2000 or Bust

In a rush to achieve year 2000-readiness in applications and databases, many businesses may be overlooking another looming threat: date-deficient code running in network devices, such as bridges, hubs, routers, gateways and controllers. The bad news is that industry specialists are divided on the extent of the problems these devices may cause.

Many network devices, even some that were sold only 2 years ago may be unable to handle year 2000 dates, maintains Ellen Carney, director and principal analyst at Dataquest (San Jose, Calif.). Many IS and network managers who thought they had the year 2000 under control may be in for a rude shock when the year 2000 hits their networks, Carney says. A recent Dataquest survey of 250 companies found that about half believed they were already year 2000-compliant in networks. "Very few companies are going to do anything next year, and almost half weren't even going to do anything by the year 2000," Carney says.

"There are still network products being shipped today that are not year 2000-compliant," says Merel Newmark, business development manager for NetSuite Development Corp. (Wayland, Mass., www.netsuite.com), which provides network assessment tools. Since most networks have grown over the past decade in piecemeal fashion, almost all "are going to have problems with year 2000 compliance," she predicts.

Many experts believe it is unlikely that networks will crash when the date rolls over. The more likely scenario is that network administrators will be blinded as the eyes of their systems -- time and date-stamped alarm and alert monitors -- fail to provide proper readings. "The network administrator may not receive any alarms, or may be flooded with them," says Newmark.

Problems will occur with log data that's registered by day and time, explains Richard Moukperian, hardware development executive with IBM Networking Hardware Division (Research Triangle Park, N.C.). "You could lose your ability to get in touch with a network device when tracking a problem," he says. "You may not be able to log statistics or get a history. The device may have a nonsensical date stamp on it."

The leading networking vendors -- 3Com Corp., Ascend Communications Inc., Bay Networks Inc., BMC Software Inc., Cabletron Systems, Cisco Systems Inc., Fore Systems Inc. and IBM Corp. -- maintain Web sites with compliance updates (see accompanying sidebar for more information). Of course, many companies also have equipment from companies that have gone out of business or have been acquired. In other cases, vendors will not even be testing older equipment and advise upgrades. Cisco's older AGS and CGS-based routers, for example, will not be tested for year 2000 readiness. "We can't dig up old routers, put them in the labs, and try to bring them back to life," says Paul Klepac, year 2000 program manager with Cisco.

Malfunctioning firewalls present yet another problem scenario, Dataquest's Carney says. They may deny access to legitimate users, or even compromise security, she says. "Computer hackers are going to have a field day as it is with the date change," she warns. "When you consider the ubiquity of computer networks, it could be a potentially unbelievable problem." In a worse-case scenario, the network backbone may fail, an event which could disable the entire network, Carney points out.

Still, some industry specialists contend these will be only minor problems when compared with what will happen with databases and applications that are not brought into compliance. "In general, networking devices are not affected [by year 2000]," counters Cisco’s Klepac. "Routers, switches, hubs look at IP addresses and ports -- there's no time-stamping or date sensitivity to any of that operation. For the most part, they are not affected by dates. The only parts that are affected may be some logging of error messages, and those won't bring down networks."

The gravity of the situation varies from company to company. "One of the difficulties with year 2000 compliance is that it's hard to tell what's going to happen," NetSuite's Newmark points out. "The problems can range from being a nuisance to networks going down. It's very difficult to test a network."

In large organizations, the problem may be massive. Recently, the U.S. Department of Agriculture conducted an assessment of its year 2000 exposures and found 900 of 3,700 routers were not compliant, Newmark relates. "If you have a small problem with a router, that's something that can easily be fixed. But if you have a problem with 900 routers on the same day, that's a big problem."

As far as addressing the problem, network specialists agree that networks cannot be assessed as automatically as applications. IS professionals will need to inventory all devices they have, and check the models against vendor information. "Other than the tools that identify device types and model numbers and firmware and software, I haven't heard of any other magic bullets that will go in and do some date field analysis," says Dataquest's Carney. Specialized tools such as NetSuite's Network2000 rely on information from network vendors' Web sites.

"The first step is to figure out what's on your network to begin with," NetSuite's Newmark says. "The biggest problem is that people don't know what's on their networks. Few companies have accurate and up-to-date network documentation, because it goes out of date so quickly." If information isn't available, and the device is more than 2 years old, prepare for date problems, Carney adds.

Network managers need to talk to their suppliers and "get assurances that the devices are either year 2000-ready, or [find out] what impacts they will see on those devices, and if there are impacts, how they could mitigate those circumstances," says Moukperian of IBM. "This is an issue that should be taken seriously and analyzed very thoroughly. Don't brush over it lightly."