Cisco NX-OS Release 11.0(4h) Release Notes for Cisco Nexus 9000 Series ACI-Mode Switches
Available Languages
Cisco NX-OS Release 11.0(4h) Release Notes for Cisco Nexus 9000 Series ACI-Mode Switches
First Published: May 7, 2015
This document describes the features, caveats, and limitations for Cisco NX-OS software that runs on Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) switches. Use this document in combination with the Cisco Application Policy Infrastructure Controller, Release 1.0(4h), Release Notes. Additional product documentation is listed in the “Related Documentation” section.
Release notes are sometimes updated with new information about restrictions and caveats. See the following website for the most recent version of the Cisco NX-OS Release 11.0(4h) Release Notes for Cisco Nexus 9000 Series ACI-Mode Switches:
Table 1shows the online change history for this document.
Table 1. Online History Change
| Date |
Description |
| May 7, 2015 |
Created the release notes for Release 11.0(4h). |
| May 8, 2015 |
Moved CSCus59893 to Resolved Caveats. |
| May 12, 2015 |
Modified the Supported FEX Modules table. |
| June 19, 2015 |
Removed upgrade and downgrade instructions. This information is found in the APIC 1.0(4h) release notes. |
| July 8, 2015 |
Added B22 FEX models to the Supported FEX Models table. |
| December 9, 2015 |
Fixed incorrect URLs to the documentation on cisco.com. |
| March 1, 2016 |
In the Compatibility Information, fixed an incorrect reference to a leaf switch. |
Contents
This document includes the following sections:
■ Contents
■ Cisco Nexus 9000 Series ACI-Mode
■ Caveats
Cisco Nexus 9000 Series ACI-Mode
Cisco NX-OS Software for the Cisco Nexus 9000 Series is a data center, purpose-built, operating system designed with performance, resiliency, scalability, manageability, and programmability at its foundation. It provides a robust and comprehensive feature set that meets the requirements of virtualization and automation in data centers
Cisco NX-OS Release 11.0 works only on Cisco Nexus 9000 Series switches in ACI Mode.
See Table 2 for a list of modules that are supported on Cisco Nexus 9000 Series switches in ACI Mode.
Supported Hardware
Table 2 lists the hardware that the Cisco Nexus 9000 Series ACI Mode switches support.
Table 2. Cisco Nexus 9000 Series Hardware.
| Hardware Type |
Product ID |
Description |
| Chassis |
N9K-C9504 |
Cisco Nexus 9504 chassis with four slots |
| Chassis |
N9K-C9508 |
Cisco Nexus 9508 chassis with 8 slots |
| Chassis component |
N9K-C9508-FAN |
Fan tray |
| Chassis component |
N9k-PAC-3000W-B |
Cisco Nexus 9500 3000W AC power supply, port side intake |
| Pluggable module (GEM) |
N9K-M6PQ |
6-port |
| Pluggable module (GEM) |
N9K-M12PQ |
12-port or 8-port |
| Spine switch |
N9K-C9336PQ |
Cisco Nexus 9336PQ switch, 36-port 40 Gigabit Ethernet QSFP |
| Spine switch |
N9K-C9508-B1 |
Cisco Nexus 9508 chassis bundle with 1 supervisor module, 3 power supplies, 2 system controllers, 3 fan trays, and 3 fabric modules |
| Spine switch |
N9K-C9508-B2 |
Cisco Nexus 9508 chassis bundle with 1 supervisor module, 3 power supplies, 2 system controllers, 3 fan trays, and 6 fabric modules |
| Spine switch fan |
N9K-C9300-FAN3 |
Port side intake fan |
| Spine switch fan |
N9K-C9300-FAN3-B |
Port side exhaust fan |
| Spine switch module |
N9K-C9504-FM |
Cisco Nexus 9504 fabric module |
| Spine switch module |
N9K-C9508-FM |
Fabric module |
| Spine switch module |
N9K-X9736PQ |
Cisco Nexus 9500 36-port, 40 Gigabit Ethernet QSFP aggregation module |
| Switch module |
N9K-SC-A |
Cisco Nexus 9500 Series system controller |
| Switch module |
N9K-SUP-A |
Cisco Nexus 9500 Series supervisor module |
| Switch module |
N9K-SUP-B |
Cisco Nexus 9500 Series supervisor module |
| Top-of-rack (ToR) leaf switch |
N9K-C93128TX |
Cisco Nexus 9300 96-port, 1-/10-Gbps BASE-T and 6-port or 8-port, 40 Gigabit Ethernet QSFP switch |
| Top-of-rack (ToR) leaf switch |
N9K-C9332PQ |
Cisco Nexus 9332PQ 32-port 40 Gigabit Ethernet QSFP+ Top-of-rack (ToR) Layer 3 switch |
| Top-of-rack (ToR) leaf switch |
N9K-C9372PX |
Cisco Nexus 9372PX 48-port, 10 Gigabit Ethernet SFP+ and 6-port 40 Gigabit Ethernet QSFP+ Top-of-rack (ToR) Layer 3 switch |
| Top-of-rack (ToR) leaf switch |
N9K-C9372TX |
Cisco Nexus 9372TX 48-port, 1/10 Gbps Base-T and 6-port, 40 Gigabit Ethernet QSFP Top-of-rack (ToR) Layer 3 switch |
| Top-of-rack (ToR) leaf switch |
N9K-C9396PX |
Cisco Nexus 9300 48-port, 1/10 Gigabit Ethernet SFP+ and 6-port or 12-port, 40 Gigabit Ethernet QSFP switch |
| Top-of-rack (ToR) leaf switch |
N9K-C9396TX |
Cisco Nexus 9300 48-port, 1/10 Gbps Base-T and 6-port or 12-port, 40 Gigabit Ethernet QSFP switch |
| Top-of-rack (ToR) leaf switch power supply unit |
UCSC-PSU-930WDC V01 |
Port side intake DC power supply compatible with all ToR leaf switches |
| Top-of-rack (ToR) leaf switch power supply unit |
N9K-PAC-650W-B |
650W AC Power supply, port side exhaust pluggable |
| Top-of-rack (ToR) leaf switch power supply unit |
N9K-PAC-650W |
650W AC Power supply, port side intake pluggable |
| Top-of-rack (ToR) leaf switch power supply unit |
N9K-PAC-1200W-B |
1200W AC Power supply, port side exhaust pluggable |
| Top-of-rack (ToR) leaf switch power supply unit |
N9K-PAC-1200W |
1200W AC Power supply, port side intake pluggable |
| Top-of-rack (ToR) leaf switch power supply unit |
N9K-PUV-3000W-B |
3000W AC Power supply, port side exhaust pluggable |
| Top-of-rack (ToR) leaf switch fan |
NXA-FAN-30CFM-F |
Port side exhaust fan |
| Top-of-rack (ToR) leaf switch fan |
NXA-FAN-30CFM-B |
Port side intake fan |
Supported FEX Models
Table 3 lists the FEX models that the Cisco Nexus 9000 Series ACI Mode switches support. For more information on the FEX models, see Cisco Nexus 2000 Series Fabric Extenders Data Sheet.
Note: FEX requires software version 5.x or later to be brought up successfully.
Table 3. Supported FEX Models.
| Product ID |
Description |
| N2K-B22DELL-P |
B22 FEX for Dell |
| N2K-B22IBM-P |
B22 FEX for IBM |
| N2K-C2248PQ-10GE |
Cisco Nexus 2248PQ 10GE Fabric Extender, 2PS, 4 Fan Module, 48x1/10GE (req SFP/SFP+) + 4x40G QSFP+(req QSFP+), choice of airflow and power supply |
| N2K-C2248TP-1GE |
Cisco Nexus 2248TP Series 1GE Fabric Extender, 2 AC PS, 1 Fan Module (Standard Airflow/port side exhaust), 48x100/1000Base-T + 4x10GE (req SFP+), same as N2K-C2248TP |
| N2K-C2248TP-E-1GE |
Cisco Nexus 2248TP-E Series 1GE Fabric Extender, 2PS, 1 Fan Module, 48x100/1000Base-T + 4x10GE (req SFP+), 32MB buffer, choice of airflow and power supply |
| N2K-C2232PP-10GE |
Cisco Nexus 2232PP Series 10GE Fabric Extender, 2 AC PS, 1 Fan Module (Standard Airflow/port side exhaust), 32x1/10GE (req SFP/SFP+) + 8x10GE (req SFP+), same as N2K-C2232PP |
| N2K-C2232TM-E-10GE |
Cisco Nexus 2232TM-E Series 10GBASE-T Fabric Extender, 2PS, 1 Fan Module, 32x1/10GBase-T + 8x10GE Module (req SFP+), choice of airflow and power supply |
Installation Notes
For installation instructions, see the Cisco ACI Fabric Hardware Installation Guide.
Compatibility Information
■ Cisco NX-OS Release 11.0(4h) supports the hardware and software listed on the ACI Ecosystem Compatibility List and the Cisco AVS, Release 4.2(1)SV2(2.3).
■ The breakout of 40G ports to 4x10G on the N9332PQ switch is not supported in ACI-Mode
■ To connect the APIC (the controller cluster) to the ACI fabric, it is required to have a 10G interface on the ACI leaf. You cannot connect the APIC directly to the N9332PQ ACI spine.
Usage Guidelines
■ The current list of protocols that are allowed (and cannot be blocked through contracts) include the following. Some of the protocols have SrcPort/DstPort distinction.
Note: Also see the APIC release notes for policy information: https://www.cisco.com/c/en/us/support/cloud-systems-management/application-policy-infrastructure-controller-apic/tsd-products-support-series-home.html
— UDP DestPort 161: SNMP. These cannot be blocked through contracts. Creating an SNMP ClientGroup with a list of Client-IP Addresses restricts SNMP access to only those configured Client-IP Addresses. If no Client-IP address is configured, SNMP packets are allowed from anywhere.
— TCP SrcPort 179: BGP
— TCP DstPort 179: BGP
— OSPF
— UDP DstPort 67: BOOTP/DHCP
— UDP DstPort 68: BOOTP/DHCP
— IGMP
— PIM
— UDP SrcPort 53: DNS replies
— TCP SrcPort 25: SMTP replies
— TCP DstPort 443: HTTPS
— UDP SrcPort 123: NTP
— UDP DstPort 123: NTP
■ Leafs and spines from two different fabrics cannot be connected regardless of whether the links are administratively kept down.
Caveats
This section contains lists of open and resolved caveats and known behaviors.
Open Caveats
Table 4 lists the open caveats in the Cisco NX-OS Release 11.0(4h). Click the bug ID to access the Bug Search tool and see additional information about the bug.
Table 4. Open Caveats in Cisco NX-OS Release 11.0(4h)
| Bug ID |
Description |
| FEX logs are missing in the output of the show fex detail command. |
|
| Events and faults for interfaces are not updated under Ports in the GUI. |
|
| The output of some CLI commands displays very slowly. |
|
| FEX related diagnostic results are missing. |
|
| The Logical Interface Profile configuration for SVI does not require the user to enter a subnet mask. |
|
| The command show endpoint vrf all does not provide a summary of all the VRFs. |
|
| The REST API on the CLI of the switch throws an error when trying to reload. |
|
| FEX support is not available when connected behind a N9K-C9332PQ ToR. |
|
| When a traceroute is performed from a VM attached to a regular bridge domain and to a VM behind a border leaf, and both of these VMs are behind two different ToRs, the traceroute does not show the ToR with the border leaf. |
Resolved Caveats
Table 5 lists the resolved caveats in the Cisco NX-OS Release 11.0(4h). Click a Bug ID to access the Bug Search Tool and see additional information about the bug.
Table 5. Resolved Caveats in Cisco NX-OS Release 11.0(4h)
| Bug ID |
Description |
| When an external network instance profile (l3extInstP) is not configured in an external routed network, the configuration will not be deployed in the switch. However, there is no fault generated. Users usually miss this while configuring from GUI. |
|
| A BGP route from the border leaf that was reloaded is not selected by the BGP best path algorithm. This is because the ISIS IGP metric to that leaf is very high ( > 32). |
|
| ARP does not reach hosts in the same endpoint group. |
|
| When a traceroute is initiated from the APIC to one of the nodes, transit leaf nodes directly connected to an APIC respond using the infra SVI IP instead of the node's TEP IP. As a result, the traceroute output does not identify those transit leaf nodes. |
|
| When performing a traceroute from an APIC to the fabric nodes, the transit spines are not responding. |
|
| On the following triggers, shared service traffic (inter vrf) between a few hosts is affected. ■ Deleting and re-adding tenant. ■ Deleting and re-adding context. ■ Stateless reboot of TOR. This is due to a timing issue and it is not always seen. |
|
| Multiple BGP neighbors will appear on the border leaf on the tenant VRF if a mask other than /32 is used. |
|
| When all member links of a vPC is flapped, without LACP enabled on the port channel, the bridge domain could be learn disabled for 300secs. This is because the endpoint moves between individual member links and the VPC. This makes the convergence time longer. |
|
| Inter-vrf traffic within a tenant can be dropped in a scenario where endpoints from a destination VRF get learned in a source VRF on an ingress leaf. |
|
| The custom QoS policy has DSCP and dot1p rules configured. These rules are associated to the endpoint group (EPG) using the QoS custom policy. When a large number of QoS policies are associated with EPGs on a ToR, the programming of DSCP and dotp rules might fail due to unavailable hardware resources. This raises faults on the ToR. These faults are propagated to the APIC, but, currently, this does not affect the health score of the EPG or the tenant. |
|
| Migrating the last VM1 (EP = vNIC of the VM1) in the endpoint group from behind a leaf1 causes traffic to be disrupted. |
|
| Only 1 routed external network is supported per private network (fvCtx). |
|
| When an endpoint group (EPG) is not associated with a domain, it will still be deployed. |
|
| When using copper QSFP cables (QSFP-H40G-CU1M, QSFP-H40G-CU3M, QSFP-H40G-CU5M, QSFP-H40G-ACU7M, QSFP-H40G-ACU10M) with Auto Neg set to On (on the remote side), the link will not come up. If Auto Neg is set to Off, the link will come up. |
|
| While configuring ext-svi on a vPC, along with secondary addresses, the secondary addresses will not be deployed on the leafs. |
|
| When shared service is enabled before attempting an iping, without providing the source address from VRF X to the endpoints of VRF Y, it may fail. |
|
| If the end host fails over on to its peer node (vPC peers) for fault tolerance with RARP as the notification method, this could cause traffic loss up to the remote-age-interval from an endpoint outside of the vPC domain. |
|
| The remote learned endpoint may not age out on one leaf of the vPC domain. |
|
| The custom QoS policy has DSCP and dot1p rules configured. These rules are associated to the endpoint group (EPG) using the QoS custom policy. When 2000 EPGs are deployed on a ToR, and all the EPGs are associated with the QoS policy, any addition or modification of the QoS policy/DSCP/dot1p may take close to seven minutes to be reflected on the ToR. |
|
| The N9K-C9372PX, N9K-C9332PQ, and N9K-C9372TX 1RU TOR models do not raise faults for a BIOS version mismatch. |
|
| With the configuration of ARP optimized flooding on ACI and ARP optimized refresh on servers, bandwidth starvation on a node may occur. This occurs in a scenario where the IP changes its MAC binding, and the server is still sending ARP requests with the unicast destination MAC of the IP’s previous MAC binding information. |
Known Behaviors
Table 6 lists caveats that describe known behaviors in the Cisco NX-OS Release 11.0(4h). Click the Bug ID to access the Bug Search Tool and see additional information about the bug.
Table 6. Known Behaviors in Cisco NX-OS Release 11.0(4h)
| Bug ID |
Description |
| Configuring the BGP maximum prefix policy is not supported. |
|
| Layer 3 switched packets that go out of a FEX Hif interface are not spanned. |
|
| When output span is enabled on a port where the filter is VLAN, multicast traffic in the VLAN that goes out of that port is not spanned. |
|
| Continuous “threshold exceeded” messages are generated from the fabric. |
|
| Switch rescue user ("admin") can log into fabric switches even when TACACS is selected as the default login realm. |
|
| An extra 4 bytes is added to the untagged packet with Egress local and remote SPAN. |
|
| When the command show ip ospf vrf <vrf_name> is run from bash on the border leaf, the checksum field in the output always shows a zero value. |
|
| When an IP moves from one MAC behind one ToR to another MAC behind another ToR, even though the VM sends a GARP packet, in ARP unicast mode, this GARP packet is not flooded. As a result, any other host with the original MAC to IP binding sending an L2 packet will send to the original ToR where the IP was in the beginning (based on MAC lookup), and the packet will be sent out on the old port (location). Without flooding the GARP packet in the network, all hosts will not update the MAC-to-IP binding. |
|
| When modifying the L2Unknown Unicast parameter on a Bridge Domain (BD), interfaces on externally connected devices may bounce. Additionally, the endpoint cache for the BD is flushed and all endpoints will have to be re-learned. |
|
| If an endpoint has multiple IPs, the endpoint will not be aged until all IPs go silent. If one of the IPs is reassigned to another server/host, the fabric detects it as an IP move and forwarding will work as expected. |
|
| The PSU is not getting detected after OIR with Power input connected. |
|
| iping picks a source address from a different subnet for a directly connected destination. |
|
| The port-channel remains in the admin-down state after being enabled. |
|
| The access-port operational status is trunk. |
|
| When removing the secondary IP on an external SVI interface, static routes defined in the VRF, or context of the SVI, are removed causing traffic to be looped in the fabric. |
|
| The output incorrectly displays AOC cables as ACU cables. |
|
| If the TOR 1RU system is configured with the RED fan (the reverse airflow), the air will flow from back to front. The temperature sensor in the back will be defined as an Inlet temperature sensor, and the temperature sensor in the front will be defined as an outlet temperature sensor. If the TOR 1RU system is configured with the BLUE fan (normal airflow), the air will flow from front to back. The temperature sensor in the front will be defined as an Inlet temperature sensor, and the temperature sensor in the back will be defined as outlet temperature sensor. From the airflow perspective, the Inlet sensor reading should always be less than the outlet sensor reading. However, in the TOR 1RU family, the front panel temperature sensor has some inaccurate readings due to the front panel utilization & configuration, which causes the Inlet temperature sensor reading to be very close, equal, or even greater than the outlet temperature reading. |
|
| 10% to 11% traffic drops occur on Unicast Traffic Streams. |
|
| Traffic from the orphan port to the vPC pair is not recorded against the tunnel stats. Traffic from the vPC pair to the orphan port is recorded against the tunnel stats. |
|
| Traffic from the orphan port to the vPC pair is only updated on the destination node, so the traffic count shows as excess. |
■ The Cisco Nexus 9508 ACI-mode switch supports warm (stateless) standby where the state is not synched between the active and the standby supervisor modules. For an online insertion and removal (OIR) or reload of the active supervisor module, the standby supervisor module becomes active, but all modules in the switch are reset because the switchover is stateless. In the output of the show system redundancy status command, warm standby indicates stateless mode.
■ When a recommissioned APIC controller rejoins the cluster, GUI and CLI commands can time out while the cluster expands to include the recommissioned APIC controller.
■ If connectivity to the APIC cluster is lost while a switch is being decommissioned, the decommissioned switch may not complete a clean reboot. In this case, the fabric administrator should manually complete a clean reboot of the decommissioned switch.
■ Before expanding the APIC cluster with a recommissioned controller, remove any decommissioned switches from the fabric by powering down and disconnecting them. Doing so will ensure that the recommissioned APIC controller will not attempt to discover and recommission the switch.
IGMP Snooping Known Behaviors:
■ Multicast router functionality is not supported when IGMP queries are received with VxLAN encapsulation.
■ IGMP Querier election across multiple Endpoint Groups (EPGs) or Layer 2 outsides (External Bridged Network) in a given Bridge Domain (BD) is not supported. Only one EPG or Layer 2 outside for a given BD should be extended to multiple multicast routers if any.
■ The rate of the number of IGMP reports sent to a leaf switch should be limited to 1000 reports per second.
■ Unknown IP multicast packets are flooded on ingress leaf switches and border leaf switches, unless “unknown multicast flooding” is set to “Optimized Flood” in a BD. This knob can be set to “Optimized Flood” only for a maximum of 50 BDs per leaf.
If “Optimized Flood” is enabled for more than the supported number of BDs on a leaf, follow these configuration steps to recover:
— Set “unknown multicast flooding” to “Flood” for all BDs mapped to a leaf.
— Set “unknown multicast flooding” to “Optimized Flood” on needed BDs.
Related Documentation
This section lists the product documentation for the Cisco ACI.
Web-Based Documentation
■ Cisco APIC Management Information Model Reference
■ Cisco APIC Online Help Reference
■ Cisco ACI MIB Support List
■ Cisco 10-Gigabit Ethernet Transceiver Modules Compatibility Matrix:
■ Cisco 40-Gigabit Ethernet Transceiver Modules Compatibility Matrix:
Downloadable Documentation
■ Cisco ACI Fundamentals
■ Cisco APIC Getting Started Guide
■ Cisco APIC REST API User Guide
■ Cisco APIC Command Line Interface User Guide
■ Cisco ACI Switch CLI Command Reference, NX-OS Release 11.0
■ Cisco APIC Faults, Events, and Error Messages Guide
■ Cisco ACI System Messages Reference Guide
■ Cisco ACI Troubleshooting Guide
■ Cisco NX-OS to APIC Mapping Guide
■ Cisco APIC Layer 4 to Layer 7 Device Package Development Guide
■ Cisco APIC Layer 4 to Layer 7 Services Deployment Guide
■ Cisco AVS Configuration Guide
■ Cisco AVS Installation and Upgrade Guide
■ Cisco ACI MIB Quick Reference
■ Cisco ACI Fabric Hardware Installation Guide
■ Cisco ACI MIB Quick Reference
■ Cisco APIC Release Notes
■ Cisco Application Centric Infrastructure Release Notes
Hardware Documentation
■ Cisco Nexus 9336PQ ACI-Mode Switch Hardware Installation Guide
■ Cisco Nexus 9508 ACI-Mode Switch Hardware Installation Guide
This document is to be used in conjunction with the documents listed in the “Related Documentation” section.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2015-2016 Cisco Systems, Inc. All rights reserved.
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)