[j-nsp] QFX3500 optics lock?
Richard A Steenbergen
ras at e-gerbil.net
Mon Jan 9 19:35:20 EST 2012
On Mon, Jan 09, 2012 at 11:37:03PM +0000, Phil Mayers wrote:
>
> I am not trying to compare this to vendor locking. They are indeed
> completely different, and I merely cite it as illustration of one other
> position on the spectrum of transceiver permissiveness.
>
> I will grant that denying the "new" optic is understandable. But
> shutting down an existing link is deeply unhelpful (as well as TOTALLY
> NON-OBVIOUS to the person inserting the optics).
>
> For starters - what if the existing link is a Genuine Cisco(tm) SFP?
> Then the forged SFP not only doesn't work (fine) but stops a valid SFP
> from working (not fine). Unlikely I will admit, but not impossible.
>
> I will also add that I have no evidence this duplicate checking is
> limited to transceivers matching CISCO* in the EEPROM; for all I know,
> it does it for any transceiver...
In theory the way it's supposed to work is that a cryptographically
verifiable code based on the serial number (probably some sort of hash,
but no clue what they actually use) is written to the EEPROM. That way,
Cisco can give the actual manufacturers a list of SN's and codes equal
to the number of units they're purchasing, to prevent the classic
counterfeiting problem of the factory in China running during the day
for the customer and at night for themselves.
But even without defeating the hash, they can always just clone the
serial number from a known good one... Of course in theory there should
never be two identical serial numbers, so when they do show up in the
same chassis you "should" be guaranteed that they're both counterfeit.
Of course, I'm sure mistakes do happen from time to time, and you could
make the argument that it's bad to affect production customer traffic if
the customer didn't know, but there is at least some logic behind it.
--
Richard A Steenbergen <ras at e-gerbil.net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
More information about the juniper-nsp
mailing list