[c-nsp] 6500 VSS for campus L3 core?

Gert Doering gert at greenie.muc.de
Thu Feb 14 09:49:21 EST 2013


On Fri, Feb 15, 2013 at 01:41:20AM +1100, Andrew Miehs wrote:
> I guess the word "trust" was probably a poor choice in the case of BGP.
> Its more a case of which do you believe has a buggier implementation - the
> firewall vendor with BGP/ routing protocol or Cisco with VSS. Which is more
> likely to break?


Cisco has lost lots of trust regarding OS quality control, modularity of
code, or general "someone knows which way the company wants to move" in
the last years.  I can accept single boxes crashing, which is why I have
two of them - and they do not (never ever if I can avoid it) run the same
version of IOS.  So if something critical in SXI will bring down box #1,
the other will be on SXJ (or SXH, or maybe 15.2S) and will not die in

> I had an issue last week with one vendor where OSPF between a firewall, and
> a switch broke, causing the firewall to loose some specific routes for a
> short amount of time.

Given the track record of weird bugs in Cisco's OSPFv3 implementation, I
came to the conclusion that getting OSPF right seems to be hard.  So I would
never run OSPF to a firewall, if I could do BGP instead.

(Just look at quagga/zebra - their BGP code is reasonable, their OSPF ... not)

USENET is *not* the non-clickable part of WWW!
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20130214/893ef0b2/attachment-0001.sig>

More information about the cisco-nsp mailing list