Cisco’s AON: Jeeves in a router or a box of evils?

At first glance, Cisco’s AON (Application Oriented Networking) looks like a brilliant idea. Essentially, it proposes to suck all manner of security, administrative, and even business policy functions into its routers and switches. That looks as if it should benefit everyone – especially existing and prospective Cisco customers – and might even grease the wheels for quicker and easier adoption of SOA.

But it’s by no means clear that the rest of us should uncritically welcome “putting intelligence into the network”. One of the main reasons for the Internet’s success has been its profound indifference to the content of the packets it transports. Compromising on the hallowed principle of “dumb pipes” could crack open Pandora’s box – indeed, several boxes.

In Cisco’s words, AON “makes it possible to embed intelligence capabilities into the network”. Obviously this is a gross exaggeration: all it really does is to teach Cisco’s network devices a bunch of new rote tricks. Any intelligence involved must come from the developers, security specialists and sysadmins who write the rules (no doubt with plenty of help from Cisco’s Advanced Services, which will go to boost AON’s gross margins).

At the marketing level, AON really is a work of genius. It presses every hot button, leaves no fashionable acronym unmentioned, and on top of all that it promises to align IT with business, and cut costs, quickly and with little effort. Specifically, it is said to support Web services, SOA, BPM, and EDA, while supercharging BI, BAM, and RFID. It also helps companies to ensure compliance with Sarbanes-Oxley, HIPAA, Gramm-Leach-Bliley, and BASEL II. It’s fast, secure, selective, visible, cheap (well, relatively) – and it slices, dices and rices. What’s not to like?

Of course, the primary beneficiary of AON is meant to be Cisco itself. Despite its boast that “The Cisco name has become synonymous with the Internet”, the San Jose giant’s 85 per cent share of the router market in the late 1990s has dropped to somewhere between half and two thirds, depending on which segments you look at. Rivals like Juniper and Alcatel are winning sales and slicing into Cisco’s dominant position.

So it needs to tap some new markets quickly – preferably glamorous, lucrative ones with high margins. How better to exploit its mighty internet presence than by moving up the stack into higher added-value, higher-margin sales? “You seem to be struggling with those applications and that security, Ms Customer,” it cries. “I just happen to have an army of routers and switches standing around – they will be delighted to help you out for a small consideration”.

The main functions that Cisco sees AON performing are application-specific routing, enforcing security policies, monitoring and filtering messages, and boosting performance through load balancing, cacheing, and compression.

Policies are defined, and custom bladelets and adapters written, using the Windows-based AON Development Studio (ADS), and everything is set up and administered from the Linux-based AON Management Console (AMC). Today there are just two AON network modules, the 2600/2800/3700/3800 Series that slots into routers, and the Catalyst 6500 Series for switches. Each of these has a single processor, a 40MB hard drive, and 512MB or more of RAM, so they are proper little computers in their own right.

The supervisor or route processor in a switch or router transparently redirects packets that meet certain criteria to an AON module, which applies the appropriate policies before forwarding each packet to its destination (which the AON module may change). Clearly, this process introduces extra latency, and there are limits to how many packets can be processed and how long they can be delayed without noticeably degrading QoS.

Apparently, AON modules can and should be deployed everywhere – at remote offices, B2B spokes, on the enterprise edge, and in the enterprise core. Forget “Intel Inside”; this would be “Cisco Everywhere”. The cost savings and performance improvements go almost without saying. That’s progress: today, complex expensive integration software (analogous to a lashed-up prototyping rig); tomorrow smooth, fast, efficient, cheap hardware.

Inevitably, there is a downside to the AON dream. At first glance, three serious issues raise their heads: security, unfair competition, and the potential demise of the internet as a content-neutral medium.