On Mon, 17 Aug 2009 18:40:39 -0400, Jared Mauch <ja...@puck.nether.net>
wrote:
Is there some significant barrier to people getting recent code on the
devices that is not impacted by this and the other fun bgp 'attacks'
that can happen?
In a word: YES.
Any respectable ISP will not load code that has not been extensively
tested. Failure to do so can, and WILL, lead to even greater impact
outages. (we've all made that mistake. Once.) Unless you do millions
with Cisco and can therefore get custom IOS builds, you won't get a newer
version with *just* the intended bug fixed. Their maint "rebuilds" end up
with multiple "fixes" and all too often, previous fixes reverted. (I
stopped counting the number of times I had to bitch at them to refix the
SNMP DLCI interface counters on the 7401... "we don't test frame relay on
the 7401" -- sure, that's eons ago, but nothing has changed over there.)
And then there's the question of support... again, any respectable ISP
maintains maint contracts with their vendors. But, things tend to fall
through the cracks... contracts expire, people forget to list all the
equipment, vendors drop support for various hardware and software, etc.
You've obviously not gone to Cisco for any "non-contract" software
updates. It's faster to bribe someone with an active service contract or
use google.
Also... Never underestimate the power of Lazy!
--Ricky