Sunday, May 16, 2004

Thoughts on Cisco IOS

Yesterday I mentioned the report of the theft of Cisco's IOS. While I have no evidence to support this theory, I always assumed that various nefarious parties already had access to some or all of Cisco's previous IOS versions. While access to source code is not necessary to discover vulnerabilities, the allure of obtaining such a prize (for intellectual and competitive intelligence pursuits) made theft a likely scenario. The February report of the theft of Microsoft's source surely did not represent the first time unsavory parties had access to that intellectual property, either.

What does this event mean for Cisco? I found several excellent articles which gave me food for thought. First, last month reported that Cisco will release a new version of IOS on a new product this summer. This new device, the Huge Faster Router (HFR), is designed to compete with Juniper's core routing product, the T640 (Juniper gear pictured below). The new version of IOS will initially only run on the HFR, but it is expected to eventually migrate down the Cisco product line to the edge networking devices.
Unfortunately for Cisco, the first version of the HFR seems hobbled from the start. It's 23" wide, 4" too wide for the standard telecom rack. According to, IPv6 support is incomplete, degrading purchase propositions from the US DoD. Juniper already won the contract for the Global Information Grid Bandwidth Expansion (GIG-BE). MPLS may also not be fully supported.

On the positive side, reports the new IOS will be more modular. Upgrading IOS may not require taking the device out of service. Certain rumors indicate that IOS might be replaced by the real-time operating system QNX. Just last week QNX Software Systems issued a press release describing how their "QNX Neutrino realtime operating system (RTOS) will be shipping as part of the Cisco uMG9850 QAM Module, a new quadrature amplitude modulation product designed to let cable operators use Gigabit Ethernet to deliver video-on-demand."
Meanwhile, another open source router project is paving the way for alternatives for routing at the network edge. XORP, the eXtensible Open Router Platform, plans to release a live CD once the product is released (soon). XORP is developed on Linux and FreeBSD, and reported on the project last month.
Last from the world of Cisco, two new books from Cisco Press look to be excellent reads for network security architects. Sean Convery, who has a new paper on IPv4 and IPv6 threats, just published Network Security Architectures. Mauricio Arregoces and Maurizio Portolani also just published Data Center Fundamentals. When I read both (almost 2000 pages -- give me a few months) I'll review them at
Update: Cisco announced their new Carrier Routing System on 24 May 04. According to this article, the new 92 Tbps router runs on top of QNX:

"IOS XR helps Cisco catch up in areas such as hot upgrades of software and separation of control, data, and management planes. The software is based on a kernel licensed from QNX Software Systems, but tailored for the job. 'We have made some pretty substantial modifications to [the QNX code] that are Cisco proprietary,' Volpi says."


"The CRS-1 truly is huge and fast, with a capacity of 640 Gbit/s in a 7-foot rack. It scales to 72 shelves rather than the 18 reported by sources, for an unreal 46 Tbit/s maximum capacity, or 1,152 OC768 ports. (Cisco reports this as 92 Tbit/s, using its usual convention of counting ingress and egress capacity separately.)"

1 comment:

Anonymous said...
This comment has been removed by a blog administrator.