[c-nsp] ASR 9000 Upgrade Expectations

Gert Doering gert at greenie.muc.de
Wed Jul 13 16:38:47 EDT 2016


On Wed, Jul 13, 2016 at 10:30:11PM +0200, Juergen Marenda wrote:
> Because of 
> https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-
> sa-20160525-ipv6
> asr9k: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuz66542
> it should be or for the brave 
> but I cannt see it for download (but 5.3.3 two times ! )
> ... waiting for a fix of severity-2 BUG for more than 6 weeks ...

The SMU for that bug fix was available fairly quickly for 5.3.3 - unlike
for 4.3.4 (still supported, but that bug did not get an SMU) or IOS (no
word whatsoever)...  so you can't really complain here :-)

> ... nice to read that for oldstyle IOS, it may be fixed in IOS XVI.IV (will
> arrive A.D. MMXX ?)
> Workaround with ACLs reduces the Number of Layer3 (boteh ipv4 and IPv6) SVI
> interfaces on my cat4900M
> to less than 300 (out of TCAM resources...) just for the basics.
> I am desperately disappointed .

Yay :(

(We have deployed fairly extensive border ACLs for this, so the "soft
core" is protected against fake & evil ND packets crossing the borders -
and as long as your 4900Ms are not border routers, you could do similar...)


USENET is *not* the non-clickable part of WWW!
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 291 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20160713/afaabec0/attachment.sig>

More information about the cisco-nsp mailing list