Add a little flash (to your IOS router)

Can’t believe I’ve never played with these before, they’re brilliant.   12.4T Advanced IP Services images are over 32MB in size and it’s not possible to store two different images on the same stock flash drive, which introduces a risk when remote upgrades are required.  If an upgrade goes bad, there are some sites where I can count on remote hands capable of solid support; others, I’m not so fortunate.  So all the remote sites are getting USB keys, now, which will do more for my ability to keep my sites consistent and stable than any other measure implemented in my three years in this position.

 The ISR routers come with a USB port.  Insert USB stick, router recognizes it immediately. 

 Do a “format usbflash0” and it was ready to go.  TFTP’d an image, and set it to boot from the USB stick with “boot system usbflash0:[imagename]”, rebooted, and came back up on an upgraded image.  Removed the memory key, rebooted, and it ignored the “boot system” specification and booted back into the old image from flash.

 Copied the old image from flash onto the USB stick (“copy flash:[oldimage] usbflash0:”), deleted the old image from flash, copied the new image to flash, and done.  Known working image in flash, and both old and new images stored on the USB stick.  In my case, an 1841 recognized a 4GB USB key, which provides 16x more image storage capacity over the default 64MB of Flash that ships with the ISR bundles I order. 

 No need to worry about a reboot leaving you high-and-dry mid-upgrade after you’ve removed an old image to make room for the new one; which should remove any reticence to keeping IOS images current.  Just copy to USB and boot from the stick, first (caveat: takes about 220 seconds to load a 36MB image from USB into RAM on an 1841; takes about 120 seconds to load the same image from flash).  Worst case, you fall back to a known good image in flash.

 For the security conscious, yes, this opens up the ability to have someone stick their own file onto the USB key and somehow get your router to load it; but if they have the physical access to permit them to do this in the first place, it’s simpler for them to just reboot into password recovery mode and do whatever they like.

 Caveats: Cisco will sell you their own USB keys, but they’re about $300 after discount to add 256MB (part number: MEMUSB-64/128/256FT);   I’d rather pay $10 to add 4GB.  I’ve only tested this with a Kingston DataTraveller stick; YMMV.  I also move the “new” image to Flash once I’m ready to go into production with it; the risk being that if you find yourself having to work through a TAC case and they notice that you’re booting from a non-Cisco flash, they may tell you to suck rocks — which is a risk I’m willing to take in order to be able to test and upgrade on my own terms

Have you s…god dammit

<Rawn> I hate when you know for a fact that every person you work with has seen Office Space
<Rawn> and you can’t find your fucking stapler.
<Knehi> HAHAHA
<Rawn> Fuck you.
<Rawn> I have to go on a scavenger hunt for my stapler.  I can’t let anyone know it’s missing.
<Xir> stapler?
<Knehi> just walk around threatening to burn down the building, it will show up
<Rawn> <Xir> stapler?
<Rawn> Have you seen my…god dammit, I’d never hear the fucking end of it.
<Rawn> fuck it, i’ll use a hole punch and an elastic.
<Trolan> just swipe someone else’s
<Thayne> Just send out an email  Subject:  Stapler  Body:  Have you seen mine?
<Ayrahvon> You’ll never hear the end of it on IRC either, bad move. =P
<Rawn> I had to tell SOMEONE
<Rawn> I didn’t need this following me around irl
<Knehi> http://tinyurl.com/6j7e5h
* Trolan makes a note: Ask Ron about his stapler at Blizzcon.
[S+Z] Alicia (ottertothe@c-24-10-235-250.hsd1.ut.comcast.net) has joined channel #OnTheBounty
<Thayne> Hay Ali…Have you seen Ron’s stapler?
<Alicia> Is it red?
<Alicia> Because that would be awesome.
<Thayne> It is in my mind….
<Rawn> -_-
<Cal> I take Ron’s glare to mean that it is, in fact, red.
<Knehi> I take Ron’s glare to mean he still has a love of asian boys, but I take everything Ron does to mean that
<Trolan> so when he says red stapler, he means he wants something reddish, to bend over like a stapler is bent, and get banged hard.
<Trolan> got it.
<Alicia> He is going to poison all of your drinks.
<Rawn> This says a lot more about you people than it does about me.
<Rawn> And I would never waste a drink like that.
<Rawn> I’d just steal theirs.
<Alicia> haha
<Thayne> Shouldn’t you be looking for your stapler?
<Rawn> shouldn’t you be dying in a fire?
<Knehi> http://www.landoverbaptist.org/2008/august/olympicvolleyball.html
<Thayne> YOur vitriol will not help you find your stapler any quicker Sir.

Bombs over Grandma

Came across some old and interesting news while researching older and equally interesting news related to the Cogent/Telia de-peering dispute* (resolved well over a year ago; as a quaint addendum, Cogent as of one month ago has become a transit-free AS). From NetworkWorld last year:

If the United States found itself under a major cyberattack aimed at undermining the nation’s critical information infrastructure, the Department of Defense is prepared, based on the authority of the president, to launch a cyber counterattack or an actual bombing of an attack source.

Anyone else get visions of a phalanx of oblivious grandmothers — with zombie-bots simultaneously attempting to exploit Kaminski’s recent DNS vulnerability — suddenly finding themselves on the receiving end of Apache gunfire?

I am so turned on right now.

*The long-term goal here is to be able to solidly and confidently converse in the language of large-scale backbone providers, so that I might not make an ass out of myself immediately upon joining their ranks.

Whole lot of awesome going on here.

Not only the most excellent song from Dr Horrible’s Sing-Along Blog, but quite clearly the best song of this year.