Cisco To Develop Third-Party APIs For IOS 129
MT628496 tips a Computerworld article on Cisco's announcement that it plans to build IOS on a UNIX kernel, in modules, and allow third-party developers to access certain parts of it. IOS has traditionally been a closely guarded piece of software without any way for anyone to add functionality. No timetable was given for when APIs will be available. A Forrester analyst said, "...the network is one of the least programmable pieces of the infrastructure. The automation and orchestration market is far more oriented towards servers, storage and desktop environments. The ability to dynamically change the network is a missing component." The article mentions that Juniper Networks had announced on Monday its own developer platform for Juniper routers, and it's available now.
A little confused about this (Score:3, Interesting)
Re: (Score:1)
Most networking equipment these days have a separate "admin" interface from the rest of the "traffic" interfaces. The intent of that is you can secure the "admin" connection and only access admin functions (like APIs) through that.
But as bright as some some Senior Network Engineers (with a string of letters after their name) are, yes, you can count on an increase of vulnerabilities!
Cisco is a late-comer to this game, by the way. Some other (even popular) network vendors are based on unix/linux with a rich
Re: (Score:2)
Nobody ever made a mistake in either software implementation of this kind of access scheme, and nobody ever made a mistake in deploying such a system.
You pretty much nail it on the head, this is going to result in an increase in (scary!) vulnerabilities. If an attacker can take a
Re: (Score:2)
Re: (Score:1)
It will be interesting to see what they do with it. As much as I love IOS, it isn't the most intuitive piece of code in the world so a SDK could make things a little easier. Of course, it could also go no where.
Thank you for asking my question (Score:2)
Re: (Score:3, Insightful)
Re: (Score:2)
Re: (Score:2)
A few years ago, someone leaked portions of Cisco IOS source code [com.com]. I forget if this ended up being a hoax.
Hmmm.... a Unix based kernel? (Score:3, Interesting)
Re: (Score:2, Insightful)
Re: (Score:2)
Re: (Score:2)
I can't see cisco policy changing.. they'll use a proper embedded OS or simply open IOS to certain plugins without changing the OS at all.
Re: (Score:2)
A quick search revealed this article: http://www.linuxdevices.com/news/NS4729641740.html [linuxdevices.com]
Re: (Score:1)
Re: (Score:3, Interesting)
Re: (Score:2)
Speaking as a Cisco engineer... (Score:3, Informative)
Re: (Score:3, Interesting)
http://www.freebsd.org/cgi/getmsg.cgi?fetch=0+4570+/usr/local/www/db/text/2007/freebsd-jobs/20071209.freebsd-jobs [freebsd.org]
Re: (Score:2)
Their current version of call manager runs on linux
Their old IDS boxes ran on linux
The current series of ASA boxes run on linux
And a lot more too i would imagine.
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Just because their IOS binary images are tar'd up, does not imply automatically that anything they make is necessarily Unix-based. Hell, technically I could tar up all of C:\WINDOWS, and at the end of the day that file has nothing to do with the GPL, or being Unix based, or whatever
More like... (Score:2)
When Company A announces they've done something already- and Company B announces they will, that's more like the "Company-B-caught-with-pants-down-and-family-jewels-showing department."
Cisco's response is laughably cliche...
Re: (Score:2)
I have done that for a living for nearly 10 years now and frankly it is trivial (at least for Cisco). There is _NO_ rocket science in it. It takes a couple of weeks tops for someone who is good in both software development and network engineering to write one. There is no need for an extra API. The techniques on how to deal with IOS are well known.
The problem is elsewhere. The problem is "what to orchestrate?". Data modelling a netw
Long Time Coming (Score:1)
Re: (Score:2)
Re: (Score:1)
It is fun watching these two companies go head to head.
Enron Broadband tried to work with CIsco on this (Score:2)
Think of a Tibco like messaging layer allowing automatic provisioning of more or less bandwidth between carriers throughout the day as companies need it (for real time communications or nightly data warehouse creations.... Whatever).
10 years later it actually gets implemented.
Interesting, but... (Score:2, Interesting)
Re:Interesting, but... (Score:4, Funny)
Re: (Score:2)
Clearly not *that* closely guarded..
Re: (Score:2)
Re: (Score:2)
When I interviewed there they showed me the emulation farm they use to test IOS. It's no secret.
They emulate everything from the route processor to the individual network cards/supervisor modules on Solaris and have a team of admins that maintain the test cluster.
This isn't exactly groundbreaking... (Score:1)
Juniper does similar things (though I'm not sure to what extent) with JunOS, and Force10 has a *nix (BSD?) -based modular OS in the works as well. It may even be available now.
Good for Cisco. It's about time they stop playing the "We're C
Re: (Score:2)
Web 2.0 IOS? (Score:3, Funny)
"According to our router's logfile, your port on the switch has been modded down below the switch's current threshold."
router#show int eth0/0
adds by google:
Get a Juniper router today!
Best deals on Cisco routers: www.cisco4less.com
Sid : 5
Traffic Priority : 0
Maximum Sustained Rate : 64000
Maximum Burst : 0
Minimum Reserved Rate : 0
Minimum Packet Size : 0
Maximum Concatenated Burst : 1522
Scheduling Type : Best Effort
Nominal Grant Interval : 0
Tolerated Grant Jitter : 0
Nominal Polling Interval : 0
Tolerated Polling Jitter : 0
Unsolicited Grant Size : 0
Grants per Interval : 0
Request/Transmission Policy : 0x0
IP ToS Overwrite [AND-mask, OR-mask] : 0x0, 0x0
Current Throughput : 0 bits/sec, 0 packets/sec
May be end-of-life open sourcing (Score:2)
Cisco has been running QNX in their high end routers for several years now. They call it "IOS XR", but it's QNX. Classic IOS, unlike QNX, isn't a protected-mode OS. In classic IOS, everything runs in one address space. They need to get beyond that. So maybe this is just opening up classic IOS as an end of life measure.
Re: (Score:1, Insightful)
The QNX used wasn't the operating system "QNX" that most people associate with PC-based embedded systems. It was "Neutrino," a true microkernel with POSIX API's that QNX (the company) started shipping in 1996. This was a completely different and new product from the QNX (operating system) that QNX (the company) had been shipping for many years prior to 1996.
Second, the reason why IOS has run in one (or two) address spaces for so long is easy: think about how you get the fastest p
Re: (Score:2)
of performance through microcode programming - that gets really difficult really quickly.
Other manufacturers were able to chip away at some of Cisco market share and to
create some rather well performing platforms without having to burden themselves
with such extreme low-level programming.
Not to mention Cisco's customers were getting somewhat tired of being
bled dry for upgrades - I remember pricing out RAM
Look! My carburetor is wearing a beautiful dress! (Score:2)
Support Issues (Score:2)
Right now if there's an application problem it is fairly easy to tell where it comes from. You can quite quickly rule out a network problem by checking the basic network traffic works and look at other similar traffic for issues.
However if you move a load of your application logic onto the networking hardware and something starts running slow, unless your app has a lot of benchmarking built in for troubleshooti
I already have IOS on Unix... (Score:3, Insightful)
I was going to say that it's only of use for training purposes, and can't be used in the real world. But then I noticed a lot of people in this thread advocating the use of consumer routers, and they probably would put emulated IOS on an old PIII and expect it to route 1Mpps. So knock yourselves out, retards.
Re:Get a D-Link or a LinkSys, Routers r a commodit (Score:5, Insightful)
That said, this kind of command navigation sucks. You are trapped in a maze of twisty, little prompts, all alike.
The structure of these commands were determined in antiquity, when embedded networking devices were resource starved for storage and memory. That's pretty clearly not the case today.
Screw IOS, its resistance to simple scripting, and its defiance to be committed easily to memory.
Re: (Score:2)
Re: (Score:1)
Re: (Score:2, Insightful)
Re: (Score:2, Interesting)
Fact is, Cisco has been trying to be all things to all people and dominate every sector of the market that involves gear or software beyond the PC for such a long time that they have lost focus in their core business of making routers, where they are accustomed to market domination. Competitors have caught up to the point where anything short of carrier-grade Cisco
Re: (Score:2)
For a while IOS XR was only on the CRS-1, and the edge devices have been regular IOS, with all its disadvantages like the single memory space, total lack of memory protection, l
Re: (Score:2)
I don't know - I wish unix had the command parameter prompting system that the shell in IOS has. It's actually really useful. Not sure what the parameters are for any command? Press the question mark key.
Actually, the prompts change with context. Configuration mode has a different prompt, and within that mode the prompts change with context indicating what you're configuring
That sa
Re:Get a D-Link or a LinkSys, Routers r a commodit (Score:4, Insightful)
The user interface people writing IOS need to read Eric Raymond's document on user interface, at http://www.catb.org/~esr/writings/cups-horror.html [catb.org]. It applies to closed source interfaces as well.
Re: (Score:2)
that the shell in IOS has.
Re: (Score:1)
http://zsh.sourceforge.net/FAQ/zshfaq04.html#l44 [sourceforge.net]
Re: (Score:2)
Re: (Score:1)
What's nice about IOS is unified config; managed from one place (the CLI). Sweeping changes to multiple services can be made in seconds, not minutes, and the changes can be temporary (reversible by reboot), until proper operation is verified.
But also made permanent easily, with no chance of typos in the process of making them permanent. When you're all done and ready to make things permanent, one write mem does that for you, with IOS.
With Linux you may change a kernel option using sysctl, ifconfig,
Re: (Score:1)
Screw IOS, its resistance to simple scripting, and its defiance to be committed easily to memory.
The IOS can only be scripted through a recorded telnet session, which is to say not at tall. The command line is counter intuitive and the commands are difficult to remember.
Personally, I used Linux based routers at work. They are dirt cheap, they perform extremely well, they never crash(except when the cleaning lady unplugs them... But that's another story), and they are infinitely more flexible than a Cisco router.
Re: (Score:2)
Linux as a routing platform is in some ways much worse than IOS unless you use some sort of usable interface on top of it. My home firewall is an Astaro box (linux) which I'm quite happy with but i would never dream of editing firewall rules (or anything else) by hand on it, like w
Re: (Score:1)
Re: (Score:2)
Most of the commends I've read so far slamming IOS appear to be from unexperienced people.
Ever hear of TCL? That's a script language and available right on the router. You want to script command line changes? That's not a very smart thing to do from a change control and configuration control perspective. Experienced engineers don't
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)
Re:Get a D-Link or a LinkSys, Routers r a commodit (Score:2)
Linksys routers have their uses, especially if you flash them over to Linux with DD-WRT, but they only go so far when you have a branch office of 200 people you need to have securely on the main corporate network. A Linksys wouldn't have the horsepower
Re: (Score:3, Insightful)
1) Quality network hardware is expensive. Often frighteningly so.
2) If reliability is even remotely important to you, the expense is easily worth it.
3) Failure to comprehend #2 will almost inevitably cost you your job.
Re:Get a D-Link or a LinkSys, Routers r a commodit (Score:5, Insightful)
People buy those expensive, rackable switches and routers because they want something *reliable* for *serious* use that absolutely requires reliability.
Re: (Score:2)
People buy those expensive, rackable switches and routers because they want something *reliable* for *serious* use that absolutely requires reliability.
It's a matter of the right tool for the right job. If all you're doing is routing a T1, you're certainly not going to be processing 100Mbps. In fact, you'll be routing less than Joe Average might route on his cable connection.
It's hard to say about the reliability, however as long as it's within it's capability, any device with no moving parts can be e
Re: (Score:3, Insightful)
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
This year's goal is to remove all the Thinnet from one plant and move most of an IDF up into the computer room
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Spending money on "server-grade hardware" is not an automati
Re: (Score:2)
Agreed, the OP was way on the other extreme.
In your case, it sounds like there must be some sort of problem there with power or perhaps grounding. I agree that consumer grade switches fail more frequently, but unless you have more switches than computers, one every two weeks is excessive even for cheap switches.
Does anyone have one of these [fiftythree.org] in their dorm?
Re: (Score:2)
Re: (Score:2)
Those cheaper switches often have no protection against connecting two of their ports together with a crossover cable either, that can cause utter chaos.
Re: (Score:2)
That happened on a production network I support (but didn't design...currently redesigning to avoid this problem). A maintenance supervisor accidentally unplugged the switch and then plugged the two ends of the same cable into the switch. Chaos ensued for the day as our entire network came to a standstill.
Re: (Score:2)
I have had exactly the same problem. Given my EE background, my suspicion is that these devices suffer from power supply lo
Re: (Score:1)
Now linux or bsd based or DD-WRTx86 are nice for power users at home.
but yes, for businesses, anyone using anything other than Cisco professional equipment is just plain dumb if they have more than a handful of users.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Try synflooding across 100mb interfaces on a 7200vxr, a lot of cisco kit is based on the same pci-bus design as a pc but with a slower cpu. The NIC will generate an interrupt on the bus for each packet, lots of small packets will saturate the pci bus and take the device down wether it's a cisco 7200 or a pc with 2 nics.
You can improve the situation by using 64bit pci, pcie, pci-x etc but the problem remains it's just got a hi
Re: (Score:1)
Re:Get a D-Link or a LinkSys, Routers r a commodit (Score:1)
Because sometimes you need more than just 10 forwarding rules.
Or because you need to handle VLANs.
It's true they aren't cheap but when you need some advanced features well just go buy the real thing.
Re: (Score:2)
As a test tho, login to a fast box hosted somewhere, and run a syn flooding tool against your home box over the cheap consumer level router. Flood yourself with small packets, and see how many of them actually make it past the router to hit your box.
I managed to receive about 300k of small packets, on an 8mb dsl connection. When hit with small packets, 300k is all the router could manage. The box flooding me was generating more than 8mb of packets, and needless to say
Re:Get a D-Link or a LinkSys, Routers r a commodit (Score:5, Insightful)
Most people do not buy 800 series routers, but if they do, it is typically because of managability and security. When it comes to being able to manage a remote network device and use a central authentication system, Cisco beats the pants off of ANY comsumer grade device.
Once you get to 1800 devices and above (even 1600 and 1700, but they are EOL) you have features that far exceed any consumer device.
Real routing capabilities (RIP, OSPF, EIGRP, ISIS, BRP, etc).
Modular interface cards. You have Modem, ISDN, xDSL, Cable, 56k, DS1, ATM, DS3, SONET, etc.)
QoS. Should be self explanitory
Various security functionality. VPN, tunnles, RADIUS, TACACS+, etc. (I am not a security guy)
Voice Terminate voice, act as a phone system (2800 and 3800) run VXML, etc
These are just the routers. Switches are just as much above the consumer grade as the routers are. QoS, port density, VLANs, true Layer 3, etc.
Both have their place and in some cases, a consumer grade equipment has its place in the corp environment. I have used them many times. T
To say Cisco is a rip-off is pure ignorance. (Do not use the list price to justify yourself either. NO ONE pays list for Cisco gear. As a general rule 35% - 50% is the rule.) Sure Cisco is not the cheapest or the best, but they provide a complete end-to-end solution and everyone knows Cisco. Heck, even Nortel switches and Extreme (I think) made their interfaces to emulate IOS.
Re: (Score:1, Redundant)
Re: (Score:2)
Re: (Score:2)
A layer 3 switch is one that can do IP routing at wire speed, usually by doing the routing in hardware.
Normally switches are layer 2 only and don't understand IP, they just pass stuff based on MAC address. You then need a separate router to do the layer 3 work.
Consumer grade stuff like the wrt54g does support layer 3, otherwise you wouldn't be able to connect to anything. But it uses software routing, not hardware, which is nowhere near as fast.
Re: (Score:2)
As someone pointed out, the consumer grade stuff routes at about 20 Mbits/s although in my experience it is more like 30 Mbits/s. If your needs are below that, then performance is not an issue although reliability for consumer grade network equipment is awful.
Re: (Score:2)
Re: (Score:2)
There could be exceptions. It would not surprise me at all to find that some consumer equipment does not maintain state tables to speed up rule searches causing excessive latenc
Re: (Score:2)
Sure Cisco is not the cheapest or the best, but they provide a complete end-to-end solution and everyone knows Cisco.
That's it in a nutshell, and it's a real shame. Cisco is the new "nobody got fired buying IBM". People are just so scared to try anything else on their networks, and it really holds back competition. Got a budget to build a network? Buy a Cisco, and no one will blame you. If it goes wrong, well hey, you did the industry standard thing- that's just how networks work, right?
Re: (Score:1)
Re: (Score:1)
Re:Get a D-Link or a LinkSys, Routers r a commodit (Score:4, Informative)
Does linksys or d-link support ssh? (I'd really like to know). Does linksys support T1, frame relay, and DS3? What about E1 and E3 support?
If you reflash a Linksys with DD-WRT, it DOES support BGP and ssh. It's going to be fast ethernet only, and no support for automatic failover.
Re: (Score:1, Troll)
And does it support 128MB of RAM? Because you need 128MB RAM for a full Internet BGP feed.
Re: (Score:1)
If the routers are at your site and connect directly to the ISP then you only need a default route on each. You may only have BGP to advertise your own network out to the internet and keep it reachable if the link fails over to the backup ISP.
But then if you are paying thousands each month for a dual homed BGP capable connection you aren't going to worry about saving a few thousand and use a consumer
Re: (Score:2)
Re: (Score:2)