Feeds

Cisco’s AON: Jeeves in a router or a box of evils?

Cisco's latest contribution to the networked world

Application security programs and practises

At first glance, Cisco’s AON (Application Oriented Networking) looks like a brilliant idea. Essentially, it proposes to suck all manner of security, administrative, and even business policy functions into its routers and switches. That looks as if it should benefit everyone – especially existing and prospective Cisco customers – and might even grease the wheels for quicker and easier adoption of SOA.

But it’s by no means clear that the rest of us should uncritically welcome “putting intelligence into the network”. One of the main reasons for the Internet’s success has been its profound indifference to the content of the packets it transports. Compromising on the hallowed principle of “dumb pipes” could crack open Pandora’s box – indeed, several boxes.

In Cisco’s words, AON “makes it possible to embed intelligence capabilities into the network”. Obviously this is a gross exaggeration: all it really does is to teach Cisco’s network devices a bunch of new rote tricks. Any intelligence involved must come from the developers, security specialists and sysadmins who write the rules (no doubt with plenty of help from Cisco’s Advanced Services, which will go to boost AON’s gross margins).

At the marketing level, AON really is a work of genius. It presses every hot button, leaves no fashionable acronym unmentioned, and on top of all that it promises to align IT with business, and cut costs, quickly and with little effort. Specifically, it is said to support Web services, SOA, BPM, and EDA, while supercharging BI, BAM, and RFID. It also helps companies to ensure compliance with Sarbanes-Oxley, HIPAA, Gramm-Leach-Bliley, and BASEL II. It’s fast, secure, selective, visible, cheap (well, relatively) – and it slices, dices and rices. What’s not to like?

Of course, the primary beneficiary of AON is meant to be Cisco itself. Despite its boast that “The Cisco name has become synonymous with the Internet”, the San Jose giant’s 85 per cent share of the router market in the late 1990s has dropped to somewhere between half and two thirds, depending on which segments you look at. Rivals like Juniper and Alcatel are winning sales and slicing into Cisco’s dominant position.

So it needs to tap some new markets quickly – preferably glamorous, lucrative ones with high margins. How better to exploit its mighty internet presence than by moving up the stack into higher added-value, higher-margin sales? “You seem to be struggling with those applications and that security, Ms Customer,” it cries. “I just happen to have an army of routers and switches standing around – they will be delighted to help you out for a small consideration”.

The main functions that Cisco sees AON performing are application-specific routing, enforcing security policies, monitoring and filtering messages, and boosting performance through load balancing, cacheing, and compression.

Policies are defined, and custom bladelets and adapters written, using the Windows-based AON Development Studio (ADS), and everything is set up and administered from the Linux-based AON Management Console (AMC). Today there are just two AON network modules, the 2600/2800/3700/3800 Series that slots into routers, and the Catalyst 6500 Series for switches. Each of these has a single processor, a 40MB hard drive, and 512MB or more of RAM, so they are proper little computers in their own right.

The supervisor or route processor in a switch or router transparently redirects packets that meet certain criteria to an AON module, which applies the appropriate policies before forwarding each packet to its destination (which the AON module may change). Clearly, this process introduces extra latency, and there are limits to how many packets can be processed and how long they can be delayed without noticeably degrading QoS.

Apparently, AON modules can and should be deployed everywhere – at remote offices, B2B spokes, on the enterprise edge, and in the enterprise core. Forget “Intel Inside”; this would be “Cisco Everywhere”. The cost savings and performance improvements go almost without saying. That’s progress: today, complex expensive integration software (analogous to a lashed-up prototyping rig); tomorrow smooth, fast, efficient, cheap hardware.

Inevitably, there is a downside to the AON dream. At first glance, three serious issues raise their heads: security, unfair competition, and the potential demise of the internet as a content-neutral medium.

Bridging the IT gap between rising business demands and ageing tools

More from The Register

next story
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
Attack of the clones: Oracle's latest Red Hat Linux lookalike arrives
Oracle's Linux boss says Larry's Linux isn't just for Oracle apps anymore
THUD! WD plonks down SIX TERABYTE 'consumer NAS' fatboy
Now that's a LOT of porn or pirated movies. Or, you know, other consumer stuff
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.