Friday, December 19, 2008

Cisco announces new technique for same ol' proprietary lock-in

This item came to me this morning by way of a Vyatta user. It appears that Cisco will no longer support IPSec termination between the ASA and 3rd party devices. Yes, they'll still support IPSec. But not interoperability.

Cisco has long been the king of non-interoperable, proprietary protocols such as EIGRP, HSRP, Fast Etherchannel, etc. Typically, a standard, alternative protocol ends up being developed that solves similar problems and allows multi-vendor interoperability (OSPF, VRRP, 803.3ad, etc.). And the market typically forces Cisco to implement those standard protocols, though Cisco will always recommend installing the proprietary protocols when it comes to implementation time in order to lock-in customers and force them to pay its prices.

This behavior takes the cake, however. Cisco is essentially saying, "Yea, the product implements a standard VPN protocol, but we won't actually guarantee that or work with you to resolve any problems if you try to use that protocol with a 3rd party product. We'll only support you if you're using that standard protocol between two proprietary Cisco devices." Simply. Staggering. Now you can have all the lock-in of a proprietary protocol when you use a standard protocol. Congratulations, Cisco users.

For fun, let's project a couple of years into the future when this policy takes wider hold at Cisco. These are statements you can expect to hear from the Networking Experts™:

  • "Yes, we implement Ethernet, but we'll only support you when you use it between Cisco devices."
  • "Yes, we implement BGP, but we'll only support you when you use it between Cisco devices."
  • "Yes, we implement the forwarding of IP datagrams, but we'll only support you if those datagrams have not been previously forwarded by a 3rd party product by the time they reach our product."
  • "Yes, we implement SIP for VoIP traffic, but we'll only support you if it originates from a Cisco phone."

At Vyatta, we take interoperability seriously. We're not so arrogant as to think your entire network will only consist of Vyatta products. We'll actually help our products work with others in your network. In short, we're here to serve you, the user. Try Vyatta and enjoy IPSec interoperability with a multitude of other vendors. We can't guarantee that we'll work with every other vendor, but we can guarantee that we'll try, and we can guarantee that we'll work with more than just ourselves.

Update: It looks like Cisco got a bunch of bad press over this and edited its documentation. As adimcev points out in the comments, it now says, "Note: The ASA supports LAN-to-LAN IPsec connections with Cisco peers, and with third-party peers that comply with all relevant standards." That's better. I guess a little public flogging does get results.

Amazingly, Jamey Heary over at Network World's Cisco Subnet Blog carries Cisco's PR water and claims that it's all just a misunderstanding. Jamey writes, "Many of us, myself included, always interpreted the original quote in the way it was intended. So we didn’t ever think twice about it." Really? So where Cisco said, "ASAs support IPsec LAN-to-LAN VPNs with other Cisco peers. Because we adhere to VPN industry standards, ASAs may work with other vendors' peers in LAN-to-LAN VPNs; however, we do not support them," you always interpreted that to mean that they did support them and you claim that's what Cisco always meant? Really? Wow. Evidently, Jamey had access to an advanced English grammar and mind-reading class in school that I didn't.

Thursday, December 11, 2008

Free Software Foundation Files Suit Against Cisco For GPL Violations

Matt Asay, Savio Rodrigues, Matthew Aslett (just today), and I have recently been having a cross-blog discussion about Cisco and open source. If you haven't been following it, here's the summary.

Matt Asay originally kicked off the debate by noting how Cisco is using a lot of open source in its products.

I responded by saying that using open source wasn't really all that interesting as many companies use open source. The reality, I said, was that Cisco was just driving down its costs and pocketing the additional profit, without passing on any benefits to its customers.

Savio responded to my post by suggesting that there is some benefit for customers when a manufacturer is able to use open source to implement a feature and thereby free-up development resources to implement other features that customers are interested in.

I agreed with that point as far as it went but pointed out that nothing Savio said was particularly specific to open source. Whenever a manufacturer chooses to buy pre-implemented technology rather than reinventing the wheel with its own resources, customers experience the same benefit, whether the technology is closed or open source, and regardless of the price paid, which is zero in the case of open source.

Matt Asay then responded to Savio and my posts saying that he was sympathetic to my view but being a believer in the free market hoped that everything was self correcting in the end ("Leechers never prosper" ??).

Matthew Aslett then joined the discussion with two more points. Quoting Matthew:

  1. The first is that, while Dave notes “if you’re complying with the appropriate license terms, I don’t have a problem with that”, if we assume (as Dave does) that Cisco is abiding by its obligations, then he is effectively asking Cisco to go beyond those obligations in passing on “open source benefits” to users.
  2. I wrote recently about the five stages of engagement in open source communities, as described by the Eclipse Foundation. ... It would probably be fair to say that Cisco is currently at stage two (1, USE in the graphic) in this five stage process (”The vendor begins to make use of open source software internally as part of its ongoing research and development process, realizing that it can save money on non-differentiating code and improve interoperability”). ... In my experience companies quite quickly see the benefit of moving from there to contribute to and then champion open source development, which would be likely to deliver the benefits Dave is looking for.

To respond briefly to Matthew right here, I would simply say that I agree with his model and his basic points as far as they go. I agree that as long as you're legally compliant that everything is fine and that anything beyond that is optional. I also agree with the Eclipse model that Matthew describes in his posting (see the graphic) and that Cisco is currently at stage 1, using open source. (Note that I didn't call this "stage 2" as Matthew did because I find it confusing. The graphic labels this stage "1" and stage "0" is really non-use.)

In short, I'm not suggesting that Cisco is "bad" for doing what they are doing. I'm simply suggesting that we shouldn't be holding the company up as a paragon of open source development for being in Stage 1 and simply using the code. LOTS of companies are in Stage 1 these days. Matthew says, "In my experience companies quite quickly see the benefit of moving from there to contribute to and then champion open source development, which would be likely to deliver the benefits Dave is looking for." This is an example of the kind of forward credit that I don't think Cisco deserves. I won't hold my breath that IOS will be open sourced any time soon.

So, to summarize my original objection, I'm not trying to make a value judgment about Cisco's behavior (I'll point out that Savio first used the "leech" term, not me). I'm simply requesting that everybody be accurate in describing Cisco's behavior, and I'm commenting on things that customers are not getting as long as Cisco is just using open source. Whether that's a problem for customers or not is up to them.

Now, my own personal belief is that there are many reasons that customers benefit from open platforms, but as others have pointed out, I work for Vyatta and I'm quite biased that way. Like Matt Asay, I'm a believer in free-markets and I don't believe that open-source is a one-size-fits-all business model for every situation, industry, etc., but I do strongly believe that open source fuels innovation in ways that closed-source can't. Some people don't agree with me and would prefer to buy closed products. That's fine. They have that right.

But all that's a moot point because one of our fundamental assumptions, that Cisco is complying with the terms of the various open source licenses, appears to be in question. Today the FSF filed suit against Cisco for violating the terms of the GPL and LGPL. You can read more about the complaint on the FSF's blog.

Tuesday, December 09, 2008

Answering Savio: "Is Cisco an open source leech?"

Earlier today over at InfoWorld, Savio Rodrigues posted a response to my previous posting about Cisco using open source and pocketing the profits, titled "Is Cisco and open source leech?"

After summarizing my posting, Savio responds with:

I'm inclined to reach a slightly different conclusion.

When WebSphere stopped developing its own HTTP Server and began to use the Apache Web Server, IBM did two things that helped the customer. First, IBM took some of the folks working on IBM's HTTP server and reassigned them to work on other features that have customer value. This clearly helped IBM customers because the new features delivered by the reassigned engineers solved customer pain points. Second, IBM ensured that some of the original HTTP server head count was assigned to work on the Apache project as part of their IBM role. This helped IBM and non-IBM customers alike in building out a more robust product at Apache. IBM has used this approach for many components within IBM products. It seems that Cisco is following step one from the IBM approach.

Okay, so Savio says that there are two ways that Cisco using open source could be delivering some benefits to customers:

  1. They can reassign resources to develop other features.
  2. They could could contribute back to projects.

Savio all-but agrees that they probably aren't doing too much of the second, though that's hard to quantify without going through the change logs of each of the projects they might be using. For the sake of argument, as I said in my original post, let's give them the benefit of the doubt and say that they are doing some amount of contribution. My guess is that whenever they find obvious bugs, they're making fixes and contributing those back. To do otherwise simply means that they have more to maintain in the long run, so it's in their best interests to pass on things that they find.

Now, this response is really aimed at Savio's first point, which I think has some flawed thinking. Saying that having an otherwise closed-source vendor using open source benefits customers because it allows the vendor to develop other features, while true on the face of it, is really unrelated to open source itself. By this definition, doing anything which frees up resources to be allocated to other features delivers the same benefit. This is simply classical build vs. buy decision making. Any well-run engineering team should spend most of its time creating differentiated value rather than reinventing the wheel for no good reason. Thus, when given the choice of building versus buying technology, all things being equal, you should buy it if it's available at a lower price than your expected development cost for the same feature. In the case of open source, Cisco is simply "buying" these features at a cost of $0.

My argument is that customers would never know the difference if Cisco was buying closed-source software components for a price much more than $0. Simply, the savings are not being passed on to customers. That's the fundamental point that Savio still hasn't answered.

Summary: Is Cisco getting an advantage from open source? Yes. It has chosen a "buy strategy" where the cost to purchase technology is $0. Does the "buy strategy" benefit customers? Yes, because resources can be deployed to other features. Are the benefits of the "buy strategy" unique to open source? No, the customer gets roughly the same benefit of additional features whether the code in question is open source or whether Cisco uses closed-source. Does the "buy strategy" benefit customers because Cisco is "buying" open source technology at a cost of $0? No, because that savings really isn't being passed on to customers and they receive no additional, traditional open source benefits.

Sooooo... I stand by my earlier assertion.