Cisco to revamp IOS software

Cisco Systems Inc. will release a new version of its core IOS operating system in the coming months that is more modular, flexible and secure, company executives said last week.

The advance will let users add features to routers and switches without taking them offline, and help companies speed the deployment of services such as VoIP, quality of service and security while minimizing the risk of glitches.

Some users and analysts say the Internetwork Operating System (IOS) improvements were a long time coming, while others contend that such an architectural change could engender a new set of network problems for router administrators.

Mike Volpi, senior vice president of Cisco's Routing Technology Group, outlined the IOS plans last week during an interview with Network World editors.

"Modularity means you have the ability to partition," Volpi said. "So you have a real-time kernel that runs underneath it, rather than the classic embedded kernel of IOS." This partitioning will make the operating system more reliable by reducing downtime because of bug fixes, feature additions, upgrades or unplanned events, he said.

Versions of IOS run on almost all Cisco equipment, from small-office to carrier-class routers and the company's Catalyst enterprise switches, security appliances and Wi-Fi gear.

The software's current architecture is tightly bundled, even monolithic, experts say. IOS includes a base software image with embedded features that are compiled for specific builds to perform certain tasks - from IP and legacy protocol support to firewalling and VoIP.

"To put a feature on a router, you can't just add the little pieces you want," says James Boney, author of the book Cisco IOS In A Nutshell. "You have to upload a whole new IOS version and then reboot," he says. "If you get it wrong, you have to do it over."

Even though IOS is still monolithic, Volpi said the software has become more partitioned over the last few years. Chunks of feature code are now separated, so they don't interfere with each other or with core routing functions.

While an entire IOS image still must be loaded during feature upgrades, the partitioning has set the stage for the new modular IOS architecture.

"Most of the newer (IOS feature) modules have been reasonably well partitioned off already," Volpi says. "They may not have the Posix-like API, (similar) to a Unix operating system, but those are relatively easy to add because we designed it with that modularity in mind."

He adds Cisco also will continue to support IOS as it exists today.

A modular IOS is something Cisco has been cooking for years, says Frank Dzubeck, president of consulting firm Communications Network Architects.

"It's going to be an improvement, in that it will be extremely more stable in the long run," Dzubeck says. It also could help users deploy IOS-based gear faster in large networks. Before new IOS builds are put on live networks today "a lot of regression testing has to be done, which can take months because you might turn on one option that affects others," he says.

Anticipated Cisco's move

Corporate users say they've anticipated the move by Cisco and are eager to see the code.

"At a high level, we've heard about this" IOS change, says Dick Emford, lead network analyst for plastics manufacturer Newell Rubbermaid of Freeport, Ill. "It sounds like a great idea."

Emford says whittling down the myriad IOS versions to a few core software builds is a chore for his network staff, which manages more than 1,000 IOS-based devices across Newell Rubbermaid's WAN and LANs.

"It would be great to get more granularity with IOS, so you could pick functions you want to support at a site and load only those," Emford says. "IOS is so big, and there is so much functionality in there that people don't need anymore. There are a lot of services (in IOS code) that just sit there taking up memory."

"A modular IOS is something we've been inquiring about," says Dave Wiltzius, network division leader at Lawrence Livermore National Laboratory, a U.S. Department of Energy research facility in Livermore, Calif.

He points out that Cisco is not the first major network vendor to move toward modularizing its operating system. Extreme Networks in December launched its Unix-based ExtremeWare XOS operating system for its BlackDiamond 10K core switch. The device runs on an open source Unix kernel with modules - such as security, routing and redundancy protocols - that can be turned on and off while the switch stays online. Wiltzius tested the Extreme BlackDiamond 10K recently in a lab.

"We were kind of surprised at how much we really liked that capability," Wiltzius says. "It really was not as painful a process to fine-tune the software environment (on the switch) to match what we needed," compared with the process of fine-tuning an IOS image for a specific task.

Wiltzius says plans to deploy the Extreme box in production were stalled for budget reasons. However, the ExtremeWare XOS-type of functionality in IOS would be helpful because Lawrence Livermore is predominantly a Cisco shop, he says.

With Cisco gear carrying about 80 percent of the world's Internet traffic, a modularized IOS could help carriers run the 'Net more efficiently, analysts say.

Modular operating systems "are increasingly important as carriers consolidate (point of presence) architectures," says Mark Bieberich, an analyst at The Yankee Group. With the new functionality "a carrier could partition a router to perform core functions - such as aggregation, peering and treatment of (Multi-protocol Label Switching) VPNs - in one physical system."

Bieberich says this treatment usually requires separate and distinct physical devices. As such, modular operating systems could lead to "tremendous reductions in operating costs" by cutting the number of devices, and trunks and links between devices.

While the proposed IOS overhaul will be useful, drawbacks might surface, analysts say.

"Any new software, even minor upgrades, always have issues," says David Newman, president of Network Test, a network equipment evaluation firm, and a Network World Lab Alliance member. "Getting people to adopt it might also be an issue. For many enterprises, it might be akin to upgrading a jet engine in mid-flight."

Dzubeck adds that if IOS is made more Unix-like, "there could be situations where a module could be added that would open up a hole. You didn't have that before in IOS because it was totally closed."

Ironically, some IOS security issues have cropped up recently. Reports have surfaced that hacker tools, built to exploit known weaknesses in certain wired and wireless Cisco gear, now are circulating the Internet.

Volpi says this doesn't expose any fundamental flaw in Cisco technology nor does it represent a great threat to users.

"So far, we've shown to be pretty robust, and there are no major issues that at least we know of," he said. "Being an embedded operating system that sits in a router, (we) don't quite get the attention that a Windows does with a community of hackers."

Join the newsletter!

Error: Please check your email address.
Show Comments

Market Place