On Mon, 17 Aug 2009 18:40:39 -0400, Jared Mauch <jared@puck.nether.net> wrote:
Is there some significant barrier to people getting recent code on the devices that is not impacted by this and the other fun bgp 'attacks' that can happen?
In a word: YES. Any respectable ISP will not load code that has not been extensively tested. Failure to do so can, and WILL, lead to even greater impact outages. (we've all made that mistake. Once.) Unless you do millions with Cisco and can therefore get custom IOS builds, you won't get a newer version with *just* the intended bug fixed. Their maint "rebuilds" end up with multiple "fixes" and all too often, previous fixes reverted. (I stopped counting the number of times I had to bitch at them to refix the SNMP DLCI interface counters on the 7401... "we don't test frame relay on the 7401" -- sure, that's eons ago, but nothing has changed over there.) And then there's the question of support... again, any respectable ISP maintains maint contracts with their vendors. But, things tend to fall through the cracks... contracts expire, people forget to list all the equipment, vendors drop support for various hardware and software, etc. You've obviously not gone to Cisco for any "non-contract" software updates. It's faster to bribe someone with an active service contract or use google. Also... Never underestimate the power of Lazy! --Ricky