IP networks achieved dominance because they're dumb. No central brain--positronic or otherwise--means resilience. But now Cisco Systems, Juniper Networks, Microsoft, and a host of startups are meddling with nature by selling programmable platforms that can understand and process the data running over them, moving smarts back from servers and other endpoints. This raises the specter of higher hardware costs, as proprietary switches replace commodity devices. So, do the benefits of a smarter--and presumably more flexible and faster--network balance the risk of lock-in?

Cisco has set its sights first on shattering servers into pools of resources, like CPUs and memory, that are networked. It envisages a future in which the enterprise data center is reduced to little more than a virtual machine running on a giant switch--which, of course, it will provide. Juniper is giving its switches an API that third-party applications can access. 3Com is partnering with VMware to put virtual servers inside routers, and startups are scheming to steal the smarts from a huge variety of endpoints, from radio frequency identification readers to wireless sensors. Even IBM is joining the trend, selling appliances that off-load XML processing from servers and accelerate its WebSphere middleware using dedicated silicon.

THINKING INSIDE THE BOX
Part of what seems like network overreach is the usual progress of technology. Just as cell phones absorbed cameras and music players, network switches added firewall, Wi-Fi radio management, and network access control. These combined devices can be shipped preconfigured, a boon for remote offices that lack IT staff. Not surprisingly, then, branch office hardware is an obvious place for networking vendors to start co-opting functions. In addition to the usual security features, Nortel Networks' Secure Router can run voice-over-IP and collaboration software from partner Microsoft, while Cisco's Integrated Service Router, or ISR, may include modules for XML acceleration or WAN optimization.

CIOs of distributed organizations are taking notice.

"We like that it's plug and play," says Armin Heinlein, corporate VP and head of IT at shipping conglomerate Panalpina Group, which has installed the Cisco ISR with a WAN optimization module at 23 branch offices. "It consolidates everything into one device and helped us get rid of remote file servers."

But Cisco's angling for bigger fish than the branch office. Its top priority after making one of its many acquisitions is usually to convert the company's technology into a module for the Catalyst 6500, its giant data center switch. Not all of these buys are obvious network services, but Cisco argues that there's little difference between a network service, such as a firewall, and an application, such as a database.

"Most network services started as applications," says Bill Ruh, VP of advanced services at Cisco. "Things have been migrating into the network for the last 10 years." In particular, network devices are good at functions that benefit from specialized silicon: An individual server might not use SSL or XML enough to justify an internal accelerator card, but an appliance can be shared. Moving functions away from servers also saves on software licensing costs, as more of the server's power can be dedicated to running a licensed app.

(click image for larger view)