Cisco Turns Routers Into Linux App Servers

symbolset writes "InternetNews is reporting that Cisco's new Application eXtension Platform turns several models of Cisco switches into Linux application servers. With certified libraries in C, Java and Perl, developers will be able to use a downloadable SDK to build their apps. The AXP server is just another module in a Cisco switch running Cisco's own derivation of a modern Linux distro (Kernel 2.6.x) specifically hardened to run on that particular hardware. Modules will include up to 1.4-GHz Intel Pentiums with 2 GB RAM and a 160 GB hard drive."

Cue the beowulf cluster jokes

[symbolset]

Yes, it runs linux.

Yes, I know they're switches, not routers.

Now... anybody got any interesting applications for this?

oops

[symbolset]

Yes, I know they're switches, not routers.

That was routers, not switches.

Err in haste, repent at leisure.

Re:

[alex4u2nv]

Actually neither routers, nor switches: a hybrid application server that routes traffic or vice versa.

Re:Cue the beowulf cluster jokes

[Anonymous Coward]

Imagine a baowulf cluster of these...

Re:

[unforkable]

Applications? Just imagine a single "appliance" integrating switching features with (for example) asterisk soft pbx, apache for web-based management, iptables and snort for security... I mean this is just an example... the power of linux is in its adapdability to (almost) all situations and needs.

Re:Cue the beowulf cluster jokes

[arivanov]

The power of linux is mostly irrelevant here. OK, fine, a blade, and so what? It is more expensive than most 1U servers out there.

Now the power of having an API into the Cisco hardware and software is a completely different story. That may be something that is really interesting. It will allow moving many tasks that are now exclusive to big closed and expensive OSS systems to the frontline where they really belong.

By the way, this has been long coming. The first time I heard about this was circa 2003. Nice to see it finally making the light of day.

Re:

[klapaucjusz]

Now... anybody got any interesting applications for this?

Enhancing Cisco's bottom line?

See, there's a lot of network engineers that are trained to mindlessly buy from Cisco whatever the cost. Right now, they're buying switches and routers from Cisco, but application servers from other suppliers. If Cisco starts making servers, they will buy the servers from Cisco, no matter whether they are twice as expensive as the same hardware from Dell.

Re:

[Constantine XVI]

Imagine using one to netboot/control a bunch of machines for a Beowulf cluster

Re:

[witherstaff]

It could be a way to cheaply implement openCALEA [opencalea.org]. Of course, openCALEA would need to be a complete solution too. Realtime, remote packet sniffing in a wacky protocol. The cheapest units I've seen that fully meet the requirements are 5 - 10K.

With anything that falls under an "ISP" label needing to be CALEA compliant there is a huge need - even if you're just a small coffee shop that wants to give a WIFI hotspot you need to be compliant.

Ok so

[aztektum]

I've read the marketing release. Now I ask /.

What can you do with this?

Before we get too excited

[symbolset]

It might be interesting to read the data sheet [cisco.com].

10/100/1000 Gigabit Ethernet connectivity to router backplane

meh.

Re:

[LarsG]

Yeah, backplane is kinda bummer.

As generic blade it looks like fail. Only one OS supported, probably expensive, Cisco license needed to build application packages.

Could be useful for making network appliances. Datasheet mentions IOS integration.

Re:

[BridgeBum]

Yeah - it would be much more exciting if they came out with something similar for their 6500 series switches with a big backplane. The ISR routers are intended for branch offices, they aren't big power houses.

Re:

[aproposofwhat]

Given the proposed specs of these (1.4 GHz processor, 160GB HDD, 2GB RAM), I doubt whether the app server could benefit from direct backplane connection.

Now if they were to stick a Niagra on one of these babies, then I could see a massively multithreaded application benefiting, but that isn't likely to happen anytime soon.

Re:

[anss123]

A Niagra is a wee bit more costly than an old Pentium. Doubt we'll ever see server oriented chips in office routers - app server or not.

AXP environment require an authorization key

[Anonymous Coward]

check this out

Q. How does one develop an application for the AXP service module?

A. Both existing and newly developed applications must be ported to the AXP runtime environment by packaging them using the AXP SDK, which ships with the AXP hardware and software. The SDK package tool creates installation packages that can be loaded on the AXP blade. AXP developers are authorized by Cisco using the AXP Development Partner Program and require an authorization key in order to perform packaging of software.

http://www.cisco.com/en/US/prod/collateral/routers/ps9701/qa_c67_463943.html

Only "authorized" apps... means not a full server

[justsomecomputerguy]

Requiring authorization will probably cripple its usefulness as a Linux App Server...

BUT! whoever sells/buys this gets to say both "Yes, we're running Linux too" and "But were not really because its all locked down" depending on which constituency they are talking too: The pro open source crowd or the pro security through obscurity crowd.

Reminds me of way back in the days when Novell used to claim Netware 4.x-6.5 was an App Server too: It was a GREAT File and Print Server, with GREAT Directory Services

Re:

[IdleTime]

Time until first 419-scam server is loaded after the first one is placed on the net: less than 42 seconds...

NSLU2 is cool

[bcrowell]

Another Cisco gadget that's cool as a cheap linux box is the NSLU2 [wikipedia.org]. For $80, you get a pretty full-featured Linux system. It's the size of a paperback, and draws a negligible amount of power. I use mine as a music server. There's a very lively and helpful user community on IRC. There are various options for modifying or replacing the system it ships with to get a more general-purpose linux box, running off of an external flash drive.

No, you don't get it.

[Ungrounded Lightning]

For $80, you get a pretty full-featured Linux system.

According to the Wikipedia entery you quote, its status is "Discontinued - no longer shipping."

Is this correct? Is there a followon to replace it?

Re:

[Briareos]

For $80, you get a pretty full-featured Linux system.
According to the Wikipedia entery you quote, its status is "Discontinued - no longer shipping."

Is this correct? Is there a followon to replace it?

That must be the page for the V1 model, since the NSLU2 is alive and well [linksys.com] on LinkSys' product pages.

np: Underworld - Spikee (Underworld 1992-2002 (Disc 1))

What I want from Cisco

[Midnight Thunder]

Great and I applaud them for doing something truly nerdy. What I am still waiting for is proper for a CISCO VPN client that works well under Linux and MacOS X, and not just Windows. It is irritating to enable firewall requirements, only to find that the only version that supports it is CISCO VPN Client for Windows.

Rant over, now you may mod me down.

Re:

[zx-15]

vpnc works pretty good under linux

Re:What I want from Cisco

[caseih]

The open source vpnc works pretty well on my linux box. I'm permanently vpn'd into my work's Cisco VPN concentrator. Granted it still can't do key rotation, so I have to reconnect it every 8 hours or so.

Cisco's linux support sucks in general, though. Their management software won't support it in any way. Ironic, really, since most work gets done in a terminal on cisco hardware. At least a serial port can't be made to be linux-incompatible.

Re:

[PingXao]

Have you looked at Broadcom lately? They make Cisco look like God's gift to Linux. They are absolutely paranoid, anal even, about releasing any technical information about any of their chips. And Broadcom is everywhere.

Re:

[GXTi]

And Broadcom is everywhere.

Especially in my laptop, where the disgusting heap of silicon they call a wireless chipset can't even connect to an AP 15 feet away without me reloading the firmware 8 times and bouncing the interface as if it were a broken VGA cable.

Re:

[Anonymous Coward]

So broadcom documentation describes a chip with a lot of unused pins, yet we find chips broadcasting clock signals down these pins. To make things interesting, it's only on the chips we receive from Broadcom. From another lab/project, these same pins are dead. I'm pretty sure Broadcom is acting like Monsanto and enforcing their draconian NDA by watching the customers developers. If they suspect they are releasing even the slightest [broadcom.com] bit of information to the public, they turn ">around and sue that co [zdnet.com]

Re:

[Abalamahalamatandra]

They are getting there, though - I recently put in a new ASA 5540 pair set up for the AnyConnect SSL VPN client, which all of the documentation says "supports Linux". I had a problem getting the client working on Ubuntu, but when I opened up a TAC ticket they got me an early release version that did the trick. The AnyConnect client works well on Ubuntu other than the fact that the installer tries to set the vpnagentd to start up at system start and fails, so you have to start it manually from a command p

Re:

[nicc777]

The Linux Cisco VPN works 100% - the only irritating thing for me is that you need to compile it - it's not in the standard repositories.

Re:

[Dr_Barnowl]

No it doesn't. It doesn't support the firewall requirement ; as the GP poster said.

For those not familiar, this requires that your VPN client firewalls itself off from its local network and only participates as a network node in the VPN.

The Linux client doesn't support this. This is presumably because if you have source that supports it (your reply seems to indicate that you have source for the base client, but AFAIK it doesn't include this feature), you could compile a client which claimed it complied, but

Re:

[Midnight Thunder]

The only way you can assure the firewall requirement is in place is with a closed binary, preferably cryptographically signed, running in a closed environment. AKA, Windows.

This could also be achieved on MacOS X 10.5, where signing of binaries is supported and even recommended. Additionally I am sure it could be possible for the server side of the VPN to probe the client to see if a suitable configuration is in place. The way I could imagine this happening is for the server to do a routing probe and see if

Re:

[Midnight Thunder]

If the router has a client firewall requirement, then it fails. I have even tried vpnc and this confirms what I learnt from the official client:

concentrator configured to require a firewall
this locks out even Cisco clients on any platform expect windows
which is an obvious security improvment. There is no workaround (yet).
I have tried both on Linux and MacOS X, and the only client that seems to work consistently is the Windows client. This does not mean that I have never got the Mac o

Re:

[Kalriath]

The concentrator also refuses to let Vista clients connect too. Not surprising really, just another app on the list of "not supported by Vista" programs.

Re:

[judo_badger]

We're using it on all three platforms. It works very well on Mac and Linux for us.

Re:

[ckaminski]

CiscoVPN 4.6 works great under both Windows and Mac OS X.

Too bad I have to stop using it because we're turning on network access control and Cisco Clean Access Agent isn't available on Mac OS X. My Macbook users are PISSED. :(

Re:

[Constantine XVI]

Forgive my extremely limited understanding of the software, but our uni uses Clean Access, and both my Eee (Ubuntu) and my friend's PowerBook haven't had a problem logging in via their web login

Re:

[ckaminski]

Interesting. I'm wondering if they are in "warning" mode as opposed to enforcement mode? Do you get warning when you perform a login?

Re:

[Constantine XVI]

Nope, and I don't think they force anyone to use CAA. Every non-lab machine I've seen just logs in via web, and the lab machines will fallback to the web login if we try to use the network before CAA kicks in. I even connected from a Win laptop with firewall and AV explicitly disabled, and it let it right on through.

(PS: Just a student, have no idea what's actually going on in the sausage factory, just observations)

Re:

[helixcode123]

What sort of problems are you having? I've been using the cisco VPN client for Linux for years now, first under Mand(rake|riva) and under Ubuntu for the last 2 years or so.

Re:

[analog_line]

What I don't understand is why Cisco dumped the 5000 series concentrator, which was technically superior in every way I could find, and had client support for just about everything (including MacOS, pre X) for the craptastic 3000 series, which supported Windows only, supported fewer tunnels at less speed, and had a really, really bad UI. I was working with a team of other contractors to spec a big VPN network for a very big company, had been working with Cisco for months on it, and delivered our spec for 5

Re:

[bensode]

Huh? I installed Cisco's v4.8 linux vpn client for 32bit and 64bit systems without a hitch for both PIX and ASA Cisco devices ... what I see are tons of complaints about just the opposite. The Vista client is unstable and there is no 64bit working client for XP or Vista.

Re:

[QuoteMstr]

Why TCP over TCP is a bad idea [sites.inka.de]

Re:

[lukas84]

The points are absolutely valid for a site-to-site vpn. But they don't matter in a road warrior setup, where Firewall traversal is more important than performance.

Re:

[QuoteMstr]

openvpn uses plain old UDP so works just fine over a firewall. It even supports ethernet bridging. Who exactly is modern here?

I don't get it

[seanadams.com]

So this is a whole hardware server module that you stuff into a switch? Why?

A switch (or router, whatever) chassis is a ridiculously valuable piece of real estate... why would you want to spend that slot space plugging in PCs when they could just as easily be somewhere else, on the end of an ethernet cable?

Or is this intended for some highly specialized application where the linux system in tightly integrated with the host hardware in some way?

Re:I don't get it

[menace3society]

I think it's Cisco trying to muscle in on the server market. When you think servers, you don't think Cisco. You think Sun, IBM, HP, Dell, etc. But when you think routers and switches, you think Cisco. So if a Cisco rep can come along and say, "Hey, look, this is a piece of networking hardware, not a server, but it can do everything a server can for less money. Plus if you get this it's one less piece of equipment that can fail on you," they can start getting orders for these. If you were a PHB, would you rather have two boxes that each do one thing, or one box that does everything, and is super-cool "new" gear to boot?

It's like DEC with the PDP-1. Everyone *knew* in those days that a "computer" was a big, room-sized monstrosity that cost upwards of a million dollars and required a staff of dozens just to run; people figured there was only demand for 10 or so of those things on the planet. But DEC didn't sell "computers," they sold "Programmable Digital Processors," so companies bought them. The rest is history, and I guess Cisco is banking on being able to pull off the same thing with their new gear.

Re:

[CastrTroy]

Well, if I was a PHB, I probably would want one box that does everything. However, if I was a network admin, it might be nice to not put all my eggs in one basket. Having multiple boxes means that if one thing breaks, at least other stuff still works. Also, if one thing breaks, that one thing costs less than the box that does everything, and is cheaper to get everything back to working order.

Re:

[discogravy]

you (to your PHB): [all the stuff above about layered approach, not consolidating everything, eggs in 1 basket, etc etc]
boss (to you): good idea!

boss to saleshole: [all your ideas about not everything in 1 basket, multiple boxes]
saleshole to boss: of course! that's why we offer failover capabilities! you just need to buy 2 of everything!

boss to you: here's 2 of those everything-in-one machines. you're welcome. oh, and they cost a fortune multiplied by 2. so no raise for you.

exeunt boss

Re:

[ronocdh]

Plus if you get this it's one less piece of equipment that can fail on you.

This is partly a joke, but that sounds more to me like, "Hey, we made a bigger basket! Why not pile all those eggs on in there?"

Re:

[menace3society]

That's my point, the PHB mentality (as opposed to that of the admin who's really responsible for uptime) is to go for the all in one. I haven't decided if Cisco's apparent strategy is really clever, or really evil.

Re:

[Kizeh]

No. This is so the ISR can do wacky stuff that's more complex / third party developed than just the IOS / Firewall / LWAPP / VoIP feature set at remote office or smaller facilities. It's absolutely not going to try to replace a real server of any kind.

Re:

[BBandCMKRNL]

It's like DEC with the PDP-1. Everyone *knew* in those days that a "computer" was a big, room-sized monstrosity that cost upwards of a million dollars and required a staff of dozens just to run; people figured there was only demand for 10 or so of those things on the planet. But DEC didn't sell "computers," they sold "Programmable Digital Processors," so companies bought them.

Close, but not quite right. From Wikipedia [wikipedia.org] and consistent from what I was told when I was employed by DEC, "At the time, the VC market was hostile to computer companies, and investors shied from their plans. The original business plan named the company "Digital Computer Corporation," but AR&D required that the name be changed to DEC. Instead, DEC started building small digital "modules" such as flip flops, gates, and transformer drivers that could be combined to run scientific and engineering experimen

Re:

[Zerth]

More like they realized they couldn't shrink the size of the switch enclosure without making it look "cheap"(much like that oversized WalMart linux PC). So they stuck a bunch of blades in the switch and said "here, run software on these instead of buying a real server, it's a feature!"

Re:

[CastrTroy]

Why would you need a switch if everything is housed in a single box?

Mono?

[rhendershot]

see architecture pic: http://www.cisco.com/en/US/prod/collateral/routers/ps9701/images/white_paper_c11_459082-5.jpg [cisco.com]

It would seem that Mono could be a runtime for apps also. Anybody know why that might not work?

As to why you'd want this on the router, you already have a footprint in that space. Virtualization and Consolidation = decreased (branch) footprint.

Cisco says it this way: http://www.cisco.com/en/US/prod/collateral/routers/ps9701/white_paper_c11_459082.html [cisco.com]

Customer and Partner Value Propositions

Re:

[symbolset]

It would seem that Mono could be a runtime for apps also. Anybody know why that might not work?

Jesus, why don't you just run Vista on it if you want to fit your Microsoft crud into everything. Yeah... Vista -- in your router! Two gigs of RAM, a 1.2 GHz processor, plenty of storage! Vista oughta run just fine, eh?

"It looks like you're issuing a dynamic IP address. [cancel] [allow]?"

Re:

[mikkelm]

How often do you really see fully equipped modular networking hardware at the distribution layer?

It's simple: Sandbox for third party "value added"

[Ungrounded Lightning]

So this is a whole hardware server module that you stuff into a switch? Why?

There are a bunch of things you'd like to do in a (non-backbone) router (i.e. and edge router or an enterprise router). Like high-intelligence packet filtering (such as malware detection). You'd like to do these in the routers at the edge of the ISP's network (where the packets for a customer finally come together after load-balancing multipathing), at the incoming firewall, and in the switches/routers within a campus LAN (i.e. to

Re:

[Anonymous Psychopath]

So this is a whole hardware server module that you stuff into a switch? Why?

A lot of Cisco's new stuff runs on a Linux kernel. Their call control server (CallManager or Unified Communications Manager, they changed the name last year and it hasn't stuck well) has run on a modified version of Red Hat since version 5.0 and they still OEM servers from HP and IBM for the hardware to run it on. It would be interesting if they could run integrate those servers into a redundant switch architecture instead, and reduce Cisco's dependencies on OEM manufacturers at the same time. I've not act

Re:

[DarkOx]

I don't know where you have been but Cisco has used intel process in most of their equipment for a long time now. Pop the cover off pix sometime you will find a pentium. The same is true for most routers. I have not opened a switch up for a long time, those may or may not be intel.

Re:

[Anonymous Psychopath]

Intel CPUs are not common at all in Cisco routers, if they were ever used at all. Other than their server-based products, as far as I know they only used Intel CPUs in the PIX, and that series is end-of-sale. Most of the routers use Motorola CPUs.

I happen to have a Cisco ISR router open on the floor next to me while I'm typing this, and no Intel silicon is in sight.

The network is the computer

[bar-agent]

I didn't expect them to take the phrase "the network is the computer" quite so literally.

Copycat of 3Com OSN

[dwenger]

Looks like Cisco is copying a 3Com innovation that has been available for over a year. 3Com OSM's are not only available for their routers, but also their 5500G switches.

http://www.3com.com/osn/ [3com.com]

Re:

[Kizeh]

There have been basically linux-based blades in Cisco world ever since the Catalyst 5500 doing various security and service things. There's really nothing new in this story, apart from the opening of these things to third-party development. Saying that Cisco is copying 3Com is quite ironic, considering where 3Com gets most of its network gear.

Re:

[dwenger]

Linux-based blades for applications have been commonplace in the industry for years. The part that is newsworthy of both OSN and AXP is opening the platform to 3rd parties and potentially open-source applications. In looking at AXP, running Open Source applications doesn't look like much of an option, which is part of 3Com's key strategy. I'm also curious about your comment regarding where 3Com gets most of it's network gear, what was meant by that if I can ask?

Re:

[Kizeh]

3Com/Huawei vs. Cisco in patent dispute [nytimes.com]

Re:

[dwenger]

Old news, resolved long ago. 3Com now entirely owns the H3C joint venture that was started in 2003.

MTBF?

[lohphat]

The point on making the f/w an appliance is that it has a predictable operating profile and known MTBF and reliability.

By opening it up as an app server, you're encouraging turning your key gateway security device into a one-off, unique, unpredictable infrastructure component.

Money To Burn F*****

[leuk_he]

Why let a serious multi thousend dollar switch run a applation stack you can run on a 500euro desktopc pc? Well, there are 3 ways yo spend money:

-Women. Most expense one, but definity most fun.
-Gambling. Most unsure way to loose money.
-Computers, most sure way to spend a large amoutn of money.

PS, not sure what the F stands for in MTBF.

Re:

[Belial6]

The reason you would do this is because you have already been authorized to spend a crap load of money on the Cisco switches. An extra $800 or $900 won't even get noticed. It you want to put the app on a $500 pc, you have to start from the beginning to get authorization. That's not even going to touch on the fact that you might have to rationalize new software on a PC, while it might only be considered a upgrade on the switch.

Stupid? Yes.
Does it happen? Yes.

Re:

[Kizeh]

Because you need functionality that integrates with the router. Or because you want something that can be tested and provisioned at HQ, then mailed down to a bunch of remote sites that don't have the facilities or expertise to set up a separate box, let alone reliably.
This isn't a "server" that's going to be running user-interactive tasks or application serving or email etc. It's a way for people to build business-specific applications into the router to tailor its functionality for a specific business.

Sir, they're hacking our network

[Cousarr]

"Well, figure out where it's coming from"
"It's coming from the network sir"
"Of course it is, now where is it?"
"No, sir. The network is hacking itself. It's coming from one of the switches"

First it was printers that could run applications. Pop a tunneling app on the printer and remote in and now you're hacking them from their printer. Now switches can run apps too. Sure, a lot of problems related to this could be avoided by proper network administration but it's just one more thing to worry about if

Clear the Confusion

[greendeath]

Disclaimer- I work for Cisco as an Entrprise Sales Engineer

Lets clear a few terms up first-
Switch- Handles moving packets between endpoints on a single IP Subnet (layer 2 Device)

Router- Moves packets between different IP Subnets (Layer 3 Device)

Firewall- Applies security rules to routed packets

While the line is blurring physically between theses functions, as alot of switches can route and routers can switch, the logical functions are still the same. Your Standard Linksys/Dlink/netgear is a switch/router/firewall combined.

The AXP platform is a module that fits into our ISR router family, NOT into any switches.

Yes, the space in a router is valuable, that is exactly why companies want to get as much value as possible out of it. Most companies are looking for ways to consolidate and cetralize to reduce costs and ease management while adding features and functionality. Virtualization is the buzzword of the day.

Applications- Think about a company that has 200 remote offices that each have a server, if that server could be collapsed into a router blade (in combination with some other cisco technology like WAAS, that is possible) you reduce management, hardware and maintenance costs, electricity costs (green is also the word of the day) and provide the necessary services integrated into the heart of the network. Pretty cool.

It may be a little bit of "If you build it, they will come" so we built it, now let the programmers loose, change the game and build something cool.

Re:

[Anonymous Coward]

Cabletron Systems had the same idea over 14 years ago:

http://www.google.com/search?q=cache:lUV1QODDQO8J:findarticles.com/p/articles/mi_qa3649/is_199406/ai_n8712161+Cabletron+PCMIM&hl=en&ct=clnk&cd=2&gl=us&client=firefox-a

"PCMIM is essentially a personal computer within a hub. It is an Intel Corp. 486DX/2-based processor that lets customers load applications--such as management, routing and communications softwareonto the hub rather than in on a separate PC attached to the hub."

I used to

Re:

[RazzleDazzle]

Why not go the other way and have good strong hardware to virtualize some routers using Cisco router simulators to run your IOS instead of Cisco hardware? As an example: http://www.ipflow.utc.fr/blog/ [ipflow.utc.fr]

I am guessing this would be way cheaper and would not be surprised if it violated some Cisco rules and doubtfully would be supported by Cisco if you needed to some help from their TAC.

Nah

[Colin Smith]

Sorry, nope.

If that server could be collapsed into a router blade (in combination with some other cisco technology like WAAS, that is possible) you reduce management, hardware and maintenance costs, electricity costs (green is also the word of the day)

Nah. there's just as much management cost, the service is still there.
Hardware cost? A Dell vs a Cisco router blade... Hmm...
Maintenance... A Dell vs a Cisco router... Hmm...

And integrating services into the "heart of the network"? The network should be a dumb connection. It shouldn't be running services.

Re:

[LarsG]

Think about a company that has 200 remote offices that each have a server, if that server could be collapsed into a router blade (in combination with some other cisco technology like WAAS, that is possible) you reduce management, hardware and maintenance costs, electricity costs (green is also the word of the day) and provide the necessary services integrated into the heart of the network. Pretty cool.

A Cisco blade will be cheaper than a Dell? Pull the other one. ;-p

The blade is limited to running one particular Linux distro and you can't load software on it without a Cisco certificate. That will seriously reduce the possibility for replacing branch servers with this blade.

Re:

[Doug Neal]

Are you sure? The Catalyst 6000 series does Layer 3 but is still classed as a switch.

Re:

[greendeath]

Are you sure? The Catalyst 6000 series does Layer 3 but is still classed as a switch

Yes, I sell, configure and support them everyday. The 6000 family are switches. Over the last 10 years or so, routing functions have moved into switching hardware and we now have "layer 3 switches". Forget that it is one box, the switching and routing functions are logically separate and still follow the same rules as stand alone devices, but by running them on the same hardware you can get performance and features that

Re:

[LarsG]

routing functions have moved into switching hardware and we now have "layer 3 switches". Forget that it is one box, the switching and routing functions are logically separate and still follow the same rules as stand alone devices, but by running them on the same hardware you can get performance and features that are not possible on separate physical devices.

Routing is routing whether it happens in software or in hardware. Yes, you can get performance and feature benefits by having both routing and switching done by a single device. But calling it a "layer 3 switch" still smells of marketese, it is mixing up L2 and L3 terminology.

Re:

[klapaucjusz]

Switch- Handles moving packets between endpoints on a single IP Subnet (layer 2 Device)

Yes, that's the terminology that honest people use. But Cisco's marketheads call "switch" anything that does forwarding in hardware, even if it's actually a router. Hence their somewhat quaint references to "layer 3 switches".

See them advertising their "Layer 3 switches [cisco.com]".

Re:

[Big Jason]

Switch- Handles moving packets between endpoints on a single IP Subnet (layer 2 Device)

A Layer 2 device is not IP aware, perhaps you meant "broadcast domain"?

Re:

[greendeath]

A Layer 2 device is not IP aware, perhaps you meant "broadcast domain"?

Yes, you are correct, but I was going for a simple explanation and didn't want to confuse things any more. And most of the time a single IP Subnet is also a single broadcast domain.

I'm confused.

[fuzzyfuzzyfungus]

So, this exciting new product is basically an underpowered and overpriced server blade that consumes slot space in your very expensive router? Well, at least it has a 10/100/1000 ethernet connection to the switch backplane, no way you could have a connection like that to a physically separate device.*snicker* Plus, it's locked down hard, and development requires Cisco's extra special blessing, that part makes me feel snuggly and secure!

Re:

[iamhigh]

if you could run untangle [untangle.com] on it that would be cool. anybody know if that would be possible?

Re:

[Pavan_Gupta]

possible

Python not Perl

[bitMonster]

The APIs are available in C, Java, and Python. The article says this, but the summary is wrong.

Juniper already sells Linux-based systems

[Lennie]

Juniper's Linux IPS Hits 10Gb/sec [internetnews.com]

Re:

[Lennie]

I just pointed at the article to point out Juniper is also delivering products based on Linux.

I wasn't passing judgement about how well it works.

Ofcourse Cisco already did too, through the company they've bought, LinkSys.

Re:

[Anonymous Psychopath]

There are also many non-Linksys products from Cisco that are built on a Linux kernel, mostly in their voice/messaging/video/presence application servers.

Re:

[discogravy]

not to mention that any of the filtering products (netscreen/FW/IDP) that they produce knock throughput down between 40-60% (depending on amount of traffic -- I have personally seen a 1 gig fiber link drop to 600megs just by passing through a juniper 5200 FW with deep packet inspection turned on (it's turned on by default). 10Gbps is still very far away for most vendors. IPv6 is /marginally/ closer.

For ISR Routers - not switches

[tlon]

FYI, the AXP solution is for Cisco Integrated Services Routers - the modular enterprise branch routers... Not for its switches. This is a branch play.

Missing the point?

[4g1vn]

While I believe there is a need for consolidation of equipment to reduce the footprint/power consumption required in remote offices. I think some of us are missing the point here.

1) I know this has been identified in other posts but, these modules work with the ISR ROUTERS, not the switches. They include the 1800, 2800, and 3800 series.

2) The specifications of the modules (AIM/NM) are really not that impressive. The 3800 series NM (NME-APPRE-522-K9) is about the only one I would even consider if "runn

Database App front-end?

[haakondahl]

I don't know much about this, and the press release wasn't exactly illuminating, but said the APIs include Python. So if I have a SQL server hanging off of this AppServer/ISR, would that be a good place to deploy the front-end to a database?

OS = Obese Software

[deanston]

The Point, though Cisco isn't bragging it, is about control. What part of the network do you want to exert control on applications and data? Traditional concept of "the network as the computer" as proposed by Sun or Oracle puts the OS in charge, commoditizing servers, and requiring only dumb network switches and routers. This is about taking back the leverage and power companies like Cisco, 3Com, and Juniper felt they have given away. And this development finally begin to make each network device intelligen

Its an iPhone in a switch

[argent]

Before an application can actually be deployed onto an AXP, a certification process must first be completed. Part of the process includes a license agreement from Cisco as well as a support contract. The certification also provides a mechanism to ensure that only certified applications are deployed on the AXP.

Or maybe a Tivo in a switch?

Re:

[technomom]

Yeah, that set of lines made me stop and think. What would they certify? Why of course, applications that don't compete with CISCO's own applications and services, silly!

Re:

[argent]

Oh, I can see the logic. Having the code restricted to code that Cisco has certified will make it an easier sell for network administrators and consultants dealing with passive-aggressive IT managers, corporate standards, and so on.

If you want to run uncertified code in a Cisco switch there's already NetBSD and Linux ports to run on Cisco hardware. And don't forget that the PIX started out as basically a rack-mounted PC.

Some ideas on how to apply

[_ph1ux_]

What about using it as a departmental imaging server.

With a 160GB drive - put some images on the router - plug a machine into a VLAN and the machine could then boot off the network and be imaged with the system image for that department/VLAN.

It could be used for Caching and proxy services.

How about a web based chat channel. - jsut enter the IP of your default Gateway and you get a web based chat room. You can see all the other people on your subnet hanging from that device - and see its peers - you could th

Hardened my ass

[Lord Kestrel]

Cisco claiming a piece of software they make is hardened is absurd. In the past, they've used Redhat 7.1 as the base for their appliances, shipping security software with 5 year old versions of openssh and Apache, and then tried to claim they were "hardened". After breaking in, they turn out to be off the shelf RH 7.1, just without cups running.

Cisco and software do not get along. They make ok hardware (overpriced, but it works), but they have never once made a good piece of software.