Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Cisco Turns Routers Into Linux App Servers

Soulskill posted about 6 years ago | from the tux-service dept.

Networking 121

symbolset writes "InternetNews is reporting that Cisco's new Application eXtension Platform turns several models of Cisco switches into Linux application servers. With certified libraries in C, Java and Perl, developers will be able to use a downloadable SDK to build their apps. The AXP server is just another module in a Cisco switch running Cisco's own derivation of a modern Linux distro (Kernel 2.6.x) specifically hardened to run on that particular hardware. Modules will include up to 1.4-GHz Intel Pentiums with 2 GB RAM and a 160 GB hard drive."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered


Cue the beowulf cluster jokes (4, Interesting)

symbolset (646467) | about 6 years ago | (#23054984)

Yes, it runs linux.

Yes, I know they're switches, not routers.

Now... anybody got any interesting applications for this?

Re:Cue the beowulf cluster jokes (5, Funny)

Anonymous Coward | about 6 years ago | (#23055036)

Imagine a baowulf cluster of these...

Re:Cue the beowulf cluster jokes (1)

unforkable (956731) | about 6 years ago | (#23055362)

Applications? Just imagine a single "appliance" integrating switching features with (for example) asterisk soft pbx, apache for web-based management, iptables and snort for security... I mean this is just an example... the power of linux is in its adapdability to (almost) all situations and needs.

Re:Cue the beowulf cluster jokes (0)

Anonymous Coward | about 6 years ago | (#23055570)

Well Cisco has a broad portfolio of PBX, management, firewall and IDS/IPS products, so I bet they're not in need of Asterisk, Apache, Iptables or Snort.

Re:Cue the beowulf cluster jokes (4, Interesting)

arivanov (12034) | about 6 years ago | (#23055640)

The power of linux is mostly irrelevant here. OK, fine, a blade, and so what? It is more expensive than most 1U servers out there.

Now the power of having an API into the Cisco hardware and software is a completely different story. That may be something that is really interesting. It will allow moving many tasks that are now exclusive to big closed and expensive OSS systems to the frontline where they really belong.

By the way, this has been long coming. The first time I heard about this was circa 2003. Nice to see it finally making the light of day.

Re:Cue the beowulf cluster jokes (1)

klapaucjusz (1167407) | about 6 years ago | (#23057340)

Now... anybody got any interesting applications for this?

Enhancing Cisco's bottom line?

See, there's a lot of network engineers that are trained to mindlessly buy from Cisco whatever the cost. Right now, they're buying switches and routers from Cisco, but application servers from other suppliers. If Cisco starts making servers, they will buy the servers from Cisco, no matter whether they are twice as expensive as the same hardware from Dell.

Re:Cue the beowulf cluster jokes (1)

witherstaff (713820) | about 6 years ago | (#23059072)

It could be a way to cheaply implement openCALEA [opencalea.org]. Of course, openCALEA would need to be a complete solution too. Realtime, remote packet sniffing in a wacky protocol. The cheapest units I've seen that fully meet the requirements are 5 - 10K.

With anything that falls under an "ISP" label needing to be CALEA compliant there is a huge need - even if you're just a small coffee shop that wants to give a WIFI hotspot you need to be compliant.

Ok so (1)

aztektum (170569) | about 6 years ago | (#23054986)

I've read the marketing release. Now I ask /.

What can you do with this?

Re:Ok so (0)

Anonymous Coward | about 6 years ago | (#23055020)

Imagine a Beowulf cluster of Cisco Linux cards. It would be like a blade computer chassis, only 10 times more expensive. Bravo! My IT department will surely love this.

Before we get too excited (2, Informative)

symbolset (646467) | about 6 years ago | (#23055042)

It might be interesting to read the data sheet [cisco.com].

10/100/1000 Gigabit Ethernet connectivity to router backplane


Re:Before we get too excited (2, Interesting)

LarsG (31008) | about 6 years ago | (#23055616)

Yeah, backplane is kinda bummer.

As generic blade it looks like fail. Only one OS supported, probably expensive, Cisco license needed to build application packages.

Could be useful for making network appliances. Datasheet mentions IOS integration.

Re:Before we get too excited (1)

BridgeBum (11413) | about 6 years ago | (#23056004)

Yeah - it would be much more exciting if they came out with something similar for their 6500 series switches with a big backplane. The ISR routers are intended for branch offices, they aren't big power houses.

Re:Before we get too excited (1)

aproposofwhat (1019098) | about 6 years ago | (#23060456)

Given the proposed specs of these (1.4 GHz processor, 160GB HDD, 2GB RAM), I doubt whether the app server could benefit from direct backplane connection.

Now if they were to stick a Niagra on one of these babies, then I could see a massively multithreaded application benefiting, but that isn't likely to happen anytime soon.

AXP environment require an authorization key (5, Informative)

Anonymous Coward | about 6 years ago | (#23054994)

check this out

Q. How does one develop an application for the AXP service module?

A. Both existing and newly developed applications must be ported to the AXP runtime environment by packaging them using the AXP SDK, which ships with the AXP hardware and software. The SDK package tool creates installation packages that can be loaded on the AXP blade. AXP developers are authorized by Cisco using the AXP Development Partner Program and require an authorization key in order to perform packaging of software.


Only "authorized" apps... means not a full server (1)

justsomecomputerguy (545196) | about 6 years ago | (#23055104)

Requiring authorization will probably cripple its usefulness as a Linux App Server...

BUT! whoever sells/buys this gets to say both "Yes, we're running Linux too" and "But were not really because its all locked down" depending on which constituency they are talking too: The pro open source crowd or the pro security through obscurity crowd.

Reminds me of way back in the days when Novell used to claim Netware 4.x-6.5 was an App Server too: It was a GREAT File and Print Server, with GREAT Directory Services (eDirectory compared to early Active Directory), but it sure was NOT a great App Server.

Re:AXP environment require an authorization key (1)

IdleTime (561841) | about 6 years ago | (#23055220)

Time until first 419-scam server is loaded after the first one is placed on the net: less than 42 seconds...

Re:AXP environment require an authorization key (0)

Anonymous Coward | about 6 years ago | (#23060310)

I love context. Now consider how similar the terms of this are to say the iPhone SDK. People are in an uproar about that because it's a phone. Maybe google will open on switches for the masses? Thought not.

NSLU2 is cool (4, Interesting)

bcrowell (177657) | about 6 years ago | (#23055034)

Another Cisco gadget that's cool as a cheap linux box is the NSLU2 [wikipedia.org]. For $80, you get a pretty full-featured Linux system. It's the size of a paperback, and draws a negligible amount of power. I use mine as a music server. There's a very lively and helpful user community on IRC. There are various options for modifying or replacing the system it ships with to get a more general-purpose linux box, running off of an external flash drive.

No, you don't get it. (2, Informative)

Ungrounded Lightning (62228) | about 6 years ago | (#23055442)

For $80, you get a pretty full-featured Linux system.

According to the Wikipedia entery you quote, its status is "Discontinued - no longer shipping."

Is this correct? Is there a followon to replace it?

Re:No, you don't get it. (2, Informative)

Briareos (21163) | about 6 years ago | (#23056722)

For $80, you get a pretty full-featured Linux system.
According to the Wikipedia entery you quote, its status is "Discontinued - no longer shipping."

Is this correct? Is there a followon to replace it?
That must be the page for the V1 model, since the NSLU2 is alive and well [linksys.com] on LinkSys' product pages.

np: Underworld - Spikee (Underworld 1992-2002 (Disc 1))

router, not switch (0)

Anonymous Coward | about 6 years ago | (#23055038)

This allows apps to run on a module plugged into a Cisco _router_ , not a switch.

What I want from Cisco (4, Insightful)

Midnight Thunder (17205) | about 6 years ago | (#23055050)

Great and I applaud them for doing something truly nerdy. What I am still waiting for is proper for a CISCO VPN client that works well under Linux and MacOS X, and not just Windows. It is irritating to enable firewall requirements, only to find that the only version that supports it is CISCO VPN Client for Windows.

Rant over, now you may mod me down.

Re:What I want from Cisco (3, Informative)

caseih (160668) | about 6 years ago | (#23055176)

The open source vpnc works pretty well on my linux box. I'm permanently vpn'd into my work's Cisco VPN concentrator. Granted it still can't do key rotation, so I have to reconnect it every 8 hours or so.

Cisco's linux support sucks in general, though. Their management software won't support it in any way. Ironic, really, since most work gets done in a terminal on cisco hardware. At least a serial port can't be made to be linux-incompatible.

Re:What I want from Cisco (2, Interesting)

PingXao (153057) | about 6 years ago | (#23055734)

Have you looked at Broadcom lately? They make Cisco look like God's gift to Linux. They are absolutely paranoid, anal even, about releasing any technical information about any of their chips. And Broadcom is everywhere.

Re:What I want from Cisco (1)

GXTi (635121) | about 6 years ago | (#23057670)

And Broadcom is everywhere.
Especially in my laptop, where the disgusting heap of silicon they call a wireless chipset can't even connect to an AP 15 feet away without me reloading the firmware 8 times and bouncing the interface as if it were a broken VGA cable.

Re:What I want from Cisco (1, Interesting)

Anonymous Coward | about 6 years ago | (#23059576)

So broadcom documentation describes a chip with a lot of unused pins, yet we find chips broadcasting clock signals down these pins. To make things interesting, it's only on the chips we receive from Broadcom. From another lab/project, these same pins are dead. I'm pretty sure Broadcom is acting like Monsanto and enforcing their draconian NDA by watching the customers developers. If they suspect they are releasing even the slightest [broadcom.com] bit of information to the public, they turn ">around and sue that company [zdnet.com].

Yes, Broadcom has a stranghold.. but they're cheap.

Re:What I want from Cisco (2, Informative)

Abalamahalamatandra (639919) | about 6 years ago | (#23058084)

They are getting there, though - I recently put in a new ASA 5540 pair set up for the AnyConnect SSL VPN client, which all of the documentation says "supports Linux". I had a problem getting the client working on Ubuntu, but when I opened up a TAC ticket they got me an early release version that did the trick. The AnyConnect client works well on Ubuntu other than the fact that the installer tries to set the vpnagentd to start up at system start and fails, so you have to start it manually from a command prompt.

Now, Secure Desktop is the next hurdle - when I enable that my client never connects. Have to work through that one as well.

VPNC works well for me too, except for the key rotation part which sucks.

Re:What I want from Cisco (0)

Anonymous Coward | about 6 years ago | (#23055194)

Ummm, it's called WebVPN or SSH-VPN. All you need is an SSH-enabled browser. Works with MS, Apple, Linux, BSD, whatever. You don't need a VPN client anymore... that's sooo 2005

Re:What I want from Cisco (1)

QuoteMstr (55051) | about 6 years ago | (#23055524)

Re:What I want from Cisco (1)

lukas84 (912874) | about 6 years ago | (#23055776)

The points are absolutely valid for a site-to-site vpn. But they don't matter in a road warrior setup, where Firewall traversal is more important than performance.

Re:What I want from Cisco (1)

QuoteMstr (55051) | about 6 years ago | (#23058472)

openvpn uses plain old UDP so works just fine over a firewall. It even supports ethernet bridging. Who exactly is modern here?

Re:What I want from Cisco (1)

nicc777 (614519) | about 6 years ago | (#23055236)

The Linux Cisco VPN works 100% - the only irritating thing for me is that you need to compile it - it's not in the standard repositories.

Re:What I want from Cisco (1)

Dr_Barnowl (709838) | about 6 years ago | (#23055796)

No it doesn't. It doesn't support the firewall requirement ; as the GP poster said.

For those not familiar, this requires that your VPN client firewalls itself off from its local network and only participates as a network node in the VPN.

The Linux client doesn't support this. This is presumably because if you have source that supports it (your reply seems to indicate that you have source for the base client, but AFAIK it doesn't include this feature), you could compile a client which claimed it complied, but didn't. Or because the user has so much control over a Linux environment that Cisco doesn't feel safe claiming that it could.

The only way you can assure the firewall requirement is in place is with a closed binary, preferably cryptographically signed, running in a closed environment. AKA, Windows.

Personally, I find the firewall requirement deeply frustrating, because it prevents you from using your locally networked resources ; you might have a printer, a gateway that's faster than using a remote gateway over VPN, etc. But I can understand it, because the administrators who enable it have obviously learned the hard way (or just heard tales from those who have) - Windows is not a secure network OS, and they have to defend their networks from people ill-informed enough to put Windows on a naked internet connection.

Re:What I want from Cisco (1)

Midnight Thunder (17205) | about 6 years ago | (#23057712)

The only way you can assure the firewall requirement is in place is with a closed binary, preferably cryptographically signed, running in a closed environment. AKA, Windows.

This could also be achieved on MacOS X 10.5, where signing of binaries is supported and even recommended. Additionally I am sure it could be possible for the server side of the VPN to probe the client to see if a suitable configuration is in place. The way I could imagine this happening is for the server to do a routing probe and see if it succeeds. If the server can't contact the router on the local network or connect out of the network, then is probably safe enough - granted I haven't thought of every scenario, but its a possibility.

Re:What I want from Cisco (1)

Midnight Thunder (17205) | about 6 years ago | (#23057688)

If the router has a client firewall requirement, then it fails. I have even tried vpnc and this confirms what I learnt from the official client:

  concentrator configured to require a firewall
  this locks out even Cisco clients on any platform expect windows
  which is an obvious security improvment. There is no workaround (yet).

I have tried both on Linux and MacOS X, and the only client that seems to work consistently is the Windows client. This does not mean that I have never got the Mac or Linux clients to work, its just they don't work with every Cisco router configuration out there.

Re:What I want from Cisco (2, Informative)

Kalriath (849904) | about 6 years ago | (#23058172)

The concentrator also refuses to let Vista clients connect too. Not surprising really, just another app on the list of "not supported by Vista" programs.

Re:What I want from Cisco (-1, Flamebait)

Anonymous Coward | about 6 years ago | (#23055538)

you applaud them for doing something truely nerdy? who the fuck are you? it's by their grace that you have the word nerdy in your vocabulary. another slashfag trying to think that he's something more than he is. it's fucking cisco, not some off-brand shit from thinkgeek.
if you're so fucking high and mighty why don't you work on a solution yourself instead of pulling your dick and playing wow?

Re:What I want from Cisco (0)

Anonymous Coward | about 6 years ago | (#23055590)

Read his journal - the guy is an idiot.

Re:What I want from Cisco (0)

Anonymous Coward | about 6 years ago | (#23056294)

I have no problem with Cisco VPN 4.9 on my mac.

Re:What I want from Cisco (1)

ckaminski (82854) | about 6 years ago | (#23056490)

CiscoVPN 4.6 works great under both Windows and Mac OS X.

Too bad I have to stop using it because we're turning on network access control and Cisco Clean Access Agent isn't available on Mac OS X. My Macbook users are PISSED. :(

Re:What I want from Cisco (1)

Constantine XVI (880691) | about 6 years ago | (#23057992)

Forgive my extremely limited understanding of the software, but our uni uses Clean Access, and both my Eee (Ubuntu) and my friend's PowerBook haven't had a problem logging in via their web login

stock markup FraUDs turning penguins into cash.. (-1, Offtopic)

Anonymous Coward | about 6 years ago | (#23055118)

cows. eye gas that's gooed gnus? let yOUR conscience be yOUR guide. you can be more helpful than you might have imagined. there are still some choices. if they do not suit you, consider the likely results of continuing to follow the corepirate nazi hypenosys story LIEn, whereas anything of relevance is replaced almost instantly with pr ?firm? scriptdead mindphuking propaganda or 'celebrity' trivia 'foam'. meanwhile; don't forget to get a little more oxygen on yOUR brain, & look up in the sky from time to time, starting early in the day. there's lots going on up there.


is it time to get real yet? A LOT of energy is being squandered in attempts to keep US in the dark. in the end (give or take a few 1000 years), the creators will prevail (world without end, etc...), as it has always been. the process of gaining yOUR release from the current hostage situation may not be what you might think it is. butt of course, most of US don't know, or care what a precarious/fatal situation we're in. for example; the insidious attempts by the felonious corepirate nazi execrable to block the suns' light, interfering with a requirement (sunlight) for us to stay healthy/alive. it's likely not good for yOUR health/memories 'else they'd be bragging about it? we're intending for the whoreabully deceptive (they'll do ANYTHING for a bit more monIE/power) felons to give up/fail even further, in attempting to control the 'weather', as well as a # of other things/events.


dictator style micro management has never worked (for very long). it's an illness. tie that with life0cidal aggression & softwar gangster style bullying, & what do we have? a greed/fear/ego based recipe for disaster. meanwhile, you can help to stop the bleeding (loss of life & limb);


the bleeding must be stopped before any healing can begin. jailing a couple of corepirate nazi hired goons would send a clear message to the rest of the world from US. any truthful look at the 'scorecard' would reveal that we are a society in decline/deep doo-doo, despite all of the scriptdead pr ?firm? generated drum beating & flag waving propaganda that we are constantly bombarded with. is it time to get real yet? please consider carefully ALL of yOUR other 'options'. the creators will prevail. as it has always been.

corepirate nazi execrable costs outweigh benefits
(Score:-)mynuts won, the king is a fink)
by ourselves on everyday 24/7

as there are no benefits, just more&more death/debt & disruption. fortunately there's an 'army' of light bringers, coming yOUR way. the little ones/innocents must/will be protected. after the big flash, ALL of yOUR imaginary 'borders' may blur a bit? for each of the creators' innocents harmed in any way, there is a debt that must/will be repaid by you/us, as the perpetrators/minions of unprecedented evile, will not be available. 'vote' with (what's left in) yOUR wallet, & by your behaviors. help bring an end to unprecedented evile's manifestation through yOUR owned felonious corepirate nazi glowbull warmongering execrable. some of US should consider ourselves somewhat fortunate to be among those scheduled to survive after the big flash/implementation of the creators' wwwildly popular planet/population rescue initiative/mandate. it's right in the manual, 'world without end', etc.... as we all ?know?, change is inevitable, & denying/ignoring gravity, logic, morality, etc..., is only possible, on a temporary basis. concern about the course of events that will occur should the life0cidal execrable fail to be intervened upon is in order. 'do not be dismayed' (also from the manual). however, it's ok/recommended, to not attempt to live under/accept, fauxking nazi felon greed/fear/ego based pr ?firm? scriptdead mindphuking hypenosys.

consult with/trust in yOUR creators. providing more than enough of everything for everyone (without any distracting/spiritdead personal gain motives), whilst badtolling unprecedented evile, using an unlimited supply of newclear power, since/until forever. see you there?

"If my people, which are called by my name, shall humble themselves, and pray, and seek my face, and turn from their wicked ways; then will I hear from heaven, and will forgive their sin, and will heal their land."

meanwhile, the life0cidal philistines continue on their path of death, debt, & disruption for most of US. gov. bush denies health care for the little ones;


whilst demanding/extorting billions to paint more targets on the bigger kids;


& pretending that it isn't happening here;

all is not lost/forgotten/forgiven

(yOUR elected) president al gore (deciding not to wait for the much anticipated 'lonesome al answers yOUR questions' interview here on /.) continues to attempt to shed some light on yOUR foibles. talk about reverse polarity;


I don't get it (3, Insightful)

seanadams.com (463190) | about 6 years ago | (#23055160)

So this is a whole hardware server module that you stuff into a switch? Why?

A switch (or router, whatever) chassis is a ridiculously valuable piece of real estate... why would you want to spend that slot space plugging in PCs when they could just as easily be somewhere else, on the end of an ethernet cable?

Or is this intended for some highly specialized application where the linux system in tightly integrated with the host hardware in some way?

Re:I don't get it (5, Insightful)

menace3society (768451) | about 6 years ago | (#23055224)

I think it's Cisco trying to muscle in on the server market. When you think servers, you don't think Cisco. You think Sun, IBM, HP, Dell, etc. But when you think routers and switches, you think Cisco. So if a Cisco rep can come along and say, "Hey, look, this is a piece of networking hardware, not a server, but it can do everything a server can for less money. Plus if you get this it's one less piece of equipment that can fail on you," they can start getting orders for these. If you were a PHB, would you rather have two boxes that each do one thing, or one box that does everything, and is super-cool "new" gear to boot?

It's like DEC with the PDP-1. Everyone *knew* in those days that a "computer" was a big, room-sized monstrosity that cost upwards of a million dollars and required a staff of dozens just to run; people figured there was only demand for 10 or so of those things on the planet. But DEC didn't sell "computers," they sold "Programmable Digital Processors," so companies bought them. The rest is history, and I guess Cisco is banking on being able to pull off the same thing with their new gear.

Re:I don't get it (1)

CastrTroy (595695) | about 6 years ago | (#23055376)

Well, if I was a PHB, I probably would want one box that does everything. However, if I was a network admin, it might be nice to not put all my eggs in one basket. Having multiple boxes means that if one thing breaks, at least other stuff still works. Also, if one thing breaks, that one thing costs less than the box that does everything, and is cheaper to get everything back to working order.

Re:I don't get it (1)

ronocdh (906309) | about 6 years ago | (#23056524)

Plus if you get this it's one less piece of equipment that can fail on you.
This is partly a joke, but that sounds more to me like, "Hey, we made a bigger basket! Why not pile all those eggs on in there?"

Re:I don't get it (1)

menace3society (768451) | about 6 years ago | (#23056754)

That's my point, the PHB mentality (as opposed to that of the admin who's really responsible for uptime) is to go for the all in one. I haven't decided if Cisco's apparent strategy is really clever, or really evil.

Re:I don't get it (1)

Kizeh (71312) | about 6 years ago | (#23059144)

No. This is so the ISR can do wacky stuff that's more complex / third party developed than just the IOS / Firewall / LWAPP / VoIP feature set at remote office or smaller facilities. It's absolutely not going to try to replace a real server of any kind.

Re:I don't get it (1)

Zerth (26112) | about 6 years ago | (#23055238)

More like they realized they couldn't shrink the size of the switch enclosure without making it look "cheap"(much like that oversized WalMart linux PC). So they stuck a bunch of blades in the switch and said "here, run software on these instead of buying a real server, it's a feature!"

Re:I don't get it (0)

Anonymous Coward | about 6 years ago | (#23055268)

It's simple, Intel wants to be in all networked equipment. Since Cisco is well spread around the globe, now you'll have Intel processors inside Cisco routers too. That completes the strategy of Intel of taking over the world.

"What would we do tonight? The same thing we do all nights..."

Re:I don't get it (1)

DarkOx (621550) | about 6 years ago | (#23055360)

I don't know where you have been but Cisco has used intel process in most of their equipment for a long time now. Pop the cover off pix sometime you will find a pentium. The same is true for most routers. I have not opened a switch up for a long time, those may or may not be intel.

Re:I don't get it (1)

Anonymous Psychopath (18031) | about 6 years ago | (#23060210)

Intel CPUs are not common at all in Cisco routers, if they were ever used at all. Other than their server-based products, as far as I know they only used Intel CPUs in the PIX, and that series is end-of-sale. Most of the routers use Motorola CPUs.

I happen to have a Cisco ISR router open on the floor next to me while I'm typing this, and no Intel silicon is in sight.

Mono? (1)

rhendershot (46429) | about 6 years ago | (#23055298)

see architecture pic: http://www.cisco.com/en/US/prod/collateral/routers/ps9701/images/white_paper_c11_459082-5.jpg [cisco.com]

It would seem that Mono could be a runtime for apps also. Anybody know why that might not work?

As to why you'd want this on the router, you already have a footprint in that space. Virtualization and Consolidation = decreased (branch) footprint.

Cisco says it this way: http://www.cisco.com/en/US/prod/collateral/routers/ps9701/white_paper_c11_459082.html [cisco.com]

Customer and Partner Value Propositions
      The nature of the Cisco AXP, that of openness and flexible support of application services, is a catalyst for new growth areas within IT and as far reaching as facilitation of new business processes and enhanced business models. The concept of having application services resident on a Cisco router is appealing to various parts of an organization, be it a desire to minimize physical footprint and maximize service consolidation to hosting a distributed component of an application to promote a new business model. In any case, it is the inherent capability of the Cisco AXP module to assume system-level responsibility of hosting/integrating applications into the network that facilitates these things.

Independent software vendor (ISV) value proposition:
- Addresses Cisco large installed base and use Cisco's well-established channel relationships.
- The Cisco ISR has industry-leading market share. It serves as an excellent platform to integrate applications with security, unified communications, and WAN optimization built in.
- Provides ISVs with a faster time to market.
- Uses Cisco brand name and multi-geography reach.

Channel partner and service provider value proposition:
- Provides additional revenue opportunities and facilitates higher margins.
- Helps move from a product centric approach to a solution centric approach.
- Increases customer penetration and stronger bonds across multiple categories of decision makers.
- Is backed by strong worldwide Cisco support, including Cisco Validated Designs (CVD), training material, documentation, and so on.
- For managed service providers, it further reduces management complexity and on-site administration needs.

Customer value proposition:
- Provides server consolidation and decreased branch footprint.
- Lowers TCO with less power consumption.
- Provides enhanced productivity, better management.
- Provides better network and application services integration.
- Is compliant to industry standards such as payment card industry (PCI), Health Insurance Portability and

Accountability Act (HIPAA), and so on.
- Is one vendor to contact.

Re:Mono? (2, Funny)

symbolset (646467) | about 6 years ago | (#23055712)

It would seem that Mono could be a runtime for apps also. Anybody know why that might not work?

Jesus, why don't you just run Vista on it if you want to fit your Microsoft crud into everything. Yeah... Vista -- in your router! Two gigs of RAM, a 1.2 GHz processor, plenty of storage! Vista oughta run just fine, eh?

"It looks like you're issuing a dynamic IP address. [cancel] [allow]?"

Re:I don't get it (1)

mikkelm (1000451) | about 6 years ago | (#23056728)

How often do you really see fully equipped modular networking hardware at the distribution layer?

Re:I don't get it (0)

Anonymous Coward | about 6 years ago | (#23057242)

One reason is that in an infrastructure of a medium to large network that has centralized the majority of its resources there is still *some* need for local network resources. The router *has* to be there, integrating these features allows the IT organization to meet the local network needs while centralizing the majority of resources and limiting the very costly support (when looked at from the whole view) to one support contract with one device.

Cisco aims to have this device also be more network intelligent and so has supplied the SDK to boot.

Re:I don't get it (0)

Anonymous Coward | about 6 years ago | (#23057666)

Wow, I haven't seen a single comment in this entire discussion that gets it. Cisco's core competency is being commoditized by companies like Vyatta [vyatta.com]. The only thing Cisco really has going for them going forward is momentum and brand loyalty. There's no way in hell they will maintain their lead on the functionality or performance front unless they appeal to the broad developer community using Linux. They will never compete on price, but this move will at least help them keep the wolves at bay a little bit longer.

Our biggest tech companies, like Microsoft and Cisco, were successful because they undercut the big guys. 80% of the features for 20% of the price. No one should be shocked to see history repeat itself.

It's simple: Sandbox for third party "value added" (2, Interesting)

Ungrounded Lightning (62228) | about 6 years ago | (#23058794)

So this is a whole hardware server module that you stuff into a switch? Why?

There are a bunch of things you'd like to do in a (non-backbone) router (i.e. and edge router or an enterprise router). Like high-intelligence packet filtering (such as malware detection). You'd like to do these in the routers at the edge of the ISP's network (where the packets for a customer finally come together after load-balancing multipathing), at the incoming firewall, and in the switches/routers within a campus LAN (i.e. to block the spread of viruses/worms once a behind-the-firewall machine is compromised.)

Some of the expertese to do this is in other companies than the router makers. It would cost a LOT to replicate this in a router company. (Example: The infrastructure to surveil for malware, analyze it, extract signatures, and maintain databases of them.) Better to partner with such companies, letting them provide the components they do well.

But there are a lot of potential problems with letting third parties build their software into the guts of the router:
  - The processors and related infrastructure aren't optimized for performing this extra work.
  - The amount of extra processing is enormous.
  - Router internals don't provide a lot of protection from buggy - or malicious - code. Much of this is traded away for efficiency, minimizing the per-packet overhead. Major-league software QA substitutes for many hardware safeguards. Modules provided by third parties could break the router code, make it miss its performance requirements, and/or insert malware vulnerabilities in the routers themselves.
  - Letting partners provide modules means giving them considerable visibility into the guts of the router. This means the router company's "secret sauce" recipies leave the building. The more partnering is done, the more potential leaks to the competition. (And the partners have much less incentive to protect the router company's secrets.)

A "resource card" design - a card fitting into a linecard slot, carrying the company's backplane routing interface plus commodity and/or special purpose processors, with their own API for plugging into the box's routing infrastructure, solves these problems.

  - The box's routing code remains with the router company. It only needs to identify the packets requiring attention from the third-party resource, route them to the appropriate resource card, and route the result onward to the destination.
  - The third party has an easy-to-understand environment that closely matches what they already work with and provides all the hooks they need. No "secret sauce" recipie required.
  - The third party's code is compartmentalized - on hardware that provides security hooks as a given. Even if it is compromised the worst it can do is send malicious packets across the backplane to other line cards or across the control interface to the management processor(s) - and these can be alert for problems and protect themselves, just as they do from nasties arriving on network interfaces.

A switch (or router, whatever) chassis is a ridiculously valuable piece of real estate... why would you want to spend that slot space plugging in PCs when they could just as easily be somewhere else, on the end of an ethernet cable?

Because a backplane is SO much faster and a single box system SO much cheaper (especially in rack-unit rent) than a multi-box, router/server system.

For starters: A multi-box system doing any kind of filtering puts the packets through the switch TWICE, once on its way to the third-party resource, once on its way back. You'll need to chew up a slot or two just to provider enough networking bandwidth to exchange one slot's full line rate worth of traffic with the resource. So why fill the front of the card with interfaces and packet processors just for the handoff, when you could put the resource there in the first place and save a box?

Putting the resource in a line card slot means it doesn't need its own chassis, power supply, cooling, and control processing infrastructure. It gets these (along with other networking resources) from the router infrastructure and only needs to deal with the packets and control traffic that are its own business.

Finally: Putting the third-party's resource on a plugin card lets the router company rebrand its partners' product as a "feature" in its own product line. This simplifies marketing to end users and system integrators. ("Single box solutions" are quite the in thing currently.)

Re:I don't get it (1)

Anonymous Psychopath (18031) | about 6 years ago | (#23060164)

So this is a whole hardware server module that you stuff into a switch? Why?
A lot of Cisco's new stuff runs on a Linux kernel. Their call control server (CallManager or Unified Communications Manager, they changed the name last year and it hasn't stuck well) has run on a modified version of Red Hat since version 5.0 and they still OEM servers from HP and IBM for the hardware to run it on. It would be interesting if they could run integrate those servers into a redundant switch architecture instead, and reduce Cisco's dependencies on OEM manufacturers at the same time. I've not actually heard anything of the sort, but it makes some sense to me.

Also, Cisco has already been running OS on blades for many years, but it's been closed to third-party developers until this announcement. Their original Network Analysis Module ran on a NT kernel of all things.

The network is the computer (4, Funny)

bar-agent (698856) | about 6 years ago | (#23055170)

I didn't expect them to take the phrase "the network is the computer" quite so literally.

Copycat of 3Com OSN (5, Informative)

dwenger (470452) | about 6 years ago | (#23055190)

Looks like Cisco is copying a 3Com innovation that has been available for over a year. 3Com OSM's are not only available for their routers, but also their 5500G switches.

http://www.3com.com/osn/ [3com.com]

Re:Copycat of 3Com OSN (1)

Kizeh (71312) | about 6 years ago | (#23059162)

There have been basically linux-based blades in Cisco world ever since the Catalyst 5500 doing various security and service things. There's really nothing new in this story, apart from the opening of these things to third-party development. Saying that Cisco is copying 3Com is quite ironic, considering where 3Com gets most of its network gear.

MTBF? (5, Insightful)

lohphat (521572) | about 6 years ago | (#23055210)

The point on making the f/w an appliance is that it has a predictable operating profile and known MTBF and reliability.

By opening it up as an app server, you're encouraging turning your key gateway security device into a one-off, unique, unpredictable infrastructure component.

Money To Burn F***** (1)

leuk_he (194174) | about 6 years ago | (#23055444)

Why let a serious multi thousend dollar switch run a applation stack you can run on a 500euro desktopc pc? Well, there are 3 ways yo spend money:

-Women. Most expense one, but definity most fun.
-Gambling. Most unsure way to loose money.
-Computers, most sure way to spend a large amoutn of money.

PS, not sure what the F stands for in MTBF.

Re:Money To Burn F***** (1)

Belial6 (794905) | about 6 years ago | (#23055866)

The reason you would do this is because you have already been authorized to spend a crap load of money on the Cisco switches. An extra $800 or $900 won't even get noticed. It you want to put the app on a $500 pc, you have to start from the beginning to get authorization. That's not even going to touch on the fact that you might have to rationalize new software on a PC, while it might only be considered a upgrade on the switch.

Stupid? Yes.
Does it happen? Yes.

Re:Money To Burn F***** (1)

Kizeh (71312) | about 6 years ago | (#23059178)

Because you need functionality that integrates with the router. Or because you want something that can be tested and provisioned at HQ, then mailed down to a bunch of remote sites that don't have the facilities or expertise to set up a separate box, let alone reliably.
This isn't a "server" that's going to be running user-interactive tasks or application serving or email etc. It's a way for people to build business-specific applications into the router to tailor its functionality for a specific business.

Why buy cisco anyway? (-1, Flamebait)

Anonymous Coward | about 6 years ago | (#23055320)

Hopefully this will convince even more boneheaded people buying hardware ("I only trust vendor X") that linux is ready for primetime.

Which in longer run inevitably leads to question, why buy hugely expensive specialized devices from cisco or some other brand if you can do it just as well with general hardware and freely available linux/bsd distros.

Sir, they're hacking our network (2, Funny)

Cousarr (1117563) | about 6 years ago | (#23055436)

"Well, figure out where it's coming from"
"It's coming from the network sir"
"Of course it is, now where is it?"
"No, sir. The network is hacking itself. It's coming from one of the switches"

First it was printers that could run applications. Pop a tunneling app on the printer and remote in and now you're hacking them from their printer. Now switches can run apps too. Sure, a lot of problems related to this could be avoided by proper network administration but it's just one more thing to worry about if the network admin gets the order from management to turn those switches into servers because there's not enough room in the budget for more servers.

Clear the Confusion (5, Informative)

greendeath (231782) | about 6 years ago | (#23055460)

Disclaimer- I work for Cisco as an Entrprise Sales Engineer

Lets clear a few terms up first-
Switch- Handles moving packets between endpoints on a single IP Subnet (layer 2 Device)

Router- Moves packets between different IP Subnets (Layer 3 Device)

Firewall- Applies security rules to routed packets

While the line is blurring physically between theses functions, as alot of switches can route and routers can switch, the logical functions are still the same. Your Standard Linksys/Dlink/netgear is a switch/router/firewall combined.

The AXP platform is a module that fits into our ISR router family, NOT into any switches.

Yes, the space in a router is valuable, that is exactly why companies want to get as much value as possible out of it. Most companies are looking for ways to consolidate and cetralize to reduce costs and ease management while adding features and functionality. Virtualization is the buzzword of the day.

Applications- Think about a company that has 200 remote offices that each have a server, if that server could be collapsed into a router blade (in combination with some other cisco technology like WAAS, that is possible) you reduce management, hardware and maintenance costs, electricity costs (green is also the word of the day) and provide the necessary services integrated into the heart of the network. Pretty cool.

It may be a little bit of "If you build it, they will come" so we built it, now let the programmers loose, change the game and build something cool.

Re:Clear the Confusion (2, Interesting)

Anonymous Coward | about 6 years ago | (#23055664)

Cabletron Systems had the same idea over 14 years ago:


"PCMIM is essentially a personal computer within a hub. It is an Intel Corp. 486DX/2-based processor that lets customers load applications--such as management, routing and communications softwareonto the hub rather than in on a separate PC attached to the hub."

I used to work for Cabletron Systems and I'd have to say that I never saw too many folks with PCMIMs in use. It seemed like a cool idea and I used to play around in the labs (1996), throw Slackware Linux on them with Squid, OpenLDAP, sendmail, etc. to try to make a complete "office in a box".

One of the reasons why it wasn't so popular was that it was underpowered and overpriced. You miss out on economies of scale in comparison to the rest of the PC/server industry.

Maybe Cisco will have better luck with it than previous attempts.

Re:Clear the Confusion (1)

RazzleDazzle (442937) | about 6 years ago | (#23055724)

Why not go the other way and have good strong hardware to virtualize some routers using Cisco router simulators to run your IOS instead of Cisco hardware? As an example: http://www.ipflow.utc.fr/blog/ [ipflow.utc.fr]

I am guessing this would be way cheaper and would not be surprised if it violated some Cisco rules and doubtfully would be supported by Cisco if you needed to some help from their TAC.

Nah (1)

Colin Smith (2679) | about 6 years ago | (#23055730)

Sorry, nope.

If that server could be collapsed into a router blade (in combination with some other cisco technology like WAAS, that is possible) you reduce management, hardware and maintenance costs, electricity costs (green is also the word of the day)
Nah. there's just as much management cost, the service is still there.
Hardware cost? A Dell vs a Cisco router blade... Hmm...
Maintenance... A Dell vs a Cisco router... Hmm...

And integrating services into the "heart of the network"? The network should be a dumb connection. It shouldn't be running services.

Re:Clear the Confusion (1)

LarsG (31008) | about 6 years ago | (#23056672)

Think about a company that has 200 remote offices that each have a server, if that server could be collapsed into a router blade (in combination with some other cisco technology like WAAS, that is possible) you reduce management, hardware and maintenance costs, electricity costs (green is also the word of the day) and provide the necessary services integrated into the heart of the network. Pretty cool.
A Cisco blade will be cheaper than a Dell? Pull the other one. ;-p

The blade is limited to running one particular Linux distro and you can't load software on it without a Cisco certificate. That will seriously reduce the possibility for replacing branch servers with this blade.

Re:Clear the Confusion (1)

Doug Neal (195160) | about 6 years ago | (#23056940)

Are you sure? The Catalyst 6000 series does Layer 3 but is still classed as a switch.

Re:Clear the Confusion (1)

greendeath (231782) | about 6 years ago | (#23058994)

Are you sure? The Catalyst 6000 series does Layer 3 but is still classed as a switch
Yes, I sell, configure and support them everyday. The 6000 family are switches. Over the last 10 years or so, routing functions have moved into switching hardware and we now have "layer 3 switches". Forget that it is one box, the switching and routing functions are logically separate and still follow the same rules as stand alone devices, but by running them on the same hardware you can get performance and features that are not possible on separate physical devices.

Re:Clear the Confusion (1)

LarsG (31008) | about 6 years ago | (#23060184)

routing functions have moved into switching hardware and we now have "layer 3 switches". Forget that it is one box, the switching and routing functions are logically separate and still follow the same rules as stand alone devices, but by running them on the same hardware you can get performance and features that are not possible on separate physical devices.
Routing is routing whether it happens in software or in hardware. Yes, you can get performance and feature benefits by having both routing and switching done by a single device. But calling it a "layer 3 switch" still smells of marketese, it is mixing up L2 and L3 terminology.

Re:Clear the Confusion (0)

Anonymous Coward | about 6 years ago | (#23059168)

It's not a switch. cisco just calls it one because their marketing department is full of incompetent morons.

If something routes, then it is a router.

Re:Clear the Confusion (1)

klapaucjusz (1167407) | about 6 years ago | (#23057314)

Switch- Handles moving packets between endpoints on a single IP Subnet (layer 2 Device)

Yes, that's the terminology that honest people use. But Cisco's marketheads call "switch" anything that does forwarding in hardware, even if it's actually a router. Hence their somewhat quaint references to "layer 3 switches".

See them advertising their "Layer 3 switches [cisco.com]".

Re:Clear the Confusion (1)

Big Jason (1556) | about 6 years ago | (#23057632)

Switch- Handles moving packets between endpoints on a single IP Subnet (layer 2 Device)

A Layer 2 device is not IP aware, perhaps you meant "broadcast domain"?

Re:Clear the Confusion (1)

greendeath (231782) | about 6 years ago | (#23059030)

A Layer 2 device is not IP aware, perhaps you meant "broadcast domain"?
Yes, you are correct, but I was going for a simple explanation and didn't want to confuse things any more. And most of the time a single IP Subnet is also a single broadcast domain.

I'm confused. (1)

fuzzyfuzzyfungus (1223518) | about 6 years ago | (#23055470)

So, this exciting new product is basically an underpowered and overpriced server blade that consumes slot space in your very expensive router? Well, at least it has a 10/100/1000 ethernet connection to the switch backplane, no way you could have a connection like that to a physically separate device.*snicker* Plus, it's locked down hard, and development requires Cisco's extra special blessing, that part makes me feel snuggly and secure!

Very old concept. (0)

Anonymous Coward | about 6 years ago | (#23055526)

Cisco has become a slow giant.

MRV had that Zuma router switch (lightreef series) in 2K that did BGP routing, strong switching and you could plug in CPU blades (was PPC G3 and later G4), that ran Debian.

They also marketed it as a developer platform, but i just ran linux on it, one blade for L2 firewall, one blade for load balancer, one for VPN gateway, DNS, Radius etc...

Basically you can build a quick ISP in a box with that Z16 beauty.
For redundancy you just had 2 of them, still cost half than 1 Catalyst 6500 .

Here is an old news post about it from ITworld, since MRV doesnt sell it anymore:

Sad they weren't called Cisco, they might have gotten some front page in Slashdot.

Python not Perl (3, Informative)

bitMonster (189384) | about 6 years ago | (#23055690)

The APIs are available in C, Java, and Python. The article says this, but the summary is wrong.

Juniper already sells Linux-based systems (3, Informative)

Lennie (16154) | about 6 years ago | (#23055844)

Re:Juniper already sells Linux-based systems (0)

Anonymous Coward | about 6 years ago | (#23056002)

Ask them what performance they get on small packets.

At RSA they were dodging all questions on this, but the box is a Xeon Dual Clovertown 8-core system, running linux, and the hw architecture still suffers badly with 64-byte packets. No one else is touting them at 10Gbps because it is only in an ideal UDP large packet case.

Re:Juniper already sells Linux-based systems (1)

Lennie (16154) | about 6 years ago | (#23056804)

I just pointed at the article to point out Juniper is also delivering products based on Linux.

I wasn't passing judgement about how well it works.

Ofcourse Cisco already did too, through the company they've bought, LinkSys.

Re:Juniper already sells Linux-based systems (1)

Anonymous Psychopath (18031) | about 6 years ago | (#23060230)

There are also many non-Linksys products from Cisco that are built on a Linux kernel, mostly in their voice/messaging/video/presence application servers.

For ISR Routers - not switches (1)

tlon (154006) | about 6 years ago | (#23057404)

FYI, the AXP solution is for Cisco Integrated Services Routers - the modular enterprise branch routers... Not for its switches. This is a branch play.

Missing the point? (2, Informative)

4g1vn (840279) | about 6 years ago | (#23057794)

While I believe there is a need for consolidation of equipment to reduce the footprint/power consumption required in remote offices. I think some of us are missing the point here.
1) I know this has been identified in other posts but, these modules work with the ISR ROUTERS, not the switches. They include the 1800, 2800, and 3800 series.
2) The specifications of the modules (AIM/NM) are really not that impressive. The 3800 series NM (NME-APPRE-522-K9) is about the only one I would even consider if "running infrastructure/directory services".
3) Reliability: This is not an enterprise class server. Some of us know the reliability issues with the IDSM blade for the 6500 series switches.
4) The main point of this module is to integrate the network and application layers.
Packet monitoring API. Applications can monitor selected packets flowing through the network for monitoring and analysis purposes. With AXP, the need for a dedicated span port and complex wiring is no longer necessary.
Cisco IOS Software information API. Utilizing this API, an application can programmatically query the router to retrieve current configuration, statistics, routing information, and so on. All information available to the Cisco IOS Software CLI and Simple Network Management Protocol (SNMP) agents are accessible though this interface.
Event trigger API. The event trigger API allows the application to react to changes or events that occur within the router. An application event can be triggered on events such as a router interface failing over, packet loss exceeding a certain threshold, changes to routing table state, and so on.
Cisco IOS Software configuration API. The configuration API allows the application to dynamically change the configuration of the router. Used in conjunction with the monitoring, information, and event trigger APIs, an application can dynamically change the behavior of the router in real time.
Serial device API. AXP provides an application to communicate directly with serial ports of the router. This provides the ability for the integrated services router to support connectivity to traditional and nonstandard devices.

Database App front-end? (1)

haakondahl (893488) | about 6 years ago | (#23058066)

I don't know much about this, and the press release wasn't exactly illuminating, but said the APIs include Python. So if I have a SQL server hanging off of this AppServer/ISR, would that be a good place to deploy the front-end to a database?

OS = Obese Software (2, Interesting)

deanston (1252868) | about 6 years ago | (#23060416)

The Point, though Cisco isn't bragging it, is about control. What part of the network do you want to exert control on applications and data? Traditional concept of "the network as the computer" as proposed by Sun or Oracle puts the OS in charge, commoditizing servers, and requiring only dumb network switches and routers. This is about taking back the leverage and power companies like Cisco, 3Com, and Juniper felt they have given away. And this development finally begin to make each network device intelligent. Just a first step. More power and greater capabilities are sure to come embedded on each new generation of routers and switches. For all the years Linux desktop market share struggle at 1-2%, we are finally seeing the flexibility of Linux take off in areas that will give Windows real trouble - in the low-cost laptops and directly on non-PC devices. While the Gartner boys may argue that Windows need to become more modular, the hardware makers are moving ahead already. Piece by piece they will take away the need to have an all encompassing OS like Windows that controls everything. If the network manages and controls the applications and data, and runs on VMs, then even a traditional OS is just a commodity application on the network. The modern OSs have commoditized servers. Now the h/w and VM makers are trying to commoditize the OS. Sure, Windows has the resources to respond. The relevance of Windows still lies in its 90% desktop software dominance, and parlaying that user dependency into the future of computing. When or whether that dominance will be slowly chipped away through these new developments in mobile and cloud computing advances, hard to say, but sure it's fun to watch all these tech companies fighting for a bigger stake in the ever changing new fields.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account