On Thursday, September 05, 2013 04:55:31 PM Jim Pingle wrote: > I'm not opposed to auto-update if it's done securely and > opt-in. Especially if you can schedule the time it takes > place (e.g. specific day, specific time frame).
The problem with updating router/switch software, as you know, is that you can't guarantee that what was working before won't be broken after the update. In addition to the downtime (large routers and switches can take several, several minutes to boot), a lot of service providers won't update for this reason. That said, the vendors tend to issue workarounds that don't require software updates, and as such, reboots. This is not always the case, and in some scenarios, a software update is your only option. Vendors have attempted in-service updates (ISSU and friends), but this is not very practical as of now, and tends to work less often than not. Monitoring your infrastructure with simple tools like RANCID is an effective and quick way to know what has changed on your network, so you can investigate any potential breaches. Unlike laptops and desktops, the latest software for routers and switches isn't always the greatest :-). Mark.
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
