Tech Bytes Podcast: Solve campus supply chain problems with multi-vendor networking
Packet Pushers invited Pica8 to join them for an episode of Tech Bytes to discuss how network engineers in the field are leveraging white box networking to choose the hardware and software that best meets their needs – whether that’s for a campus, branch, or data center. Listen to the episode above or read the transcript that follows to learn how it overcomes challenges including supply chain disruptions, end-of-life hardware, and security events.
Speakers
- Ben Moore, VP Product, Pica8
- Neal Trieber, Engineer, Pica8
- Greg Ferro, Host, Packet Pushers
- Drew Conry-Murray, Host, Packet Pushers
Podcast transcription
Greg Ferro, Packet Pushers 00:01
Today on The Tech Bytes podcast, it’s about white box networking with our sponsor, Pica8. We haven’t talked much about white box in the last, I don’t know, a few months or so. And that’s probably because people are just doing it and solving the problem. Getting freedom of choices from hardware from closed network operating systems, expands the solution for the real world, you can just use whatever you need to do to get the job done.
Now, Pica8 is a network operating system and combined hardware platform, it runs on standard hardware. It supports the standards, it has the features that you would expect, things like multi gig, POE, zero-trust platform support. And for those wanting to do automation for day 2 supremacy over the network. Pica8 has that too. And we’ll talk about that in the next 10 or so minutes.
Joining us today is Ben Moore and Neil Trieber from Pica8 – just for the record, Pica8. Let’s get right into it by starting with an overview of Pica8 as a solution. And then angling into the harsh realities of white box networking in an era of supply chain problems and ever more locked-in network equipment. Ben give us a very quick fast pitch of what the Pica8 solution looks like and why customers would be interested.
Ben Moore, Pica8 01:10
Sure, I think that’s a great place to start. And I’d like to say that what we’re really trying to do is create network freedom, we’re trying to get away from these vertically integrated systems and give customers the choice of both hardware and software. So the Pica8 network platform is designed for enterprise networks, and distributed branches and campuses as well as data centers, and offer software for managing switches, as well as running the white box hardware.
And so it consists of three core components. First is AmpCon, which is our automation and network controller. Then there’s the PicOS software, which is the network operating system that actually runs on the switches themselves. And then finally, we have something we call PicOS-V, which is a free virtual machine from Pica8 that can help you get started with Open Networking and run those PicOS software switches in say GNS3.
Greg Ferro, Packet Pushers 02:14
So you are kind of unique in the sense that you’re willing to work in the campus. So far, we’ve seen a lot of white box in the data center, but not so much in the campus environment. But you’re saying that you can run PicOS over a FS or Dell or Delta or an Edgecore or white box, you choose mix and match as you see to your heart’s content. And you can manage the campus as well as some datacenter functionality.
Ben Moore, Pica8 02:33
That’s correct. So we see a lot of customers coming to us from the perspective that they want to eliminate vendor lock-in lower their total cost of ownership, and then increase flexibility. And so they see commodity hardware as a way to do that. And so whether they’re buying boxes from FS, or Delta or Dell or Edgecore, they want to be able to run a piece of software on that, that they’re not locked into a particular vendor.
And when they start looking at open, there’s often a confusion that comes between “open” and “open source.” And let’s be realistic. There’s a lot of software that’s built on top of open source today, but is vendor-supported. And so some of the challenges that I think are perceived within disaggregated, or the open networking space is that this is all open source and that we’re not going to have the support that we want. But the reality is, is that Pica8 has built a software on top of open source. And we’re a vendor here that is recognized by Fortune 500s in supporting these types of implementations, both in enterprise campus, branch, and data center.
Greg Ferro, Packet Pushers 03:47
So what you’re alluding to there, I think, is that there are many flavors of open source (barbecue, you know, prime rib, your hollandaise sauce, no). I think what you’re trying to say there is open for PicOS in for AmpCon is that you can run PicOS on a range of hardware that’s open choices, or you’re using open systems. PicOS itself is made up of a number of open source projects plus the value that you add to it. So open can mean different things.
Ben Moore, Pica8 04:16
Absolutely. I think that is a great way of of defining it.
Neal Trieber, Pica8 04:20
I think even more important, that super, super important distinction. Let’s go to the tape, Bob, is the fact that when it comes to open source, the support is left to you. Right, you’re going to forums you’re going to community. Yes, it’s the best price free. And guess what you get what you pay for when it comes to support peak. A to Ben’s point is the fact that we’re supporting it, you get 24 by seven by 365. You get enterprise support for your open source. And so when it comes to networking, just like others, others very much set the stage for doing the same thing with open source software. We’re doing the same thing with Open Networking, open source based software,
Ben Moore, Pica8 05:03
We hear it from our customers all the time. To be honest with you, they really like open source from an open network perspective to test and see if it’s going to work. But the reality is, that they don’t want to build a commercial product or offering around that. And so yeah, for them
Greg Ferro, Packet Pushers 05:19
I want to go home at 5 o’clock, I don’t want to delve through 1,000 forums, trying to find an answer that somebody posted 8 years ago that’s the solution to my problem. I guess the other side here is that, even if I mean, I’m looking at this, we talked about lock-in, what I like to think about is not what I’m being locked into. I like to think about locking out: how do I get away from you, if something went wrong. And that should apply to any decision when you’re buying a brand vendor, or a more conventional brand? How do you get out, you’re using open standard protocols, you comply with all the API’s, it’s all normal. And in the event that you even did want to leave Pica8, you’ve still got all the standard hardware, just go in reflash it and put on another operating system, and you’re back in business. So your lock out is actually very solid.
Ben Moore, Pica8 06:05
Exactly. And I think you see that in some of the networking industry today where there have been certain vendors through acquisition that have gone from open to closed, and are now tied to a particular software and hardware offering. And there are customers that struggle with that today. What do I do with all these boxes that I invested in, but are not end-of-life at this point? So are they going to reinvest in an entirely new stack? Are they going to operate in an unsupported way? Or is there a different solution? Where exactly to your point, I reflash the hardware, I put on another piece of software, and I can still get the same benefits of the Open Networking?
Drew Conry-Murray, Packet Pushers 06:46
How would you respond to issues around this disaggregation model where I, as a network engineer, feel like I’m taking on the, you know, potentially an operational challenge of having to just load the software onto the switches that are delivered as opposed to getting an integrated box and just firing up and running?
Neal Trieber, Pica8 07:02
Well, I’ll tell you one thing with the disaggregation (flipping it on the other side, not just the software, but the hardware). Being that disaggregated and let’s say hey, I want to get it bundled, sure that’s an option. And we can have our partners do that. And many of them do you get your bare metal with Pica8. But here’s the most important thing is we have many customers coming to us now that have the same thought of I want to replace a piece of hardware, like I’m changing a tire, Goodyear Michelin doesn’t matter. It’s a tire, it fits my car, it works. And more importantly, it has everything I need without everything I don’t.
And so I need to be able to do that with my hardware, right? You can’t do that, if you get a bundled lock-in. It has to be a specific piece or close matching piece from that vendor. And that leaves you in trouble. And when we talk about supply chain, and we talk about all these things related, it makes – we make – changing your network like changing a tire. And that’s the way it should be: open. And that part of that open piece by providing support for all of that, right, as a paid support, we make that open source that open piece of open, not scary.
Drew Conry-Murray, Packet Pushers 08:10
So you’re saying if there’s a campus switch, and you know, some new version of the ASIC comes out, that’s got better performance, better efficiency or whatever. Because I’m not tied into you know, this integrated software-hardware model, I can just get that switch, reload the image of the NOS that I’ve been using, with all the features that I want on it. Like yeah, exactly like changing a tire is that what you’re saying?
Neal Trieber, Pica8 08:31
100%.
Greg Ferro, Packet Pushers 08:33
Okay, so here’s what I want to ask. I want to ask: a lot of people wouldn’t be able to say, I know what Pica8 is, and compare you to my competitors. So what are the things? What are some of the best features that differentiate you from your competitors? Do you think or what are the things that customers are surprised to hear that PicOS does?
Neal Trieber, Pica8 08:51
I think a number of things. One is the fact that automation is included. It’s not a bolt-on; it’s an add-on; we include whether you go with our licensing, whether you go perpetual or whether you go subscription, and I want to touch on that very importantly, big difference. Yes, we offer subscription. We do make it very easy. We have a very big economic incentive with it. But here’s the big reason why. Big scary story, right?
Customer, Wise Healthcare, came to us. And yes, they had a subscription software for their network. And when the subscription accidentally ended, so did their network. So would you want to be in a health care provider or hospital where the network goes down? Because they did – they forgot to pay the subscription, someone just missed it. I don’t know saving lives. And the whole thing goes down.
Pica8 will never shut your network off. We may shut your support off if you don’t pay your if you don’t pay your dues. And even then we will still probably provide it to you interim while you get things worked out. But we’re never going to shut your network off.
Greg Ferro, Packet Pushers 09:47
And I’m also thinking of the fact that I can replace it with any switch. So if I’ve got supply chain challenges, but I was also thinking about security. So one of the aspects that we’re seeing a lot, especially in the campus is this integration with network access control (NAC). You know, there’s various policy engines and Aruba ClearPass, and so forth. Are you able to work with those if people have got those today?
Neal Trieber, Pica8 10:11
We work with pretty much all of them. And the top ones you mentioned, you can see how-to guides right on our website. And our Doc’s are Aruba, Cisco, PacketFence, Portnox, and the list goes on. Yes, yes, yes.
Greg Ferro, Packet Pushers 10:24
So if I’m running some sort of, you know, this type of network access control to get my because that’s where most of us are in the campus today, I can drop these switches straight in. I mean, there’s some design issues there. It’s not just a case of like-for-like replacement, so forth. But I could come up with the same idea around secure access layer switching that’s directly compatible with my existing Cisco / Aruba WiFi?
Neal Trieber, Pica8 10:46
All the accouterments, you’re looking for .1x, dynamic ACLs, named ACLs, all the things you’re looking for are there with Pica8. And that’s the beautiful part, right? Because we’re open, we support all of the modern security needs and accouterments.
Greg Ferro, Packet Pushers 11:00
And so that means if I’ve got, I still need a WiFi, you’re still there to support like you would use / partner with somebody else for the WiFi.
Neal Trieber, Pica8 11:07
Yeah, while we don’t run on WiFi, you can easily plug in an access point network and a wireless controller, and have the full interoperability 802.1X authentication, zero-trust passed all the way down to the edge.
Drew Conry-Murray, Packet Pushers 11:21
On the supply chain side, if folks are, you know, looking to do a campus upgrade or just whatever and need a switch, but the vendor they’re using doesn’t have it, can you come into an environment that’s, you know, Brand X already and just slot in for a hole they need to fill?
Neal Trieber, Pica8 11:36
I would say pretty much. Not all, but the majority of some cases: that’s how we operate. It’s a multi-vendor world, it’s a (you know), and we live in it. So you can easily plug this in, we fully integrate, interoperate Cisco, Aruba, and the list goes on, right? All the big iron vendors, yeah, that’s the whole reason for being open and having all the interoperating protocols except for, of course, in some cases where some are very proprietary, where you just can’t connect like everyone’s MLAG or MCLAG (multi-chassis link aggregation). That happens to be a protocol that is just proprietary with each vendor. But there is EVP and multi-homing on the open side, which we do support and fully interoperates with everybody else. So it works that way, pretty much 100% up and down the chain.
Ben Moore, Pica8 12:23
And on the supply chain issue, I think the thing that I would add there is we have a healthcare customer who doesn’t even want to buy support on the hardware anymore, because they view it as such a commodity that it’s rip and replace for them. So they’d rather take that budget and spend it on additional boxes. And if they have an issue, they just pull the one that’s not working out, put the new one in, you know, it’s as hot-swappable as they can possibly make it and they’re off and running again.
Drew Conry-Murray, Packet Pushers 12:52
That’s interesting. So they just have instead of having, you know, hot swappable power supplies or fans, they’re just swapping a whole new box.
Ben Moore, Pica8 12:58
Exactly and so I think a lot of people are starting to see the model that the hyperscalers have been taking with their enormous data center footprints and saying, why can’t we do that, too? And so that’s the real opportunity with open.
Drew Conry-Murray, Packet Pushers 13:12
You can do that because you’re certified to run on a variety of hardware platforms?
Greg Ferro, Packet Pushers 13:16
I think that’s interesting, because I’ve actually been advising companies to do that. And so like, what if you’re gonna buy this stuff, and calculate how much the maintenance of this stuff so not just the hardware maintenance and the software, not the software matches the whole remains, you can actually typically buy for every five units you buy, you can buy one more unit in hardware, if you’re not paying for hardware maintenance. All you need is software maintenance and tech support, then you can actually just buy spares. So if you’re buying 50 switches, just buy 10 spares that will get you through 5 years. You’d be surprised how easy that is, and how much quicker you can work.
Ben Moore, Pica8 13:16
Correct.
Neal Trieber, Pica8 13:51
And when you think about the large iron giants, they won’t know they don’t only separate that. If you have to buy maintenance, you have to buy maintenance. And when your bill comes due, your bill comes due. And it may be right over your head or well over your head. And so at that point you’re you’re stuck in a bind. And if you would, if you’d kept with the spare in the air strategy, and accept this case – had them right on hand – that cost significantly lowers and being able to treat it like changing a tire. When you think about it, it’s the same thing. it’s exactly that same analogy. You don’t pay for maintenance on tires. You swap ’em.
Drew Conry-Murray, Packet Pushers 14:24
So the value prop here on Pica8 it primarily is around software it sounds like. Is there a way I can you, know test, this NOS? Kick the tires? (to stick with that metaphor).
Neal Trieber, Pica8 14:34
Yes please come check us out at www.pica8.com/packetpushers where you will find PicOS-V. “V” is for virtual and value. And when you plug in PicOS-V, it’s easy to try also and works on all of your favorite test platforms: GNS3, EVE-NG, and the list goes on. You can play with us to your heart’s content, get a look and feel for our CLI. And yes, yes, contact us ASAP. So we can guide you through, get you all the help and tech decks that you need – whatever you need to help to help you get it running.
Greg Ferro, Packet Pushers 15:11
Can I have a play with AmpCon? If I want to test or do a test drive of your network controller, can I do that? I’ll probably have to contact you for that.
Neal Trieber, Pica8 15:19
Yes, in fact, we definitely want you to contact us because we can help you extend AmpCon. AmpCon is built on, again, open source Ansible and Jinja. In fact, we also allow you to run Ansible Galaxy, pick up all your favorite playbooks for all of those additional devices you have in your network. So you can have a single place to automate API; not only manage and push out to your Pica8, but to your non-Pica8, all in one family happy hub, right? So yes, and please contact us again www.pica8.com/packetpushers, and we will be happy to get you up and running with both AmpCon and PicOS after you started kicking the tires on PicOS-V just to get the taste.
Greg Ferro, Packet Pushers 15:58
So, Neal, one of the things you just said is that AmpCon can manage other vendors’ network equipment. That implies that I can do a brownfield; that is, I can go into an existing network and start adding the PicOS solution and the AmpCon to the existing network. Is that right? Is that, is this a brownfield type of strategy, is it possible?
Neal Trieber, Pica8 16:17
Yes, in fact, I mentioned earlier. One, we’re all-in on industry standard open protocol. So from a NOS perspective, where it counts, we are touching infrastructure-infrastructure, we integrate pretty easily. But on the flip side of that, it’s all about management and automation. So from that standpoint, AmpCon, we extend ourselves through Ansible. And because Ansible is that open, we can import those other players playbooks through Ansible Galaxy. And then you can easily push and deploy either through our UI, or through our full set of REST API’s, you can automate the Automator to be able to manage both Pica8, and all of your other integrated changes you need to make from one place.
Greg Ferro, Packet Pushers 16:53
Unfortunately, that’s all we have time for today. If you want to learn more about what you’re hearing, to access downloads, the documentation is out there, you can just go and look at the Pica8 documentation if you want to do a paper review.
There’s also a landing page: www.pica8.com/packetpushers, if you head over there that helps to support us and Pica8 know that they have you heard about them on this show. There’s lots more than resources there:
- Test PicOS for free with the virtual instance
- And don’t forget that there are Cumulus and Cisco migration options if that’s your existing network.
And as I already said, you can request a free consultation. As always, you can find many more other fine free technical podcasts, and they’re supported by our sponsors. So thanks very much for listening. And if you do get in contact with them, tell them that this is where you heard about it. You can follow us on social media, find us on our website. There’s links and various other pieces of information there. And you can also remember that too much networking is never going to be enough.