First Published: March 25, 2021

Cisco Catalyst 8000V Edge Software Overview

About Cisco Catalyst 8000V

Cisco Catalyst 8000V Edge Software or Cisco Catalyst 8000V is a software-based, virtual router that combines the functionalities of Cisco Cloud Services Router (Cisco CSR1000V) and Cisco Integrated Services Virtual Router (Cisco ISRv) into a single image that is intended for deployment in cloud and virtual data centers.

Cisco Catalyst 8000V supports NIM modules, runs on any x86 platform, and is supported on ESXi, KVM, NFVIS hypervisors. Further, you can deploy this router on public cloud providers such as Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), and Alibaba Cloud.

When you deploy Cisco Catalyst 8000V on a VM, the Cisco IOS XE software functions as if it were deployed on a traditional Cisco hardware platform. You can configure different features depending on the Cisco IOS XE software image.

Features

  • Hardware independence: The Cisco Catalyst 8000V router uses the benefits of virtualization in the cloud to provide hardware independence. Since the Cisco Catalyst 8000V runs on a virtual machine, you can use this router on any x86 hardware that the virtualization platform supports.

  • Sharing of resources: The resources used by Cisco Catalyst 8000V are managed by the hypervisor, and these resources can be shared among the VMs. You can regulate the amount of hardware resources that the VM server allocates to a specific VM. You can reallocate resources to another VM on the server.

  • Flexibility in deployment: You can easily move a VM from one server to another. Thus, you can move a Cisco Catalyst 8000V instance from a server in one physical location to a server in another physical location without moving any hardware resources.

  • Enhanced software security - Secure Object Store: In Cisco Catalyst 8000V, storage partitions for NVRAM, licensing, and other data are created as Object stores. The individual Object stores are encrypted to ensure data security, and this product is Cisco Secure Development life cycle (CSDL) compliant. Further, Cisco Catalyst 8000V supports a 16G disk cycle profile.

Hardware Requirements

For hardware requirements and installation instructions, see the Cisco Catalyst 8000V Installation and Upgrade Guide.

Software Images and Licenses

The following sections describe the licensing and software images for Cisco Catalyst 8000V.

Cisco Catalyst 8000V Software Licenses

The Cisco Catalyst 8000V is licensed based on throughput, feature-set, and the licensing term. This product supports Cisco Smart Licensing Usage Policy as well as Cisco DNA Licensing. Based on whether you want to go for purchased licenses that go with the Cisco Catalyst 8000V instance, or a subscription-based license, choose one of the following options:

Subscription-Based Licensing via Cisco DNA

You can purchase a subscription license for Cisco Catalyst 8000V through the following three licenses that are available via Cisco DNA:

  • Cisco Catalyst 8000V - Network-Premier

  • Cisco Catalyst 8000V - Network-Advantage

  • Cisco Catalyst 8000V - Network-Essentials

For more information on Cisco Catalyst 8000V DNA licensing, see Cisco DNA Software Routing Subscription Guide.

Bring-Your-Own-Licensing

You also have an option to purchase and use licenses with Cisco Catalyst 8000V as a Bring-Your-Own-License (BYOL) instance or as a Pay-As-You-Go (PAYG) instance.

To use a Cisco Catalyst 8000V - BYOL license, see Cisco Smart Licensing Usage Policy to know to how install and configure your license.

If you have upgraded to Cisco Catalyst 8000V from a Cisco CSR 1000V or a Cisco ISRV, you must use Smart Licensing Using Policy (SLP). Traditional licenses do not work after the upgrade.


Note

Starting from Cisco IOS XE 17.4.1, with the introduction of Smart Licensing Using Policy, even if you configure a hostname for a product instance or device, only the Unique Device Identifier (UDI) is displayed. This change in the display can be observed in all licensing utilities and user interfaces where the hostname was displayed in earlier releases. It does not affect any licensing functionality. There is no workaround for this limitation.

The licensing utilities and user interfaces that are affected by this limitation include only the following:

  • Cisco Smart Software Manager (CSSM),

  • Cisco Smart License Utility (CSLU), and

  • Smart Software Manager On-Prem (SSM On-Prem).

Pay-As-You-Go Licensing

Cisco Catalyst 8000V supports the PAYG Licensing model with Amazon Web Services (AWS) and Microsoft Azure Marketplace. Cisco Catalyst 8000V hourly-billed AMI or Pay As You Go licensing model allows you to consume an instance for a defined period of time. In this licensing model, you can directly launch the instance from the AWS or Azure Marketplace and start using the instances. The licenses are embedded in the image.


Note

For demo or evaluation licenses, contact your Cisco Account Team if you have a direct purchase agreement with Cisco, or your Cisco Partner or Reseller.

For a more detailed overview on Cisco Licensing, go to https://cisco.com/go/licensingguide.

Software Image Nomenclature for Installation Files

The Cisco Catalyst 8000V installation file nomenclature indicates properties supported by the router in a given release.

For example, these are filename examples for the Cisco IOS XE Bengaluru 17.4.1a release:

  • c8000v-universalk9.17.04.01a.ova

  • c8000v-universalk9.17.04.01a.iso

  • c8000v-universalk9.17.04.01a.qcow2

The following table lists the filename attributes along with its properties:

Table 1. Installation Filename Attributes

Filename Attribute

Properties

universalk9

Specifies the package that you are installing.

17.04.01a

Indicates that the software image is mapped to the Cisco IOS XE Bengaluru 17.4.1a release.

New and Enhanced Features for Cisco IOS XE Bengaluru 17.5.x

New and Enhanced Features for 17.5.1

The following are the new Cisco Catalyst 8000V software features for Cisco IOS XE Bengaluru Release 17.5.1:


Note

Cisco IOS XE Bengaluru 17.5.1a is the first release for Cisco Catalyst 8000V in the Cisco IOS XE Bengaluru 17.5.1a release series.

  • Support for deployment in Alibaba Cloud: From the Cisco IOS XE Release 17.5.1, you can deploy Cisco Catalyst 8000V in Alibaba Cloud. To know more about the deployment and the day0 configuration, see the Cisco Catalyst 8000V Deployment Guide for Alibaba Cloud.

  • Configuring Per-Interface Per-Cause Punt Policer: The per-interface per-cause (PIPC) punt policing is an enhancement to the punt policing and monitoring feature that allows you to configure the limit on traffic per interface. Starting from the Cisco IOS XE 17.5.1 release, you can set the per-interface per-cause rate for all the control plane punted traffic. This rate causes any traffic beyond the set limit to be dropped, therefore allowing you to control the traffic during conditions such as L2 storming.

  • SRTE: path-invalidation-drop knob: If the SR-TE Policy has no valid paths defined, the paths are dropped and the traffic that is steered through the policy falls back to the default (unconstrained IGP) forwarding path. Also, when a SR-TE policy carrying best-effort traffic fails, traffic is re-routed. This impacts the SLA for premium traffic. To solve this issue, if the SR-TE policy fails, the traffic in the data plane is dropped but kept in the control plane. Therefore, other SR policies, potentially carrying premium traffic, are not impacted.

  • TrustSec support for ISR1K switch-port: Each security group in a Cisco TrustSec domain is assigned a unique 16-bit tag called the Security Group Tag (SGT). The SGT is a single label that indicates the privileges of the source within the entire network. It is propagated between network hops allowing any intermediary devices to enforce polices based on the identity tag.

  • Traffic counters for SR-TE policies: You can now view the traffic counters of SR-TE policies using the show segment-routing traffic-eng policy command

  • Tunnel Path MTU discovery on MPLS-enabled GRE tunnel: You can  now use the tunnel mpls-ip-only command to configure how the Do Not Fragment bit from the payload is copied into the tunnel packets IP header.If the Do Not Fragment bit is not set, the payload is fragmented if an IP packet exceeds the MTU set for the interface.

  • Capability to limit IPv6 Mroutes per VRF: This feature lets you configure a limit to the number of mroutes on an interface. By limiting the mroutes, you can avoid the risk of flooding the network with mroutes therefore protecting the router from resource overload and also preventing DoS attacks.

  • CUBE Media Proxy: Secure forking for nonsecure flow: Prior to Cisco IOS XE Bengaluru 17.5.1, Media Proxy supported nonsecure forking of nonsecure calls for both SIPREC and proprietary CUCM and secure forking of secure calls for proprietary CUCM. From Cisco IOS XE Bengaluru 17.5.1, proprietary CUCM supports a combination of secure and nonsecure forking and SIPREC supports secure forking of nonsecure calls using Media Proxy. The configured dial peers can be all secure, all nonsecure, or a combination of secure and nonsecure. The total number of recorders permitted is five. The first secure dial peer is used to set up the B2B call leg. The behavior in Cisco IOS XE Bengaluru 17.4.1 and earlier releases continues if there are no secure dial peers configured. You can use the media-recording proxy secure command to configure secure dial peers.

  • License Management for Smart Licensing Using Policy, Using Cisco vManage: Cisco SD-WAN operates together with Cisco SSM to provide license management through Cisco vManage for devices operating with Cisco SD-WAN. For this you have to implement a topology where Cisco vManage is connected to CSSM.

    For information about this topology, see the Connected to CSSM Through a Controller, and to know how to implement it, see the Workflow for Topology: Connected to CSSM Through a Controller sections of the Smart Licensing Using Policy for Cisco Enterprise Routing Platforms guide.

    For more information about Cisco vManage, see the License Management for Smart Licensing Using Policy section of the Cisco SD-WAN Getting Start Guide.

    For a more detailed overview on Cisco Licensing, go to cisco.com/go/licensingguide.

  • Enabling Segment Routing Flexible Algorithm with IS-IS:: SegmentRouting Flexible Algorithm allows operators to customize IGP shortest path computation according to their own needs. An operator can assign custom SR prefix-SIDs to realize forwarding beyond link-cost-based SPF. As a result, Flexible Algorithm provides a traffic engineered path automatically computed by the IGP to any destination reachable by the IGP

    • Flex Algo prefix metric: Flex-algo prefix-metric allows to associate metric computed in a flex-algo with a prefix during prefix inter-level leaking or during inter-domain redistribution .This help to compute optimal inter-level or inter-domain path

    • Support for affinities include any/all: Ability to pick and choose the links that they want. User can use a specific path without creating a label stack by using the Prefix SIDs or Adjacency SIDs.

    • TI LFA and uLoop Avoidance : Allows computation of Loop Free Alternate (LFA) paths. TI-LFA backup paths using the same constraints as the calculation of the primary paths for Flexible Algorithms, for IS-IS.

Inter-area leaking of Flexible Algorithm SIDs and prefixes and selectively filtering the paths that are installed to the MFI are also supported.

Resolved and Open Bugs for Cisco IOS XE Bengaluru 17.5.x

Using the Cisco Bug Search Tool

About the Cisco Bug Search Tool

Use the Cisco Bug Search Tool to access open and resolved bugs for a release.

The tool allows you to search for a specific bug ID, or for all the bugs specific to a product and a release.

You can filter the search results by the last modified date, bug status (open or resolved), severity, rating, and support cases.

Open Bugs for Cisco IOS XE Bengaluru 17.5.1

Caveat ID Number

Description

CSCvw83142

C8Kv: IOSD crash during s/w install (from vManage)

CSCvw83359

AWS:c8kv crashed and reboots if shut/no shut an interface a number of times

CSCvx43331

CSR1000v: Crashes during reg_invoke_iosxe_license_export_controlled_enforcement_bypass

CSCvx47010

Tunnel: CPP crashes at IPv4 tunnel decapsulation

CSCvx66783

c8000v FIPS Traceback: UNREGISTERED_DLOPEN: R0/0: psd: Unregistered request to dlopen library

CSCvx86151

ovf-template should give option for DNA essentials, advantage, premier on C8kv deployment in vcenter

CSCvy17208

UTD services ( Firewall/IPS/IDS) are not getting listed on C8000V routers

CSCvy02029

C8000V new PAYG Azure Cloud deployments do not boot with correct throughput level and tech package

Resolved Bugs for Cisco IOS XE Bengaluru 17.5.1

Caveat ID Number

Description

CSCvv35440

C8000v WebUI not accessible by user

CSCvy02029

C8000v new PAYG Azure Cloud deployments do not boot with correct throughput level and tech package