Feeds

Cisco’s AON: Jeeves in a router or a box of evils?

Cisco's latest contribution to the networked world

Internet Security Threat Report 2014

At first glance, Cisco’s AON (Application Oriented Networking) looks like a brilliant idea. Essentially, it proposes to suck all manner of security, administrative, and even business policy functions into its routers and switches. That looks as if it should benefit everyone – especially existing and prospective Cisco customers – and might even grease the wheels for quicker and easier adoption of SOA.

But it’s by no means clear that the rest of us should uncritically welcome “putting intelligence into the network”. One of the main reasons for the Internet’s success has been its profound indifference to the content of the packets it transports. Compromising on the hallowed principle of “dumb pipes” could crack open Pandora’s box – indeed, several boxes.

In Cisco’s words, AON “makes it possible to embed intelligence capabilities into the network”. Obviously this is a gross exaggeration: all it really does is to teach Cisco’s network devices a bunch of new rote tricks. Any intelligence involved must come from the developers, security specialists and sysadmins who write the rules (no doubt with plenty of help from Cisco’s Advanced Services, which will go to boost AON’s gross margins).

At the marketing level, AON really is a work of genius. It presses every hot button, leaves no fashionable acronym unmentioned, and on top of all that it promises to align IT with business, and cut costs, quickly and with little effort. Specifically, it is said to support Web services, SOA, BPM, and EDA, while supercharging BI, BAM, and RFID. It also helps companies to ensure compliance with Sarbanes-Oxley, HIPAA, Gramm-Leach-Bliley, and BASEL II. It’s fast, secure, selective, visible, cheap (well, relatively) – and it slices, dices and rices. What’s not to like?

Of course, the primary beneficiary of AON is meant to be Cisco itself. Despite its boast that “The Cisco name has become synonymous with the Internet”, the San Jose giant’s 85 per cent share of the router market in the late 1990s has dropped to somewhere between half and two thirds, depending on which segments you look at. Rivals like Juniper and Alcatel are winning sales and slicing into Cisco’s dominant position.

So it needs to tap some new markets quickly – preferably glamorous, lucrative ones with high margins. How better to exploit its mighty internet presence than by moving up the stack into higher added-value, higher-margin sales? “You seem to be struggling with those applications and that security, Ms Customer,” it cries. “I just happen to have an army of routers and switches standing around – they will be delighted to help you out for a small consideration”.

The main functions that Cisco sees AON performing are application-specific routing, enforcing security policies, monitoring and filtering messages, and boosting performance through load balancing, cacheing, and compression.

Policies are defined, and custom bladelets and adapters written, using the Windows-based AON Development Studio (ADS), and everything is set up and administered from the Linux-based AON Management Console (AMC). Today there are just two AON network modules, the 2600/2800/3700/3800 Series that slots into routers, and the Catalyst 6500 Series for switches. Each of these has a single processor, a 40MB hard drive, and 512MB or more of RAM, so they are proper little computers in their own right.

The supervisor or route processor in a switch or router transparently redirects packets that meet certain criteria to an AON module, which applies the appropriate policies before forwarding each packet to its destination (which the AON module may change). Clearly, this process introduces extra latency, and there are limits to how many packets can be processed and how long they can be delayed without noticeably degrading QoS.

Apparently, AON modules can and should be deployed everywhere – at remote offices, B2B spokes, on the enterprise edge, and in the enterprise core. Forget “Intel Inside”; this would be “Cisco Everywhere”. The cost savings and performance improvements go almost without saying. That’s progress: today, complex expensive integration software (analogous to a lashed-up prototyping rig); tomorrow smooth, fast, efficient, cheap hardware.

Inevitably, there is a downside to the AON dream. At first glance, three serious issues raise their heads: security, unfair competition, and the potential demise of the internet as a content-neutral medium.

Internet Security Threat Report 2014

More from The Register

next story
Docker's app containers are coming to Windows Server, says Microsoft
MS chases app deployment speeds already enjoyed by Linux devs
IBM storage revenues sink: 'We are disappointed,' says CEO
Time to put the storage biz up for sale?
'Hmm, why CAN'T I run a water pipe through that rack of media servers?'
Leaving Las Vegas for Armenia kludging and Dubai dune bashing
'Urika': Cray unveils new 1,500-core big data crunching monster
6TB of DRAM, 38TB of SSD flash and 120TB of disk storage
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
SDI wars: WTF is software defined infrastructure?
This time we play for ALL the marbles
Windows 10: Forget Cloudobile, put Security and Privacy First
But - dammit - It would be insane to say 'don't collect, because NSA'
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.