A Best-Practice Reference Architecture for Open Campus Networks

Threshold™ is the first end-to-end open networking solution capable of replacing entire legacy-vendor enterprise networks of any size with centrally managed, modern, disaggregated white/brite box-based alternatives. To create a complete network of white box switches Pica8’s Threshold offers:

  • A centralized, single point of management
  • Automated deployment, configuration, monitoring, alerting and lifecycle management
  • GUI-based network-level system view
  • CLI-based switch-level management/control
  • Centralized data collection for analytics/visibility
  • Open networking switches from a number of white- and brite-box vendors

Unlike the relatively simple world of data center networking, the complexity, challenges, and almost infinite diversity found among enterprise network topologies meant Pica8 had to create a number of open networking industry “firsts” to make Threshold a reality. In short, until Threshold, campus open networking lacked:

  • Any kind of automation framework for deploying, configuring and managing switches
  • Any alternative to wiring closet switch stacks
  • Any alternative to IDFs (intermediate distribution frames)
  • Any alternative to campus chassis switches
  • Any IBN (intent-based networking) capabilities

Threshold Addresses all of these Shortcomings

The central pillar of Threshold is AmpCon™ – short for “Amplified Control” – the world’s first, and only, automation framework that can deploy, configure and manage an entire enterprise network of white box switches. It’s so easy to use an intern with no programming experience can turn on and configure 1,000s of switches at the push of a button. AmpCon also embodies the economic value proposition of open networking as it is deliberately priced lower than the sales tax of its traditional automation competition, such as Cisco DNA Center. And, unlike Cisco, AmpCon can either run on premises or in a public cloud (at no additional cost), and its license has no limits on either the number of connected devices or the number of users.

AmpCon executes ZTP – zero-touch provisioning — via a GUI for white/brite box switch provisioning. It takes care of all Day 0 tasks – new switch turn-on, image load, switch config, license DB update, and so on – and Day 1 tasks, such as configuration validation, commit, rollback, and inventory.

AmpCon also manages security and operational tasks, including global/regional configurations, compliance, remediation, license maintenance, RMA, status monitoring, role-based access control (RBAC), as well as offering configurable security controls. To crack the code on how to replace legacy switch stacks and chassis switches with modern open networking alternatives, Pica8’s Threshold integrates the company’s new MLAG-based port aggregation capability directly into PICOS®, Pica8’s flagship Linux-based NOS.

(See Figures 2 and 3 below for more detail.)

Figure 2

Figure 3

Managed via a Web interface as a single, logical IP address, Pica8’s MLAG-based port aggregation capability removes all the myriad deficiencies inherent in legacy three-tier network stacking, such as the requirement for STP- (spanning tree protocol) based redundancy that cannibalizes ports and bandwidth. Additionally, it removes the requirement for stacking ports, while allowing for any mix of switch models and uplinks to be deployed at an aggregation point. It also drastically simplifies maintenance and operations as the plug-and-play nature means failed switches can be swapped out by SysAdmins on site, rather than needing top-tier networking engineers to reconfigure the hardware.

Another hallmark of the Threshold architecture is the inclusion of Pica8’s revolutionary open intent-based networking (OIBN) capability, CrossFlow™.

Figure 4

Available only from Pica8, CrossFlow allows users to concurrently run both traditional L2/L3 traffic and OpenFlow/OVS on every switch port in the network. Among other things, this creates a separate security control plane to respond to threats and adjust security policies without the need to touch switch ACLs (access control lists). The level of granular, dynamic monitoring and analytics this provides to Threshold is simply unmatched in the industry.

Threshold open networking deployments are fully backward-compatible with installed legacy infrastructure, meaning they can either be gently integrated floor-by-floor, department-by-department, or building-by-building, or brought in as full replacements – whatever budgets and staffing allow.

Threshold offers a full Cisco-comparable enterprise feature set, including:

  • Multivendor NAC support
  • Sophisticated QoS
  • PoE support for voice, WiFi, and other devices
  • Automatic device recognition and power-up
  • Secure remote management
  • Multigig support
  • And more


With Threshold, Pica8 offers the first viable open networking alternative to legacy network vendor lock-in in the enterprise. A number of Fortune 100 companies have already installed Pica8 PICOS and replaced thousands of legacy Cisco switches with superior, cost-effective – and future-proofed – open switches from Dell EMC and others. Now Threshold brings the same open network technology to the masses, making it simple to deploy and manage, and to enjoy the extraordinary cost savings inherent in this architecture.