New and Changed Information

This chapter contains the following section:

New and Changed Information

The following table provides an overview of the significant changes to the organization and features in this guide up to this current release. The table does not provide an exhaustive list of all changes made to the guide or of the new features up to this release.

Table 1. New Features and Changed Behavior in Cisco APIC Release 6.1 (4)

Feature or Change

Description

Where Documented

Cisco ACI border gateways

The Cisco ACI border gateway (BGW) feature has the following enhancements:

  • Configure the policy tag (pcTag) to match subnets for incoming traffic from a tenant L3Out.

  • Use the Secured Group Translation (SGT), a logical entity, to classify network resources to a Secured Group Tag based on multiple attributes by using the pcTag option.

  • Support for inter-VRF traffic flows (shared services) across domains.

ACI Border Gateways

OSPF max-metric support on L3Out

OSPF max-metric feature controls the flow of routing information within a network. This feature lets a router advertise its locally generated link-state advertisements (LSAs) with the maximum metric. This makes the router less preferable as a transit path for data traffic. This approach is especially useful during switch reloads, as it prevents the device from being selected for transit traffic until it is operational.

OSPF max-metric

Table 2. New Features and Changed Behavior in Cisco APIC Release 6.1 (3)

Feature or Change

Description

Where Documented

Remote leaf resiliency

Remote leaf resiliency is achieved by creating a group consisting of multiple remote leaves. When this group is created, remote leaves within the group form a fully meshed BGP EVPN session to exchange endpoint and external prefix information. Any failure in the WAN or the main POD does not affect traffic within the group.

In the remote leaf resiliency deployment, remote leaves in the group communicate using an BGP EVPN based standard approach instead of a Cisco proprietary protocol.

Remote leaf resiliency

Table 3. New Features and Changed Behavior in Cisco APIC Release 6.1 (2)

Feature or Change

Description

Where Documented

OSPFv3 authentication

Support for encryption and authentication for OSPFv3 sessions.

Create an OSPF IPsec Policy

VXLAN Site ID

Specify a VXLAN site ID while configuring the border gateway set policy.

VXLAN Site ID

VRF in Enforced Mode

VRFs can now be configured in enforced mode. The endpoints and prefixes that are advertised from the remote VXLAN EVPN fabrics can be classified into endpoint groups that are represented through Endpoint Security Group objects (ESG). Use the newly supported selectors that are only applicable for remote VXLAN endpoints.

VXLAN Stretched Bridge Domain Selector

External Subnet Selectors

Table 4. New Features and Changed Behavior in Cisco APIC Release 6.1 (1)

Feature or Change

Description

Where Documented

Cisco ACI border gateways

With the Cisco ACI border gateway (BGW) solution, you can now have a seamless extension of a Virtual Routing and Forwarding (VRF) instance and bridge domain between fabrics. The Cisco ACI BGW is a node that interacts with nodes within a site and with nodes that are external to the site. The Cisco ACI BGW feature can be conceptualized as multiple site-local EVPN control planes and IP forwarding domains interconnected by a single common EVPN control and forwarding domain.

ACI Border Gateways

Deploying remote leaf switch fabric ports on L3Outs as a routed sub-interface

You can now deploy remote leaf switch fabric ports on user tenant L3Outs and on SR-MPLS infra L3Outs as a routed sub-interface.

SR-MPLS Handoff

OSPFv2 authentication

For enhanced security with OSPFv2, you can specify the OSPFv2 authentication key. The authentication key is a password of up to 8 characters that you can assign on a per-interface basis.

Create OSPF Interface Profile

OSPFv2 rotating keys

For enhanced security with OSPFv2, you can use the rotating keys by specifying a lifetime for each key. When the lifetime expires for a key, it automatically rotates to the next key. If you do not specify any algorithm, OSPF will use MD5, which is the default cryptographic authentication algorithm.

Create Key Policy