Nexus 1000, Imperva WAF Intentions, Platforms and Partnering

Cisco Nexus 1000 has been a platform since it was launched, at least, that’s what I’ve always thought. Lately, Cisco has talked extensively about vPath 2.0 offering a multiservice data plane (great podcast with Cisco on vPath 2.0 at Packet Pushers) for service delivery on VMware hypervisors. And sometime NX1K will likely be on Openvswitch and Hyper-V.

But this is the first sign that Cisco wants to “play well with others” on this product:

Cisco partner Imperva formally announced plans this week to deploy and host their SecureSphere Web Application Firewall (WAF) on the Nexus 1010 and 1110 Virtual Service Appliances. The SecureSphere WAF will be the first third party virtual service available on the Cisco virtual service appliances, joining Cisco virtual services such as the Virtual Security Gateway (VSG), the ASA 1000V Cloud Firewall, virtual Network Analysis Module (vNAM), Data Center Network Manager (DCNM), and the Nexus 1000V Virtual Supervisor Module (VSM).

Cisco has been made several attempts to build partnerships with developers over the last decade. The only surviving partnerships are on the Cisco IOS low end routers (aka C39xx devices)  via the E-series blades (now in their fourth incarnation and compatibility is limited with older units).

Cisco has, or has had, developers programs for many other platforms like Cisco Works, CS-MARS, video-conferncing etc etc etc.

The Etherealmind View

My view ?

I’ll need to see at least two years of solid execution before I would commit my company to buying products that use Nexus 1000V as a platform. Cisco has many plans and a long road ahead for the NX1K product and those changes could mean that companies like Imperva will likely get burned in the changes and updates. History suggests that Cisco’s commitments to parterships doesn’t last.   Sure, Cisco likes to work with others, but it likes to work with itself more. This often closes out partners in add-on products.

Fool me once, shame on Cisco. Fool me for the tenth time and I’ll finally learn. I’ve no doubt that the people involved are committed but will those people still be involved in two years, five years ?

Avoid until delivered, then proven and watch for sustained commitment from Cisco over a period of time. I’m more than a but dubious.

via Cisco Blog » Blog Archive » Imperva Announces Product Plans for Web Application Firewall on Nexus 1100 Virtual Services Appliance.


Cisco is a sponsor of Packet Pushers Podcasts. My opinions and views are my own however.

  • Will

    For those tricked into ordering the 1010

  • ctyrider

    > and sometime NX1K will likely be on Openvswitch

    Perhaps you mean “OpenStack” rather than “Openvswitch”? N1KV can’t be on OVS, as it’s another vSwitch technology.

    • Etherealmind

      No, Cisco is developing a version of OVS that will be part of the NX1KV portfolio – at least, that how I understand it.