Tuesday, April 22, 2008

News Flash: Your Vyatta system just got cheaper

Here's a great example of the power of Ecosystem Economics™.

Cnet News.com is reporting that Intel just cut the prices of some of its quad-core CPUs by 50%. Obviously, this doesn't translate into a 50% cut in system prices, but isn't it nice to know that you'll be getting more power tomorrow for a lower price?

Obviously, your Cisco system probably won't get any cheaper tomorrow, barring a random pricing action from Cisco. Bummer.

This posting isn't the follow-up article I promised you the other day when we were talking about the Grid of Openness™, but it was a timely highlight of an underlying point: open source + open hardware = Ecosystem Economics™. Ecosystem Economics™ immediately incorporates any pricing action into the whole market and everybody benefits.

Unless your networking vendor is sitting in the upper-right box in the Grid of Openness™, you'll never see benefits from things like this latest move from Intel. I'll try to expand on this point a bit more this week and we'll call it the follow up post I promised last time.

posted by Dave Roberts at 9:05 AM 0 comments

Friday, April 18, 2008

"Open" 'Cause We Say So

So the recent feeding frenzy related to "open" networking devices started me thinking. What, exactly, do we mean by open?

This is one of those times in the market where a bandwagon starts to develop and everybody is hopping on board. Marketers around the networking industry are suddenly rushing around with yellow PostIt™ notes to stick the word "open" onto anything and everything. You half expect commercials such as, "The Global Networking Conglomerate 3000, now with improved 'openness.'" All this labeling of everything open really begs the question of what we mean by openness. And more to the point, what do consumers want "open" to mean? The answer from most of the vendors making announcements lately seems to be, "It's 'open' because we say so."

Over the next few paragraphs, let's examine what "open" could possibly mean, and then we'll try to triangulate the positions of the various companies that have announced "open" products.

It seems to me that there are at least two dimensions for openness: hardware and software. There may be more, but those are certainly the most obvious and having two dimensions makes for a good graph. Along each dimension, there are (at least) four degrees of openness.

For instance, along the hardware dimension a company could have:

  • Proprietary hardware -- This represents the most-closed hardware. Developing for this sort of platform requires an embedded development kit because the architecture is non-standard. Note that proprietary hardware may use standard components, such as x86 CPUs, but because of the way the hardware is designed, it's still an embedded system, not standard.
  • x86 blade -- When proprietary companies want to "open up" the hardware, they often do so by adding an x86 blade to the system. While the "host" hardware system is still very proprietary, the blade uses a more standard PC architecture and may use more standard development tools.
  • x86-based -- In this model, the hardware is completely standard, but is sold as a proprietary system. Many security and traffic management appliances use this model. The vendor buys a white-box PC, adds a branded label to it, and then loads their own software onto the system. While the hardware is completely standard under the hood, there is no suggestion from the vendor that the user is able to swap components or perform system upgrades using standard components.
  • Commodity hardware -- This is the final model. The system uses completely open hardware and the supplier and customer both expect that users will be able to perform system upgrades with components from different vendors. The current x86 server market delivers this kind of hardware today.

Similarly, along the software dimension, the following four models can be seen:

  • Proprietary software -- In this model, the software is completely closed. It's sold only in binary form. Users use the software and there is no ability to develop extensions without acquiring a proprietary license.
  • Country-club API -- In this model, the company opens some APIs that allow external developers to interact with its otherwise-proprietary system in a programmatic way, but the API or SDK must be licensed from the company. Typically, the company tightly controls who is allowed to participate in the program and may charge a multi-thousand-dollar "program fee" to participate. This makes the program as exclusive as a country-club.
  • Open API -- In this model, the API is completely open, with no strings attached in order to get it an use it. A public SDK, posted for free download from a web site would qualify here. The code you're interfacing with would still be closed-source, but at least you could get ahold of the SDK without paying any fees or being "approved." Note that you may still have to buy oodles of proprietary hardware in order to do any development, but at least the SDK is freely available.
  • Open source -- This is obviously the most open. The source code is readily available and there are no fees to develop with the system.

Now, given all these definitions, we can make a chart that describes the landscape graphically:

I've also plotted some of the recent announcements according to how I think they stack up.

  • Vyatta -- Vyatta first launched its product in July 2006. Vyatta has been open source and running on open, commodity hardware since the get-go. Want to download our software? You can do it from the web site. Want to download the source code? We have instructions in plain view. Want to run your Vyatta system on whatever hardware you want? That's fine by us, and we have even published a hardware compatibility list to help you choose something known to work well, but you're free to go off-menu as well.
  • 3Com -- 3Com was early out of the gate, over a year ago (1Q07). 3Com announced an x86 blade for its routers and a country-club API software program, called OSN. OSN has a couple membership different levels, with the lowest level free to join, so it may be that OSN is walking the line between a country-club API and an open API.
  • Juniper -- Next up was Juniper in December 2007 with the PSDP program. The PSDP was a country-club API program delivered on the same proprietary hardware they had shipped previously (no blades required). There are a couple of positions for Juniper on the chart because they have different product lines with different implementation techniques and different capabilities. From what I have read, the PSDP only applies to the high-end service provider routers; the Juniper J-series routers are essentially PCs with a proprietary software load. Juniper does change the connectors and form-factor of the add-in cards so they look proprietary, but they're just standard PCI hardware under the hood. The processor is a stock Intel x86 CPU.
  • Riverbed -- In February 2008, Riverbed started making noise about opening up with its RiOS Services Platform (RSP). Riverbed is a good example of an appliance vendor using stock PC hardware with a proprietary software load. The RSP program puts Riverbed into the country-club API on x86-based hardware category on this chart.
  • Cisco -- Finally, in April 2008, Cisco announced its Application eXtension Platform (AXP) program. This is another good example of a country-club API paired with an x86-based blade to plug into proprietary hardware. Of course, the AXP is only available on the ISR series; the rest of Cisco's product line remains locked up tighter than Fort Knox and finds itself down in the Proprietary/Proprietary category.

This post is already getting pretty long, so I'll cut it off here. The major takeaway of all this is that there are different degrees of "open" that are running about the networking market these days. With everybody using the same word, and being intentionally vague (and sometimes misleading), it's easy to confuse one "open" for another. But they're not created equal. Don't be afraid to ask a vendor why they think they're being particularly open. If you don't like the vague, "'cause we say so" answer you're likely to get initially, don't be afraid to press ahead. At least at Vyatta, we have no trouble answering that question. The other guys...? Well, who knows.

In a follow-on post, we'll discuss the implications of being more open. Are there really differences between an x86-blade with a country-club API versus open source software running on commodity hardware? The short answer is you betcha! See you next time.

posted by Dave Roberts at 10:03 AM 1 comments

Thursday, April 10, 2008

Dumb and Dumber

When you're a big networking company and all your competitors are talking about open networking platforms, you have to do something... fast. Unfortunately, charging oodles of money for a low-performance x86 blade that you can stuff into your router seems to be the typical response. Hang with me for a moment and I'll explain.

Our story starts way back in January 2007 when 3Com announced its Open Services Networking initiative. At the time, 3Com said that it was "opening up" its routers by allowing you to run Linux on an x86-based blade that plugged into its systems. Since that time, 3Com has announced a few partners and applications that have been developed. Back in early 2007, most people yawned. Frankly, this was a pretty obvious innovation in the industry and hey, it was from 3Com, so who cares?

Next, Juniper got into the act when it announced the piss-dip (PSDP) on the first day of Cisco's yearly analyst conference in December 2007? The piss-dip, as you'll recall, is a program to allow a group of country-club ISVs to implement interesting functionality on top of Juniper's products using some nifty APIs. In return for a development fee and some legal paperwork, Juniper sends you a software development kit (SDK) and you're good to go. Notably, Juniper did not announced an overpriced x86-blade for its routers as part of the program. That may be because Juniper already sells overpriced x86-blades (they're called "Routing Engines" to make you feel more comfortable paying that much).

Now, Cisco couldn't take all that laying down. They had to respond. And fast. When asked at the analyst conference, they waved their hands and said, "...someday..." But this was embarrassing. Here we have nearly-dead 3Com and now arch-rival Juniper going where Cisco has never gone, and flaunting it in front of Cisco's not-nearly-skeptical-enough analyst corps. That's not good.

So, enter the Application eXtension Platform (AXP). Basically, Cisco aped 3Com's approach: with the AXP, you can pay wads of money for a low-performance x86-blade that plugs into your Integrated Services Router (ISR).

Let's look at the numbers. 3Com was trying to sell us a 1.4 GHz Pentium M, 1 GB RAM, 80 GB HDD system for over $3000 street price. Now we have Cisco trying to sell us a 1.4 GHz Pentium, 2 GB RAM, 160 GB HDD for over $6000 street (NME-522). Okay, so they did double the RAM and hard disk size. But in today's world, that's worth a grand total of about $79 (per CDW.com, 80 GB ($50) vs. 160 GB ($62) Seagate Barracuda SATA HDD, 1 GB ($77) vs. 2 GB ($144) Crucial PC3200 DRAM). Even at the low end of the three modules that Cisco announced, they're trying to charge $1700 for a 300 MHz Celeron (AIM-102)! Yup, you read that right, MHz, not GHz. Frankly, I didn't realize that you could still buy something that slow from Intel. I think that processor was completely obsolete nearly 10 years ago.

Now, realize that neither of these x86 blades is expandable in any way. If you don't like the performance or RAM or HDD size, you have no options. You can't upgrade them, short of buying a whole new module in Cisco's case. If you already bought the fastest one (NME-522), you're screwed. No expansion slots. No multi-core. No options. Bluntly, you're trapped in Cisco World™ and 3Com World™.

Does anybody else feel like we're watching the movie Dumb and Dumber here?

Of course, for both 3Com and Cisco, you also have to buy the router to plug these underpowered, overpriced x86 blades into. Presumably, you have already made that decision, so the $4000 to $15,000 of sunk cost shouldn't bother you.

At this point, I have to hand it to Juniper: the piss-dip looks pretty good when compared to these options. Juniper at least lets you run piss-dip applications on the Routing Engine you already paid for instead of charging you oodles more for another blade.

The point of this rant is simply that this is what you get from proprietary networking companies. Even when they serve up completely open technologies like Linux running on x86, it's going to be terribly expensive with lock in not far behind.

In contrast, Vyatta runs on standard x86 systems. You can buy those systems with Vyatta software preloaded, directly from Vyatta, or you can buy the hardware from your favorite hardware vendor and your software subscription from us. If you want a hybrid of the two approaches, that's fine with us, too. While Vyatta does mark up the hardware we sell, we try to keep that markup small and appropriate.

Importantly, with Vyatta, you aren't stuck with no options if you want to make a change to the system. Need to run faster? There are oodles of vendors with blazing multi-core systems available today. Want more memory? Fine, you can purchase it from just about anybody. Need a bigger hard drive? No problem. Want to add different applications to your system? It's pretty easy since Vyatta is Debian-compatible. Want to extend or hack the system? The source code is on the Internet and you can download it for free, without any legal paperwork.

The other guys will go on and on about their proprietary hardware. "You just can't do networking on standard x86 systems," they'll say. "You need our sooper-dooper ASICs to run fast, and well, you know how much those cost..."

But the fact is, it simply isn't true. With Vyatta and an IBM x3550 quad-core server, available for about $4000 or so, you can whip a $35,000 Cisco 7204/G2. With Vyatta and a $1000 Dell PowerEdge 860, you can demolish a Cisco 2821 ISR. Check out Vyatta's 3rd party testing if you don't believe me.

Once you're done doing that, you can use all those MIPS to run whatever applications you want, including many of the sorts of things that Cisco and 3Com would charge you for (remember that the x86 blades are just the hardware--you still have to buy applications from other vendors).

At the end of the day, the key point here is that the other guys charge you a lot of money to open up a closed system. And when you pay that money, you still find yourself stuck in an alternative reality called Cisco World™, Juniper World™ or 3Com World™.

Is that "open?" Not in the Real World™

Update: Okay, a commenter pointed out that I pulled the wrong prices for the Cisco AXP modules. I had incorrectly used the WAAS version of the NME-522. Apologies for that. It's the same hardware, but a different software load, and therefore a different price. Looks like list on the AXP version of the NME-522 is about $3500. More than 3Com, but reasonable given the doubling of memory and disk capacity. That said, I still stick with my main point that this is an expensive, underpowered PC with no flexibility, and that's after you purchase the router to plug it into. Rather than titling this post "Dumb and Dumber," maybe I'll have to change it to "Dumb and Dumb."

posted by Dave Roberts at 3:14 PM 8 comments

Tuesday, April 01, 2008

Kernel.org to be upgraded to FreeBSD 7.0

Such is the word...

Wow, whoda thunk it?

Some of the comments back pointed out other documents worth reading today, just for historical perspective. Some of my favorite RFCs include:

  1. RFC 748
  2. RFC 1149
  3. RFC 1606
  4. RFC 1924
  5. RFC 2550
  6. RFC 2795
  7. RFC 3093
  8. RFC 3514

I particularly like the last two as related to Vyatta's firewall implementation. We have had numerous requests for RFC 3514 support and are slotting it into a future release.

You can find a more complete list of interesting RFCs on Wikipedia.

Gotcha...

posted by Dave Roberts at 9:54 AM 0 comments