[c-nsp] NCS IOS-XR rant (was:Re: Internet border router recommendations and experiences)

Tue Feb 28 10:18:45 EST 2023

Cisco's method for rolling out updates (basically stuck in the 90s) is becoming more and more of a liability. When evaluating vendors I have started to place high importance in how they handle updates as there is less and less tolerance for leaving anything in a unpatched state for very long. Patch management software should be part of the product, it shouldn't be something I need to pay extra to do in an efficient manner, nor should it be expected you'd build out some scripting solution that accounts for all the annoying oddities a vendors platform should have. Cisco and other vendors need to really do better to ensure that their customers can easily patch so their boxes are not viewed as security liabilities.

-----Original Message-----
From: cisco-nsp <cisco-nsp-bounces at puck.nether.net> On Behalf Of Mark Tinka via cisco-nsp
Sent: Sunday, February 26, 2023 7:55 AM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] NCS IOS-XR rant (was:Re: Internet border router recommendations and experiences)

CAUTION: This email originated from outside of Civeo.
Do not click links or open attachments unless you recognize the sender and know the content is safe.

On 2/26/23 16:44, Tarko Tikan via cisco-nsp wrote:

> Well, not so in practice.
>
> You can't issue install from http:// or any other remote URL.
>
> You have to sit around and issue "install apply" after "install
> replace" is finished. Replace is async so you have to sit around and
> poll the process.
>
> After reboot you have to reconnect to device and issue "install commit".
>
> In some cases direct upgrades from version X to Y fail so you have to
> go through this whole process twice (X to Z to Y) that takes around 2
> hours on NCS540.
>
> In some other X to Y cases there is not sufficient diskspace to
> complete "install replace".
>
> We personally have automated the whole install process via netconf and
> can workaround the quirks relevant for our platforms and versions.
> Many people can't do that or can't justify the expense (when they have
> small number of devices).
>
> Some other issues have been solved by Cisco in latest releases, I
> belive install replace can now be sync operation, maybe not on NCS540
> but on larger platforms (IOS-XR consistency between platforms is an
> issue itself).
>
> So I totally get what Mark and Gert are saying. IOS-XR is currently
> worst NOS operational experience from all large NOSes out there.

Oh gosh - it's such a shame that it's 2023 and we still have to put up with shoddy software maintenance processes, just because a vendor insists that their next generation OS core is worth the daily-use pain.

I could be okay with doing for this for about 10 - 20 nodes in the core.
But even with some level of automation (because you have to baby-sit the automation, especially when the vendor changes things in a bid to "improve" life with their OS), trying to manage this on 100's - 1,000's of nodes in the Metro (or anywhere, really) is just too much of a nightmare.

So you either end up with network gear running very old code because operators can't be asked to spend 2hrs on upgrading a single device, or simply tying up too many engineer hours at the expense of other projects.

Mark.
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-nsp&data=05%7C01%7Csteve.mikulasik%40civeo.com%7C6026c96b2aa84683fd4508db1809a7f5%7C19af17147411493892e842145780331d%7C0%7C0%7C638130201987637854%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=oZ6pox81KyUj2bwtn9pbmXdYK3x1Jf5k4194wD0JXR4%3D&reserved=0
archive at https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpuck.nether.net%2Fpipermail%2Fcisco-nsp%2F&data=05%7C01%7Csteve.mikulasik%40civeo.com%7C6026c96b2aa84683fd4508db1809a7f5%7C19af17147411493892e842145780331d%7C0%7C0%7C638130201987637854%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=arChJnDgaJLcdrhPSrW269c9GcKc3xrWMsqVhlD7C4k%3D&reserved=0