Drag racing the bus

Picture it. You’re a school district transportation engineer. You’re in charge of purchasing a fleet of new school busses for your district. The big ones. The expensive ones. The ones that will last you for the foreseeable future. So, you call up Bus Vendor A, B, and C and inform them that you’re in the process of selecting a fleet of new school busses. The following week each vendor dutifully delivers their ‘bus of choice’ to be evaluated. You then grab your intern, put him at the midway point of the bus from ‘Vendor A’ and take it for a spin! You see how fast it goes from 0 to 60. You see how it corners. People hear tires screeching from all over the city as you and your one other occupant sling this bad boy around town ‘evaluating’ the bus. You then repeat the same process for ‘Vendor B’ and ‘Vendor C’. You aggregate your data. You correlated your data. You make pie charts about your data. You do ROI calculations on your data. You do comfort analysis on your data. You do handling analysis on your data. You made your ‘educated’ recommendation and purchased a fleet.

Day 1 of school rolls around and the first thing your brand spanking new fleet of school busses does is immediately do the one thing you neglected to test: they loaded up with kids and trudged along at 20 MPH safely around town. You start getting complaints. They don’t stop well. They don’t handle well. They don’t get good gas mileage. They bounce all over the place and your district has to send 2,000 kids to chiropractic care because you didn’t evaluate the bus under the conditions it’s going to be used in. Instead, you took it for a joy ride. You drag raced it. The one bus that went the fastest with a single guy in it, you bought. When you deployed it, it broke because you didn’t test it using real world scenarios.

Please, don’t drag race your evaluation Access Points. Test them like you’re going to operate them. That way you get a realistic view of how they’re going to behave in the real world. Do your self a favor. Stop joy riding your vendors gear and put it in the real world to test it.

This blog inspiration courtesy of @florwj . Go follow him. He’s awesome.


Aruba forces customers into Cloud: Offers no way out

Authors note: Aruba has addressed this satisfactorily by removing the offending release of code. Further details are available in the comments section of the post below. This header was added as a post-script to the original blog which remains below for posterity. Well done Aruba.

Software updates are a matter of life. Developers and coders aren’t perfect, bugs need to be fixed, new features need to be rolled out, new hardware needs to be supported. As networking professionals, we’ve come to terms with the sometimes continual churn that patch vehicles have enabled – the Internet as a distribution mechanism has made it commonplace for manufactures to ship incomplete features or functionality under the guise of ‘by the time you complain about it, we’ll have a download ready to fix it”. They all do it. We all consume it.

Sometimes a manufacturer does something so egregious and underhandedly reprehensible that it simply cannot be. Aruba release their ArubaOS on Feb 15th, 2014 and snuck in a ‘phone home’ feature. They state twice that they’re enabling this feature by default:

Once buried on their dashboard if you happen to navigate to their code by clicking on the words in their tree, not the ‘+’.

You'll miss the warning if you use the boxes!

You’ll miss the warning if you use the boxes!

The second is in their release notes. I applaud their efforts to make their customers aware that they will be changing the default values in their release notes, but the download page navigation needs some help. Their release notes clearly state:

The PhoneHome Automatic Reporting feature is enabled by default. PhoneHome feature can be disabled by selecting the Disable option under Maintenance > Aruba TAC Server section of the WebUI.

What they do not tell you is that even if you have explicitly disabled this option previously, when you update your code to the afflicted build, it automatically re-enables this feature without warning you! Aruba intentionally snuck in an information gathering option and mislead their customers by stating that it was only enabling the ‘feature’ by default. In common english, this means when you’ve accepted the default settings – for example on a new build or a controller default, this option will be enabled. What they did not tell you is that there is no ‘opt-out’ way of having this turned on during a code update! They certainly give you guidance on how to disable it post-installation, but by that point in time, it can safely be assumed that your controller has phoned home and divulged all of your enterprise wireless configurations – information that you may not want to send to them – such as your PSKs, your RADIUS shared secrets, your default local administrator credentials – all without warning their unsuspecting, and all-too trusting customers, that Aruba was going to be maintaining a list of their most secret enterprise data.

Aruba is secretly compiling data from all of their existing enterprise customers regardless of any opt-out that was previously set.

What if your company had a security policy in place that stated that no configurations were to be shared outside of your organization? What if you had no Cloud strategy? How does having Aruba keep a copy of your configuration expose your organization to compliance issues? How will that impact FIPS compliance? Seemingly no one at Aruba cares about these issues and as far as I’m aware, there are only two ways to prevent this from occurring – and both need to be planned for before you update your software:

  1. blackhole or ACL off your controllers from talking to the Aruba cloud until you can log into the controller.
  2. disconnect your controller from the network during your update and console into it to undo the command.

Either way is intrusive and difficult to manage and if you were not aware of this data-heist prior to your update, you have no way of confirming if your data has already been compromised. In my opinion Aruba needs to do damage control here real-quick like and:

  1. Pull the malicious and infected code off of their downloads section immediately.
  2. Apologize for negligently harvesting customer data.
  3. Clearly articulate what customer data was stolen and how it was stored.
  4. Clearly articulate how long once a controller has come online that it ‘rats your configs out’ to the manufacturer.
  5. Give customers the option to have their data removed from Arubas servers and have a third party audit this removal for confirmation.
  6. Modify the code to obey previous opt-out configurations and re-post it.

Until then, you may want to let your SOC, CTO, IT Director, or resident person in charge that if you did the code update from Aruba that you should consider your network keys, shared secrets, and local admin accounts compromised and start working on a remediation plan immediately.

Aruba just doesn’t get Investment Protection

This week, Cisco launched their modular 802.11ac Access Point, the AP3700. The FUD that started almost instantly was unbelievable. This petulant mud slinging is coming from from none other than our good buddies over at Aruba who are trying with all their might to convince all of their AP134/135 users to go buy a new Access Point. While this rip-and-replace mindset has boosted their volume sales over the past several years, I think it’s time that we all revisit what modularity means and why it’s good. We’ll get this bit out of the way first however since it seems to be a common misconception about modularity: Modularity is not only about 802.11ac, it is about investment protection. Aruba wants to spin this to convince you that you a) need to buy a new AP and b) while you’re at it, let’s try and sell you a controller! This slight of hand and misdirection is really in poor form and we should all take a moment to bring this conversation back to the real world. The 802.11ac wave 1 module is one of 4 modules, and one of two Cisco 802.11ac platforms to select from. No one is forcing you to purchase a module to get 802.11ac. Cisco has a ‘rip and replace’ option as well. If you’re okay with the rip and replace approach to 802.11ac (as an Aruba customer you should be used to this by now), by all means – let’s compare a head to head AP3700 against the AP-225 (I’d do this, but for some reason they’re reluctant to send me an AP-220) using clients that are available in a the real world today. By the way, wasn’t it Aruba just a few months back complaining about Cisco using Miercom and proving that the 5760 beats the stuffing out of the 7240 controller and that the AP3600 whomped all over the AP134/135?

Let’s recap the FUD: When the AP3600 was announced, Aruba predicted:

  • That modularity doesn’t work: FALSE – Modularity does work, and has worked since the Cisco 1220 (802.11b to 802.11g migration).
  • That Cisco won’t ship modules ever: FALSE – Cisco has shipped two modules and is on track to ship an additional two.
  • You’re better off buying a new AP: FALSE – well, maybe not false. If you’re an Aruba customer, you have no choice.

This last one is really the sticking point. Most of the customers I talk to can’t stomach a new AP upgrade every year. They’re more along the lines of 3 to 5 year refresh cycles. Realistically speaking, if my upgrade cycle hit last year I could have done one of two things:

  1. Purchased Aruba AP134/135s. This means that I cannot get any sort of 802.11ac without ripping and replacing.
  2. Purchased Cisco 3602s. This means that if I need it, I can deploy 802.11ac (wave 1 or wave 2!), monitor mode, or indoor cell DAS modules at a fraction of the price of a new AP.

At the end of the day, modularity is not intended to be a one size fits all approach to technology. It’s right for some people, it’s not right for others. When it comes down to it, you can either buy more Access Points, or less Access Points, and still get current technology. If you’re considering the Aruba platform today, I’d encourage you to ask the following questions:

  • What do I do with last years APs?
  • How do I get to 802.11ac wave 2 when it comes out?
  • How do I deploy indoor cell DAS leveraging my existing APs?
  • How do I do wIPS without buying a whole new overlay solution?
  • Why aren’t you comparing against the AP3700?

In the meantime, let’s keep Aruba pointed in the right direction shall we? The modular platform argument is one that Cisco battles time and again – look at all of the people that used to hate on the Catalyst 6k platform? They had nothing to compare so, certainly modularity was bad! Modular is good, investment protection is fiscally responsible, and flexibility means that I can get some of todays technology where I need it, when I need it without breaking the bank on forklifting my infrastructure. By the way, let’s do a speeds and feeds with an AP220 and an AP3700 and see how those bar charts look…

In short, it doesn’t matter who’s infrastructure gear you’re buying. Moore’s law means that there will always be a pie chart or bar graph trying to convince you to buy something shiny and new. Modularity is about getting some of that shiny new, without having to forklift your gear – investment protection.

Aruba wants you to stop buying the AP134-135. 3rd times the charm?

Earlier this month, Scott Calzia, Director, Product Marketing at Aruba posted an article deriding the announcement of an 802.11ac module from Cisco for their flagship Access Point – the 3602. I took umbrage at the article which lead to the following posts and replies between myself and Aruba Product Marketing Manager, Ozer at Aruba: My first postOzers replyMy next replyHis next reply, and now this post.

Before going any further, I certainly acknowledge that this threaded saga of post-reply-post-reply is a difficult one to follow and I believe that further discussion will likely take place on the No Strings Attached Show. There is a good deal of technical discussion and rabbit trailing in the threads between Oz and myself and I some of them are quite tangential but I’m trying to keep topics centered around the original post topics. I welcome further discussion about performance & feature sets that are outside of the original post and if you’d like to have something addressed in further detail, please leave me a comment in the section below! Having said that, it’s hard to thank someone of Ozers caliber for continuing to stay engaged without sounding trite or insincere. I (and many of my readers that prefer offline comments) genuinely appreciate the dialogue and open discussion. Keeping each other honest with an above board, fun and engaging conversation is exactly the point of this.

Onto the meat!

Alright I am back for round 2… I hope this does not last until round 15 :) I gotta tell you I love the “ding-ding” opening! I am glad that we can keep the discussion fun, engaging instead of using anger and personal attacks… Thanks again for accepting my reply, glad to have the discussion going. BTW, you type fast!

Your comment to Aruba blog…
I am assuming it is a side effect of web changes yesterday (new navigation and converging 3 blog pages into 1) but I will check shortly.

Sounds good! It looks like my original post is still ‘awaiting moderation’ but I look forward to having it approved – Mine get auto-approved, pending spam filtration so I’d be interested in hearing from Scott as well!

Regarding 2400…
small typo as you can guess: meant to refer to 2500 series controllers.

Well, that’s what I was thinking Scott meant in his first post. This means that the corrected statement would be (in reference to controllers that support the 3600):

So if you have older 2500, 4000, WiSM or WCS, it is that time to write your Cisco tax check again.

Sadly, this statement is also false since the 2500 WLC does indeed support the 3600. As a side note, the WCS release notes call out support for the 3600 as well. I’ve been asking for some time about clarification of code support for the controllers and how that meshes with the WCS/3600 support, but it does state it and I presume that since WCS supports code release 7.1, Cisco can claim 3600 support. Yes this is slightly ambiguous and not 100% clear but as the Aruba statement sits, it’s incorrect. Cisco isn’t perfect (there, I said it) but, at minimum, checking the release notes is a) easy to do since they don’t change locations and b) should be a requirement before declaring something is incompatible.

Alright back to tech…

Regarding 1250 series AP (since many commented on it)…
Almost a year after 1250 series, 1140 series was announced. I am not claiming that the AP actually physically failed (it obviously worked just fine after you managed to install it) – it was no longer the right AP to install for many, unless you are installing APs in a warehouse or similar challenging environments. Cisco’s promise of “modular AP is the way to go” was no longer. 1140 had better form factor, better price, did not need external antennas, better PoE efficiency. There was almost no reason to install 1250 series in a classroom or a carpeted office space after 1140 series was released. During that timeframe Aruba’s AP-124/125 series won many deals against Cisco 1250 series (support for PoE and better form-factor were big technical reasons) when we get the chance to sit at the table. Market demanded something better than 1250 series.

Well, I don’t think Cisco ever declared that ‘modular was the way to go (forever and ever)’. We all know that manufacturing efficiencies can be achieved with highly integrated component and if you’ll recall, the IEEE ratified the 802.11n spec during that first year – that’s the reason the 1142 came out in short order. The 1252 was a modular goto-market product that addressed a specific need and was very successful at it. Don’t get caught comparing Apples to Oranges here though, the 1252 and the 1142 are not positioned as competitors and the 1252 was still positioned as the de-facto 802.11n Access Point for external antenna support and extended operating ranges well after the 1142 was launched (as you rightly stated). The 1262 is the Access Point that ultimately replaced the 1252, not the 1142. If you needed an Access Point with flexible antenna options that operated in an environment up to 131F, the 1252 was your man. Admittedly, you may not have been at the table for deployments like that since Aruba doesn’t play well in extreme environments (over 122F for the Aruba 120/130), but I was and I continued to sell the 1252 in significant quantities well past the launch of the 1142. I didn’t realize that defending the 1252 was going to be such a popular topic! I suppose it’s easy to mis-construe the past to those that didn’t live it first-hand, but there you have it.

Of course, there is a trend with Cisco’s modular APs – great marketing for Cisco, brings in more dollars. I am just not convinced that it is the right thing for the customer. My humble opinion…

And you’re close to the point here. Yes, it’s good marketing, but it also fills a need (not just Ciscos coffers). It’s easy to beat up on the dog in front declaring missteps or some other ‘lack of vision’ as a defensive strategy, but the 801.11ac module fills a need that we’re seeing more and more in RFP responses and as a growing concern among enterprises. It’s investment protection and people want this today.

Let’s double click on Cisco’s investment protection….

Note that 1st gen 11ac AP does not go above 3 spatial streams (instead of up to 8 defined per 11ac standard) and does not support multi-user MIMO (which is really beneficial for the upcoming 11ac capable smartphones and tablets as you know). My guess is 2nd gen 11ac APs will have up to max of 5 spatial stream support… since putting 8 antennas in an AP may not be that great of an idea since folks want APs that can be carried by hand… alright let’s go through couple of investment scenarios.

Case#1: Case#2: Case#3: Case#4:

(Note: actual cases omitted for brevities sake, but are available in blog post comments here.) There are indeed numerous ways to slice and dice situations to the benefit (or not) of a particular manufacturer. The 802.11ac module is not intended to be the only 802.11ac Access Point Cisco will ever offer (obviously), nor is it intended to address 100% of each and every purchase requirements for every customer. It’s modularity is intended to bridge the gap to a new technology which is why it was developed in the first place. Will it fit every customer? No. Are there customers today that want to make sure they have a low-cost way to move to 3SS 802.11n and upgrade to 802.11ac in the future? Yes. Scott seems to miss this point in his blog post. Aruba does not have a public facing 802.11ac option so it’s only natural that they’re defensive.

Having said that, there is a portion of your Cases that I’d like to address (and maybe move to another blog post-conversation-thread). ‘Spectrum Analysis’: Noise awareness has been available and considered in RRM calculations for a long time now but Cisco made the decision to develop the best available spectrum analysis capabilities into their solution. ‘Spectrum Analyzers’ that are coarse noise-floor analysis are less accurate and in Arubas case, require additional licenses. Are the licenses expensive? Not in small quantities, but ask any Aruba customer and they’ll complain about feature set licenses. That’s two things that Cisco does better than anyone – no featurset licenses and the best available spectrum analysis. Can you compromise on those features in your enterprise? Perhaps – that’s for you to know. Can I compromise on those features in my enterprise? No. I need the best and when I go hunting for an X-box controller, finding out that it was a transient bluetooth device after 3 hours of looking is unacceptable. This is the reason that Cisco differentiates this feature in it’s Access Points. Implementing ‘Spectrum Analysis’ without a discreet analyzer is less accurate. Cisco won’t put their name on that for a reason. In her article, Joanie Wexler, Network World, claims, “Indeed, Aruba product manager Peter Lane acknowledged about a 5% throughput drop in cases “where you’re maxing out the throughput of the APs already.” Aerohive’s Matt Gast, director of product management, estimated the performance hit as closer to 30%; however, he recommends turning it on only when there’s a problem.

Ok I think I just got the cross-eye that Scott was talking about in his blog… without having to use the OptiGrab! So investment protection argument by Cisco applies to the last case listed above. My educated guess is we will see more of #1, #2, #3 than #4. Again that’s my opinion… agree to disagree.

I suspect we’re heading down the ‘agree to disagree’ path, but the fact remains, in the market today I have customers that have a vision. Their vision is to support tomorrows technology leveraging todays investments. The only manufacturer that has a solution is Cisco and Cisco is going to advertise the heck out of that since it’s a clear competitive differentiator. They’re going to take heat for it, they’re going to get beat up, they’re going to have it mis-represented to the needs of other manufacturers, but Cisco took a leap that no-one else did. Will Cisco sell modules? Yes. Will they be the only way to get 802.11ac? No. There will always be bigger and better on the horizon? Yes. Those that do proper lifecycle management of their infrastructure can leverage this product to future-proof their investment.

FCC link and conversation omitted because:

This is an interesting point and since I work for a Cisco partner under NDA, I can’t discuss this until products ship and are publicly announced. I hope you understand. 🙂

Aruba performance tests…
We do not have Android tablets to replace iPads – no reason to – we have 100+ iPads in the TME labs.

As may be the case, but there is a huge discrepancy in your ‘internal tests’:

You claim to be file transfers to iPads, but don’t list them in your ‘Clients used for testing’. (continued below)

No change in video resolution for Aruba WLAN compared to Cisco WLAN

Aruba uses Active Transcoding in their tests. Cisco does not. This has the net effect of reducing the resolution of the stream for every client and is a mis-representation of the Aruba test. Cisco tackled this head on using the full resolution streams and shined. Aruba changed the parameters and represented it as the same tests. (continued below)

– it is the same exact infrastructure, testbed. Again no reason to. Enabling and disabling RF scanning, IDS, spectrum/CleanAir does not make any difference for either vendors.

I’d love to tackle this first hand. In the interest of full-disclosure, I have an AP-135 and attempted to enable spectrum analysis, but was unable to since at the time it wasn’t supported in ‘Instant’ configuration. I look forward to seeing this development come to market unless of course you want to get me an Aruba 200 controller (and licenses) to play with. 🙂 If it doesn’t impact the performance of the tests, turn them on and prove it to us (continued below)!

Aruba TMEs ran those tests for weeks. We should talk about “maximizing airtime” in another opportunity – Aruba’s RF engineering focuses on this topic nowadays than ever. For instance, a test for you to consider running on Cisco WLAN… start with 5 smartphones on 11n 2.4GHz radio. Record TCP download throughput. Repeat with 10, 15, 20 smartphones. Then add TCP upload traffic into the mix and record total throughput. Results are interesting.

Would love to discuss this more, but as you pointed out, we should tackle that in a separate thread – this is getting long winded as it is! 🙂

Miercom = independent… really? Cisco TMEs run these tests in their labs, publish it on the website URL that you shared and it just happens that a separate set of engineers who work for Miercom happened to run the same set of tests – not less or more – and come up with exactly the same set of test results. Independently. Without being paid any consulting fees by Cisco. Really? :) I firmly believe that something like Network World Clear Choice test reports are independent – and I cannot see how Miercom follows the same model.

(this is the continuation you were looking for) The reason I suggest a Miercom report instead of publishing ‘internal Aruha test results’ is that Arubas tests seem fraught with inconsistencies and, in my book, this calls into question the validity of their test process and results. Put another way, how can we be sure your data is accurate if you’re testing iPads without listing them as clients and pulling shady transcoding  shenanigans, calling it the same as full-resolution media streams. Is that an extreme opinion? Perhaps, but independent reporting should clean up those rough edges and level the playing field.

NSA podcast show is a great idea! Let’s do it. I will email Blake.

ps. Happy to chat about ISRs and ISE more down the road!

Deal on both fronts! Looking forward to visiting Aruba during Wireless Tech Field Day 3!


Post Script:

Several folks have either outright asked offline or insinuated a handful of statements about this thread which I’d like to address:

You’re just flanning the flames for readership to make money. I do not monitize my blog with ads. I do not make revenue from it in any way shape or form and pay for it out of my own pocket.

You’re being spoon-fed responses by Cisco. I am not. My blog is mine and mine alone. My thoughts are my own and (with the exception below) are not generated by anyone else. If I get data from other sources, I will do my best to list those sources clearly.

You work for a Cisco reseller and have ‘the inside scoop’ which sways your opinions. Well, yes. I do indeed work for one of the largest Cisco resellers in the US. This does give me insight and access to hardware that others may not have and since it does, I do consider myself ‘up on the solution’. My employer does not endorse or influence my blog with the exception of discussing NDA information. I am bound by my employer to not discuss NDA information outside of the scope of the agreement and I continue to abide by that.

Aruba wants you to stop buying the AP134-135. Round 2.

Aruba recently posted a rather snarky post about the technological shortsightedness and irrelevance of 802.11ac upgradability of todays wireless infrastructures. This original post (mirrored here) admittedly ruffled my feathers on several fronts so I wrote this response. If you haven’t read these, I encourage you to go do that now.

Aruba product marketing manager, Ozer (@ozwifi) replied to my reply. Before we get to the meat of this post, in the interest of full-disclosure, this post has no direct ties to the Wireless Tech Field day events hosted by Gestalt IT. I have been selected as a delegate for the upcoming Wireless Tech Field Day event that Aruba (among others) has sponsored in the past. As a Tech Field Day delegate I have been given access to hardware and solutions from the event sponsors to utilize as I see fit. At the time of this writing, Aruba is not currently listed as a sponsor of the WFD3 event, but we certainly welcome them and look forward to their involvement!

Ding Ding!

Hey Sam,

It is @ozwifi here. It is not uncommon that we get on each other’s nerves in the Wi-Fi industry and by the tone of your reply I am guessing that’s exactly what we did. But you gotta admit, there are no personal attacks in the blog entry since it is delivering an educated technical opinion.

Oz! Good to hear from you. I apologize for the rather public response to your post, but this seemed the fairest way to address this in its entirety. To the audience at large, I apologize for the broken up, threaded reply and will do my best to make it as cohesive as possible. You are indeed correct that it’s not uncommon to get on each others nerves and you are spot on that this one hit home for me. Perhaps I shouldn’t be so personally vested in industry vision, but I’m sure it’s one of many faults that I have. 🙂  You are correct that there are no personal attacks in the Aruba post and I hope that no one believes that my reply was somehow a personal attack on the Aruba team – infact the only team I mentioned explicitly was the executive team and I certainly don’t hope they *actually* jump off the top of the tallest building in San Jose. That would not be pretty or professional and was merely a ‘leaping’ analogy. Regarding the blog post being an ‘educated technical opinion’, I do take exception to this being an educated technical opinion. It doesn’t sound educated whatsoever and I think that Aruba’s shortsightedness regarding 802.11ac is rampant in the article. Also, I’m still interested in just what the heck a 2400 is…

Poking fun at Aruba’s #1 competitor in the WLAN space with a bit of humour. You have to meet with the author, Scott, during the next WFD – he is not that bad of a person as you might think. So there is really not much to be ashamed of since we are not proposing the kidnapping of new born puppies.

Indeed I look forward to meeting him in person and we look forward to Aruba participating in another lively discussion this year! Also for the record, I wholeheartedly disagree with kidnapping new born puppies.

Before we talk tech – please leave your comments on our website.

I did indeed leave exactly my reply on the Aruba website and as of now, the post has not been approved and is not present in your comments section. To contrast, your post to my replies section was almost immediately approved. I welcome the conversation and look forward to Aruba being more transparent about their comments in the future.

First we do not have many people leaving comments, so we can use some. Second we are not that evil – look at our YouTube channel… anyone can say whatever they want. Unless it is personal attacks of course, cause that’s just not cool.

Alright, let’s talk tech.

Here is where Aruba stands:
1. We believe that dedicated AP hardware is going to provide the best coverage & capacity. Best antenna choices, speeds & feeds optimized for 11ac. If it was such a great thing to install modules on an AP in terms of either of these two, many WLAN vendors including us would have jumped on the bandwagon.

There will always be advances in technology and I believe that most any new solution will ultimately outperform legacy solutions. We see this time and again in the industry and this is a byproduct of Moore’s law. The 802.11ac module is about investment protection. The message from Aruba is clear: either a) don’t buy a 3SS  AP today and wait till the 802.11ac AP comes out in the future or b) buy two Access Points (3SS today and 802.11ac tomorrow). Cisco has an option that addresses this concern head on. Aruba does not.

2. Since we are a WLAN company, you will not be too far off in assuming that we will an 11ac AP available down the road. That’s a given. I cannot tell you when, what, how since the info is still very much confidential and shared under NDA.

Of course! This adherence to an NDA is critical in our industry and competitive speculation beyond NDA is what Aruba is good at. This is FUD until you can empirically prove otherwise (more on this later).

3. We are obviously not going to stop promoting AP-130 series product line. We educate our customers regarding the benefits of first gen 11ac and second gen 11ac all day everyday. We do not hide information or try to corner them into buying 130 series. That will be very wrong. Upgrading to dedicated 11ac AP from Aruba 11n will require same process that folks are used to performing during the last 10 years – climb the ladder, plug out AP, plug in AP. As opposed to Cisco, we are not proposing a change in this process. There are no hidden costs here.

I have every expectation that Cisco will not only have a dedicated 1-st gen 802.11ac Access Point in the future, but will also have a 2nd gen and whatever comes after that. The market is always evolving. Cisco’s message today is that the price of two Access Points from Aruba is more than the 3600 + a 1st gen 802.11ac module. Again, investment protection. The costs that Cisco is addressing with this module are not hidden. They are outright and Cisco is head-on tackling this proactively. Aruba is behind the 8-ball and does not offer investment protection. If I were an Aruba customer, I’d not buy new Access Points today because there is no low-cost upgrade path to 802.11ac in the future. Either that or write your check out to ‘Aruba Catalog of Compromise’. ‘Aruba Catalog of Shortsightedness’? ‘Aruba Catalog of Technical Irrelevance’? ‘Aruba Catalog of FUD’? I don’t know – pick one, they all work for me.

Here are my comments on your responses for what they are worth. I am guessing that we will agree to disagree at the end of it… although I hope I can provide more color commentary and that you will find them useful. Again, I am trying to talk tech here not disagreeing with the fact that 3600 11ac module is good marketing.

Oz, I 100% agree with everything you said here and am speechless that we’re so in sync! 🙂

1250 series: Folks invested in the platform found out later that there was no need for this modular AP since moving from draft 2.0 of the standard to the ratified version did not require an hardware upgrade.

We see this time and again with the Cisco product lineup. The radio modularity in the 1220s was upgrade investment protection for 802.11G. The radio modularity in the 1252s was upgrade investment protection for 802.11n. The radio modularity in the 3600 is upgrade investment protection for 802.11ac. There is a trend here.

Cisco’s predictions were wrong.

No, infact Cisco’s predictions were right! They took a ‘best guess’ at the hardware that it would take to support the finally ratified specification and there was never a module released because it was never needed. No hardware changes required was a win-win for Cisco customers.

It was a 5-pound AP

Auxiliary boat anchor, yes. It was heavy. Don’t beat up on it because it was big-boned. It needed that modularity. It’s mommy told it so.

with no dual-radio support 802.3af (if you rememeber, Cisco was claiming at the time that 11n APs will not be able to support 802.3af).

Unfortunately, you’re wrong here. The 1252 does indeed support 802.11n on both radios utilizing 802.3af. Quit spreading flat out lies.

I believe that 1250 series was mostly about marketing, capturing attention and not so much about delivering best of breed Wi-Fi technology. Given that the product line lived only about a year, on this side of the fence we think that our predictions about those first generation of 11n APs were the right ones.

1 year, huh? I show final date of support for the 1252 as early 2017. My memory isn’t all that clear on the 1252 launch date, but it was first supported in WLC code which has a release date of March 21, 2011. My math is a bit fuzzy on this one, but 2011 to 2017 seems a much larger window than 1 year.

Difficult to deploy: Here is the Cisco process… Install 3600 today. Wait 8 months. Buy 11ac modules. Climb up the ladder. Unscrew the mounting bracket. Take the AP down. Install module. Climb up the ladder. Screw back the mounting bracket.

The vast majority of the installations I see are ‘snap in’ mount. I don’t recall how the Aruba 130 mount bracket works, but palming the butt of an AP to snap it out of place and snapping a module in seems pretty straightforward to me.

Cisco *will* come up with their dedicated 11ac AP hardware that’s based on Marvell chipset, as opposed Broadcom running inside the 11ac module for the 3600.

I do not have technical documentation about the chipset in the 802.11ac module from Cisco. This would be the first time Cisco has used Broadcom in an infrastructure device and would certainly be a departure from their M.O. Having said that, if you have NDA insight into the hardware diagram and working structure of the AP, I believe this would be covered by NDA and subject to change. Either way, you’re speculating or sharing data that is NDA and is subject to change. We’ll have to agree to disagree until the module comes out and we can take it apart and do performance testing with it.

With that upgrade, that’s three trips to the ceiling. And when the 2nd gen 11ac AP comes out, you do it again. That’s four. We cannot call this simple as opposed to difficult.

I still have 1252s in place today. They service a need for many of my customers that simply need to support 802.11n. I foresee that the 802.11ac module will support 1st gen 802.11ac needs for a long time. Aruba has no products today that can be purchased and upgraded later. Again, upgrade investment protection.

CPU speeds: Here is the thought process. Aruba AP-135 beats Cisco 3600 in peak performance. Whether it is pure 3×3:3 MIMO laptops, UDP or TCP traffic flows, or a mix of smartphones, tablets, laptops… that’s what we see using Cisco release 7.2 and Aruba release Aruba product managers prefer not to use AP-135 CPU and memory subsystems for an 11ac AP per our interviews in order to be able to deliver the best peak 11ac performance. This tells me that Cisco product managers have to think the same way since AP-135 outperforms Cisco 3600. Using your argument, although looking at it from a different angle, how can we be sure that Cisco 3600 plus an 11ac module will deliver greater performance than a dedicated 11ac AP hardware?

We can’t until it’s out and available. Regarding your other performance claims, I welcome those head-on and would encourage readers to visit ciscobeatsarubayetagain.com. Aruba has addressed these performance tests inconclusively (performing iPad throughput tests with Android devices, transcoding their video down to lower bit rates, and disabling recommended enterprise feature sets such as spectrum analysis and IDS). When will we see Aruba engage a 3rd party like Miercom to do independently validated performance tests instead of continuing to poke and prod at Cisco? Let’s back your claims up independently. As an aside, I welcome the performance claims of existing hardware but it’s off-topic for this thread.

Inconsistent RF and feature set: 3600 will run two separate Wi-Fi chipsets from two different vendors: Broadcom and Marvell. Why on earth would I want to do this if I want uniform features and functionality across my 2.4GHz and 5GHz radios? No AP that was built for enterprise WLANs ever had this design. I am sure there was a good reason behind it.

Adressed above.

Upgrades: Cisco 3600 requires 7.2 release, which requires latest generation of Cisco controllers and NCS management instead of WCS management. We are just making it more apparent for those who care, although Cisco release notes clearly state these facts as well. The tradition of having to upgrade something in your network whenever there is a new WLAN product or solution from Cisco is really what gets on our nerves. For instance ISE… BYOD solution that requires me to upgrade from ISR to ISR G2… why would I want to touch my branch router if there is an employee owned iPad connecting to my network? Some of this stuff just does not make sense to us and we have just watched this episode way too many times … hence it is a reflex motion… we do not miss an opportunity to remind folks of what they need to be careful about.

I’d like to hear more about your ISR concerns. I’m not sure where the mindset of routers being upgraded to support your iPad comes from. The iPad is not a wired device. Are you referring to the AP801/802 module? Both of those are integrated into the ISR and fully supported in 7.2 code. If you have a switch that supports ISE, there is no need to replace the router between the switch and the Access Point. Although, I always liked the idea of cabling my iPad to my ISR router…

Alright my apologies for the long comment post, tried to do my best to keep it short. I hope you can give me a chance to respond by accepting my comments.

Your comments are always welcome (despite being shunned on the Aruba post comments) and I apologize again for the threaded response. If you’ve read this far, I formally invite Oz (and Scott for that matter) to come onto the No Strings Attached Show and discuss Arubas stance on 802.11ac. I look forward with taking more about this in a forum more conducive to back and forth dialogue.

See you at WFD3.

 I as well as the entire WFD3 delegate team most certainly look forward to Arubas participation. I recall last year being lively and look forward to it!


Aruba wants you to stop buying the AP-134 and AP-135. Offers no alternative.

Every once and a while, I stumble across articles that make no sense, are poorly worded or constructed, or flat out wrong. Last week, I ran across one such article that was so out of left field that I felt compelled to address it directly here in my own words. The article is over on the Aruba Networks official blog site (presuming it’s still up). Take a moment, head on over and give it a read (article preserved here for posterity). I was so flabbergasted by the article and its combination of FUD and flat out incorrect information that I used the ‘leave a comment’ link on the bottom. Once I did that, it dawned on me that my comments would likely never get posted – I then realized that I have my own forum to respond to this in, so the next portion of this blog post is the comments I left (with a few typographical and edits to make it flow):

Begin reply post

Wow – there is so much FUD in this article, it’s laughable.

Regarding the 1252 comment:

Remember the Cisco 1250 access point? This pre-standard AP offered future-proofing with an upgradable 802.11n radio meeting the ratified standard. It didn’t work out as it was costly and difficult to upgrade, and didn’t meet the promised performance benefits. 

This is flat out untrue. It ‘didn’t work out’ because it didn’t *need* to work out. The 802.11n pre standard was rolled into the final 802.11n spec. This (upgradability) was only there to ensure users that, in the event the specification was not implementable in the 1252 hardware, that they had an option to field upgrade the units. The performance was on par with other first generation 802.11n products and the 1252 was the wifi alliance test bed for compatibility – it was basically *the* reference 802.11n platform for a very long time.

Difficult to deploy: The 3600 11ac module must plug into the base of the access point, exactly where the mounting brackets are located. This means users will need to remove a deployed AP from operation. This is not a simple plug-in but more akin to opening your laptop for a RAM upgrade. 

Have you actually *seen* the 802.11ac module or a 3600? There is a piece of tape on the back of the AP and two thumb screws. This is more like replacing the battery in your laptop instead of opening it up for a RAM upgrade. This upgrade also will not compromise the thermal venting that is required in lesser manufactures Access Points since the main unit remains sealed.

Lack of promised performance: The IEEE 802.11ac standard promises increased performance over 11n technologies, but the 3600 11ac module’s throughput is dependent on its two-year old processor and RAM, which only scales to 11n rates. This means that although you will be able to connect with newer 11ac clients, there will be questionable increase in performance by doing so. Why spend money for increased performance when you won’t notice it? 

Really? You’ve done performance testing to empirically validate your claims? No? I didn’t think so. Cisco knew well in advance that 802.11ac was coming and the CPU and memory in the 3600 is significantly greater than in the 3500 – specifically for this reason. Until you can show us numbers to back up your vapor-stats you have no evidence that the CPU/memory subsystems of the AP will hinder its performance.

Constrained RF: The 3600 11ac module has its own antennas, and since Wi-Fi rates depend a great deal on antenna design, shoe-horning antennas into the small space of the module will yield less than optimal performance to clients. The result will be your 11ac clients will connect to stronger RF signals from 11n radios. 

Have you discussed the RF design characteristics of this module? Do you know how it will integrate with, instead of replace or work against, the (integrated) 802.11n radio? You assume this will be a discreet radio operating independently of the 802.11n radio. Don’t assume – know. Once you can declare the design is somehow faulty and back it up with block diagrams from Cisco on how the module will (or won’t) interoperate with the host AP, you’re basically guessing and spreading FUD.

Inconsistent feature set: The 3600 11ac module will use a new, untried chipset that may be incompatible with existing Cisco WLAN controller code. So if you add the 11ac module, you have the same hardware, but different features. That will lead to a management challenges and increased operational expense. 

The mindset of ‘don’t move because it’s a new chipset’ or ‘it may require new code’ is a completely invalid conversation. When Aruba releases its 802.11ac AP don’t you expect it to be a) a new chipset or b) to require new code? This is going to happen for every infrastructure manufacturer – Aruba included.

More upgrades coming: The 3600 AP itself requires you have the latest 5500 series or WiSM2 controllers as well as NCS management. So if you have older 2400, 4000, WiSM or WCS, it is that time to write your Cisco tax check again. Make it out to, “Cisco Catalog of Compromise”. And consider this- the 3600 11ac module is pre- standard and will not meet promised performance increases, so you will likely be replacing those 3600 APs at some point in the near future. 

You position the requirements for the 3600 as having a very narrow list of supported controllers (which is misleading) – it is also supported on the 7500 controller, the 2504 controller and the SRE controller. Are you telling me that every modern Aruba AP is supported on every past Aruba controller? At some point you have to lifecycle manage your gear – even Aruba. I don’t even know what a 2400 is.

All told, the expectation of having a Cisco 3600 AP + module will a) give you better performance today with 3 spatial streams and the cost of the module plus the 3600 will be far less expensive than purchasing an Aruba 3 SS AP today and replacing it with an Aruba 802.11ac AP tomorrow. There is no upgrade assurance with the Aruba. The message is loud and clear – if you’re an Aruba customer, do *not* purchase the AP-135. You will end up needing to forklift it out when you move to 802.11ac next year. Buy a Cisco 3600 + 802.11ac module and you’ll have spent far less money than buying two Aruba Access Points (1 now, 1 later).


End reply post

Now, I realize it’s laughable to infer that Aruba is advocating you not purchasing their flagship Access Points and it’s a leap assume that since Aruba has no upgrade investment protection that this means that you should stick with your old Aruba equipment, but this leap is a small step – more akin to jumping off of the bottom step of your stairs to the ground floor. The leaps that Aruba makes regarding 802.11ac and the module from Cisco are more akin to Arubas entire executive team finding the tallest building in San Jose and jumping off it all the while waving their fists in the general direction of Tasman Drive. Shame on Aruba for not fact checking their article. Shame on Aruba for spreading FUD. Shame on Aruba for picking a fight with baseless facts and accusations – declaring facts about a product that they’ve not even laid hands on.