Cisco Viptela drops the ball
- Tony Mattke
- Cisco , Networking , News , Sdwan
- May 10, 2023
In 2012, we saw the launch of Viptela, a pioneer in SDWAN network solutions. While they weren’t the first in SDWAN, I believe that badge goes to Talari; Viptela was the first company that caught my interest. I first saw what they were doing in 2015 on the Packet Pushers Podcast. Back then, the networking world was on fire with SDWAN offerings.
Sadly in 2017, Cisco purchased Viptela. I’m sure the leadership at Viptela was excited to be acquired by such a large networking company and hoped to develop Viptela to the pinnacle of their vision. But – despite calling themselves, and being repeatedly lamented for doing so, “a software company”, Cisco did what they so often do. They stopped platform development and tried to lower costs by integrating the vEdge software into their own. While I haven’t personally used the hybrid code, I haven’t heard good things from my coworkers. Eventually, we got the ISR1100 platform running Viptela code, but that was only a substitute for the vEdge 100 and 1000. We have still yet to see a replacement for the vEdge 2000.
May 9, 2023 – 6:57 AM UTC
certificate-status Installed
certificate-validity Not Valid – certificate has expired «««««««<
If you have a vEdge 100, vEdge 1000, or vEdge 2000 – you probably already know. But any of the following will result in a loss of service.
- Loss of connections to vSmart
- Loss of connections to vManage
- Port-Hop
- Control policy changes such as topology changes in the network
- Clear control connection
- Interface Flaps
- Device Reload
Cisco has published several workarounds, from increasing rekey values, to changing dates, and who knows what else. Of course, these are short-term solutions; only a certificate update (which will require new software) can fix this issue. Meanwhile, Cisco’s customers are left scrambling and trying to reach TAC. Internet rumors suggest that everyone working the front lines at TAC had at least 20-25 customers in their queue. I’m sure Cisco is glad they recently laid off significant numbers of support staff…
My take
Cisco should have learned its certificate lessons in 2015 when WLCs invalidated APs due to a 10-year certificate expiring. I’m pretty sure their workaround was disabling the security check… Interestingly, just two years after that, those certificates were extended to 20 years. Cisco increased the expiration again in 2019, extending them to 2099.
Cisco still needs to release an official RCA, but I have my own ideas. Viptela launched in 2012; one could surmise that these initial vEdge hardware platforms launched in 2013, Maybe around May 9th. – Yeah, a 10-year certificate mismanaged at Cisco (again). Talking with folks at Graphiant, it seems many of Viptela’s original leadership were quite disappointed in how their product was handled at Cisco post-acquisition. That certainly explains why most of the Viptela team left for other ventures.