They shouldn't be expected to update these for as long as they're useful. They should be required to open up the hardware if they refuse to update the software. That should be the rule: you get to pretend that locking people out of the hardware is for their own good as long as you continue to update their software for free. You can't just be allowed to arbitrarily EOL perfectly functional hardware.
I totally agree. Not to sidetrack your assertion, but even Google and Apple do this for their mobiles. Perfectly usable old mobile phones don't run the newer version of the apps at all.
This seems to be more and more prevalent even in other areas like washing machines, microwaves and even cars. I don't get old parts. Even the service technicians throw up their hands and say "Just buy a newer model".
The problem with the parts is once the machine is no longer being made, they stop making the computer board for it, and the part inventory dwindles.
And when it’s $300-400 for a computer board, you might as well get a whole new machine.
The only way I’ve found to counteract that is to look for commercial or commercial-based units that share parts for years or more. But this can be harder for some classes of equipment ( commercial ovens are NOT at all like residential - they’re usually not insulated) but it can be a start.
> The problem with the parts is once the machine is no longer being made, they stop making the computer board for it, and the part inventory dwindles.
But that's nobodies fault, as long as companies are required to release any protocols or specs for interop. You can't sensibly force companies to turn back the clock forever or stay in a business they don't want to be in. You can sensibly force companies to fully describe the products that they sell unless they are willing to continue to maintain them.
If they're required to release the specs of parts that they won't replace, Chinese factories would flood ebay with any of them that they think they can move 50K units of.
The 6S is losing support for the latest iOS this year.
I agree that their support is the best of the smartphone vendors, but I would also welcome legislation that opens up hardware for arbitrary software at EOL.
When Apple decides it's done updating the 6S, I should be able to run Android or Linux on it. But they've locked down the hardware so it can only run iOS.
If you are buying a Cisco router you are buying a closed source product. Why would you expect them to open source anything when you are happy to give them money for closed source firmware?
You are literally paying them for being closed source.
Stop rewarding these corporations for screwing you over and they will cease to screw you over. Either they will change their ways or go out of business if enough people feel the way you do. And, regardless, you would have solved these sorts of problems for yourself long before that happens.
It's been a very long time since Cisco was the only game in town for enterprise networking. Companies like Broadcom have released powerful ASICs that allows practically anybody to build a high performance routers and switches.
I would not hold up Broadcom as being any better than Cisco in the openness department. If anything it's just more of the same, which while it technically satisfies the definition of competition, does not largely modify the lands ape of networking dedicated hardware in the more open direction.
hyperscalers got into building their own switches a decade ago. whitelabel silicon and software _IS_ available, but the entrenchement is still huge as noone ever got fired for buying cisco.
Don't Cisco use those exact Broadcom chips in these types of low-end products? A high-performance chip is just one part of the product, you need software also.
I do not see 25 year of software support on these? There is threes years between End of Sale and End of Vulnerabilty and Security Support (Patching) on the 6503-E for example [0]
If you mean the time between the first day of manufacturing and the end of software patching, it will be higher, but it’s definitely not 25, years. The 6503 (not the 6503-E) went end of hw support in 2012 [1], patching must have stopped a couple of years prior to this, but it’s so old I can’t find the EoL notice for this…
Finally if you mean “time between first day of manufacturing and end of patching”, then the the RV110W has at least 7 years. I can find article listing it in 2011 already [2], end of patching was 2018 [3].
I completely agree on the idea of pushing for open sourcing hardware and firmware when a device becomes end of support, but we also need to get the facts straight.
Headlines like “cisco won’t patch legacy VPN routers” are simply disingenuous and pure clickbait. But they do make me smile =) so it’s not all bad.
In all fairness, as longs as patents exist you simply can't "open up" a piece of technology. What you can do is reverse engineer it, since it's allowed becausenof the manufacturer's drop of support
I don't really understand your comment. The whole point of a patent is that the description of the invention is made public. If you don't even want your competitors to know how you do it, then you keep the IP as a trade secret, but then you can't enforce a non-existent patent.
In all fairness, as longs as patents exist you simply can't "open up" a piece of technology
That's not true at all. Divulging data without offering license terms does nothing to hurt your ability to enforce intellectual property rights. The people using that data just do so knowing they're technically breaking the law. Patents are not trademarks.
Unlike trademarks, you can selectively enforce patents without risking them.
And in a way, the patent system is exactly about "opening up" technology. After all the idea of a patent is "you tell everyone how to build it, in return nobody is allowed to use that knowledge commercially for X years unless you allow it. This aligns great with "give us the tools to modify the software of hardware you find commercially unattractive".
I realize that is a bit of a topic change, but do you think that ideal reflects the reality of patents today?
I've read a lot of modern patents, and not one of them was written to convey useful information. They're all dense legal writing, and as vague as the author can get away with.
Most medium/big companies have patent attorneys whose entire job is writing patents. They don't care about the patents having any useful details to make it a useful reference. Usually the attorneys aren't subject experts on the patent topic, and couldn't make it accurate even if they tried.
Modern patents are a game where you file a whole bunch and then wait for somebody to step on one by accident with a parallel invention. Then you sue them unless they have enough patents to also sue you.
Patents don't promote innovation at all, at least not any more. If anything, they're a tax on our industry and they stifle small players - exactly the sort of person who they're supposed to help.
I think that is something to write our congressman about (or equivalent if not in US). Right now not only are patents written for lawyers, but the law encourages you not to look at patents since if you don't know about something relevant and you reinvent it you owe less damages than if you knew and still chose to infringe.
For patents to be useful they need to be writing in the language of experts in the field -not lawyers. And the law needs to make it best for my employer to make me search for and read potentially relevant patents before doing anything. That is infringing after making an effort to avoid a patent (that the courts decide is not enough effort) is better than infringing without knowing.
EOLing a laptop that's hauled around is one thing, or a server with a CPU that's configured to run at the limit of what its cooling system supports. But routers are little boxes that run at very conservative clock speeds and a correspondingly high MTBF, are never moved, never reconfigured, never given new software to run, and to which its users hardly ever pay attention. Five years is unreasonably short for that kind of device.
Routers also tend to be used by small businesses that stick them in a closet and forget they exist, or large businesses that can't afford the downtime of replacing the whole stack. I suspect a lifetime of 5 years is actually on the low end.
>Assuming a five-year lifetime shows a lack of knowledge of how the product is typically used.
a five-year lifetime is is business decision balancing customer expectations and maintenance cost (including keeps a hardware stock of these routers in each continent, sometime even in country for specific countries, keep development alive, etc.).
You may say they underestimate the willingness of their customer to buy a new router after 5 years, but they definitely know that a huge proportion of their customers are running woefully out-of-date and unsupported hardware/software.
Same for all on-prem vendors and a major reason why moving customers to cloud is so appealing for so many vendors.
I used to work at a small shop and we would sell stormshield small-biz routers. The typical time we'd sell to the client was 10 years, and the old routers we would cycle out were about 7-12 years old (by that point considered really old). If i sold a router to my client and 5 years later it's EOL, that client is not gonna be happy with me.
It's even worse in the concept of `router == firewall`
If you buy one of the popular firewalls, you need a subscription for it to actually work. Once it's expired, you lost your web filtering and IPS and whatever 'modules' you've subscribed to using.
A 3 year subscription is often as much as the hardware.
It's kind of a waste, it'd be nice if there was a OpenWRT style firmware you could load on all the old Fortinet, Watchguard, Sophos, etc firewalls out there.
I'm lately finding it hard to convince myself that there is a not a global conspiracy among large corporations to implement the "you will own nothing" directive by means of a ratcheting system.
One big company rolls out an anti-consumer, anti-ownership, anti-freedom policy. People get annoyed and some small subset of customers leave, while the rest maybe grumble but stay. Then the next-biggest companies see that the big player is still doing fine with their anti-consumer policy, so they get a little greedy and start doing it too. Then all of a sudden it's a new industry standard, and consumers who value their own freedom find themselves rapidly running out of alternatives.
Maybe if outcry gets really bad, the big corp need to roll back the decision, and either wait for a different opportunity, or let another corporation take the lead, or change the type of policy to be more subtle.
My personal system for evaluating a conspiracy theory is: 1) how big is the payoff? 2) how hard is it to execute? 3) how hard is it to keep secret? 4) how many people need to be involved?
This scenario passes all 4 criteria with flying colors. 1) The payoff is absolutely enormous. 2) It would be relatively easy for the same people who would be most strongly motivated to do this. 3) It should be easy set up a communication system that maintains almost total plausible deniability against collusion, because it actually only requires minimal knowledge of and cooperation between participants and their plans. Just a few meetings among subgroups of participants, and more head nods than spoken words. During the process, active communication can be reduced to basically zero. 4) Very few. Most corporate decision makers at most companies wouldn't have to know, they'll be able to see where things are headed and follow along. In general, the only holdouts will be HN poster types with small businesses that serve only tiny fractions of the market.
It’s even scarier - you don’t need any conspiracy or communication at all - companies trying to move to “aaS” models with subscriptions will naturally cause this with no collusion at all.
You can't even really own your computer anymore if you're a windows user. The entire operating system is "as a service" and windows 11 makes that even more true.
But having to download everything from a centralized server out of users control makes this very easy to enforce. Not to talk about planned obsolescence: "Sorry, from next week to be able to read your files you are required to enable the latest software version which will cost only $xyz; please insert your credit card into the supplied dumb terminal reader to upgrade".
Strikes me it's probably impossible. Cisco is presumably bound by all kinds of tech cross-licensing deals, and can't just open up schematics, source etc.
If it was law, everyone, not just Cisco, would negotiate cross-licensing deals as such. As a result, there would be no way for people to license IP unless they allowed for open use after the fact.
Beyond that, as an example, open apis (for drivers re:hardwwre) are not the same as giving full chip scematics.
But! If the, for example, SoC stopped updating binary blobs, and things stopped working with newer kernels, as an example, then they'd have to 100% open up and provide sources.
People get all rah-rah about the environment, but I throw away pounds and pounds of highly polluting electronics, just so someone can sell me another.
For small-office and home use I only use routers that run OpenWRT, at least there you can always get fixes, and it runs a very plain linux system.
Current favourites are tplink-archer-c7, edgerouter-x, asus rt-ac85p ... all of these retail for about $60 and are more then capable enough to route a gigabit at linerate and do stuff like wireguard.
Apparently Cisco's great if you deploy a couple of them, everything working seamlessly together with one management software. If you pony up for their licenses that is.
For anything smaller that doesn't need that, I don't see the point in buying (new) Cisco hardware.
These are basically branded swags. I wouldn’t expect Boeing keychain from their company store to have gone through Boeing engineering process and quality control, same deal but it happens that with electronics manufacturers, some souvenir grade items assume the same role as regular products.
They're becoming rarer and rarer. Bought a router three years ago, could only find one model sold locally that had openwrt support. Except for the latest revision, which of course is all that was available.
There's tons of perfectly functional corporate e-waste on eBay that supports openwrt, especially cloud-managed crap like Meraki that was junk when it was new. Nobody has any use for out-of-support routers, so really nice hardware (PoE, Wi-Fi 6, etc) can be had for $20 and an hour of pwning the stock image.
I hate on Meraki so much because it's the epitome of something that doesn't need to be a paid subscription except for juicing customers (the hardware is great). Ubiquiti does cloud-managed the right way; you can self host and the hardware isn't bricked if you let maintenance lapse.
Many years ago I reported a bug with Cisco ios routers where the default admin login worked in the sdm web gui even after the account was deleted. I received no acknowledgement that the problem existed. After paying the support subscription, a year later the problem was silently resolved. I lost all trust in Cisco after that.
At a previous company, we used in the office as the center of the LAN a switch (Cisco Catalyst 3548 XL) which was already past EOL. In fact, it was so long past EOL that the switch model which replaced that model was also already past EOL. And yet, it worked perfectly (other than a couple of failed ports), and we probably used less than a tenth of its capabilities. I wouldn't be surprised if that same switch is still working today; the main reason to replace it would be that it only has Fast Ethernet (100baseTX), instead of the current mainstream default of Gigabit Ethernet (1000baseT).
From the article, affected models are: RV110W, RV130, RV130W, RV215W.
Cisco branded, but appears not what an network engineer might consider as such; these are Linux-based routers. Cisco routers and switches are based on their proprietary chipset and proprietary IOS/IOS-XR/IOS-XE/NX-OS operating system. Without it, I would rather pick ASUS or anyone else.
Cisco's Meraki line is explicitly designed to not pass traffic after the license/entitlement expires. That neans that an expensive 24 port managed switch for example, will brick itself after 7-10 years of life.
Imagine you have to throw out your car after 5 years because the manufacturer stopped updating the software. We are getting there.
5 years is not nice. A large, established company like Cisco, selling devices in an established and very slowly evolving market like routers to companies, should be offering much longer support periods.
Apple supports iPhones for 7 years which I still think is not enough. I think routers for small businesses should be supported for at least double that.
There is physically nothing wrong with these routers. They are perfectly capable doing their job from every possible angle. This is just generating garbage so that Cisco can sell more new hardware that is performing basically the same job.
Using your argument, you could stop all support right after the devices stopped being sold.
So it was being sold for 15 years and the software has been in support for 15 years and it is old so we stop selling it and supporting it at the same time.
Now hope you are not the person who bought it on the last day...
First off, I think this is awful of Cisco, and definitely harms their brand in my opinion. I already didn't think well of them for low-end stuff, though, so it's not like they could do much damage there.
However, this isn't killing the entire router. Just the VPN functionality. If you don't use that, there's no need to get rid of the router. Just make sure the VPN is disabled, as per the article.
If you do use the VPN, then you should either replace the router or implement the VPN differently. Second-hand, that router is still good for anyone that doesn't need a VPN.
When tech is moving fast, I can understand a short warranty, but I don't think routers are in that category. (Wifi routers are, but I've yet to have a Wifi router that could handle my residential usage of it anyhow. They always end up having problems. I've moved to having an access point separately from a router so at least it doesn't kill the whole network when it gets stupid.)
What do you mean "Tech is moving fast"? I am not asking for the routers to be equipped with new features support. Just the features it was shipped with to keep being usable.
One of the main reasons to buy these SMB routers over consumer grade devices is usable VPN support. A lot of those small companies use their routers only for Internet access in their offices plus router-based VPN for remote employee, support or admin access to intranet. In a lot of cases it is essentially the reason to choose these devices over anything else.
Yeah, and it's a bad reason. You can setup a dedicated VPN device with any old computer very easily. It's also way more flexible.
I have a client with a linux host that acts as a fileserver and an ingress point for remote work. No VPN, they just tunnel over ssh to do RDP.
I had my own wifi device, but it took 2 to cover the house. The one I rent from xfinity covers the whole house with one and it's pretty rock solid, so I've stuck with that, although I put a 2nd router behind it with DNS ad filtering.
I think Microsoft has a better approach for Windows. They deliver regular updates for N years, but security updates for a lot longer. I agree it's fine not to deliver regular updates after EOL, but for critical security vulnerabilities, I think they could do a lot better than just 5 years.
After all, it's not exactly environmentally friendly for working hardware to get ditched just because of some software turns it useless.
It's 5 years from End of Sale, and not just 5 years from the initial sale date. It sucks for those that bought the router close to End of Sale, of course.
Don't know for how long these routers have been around, but for one of them I found a overview document dated 2011.
If I buy a washing machine and it breaks after 4 years, it doesn't matter that the model is 10 years old at that point. My rights are from time of purchase.
Should be same for devices. If not, they should at least carry a "best before date" like food, so you know at time of purchase how long you can expect to get updates.
> I mean, isn't it quite reasonable to not update something post-EOL?
EOL isn't real, it's made up. Broken or not powerful enough anymore is real. The town crier could decide to blow a trumpet and proclaim "EOL" a week after the last one is sold.
ofc it's real. They're saying "at this date, we wont update it anymore". The router still works, it just isn't updated anymore.
If i had an old product, there's also some point where i'd say "I wont be updating this anymore", as to phase it out. Expecting something to receive active support forever is unreasonable.
It's real in the way anything I make up is real. It's really made up, and a way to pretend like the product died rather than the support for it.
> there's also some point where I'd say "I wont be updating this anymore", as to phase it out.
You don't get to phase out my stuff. If you're not going to update it anymore, you've broken our support relationship, so you should also be breaking the hardware and software locks that prevent me from getting support from another source.
It’s business hardware so the support term is predictable and known at the time you buy the device. In the case of Cisco it’s 5 years from when the device is discontinued.
But then small businesses like to cheap out and gamble on a device that has a short time of support left and complain when it ends.
This is not a surprise, except if you chose to put on a blindfold yourself. And if you think EOL of 5 years is too short, don’t buy a device with an advertised EOL of 5 years.
