[c-nsp] ASR 9000 Upgrade Expectations
Gert Doering
gert at greenie.muc.de
Wed Jul 13 16:38:47 EDT 2016
Hi,
On Wed, Jul 13, 2016 at 10:30:11PM +0200, Juergen Marenda wrote:
> Because of
> https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-
> sa-20160525-ipv6
> asr9k: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuz66542
>
> it should be 5.3.4.1 or for the brave 6.1.1.16
> but I cannt see it for download (but 5.3.3 two times ! )
>
> ... waiting for a fix of severity-2 BUG for more than 6 weeks ...
The SMU for that bug fix was available fairly quickly for 5.3.3 - unlike
for 4.3.4 (still supported, but that bug did not get an SMU) or IOS (no
word whatsoever)... so you can't really complain here :-)
> ... nice to read that for oldstyle IOS, it may be fixed in IOS XVI.IV (will
> arrive A.D. MMXX ?)
>
> Workaround with ACLs reduces the Number of Layer3 (boteh ipv4 and IPv6) SVI
> interfaces on my cat4900M
> to less than 300 (out of TCAM resources...) just for the basics.
>
> I am desperately disappointed .
Yay :(
(We have deployed fairly extensive border ACLs for this, so the "soft
core" is protected against fake & evil ND packets crossing the borders -
and as long as your 4900Ms are not border routers, you could do similar...)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 291 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20160713/afaabec0/attachment.sig>
More information about the cisco-nsp
mailing list