Limitations for ALE 40G Uplink Ports on Cisco Nexus 9000 Series Switches
Available Languages
Limitations for ALE 40G Uplink Ports
The following limitations apply to Application Leaf Engine (ALE) 40G uplink ports on Cisco Nexus 9300 and 9500 Series devices:
General Limitations
Private VLAN promiscuous ports, promiscuous trunk ports, and host ports are not supported on ALE 40G uplink ports.
FEX is not supported on ALE 40G uplink ports.
Intelligent Traffic Director (ITD) is not supported on Cisco Nexus 9300 Series switch ALE 40G uplink ports.
IP Source Guard (IPSG) is not supported on ALE 40G uplink ports.
An ALE 40G trunk port sends tagged packets on the native VLAN of the port. Normally, untagged packets are sent on the native VLAN.
An ALE 40G uplink port is not able to strip the dot1q tag for native VLANs, so packets will carry the dot1q tag for native VLANs.
Prior to Cisco NX-OS Release 7.0(3)I2(2a), when ports 25 and 26 on the Cisco Nexus 9332PQ switch are configured as the port channel, they might drop egress traffic when ingress traffic appears on the ALE 40G uplink ports. This behavior is addressed in CSCux28935.
Port channels cannot contain both ALE and Network Forwarding Engine (NFE) members.
Because ALE 40G uplink ports cannot handle both tagged and untagged packets on the same port, only tagged packets can be sent on the switchport trunk, even if the VLAN is the native VLAN or in one of the tagged member lists.
Q-in-Q is not supported on the ALE 40G uplink ports of Cisco Nexus 9332PQ, 9372PX, 9372TX, and 93120TX switches and Cisco Nexus 9396PX, 9396TX, and 93128TX switches with the N9K-M6PQ or N9K-M12PQ generic expansion module (GEM).
Q-in-Q switchport mode is not supported on ALE 40G uplink ports.
For Q-in-Q traffic flowing from Cisco Nexus 9300 Series switch ALE 40G uplink ports to Network Forwarding Engine (NFE) ports, the inner CoS value gets reset but is copied to the outer header.
Cut-through switching is supported on Cisco Nexus 9300 Series switches for traffic from ALE 40G uplink ports to 10G NFE ports. Traffic going from 10G NFE ports to ALE 40G uplink ports will always be store and forward.
ALE 40G uplink ports do not show invalid Ethertype packets as unicast while NFE ports do.
The ALE Layer 2 cache size is 32,000 while the NFE Layer 2 MAC table size is 96,000, so out-of-band flow control (OOBFC) is used for entries that make it into the cache. Other entries use the default transit queue.
The uplink module should not be removed from a Cisco Nexus 9300 Series switch that is running Cisco NX-OS Release 7.0(3)I1(1). The ports on the uplink module should not be used to connect FEX modules.
The ASIC Memory-Cisco ALE test is applicable only for the N9K-X9564PX and N9K-X9564TX line cards.
sFlow should be disabled on an ALE 40G port channel before you add or remove a member of the port channel.
Disabling sFlow on one ALE 40G uplink port could cause the rest of the sFlow-enabled ALE 40G uplink ports to stop sampling. To work around this issue, disable and then re-enable sFlow on one of the other sFlow-enabled ALE 40G uplink ports.
Link-Level Limitations
Auto-negotiation is not supported on ALE 40G uplink ports.
Breakout is not supported on ALE 40G uplink ports.
Due to a hardware limitation, the Cisco QSFP+ to SFP+ adapter (QSA) module can support only 10G speed. 1G is not supported.
Due to a hardware limitation, QSA support requires six ports to be configured in a 10G speed group.
When you use a QSFP-40G-CR4 cable to connect Cisco Nexus 9332PQ non-ALE ports and Cisco Nexus 9372PX ALE 40G uplink ports, you must set the speed to 40000.
QoS Limitations
Egress QoS policies on ALE 40G uplink ports on Cisco Nexus 9300 Series switches are not supported.
- MAC packet classification is not supported when MAC ACLs are used as match criteria for QoS policies on Cisco Nexus 9300 Series switch ALE 40G uplink ports.
QoS traffic shaping is not supported on front-panel ALE 40G uplink ports. When traffic shaping is configured for the system level, the setting is ignored and no error message is displayed. When traffic shaping is configured for the port level, the setting is rejected and an error message is displayed.
Weighted random early detection (WRED) is not supported on front-panel ALE 40G uplink ports. When WRED is configured for the system level, the setting is ignored and no error message is displayed. When WRED is configured for the port level, the setting is rejected and an error message is displayed.
Monitoring the shared QoS packet buffer on ALE-enabled devices is not supported for the port level.
Beginning with Cisco NX-OS Release 7.0(3)I1(2), link level flow control and priority flow control (PFC) are supported on Cisco Nexus 9300 Series switches and line cards that contain the ALE.
802.1Q user-priority tagged frames (VLAN 0 with an 802.1p CoS value in the VLAN tag) are dropped on ALE 40G uplink ports on Cisco Nexus 9300 Series switches.
QoS policy is not supported on ALE 40G uplink subinterface ports. QoS policy can be applied on physical interfaces, which will be used by all of the subinterfaces on that physical port.
QoS policy map statistics for ALE 40G uplink ports (using the show policy-map stats command) displays only forwarded packets and not dropped packets if there is congestion on the ALE to NFE ports.
QoS classification is not supported for VXLAN traffic in the network-to-access direction on Layer 3 uplink interfaces.
Due to a hardware limitation, ALE 40G uplink ports cannot provide a per-queue drop count. There is only one counter, which can be configured for one particular queue drop or for drops on all the queues using the hardware qos eoq stats-class qos-group {qos-group-value | all} command.
Explicit congestion notification (ECN) marking does not work if the egress 10G port on the Cisco Nexus 9396PX switch is congested from the ALE 40G uplink port with the ALE ultra burst buffer profile configured. ECN marking works with the burst or mesh ALE buffer profile and does not work with the ultra burst profile.
The default QoS TCAM carving for ALE-enabled devices is Layer 2 port QoS (IPv4) with 256 entries. (In addition, a separate TCAM in the Cisco Nexus 9396PX and 93128TX switch ALE 40G uplink ports is used for the QoS classification policies applied on 40G uplink ports. By default, this separate TCAM is carved for Layer 3 QoS (IPv4), Layer 2 port QoS (IPv4), and VLAN QoS (IPv4) with 256 entries each.) For more information on the supported QoS TCAM regions, see the "About QoS TCAM Carving" section in the Cisco Nexus 9000 Series NX-OS Quality of Service Configuration Guide.
Security Limitations
Due to a hardware limitation, storm suppression packet statistics are not supported on ALE 40G uplink ports.
Storm control accuracy on ALE 40G uplink ports is not accurate compared to NFE.
Egress router access control lists (RACLs) are not supported on Cisco Nexus 9300 Series switch ALE 40G uplink ports.
For Cisco Nexus 9332PQ, 9372PX, 9372TX, and 93120TX switches and for Cisco Nexus 9396PX, 9396TX, and 93128TX switches with the N9K-M6PQ or N9K-M12PQ generic expansion module (GEM), you must configure the sFlow and SPAN ACL TCAM region sizes for any uplink ports that are to be configured as an sFlow data source. To do so, use the hardware access-list tcam region sflow and hardware access-list tcam region span commands. For more information, see the "Configuring ACL TCAM Region Sizes" section in the Cisco Nexus 9000 Series NX-OS Security Configuration Guide.
SPAN and ERSPAN Limitations
A SPAN or ERSPAN copy of Cisco Nexus 9300 Series switch ALE 40G uplink ports will miss the dot1q information when spanned in the Rx direction.
ERSPAN and ERSPAN ACL sessions are terminated identically at the destination router only when the ERSPAN destination IP address is resolved through Cisco Nexus 9300 Series switch ALE 40G uplink ports.
Cisco Nexus 9300 Series switches do not support Tx SPAN or Tx ERSPAN on ALE 40G uplink ports.
Priority flow control (PFC) ERSPAN is not supported on Cisco Nexus 9300 Series switch ALE 40G uplink ports.
Tx SPAN is not supported on VXLAN VTEP.
The local SPAN destination port preserves dot1q information for packet copy ingress on NFE ports but does not preserve dot1q information for packet copy ingress on ALE uplink ports.
If the ERSPAN session destination IP address is reachable through the ALE 40G uplink ports, the ERSPAN packets will have a Type III header, if configured. If the IP address is reachable through the NFE ports, the ERSPAN packets will have a Type II header (even if a Type III header is configured) but without valid information. As a result, any legacy Cisco switch (such as the Catalyst 6500) will not be able to decode it and will drop the ERSPAN packets due to a missing valid ERSPAN ID.
If the ERSPAN session destination IP address is reachable through the ALE 40G uplink ports, which are configured as a Layer 3 routed interface, the ERSPAN header will contain VLAN ID 0 instead of the original VLAN ID. As a result, legacy Cisco switches that do not forward traffic in VLAN 0 (such as the Catalyst 6500) will drop the ERSPAN packets.
ACL and VLAN filters are not supported for ALE 40G uplink ports.
ERSPAN traffic will take only one link when the destination IP address has an ECMP path. (ECMP load sharing does not work for spanned traffic.)
When the SPAN or ERSPAN destination is a port channel, the traffic will take only one member link. (Port channel load balancing does not work for spanned traffic.)
ERSPAN packet drops are not counted as queuing drops when destination port congestion occurs on ALE 40G uplink ports.
Using the same source interface for more than one session is not supported for ALE 40G uplink ports.
VXLAN Limitations
Subinterfaces on ALE 40G uplink ports are not supported on VXLAN VTEPs.
Port channels on ALE 40G uplink ports for hosts are not supported in a VXLAN configuration.
In Cisco NX-OS Release 7.0(3)I4(1), resilient hashing (port-channel load-balancing resiliency) and VXLAN configurations are not compatible with VTEPs using ALE 40G uplink ports. Please note that resilient hashing is disabled by default.
Dot1q frames are not stripped off ingress VXLAN-encapsulated packets in Cisco NX-OS Release 7.0(3)I2(1), which causes connectivity issues when received by switches running Cisco NX-OS Release 7.0(3)I1(2).
On Cisco Nexus 9300 Series switches, VXLAN switching is supported only with 100G uplinks. VXLAN routing is not supported with VXLAN uplinks.
Point-to-multipoint Layer 3 and SVI uplinks are not supported. Since both uplink types can only be enabled point to point, they cannot span across more than two switches.
For Cisco NX-OS Release 7.0(3)I2(1) and later, VTEPs do not support Layer 3 subinterface uplinks carrying VXLAN-encapsulated traffic.
For Cisco NX-OS Release 7.0(3)I2(1) and later, for native Layer 3 traffic on VTEPs, only 10G Layer 3 subinterface uplinks are supported. 40G subinterfaces are not supported.
The following guidelines apply to ACLs for VXLANs:
Ingress router ACLs applied on an uplink Layer 3 interface matching on the inner or outer payload in the network-to-access direction (Layer 3 to Layer 2 decapsulation path) are not supported.
Egress router ACLs applied on an uplink Layer 3 interface matching on the inner or outer payload in the access-to-network direction (encapsulation path) are not supported.
Copyright © 2016-2018, Cisco Systems, Inc. All rights reserved.
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)