Cisco and the tobacco industry
Jeffrey I. Schiller
jis at MIT.EDU
Sat Jul 30 20:34:21 UTC 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Folks.
All that is needed is for cisco to put an "upgrade" command into their
router. The "upgrade" command determines the routers version (and
current patch level) and requests the download of a version specific
patch file.
The command takes as arguments the on-disk (flash) version of the core
image and the beginning of a URL where to find the file. The filename
itself can be constructed based on the current version. The upgrade file
itself contains the checksum of the image it should be applied against
as well as the checksum of the final image. Of course it is digitally
signed by cisco (so Cisco will need a public key installed in its images).
The upgrade command then determines if sufficient flash exists to
perform the change and performs the upgrade. It might even be able to
patch in the in-core image (presumably this can be done via code that is
included in the patch itself, I leave this as an exercise for cisco).
The actual patch file can be located in a server at the customer's site
and Cisco can distribute them via BitTorrent :-)
Important points:
* Upgrade is initiated by the user. If the necessary arguments are
stored in the system configuration, perhaps the upgrade can be triggered
by SNMP even (yeah right).
* All patches are signed.
* Patches know what version they apply to and are careful to ensure they
are being applied to the right version (even if the customer improperly
names the files on their server).
This isn't trivial to do, but it isn't rocket science either!
-Jeff
- --
=============================================================================
Jeffrey I. Schiller
MIT Network Manager
Information Services and Technology
Massachusetts Institute of Technology
77 Massachusetts Avenue Room W92-190
Cambridge, MA 02139-4307
617.253.0161 - Voice
jis at mit.edu
============================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFC6+RK8CBzV/QUlSsRAmdAAKDCpvTl0sBIk5v0hX1Wbta1mRHe4ACg5/Or
ONwi+567ZEAdtW7B1J/yDhk=
=GJ2e
-----END PGP SIGNATURE-----
More information about the NANOG
mailing list