Cisco To Develop Third-Party APIs For IOS

MT628496 tips a Computerworld article on Cisco's announcement that it plans to build IOS on a UNIX kernel, in modules, and allow third-party developers to access certain parts of it. IOS has traditionally been a closely guarded piece of software without any way for anyone to add functionality. No timetable was given for when APIs will be available. A Forrester analyst said, "...the network is one of the least programmable pieces of the infrastructure. The automation and orchestration market is far more oriented towards servers, storage and desktop environments. The ability to dynamically change the network is a missing component." The article mentions that Juniper Networks had announced on Monday its own developer platform for Juniper routers, and it's available now.

Re:Get a D-Link or a LinkSys, Routers r a commodit

[Jeremiah Cornelius]

IOS is universally accepted. The model of its tiered, context-determined command structure has been emulated by many. This is including Microsoft, with it's cascaded netsh and other command utilities.

That said, this kind of command navigation sucks. You are trapped in a maze of twisty, little prompts, all alike.

The structure of these commands were determined in antiquity, when embedded networking devices were resource starved for storage and memory. That's pretty clearly not the case today.

Screw IOS, its resistance to simple scripting, and its defiance to be committed easily to memory.

Re:Get a D-Link or a LinkSys, Routers r a commodit

[Enleth]

Ever seen a commodity router under a FULL 100Mbit/s load, let alone gigabit? They drop packets, mangle packets, route wrong packets... That is, until they hit a buffer overrun, overheat or just reboot repeatedly for no clear reason. They're not meant for serious use. They're designed to be actually capable of handling whatever Joe Average can do with his home network and nothing more. Because they're commodity hardware. Cheap crap, that is. Period.
People buy those expensive, rackable switches and routers because they want something *reliable* for *serious* use that absolutely requires reliability.

Re:Hmmm.... a Unix based kernel?

[larry bagina]

They use Linux in some Linksys boxes.

Re:Get a D-Link or a LinkSys, Routers r a commodit

[WizardX]

Soory, but I must feed this troll.

Most people do not buy 800 series routers, but if they do, it is typically because of managability and security. When it comes to being able to manage a remote network device and use a central authentication system, Cisco beats the pants off of ANY comsumer grade device.

Once you get to 1800 devices and above (even 1600 and 1700, but they are EOL) you have features that far exceed any consumer device.

Real routing capabilities (RIP, OSPF, EIGRP, ISIS, BRP, etc).
Modular interface cards. You have Modem, ISDN, xDSL, Cable, 56k, DS1, ATM, DS3, SONET, etc.)
QoS. Should be self explanitory
Various security functionality. VPN, tunnles, RADIUS, TACACS+, etc. (I am not a security guy)
Voice Terminate voice, act as a phone system (2800 and 3800) run VXML, etc

These are just the routers. Switches are just as much above the consumer grade as the routers are. QoS, port density, VLANs, true Layer 3, etc.

Both have their place and in some cases, a consumer grade equipment has its place in the corp environment. I have used them many times. T

To say Cisco is a rip-off is pure ignorance. (Do not use the list price to justify yourself either. NO ONE pays list for Cisco gear. As a general rule 35% - 50% is the rule.) Sure Cisco is not the cheapest or the best, but they provide a complete end-to-end solution and everyone knows Cisco. Heck, even Nortel switches and Extreme (I think) made their interfaces to emulate IOS.

Re:Get a D-Link or a LinkSys, Routers r a commodit

[moosesocks]

The three laws of network hardware:

1) Quality network hardware is expensive. Often frighteningly so.

2) If reliability is even remotely important to you, the expense is easily worth it.

3) Failure to comprehend #2 will almost inevitably cost you your job.

Re:Get a D-Link or a LinkSys, Routers r a commodit

[Enleth]

Right, but the OP sounded as if he wanted to use consumer devices for everything - which certainly isn't the brightest idea. Anyway, cheap routers and switches can as well fail under their normal working conditions, been there, seen that, always keeping a spare just in case. I'm currently in charge of an improvised dorm network (about 80 computers, 30Mbit/s connection to the outside world, almost saturated all the time), with a 30-port industrial-grade Cisco switch just by the router and dozens of crappy consumer switches acting as repeaters scattered troughout the rooms, as the building is too large to lay cables directly. Long story short, there is a failure about every two weeks somewhere. Usually a switch just dies, I throw it away and put a new one in there, but sometimes those little bastards look just fine, blink their lights happily - and wreak havoc in the network, sending half a packet here, half a packet there and even more random crap somewhere else, clogging other switches that are just too dumb to ignore a broken packet, so they reboot every couple of seconds. Not much fun, trust me.

Re:May be end-of-life open sourcing

[Anonymous Coward]

Let's clear a few things up.

The QNX used wasn't the operating system "QNX" that most people associate with PC-based embedded systems. It was "Neutrino," a true microkernel with POSIX API's that QNX (the company) started shipping in 1996. This was a completely different and new product from the QNX (operating system) that QNX (the company) had been shipping for many years prior to 1996.

Second, the reason why IOS has run in one (or two) address spaces for so long is easy: think about how you get the fastest possible speed out of a CPU when you're constantly changing address spaces and you have a limited number of TLB's on the CPU architecture. Answer: you try to use as few address spaces as possible, lock down one or two address spaces in a couple of TLB's and you go like a bat out of hell. Oh, and don't trip over bogus pointers, because you're going to bring down the whole box.

As packets flow through IOS, they go up through various different layers of drivers, then possibly through various levels of packet inspection, filtering, access lists, tunnel de-encapsulation, etc, etc... and then they might get bounced from line card to line card only to reverse the same process. Some of the time, some of the functionality is offloaded onto a line card, sometimes it all happens on the same CPU. IOS tends to derive some of its speed on non-assisted platforms (ie, platforms without hardware assisted switching) from keeping the packets, data structures, etc aligned rather carefully on cache line boundaries (and trying to not disturb those cache contents) for the particular CPU in question. Once you start getting into situations where you start switching address spaces, possibly sending messages or using mutexes/semaphores to control shared data structure access, etc... getting the same packet throughput on a CPU becomes rather challenging, especially as the features multiplied by the number of interfaces goes up.

The situation in the highest end platforms is one where as much of the packet throughput as possible is offloaded onto the hardware line cards and switching engine, leaving the main CPU doing only control plane functions (routing protocols, spanning tree, SNMP, etc). This used to be the model in the cisco AGS+ days, when there was a 80-bit wide custom horizontal microcode machine doing switching from cBus interface to cBus interface. It took awhile to re-discover why this was the preferred model for router hardware.
 

Re:Get a D-Link or a LinkSys, Routers r a commodit

[Antique Geekmeister]

That's not an OS issue. It's a command interface issue. Much of it is built into bash.

The user interface people writing IOS need to read Eric Raymond's document on user interface, at http://www.catb.org/~esr/writings/cups-horror.html [catb.org]. It applies to closed source interfaces as well.

Re:Thank you for asking my question

[Antique Geekmeister]

What you've actually described is security through obscurity.. Being proprietary does not keep it unpublished. The "proprietary technology" source code and utilities have been repeatedly stolen, published, and republished among the cracker crowd, and the tools they write get released and circulated among the script kiddie crowd eventually. And Cisco has repeatedly engaged in really unfortunate security standards for decades, with a lack of reporting of the incidents for both non-disclosure reeasons, and an unwillingness by corporatations to admit such cracking has occurred.

Moreover, Cisco update procedures and user interfaces and backup procedures are so painful that implementing an upgrade or patch is very risky indeed, and is often left idle long after the cracks are widely published. The result is that the firewall and routers which companies rely on to remain secure with their absolutely pitiful internal security is often easily pierced by anyone remotely competent.

Re:Get a D-Link or a LinkSys, Routers r a commodit

[atamido]

The first post says no such thing. It simply says that IOS has a very antiquated command system, which it does. If IOS were to break backwards compatibility they would have the opportunity to create a much easier to use and much more flexible ways of doing things. It would be really good in the long run, but is not likely to happen because the short term consequences would probably be so painful.

I already have IOS on Unix...

[Slashcrap]

...thanks to Dynamips.

I was going to say that it's only of use for training purposes, and can't be used in the real world. But then I noticed a lot of people in this thread advocating the use of consumer routers, and they probably would put emulated IOS on an old PIII and expect it to route 1Mpps. So knock yourselves out, retards.