Cisco Turns Routers Into Linux App Servers 121
symbolset writes "InternetNews is reporting that Cisco's new Application eXtension Platform turns several models of Cisco switches into Linux application servers. With certified libraries in C, Java and Perl, developers will be able to use a downloadable SDK to build their apps. The AXP server is just another module in a Cisco switch running Cisco's own derivation of a modern Linux distro (Kernel 2.6.x) specifically hardened to run on that particular hardware. Modules will include up to 1.4-GHz Intel Pentiums with 2 GB RAM and a 160 GB hard drive."
Cue the beowulf cluster jokes (Score:4, Interesting)
Yes, it runs linux.
Yes, I know they're switches, not routers.
Now... anybody got any interesting applications for this?
NSLU2 is cool (Score:5, Interesting)
Re:Before we get too excited (Score:3, Interesting)
As generic blade it looks like fail. Only one OS supported, probably expensive, Cisco license needed to build application packages.
Could be useful for making network appliances. Datasheet mentions IOS integration.
Re:Cue the beowulf cluster jokes (Score:5, Interesting)
Now the power of having an API into the Cisco hardware and software is a completely different story. That may be something that is really interesting. It will allow moving many tasks that are now exclusive to big closed and expensive OSS systems to the frontline where they really belong.
By the way, this has been long coming. The first time I heard about this was circa 2003. Nice to see it finally making the light of day.
Re:Clear the Confusion (Score:2, Interesting)
http://www.google.com/search?q=cache:lUV1QODDQO8J:findarticles.com/p/articles/mi_qa3649/is_199406/ai_n8712161+Cabletron+PCMIM&hl=en&ct=clnk&cd=2&gl=us&client=firefox-a
"PCMIM is essentially a personal computer within a hub. It is an Intel Corp. 486DX/2-based processor that lets customers load applications--such as management, routing and communications softwareonto the hub rather than in on a separate PC attached to the hub."
I used to work for Cabletron Systems and I'd have to say that I never saw too many folks with PCMIMs in use. It seemed like a cool idea and I used to play around in the labs (1996), throw Slackware Linux on them with Squid, OpenLDAP, sendmail, etc. to try to make a complete "office in a box".
One of the reasons why it wasn't so popular was that it was underpowered and overpriced. You miss out on economies of scale in comparison to the rest of the PC/server industry.
Maybe Cisco will have better luck with it than previous attempts.
Re:What I want from Cisco (Score:3, Interesting)
It's simple: Sandbox for third party "value added" (Score:3, Interesting)
There are a bunch of things you'd like to do in a (non-backbone) router (i.e. and edge router or an enterprise router). Like high-intelligence packet filtering (such as malware detection). You'd like to do these in the routers at the edge of the ISP's network (where the packets for a customer finally come together after load-balancing multipathing), at the incoming firewall, and in the switches/routers within a campus LAN (i.e. to block the spread of viruses/worms once a behind-the-firewall machine is compromised.)
Some of the expertese to do this is in other companies than the router makers. It would cost a LOT to replicate this in a router company. (Example: The infrastructure to surveil for malware, analyze it, extract signatures, and maintain databases of them.) Better to partner with such companies, letting them provide the components they do well.
But there are a lot of potential problems with letting third parties build their software into the guts of the router:
- The processors and related infrastructure aren't optimized for performing this extra work.
- The amount of extra processing is enormous.
- Router internals don't provide a lot of protection from buggy - or malicious - code. Much of this is traded away for efficiency, minimizing the per-packet overhead. Major-league software QA substitutes for many hardware safeguards. Modules provided by third parties could break the router code, make it miss its performance requirements, and/or insert malware vulnerabilities in the routers themselves.
- Letting partners provide modules means giving them considerable visibility into the guts of the router. This means the router company's "secret sauce" recipies leave the building. The more partnering is done, the more potential leaks to the competition. (And the partners have much less incentive to protect the router company's secrets.)
A "resource card" design - a card fitting into a linecard slot, carrying the company's backplane routing interface plus commodity and/or special purpose processors, with their own API for plugging into the box's routing infrastructure, solves these problems.
- The box's routing code remains with the router company. It only needs to identify the packets requiring attention from the third-party resource, route them to the appropriate resource card, and route the result onward to the destination.
- The third party has an easy-to-understand environment that closely matches what they already work with and provides all the hooks they need. No "secret sauce" recipie required.
- The third party's code is compartmentalized - on hardware that provides security hooks as a given. Even if it is compromised the worst it can do is send malicious packets across the backplane to other line cards or across the control interface to the management processor(s) - and these can be alert for problems and protect themselves, just as they do from nasties arriving on network interfaces.
A switch (or router, whatever) chassis is a ridiculously valuable piece of real estate... why would you want to spend that slot space plugging in PCs when they could just as easily be somewhere else, on the end of an ethernet cable?
Because a backplane is SO much faster and a single box system SO much cheaper (especially in rack-unit rent) than a multi-box, router/server system.
For starters: A multi-box system doing any kind of filtering puts the packets through the switch TWICE, once on its way to the third-party resource, once on its way back. You'll need to chew up a slot or two just to provider enough networking bandwidth to exchange one slot's full line rate worth of traffic with the resource. So why fill the front of the card with interfaces and packet processors just for the handoff, when you could put the resource there in the first place and save a box?
Putting the resource in a
Re:What I want from Cisco (Score:1, Interesting)
Yes, Broadcom has a stranghold.. but they're cheap.
OS = Obese Software (Score:2, Interesting)