The market for open source routers

28 Jul , 2006  

This week I’ve been following the Vyatta announcement of their Open Flexible Router, based on the xorp open source software (OSS) IP router. Three things stand out as most interesting about this announcement; the proclamation of an OSS router taking on Cisco, where the market perceives an OSS router is targeted, is an OSS router enough?

Several slashdoters commented but i think Thomas Ptacek at Matasano hits the sentiment pretty clearly. It’s niave to think that an OSS router will bring serious challenge to the core of the network – that’s certainly not going to be it’s entrypoint. If that was the case then xorp, zerba, etc, would have already have done this.

Frankly, an adoption model more closely to other OSS like snort, nessus and mySQL are more likely. Early adopters bringing in OSS “under the wire” because it’s free, and it can be implemented in a limited enough way that few others have to get involved. This would be much more likely to happen at SMBs or at remote sites in somewhat larger networks. Could an OSS router replace OTS network provider equipment? In some situations, sure, as the technology matures. Certainly the cost curve of OTS x86 hardware makes it attractive. I think one of the most important poin to consider here though is where is this technology given it’s maturity most likely to be a fit. Starting at the core is folly. An OSS router is certainly interesting but it’s more than just about routing.


Who will adopt MS NAP?

27 Jul , 2006  

There’s a very interesting social dynamic in the NAC market; who in the organization buys NAC solutions? My experience has been that while the security staff may bring in the vendors its actually the network organization that has the real say. Network has the budget. Network has to implement, and NAC has to go into the infrastructure managed by the network team.

So why the question about the adoption of MS NAP (Microsoft’s solution to NAC)? Another social dynamic is that there is traditionally a great divide between Windows admins and network engineers. The same kind of riff that fuels the Windows and Linux debate (but Windows/Linux is bigger and gets more press.) So my question is where will MS NAP really be successful? Who will likely adopt it first?

It may be counter to popular thinking but I believe NAP’s first inroads (and possibly most successful) could be in the SMB market. Why? In those markets the Windows admins usually are also the network admins. They run the network as well as the Windows infrastructure. There’s no barrier to cross. (One of the reasons Cisco’s CSA/Okeana didn’t light up and win the NAC marketplace for example.) Since NAP is all about using more Microsoft products who better to adopt and roll out NAP than SMBs. SMBs are much more likely to be an all Windows shop. NAP isn’t as likely to butt up against non-Windows access control, VPN, RADIUS or other elements that a network engineer would implement over a Microsoft solution. Of course there are many SMB shops that run Microsoft but use Linux for many network services (DNS, DHCP, firewall, etc.) too.

Will MS NAP break into the enterprise market? Sure, but how much is the question will a heterogeneous infrastructure make NAP difficult to adopt? Microsoft’s software is converging with elements of the network infrastructure and like water it will follow the path of least resistance.


How many firewalls do I need?

27 Jul , 2006  

We all agree that layered security is a good thing. It can be taken too far, sometimes without our knowing it. Take personal firewalls on our desktops and laptops. Various retail security suites from Symantec, McAfee and others offer personal firewalls. Of course Windows XP has embedded within it a more basic personal firewall for some time now and is beefing it up some (controling outbound traffic eminating from the PC) in the upcoming Vista release.

Now anti-virus programs have firewall functions and firewalls have anti-virus capabilities as noted by an understandably confused post on CNET. Shouldn’t one personal firewall be enough?

Computer running slow? You might start checking out what’s really running.



20 Jul , 2006  

Welcome to theConvergingNetwork, the new blog and podcast focused on the convergence of networking and security. Why discuss this topic? The disciplines are blending. The lines of networking and security have certainly begun to blur over the past several years. And it’s increasing at a rapid pace.

Cisco, Juniper, Extreme, HP and many others are frequently making alliances wth or are picking up security companies to add value to their infrastructure products. Microsoft’s security software product offerings and NAP software architecture have a very strong emphasis on improved network security. Nokia and Check Point demonstrated many years ago that delivering a popular firewall on general purpose computing hardware with a BSD operating system opened the addressable firewall market to telco’s, data networking companies and IT organizations. The proliferation of network “appliances” delivered on general purpose hardware have skyrocketed and are commonplace today.

Network security has moved from the perimeter to the interior of the network. Upstart switch manufactures such s Consentry now integrate security processing directly within the switch and mainstream network providers are moving in similar directions. UTM (unified threat management) devices are combo boxes containing multiple security software systems packaged onto an appliance. Even BOBs (branch office boxes) represent a new generation of networking gear for small or remote offices that combine networking and security applications onto a single low-cost appliance.

All of this is changing not only the market dynamics but also how networking and IT organizations select, purchase and implement converged solutions. NAC is a security solution but is it a purchase made by the security organization, network organization, or Microsoft/Linux admin group? It certainly crosses many disciplines and organizational boundaries.

I hope you will join me for some commentary, thought provoking questions, interesting analysis and ideas on the subject of network convergence. I’ll also be asking other industry experts to weigh in with their thoughts and opinions on the subject. And please feel to join in with your thoughts and ideas.