Worldwide [change] |Account |Register |About Cisco
Guest

Hierarchical Navigation

Cisco NX-OS Software

Cisco NX-OS Software for the Cisco Nexus 7000 Series Switches

Downloads

Product Overview

Cisco® NX-OS Software is a data center-class operating system built with modularity, resiliency, and serviceability at its foundation. Based on the industry-proven Cisco MDS 9000 SAN-OS Software, Cisco NX-OS helps ensure continuous availability and sets the standard for mission-critical data center environments. The self-healing and highly modular design of Cisco NX-OS makes zero-impact operations a reality and enables exceptional operational flexibility.
Focused on the requirements of the data center, Cisco NX-OS provides a robust and rich feature set that fulfills the routing, switching, and storage networking requirements of present and future data centers. With an XML interface and a command-line interface (CLI) like that of Cisco IOS® Software, Cisco NX-OS provides state-of-the-art implementations of relevant networking standards as well as a variety of true data center-class Cisco innovations.
Starting with Cisco NX-OS Software Release 4.1, the Cisco Nexus 7000 Series Switches and Cisco MDS 9000 Series Multilayer Switches will be sharing this common operating system that focuses on data center features and protocols, availability, and operational considerations. The first release of Cisco NX-OS Software Release 4.1 for the Cisco Nexus 7000 Series Switches will be named release 4.1(2).

Features and Benefits

Flexibility and Scalability

Software compatibility: Cisco NX-OS interoperates with Cisco products running any variant of the Cisco IOS Software operating system. Cisco NX-OS also interoperates with any networking OS that conforms to the networking standards listed as supported in this data sheet.

Common software throughout the data center: Cisco NX-OS simplifies the data center operating environment and provides a unified OS designed to run all areas of the data center network, including the LAN, SAN, and Layer 4 through 7 network services.

Modular software design: Cisco NX-OS is designed to support distributed multithreaded processing on symmetric multiprocessors (SMPs), multicore CPUs, and distributed line card processors. Computationally intensive tasks, such as hardware table programming, can be offloaded to dedicated processors distributed across the line cards. Cisco NX-OS modular processes are instantiated on demand each in a separate protected memory space. Thus, processes are started and system resources allocated only when a feature is enabled. The modular processes are governed by a real-time preemptive scheduler that helps ensure the timely processing of critical functions.

Virtual device contexts (VDCs): Cisco NX-OS offers the capability to segment OS and hardware resources into virtual contexts that emulate virtual devices. Each VDC has its own software processes, dedicated hardware resources (physical interfaces, VLANs, routing table size, Virtual Routing and Forwarding (VRF), etc.), and independent management environment. VDCs are instrumental in the consolidation of separate networks onto a common infrastructure, maintaining the administrative boundary separation and fault isolation characteristics of physically separate networks while providing many of the operational cost benefits of a single infrastructure.

Availability

Continuous system operation: Cisco NX-OS provides continuous system operation, permitting maintenance, upgrades, and software certification without service interruption. The combination of process modularity, modular patching, Cisco In Service Software Upgrade (ISSU) capability, and nonstop-forwarding (NSF) graceful restart mitigates the effects of software upgrades and other operations.

Cisco ISSU: Cisco ISSU provides the capability to perform transparent software upgrades on platforms with redundant supervisors, minimizing downtime and allowing customers to integrate the newest features and functions with little or no negative effect on network operation.

Quick development of enhancements and problem fixes: The modularity of Cisco NX-OS allows new features, enhancements, and problem fixes to be quickly integrated into the software. Thus, modular fixes can be developed, tested, and delivered in a short time span, meeting urgent timelines. These updated images can then be installed without disruption using Cisco ISSU.

Process survivability: Critical processes are run in protected memory space and independently of each other and the kernel, providing granular service isolation and fault containment and enabling modular patching and upgrading and rapid restartability. Individual processes can be restarted independently without loss of state information and without affecting data forwarding, so that after an upgrade or failure, processes restart in milliseconds without negatively affecting adjacent devices or services. Processes with large amounts of state such as IP routing protocols are restarted using standards-based NSF graceful restart mechanisms; other processes use a local persistent storage service (PSS) to maintain their state.

Stateful supervisor failover: Redundant supervisors are kept synchronized at all times to enable rapid stateful supervisor failover. Sophisticated checks are in place to help ensure that the state is consistent and reliable throughout the entire distributed architecture after failover occurs.

Reliable interprocess communication: Cisco NX-OS facilitates reliable communication between processes to help ensure that all messages are delivered and properly acted on during failure and adverse conditions. This communication helps ensure process synchronization and state consistency across processes that may be instantiated on processors distributed over multiple supervisors and I/O modules.

Redundant switched Ethernet out-of-band channels (EOBCs): Cisco NX-OS can make full use of redundant EOBCs for communication between control and I/O module processors.

Network-based availability: Network convergence is optimized by providing tools and functions to make both failover and fallback transparent and fast. For example, Cisco NX-OS provides Spanning Tree Protocol enhancements such as Bridge Protocol Data Unit (BPDU) guard, loop guard, root guard, BPDU filters, and bridge assurance to help ensure the health of the Spanning Tree Protocol control plane; Unidirectional Link Detection (UDLD) Protocol; NSF graceful restart of routing protocols; millisecond timers for First-Hop Resiliency Protocols (FHRP); Shortest-Path First (SPF) optimizations such as link-state advertisement (LSA) pacing and incremental SPF; and IEEE 802.3ad link aggregation with adjustable timers.

Serviceability

Troubleshooting and diagnostics: Cisco NX-OS is built with unique serviceability functions to enable network operators to take early action based on network trends and events, enhancing network planning and improving network operations center (NOC) and vendor response times. Smart Call Home, Cisco Generic Online Diagnostics (GOLD), and Cisco NX-OS Embedded Event Manager (EEM) are some of the features that enhance the serviceability of Cisco NX-OS.

Switched Port Analyzer (SPAN): The SPAN feature allows an administrator to analyze all traffic between ports (called the SPAN source ports) by nonintrusively directing the SPAN session traffic to a SPAN destination port that has an external analyzer attached to it.

Ethanalyzer: Cisco NX-OS includes a built-in packet analyzer to monitor and troubleshoot control plane traffic. The packet analyzer is based on the popular Wireshark open source network protocol analyzer.

Smart Call Home: The Smart Call Home feature continuously monitors hardware and software components to provide email-based notification of critical system events. A versatile range of message formats is available for optimal compatibility with pager services, standard email, and XML-based automated parsing applications. It offers alert grouping capabilities and customizable destination profiles. This feature can be used, for example, to directly page a network support engineer, send an email message to a NOC, and employ Cisco AutoNotify services to directly generate a case with the Cisco Technical Assistance Center (TAC). This feature is a step toward autonomous system operation, enabling networking devices to inform IT when a problem occurs and helping ensure that the problem is acted on quickly, reducing time to resolution and maximizing system uptime.

Cisco GOLD: Cisco GOLD is a suite of diagnostic facilities to verify that hardware and internal data paths are operating as designed. Boot-time diagnostics, continuous monitoring, and on-demand and scheduled tests are part of the Cisco GOLD feature set. This industry-leading diagnostics subsystem allows rapid fault isolation and continuous system monitoring critical in today's continuously operating environments.

Cisco EEM: Cisco EEM is a powerful device and system management technology integrated into Cisco NX-OS. Cisco EEM helps customers harness the network intelligence intrinsic to the Cisco software and enables them to customize behavior based on network events as they happen.

Cisco NetFlow: The Cisco NX-OS implementation of Netflow supports Version 5 and 9 exports as well as the Flexible NetFlow configuration model and the hardware-based Sampled NetFlow for enhanced scalability.

Manageability

Programmatic XML interface: Based on the NETCONF industry standard, the Cisco NX-OS XML interface provides a consistent API for devices, enabling rapid development and creation of tools to enhance the network.

Simple Network Management Protocol (SNMP): Cisco NX-OS complies with SNMPv1, SNMPv2c, and SNMPv3. A rich collection of MIBs is supported.

Configuration verification and rollback: With Cisco NX-OS, the system operator can verify the consistency of a configuration and the availability of necessary hardware resources prior to committing the configuration. A device can thus be preconfigured and the verified configuration applied at a later time. Configurations also include checkpoints, to allow operators to roll back to a known good configuration as needed.

Role-based access control (RBAC): With RBAC, Cisco NX-OS enables administrators to limit access to switch operations by assigning roles to users. Administrators can customize access and restrict it to the users who require it. Cisco NX-OS also provides a mechanism to distribute configuration of RBAC roles across devices running Cisco NX-OS for simplified deployment.

Cisco Data Center Network Manager (DCNM): Cisco DCNM is a management solution dedicated to data center network operations. Cisco DCNM maximizes the overall data center infrastructure uptime and reliability, thereby enabling business continuity. Cisco DCNM is designed for the Cisco NX-OS product family.

Connectivity Management Processor (CMP) support: Cisco NX-OS supports the use of a CMP for lights-out, remote management of the platform. The CMP aids operations by providing an out-of-band access channel to the Cisco NX-OS console.

Traffic Routing, Forwarding, and Management

Ethernet switching: Cisco NX-OS is built to support high-density, high-performance Ethernet systems and provides a complete data center-class Ethernet switching feature set. The feature set includes IEEE 802.1D-2004 Rapid and Multiple Spanning Tree Protocols (802.1w and 802.1s), IEEE 802.1Q VLANs and trunks, 16,000-subscriber VLANs, IEEE 802.3ad link aggregation, private VLANs, cross-chassis private-VLANs, UDLD in aggressive and standard modes, VLAN Trunking Protocol (VTP) in transparent and off modes, and traffic suppression (unicast, multicast, and broadcast). Spanning Tree Protocol enables transparent upgrades using Cisco ISSU in Spanning Tree Protocol environments, BPDU guard, loop guard, root guard, BPDU filters, bridge assurance, and jumbo frame support.

IP and routing: Cisco NX-OS supports a wide range of IP Version 4 and 6 (IPv4 and v6) services and routing protocols. Cisco NX-OS provides state-of-the-art implementations of the following routing protocols:

– Open Shortest Path First (OSPF) Protocol Versions 2 (IPv4) and 3 (IPv6)

– Intermediate System-to-Intermediate System (IS-IS) Protocol

– Border Gateway Protocol (BGP)

– Enhanced Interior Gateway Routing Protocol (EIGRP) for IPv4 and v6

– Routing Information Protocol Version 2 (RIPv2)

• The implementations of these protocols are fully compliant with the latest standards, providing modern enhancements and parameters such as 4-byte autonomous system numbers (ASNs) and incremental SPF, while shedding unutilized legacy functionality in favor of a lean implementation that improves feature velocity and system stability. Non-Stop Forwarding Graceful Restart (NSF-GR) is supported by all unicast protocols. All protocols support all interface types, including Ethernet interfaces, switched virtual interfaces (SVIs) and subinterfaces, PortChannels, tunnel interfaces, and loopback interfaces. The rich variety of routing protocols and functions is complemented by a broad collection of IP services, including the following:

– VRF (All routing protocols and IP services are VRF aware. Note that VRF support in this context does not imply support for BGP or Multiprotocol Label Switching (MPLS) IP VPNs as described in RFCs 2547 and 4364.)

– Dynamic Host Configuration Protocol (DHCP) Helper

– Unicast Reverse Path Forwarding (uRPF) for IPv4 and IPv6

– Hot-Standby Routing Protocol (HSRP) for IPv4

– Virtual Router Redundancy Protocol (VRRP) for IPv4

– Gateway Load Balancing Protocol (GLBP) for IPv4

– Enhanced object tracking

– Policy-Based Routing (PBR) for IPv4

– Generic Routing Encapsulation (GRE) tunneling

– Unicast Graceful Restart for all protocols in IPv4

– Unicast Graceful Restart for OPSFv3 in IPv6

IP Multicast: Cisco NX-OS provides an industry-leading IP Multicast feature set. The Cisco NX-OS implementation lays the foundation for the future development of a rich portfolio of multicast-enabled network functions. Similar to the unicast routing protocols, Cisco NX-OS includes state-of-the-art implementations of the following multicast protocols and functions:

– Protocol Independent Multicast Version 2 (PIMv2)

– Source-Specific Multicast (SSM) for IPv4 and IPv6

– PIM Sparse Mode (Any-Source Multicast [ASM] for IPv4 and IPv6)

– Bidirectional PIM (Bidir PIM) for IPv4 and IPv6

– Anycast Rendezvous Point (Anycast-RP)

– Multicast NSF for IPv4 and v6

– RP-Discovery using bootstrap router (BSR): Auto-RP and static

– Internet Group Management Protocol (IGMP) Versions 1, 2, and 3 router role

– IGMPv2 host mode

– IGMP snooping

– Multicast Listener Discovery (MLD) Protocol Version 2 (for IPv6)

– Multicast Source Discovery Protocol (MSDP) (for IPv4 only)

Quality of service (QoS): Cisco NX-OS supports a rich variety of QoS mechanisms, including classification, marking, queuing, policing, and scheduling. Modular QoS CLI (MQC) is supported for all QoS features. MQC can be used to provide uniform configurations across various Cisco platforms.

Network Security

Cisco TrustSec: As part of the Cisco TrustSec security suite, Cisco NX-OS provides outstanding data confidentiality and integrity, supporting standard IEEE 802.1AE link-layer cryptography with 128-bit Advanced Encryption Standard (AES) cryptography. Link-layer cryptography helps ensure end-to-end data privacy while allowing the insertion of security service devices along the encrypted path. Security group access control lists (SGACLs), a new paradigm in network access control, are based on security group tags instead of IP addresses, enabling policies that are more concise and easier to manage due to their topology independence.

Additional network security features: In addition to Cisco TrustSec, Cisco NX-OS delivers the following security features:

– Data path Intrusion Detection System (IDS) for protocol conformance checks

– Control Plane Policing (CoPP)

– Message-digest algorithm 5 (MD5) routing protocol authentication

– Cisco integrated security features, including Dynamic Address Resolution Protocol (ARP) Inspection (DAI), DHCP Snooping, and IP Source Guard

– Authentication, authorization, and accounting (AAA) and TACACS+

– Secure Shell (SSH) Protocol Version 2

– Simple Network Management Protocol Version 3 (SNMPv3) support

– Port Security

– IEEE 802.1x authentication and RADIUS support

– Layer 2 Cisco Network Admission Control (NAC) LAN port IP

– Policies based on MAC, IPv4 and IPv6 addresses supported by named ACLs (port-based ACLs [PACLs], VLAN-based ACLs [VACLs], and router-based ACLs [RACLs])

Product Specifications

Supported Standards

Tables 1 and 2 provide standards compliance information for Cisco NX-OS Software.

Table 1. IEEE Compliance

Standard

Description

802.1D

MAC Bridges

802.1s

Multiple Spanning Tree Protocol

802.1w

Rapid Spanning Tree Protocol

802.1AE

MAC Security (Link-Layer cryptography)

802.3ad

Link aggregation with LACP

802.3ab

1000BASE-T (10/100/1000 Ethernet over copper)

802.3z

Gigabit Ethernet

802.3ae

10 Gigabit Ethernet

802.1Q

VLAN Tagging

802.1p

Class-of-Service (CoS) Tagging for Ethernet frames

802.1x

Port-based network access control

Table 2. RFC Compliance

Standard

Description

BGP

RFC 1997

BGP Communities Attribute

RFC 2385

Protection of BGP Sessions via the TCP MD5 Signature Option

RFC 2439

BGP Route Flap Damping

RFC 2519

A Framework for Inter-Domain Route Aggregation

RFC 2858

Multiprotocol Extensions for BGP-4

RFC 3065

Autonomous System Confederations for BGP

RFC 3392

Capabilities Advertisement with BGP-4

RFC 4271

BGP Version 4

RFC 4273

BGPv4 MIB: - Definitions of Managed Objects for BGPv4

RFC 4456

BGP Route Reflection

RFC 4486

Subcodes for BGP Cease Notification Message

RFC 4724

Graceful Restart Mechanism for BGP

RFC 4893

BGP Support for Four-octet AS Number Space

ietf-draft

Bestpath Transition Avoidance (draft-ietf-idr-avoid-transition-05.txt)

ietf-draft

Peer TableObjects (draft-ietf-idr-bgp4-mib-15.txt)

ietf-draft

Dynamic Capability (draft-ietf-idr-dynamic-cap-03.txt)

OSPF

RFC 2370

OSPF Opaque LSA Option

RFC 2328

OSPF Version 2

RFC 2740

OSPF for IPv6 (OSPFv3)

RFC 3101

OSPF Not-So-Stubby-Area (NSSA) Option

RFC 3137

OSPF Stub Router Advertisement

RFC 3509

Alternative Implementations of OSPF Area Border Routers

RFC 3623

Graceful OSPF Restart

RFC 4750

OSPF Version 2 MIB

RIP

RFC 1724

RIPv2 MIB Extension

RFC 2082

RIPv2 MD5 Authentication

RFC 2453

RIP Version 2

IS-IS

RFC 1142 (OSI 10589)

OSI 10589 Intermediate System to Intermediate System Intra-Domain Routing Exchange Protocol

RFC 1195

Use of OSI IS-IS for Routing in TCP/IP and Dual Environments

RFC 2763

Dynamic Hostname Exchange Mechanism for IS-IS

RFC 2966

Domain-wide Prefix Distribution with Two-Level IS-IS

RFC 2973

IS-IS Mesh Groups

RFC 3277

IS-IS Transient Black-hole Avoidance

RFC 3373

Three-Way Handshake for IS-IS Point-to-Point Adjacencies

RFC 3567

IS-IS Cryptographic Authentication

RFC 3847

Restart Signaling for IS-IS

ietf-draft

Internet Draft Point-to-point Operation over LAN in Link-State Routing Protocols (draft-ietf-isis-igp-p2p-over-lan-06.txt)

IP Services

RFC 768

User Datagram Protocol (UDP)

RFC 783

Trivial File Transfer Protocol (TFTP)

RFC 791

IP

RFC 792

Internet Control Message Protocol (ICMP)

RFC 793

TCP

RFC 826

ARP

RFC 854

Telnet

RFC 959

FTP

RFC 1027

Proxy ARP

RFC 1305

Network Time Protocol (NTP) Version 3

RFC 1519

Classless Interdomain Routing (CIDR)

RFC 1542

BootP Relay

RFC 1591

Domain Name System (DNS) Client

RFC 1812

IPv4 Routers

RFC 2131

DHCP Helper

RFC 2338

VRRP

RFC 2784

Generic Routing Encapsulation (GRE)

IP Multicast

RFC 2236

Internet Group Management Protocol, Version 2

RFC 2710

Multicast Listener Discovery (MLD) for IPv6

RFC 3376

Internet Group Management Protocol, Version 3

RFC 3446

Anycast Rendevous Point (RP) Mechanism Using Protocol Independent Multicast (PIM) and Multicast Source Discovery Protocol (MSDP)

RFC 3569

An Overview of Source-Specific Multicast (SSM)

RFC 3618

Multicast Source Discovery Protocol (MSDP)

RFC 3810

Multicast Listener Discovery Version 2 (MLDv2) for IPv6

RFC 4601

Protocol Independent Multicast - Sparse Mode (PIM-SM): Protocol Specification (Revised)

RFC 4607

Source-Specific Multicast for IP

RFC 4610

Anycast-RP using PIM

RFC 5132

IP Multicast MIB

ietf-draft

A "traceroute" Facility for IP Multicast (draft-ietf-idmr-traceroute-ipm-07.txt)

ietf-draft

Bi-directional Protocol Independent Multicast (BIDIR-PIM, draft-ietf-pim-bidir-09.txt)

Supported Hardware Components

• Cisco Nexus 7000 Series 10-Slot Chassis

• Cisco Nexus 7000 Series 10-Slot Fabric Module

• Cisco Nexus 7000 Series 10-Slot System Fan Tray

• Cisco Nexus 7000 Series 10-Slot Fabric Fan Tray

• Cisco Nexus 7000 Series 18-Slot Chassis

• Cisco Nexus 7000 Series 18-Slot Fabric Module

• Cisco Nexus 7000 Series 18-Slot Fan Tray

• Cisco Nexus 7000 6.0KW AC Power Supply Module

• Cisco Nexus 7000 7.5KW AC Power Supply Module

• Cisco Nexus 7000 Series Supervisor Module

• Cisco Nexus 7000 Series 32-Port 10 Gigabit Ethernet Module

• Cisco Nexus 7000 Series 48-Port 10/100/1000 Ethernet Module

• Cisco Nexus 7000 Series 48-Port 1GE SFP Ethernet Module

Licensing

Cisco NX-OS is available in three license levels. A rich feature set is provided with the Base license. The Base license is bundled with the hardware at no extra cost. The Enterprise license enables incremental functions applicable in many enterprise deployments, the Advanced license enables next-generation data-center functions such as VDCs and Cisco TrustSec.

Enterprise Package

The following functions are available only with the Enterprise license of Cisco NX-OS Software:

• IP routing

– OSPF v2 and v3 (IPv4 and IPv6)

– IS-IS (IPv4)

– BGP (IPv4)

– EIGRP (IPv4 and IPv6)

• IP Multicast

– PIM: Sparse, Bidir, ASM, and SSM modes (IPv4 and IPv6)

– MSDP (IPv4)

• PBR (IPv4)

• GRE tunnels

Advanced Package

The Advanced license enables the use of the following functions in Cisco NX-OS Software:

• VDCs

• Cisco TrustSec

For the most up-to-date license-to-feature mapping, please visit the Cisco NX-OS Software Licensing Guide at http://www.cisco.com/en/US/docs/switches/datacenter/sw/4_1/nx-os/licensing/guide/nx-os_licensing.html.

Ordering Information

To place an order, visit the Cisco Ordering homepage. To download software, visit the Cisco Software Center. Table 3 lists the products and part numbers.

Table 3. Ordering Information

Product Name

Part Number

Cisco NX-OS Enterprise LAN License

N7K-LAN1K9

Cisco NX-OS Advanced LAN License

N7K-ADV1K9

Cisco NX-OS Release 4.0 Software for the Cisco Nexus 7000 Supervisor 1

N7KS1K9-401A1.1

Cisco NX-OS Release 4.1 Software for the Cisco Nexus 7000 Supervisor 1

N7KS1K9-41

Cisco Services

Cisco offers a wide range of services to help accelerate your success in deploying and optimizing Cisco Nexus 7000 Series Switches in your data center. Cisco's innovative services are delivered through a unique combination of people, processes, tools, and partners, and are focused on helping you increase operational efficiency and improve your data center network. Cisco Advanced Services uses an architecture-led approach to help you align your data center infrastructure to your business goals and achieve long-term value. Cisco SMARTnet® Service helps you resolve mission-critical problems with direct access any time to Cisco network experts and award-winning resources. With this service, you can take advantage of the Smart Call Home service capability, which offers proactive diagnostics and real-time alerts on your Cisco Nexus 7000 Series Switches. Spanning the entire network lifecycle, Cisco Services help protect your investment, optimize network operations, support migration, and strengthen your IT expertise. For more information about Cisco Data Center Services, visit http://www.cisco.com/go/dcservices.

For More Information

For more information about Cisco NX-OS, visit the product homepage at http://www.cisco.com/go/nxos or contact your local account representative.