[c-nsp] NCS IOS-XR rant (was:Re: Internet border router recommendations and experiences)

Phil Bedard philxor at gmail.com
Tue Feb 28 19:40:15 EST 2023 

With XR7 the idea was to mimic how things are done with Linux repos by having a specific RPM repo for the routers and the patches which is managed similar to Linux and that’s how all software is packaged now.  Dependencies are resolved automatically, etc.   RPMs are installed as atomic operations, there is no more install apply, etc.  Most customers do not want to manage an RPM repo for their routers, so they just use whole images.

Thanks,
Phil

From: cisco-nsp <cisco-nsp-bounces at puck.nether.net> on behalf of Steve Mikulasik via cisco-nsp <cisco-nsp at puck.nether.net>
Date: Tuesday, February 28, 2023 at 10:20 AM
To: Mark Tinka <mark at tinka.africa>, cisco-nsp at puck.nether.net <cisco-nsp at puck.nether.net>
Subject: Re: [c-nsp] NCS IOS-XR rant (was:Re: Internet border router recommendations and experiences)
Cisco's method for rolling out updates (basically stuck in the 90s) is becoming more and more of a liability. When evaluating vendors I have started to place high importance in how they handle updates as there is less and less tolerance for leaving anything in a unpatched state for very long. Patch management software should be part of the product, it shouldn't be something I need to pay extra to do in an efficient manner, nor should it be expected you'd build out some scripting solution that accounts for all the annoying oddities a vendors platform should have. Cisco and other vendors need to really do better to ensure that their customers can easily patch so their boxes are not viewed as security liabilities.


-----Original Message-----
From: cisco-nsp <cisco-nsp-bounces at puck.nether.net> On Behalf Of Mark Tinka via cisco-nsp
Sent: Sunday, February 26, 2023 7:55 AM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] NCS IOS-XR rant (was:Re: Internet border router recommendations and experiences)

CAUTION: This email originated from outside of Civeo.
Do not click links or open attachments unless you recognize the sender and know the content is safe.


On 2/26/23 16:44, Tarko Tikan via cisco-nsp wrote:

> Well, not so in practice.
>
> You can't issue install from http:// or any other remote URL.
>
> You have to sit around and issue "install apply" after "install
> replace" is finished. Replace is async so you have to sit around and
> poll the process.
>
> After reboot you have to reconnect to device and issue "install commit".
>
> In some cases direct upgrades from version X to Y fail so you have to
> go through this whole process twice (X to Z to Y) that takes around 2
> hours on NCS540.
>
> In some other X to Y cases there is not sufficient diskspace to
> complete "install replace".
>
> We personally have automated the whole install process via netconf and
> can workaround the quirks relevant for our platforms and versions.
> Many people can't do that or can't justify the expense (when they have
> small number of devices).
>
> Some other issues have been solved by Cisco in latest releases, I
> belive install replace can now be sync operation, maybe not on NCS540
> but on larger platforms (IOS-XR consistency between platforms is an
> issue itself).
>
> So I totally get what Mark and Gert are saying. IOS-XR is currently
> worst NOS operational experience from all large NOSes out there.

Oh gosh - it's such a shame that it's 2023 and we still have to put up with shoddy software maintenance processes, just because a vendor insists that their next generation OS core is worth the daily-use pain.

I could be okay with doing for this for about 10 - 20 nodes in the core.
But even with some level of automation (because you have to baby-sit the automation, especially when the vendor changes things in a bid to "improve" life with their OS), trying to manage this on 100's - 1,000's of nodes in the Metro (or anywhere, really) is just too much of a nightmare.

So you either end up with network gear running very old code because operators can't be asked to spend 2hrs on upgrading a single device, or simply tying up too many engineer hours at the expense of other projects.

Mark.
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-nsp&data=05%7C01%7Csteve.mikulasik%40civeo.com%7C6026c96b2aa84683fd4508db1809a7f5%7C19af17147411493892e842145780331d%7C0%7C0%7C638130201987637854%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=oZ6pox81KyUj2bwtn9pbmXdYK3x1Jf5k4194wD0JXR4%3D&reserved=0
archive at https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpuck.nether.net%2Fpipermail%2Fcisco-nsp%2F&data=05%7C01%7Csteve.mikulasik%40civeo.com%7C6026c96b2aa84683fd4508db1809a7f5%7C19af17147411493892e842145780331d%7C0%7C0%7C638130201987637854%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=arChJnDgaJLcdrhPSrW269c9GcKc3xrWMsqVhlD7C4k%3D&reserved=0

 
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list