Network Convergence System 5500 Series Routers


Note

Explore the Content Hub, the all new portal that offers an enhanced product documentation experience.

  • Use faceted search to locate content that is most relevant to you.

  • Create customized PDFs for ready reference.

  • Benefit from context-based recommendations.

Get started with the Content Hub at content.cisco.com to craft a personalized documentation experience.

Do provide feedback about your experience with the Content Hub.


What's New in Cisco IOS XR Release

Cisco is continuously enhancing the product with every release and this section covers a brief description of key features and enhancements. It also includes links to detailed documentation, where available.

Software

Unless specified the following features are supported on all Cisco 5700 series fixed port routers and Cisco NCS 5500 series routers, line cards, and modes of operation (Compatible and Native).

To enable the native mode on Cisco NCS 5500 series routers having Cisco NC57 line cards, use the hw-module profile npu native-mode-enable command in the configuration mode. Ensure that you reload the router after configuring the native mode.

Feature Description

Cisco NCS 5500 Documentation Page

Cisco NCS 5500 Documentation Page

A single pane to a rich repository of technical information and tools.

Cisco IOS XR Product Compatibility

Cisco IOS XR Product Compatibility

An intuitive interface, connecting an IOS XR product series to various product models, architectures, and supported releases.

Cisco IOS XR MIBs

IOS XR MIB Locator

An interface to view, search, and download platform MIBs.

BGP

BGP EVPN-VPWS

This feature is now supported on Cisco NCS 5700 series fixed port routers and the Cisco NCS 5500 series routers that have the Cisco NC57 line cards installed and operating in the native and compatible modes.

BGP PIC Edge for Unlabeled Transport (IPv4/v6)

This feature is now supported on Cisco NCS 5700 series fixed port routers and the Cisco NCS 5500 series routers that have the Cisco NC57 line cards installed and operating in the native mode.

BGP Slow Peer Automatic Isolation from Update Group

A slow peer cannot keep up with the rate at which the router generates BGP update messages over a period of time, in an update group. This feature automatically detects a slow peer in an update group and moves it to a new update group. The feature is enabled on the router, by default.

New commands introduced in this release:

  • slow-peer detection enable

  • clear bgp slow-peers

Updated commands in this release:

  • slow-peer detection disable

BGP-Based VPWS Infrastructure

This feature is now supported on Cisco NCS 5700 series fixed port routers and the Cisco NCS 5500 series routers that have the Cisco NC57 line cards installed and operating in the native mode.

Per-Prefix Label Allocation Support on BVI

You can configure connected routes and static routes in per-prefix mode on the BVI. However, dynamic protocols such as BGP in per-prefix mode on the BVI is not supported.

Programmability

Unified NETCONF V1.0 and V1.1

IOS XR supports NETCONF 1.0 and 1.1 programmable management interfaces. With this release, a client can choose to establish a NETCONF 1.0 or 1.1 session using a separate interface for both these formats. This enhancement provides a secure channel to operate the network with both interface specifications.

Interface and Hardware Component

Bundle Consistency Checker (BCC)

From the running configuration, Bundle Consistency Checker (BCC) fetches information about the ingress/egress traffic from the bundle, sub-bundle, and active member nodes and saves it in the database. BCC also collects data from all the running nodes and then compares it with the information saved in the database. Any inconsistencies, programming errors, stale entries are reported.

Cisco NC57 Native Mode: CFM

This feature is now supported on Cisco NCS 5700 series fixed port routers and the Cisco NCS 5500 series routers that have the Cisco NC57 line cards installed and operating in the native mode.

Cisco NC57 Native Mode: Ethernet OAM

This feature is now supported on Cisco NCS 5700 series fixed port routers and the Cisco NCS 5500 series routers that have the Cisco NC57 line cards installed and operating in the native mode.

Cisco NC57 Native Mode: Y.1731 Loss and Delay Measurement

This feature is now supported on Cisco NCS 5700 series fixed port routers and the Cisco NCS 5500 series routers that have the Cisco NC57 line cards installed and operating in the native mode.

SPAN to File - PCAPng File Format

PCAPng is the next generation of packet capture format that contains a dump of data packets captured over a network and stored in a standard format.

The PCAPng file contains different types of information blocks, such as the section header, interface description, enhanced packet, simple packet, name resolution, and interface statistics. These blocks can be used to rebuild the captured packets into recognizable data.

The PCAPng file format:

  • Provides the capability to enhance and extend the existing capabilities of data storage over time

  • Allows you to merge or append data to an existing file.

  • Enables to read data independently from network, hardware, and operating system of the machine that made the capture.


IP Addresses and Services

Support for 255 IPv4 and 255 IPv6 VRRP sessions on Cisco NC57 line cards

VRRP provides failover redundancy at the first hop by grouping individual routers to form a virtual router. In this release, by default, Cisco NC57 line cards support 255 IPv4 and 255 IPv6 VRRP groups in the native mode. This feature decreases the chances of packet drops. From Release 7.0.2, this support was available only in the compatibility mode.

L2VPN and Ethernet Services

Cisco NC57 Native Mode: Ethernet Data Plane Loopback

This feature is now supported on Cisco NCS 5700 series fixed port routers and the Cisco NCS 5500 series routers that have the Cisco NC57 line cards installed and operating in the native mode.

Duplicate IP Address Detection

This feature is now supported on Cisco NCS 5700 series fixed port routers and the Cisco NCS 5500 series routers that have the Cisco NC57 line cards installed and operating in the native and compatible modes.

EVPN Access-Driven DF Election

This feature enables the access network to control EVPN PE devices by defining the backup path much before the event of a link failure, thereby reducing the traffic loss.

The following keywords are added to the service-carving command:

  • preference-based

  • access-driven

EVPN Convergence Using NTP Synchronization

This feature leverages the NTP clock synchronization mechanism to handle the transfer of DF role from one edge device to another. In this mechanism, the newly added or recovered PE advertises the Service Carving Timestamp along with the current time to peering PEs. This improves convergence by reducing the time for DF election from three seconds to a few tens of milliseconds. The show evpn ethernet-segment  command is modified to display the Service-Carving wall clock Timestamp (SCT).

EVPN Infrastructure

This feature is now supported on routers that have Cisco NC57 line cards installed and operate in native and comptability modes.

EVPN Multiple Services per Ethernet Segment

This feature is now supported on Cisco NCS 5700 series fixed port routers and the Cisco NCS 5500 series routers that have the Cisco NC57 line cards installed and operating in the native and compatible modes.

EVPN Preferred Nexthop

With this feature, you can set an active and backup path, in a dual-homed mode based on the nexthop IP address, thereby allowing greater control over traffic patterns. If you are unable to use single-active mode due to hardware, topology, or technological limitations, this feature enables you to direct traffic to a specific remote PE.

This feature introduces the preferred nexthop  command.

EVPN Single-Active Multihoming

This feature is now supported on Cisco NCS 5700 series fixed port routers and the Cisco NCS 5500 series routers that have the Cisco NC57 line cards installed and operating in the native and compatible modes.

EVPN Single-Flow-Active Multihoming Load-Balancing Mode

This feature introduces EVPN Single-Flow-Active multihoming mode to connect PE devices in an access network that run Layer 2 access gateway protocols. In this mode, only the PE that first advertises the host MAC address in a VLAN forwards the traffic in a specific flow. When the primary link fails, the traffic quickly switches to the standby PE that learns the MAC address from the originated path, thereby providing fast convergence. A keyword, single-flow-active is added to the load-balancing-mode command.

EVPN VPWS

This feature is now supported on Cisco NCS 5700 series fixed port routers and the Cisco NCS 5500 series routers that have the Cisco NC57 line cards installed and operating in the native and compatible modes.

Highest Random Weight Mode for EVPN DF Election

This feature is now supported on Cisco NCS 5700 series fixed port routers and the Cisco NCS 5500 series routers that have the Cisco NC57 line cards installed and operating in the native and compatible modes.

L2 and BVI Infrastructure

This feature is now supported on Cisco NCS 5700 series fixed port routers and the Cisco NCS 5500 series routers that have the Cisco NC57 line cards installed and operating in the native and compatible modes.

Layer 2 Fast Reroute

In the event of a link failure, this feature enables the router to switch traffic quickly to a precomputed loop-free alternative (LFA) path by allocating a label to the incoming traffic. This minimizes the traffic loss ensuring fast convergence.

This feature introduces the  convergence reroute  command.

Layer 2 Protocol Tunneling

This feature enables you to send Layer 2 protocol data over IP or other L3 networks. Support of this feature is now extended to the Cisco NCS 5500 series routers.

This feature introduces the l2protocol command. 

MSTI Flush and Flood

In the event of a link failure, this feature enables the router to switch traffic quickly to a precomputed loop-free alternative (LFA) path by allocating a label to the incoming traffic. Thus minimizes the traffic loss ensuring fast convergence. This feature is supported only when PE devices are in an EVPN single-flow-active mode.

This feature introduces the convergence mac-mobility  command.

MPLS

BFD, LACP Triggering TE FRR

This feature is now supported on Cisco NCS 5700 series fixed port routers and the Cisco NCS 5500 series routers that have the Cisco NC57 line cards installed and operating in the native mode.

GMPLS UNI

The Generalized Multiprotocol Label Switching (GMPLS) User Network Interface (UNI) creates a circuit connection between two clients (UNI-C) of an optical network. This connection is achieved by signaling exchanges between UNI Client (UNI-C) and UNI Network (UNI-N) nodes. The UNI-C nodes are router nodes and UNI-N nodes are optical nodes.

Targeted LDP

This feature is now supported on Cisco NCS 5700 series fixed port routers and the Cisco NCS 5500 series routers that have the Cisco NC57 line cards installed and operating in the native mode.

Multicast

Bundle Member Selection

This feature enables selecting a bundle member in the control plane to steer the L2 and L3 multicast traffic traversing over bundle at the egress NP.

This feature helps optimize fabric bandwidth as the member selection is performed in the control plane.

Enhancement to Multicast Route Statistics

When enabled, this feature provides information on the rate of packets received for a multicast route. Starting this release, the feature is extended on the Cisco NCS 5500 series routers.

In addition, this feature is supported on ingress IPv6 stats on routers installed with SE cards.

Secondary Subnets and Multicast Source

This feature enables the use of PIM sparse-mode where a multicast source is on a secondary address subnet.

MLDP Aggregated and Drop Statistics Measurement (v6 ingress stats on J2)

This feature is now supported on routers that have the Cisco NC57 line cards installed and operate in compatible mode.

MVPN Support

This feature is now supported on routers that have the Cisco NC57 line cards installed and operate in compatible mode.

mLDP Loop-Free Alternative Fast Reroute

In the event of a link failure, this feature enables the router to quickly switch traffic to a precomputed loop-free alternative (LFA) path by allocating a label to the incoming traffic. This minimizes the traffic loss ensuring fast convergence.

Routing

BFD for BoB with IPv4 Unnumbered

This feature is now supported on Cisco NCS 5700 series fixed port routers and the Cisco NCS 5500 series routers that have the Cisco NC57 line cards installed and operating in the native mode.

Modular QoS

4K Pseudowire on Bundle with QoS Enhancement

With this feature you can configure a desired traffic policy, to which your network complies, by using the bandwidth management technique of two-level traffic shaping. You can also increase the Link Aggregation Group (LAG) sub-interface scale or pseudowires up to 4K.

This increased scale value enables you to increase the number of devices connected to your router, resulting in benefits such as increased bandwidth and cost-effective operations. 

Cisco NC57 Compatibility Mode: QoS Enablement on Layer 2 MPLS/BGP

This feature is now supported on routers that have the Cisco NC57 line cards installed and operate in the compatibility mode.

The following Layer 2 services are supported:

  • Local switching [xconnect or bridging]

  • Layer 2 VPN – Virtual Private Wire Service (VPWS)

Apart from packet classification, this feature is available for the following QoS operations:

  • Modular QoS Congestion Avoidance

  • Configuring Modular QoS Congestion Management

  • QoS on Link Bundles

  • Configuring Hierarchical Modular QoS

Conditional Marking of MPLS Experimental Bits for EVPN-VPWS Single-Homing Services

This feature enables you to differentiate traffic in the MPLS forwarding domain and manage traffic from ingress PE to egress PE based on the MPLS EXP bit of the MPLS header.

This feature is supported only for EVPN-VPWS single-homing services, and not supported for EVPN-VPWS multi-homing services.

Scaling of Unique Ingress Policy Maps

With this feature, unique policy maps associated to the same template are shared in TCAM, thus enabling scaling of — or creating more number of — policy maps.

Shared Policy Instance

This feature allows you to share a single instance of QoS policy across multiple sub-interfaces, allowing for aggregate shaping of the sub-interfaces to one rate. The ability to facilitate queue consumption in this manner offers the advantage of saving on QoS and hardware resources, while ensuring that the specified rate is not exceeded.

Segment Routing

Advertisement of SID-Mapping Entries Between IS-IS Levels

The Segment Routing Mapping Server (SRMS) is a key component of the interworking between LDP and segment routing, enabling SR-capable nodes to interwork with LDP nodes.

This release introduces support for SRMS SID-mapping entries to be advertised between IS-IS levels (for example, from Level 1 to Level 2-only and from Level 2 to Level 1), where previously, the mappings were advertised only within the same IS-IS level, but not between IS-IS levels. This feature simplifies and centralizes the deployment of SRMS by removing the requirement of having a mapping server for each IS-IS area.

Cisco NC57 Compatible and Native Mode: BVI co-existence with SRTE on same NPU

This feature is now supported on Cisco NCS 5700 series fixed port routers and the Cisco NCS 5500 series routers that have the Cisco NC57 line cards installed and operating in the native and compatible modes.

Cumulative Metric Bounds (Delay-Bound use-case)

With this feature, SRTE calculates a shortest path that satisfies multiple metric bounds.

This feature provides flexibility for finding paths within metric bounds, for parameters such as latency, hop count, IGP and TE.

IPv6 Unlabeled Traffic protection with TI-LFA

TI-LFA provides protection for SR-labeled traffic (IPv4 and IPv6 prefixes associated with a prefix SID) and for other unlabeled IPv4 prefixes.

This feature introduces support for protecting unlabeled IPv6 prefixes.

Native Mode: SR-MPLS - OSPFv2

This feature is now supported on Cisco NCS 5700 series fixed port routers and the Cisco NCS 5500 series routers that have the Cisco NC57 line cards installed and operating in the native mode.

Link Delay Measurement with IPv6 Link Local Address

The performance measurement for link delay determines the source and destination IP addresses used in the OAM packet based on the IP address of the interface, where the delay measurement operation is enabled. This feature enables using the IPv6 link-local address as the OAM packet source IP address, when no IPv4 or IPv6 address is configured in the interface.

Multicast VPN: Tree-SID MVPN With TI-LFA

With this feature, you can use SR and MVPN for optimally transporting IP VPN multicast traffic over the SP network, using SR-PCE as a controller.

With SR’s minimal source router configuration requirement, its ability to implement policies with specific optimization objectives and constraints, protect against network failures using TI-LFA FRR mechanism, and use SR-PCE to dynamically generate optimal multicast trees (including when topology changes occur in the multicast tree), the SR-enabled SP network can transport IP multicast traffic efficiently.

NC57 Native Mode: SR Policy

With this feature, NC57 line cards will support SR Policy in native mode.

Native mode is used when the chassis contains only NC57 line cards. After you configure the native mode, ensure to reload the router.

OSPF: TI-LFA for Flexible Algorithm

This feature extends the current TI-LFA functionality to support OSPF.

SR OAM for SR Policy (Policy Name / Binding SID / Custom label stack)

This feature extends SR OAM ping and traceroute function for an SR policy (or binding SID)-LSP end-point combination.

This addresses the limitations of the Nil-FEC LSP Ping and Traceroute function which cannot perform a ping operation to a segment list that is not associated with an installed SR policy. Also, it cannot validate egress device-specific SR policies.

SR Performance Measurement Named Profiles

You can use this feature to create specific performance measurement delay and liveness profiles, and associate it with an SR policy.

This way, a delay or liveness profile can be associated with a policy for which the performance measurement probes are enabled, and performance measurement is precise, and enhanced.

The performance-measurement delay-profile sr-policy command was updated with the name profile keyword-argument combination.

The performance-measurement liveness-profile sr-policy command was updated with the name profile keyword-argument combination.

The performance-measurement delay-measurement command was updated with delay-profile name profile .

The performance-measurement liveness-detection command was updated with liveness-profile name profile

SR Policy Liveness Monitoring

This feature allows you to verify end-to-end traffic forwarding over an SR Policy candidate path by periodically sending performance monitoring packets.

SR-PCE: Flex Algo Aware Policy Computation + Live-Live Disjointness Enhancements

This feature is now supported on Cisco NCS 5700 series fixed port routers and the Cisco NCS 5500 series routers that have the Cisco NC57 line cards installed and operating in the native and compatible modes.

SR-PCE: IP Unnumbered in Path Computation (ZTP/ZTD use case)

This feature is now supported on Cisco NCS 5700 series fixed port routers and the Cisco NCS 5500 series routers that have the Cisco NC57 line cards installed and operating in the native and compatible modes.

SR-PCE: Inter-Domain Computation using Redistributed SID (SRTE - BGP-LU Domains Interworking)

This feature is now supported on Cisco NCS 5700 series fixed port routers and the Cisco NCS 5500 series routers that have the Cisco NC57 line cards installed and operating in the native and compatible modes.

SR-PCE: North-Bound API Enhancements for Cisco Optimization Engine (COE) v1.0 release

This feature is now supported on Cisco NCS 5700 series fixed port routers and the Cisco NCS 5500 series routers that have the Cisco NC57 line cards installed and operating in the native and compatible modes.

SR-Policy (Explicit, Dynamic, affinity)

This feature is now supported on Cisco NCS 5700 series fixed port routers and the Cisco NCS 5500 series routers that have the Cisco NC57 line cards installed and operating in the native mode.

SR-TE Delay Normalization for OSPF

This feature extends the current Delay Normalization feature to support OSPF.

SR-TILFA

This feature is now supported on Cisco NCS 5700 series fixed port routers and the Cisco NCS 5500 series routers that have the Cisco NC57 line cards installed and operating in the native mode.

SRTE-Services: 6PE/6VPE On-Demand Next Hop (ODN+AS)

This feature is now supported on Cisco NCS 5700 series fixed port routers and the Cisco NCS 5500 series routers that have the Cisco NC57 line cards installed and operating in the native and compatible modes.

SRTE: Per Flow (Class) ODN and Automated Steering (GRT and L3 BGP Services)

This feature is now supported on Cisco NCS 5700 series fixed port routers and the Cisco NCS 5500 series routers that have the Cisco NC57 line cards installed and operating in the native and compatible modes.

SRv6 Micro-Segment (uSID)

This feature is an extension of the SRv6 architecture. It leverages the existing SRv6 Network Programming architecture to encode up to six SRv6 Micro-SID (uSID) instructions within a single 128-bit IPv6 address, called the uSID Container.

In addition, this feature leverages the existing SRv6 data plane and control plane with no changes. It also provides low MTU overhead; for example, 6 uSIDs per uSID container results in 18 source-routing waypoints in only 40 bytes of overhead.

SRv6 uSID supports the following existing SRv6 functionality:

  • IS-IS: TI-LFA, Microloop Avoidance, Flexible Algorithm, OAM, Performance Measurement, QoS

  • SRv6 BGP Services: IPv4 L3VPN Per-VRF

  • SRv6 BGP Services: BGP Global IPv4

SRv6 Services: BGP Global IPv6

With this feature, the egress PE can signal an SRv6 Service SID with the BGP global route. The ingress PE encapsulates the IPv4/IPv6 payload in an outer IPv6 header where the destination address is the SRv6 Service SID provided by the egress PE. BGP messages between PEs carry SRv6 Service SIDs as a means to interconnect PEs.

SRv6 Services: IPv6 L3VPN

With this feature, the egress PE can signal an SRv6 Service SID with the BGP overlay service route. The ingress PE encapsulates the IPv4/IPv6 payload in an outer IPv6 header where the destination address is the SRv6 Service SID provided by the egress PE. BGP messages between PEs carry SRv6 Service SIDs as a means to interconnect PEs and form VPNs.

Segment Routing Conditional Prefix Advertisement for OSPF

In a typical Anycast scenario, if an advertising node becomes unavailable or unreachable while still advertising its Anycast SID, traffic could still be routed to the node and, as a result, get dropped.

This feature allows a node to advertise its loopback address when it’s connected to the domain, and to track the loopback addresses of the other nodes in the domain. If a node becomes unavailable or unreachable, it stops advertising its loopback address, allowing for a new path to be computed.

Weighted Anycast SID-Aware Path Computation

This feature extends Anycast SIDs with weighted nodes.

Weighted Anycast nodes advertise a cost (weight) along with the Anycast SID. Traffic is then distributed according to the weights.

Weighted Anycast SIDs allow for highly available paths with node redundancy and path optimality that provide Fast ReRoute (FRR) for node failure of service provider edge (PE) routers and ABR/ASBRs nodes in multi-domain networks.

System Management

PTP Delay Asymmetry

Any delays on Precision Time Protocol (PTP) paths can impact PTP accuracy and in turn impact clock settings for all devices in a network. This feature allows you to configure the static asymmetry such that the delay is accounted for and the PTP synchronization remains accurate.

The delay-symmetry command is introduced for this feature.

Software Innovation Access (SIA) Entitlement

SIA license grants you access to the latest software upgrades which contain new features, bug fixes, and security enhancements for devices on your network. Also, it enables the consumption of Advanced and Essential Right-to-Use (RTU) licenses on your device, and allows portability of these RTU licenses from one device to another.

System Monitoring

TWAMP

This feature is now supported on Cisco NCS 5700 series fixed port routers and the Cisco NCS 5500 series routers that have the Cisco NC57 line cards installed and operating in the native mode.

System Security

Collect Filesystem Inventory

With this feature, a snapshot of the filesystem metadata such as when the file was created, modified, or accessed is collected at each configured interval.

In addition to displaying the changes that the file underwent as compared to the previous snapshot, the inventory helps in maintaining data integrity of all the files in the system.

Ed25519 Public-Key Signature Algorithm Support for SSH

This algorithm is now supported on Cisco IOS XR 64-bit platforms when establishing SSH sessions. It is a modern and secure public-key signature algorithm that provides several benefits, particularly resistance against several side-channel attacks. Prior to this release, DSA, ECDSA, and RSA public-key algorithms were supported.

This command is modified for this feature: 

ssh server algorithms host-key

Ed25519 Public-Key Signature Algorithm Support for SSH

Support for this algorithm is added, when establishing SSH sessions, to Cisco IOS XR 64-bit platforms. It is a modern and secure public-key signature algorithm that provides several benefits, particularly resistance against several side-channel attacks. Prior to this release, DSA, ECDSA, and RSA public-key algorithms were supported.

This command is modified for this feature: 

ssh server algorithms host-key

IMA Optimization

Integrity Measurement Architecture (IMA) is a Linux-based utility that attests and appraises the integrity of a system security, at runtime. In this release, IMA introduces the following IMA optimization aspects:

  • Incremental IMA that collects IMA events selectively and progressively instead of collecting all the IMA events at the same time. You can define the start of an IMA sequence, which consists of start event, start sequence number, and start time.

  • SUDI Signature - provides the hardware root of trust to the dossier that is collected by the system.

Password Masking

With this feature, when you key in a password or secret, it is not displayed on the screen. This enhances security.

The feature is enabled by default. The following options are added to the username command:

  • masked-password

  • masked-secret

Support for Ed25519 Public-Key Signature System

This feature allows you to generate and securely store crypto key pair for the Ed25519 public-key signature algorithm on Cisco IOS XR 64-bit platforms. This signature system provides fast signing, fast key generation, fool proof session keys, collision resilience, and small signatures. The feature also facilitates integration of Cisco IOS XR with Cisco Crosswork Trust Insights.

Commands introduced for this feature are:

crypto key generate ed25519

crypto key zeroize ed25519

show crypto key mypubkey ed25519

Commands modified for this feature are:

ca-keypair

keypair

User Configurable Maximum Authentication Attempts for SSH

This feature allows you to set a limit on the number of user authentication attempts allowed for SSH connection, using the three authentication methods that are supported by Cisco IOS XR. The limit that you set is an overall limit that covers all the authentication methods together. If the user fails to enter the correct login credentials within the configured number of attempts, the connection is denied and the session is terminated.

This command is introduced for this feature:

ssh server max-auth-limit

Verify Authenticity of RPM Packages Using Fingerprint

This feature helps in verifying the authenticity of an installable package. A Known Good Value (KGV) is calculated and published for each package. The installed and running software is compared with the KGV to determine whether the package is genuine or not.

These two values are displayed only in the Yang model output. No CLI commands are provided to view these values.

X.509v3 Certificate-based Authentication for SSH

This feature adds new public-key algorithms that use X.509v3 digital certificates for SSH authentication. These certificates use a chain of signatures by a trusted certification authority to bind a public key to the digital identity of the user who is authenticating with the SSH server. These certificates are difficult to falsify and therefore used for identity management and access control across many applications and networks.

Commands introduced for this feature are:

ssh server certificate

ssh server trustpoint

This command is modified for this feature:

ssh server algorithms host-key

System Setup and Software Installation

Conforming to US DOD Login Banner Standards

To comply with US DoD, an option to enable display of login banner is introduced. The login banner provides information such as number of successful and unsuccessful login attempts, time stamp, login method, and so on.

The login-history command is introduced.

Secure Zero Touch Provisioning

This feature allows devices in the network to establish a secure connection with the ZTP server and authenticate information using a three-step validation process involving validation of the network device, the ZTP server, and onboarding information. This eliminates security risks or malicious actions during remote provisioning.

  • ztp secure-mode enable

Zero Touch Provisioning

Zero Touch Provisioning is now extended to support provisioning using removable storage, such as USB drive.

Telemetry

AI-driven telemetry (ADT)

This feature leverages machine learning to detect and retrieve important network-state changes on the router. Relevant data is filtered and exported to the network management system for analysis or troubleshooting purposes.

ADT significantly simplifies the configuration of streaming telemetry, and you are no longer required to manually choose sensor paths or tune the cadence at which counters have to be collected.

Hardware Timestamp

This feature synchronises the timestamp for accurate calculation of data rate from the router, wherein the counters are read from the hardware. The counters are updated only when the collector reads the counters from hardware, irrespective of the number of times the MDT client polls data. With hardware timestamping in rate computation while streaming periodic statistics, the spikes due to the inconsistent timestamp from cache files is resolved.

Streaming Digital Optical Monitoring (DOM) data from the router

This feature streams fiber optic transceiver parameters such as optical input or output levels, temperature, laser bias current, supply voltage, receiver power, bias threshold, etc., in real-time. This helps network operators to easily locate a fiber link failure, thereby simplifying the maintenance process, and improving overall system reliability.

Sensor paths introduced for this feature are:

Cisco-IOS-XR-dwdm-ui-oper:dwdm/ports/port/info/optics-info

Cisco-IOS-XR-controller-optics-oper:optics-oper/optics-ports/optics-port/optics-info

Hardware

Hardware Description

Cisco NCS 5700 Fixed Chassis Routers:

  • NCS-57B1-6D24-SYS

  • NCS-57B1-5DSE-SYS

This release supports the following 1RU fixed chassis in the Cisco NCS 5700 router series:

  • NCS-57B1-5DSE-SYS

  • NCS-57B1-6D24-SYS

These next generation chassis breaks new ground by providing the following capabilities in an extremely power-efficient, 1RU form factor router:

  • 4.8 Terabits of 400GE/100GE optimized forwarding capacity

  • QSFP-DD optics support

  • Deep packet buffering

  • Full line-rate MACsec (available in a future release)

  • Class C 1588 Precision Time Protocol (PTP)

  • Synchronous Ethernet (SyncE)

For more information, see Cisco Network Convergence System (NCS) 5700 Series

DC Power Supply NC55-PWR-4.4KW-DC

New DC power supply unit provides 4400 Watts per PSU and is supported on all the three variants of Cisco NCS 5500 modular chassis series - NCS 5504, NCS 5508, and NCS 5516.

For more information see Cisco Network Convergence System 5500 Series Modular Chassis Data Sheet

NC55-32T16Q4H-A line card

This release introduces a 10G optimized Cisco NCS 5500 line card that provides 48 ports of 1/10/25 Gigabit Ethernet and 4 ports of 40/100 Gigabit Ethernet. The line card improves port density for low speed interfaces within the family of modular NCS 5500 chassis.

Note 
The support for this hardware is also available in Release 7.2.2

For more information, see Cisco Network Convergence System 5500 Series: 48 x 1/10/25G Line Card Data Sheet

NC57-36H-SE line card

This release introduces a 100G optimized Cisco NCS 5700 scale line card that provides 36 ports of 100 Gigabit Ethernet with full line rate capacity. All the ports can support 100GE and 40GE optics. Only even ports support 4x25GE and 4x10GE breakout. The line card works in native and compatibility mode.

Note 
The support for this hardware is also available in Release 7.2.2

For more information, see Cisco Network Convergence System 5700 Series: 400GE and 100GE Line Cards Data Sheet

Fabric card and Fan tray version 2 for Cisco NCS 5504 router

This release introduces the following hardware:

  • NC55-5504-FC2—Cisco NCS 5504, 2nd generation Fabric Card

  • NC55-5504-FAN2—Cisco NCS 5504, 2nd generation Fan tray

Note 
The support for this hardware is also available in Release 7.2.2

For more information, see Cisco NCS 5500 Modular Chassis: Second-Generation Fabric and Fan Modules Data Sheet

Features Supported on Cisco NC57 Line Cards

The following table lists parity features for which the support on Cisco NC57 line cards is introduced in Cisco IOS XR Release 7.3.1.

Features supported in the native mode are also available on Cisco NCS 5700 fixed port routers.

Table 1. Parity Features Supported on Cisco NC57 Line Cards

Feature

Compatible Mode

Native Mode

CFM

Support for 255 IPv4 and 255 IPv6 VRRP sessions on Cisco NC57 line cards

Ethernet Data Plane Loopback

QoS Enablement on Layer 2 MPLS/BGP

TWAMP

Duplicate IP Address Detection

EVPN Infrastructure

EVPN Multiple Services per Ethernet Segment

EVPN Single-Active Multihoming

EVPN VPWS

Highest Random Weight Mode for EVPN DF Election

L2 and BVI infrastructure

BGP EVPN-VPWS

BGP PIC Edge for Unlabeled Transport (IPv4/v6)

BGP-Based VPWS Infrastructure

Y.1731 Loss and Delay Measurement

BFD LACP Triggerring TE FRR

Targeted LDP

BFD for BoB with IPv4 Unnumbered

Ethernet OAM

BVI co-existence with SRTE on same NPU

SR-MPLS-OSPFv2

SR Policy

SR-PCE: Flex Algo Aware Policy Computation + Live-Live Disjointness Enhancements

SR-PCE: IP Unnumbered in Path Computation (ZTP/ZTD use case)

SR-PCE: Inter-Domain Computation using Redistributed SID (SRTE- BGP-LU Domains Interworking)

SR-PCE: North-Bound API Enhancements for Cisco Optimization Engine (COE) v1.0 release

SR-Policy (Explicit, Dynamic, affinity)

SR-TILFA

SRTE-Services: 6PE/6VPE On-Demand Next Hop (ODN+AS)

SRTE: Per Flow (Class)ODN and Automated Steering (GRT and L3 BGP Services)

For the complete list of parity features supported on Cisco NC57 line cards until Cisco IOS XR Release 7.2.2, see:

Caveats Specific to the NCS 5500 Series Routers

Caveats describe unexpected behavior in Cisco IOS XR Software releases. These caveats are specific to NCS 5500 Series Routers:

Table 2. Cisco NCS 5500 Series Routers Specific Bugs

Bug ID

Headline

CSCvs97675

ASIC generic/config error are counted up when enabling monitor-session on NCS-55A1-24H

Release Package

This table lists the Cisco IOS XR Software feature set matrix (packages) with associated filenames.

Visit the Cisco Software Download page to download the Cisco IOS XR software images.

Table 3. Release 7.3.1 Packages for Cisco NCS 5500 Series Router

Composite Package

Feature Set

Filename

Description

Cisco IOS XR IP Unicast Routing Core Bundle

ncs5500-mini-x.iso

Contains base image contents that includes:

  • Host operating system

  • System Admin boot image

  • IOS XR boot image

  • BGP packages

Individually-Installable Optional Packages

Feature Set

Filename

Description

Cisco IOS XR Manageability Package

ncs5500-mgbl-3.0.0.0-r731.x86_64.rpm

Extensible Markup Language (XML) Parser, Telemetry, Netconf, gRPC and HTTP server packages.

Cisco IOS XR MPLS Package

ncs5500-mpls-2.1.0.0-r731.x86_64.rpm

ncs5500-mpls-te-rsvp-2.2.0.0-r731.x86_64.rpm

MPLS and MPLS Traffic Engineering (MPLS-TE) RPM.

Cisco IOS XR Security Package

ncs5500-k9sec-3.1.0.0-r731.x86_64.rpm

Support for Encryption, Decryption, Secure Shell (SSH), Secure Socket Layer (SSL), and Public-key infrastructure (PKI)

Cisco IOS XR ISIS package

ncs5500-isis-1.2.0.0-r731.x86_64.rpm

Support ISIS

Cisco IOS XR OSPF package

ncs5500-ospf-2.0.0.0-r731.x86_64.rpm

Support OSPF

Lawful Intercept (LI) Package

ncs5500-li-1.0.0.0-r731.x86_64.rpm

Includes LI software images

Multicast Package

ncs5500-mcast-1.0.0.0-r731.rpm

Support Multicast

Table 4. Release 7.3.1 TAR files for Cisco NCS 5500 Series Router

Feature Set

Filename

NCS 5500 IOS XR Software 3DES

NCS5500-iosxr-k9-7.3.1.tar

NCS 5500 IOS XR Software

NCS5500-iosxr-7.3.1.tar

NCS 5500 IOS XR Software

NCS5500-docs-7.3.1.tar

Table 5. Release 7.3.1 Packages for Cisco NCS 5700 Series Router

Feature Set

Filename

NCS 5700 IOS XR Software

ncs5700-x64-7.3.1.iso

NCS 5700 IOS XR Software (only k9 RPMs)

ncs5700-k9sec-rpms.7.3.1.tar

NCS 5700 IOS XR Software Optional Package

NCS5700-optional-rpms.7.3.1.tar

This TAR file contains the following RPMS:

  • optional-rpms/cdp/*

  • optional-rpms/eigrp/*

  • optional-rpms/telnet/*

Determine Software Version

To verify the software version running on the router, use show version command in the EXEC mode.
RP/0/RP0/CPU0:router# show version
Label : 7.3.1

    Active Packages: 10
        ncs5500-xr-7.3.1 version=7.3.1 [Boot image]
        ncs5500-mcast-3.0.0.0-r731
        ncs5500-li-1.0.0.0-r731
        ncs5500-eigrp-1.0.0.0-r731
        ncs5500-k9sec-3.1.0.0-r731
        ncs5500-isis-2.1.0.0-r731
        ncs5500-mpls-2.1.0.0-r731
        ncs5500-mpls-te-rsvp-3.1.0.0-r731
        ncs5500-ospf-2.0.0.0-r731
        ncs5500-mgbl-3.0.0.0-r731

Determine Firmware Support

Use the show hw-module fpd command in EXEC and Admin mode to view the hardware components with their current FPD version and status. The status of the hardware must be CURRENT; Running and Programed version must be the same.


Note

You can also use the show fpd package command in Admin mode to check the fpd versions.


This sample output is for show hw-module fpd command from the Admin mode:

sysadmin-vm:0_RP0# show hw-module fpd
Auto-upgrade:Enabled
                                                               FPD Versions
                                                               =================
Location   Card type             HWver FPD device       ATR Status   Running Programd
-----------------------------------------------------------------------------------
0/2        NC55-36X100G-S        0.4   MIFPGA               CURRENT    0.07    0.07  
0/2        NC55-36X100G-S        0.4   Bootloader           CURRENT    1.14    1.14  
0/2        NC55-36X100G-S        0.4   IOFPGA               CURRENT    0.11    0.11  
0/2        NC55-36X100G-S        0.4   SATA                 CURRENT    5.00    5.00  
0/4/1      NC55-MPA-2TH-S        1.0   MPAFPGA              CURRENT    0.53    0.53  
0/4/2      NC55-MPA-2TH-HX-S     0.1   MPAFPGA              CURRENT    0.53    0.53  
0/4        NC55-MOD-A-S          1.0   MIFPGA               CURRENT    0.13    0.13  
0/4        NC55-MOD-A-S          1.0   Bootloader           CURRENT    1.03    1.03  
0/4        NC55-MOD-A-S          1.0   DBFPGA               CURRENT    0.14    0.14  
0/4        NC55-MOD-A-S          1.0   IOFPGA               CURRENT    0.09    0.09  
0/5        NC55-18H18F           1.0   MIFPGA               CURRENT    0.03    0.03  
0/5        NC55-18H18F           1.0   Bootloader           CURRENT    1.14    1.14  
0/5        NC55-18H18F           1.0   IOFPGA               CURRENT    0.22    0.22  
0/5        NC55-18H18F           1.0   SATA                 CURRENT    5.00    5.00  
0/6        NC55-MOD-A-SE-S       0.201 MIFPGA               CURRENT    0.13    0.13  
0/6        NC55-MOD-A-SE-S       0.201 Bootloader           CURRENT    1.03    1.03  
0/6        NC55-MOD-A-SE-S       0.201 DBFPGA               CURRENT    0.14    0.14  
0/6        NC55-MOD-A-SE-S       0.201 IOFPGA               CURRENT    0.09    0.09  
0/7/1      NC55-MPA-12T-S        0.1   MPAFPGA              CURRENT    0.27    0.27  
0/7/2      NC55-MPA-12T-S        0.1   MPAFPGA              CURRENT    0.27    0.27  
0/7        NC55-MOD-A-S          0.302 MIFPGA               CURRENT    0.13    0.13  
0/7        NC55-MOD-A-S          0.302 Bootloader           CURRENT    1.03    1.03  
0/7        NC55-MOD-A-S          0.302 DBFPGA               CURRENT    0.14    0.14  
0/7        NC55-MOD-A-S          0.302 IOFPGA               CURRENT    0.09    0.09  
0/7        NC55-MOD-A-S          0.302 SATA                 CURRENT    5.00    5.00  
0/9        NC55-36X100G-A-SE     0.303 MIFPGA               CURRENT    0.03    0.03  
0/9        NC55-36X100G-A-SE     0.303 Bootloader           CURRENT    0.15    0.15  
0/9        NC55-36X100G-A-SE     0.303 DBFPGA               CURRENT    0.14    0.14  
0/9        NC55-36X100G-A-SE     0.303 IOFPGA               CURRENT    0.26    0.26  
0/9        NC55-36X100G-A-SE     0.303 SATA                 CURRENT    5.00    5.00  
0/12       NC55-32T16Q4H-A       0.12  MIFPGA               CURRENT    0.60    0.60  
0/12       NC55-32T16Q4H-A       1.0   TimingIC-A           NEED UPGD152.20  152.20  
0/12       NC55-32T16Q4H-A       1.0   TimingIC-B           CURRENT    7.214   7.214 
0/12       NC55-32T16Q4H-A       0.12  Bootloader           CURRENT    0.05    0.05  
0/12       NC55-32T16Q4H-A       0.12  DBFPGA               CURRENT    0.14    0.14  
0/12       NC55-32T16Q4H-A       0.12  IOFPGA               CURRENT    0.89    0.89  
0/13       NC55-6X200-DWDM-S     2.3   CFP2_PORT_3          CURRENT    5.52    5.52  
0/13       NC55-6X200-DWDM-S     0.0   DENALI0              CURRENT   13.48   13.48  
0/13       NC55-6X200-DWDM-S     0.0   DENALI1              CURRENT   13.48   13.48  
0/13       NC55-6X200-DWDM-S     0.0   DENALI2              CURRENT   13.48   13.48  
0/13       NC55-6X200-DWDM-S     0.0   MORGOTH              CURRENT    5.26    5.26  
0/13       NC55-6X200-DWDM-S     0.0   MSFPGA0              CURRENT    2.22    2.22  
0/13       NC55-6X200-DWDM-S     0.0   MSFPGA1              CURRENT    2.22    2.22  
0/13       NC55-6X200-DWDM-S     0.0   MSFPGA2              CURRENT    2.22    2.22  
0/13       NC55-6X200-DWDM-S     0.502 Bootloader           CURRENT    1.14    1.14  
0/13       NC55-6X200-DWDM-S     0.502 IOFPGA               CURRENT    0.14    0.14  
0/13       NC55-6X200-DWDM-S     0.502 SATA                 CURRENT    5.00    5.00  
0/RP0      NC55-RP2-E            1.0   TimingIC-A           CURRENT    7.214   7.214 
0/RP0      NC55-RP2-E            1.0   TimingIC-B-0         CURRENT    7.214   7.214 
0/RP0      NC55-RP2-E            1.0   TimingIC-B-1         CURRENT    7.214   7.214 
0/RP0      NC55-RP2-E            0.201 Bootloader           CURRENT    0.08    0.08  
0/RP0      NC55-RP2-E            0.201 IOFPGA               CURRENT    0.50    0.31  
0/RP0      NC55-RP2-E            0.201 OMGFPGA              CURRENT    0.31    0.31  
0/RP1      NC55-RP2-E            1.0   TimingIC-A           CURRENT    7.214   7.214 
0/RP1      NC55-RP2-E            1.0   TimingIC-B-0         CURRENT    7.214   7.214 
0/RP1      NC55-RP2-E            1.0   TimingIC-B-1         CURRENT    7.214   7.214 
0/RP1      NC55-RP2-E            0.301 Bootloader           CURRENT    0.08    0.08  
0/RP1      NC55-RP2-E            0.301 IOFPGA               CURRENT    0.50    0.31  
0/RP1      NC55-RP2-E            0.301 OMGFPGA              CURRENT    0.31    0.31  
0/FC0      NC55-5516-FC          0.216 Bootloader           CURRENT    1.75    1.75  
0/FC0      NC55-5516-FC          0.216 IOFPGA               CURRENT    0.26    0.26  
0/FC1      NC55-5516-FC          0.216 Bootloader           CURRENT    1.75    1.75  
0/FC1      NC55-5516-FC          0.216 IOFPGA               CURRENT    0.26    0.26  
0/FC2      NC55-5516-FC          0.216 Bootloader           CURRENT    1.75    1.75  
0/FC2      NC55-5516-FC          0.216 IOFPGA               CURRENT    0.26    0.26  
0/FC3      NC55-5516-FC          0.216 Bootloader           CURRENT    1.75    1.75  
0/FC3      NC55-5516-FC          0.216 IOFPGA               CURRENT    0.26    0.26  
0/FC4      NC55-5516-FC          0.216 Bootloader           CURRENT    1.75    1.75  
0/FC4      NC55-5516-FC          0.216 IOFPGA               CURRENT    0.26    0.26  
0/FC5      NC55-5516-FC          0.216 Bootloader           CURRENT    1.75    1.75  
0/FC5      NC55-5516-FC          0.216 IOFPGA               CURRENT    0.26    0.26  
0/PM3      NC55-PWR-3KW-2HV      0.2   DT-LogicMCU          CURRENT    3.01    3.01  
0/PM3      NC55-PWR-3KW-2HV      0.2   DT-PriMCU            CURRENT    3.00    3.00  
0/PM3      NC55-PWR-3KW-2HV      0.2   DT-SecMCU            CURRENT    3.01    3.01  
0/PM6      NC55-PWR-3KW-2HV      0.2   DT-LogicMCU          CURRENT    3.01    3.01  
0/PM6      NC55-PWR-3KW-2HV      0.2   DT-PriMCU            CURRENT    3.00    3.00  
0/PM6      NC55-PWR-3KW-2HV      0.2   DT-SecMCU            CURRENT    3.01    3.01  
0/SC0      NC55-SC               1.5   Bootloader           CURRENT    1.74    1.74  
0/SC0      NC55-SC               1.5   IOFPGA               CURRENT    0.10    0.10  
0/SC1      NC55-SC               1.5   Bootloader           CURRENT    1.74    1.74  
0/SC1      NC55-SC               1.5   IOFPGA               CURRENT    0.10    0.10  

Other Important Information

  • The total number of bridge-domains (2*BDs) and GRE tunnels put together should not exceed 1518.

    Here the number 1518 represents the multi-dimensional scale value.

  • The offline diagnostics functionality is not supported in NCS 5500 platform. Therefore, the hw-module service offline location command will not work. However, you can use the (sysadmin)# hw-module shutdown location command to bring down the LC.

Upgrading Cisco IOS XR Software

Cisco IOS XR Software is installed and activated from modular packages, allowing specific features or software patches to be installed, upgraded, or downgraded without affecting unrelated processes. Software packages can be upgraded or downgraded on all supported card types, or on a single card (node).

Before starting the software upgrade, use the show install health command in the admin mode. This command validates if the statuses of all relevant parameters of the system are ready for the software upgrade without interrupting the system.


Note

If you use a TAR package to upgrade from a Cisco IOS XR release prior to 7.x, the output of the show install health command in admin mode displays the following error messages:

sysadmin-vm:0_RSP0# show install health
. . .
ERROR /install_repo/gl/xr -rw-r--r--. 1 8413 floppy 3230320 Mar 14 05:45 <platform>-isis-2.2.0.0-r702.x86_64
ERROR /install_repo/gl/xr -rwxr-x---. 1 8413 165 1485781 Mar 14 06:02 <platform>-k9sec-3.1.0.0-r702.x86_64
ERROR /install_repo/gl/xr -rw-r--r--. 1 8413 floppy 345144 Mar 14 05:45 <platform>-li-1.0.0.0-r702.x86_64

You can ignore these messages and proceed with the installation operation.