Cisco IOS (originally
Internetwork Operating System) is the software used on the vast majority of
Cisco SystemsCisco Systems, Inc. is a multinational corporation with more than 65,000 employees and annual revenue of US$36.10 billion as of 2009. Headquartered in San Jose, California, it designs and sells networking and communications technology and services....
routerA router is a networking device whose software and hardware are usually tailored to the tasks of routing and forwarding information. For example, on the Internet, information is directed to various paths by routers....
s and current Cisco
network switchA network switch is a computer networking device that connects network segments.The term commonly refers to a Network bridge that processes and routes data at the Data link layer of the OSI model...
es.
(Earlier switches ran CatOSCatOS is Cisco Systems' obsoleted Unix-like operating system for many of their Catalyst-brand of legacy network switches. Originally called "XDI" by the switching company Crescendo Communications, Inc., Cisco renamed it to CatOS when they acquired Crescendo in late 1993...
). IOS is a package of routing, switching, internetworking and telecommunications functions tightly integrated with a
multitaskingIn computing, multitasking is a method by which multiple tasks, also known as processes, share common processing resources such as a CPU. In the case of a computer with a single CPU, only one task is said to be running at any point in time, meaning that the CPU is actively executing instructions...
operating system. The first IOS was written by
William YeagerWilliam "Bill" Yeager is an American engineer. He is best-known for being the inventor of a packet-switched, "Ships in the Night," multiple-protocol router in 1981, during his 20 year tenure at Stanford's Knowledge Systems Laboratory.The code was licensed by upstart Cisco Systems in 1987 and...
.
Cisco IOS has a characteristic
command line interfaceA command-line interface is a mechanism for interacting with a computer operating system or software by typing commands to perform specific tasks...
(CLI), whose style has been widely copied by other networking products.
Cisco IOS (originally
Internetwork Operating System) is the software used on the vast majority of
Cisco SystemsCisco Systems, Inc. is a multinational corporation with more than 65,000 employees and annual revenue of US$36.10 billion as of 2009. Headquartered in San Jose, California, it designs and sells networking and communications technology and services....
routerA router is a networking device whose software and hardware are usually tailored to the tasks of routing and forwarding information. For example, on the Internet, information is directed to various paths by routers....
s and current Cisco
network switchA network switch is a computer networking device that connects network segments.The term commonly refers to a Network bridge that processes and routes data at the Data link layer of the OSI model...
es.
(Earlier switches ran CatOSCatOS is Cisco Systems' obsoleted Unix-like operating system for many of their Catalyst-brand of legacy network switches. Originally called "XDI" by the switching company Crescendo Communications, Inc., Cisco renamed it to CatOS when they acquired Crescendo in late 1993...
). IOS is a package of routing, switching, internetworking and telecommunications functions tightly integrated with a
multitaskingIn computing, multitasking is a method by which multiple tasks, also known as processes, share common processing resources such as a CPU. In the case of a computer with a single CPU, only one task is said to be running at any point in time, meaning that the CPU is actively executing instructions...
operating system. The first IOS was written by
William YeagerWilliam "Bill" Yeager is an American engineer. He is best-known for being the inventor of a packet-switched, "Ships in the Night," multiple-protocol router in 1981, during his 20 year tenure at Stanford's Knowledge Systems Laboratory.The code was licensed by upstart Cisco Systems in 1987 and...
.
Cisco IOS has a characteristic
command line interfaceA command-line interface is a mechanism for interacting with a computer operating system or software by typing commands to perform specific tasks...
(CLI), whose style has been widely copied by other networking products. The IOS CLI provides a fixed set of multiple-word
commandsIn computing, a command is a directive to a computer program acting as an interpreter of some kind, in order to perform a specific task. Most commonly a command is a directive to some kind of command line interface, such as a shell....
— the set available is determined by the "mode" and the privilege level of the current user. "Global configuration mode" provides commands to change the system's configuration, and "interface configuration mode" provides commands to change the configuration of a specific interface. All commands are assigned a
privilege level, from 0 to 15, and can only be accessed by users with the necessary privilege. Through the CLI, the commands available to each privilege level can be defined.
Versioning
Cisco IOS is versioned using three numbers and some letters, in the general form
a.b(c.d)e, where:
- a is the major version number.
- b is the minor version number.
- c is the release number, which begins at one and increments as new releases in the same a.b train are released.
- d (omitted from general releases) is the interim build number.
- e (zero, one or two letters) is the release train identifier, such as none (which designates the mainline, see below), T (for Technology), E (for Enterprise), S (for Service provider), XA as a special functionality train, XB as a different special functionality train, etc.
For example, release 12.3(1) is the first mainline Cisco IOS release of version 12.3. 12.3(2) is the next release, and so on. 12.3(1)T is the first release of the T train, 12.3(2)T the next, and so on. Interim builds are candidates for the next release, and are frequently made available by Cisco support as a faster way to provide fixes for bugs before the next release is available. For example, 12.3(1.2)T is the 2nd interim build after release 12.3(1)T.
Rebuilds - Often a rebuild is compiled to fix a single specific problem or vulnerability for a given IOS version. For example, 12.1(8)E14 is a Rebuild, the 14 denoting the 14th rebuild of 12.1(8)E. Rebuilds are produced to either quickly repair a defect, or to satisfy customers who do not want to upgrade to a later major revision because they may be running critical infrastructure on their devices, and hence prefer to minimise change and risk.
Interim releases - Are usually produced on a weekly basis, and form a roll-up of current development effort. The Cisco advisory web site may list more than one possible interim to fix an associated issue (the reason for this is unknown to the general public).
Maintenance releases - Rigorously tested releases that are made available and include enhancements and bug fixes. Cisco recommend upgrading to Maintenance releases where possible, over Interim and Rebuild releases.
Trains
Cisco IOS releases are split into several "trains", each containing a different set of features. Trains more or less map onto distinct markets or groups of customers that Cisco is targeting.
- The mainline train is designed to be the most stable release the company can offer, and its feature set never expands during its lifetime. Updates are released only to address bugs
A software bug is the common term used to describe an error, flaw, mistake, failure, or fault in a computer program or system that produces an incorrect or unexpected result, or causes it to behave in unintended ways. Most bugs arise from mistakes and errors made by people in either a program's...
in the product. The previous technology train becomes the source for the current mainline train — for example, the 12.1T train becomes the basis for the 12.2 mainline. Therefore, to determine the features available in a particular mainline release, look at the previous T train release.
- The T - Technology
Technology is a broad concept that deals with human as well as other animal species' usage and knowledge of tools and crafts, and how it affects a species' ability to control and adapt to its environment...
train, gets new features and bug fixes throughout its life, and is therefore less stable than the mainline. (In releases prior to Cisco IOS Release 12.0, the P train served as the Technology train.) Cisco doesn't recommend usage of T train in production environments unless there is urgency to implement a certain T train's new IOS feature.
- The S - Service Provider
A service provider is an entity that provides services to other entities. Usually this refers to a business that provides subscription or web service to other businesses or individuals...
train, runs only on the company's core router products and is heavily customized for Service Provider customers.
- The E - Enterprise train, is customized for implementation in enterprise environments.
- The B - broadband
Broadband Internet access, often shortened to just broadband, is a high data rate Internet access—typically contrasted with dial-up access using a 56k modem....
train, support internet based broadband features.
- The X* - The XA, XB ... special functionality train, needs to be documented
There are other trains from time to time, designed for specific needs — for example, the 12.0AA train contained new code required for Cisco's AS5800 product.
Packaging / feature sets
Most Cisco products that run IOS also have one or more "feature sets" or "packages", typically eight packages for Cisco routers and five packages for Cisco
network switchA network switch is a computer networking device that connects network segments.The term commonly refers to a Network bridge that processes and routes data at the Data link layer of the OSI model...
es. For example, Cisco IOS releases meant for use on Catalyst switches are available as "standard" versions (providing only basic IP routing), "enhanced" versions, which provide full
IPv4Internet Protocol version 4 is the fourth revision in the development of the Internet Protocol and it is the first version of the protocol to be widely deployed. Together with IPv6, it is at the core of standards-based internetworking methods of the Internet...
routing support, and "advanced IP services" versions, which provide the enhanced features as well as
IPv6Internet Protocol version 6 is the next-generation Internet Protocol version designated as the successor to IPv4, the first implementation used in the Internet and still in dominant use ....
support.
Each individual package corresponds to one service category, such as
- IP data
- Converged voice and data
- Security and VPN
A virtual private network is a computer network that is implemented in an additional software layer on top of an existing larger network for the purpose of creating a private scope of computer communications or providing a secure extension of a private network into an insecure network such as the...
For additional information about Cisco IOS Packaging see
White Paper: Cisco IOS Reference Guide
The exact feature set required for a particular function can be determined using the
Cisco Feature Set Browser.
Architecture
In all versions of Cisco IOS,
packet routingRouting is the process of selecting paths in a network along which to send network traffic. Routing is performed for many kinds of networks, including the telephone network, electronic data networks , and transportation networks...
and forwarding (
switchingLAN switching is a form of packet switching used in local area networks. Switching technologies are crucial to network design, as they allow traffic to be sent only where it is needed in most cases, using fast, hardware-based methods.- Layer 2 switching :...
) are distinct functions. Routing and other protocols run as Cisco IOS processes and contribute to the Routing Information Base (RIB). This is processed to generate the final IP forwarding table (FIB, Forwarding Information Base), which is used by the forwarding function of the router. On router platforms with software-only forwarding (e.g. Cisco 7200) most traffic handling, including
access control listWith respect to a computer filesystem, an access control list is a list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed to be performed on given objects. In a typical ACL, each entry in the...
filtering and forwarding, is done at interrupt level using
Cisco Express ForwardingCisco Express Forwarding is an advanced layer 3 switching technology used mainly in large core networks or the Internet.-Function:CEF is mainly used to increase packet switching speed, reducing the overhead and delays introduced by other routing techniques, increasing overall performance...
(CEF) or dCEF (Distributed CEF). This means IOS does not have to do a process context switch to forward a packet. Routing functions such as
OSPFOpen Shortest Path First is a dynamic routing protocol for use in Internet Protocol networks. Specifically, it is a link-state routing protocol and falls into the group of interior gateway protocols, operating within a single autonomous system . It is defined as OSPF Version 2 in RFC 2328 for...
or
BGPThe Border Gateway Protocol is the core routing protocol of the Internet. It maintains a table of IP networks or 'prefixes' which designate network reachability among autonomous systems . It is described as a path vector protocol...
run at the process level. In routers with hardware-based forwarding, such as the Cisco 12000 series, IOS computes the FIB in software and loads it into the forwarding hardware (such as an
ASICAn application-specific integrated circuit is an integrated circuit customized for a particular use, rather than intended for general-purpose use. For example, a chip designed solely to run a cell phone is an ASIC...
or network processor), which performs the actual packet forwarding function.
Cisco IOS has a "monolithic" architecture, which means that it runs as a single image and all processes share the same memory space. There is no memory protection between processes, which means that bugs in IOS code can potentially corrupt data used by other processes. It also has a
run to completion scheduler, which means that the kernel does not pre-empt a running process — the process must make a kernel call before other processes get a chance to run. For Cisco products that required very high availability, such as the Cisco CRS-1, these limitations were not acceptable. In addition, competitive router operating systems that emerged 10-20 years after IOS, such as
JuniperJuniper Networks, Inc.
is an information technology and computer networking products multinational company, founded in 1996. It is headquartered in Sunnyvale, California, USA. The company designs and sells Internet Protocol network products and services...
's
JUNOSJuniper JUNOS is the software or the network operating system used in the Juniper Networks routers . It is Juniper's single network operating system spanning routing, switching and security platforms on its router products. The corporate strategy of Juniper is to offer a single operating system...
, were designed not to have these limitations. Cisco's response was to develop a new version of Cisco IOS called
IOS XRIOS XR is a train of Cisco Systems' widely deployed Internetworking Operating System , used on their high-end carrier-grade routers such as the CRS-1, 12000, and ASR9000 series.-Architecture:...
that offered modularity and memory protection between processes, lightweight threads, pre-emptive scheduling and the ability to independently re-start failed processes. IOS XR uses a 3rd party
real-time operating systemA real-time operating system is a multitasking operating system intended for real-time applications. Such applications include embedded systems , industrial robots, spacecraft, industrial control , and scientific research equipment.A RTOS facilitates the creation of a real-time system, but does not...
microkernelIn computer science, a microkernel is a computer kernel that provides the mechanisms needed to implement an operating system, such as low-level address space management, thread management, and inter-process communication...
(
QNXQNX is a commercial Unix-like real-time operating system, aimed primarily at the embedded systems market. On September 12, 2007, the source of the QNX kernel was released for non-commercial use.-Description:...
), and a large part of the current IOS code was re-written to take advantage of the features offered by the new kernel — a massive undertaking. But the microkernel architecture removes from the kernel all processes that are not absolutely required to run in the kernel, and executes them as processes similar to the application processes. Through this method, IOS XR is able to achieve the high availability desired for the new router platform. Thus IOS and IOS XR are very different codebases, though related in functionality and design. In 2005, Cisco introduced IOS XR on the Cisco 12000 series platform, extending the microkernel architecture from the CRS-1 to Cisco's widely deployed core router.
In 2006, Cisco has made available
IOS Software ModularityIOS Software Modularity is an extension to the Cisco IOS operating system that allows for an In-Service Software Upgrade of router or switch functionality. IOS Software Modularity appears in version 12.2SXF4 which is available for the Catalyst 6500 Catalyst switch. IOS Software Modularity is...
which extends the QNX microkernel into a more traditional IOS environment, but still providing the software upgrade capabilities that customers are demanding. It is currently available on the Catalyst 6500 enterprise switch.
Security and vulnerabilities
Cisco IOS has proven vulnerable to buffer overflows and other problems that have afflicted other operating systems and applications.
A legacy CLI issue, retained for compatibility reasons, is that passwords encrypted on the CLI as 'Type 7' hash values, such as "
Router(config)#username jdoe password 7 0832585B1910010713181F", are easily decrypted using software called "getpass" available since 1995; the above example decrypts to "stupidpass". Although this is old news, use of these weak hashes continues due to ignorance of the problem. However, the program will not decrypt passwords set with the
enable secret command, which uses
saltedIn cryptography, a salt comprises random bits that are used as one of the inputs to a key derivation function. The other input is usually a password or passphrase. The output of the key derivation function is stored as the encrypted version of the password. A salt can also be used as a part of a...
MD5In cryptography, MD5 is a widely used cryptographic hash function with a 128-bit hash value. As an Internet standard , MD5 has been employed in a wide variety of security applications, and is also commonly used to check the integrity of files...
hashes.
Note: Cisco recommends that all Cisco IOS devices implement the authentication, authorization, and accounting (AAA) security model. AAA can use local,
RADIUSRemote Authentication Dial In User Service is a networking protocol that provides centralized Authentication, Authorization, and Accounting management for computers to connect and use a network service...
, and
TACACS+In computer networking, TACACS+ is a protocol which provides access control for routers, network access servers and other networked computing devices via one or more centralized servers...
databases.
See also
- CatOS
CatOS is Cisco Systems' obsoleted Unix-like operating system for many of their Catalyst-brand of legacy network switches. Originally called "XDI" by the switching company Crescendo Communications, Inc., Cisco renamed it to CatOS when they acquired Crescendo in late 1993...
- SAN-OS
- Network operating system
A networking operating system is an operating system that contains components and programs that allow a computer on a network to serve requests from other computer for data and provide access to other resources such as printer and file systems.-Features:...
- Catalyst switch
Catalyst is the brand name for a variety of network switches sold by Cisco Systems. While commonly associated with Ethernet switches, a number of different interfaces have been available throughout the history of the brand. Cisco acquired several different companies and rebranded their products...
- IOS XR
IOS XR is a train of Cisco Systems' widely deployed Internetworking Operating System , used on their high-end carrier-grade routers such as the CRS-1, 12000, and ASR9000 series.-Architecture:...
- JUNOS
Juniper JUNOS is the software or the network operating system used in the Juniper Networks routers . It is Juniper's single network operating system spanning routing, switching and security platforms on its router products. The corporate strategy of Juniper is to offer a single operating system...
External links