Does the Network Matter?

Networking vendors have a serious problem. That isn't something I'd normally be concerned about, but the problem is shared by the entire industry--including Network Magazine editors and enterprise network managers. It's that data networks have gone from an arcane discipline to a ubiquitous commodity. Before Wi-Fi, a router was a mysterious box accessible only to a select priesthood. Now it's cheaper than a trip to the movies and easier to program than a VCR.

So we look beyond networks. If you're a network architect, you broaden your skill set to cover more interesting areas of IT. If you're a magazine about networks, you do much the same (next month, we'll even be changing our name to something more buzzword-compliant). But if you're Cisco Systems, it's not so simple. You're tied so closely to networks that you can't just start selling servers and cell phones. The only way to expand your market is to expand the scope of the network itself.

Vendors should do this by scaling the network out to cover more people, but most are focused on scaling up the protocol stack, adding functionality. It started with convergence: Route voice and storage traffic through the same IP network as regular data. Then came wireless: Process IEEE 802.11 packets in the wiring closet, not on an access point. Now Cisco is looking to applications themselves: Lighten the load on the mainframe by parsing content on a switch. It's gone from thin access points to a thin data center--all dependent on a big, fat, feature-bloated network.

DARK CLOUDSDistributing intelligence is fine within an enterprise, but not on the WAN. The whole point of the Internet is that it's simple and flexible, whereas the new vision of an intelligent network looks suspiciously like the old PSTN--dumb endpoints accessing expensive and restricted services. That's good for carriers because it gives them more opportunity to add value (and bill accordingly). But for the rest of us, it turns the network cloud into a black box, and one under someone else's power.

The most frightening example is access control. Inspired by Wi-Fi switches, a large number of vendors are promoting 802.1x authentication for wired Ethernet. But 802.1x is just the start. Cisco, Microsoft, and others want to put software agents in PCs that will supposedly let switches verify their state, only allowing access to clients with a particular software configuration. In the long term, they plan to replace the software agents with harder-to-hack Trusted Computing chips.

This is particularly dangerous on public networks. If it works, it'll allow ISPs to control their customers' choice of hardware and software. (And don't have faith in the free market to stop them. Government officials have gone as far as to suggest requiring ISPs to use such a system, prompted by their usual cyberterrorist paranoia.) The idea seems much more useful in private networks, but wireless 802.1x suggests it won't be.

While 802.1x works well in Wi-Fi networks that consist only of Windows XP laptops, it needs client software that can't run on more exotic devices such as bar-code scanners. And the problem isn't just with legacy hardware: No Wi-Fi phone supports 802.1x yet.

Keep in mind that 802.1x is a relatively simple, well-documented standard whose underlying protocol hasn't changed since 1998. If the latest overhyped wireless gadgets can't run that, what chance is there that printers, photocopiers, and everything else with an Ethernet port will be able to run a proprietary software agent? The only way to fully implement agent-based access control will be to restrict the network to Windows PCs--the very things most likely to be infected with malware.Rather than restricted, networks should be extended--to people who don't sit at a desk or carry a laptop. Most of these users haven't yet benefited from data connectivity, and the way for technology to add value is by empowering employees, not by locking them down. Mobility is what matters most.

.

Read and respond to Andy Dornan's commentary at http://wires.networkmagazine.com.