What Features Does the Nexus 9K Support?

Author
Peter Welcher
Architect, Operations Technical Advisor

20140305-nexus9000Ever since I heard that the Nexus 9K has 50% less code, I’ve been wondering what features were removed from the code. So I did my best to figure it out, since I haven’t seen a detailed features list from Cisco yet (early days and all that). I’ve also noticed that in general the Nexus team historically has put out long lists of supported features, leaving me thinking “yes, that’s great — but what is NOT on the list?” Anyway, the primary focus here will be what features the N9K supports today. We’ll get to that after a motivational detour (or some might say “pre-ramble”).

I think it may be useful to first touch on the question of  what would motivate someone to buy a Nexus 9000, and what features would you want or expect? And even: what market(s) is Cisco aiming at? Two answers to that come to mind:

  • High performance switch without all the fancy features at a competitive price point
  • The option of future automation as part of ACI

Concerning the first of these, I’m thinking along the lines of the recent blog by Greg Ferro (@etherealmind), Response: Help! My Big Expensive Router Is Really Expensive! (Substitute “switch” for “router”.) As in the N9K has less features, enabling a lower price? How much do I give up with “less features”?

If I were considering buying a Nexus 9K and planning to run NX-OS on it, I’d want to know the long-term prospects for support for NX-OS on that hardware. The same applies to ACI hopefuls: if I were buying into N9K with the hope of doing ACI, I’d want to make sure I had a solid NX-OS-based bail-out plan if I didn’t like ACI or things went sour for some reason. That maybe explains what Cisco is doing here: offer basic datacenter switching competitively to establish a baseline NX-OS platform and seed the market, creating a customer base for ACI when it is ready to ship. And competing more directly with unspecified competition with more generic switch features.

Another question that comes to mind (the cynical part?): is Cisco/Insieme pricing attractive with a goal of getting sites committed to ACI? As in, once you’re on an automated tool, it might be painful to migrate to other hardware or tools, i.e. vendor lock-in? (Yes, that thought was brought to you by the more cynical part of my brain. But others have raised this question previously in blogs and articles.)

Don’t get me wrong, so far I’m a huge fan of ACI. I think many of us are looking for a canned solution with vendor support, one that works with no need to do much software integration or programming. Having an API and hooks to simplify programming, sure, that’s the frosting on the cake. So any negative thoughts above are just me trying to think like a smart prospective N9K buyer.

So… say we’re considering buying into Nexus 9000 with the idea of interesting price and don’t need all the NX-OS fancy features … it’s time to check N9K features. I hope you find the following somewhat useful.

What Features DOES the N9K NOT Support?

Caveat: This is early days yet, and is based on my best effort research into the documentation. Either or both the documentation and I may be wrong. If you don’t like that, you can RTFM for yourself.

Here’s the short Not Supported list from the NX-OS 6.1 Release Notes:

  • The Generic Online Diagnostics (GOLD) port loopback test
  • An ERSPAN type destination
  • An egress filter on an ACL-based SPAN
  • All VLAN features of SPAN/ERSPAN
  • FEX

The Release Notes also state that the following features are not enabled in this release:

  • Layer 2 and vPC
  • FabricPath and OTV
  • LISP
  • MPLS
  • Fiber Channel
  • Fiber Channel over Ethernet (FCoE)

That sounds like they could be added later, and R&D effort is focused on Must Have items right now. I would think FCoE and maybe FC would be likely candidates, to tie Storage in.

Some quick research into the CLI documentations shows that having multiple VDCs is not supported (yet).

  • Only one VDC!

What Features DOES the N9K Support?

Well, that covered the clear list of negative items, and the Big Deal items. My next thought was to skim the documentation, and see what sorts of topics are covered, i.e. appear to be present. I’ve broken them out by the section of the manual I found them in. I compared to the N7K manuals to see which sub-sections got omitted. That is, I did a paper chase — but a High Quality paper chase! No, I didn’t do a deep dive into each topic — my curiosity level isn’t that high!

Fundamentals Config Guide
  • Setup
  • POAP
  • Basic device management, file systems
  • Config files
  • Omitted: scripting with TCL, Python API
High Availability and Redundancy Guide
  • Service-Level HA (restartability)
  • Network-Level HA (NSF)
  • System-Level HA (Redundancy, switchover)
  • Omitted: ISSU
Interfaces Configuration Guide
  • Basic Parameters
  • L3 Interfaces
  • BFD
  • Port Channels
  • Omitted: Configuring L2 Interfaces, VPCs, IP Tunnels, QinQ
    • VLANs, trunks, and all that. I’d sure hope the basics are coming soon. Maybe vPC isn’t as critical?
    • See the very recent Network World article http://www.networkworld.com/reviews/2014/030314-cisco-nexus-279206.html, which says “Cisco doesn’t have the switching code ready quite yet”. The article also has some thoughts about “why Nexus 9K”. It concludes “… very beginning of a long road.”
Multicast Routing Configuration Guide
  • IGMP
  • PIM
  • MSDP
  • Omitted: MLD, PIM6, IGMP Snooping, Performance Enhancements for VDCs
Quality of Service Configuration Guide
  • MQC
  • Classification
  • Marking
  • Policing
  • Queuing and Scheduling
  • Network QoS Policy
  • Priority Control
  • Monitoring QoS Statistics
  • Omitted: Mutation Mapping, Fabric QoS Mapping, F-Series Modules, Local Policy Based Routing
Security Configuration Guide
  • AAA
  • RADIUS
  • TACACS+
  • LDAP
  • SSH and Telnet
  • User Accounts and RBAC
  • IP ACLs
  • DHCP
  • Password Encryption
  • Keychain Management
  • Control Plane Policing
  • Rate Limits
  • Omitted:  FIPS, PKI, 802.1X, NAC, TrustSec, MAC ACLs, VLAN ACLs, Port Security
  • Omitted: Dynamic ARP Inspection, IP Source Guard, Traffic Storm Control, Unicast RPF, CoPP
System Management Configuration Guide
  • NTP
  • CDP
  • Syslog
  • Smart Call Home
  • Rollback
  • Session Manager
  • Scheduler
  • SNMP
  • RMON
  • Online Diagnostics
  • EEM
  • Onboard Failure Logging (OBFL)
  • SPAN
  • ERSPAN
  • LLDP
  • Omitted: CFS, PTP, NetFlow, EEE, XMLIN (convert CLI to NETCONF format).
Unicast Routing Configuration Guide
  • Configuring IPv4, IPv6
  • IP Services
  • OSPFv2
  • OSPFv3
  • EIGRP
  • IS-IS
  • Basic BGP
  • Advanced BGP
  • RIP
  • Static Routing
  • L3 Virtualization (VRF)
  • Managing Unicast RIB and FIB
  • Managing Route Policy Manager
  • Omitted: WCCPv2, Policy Based Routing, GLBP, HSRP, VRRP, Object Tracking,

Related Links

Hashtags: #Nexus9000 #Nexus9K
Twitter: @pjwelcher

Disclosure Statement

ccie_15years_med CiscoChampion200PX

8 responses to “What Features Does the Nexus 9K Support?

  1. Thanks Dara. Fair enough, that’s one of the key pieces to the ACI architecture.

  2. Pete…I was looking through your list of unsupported features above, and I just received my first pair of 9396’s for a client, and it does have the following available in 6.2.8:

    All VLAN features of SPAN
    FEX
    Layer 2 and vPC

    This was actually ordered as a bundle with (2) 9396s and (2) 2248TP-E FEXs with all accoutrements.

    Additionally, a comment that I would like to add is that this switch is positioned by Cisco for datacenters that have no requirements for FC/FCoE, making it an incredibly powerful L2/L3 option with a lot of 10/40 connectivity and a great backplane. In our case, we had a customer’s DR site datacenter with a UCS backend and client/security connectivity requirements, using all iSCSI / NFS. It was perfect because of the price/performance point that it came in at, along with excellent port density. In that situation, we are actually using it as a L3 core/distri/access, using VPC, HSRP, OSPF and BGP, with of course all basic L2 features.

  3. Thanks, H.B.

    I was attempting to list the documented features at the time of writing. Obviously Cisco has been working feverishly to fill in the gaps. Your update is appreciated showing that good progress has been made. Yes, the N9K line is cost effective with very high performance, etc. There is mild risk due to newness of the hardware and software, but the Nexus code seems to have a history of porting to new platforms quickly and well.

  4. Pete;

    Some interesting developments for you, that you may want to share with your community. So today, I brought them out of burn in and started configuring them. First to note is that N9k is on it’s own train of code:

    NXOS image file is: bootflash:///n9000-dk9.6.1.2.I2.1.bin

    Secondly, the licensing model of this platform is greatly simplified: You either buy the L3 Routing SKU for $8k (list), or you don’t. No other options to date. Secondly, the documentation and even the bundle SKU’s sell FEX’s with the 9k’s…but do you see something missing here?

    cpswbc01# show feature
    Feature Name Instance State
    ——————– ——– ——–
    bash-shell 1 disabled
    bfd 1 disabled
    bfd_app 1 disabled
    bgp 1 disabled
    … (omitted so this isn’t a mile long)
    evmed 1 disabled
    glbp 1 disabled
    hsrp_engine 1 disabled

    Yeah…I am on the phone with TAC right now, and even when I tried to run "install feature-set fex", I get:

    cpswbc01(config)# install feature-set fex
    unknown feature(0x40aa0002)
    cpswbc01# show system error-id 0x40aa0002

    Error_id: 0x40AA0002
    Error Facility: feature-mgr
    Error Description: unknown feature
    cpswbc01#

    All of the other features work like we expect, VRF, VPC, VRRP, LACP, all the L2 goodies, etc. I am waiting on the license for the L3 portion, but if you didn’t know better you would think that you were in a 5k.

    I will keep you posted on the outcome of this case so you can share.

  5. H.B: good info! Thanks. Good luck with TAC.

    This tends to confirm to me that the N9K is a bit … immature, getting a lot of R&D TLC from the coding team no doubt but … bugs happen. The potential is awesome, the price is right, buyers need be prepared to live with / work around / wait for bug fixes for any such gaps.

  6. Hello.
    We also bought 4 9396 with 6 FEX boxes.
    They where delivered with n9000-dk9.6.1.2.I2.1 with do not have support for FEX so we had to uppgrade to n9000-dk9.6.1.2.I2.3. where the support for FEX is added.

  7. Thanks Gustav and Robert for your comments.

    I’m seeing smaller shops using the UCS FI’s for the small amount of FCoE or FC they have. Also seeing desire to isolate the FCoE away from LAN and LAN changes / risk of accidents. As well as some shift to NFS.

    Agree N9K will likely pick up more features as things evolve.

Leave a Reply

 

Nick Kelly

Cybersecurity Engineer, Cisco

Nick has over 20 years of experience in Security Operations and Security Sales. He is an avid student of cybersecurity and regularly engages with the Infosec community at events like BSides, RVASec, Derbycon and more. The son of an FBI forensics director, Nick holds a B.S. in Criminal Justice and is one of Cisco’s Fire Jumper Elite members. When he’s not working, he writes cyberpunk and punches aliens on his Playstation.

 

Virgilio “BONG” dela Cruz Jr.

CCDP, CCNA V, CCNP, Cisco IPS Express Security for AM/EE
Field Solutions Architect, Tech Data

Virgilio “Bong” has sixteen years of professional experience in IT industry from academe, technical and customer support, pre-sales, post sales, project management, training and enablement. He has worked in Cisco Technical Assistance Center (TAC) as a member of the WAN and LAN Switching team. Bong now works for Tech Data as the Field Solutions Architect with a focus on Cisco Security and holds a few Cisco certifications including Fire Jumper Elite.

 

John Cavanaugh

CCIE #1066, CCDE #20070002, CCAr
Chief Technology Officer, Practice Lead Security Services, NetCraftsmen

John is our CTO and the practice lead for a talented team of consultants focused on designing and delivering scalable and secure infrastructure solutions to customers across multiple industry verticals and technologies. Previously he has held several positions including Executive Director/Chief Architect for Global Network Services at JPMorgan Chase. In that capacity, he led a team managing network architecture and services.  Prior to his role at JPMorgan Chase, John was a Distinguished Engineer at Cisco working across a number of verticals including Higher Education, Finance, Retail, Government, and Health Care.

He is an expert in working with groups to identify business needs, and align technology strategies to enable business strategies, building in agility and scalability to allow for future changes. John is experienced in the architecture and design of highly available, secure, network infrastructure and data centers, and has worked on projects worldwide. He has worked in both the business and regulatory environments for the design and deployment of complex IT infrastructures.