Fucking Cisco

[theweaselking]

Ah, the joys of needing to speak Ciscoese after a long time away. No, wait, not joy. The other thing.

Ciscoese, you see, is the special magic language of Cisco, and it bears no resemblance to other, similar things.... by design. Cisco have invented new terminology where old terminology existed, use common phrases in distinctly idiosyncratic ways, and actively obfuscate common concepts and commands JUST BECAUSE.

My two favourites from today: In order to bring up an interface that is shut down administratively, the command is "no shutdown". Because "no" means EITHER "do the opposite of the next command" or "restore a setting to the default" indistinguishably except for context, and "shutdown" means "turn off an interface", not "shut down".

And the command to restart a Cisco device is not "restart" or "reboot" or even "shutdown" with a flag. It doesn't know those first two and you're just going to turn off a NIC with the last one. No, you use "reload" - you know, a command that to NORMAL people would mean something like "discard my changes and load the saved ones". Which, in their marginal defense, IS something it does, but then it also reboots. Oh yes, did I fail to mention that? Yeah. If you make changes that require a reboot, save, then reboot, it will immediately discard those changes. Then reboot. Because you missed a critical step there: after SAVING your changes into the configuration file (which caused them to go live, so the device was now working according to any non-reboot-requiring changes you made), you neglected to write those changes into the OTHER configuration file, the one that loads on boot, so that after the device reboots it would load them.[1]

This annoys the fuck out of me.

[1]: (In their defense, there are actually some pretty good reasons for "apply changes immediately, but revert them on a reboot if they're not confirmed after going live" on NETWORKING HARDWARE, but their LANGUAGE for doing it is obtuse and counterproductive, using common concepts in abnormal ways that mean the opposite of what those words and concepts mean everywhere else.)[2]

[2]: (Although I've learned a neat new trick: When working on a remote ASA, immediately after logging in to make a config change schedule a revert-and-reboot "reload" for 30 minutes in the future. Then make your change and whack "save". Run your tests. If your change is working and good, write it to the boot config and cancel your reload. If your change is bad, particularly if you've just fat-fingered yourself into a config that you *can't* fix remotely? Stop. Wait 30 minutes. When the ASA comes back up without your changes, reconnect, and schedule a revert-and-reboot for 30 minutes in the future...)

Comments

[skiriki.livejournal.com]

Foooooooooooooooooooooooook.

You just gave me flashbacks from 2000-2004.

*gibbers and claws at her hair*

It is all coming back to me! NO!

[theweaselking.livejournal.com]

BONUS: ALL INTERFACES START DISABLED BY DEFAULT. SO THE FIRST THING YOU NEED TO DO TO MAKE AN INTERFACE WORK IS "NO SHUTDOWN".

Argh, counterintuitive-by-design.

Also, the 5505 series (and many Cisco switches) will happily let you enable interfaces all day long, and that doesn't matter if they're not assigned to VLANs because without a VLAN it will happily say "yup, I'm enabled, link live, Layer 1, boss! Yes, that's my IP, boss! I SEE PACKETS EVERYWHERE. Wait, what, PROCESS a packet? Fuck no! Packets are dirty. You're dirty. Shut up."

Extra bonus! VLANs are numbered, so you assume VLAN 0 is the first one because EVERY OTHER CISCO THING starts from zero. Nope! 0 is not valid. Okay, so you make the first interface you're setting up (WAN, of course) VLAN 1, make your internal VLAN 2, and everything works! Except VLAN 1 is a special case of a *trusted-by-hardware* VLAN, so suddenly your switch is accepting SSH connections from the WAN side happily and giving them root if they can authenticate as ANYONE. Even though "manage via WAN" is disabled.

Extra Extra bonus: THIS BEHAVIOUR IS NOT EVEN UNIVERSAL ACROSS CISCO DEVICES. The 5510 series, for example, are all "fuck VLANs, that shit is UNSEEMLY". Still other devices don't trust VLAN 1 and *cannot be made* to trust VLAN 1, because VLAN 1 is the WAN, because it's the first interface you set up, OF COURSE.

[skiriki.livejournal.com]

My brain is twitching. I think it is trying to escape through my nose this time before the flashbacks begin for real.

Those ancient beasts I had to deal with...

...on a terminal...

...200 miles away...

...on a shaky net connection...

Nnnnuuuuuuuuuu, I still remember the password and ena password and... GAAAH.

[rbarclay.livejournal.com]

But did you manage to hose the update and then drive there?
Did you "debug all" on a core router?
Did you get to deal with shoving a firmware restore over zmodem over POTS over a couple hundred miles?

[skiriki.livejournal.com]

There was... an inopportune breakage of connection while updating the routing tables, just about when it was the most fatal to occur. And this system was not self-correcting nor self-rebooting.

Fortunately, my coworker who happened to be at that end and nearby, was able to get the keys and reboot the system (although he accidentally booted the Linux server first, but I should not blame the ol' geezer for that, he saved my butt!) in thirty minutes, but that was pretty tense thirty minutes as all our clients were calling me and complaining that the internet is broken...

[rbarclay.livejournal.com]

You poor youngster.

Cisco IOS is ok, esp. when you think of the time it was conceived. They didn't REinvent many things, they were the first there were. Also, it's consistent in its shittyness across a huge (&ancient) set of hardware.Not all of it, though, you got that right.
Remember IOS 10.x? No? You don't get to even fucking rant. And if you do, we'll have a talk about CatOS first.

Cisco PIX *conduits*, OTOH, just caused severe braindamage for no good reason at all (but they're gone now, amd good riddance).

Also, get some Junipers.

[theweaselking.livejournal.com]

I have never had to deal with non-modern Cisco gear, true. And I STILL HATES IT MY PRECIOUS.

I think the oldest stuff I've dealt with is a Cisco 500-series PIX, which is still pretty bloody modern. But no, they were not "REinventing" things, THOSE THINGS ARE ENGLISH WORDS THAT HAVE MEANINGS. Augh.

[jsbowden.livejournal.com]

IOS 10? Go find an alphabet router and we'll talk. Or better yet, for a really horribly inscrutable interface, let's talk Gandalf routers. Fuckin kids today...

[rbarclay.livejournal.com]

If I knew what you're talking about, I might bow to your prowess. I don't so I don't.

But! How about I hold the kid who complains about modern-day IOS while you beat some sense into him?

[pappy-legba.livejournal.com]

Hopefully the Open Compute Project will pry open their monopoly and forcibly inject some sense.

[theweaselking.livejournal.com]

No Open Source Computing project has *ever* had an interface better and more consistent than a paid product.[1] The fact that the paid product sucks will only inspire the Open Source developers into new levels of depravity.


[1]: Hyperbole noted. Counterexamples unnecessary. If you've used Open Source ANYTHING for long you know EXACTLY WHAT I AM TALKING ABOUT.

[thornae.livejournal.com]

Yes. Yes, I do.

"Unity: Because we saw an early Windows 8 screenshot, and thought we should make up something that it might resemble. And make it the default. And break the old stuff that worked."

"Gnome 3: Because Unity doesn't hate its users hard enough".


Seriously, though, the number of FOSS projects I've known that had perfectly usable, intuitive GUIs that were a little bit old-fashioned or ugly, and were then "upgraded" into something shiny and pretty and completely bloody useless...
OTOH, I can't think of too many CLI interfaces I've used that have gone backwards. But some of them are pretty damned awful (ImageMagick, anyone?).

Anyway, I work with a bunch of embedded devices - all made by different, small companies from the ground up, and thus all with different, esoteric interfaces.
Oh, and documentation is something that happens when the marketing people aren't busy. (They're always busy.)
Wheeeee.....

[skiriki.livejournal.com]

I cannot express my hatred of Gnome 3 enough.

I remember the day when I installed Fedora 17, and immediately went "WTF IS THIS SHIT, GIVE ME BACK MY OLD GUI, THIS BLOWS MORE GOATS THAN MARK MILLAR."

I think there might be a reason why I swapped to CentOS...

[thornae.livejournal.com]

Heh - you pretty much just described exactly my experience, and why Fedora lost my loyalty. Except I decided to try Mint, and haven't looked back.


I did mess with a few other smaller distros as well, for comparison, but kept coming back to Mint. (I wasn't alone - I remember seeing Mint suddenly hitting #1 at Distrowatch around that time).

I mean, I really appreciate that there are so many distros and options and things you can do with FOSS, and back in the day I had an awesomely sweet hand-tooled Windowmaker desktop on FreeBSD that was absolutely awesome (for the time), but these days I really appreciate just being able to install an OS, install some software, and have the OS and user interface get out of my way and let me do my thing without having to learn a whole shitload of new habits.


.... although, actually, this is one of the slightly sucky things about being a Grown-Up™ - not having the luxury of spending a solid week learning a new way to do things, like Dvorak or Xmonad.



ETA: Since then, I've had a few people say "You should give Gnome3 another chance - it's so much better now!"
I have done so three times, and every time it shat me to tears within five minutes. Enough is enough.

[skiriki.livejournal.com]

I'm stuck with RH-based architecture, I've tried Ubuntu and other variants and every time I run back to RH-style, screaming and eventually huddling in a dark corner while drawing arcane runes of protection on my skin with a ballpoint pen. I'm a stick in a mud, maybe, but I'm a stick who is sodding right about Gnome 3 being a piece of excrement.

WTF, tablet-like GUI for a server¹. WTF are you smoking, dev team?

¹My main use for Linux is running two servers. They boot to runlevel 3. I do most of configuring remotely, from CLI. There are couple of things I prefer to do from GUI, and those are messing with services and using some sort of GUI-based tool for MySQL (when phpMyAdmin is not an option). Neither are available as a default (!!!) in a fresh-out-of-box install in latest Fedora releases even when you customize packages during install. Nope. You gotta fish out some more obscure packages for those.

[thornae.livejournal.com]

Ah, yeah, I'm mainly doing desktop things these days, so it's not so much hassle to swap architectures. There were still a few quirks I had to relearn, but it was still less annoying than dealing with Gnome 3.

But yeah, Fedora went from being a very nice option for servers to utterly shite.

... I'm pretty sure if I was doing lots of under the hood stuff, I'd just bite the bullet and go back to FreeBSD.

[theweaselking.livejournal.com]

Fedora [...] a very nice option for servers

I think you misspelled "CentOS". Fedora has a very bad habit of being cutting edge and making core changes as "updates". Which is good for a desktop and great for TESTING, but not good for stable-until-I'm-done-with-it servers.

CentOS: Same architecture, same UPDATE-updates, same price, fewer CHANGE-updates within a version.

(RedHat: Expensive CentOS)

[pappy-legba.livejournal.com]

You're talking about a textmode/command line interface, aren't you? Open source scores considerably better when it comes to text interfaces than when GUI's are involved.

[theweaselking.livejournal.com]

I would point out that a CLI is pretty much the definition of an "unfriendly" interface, and open source stuff tends to have bad descriptions of options, but you're right in that they tend to have a crapload of power and options.

But you can have an extremely useful tool with options for every occasion that can do anything you want it to, and it can still have a terrible interface.

[pappy-legba.livejournal.com]

It sounds like that's what Cisco has now.

I've never dealt with their stuff, but it sounds like an interface that was grown instead of built-- features got tacked on haphazardly without a clear architecture dictating it. A clean-sheet design could be better just because it could enforce some consistency. Consistency is king for CLI's, where it is often death for GUI's which need a lot of contextual variation in detail to create a consistent gestalt.

[cleodhna.livejournal.com]

Clearly there are only two options here.

1) Stop using Cisco, so far as you can.

2) Go to Outer Mongolia.
2a) Dive down a waterfall, get caught in an avalanche, be kicked in the head by a wild goat, or endure some other trauma that will cause lasting damage to your brain causing you to forget English.
2b) Spend 10 years in Mongolia living as a nomad. Learn Mongolian.
2c) Learn Cisco. It all makes perfect sense now, doesn't it?

[sandchigger.livejournal.com]

Dude. That whole "schedule a reboot in 30 minutes" thing is brilliant. Consider it stolen.