SNMP allows management tools to collect data and set variable values through agents on managed devices in Internet Protocol (IP) networks. 

SNMPv1 and SNMPv2c use community strings (passwords) to “authenticate” a managing entity to an agent. Community strings are sent as clear text. SNMPv1 and SNMPv2c also pass management data over the network as clear text. These obvious security problems can be addressed in different ways. 

This research examines two techniques for securing SNMP traffic: 

(i) using a non-secure version of SNMP in conjunction with IPSec. 

(ii) using SNMPv3, the latest version of SNMP which includes inherent security capabilities, and 

Both approaches can ensure the authenticity, integrity, and privacy of SNMP traffic. There are, however, qualitative and quantitative differences between these two approaches. 

I will examine the problem of securing SNMP traffic in the context of a sample network, as illustrated in the image below, 

Here a managing entity on one subnet uses SNMP to access managed devices on remote subnets across a backbone network . The backbone network may have less physical security than the subnets and may even be the Internet or another network operated by an external organization and accessible by many parties. 

Methods to secure SNMP traffic across a backbone network should meet the following objectives. 

• The solution should preserve network capacity without impairing network management functionality. 

• The security services should include message authentication, integrity, and confidentiality. 

• The solution should be cost effective and promote interoperability, implying the use of standards-based, commercial off-the-shelf components. 

1.1 Using Insecure SNMP Over IPSec

1.1.1 Overview of IP Security:

IPSec is a protocol suite that provides authentication, encryption, key management, and key exchange capabilities at the network level by defining header extensions to standard IP. 

In IPSec, the header extensions support the following components. 

• Authentication Header (AH) − packets are authenticated using either Secure Hash Algorithm (SHA-1) or Message Digest 5 (MD5) keyed-message digests. 

• Encapsulating Security Payload (ESP) − packets are encrypted using the Data Encryption Standard in Cipher Block Chained mode (DES-CBC). If the IP header of an ESP packet requires authentication, then AH must be used in conjunction with ESP. 

• Internet Key Exchange (IKE) − defines how principals agree on the protocols, keys, and algorithms. 

IKE negotiates and maintains the security features applied to a communications channel by establishing a security association (SA) between communicating entities. IKE uses two phases of operation, Phase 1 and Phase 2, to establish and maintain security associations. A Phase 1 exchange establishes an initial SA between communicating entities using either “aggressive mode” or “main mode” negotiation procedures. 

Aggressive mode requires two back- and-forth communication exchanges; whereas main mode requires three back-and-forth communication exchanges. 

The extra exchange used by main mode keeps the principal’s identities private, providing an extra measure of security over that provided by aggressive mode. 

A Phase 2 exchange uses “quick mode” to establish a new SA or to update an existing SA during a secure communications session already established by a Phase 1 exchange. 

A quick mode negotiation procedure exchanges three packets resembling a three-way handshake. 

1.1.1.1 Qualitative Characteristics of Insecure SNMP over IPSec:

Since both encryption and authentication services are needed to secure SNMP traffic, the following analysis assumes that the ESP feature of IPSec is used to provide both encryption and authentication services in a tunneled SA between two security gateways. Each security gateway protects and hides a local area network (LAN) or subnet from the backbone network (IP cloud) traversed by the tunnel. 

A typical situation, consists of an SNMP management station on one hidden LAN communicating with an SNMP agent on the other hidden LAN. IPSec implements security features at the network layer. Therefore, its security features are available for use by higher-layer protocols that use IP. If security features are needed for other applications in addition to SNMP, then IPSec may be the most effective means for obtaining a general security solution. However, IPSec does not provide true end-to-end security, even in a host-to-host SA, since the protection provided by IPSec does not extend above the network layer. 

Typically, IPSec does not protect the traffic traversing the LAN protected by the security gateway. Although host-to- host SAs could be used behind the security gateway, IPSec is usually not deployed on most SNMP-enabled network devices, so there probably is significant SNMP traffic traversing the LAN in the clear. This may or may not pose a problem, depending on the strength of the LAN administrator’s security policy and how well it is enforced. 

Although the IPSec framework is open to incorporating other encryption algorithms, only DES-CBC (and NULL encryption) is required for conformance, providing a basic encryption standard to ensure interoperability. Since confidence in the security of 56-bit DES-CBC is rapidly eroding, the use of stronger encryption algorithms is encouraged. 

The ESP header extension defined by IPSec includes several extra fields that impose additional overhead, creating an impact on the available network capacity. The security parameters index, sequence number, pad length, and next header fields are all fixed in length, consuming at total of 10 bytes. The authentication data field is variable, depending on the authentication scheme used; a typical length might be, for example, 96 bits for MD5-96. The padding field is provided to accommodate encryption algorithms that have length boundary requirements and to ensure that the authentication data field falls on a 32-bit boundary. The initialization vector (IV) required by the DES-CBC encryption algorithm is placed immediately before the encrypted payload. Therefore, assuming MD5-96 authentication, 2 bytes of padding, an 8- byte IV, and including the additional outer IP header, an IPSec packet tunneled using ESP will transmit 52 bytes more than a standard IP packet delivering the same payload. This per packet overhead does not include the overhead incurred by the Phase 1 or Phase 2 exchanges by IKE. The Phase 1 exchange occurs once when the tunnel is initiated, so its cost is negligible when amortized over the tunnel’s lifetime. The frequency of Phase 2 exchanges is under administrative control and, thus, can be tailored to the desired security policy and available network capacity. Keys can be updated at intervals on the order of minutes, expending network capacity to benefit security, or keys can be updated at intervals on the order days, loosening security to benefit network capacity. 

The IPSec solution has the advantage of cleanly separating security processing from SNMP processing. That is, an SNMP agent would typically not be burdened with computationally expensive security processing, unless the SA ends at the machine hosting the agent. If an agent’s host machine is not IPSec enabled − or if an agent’s host machine is IPSec enabled, but the agent is accessed via an unsecured channel − then accessing that agent would not be hindered by security processing. 

1.1.1.2 Functional Characteristics of Insecure SNMP over IPSec:

With IPSec, security features are employed without directly involving users. While ease of use is likely not a major concern for SNMP as operations are invoked by network administrators, this advantage of IPSec for other applications means that IPSec can be available for SNMP. It should be noted however that this regular updating of keys on existing IPSec vpn tunnels does not currently take place in any case. 

1.2 Using SNMPv3

1.2.1 Overview of SNMPv3:

SNMPv3 offers new features, including security features that ensure message authenticity, integrity and confidentiality, and that provide fine-grained control over access to SNMP capabilities. SNMPv3 also provides new administrative capabilities that enable remote configuration of these security features. Other enhancements may provide reasons to adopt SNMPv3 even if the security features are not needed. For example, SNMPv3 incorporates a flexible mechanism for remotely configuring user access to SNMP capabilities.

SNMPv3 employs the User-based Security Model (USM) to provide cryptographic services. The USM currently uses either MD5 or SHA keyed message digests to ensure message authenticity and integrity, and DES-CBC encryption to ensure message privacy. These features are used to provide three distinct levels of security: no authentication with no privacy (noAuthNoPriv), authentication with no privacy (authNoPriv), and authentication with privacy (authPriv). The USM provides for remotely configuring users and their keys by using SNMPv3 operations to manipulate objects in the USM Management Information Base (MIB).

SNMPv3 employs the View-based Access Control Model (VACM) to establish user access privileges. When making access control decisions, SNMPv3 cleanly and separately considers the user originating the message, the level of security applied to the message, the MIB view addressed by the message, and the type of operation requested by the message. These features provide network managers with fine-grained control over access to SNMP capabilities.

In contrast to SNMPv3, both SNMPv1 and SNMPv2c use an access control scheme that simply maps the user-supplied community string onto a MIB view. This method effectively bundles all access control considerations that are separately addressed by SNMPv3 into the community string.

Clearly, the access control features provided by SNMPv3 are more secure and more powerful than those of SNMPv1 and SNMPv2.

1.2.2 Qualitative Characteristics of SNMPv3:

Since both encryption and authentication services are needed, the following analysis assumes that SNMPv3 operations use the authPriv security level. SNMPv3 implements security features at the application level, ensuring that the communication channel is truly protected from end to end. However, these security features are not available for use by other applications. DES-CBC is the only encryption standard currently described in the SNMPv3 documents, although other symmetrical encryption algorithms could be added. Implementing SNMPv3’s security features requires a different message format that is considerably longer than the
SNMPv2c message format. The overall length of an SNMPv3 message is difficult to estimate because:

(i) by definition, some of its contents vary in length, e.g., community string, and

(ii) each field is transmitted as a type-length-value triplet, using the Basic Encoding Rules, whose overall length is value dependent.

Another factor complicates analysis of SNMPv3 network overhead. SNMPv3 uses the concept of “timeliness” as a scheme to thwart replay attacks. Briefly, one end of an SNMPv3 exchange must be roughly aware of the other’s measure of the current time, represented by its timeliness parameters. A “discovery” exchange often must precede an actual SNMP operation to allow one entity to learn the other’s timeliness parameters. Clearly, SNMPv3’s longer header and its discovery procedure mean that SNMPv3 will consume more link capacity than SNMPv2c, but exactly how much more depends upon several case-specific factors. For example, the SNMP management application suite may remember timeliness parameters between successive queries to the same target entity such that the cost of a discovery exchange can be amortized over several queries. Otherwise, every query must be preceded by a discovery exchange.
Embedding the security features in the SNMP agent places additional computational load on the agent, possibly degrading performance of some devices. Again, quantifying the additional load depends on many case-by-case
dependencies that will need to be explored empirically.

1.2.3 Functional Characteristics SNMPv3:

SNMPv3 security services are invoked directly by application users, meaning that users have to remember passwords. This should not be problematic since SNMPv3 users should be security- conscious, administrative personnel. Sometimes, a management application suite will provide a facility for users to define default values for often used parameters, such as passwords. Such a facility relieves users from having to remember their passwords, but it also presents a potential security problem as these default values may be stored in a plain text file.

SNMPv3 does not automatically update keys. Network administrators must ensure that users change their passwords (keys) at appropriate intervals or, else, do so for them. Keeping passwords updated should not be too troublesome, as SNMPv3 users should be security-conscious network managers. However, manually managing key updates in large networks could be daunting.

1.3 Comparing SNMPv2c-Over-IPSec and SNMPv3

While both SNMPv2c-over-IPSec and SNMPv3 can provide secure SNMP network management in a network, there are fundamental qualitative differences. The SNMPv2c-over-IPSec solution implements security at the network layer, providing general security services for all applications as well as for SNMP. However, the security provided is not truly end-to-end. In contrast, the SNMPv3 solution implements security at the application layer, providing a true end-to-end secure channel between communicating processes, but the security provided is not available to other applications.

The SNMPv2c-over-IPSec solution appears to be easier to use and administer than the SNMPv3 solution. Conversely, the SNMPv3 solution provides remotely configurable, fine-grained user management capabilities that are not
available in SNMPv2c.

For a large network, it would be unreasonable to insist that all SNMP-enabled network devices be SNMPv3 compliant. Legacy devices remain in service, so the need to support older, non-secure versions of SNMP is likely to persist.

Relying on the security provided by IPSec would be the easiest way to maintain security in such environments. Conversely, some situations are better suited for SNMPv3. Consider a firewall that separates a hidden LAN from a “public” network. It is reasonable to expect that the security gateway’s public interface will be attacked. Now, suppose that access to the firewall’s SNMP capabilities needs to be remotely reconfigured on a frequent basis. SNMPv3’s remotely configurable, fine-grained access control features would be well suited for the task, as would its true end-to-end security.

Recognizing that both solutions have complementary strengths gives rise to a third possibility ? having SNMPv3 and SNMPv2c-over-IPSec coexist. Clearly, an IPSec- enabled network could use the SNMPv2c-over-IPSec solution for most routine tasks, while reserving use of SNMPv3 for situations that require the unique advantages provided by SNMPv3. SNMP users could simply and dynamically choose the SNMP version, and the level of security in the case of SNMPv3, most appropriate for the task at hand.

Having recently completed my latest M.Eng block on the subject of “Natural and Artificial Intelligence“, I became aware of advances made in the recent decade towards a new paradigm of network traffic engineering that was being researched. This new model turns its back on traditional destination based solutions, (OSPF, EIGRP, MPLS) to the combinatorial problem of decision making in network routing  favouring instead a constructive greedy heuristic which uses stochastic combinatorial optimisation. Put in more accessible terms, it leverages the emergent ability of sytems comprised of quite basic autonomous elements working together, to perform a variety of complicated tasks with great reliability and consistency.

In 1986, the computer scientist Craig Reynolds set out to investigate this phenomenon through computer simulation. The mystery and beauty of a flock or swarm is perhaps best described in the opening words of his classic 1986 paper on the subject:

The motion of a flock of birds is one of nature’s delights. Flocks and related synchronized group behaviors such as schools of fish or herds of land animals are both beautiful to watch and intriguing to contemplate. A flock … is made up of discrete birds yet overall motion seems fluid; it is simple in concept yet is so visually complex, it seems randomly arrayed and yet is magnificently synchronized. Perhaps most puzzling is the strong impression of intentional, centralized control. Yet all evidence dicates that flock motion must be merely the aggregate result of the actions of individual animals, each acting solely on the basis of its own local perception of the world.

An analogy with the way ant colonies function has suggested that the emergent behaviour of ant colonies to reliably and consistently optimise paths could be leveraged to enhance the way that the combinatorial optimisation problem of complex network path selection is solved.

The fundamental difference between the modelling of a complex telecommunications network and more commonplace problems of combinatorial optimisation such as the travelling salesman problem is that of the dynamic nature of the state at any given moment of a network such as the internet. For example, in the TSP the towns, the routes between them and the associated distances don’t change. However, network routing is a dynamic problem. It is dynamic in space, because the shape of the network – its topology – may change: switches and nodes may break down and new ones may come on line. But the problem is also dynamic in time, and quite unpredictably so. The amount of network traffic will vary constantly: some switches may become overloaded, there may be local bursts of activity that make parts of the network very slow, and so on. So network routing is a very difficult problem of dynamic optimisation. Finding fast, efficent and intelligent routing algorithms is a major headache for telcommunications engineers.

So how you may ask, could ants help here? Individual ants are behaviourally very unsophisticated insects. They have a very limited memory and exhibit individual behaviour that appears to have a large random component. Acting as a collective however, ants manage to perform a variety of complicated tasks with great reliability and consistency, for example, finding the shortest routes from their nest to a food source.

These behaviours emerge from the interactions between large numbers of individual ants and their environment. In many cases, the principle of stigmergy is used. Stigmergy is a form of indirect communication through the environment. Like other insects, ants typically produce specific actions in response to specific local environmental stimuli, rather than as part of the execution of some central plan. If an ant’s action changes the local environment in a way that affects one of these specific stimuli, this will influence the subsequent actions of ants at that location. The environmental change may take either of two distinct forms. In the first, the physical characteristics may be changed as a result of carrying out some task-related action, such as digging a hole, or adding a ball of mud to a growing structure. The subsequent perception of the changed environment may cause the next ant to enlarge the hole, or deposit its ball of mud on top of the previous ball. In this type of stigmergy, the cumulative effects of these local task-related changes can guide the growth of a complex structure. This type of influence has been called sematectonic. In the second form, the environment is changed by depositing something which makes no direct contribution to the task, but is used solely to influence subsequent behaviour which is task related. This sign-based stigmergy has been highly developed by ants and other exclusively social insects, which use a variety of highly specific volatile hormones, or pheromones, to provide a sophisticated signalling system. It is primarily this second mechanism of sign based sigmergy that has been successfully simulated with computer models and applied as a model to a system of network traffic engineering.

In the traditional network model, packets move around the network completely deterministically. A packet arriving at a given node is routed by the device which simply consults the routing table and takes the optimum path based on its destination. There is no element of probability as the values in the routing table represent not probabilities, but the relative desirability of moving to other nodes.

In the ant colony optimisation model, virtual ants also move around the network, their task being to constantly adjust the routing tables according to the latest information about network conditions. For an ant, the values in the table are probabilities that their next move will be to a certain node.The progress of an ant around the network is governed by the following informal rules:

• Ants start at random nodes.
• They move around the network from node to node, using the routing table at each node as a guide to which link to cross next.
• As it explores, an ant ages, the age of each individual being related to the length of time elapsed since it set out from its source. However, an ant that finds itself at a congested node is delayed, and thus made to age faster than ants moving through less choked areas.
• As an ant crosses a link between two nodes, it deposits pheromone however, it leaves it not on the link itself, but on the entry for that link in the routing table of the node it left. Other ‘pheromone’ values in that column of the nodes routing table are decreased, in a process analogous to pheromone decay.
• When an ant reaches its final destination it is presumed to have died and is deleted from the system.R.I.P.

Testing the ant colony optimisation system, and measuring its performance against that of a number of other well-known routing techniques produced good results and the system outperformed all of the established mechanisms however there are potential problems of the kind that constantly plague all dynamic optimisation algorithms. The most significant problem is that, after a long period of stability and equilibrium, the ants will have become locked into their accustomed routes. They become unable to break out of these patterns to explore new routes capable of meeting new conditions which could exist if a sudden change to the networks conditions were to take place. This can be mitigated however in the same way that evolutionary computation introduces mutation to fully explore new possibilities by means of the introduction of an element of purely random behaviour to the ant.

‘Ant net’ routing has been tested on models of US and Japanese communications networks, using a variety of different possible traffic patterns. The algorithm worked at least as well as, and in some cases much better than, four of the best-performing conventional routing algorithms. Its results were even comparable to those of an idealised ‘daemon’ algorithm, with instantaneous and complete knowledge of the current state of the network.

It would seem we have not heard the last of these routing antics…. (sorry, couldnt resist).

As someone already devoted to another music platform my introduction to Spotify was met with not a little scepticism. ‘Surely this can’t be better than Last.fm, I thought to myself as I curiously downloaded the app and signed up.

Well it turned out I was wrong.

Well ok perhaps not completely wrong. A common theme amongst most folks is to position Spotify and Last.fm as direct competitors. While there are some superficial similarities, the case is oversimplified since Spotify and Last.fm each provide many unique features. The more I use both, the more I see how they can work together. Last.fm helps me discover new music and track my listening habits through the years and seems to be more of a social networking platform while Spotify sits on top playing most of the actual music.

In actual fact the two organisations are increasingly working together with the introduction of a new facility to scrobble tracks from Spotify to the Last.FM profile. If all this sounds like chinese to you and you like your music, I strongly suggest getting registered and giving both sites a try.

I personally dont use Last.FM to play much music anymore, opting instead for scrobbling from my home theatre PC running windows media player. I prefer to use the scrobbling feature to collect up all my listening habits into my profile and thus enable the social networking and music recommendation side of the platform using spotify to listen to tracks I dont actually have in my own library. Another cool feature of spotify is the ability to quickly import other peoples playlists into the app and listen straight away (www.spotifyplaylists.co.uk).

All in all its a fantastic combination which, when used in tandem with ones own MP3 music collection is about as good as Web3.0 for muso’s can get.

Some other useful counterparts to the two core apps are shown below:

• freshspotify – Tracks newly released music on Spotify and compares it with your favourite artists on Last.fm. Subscribe to artist RSS feeds (or email) to be notified of updates. This is a really useful service: you can browse the site (which nicely summarizes the new Spotify releases) and sign in whit a google account to add artist alerts based on your Last.fm profile (up to a maximum of 100 artists).

• Spotify.fm – Frank Quist’s new and improved webtool to list the latest Spotify releases of all your favourite artists on Last.fm. Also has a neat RSS feed and the ability to search based on both username or tag and search on similar artists.

• Spotify updates from Last.fm – This app can look for any artist in your library (not just your top 50 artists) and lets you specify the playcount range to consider too. It will also return recommended artists, so this is a great way to discover more music from artists you’re perhaps not too aware of, and complements the other apps well. Developer OnDistantShores (who is also responsible for the excellent Universal Scrobbler) promises more updates soon, including the option to specify a tag and search new releases by artists with that tag: brilliant!

• Last.fm Spotify Search – Script that adds a wee green note icon next to tracks, albums and artists on Last.fm’s website. To use, install Greasemonkey then add the script. You can then click the note icon to search in Spotify. I find this one really useful, it saves on typing and binds Last.fm and Spotify together nicely.

• Lastify - A plug-in that bolts onto the regular Spotify client and lets you Love, Ban, and Tag tracks back to Last.fm.

• Last.fm + Spotify + Find new albums – Newly updated, this webapp tells you what’s new in Spotify based on your Last.fm Top 50 artist favourites. It can also match against recommendations: a great way to discover new bands. Results are grouped by when they were added to Spotify and let you click both the album/single and artist. There’s also an RSS feed you can subscribe to, and the app now lets you filter to view only singles or albums as well as as “show tracks” dropdown for each album.

Groups

• Spotify – The best Spotify group on Last.fm, leader Faz regularly checks in and updates the Shoutbox, and there are always active discussions going on.

• Scrobble for Spotify – Originally set-up before Spotify had a scrobble feature, the Scrobble for Spotify group continues to attract new members.

The LTE hits just keep coming: Chunghwa Telecom said this week that it plans to start testing LTE with Ericsson gear, in northern Taiwan. Meanwhile, in Japan, Ericsson customer NTT DoCoMo has started its 4G upgrade. It plans to launch commercially in 2010.

Along with Cisco’s recently approved purchase of Starent Networks, these are the latest moves in a market that is rapidly heating up, putting a spotlight on the opportunities for infrastructure vendors. Ericsson has been in the spotlight all week, since Swedish incumbent TeliaSonera launched the first commercial LTE network on Monday, using equipment from Ericsson as well as Huawei.

It’s likely that an infrastructure vendor battle will soon heat up as more trials get underway. Huawei is looking like a big threat to the Tier 1 vendors; it’s signed on to 25 trials and deployments worldwide, it says, including plans to integrate Belgium incumbent Belgacom’s GSM, HSPA and future LTE networks in a converged radio access network and all-IP core. The Chinese vendor will also replace Belgacom’s existing RAN supplier, which happens to be Nokia Siemens Networks.

Also, Telecom Italia said it is working with Huawei for an LTE trial in Turin.

That said, NSN and Alcatel-Lucent are determined to also be a part of the LTE story. NSN recently announced that global operator Telefónica will run a six-month 4G trial in the Czech Republic on NSN’s end-to-end LTE solution. Meanwhile, it also has been tackling the voice-over-LTE goal, and completed successful IMS-compliant voice calls and SMS messaging using 3GPP-standardized LTE equipment, and says it will also soon conduct VoLTE test calls with a fully implemented IMS system.

Not to be outdone, Alcatel-Lucent said that it too has called and texted across standard LTE equipment, but using the interim standard from the 3GPP known as VoLGA.

The first carriers out of the gate after TeliaSonera with the 4G broadband technology – which promises 20mbps to 40mbps in throughput, initially – will likely be Verizon Wireless and NTT DoCoMo. Regional carriers MetroPCS and U.S. Cellular also have plans to deploy LTE next year, along with KDDI in Japan, and Tele2 and Telenor in Europe. AT&T and China Mobile are planning LTE rollouts for 2011. Most incumbents have LTE on their to-do list at some point, making for a rich new vein for infrastructure vendors to mine.

Some markets will be richer than others. “Spectrum availability is the primary factor impacting deployment plans,” said senior ABI analyst Nadine Manjaro. “In countries where telecommunications regulators are making appropriate spectrum available, many operators have announced plans to launch LTE. These include the U.S., Sweden, China and others. Where no such spectrum allocations exist, operators are postponing LTE plans.” The United Kingdom, surprise surprise, will likely be slower to roll out LTE because of spectrum availability.

Say “Chumby” and an image of a squat beanbag with a touch-screen comes to mind–that is, if you know what a Chumby is.

Steve Tomlin, is the genius behind the evolution of the Chumby from a single gadget that can pull weather, music, news, photos and trivia from the Web into an assortment of “powered by Chumby” devices.

Tomlin, Chumby Industries’ chief executive,  has spent the past few months striking partnerships with some of the largest consumer electronics companies, including Sony, Broadcom, Marvell and Samsung. The partnerships will enable the port of Chumby’s open-source operating system to a wide range of gadgets, including TVs, Blu-ray players and clock and tabletop radios, some before the end of the year. 

Tomlin, who prefers consumers to think of Chumby as a content and media business, based on an ecosystem of widgets and third-party developers has a vision of Chumby’s future that centres on bringing a personal multimedia Web experience to as many connected consumer electronics as possible. He is quoted as saying: “Selling someone an LCD in a plastic frame with a memory card is not a compelling product… The challenge is to reinvent how to share photos and media.”

The first Chumby-powered photo frame will be able to display content from photo sites Flickr and Photobucket, along with accessing social networks, such as Facebook and Twitter, as well as news feeds, Internet radio and weather forecasts. Content can be be pushed to other ‘powered by Chumby’ devices so that, for example, users can share photos with other members of their Chumby social network. Chumby’s software recognizes other Chumby owners, so users will be able to share photos by “pushing” them over the air to their friends.

Gadgets such as the now extinct Nabaztag and Chumby hope to fill a burgeoning space in the phenomenon to merge the online world with the offline world and it is surprising that there have not been more of these types of product released to the market place.

This will surely change greatly over the coming 12 months.

Looks like Cisco’s move into the world of radio/wireless is a go. The company announced yesterday that they have been given regulatory clearance and have now satisfied the regulatory approval requirements under the merger agreement to complete the acquisition of Starent Networks.

The have paid $2.9 billion, for Starent Networks, which makes products that help wireless telecommunications companies ship large volumes of data to phones and computing devices.

The deal represents about a 20 percent premium over Starent’s closing price on Monday 12th Oct  of $29.03 a share. After the announcement, Starent’s shares rose $4.88, or almost 17 percent, to close at $33.91 on the following day.

Starent counts carriers like Verizon Wireless, Sprint Nextel, Vodafone Group and China Telecom as customers.

The company’s recent deals reflect that optimism about the growing importance of video traffic to mobile networks. In October, Cisco began a tender offer to buy Tandberg, a Norwegian maker of videoconferencing systems, for $3 billion. And in March, Cisco agreed to pay $590 million for Pure Digital Technologies, a start-up that developed the popular Flip video cameras. The purchase of Pure Digital bolsters Cisco’s video and nascent consumer electronics efforts while also giving the company a way to promote devices that create bulky files that consume great deals of bandwidth.

While the Starent purchase has a video element, it is primarily a sign that Cisco expects smartphones and wireless data plans to rise in popularity. In addition, the acquisition offers another door through which Cisco can approach telecommunications companies that have turned to Ericsson, Alcatel-Lucent and Huawei Technologies for networking equipment that feeds mobile devices.

In a research report, Mark Sue, a networking analyst with RBC Capital Markets, valued the mobile carrier infrastructure market at $47.5 billion.

Starent, was founded in 2000 and has traded publicly since 2007. Last year, the company reported a 74 percent rise in revenue, to $254.1 million. Starent Networks is a leading provider of infrastructure solutions that enable mobile operators to deliver multimedia services to their subscribers. Their solutions combine significant computer power, memory, and traffic handling capabilities with highly distributed software architecture designed to provide high availability, flexibility, and performance built on the power of a Linux operating system. 

They have created solutions that provide several core network functions and services, including access from a wide range of radio networks to the operator’s IP, or packet core network, mobility management of subscriber sessions, and call control. Their access-independent solution integrates multiple network functions needed for the delivery of advanced multimedia services, such as video, Internet access, voice-over-IP, e-mail, mobile TV, photo sharing, and gaming. 

They have developed multimedia core platforms and proprietary software specifically to address the needs of packet-based mobile networks. These products are designed to provide mobile operators with new revenue opportunities while also reducing their costs and they possess a high degree of system intelligence, which allows a mobile operator to understand the details of each subscriber session, enabling individual subscriber management and network traffic flow control.

Their products also enable mobile operators to continue to evolve their core networks to the Long Term Evolution (LTE) Evolved Packet Core (EPC) specification to provide multi-megabit bandwidth, latency reduction, and improved mobility to their subscribers.
Other product areas include CDMA, HSPA, WiMAX, WiFi and Femtocell which make for an interesting complement to Cisco’s existing portfolio.

This is such a great idea and as usual with the greatest ideas, oh so simple.