[c-nsp] NCS-5001 - MPLS L3VPN Issue

Phil Mayers p.mayers at imperial.ac.uk
Tue Mar 1 06:21:11 EST 2016

On 01/03/16 08:22, Gert Doering wrote:

> It's an expression of distrust to the software upgrade process...

Numerous vendors who build their network OSes on top of third-party 
general-purpose OSes (e.g. Linux) have problems which justify this distrust.

It's not uncommon for the vendor-specific interface to push some of the 
config (e.g. SSH, NTP, syslog) down onto the underlying OS, and in some 
cases, fail to clean this config up because it has "forgotten" about it.

An example might be that the OS image has a file:


include /etc/daemon.d/*

...and a file gets dropped into /etc/daemon.d when a feature is 
configured, but fails to get removed when it is unconfigured, but the 
include continues to read it.

I don't want to name any names here, although I am *not* thinking of 
Cisco (or Juniper, in fact). But it's a problem I've fought with.

Upgrades != Fresh installs, unless the OS is a complete, self-contained, 
read-only image, with the only mutable state being config applied to the 
ramdisk *after* boot ;o)

More information about the cisco-nsp mailing list