Cisco has upgraded its Catalyst 6500 switch software so individual processes run separately, allowing customers to reboot processes without taking the entire switch offline.

The shift to modular processes makes for simpler software upgrades to sub-systems of the switch that support processes such as TCP, User Datagram Protocol (UDP), routing and FTP, the company said.

It also means that installing security patches from the networking giant will be much easier for customers - something that is vital following several recent critical holes in Cisco's software, most notoriously last month when Cisco went to great lengths to silence one security researcher.

The new architecture is designed to cut the time it takes to check software upgrades such as patches or new features, Cisco said. Because such upgrades can be accomplished via alterations to individual processes rather than to the entire image of Cisco's IOS software, customers need to do less testing to determine if upgraded processes will disrupt other function. The company said upgrades can be done to the routing module, for instance, while the switch is in use without dropping a packet.

Automation of routine maintenance tasks is also included, as well as better diagnostics and resolution of network problems thanks to another new feature called Embedded Event Manager (EEM).

EEM detects more details about the switches' sub-systems than SNMP, so can automatically respond to more minor problems based on policies set by customers. If a given process eats up more CPU capacity than the policy allows, for example, EEM can trigger an automated response.

Running processes independently on switches is common in carrier-grade gear, but is not so widespread in business-class network equipment, said Gartner VP Mark Fabbi. Juniper has been the notable exception with its JunOS software.

Cisco's software upgrade is a big change, Fabbi said. "Before this, IOS was monolithic," he says. "If you want to patch one tiny thing, it's an IOS upgrade."

The upgraded offering could have an impact on network security as well. Customers might be more likely to install Cisco patches sooner because it should be easier to do and the patches won't have the potential broad impact on other sub-systems. "People are reluctant to dabble with IOS as a whole," Fabbi says.

The new software features are scheduled for the end of the year.