Network Convergence System 5500 Series Routers


Note

Explore the Content Hub, the all new portal that offers an enhanced product documentation experience.

  • Use faceted search to locate content that is most relevant to you.

  • Create customized PDFs for ready reference.

  • Benefit from context-based recommendations.

Get started with the Content Hub at content.cisco.com to craft a personalized documentation experience.

Do provide feedback about your experience with the Content Hub.


What's New in Cisco IOS XR Release 7.1.2

Cisco is continuously enhancing the product with every release and this section covers a brief description of key features and enhancements. It also includes links to detailed documentation, where available.

Software

SPAN to File

The SPAN to File feature is an extension of the pre-existing SPAN feature in traffic mirroring. SPAN over File allows packets of network data to be mirrored to a file instead of an interface, so that they can be analysed at a later stage. The file format is PCAP, so that it can be easily used with tools such as tcpdump or wireshark.

See SPAN to File.

Segment Routing Performance Measurement for Link Delay and SR Policy Delay Using RFC5357 (TWAMP Light) Encoding

This feature introduces support for Two-Way Active Measurement Protocol (TWAMP) Light (RFC5357) for link delay and SR policy delay measurement. TWAMP Light adds two-way or round-trip measurement capabilities.

Network performance data such as packet loss, delay and delay variation, and bandwidth utilization is a critical measure for Traffic Engineering (TE). This data provides service providers the characteristics of their networks for performance evaluation that is required to ensure the Service Level Agreements (SLAs). The performance measurement and delay variation feature allows you to measure those metrics and advertise them through IGP extensions as extended TE metrics.

See Configure Performance Measurement.

IPv4 SR Policy over BGPv6 Session

IPv4 and IPv6 SR policies can be advertised over BGPv4 or BGPv6 sessions between the SR-TE controller and the SR-TE headend. In earlier releases, Cisco IOS-XR implementation supported the following combinations:

  • IPv4 SR policy advertised over BGPv4 session

  • IPv6 SR policy advertised over BGPv4 session

  • IPv6 SR policy advertised over BGPv6 session

This release introduces support for IPv4 SR policy advertised over BGPv6 session.

See BGP SR-TE.

EVPN Port-Active Multihoming

The EVPN Port-Active Multhoming feature supports single-active redundancy load balancing at the port-level or at the interface-level. You can use this feature when you want to forward the traffic to a specific interface, rather that have a per-flow load balancing across multiple PE routers. This feature provides a faster convergence during a link failure. This feature enables protocol simplification as only one of the physical ports is active at a given time. You can enable this feature only on bundle interfaces.

See the EVPN Port-Active Multihoming.

Configuring Generic UDP Encapsulation

Generic UDP Encapsulation (GUE) is a UDP-based network encapsulation protocol that encapsulates IPv4 and IPv6 packets. GUE provides native UDP encapsulation and defines an additional header to determine the payload carried by the IP packet. Encapsulating packets using UDP facilitates efficient transport across networks and significant performance benefits for load-balancing.

See Configuring Generic UDP Encapsulation.

Segment Routing Path Computation Element Support for MPLS-TE LSPs

The PCE Support for MPLS-TE LSPs feature allows Cisco's SR-PCE to act as a Path Computation Element (PCE) for MPLS Traffic Engineering Label Switched Paths (MPLS-TE LSPs).

See PCE Support for MPLS-TE LSPs.

Hardware Based Timestamp using TWAMP

The Cisco IOS XR 7.1.2 Release introduces Hardware based timestamp using TWAMP. This feature provides greater accuracy than other time synchronization protocols which enables the service providers to achieve microsecond precision and better performance at scale.

See Hardware Timestamp Using TWAMP.

Access Pseudowire Redundancy

The Access Pseudowire Redundancy feature allows you to configure a backup pseudowire under the bridge domain. When the primary pseudowire fails, the provider edge (PE) router switches to the backup pseudowire. The primary pseudowire resumes operation after it becomes functional. The primary pseudowire fails when the PE router fails or when there is a network outage.

See Access Pseudowire Redundancy.

File Mirroring

File mirroring feature enables the router to copy files or directories automatically from /harddisk:/mirror location in active RP to /harddisk:/mirror location in standby RP or RSP without user intervention or EEM scripts.

See Introduction to File Mirroring.

GRE Tunnel Configuration in oc-interfaces Data Model

Generic Routing Encapsulation (GRE) Tunnel configuration support is added to oc-interfaces data model. This data model is used to manage network interfaces and subinterfaces.

In this release, oc-interfaces data model supports additional sensor paths for tunnel configuration and state parameters:
  • src

  • dst

  • ttl (time-to-live or hop limit)

  • gre-key

Obtain this data model from Github repository.

See New and Changed Programmability Features.

Table Connection Support in OC NI Data Model

The openconfig-network-instance (oc-ni) data model is defined by OpenConfig community. This model defines the network instance concept to model Layer 3 and Layer 2 network instances applicable for services such as L3VPN, L2VPN, and EVPN.

The table-conection container in the oc-ni data model contains policies that dictate how routing information base (RIB) or forwarding information base (FIB) entries are propagated between routing tables.

The leaf list consists of a list of connections between pairs of routing or forwarding tables, the leaking of entries between which is specified by the import policy. A connection connecting a source table to a destination table implies that routes that match the policy specified for the connection are available for the destination protocol to advertise, or match within its policies. It shows the configuration and state parameters that relate to the connection between tables.

The oc-ni data model is available in the Github repository.

See New and Changed Programmability Features.

Set QoS-group and DSCP at Ingress

With the introduction of this feature, you can set both qos-group and DSCP values within the same QoS policy that is applied in the ingress direction. You can use any permitted value to set the qos-group value.

To set the possible DSCP values for set dscp, configure these values using the following command:

RP/0/RP0/CPU0:ios(config)# hw-module profile qos qosg-dscp-mark-enable 13 15

In the preceding example, only the set dscp 13 and set dscp 15 values are allowed in any QoS policy that contains both set qos-group and set dscp configurations.


Note

Ensure that you reload the router for the hw-module command to be functional.


See Setting QoS-group and DSCP at Ingress.

The command, hw-module profile qos qosg-dscp-mark-enable is introduced.

Poll Specific Processes to Stream Telemetry Data

Support is introduced in Cisco-IOS-XR-wdsysmon-fd-proc-oper.yang data model with process keys to poll specific processes and stream telemetry data.

See New and Changed Programmability Features.

OCNI BGP Advertised Prefix

OCNI BGP data model has global, neighbor and peer-group containers. Under the neighbor container are the Address Family Identifier (AFI) state-related leaves. Three leaves (sent, installed and advertised prefix count) are related to the prefixes received from and advertised to the neighbor specific to that AFI. The sent count is defined as how many prefixes are sent to the neighbor for a specific AFI.

In the existing implementation, the cumulative count may not display accurate value owing to various conditions such as route-refresh out, policy changes, route-target changes, configuration changes like nexthop-self to name a few.

In this release, BGP walks through the prefix table calculating exactly how many prefixes are advertised for each neighbor. The results are collected in an array, converted and sent to MDT.

Obtain this data model from Github repository.

See New and Changed Programmability Features.

Telemetry Support for Sysadmin Data Model

You can subscribe to Sysadmin data models for streaming telemetry data.

The sensor-path Cisco-IOS-XR-sysadmin-show-media:ShowMedia/all-locations support is enabled for telemetry on all platforms that have sysadmin container.

In addition, the following sysadmin data models are supported for streaming telemetry data:
  • Cisco-IOS-XR-sysadmin-controllers-ncs5500

  • Cisco-IOS-XR-sysadmin-entity-mib

  • Cisco-IOS-XR-sysadmin-entity-sensor-mib

  • Cisco-IOS-XR-sysadmin-envmon-ui

  • Cisco-IOS-XR-sysadmin-asic-errors-ael

  • Cisco-IOS-XR-sysadmin-show-media

See New and Changed Programmability Features.

MPLS Over Single-Pass GRE Tunnels

This feature allows MPLS static forwarding over a single-pass GRE tunnel at line rate. One use case is for sending incoming customer traffic over the GRE tunnel, addressed to an anycast virtual IP address (VIP) destination shared by a set of load balancing servers.

See MPLS Over Single-Pass GRE Tunnels.

ITU-T Y.1564

Y.1564 or Ethernet Service Activation (or performance test methodology) is a testing procedure which tests service turn-up, installation and troubleshooting of Ethernet-based services.

This feature is now supported on NCS-55A2 Series routers.

Y.1564 allows simultaneous testing of multiple Ethernet services and measures. It validates the different service level agreements (SLAs) to ensure the service meets guaranteed performance settings in a controlled test time. It helps to ensure all the services carried by the network meet the SLA objectives at the maximum committed rate proving that under maximum load, the network devices and paths can support the traffic as designed, even under stress.

See Y.1564 - Ethernet Service Activation Test.

Hardware

This release introduces the following new hardware:

Behavior Change Introduced

Behavior change refers to any modification of an existing software feature, configuration, or a command. This release introduces following behavior change:

Guidelines for Enabling FIPS

You must follow these guidelines while enabling FIPS mode:

  • You must configure the session with a FIPS-approved cryptographic algorithm. A session configured with non-approved cryptographic algorithm for FIPS (such as, MD5 and HMAC-MD5) does not work. This is applicable for OSPF, BGP, RSVP, ISIS, or any application using key chain with non-approved cryptographic algorithm, and only for FIPS mode (that is, when crypto fips-mode command is configured).

  • If you are using any HMAC-SHA algorithm for a session, then you must ensure that the configured key-string has a minimum length of 14 characters. Otherwise, the session goes down. This is applicable only for FIPS mode.

  • If you try to execute the telnet configuration on a system where the FIPS mode is already enabled, then the system rejects the telnet configuration.

  • If telnet configuration already exists on the system, and if FIPS mode is enabled later, then the system rejects the telnet connection. But, it does not affect the telnet configuration as such.

  • It is recommended to configure the crypto fips-mode command first, followed by the FIPS-related commands in a separate commit. The list of commands related to FIPS with non-approved cryptographic algorithms are:

    • key chain key-chain-name key key-id cryptographic-algorithm MD5

    • key chain key-chain-name key key-id cryptographic-algorithm HMAC-MD5

    • router ospfv3 1 authentication ipsec spi 256 md5 md5-value

    • router ospfv3 1 encryption ipsec spi 256 esp des des-value

    • router ospfv3 1 encryption ipsec spi 256 esp des des-value authentication md5 md5-value

    • snmp-server user username usergroup-name v3 auth md5 priv des56

    • ssh server algorithms key-exchange diffie-hellman-group1-sha1

    • telnet vrf default ipv4 server max-servers server-limit

Guidelines for Configuring MACsec Keychain

You must follow this guideline while configuring MACsec:

  • The MACsec key IDs (configured through CLI using the macsec key command under the key chain configuration mode) are considered to be case insensitive. These key IDs are stored as uppercase letters. Whereas, prior to this release, the key IDs were treated as case sensitive. These key IDs are now stored as uppercase letters. Whereas, prior to this release, the key IDs were treated as case sensitive. Hence, two key IDs with the same value, but of different case (one in uppercase and other in lowercase) were treated as two separate IDs in previous releases. However, the support for this case insensitive IDs is applicable only for the configurations done through CLI, and not for configurations done through Netconf protocol. Hence it is recommended to have unique strings as key IDs for a MACsec key chain to avoid flapping of MACsec sessions.

    For more information, see Guidelines for Configuring MACsec Keychain.

Logging Format BSD

Cisco IOS XR Release 7.1.2 introduces the command logging format bsd which enables the router to send system log messages to a remote server in BSD (Berkeley Software Distribution) format. This enables systems that are dependent on the BSD format to correctly interpret the log message.

The command, logging format bsd is introduced.

Caveats

Caveats describe unexpected behavior in Cisco IOS XR Software releases. Severity-1 caveats are the most critical caveats; severity-2 caveats are less critical.

Cisco IOS XR Caveats

These caveats are applicable for Cisco IOS XR Software:

Bug ID

Headline

CSCvv09667 After RP failover SR-policy counters are getting lost

CSCvu27946

"ssh_server drbg_instantiate failed" syslog seen in SSH scale

Caveats Specific to the NCS 5500 Series Routers

Caveats describe unexpected behavior in Cisco IOS XR Software releases. These caveats are speicifc to NCS 5500 Series Routers:

Bug ID

Headline

CSCvu57680 Fail the configuration when use of 16 unique GRE src ip addresses

Supported Packages and System Requirements

For a complete list of supported optics, hardware and ordering information, see the Cisco NCS 5500 Series Data Sheet

To install the Cisco NCS 5500 router, see Hardware Installation Guide for Cisco NCS 5500 Series Routers.

Release 7.1.2 Packages

This table lists the Cisco IOS XR Software feature set matrix (packages) with associated filenames.

Table 1. Release 7.1.2 Packages for Cisco NCS 5500 Series Router

Composite Package

Feature Set

Filename

Description

Cisco IOS XR IP Unicast Routing Core Bundle

ncs5500-mini-x.iso

Contains base image contents that includes:

  • Host operating system

  • System Admin boot image

  • IOS XR boot image

  • BGP packages

Individually-Installable Optional Packages

Feature Set

Filename

Description

Cisco IOS XR Manageability Package

ncs5500-mgbl-3.0.0.0-r712.x86_64.rpm

Extensible Markup Language (XML) Parser, Telemetry, Netconf, gRPC and HTTP server packages.

Cisco IOS XR MPLS Package

ncs5500-mpls-2.1.0.0-r712.x86_64.rpm

ncs5500-mpls-te-rsvp-2.2.0.0-r712.x86_64.rpm

MPLS and MPLS Traffic Engineering (MPLS-TE) RPM.

Cisco IOS XR Security Package

ncs5500-k9sec-3.1.0.0-r712.x86_64.rpm

Support for Encryption, Decryption, Secure Shell (SSH), Secure Socket Layer (SSL), and Public-key infrastructure (PKI)

Cisco IOS XR ISIS package

ncs5500-isis-1.2.0.0-r712.x86_64.rpm

Support ISIS

Cisco IOS XR OSPF package

ncs5500-ospf-2.0.0.0-r712.x86_64.rpm

Support OSPF

Lawful Intercept (LI) Package

ncs5500-li-1.0.0.0-r712.x86_64.rpm

Includes LI software images

Multicast Package

ncs5500-mcast-1.0.0.0-r712.rpm

Support Multicast

Table 2. Release 7.1.2 TAR files for Cisco NCS 5500 Series Router

Feature Set

Filename

NCS 5500 IOS XR Software 3DES

NCS5500-iosxr-k9-7.1.2.tar

NCS 5500 IOS XR Software

NCS5500-iosxr-7.1.2.tar

NCS 5500 IOS XR Software

NCS5500-docs-7.1.2.tar

Determine Software Version

To verify the software version running on the router, use show version command in the EXEC mode.

RP/0/RP0/CPU0:router# show version

Cisco IOS XR Software, Version 7.1.2
Copyright (c) 2013-2020 by Cisco Systems, Inc.

Build Information:
Built By     : ahoang
Built On     : Sat Aug 29 13:28:37 PDT 2020
Built Host   : iox-ucs-025
Workspace    : /auto/srcarchive13/prod/7.1.2/ncs5500/ws
Version      : 7.1.2
Location     : /opt/cisco/XR/packages/
Label        : 7.1.2

cisco NCS-5500 () processor
System uptime is 10 hours 44 minutes

Determine Firmware Support

Use the show hw-module fpd command in EXEC and Admin mode to view the hardware components with their current FPD version and status. The status of the hardware must be CURRENT; Running and Programed version must be the same.


Note

You can also use the show fpd package command in Admin mode to check the fpd versions.


This sample output is for show hw-module fpd command from the Admin mode:

RP/0/RP0/CPU0:router(sysadmin)# show hw-module fpd
Fri Aug  28 18:50:32.566 UTC+00:00
                                                                   FPD Versions
                                                                ===============
Location  Card type         HWver FPD device       ATR Status   Run    Programd
-------------------------------------------------------------------------------
0/0       NC55-32T16Q4H-A   0.302 Bootloader           CURRENT    0.04    0.04  
0/0       NC55-32T16Q4H-A   0.302 DBFPGA               CURRENT    0.14    0.14  
0/0       NC55-32T16Q4H-A   0.302 IOFPGA               CURRENT    0.87    0.87  
0/2       NC55-6X200-DWDM-S 0.502 Bootloader           CURRENT    1.14    1.14  
0/2       NC55-6X200-DWDM-S 0.502 IOFPGA               CURRENT    0.14    0.14  
0/2       NC55-6X200-DWDM-S 0.502 SATA                 CURRENT    5.00    5.00  
0/4       NC55-18H18F       1.2   Bootloader           CURRENT    1.14    1.14  
0/4       NC55-18H18F       1.2   IOFPGA               CURRENT    0.22    0.22  
0/4       NC55-18H18F       1.2   SATA                 CURRENT    5.00    5.00  
0/6       NC55-24X100G-SE   1.0   Bootloader           CURRENT    1.14    1.14  
0/6       NC55-24X100G-SE   1.0   IOFPGA               CURRENT    0.13    0.13  
0/6       NC55-24X100G-SE   1.0   SATA                 CURRENT    5.00    5.00  
0/7       NC55-24H12F-SE    1.0   Bootloader           CURRENT    1.14    1.14  
0/7       NC55-24H12F-SE    1.0   IOFPGA               CURRENT    0.09    0.09  
0/7       NC55-24H12F-SE    1.0   SATA                 CURRENT    5.00    5.00  
0/10      NC55-36X100G-S    1.1   Bootloader           CURRENT    1.14    1.14  
0/10      NC55-36X100G-S    1.1   IOFPGA               CURRENT    0.11    0.11  
0/12      NC55-32T16Q4H-AT  0.302 Bootloader           CURRENT    0.04    0.04  
0/12      NC55-32T16Q4H-AT  0.302 DBFPGA               CURRENT    0.14    0.14  
0/12      NC55-32T16Q4H-AT  0.302 IOFPGA               CURRENT    0.87    0.87  
0/14      NC55-36X100G-A-SE 1.0   Bootloader           CURRENT    0.14    0.14  
0/14      NC55-36X100G-A-SE 1.0   DBFPGA               CURRENT    0.14    0.14  
0/14      NC55-36X100G-A-SE 1.0   IOFPGA               CURRENT    0.26    0.26  
0/RP0     NC55-RP2-E        0.201 Bootloader           CURRENT    0.06    0.06  
0/RP0     NC55-RP2-E        0.201 IOFPGA               CURRENT    0.50    0.50  
0/RP0     NC55-RP2-E        0.201 OMGFPGA              CURRENT    0.31    0.31  
0/RP1     NC55-RP2-E        0.202 Bootloader           CURRENT    0.06    0.06  
0/RP1     NC55-RP2-E        0.202 IOFPGA               CURRENT    0.50    0.50  
0/RP1     NC55-RP2-E        0.202 OMGFPGA              CURRENT    0.31    0.31  
0/FC0     NC55-5516-FC      0.403 Bootloader           CURRENT    1.75    1.75  
0/FC0     NC55-5516-FC      0.403 IOFPGA               CURRENT    0.26    0.26  
0/FC1     NC55-5516-FC      0.403 Bootloader           CURRENT    1.75    1.75  
0/FC1     NC55-5516-FC      0.403 IOFPGA               CURRENT    0.26    0.26  
0/FC3     NC55-5516-FC      0.216 Bootloader           CURRENT    1.75    1.75  
0/FC3     NC55-5516-FC      0.216 IOFPGA               CURRENT    0.26    0.26  
0/FC4     NC55-5516-FC      0.216 Bootloader           CURRENT    1.75    1.75  
0/FC4     NC55-5516-FC      0.216 IOFPGA               CURRENT    0.26    0.26  
0/FC5     NC55-5516-FC      0.306 Bootloader           CURRENT    1.75    1.75  
0/FC5     NC55-5516-FC      0.306 IOFPGA               CURRENT    0.26    0.26  
0/SC0     NC55-SC           1.4   Bootloader           CURRENT    1.74    1.74  
0/SC0     NC55-SC           1.4   IOFPGA               CURRENT    0.10    0.10  
0/SC1     NC55-SC           1.4   Bootloader           CURRENT    1.74    1.74  
0/SC1     NC55-SC           1.4   IOFPGA               CURRENT    0.10    0.10  


Note

The FPD versions on board shipped by manufacturer may have higher versions than the FPD package integrated in the IOS XR.


Other Important Information

  • Before upgrading to Cisco IOS XR Release 7.1.2, if you configured and committed the set qos-group and set dscp options as part of the same policy on your router, the interface manager (ifmgr) crashes and the syslog displays the following error:

    “A policy with set qos-group AND set dscp is not supported. Note that this error does not impact any upgrade operations. For details, see the Release Notes”.


    Note

    This crash does not affect your upgrade process. The ifmgr restarts twice and ensures that the upgrade is successful.


  • The total number of bridge-domains (2*BDs) and GRE tunnels put together should not exceed 1518.

    Here the number 1518 represents the multi-dimensional scale value.

  • The offline diagnostics functionality is not supported in NCS 5500 platform. Therefore, the hw-module service offline location command will not work. However, you can use the (sysadmin)# hw-module shutdown location command to bring down the LC.

  • NCS55A1-36H-SE-S – Under Secure Domain Router (SDR) configuration, when you change the size of the RP VM memory from 12 GB (default) to 14 GB and commit your changes, the system reloads. When the system is brought back up, it can crash with a core dump by LC XR VM.

    
    0/RP0/ADMIN0:Oct 15 12:19:30.280 : dumper[3046]: %INFRA-CALVADOS_DUMPER-6-HOST_COPY_SUCCESS : Copied host file /misc/scratch/core/default-sdr--2.20201015-191552.core.0_RP0.lxcdump.tar.lz4 to 0/RP0:/misc/disk1
    0/RP0/ADMIN0:Oct 15 12:19:30.389 : dumper[3046]: %INFRA-CALVADOS_DUMPER-6-HOST_REMV_SUCCESS : Deleted HostOS file /misc/scratch/core/default-sdr--2.20201015-191552.core.0_RP0.lxcdump.tar.lz4
    

    This is a one-time reload. Other than the additional time required for the LC XR VM to reload, there is no impact to system functionality.

    After the configuration is applied, we recommend that you reload the chassis when prompted to ensure all VMs and host OS are in sync.

  • LFA FRR feature is not supported.

Supported Modular Port Adapters

For the compatibility details of Modular Port Adapters (MPAs) on the line cards, see the datasheet of that specific line card.

Upgrading Cisco IOS XR Software

Cisco IOS XR Software is installed and activated from modular packages, allowing specific features or software patches to be installed, upgraded, or downgraded without affecting unrelated processes. Software packages can be upgraded or downgraded on all supported card types, or on a single card (node).

The upgrade document (NCS5500_Upgrade_Downgrade_MOP_7.1.2.pdf) is available along with the software images.

Production Software Maintenance Updates (SMUs)

A production SMU is a SMU that is formally requested, developed, tested, and released. Production SMUs are intended for use in a live network environment and are formally supported by the Cisco TAC and the relevant development teams. Software bugs identified through software recommendations or Bug Search Tools are not a basis for production SMU requests.

For information on production SMU types, refer the Production SMU Types section of the IOS XR Software Maintenance Updates (SMUs) guide.