Ever since I heard that the Nexus 9K has 50% less code, I’ve been wondering what features were removed from the code. So I did my best to figure it out, since I haven’t seen a detailed features list from Cisco yet (early days and all that). I’ve also noticed that in general the Nexus team historically has put out long lists of supported features, leaving me thinking “yes, that’s great — but what is NOT on the list?” Anyway, the primary focus here will be what features the N9K supports today. We’ll get to that after a motivational detour (or some might say “pre-ramble”).
I think it may be useful to first touch on the question of what would motivate someone to buy a Nexus 9000, and what features would you want or expect? And even: what market(s) is Cisco aiming at? Two answers to that come to mind:
- High performance switch without all the fancy features at a competitive price point
- The option of future automation as part of ACI
Concerning the first of these, I’m thinking along the lines of the recent blog by Greg Ferro (@etherealmind), Response: Help! My Big Expensive Router Is Really Expensive! (Substitute “switch” for “router”.) As in the N9K has less features, enabling a lower price? How much do I give up with “less features”?
If I were considering buying a Nexus 9K and planning to run NX-OS on it, I’d want to know the long-term prospects for support for NX-OS on that hardware. The same applies to ACI hopefuls: if I were buying into N9K with the hope of doing ACI, I’d want to make sure I had a solid NX-OS-based bail-out plan if I didn’t like ACI or things went sour for some reason. That maybe explains what Cisco is doing here: offer basic datacenter switching competitively to establish a baseline NX-OS platform and seed the market, creating a customer base for ACI when it is ready to ship. And competing more directly with unspecified competition with more generic switch features.
Another question that comes to mind (the cynical part?): is Cisco/Insieme pricing attractive with a goal of getting sites committed to ACI? As in, once you’re on an automated tool, it might be painful to migrate to other hardware or tools, i.e. vendor lock-in? (Yes, that thought was brought to you by the more cynical part of my brain. But others have raised this question previously in blogs and articles.)
Don’t get me wrong, so far I’m a huge fan of ACI. I think many of us are looking for a canned solution with vendor support, one that works with no need to do much software integration or programming. Having an API and hooks to simplify programming, sure, that’s the frosting on the cake. So any negative thoughts above are just me trying to think like a smart prospective N9K buyer.
So… say we’re considering buying into Nexus 9000 with the idea of interesting price and don’t need all the NX-OS fancy features … it’s time to check N9K features. I hope you find the following somewhat useful.
What Features DOES the N9K NOT Support?
Caveat: This is early days yet, and is based on my best effort research into the documentation. Either or both the documentation and I may be wrong. If you don’t like that, you can RTFM for yourself.
Here’s the short Not Supported list from the NX-OS 6.1 Release Notes:
- The Generic Online Diagnostics (GOLD) port loopback test
- An ERSPAN type destination
- An egress filter on an ACL-based SPAN
- All VLAN features of SPAN/ERSPAN
- FEX
The Release Notes also state that the following features are not enabled in this release:
- Layer 2 and vPC
- FabricPath and OTV
- LISP
- MPLS
- Fiber Channel
- Fiber Channel over Ethernet (FCoE)
That sounds like they could be added later, and R&D effort is focused on Must Have items right now. I would think FCoE and maybe FC would be likely candidates, to tie Storage in.
Some quick research into the CLI documentations shows that having multiple VDCs is not supported (yet).
- Only one VDC!
What Features DOES the N9K Support?
Well, that covered the clear list of negative items, and the Big Deal items. My next thought was to skim the documentation, and see what sorts of topics are covered, i.e. appear to be present. I’ve broken them out by the section of the manual I found them in. I compared to the N7K manuals to see which sub-sections got omitted. That is, I did a paper chase — but a High Quality paper chase! No, I didn’t do a deep dive into each topic — my curiosity level isn’t that high!
Fundamentals Config Guide
- Setup
- POAP
- Basic device management, file systems
- Config files
- Omitted: scripting with TCL, Python API
High Availability and Redundancy Guide
- Service-Level HA (restartability)
- Network-Level HA (NSF)
- System-Level HA (Redundancy, switchover)
- Omitted: ISSU
Interfaces Configuration Guide
- Basic Parameters
- L3 Interfaces
- BFD
- Port Channels
- Omitted: Configuring L2 Interfaces, VPCs, IP Tunnels, QinQ
- VLANs, trunks, and all that. I’d sure hope the basics are coming soon. Maybe vPC isn’t as critical?
- See the very recent Network World article http://www.networkworld.com/reviews/2014/030314-cisco-nexus-279206.html, which says “Cisco doesn’t have the switching code ready quite yet”. The article also has some thoughts about “why Nexus 9K”. It concludes “… very beginning of a long road.”
Multicast Routing Configuration Guide
- IGMP
- PIM
- MSDP
- Omitted: MLD, PIM6, IGMP Snooping, Performance Enhancements for VDCs
Quality of Service Configuration Guide
- MQC
- Classification
- Marking
- Policing
- Queuing and Scheduling
- Network QoS Policy
- Priority Control
- Monitoring QoS Statistics
- Omitted: Mutation Mapping, Fabric QoS Mapping, F-Series Modules, Local Policy Based Routing
Security Configuration Guide
- AAA
- RADIUS
- TACACS+
- LDAP
- SSH and Telnet
- User Accounts and RBAC
- IP ACLs
- DHCP
- Password Encryption
- Keychain Management
- Control Plane Policing
- Rate Limits
- Omitted: FIPS, PKI, 802.1X, NAC, TrustSec, MAC ACLs, VLAN ACLs, Port Security
- Omitted: Dynamic ARP Inspection, IP Source Guard, Traffic Storm Control, Unicast RPF, CoPP
System Management Configuration Guide
- NTP
- CDP
- Syslog
- Smart Call Home
- Rollback
- Session Manager
- Scheduler
- SNMP
- RMON
- Online Diagnostics
- EEM
- Onboard Failure Logging (OBFL)
- SPAN
- ERSPAN
- LLDP
- Omitted: CFS, PTP, NetFlow, EEE, XMLIN (convert CLI to NETCONF format).
Unicast Routing Configuration Guide
- Configuring IPv4, IPv6
- IP Services
- OSPFv2
- OSPFv3
- EIGRP
- IS-IS
- Basic BGP
- Advanced BGP
- RIP
- Static Routing
- L3 Virtualization (VRF)
- Managing Unicast RIB and FIB
- Managing Route Policy Manager
- Omitted: WCCPv2, Policy Based Routing, GLBP, HSRP, VRRP, Object Tracking,
Related Links
Hashtags: #Nexus9000 #Nexus9K
Twitter: @pjwelcher
VXLAN can i be added to the list of features Cisco Nexus 9K supports.
Thanks Dara. Fair enough, that’s one of the key pieces to the ACI architecture.
Pete…I was looking through your list of unsupported features above, and I just received my first pair of 9396’s for a client, and it does have the following available in 6.2.8:
All VLAN features of SPAN
FEX
Layer 2 and vPC
This was actually ordered as a bundle with (2) 9396s and (2) 2248TP-E FEXs with all accoutrements.
Additionally, a comment that I would like to add is that this switch is positioned by Cisco for datacenters that have no requirements for FC/FCoE, making it an incredibly powerful L2/L3 option with a lot of 10/40 connectivity and a great backplane. In our case, we had a customer’s DR site datacenter with a UCS backend and client/security connectivity requirements, using all iSCSI / NFS. It was perfect because of the price/performance point that it came in at, along with excellent port density. In that situation, we are actually using it as a L3 core/distri/access, using VPC, HSRP, OSPF and BGP, with of course all basic L2 features.
Thanks, H.B.
I was attempting to list the documented features at the time of writing. Obviously Cisco has been working feverishly to fill in the gaps. Your update is appreciated showing that good progress has been made. Yes, the N9K line is cost effective with very high performance, etc. There is mild risk due to newness of the hardware and software, but the Nexus code seems to have a history of porting to new platforms quickly and well.
Pete;
Some interesting developments for you, that you may want to share with your community. So today, I brought them out of burn in and started configuring them. First to note is that N9k is on it’s own train of code:
NXOS image file is: bootflash:///n9000-dk9.6.1.2.I2.1.bin
Secondly, the licensing model of this platform is greatly simplified: You either buy the L3 Routing SKU for $8k (list), or you don’t. No other options to date. Secondly, the documentation and even the bundle SKU’s sell FEX’s with the 9k’s…but do you see something missing here?
cpswbc01# show feature
Feature Name Instance State
——————– ——– ——–
bash-shell 1 disabled
bfd 1 disabled
bfd_app 1 disabled
bgp 1 disabled
… (omitted so this isn’t a mile long)
evmed 1 disabled
glbp 1 disabled
hsrp_engine 1 disabled
Yeah…I am on the phone with TAC right now, and even when I tried to run "install feature-set fex", I get:
cpswbc01(config)# install feature-set fex
unknown feature(0x40aa0002)
cpswbc01# show system error-id 0x40aa0002
Error_id: 0x40AA0002
Error Facility: feature-mgr
Error Description: unknown feature
cpswbc01#
All of the other features work like we expect, VRF, VPC, VRRP, LACP, all the L2 goodies, etc. I am waiting on the license for the L3 portion, but if you didn’t know better you would think that you were in a 5k.
I will keep you posted on the outcome of this case so you can share.
H.B: good info! Thanks. Good luck with TAC.
This tends to confirm to me that the N9K is a bit … immature, getting a lot of R&D TLC from the coding team no doubt but … bugs happen. The potential is awesome, the price is right, buyers need be prepared to live with / work around / wait for bug fixes for any such gaps.
Hello.
We also bought 4 9396 with 6 FEX boxes.
They where delivered with n9000-dk9.6.1.2.I2.1 with do not have support for FEX so we had to uppgrade to n9000-dk9.6.1.2.I2.3. where the support for FEX is added.
Thanks Gustav and Robert for your comments.
I’m seeing smaller shops using the UCS FI’s for the small amount of FCoE or FC they have. Also seeing desire to isolate the FCoE away from LAN and LAN changes / risk of accidents. As well as some shift to NFS.
Agree N9K will likely pick up more features as things evolve.