Cisco IOS - its the reason I never went very deeply into configuring network equipment. The few times I had contact with IOS resulted in much hair pulling and the sort of language you don't want your boss to hear.
Panic at the Cisco tech, thanks to ancient IOS syntax helper that outsmarted itself
Rejoice, dear reader, for it is Monday – the day to which everyone looks forward. No? Well, the silver lining to this particular cloud is another instalment of Who, Me? – The Reg's weekly tales of techies who thought they were fixing something, but flamed out. This week's hero is a network tech whom we will Regomize as " …
COMMENTS
-
Monday 9th December 2024 07:17 GMT Bebu sa Ware
I guess it had to be Sherlock...
if he were Mycroft then this particular episode would never have occurred.
I didn't notice whether Watson, not being the brains of the firm, found the solution or someone read the manual.
net no sh ip xxx -- No shit Sherlock.
Network engineers never were my favourite IT people partly because of this sort of brain damage. "No shut = open" verges on Newspeak double plus ungood.
-
Monday 9th December 2024 13:52 GMT I could be a dog really
Re: I guess it had to be Sherlock...
"No shut = open" verges on Newspeak double plus ungood
Only because the article is ... to stay polite ... missing a few nuances.
Firstly, I'd say that Sherlock must have been a bit of a noob, or he's only used newer kit that I used to play with. But in ISO speak, "no" simply means the reverse of whatever follows it. So "no shutdown" is not the same as "open", it literally means no shutdown, i.e. the opposite of shutdown. It can be used in many commands, so the command to remove an IP address from an interface is exactly "no" followed by the same command that created it (though there are some nuances with primary & secondary IP addresses), the command to remove an NTP server is "no" followed by the command that added it, and so on.
Personally, I got on (mostly) fine with IOS. What did get me was when they started shipping kit with a Cisco badge on, which wasn't actually Cisco but some other outfit (who's name I forget now) they'd bought which came with "looks like IOS but isn't the same" command line syntax. I also worked with some HP kit (back when HP was good) which had a very similar CLI. And other kit I don't recall now - it was several work hats ago since I did all that.
I guess it's a mindset thing. I'm autistic, and TBH found the very logical CLI in things like IOS fairly easy to work with - as an aside, I also really liked Forth and it's use of RPN (Reverse Polish Notation) which removes the need for braces, rules of precedence, etc. (I'm sure some people will flinch when BODMAS is mentioned) when doing maths.
-
Monday 9th December 2024 20:53 GMT heyrick
Re: I guess it had to be Sherlock...
Yeah, while it's easy to think that "open" should have undone this or that, the flip side of that coin is realising that this is asking for a lot of potentially unexpected behaviour.
To me, having never touched IOS in my life, it makes a lot of sense to have a specific command to reverse an action that, well, reverses the action. And not to have a totally different command maybe do something like that when it shouldn't. More typing, sure, but you know exactly what's being done. No weird side effects.
-
-
Tuesday 10th December 2024 19:34 GMT kraby
Re: I guess it had to be Sherlock...
Okay so I'm a network guy and do work mostly with Cisco stuff. I don't know or use any "open" command with IOS - maybe it precedes my 25 years experience. But the variations in Cisco OSes does get confusing. IOS and IOS-XE are basically the same but IOS-XR is different in my ways but still fairly similar but NX-OS now that one mixes up the order you have to enter commands and many times when I'm trouble shooting I have to have sessions open to a mix of all three variations. And we use a lot of VRFs and also multicast which are some the worst offenders of having different commands for different flavors of Cisco gear. (and wireless controllers are different as well - luckily I seldom have to deal with those as we have a dedicated team that handles those)
-
Wednesday 11th December 2024 17:05 GMT tip pc
Re: I guess it had to be Sherlock...
but NX-OS now that one mixes up the order you have to enter commands
you mean NX-OS running in aci mode.
NX-OS running in non ACI mode works like normal IOS.
i dread logging into that part of the environment that is ACI, and then have to find the ACI controller management IP / name & then remember my way around ACI.
even worse when your sharing your screen, even worse when the audience are fellow network bods.
-
-
-
-
-
Monday 9th December 2024 16:48 GMT myootnt
Let me know when Elvis gets here
Then there are those of us that use the "reload in" command and are persistent enough with our pasting to get a "no debug all" registered in there as the debug loses its mind. I haven't lost a remote device since 2009 and that was a Linksys with an exceptionally crappy GUI and no fail safes.
-
-
-
Monday 9th December 2024 07:40 GMT Flightmode
Context matters
”sh<tab>” will resolve to ”show” everywhere where there isn’t a better match, such as in interface configuration mode, where ”shutdown” is available. So in this case, Sherlock would have simply run the ”shutdown” command on a remote interface, And since in classic IOS commands were executed instantly - branch, meet saw.
One should note here that the command to do something on a Cisco is never ”sh”, there’s always a full, expanded command (”show”, ”shutdown”, or even ”shim” in some places) being executed (even if you don’t see it at the prompt). It’s the console cowboy’s responsibility to know what he’s typing. And believe me, I’ve mistyped a lot of IOS/XE/XR commands over years.
Juniper’s JunOS CLI, on the other hand, auto-expands the commands as you type so you’ll know what the router thinks you meant to do before you hit enter. (You still need to know what you’re doing, though!)
-
Monday 9th December 2024 11:06 GMT Doctor Syntax
Re: Context matters
"It’s the console cowboy’s responsibility to know what he’s typing."
I'd have thought that it's the original programmers' responsibility to not let his code expand an ambiguous command. In the examples you give "sho", "shu" and "shi" should be the minimum. nd not just the programmers, thye QA, the overall management chain.
-
Monday 9th December 2024 13:31 GMT Flightmode
Re: Context matters
I fully agree, and the "current" Cisco OS, IOS-XR, does in fact do this:
RP/0/RP0/CPU0:router(config-if)#sh
% Ambiguous command: "sh"
RP/0/RP0/CPU0:router(config-if)#sh?
show shutdown
RP/0/RP0/CPU0:router(config-if)#
(And also, IOS-XR doesn't execute commands immediately, you need to explicitly run the "commit" command to activate your pending changes.)
And anyone who's been in the business long enough will have internalized using "sho" when you mean to type "show". For the reason that Sherlock encountered. :-)
-
-
Monday 9th December 2024 18:03 GMT Phil O'Sophical
Re: Context matters
You mean when they added the DIFFERENCES command, and DI no longer meant DIRECTORY? That was annoying until you got used to it again. IIRC it did just generate an "ambiguous command" error, though.
I also remember that options were negated by prefixing them with NO, so the "on ... do" error handling was enabled by SET ON, and disabled by SET NOON rather than SET OFF. Logical, but always seemed vaguely strange.
-
Thursday 12th December 2024 02:23 GMT Jamie Jones
Re: Context matters
Ahhh yes, brings back memories. Also, our local computer department would add loads of local commands, so we got hit with those too.
Yeah, it did say the command was ambiguous. No doubt, if it was Unix, it would have silently chosen the most destructive interpretation! :-)
Another good thing was that if appropriate, the second word was the same word for "set" and "show", so you could "show users" and "set users ../limit=.." [or something similar.. I'm going back 35 years!)
-
-
-
Thursday 12th December 2024 02:26 GMT Jamie Jones
Re: Context matters
Worse than that, I remember some email systems used to do similar.
The "user" part could be shortened if it was ambiguous, but you would then get a bounced message saying so, leaking all matching addresses.
Even worse, you can guess what happened if you used to mail mar@address for Marcus, and one day, Marcus left, and Mary started at the same company...
-
-
-
-
-
Wednesday 11th December 2024 15:34 GMT Anonymous Coward
Re: Context matters
In a MUD I used to run, some players would try to trick new admins (imms) into issuing the "disco self" command.
When run as a regular player, it would be interpreted as "discodance self", and post a message about the player dancing.
When run as an imm, it would be interpreted as "disconnect self" (i.e. kick player [me])...
-
-
Monday 9th December 2024 07:58 GMT Pascal Monett
"Ever had a moment when [..] reading the manual didn't help"
Oh yeah. It was way back when Lotus Notes was Release 4. LotusScript had just appeared and I had been tasked for creating a Content Management System for an international customer.
Now, you need to understand two things : the first is that, in those days, a Notes database was limited to 2GB in size. The second thing is a little quirk in the system when you're cycling through all the documents (or records, for you RDBMS people) in a particular view.
The manual says (still to this day) that using view.getnextdocument(olddocument) will give you the next document in the view, which it pretty much does. What the manual does not say is that the old document is not deleted from memory when you do that.
So, in those days, it wasn't much of an issue because Notes databases did not contain hundreds of thousands of documents.
But then R5 came out, and the 2GB cap was lifted. And oh boy, did those databases start filling up. That is when I learned, the hard way, that cycling through 85K+ documents, with attachments, in a view could crash the script (thankfully, not the server). The bug report came in from the customer, and I spent days trying to understand why because the script never crashed on the same document (thank God computers are supposed to work on zeros and ones - God only knows what would happen if fuzzy logic were to be used).
In any case, after much head-scratching, I finally clicked that the script always failed after more than 80K documents had been processed. It took me another few minutes and then I wrote this :
Set olddoc = doc
Set doc = view.getNextDocument(olddoc)
Delete olddoc
With that, magically the script always completed successfully from then on (Delete removes from RAM, not from database).
That is one lesson I have never forgotten.
-
Monday 9th December 2024 11:08 GMT Doctor Syntax
Re: "Ever had a moment when [..] reading the manual didn't help"
"(or records, for you RDBMS people)"
That'll be rows.
I remember Informix going from file/record/field (when it was called Marathon) to relation/tuple/attribute before getting to table/row/column.
"(Delete removes from RAM, not from database)."
Ouch!
-
Monday 9th December 2024 11:42 GMT MiguelC
Re: "(Delete removes from RAM, not from database)."
I remember a co-worker learning that deleting records from an in-memory array meant it could also delete them from the database, depending on the parameters used for creating the damn thing.
Not a fun weekend for him, recovering information from backups and transaction logs. At least he learned, as did others (by example, the best way to learn), that everything should be thoroughly tested before deploying in production, even seemingly small changes.
-
-
Wednesday 11th December 2024 00:14 GMT Outski
Re: "Ever had a moment when [..] reading the manual didn't help"
I always preferred to use a documentcollection based on the view - that way you can use dc.GetNextDocument which is a) more efficient for memory usage, particularly on a client, and b) doesn't risk getting the wrong doc if the view index gets refreshed halfway through or prevents having to use a non-autorefresh view and rebuilding the index at the top of the script.
My personal bête noire, though, was between R5 and R6. Now, in R6 and onwards, if you made a change to the routing config, you could, in most circumstances, implement the change using
tell router update config
and no router restart needed. Lovely.
In R5, though, AAARGH!!!
In R5, that will try to update config.nsf which controls the Single Copy Object Store or, if you're not running that way, starts it.
I still have nightmares about SCOS, trying to clean it, restore, move the data to a new server, anything.
It was very much a case of HERE BE DRAGONS!!!
Side note: I absolutely loved using DAOS when it came out, it made things so much lovelier, more elegant, both for us and the storage guys, without any of the many bear-traps, poisoned arrows and snakepits that came with SCOS,
-
-
Monday 9th December 2024 08:33 GMT volsano
Backward double-negative logic is a predictor of massive future industry dinosaurs.
Fred Brooks called IBM's OS/360 a "multi-million dollar mistake" back when that was a lot of money. Now called Z/OS, its backward COND statement ("Don't run this step if the previous step's return code was not N) is still the mainstay of the financial systems across the world.
-
-
-
Monday 9th December 2024 14:03 GMT I could be a dog really
Re: Pedant
And of course, it works for longer keywords too - so more key presses saved. And most decent shells on Linux (and I assume other Unixen) does much the same thing to some extent or other.
Working entirely from age addled memory ...
conf t => configure terminal
int fa0/1 => interface FastEthernet 0/1
addr => address
no shut => no shutdown
and then when you're done ...
wr mem => write memory
So you see "sh" vs "show" isn't a good example of how many keystrokes (and opportunities for typos) you can save with autocomplete. Of course, if you are sure of what you are typing then you don't bother with the tab (so saving a keypress), otherwise press tab and see the full command.
-
Wednesday 11th December 2024 00:24 GMT PRR
Re: Pedant
> it works for longer keywords too - so more key presses saved. And most decent shells on .....Unixen.... much the same thing
I have a file 'Magic-3-Go-Hydrophlic-Intermittent-Catheter-instructions-for-use.pdf'. The directory it is in, "ma{TAB}" would bring it to the shell command line in 3 pokes. Instead of 68 careful typos. Saves 65 presses PLUS shiftkeystrokes, and that's about my limit these days. (Yes, even with a wrong-case 'm' on front, and even in Win7 cmd instead of a proper Borne/Korn shell, tho Win7 might not insist on proper case.)
-
-
-
Monday 9th December 2024 10:43 GMT Michael H.F. Wilkinson
Nothing to with networks, but operating a 1.5 m (diameter) infrared telescope at an Italian observatory as an undergrad, I was rather horrified that when I typed in the wrong coordinates, and the system asked me to verify the coordinates were right (Y/N), my response "N", resulted in a cheerful "Then I go!" followed by the humming of drive motors to swing the telescope into the requested position. This could result in the liquid nitrogen and, worse, liquid helium to be poured out of the cryostat of the infrared spectrograph we were testing, potentially causing major damage. Happily nothing bad happened, but I did learn from the Italians running the place that any key except Ctrl-D would be interpreted as "Yes". Brilliant!
Suffice to say I was not impressed by their UI design.
-
Monday 9th December 2024 10:50 GMT KittenHuffer
With something like that the UI should always be designed to 'failsafe'. For the given example it should have been that ANYTHING other than a single key combination (e.g. Ctrl-Y) would be taken as a 'no'. It should never have been set so that the 'default' result was the potentially dangerous condition.
-
Monday 9th December 2024 11:06 GMT OhForF'
Even with your improved UI design it should not move at all unless the coordinates entered are in a predefined safe range that is known not that damage the system. Personally i'd opt for adding a couple of manual switches to stop operation before it turns into a health and safety issue.
Trusting programmers and users to get it right? -> See icon
-
Monday 9th December 2024 13:36 GMT Martin an gof
manual switches to stop operation before it turns into a health and safety issue
Once worked somewhere* where a small remote-controlled hoist was operated by, shall we say, "non specialists". It ran backwards and forwards on a high level rail, and the magnet could be raised, lowered and powered up or not.
If said "non specialist" decided to run the thing full tilt along the rail it would eventually find itself at a buffer stop. The people who built it had considered this possibility and fitted microswitches at each end of the rail to cause the control system to stop powering the motor.
Unfortunately, the microswitches were built in to the buffer stop, so only operated in the last 10mm or so of travel, by which time simply removing power from the motor was far too late to prevent the hoist ramming itself loudly into the buffer.
Having had to repair the thing several times, I eventually persuaded TPTB to let me fit another microswitch further up the rail**. Problem solved.
But it really shouldn't have been a problem in the first place.
M.
*Ok, Magna Science Adventure Centre in Rotherham - I've told tales from there before. This was the magnetic "can sorter" in the Fire pavilion
**well, four switches - there were two hoists and the problem existed at both ends of both rails
-
-
Friday 13th December 2024 22:39 GMT Martin an gof
Tell you what always irked me - exhibition aside, the place won the Stirling prize ahead of the Eden Project. I know which I'd have given my vote to.
It was a bit "bitty". Earth, Air, Fire and Water with a few sops to the fact it used to be a steelworks on the long walks between each "pavillion".
M.
-
-
-
Monday 9th December 2024 23:00 GMT Boris the Cockroach
Depends on the control system in use.
Our robots use microswitches to limit motion , we call them the hard stops and some positional data set slightly inboard of the hard stops AKA the soft stops.
However on the control systems one OS will compare the motion to the soft stops and if the motion goes beyond them , it will instantly throw an error, but on the other system we use the robot will move to the soft stop, then throw the error.
And the other major issue we face is where there is equipment bolted to the machine in the way of the motion... but the robot does not know this and will cheerfully move through the equipment if it can. hence programming the buggers tends to take skill and experience.......
-
Tuesday 4th February 2025 16:56 GMT Robert Carnegie
I've encountered systems where the positive answer has to be typing "YES" without benefit of auto-complete. But also, no prompt that "this is possibly wrong and dangerous" will stop every single self-destruct command. You would type "YES" before you had had time to think about it carefully. :-(
-
-
-
Monday 9th December 2024 12:10 GMT tip pc
always do "copy run start" then "reload in" [or its platform equivalent] before starting your work
always do "copy run start" then "reload in" [or its platform equivalent] before starting your work
then you just need to wait for the timer to expire and device to reload (juniper just loads the previous config) and your back as you where before your change.
after 1 event of locking yourself out you likely won't repeat the offence!!!
-
Monday 9th December 2024 13:40 GMT Flightmode
always do "copy run start" then "reload in" [or its platform equivalent] before starting your work
"Copy run start" - what kind of new-fangled talk is that? It's "wr mem", everyone knows that! :-)
But I'll attest to being saved by Juniper's "commit confirmed 5" command ("If I don't type commit[0] again within 5 minutes, roll back my last config changes, please") many times. No reboot required.
[0] If you don't want to add another commit state to your history (only the last 50 commits are stored on-box for easy comparison and rollback! ;-)) a "commit check" will do nicely.
-
-
Monday 9th December 2024 12:25 GMT ColinPa
Whoops - it often does that.
I had a colleague who liked to use short commands. He had E for edit, BR for browse, and ER for erase.
You entered these commands as a line prefix on a list of files. When it finished it changed the first letter of the command to * so BR became *R
I was sitting with him, and he used BR to browse the file, he then typed E to edit the file - and the file was gone!
My colleague said "it often does that - a couple of times a day- I don't now why".
His BR became *R, which then became ER ... to erase the file.
I told him to remove his dangerous short cuts commands. He did seem "accident" prone.
-
-
Monday 9th December 2024 14:09 GMT I could be a dog really
As I've mentioned above, the article doesn't really tell the whole truth. IOS was (at least, last time I worked with it) very intuitive for a lot of stuff. You wouldn't try to reverse a "shut" (short for shutdown) with "open", you'd use "no shut" where "no" means reverse the command that follows.
Dunno what new-fangled illogical stuff it has these days if people are thinking that "open" is the reverse of "shutdown".
-
Tuesday 10th December 2024 00:42 GMT PB90210
Just to add confusion, an interface is shutdown by default unless you use 'no shut'... but 'show run'/'show start' only shows 'shutdown' for the interfaces that are shut and nothing for the interfaces that are open (so no 'no shut'!)
All fun when you get someone taking the config from an existing router and pasting it into a new router... all the interfaces are down until you remember to go through and open up the required ones.
Cisco had another oddity that meant the config would list 'duplex' before 'speed' but you had to set a fixed 'speed' before 'duplex full/half'
-
Tuesday 10th December 2024 12:38 GMT Softsuits
Tunneling and other long envolved 802.X port thing a ma jigs
Net Work is like stitching up well padded straitjacket for those layer five and above percivals. Ya just can't move fast and break things the lower you go. I found myself in a car driving to a throatcut router a couple of times. Those analogish modems are handy in darker moments. Great piece.
-
Thursday 12th December 2024 02:49 GMT J.G.Harston
I as once on a site job setting something up with instructions over the phone from somebody with a weird accent, and instead of giving *actual* *instructions* would recite something something tab something. On reflection, it clearly showed he completely had absolutely no idea what on earth he was doing, having memoried *keystokes* rather than actions. But on the day the issue was that he kept saying - to my ears - enter boatabby contab.. yerwot? He repeated it. enter boatabby contab.. wtaf??? I could hear frustration in his voice as he spelled out: The N key. Then the key next to the Q key... WTF???? (not out loud) You mean *TAB*? WTF not just say *TAB*? You mean N. TAB. O. TAB. etc. On typing it it expanded to net open connection.... WTdoubleplusF? Just *****ing say NET. OPEN. CONNECTION. etc. enter boatabby contab makes absolutely no sense, and neither does en tab oh tab con tab.