Table Of Contents
Cisco Nexus 1000V Release Notes, Release 4.2(1) SV1(4a)
Updated: August 2, 2013OL-22822-A1-J0
This document describes the features, limitations, and caveats for the Cisco Nexus 1000V Release 4.2(1)SV1(4a) software. Use this document in combination with documents listed in the "Available Documents" section. The following is the change history for this document.
This document includes the following sections:
The Cisco Nexus 1000V provides a distributed, Layer 2 virtual switch that extends across many virtualized hosts. The Cisco Nexus 1000V manages a data center defined by the vCenter Server. Each server in the data center is represented as a line card in Cisco Nexus 1000V and can be managed as if it were a line card in a physical Cisco switch.
Cisco Nexus 1000V consists of the following two components:
•Virtual Supervisor Module (VSM), which contains the Cisco CLI, configuration, and high-level features.
•Virtual Ethernet Module (VEM), which acts as a line card and runs in each virtualized server to handle packet forwarding and other localized functions.
This section includes the following topics:
Software Compatibility with VMware
The servers that run the Cisco Nexus 1000V VSM and VEM must be in the VMware Hardware Compatibility list. This release of Cisco Nexus 1000V supports vSphere 4.0.0, 4.1.0 and 5.0.0 release trains. For additional compatibility information, see the Cisco Nexus 1000V Compatibility Information, Release 4.2(1)SV1(4a).
Note All virtual machine network adapter types that VMware vSphere supports are supported with Cisco Nexus 1000V. Refer to the VMware documentation when choosing a network adapter. For more information, see the VMware Knowledge Base article #1001805.
Software Compatibility with Cisco Nexus 1000V
This release supports hitless upgrades from Release 4.0(4)SV1(3a) and later releases. Upgrades are supported from 4.0(4)SV1(3) and earlier releases. For additional information, see the Cisco Nexus 1000V Software Upgrade Guide, Release 4.2(1)SV1(4a).
New and Changed Information
This section provides the following information about this release:
Changed Software Features
The following software features were changed in this release:
Scalability limits for multiple features have been increased in this release; refer to the "Configuration Limits" section for updated limits.
New Software Features
The following new software features were added in this release:
Support for vSphere 5.0.0
This release is compatible with all features of vSphere 5.0.0 including Stateless ESXi. Download the compatible VEM from the location specified in the Cisco Nexus 1000V VEM Software Installation and Upgrade Guide, Release 4.2(1)SV1(4a).
In Service Software Upgrade
VSM upgrades from Release 4.2(1)SV1(4) to Release 4.2(1)SV1(4a) and later use the In Service Software Upgrade (ISSU) install feature that was introduced in Release 4.2(1)SV1(4). You can now use this functionality in Release 4.2(1)SV1(4a). The ISSU install feature upgrades the VSM images while preserving the configuration and state of the VSM. It does not interrupt operations. For more information, see the Cisco Nexus 1000V Software Upgrade Guide, Release 4.2(1)SV1(4a).
Distributed Virtual Switch Deletion
The Cisco Nexus 1000V provides the capablity for the privileged users to remove a stale distributed virtual switch (DVS) on the host. For more information, see the Cisco Nexus 1000V System Management Configuration Guide, Release 4.2(1)SV1(4a).
VSM Backup and Recovery
Support for backing up the VSM VM and its configuration so that it can be restored at a later time in case of accidental VSM deletions or disk corruptions has been implemented. The VSM backup and recovery operation requires coordination between the network and server administrators. For more information, see the Cisco Nexus 1000V System Management Configuration Guide, Release 4.2(1)SV1(4a).
Dynamic Port Management
Cisco Nexus 1000VV has the capability to dynamicaly adjust the number of ports consumed at the vCenter vDS. For more information, see the Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.2(1)SV1(4a).
Unknown Unicast Flood Blocking
Unknown Unicast Flood Blocking (UUFB) allows you to configure the system to drop the unknown Unicast packets coming from the uplink ports. For more information, see the Cisco Nexus 1000V Security Configuration Guide, Release 4.2(1)SV1(4a).
Standard Simple Network Management Protocol (SNMP) supports source-based filtering from the SNMP-COMMUNITY-MIB. This requires the configuration of the SNMP community table. By integrating with the existing access control list (ACL) feature in NX-OS, you can easily apply source-based filtering. You can configure ACL to be associated with all the incoming requests for a particular community. SNMP matches the community and ACL, and processes the request accordingly. If the ACL denies access to SNMP, then SNMP prints a syslog at error level. If ACL permits processing of the message, SNMP processes the packet as usual. This ACL is applied both for IPv4 and IPv6 over both User Datagram Protocol (UDP) and Transmission Control Protocol (TCP).
Virtual Port Channel - Host Mode Enhancements
Virtual Port Channel - Host Mode (vPC-HM) enhancements supports the logical numbering of subgroups in the port channel mac-pinning mode. For more information, see the Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.2(1)SV1(4a).
This feature allows for the assignment of up to seven backup subgroups. For more information, see the Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.2(1)SV1(4a).
High Availability Enhancements
The behavior of some error handling functionality in High Availability (HA) has been modified from earlier releases. When communication over the control interface is interrupted, the standby VSM is reset once and only after the active and standby VSMs have lost syncronization. If communication over the control interface is not available, the standby VSM will wait for communication to be restored before initiating the synchronization with the active VSM.
Virtualized Workload Mobility (DC to DC vMotion)
This feature allows for a single Cisco Nexus 1000V instance spanning across two data centers. The maximum support latency is 5ms. See Table 1 for the supported limits across two data centers. For more information, see the Cisco Nexus 1000V System Management Configuration Guide, Release 4.2(1)SV1(4a).
Limitations and Restrictions
The Cisco Nexus 1000V has the following limitations and restrictions:
Table 1 shows the Cisco Nexus 1000V configuration limits:
Table 1 Configuration Limits for Cisco Nexus 1000V
Component Supported Limits for Cisco Nexus 1000V in the Same Datacenter Supported Limits for Cisco Nexus 1000V Across Two Datacenters
Virtual Ethernet Module(VEM)
Virtual Supervisor Module (VSM)
2 in an HA Pair (active-standby hosted in the same datacenter)
2 in an HA Pair (active-standby hosted in the same datacenter)
vCenter Server Datacenters per VSM
Active VLANs across all VEMs
MACs per VEM
MACs per VLAN per VEM
vEthernet interfaces per port profile
Distributed Virtual Switches (DVSes) per vCenter
vCenter Server connections
1 per VSM HA Pair1
1 per VSM HA Pair1
Maximum latency between VSMs and VEMs
Per DVS Per Host Per DVS Per Host
Virtual Service Domains (VSDs)
System port profiles
ACEs per ACL
QoS policy maps
QoS class maps
DHCP snoop binding entries (static + dynamic)
1 Only one connection to vCenter server is permitted at a time.
2 This number can be exceeded if VEM has available memory.
Single VMware Data Center Support
The Cisco Nexus 1000V can be connected to a single VMware vCenter Server data center object. Note that this virtual data center can span across multiple physical data centers.
vMotion of VSM
vMotion of the VSM has the following limitations and restrictions:
•vMotion of a VSM is supported for both the active and standby VSM VMs. For high availability, we recommend that the active VSM and standby VSM reside on separate hosts.
•If you enable Distributed Resource Scheduler (DRS), then you must use the VMware anti-affinity rules to ensure that the two virtual machines are never on the same host, and that a host failure cannot result in the loss of both the active and standby VSM.
•VMware vMotion does not complete when using an open virtual appliance (OVA) VSM deployment if the CD image is still mounted. To complete the vMotion, either click Edit Settings on the VM to disconnect the mounted CD image, or power off the VM. No functional impact results from this limitation.
•If you are adding one host in a DRS cluster that is using vSwitch to a VSM, you must move the remaining hosts in the DRS cluster to the VSM. Otherwise, the DRS logic does not work, the VMs that are deployed on the VEM could be moved to a host in the cluster that does not have VEM, and the VMs lose network connectivity.
For more information about vMotion of VSM, see the Cisco Nexus 1000V Software Installation Guide, Release 4.2(1)SV1(4a).
VMware Lab Manager
VMware Lab Manager does not support using the Cisco Nexus 1000V.
Upgrading the software has the following limitations and restrictions:
•The upgrade procedure to Release 4.2(1)SV1(4a) has changed depending on the version you are upgrading from.
•Unlike previous upgrades, disruption free upgrades from Release 4.0(4)SV1(3) and later to Release 4.2(1)SV1(4a) require the VEMs to be upgraded prior to upgrading the VSM.
•VEM upgrade to Release 4.2(1)SV1(4a) requires a minimum ESX/ESXi version of 4.0 Update 1 Patch 04 or later.
•VEM Upgrade using VMware Update Manager (VUM) requires vCenter Update 1, VUM Patch 2 or later.
For more information about VMware compatibility, see the Cisco Nexus 1000V Compatibility Information, Release 4.2(1)SV1(4a).
For more information about upgrades, see the Cisco Nexus 1000V Software Upgrade Guide, Release 4.2(1)SV1(4a).
ACLs have the following limitations and restrictions:
•IPV6 ACL rules are not supported.
•VLAN-based ACLs (VACLs) are not supported.
•ACLs are not supported on port channels.
•IP ACL rules do not support the following:
•Control VLAN traffic between the VSM and VEM does not go through ACL processing.
The NetFlow configuration has the following support, limitations, and restrictions:
•Layer 2 match fields are not supported.
•NetFlow Sampler is not supported.
•NetFlow Exporter format V9 is supported
•NetFlow Exporter format V5 is not supported.
•The multicast traffic type is not supported. Cache entries are created for multicast packets, but the packet/byte count does not reflect replicated packets.
•NetFlow is not supported on port channels.
The NetFlow cache table has the following limitation:
•Immediate and permanent cache types are not supported.
Note The cache size that is configured using the CLI defines the number of entries, not the size in bytes. The configured entries are allocated for each processor in the ESX host and the total memory allocated depends on the number of processors.
Port security has the following support, limitations, and restrictions:
•Port security is enabled globally by default.
The feature/no feature port-security command is not supported.
•In response to a security violation, you can shut down the port.
•The port security violation actions that are supported on a secure port are Shutdown and Protect. The Restrict violation action is not supported.
•Port security is not supported on the PVLAN promiscuous ports.
Port profiles have the following restrictions or limitations:
•There is a limit of 255 characters in a port-profile command attribute.
•We recommend that you save the configuration across reboots, which will shorten the VSM bringup time.
•We recommend that if you are altering or removing a port channel, you should migrate the interfaces that inherit the port channel port profile should migrate to a port profile with the desired configuration, rather than editing the original port channel port profile directly.
•If you attempt to remove a port profile that is in use, that is, one that has already been auto-assigned to an interface, the Cisco Nexus 1000V generates an error message and does not allow the removal.
•When you remove a port profile that is mapped to a VMware port group, the associated port group and settings within the vCenter Server are also removed.
•Policy names are not checked against the policy database when ACL/NetFlow policies are applied through the port profile. It is possible to apply a nonexistent policy.
Telnet Enabled by Default
The Telnet server is enabled by default.
For more information about Telnet, see the Cisco Nexus 1000V Security Configuration Guide, Release 4.2(1)SV1(4a).
Only SSH version 2 (SSHv2) is supported.
For more information, see the Cisco Nexus 1000V Security Configuration Guide, Release 4.2(1)SV1(4a).
Cisco NX-OS Commands Might Differ from Cisco IOS
Be aware that the Cisco NX-OS CLI commands and modes might differ from those commands and modes used in the Cisco IOS software.
For information about CLI commands, see the Cisco Nexus 1000V Command Reference, Release 4.2(1)SV1(4).
For more information about the CLI command modes, see the Cisco Nexus 1000V Getting Started Guide, Release 4.2(1)SV1(4a)
Layer 2 Switching
This section lists the Layer 2 switching limitations and restrictions and includes the following topics:
For more information about Layer 2 switching, see the Cisco Nexus 1000V Layer 2 Switching Configuration Guide, Release 4.2(1)SV1(4).
No Spanning Tree Protocol
The Cisco Nexus 1000V forwarding logic is designed to prevent network loops so it does not need to use the Spanning Tree Protocol. Packets that are received from the network on any link connecting the host to the network are not forwarded back to the network by the Cisco Nexus 1000V.
Cisco Discovery Protocol
The Cisco Discovery Protocol (CDP) is enabled globally by default.
CDP runs on all Cisco-manufactured equipment over the data link layer and does the following:
•Advertises information to all attached Cisco devices.
•Discovers and views information about those Cisco devices.
–CDP can discover up to 256 neighbors per port if the port is connected to a hub with 256 connections.
If you disable CDP globally, then CDP is also disabled for all interfaces.
For more information about CDP, see the Cisco Nexus 1000V System Management Configuration Guide, Release 4.2(1)SV1(4a).
DHCP Not Supported for the Management IP
DHCP is not supported for the management IP. The management IP must be configured statically.
The Link Aggregation Control Protocol (LACP) is an IEEE standard protocol that aggregates Ethernet links into an EtherChannel.
Cisco Nexus 1000V has the following restrictions for enabling LACP on ports carrying the control and packet VLANs:
Note These restrictions do not apply to other data ports using LACP.
•If LACP offload is disabled, at least two ports must be configured as part of LACP channel.
Note This restriction is not applicable if LACP offload is enabled. You can check the LACP offload status using the show lacp offload status command.
•The upstream switch ports must be configured in spanning-tree port type edge trunk mode. For more information about this restriction, see the "Upstream Switch Ports" section.
Upstream Switch Ports
All upstream switch ports must be configured in spanning-tree port type edge trunk mode.
Without spanning-tree portfast on upstream switch ports, it takes approximately 30 seconds to recover these ports on the upstream switch. Because these ports are carrying control and packet VLANs, VSM loses connectivity to the VEM.
The following commands are available to use on Cisco upstream switch ports in interface configuration mode:
•spanning-tree portfast trunk
•spanning-tree portfast edge trunk
The Cisco Nexus 1010 (1000V) cannot resolve a domain name or hostname to an IP address.
When the maximum transmission unit (MTU) is configured on an operationally up interface, the interface goes down and comes back up.
This section includes the following topics:
The following are descriptions of the caveats in Cisco Nexus 1000V Release 4.2(1)SV1(4a). The ID links you into the Cisco Bug Toolkit.
The caveats are listed in the following categories:
Platform, Infrastructure, Ports, Port Channel, and Port Profiles
ID Open Caveat Headline
Need to send traffic from the destination VM to learn the vns-binding.
Cisco Nexus 1000Vcannot support more than 245 port (physical + virtual) per VEM.
VSM process reloads. Inconsistent state on loss of its remote storage.
Not able to migrate VC/VSM and normal VM when adding host to DVS.
SNMP V3 traps are not getting generated.
Incorrect iSCSI multipathing configuration causes module flap or vMotion failure.
UCS Blade Oplin adapter comes up with timing issue during Fl reboot.
After VIB upgrade, some of the palo NICs go into INIT state on Fl.
The no channel-group command displays the following:
ERROR:No profile matching given profile name.
LACP offload configuration is not persisting in stateless.
Initial installation summary missing in app before migrating.
AIPC fragment timeout and errors cause module flapping with 2048 VLANs configured.
L3 Control/ERSPAN vmknic flaps when another vmknic with L3 control is removed.
PPM inherit error while attaching module with LACP uplink.
Eth_port_sec crash during migration in VC with int override in VSM.
Intface in "NoPortProfile" state on mode change from LACP to MAC pinning.
Adding new veths goes to NoPortProfile during ISSU.
ISSU aborted if services memory is full.
CDP does not work for certain NIC cards without VLAN 1 allowed.
Need to block add/remove of PVLANs on int with no explicit VLANs all.
Native VLAN missing in OD if PP is configured as pvlan trunk promiscuous.
Backward compatibility of VEMs fails with UUFB feature.
Legacy LACP takes 30 minutes to come up after a link flap.
Quality of Service
The following are descriptions of caveats that were resolved in Cisco Nexus 1000V Release 4.2(1)SV1(4a). The ID links you into the Cisco Bug Toolkit.
The Cisco Management Information Base (MIB) list includes Cisco proprietary MIBs and many other Internet Engineering Task Force (IETF) standard MIBs. These standard MIBs are defined in Requests for Comments (RFCs). To find specific MIB information, you must examine the Cisco proprietary MIB structure and related IETF-standard MIBs supported by the Cisco Nexus 1000V Series switch.
The MIB Support List is available at the following FTP site:
This section lists the documents used with the Cisco Nexus 1000V and available on Cisco.com at the following url:
Install and Upgrade
Troubleshooting and Alerts
Virtual Security Gateway Documentation
Virtual Network Management Center
Network Analysis Module Documentation
This document is to be used in conjunction with the documents listed in the "Available Documents" section.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Internet Protocol (IP) addresses used in this document are for illustration only. Examples, command display output, and figures are for illustration only. If an actual IP address appears in this document, it is coincidental.
© 2011-2013 Cisco Systems, Inc. All rights reserved.