IT Jobs
Interesting times for networking
Is security, intelligence and a standard CLI the recipe for success?
By Bryan Betts, Techworld | Techworld
Published: 16:00 GMT, 01 February 08
It's been an unusually busy fortnight in the world of networking. This week saw Cisco launch its first data centre "God-box" and Juniper dive into enterprise switching with a whole new range of hardware.
In addition, Force10 added a midrange chassis switch and unified its operating system offerings, and ConSentry introduced new software for its NAC-enabled switches, making them application-aware.
Then last week we had new application delivery controllers (ADCs) from Cisco, Radware and F5 - while at the same time Juniper dumped its ADC family. Cisco also had a bunch of other announcements at its Networkers event in Barcelona, including updated Catalyst switches.
A number of common strands emerge from all the above, in particular the increasing importance in switching of the operating system and of security capabilities. It's also appears to be more important now - for everyone except Cisco, perhaps - for companies to concentrate on and make use of their core strengths.
Also notable in these recent announcements were high-density 10G Ethernet, with several of them featuring eight-port 10G line cards, and Power-over-Ethernet.
Both Force10 and Juniper, with their focus on offering the same OS and command line interface (CLI) across the range, were taking an implicit swipe at Cisco. One of Juniper's execs at the EX series launch event even showed a slide that looked very like Cisco's IOS software roadmap with all the labels removed, to show just how horrid things can get if you let things proliferate.
Cisco hasn't helped matters either. Its powerful new Nexus switches can be partitioned into virtual switches and support both server and storage networking (the latter via FCoE), but to do this they've been outfitted with yet another OS. This is called NX-OS and combines IOS with SAN-OS, the operating system from Cisco's storage switches on a Linux base, the company said.
Meanwhile, Juniper is promising quarterly updates of its JunOS source code which will apply to all of its routers and switches. JunOS is modular though, so not all modules will apply to all devices, and they don't all use the same processors either, so while the source code will be common, the binaries will need to be recompiled.
Will users want to update all their switches and routers quarterly, even if they all have the same CLI? Probably not, according to Frank Ziegler, the VP of communications at the Philadelphia Stock Exchange, which has been beta-testing the new Juniper switches.
"There's only two reasons to upgrade - one, because your current code is going out of support, or two, because you need a new feature that's in there," he said. He added, "We probably upgrade on an 18 month cycle."
Zeigler said that the biggest benefit of the common OS is that configurations are portable, so policies defined on an edge switch can be move to the core, for example.
Like others before them - such as Enterasys, and perhaps Cisco with TrustSec - both Juniper and ConSentry majored on the the security features of their switches.
ConSentry's have the company's NAC (network access control) technology built-in, along with enough intelligence to pull a user's role out of the corporate directory and then apply the appropriate application-level permissions to that port.
Juniper has taken a different approach. Its EX edge switches are almost half the price of ConSentry's but are not as intelligent - they still need a separate controller, such as Juniper's UAC security appliance, to define the necessary rules and push them to the switch.
EX is more than just 802.1X port control though, said Mike Banic, Juniper's senior product marketing director.
"802.1X is a very basic protocol, it's not QOS and so on - it's Layer 2 policies," he argued. "We can push firewall policies from Layer 2 to 4 to the switch and enforce them, including port configuration, QOS, VLAN and so on."
Not surprisingly, ConSentry's CTO and founder, Jeff Prince, pronounced himself unimpressed. "This product set falls short of today's enterprise demands, and the limited functionality gives companies little reason to consider Juniper during a switch upgrade," he claimed.
He added, "The product line is based on the legacy switch architecture, with no unique intelligence for user or application control. While the company discussed the need for application control, this was billed as a future deliverable available in the second half of the year, and only as a blade in the chassis switch designed for the LAN core."
Still, along with the extra speed that 10G brings, and of course the option of PoE, the addition of any extra intelligence to the network says a lot about where these suppliers think corporate networking is headed - especially when you consider that most of these companies have also talked about enabling third-parties to port application modules directly onto switches.
Could it be that the switch is becoming a platform, and the network becoming a server? It seems that today's network admins and managers do indeed live in interesting times.
.gif)
SANs tuned for virtualisation
Add your commentComments