On 01/03/16 08:22, Gert Doering wrote:
It's an expression of distrust to the software upgrade process...
Numerous vendors who build their network OSes on top of third-party
general-purpose OSes (e.g. Linux) have problems which justify this distrust.
It's not uncommon for the vendor-specific interface to push some of the
config (e.g. SSH, NTP, syslog) down onto the underlying OS, and in some
cases, fail to clean this config up because it has "forgotten" about it.
An example might be that the OS image has a file:
/etc/daemon.conf:
include /etc/daemon.d/*
...and a file gets dropped into /etc/daemon.d when a feature is
configured, but fails to get removed when it is unconfigured, but the
include continues to read it.
I don't want to name any names here, although I am *not* thinking of
Cisco (or Juniper, in fact). But it's a problem I've fought with.
Upgrades != Fresh installs, unless the OS is a complete, self-contained,
read-only image, with the only mutable state being config applied to the
ramdisk *after* boot ;o)
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/