[c-nsp] Re: backup quandry

Roger Weeks rjw at mcn.org
Thu Oct 21 11:34:22 EDT 2004 

I'll second this with a recent example.  Most of our routers are 
running different variants of 12.1(something).  When I arrived here a 
month or so ago I immediately started planning to upgrade them so as to 
get them to a GD release, and to get them to all the same revision.

Trouble is, we have a pretty mixed bag of routers - 2 7206vxr, a 3640, 
a 3660, 2600s, 2500s, 1720s.

My other prime goal in upgrading them was to take them to a code that 
supported ssh so I could turn off telnet.  It's 2004!  Why are we still 
using telnet!?!  ;)

Two issues came up:

1.	If I want SSH 2 support, I have to go with 12.3T code.  It's ED code 
and that makes me nervous especially on border routers with ATM.

2.  If I wasn 12.3T code on on any of the routers besides the 7206, I 
have to upgrade the internal RAM and Flash.  For example, 12.3T11 for a 
3640 takes up 24MB of space.  The internal Flash is at 16MB, and the 
PCMCIA slot in these routers only takes up to a MAX of 20MB cards (WTF, 
Cisco?!?).

So I discarded the requirement for SSH 2 support, even though it makes 
me nervious to go with SSH 1 since there have been known 
vulnerabilities in that code.  12.2.26GD fits just fine in all of my 
routers without upgrades, and it supports SSH 1.

Roger Weeks
Mendocino Community Network

> Date: Wed, 20 Oct 2004 16:07:23 -0700 (PDT)
> From: Jay Hennigan <jay at west.net>
> Subject: Re: [c-nsp] backup quandry
> To: Rodney Dunn <rodunn at cisco.com>
> Cc: cisco-nsp at puck.nether.net
>
> Generically, I can answer why we often times don't upgrade.
>
> *  No need.  If there are no security patches and no new features, and
>    I have solid performance with older code, there's no business sense
>    to upgrade, especially if there is an real or perceived increased
>    risk of bugs, like when going from a GD to an LD or ED image.
>
> *  Code bloat.  For the same feature set, or at least the features I
>    might use on a given router, upgrading may require the purchase of
>    additional flash or RAM.  Have you priced "Genuine Cisco" memory
>    recently? [0]
>
> But, hey, if there is something cool that increases performance or adds
> a useful feature, I'm all over it and have no problem upgrading.
>

More information about the cisco-nsp mailing list