Interop 2011 promises to be the most interesting networking conference in a long time. The gloom of the recession is lifting, attendees will need to fight off the cloud and as-a-service vendors with a stick, and (dare we even think it?) the monopolistic death grip that Cisco has had on the hardware market may be loosening.
When I spoke to Jim Metzler about the hot networking trends to look out for at the show, he concluded our conversation with some market insight: “This is a critical Interop. The fact that Cisco is no longer BFF with HP and IBM is kind of a cloud that overhangs a lot of what’s going on.”
No doubt there is a pall cast over Cisco and its major partners as they gear up for Interop and strategize to keep their top dog status. Logic, and a memo from John Chambers himself, would dictate that Cisco will focus more on core routing and switching, as well as winning back network engineers who make up a significant percentage of the Interop attendee list. Most Cisco users and spectators, yours truly included, are willing to cut Cisco some slack despite recent problems. Any company with expectations as high as Cisco’s is bound to make some missteps, especially during an extended recession. And, hey, I like my Flip, so I can forgive and forget. But early indicators suggest the company may not be seizing the opportunity to fully redeem itself, instead allowing the competition to creep in and steal customers and market share.
Just days after CEO John Chambers promised Cisco employees that Cisco would become more disciplined and focused on the company’s core businesses of routing and switching, data centers, video and collaboration, Cisco began jettisoning its consumer businesses.
Last week Cisco published a memo from Chambers, in which the CEO promised that Cisco would make some radical changes to get back to its core networking roots. Today the company steamed ahead with those promises, announcing that it was pulling back from many consumer-focused businesses, including its HD video camera, the Flip. Just two year ago Cisco bought Flip camera manufacturer Pure Digital Technologies for $600 million. The move was part of a broader initiative by Cisco to expand its consumer business, but the company also claimed that the Flip had value as an enterprise tool, too.
The death of the Flip is part of first round of restructuring at Cisco, wherein the company is pulling back from its direct approach to consumer sales. Chambers announced to Wall Street today that the company will continue to serve consumers, but only indirectly through its enterprise business. In other words, it will help its enterprise and service provider customers sell products and services to consumers. This move includes 550 layoffs. The company will also refocus its consumer-oriented Home Networking division away from Linksys routers and more toward supporting video. We’ll see how that plays out.
Network engineers frustrated by Cisco’s perceived lack of focus have enjoyed dinging Cisco over the Flip acquisition as a market adjacency move that just didn’t make sense. Well, they won’t have the Flip to kick around anymore. But there’s always the Cius!
I’m cleaning out my reporter’s notebook, including a briefing I recently had with Enterasys Networks.
Enterasys has launched a new family of modular campus edge switches with its home-grown, application-smart ASIC, the CoreFlow2. These K Series switches complement the company’s stackable switch products, which are built with merchant silicon rather than custom ASICs.
Enterasys’s CoreFlow2 ASICs are able to identify the types of applications individual users are running on the network. The chip can then apply QoS, security and other network settings to the application traffic based on policies set by the networking team.
“In a stackable switch product I can apply policy on each user that happens to be connected to my switch,” said Karl Pieper, product manager for Enterasys. “With CoreFlow2, I can apply a separate policy to every session that a user is doing. I can apply policy to an email session, to web browsing, to anything they are doing.”
Before rolling out the K Series, Enterasys’s CoreFlow2 ASIC only shipped with its S Series of data center-class modular switches. With the K Series, Enterasys is trying to offer customers a cheaper modular switch with its customer application intelligence.
Enterasys is initially offering two models of K Series, the K10 (a 10-slot chassis supporting up to 216 Gigabit Ethernet ports and 8 10 Gigabit Ethernet uplinks) and the K6 (6 slots, 144 Gigabit Ethernet ports and four 10 Gigabit uplinks). The K Series list at $26,685 and will start shipping in June.
Reuters got its hands on an internal memo that Cisco CEO John Chambers emailed to all of Cisco’s employees, a memo that was possibly meant to leak into the media and to Cisco’s customers. Mission accomplished. As reported by Reuters, Chambers promised employees that he and his lieutenants would restore Cisco’s flagging fortunes with increased operational discipline and more rigorous focus on Cisco’s five core businesses: core routing, switching and services; collaboration; video; data center virtualization and the cloud; and architecture.
The memo was long on strategy and vision and short on specifics. I have no doubt the specifics will make headlines very soon. Chambers warned employees that Cisco will “take some bold steps” and “make tough decisions.” It’s hard to say what that means. Will he sell off or shutter certain businesses that aren’t performing? Will Cisco buy more companies to fix gaps in its product portfolio or replace disappointing products?
I’m not a Cisco customer. I’m just a journalist who talks to a lot of Cisco customers, analysts and Cisco employees. All I can offer are impressions I’ve received from those conversations. I will say this: Cisco is good at talking to CIOs, but it’s stumbled recently in how it talks to networking professionals. And networking professionals are Cisco’s core customers. Cisco has done a good job of presenting architecture to CIOs. Borderless Networks really appeals to CIOs, for instance. But routing and switching needs to be sold to network engineers and network architects. I don’t think that audience is liking the messages it is receiving right now. Usually those messages just lead to more questions.
Just the other day Cisco rolled out a huge slate of data center hardware and software products centered mostly on its Nexus switching line and its Unified Computing System servers. Lots of interesting boxes, like the Nexus 3000. Lots of interesting software and services upgrades, like multihop FCoE support. But overall, there was just too much in the presentation. Too many products at once.
I usually budget 30-45 minutes to talk to a vendor about a product rollout. And most vendors will present me with two or three major hardware or software elements in their news. The presentations are focused. With Cisco, there are 15, 20, 25 different elements. Some of them are completely unrelated to each other. Some products, like the ASA Services Module for the Catalyst 6500, get a single bullet point on a slide. Why can’t that product merit its own press release and briefing? I’d sit down to hear more about it.
When Chambers talks about discipline and focus, this is what I think about. I know that Cisco’s marketing and PR team, which features an army of extremely talented and passionate people, would love to give these smaller products more time – rather than slapping them onto the end of a larger announcement.
I can’t help but think that the same culture that is forcing little ace products to be lost in the shuffle with larger architectural announcements like data center transformation and Borderless Networks is also a problem in the product development and engineering side of the business. And that’s what has many long-time Cisco customers frustrated and worried. That’s why they keep picking on Cisco for buying companies like Pure Digital Technologies, the maker of the Flip camera. Cisco can hand those Flip cameras to VARs at its partner summit and tell them that it’s a good business tool. Maybe Cisco is right about that, but should Cisco really be making the Flip? Network engineers say no.
I’m excited to see what kinds of changes Cisco makes in the coming months. Despite all the doom and gloom, the company is still a leader in most of its markets. It’s still innovating. It still has loyal customers. This is about Cisco staying in that position, not about getting back into that position. To execute on that, Cisco needs to keep talking to the guys who push packets.
For networking pros who want to segment and secure internal traffic, the Firewall Services Module (FWSM) for the Catalyst 6500 chassis has been a workhorse. But given that it’s based on Cisco’s old PIX firewall products, it’s no surprise that its days are numbered. Network engineers have been lamenting its pending demise ever since Cisco made it clear that the Nexus 7000 is the future of its data center switching line.
Given the angst over the FWSM, I was surprised to see how little fanfare Cisco gave the unveiling of its new ASA (Adaptive Security Appliance) Services Module for the Catalyst 6500. It merited a one sentence reference in Cisco’s press release and just a bullet point in the slide-deck I was shown this week as Cisco rolled out a huge slate of new data center technologies. Cisco gave more publicity to a new Application Control Engine (ACE) module for the 6500 that can do dynamic load balancing of VM workloads across data centers.
The ASA Services Module has 20 Gbps of maximum firewall throughput and it supports 300,000 connections per second, 10 million concurrent connections and 1,000 VLANs. You can install four of them in a single Catalyst 6500.
It’s nice to see these new service modules for the Catalyst 6500, but customers want to see comparable products for the Nexus 7000 products. Cisco hasn’t offered any guidance on what the future holds for bringing such functionality to its newer switch line. However, Cisco has developed a Virtual Security Gateway product which runs as software on the Nexus 1010 box, a command and control appliance for the Nexus 1000v virtual switch. Perhaps Cisco plans on doing all this stuff in software rather than hardware with Nexus.
Asked multiple times at the Cisco Partner Summit last week what the channel and users should do about the fact that Cisco switches are more expensive than the competition, Cisco execs basically said: Live with it. After all, Cisco products are better than the competition, are part of a big-picture architecture, and they shouldn’t be commoditized. So there.
“Ninety percent of our products are the best in the industry,” said Cisco CEO John Chambers during a press question-and-answer session last week, adding that this was the case across all technology segments from routing and switching to data center, video and collaboration.
Now it’s up to partners to avoid selling standalone products and instead show “how these products work together” and “how they will future proof the architecture,” Chambers said.
“If you’re a partner and you’re selling a commodity product that is not a good [strategy],” said Chambers.
Competitors that are asking partners to sell commodity products are “asking them to commoditize their businesses,” said Rob Lloyd, Cisco executive vice president of worldwide operations.
That said, journalists reminded Cisco execs of the company’s slipping share of the switching market (Cisco’s switching revenue has declined while Hewlett-Packard Networking’s has risen), executives agreed the message around the role of switching in an overall architectural play may need to be better communicated.
“We have more work to do both internally and with our partners to accentuate architectural differences,” said Lloyd. “John made the point that our portfolio has never been stronger … our 2960 switches and 3750s have never been better … we need to do a better job in emphasizing the role that Medianet plays and that TrustSec plays and that new applications will play.”
Cisco has introduced a major refresh of every part of its switching line in the past couple of years – and analysts have said the transition was poorly managed. Cisco execs admitted that the company introduced more product at once than it was prepared to handle on the marketing or business side.
“Rob and I never had the chance to add more than one switching product per year,” said Chambers. “When you suddenly transition everything from the 7000 to the 5000 all the way down to the Nexus line, and you look at what we’re doing with the 3000, and the ramp-up speed of how quickly they were accepted … When you bring out new product it always takes four or five years to catch up with margins … It’s just that we’ve never had so much innovation [at once].”
Chambers continued, “Make no mistake about this, we will control the market transition … We’re very well positioned from the data center all the way down.”
Looks like the Cisco supply chain shortage is an epidemic. HP Networking sent a memo to channel partners dated Jan 21, 2011 outlining a backlog of Power over Ethernet (PoE) access switches due to a chipset shortage. Production of these switches won’t resume until June, the memo says.
HP will use what little inventory it has left to fill backlogged orders first. It is unclear how long partners and users have already been waiting on these switches.
HP Networking’s market share has grown steadily this year while Cisco has seen its share of the Ethernet switching market decline 7%. HP’s growth has largely been due to competitively priced switches and lifetime warranties that Cisco can’t meet. But now some wonder whether that competitive pricing and increased market share also contributed to the current backlog.
One channel partner who works with both HP and Cisco believes the backlog is due to the same shortages that have hit many networking and wireless vendors. However, he confirmed a rapid growth in his company’s HP switch sales, which have been spurred by HP’s competitive pricing and customer push-back against Cisco’s SmartNet requirements.
Backlogged products include:
- J9299A: HP E2520-24G-PoE Switch
- J9137A: HP E2520-8-PoE Switch
- J9138A: HP E2520-24-PoE Switch
- JD877A : HP V1905-8-PoE Switch
- JD050A: HP NJ1000G IntelliJack
- JD051A: HP NJ1000G IntelliJack 20-pack
- JD057A: HP NJ2000G Intellijack
- JD058A: HP NJ2000G Intellijack 20-pack
As an alternative to these switches, HP’s memo suggests users consider buying step-up switches in the same lines or the non-PoE equivalents.
HP did not return calls to for comment. In the memo, the company wrote that it is “working earnestly to pull in the delivery dates” from its supplier.
In data centers virtualization has created a bit of a network security black hole for engineers. Firewalls have no problem applying and enforcing security policies to server-to-server traffic in a data center, but traffic between virtual machines (VMs) on a virtualized server is another story.
A few months ago I reported about how vendors like Cisco and Check Point have created software that essentially extends the reach of physical firewalls into a server’s hypervisor. At the time, Juniper was developing the same capability by partnering with virtualization security startup Altor Networks. Not long after I wrote that story, Juniper bought Altor. Now just a couple months after the deal Juniper has announced that it’s integrated Altor’s technology with its firewalls, the SRX Series Services Gateway products. Juniper’s new vGW Virtual Gateway is a hypervisor-level firewall based on Altor’s technology. Network engineers can deploy vGW on every virtualized server in a data center and then manage and enforce security on the VMs on those servers through the SRX hardware.
“Typically we see the data center carved up into different [security] zones,” said Peter Lunk, director of product marketing at Juniper. “We’ve done integration so that the vGW can pull down zone information from the SRX and then it can populate and place individual VMs sitting on that server into the different zones assigned by the SRX. Then it can push that information up to the SRX. Now you can see all the way down to the VM level and see which virtual machines are sitting in which zone. Now [engineers] have control over whether you can move VMs in and out of those zones. And if you’re turning up a new VM, [engineers can control] which zone it needs to be attached to. If someone is trying to change the VM we have some control over that as well.”
A product like this gives network security engineers renewed visibility and control over what’s happening within virtual infrastructure. It should also have plenty of application in cloud computing environments as well.
The vGW can also mirror traffic within hypervisors up to the SRX so that the SRX can perform deep analysis on packets and basic reporting on any anomalies. Lunk said Juniper will expand on this mirroring capability in the future. He declined to offer details, but undoubtedly Juniper will add some automated security response features to the SRX for traffic mirrored by the vGW.
Lunk said Juniper has also done some engineering work to make Altor’s syslogs compatible with its own, so that the vGW can report into Juniper’s Security Threat Response Manager (STRM).
As the IETF and the IEEE finish baking their similar, but competing standards – Transparent Interconnects of Lots of Links (TRILL) and Shortest Path Bridging (NPB) – Extreme Networks is offering a software upgrade that delivers one of the benefits of TRILL and SPB today, without any hardware replacement.
TRILL and SPB promise to solve several architectural issues in data center networks today. Extreme aims to emulate just one of the benefits of the emerging standards. TRILL and SPB free up unused bandwidth in a network caused by spanning tree protocol (STP). STP prevents loops from forming in a network topology by closing off redundant paths. Those redundant paths only open if the primary link fails. TRILL and SPB allow all redundant links to be open, which allows Ethernet frames to take the shortest path to their destination. SPB and TRILL also allow multiple links to be in active-active mode, with data traffic aggregating across them.
Both TRILL and SPB are available today in a small amount of pre-standard products from some vendors. The use of TRILL and SPB will require hardware upgrades, so enterprises that want to benefit from the technology will have to replace their network infrastructure.
Extreme Networks has introduced a software upgrade across its switching portfolio that can give enterprises a portion of the functionality TRILL and SPB promises. And it delivers this capability without requiring new hardware.
Extreme has combined its Direct Attach Virtual Machine switching feature with its Multi-System Link Aggregation (M-LAG) feature to deliver a new “M-LAG Direct Attach” architecture. Basically, this software upgrade allows a customer to set pairs of upstream links in active-active mode, which enables upstream link aggregation.
“This provides enterprises the ability to have an active-active path in the data center today,” said Shehzad Merchant is the Senior Director of Strategy for Extreme. “Link aggregation technology has been around a long time. We’ve taken that technology and extend it. Now you can take a server with two NICs and bond those NICs with link aggregation and dual-home those into two upstream switches. If one switch or one NIC goes down, traffic automatically migrates to the second link. But if both are up, traffic aggregates across both those links.”
Unlike TRILL and SPB’s ability to work with arbitrary, multi-homed topologies, Exteme’s M-LAG Direct Attach only works with dual-homed links. M-LAG Direct Attach is also a proprietary technology, so you will need Extreme switches both upstream and downstream to make it work.
Apparently attendees at Gartner’s Data Center Summit held in Las Vegas last month weren’t too enthusiastic on Fibre Channel over Ethernet (FCoE) as an avenue toward data center network convergence. In a brief note based on findings at the meeting, “Data Center Summit Attendees Cast Doubts on Breadth of FCoE Deployments,” Gartner analysts Joe Skorupa and Robert Passmore say that more attendees were looking at IP-based storage protocol iSCSI or network-attached storage (NAS) as alternatives to FCoE for I/O convergence.
Of the 100 attendees the analysts surveyed at the show 27% said they are already converging with NAS and iSCSI, 23% are planning to use NAS and iSCSI and 32% plan to use FCoE in the next three years. No one reported using FCoE today.
In the conversations I’ve had with data center and networking pros, it sounds like the convergence path a company takes will mostly depend on the infrastructure they already have in place. Fibre Channel shops will want to use FCoE in order to get more out of their storage area network investments. iSCSI shops will see no reason to invest in FCoE. They’ll just upgrade to lossless 10 Gigabit Ethernet and converge iSCSI and production traffic onto the same wire.