Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1142
Views
0
Helpful
3
Replies

Recommended General Timeline To Upgrade To Newest Code Release

tmbenne1
Level 1
Level 1

‎03-13-2023 07:09 PM

I was wondering what the general consensus was in regard to upgrading switch/routers to the newest version of IOS released?

I know everyone has their own opinions on the matter. I have been a Network Engineer (Cisco centric) for over 20 years, so im sure recommendations have changed over time. It seems like new vulnerabilities are always being discovered, whether they are low, med, high, etc. The security team where I am currently working is requesting us to upgrade everytime a new vunerability is released, regardless of the severity (or if it really even pertains to our configurations). We are at the point where we are basically upgrading as soon as a new version is released and it's taking a lot of time and resources.

In the past at other employers, we typically didn't go to a new version for at least 3-6 months after it was released, and also had to provide a justification for the upgrade, whether the new code had a feature we wanted to implement, or we ran into a bug, or there was a critical vulnerability in the current version we were running. We never just upgraded for the sake of having the latest version available. However, I am basing this off the past, so maybe best practices have changed regarding software management.

Just curious on other opinions out in the field and how they navigate their internal upgrade processes.

Labels:
0 Helpful
3 Replies 3

Leo Laohoo
Hall of Fame
Hall of Fame

‎03-13-2023 10:04 PM - edited ‎03-13-2023 10:06 PM

I have been a network engineer since 2010 and I have never been so busy finding bugs since the introduction of IOS-XE -- Read between the lines.  

Pre-IOS-XE, I used to upgrade our routers, switches, WLC every 6 months.  

0 Helpful

tmbenne1
Level 1
Level 1

‎03-14-2023 06:23 AM

I am currently working on a DoD (Dept of Defense) contract, so security is obviously a major priority. However, constantly upgrading IOS-XE, NX-OS, etc has caused more unplanned issues because the process is so rushed and never tested that it doesnt make much sense to me. I have worked other DoD contracts but I dont remember having to constantly upgrade IOS everytime a low vulnerability is released. 

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to tmbenne1

‎03-14-2023 10:11 PM

IOS-XE is more complicated than classic IOS.  

Any router, switches, WLC running on IOS-XE means there are multiple CPUs.  Monitoring each CPU is vastly different to monitoring a single CPU in classic IOS.  

And memory leak is not an exception either. 

If you are happy rebooting, every 4 to 6 months, any appliances running on IOS-XE, then there should be no problem upgrading the firmware.

0 Helpful
Customers Also Viewed These Support Documents