Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > IOS management

Reply
Thread Tools

IOS management

 
 
Pat Donlon
Guest
Posts: n/a
 
      07-06-2004
I'd like to know how everyone is managing the updates on their Cisco
equipment. I want to be able to keep all the equipment on stable and
non vulnerable releases of IOS or Cat OS. I'm looking at using Cisco
Works 2k at the moment but I'd like to know what other tools are in
use

Cheers

Pat
 
Reply With Quote
 
 
 
 
Ivan Ostres
Guest
Posts: n/a
 
      07-06-2004
In article <(E-Mail Removed) >,
http://www.velocityreviews.com/forums/(E-Mail Removed) says...
> I'd like to know how everyone is managing the updates on their Cisco
> equipment. I want to be able to keep all the equipment on stable and
> non vulnerable releases of IOS or Cat OS. I'm looking at using Cisco
> Works 2k at the moment but I'd like to know what other tools are in
> use
>


Well, I asked the same question a while ago. I got answers that people
generally don't use CW for IOS upgrades.

--
-Ivan.
 
Reply With Quote
 
 
 
 
Alan Strassberg
Guest
Posts: n/a
 
      07-06-2004
In article <(E-Mail Removed) >,
Pat Donlon <(E-Mail Removed)> wrote:
>I'd like to know how everyone is managing the updates on their Cisco
>equipment. I want to be able to keep all the equipment on stable and
>non vulnerable releases of IOS or Cat OS. I'm looking at using Cisco
>Works 2k at the moment but I'd like to know what other tools are in
>use


http://cosi-nms.sourceforge.net/

alan
 
Reply With Quote
 
Pat Donlon
Guest
Posts: n/a
 
      07-06-2004
Ivan Ostres <(E-Mail Removed)> wrote in message news:<(E-Mail Removed) et>...
> In article <(E-Mail Removed) >,
> (E-Mail Removed) says...
> > I'd like to know how everyone is managing the updates on their Cisco
> > equipment. I want to be able to keep all the equipment on stable and
> > non vulnerable releases of IOS or Cat OS. I'm looking at using Cisco
> > Works 2k at the moment but I'd like to know what other tools are in
> > use
> >

>
> Well, I asked the same question a while ago. I got answers that people
> generally don't use CW for IOS upgrades.


What is everyone using then? still doing this manually? I can
understand the reasoning for this but with a large number devices it
becomes combersome and time consuming during the maintenance window.
 
Reply With Quote
 
Hansang Bae
Guest
Posts: n/a
 
      07-07-2004
In article <(E-Mail Removed) >,
(E-Mail Removed) says...
> What is everyone using then? still doing this manually? I can
> understand the reasoning for this but with a large number devices it
> becomes combersome and time consuming during the maintenance window.


We do it manually. Because tools don't scale to a very large
enterprises. It really doesn't take that long if you can get some block
greenzone times. For example, one of my branch networks is being
upgraded to 12.1.19 and that covers 700+ routers. It's the smallest
branch network we have so we're tackling that first. If you plan on 15
to 20 devices per night, it can get done in a reasonable amount of time.


--

hsb

"Somehow I imagined this experience would be more rewarding" Calvin
*************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
************************************************** ******************
Due to the volume of email that I receive, I may not not be able to
reply to emails sent to my account. Please post a followup instead.
************************************************** ******************
 
Reply With Quote
 
Pat Donlon
Guest
Posts: n/a
 
      07-07-2004
Hansang Bae <(E-Mail Removed)> wrote in message news:<(E-Mail Removed)>...
> In article <(E-Mail Removed) >,
> (E-Mail Removed) says...
> > What is everyone using then? still doing this manually? I can
> > understand the reasoning for this but with a large number devices it
> > becomes combersome and time consuming during the maintenance window.

>
> We do it manually. Because tools don't scale to a very large
> enterprises. It really doesn't take that long if you can get some block
> greenzone times. For example, one of my branch networks is being
> upgraded to 12.1.19 and that covers 700+ routers. It's the smallest
> branch network we have so we're tackling that first. If you plan on 15
> to 20 devices per night, it can get done in a reasonable amount of time.
>
>
> --
>
> hsb
>


I see what you're saying here but if your upgrading 700+ routers in
groups of 20, where's does this fit into regular maintenance windows?
Do you just force the changes through your organisation?

Cheers
 
Reply With Quote
 
Ivan Ostres
Guest
Posts: n/a
 
      07-07-2004
In article <(E-Mail Removed) >,
(E-Mail Removed) says...
> Hansang Bae <(E-Mail Removed)> wrote in message news:<(E-Mail Removed)>...
> > In article <(E-Mail Removed) >,
> > (E-Mail Removed) says...
> > > What is everyone using then? still doing this manually? I can
> > > understand the reasoning for this but with a large number devices it
> > > becomes combersome and time consuming during the maintenance window.

> >
> > We do it manually. Because tools don't scale to a very large
> > enterprises. It really doesn't take that long if you can get some block
> > greenzone times. For example, one of my branch networks is being
> > upgraded to 12.1.19 and that covers 700+ routers. It's the smallest
> > branch network we have so we're tackling that first. If you plan on 15
> > to 20 devices per night, it can get done in a reasonable amount of time.
> >
> >
> > --
> >
> > hsb
> >

>
> I see what you're saying here but if your upgrading 700+ routers in
> groups of 20, where's does this fit into regular maintenance windows?
> Do you just force the changes through your organisation?
>
> Cheers
>


I would assume that they have maintenance window per segment...

--
-Ivan.
 
Reply With Quote
 
Hansang Bae
Guest
Posts: n/a
 
      07-08-2004
In article <(E-Mail Removed) >,
(E-Mail Removed) says...
> I see what you're saying here but if your upgrading 700+ routers in
> groups of 20, where's does this fit into regular maintenance windows?
> Do you just force the changes through your organisation?


Yes. This is a branch network so we tackle one router at a time. The
redundant router picks up the load so it works out fine. Normally, our
greenzones are very tight, but it would take years to upgrade our branch
routers if we only had the weekends.


--

hsb

"Somehow I imagined this experience would be more rewarding" Calvin
*************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
************************************************** ******************
Due to the volume of email that I receive, I may not not be able to
reply to emails sent to my account. Please post a followup instead.
************************************************** ******************
 
Reply With Quote
 
Vincent C Jones
Guest
Posts: n/a
 
      07-08-2004
In article <(E-Mail Removed)>,
Hansang Bae <(E-Mail Removed)> wrote:
>In article <(E-Mail Removed) >,
>(E-Mail Removed) says...
>> I see what you're saying here but if your upgrading 700+ routers in
>> groups of 20, where's does this fit into regular maintenance windows?
>> Do you just force the changes through your organisation?

>
>Yes. This is a branch network so we tackle one router at a time. The
>redundant router picks up the load so it works out fine. Normally, our
>greenzones are very tight, but it would take years to upgrade our branch
>routers if we only had the weekends.
>--
>hsb


For those unfamiliar with Hansang's network, be aware that it is a fully
redundant design where every site has two of everything with automatic
failover to alternate routers/links/firewalls/switches/etc. So taking
down a router to upgrade the IOS should have no noticeable impact on
operations. There is also a separate organization which does the actual
touching of the routers and a formal design review process for all
configuration changes to minimize the danger of introducing broken fixes
into the network.

What Hansang does not mention is the testing effort required to
get a new IOS release approved for deployment. It makes the actual
deployment, even across thousands of routers, pale by comparison.

As a side note, back when I was there, their standard design approach
did not provide working redundancy when going through firewalls and
required token rings and RSRB to get SNA redundancy. Guess which
client provided the inspiration for the firewall and DLSw chapters
in my book

--
Vincent C Jones, Consultant Expert advice and a helping hand
Networking Unlimited, Inc. for those who want to manage and
Tenafly, NJ Phone: 201 568-7810 control their networking destiny
http://www.networkingunlimited.com
 
Reply With Quote
 
AnyBody43
Guest
Posts: n/a
 
      07-08-2004
(E-Mail Removed) (Vincent C Jones) wrote
> Hansang Bae <(E-Mail Removed)> wrote:
> >(E-Mail Removed) says...
> >> I see what you're saying here but if your upgrading 700+ routers in
> >> groups of 20, where's does this fit into regular maintenance windows?
> >> Do you just force the changes through your organisation?

> >
> >Yes. This is a branch network so we tackle one router at a time. The
> >redundant router picks up the load so it works out fine. Normally, our
> >greenzones are very tight, but it would take years to upgrade our branch
> >routers if we only had the weekends.
> >--
> >hsb

>
> For those unfamiliar with Hansang's network, be aware that it is a fully
> redundant design where every site has two of everything with automatic
> failover to alternate routers/links/firewalls/switches/etc. So taking
> down a router to upgrade the IOS should have no noticeable impact on
> operations. There is also a separate organization which does the actual
> touching of the routers and a formal design review process for all
> configuration changes to minimize the danger of introducing broken fixes
> into the network.
>
> What Hansang does not mention is the testing effort required to
> get a new IOS release approved for deployment. It makes the actual
> deployment, even across thousands of routers, pale by comparison.


Pat,

The key issue when considering a process like automatically
updating the IOS on (let's say) 700 remote routers is that you
would need to be pretty confident that it was all going to work.

When I was involved with banks and stuff like that they had a
very stringent process of testing and evaluating the code itself
against production like traffic in a lab environment, and they did
find real show stopper bugs in this way.

They would also insist on there being a risk assessment of any
proposed work on the production kit and the written implementation
plan would include a back out plan in the event that things went
horribly wrong. It would be, what is the worst case, how are you
going to fix it? e.g The copy of IOS on your tftp server gets
corrupted but the check sum is not affected.

What might be your backout plan if for whatever (unforseen) reason
you have 700 remote offices not working one morning? Even the lesser
problem of having 700 remote offices without a backup link might get
the management plenty twitchy.


What I would probably do would be to have a written detailed
script (not a program) for each device and would possibly
automate some stages or all of the process. I would do only as
many at a time as I could recover within the change window.
Slow but I need my beauty sleep.

I like automated processes since they work the same way every
time. But I would not set off an automated job that affected
a large number of remote devices. It is too scary for me.

Hope this helps, good luck, sleep well
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
instructions on how to perform an IOS upgrade on a Catalyst 6500 switch (IOS to IOS) Mike Rahl Cisco 1 05-30-2007 05:22 PM
IOS descriptions and IOS for the 3560 Harkin Cisco 1 10-13-2005 02:52 PM
Replace a non IOS 350 Cisco Aironet bridge with IOS Mr Corbett Cisco 5 08-19-2005 09:40 PM
"ip addr dhcp" is not available for my IOS release, who has latest IOS for 2514 and 2509? Ed Kideys, Tech-Train Cisco 3 04-30-2004 07:51 PM
IOS to IOS VPN Problem Evan Mann Cisco 0 02-11-2004 04:42 PM



Advertisments