Cisco and the tobacco industry

• Previous message (by thread): Cisco and the tobacco industry
• Next message (by thread): Cisco and the tobacco industry
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Applying patches to binaries, hmmmmm. Sounds a bit difficult.

IMHO IOS should be completely modular. ie SNMP/QOS/BGP etc should be a loadable module etc. In the event of you patching a service specific bug, you'd only upload the new modules and insmod them. I'd be very happy if the Cisco router fairy would write and backport such an IOS. That should end this idiotic router rebooting nonsense that the internet is plagued with, for the most part.
But, there is some progress in this direction; afaik IOS XR is modular IOS but only runs on really-really-really big equipment like the Cisco CRS-1 ("Helo Dave" Red light module optional).

> The actual patch file can be located in a server at the customer's site
and Cisco can distribute them via BitTorrent :-)
That's equivalent to saying the internet is safe enough to do your corporate banking via plain text email. 

my 2 pence,
ivan

Jeffrey I. Schiller wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Folks.
>
>All that is needed is for cisco to put an "upgrade" command into their
>router. The "upgrade" command determines the routers version (and
>current patch level) and requests the download of a version specific
>patch file.
>
>The command takes as arguments the on-disk (flash) version of the core
>image and the beginning of a URL where to find the file. The filename
>itself can be constructed based on the current version. The upgrade file
>itself contains the checksum of the image it should be applied against
>as well as the checksum of the final image. Of course it is digitally
>signed by cisco (so Cisco will need a public key installed in its images).
>
>The upgrade command then determines if sufficient flash exists to
>perform the change and performs the upgrade. It might even be able to
>patch in the in-core image (presumably this can be done via code that is
>included in the patch itself, I leave this as an exercise for cisco).
>
>The actual patch file can be located in a server at the customer's site
>and Cisco can distribute them via BitTorrent :-)
>
>Important points:
>
>* Upgrade is initiated by the user. If the necessary arguments are
>stored in the system configuration, perhaps the upgrade can be triggered
>by SNMP even (yeah right).
>* All patches are signed.
>* Patches know what version they apply to and are careful to ensure they
>are being applied to the right version (even if the customer improperly
>names the files on their server).
>
>This isn't trivial to do, but it isn't rocket science either!
>
>			-Jeff
>
>- --
>=============================================================================
>Jeffrey I. Schiller
>MIT Network Manager
>Information Services and Technology
>Massachusetts Institute of Technology
>77 Massachusetts Avenue  Room W92-190
>Cambridge, MA 02139-4307
>617.253.0161 - Voice
>jis at mit.edu
>============================================================================
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.1 (GNU/Linux)
>Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
>iD8DBQFC6+RK8CBzV/QUlSsRAmdAAKDCpvTl0sBIk5v0hX1Wbta1mRHe4ACg5/Or
>ONwi+567ZEAdtW7B1J/yDhk=
>=GJ2e
>-----END PGP SIGNATURE-----
>  
>

• Previous message (by thread): Cisco and the tobacco industry
• Next message (by thread): Cisco and the tobacco industry
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]