Cisco AON - like database constraints for your network :)

The new Cisco technology dubbed AON or "Application Oriented Networking" sounds quite interesting. In a nutshell, it seems to be router based in-packet data analysis of xml (and possibly other) data.

A common example given is for a bank to do some validation on the customer and account ids at the router level for fraud prevention. Not that you couldn't do that know by writing code to do that on you firewall. In fact, firewall based intrusion detection has been doing in-packet protocl-aware data analysis for years.

It does seem like a useful technology however, to be able to specify in some sort of config syntax, how data should be structured, what should reference what, and have those rules executed very fast on a standard router platform.

Kind of like database constraints for your network. And everyone knows that I like database constraints!

Useful articles:

Cisco AON, "new" internet, fraud prevention, S&M, and more... [Computerworld]


Cisco's AON moves closer to apps [Australian IT]