Cisco IOS

Cisco IOS (originally Internetwork Operating System) is the operating system used on Cisco Systems routers and some network switches (those which do not use CatOS). It is a multitasking operating system and provides kernel services such as process scheduling as well as the command line interface and routing software.

Cisco IOS has a characteristic command line interface, whose style has been widely copied by other networking software. Unlike most operating systems, which use a command followed by a set of arguments, Cisco IOS provides a fixed set of multiple-word commands. The set of available commands is determined by the "mode"; for example, "global configuration mode" provides commands to change the system's configuration, and "interface configuration mode" provides commands to change the configuration of a specific layer 2 interface. A typical command may be "show interface gi0/48" or "no ip cef traffic-statistics". All commands are assigned a privilege level, from 0 to 15, and can only be accessed by users with the necessary privilege.

Cisco IOS versions are versioned using three numbers and some letters, in the general form x.y(z)aa, where

• x is the major version number of the release
• y is the minor version number
• z is the release number, which begins at one and increments as new releases in the same x.y train are released
• a is the release train identifier, such as none (which designates the mainline, see below), T (for Technology), E (for Enterprise), S (for Service provider) etc.

For example, release 12.3(1) is the first mainline Cisco IOS release of version 12.3. 12.3(2) is the next release, and so on. 12.3(1)T is the first release of the T train, 12.3(2)T the next, and so on.

Cisco IOS releases are split into several "trains", each containing a different set of features. Trains more or less map onto distinct markets or groups of customers that Cisco is targeting. The mainline train is designed to be the most stable release the company can offer, and its feature set never expands during its lifetime -- it only ever gets bug fixes. The T (Technology) train gets new features and bug fixes throughout its life, and is therefore less stable than the mainline. The S train (Service provider) runs only on the company's core router products and is heavily customized for Service Provider (carrier / PTT) customers. The E train is customized for Enterprise routers. There are other trains from time to time, designed for specific needs -- for example, the 12.0AA train contained new code required for Cisco's AS5800 product.

Passwords encrypted with "username jdoe password 7 0832585B1910010713181F" are easily decrypted. Even though this is years old information, people still use these weak hashes. Insecure.org Cisco password decryption

Now a new vulnerability is being kept quiet at Cisco. It allows remote commands to be executed. Wired: Router Flaw is a Ticking Time Bomb

Each release also has one or more "feature sets"; for example, Cisco IOS releases meant for use on Catalyst switches are available as "standard" versions (providing only basic IP routing), "enhanced" versions, which provide full IPv4 routing support, and "advanced IP services" versions, which provide the enhanced features as well as IPv6 support. See White Paper: Cisco IOS Reference Guide

In all versions of Cisco IOS, packet routing and forwarding (switching) are distinct functions. Routing and other protocols run as Cisco IOS processes and ultimately result in a forwarding table (the FIB -- Forwarding Information Base), which is used by the forwarding function of the router. On router platforms with software-only forwarding (e.g. Cisco 7200) most traffic handling, including access control list filtering and forwarding, is done at interrupt level using Cisco Express Forwarding (CEF) or dCEF (Distributed CEF). This means IOS does not have to do a process context switch to forward a packet. In routers with hardware-based forwarding, such as the Cisco 12000 series, Cisco IOS computes the FIB in software and loads it into the forwarding hardware (such as an ASIC or network processor), which does the actual packet forwarding function.

Cisco IOS has a "monolithic" architecture, which means that it runs as a single image and all processes share the same memory space. There is no memory protection between processes, which means that bugs in IOS code can potentially corrupt data used by other processes. It also has a "run to completion" scheduler, which means that the kernel does not pre-empt a running process -- the process must make a kernel call before other processes get a chance to run. For Cisco products that required very high-availability, such as the Cisco CRS-1, these limitations were not acceptable. In addition, competitive router operating systems that emerged 10-20 years after IOS, such as Juniper's JunOS, were designed not to have these limitations. Cisco's response was to develop a new version of Cisco IOS called IOS-XR that offered modularity and memory protection between processes, along with lightweight threads and pre-emptive scheduling. Essentially, it was a port-and-upgrade of the non-kernel IOS code onto a modern real-time OS kernel.

In late August of 2005, Cisco announced its next version of IOS for its high-end switches would be of a "modular" design. Dispensing with the monolithic kernel of prior releases, the new IOS would feature individually restartable processes that could be patched independently of other processes and the IOS as a whole. Whereas past patches would require a complete IOS update and switch reboot, the new modular kernel will allow an administrator to patch just the affected processes. After patching, that particular process could be restarted independent of the rest of the switch, thus reducing overall downtime to the bare minimum. Cisco indicates this technology will ship by the end of 2005 or early 2006.

• MicroPat_iOS
• IOS-XR - Internetwork Operating System
• SAN-OS
• Network Operating System
• CatOS
• Catalyst switch

• Cisco IOS Software Configuration Guides and Command References (Versions 10.0 through 12.4)