Mailing List Archive

NCS IOS-XR rant (was:Re: Internet border router recommendations and experiences)
hey,

> XR for a number of years now has had the concept of a “golden ISO”.
> It’s a single image either built by Cisco or customers can build
> their own that include the base software and the SMUs in a single
> image. You just issue a single “install replace myiso.iso” and
> that’s it.

Well, not so in practice.

You can't issue install from http:// or any other remote URL.

You have to sit around and issue "install apply" after "install replace"
is finished. Replace is async so you have to sit around and poll the
process.

After reboot you have to reconnect to device and issue "install commit".

In some cases direct upgrades from version X to Y fail so you have to go
through this whole process twice (X to Z to Y) that takes around 2 hours
on NCS540.

In some other X to Y cases there is not sufficient diskspace to complete
"install replace".

We personally have automated the whole install process via netconf and
can workaround the quirks relevant for our platforms and versions. Many
people can't do that or can't justify the expense (when they have small
number of devices).

Some other issues have been solved by Cisco in latest releases, I belive
install replace can now be sync operation, maybe not on NCS540 but on
larger platforms (IOS-XR consistency between platforms is an issue itself).

So I totally get what Mark and Gert are saying. IOS-XR is currently
worst NOS operational experience from all large NOSes out there.

--
tarko

_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: NCS IOS-XR rant (was:Re: Internet border router recommendations and experiences) [ In reply to ]
On 2/26/23 16:44, Tarko Tikan via cisco-nsp wrote:

> Well, not so in practice.
>
> You can't issue install from http:// or any other remote URL.
>
> You have to sit around and issue "install apply" after "install
> replace" is finished. Replace is async so you have to sit around and
> poll the process.
>
> After reboot you have to reconnect to device and issue "install commit".
>
> In some cases direct upgrades from version X to Y fail so you have to
> go through this whole process twice (X to Z to Y) that takes around 2
> hours on NCS540.
>
> In some other X to Y cases there is not sufficient diskspace to
> complete "install replace".
>
> We personally have automated the whole install process via netconf and
> can workaround the quirks relevant for our platforms and versions.
> Many people can't do that or can't justify the expense (when they have
> small number of devices).
>
> Some other issues have been solved by Cisco in latest releases, I
> belive install replace can now be sync operation, maybe not on NCS540
> but on larger platforms (IOS-XR consistency between platforms is an
> issue itself).
>
> So I totally get what Mark and Gert are saying. IOS-XR is currently
> worst NOS operational experience from all large NOSes out there.

Oh gosh - it's such a shame that it's 2023 and we still have to put up
with shoddy software maintenance processes, just because a vendor
insists that their next generation OS core is worth the daily-use pain.

I could be okay with doing for this for about 10 - 20 nodes in the core.
But even with some level of automation (because you have to baby-sit the
automation, especially when the vendor changes things in a bid to
"improve" life with their OS), trying to manage this on 100's - 1,000's
of nodes in the Metro (or anywhere, really) is just too much of a nightmare.

So you either end up with network gear running very old code because
operators can't be asked to spend 2hrs on upgrading a single device, or
simply tying up too many engineer hours at the expense of other projects.

Mark.
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: NCS IOS-XR rant (was:Re: Internet border router recommendations and experiences) [ In reply to ]
Cisco's method for rolling out updates (basically stuck in the 90s) is becoming more and more of a liability. When evaluating vendors I have started to place high importance in how they handle updates as there is less and less tolerance for leaving anything in a unpatched state for very long. Patch management software should be part of the product, it shouldn't be something I need to pay extra to do in an efficient manner, nor should it be expected you'd build out some scripting solution that accounts for all the annoying oddities a vendors platform should have. Cisco and other vendors need to really do better to ensure that their customers can easily patch so their boxes are not viewed as security liabilities.


-----Original Message-----
From: cisco-nsp <cisco-nsp-bounces@puck.nether.net> On Behalf Of Mark Tinka via cisco-nsp
Sent: Sunday, February 26, 2023 7:55 AM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] NCS IOS-XR rant (was:Re: Internet border router recommendations and experiences)

CAUTION: This email originated from outside of Civeo.
Do not click links or open attachments unless you recognize the sender and know the content is safe.


On 2/26/23 16:44, Tarko Tikan via cisco-nsp wrote:

> Well, not so in practice.
>
> You can't issue install from http:// or any other remote URL.
>
> You have to sit around and issue "install apply" after "install
> replace" is finished. Replace is async so you have to sit around and
> poll the process.
>
> After reboot you have to reconnect to device and issue "install commit".
>
> In some cases direct upgrades from version X to Y fail so you have to
> go through this whole process twice (X to Z to Y) that takes around 2
> hours on NCS540.
>
> In some other X to Y cases there is not sufficient diskspace to
> complete "install replace".
>
> We personally have automated the whole install process via netconf and
> can workaround the quirks relevant for our platforms and versions.
> Many people can't do that or can't justify the expense (when they have
> small number of devices).
>
> Some other issues have been solved by Cisco in latest releases, I
> belive install replace can now be sync operation, maybe not on NCS540
> but on larger platforms (IOS-XR consistency between platforms is an
> issue itself).
>
> So I totally get what Mark and Gert are saying. IOS-XR is currently
> worst NOS operational experience from all large NOSes out there.

Oh gosh - it's such a shame that it's 2023 and we still have to put up with shoddy software maintenance processes, just because a vendor insists that their next generation OS core is worth the daily-use pain.

I could be okay with doing for this for about 10 - 20 nodes in the core.
But even with some level of automation (because you have to baby-sit the automation, especially when the vendor changes things in a bid to "improve" life with their OS), trying to manage this on 100's - 1,000's of nodes in the Metro (or anywhere, really) is just too much of a nightmare.

So you either end up with network gear running very old code because operators can't be asked to spend 2hrs on upgrading a single device, or simply tying up too many engineer hours at the expense of other projects.

Mark.
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-nsp&data=05%7C01%7Csteve.mikulasik%40civeo.com%7C6026c96b2aa84683fd4508db1809a7f5%7C19af17147411493892e842145780331d%7C0%7C0%7C638130201987637854%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=oZ6pox81KyUj2bwtn9pbmXdYK3x1Jf5k4194wD0JXR4%3D&reserved=0
archive at https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpuck.nether.net%2Fpipermail%2Fcisco-nsp%2F&data=05%7C01%7Csteve.mikulasik%40civeo.com%7C6026c96b2aa84683fd4508db1809a7f5%7C19af17147411493892e842145780331d%7C0%7C0%7C638130201987637854%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=arChJnDgaJLcdrhPSrW269c9GcKc3xrWMsqVhlD7C4k%3D&reserved=0

?
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: NCS IOS-XR rant (was:Re: Internet border router recommendations and experiences) [ In reply to ]
On Sun, Feb 26, 2023 at 6:45 AM Tarko Tikan via cisco-nsp <
cisco-nsp@puck.nether.net> wrote:

> hey,
>
> > XR for a number of years now has had the concept of a “golden ISO”.
> > It’s a single image either built by Cisco or customers can build
> > their own that include the base software and the SMUs in a single
> > image. You just issue a single “install replace myiso.iso” and
> > that’s it.
>
> Well, not so in practice.
>
> You can't issue install from http:// or any other remote URL.
>
> You have to sit around and issue "install apply" after "install replace"
> is finished. Replace is async so you have to sit around and poll the
> process.
>
> After reboot you have to reconnect to device and issue "install commit".
>

My long-term solution to this problem is to install with iPXE. That lets
you do it via HTTP and without all the nonsense :)

A bit sad though that it cannot be done similarly cleanly via CLI.
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: NCS IOS-XR rant (was:Re: Internet border router recommendations and experiences) [ In reply to ]
Hi,

On Tue, Feb 28, 2023 at 08:33:47AM -0800, William McCall via cisco-nsp wrote:
> My long-term solution to this problem is to install with iPXE. That lets
> you do it via HTTP and without all the nonsense :)

This sounds like a fairly long downtime to do upgrades... not exactly
what I want either.

gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany gert@greenie.muc.de
Re: NCS IOS-XR rant (was:Re: Internet border router recommendations and experiences) [ In reply to ]
Yes there are some various differences depending on what versions you are using.

You can, at least in later versions use install replace with http, at least with GISO. You also do not need the apply command, and you can include ?commit? in the replace command so it?s not required after the device reboots.

Phil

From: cisco-nsp <cisco-nsp-bounces@puck.nether.net> on behalf of Tarko Tikan via cisco-nsp <cisco-nsp@puck.nether.net>
Date: Sunday, February 26, 2023 at 9:45 AM
To: cisco-nsp@puck.nether.net <cisco-nsp@puck.nether.net>
Subject: [c-nsp] NCS IOS-XR rant (was:Re: Internet border router recommendations and experiences)
hey,

> XR for a number of years now has had the concept of a ?golden ISO?.
> It?s a single image either built by Cisco or customers can build
> their own that include the base software and the SMUs in a single
> image. You just issue a single ?install replace myiso.iso? and
> that?s it.

Well, not so in practice.

You can't issue install from http:// or any other remote URL.

You have to sit around and issue "install apply" after "install replace"
is finished. Replace is async so you have to sit around and poll the
process.

After reboot you have to reconnect to device and issue "install commit".

In some cases direct upgrades from version X to Y fail so you have to go
through this whole process twice (X to Z to Y) that takes around 2 hours
on NCS540.

In some other X to Y cases there is not sufficient diskspace to complete
"install replace".

We personally have automated the whole install process via netconf and
can workaround the quirks relevant for our platforms and versions. Many
people can't do that or can't justify the expense (when they have small
number of devices).

Some other issues have been solved by Cisco in latest releases, I belive
install replace can now be sync operation, maybe not on NCS540 but on
larger platforms (IOS-XR consistency between platforms is an issue itself).

So I totally get what Mark and Gert are saying. IOS-XR is currently
worst NOS operational experience from all large NOSes out there.

--
tarko

_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: NCS IOS-XR rant (was:Re: Internet border router recommendations and experiences) [ In reply to ]
With XR7 the idea was to mimic how things are done with Linux repos by having a specific RPM repo for the routers and the patches which is managed similar to Linux and that’s how all software is packaged now. Dependencies are resolved automatically, etc. RPMs are installed as atomic operations, there is no more install apply, etc. Most customers do not want to manage an RPM repo for their routers, so they just use whole images.

Thanks,
Phil

From: cisco-nsp <cisco-nsp-bounces@puck.nether.net> on behalf of Steve Mikulasik via cisco-nsp <cisco-nsp@puck.nether.net>
Date: Tuesday, February 28, 2023 at 10:20 AM
To: Mark Tinka <mark@tinka.africa>, cisco-nsp@puck.nether.net <cisco-nsp@puck.nether.net>
Subject: Re: [c-nsp] NCS IOS-XR rant (was:Re: Internet border router recommendations and experiences)
Cisco's method for rolling out updates (basically stuck in the 90s) is becoming more and more of a liability. When evaluating vendors I have started to place high importance in how they handle updates as there is less and less tolerance for leaving anything in a unpatched state for very long. Patch management software should be part of the product, it shouldn't be something I need to pay extra to do in an efficient manner, nor should it be expected you'd build out some scripting solution that accounts for all the annoying oddities a vendors platform should have. Cisco and other vendors need to really do better to ensure that their customers can easily patch so their boxes are not viewed as security liabilities.


-----Original Message-----
From: cisco-nsp <cisco-nsp-bounces@puck.nether.net> On Behalf Of Mark Tinka via cisco-nsp
Sent: Sunday, February 26, 2023 7:55 AM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] NCS IOS-XR rant (was:Re: Internet border router recommendations and experiences)

CAUTION: This email originated from outside of Civeo.
Do not click links or open attachments unless you recognize the sender and know the content is safe.


On 2/26/23 16:44, Tarko Tikan via cisco-nsp wrote:

> Well, not so in practice.
>
> You can't issue install from http:// or any other remote URL.
>
> You have to sit around and issue "install apply" after "install
> replace" is finished. Replace is async so you have to sit around and
> poll the process.
>
> After reboot you have to reconnect to device and issue "install commit".
>
> In some cases direct upgrades from version X to Y fail so you have to
> go through this whole process twice (X to Z to Y) that takes around 2
> hours on NCS540.
>
> In some other X to Y cases there is not sufficient diskspace to
> complete "install replace".
>
> We personally have automated the whole install process via netconf and
> can workaround the quirks relevant for our platforms and versions.
> Many people can't do that or can't justify the expense (when they have
> small number of devices).
>
> Some other issues have been solved by Cisco in latest releases, I
> belive install replace can now be sync operation, maybe not on NCS540
> but on larger platforms (IOS-XR consistency between platforms is an
> issue itself).
>
> So I totally get what Mark and Gert are saying. IOS-XR is currently
> worst NOS operational experience from all large NOSes out there.

Oh gosh - it's such a shame that it's 2023 and we still have to put up with shoddy software maintenance processes, just because a vendor insists that their next generation OS core is worth the daily-use pain.

I could be okay with doing for this for about 10 - 20 nodes in the core.
But even with some level of automation (because you have to baby-sit the automation, especially when the vendor changes things in a bid to "improve" life with their OS), trying to manage this on 100's - 1,000's of nodes in the Metro (or anywhere, really) is just too much of a nightmare.

So you either end up with network gear running very old code because operators can't be asked to spend 2hrs on upgrading a single device, or simply tying up too many engineer hours at the expense of other projects.

Mark.
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-nsp&data=05%7C01%7Csteve.mikulasik%40civeo.com%7C6026c96b2aa84683fd4508db1809a7f5%7C19af17147411493892e842145780331d%7C0%7C0%7C638130201987637854%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=oZ6pox81KyUj2bwtn9pbmXdYK3x1Jf5k4194wD0JXR4%3D&reserved=0
archive at https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpuck.nether.net%2Fpipermail%2Fcisco-nsp%2F&data=05%7C01%7Csteve.mikulasik%40civeo.com%7C6026c96b2aa84683fd4508db1809a7f5%7C19af17147411493892e842145780331d%7C0%7C0%7C638130201987637854%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=arChJnDgaJLcdrhPSrW269c9GcKc3xrWMsqVhlD7C4k%3D&reserved=0

?
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: NCS IOS-XR rant (was:Re: Internet border router recommendations and experiences) [ In reply to ]
On Wed, 1 Mar 2023 at 02:41, Phil Bedard via cisco-nsp
<cisco-nsp@puck.nether.net> wrote:

> With XR7 the idea was to mimic how things are done with Linux repos by having a specific RPM repo for the routers and the patches which is managed similar to Linux and that’s how all software is packaged now. Dependencies are resolved automatically, etc. RPMs are installed as atomic operations, there is no more install apply, etc. Most customers do not want to manage an RPM repo for their routers, so they just use whole images.

I believe this is why people prefer Linux containers to legacy
time-shared mutable boxes, the mutable package management is actually
anti-pattern today.

I wonder why I can upgrade my IRC client while keeping state, but I
can't upgrade my BGP.

There are two paths that consumers would accept
a) immutable NOS, you give it image, it boots up and converges in <5min
b) mutable NOS, process restarts keep state, if upgrade is hitful,
forwarding stoppage should be measured in low seconds

I think a) is far easier to achieve.

--
++ytti
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: NCS IOS-XR rant (was:Re: Internet border router recommendations and experiences) [ In reply to ]
hey,

> My long-term solution to this problem is to install with iPXE. That lets
> you do it via HTTP and without all the nonsense :)

Unfortunately this is only possible via OOB ethernet management port. So
this cannot be used for thousands of devices on the field where you only
have inband management.

--
tarko

_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: NCS IOS-XR rant (was:Re: Internet border router recommendations and experiences) [ In reply to ]
On 3/1/23 10:04, Saku Ytti wrote:

> There are two paths that consumers would accept
> a) immutable NOS, you give it image, it boots up and converges in <5min
> b) mutable NOS, process restarts keep state, if upgrade is hitful,
> forwarding stoppage should be measured in low seconds
>
> I think a) is far easier to achieve.

I prefer a), which is why I was never in favour of ISSU, despite all the
marketing that was as "promising" as IPoDWDM...

The fancier NOS management tries to get, the more we realize we got it
right the first time, way back then.

Mark.

_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: NCS IOS-XR rant (was:Re: Internet border router recommendations and experiences) [ In reply to ]
hey,

> You can, at least in later versions use install replace with http, at
> least with GISO.  You also do not need the apply command, and you can
> include “commit” in the replace command so it’s not required after the
> device reboots.

Not sure all those improvements have been delivered for NCS540 for
example. But thats not the point.

The problem is, when doing deployment, you need to work with whatever
software is on the devices from factory. You might have hundreds of
devices in stock with XR 7.2 so you have to work with that.

Unfortunately XR ZTP doesn't allow for automatic GISO upgrades either
(before anyone mentions, yes it's possible with iPXE via OOB management
but thats unusable on the field).

Some other vendors allow sending device config *and* software images in
the ZTP process so you don't have to automate that part yourself, only
the upgrades that follow and these you can then baseline from whatever
version you are deploying.

ZTP is such a low hanging fruit and vendors constantly get it wrong
(little details matter). Sure, they deliver fixes and improvements but
this may be after you already have thousand devices delivered that don't
behave.

--
tarko

_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: NCS IOS-XR rant (was:Re: Internet border router recommendations and experiences) [ In reply to ]
hey,

> With XR7 the idea was to mimic how things are done with Linux repos
> by having a specific RPM repo for the routers and the patches which
> is managed similar to Linux and that’s how all software is packaged
> now.

I'd argue you'd want your devices to be cattle and not pets. When doing
upgrades you want all your devices end up in same state and GISO
provides that. When doing investigation you don't have to go and compare
specific RPM versions that someone might have installed etc.

--
tarko

_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: NCS IOS-XR rant (was:Re: Internet border router recommendations and experiences) [ In reply to ]
I agree, I mentioned earlier most just want a single image where they load the image, reboot the box if that?s required, and that?s it. Managing application level software patches isn?t something most want to keep track of or maintain. Whle the flexibility is there to do that, it?s not necessarily something I would advocate.

Thanks,
Phil

From: cisco-nsp <cisco-nsp-bounces@puck.nether.net> on behalf of Tarko Tikan via cisco-nsp <cisco-nsp@puck.nether.net>
Date: Wednesday, March 1, 2023 at 3:56 AM
To: cisco-nsp@puck.nether.net <cisco-nsp@puck.nether.net>
Subject: Re: [c-nsp] NCS IOS-XR rant (was:Re: Internet border router recommendations and experiences)
hey,

> With XR7 the idea was to mimic how things are done with Linux repos
> by having a specific RPM repo for the routers and the patches which
> is managed similar to Linux and that?s how all software is packaged
> now.

I'd argue you'd want your devices to be cattle and not pets. When doing
upgrades you want all your devices end up in same state and GISO
provides that. When doing investigation you don't have to go and compare
specific RPM versions that someone might have installed etc.

--
tarko

_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: NCS IOS-XR rant (was:Re: Internet border router recommendations and experiences) [ In reply to ]
------- Original Message -------
On Wednesday, March 1st, 2023 at 09:43, Tarko Tikan via cisco-nsp <cisco-nsp@puck.nether.net> wrote:

> > My long-term solution to this problem is to install with iPXE. That lets
> > you do it via HTTP and without all the nonsense :)
>
>
> Unfortunately this is only possible via OOB ethernet management port. So
> this cannot be used for thousands of devices on the field where you only
> have inband management.

"ztp initiate dataport"

https://www.cisco.com/c/en/us/td/docs/iosxr/ncs5xx/system-management/65x/b-system-management-cg-65x-ncs540/b-system-management-cg-65x-ncs540_chapter_01000.html

Cheers,
James.

_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: NCS IOS-XR rant (was:Re: Internet border router recommendations and experiences) [ In reply to ]
hey,

> "ztp initiate dataport"

We were discussing iPXE and not normal ZTP. iPXE is only possible via
OOB management port and allows software install via DHCP options, normal
ZTP will work inband but does not allow software install via DHCP options.

--
tarko

_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: NCS IOS-XR rant (was:Re: Internet border router recommendations and experiences) [ In reply to ]
------- Original Message -------
On Saturday, March 4th, 2023 at 16:38, Tarko Tikan <tarko@lanparty.ee> wrote:
>
> hey,

Yo,

> > "ztp initiate dataport"
>
>
> We were discussing iPXE and not normal ZTP. iPXE is only possible via
> OOB management port and allows software install via DHCP options, normal
> ZTP will work inband but does not allow software install via DHCP options.

Ah I slightly misunderstood but actually you can install via ZTP using the command I mentioned: DHCP can return an option which contains a HTTP URL to a bash or python script, the router will get that an execute it. That script can then do whatever you want, i.e. download an image file, a config file, and run the commands to apply/install the image and apply the config.


Cheers,
James.
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/