Cisco Nexus 1000V Release Notes, Release 5.2(1)SV3(1.1)
Software Compatibility with VMware
Software Compatibility with CiscoNexus 1000V
Cisco Virtual Switch Update Manager
Support for Installing VXLAN Gateway as a Virtual Machine (VM)
Distributed NetFlow with VXLAN Support
Bridge Protocol Data Unit (BPDU) Guard Support
Cisco TrustSec Enforcement Capability
High Availability Enhancements for Platform-Specific Domain ID Detection
License Versioning and Advanced License 3.0
VXLAN MAC Distribution (VXLAN MD)
VXLAN UDP Port Number Configuration
Deprecated and Removed Features
VSG Release 5.2(1)VSG2(1.2) Limitations
AVS Release 5.2(1)SV3(1.1) Limitations
VDP Release 5.2(1)SV3(1.1) Limitations
Configuration Container Names Must Be Unique
Single VMware Data Center Support
Cisco NX-OS Commands Might Differ from Cisco IOS
DHCP Not Supported for the Management IP
Copy Running-Config Startup-Config Command
SNMP User Accounts Must Be Reconfigured After an Upgrade
Obtaining Documentation and Submitting a Service Request
First Published: 2014-08-22
Last Updated: 2015-12-03
This document describes the features, limitations, and restrictions for the Cisco Nexus 1000V for VMware Release 5.2(1)SV3(1.1). It also explains how to find information about bugs. The following table lists the change history for this document.
Added information about the access-class command in the Access Lists section. |
|
Added the SNMP User Accounts Must Be Reconfigured After an Upgrade section. |
|
Updated VTEP scale limits in Configuration Scale Limits for Cisco Nexus 1000V . |
|
Added the IPv6 Support section. |
|
Added the Deprecated and Removed Features section to note that vCenter plug-in support is deprecated. |
|
Added the ERSPAN section. |
|
Added the VXLAN UDP Port Number Configuration section. |
The Cisco Nexus 1000V for VMware provides a distributed, Layer 2 virtual switch that extends across many virtualized hosts. The Cisco Nexus 1000V manages a data center defined by the vCenter Server. Each server in the data center is represented as a line card in the Cisco Nexus 1000V and can be managed as if it were a line card in a physical Cisco switch.
The servers that run the Cisco Nexus 1000V VSM and VEM must be in the VMware Hardware Compatibility list. This release of the Cisco Nexus 1000V supports vSphere 5.5, 5.1, and 5.0 release trains. For additional compatibility information, see the Cisco Nexus 1000V Compatibility Information.
Note All virtual machine network adapter types that VMware vSphere supports are supported with the Cisco Nexus 1000V. Refer to the VMware documentation when choosing a network adapter. For more information, see the VMware Knowledge Base article #1001805.
This release supports hitless upgrades from Release 4.2(1)SV2(1.1) and later releases. For additional information, see the Cisco Nexus 1000V Software Upgrade Guide.
This section describes the new software features in Cisco Nexus 1000V 5.2(1)SV3(1.1).
Cisco Virtual Switch Update Manager (VSUM) enables you to install, upgrade, and monitor the Cisco Nexus 1000V for VMware vSphere and also migrate hosts to the Cisco Nexus 1000V, using the VMware vSphere Web Client. See the Cisco VSUM Release Notes at http://www.cisco.com/c/en/us/support/switches/nexus-1000v-switch-vmware-vsphere/products-release-notes-list.html.
The Border Gateway Protocol (BGP) control plane feature enables the Cisco Nexus 1000V to exchange the VXLAN information collected on the VSM-VTEP flood list across VSMs. The Cisco Nexus 1000V supports BGP peering among eight VSMs to allow VXLAN segments to reach across servers. BGP runs on the VSM and can exchange VXLAN information with the BGP on any other Cisco Nexus 1000V. The Cisco Nexus 1000V can also be used as a route reflector to exchange VTEP list between VSMs.
Ensure that the port profiles and bridge domains are configured on the VSM. The VSM is connected to vCenter and that all the configurations are pushed from VSM to vCenter. The image is available on the VMware host where the VXLAN is created.
NetFlow lets you evaluate IP traffic and understand how and where it flows. NetFlow gives visibility into traffic transiting the virtual switch by characterizing IP traffic based on its source, destination, timing, and application information. This information is used to assess network availability and performance, assist in meeting regulatory requirements (compliance), and help with troubleshooting. NetFlow gathers data that can be used in accounting, network monitoring, and network planning.
With Distributed NetFlow, the switch sends NetFlow export packets directly from the VEMs to the collectors. It no longer sends export packets through the VSM mgmt0 interface, significantly improving scalability.
With VXLAN support, NetFlow can collect the VXLAN segment ID from its flows. It can also collect Layer 2 fields such as the EtherType, source and destination MAC address, and VLAN ID.
The Cisco Nexus 1000V does not support Spanning Tree Protocol; STP BPDUs are dropped by the Cisco Nexus 1000V. Linux VMs can create bridges within OS to handle NIC failover; these bridges depend on STP communication with neighboring switches. Because the Cisco Nexus 1000V does not support STP, spurious STP BPDUs from virtual machines can cause network loops and upstream internetwork topology recomputation. Enabling BPDU guard causes the Cisco Nexus 1000V to detect these spurious BPDUs and shut down the virtual machine adapters (the origination BPDUs), thereby avoiding loops.
Prior to 5.2(1)SV3(1.1), VEM modules depended on VSM to support IGMP multicast. From 5.2(1)SV3(1.1), VEMs can perform IGMP mrouter detection, IGMP member addition, and deletion without VSM support. IGMP snooping works even when a VEM module is shown as “offline” in VSM.
The Cisco TrustSec security architecture enables you to build secure networks by establishing clouds of trusted network devices. Each device in the cloud is authenticated by its neighbors. Communication on the links between devices in the cloud is secured with a combination of encryption, message integrity checks, and data-path replay protection mechanisms. Cisco TrustSec uses the device and user identification information that is acquired during authentication for classifying or tagging the packets as they enter the network. These packets are tagged on ingress to the Cisco TrustSec network so that they can be identified for the purpose of applying security and other policy criteria along the data path. The tag, also called the security group tag (SGT), allows the network to enforce the access control policy by enabling the endpoint device to act upon the SGT to filter traffic
If you configure or install a VSM with the same domain ID when a VSM pair is already in place, a domain ID collision occurs. In releases earlier than 5.2(1)SV3(1.1), this collision breaks high availability (HA) between the existing HA pair. In 5.2(1)SV3(1.1), the rogue VSM does not affect the existing VSM HA pair because the source MAC addresses of the VSM HA packets are validated and the rogue VSM packets are dropped.
The Cisco Nexus 1000V supports Essential and Advanced license editions. Beginning with Cisco Nexus 1000V Release 5.2(1)SV3(1.1), the Advanced license supports License Edition 3.0. The License Edition 3.0 is required and must be installed to enable and provision the new features, such as VXLAN BGP Control Plane, IPv6 ACL, BPDU Guard, and Traffic Storm Control, and to scale above 128 VEM modules.
Layer 3 Security (L3Sec) is a framework that secures the internal control plane communications (control and packet traffic) between Cisco Nexus 1000V VSM and VEM modules in a more robust way than in previous releases.
A traffic storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. You can use the traffic storm control feature to prevent disruptions on Layer 2 ports by a broadcast, multicast, or unknown unicast traffic storm on physical interfaces.
Access lists determine what traffic is blocked and what traffic is forwarded at device interfaces and allow filtering of traffic based on source and destination addresses, and inbound and outbound traffic to a specific interface. IPv6 ACL functionality was extended to support traffic filtering based on IPv6 option headers and optional, upper-layer protocol type information for finer granularity of control.
This section describes the changed software features in Cisco Nexus 1000V 5.2(1)SV3(1.1).
VSD is no longer supported as of this release. You must remove the VSD feature before upgrading to Release 5.2(1)SV3(1.1).
The domain ID range has been reduced from 1–4094 to 1–1023. An upgrade to 5.2(1)SV3(1.1) succeeds even if the domain ID value is greater than 1023.
The VXLAN user datagram protocol (UDP) port is used in VXLAN encapsulation. You must permit this port through any intermediate firewall.
In Cisco Nexus 1000V for VMware Release 4.2(1)SV2(2.1) and earlier, the default UDP port number was 8472. Beginning with Release 5.2(1)SV3(1.1), the default UDP port number has changed to the recently IANA-approved UDP port number 4789. This change affects the Cisco Nexus 1000V for VMware software installation, upgrade, and VXLAN configuration in the following ways:
Support of the vCenter plug-in is deprecated in this release. The Cisco Virtual Switch Update Manager has replaced vCenter plug-in functionality.
This section describes the limitations and restrictions of the Cisco Nexus 1000V for VMware.
In Release 5.2(1)SV3(1.1), when VSG solutions using version 5.2(1)VSG2(1.2) are deployed, the following scale limitations apply and supersede the scale numbers shown in Table 1 :
In Release 5.2(1)SV3(1.1), when AVS solutions are deployed, the following scale limitations apply and supersede the scale numbers shown in Table 1 :
In Release 5.2(1)SV3(1.1), when VDP solutions are deployed, the following scale limitations apply and supersede the scale numbers shown in Table 1 :
All Cisco Nexus 1000V VSM configuration containers—port profiles, bridge domains, ACLs, class maps, policy maps, and so on—must have unique names.
In earlier releases you could create two configuration containers (for example, two port profiles) with the same name but different case sensitivity; for example, vmotion and VMOTION.
In the current release, you cannot create two configuration containers (for example, two port profiles) with the same name but different case sensitivity. During an upgrade, one of the port profiles with a duplicate name is deleted, which moves the corresponding ports in vCenter into quarantined state.
For example, do not create bridge domains with the same name (one uppercase, one lowercase) that point to different segments. (See Example 1 and Example 2.)
The Cisco Nexus 1000V for VMware can be connected to a single VMware vCenter Server data center object. Note that this virtual data center can span multiple physical data centers.
Each VMware vCenter can support multiple Cisco Nexus 1000V VSMs per vCenter data center.
Implementing VDP on the Cisco Nexus 1000V has the following limitations and restrictions:
If the ERSPAN source and destination are in different subnets, and if the ERSPAN source is an L3 control VM kernel NIC attached to a Nexus 1000V VEM, you must enable proxy-ARP on the upstream switch.
If you do not enable proxy-ARP on the upstream switch (or router, if there is no default gateway), ERSPAN packets are not sent to the destination.
VMotion of VSM has the following limitations and restrictions:
For more information about VMotion of VSM, see the Cisco Nexus 1000V Software Installation Guide.
The NetFlow configuration has the following limitations and restrictions:
Port profiles have the following limitations and restrictions:
In Release 5.2(1)SV3(1.1), only LACP offload to VEM is supported. Upgrades from previous releases to this release changes LACP to offload mode by default.
Be aware that the Cisco NX-OS CLI commands and modes might differ from those commands and modes used in the Cisco IOS software.
For information about CLI commands, see the Cisco Nexus 1000V Command Reference.
The Cisco Nexus 1000V for VMware forwarding logic is designed to prevent network loops; therefore, it does not use the Spanning Tree Protocol. Packets that are received from the network on any link connecting the host to the network are not forwarded back to the network by the Cisco Nexus 1000V.
The Cisco Discovery Protocol (CDP) is enabled globally by default.
CDP runs on all Cisco-manufactured equipment over the data link layer and does the following:
– CDP can discover up to 256 neighbors per port if the port is connected to a hub with 256 connections.
If you disable CDP globally, CDP is also disabled for all interfaces.
For more information about CDP, see the Cisco Nexus 1000V System Management Configuration Guide.
DHCP is not supported for the management IP. The management IP must be configured statically.
We recommend that you configure spanning-tree port type edge on upstream switches for faster convergence.
The following commands are available to use on Cisco upstream switch ports in interface configuration mode:
When the maximum transmission unit (MTU) is configured on an operationally up interface, the interface goes down and comes back up.
Supported MTU values vary according to underlying physical NIC capability.
When a VEM communicates with the Cisco Virtual Security Gateway (VSG) in Layer 3 mode, an additional header with 94 bytes is added to the original packet. You must set the MTU to a minimum of 1594 bytes to accommodate this extra header for any network interface through which the traffic passes between the Cisco Nexus 1000V and the Cisco VSG. These interfaces can include the uplink port profile, the proxy ARP router, or a virtual switch.
When you are using the copy running-config startup-config command, do not press the PrtScn key. If you do, the command aborts.
If you are upgrading from a release earlier than 5.2(1)SV3(1.1), the SNMP engine ID changes internally to a unique engine ID. You must reconfigure all SNMP user accounts to work with the new engine ID. Until the SNMP user accounts are reconfigured, all SNMPv3 queries fail. This restriction is associated with the defect CSCuo12696.
After an upgrade, the engine ID is shown as 128:0:0:9:3:2:0:12:0:0:0, as follows:
Complete the following steps to delete and recreate the username. Note that paswd123 is an example that represents the SNMP user password.
Step 2 Use one of the following options to recreate the username:
Step 3 Confirm that the engine ID has been updated, as follows:
Step 4 Verify that the engine ID is unique:
Use the Bug Search tool to search for a specific bug or to search for all bugs in a release.
Step 1 Go to http://tools.cisco.com/bugsearch.
Step 2 At the Log In screen, enter your registered Cisco.com username and password; then, click Log In. The Bug Search page opens.
Note If you do not have a Cisco.com username and password, you can register for them at http://tools.cisco.com/RPF/register/register.do.
Step 3 To search for a specific bug, enter the bug ID in the Search For field and press Return.
Step 4 To search for bugs in the current release:
a. In the Search For field, enter Cisco Nexus 1000V for VMware and press Return. (Leave the other fields empty.)
b. When the search results are displayed, use the filter tools to find the types of bugs you are looking for. You can search for bugs by modified date, status, severity, and so forth.
To export the results to a spreadsheet, click the Export Results to Excel link.
The Cisco Management Information Base (MIB) list includes Cisco proprietary MIBs and many other Internet Engineering Task Force (IETF) standard MIBs. These standard MIBs are defined in Requests for Comments (RFCs). To find specific MIB information, you must examine the Cisco proprietary MIB structure and related IETF-standard MIBs supported by the Cisco Nexus 1000V Series switch.
The MIB Support List is available at the following FTP site:
ftp://ftp.cisco.com/pub/mibs/supportlists/nexus1000v/Nexus1000VMIBSupportList.html
For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What’s New in Cisco Product Documentation at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html.
Subscribe to What’s New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service.