[svlug] Switches (was: Re: on proprietary hardware and licenses...)

Sargun Dhillon xbmodder at gmail.com
Sun May 18 13:59:01 PDT 2008 

It'd be fairly expensive and complex to build our own switches.
Usually switches are built on semi-proprietary silicon made by people
like broadcom. Especially when you get to mid-range switches like the
Cat2XXX series. It would be interesting if someone would embark on the
mission of building a custom switch. We won't see too much support
from vendors in this area because the devices are major moneymakers
(think 80% margins). If security is a huge concern don't buy from
idiots like Cisco who EOL products prematurely. Buy it from guys like
Juniper and Foundry who have some idea of what they are doing. I mean
it used to be that you didn't need a huge subscription and you could
get new firmware, but today is a different world.




On Sun, May 18, 2008 at 1:42 PM, Luke S Crawford <lsc at prgmr.com> wrote:
> Mark Weisler <mark at weisler-saratoga-ca.us> writes:
>
> ...snip "Cisco software is really expensive, even if the h/w is reasonably
> priced used"  discussion.
>
>> To me, this is an interesting analysis of proprietary commercial hardware
>> and software in a world changing rapidly with offerings such as m0n0wall,
>> netfilter/iptables, and many more that operate on generic hardware
>
> I've seen lots of progress in the router field.
>
> Switches, however, are another matter.
>
> Sure, you never put the snmp address outside the firewall, but
> Running old software is still kinda dangerous.  I'd like to
> replace my catalyst 2924 with something a little more modern, preferably
> something that keeps ahead of the security updates.
>
> Open-source managed-switch firmware would be pretty awesome, but I don't know
> that such a thing exists.  I'd be ok with closed-source stuff, if keeping
> the switch up to date didn't cost more than a new (used) one.
>
> are there better ideas besides just going unmanaged, or just using old
> firmware revisions and disabling/firewalling vulnerabilities as they
> become known?    I know most of the consumer-grade switch manufacturers
> offer managed models that can be had new at more reasonable prices-
> are they any good?
>
>
> _______________________________________________
> svlug mailing list
> svlug at lists.svlug.org
> http://lists.svlug.org/lists/listinfo/svlug
>

More information about the svlug mailing list