

These are the companies that don’t stand out for either their technological vision or their ability to execute. There are ten vendors in this category, some with big names (HP and Avaya) and some with small names (Nevis Networks, Trustwave). Gartner says all these companies are valid options for NAC, many of them targeting their products to serve specific vertical industries.

OK, so all 18 vendors are valid NAC options for someone. But there are EIGHTEEN of them. That’s a lot of NAC. This has been the case since the very beginning. NAC vendors have come and gone, and yet the market stays crowded. Even the Great Recession failed to thin the herd by very much.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: