Migrating from Cisco Catalyst 6500/6800 to 9600 Series Switches

 

Introduction

The new Cisco^® Catalyst^® 9000 switching platform is the next generation in the legendary Cisco Catalyst switching family. It is designed for the new era of networking, with ASIC and software innovations to deliver an intent-based network. Within the Cisco Catalyst 9000 switching family, the Cisco Catalyst 9600 Series Switches are Cisco’s leading modular enterprise switching core and distribution platform, built for intent-based architecture, security, Internet of Things (IoT), and cloud.

Purpose of this guide

This document is intended to help network planners and engineers who are familiar with the Cisco Catalyst 6500 and 6800 Series to deploy Cisco Catalyst 9600 Series Switches in the enterprise networking environment (Figure 1).

Why migrate?

The Cisco Catalyst 9600 Series Switches are Cisco’s leading modular core/distribution enterprise switching platform, built for security, IoT, and cloud. These switches form the foundational building block for Software-Defined Access (SD-Access), Cisco’s leading intent-based architecture. The platform provides unparalleled investment protection with a chassis architecture that is capable of supporting up to 25.6 Tbps of system bandwidth. The 9600 Series expands the end-to-end Cisco Catalyst 9000 family, further aligning our comprehensive solution with our customer carrying business and network strategies. When you need the most secure, most resilient, and most intelligent network, you need Cisco Catalyst 9600 Series Switches, the industry’s first purpose-built modular-configuration 1G, 2.5G, 5G, 10G, 25G, 40G,50G,100G and 400G line of switches for enterprise-class core and distribution layers.

The Cisco Catalyst 9600 Series offers an industry-leading supervisor engine built for secure networks, IoT applications, next-generation mobility, and cloud adoption. Supervisor Engine 1 (C9600-SUP-1) is built with the Cisco Unified Access^® Data Plane 3.0 (UADP 3.0) Application-Specific Integrated Circuit (ASIC), and Supervisor Engine 2 (C9600X-SUP-2) is built with the Cisco Silicon One Q200 ASIC. Both Supervisors are ready for next-generation technologies with its programmable pipeline, microengine capabilities, and customizable allocations of Layer 2, Layer 3, forwarding, Access Control Lists (ACLs), and Quality-of-Service (QoS) entries.

Migration overview

The Cisco Catalyst 9600 Series Switches use a centralized architecture. All forwarding, security, and queueing is done on the supervisor, while the line cards are considered transparent, with only PHYs and control logic. The simplicity of this centralized design allows easy upgrade of features as well as additional bandwidth by upgrading just the supervisor while keeping the existing line cards. The combination of the centralized architecture and transparent line cards also provides uninterrupted supervisor switchover, which is the foundation for In-Service Software Upgrades (ISSU). With the high-capacity bandwidth provided by the Supervisor Engine 1 and Supervisor Engine 2, all ports (including 400G) are line rate with the supported configuration. The latency between all ports are less than 5 microseconds, which is more than sufficient for any time-sensitive application such as real-time video conferencing and IP telephony.

This guide lists the different considerations when migrating from the Cisco Catalyst 6500/6800 Series to the 9600 Series.

Cisco Catalyst 9606R port density

The Cisco Catalyst 9606R is a 6-slot chassis. Two middle slots are dedicated for supervisors only, and they work in redundant mode. The top and bottom two slots are for line cards. The chassis is designed to provide up to 6.4 Tbps from each of the supervisor slots to each of the line card slots. This means the system will be able to provide 32 ports of 100G at line rate per line card slot. In total, the 9606R is capable of providing either:

●      32x line rate 400G ports or

●      128x line rate 100G/40G ports or

●      192x line rate 50G/25G/10G/5G/2.5G/1G ports.

The Cisco Catalyst 9600 Supervisor Engine 1 is powered with three UADP 3.0 ASICs. The aggregated bandwidth from the three ASICs is 9.6 Tbps. The port density with Supervisor Engine 1 is as follows:

●      48x line rate 100G/40G ports or

●      192x line rate 25G/10G/5G/2.5G/1G ports

The Cisco Catalyst 9600 Supervisor Engine 2 is powered with One Cisco Silicon One ASIC. The aggregated bandwidth from ASIC is 12.8 Tbps. The port density with Supervisor Engine 2 is as follows:

●      128x line rate 100G/40G ports or

●      192x line rate 50G/25G/10G ports or

●      8x line rate 400G + 96x line rate 100/40G ports or

●      8x line rate 400G + 8x line rate 100/40G + 160 x line rate 50/25/10G ports

Supervisor hardware

The Cisco Catalyst 9600 Supervisor Engine 1 is based on Cisco’s UADP 3.0 ASIC architecture and an x86 CPU architecture. The Cisco Catalyst 9600 Supervisor Engine 2 is based on Cisco Silicon One ASIC architecture and an x86 CPU architecture. Both Supervisor Engines also provide options for additional external storage, which enables the device to host containers and run third-party applications and scripts natively within the switch. Table 1 compares the hardware of the Cisco Catalyst 6500/6800 and 9600 Series.

Table 1.        Hardware comparison

^* With Cisco certified SSD drives

Cisco Catalyst 9600 Series flexible and customized SDM templates

Unlike the supervisor on the Cisco Catalyst 6500/6800 Series, Supervisor Engines on the 9600 Series enables flexible Software Database Manager (SDM) templates for universal deployments by leveraging the ASIC’s ability to create resources to optimize table sizes for different purposes in the network. Based on how the switch is used in the network, an appropriate flexible ASIC template may be selected to configure the switch for specific features.

Cisco Catalyst 9600 Supervisor Engine 1 supports the following templates:

●      Distribution: Balances resources between Layer 2 and Layer 3

●      Core: Maximizes system resources for unicast and multicast routing

●      NAT: Maximizes system resources for Layer 3 and Network Address Translation (NAT)

●      SD-Access: Maximizes system resources to support fabric deployment ( till 17.3 1 release)

Cisco Catalyst 9600 Supervisor Engine 2 supports the following template:

●      Core: Maximizes system resources for unicast and multicast routing

In the campus, the most commonly deployed design is the three-tiered design: core, distribution, and access. The core layer is based on Layer 3 IP routing and functions as a high-speed interconnection point to other network domains (data center, WAN, branch, etc.). The distribution layer traditionally consists of IP routing upstream to the core and Layer 2 switching downstream to the access layer. The access layer is purely Layer 2 and provides connectivity for the endpoints. With this design, the Core template would be the best fit for the core devices, and the Distribution template is most appropriate for the distribution devices.

The routed access design, which also can be the three-tiered design, moves the Layer 2 and Layer 3 boundaries to the access layer. In this case, the distribution layer is purely Layer 3 and doesn’t require the Layer 2 features. In this design, both the core and distribution layer devices should use the Core template.

Standard SDM templates can be used to configure system resources and optimize support for specific features. However, SDM templates are defined based on how the device is deployed in the network. A custom SDM template allows you to configure several features of the template based on your requirements and not the location of the device in the network. Both Supervisor Engine 1 and Supervisor Engine 2 support customizable SDM template for both FIB and TCAM allocations. Details information of customizable SDM template is available on C9600 datasheet.

System default behaviors

The system default behaviors on the Cisco Catalyst 9600 Series are similar to those of the Cisco Catalyst 6500/6800 Series. For example, IP routing is enabled, the management interface is in a dedicated Virtual Routing and Forwarding (VRF) instance, and so on. However, there are also some differences, as described in this section.

Table 2.        Interface default state

Table 3.        Port-channel default load balance

Link-status logging: The logging for link-status changes is on by default in the Cisco Catalyst 9600 Series, and the behavior can be changed per interface in the configuration. In the 6500/6800 Series, the logging for link-status changes is off by default and can be changed globally. See Table 4.

Table 4.        Link-status logging comparison

Power redundancy

The Cisco Catalyst 9600 Series provides four slots for the power supply, compared to two slots in the 6500/6800 Series. Power supplies can operate in the following two modes:

●      Combined mode: This is the default mode. All power supply modules in the system are active and sharing power.

●      N+1 redundant mode: The system enters this mode if the output from the N power supply is sufficient.

For more details on power redundancy, please see the Environmental Monitoring and Power Management chapter of the System Management Configuration Guide.

ROMmon and config-register

The Cisco Catalyst 9600 Series uses the x86 CPU architecture, which can be used in the future to enable hosting containers and third-party applications. With the CPU architecture change, there are also changes in the ROM monitor (ROMmon).

Prompts and file system

In ROMmon, the prompt on the Cisco Catalyst 9600 Series is “rommon >” and “bootflash:” is the memory partition for local storage. On the Cisco Catalyst 6500/6800 Series, the prompt is “rommon>” and the memory partition for the local storage is “bootdisk:”. Table 5 shows outputs in ROMmon from the Cisco Catalyst 6500/6800 and 9600 Series.

Table 5.        ROMmon outputs

 

Boot variables

The Cisco Catalyst 6500/6800 Series uses the traditional “config-register” command in both Cisco IOS and ROMmon to control the booting behavior. The Cisco Catalyst 9600 Series uses a parallel set of commands in Cisco IOS XE Software, which creates the equivalent ROMmon variables. See Table 6 and 7.

Table 6.        Boot variables

Baud rate

Table 7.        Setting the baud rate

“Break” processing

At the beginning of the bootup process, the user can use Ctrl+C to break out of the booting process and drop the system back into ROMmon if the break sequence is enabled. See Table 8.

Table 8.        “Break” processing

Ignoring the startup configuration

Table 9.        Ignoring the startup configuration

Operations

Interface reference

The Cisco Catalyst 6500/6800 Series has two levels of interface numbering:

interface <Type><Slot#>/<Port#>.

The 9600 Series has three levels:

interface <Type><Slot#>/<Bay#>/<Port#>.

As of Release 16.12.1, the bay number is unused and is always 0. For example, FortyGigabit Ethernet port 1 on slot 1 is referenced as Fo1/1 in the 6500/6800 Series and as Fo1/0/1 in the 9600 Series. See Table 10.

Table 10.     Interface numbering

Management interface

The management interface on the Cisco Catalyst 9600 Series can be a copper Gigabit Ethernet or fiber 10 Gigabit Ethernet interface. The Cisco Catalyst 6500/6800 Supervisor Engine 6T provides copper or fiber Gigabit Ethernet. The management port on both platforms has its own VRF for separation of management traffic from normal data traffic. However, the name of the VRF for the management port is different between the 9600 Series and 6500/6800 Series. Note also that the names of the VRFs are case sensitive. Table 11 lists the management port differences between the two platforms.

Table 11.     Management interfaces and VRF names

Software features

For details on the software features supported on the Cisco Catalyst 9600 Series, please use the feature navigator on Cisco.com. Some of the features behave differently on the 9600 Series compared to the 6500/6800 Series. Following are some of these differences.

System Maximum Transmission Unit (MTU)

System MTU is a Layer 2 MTU. On the Cisco Catalyst 9600 Series, the global command “system mtu <1500-9216>” changes the Layer 2 MTU on all the interfaces within the system. There is no support for an interface-level command to set the MTU for individual interfaces as of Cisco IOS XE Software Release 16.12.1. On the Cisco Catalyst 6500/6800 Series, the global command “system jumbo <1500-9216>” sets the global baby giant MTU for all interfaces. The default system jumbo MTU is 9216. The 6500/6800 Series also supports a per-interface MTU. The per-interface MTU command takes precedence. See Table 12.

Table 12.     System MTU

StackWise virtual

The Cisco Catalyst 6500/6800 Series supports a Virtual Switching System (VSS) that combines two physical switches into a single logical switch. The equivalent functionality on the 9600 Series is Cisco StackWise^® Virtual. StackWise Virtual and VSS have the same functionalities but different implementations.

Port-channel load balancing

The Cisco Catalyst 9600 Series provides additional combinations of different header fields as input for port-channel load balancing. Table 13 lists the supported load-balancing methods for the 6500/6800 and 9600 Series.

Table 13.     Port-channel load balancing

The “extended” option on the Cisco Catalyst 9600 Series provides additional combinations of different fields:

C96000(config)#port-channel load-balance extended ?

dst-ip      Dest IP

dst-mac     Dest MAC

dst-port    Dest Port

ipv6-label  IPV6 Flow Label

l3-proto    L3 Protocol

src-ip      Src IP

src-mac     Src MAC

src-port    Src Port

<cr>        <cr>

C96000(config)#

Port-channel services

Table 14.     Port-channel services

Virtualization: VNET

The Cisco Catalyst 6500 Series supports the Easy Virtual Network (EVN) feature, which uses VNET. This feature is no longer available on the Cisco Catalyst 9000 switch family. The alternative is to configure VRF-Lite with subinterfaces, which are supported on the 9600 Series switches.

Host tracking feature

The Cisco Catalyst 6500/6800 Series supports IP Device Tracking (IPDT) for keeping track of connected hosts (association of MAC and IP addresses). In the Cisco Catalyst 9600 Series with the latest Cisco IOS XE release, the new Switch Integrated Security Features (SISF)-based IPDT feature acts as a container policy that enables snooping and device-tracking features available with First Hop Security (FHS) in both IPv4 and IPv6, using IP-agnostic Command-Line Interface (CLI) commands. See Appendix A for more information on migrating from the IPDT CLI configuration to the new SISF-based device-tracking CLI configuration.

Access control lists

Object group ACLs: Both the Cisco Catalyst 6500/6800 Series and 9600 Series support object group ACLs. There are, however, syntax differences. Table 15 shows some examples of object group ACLs with source and destination port groups.

Table 15.     Object group ACLs

Note:      To view the expanded ACL for object group ACLs, enable “service internal” and use the command “show ip access-list <list_name> expand.”

Access group mode: When PACLs are applied to the physical port, VLAN ACLs (VACLs) are applied to the VLAN, and Router ACLs (RACLs) are applied to the Switch Virtual Interface (SVI), the Cisco Catalyst 6000 Series offers options to merge all three ACLs with the option “merge mode” or to ignore VACLs and RACLs with the option “prefer port mode.” With the 9600 Series, the ACLs will always be applied in the following order: PACL, VACL, and then RACL.

TCAM exhaustion

In the Cisco Catalyst 6000 Series, once the Access Control Entries (ACE) exceed the maximum free available Ternary Content Addressable Memory (TCAM) spaces, ACL reduction will occur, and any traffic hitting the overflowed ACL will be software switched.

In the Cisco Catalyst 9000 family, the overflowed ACL will not be programmed and will have a default of “deny all” for the overflowed ACL.

Flexible NetFlow

Both the Cisco Catalyst 9600 Series and 6500/6800 Series support Flexible NetFlow. Beside the scalability differences, there are a few configuration differences. They are listed in Table 16.

Table 16.     Flexible NetFlow differences

Embedded Logic Analyzer Module (ELAM)

The Cisco Catalyst 6500/6800 Series supports the ELAM feature, which captures packets in real time on the switch without disruptions to performance. The more comprehensive feature on the Cisco Catalyst 9600 Series is Wireshark.

The following are the differences between the 6500/6800 Series ELAM and the 9600 Series Wireshark:

●      The ELAM feature configures and displays commands through show commands only. In Wireshark capture, configuration is through the monitor-level CLI and display is though show commands.

●      ELAM is capable of packet capture at the ASIC level, whereas packet capture occurs at the interface level with Wireshark.

●      ELAM captures only the first packet that hits the switch that matches the configuration. Wireshark is capable of capturing packets over a duration.

●      Wireshark can capture both data plane and control plane packets.

Switched Port Analyzer (SPAN) filter

Both the Cisco Catalyst 6500/6800 and 9600 Series support SPAN filters. The 6500/6800 Series supports a filter option of “good/bad,” which isn’t supported on the 9600 Series.

Quality of Service (QoS)

The ASICs that power the Cisco Catalyst 65006800 and 9600 Series are different, so there are some differences in QoS behaviors, as described below.

Hardware rate limiters

On the Cisco Catalyst 6500/6800 Series, the “platform rate-limit” command enables rate limiting in hardware. All rate limiting or policing is done in hardware with the 9600 Series, so this command is not needed.

Control plane policing

Control Plane Policing (CoPP) is enabled on the Cisco Catalyst 9600 Series, with default policing rates for different classes of traffic. These policing rates are optimized for a typical campus environment.

The policing rates can be changed or disabled to meet the requirements of different application environments. On the Cisco Catalyst 6500/6800 Series with Supervisor Engine 2T or 6T, CoPP is also enabled by default and can be disabled. The 6500/6800 Series also allows class maps under CoPP to be added, modified, or removed. Table 17 lists the differences between the two platforms.

Table 17.     CoPP differences

Table 18 lists the buffer differences between the Cisco Catalyst 9600 Supervisor Engine 1, Supervisor Engine 1 and the Cisco Catalyst 6500 Supervisor Engine 6T.

Table 18.     Buffers

Cisco Catalyst 6000 Series platform-specific commands

Table 19 lists commands that are specific to the Cisco Catalyst 6000 Series and are not available on the 9600 Series.

Table 19.     Cisco Catalyst 6500/6800 Series platform-specific commands

Conclusion

The Cisco Catalyst 9600 Series Switches are Cisco’s leading modular enterprise switching core and distribution platforms. They are the new generation of the core and distribution platform and provide many additional capabilities, making them well suited for enterprises looking to migrate from their existing Cisco Catalyst 6500/6800 Series deployment.

Appendix A. IPDT/SISF

If your device has no legacy IP device tracking or IPv6 snooping configurations, you can use only the new SISF-based device-tracking commands for all your future configurations. The legacy IPDT commands and IPv6 snooping commands are not available. For details on SISF configuration, please refer to the configuration guide.

IPDT, IPv6 snooping, and device-tracking CLI compatibility

Table 20 displays the new SISF-based device-tracking commands and the corresponding IPDT and IPv6 snooping commands.

Table 20.     Device-tracking and corresponding IPDT and IPv6 snooping commands