Why your "enterprise-grade" million-dollar solution is getting outmaneuvered by free software running on commodity hardware
by Alan DeKok, CEO
Twenty-five years ago, I started building FreeRADIUS in my spare time, with the help of a ragtag group of volunteers. I didn’t know then that it would become the world’s most widely deployed RADIUS server alternative.
At the same time, there were a number of massive corporations selling RADIUS servers for six figures a pop. Today, most of those companies are gone. Others are selling a rebranded version of our software as their own premium solution.
While this is a RADIUS story, it’s also the story of how the tech industry's Death Stars—massive, expensive, seemingly invincible—keep getting taken down by scrappy X-wing fighters they never saw coming.
How legacy enterprise vendors fight back (and why they keep losing)
Remember when Digital Equipment Corporation was trying to sell massive servers to run AltaVista? Google looked at that approach and said, "What if we just bought racks of cheap machines instead?" It turns out that approach to buying hardware is cheaper, faster, and more flexible.
When your single million-dollar server dies, the entire operation goes down. When one cheap server in Google's enormous server farm dies, they toss it to the side and grab a coffee. In other words, the Death Star has one critical vulnerability; the rebel fleet has redundancy built into its DNA.
Meanwhile, time marches on. A $200 Android phone is now orders of magnitude better than a high-end server from 25 years ago.
2000 | 2025 | Improvement |
Telco-grade server | Smartphone |
|
$20,000 | $200 | 100x—not counting inflation |
500MHz single-core | 3GHz 8-core | 20x |
512MB RAM | 16GB RAM | 32x |
100GB HDD | 1TB SSD | 10x plus speed gains |
Your pocket now holds what used to be an telco-grade server (and then some)
What most people haven’t noticed is that the same growth has applied to software, too. This is the “lesson of the low end”.
Software that seemed "low-end" decades ago has evolved and is running on hugely more powerful hardware. Where large telcos used to buy “high-end” hardware for their millions of users, those users can now be served by lower cost hardware that is much faster! The result is that companies no longer have to spend huge amounts of money on “high-end” software to match their “high-end” hardware.
This evolution creates a devastating pincer movement that legacy vendors can't escape:
- From below, commodity hardware eliminates their performance advantages—why buy a $20,000 appliance when a few $2,000 servers deliver the same throughput?
- From above, continuously-improved open-source software eliminates their feature advantages—why pay for last decade's "enterprise features" when this decade's open-source solution does it faster, with more features? And if you don’t like the feature set, you don’t have to file a change request and wait a year; you can just do it yourself or hire someone to do it for you.
The traditional vendors find themselves squeezed between relentless hardware commoditization and incessant software innovation, holding an increasingly indefensible middle ground armed with nothing but inertia and enterprise sales teams.
The result is that the customer doesn’t have to pay huge license fees for complex software with features they don’t want. They don’t have to pay the overhead of enterprise sales and marketing expenses, which are built into the product cost. Customers are getting wiser to commercial Fear, Uncertainty, and Doubt (FUD) about open-source software.
After all, if open source is good enough for Google, Amazon, and Microsoft, why wouldn’t it be good enough for you?
The RADIUS market disruption: How open source eliminated a $500M industry
When we started FreeRADIUS, the market was packed with commercial vendors: Steel-Belted RADIUS (Funk Software, then Juniper, then Pulse Secure), Livingston, and more. Companies were selling RADIUS servers for $50,000 to $100,000 or more for just one server license.
Paul Funk sold his RADIUS company to Juniper for $122 million in 2005. Juniper eventually spun it off because it became essentially worthless. Why? Because you could download software that did 99% of the same job, for free.
FreeRADIUS has eaten the low end of the RADIUS market. It has eaten much of the middle of the market. And we’re moving on to the high end. We have large national ISPs running 10M or 20M users. We have global Fortune 50 companies, where every switch port and Wi-Fi access point worldwide is authenticated via our software. The large equipment vendors, and operating system vendors all test their equipment for compatibility with FreeRADIUS before a release is allowed to go out the door.
If that point didn't have a hard impact, go read it again. Everyone, everywhere, checks if their products are compatible with FreeRADIUS. It has gone from a grass-roots open source project to the de-facto standard on the Internet.
If everyone else uses it, it’s OK for you to use it, too. In most cases, the main thing holding people back from choosing FreeRADIUS is just inertia. The existing solutions work for now (though they’re expensive), so why look into something else?
Today, I can count the remaining major RADIUS implementations on one hand.
- HP sells a rebranded FreeRADIUS.
- Microsoft’s RADIUS server has seen better days; the only changes it’s had for 20 years are security fixes. It will not be updated for new RADIUS or EAP standards.
- Cisco and Nokia each have their high-end systems. (Why suggest a 64-core server with 192G of RAM? Don’t they know that hardware is expensive? Or why run a “telco grade” RADIUS server that “stops the world” for garbage collection and causes your support system to light up with customer complaints?)
- The few remaining mid-tier survivors are clinging to specialized niches, making small amounts of money in markets that used to support many more players.
At a recent standards meeting, someone pointed at me and said, "Twenty years ago, there were 10 or 15 different commercial RADIUS products. Now they're all dead. You killed them all. Your free software is responsible, because of price and feature set."
Mission accomplished!
Why IT directors still believe expensive enterprise software is better (spoiler: it’s not)
I regularly talk to ISPs spending $1 million annually on support contracts for commercial products, who have four or five full-time staff just keeping the lights on. When I ask why they don't switch to something that performs better for a fraction of the cost, the answer is always psychological: "If we're paying this much, it must be good."
You can pay $1 million for a house with a collapsing foundation. Price and quality aren’t always related in a good way.
Here's a thought experiment: If you paid $1 million for a custom smartphone, would it be better than an iPhone that’s sold to 100 million people? Of course not. The phone with massive scale behind it will always have more features than a boutique solution, because it has exponentially more development resources, user feedback, and real-world testing.
Big enterprise software companies can’t innovate
Big companies suffer from a fundamental problem: they optimize for revenue extraction, not innovation. When you've invested $10 million developing a product, your incentive is to milk that investment for 20 years, not to fix critical bugs, or add new features. Adding features won’t gain you more market share, so why do it?
Meanwhile, the scrappy open-source innovators keep shipping incremental improvements. We don't have shareholders who demand quarterly growth from legacy products. We have users who demand that things actually work.
I've talked with many ISPs who tell me that the average support ticket response time from major vendors is three to six months. That’s not the resolution time—it’s the response time! The average bug fix takes another 6–12 months, assuming that it gets fixed at all.
When a mid-tier ISP buying $10 million in equipment calls a major vendor, they’re still small fish in their pond. Unless you're dropping $50–100 million on their hardware, they're not particularly interested in your problems. So your bug reports and feature requests get filed in a dusty drawer, rarely to see the light of day.
In contrast, open-source response time to bug fixes can often be measured in minutes. The project maintainer usually gets notified about bugs quickly, since those notifications don’t have to work their way through layers of corporate process. If the maintainer has some time in between other tasks, they can look at the bug, find the problem, and push the fix back to GitHub. These fixes are then tested by the larger community before being pushed out in a major release.
The SaaS subscription trap: How enterprise software vendors turned ownership into rent-seeking
Faced with this existential threat, the legacy vendors have pulled their final card: subscription models. They've rebranded one-time purchases as "Software as a Service" and "continuous updates", but let's call it what it really is—rent-seeking behaviour disguised as development.
Twenty years ago, you bought software once and owned it. It worked until you chose to upgrade. Today, that same software stops working the moment you stop paying monthly fees. They've convinced entire industries that this is somehow better for customers—more "convenient", more "up-to-date", more "cloud-native".
It's brilliant, really. Instead of having to continuously improve to justify new purchases, they just flip a switch and turn off your software if you don't pay. Your critical infrastructure becomes hostage to their revenue targets. Miss a payment? Your system goes dark. Want to cancel? Good luck migrating years of configuration and data.
The math is punishing: that $50,000 for a one-time software purchase becomes $10,000 every year, forever. Over ten years, you've paid double for the privilege of never actually owning anything. And unlike the old model where you could skip upgrades if they didn't add value, you now pay the same whether they ship useful features or just move buttons around in the interface.
The subscription model isn't serving users—it's serving shareholders who demand predictable recurring revenue. It's the final evolution of vendor lock-in: they don't just make it hard to leave, they make it impossible to stop paying.
Open source has already won the low end, and it's become ubiquitous in the high end.
So, it’s clear that low-end solutions have already eaten the market from below. The large companies like Google, Microsoft, and Amazon have also “bet the farm” on open source. If you’re avoiding open source out of fear or uncertainty, you’re already being left behind.
Dominating the high end is next. What we deliver today exceeds what most commercial vendors offered five to ten years ago. Moore's Law doesn't just make hardware faster; it makes yesterday's "adequate" software into today's powerhouse. And the software hasn’t stood still during that time, either.
At a recent standards meeting, someone pointed at me and said, "Twenty years ago, there were 10 or 15 different commercial RADIUS products. Now they're all dead. You killed them all. Your free software is responsible, because of price and feature set."
Mission accomplished!
As a company based on open source, we leverage something the big vendors can't: an actual community. Not marketing-speak community, but millions of deployments providing real-world feedback and improvement. We have universities, ISPs, and enterprises running our software in configurations the original vendors never imagined.
When our customers need something fixed, we fix it. When they need a feature, we build it. When they need it to scale to handle millions of users, we make it happen. Not in six months or a year, but in weeks.
The new rules of enterprise software
The old strategy—massive upfront investment, slow development cycles, premium pricing for "enterprise-grade" features—has been blown to pieces. The new rules are:
Start small, scale fast.
What works for 100 users today will handle 100,000 users tomorrow, because hardware gets faster and software gets better.
Scaling is sharding.
Scaling from 100,000 users to 100 million users doesn't require magical "telco-grade" products. It requires sharding. That is, a large number of small systems, each of which is replaceable.
Open beats closed.
Proprietary solutions become technical debt. Open solutions become community assets that improve over time.
Responsive beats prestigious.
Your users don't care about your vendor's market cap. They care about whether their network works at 2 AM on a Sunday.
Low-end today becomes high-end tomorrow.
Every "enterprise solution" is just commodity hardware + markup + artificial scarcity. The markup disappears, the scarcity gets eliminated, and Emperor Palpatine has no clothes (*shudder*).
Small software teams are disrupting enterprise markets
Twenty-five years ago, the big RADIUS vendors looked at me and saw a hobbyist with a toy project. They had enterprise sales teams, marketing budgets, and installed bases. I had an editor, a compiler and an idea. They ridiculed and ignored me.
This isn’t just hyperbole. I had commercial RADIUS vendors laugh at the idea of open-source project competing with them. The idea was ridiculous, as Open Source products were tiny, or amateur. Those vendors are now out of business, and their products have been replaced with FreeRADIUS.
I don't feel bad about that.
Today, FreeRADIUS handles authentication for hundreds of millions of users daily. It's deployed in more locations than all the commercial alternatives combined. It powers the networks you use to read this article.
The lesson isn't specific to RADIUS. It's not even specific to networking. Every industry has its Death Stars—massive, expensive, seemingly invincible systems that are actually vulnerable to small, fast, innovative alternatives.
The rebels are coming for your industry too. The question is whether you'll join them or go down with the Empire.
Need more help?
InkBridge Networks has been at the forefront of network security for over two decades, tackling complex challenges across various protocols and infrastructures. Our team of seasoned experts has encountered and solved nearly every conceivable network security issue. If you're looking for insights from the architects behind some of the internet's most foundational authentication systems, you can request a quote for network security solutions here.
Related Articles
AI in network management: A hard look at real-world limitations
Today, AI sits at the peak of the hype cycle, but AI in network management faces fundamental challenges that the industry seems reluctant to acknowledge. While it's revolutionizing certain fields, network security isn't necessarily one of them—at least not yet.
How to customize an OEM instance of FreeRADIUS
As the most popular RADIUS server in the world, FreeRADIUS is used by many hardware vendors. They ship their products with FreeRADIUS as an embedded or “OEM” product. It is common for them to need some additional features or some customizations which are not part of the core FreeRADIUS functionality.