Cisco over the next five years plans to radically change how it sells and delivers router and switch software, in part by making that software more virtualised and modular.
Cisco's intention is to decouple IOS software from the hardware it sells, which could let users add enhancements such as security or VOIP more quickly, without having to reinstall IOS images on routers and switches. The vendor also plans to virtualise many of its network services and applications, which currently are tied to hardware-specific modules or appliances.
This shift would make network gear operate more like a virtualised server, running multiple operating systems and applications on top of a VMware-like layer, as opposed to a router with a closed operating system, in which applications are run on hardware-based blades and modules. Ultimately, these changes will make it less expensive to deploy and manage services that run on top of IP networks, such as security, VOIP and management features, Cisco says.
High-level details of the road map were delivered in a session at Cisco's C-Scape analyst conference last week in San Jose by Cliff Metzler, senior vice president of the company's Network Management Technology Group.
"The way we've sold software in the past is we've bolted it onto a piece of hardware, and we shipped the hardware," Metzler said. "We need more flexibility to allow customers to purchase software and to deploy it according to their terms."
IOS upgrades require a reinstall of the new software image on the router or switch - which causes downtime - or, "we say, not a problem, UPS will arrive soon, here's another blade" to run your new service or application, Metzler said. "This adds months to the deployment cycle, which is not good for customers or Cisco's business."
Because IOS code releases are a superset of features in previous versions, Metzler added, users must also go through lengthy testing processes to ensure new features don't interfere with existing network services. The most recent IOS release, for example (12.4(11)T), has 31 new features, ranging from intrusion-prevention system (IPS) and VPN upgrades, to VoIP, BGP, load-balancing and VoiceXML features.
"What's going to happen? What else was in this software image that I just loaded?" are common questions when upgrading IOS, Metzler said. "It's not a natural, graceful way to go through a software upgrade."
The evolution of Cisco's software model was first mentioned by CEO John Chambers in June at the company's North American customer event.
"More than half of our engineers are software engineers, yet we sell software like a hardware product," Chambers said.
Cisco is not starting from square one in its effort to transform its IOS and network software technology and business. Cisco already has a modular IOS version, IOS-XR, which runs on its carrier-class routers, and provides a more flexible and resilient system for routing and advance services. A modularised IOS version for the enterprise Catalyst 6500 switch also provides more separation of processes running on top of the operating system kernel, which makes the switch more stable, Cisco says. A Linux-based Services Engine blade is also used in Cisco's Integrated Services Routers, to offload non-routing applications and services, such as VOIP or security services. Taking these processes out of the core IOS software and router CPU adds a level of modularity and resiliency as well, Cisco says.
The first phase of how this will play out involves an a la carte model for buying features and services embedded in IOS code. Metzler did not give a timetable as to when this would happen but hinted it would be over the next five years.
Besides breaking IOS software away from hardware, users should expect IOS code to run in a more modularised way.
"We've always built lots of services, integrated them into IOS, but they're not isolated from one another," Metzler said. "If one of them crashes, you have a problem with everything running there. Using virtualisation techniques, you can isolate the services, so that if one of them has a problem, it doesn't impact the other ones."
Loading services onto routers this way will also allow for more centralised deployment and management. Some operational costs could be reduced or eliminated.
Features and services in IOS - such as security, VoIP or management - would run as loadable modules on top of an IOS kernel, letting users turn features on and off without bringing down a router. Also, services that run on hardware modules, such as IPS blades or VPN modules for routers and switches, would run as virtualised services across Linux-based processor blades inside a router or switch chassis. This would let users allocate network processing to applications with more control while maximising network gear's processing power.
Utilisation needs improvement
"If you look at the appliances or special-purpose blades customers may buy from us, they're all humming along at around 20 percent utilisation," Metzler said. "If this sounds like standard virtualisation techniques used in data centres that's because it is; there's nothing new here." He did not rule out the possibility that IOS and some services could be released that run on standard Intel server hardware.
Users should expect to see information on these new changes over the next year or so.
The shift may also force users to upgrade to newer Cisco hardware platforms.
"Some of the hardware we sell today will be capable through a new software load of participating in this," he says. "Some of the hardware we sell today will not."
This kind of shake-up could have positive and negative effects for enterprises, says Karl Rosander, IT manager for the city of Sacramento in California, which has Cisco routers and switches deployed across all city buildings.
"This could be an advantage in how fast I implement new services on routers across our entire network," Rosander says. "From an engineer's perspective, this might cause confusion for engineers out there who have studied" how IOS works and are certified in managing the existing technology structure.
From an overall operations perspective, the ability to dynamically upgrade routers with new security features, for example, would be invaluable, he says.
Find your next job with techworld jobs