Could Cisco Prime be the first step towards OpenFlow competition?

As it has been clear from my previous post, I have a love/hate relationship with Cisco. I love some of their products and I love working in IOS. There are also things that I hate: Cisco’s management platform and the lack of consistency between product lines; subnet mask vs. wildcard mask being a great example. Another thing I hate, Cisco’s management tools. CiscoWorks is a joke, and in smaller environments, where CiscoWorks would be overkill, companies are left with Cisco Network Assistant(CNA).

<RANT>
I realize that CNA is free, that Cisco doesn’t make any money on it, and that it was never meant for large enterprise. However, if there has ever been a product deserving of a “Beta” tag, I’m not sure what it is. What a piece of junk!
</RANT>

Now Cisco has released Cisco Prime. In all of the articles that I have read, the primary function is listed as “unified access across wired and wireless networks”. Clearly Cisco intends this to be a security solution. However, as you read further, things get a little more interesting. Here are the features as per a Cisco Blog post: http://bit.ly/gWBijM

Centralized Policy. Support any user on any device and provide secure access across the entire network by setting a single set of policies that can be distributed and enforced across the entire network.

Network Management. Unified management via Cisco Prime for wired and wireless networks helps increase IT efficiency, reduce IT training, and decrease time to resolve IT issues by providing a converged service-centric management platform.

Automation for Voice and Video. Ensure consistent high-quality user experience on any end-point. The latest innovations using Cisco Medianet enhancements provide automation and troubleshooting in the network to deliver application quality of experience, particularly video. Plus, organizations can reduce cost and time when resolving application choke points in the network, and scale applications to any endpoint with greater speed and efficiency.

The last two items are what piqued my interest. Unified network management, bandwidth control and shaping for audio and video; aren’t these features discussed when OpenFlow comes up? Is it possible that Cisco has recognized the need to address OpenFlow now, before it gets a stronger foothold in the market?

If I’ve properly read between the lines, and my guesses are accurate, there are a few things to remember. IF, then:

-This product has been rushed to production. I wouldn’t touch it within the first 6-9 months, or until it’s been upgraded at least once.
-Let’s face it, some of Cisco’s best new to market products were bought, not built internally. This was built internally. Enough said.
-Prime’s feature set will explode over the next few years, to make it better compete with the full OpenFlow feature set.
-The next version of IOS, ASA, WCS, etc. will have new hooks for this software to continue it’s feature expansion. Use caution with new versions of code for any devices. New hooks in the software = new security vulnerabilities and new bugs
-We may actually see a great security/network management product from Cisco in the next couple of years!

Openflow, Merchant Silicon, and the end of the reign of King John.

Early this morning, I finally had an opportunity to listen to the latest episode of Packet Pushers Podcast.

In the podcast, the guys discuss Openflow and the impact it could have on the networking industry. One of the points mentioned in the podcast was that Cisco is apparently using merchant silicon in the latest 10GB Nexus switch, the 3000. I was shocked when I heard this, and had to do a little research to verify. Sure enough, it seems that Cisco’s latest Nexus switch is built on Broadcom chipsets. Wow.

Let me say that again…Wow. To recap, here is my favorite Cisco blog post regarding Cisco and merchant silicon by Douglas Gourlay, an ex-Cisco Senior Manager of Product Marketing.

http://blogs.cisco.com/datacenter/on_merchant_silicon_and_mowing_my_yard/

To quote the post:

Do major automobile manufacturers outsource engine design and development to other firms? Of course not, they design and build their engines. Do manufacturers of more consumer goods like lawn mowers outsource their engines? Absolutely, they go to specialized engine manufacturers because the core value of what they offer is either a certain price point, or the value is not tied to the engine. So the question then – is do you want to ride to work or school in a car, or on a lawnmower?

Ok, so if Cisco is using merchant silicon in their Nexus line, it seems to me that the course adjustment that Big John emailed his employees about last week wasn’t the beginning. Maybe John was trying to answer rumors that had already started within Cisco’s ranks. Change was in the air, questions were being asked, and it all had to be addressed.

What would cause such a shift in Cisco? Is it possible that Cisco already realizes that being faster is no longer relevant in an age of Openflow, TRILL, IPV6, etc. etc.? There is no doubt that Cisco has felt the pressure from HP, Juniper, and other vendors. In fact, my current role is in a company that made that jump from Cisco to HP and Juniper when Cisco tried to sell Nexus 7K’s when 4507’s  or 6509’s would have been the better solution. Cisco didn’t just lose a customer here, Cisco made enemies. (I get scowls when I mention Cisco.)

Is it possible that Cisco realizes that the days of huge profit margins on every device it sells are coming to a close? Is it possible that maybe, just maybe, Cisco realizes that it’s not the only game in town?

For years, people bought Cisco for the additional features that Cisco offered. PAGP, ISL, EIGRP, LWAPP were all answers to problems that no one else had addressed. They were good answers at the time, and all led the industry standards by a couple of years. Now, the alternatives 802.1Q, LACP, OSPF, and CAPWAP have replaced those proprietary Cisco protocols. Looking at the environment now, I don’t see any areas where Cisco has a unique answer. Either the networking community has a solution (Openflow, TRILL), or each vendor has their own unique solution to the same problem (Qfabric, Unified Fabric).

Let’s look ahead 3 years. If an engineer has the option of buying products from Cisco which cost a lot more, and must be managed individually, or buying products from a range of vendors that all must compete in a cost effective manner, and all of which support unified management through Openflow, and all of which have the same features, which would he choose?

Two closing thoughts:

Apple is trying to teach the tech world a lesson: specs alone doesn’t make a better product. For Cisco to compete, they have to focus on features that answer real world problems, not imaginary scenarios. IPv6 and TRILL vs. Who really uses an ASA for deep packet inspection on a regular basis?

Cisco is a very big ship, and it will take a long time to turn. Watching from the shore, we have only begun to realize that it is turning, and have no idea where the new heading points.