Cisco Systems has unveiled both a product enhancement and a series of architectural templates to enable enterprise networks to address the challenge of legitimate peer-to-peer apps such as the Groove feature in Microsoft Office.
The product side of the announcement involves a deep packet inspection capability, delivered via a hardware upgrade to the Supervisor engine on its flagship 6500 switches, essentially introducing additional Cisco-designed ASICs to handle 'DPI at multigigabit rates', said Neil Walker, the company's head of product marketing for core and foundation technologies in Europe.
It is unusual that the new functionality is announced for the existing Supervisor, ie release 32, he acknowledged, in that "we normally announce a new Supervisor with additional capabilities and double or triple the backplane speed". This time, however, it is like a point release in the software world, with no change to the backplane speed but "preparing networks for the slew of P2P stuff that is coming on the horizon," he went on.
In other words, where P2P has been a dirty word in enterprise networks, synonymous with bandwidth-hungry apps like Skype, or even illicit ones like Kazaa or BitTorrent, the situation is changing, as enterprise software vendors such as Microsoft embrace the technology and endorse it for collaboration across locations and different organizations.
There arises a need to be able to differentiate between good P2P and bad, which is where the Programmable Intelligent Services Accelerator (PISA) upgrade to Supe32 comes in. "It is akin to what we are doing on the carrier side with the P-Cube technology for broadband policy management," said Walker.
"There the carrier can determine who you are, what you are doing and the bandwidth you are consuming to do it. In this case, we are enabling enterprises to enable wanted P2P and block the unwanted," he went on. "For instance, two employees might be allowed to exchange IM messages, but not if one of them has just accessed some sensitive data on an internal database." PISA is not, however, in any way based on the P-Cube technology, but rather the result of internal development, he went on.
Further underscoring the difference from the standard new release of a Supervisor engine, Cisco also unveiled a series of templates for re-architecting corporate networks to address the challenge of P2P technologies.
Companies wishing to avail themselves of the PISA functionality will need to be running Supervisor 32 before they can spend the (US list price of) $28 000 for the new capability. Walker outlined four scenarios in which a 6500 is deployed, in all of which the PISA functionality is appropriate, he argued.
"The 6500 can sit in a corporate data centre, of course, but some large enterprises also put it in the wiring closet and run all their LAN traffic over the platform," he began. "In addition, there are corporate customers who put the 6500 out in branches with WAN modules instead of running routers, while still others use them as an Ethernet demarcation point on a managed service, connecting over their Ethernet port to a carrier router."
As for the competitive environment, Walker said Cisco sees more competition to its switches further down the portfolio "because the barriers to entry are lower there," and that the San Jose, California-based company's flagship Ethernet switch meets relatively little competition. Be that as it may, Cisco clearly feels that, with this latest addition to the Supervisor, it offers a compelling alternative to someone else's switch with a dedicated DPI device sitting in front of it as a bump in the wire.
"This is an enhancement to your existing LAN card and so has the scalability that a bump-in-the-wire appliance cannot offer," said Walker.
DPI is increasingly becoming a technology harnessed both for security (IDS/IPS) and performance functionality, and Cisco is, as usual, embedding it into its switches. Other companies like Bivio and Endace are offering dedicated, high-speed DPI devices to underpin apps like IDS/IPS and network monitoring from OEM partners, but they are still a separate device in a network, so it will be interesting to see how much take-up Cisco's PISA technology will have against such offerings, and whether Cisco's traditional competitors in the switch market will seek to emulate it with DPI on their devices.