Network Convergence System 5500 Series Routers


Note

Explore the Content Hub, the all new portal that offers an enhanced product documentation experience.

  • Use faceted search to locate content that is most relevant to you.

  • Create customized PDFs for ready reference.

  • Benefit from context-based recommendations.

Get started with the Content Hub at content.cisco.com to craft a personalized documentation experience.

Do provide feedback about your experience with the Content Hub.


What's New in Cisco IOS XR Release 7.4.1

Cisco is continuously enhancing the product with every release and this section covers a brief description of key features and enhancements. It also includes links to detailed documentation, where available.

Table 1. Software
Feature Description

BGP

16K FlowSpec routes

This feature allows you to increase the number of flows to 16K on NCS57 based eTCAM line cards. A flow is defined as a sequence of related packets having the same source and destination pair which is sent from a source PE to a destination PE.

Reduction in install time for FlowSpec entry after line card reload

This feature allows you to download flowspec address-family prefixes that are learned from the peer to the flowspec manager only after the router receives the end-of-RIB (EoR) message. If the peer does not send the EoR message, the prefixes are downloaded after the 120-seconds timer expires. This timer starts to receive the first keepalive value after the session is established thereby reducing the time taken by the router to download the prefixes after a BGP neighbor flaps.

Interface and Hardware Component

Cisco NC57 Compatibility Mode: CFM

This feature is now supported on routers that have the Cisco NC57 line cards installed and operate in the compatibility mode.

Port Mirroring Enhancements for Cisco NC57 line cards

This feature is now supported on routers that have the Cisco NC57 line cards installed and works in the native mode of the NC57 line cards. This feature allows you to:

  • mirror the incoming and outgoing traffic from source ports to separate destinations. Separate destinations for incoming and outing traffic enables you to analyze the incoming and outing traffic separately or together.

  • configure a sub-interface as a destination on Cisco NC57 line cards.

  • support upto 24 monitor sessions with single destination or incoming-outgoing traffic destinations.

The following keywords are added to the monitor-session (interface) command, to define the incoming(rx) and outgoing (tx) destinations:

  • rx [interface|PW|next-hop|udp|…]

  • tx [interface|PW|next-hop|udp|…])

IP Addresses and Services

Jumbo packet handling for DHCPv6

This release introduces the handle-jumbo-packet configuration command under the dhcp ipv6 mode. This command enables processing of incoming DHCPv6 packets greater than 1280 bytes and upto 12,800 bytes in size. Prior to this release, the router discarded incoming DHCPv6 packets greater than 1280 bytes.

The newly introduced command is:

Support for 96 bit prefix instead of 128 bit prefix in destination address for egress IPv6 ACLs.

This feature is now supported on routers that have the Cisco NC57 line cards installed and operate in native mode.

Support for Packet Length, TCP flags, Traffic Class, and Fragments in egress TCAM keys for egress IPv6 ACLs

This feature is now supported on routers that have the Cisco NC57 line cards installed and operate in native mode.

Support for deny action for non-initial fragments in ingress and egress ACLs that contain L3 and L4 parameters.

This feature is now supported on routers that have the Cisco NC57 line cards installed and operate in native mode.

Support for extension headers in egress IPv6 ACLs

This feature is now supported on routers that have the Cisco NC57 line cards installed and operate in native mode.

Support for packet length in egress TCAM keys for egress IPv4 ACLs

This feature is now supported on routers that have the Cisco NC57 line cards installed and operate in native mode.

Support for 32K next-hop for ARP and Neighbour Discovery on physical, sub-physical, bundle, and sub-bundle interfaces

This feature is now supported on routers that have the Cisco NC57 line cards installed and operate in native mode.

Support for Point to Multipoint Traffic Engineering (P2MPE)

This feature is now supported on routers that have the Cisco NC57 line cards installed and operate in native and compatibility mode.

Support for DHCP Server, DHCP Relay, and DHCP Relay over BVI interfaces

This feature is now supported on routers that have the Cisco NC57 line cards installed and operate in native and compatibility mode.

Custom Prefix Length Selection

By default, /48 prefix length is inserted in the LEM memory. This feature allows you to choose a custom IPv6 prefix length to be inserted into the largest exact match (LEM) memory.

This feature introduces the hw-module fib scale ipv6 custom-lem command.

L2VPN and Ethernet Services

3 Label Collapse for L2 and L3 EVPN over BGP-LU

This feature is now supported on routers that have Cisco NC57 line cards installed and operate in native and compatibility modes.

Bridge Domain and MAC Address Scale

This feature is now supported on Cisco NCS 5700 series fixed port routers and the Cisco NCS 5500 series routers that have the Cisco NC57 line cards installed and operating in the native mode. This feature is supported with the following scale values:

  • 8K Bridge Domain

  • 4K Pseudowires

  • 300K MAC addresses

CFM on EVPN ELAN

This feature is now supported on routers that have Cisco NC57 line cards installed and operate in native mode only.

The following offload types are supported:

  • Hardware (HW) Offload

  • Non-Offload

  • Software (SW) Offload

CFM on EVPN VPWS

This feature is now supported on routers that have Cisco NC57 line cards installed and operate in native mode only.

Cisco NC57 Compatibility Mode: Ethernet Data Plane Loopback

This feature is now supported on routers that have the Cisco NC57 line cards installed and operate in the compatibility mode.

Control-word support for EVPN Bridge-Mode (E-LAN)

Control word is now supported and enabled by default in ELAN mode on routers that have Cisco NC57 line cards installed and are operating in compatibility mode. If the control-word-disable command is not configured, ensure to configure it under EVPN or EVI configuration mode before an upgrade to avoid inconsistent behaviour with routers before this release.

Router# configure
Router(config)# evpn
Router(config-evpn)# evi 1
Router(config-evpn-instance)# control-word-disable           // Apply to interop with older releases EVPN ELAN

If you want to enable control-word command for EVPN Bridging feature, then you must configure it only when both the endpoints run Release 7.4.1 or later.

EVPN Bridging and VPWS Services over BGP-LU Underlay

This feature is now supported on routers that have Cisco NC57 line cards installed and operate in native and compatibility modes.

EVPN MPLS Seamless Integration with VPLS

This feature is now supported on routers that have Cisco NC57 line cards installed and operate in native and compatibility modes.

Flexible Cross-Connect Service

This feature is now supported on routers that have Cisco NC57 line cards installed and operate in native and compatibility modes.

Inter-AS EVPN Option B

This feature enables the service providers to establish an end-to-end EVPN service over an MPLS backbone that spans multiple autonomous systems (AS). Inter-AS EVPN Option B allows the autonomous system boundary routers (ASBRs) to exchange L2VPN EVPN label routes between AS without the need for dedicated interfaces. This feature helps you to increase the number of services terminated on PE devices without requiring a dedicated number of interfaces on ASBR nodes.

This feature introduces the option-b-asbr-only  command.

L2CP Tunneling

This feature is now supported on routers that have Cisco NC57 line cards installed and operates in native and compatibility modes.

L2 Control Protocols (L2CP) tunneling helps initiate control packets from a local CE (customer-edge) device to a remote CE device.

PPPoE Traffic-Based Load Balance using Flow-Aware Transport Labels

This feature allows you to load balance the incoming PPPoE traffic received based on the inner PPPoE payload, source and destination IPv4 or IPv6 header.

When you enable this feature, the router generates a unique Flow-Aware Transport (FAT) label for the incoming traffic based on inner IPv4 or IPv6 headers and uses the FAT labels for load balancing the PPPoE traffic.

This feature introduces the hw-module profile load-balance algorithm PPPoE command.

Pseudowire Redundancy

This feature is now supported on routers that have Cisco NC57 line cards installed and operate in native and compatibility modes.

Single-Flow Active (for Access Rings) - VPNv4 Hosts

This feature is now supported on routers that have Cisco NC57 line cards installed and are operating in compatibility mode.

This feature extends the current implementation of EVPN Single-Flow-Active Multihoming Load-Balancing Mode, on Cisco NC57 line cards with VPNv4 routes.

VLAN List

VLANs separated by a comma are called VLAN lists. This feature allows you to configure a VLAN list on the L2 sub interface. VLAN-IDs of up to 9 are supported, per VLAN list.

This feature overrides any limit set on the number of customers that can be supported in an Ethernet network.

Virtual Private LAN Services (VPLS)

This feature is now supported on routers that have Cisco NC57 line cards installed and operates in native and compatibility modes.

Virtual Private LAN Services (VPLS) is a class of VPN that supports the connection of multiple sites in a single bridged domain over a MPLS network.

Maximum MAC Addresses Support on UNI Port

This feature introduces MAC limit and MAC limit action on bridge port, which was earlier only available on bridge domain.

This feature supports:

  • MAC limit of 1-64K

  • MAC limit action of flood and shutdown

Thus, allowing you to limit the maximum number of clients connected to a bridge on a site.

L3VPN

Inter-AS Option B for L3VPN

This feature allows ISPs to provide MPLS Layer 3 VPN services to their end customers where the routing boundaries for a customer are spread across different geographical locations. Separate autonomous systems with autonomous system boundary routers (ASBRs) from different service providers can communicate by exchanging VPN-IPv4 addresses or IPv4 routes and MPLS labels. This feature provides better scalability as it requires only one BGP session to exchange all VPN prefixes between the ASBRs.

Modular QoS

Cisco NC57 Native Mode: 802.1P marking

This feature is now supported on routers that have the Cisco NC57 line cards installed and operate in the native mode.

Cisco NC57 Native Mode: QoS Enablement on Layer 2 Services

This feature is now supported on routers that have the Cisco NC57 line cards installed and operate in the native mode.

The following Layer 2 services are supported:

  • Local switching [xconnect or bridging]

  • Layer 2 VPN – Virtual Private Wire Service (VPWS)

Apart from packet classification, this feature is available for the following QoS operations:

Class-based Unconditional Packet Marking

This feature is now supported on routers that have Cisco NC57 line cards installed and operate in native and compatibility modes.

Configure WRED Counters by Class

This feature enables the display of WRED statistics per class, thus providing a more accurate and granular statistics profile for packet drops. Such insight allows you to monitor, anticipate, and avoid congestion at common bottlenecks on your network.

This functionality introduces the hw-module profile qos wred-stats-enable command and modifies the output of the show policy-map interface command.

Explicit Congestion Notification

This feature is now supported on routers that have Cisco NC57 line cards installed and operate in native and compatibility modes.

Packets-Per-Second-Based Policer

Prior to this functionality, when configuring policers, the only available option for policer rates was bit-rate measured in units of bits per second (bps). With this release, you can configure policer rates in units of packets per second (pps) as well. pps-based policer is critical in fending off malicious attacks—when attackers target your specific resources with a vast amount of traffic that contain higher number of packets, but move at a slower packet rate. Protection from such attacks is possible because pps-based policers ensure that regardless of the packet size and rate, the policer only accepts a fixed number of packets per second.

This functionality modifies the police rate command.  

Scaling of Unique Ingress Policy Maps

This feature is now supported on routers that have Cisco NC57 line cards installed and operate in native and compatibility modes.

Set Peak Burst Size for Egress Shaping

This feature is now supported on routers that have Cisco NC57 line cards installed and operate in native and compatibility modes.

With this feature you can configure the burst size along with the existing egress shaper bandwidth, using the "shape average shaper bandwidth burst size burst unit " command.

This feature is used to control higher bursts of traffic being transmitted to the devices that have lower queue length configured to receive traffic. For more information, see Configure Traffic Shaping.

Shared Policer

This feature is now supported on routers that have Cisco NC57 line cards installed and operate in native and compatibility modes.

Shared Policy Instance

This feature is now supported on routers that have Cisco NC57 line cards installed and operate in native and compatibility modes.

Support of Absolute Rates for Bundle Interfaces for Traffic Shapers and Traffic Policers

This feature is now supported on routers that have Cisco NC57 line cards installed and operate in native and compatibility modes. For more information, see Configure Traffic Shaping and Configure Traffic Policing (Two-Rate Three-Color).

Support of Ingress Policing on BVI (Bridge Group Virtual Interface) and Low-Latency Queueing (LLQ)

This feature is now supported on routers that have Cisco NC57 line cards installed and operate in native and compatibility modes. For more information, see "Restrictions for QoS on BVI" under Restrictions and Low-Latency Queueing with Strict Priority Queueing

MPLS

MPLS-TE Tunnel

The MPLS-TE Tunnel is now supported on routers that have Cisco NC57 line cards installed and operate in native mode. Up to 15000 MPLS-TE tunnels can be created on the headend and tail end routers.

Multicast

Designated Router Election Using StickyDR

With this feature, the router sends a PIM hello message with a special PIM DR priority value on a multi-access LAN. The router with this special DR priority value is always elected as the designated router. The traffic now flows in the same path even when a new router is added.

This feature introduces the sticky-dr command.

Draft-Rosen Multicast VPN (Profile 0)

Rosen draft (profile 0) is a widely used MVPN model and uses GRE tunnels to securely transmit multicast traffic between the PE routers. It also enables ease of deployment by using the Protocol-Independent Multicast (PIM) protocol between edge routers (PE) and hosts (CE), and between PE routers that are running in VRF mode.

Multicast VPN Support based on Point to Multipoint Traffic Engineering (P2MPE)

This feature is now supported on routers that have the Cisco NC57 line cards installed and operate in native and compatibility mode.

Support for Layer 2 Multicast

This feature is now supported on routers that have the Cisco NC57 line cards installed and operate in native and compatibility mode.

Netflow

Enhanced NetFlow Sampling Rate of 1:2048 (2K)

You can configure a sampling rate of 1:2048 on NC57 line card when the line card is configured in the native mode.

Previously, the line card supported configuring Netflow sampling rate of 1:4096(4K), 1:8192(8K), and 1:16384(16K)

The command random 1 out-of is modified to support the new sampling rate.

MPLS top label type 4 for BGP Labeled Unicast traffic

This feature is an enhancement to how Netflow MPLS records are verified. This feature allows the user to analyze the traffic types by providing more visibility on the granularity of the information. This feature helps you to monitor the traffic data.

This feature introduces the new MPLS label type BGP. This label type is a field in the MPLS label that identifies the control protocol which allocates the top-of-stack label. MPLS label types enable verification of Netflow MPLS records.

Programmability

CLI to YANG Mapping Tool

This tool provides a quick reference for IOS XR CLIs and a corresponding YANG data model that could be used.

New command introduced for this feature: yang describe

Transitioning Native Models to Unified Models (UM)

Unified models are CLI-based YANG models that are designed to replace the native schema-based models. UM models are generated directly from the IOS XR CLIs and mirror them in several ways. This results in improved usability and faster adoption of YANG models.

You can access the new unified models from the Github repository.

Unique Commit ID for Configuration State

The network orchestrator is a central point of management for the network and typical workflow involves synchronizing the configuration states of the routers it manages. Loading configurations for comparing the states involves unnecessary data and subsequent comparisons are load intensive. This feature synchronizes the configuration states between the orchestrator and the router using a unique commit ID that the router maintains for each configuration commit. The orchestrator retrieves this commit ID from the router using NETCONF Remote Procedure Calls (RPCs) to identify whether the router has the latest configuration.

Routing

BFD Over BVI

This feature is now supported on routers that have Cisco NC57 line cards installed and operate in native and compatibility modes.

This feature is also supported on routers that have Cisco NCS550x and Cisco NCS55Ax line cards installed and operate in native and compatibility modes.

BFD over IRB, using a BVI, is a multipath single-hop session. In a BFD multipath session, BFD can be applied over virtual interfaces or between interfaces that are multihops away. The advantage of BFD, low-overhead and short-duration detection of path failures between routers, is extended to an IRB deployment scenario.

BFD over Logical Bundle

This feature is now supported on routers that have Cisco NC57 line cards installed and operate in compatibility mode.

The BLB feature implements and deploys BFD over bundle VLAN interfaces. The advantage of BFD, low-overhead and short-duration detection of path failures between routers, is extended to bundle VLAN interfaces.

Coexistence of BFD over bundle and BFD over logical bundle

This feature provides the benefits of both BFD over bundle (BOB) and BFD over logical bundle (BLB). This feature enables you to configure both BOB and BLB over physical bundle interfaces and subinterfaces. BOB functionality allows you to detect failures in physical bundle interfaces. BLB functionality allows you to detect failures in the client protocols configured on the subinterfaces.

Conditional Default Route Originating in IS-IS

The Conditional Default Route Originating in IS-IS feature allows you to enhance the granularity of the default route the IS-IS originates based on a condition. It enables IS-IS to originate the default route based on the presence of a specific route in the RIB originated by a particular BGP speaker.

This feature improves the reaction time of the watched route in the RIB by avoiding periodical queries of the routing policy. This feature enables you to respond to the client in a timely fashion when the watched route changes in the RIB.

IPv4 Multihop BFD

This feature is now supported on routers that have Cisco NC57 line cards installed and operate in native and compatibility modes.

IPv4 Multihop BFD is a BFD session between two nodes, such as a PE and CE node, or between routers that are several TTL hops away. This feature provides sub-second forwarding failure detection for a destination more than one hop, and up to 255 hops away.

Thus, the advantage of BFD, low-overhead and short-duration detection of path failures between routers, is extended to a multihop scenario.

IPv6 Multihop BFD support

BFD IPv6 Multihop feature enables IPv6 Multihop BFD sessions where BFD neighbors can be multiple hops away, either physically or logically.

It removes the restriction of a single path IPv6 BFD session, where the BFD neighbor is always one hop away, and the BFD Agent in the line card always receives or transmits BFD packets over a local interface on the same line card.

Thus, the advantage of BFD, low-overhead and short-duration detection of path failures between (IPv6) routers, is extended to a multihop scenario.

This feature is also supported on routers that have Cisco NC57 line cards installed and operate in native and compatibility modes.

Multihop BFD over BVI

The multihop BFD over BVI feature introduces support for multihop BFD over Bridge Group Virtual Interface (BVI). A multihop BFD session can be set up between two endpoints that have IP connectivity. This session is set up between a unique source-destination address pair provided by the client.

This feature allows you to extend BFD on arbitrary paths. These arbitrary paths can span multiple network hops, thereby detecting link failures.

RIPv2

This feature enables RIP as the IGP of your network. RIP broadcasts UDP data packets to exchange routing information in networks that are flat rather than hierarchical, reducing network complexity and network management time.

Segment Routing

Advertisement of Link Attributes for IS-IS Flexible Algorithm

Link attribute advertisements used during Flexible Algorithm path calculation must use the Application-Specific Link Attribute (ASLA) advertisements, as defined in IETF draft draft-ietf-lsr-flex-algo.

This feature introduces support for ASLA advertisements during IS-IS Flexible Algorithm path calculation.

OSPF: Microloop Avoidance for Flexible Algorithm

This feature extends the current Microloop Avoidance functionality to support OSPF.

Path Invalidation Drop

By default, if an SR Policy becomes invalid (for example, if there is no valid candidate path available), traffic falls back to the native SR forwarding path. In some scenarios, a network operator may require that certain traffic be only carried over the path associated with an SR policy and never allow the native SR LSP to be used.

This feature allows the SR policy to stay up in the control plane (to prevent prefixes mapped to the SR policy from falling back to the native SR LSP) but drop the traffic sent on the SR policy.

Per-Flow Automated Steering: L3 / L2 BGP Services + BSID Steering

This feature introduces support for BGP VPNv6 (6VPE) and BGP EVPN (single-home/multi-homed) over PFP, labeled traffic (Binding SID as top-most label in the stack) steering over per-flow policy (PFP).

An ingress QoS policy applied to an input interface is used to classify flows and set corresponding MPLS experimental values.

SR ECMP-FEC Optimization L2 and L3 Recursive Services

This feature adds support for L2VPN service Label Edge Router (LER) and BGP PIC for Layer 3 BGP services when SR ECMP-FEC Optimization is enabled.

Segment Routing Tree SID

This feature is now supported on Cisco NCS 5700 series fixed-port routers and the Cisco NCS 5500 series routers that have the Cisco NC57 line cards installed and operating in the native mode.

To enable the native mode, use the hw-module profile npu native-mode-enable command in the configuration mode. Ensure that you reload the router after configuring the native mode.

TE Metric Support for IS-IS Flex Algo

Flexible Algorithm allows for user-defined algorithms where the IGP computes paths based on a user-defined combination of metric type (path optimization objective) and constraint.

This feature add support for TE metric as a metric type for IS-IS Flexible Algorithm. This allows the TE metric, along with IGP and delay metrics, to be used when running shortest path computations.

Unprotected Adjacency SIDs

By default, the SR-TE process prefers the protected Adj-SID of the link if one is available. If there is no protected Adj-SID available, the policy will come up with unprotected Adj-SID.

This feature allows you to specify the Adj-SID protection behavior of the SR-TE process to prefer the protected or unprotected Adj-SID, or to use only the protected or unprotected Adj-SID.

System Management

Automatic Fabric Link Shutdown

If a fabric link goes down 30 times in 24 hours, this feature automatically shuts down the faulty fabric link. In doing so, any traffic blackholes that lead to traffic losses are avoided.

Delay timer for SNMP Traps

This enhancement allows configuration of SNMP trap notifications to be sent after 30 minutes and within 240 minutes after reload of the router.

FCM Licensing on the routers and line cards: NCS-57C3-MOD NCS-57C3-MODS NC57-36H6D-LC

Support for FCM licensings is extended to the following routers and line cards:

  • NCS-57C3-MOD routers

  • NCS-57C3-MODS routers

  • NC57-36H6D-LC line cards

PTP Virtual Port Support

To make a reliable timing source available for devices in backhaul networks, the PTP server and other local timing sources connected to the device are compared, and the best clock source is selected and advertised.

Based on ITU-T G.8275 specification, this feature associates a virtual PTP port to an external clock input. The external clock inputs to participate in PTP protocol to select the best available source for the system.

PTP and SyncE Support on NCS-57C3-MOD-S and NCS-57C3-MOD-SE-S routers.

With this release, timing support for IEEE 1588-2008 and SyncE is extended to the following routers:

  • NCS-57C3-MOD-S

  • NCS-57C3-MOD-SE-S

Smart Transport Support

You can now use Smart transport to communicate with CSSM. Smart transport is a transport method where a Smart Licensing (JSON) message is contained within an HTTPs message, and exchanged between a product instance and CSSM, to communicate. The following Smart transport configuration options are available:

  • Smart transport: In this method, a product instance uses a specific Smart transport licensing server URL. This must be configured exactly as shown in the workflow section.

  • Smart transport through an HTTPs proxy: In this method, a product instance uses a proxy server to communicate with the licensing server, and eventually, CSSM.

Essential and Advantage smart licenses in a combined entitlement

With this release, the Advanced licenses are now referred to as the Advantage licenses, without essential entitlement.

Also, a new license model – Advantage with Essentials, has been introduced that contains both Essential and Advantage licenses as a combined entitlement in a single PID. This simplifies the license procurement and management effort by eliminating the need to procure separate PIDs for Essential and Advantage licenses.

YANG Data Models for Smart Licensing

With this feature, you can use data models for all the smart licensing operations such as registering your device with a token, renewing token ID, deregistering device to remove the software entitlements and so on using NETCONF remote procedure calls (RPCs).

The following data models are introduced:

  • Cisco-IOS-XR-smart-license-cfg.yang

  • cisco-smart-license.yang

  • Cisco-IOS-XR-smartlicense-platform-oper.yang

  • Cisco-IOS-XR-infra-smartlicense-oper.yang

  • Cisco-IOS-XR-smart-license-act.yang

You can access these data models from the Github repository.

System Monitoring

Local Command Accounting

This release introduces a new keyword, local-accounting , in the logging file command, to store the AAA command accounting logs in a user-specified file on the router, in addition to storing them on a remote logging server. When the user enables this feature, the router does not display the command accounting logs in the output of show logging , console logging , terminal logging , or remote logging . This release does not support the archiving of local command accounting log files.

The modified command is:

Show command enhancements for TWAMP

This release introduces a new keyword, brief , in the show ipsla twamp session command that briefly displays the TWAMP session parameters in tabular format.

The modified show command is:

Show command enhancements for TWAMP-Light

This release introduces the following show command enhancements for TWAMP-Light:

  • The show ipsla twamp session now displays the number of packets sent.

  • A new keyword, brief , in the show ipsla twamp session command that briefly displays the TWAMP session parameters in tabular format.

The modified show command is:

System Security

Admin Access for NETCONF and gRPC Sessions

This feature allows all authorized users on XR VM to access administration data on the router through NETCONF or gRPC interface, similar to accessing the CLI. This functionality works by internally mapping the task group of the user on XR VM to a predefined group on System Admin VM. Therefore, the NETCONF and gRPC users can access the admin-related information on the router even if their user profiles do not exist on System Admin VM.

Prior to this release, only those users who were authorized on XR VM could access System Admin VM through CLI, by using the admin command. Users that were not configured on System Admin VM were denied access through the NETCONF or gRPC interfaces.

Hold-Down Timer for TACACS+

TACACS+ servers provide AAA services to the user. When a TACACS+ server becomes unreachable, the router sends the client request to another server, leading to considerable delay in addressing requests. To prevent this delay, you can set a hold-down timer on the router. The timer gets triggered after the router marks the TACACS+ server as down. During this period, the router does not select the server that is down for processing any client requests. When the timer expires, the router starts using that TACACS+ server for client transactions. This feature improves latency in providing AAA services to the user by limiting the client requests from being sent to unresponsive servers.

This feature introduces the holddown-time command.

NETCONF Access Control Model (NACM) for Protocol Operations and Authorization

NACM is defined in AAA subsystem to manage access control for NETCONF Remote Procedure Calls (RPCs). NACM addresses the need to authenticate the user or user groups, authorize whether the user has the required permission to perform the operation. With this feature, you can configure the authorization rules, groups and rule lists containing multiple groups and rules using CLI commands in addition to existing support for YANG data models.

This feature also introduces Cisco-IOS-XR-um-aaa-nacm-cfg.yang unified data model to configure user access and privileges. You can access this data model from the Github repository.

Support for Display Compact Option

This release introduces:

  • Display compact option in the dossier CLI, thereby allowing you to obtain IMA event logs in the protobuf format, which can be decoded at a client site. This provides flexibility to use any decoding mechanism

Use the display compact keyword with the existing show platform security integrity dossier include system-integrity-snapshot command.

Telemetry

Filter Telemetry Data Using Regex Keys in Sensor Paths

Streaming huge telemetry data can create congestion in the network.

With this feature, you can use the regular expression (regex) keys in the sensor path configuration on the router. The keys limit the amount of data that can be streamed, thereby ensuring better bandwidth utilization.

Behavior Change Introduced in This Release


Note

From Release 7.4.1 Control word is enabled by default. If the control-word-disable command is not configured, ensure to configure it under EVPN or EVI configuration mode before an upgrade to avoid inconsistent behaviour with routers running before Release 7.4.2.

If you want to enable control-word command for EVPN Bridging feature, then you must configure it only when both the endpoints run Release 7.4.1 or later.


New Hardware Introduced in this Release

This release introduces following new hardware:

  • NC57-36H6D-S Line Card—This line card is a 100G optimized NCS 5700 combo line card with 4.8 Tbps throughput. It provides a mix of 100GE, 200GE and 400GE ports with MACSec support. The line card provides flexible port configurations. The line card can be operated in native (all NCS 5700 line cards in the chassis) and compatible mode (mix of Cisco NCS 5700 line cards and previous generation Cisco NCS 5500 series line cards). See Cisco Network Convergence System 5700 Series: 400GE and 100GE Line Cards Data Sheet

  • NC57-MPA-2D4H-S modular port adapter—A 4-port 800GE modular port adapter (NC57-MPA-2D4H-S) that supports QSFP28 and QSFP-DD optical transceivers. This is the first modular port adapter to support the QSFP-DD optical transceiver. For port configuration details, see the 4-Port 800GE MPA with QSFP28/QSFP-DD section in the Hardware Installation Guide for Cisco NCS 5500 Series Fixed-Port Routers.

  • Cisco NCS 5700 Fixed Chassis Routers—A 3RU fixed-port routers in the Cisco NCS 5700 series:

    • NCS-57C3-MOD-S

    • NCS-57C3-MOD-SE-S

    These high-capacity, low power consuming routers provide the following support and capabilities:

    • Up to 2.4 Terabits of optimized forwarding capacity

    • 48 ports of 1/10/25G SFP28, 4 ports (Scale) or 8 ports (Base) of 40/100G QSFP28

    • Supports SFP, SFP+, SFP28, and QSFP28 optics

    • Synchronous Ethernet (SyncE)

    • Power Supply redundancy and Control Plane redundancy

    • 3 Modular Port Adapter (MPA) slots that support legacy NCS 5500 MPAs and the NC57-MPA-2D4H-S MPA (2 MPA slots with 800G, 1 MPA slot with 400G)

  • Optics — Optics support varies across devices (routers, line cards, RPs, etc.). To know if an optics is compatible with a specific Cisco device, refer to the Transceiver Module Group (TMG) Compatibility Matrix.

    The Cisco IOS XR Release 7.4.1 upgraded with the corresponding software maintenance upgrade (SMU) package supports the following optics:

Features Supported on Cisco NC57 Line Cards and NCS 5700 Fixed Routers

The following table lists the parity features supported on Cisco NC57 line cards in compatibility mode (NC57 line cards with previous generation NC55 line cards in the same modular chassis) and native mode (modular chassis with only NC57 line cards and NCS5700 fixed chassis ).

For the complete list of parity features supported on Cisco NC57 line cards until Cisco IOS XR , see:

Caveats Specific to the NCS 5500 Series Routers

Table 2. Cisco NCS 5500 Series Routers Specific Bugs

Bug ID

Headline

CSCvy99157

Yang response of "show install active" showing non xr packages.

CSCvy78718

CFM Rx Punt not Happening on J based boxes causing CFM Sessions to go Down

CSCvy84540

SSH failed when MPP is configured on MPLS-TE over physical and bundle interfaces

CSCvy85331

P1V2_J2C_HBM_VDDC_IOUT and P0V85_OP2_VDDM_IOUT for the TPS40428 are not working in SE systems

CSCvw55441

J2-non SE : "show contr npu resources" discrepancy for iproute with v4/32 routes

Release Package

This table lists the Cisco IOS XR Software feature set matrix (packages) with associated filenames.

Visit the Cisco Software Download page to download the Cisco IOS XR software images.

Table 3. Release 7.4.1 Packages for Cisco NCS 5500 Series Router

Composite Package

Feature Set

Filename

Description

Cisco IOS XR IP Unicast Routing Core Bundle

ncs5500-mini-x.iso

Contains base image contents that includes:

  • Host operating system

  • System Admin boot image

  • IOS XR boot image

  • BGP packages

Individually-Installable Optional Packages

Feature Set

Filename

Description

Cisco IOS XR Manageability Package

ncs5500-mgbl-3.0.0.0-r741.x86_64.rpm

Extensible Markup Language (XML) Parser, Telemetry, Netconf, gRPC and HTTP server packages.

Cisco IOS XR MPLS Package

ncs5500-mpls-2.1.0.0-r741.x86_64.rpm

ncs5500-mpls-te-rsvp-2.2.0.0-r741.x86_64.rpm

MPLS and MPLS Traffic Engineering (MPLS-TE) RPM.

Cisco IOS XR Security Package

ncs5500-k9sec-3.1.0.0-r741.x86_64.rpm

Support for Encryption, Decryption, Secure Shell (SSH), Secure Socket Layer (SSL), and Public-key infrastructure (PKI)

Cisco IOS XR ISIS package

ncs5500-isis-1.2.0.0-r741.x86_64.rpm

Support ISIS

Cisco IOS XR OSPF package

ncs5500-ospf-2.0.0.0-r741.x86_64.rpm

Support OSPF

Lawful Intercept (LI) Package

ncs5500-li-1.0.0.0-r741.x86_64.rpm

Includes LI software images

Multicast Package

ncs5500-mcast-1.0.0.0-r741.rpm

Support Multicast

Table 4. Release 7.4.1 TAR files for Cisco NCS 5500 Series Router

Feature Set

Filename

NCS 5500 IOS XR Software 3DES

NCS5500-iosxr-k9-7.4.1.tar

NCS 5500 IOS XR Software

NCS5500-iosxr-7.4.1.tar

NCS 5500 IOS XR Software

NCS5500-docs-7.4.1.tar

Table 5. Release 7.4.1 Packages for Cisco NCS 5700 Series Router

Feature Set

Filename

NCS 5700 IOS XR Software

ncs5700-x64-7.4.1.iso

NCS 5700 IOS XR Software (only k9 RPMs)

ncs5700-k9sec-rpms.7.4.1.tar

NCS 5700 IOS XR Software Optional Package

NCS5700-optional-rpms.7.4.1.tar

This TAR file contains the following RPMS:

  • optional-rpms/cdp/*

  • optional-rpms/eigrp/*

  • optional-rpms/telnet/*

Determine Software Version

To verify the software version running on the router, use show version command in the EXEC mode.

RP/0/RP0/CPU0:router# show version
Cisco IOS XR Software, Version 7.4.1
Copyright (c) 2013-2021 by Cisco Systems, Inc.

Build Information:
Built By : username
Built On : Wed Aug 4 04:23:45 PDT 2021
Built Host : iox-ucs-013
Workspace : /auto/srcarchive17/prod/7.4.1/ncs5500/ws
Version : 7.4.1
Location : /opt/cisco/XR/packages/
Label : 7.4.1

cisco NCS-5500 () processor
System uptime is 11 minutes

    

Determine Firmware Support

Use the show hw-module fpd command in EXEC and Admin mode to view the hardware components with their current FPD version and status. The status of the hardware must be CURRENT; Running and Programed version must be the same.


Note

You can also use the show fpd package command in Admin mode to check the fpd versions.


This sample output is for show hw-module fpd command from the Admin mode:

sysadmin-vm:0_RP0# show hw-module fpd

                            FPD Versions
                            ==============
Location  Card type         HWver FPD device       ATR Status      Run     Programd
-----------------------------------------------------------------------------------
0/0       NC55-32T16Q4H-A   0.302 Bootloader           CURRENT     0.05      0.05    
0/0       NC55-32T16Q4H-A   0.302 DBFPGA               CURRENT     0.14      0.14    
0/0       NC55-32T16Q4H-A   0.302 IOFPGA               CURRENT     0.89      0.89    
0/1       NC57-24DD         1.0   Bootloader           CURRENT     1.03      1.03
0/1       NC57-24DD         1.0   DBFPGA               CURRENT     0.14      0.14
0/1       NC57-24DD         1.0   IOFPGA               CURRENT     0.21      0.25
0/2       NC55-6X200-DWDM-S 0.502 Bootloader           CURRENT     1.19      1.19
0/2       NC55-6X200-DWDM-S 0.502 IOFPGA               CURRENT     0.14      0.14
0/2       NC55-6X200-DWDM-S 0.502 SATA-M600-MCT        CURRENT     5.00      5.00
0/3       NC57-36H6D-S      0.300 Bootloader           CURRENT     0.02      0.02
0/3       NC57-36H6D-S      0.300 DBFPGA               CURRENT     0.14      0.14
0/3       NC57-36H6D-S      0.300 IOFPGA               CURRENT     0.42      0.42
0/6       NC55-24X100G-SE   1.0   Bootloader           CURRENT     1.19      1.19
0/6       NC55-24X100G-SE   1.0   IOFPGA               CURRENT     0.13      0.13
0/6       NC55-24X100G-SE   1.0   SATA-M600-MCT        CURRENT     5.00      5.00
0/8       NC55-MOD-A-S      0.302 Bootloader           CURRENT     1.03      1.03
0/8       NC55-MOD-A-S      0.302 DBFPGA               CURRENT     0.14      0.14
0/8       NC55-MOD-A-S      0.302 IOFPGA               CURRENT     0.09      0.09
0/8       NC55-MOD-A-S      0.302 SATA-M600-MCT        CURRENT     5.00      5.00
0/9       NC55-32T16Q4H-A   0.12  Bootloader           CURRENT     0.05      0.05
0/9       NC55-32T16Q4H-A   0.12  DBFPGA               CURRENT     0.14      0.14
0/9       NC55-32T16Q4H-A   0.12  IOFPGA               CURRENT     0.89      0.89
0/12      NC57-18DD-SE      1.1   Bootloader           CURRENT     1.03      1.03
0/12      NC57-18DD-SE      1.1   DBFPGA               CURRENT     0.14      0.14
0/12      NC57-18DD-SE      1.1   IOFPGA               CURRENT     0.20      0.20
0/RP0     NC55-RP2-E        0.201 Bootloader           CURRENT     0.08      0.08
0/RP0     NC55-RP2-E        0.201 IOFPGA               CURRENT     0.50      0.50
0/RP0     NC55-RP2-E        0.201 OMGFPGA              CURRENT     0.46      0.46
0/RP1     NC55-RP2-E        0.202 Bootloader           CURRENT     0.08      0.08
0/RP1     NC55-RP2-E        0.202 IOFPGA               CURRENT     0.50      0.50
0/RP1     NC55-RP2-E        0.202 OMGFPGA              CURRENT     0.46      0.46
0/FC1     NC55-5516-FC2     1.0   Bootloader           CURRENT     1.80      1.80
0/FC1     NC55-5516-FC2     1.0   IOFPGA               CURRENT     0.17      0.17
0/FC3     NC55-5516-FC2     1.0   Bootloader           CURRENT     1.80      1.80
0/FC3     NC55-5516-FC2     1.0   IOFPGA               CURRENT     0.17      0.17
0/FC5     NC55-5516-FC2     1.0   Bootloader           CURRENT     1.80      1.80
0/FC5     NC55-5516-FC2     1.0   IOFPGA               CURRENT     0.17      0.17
0/SC0     NC55-SC           1.4   Bootloader           CURRENT     1.74      1.74
0/SC0     NC55-SC           1.4   IOFPGA               CURRENT     0.10      0.10
0/SC1     NC55-SC           1.4   Bootloader           CURRENT     1.74      1.74
0/SC1     NC55-SC           1.4   IOFPGA               CURRENT     0.10      0.10

This sample output is for show hw-module fpd command from the Admin mode on the NCS 5700 Fixed Chassis Routers (NCS-57C3-MOD-S / NCS-57C3-MOD-SE-S) introduced in this release :

        
                                  FPD Versions
                                  ==============
Location  Card type         HWver FPD device       ATR Status      Run     Programd
-----------------------------------------------------------------------------------
0/0       NCS-57C3-MOD-SYS  0.2   Bootloader           CURRENT     0.10      0.10
0/0       NCS-57C3-MOD-SYS  0.2   DBFPGA               CURRENT     0.54      0.54
0/0       NCS-57C3-MOD-SYS  0.2   SATA-Micron          CURRENT     1.00      1.00
0/RP0     NC57-MOD-RP2-E    0.2   Bootloader           CURRENT     0.08      0.08
0/RP0     NC57-MOD-RP2-E    0.2   SATA-Micron          CURRENT     1.00      1.00
0/RP1     NC57-MOD-RP2-E    0.2   Bootloader           CURRENT     0.08      0.08
0/RP1     NC57-MOD-RP2-E    0.2   SATA-INTEL_480G      CURRENT   1132.00   1132.00

Other Important Information

  • The total number of bridge-domains (2*BDs) and GRE tunnels put together should not exceed 1518.

    Here the number 1518 represents the multi-dimensional scale value.

  • The offline diagnostics functionality is not supported in NCS 5500 platform. Therefore, the hw-module service offline location command will not work. However, you can use the (sysadmin)# hw-module shutdown location command to bring down the LC.

Supported Modular Port Adapters

For the compatibility details of Modular Port Adapters (MPAs) on the line cards, see the datasheet of that specific line card.

Upgrading Cisco IOS XR Software

Cisco IOS XR Software is installed and activated from modular packages, allowing specific features or software patches to be installed, upgraded, or downgraded without affecting unrelated processes. Software packages can be upgraded or downgraded on all supported card types, or on a single card (node).

Before starting the software upgrade, use the show install health command in the admin mode. This command validates if the statuses of all relevant parameters of the system are ready for the software upgrade without interrupting the system.


Note

If you use a TAR package to upgrade from a Cisco IOS XR release prior to 7.x, the output of the show install health command in admin mode displays the following error messages:

sysadmin-vm:0_RSP0# show install health
. . .
ERROR /install_repo/gl/xr -rw-r--r--. 1 8413 floppy 3230320 Mar 14 05:45 <platform>-isis-2.2.0.0-r702.x86_64
ERROR /install_repo/gl/xr -rwxr-x---. 1 8413 165 1485781 Mar 14 06:02 <platform>-k9sec-3.1.0.0-r702.x86_64
ERROR /install_repo/gl/xr -rw-r--r--. 1 8413 floppy 345144 Mar 14 05:45 <platform>-li-1.0.0.0-r702.x86_64

You can ignore these messages and proceed with the installation operation.


Production Software Maintenance Updates (SMUs)

A production SMU is a SMU that is formally requested, developed, tested, and released. Production SMUs are intended for use in a live network environment and are formally supported by the Cisco TAC and the relevant development teams. Software bugs identified through software recommendations or Bug Search Tools are not a basis for production SMU requests.

For information on production SMU types, refer the Production SMU Types section of the IOS XR Software Maintenance Updates (SMUs) guide.

Use user-class Option 'xr-config' Instead Of 'exr-config' To Provision ZTP

In Cisco IOS XR Release 7.3.1 and earlier, the system accepts the device sending user-class = "exr-config"; however starting Cisco IOS XR Release 7.3.2 and later, you must use only user-class = "xr-config".

In Cisco IOS XR Release 7.3.2 and later, use:

host cisco-rp0 {
   hardware ethernet e4:c7:22:be:10:ba;
   fixed-address 172.30.12.54;
   if exists user-class and option user-class = "iPXE" {
      filename = "http://172.30.0.22/boot.ipxe";
   } elsif exists user-class and option user-class = "xr-config" {
      filename = "http://172.30.0.22/scripts/cisco-rp0_ztp.sh";
   }
}