Recent Nexus Features

Author
Peter Welcher
Architect, Operations Technical Advisor

This blog is about recent Nexus features. It reflects something I’ve been meaning to do for a few weeks now. I find that I get busy and don’t get around to looking at recent Cisco release notes to look for new features. I imagine you do that too. This blog is intended to give you a brief listing of new Nexus features along with the relevant links so you can quickly drill down on details if you need to.

I’m going to omit new hardware support since that gets a bit complicated — use the links for details. Be sure to check for things like linecards and Nexus 2K / B22 modules. (Did you know there are now 3 flavors: HP, Dell, Fujitsu?)

Nexus 7K, NX-OS 6.1(3)

Release Notes dated 2/23/2013

  • Four Queue Support for F2 Series Modules
    • 4Q instead of 2Q
  • Result Bundle Hash Load Balancing and Distribution
    • Port-channel load balancing
  • Deny ACE Support for VACL, PBR, and QoS
    • Deny ACL entries in a sequence for VACL, PBR, QoS
  • QoS MIB Support
  • Minimum Links on the FEX Fabric Port Channel
    • When # links falls below the minimum for a FEX fabric port-channel, the host-facing interfaces of the FEX are suspended.
  • Smart Zoning
  • 100G-SR10 Optics Support
  • PowerOn Auto Provisioning Template Script
  • New Cisco MAC Address for BPDUs Sent on vPCs
    • 00:26:0b:xx:xx:xx as source of BPDUs on vPC ports
  • FabricPath Port-Channel Limit Command for vPC+
    • VDCs with an F2 module support more than 244 vPC+ port-channels.

Nexus 7K, NX-OS 6.1(2)

Release Notes dated 10/26/2012

  • Power on Auto Provisioning (POAP)
  • Python Scripting
  • DCSP-to-Queue on the Enhanced F2 Series Modules
  • vPC+ For Cisco Nexus 2000 Fabric Extender Server Ports
  • FabricPath on F2 Series Modules
    • New command to avoid MAC learning on FabricPath core ports or in VLANs where there is no SVI
  • Sampled NetFlow (on F2 modules, ingress only)

Nexus 7K, NX-OS 6.1(1)

Release Notes dated 8/10/2012.

  • Virtual Device Context
    • Admin VDC (optional) for Sup 2 and 2E
    • VDC control groups: CPU shares per VDC (Sup 2 or 2E)
    • Sup 2E supports admin + 8 VDCs
  • IP Service Level Agreement
    • Basic IP SLA (a few operations).
  • FCoE Support
    • Licensed feature for the F2 card in the N7K
  • FEX Scalability
    • More FEX per N7K!
  • Additional New Functionality
    • BGP add path capability
    • ERSPAN on F2 Series modules
    • FabricPath traceroute PONG
    • IS-IS for v6 single topology
    • Online diagnostics including the SnakeLoopback and RewriteEngineLoopback test on F2 Series modules
    • OSPF flexible distance manipulation
    • PVLAN on F2 Series modules
    • QoS DSCP to queue mapping for IPv4 on F2 Series modules
    • RBACL
    • Cisco Nexus 4000 FCoE Initialization Protocol (FIP) snooping

Nexus 55xx, NX-OS 6.0(2) N1(1)

Release Notes dated 1/31/2013.

  • Ingress Policing
  • Glean Throttling
    • Gleans are when ARP entry not found for next hop and the routed packet has to be punted to the supervisor. This feature protects the supervisor from too many gleans by creating a /32 drop adjacency.
  • ACL Logging
    • Per-flow logging
  • POAP Enhancement (POAP = Power-On Auto-Provisioning)
  • Nexus 2248 PQ 10G FEX support

Nexus 55xx, NX-OS 5.2(1)N1(1) and Later

Release Notes first dated 7/13/2012 with updates.

  • NIF Storm Control
    • Storm Control for N2K uplinks.
  • Cisco Management Interface over SSH
    • XML over SSH / NETCONF.
  • IPv6 Support for Additional Features
    • See the Release Notes, about 12 IPv6 features.
  • PTP Support
    • Precision Timing Protocol, IEEE 1588
  • Open Shortest Path First (OSPFv3)
  • Configuration Synchronization Enhancements
  • Predefined SAN Admin User Role
  • Multicast Scaling
    • Control the maximum number of entries in the IPmc routing table.
  • Dynamic System Reserved VLAN Range
    • Change the reserved range to any other 80 contiguous VLANs. Not 4094.
  • Increased Host Route Support
    • IPv4 to 16,000, IPv6 to 8,000.
  • IGMP Snoop Limits
  • Virtual Port Channel Peer Switch
    • Avoids need to pin STP root to primary switch, improves convergence
  • Object Tracking Enhancements
  • Fabric Path Multiple Topologies
    • Default/base and local VLAN topology (topology 1).
  • ACL Logging over Management Interface
  • Python Scripting APIs
  • POAP with Python Scripts

References

Nexus 7K Release Notes: http://www.cisco.com/en/US/products/ps9402/prod_release_notes_list.html.

In particular, see:

References — Nexus 55xx

Nexus 55xx / 2K Release Notes: http://www.cisco.com/en/US/products/ps9670/prod_release_notes_list.html.

Upcoming Blogs

I’ll be off to Network Field Day #5 on Tuesday 3/5/13, and I will likely be blogging about interesting things I hear about or want to react to. After that, I have some design ideas I’d like to share, likely interspersed with items from the CCIE R&S series. Watch this space!

Disclosure

The vendors for NFD 5 are paying my travel expenses and perhaps providing small gift items, so I wish to disclose that in my blogs now. The vendors in question are: Cisco, Brocade, Juniper, Plexxi, Ruckus, and SolarWinds. I’d like to think that my blogs aren’t influenced by that. Yes, the time spent in presentations and discussion gets me and the other attendees looking at and thinking about the various vendors’ products, marketing spin, and their points of view. I intend to try to remain as objective as possible in my blogs. I’ll concede that cool technology gets my attention! Stay tuned!

One response to “Recent Nexus Features

  1. My favorite is "Deny ACE Support for VACL, PBR, and QoS", so in the most recent code, no longer does Deny Equals Permit in NX-OS QoS ACLs as discussed in [url]http://www.netcraftsmen.net/resources/blogs/deny-equals-permit-in-nx-os-qos-acls.html[/url]

Leave a Reply

 

Nick Kelly

Cybersecurity Engineer, Cisco

Nick has over 20 years of experience in Security Operations and Security Sales. He is an avid student of cybersecurity and regularly engages with the Infosec community at events like BSides, RVASec, Derbycon and more. The son of an FBI forensics director, Nick holds a B.S. in Criminal Justice and is one of Cisco’s Fire Jumper Elite members. When he’s not working, he writes cyberpunk and punches aliens on his Playstation.

 

Virgilio “BONG” dela Cruz Jr.

CCDP, CCNA V, CCNP, Cisco IPS Express Security for AM/EE
Field Solutions Architect, Tech Data

Virgilio “Bong” has sixteen years of professional experience in IT industry from academe, technical and customer support, pre-sales, post sales, project management, training and enablement. He has worked in Cisco Technical Assistance Center (TAC) as a member of the WAN and LAN Switching team. Bong now works for Tech Data as the Field Solutions Architect with a focus on Cisco Security and holds a few Cisco certifications including Fire Jumper Elite.

 

John Cavanaugh

CCIE #1066, CCDE #20070002, CCAr
Chief Technology Officer, Practice Lead Security Services, NetCraftsmen

John is our CTO and the practice lead for a talented team of consultants focused on designing and delivering scalable and secure infrastructure solutions to customers across multiple industry verticals and technologies. Previously he has held several positions including Executive Director/Chief Architect for Global Network Services at JPMorgan Chase. In that capacity, he led a team managing network architecture and services.  Prior to his role at JPMorgan Chase, John was a Distinguished Engineer at Cisco working across a number of verticals including Higher Education, Finance, Retail, Government, and Health Care.

He is an expert in working with groups to identify business needs, and align technology strategies to enable business strategies, building in agility and scalability to allow for future changes. John is experienced in the architecture and design of highly available, secure, network infrastructure and data centers, and has worked on projects worldwide. He has worked in both the business and regulatory environments for the design and deployment of complex IT infrastructures.