[c-nsp] Rehosting a perpetual CSR1000V license

[Lukas Tribus]

Hello,



On Thursday, 23 July 2020, Mark Tinka <mark.tinka at seacom.com> wrote:

>
>
> On 23/Jul/20 10:43, Lukas Tribus wrote:
>
> > You just need a route to a HTTP proxy (like tinyproxy) in your FIB,
> > just like you already need reachability for monitoring systems, NMS,
> > radius servers etc.
>
> All those monitoring systems live in the IGP, which is in FIB.


Same for an on-prem SSM as well as a proxy.



>
> >
> > No default route or full table necessary on any boxes, just IP
> > reachability of a single, very simple forwarding proxy.
>
> Things that call home into the cloud tend to be a bit flaky. Adding a
> proxy to that can mix things up quite nicely, and I'd prefer to avoid
> that altogether.


Yes, as you add variables you add complexity.

It seems to me though that a forward proxy that connects two TCP sockets is
less complex by an order of magnitude than running a full blown licensing
server which probably needs periodic software updates itself just to
continue to be able to talk to the mothership ...




>
>
> > - if the Cisco Licensing Cloud suddenly denies valid licenses due to
> > temporary technical problems
>
> I would expect that the SSM server has some grace period during which it
> can lose communication with the mothership before starting to become a
> threat to local operations. Not having that would be bad design, as the
> Internet is well, not infallible. Those with SSM can enlighten us.


I'm unsure the SSM has grace periods. The end devices are supposed to have
it though, IIRC.




>
> >
> > - if the US gov suddenly imposes sanctions against your country (and
> > in the simpliest scenario - you are unable to pay for subscriptions
> > because international payments are blocked - this is happening right
> > now between RIPE and iranian LIRs)
>
> Well, this affects you even when you don't have an on-prem SSM server,
> then.


Yes, like I said, this is common to *all* subscriptions based services.


Lukas