Microsoft revealed details of their vision for the future of datacenter architecture for cloud computing. I wrote a short piece for GigaOm here on the topic.

A few years back before I was a venture capitalist I used to hang around in data centers across the globe. One of my favorite locations to visit was Amsterdam because there were data centers close to both the free-spirited and bohemian city and Schipol Airport (which I was was told is literally pronounced "ship-hole" because the airport is on the site of a buried ship - please tell me if I've come to believe some urban myth here :). That is why this blog post by Peter Judge brought back some good memories - and highlighted another Vyatta success story.

I wrote a post today for GigaOm on a potential next generation metropolitan data center solution. It was a fun post to write and I even got to mention The Jerry Springer Show. You can read the full post here.

So I just got done writing a rebuttal to Matt Asay's article, Cisco: All the open source that's fit to ship.

This is a follow-up, because there is one implication of Matt's article that Matt suggested, but sort of slipped through the cracks. You see, with one side of its mouth, Cisco suggests that only its proprietary IOS is capable of running today's modern networks. Only IOS and ASIC-powered Cisco hardware, you see, have the stability, reliability, and performance required in today's demanding networking environment.

I dealt with the ASIC lie a few months ago. As for the software lie, the fact that Cisco is using so much open source in its ASA and PIX products reveals it. If you're using Cisco products today, you're already using gobs of open source software. You just don't know it because it's rolled into an otherwise proprietary offering and branded "IOS." And you're overpaying for it, as I said in the previous posting. But the fact is, nobody, least of all Cisco, can claim that open source isn't good for networking. It's so good that Cisco stuffed at least 45 open source packages into the ASA/PIX families. If it didn't work, all those proprietary products shouldn't work either.

Fortunately, with Vyatta you can get all that yummy, open source goodness, with a fully open, extensible software system, utilizing low-cost commodity hardware, for a price that will make you a hero during the coming recession.

I like Matt Asay. I have interacted with him for a couple years on the Open Source Business Conference (OSBC), having Vyatta speak at a couple of sessions. Matt's a really intelligent guy, a great writer, and a big open-source advocate. So... it's with great sadness that I'm going to have to take Matt to task in this posting.

Back in October, Matt posted this to his C|net blog: Cisco: All the open source that's fit to ship.

Says Matt:

If you were to rate the companies that use the most open-source software in their products, who would be top of your list? Red Hat, given that it's a pure-play open-source company? IBM, given its massive investments in Linux and Apache?

Or how about Cisco, with this impressive list of open-source licenses used for software embedded in Cisco's security appliances?

In this posting, Matt highlights that Cisco is using an enormous number of open source projects to create its products. He references this list of licenses from the ASA and PIX product lines to bolster his point.

Clearly, this is a long list of licenses, about 45 by my count. That means that Cisco must be using at least 45 open source packages to build the ASA/PIX appliances, because the list only references licenses and a license could be used to cover more than one package (say the GPL covering tens of packages, for instance).

Here's the problem with Matt's analysis: it focuses on usage. Sure, Cisco is using open source. I would ask, "Who isn't?" Honestly, in the networking industry, I can't think of a single company that isn't using open source of some sort. Junos is based on FreeBSD, for instance, Fortinet uses Linux, Extreme uses Linux, etc. In fact, even before Linux got to be the hot thing, many companies were using some amount of open source in the form of something like BSD's networking stack. So, honestly, there is nothing new here.

The fact that Cisco, or anybody, uses open source as an ingredient technology isn't surprising. It's a great way to reduce costs. The question is, do you, the user get any benefit from it? If not, then do you really care whether some of the ingredient technologies in an otherwise proprietary product are open source?

Now, I don't want anybody to think that I'm bashing companies that make proprietary products using open source technologies. If you're complying with the appropriate license terms, I don't have a problem with that. Let me be clear that I think there are some good reasons for being more open, but if you're complying with the terms, I'm cool.

My objection is Matt's suggestion that somehow Cisco, or anybody, simply using open source is in any way interesting in itself. Matt will point out that he says, "When did Cisco become an open-source company? Hint: it didn't." The next sentence then goes on to say, "It has just allowed more and more open-source software to pervade its products, making open source business-as-usual for Cisco (and its wide range of customers)."

There are two ways to read that sentence. One is that Cisco is somehow being good with open source and it's becoming part of its business practices. Another, more cynical view, is that Cisco is going about its business making closed, proprietary systems but doing so using open source "raw materials." I think Matt meant the first interpretation, but all I see is the second.

Specific questions I would ask myself about any company "using" open source:

1. Did the company in question pass on the costs saved in development to me?
2. Is the majority of the code open to me for modification if I want to, or is the open source wrapped up in so much proprietary code that it really isn't standalone. In other words, it's great that a company would use something like Apache as the web server in its products, but just getting the source code to Apache isn't really interesting if the rest of the code in the product is otherwise closed.
3. Can I fix bugs in the code myself?
4. Will the company take back contributions from me so that I don't have to keep fixing bugs in the code myself?
5. Does the company contribute back in the form of patches, marketing, documentation, etc?

If the answer is "No" to most of those, then I think you have a proprietary product wrapping itself in the flag of open source for PR/marketing reasons. In this particular case, I think it's safe to say that Cisco's use of open source results in a negative answer to most, if not all of those questions (maybe Cisco is contributing back to the projects they are using; I honestly haven't browsed the version control system logs for any of them). Indeed, we have covered before the fact that Cisco has a gross margin of 64%, one of the highest in the tech industry.

In the leading paragraphs of his article, Matt compares Cisco with Red Hat and IBM, and I think that's giving Cisco way too much credit. Red Hat is clearly a good open source citizen. IBM, while it still retains a large number of proprietary products, has found its stride promoting its proprietary technologies at the same time being a huge benefactor to open source. Both of these companies answer "yes" to most of the questions above (at least for specific products in the case of IBM).

Including Cisco in that same category does a disservice to those other companies.

Ben King from Net That Works has a nice write up of a Vyatta deployment he did in Amsterdam, complete with photos. Big BGP, firewalling, and "routing on a stick" were key features of the deployment.

The conclusion:

Although this is not anything like the biggest Vyatta deployment we have done, I like it because it demonstrates how using HP and Vyatta you can very effectively deliver a relatively complex redundent solution for a fraction of the equivelent Cisco price.

I've continued to be busy writing for GigaOm.... Here is a post on why I think now is the time for startups to take VC money. I've also done a post on the very real possibility that Cisco will buy EMC and on the enterprise migration to cloud computing with something I am calling the "Cloud Two-Step". Comments and thoughts always welcome!

Well, the last couple of weeks have seen a complete roller-coaster ride for the economy. Like a true roller-coaster, while there may be intermediate ups and downs, the general trajectory is always down. The mortgage crisis here in the USA will be rippling through the global economy for months and years to come. As I write this, the US Congress is debating various bailout packages. While I'll keep my own personal views on the various bailouts private, what is clear is that you can't trust the same people responsible for the whole crisis to fix it well without going immediately partisan and everybody trying to cover their own tails.

The real question going through the head of everybody that I talk to is, "How is this going to affect us?" For most people, the most immediate personal effect is simply diminished portfolio values if they were invested in the stock market (which may include a lot of retirement portfolios in 401(k) retirement accounts). I think the long-term answer is that we're going to see a tightening of the economy very similar to what we saw back in 2002. This means that companies are going to try to hold on to a lot of their cash because it won't be as easy to get even short-term credit when they need it. Even if companies are not directly involved with the whole financial mess, we can expect a round of budget cuts as executives try to provide cushion for ongoing operations while they asses how they are going to be impacted long-term. Ultimately, this means that you the IT manager are going to be forced to perform with less budget.

Fortunately, Vyatta can help you do that. Each month, over 20,000 network managers download Vyatta so that they can take advantage of "Moore's Law Economics" for their network. With Vyatta, they get twice the performance at half the cost or better. In good times or bad, everyday, that's the Vyatta advantage. In these uncertain economic times, however, we wanted to do a bit more.

Yesterday, we announced a "network bailout package" designed to further ease the pain. For the next month and a half, if you buy five Vyatta appliances or software subscriptions, you get the sixth one free. That's an additional 17% off the already low price. With that, you'll get great technology, awesome service, and the good feeling of know that you aren't throwing gobs of money into the pockets of the fat-cat networking companies.

Let me dwell on that for a moment. If you're new to Vyatta, you might not know what we mean by Moore's Law Economics. Last quarter, Cisco announced a gross profit of $6.6B on $10.3B in sales. That's a profit margin of 64%, one of the highest in the IT industry. That means that 64-cents of every dollar you spend with Cisco is gross profit.

In comparison, the gross profit for Dell (a good representative of the x86 ecosystem) in its last quarter was $2.8B on $16.4B in sales, or 17%. Because Dell exists as part of a competitive ecosystem, not a proprietary near-monopoly, it can't price-gouge for its technology the way Cisco can. Further, it has to innovate quickly in order to remain competitive. That dynamic is what we mean by Moore's Law Economics--more innovation, faster, with competitive pricing.

(By the way, don't think you're going to get a better deal from the other proprietary networking companies. Last quarter, Juniper announced a gross profit of $590M on sales of $879M, or 67% gross margin. While Juniper likes to portray itself as a more cost-effective competitor, Juniper has a slightly higher gross margin than Cisco.)

With Vyatta, your network can take advantage of Moore's Law Economics. With Cisco and other proprietary vendors, you're stuck paying whatever they want you to pay, with profit margins that are three to four times as high as the x86 ecosystem. I'd call that an economic crisis. Fortunately, that's easy to fix and Vyatta is here to help. By making a few good choices and taking advantage of Vyatta's comprehensive bailout program, you can keep more money in your pocket for a rainy day. If you're feeling rich after making the switch, maybe you can loan some of that cash to the rest of us.

I found this funny, just because it's fun to goof on Cisco. Certainly nothing of strategic importance, but humorous. Watch those regexs next time, guys.

http://blog.dotsmart.net/2008/09/25/cisco-home-page-fail/

I have been hearing a rumor about Cisco announcing support for VMware virtual machines next week at their VMworld conference. I wrote about this today for Om here - could be a very interesting development in the networking market.

Tristan Rhodes will be presenting to the Salt Lake City LUG about replacing Cisco gear with Vyatta on Sept 17, 2008. If you're interested, more information can be found at: http://blog.mecworks.com/articles/2008/09/11/sept-17-2008-sllug-meeting-using-vyatta-to-replace-cisco-gear/

As service providers look for ways to monetize their pipes and become more than just plumbers who charge by the hour (or byte) it looks like they are seriously considering providing virtualized PCs over broadband in the near future. I wrote about this trend for Om here. Comments always welcome!

It's always fun to see what people are saying about Vyatta out on the web. Most of the time, it's very complimentary, but it typically is discussion of the product or the overall concept of Vyatta itself. We just stumbled on this blog post the other day, and it made me smile.

Marketing is a tough job. The engineers will never admit to it because their job is hard, too, and everybody needs somebody to sneer at. (In marketing, we sneer at the sales guys, but that's another discussion. :-) ). The engineers are somewhat right, however, because most technology marketing sucks. At Vyatta, Tom McCafferty and I have tried for the outset to keep it real and connect with everybody in the community. At the end of the day, we have always believed that Vyatta is a collaboration between our employees and the community. On the communications side, nobody wants to read lots of vacuous marketing copy that drones on and on without saying anything.

When we created our Vyatta corporate newsletter, we had a choice. We could do what most companies do and simply talk at you, or we could try to give you something that would be entertaining and interesting at the same time. Most corporate newsletters are BOH-RING, and they get deleted from everybody's email box without even being opened. So, we went the latter route and tried to keep it real, and fun.

It was fun to see the blog post above recognize that. Tom is the force behind the newsletter every month. He's a rockstar. He took over the text-only monthly email that I had been writing previously and developed a nice HTML format. Each month, he writes the copy, collects all the links, and comes up with the ad concepts. And each month the result is good.

Because of Tom's great work, we are constantly getting compliments about the newsletter. People laugh and send us back responses to something we have included. At trade shows, people are constantly stopping by and saying, "I love the fake ads!" In fact, we get submissions of fake ads or concepts from our customers and community members all the time. And, most importantly, we have an unsubscribe rate to the newsletter that is practically non-existent.

If you haven't signed up for the Vyatta corporate newsletter, you can do so right here. Check it out. Odds are that you'll chuckle every month, you'll get informed about what's happening with Vyatta, and you won't want to unsubscribe. The choice is yours.

We have lots of users who have configured virtualized Vyatta instances using both VMware and Xen. From time to time, we get asked whether Vyatta also runs in Microsoft's Hyper-V. The previous answer was always, "It should, but we haven't actually verified that it does. If you get it working, let us know."

Well, Stefan Stranger just blogged about using Vyatta in Hyper-V and provides a nice set of instructions and screen shots for getting it all up and running. The summary is that it's very straightforward.

So, add Hyper-V to the list of virtualization solutions supported by Vyatta.

Note that the only virtualization solution that we know Vyatta doesn't currently support are "containers"-like systems such as OpenVZ and the commercial products based on that architecture (e.g. Parallels Virtuozzo). OpenVZ uses a completely different, non-hypervisor-based model that requires "awareness" in the Vyatta system kernel. We haven't yet made those kernel mods, so Vyatta yet run on OpenVZ.

My latest post for GigaOm just got picked up and syndicated by BusinessWeek. I guess the term "cloud computing" has made it to the mainstream business press....

Like many of my VC brethren, I've been spending a lot of time thinking about cloud computing. My latest post on this from GigaOm is here. Of course, I predict all clouds will be running Vyatta :)

So Cisco just announced the end-of-sale for the PIX product line. This was not unexpected. Ever since Cisco announced the ASA product family, it was clear that the PIX was on the chopping block. Cisco will stop selling PIX products immediately but will continue to support them through 2013.

Customers who were riding the PIX bandwagon and are now faced with a decision might want to look at Vyatta or other solutions. While the ASA is a reasonable product, Vyatta can deliver far more flexibility over time without the threat of proprietary lock-in prices for upgrades and expansion. Where Cisco charges for each and every add-on, Vyatta includes far more functionality in the base product and has more headroom. Further, hardware expansion is a fraction of what Cisco charges, even when they allow you to expand at all.

Usage-based pricing for the Internet appears to be headed our way and I think this will dramatically change consumer behavior. This could have serious implications for cloud computing and other content-driven business models. I wrote about this for Om here. Comments always welcome!

Earlier this month Intel began messaging to software developers to prepare for compute processors with "thousands of cores." I think the implication of this much compute power on the horizon will have dramatic affects on the development of dedicated ASICs for a wealth of applications. For networking products, like those from Vyatta, the implications are huge - imagine a core (or ten) per process doing VPN termination, encryption, anti-virus analysis, intrusion detection and so on. I wrote a bit about this for Om awhile back - this post might be worth revisiting for a refresher.

I wrote a post today for Gigaom about an interesting technique to help identify data center cooling issues using FLIR thermography. You can read the post here - comments always welcome!

I spent some time talking to some Internet operations friends of mine today and thinking about reliability and uptime measurements. This post on GigaOm was the result. Comments always welcome!

Every so often, Vyatta gets queries from potential users asking about Vyatta technology. One of those came in to our info-line this morning, and it's a frequently-asked-question, so I answered it with a lengthy reply and I'm going to post the question and answer here as well.

Fundamentally, the question is about the special mojo that Cisco must put into its products, right?

I’ve worked with almost all OS’s you can find and most devices as well.

I’ve read the articles on the OpenSource vs. Cisco, and to be honest I’ve known for a while now that most linux/unix os’s with some tweaking can do the same as most Cisco routers/switches.

But I also know that a lot of development not only goes into the os(source) of the devices, but also the device hardware which is specifically developed for routing/switching.

I would like to know will normal proprietary over the counter hardware match up to the Cisco device hardware?

Brandon

Here's my lengthy answer. I might have given Brandon more than he was looking for, but I figured it would pay dividends if I also blogged it.

Brandon,

The answer to your question is complex, but let me take a shot at breaking it down. Apologies for the long response, but there simply isn't a quick answer to your question.

The simple answer is that it depends highly on which market segment you're looking at.

First, let's separate switches and other appliances (routers, firewalls, etc.). All switches are ASIC-based and are definitely tuned to process packets as quickly as possible. On the other hand, they don't really do much processing other than basic forwarding and possibly some queuing for QoS. The ASICs are tuned for the forwarding task but they can't do much else, and there is typically only a small, embedded processor handling the management interface. It's incapable of doing a lot of heavy-lifting. The operating system in a switch has little to nothing to do with its performance because it's just running the management interface. In spite of that, many switches run on a standard operating system. For instance, Extreme Networks switches run Linux. So, to sum this up, you aren't going to terminate a VPN on your switch, but if you want 48-ports of cost-effective, wire-speed Gigabit Ethernet forwarding performance, switches are just the thing.

Now, let's take a look at appliances. Many of the appliances that are out on the market are based on standard operating systems (Linux or FreeBSD) under the hood, and many are implemented using standard PC hardware. For instance, Fortinet UTM boxes, Juniper J-Series routers, and Riverbed WAN optimization boxes are all based on PCs. Fortinet runs Linux under the hood. Juniper's JunOS is based on FreeBSD. Riverbed uses Linux.

Cisco's IOS is based on a custom, embedded OS because Linux didn't exist back when it was first created and the Unix systems of the day were too resource hungry for the cost structure that they wanted to achieve. While Cisco's low-end hardware is not based on PC platforms, it is not based on much specialized hardware. The ISR series uses a chip from SiByte that contains 4x MIPS architecture cores. So even the ISR is really a software-based device. Further, these cores are underpowered today and are not as fast as off-the-shelf processors. If Cisco were to start over, with a clean slate, I think they would probably make completely different architectural choices. In fact, they are moving this direction, slowly. The recently announced Cisco ASR, while it uses custom silicon, runs IOS on Linux. When Juniper had the chance to start from a clean slate, they chose FreeBSD as the foundation for JunOS and used x86 chips as the CPU for all the Juniper route processor modules.

Now, what you say is definitely true in the high-end of the networking market. Cisco's CRS-1 and Juniper's M and T series routers all use ASICs to perform high-speed forwarding. In this sense, they are more like switches. As with switches, they are very fast, but the processing they perform is not very rich. That's okay for where they sit in the network. The core of the Internet needs to be fast; it doesn't need to be terminating VPNs, doing load balancing, or executing IDS code.

Other parts of the network are different (say the branch office, the edge of service provider networks, or in data centers in front of individual applications), which is why you find many of the appliances that sit there running on Linux/BSD on x86 processors.

So, to summarize, switches are definitely ASIC-based and the operating system has nothing to do with their performance. Some switches (Extreme), even run Linux. In the high-end of the routing space (Cisco GSR and CRS-1; Juniper M and T series), the insides are more like a switch than a router. Like a switch, the forwarding is all handled by ASICs. Still, JunOS is based on FreeBSD. Finally, in the mid-range of the appliance market (routers, firewalls, VPNs, load balancers, etc.), many devices are implemented using standard operating systems running on x86. This is the market place that Vyatta is addressing with our products.

Finally, I'd point out that even if it was true that Cisco's ISR family was implemented using special ASICs and secret networking mojo, the results speak for themselves. The fact is, Vyatta has outperformed the Cisco ISR and 7200 with standard Intel processors at a fraction of the cost. If those Cisco products were using ASICs, that evidentally didn't matter very much in the final analysis. All the custom silicon and engineering did was raise the costs to develop those products, costs that were then passed on to customers. You can find those test results in the Tolly reports here: http://www.vyatta.com/documentation/whitepapers.php

Cheers,

-- Dave

So there you have it. The fact is, whether something is ASIC-based or not should be irrelevant to a consumer. The only thing we should care about is the price/performance of a device in our network and whether it can do the job we need it to do. It could be powered by ASICs, general purpose processors running software, or hamsters running on a wheel, as long as it works.

Maybe the ASIC/networking-mojo myth is a mental crutch. If $8000 of server hardware and Vyatta software can outperform a $35,000 Cisco router, where's the secret mojo that you're supposedly paying for? And if it doesn't exist, why should you pay for it? If you're committed to buying overpriced systems, maybe you need to believe there is something magical about them to justify it to yourself.

Network World has a nice story today about a researcher who has created a rootkit for Cisco gear. I bring this to your attention, not because I want to criticize Cisco for having security issues, but rather because so many people think that if they just buy Cisco they are safe from this sort of thing. Nothing could be further from the truth!

The myth goes something like this:

1. Everybody has bugs and therefore has the potential for security flaws.
2. Because my proprietary vendor keeps its source code closed, however, the bad guys can't see that code and are thus hampered in developing exploits.
3. My proprietary vendor keeps me safe by employing a large security team to constantly monitor its own development and fix any flaws that it uncovers.
4. If my proprietary vendor uncovers a security flaw, they will use their vast resources to inform me of that flaw with instructions as to what I should do to deal with the problem.

The first statement in that list is true. The rest are all false. The facts are:

• The bad guys already have Cisco's code. The reality here is that no code of any worth can be kept absolutely private. There are too many people at Cisco who have access to that code to keep it safe for long. Ditto with Juniper, Nortel, or anybody else. The same things have happened in the past to Microsoft. If your network security plan relies on the bad guys not having the code, it is fundamentally flawed.
• It's great to have a security team that is monitoring your own products for flaws, but it's better to have a large community that is monitoring your products for flaws. At a certain level, you have to question the conflict-of-interest of an internal security team. Are they really incentivized to release information about potential exploits? How quickly? If security is in conflict with other internal priorities, what wins? We have seen lots of vendors sit on critical bugs for months after they have been discovered and communicated to them.
• Finally, what happens when flaws are discovered? In Cisco's case, it sued a researcher trying to warn the world of potential security problems. Is your vendor really being forthcoming about issues, or are they trying to silence reasonable, serious discussions about security problems?

I have said it before and I'll say it again: There are two types of companies, those that have security issues and those that are lying. Open source tends to handle the exploits better (not perfectly!) when they occur by providing reliable information rapidly to the people who are in the best position to make use of that information.

Many people believe that security is increased when there is a free flow of information about systems. As the source code thefts make clear, you have to assume that the bad guys have the code. If the bad guys are left to work by themselves in a secret back room, trying to discover remote exploits, they will find them. Your only chance to stay ahead of that is to give the good guys all the information they need to find the exploits first. That can only be done when there is free access to the code.

Is a Cisco rootkit surprising? No, not if you have an accurate view of the world. It's only surprising if you were buying into the myth that your proprietary vendor was immune to that sort of thing. Is a Cisco rootkit necessarily a big problem? Again, no, because if you had an accurate view of the world you always knew something like this could be done and you'd be trying to make sure your systems were secure from the start.

Could somebody develop a Vyatta rootkit? Sure. The difference is that we'll tell you that's a possibility up front and we won't act surprised when it happens. In fact, given that Vyatta is based on Linux and there are many Linux rootkits floating around the ether, it's likely that one could be easily adapted to work with a Vyatta system. That's all the more reason to dispense with any other security myths you may be holding on to and get down to securing your systems.

Very cool - Vyatta is named Startup of the Week by Information Week!

Router-huggers unite, here's a post for you.... :)

Intel enters the 10GigE adapter market in an aggressive way. Look out below - 10 Gig Ethernet is now a commodity. You can read my post on this here.

A pervasive theme at Interop this year is using inexpensive and powerful hardware for networking. Hard for me to argue there! You can read the post over at GigaOm here.

Here's a great example of the power of Ecosystem Economics™.

Cnet News.com is reporting that Intel just cut the prices of some of its quad-core CPUs by 50%. Obviously, this doesn't translate into a 50% cut in system prices, but isn't it nice to know that you'll be getting more power tomorrow for a lower price?

Obviously, your Cisco system probably won't get any cheaper tomorrow, barring a random pricing action from Cisco. Bummer.

This posting isn't the follow-up article I promised you the other day when we were talking about the Grid of Openness™;, but it was a timely highlight of an underlying point: open source + open hardware = Ecosystem Economics™. Ecosystem Economics™ immediately incorporates any pricing action into the whole market and everybody benefits.

Unless your networking vendor is sitting in the upper-right box in the Grid of Openness™, you'll never see benefits from things like this latest move from Intel. I'll try to expand on this point a bit more this week and we'll call it the follow up post I promised last time.

So the recent feeding frenzy related to "open" networking devices started me thinking. What, exactly, do we mean by open?

This is one of those times in the market where a bandwagon starts to develop and everybody is hopping on board. Marketers around the networking industry are suddenly rushing around with yellow PostIt™ notes to stick the word "open" onto anything and everything. You half expect commercials such as, "The Global Networking Conglomerate 3000, now with improved 'openness.'" All this labeling of everything open really begs the question of what we mean by openness. And more to the point, what do consumers want "open" to mean? The answer from most of the vendors making announcements lately seems to be, "It's 'open' because we say so."

Over the next few paragraphs, let's examine what "open" could possibly mean, and then we'll try to triangulate the positions of the various companies that have announced "open" products.

It seems to me that there are at least two dimensions for openness: hardware and software. There may be more, but those are certainly the most obvious and having two dimensions makes for a good graph. Along each dimension, there are (at least) four degrees of openness.

For instance, along the hardware dimension a company could have:

• Proprietary hardware -- This represents the most-closed hardware. Developing for this sort of platform requires an embedded development kit because the architecture is non-standard. Note that proprietary hardware may use standard components, such as x86 CPUs, but because of the way the hardware is designed, it's still an embedded system, not standard.
• x86 blade -- When proprietary companies want to "open up" the hardware, they often do so by adding an x86 blade to the system. While the "host" hardware system is still very proprietary, the blade uses a more standard PC architecture and may use more standard development tools.
• x86-based -- In this model, the hardware is completely standard, but is sold as a proprietary system. Many security and traffic management appliances use this model. The vendor buys a white-box PC, adds a branded label to it, and then loads their own software onto the system. While the hardware is completely standard under the hood, there is no suggestion from the vendor that the user is able to swap components or perform system upgrades using standard components.
• Commodity hardware -- This is the final model. The system uses completely open hardware and the supplier and customer both expect that users will be able to perform system upgrades with components from different vendors. The current x86 server market delivers this kind of hardware today.

Similarly, along the software dimension, the following four models can be seen:

• Proprietary software -- In this model, the software is completely closed. It's sold only in binary form. Users use the software and there is no ability to develop extensions without acquiring a proprietary license.
• Country-club API -- In this model, the company opens some APIs that allow external developers to interact with its otherwise-proprietary system in a programmatic way, but the API or SDK must be licensed from the company. Typically, the company tightly controls who is allowed to participate in the program and may charge a multi-thousand-dollar "program fee" to participate. This makes the program as exclusive as a country-club.
• Open API -- In this model, the API is completely open, with no strings attached in order to get it an use it. A public SDK, posted for free download from a web site would qualify here. The code you're interfacing with would still be closed-source, but at least you could get ahold of the SDK without paying any fees or being "approved." Note that you may still have to buy oodles of proprietary hardware in order to do any development, but at least the SDK is freely available.
• Open source -- This is obviously the most open. The source code is readily available and there are no fees to develop with the system.

Now, given all these definitions, we can make a chart that describes the landscape graphically:

I've also plotted some of the recent announcements according to how I think they stack up.

• Vyatta -- Vyatta first launched its product in July 2006. Vyatta has been open source and running on open, commodity hardware since the get-go. Want to download our software? You can do it from the web site. Want to download the source code? We have instructions in plain view. Want to run your Vyatta system on whatever hardware you want? That's fine by us, and we have even published a hardware compatibility list to help you choose something known to work well, but you're free to go off-menu as well.
• 3Com -- 3Com was early out of the gate, over a year ago (1Q07). 3Com announced an x86 blade for its routers and a country-club API software program, called OSN. OSN has a couple membership different levels, with the lowest level free to join, so it may be that OSN is walking the line between a country-club API and an open API.
• Juniper -- Next up was Juniper in December 2007 with the PSDP program. The PSDP was a country-club API program delivered on the same proprietary hardware they had shipped previously (no blades required). There are a couple of positions for Juniper on the chart because they have different product lines with different implementation techniques and different capabilities. From what I have read, the PSDP only applies to the high-end service provider routers; the Juniper J-series routers are essentially PCs with a proprietary software load. Juniper does change the connectors and form-factor of the add-in cards so they look proprietary, but they're just standard PCI hardware under the hood. The processor is a stock Intel x86 CPU.
• Riverbed -- In February 2008, Riverbed started making noise about opening up with its RiOS Services Platform (RSP). Riverbed is a good example of an appliance vendor using stock PC hardware with a proprietary software load. The RSP program puts Riverbed into the country-club API on x86-based hardware category on this chart.
• Cisco -- Finally, in April 2008, Cisco announced its Application eXtension Platform (AXP) program. This is another good example of a country-club API paired with an x86-based blade to plug into proprietary hardware. Of course, the AXP is only available on the ISR series; the rest of Cisco's product line remains locked up tighter than Fort Knox and finds itself down in the Proprietary/Proprietary category.

This post is already getting pretty long, so I'll cut it off here. The major takeaway of all this is that there are different degrees of "open" that are running about the networking market these days. With everybody using the same word, and being intentionally vague (and sometimes misleading), it's easy to confuse one "open" for another. But they're not created equal. Don't be afraid to ask a vendor why they think they're being particularly open. If you don't like the vague, "'cause we say so" answer you're likely to get initially, don't be afraid to press ahead. At least at Vyatta, we have no trouble answering that question. The other guys...? Well, who knows.

In a follow-on post, we'll discuss the implications of being more open. Are there really differences between an x86-blade with a country-club API versus open source software running on commodity hardware? The short answer is you betcha! See you next time.

Is it time for a virtualization engineer? Here are my thoughts on this topic, posted over at GigaOm.

Interesting news from Ostatic that Argentina may be the first country to regulate that all government offices use open source. For those that know me well, you know that my godson is from Buenos Aires and that I've spent my fair share of time crossing 9 de Julio. I have lots of good memories of BA and this news just reaffirms my desire to spend more time in this great country eating milanesas and alfajores de Havanna.

When you're a big networking company and all your competitors are talking about open networking platforms, you have to do something... fast. Unfortunately, charging oodles of money for a low-performance x86 blade that you can stuff into your router seems to be the typical response. Hang with me for a moment and I'll explain.

Our story starts way back in January 2007 when 3Com announced its Open Services Networking initiative. At the time, 3Com said that it was "opening up" its routers by allowing you to run Linux on an x86-based blade that plugged into its systems. Since that time, 3Com has announced a few partners and applications that have been developed. Back in early 2007, most people yawned. Frankly, this was a pretty obvious innovation in the industry and hey, it was from 3Com, so who cares?

Next, Juniper got into the act when it announced the piss-dip (PSDP) on the first day of Cisco's yearly analyst conference in December 2007? The piss-dip, as you'll recall, is a program to allow a group of country-club ISVs to implement interesting functionality on top of Juniper's products using some nifty APIs. In return for a development fee and some legal paperwork, Juniper sends you a software development kit (SDK) and you're good to go. Notably, Juniper did not announced an overpriced x86-blade for its routers as part of the program. That may be because Juniper already sells overpriced x86-blades (they're called "Routing Engines" to make you feel more comfortable paying that much).

Now, Cisco couldn't take all that laying down. They had to respond. And fast. When asked at the analyst conference, they waved their hands and said, "...someday..." But this was embarrassing. Here we have nearly-dead 3Com and now arch-rival Juniper going where Cisco has never gone, and flaunting it in front of Cisco's not-nearly-skeptical-enough analyst corps. That's not good.

So, enter the Application eXtension Platform (AXP). Basically, Cisco aped 3Com's approach: with the AXP, you can pay wads of money for a low-performance x86-blade that plugs into your Integrated Services Router (ISR).

Let's look at the numbers. 3Com was trying to sell us a 1.4 GHz Pentium M, 1 GB RAM, 80 GB HDD system for over $3000 street price. Now we have Cisco trying to sell us a 1.4 GHz Pentium, 2 GB RAM, 160 GB HDD for over $6000 street (NME-522). Okay, so they did double the RAM and hard disk size. But in today's world, that's worth a grand total of about $79 (per CDW.com, 80 GB ($50) vs. 160 GB ($62) Seagate Barracuda SATA HDD, 1 GB ($77) vs. 2 GB ($144) Crucial PC3200 DRAM). Even at the low end of the three modules that Cisco announced, they're trying to charge $1700 for a 300 MHz Celeron (AIM-102)! Yup, you read that right, MHz, not GHz. Frankly, I didn't realize that you could still buy something that slow from Intel. I think that processor was completely obsolete nearly 10 years ago.

Now, realize that neither of these x86 blades is expandable in any way. If you don't like the performance or RAM or HDD size, you have no options. You can't upgrade them, short of buying a whole new module in Cisco's case. If you already bought the fastest one (NME-522), you're screwed. No expansion slots. No multi-core. No options. Bluntly, you're trapped in Cisco World™ and 3Com World™.

Does anybody else feel like we're watching the movie Dumb and Dumber here?

Of course, for both 3Com and Cisco, you also have to buy the router to plug these underpowered, overpriced x86 blades into. Presumably, you have already made that decision, so the $4000 to $15,000 of sunk cost shouldn't bother you.

At this point, I have to hand it to Juniper: the piss-dip looks pretty good when compared to these options. Juniper at least lets you run piss-dip applications on the Routing Engine you already paid for instead of charging you oodles more for another blade.

The point of this rant is simply that this is what you get from proprietary networking companies. Even when they serve up completely open technologies like Linux running on x86, it's going to be terribly expensive with lock in not far behind.

In contrast, Vyatta runs on standard x86 systems. You can buy those systems with Vyatta software preloaded, directly from Vyatta, or you can buy the hardware from your favorite hardware vendor and your software subscription from us. If you want a hybrid of the two approaches, that's fine with us, too. While Vyatta does mark up the hardware we sell, we try to keep that markup small and appropriate.

Importantly, with Vyatta, you aren't stuck with no options if you want to make a change to the system. Need to run faster? There are oodles of vendors with blazing multi-core systems available today. Want more memory? Fine, you can purchase it from just about anybody. Need a bigger hard drive? No problem. Want to add different applications to your system? It's pretty easy since Vyatta is Debian-compatible. Want to extend or hack the system? The source code is on the Internet and you can download it for free, without any legal paperwork.

The other guys will go on and on about their proprietary hardware. "You just can't do networking on standard x86 systems," they'll say. "You need our sooper-dooper ASICs to run fast, and well, you know how much those cost..."

But the fact is, it simply isn't true. With Vyatta and an IBM x3550 quad-core server, available for about $4000 or so, you can whip a $35,000 Cisco 7204/G2. With Vyatta and a $1000 Dell PowerEdge 860, you can demolish a Cisco 2821 ISR. Check out Vyatta's 3rd party testing if you don't believe me.

Once you're done doing that, you can use all those MIPS to run whatever applications you want, including many of the sorts of things that Cisco and 3Com would charge you for (remember that the x86 blades are just the hardware--you still have to buy applications from other vendors).

At the end of the day, the key point here is that the other guys charge you a lot of money to open up a closed system. And when you pay that money, you still find yourself stuck in an alternative reality called Cisco World™, Juniper World™ or 3Com World™.

Is that "open?" Not in the Real World™

Update: Okay, a commenter pointed out that I pulled the wrong prices for the Cisco AXP modules. I had incorrectly used the WAAS version of the NME-522. Apologies for that. It's the same hardware, but a different software load, and therefore a different price. Looks like list on the AXP version of the NME-522 is about $3500. More than 3Com, but reasonable given the doubling of memory and disk capacity. That said, I still stick with my main point that this is an expensive, underpowered PC with no flexibility, and that's after you purchase the router to plug it into. Rather than titling this post "Dumb and Dumber," maybe I'll have to change it to "Dumb and Dumb."

Nothing gets me revved up faster than a double shot of espresso than more the stupidity of the music business. You can read my latest rant on this topic over at GigaOm. You really don't want to see me after the espresso :)

Such is the word...

Wow, whoda thunk it?

Some of the comments back pointed out other documents worth reading today, just for historical perspective. Some of my favorite RFCs include:

1. RFC 748
2. RFC 1149
3. RFC 1606
4. RFC 1924
5. RFC 2550
6. RFC 2795
7. RFC 3093
8. RFC 3514

I particularly like the last two as related to Vyatta's firewall implementation. We have had numerous requests for RFC 3514 support and are slotting it into a future release.

You can find a more complete list of interesting RFCs on Wikipedia.

Gotcha...

Kelly Herrell is famous for some great quotes around the workplace. I took one of these and turned it into a blog post on ostatic that you can read here.

I wrote a blog post this week on the possibility of Cisco moving into the enterprise data center by offering blade servers for their new Nexus 7000 switch. I think this move is inevitable given that Cisco, IBM, HP, Microsoft, VMware and others are fighting for account control in the enterprise data center. You can read my post here.

This topic has never failed to raise my blood pressure and get me worked up.... Why again should ISPs be responsible for people breaking the law using their infrastructure? Read my latest post on this topic here and get ready for some dripping sarcasm.

It looks like open source is going where few people have gone before - to space, the final frontier. Coverage of NASA's use of Fedora and RHEL starts here on the ostatic blog. I can already picture the Vyatta system routing packets between planets, something that has been on the minds of networking geeks for over 8 years.

Steve Tobak posted an article about the upcoming Patent Reform Act over at C|Net. I had just mentioned intellectual property reform a couple of days ago in this previous blog entry.

Interestingly, I disagree with Steve's analysis. Steve says:

Let's instead just cut to the chase. In lay terms, the bill makes it easier to challenge issued patents and harder for patent holders to obtain compensation through the U.S. legal system.

Steve argues that because the US is shifting away from a production economy to an intellectual property and licensing economy, these "reforms" are bad for US business. Steve says:

In one corner are big technology companies such as Apple, Cisco, Dell, Google, HP, Intel, Microsoft, Oracle and SAP. These folks make a living selling products and services. They say that patent abuses in the current system are stifling innovation.

In the other corner are technology licensing companies such as 3M, Qualcomm, Rambus, Tessera, and biotech and pharmaceutical companies. They say the act will limit patent holder's rights and stifle innovation.

While each side claims the other limits innovation, the truth is that neither side cares about innovation; they are only concerned with their business model. That's not necessarily a bad thing, since a company's duty is primarily to its shareholders, but it does bear mentioning here.

Now, I have lived in the technology industry for quite some time. I have never worked at a large technology licensing company such as 3M, Qualcomm, Rambus, or in biomed or pharma. That probably biases my thinking.

On the other hand, I have about 10 patents, assigned to various companies I have worked for over the years. I have spent a reasonable amount of time dealing with the patent system.

The fact is, many patents are bogus (think Amazon's 1-Click patent). There, I said it. Many should not have been issued, either because they are so obvious to those knowledgeable in the art or because there was existing prior art. These bogus patents are a noose around the neck of the technology industry. They clog up the system and make it impossible to create almost anything without treading on somebody's patent without even knowing about it. With a patent term of 17 to 20 years, these bogus patents are in force for multiple product lifetimes. For perspective, 20 years is 10 to 13 turns of of the Moore's Law crank. Patents expiring now would have been issued back in 1990, before the explosive rise of the Internet (though the Internet was actually being used at that point, nobody outside of academic and tech circles had heard of it). If you don't think that stifles product innovation, you have never tried to innovate. I have lived with this environment all of my career. I have made decisions in the past to navigate around bogus patents, simply because the lawyers told me it was a lost cause to try to challenge them.

What's all the more infuriating about the current patent situation is that many of today's patents go against the original social contract surrounding patents. The original goal of the patent system was to get inventors to share their innovations for the common good. In return for a limited monopoly, you, Mr. Inventor, share your invention so that We, the public, can understand how you did it and can then innovate on top of it. Rather than stifling innovation, patents were supposed to drive it forward.

Unfortunately, many patents, even the ones that are legit, would have been created independently anyway. It's obviously a balance, but at least in the world I live in, I see patents getting in the way rather than helping me. I have never gone and looked at old patents to get new ideas for products. The only time an independent patent, one that I'm not working on filing myself, comes to my attention, it's because somebody is getting sued for infringing it. This tells me that we have lost the original goal that patents were supposed to foster.

Now, it's important to realize what the patent reform act doesn't do. It doesn't mean that patents are extinct. It also doesn't mean that bogus patents go away with a snap of the fingers. What it does do is allow for easier challenging of what appears to be a bogus patent. This may increase the cost of patent filings since more people could challenge the patent and you'd have to respond to it. Personally, I think this works. The costs should be weighted toward the party that has the most to gain from the granting of the patent. The downstream costs of litigating bogus patents (think not just lawyers but injunctions and product disruptions) are far higher than the cost of allowing patents to be challenged with greater frequency.

In short, I think the Patent Reform Act, while in no ways perfect (doesn't go far enough, IMO), is at least a step in the right direction. Admittedly, I don't work for a large intellectual property company or a biotech/pharma company. Perhaps I'd feel differently in that case, but from where I sit, if we really want to spur innovation, we should really overhaul the system even further than the Patent Reform Act.

According to Sun, FOSS will be helped by the US recession. I guess there is always a silver lining! Read about the good part of the US recession here.

The EU has announced that it will consider buying more open-source software. While this is clearly another gnarl at Microsoft, it also bodes well for EU business practices and economics. You can read some thoughts on this announcements over at Ostatic as well. Ah, how I look forward to Paris in the spring time - browsing the web with Firefox running on Fedora and connected to the Internet with Vyatta routers.

Timothy B. Lee has a great article on Ars Technica about the struggle to apply copyright law in modern times. Frankly, intellectual property law is not scaling well with today's technology. The US Congress is presently in the middle of a major patent reform project which I daresay will not deliver from the moment it's put in effect. Copyright rules have been moving around constantly, with the MPAA and RIAA doing all they can to go after "illegal" file sharing.

If you're interested in the subject of copyright, and you should be if you're interested in open source, I highly recommend Free Culture by Lawrence Lessig. This book opened my eyes to the problems facing all sorts of industries because of various unintended consequences of the current copyright laws. One of the key points in the book is that because today's current copyright law recognizes that all creative works automatically receive copyright protection for the life of the author plus a large amount of time afterward, virtually everything in modern life is copyrighted and therefore is subject to a grant of permission before it can somehow be recycled into another work.

This idea that culture builds on the culture of a few years ago, recycling it and re-synthesizing it into something new and modern is important. An obvious example is a redramatization of an old story plot into a new movie or book (reusing plots from Greek tragedy, for instance). In music, it's about resampling and remixing to create something new (Vanilla Ice swiping the Queen "Under Pressure" baseline for "Ice, Ice, Baby"). Think about movie and television shows that must "clear" copyright on just about every image or sound that is shown. This world is only getting more complex by the day, and it's hampering the world around us, often for no good reason because most people don't care about the copyrights they are granted automatically by the law. Sometimes it's impossible to find out exactly who owns a given copyright and so it's impossible to reuse that material legally.

Free Culture does a great job describing some of the problems and suggesting reform that would at least mitigate some of the problems.

Now, what does this have to do with open source? Well, all open source licenses (the GNU Public License, BSD license, Mozilla Public license, etc.) basically rely on copyright law for their enforcement. The primary difference between the GPL and code that is in the public domain (uncopyrighted), for instance, is that the GPL can grant a set of rights, subject to a set of proscribed responsibilities, to a distributor of a product that uses the code. Public domain code can be used for any purpose whatsoever and effectively nullifies the GPL's "viral" nature that forces you to release your code. You can combine public domain code with your proprietary code and it effectively becomes proprietary.

Now, in a world without copyright, you could use anybody else's code for any purpose and you would not have to release your own source. But once your own source got out, you could not stop people redistributing it or using it for any purpose.

It's an interesting thought experiment to think about what would happen if all intellectual property law was simply abolished. No more copyright. No more patents. No more trademarks. I'm not sure I'm ready to go to that extreme, but it's very clear that even laws that "worked" in the 1970s are no longer able to deal with the environment of 2008. But changing these laws will create tectonic shifts of power and money and so the wheels of progress move slowly.

Buy yourself a copy of Free Culture and expand your mind.

Well, Cisco finally introduced the ASR 1000 family of routers this morning. It was, well, underwhelming. After a secretive ad campaign that featured the Easter Bunny, a bird man, a transvestite cupid, and a unicorn lady, I was geared up for something exciting. Instead, I got the ASR.

So far, most of my info has come from Network World, Light Reading, and Cisco's press release and data sheets. Here's how I see things:

• First, I would not hang it out there as a badge of honor that you spent $250M and 5 years on this thing. If you're a Cisco stockholder, you should be screaming bloody murder. I talked to an analyst today who pointed out how many start ups you could have funded with that cash and how much technology you would have gotten back in return. Cisco should be hanging its head in shame.
• It's positioned to replace the 7200, sort of. They'll still sell you the 7200 if you want, so it isn't technically obsolete... yet. Or you can pay something like 30 percent more for the ASR. Your choice. Light Reading says:

  "It doesn't have the performance of the 7600 at the higher end, and it doesn't have the price point of the 7200 at the lower end," Shetty admits. Moreover, he notes the ASR isn't a carrier Ethernet platform like the 7600.

• They spent 5 years and $250M but could only come up with a 10 Gbps router?
• The routing table size is only 1 M IPv4 routes and 250k IPv6 routes. So that means that it's less scalable than the 7200 and if the world converts to IPv6 tomorrow it's obsolete immediately because the current Internet routing table is ~250,000 routes already. Fire the guy who did that math.
• The ASR runs a new version of IOS, called IOS-XE. IOS seems to be breeding faster than tribbles on the USS Enterprise, in spite of Cisco's claims that they would actually reduce the number of IOS versions out there. Notably, IOS-XE is not derived from IOS-XR, in spite of the similar name. Rumor has it that it's the 7200 IOS running as a daemon on Linux. Network World notes the Linux connection and Light Reading says:

  Cisco did need to do something new to let the ASR run two copies of its operating system, something Shetty says hasn't been done before in boxes this small.

  In fact, it has been done in boxes this small for quite a while (ahem, Vyatta), years in fact. In fact, Vyatta uses true virtualization, rather than just running an old operating system in a single process.
• I just about sprayed coffee out my nose this morning when I was reading the Cisco press release:

  The Cisco ASR 1000 Series also enables service providers and enterprises to reduce their carbon footprint. By surpassing the capabilities possible in multi-device, multi-vendor solutions, the Cisco ASR 1000 Series dramatically decreases both the architectural complexity of deployment for service providers and enterprises but also their carbon footprints as well. Analysis conducted by Synergy Research found that, when compared to competitive offerings, each implementation of the Cisco ASR 1000 Series can result in carbon footprints savings up to 3754 gallons of gasoline or 17 tons of coal annually.

  Gak! Are we really at the point of computing carbon offsets for networking equipment? Are price-per-port or maximum-performance now passé competitive metrics? Coming to an Interop panel near you: "Well, how many cars did your router take off the road??" Or maybe in a future datasheet: "The ASR 1000 has a performance to carbon ratio of 38949 Gbps per coal ton." Sigh...

And here I thought networking was starting to get boring. Between the chicken-man and carbon offsets, I spent the morning laughing...

Om asked me to help christen his latest addition to the GigaOm network, the Ostatic blog with a post on open source telecom. That seemed right up my alley.... You can read my post here. In case you are wondering - I know I was - Ostatic is destined to be slang for "ecstatic with open source." That works for me!

It's the word of the day: OPEN. Last week, people started talking about Riverbed opening up its WAN optimization appliances to other 3rd party applications. Does anybody notice a trend? First, it was 3Com. Then Juniper and Cisco. And now Riverbed. Seems like a trend to me. Fortunately, Vyatta has that "open" thing covered.

Insanity around policing the Internet continues. The UK is considering legislation that will force ISPs to disconnect users if they are suspected of downloading pirated music or video. I thought theft was handled by police? Read my post on this topic here.

Here's a great post by Bruce Perens about the first decade of open source. As entrenched open source is throughout IT infrastructure, it's easy to forget this movement is only ten years old.

I read an article today that really bothered me about the US government performing searches on digital media when entering the country. I wrote a short blog about this for Om that you can read here. I guess when you bring a Vyatta system into the US you may have to boot it up and execute a "show config" command?!?

Here's a post that I wrote on how we're getting closer and closer to IPv6 being deployed globally. Another chink in the chain fell into place this week with the root-level domain name servers returning IPv4 and IPv6 addresses instead of only IPv4 addresses. Read more of my post here.

Open source in the enterprise is on the rise and up 26% - it's only a matter of time people, only a matter of time....

Here's a post I wrote for Om where I have publicly slammed my favorite rock band of all time (well, their manager). Bono please forgive me, but something had to be said on this issue.

Virgin Galactic revealed plans for SpaceShipTwo with an open architecture today. From the press that I read, it looks like Virgin Galactic will be more of a user of open source than an open source company. Still, the words "open source" next to the word "spaceship" is pretty cool Yes, I think the open source model has evolved. If it is good enough for rocket science, it is surely good enough for data networks!

Last month, we saw Juniper and Cisco battling to announce that they were going to open up their networking systems. In a desperate bid to remain relevant, 3Com just recently announced that they are shipping the first two major applications for their OSN routers, a 3Com-branded Asterisk-based PBX and a WAN optimization solution from Expand Networks. My hunch is that this was 3Com's equivalent of yelling, "I'm not dead yet!"

To give 3Com credit, it did (pre-)announce its OSN initiative in early 2007, far ahead of either Juniper or Cisco, but far behind Vyatta. Also to be fair, 3Com's OSN really isn't all that interesting. The OSN Flexible Interface Card (FIC) takes the tired route of simply attaching a PC to your router backplane and charging you lots of money for it. In the case of 3Com's OSN, the company wants more than $3000 for a 512 MB RAM, 80 GB HDD system. 3Com's datasheet doesn't tell you the processor speed or type, but rumors are that it's a low-speed Celeron processor. That's a lot to be charging for that.

By the way, that's all before you buy the chassis, any router modules, etc. To compare apples to apples, this would be like buying Vyatta, then buying another $3000 system on which to run these other applications. But yes, you do get the comfort of having it all wrapped in sheet metal and connected with a backplane.

Personally, I'd rather integrate at the software level, not the hardware level. With Vyatta, you can run any open source application on your system. At last count the Debian system had more than 10,000 different packages. Now, in truth, you might have no desire to run MySQL or Emacs on your router, but the fact is that you could do so. And things like Snort, Asterisk (pick your distribution, not just 3Com's), or SpamAssassin are interesting.

So, while OSN uses Linux, it really doesn't give you an open source solution. In most ways, it's the same closed-community country-club offered by Juniper's PSDP. Joining the program and getting the API still requires you to sign paperwork with 3Com.

When will the proprietary boys learn, you simply can't equal the innovation and creativity of a true open-source community. Rather than simply repeating the words "open source" at every opportunity, let's see the code! It is gratifying to see everybody repeating the Vyatta message, though. If you thought that open source networking wasn't going to amount to much, all these Juniper, Cisco, and now 3Com announcements ought to set you thinking. This is such a powerful concept that all the big boys are scared to be left out of the action.

Well, not only is Vyatta not dead yet, we haven't even begun to live. Watch out world, here we come!

So, it is 2008 and the Denver Broncos finished last season in miserable form. I honestly don't know their final win-loss record off the top of my head and it's been decades since that was true in January. I did manage to hold true to my oath not to watch the Broncos in 2007 and I'm really not worse for the wear. 2007 was a good year but I suspect I'll ruin 2008 following my favorite team to another disappointing season. Baseball anyone? :)

Here's a post I did for Om on my current quest for new collaboration tools for our advisors at Panorama Capital. As always, please let me know your comments and suggestions.

So this morning I came into work and was going through my email. I'm subscribed to the Linux Magazine newsletter, so every day or two I see which articles highlighted in the newsletter might interest me and I go through and read them. This morning, I clicked on a link in one of the newsletter emails and instead of an article got this instead:

I had to laugh out loud. That's so much better than a boring 404 error in the default font.

Bravo Linux Magazine! Thank you for having a sense of humor.

I'm been fascinated by the constant drum of media around privacy issues on the Internet and how people are surprised when their privacy has been compromised. I absolutely believe that everything you send on-line is being tracked and monitored (and I'm not too paranoid :) and wrote about some things you can do to help you try to keep some of your privacy and leave less of a digital footprint for Om.

I've been thinking a lot about video on the Internet these days given our recent investment in GridNetworks. That got me thinking about set-top boxes and I wrote this post for Om. Comments and suggestions always welcome!

December is usually a very light month in the trade news world. Whoda thunk that this week Juniper and Cisco would announce major plans to "go open?"

Juniper started the love-fest with "openness" on Monday with the announcement of its Partner Solution Development Platform (PSDP). Essentially, if you're a big company, and Juniper decides that you're worthy, Juniper will give you the privilege of signing an NDA and paying it yearly fee in order to develop applications that will run on the control plane processor or line cards of its router.

Not wanting to seem like a shrew, Cisco today announced that it too will open up IOS, somehow, someday...

Now, first let's get around to separating the men from the boys. Juniper actually has a real program with a real name (with a real gobbledy-gook four-letter acronym, doncha know). Cisco basically just did an internal reorganization of itself and is handwaving at some future openness, trying to rain on Juniper's parade. The fact is, Cisco has nothing other than an intent to do something, someday.

Now that we have that out of the way, let's look at Juniper. Basically, Juniper's program is an invitation-only affair, like a snobby country-club that would never be so crass as to allow the riff-raff into the building. If you're interested in developing to Juniper's PSDP (aside: am I the only person who says "piss-dip" there?), you can apply, but Juniper has to feel that you're "worthy" enough to be accepted. Once they decide that you're good enough, you get the privilege of signing a bunch of legal paperwork and paying them a hefty fee. After all that, you can write programs in the JunOS-variant of FreeBSD and for their forwarding engine processors.

Sitting here at Vyatta, this all feels a lot like when your parents tried to be cool in high school by adopting the then-current teenage slang vocabulary in order to "get more connected with their kids." Now matter how hard they tried, they always looked foolish and it always ended badly. Simply adopting language doesn't make you cool. Teenagers know this instinctively; multi-billion dollar public companies seem to forget it.

So let me be the first to really question Juniper's program (I won't even consider Cisco's handwaving further). Juniper, I ask you, what really changed here? Juniper, are you saying that previously, if I was a large, multi-billion dollar company like PSDP-pioneer Avaya, and if I came to you and said I'd like to develop something that would run on JunOS, you wouldn't have considered it, and if accepted make me sign NDAs and pay you a lot of money for the privilege? I find that hard to believe. Okay, so maybe you got a bit more formal in the method that you use to process these requests and you gave it a four-letter acronym, but what's really different for users?

See, to really be cool, you have to adopt more than the terminology. If you really want to be open, then go all the way. Post your source code on the Internet like Vyatta has (on purpose this time). Let anybody download it at any time. Without signing an NDA. Without paying you a lot of money. Without even telling you they have done so. Let them release an extension or a hack and do so in a vertical niche market you haven't ever heard of. In short, really open it up to developers large and small and harness the innovation of the whole world, not just the limited imaginations of other multi-billion dollar corporations who are able to pay the annual dues to your country-club.

That would really be cool. Oh, but then you can't claim to be first, because that's already been done.

Was just reading an older article in Network World by Jim Duffy: Beware the single vendor as trusted advisor: Gartner. Essentially, Gartner has come up with another tool called the "Vendor Influence Curve" which describes the relationship between a vendor and a customer. The curve basically shows a tradeoff between a vendor's understanding of an enterprise's requirements and the value to the enterprise.

Initially, in the first few stages, there is value to the enterprise in seeking out a vendor that understands the customer's business requirements. In that case, then vendor can help the enterprise make good decisions. At some point, the customer starts to cede decision making power over the vendor, however, and at that point the vendor starts to make decisions in the vendor's self interest. It's Gartner's claim that for many customers, Cisco is at point 4 or 5 on the graph and needs to be reigned in.

Now, obviously, Cisco being who they are, you pretty much have to at least get their opinion on things related to networks. What Gartner is suggesting, however, is that you also get a few more educated second and third opinions. If a single vendor has become your sole "go-to guy" for buying decisions, you're probably making bad strategic decisions for your business and you're probably paying WAAAAYYY too much.

I have to applaud Gartner here for finally saying that the emperor has no clothes, and for Network World for reporting it. The fact is, both of these organizations derive a lot of revenue from Cisco as their own customer (Gartner for analyst services, and Network World for advertising and various other conference sponsorships). Good job, folks, the emperor is, in fact, buck naked.