Release Notes for Cisco Catalyst 8000V Edge Software, Release 17.18.x
Available Languages
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
- US/Canada 800-553-2447
- Worldwide Support Phone Numbers
- All Tools
Feedback
Feedback
Cisco Catalyst 8000V Edge Software, Release 17.18.1a
Cisco Catalyst 8000V Edge Software, Release 17.18.x
The key highlights of this release include:
● Support for deployments in Oracle Cloud Infrastructure
● Support for N4 and N2 compute instance families in Google cloud Platform (GCP)
● Support for D[s]_v5 compute instance family in Microsoft Azure
● Support for SR-IOV connectivity with Nvidia Mellanox ConnectX-6 NICs for on-premise deployments
● Support for Ubuntu 22.04 LTS
● Hosted Edge Services manages Cisco IOx applications
● Certificate Management unifies device certificates
● MVPN Ingress Replication over SRv6 simplifies multicast
● SRv6 Path MTU Discovery prevents fragmentation
● SRv6 Flex-Algo improves network resilience
This section provides a brief description of the new software features introduced in this release.
New software features in Cisco IOS XE 17.18.2
Table 1. New software features for Cisco 8500 Series Secure Routers, Release 17.18.2
|
Product impact |
Feature |
Description |
|
Security |
Starting with the Cisco IOS XE 17.18.2 release and in future releases, Cisco software will display warning messages when configuring features or protocols that do not provide sufficient security such as those transmitting sensitive data without encryption or using outdated encryption mechanisms. Warnings will also appear when security best practices are not followed, along with suggestions for secure alternatives. This list is subject to change, but the following is a list of features and protocols that are planned to generate warnings in releases beyond the version Cisco IOS XE 17.18.1. Release notes for each release will describe exact changes for that release: ● Plain-text and weak credential storage: Type 0 (plain text), 5 (MD5), or 7 (Vigenère cipher) in configuration files. ● SSHv1 ● SNMPv1 and SNMPv2, or SNMPv3 without authentication and encryption ● MD5 (authentication) and 3DES (encryption) in SNMPv3 ● IP source routing based on IP header options ● TLS 1.0 and TLS 1.1 ● TLS ciphers using SHA1 for digital signatures ● HTTP ● Telnet ● FTP and TFTP ● On-Demand Routing (ODR) ● BootP server ● TCP and UDP small servers (echo, chargen, discard, daytime) ● IP finger ● NTP control messages ● TACACS+ using pre-shared keys and MD5
|
|
|
Software Reliability |
In a high availability set up DHCP servers are deployed in an active/standby deployment model where two Cisco IOS XE DHCP servers synchronize DHCP bindings (IP address records). This synchronization ensures that if the active device fails, the standby device seamlessly assumes the Active role, preserving IP address records and maintaining uninterrupted network service. |
|
|
Ease of Setup |
From Cisco IOS XE 17.18.2, you can configure IPv6 data prefix lists, rule with rule sets, and object groups in security policy using Cisco SD-WAN Manager. |
|
| Upgrade |
IPv6 GRE-TP tunnel as protected link support for SRv6 TI-LFA with IS-IS |
From Cisco IOS XE 17.18.2, this feature extends IPv6 GRE-TP tunnel as protected link support for SRv6 TILFA with ISIS. |
|
| Upgrade |
IPv4 GRE-TP tunnel as protected link support for SR-MPLS TI-LFA with OSPFv2 |
From Cisco IOS XE 17.18.2 this feature extends IPv4 GRE-TP tunnel as protected link support for SR-MPLS TILFA with OSPFv2.
|
|
| Upgrade |
IPv4 GRE-TP tunnel as protected link support for SR-MPLS TI-LFA with IS-IS |
From Cisco IOS XE 17.18.2 this feature extends IPv4 GRE-TP tunnel as protected link support for SR-MPLS TILFA with ISIS. |
|
|
CUBE FEATURES |
||
|
Upgrade |
From Cisco IOS XE 17.18.2 onwards, for a recorder response with INACTIVE SDP attributes, CUBE stops media packets transmission towards that recorder. |
|
|
Security |
Security warnings for usage of legacy TLS and associated weaker ciphers – CUBE and SRST
|
From Cisco IOS XE 17.18.2 onwards, CUBE and SRST display warning messages during handshake for configurations with legacy TLS (v1.0, v 1.1) and associated weaker cipher. |
This section provides a brief description of the new software features introduced in this release.
Table 2. New software features for Cisco Catalyst 8000V Edge Software, Release 17.18.1a
|
Product impact |
Feature |
Description |
|
Support for deployment of Catalyst 8000V in Oracle Cloud Infrastructure |
Oracle Cloud Infrastructure (OCI) is a cloud service that enables you to build and run a range of applications and services in a hosted environment. OCI provides high-performance compute capabilities as physical hardware instances and storage capacity in a flexible overlay virtual network that is securely accessible from your on-premises network. From Cisco IOS XE 17.18.1a release, Cisco Catalyst 8000V is supported for deployments in OCI on VM.Standard.E5.Flex compute instances for Bring Your Own License (BYOL) consumption. |
|
|
Ease of Use |
Support for N4 and N2 compute instance families in Google cloud Platform
|
Cisco Catalyst 8000V supports the N2 compute instance family as well as the N4 compute instance family with gVNIC driver support for Google Cloud Platform (GCP) deployment. |
|
Ease of Use |
Support for D[s]_v5 compute instance family in Microsoft Azure |
Cisco Catalyst 8000V supports the D[s]_v5 compute instance family for Microsoft Azure deployments from Cisco IOS XE 17.18.1a release. |
| Software Reliability |
Support for Nvidia Mellanox ConnectX-6 network interface cards |
From Cisco IOS XE 17.18.1a release, Cisco Catalyst 8000V supports the Nvidia Mellanox ConnectX-6 Network Interface Cards (NICs) with port speeds of up to 40 GbE. Also, the supported VNIC drivers for SR-IOV connectivity is expanded to include CX6VF. |
|
| Ease of Use |
From Cisco IOS XE 17.18.1a release, Cisco Catalyst 8000V supports Ubuntu 22.04 LTS version open-source OS on Linux. |
||
| Software Reliability |
Throughput performance optimizations |
From Cisco IOS XE 17.18.1a release, Cisco Catalyst 8000V delivers higher throughputs for both encrypted and unencrypted traffic. We recommend you benchmark your unique traffic profiles prior to production. The performance improvements will depend on your feature set, packet sizes, and the number of vCPU cores. |
|
| Licensing Process
|
Licensing compliance, reporting, and notification enhancements
|
From Cisco IOS XE 17.18.1a release, you can view additional information in your licensing report such as out of compliance and the reason for out of compliance, the number of licenses that have been assigned in the network, how many devices have been assigned licenses, per-device license details, and so on. In addition, you can now connect to the Enterprise Agreement (EA) portal directly from the Cisco SD-WAN Manager with your Smart Account credentials. This helps you to generate the required quantities of licenses for the selected Commerce SKU of EA and deposit them to your desired CSSM Virtual Accounts (VA). |
|
|
Ease of Use
|
From Cisco IOS XE 17.18.1a release, Cisco Catalyst SD-WAN Manager supports deployment of IOx applications such as Cyber Vision, Thousand Eyes, UTD, and so on. The support to monitor these applications is introduced through Hosted Edge Services monitoring dashboard which offers a simplified user experience for overseeing IOx container applications across multiple devices. The Hosted Edge Services monitoring dashboard is introduced on Cisco Catalyst SD-WAN Manager version 20.18.x. |
|
|
Ease of use
|
Security Cloud Control (SCC) is a cloud-based multi-device manager that facilitates management of security policies to achieve consistent policy implementation. SCC helps optimize your security policies by identifying inconsistencies with them and by giving you tools to fix the inconsistencies. From Cisco IOS XE 17.18.1a release, you can integrate Cisco SD-WAN Manager with SCC, which allows you to import existing NGFW policies, security objects, and security profiles into SCC. With this integration, you can share objects and policies as well as make configuration templates to promote policy consistency across devices. |
|
|
Security
|
From Cisco IOS XE 17.18.1a release, Custom IPS signature sets are supported in Cisco SD-WAN Manager, which allows you to create and deploy personalized Snort3 IPS signature sets. This feature allows direct modification of actions for existing IPS rules within profiles and supports building custom rules using rule groups or existing rules. With Custom IPS signature sets, organizations can gain greater control and precision in tailoring threat detection to their specific security needs. |
|
|
Ease of Use
|
This feature introduces a new certificate authorization setting, Enterprise Certificate Settings, which unifies certificate configurations for SD-Routing devices. Cisco SD-WAN Manager automates certificate management by leveraging protocols like EST (Enrolment over Secure Transport) and SCEP (Simple Certificate Enrolment Protocol). The feature automates the enrolment, and renewal of certificates. |
|
|
Upgrade
|
This feature enables the transport of IPv4 MVPN traffic across an SRv6 network. It simplifies multicast deployment by using the existing SRv6 unicast infrastructure as the underlay. With this feature, the ingress PE router receives multicast traffic and creates a separate unicast SRv6-encapsulated copy for each egress PE router in the multicast group. |
|
|
Upgrade
|
This feature introduces a mechanism to determine the maximum transmission unit (MTU) for packets traversing an SRv6 underlay network. It ensures efficient packet forwarding by preventing fragmentation and packet drops, thereby allowing network devices to dynamically adjust packet sizes to avoid exceeding link MTU limits. The system relays ICMP Packet Too Big (PTB) messages from the SRv6 underlay to the IPv6/IPv4 overlay network, supporting both Transit-node and Headend-node PTB relay methods. |
|
|
Upgrade
|
From Cisco IOS XE 17.18.1a, Flexible Algorithm enhances SRv6 by including functions like Topology Independent Loop-Free Alternate (TI-LFA) and microloop (uLoop) avoidance. This feature improves network resilience and efficiency. |
|
|
Upgrade
|
This feature enables the transport of IPv4 MVPN traffic across an SRv6 network. It simplifies multicast deployment by using the existing SRv6 unicast infrastructure as the underlay. With this feature, the ingress PE router receives multicast traffic and creates a separate unicast SRv6-encapsulated copy for each egress PE router in the multicast group. |
|
|
Licensing Process
|
Product Analytics for routers |
Product Analytics refers to the collection of product telemetry such as product performance and resource usage information directly from IOS-XE-based routing platforms. From Cisco IOS XE 17.18.1a release, Product Analytics is enabled by default when. Use this functionality to gain data insights such as product performance, feature consumption, and the licensing types that suit your requirements best. |
|
CUBE FEATURES |
||
|
Ease of Use |
From Cisco IOS XE 17.18.1a onwards, serviceability is enhanced to display consolidated information on forked and associated anchor call legs. |
|
|
Upgrade |
Third-Party GUID capture for correlation between call transfers and SIP-based recording |
From Cisco IOS XE 17.18.1a onwards, the Third-Party GUID capture for correlation between calls and SIP-based recording is extended to support transmission of globally unique identifiers (GUIDs) to the recording server during call transfers. |
|
Upgrade |
IOS UC apps reports smart licensing flex subscription entitlement tag |
From Cisco IOS XE 17.18.1a onwards, CUBE and SRST smart licensing reports flex subscription entitlement tag on all the supported platforms. |
This table lists the resolved issues in this specific software release.
Note: This software release may contain bug fixes first introduced in other releases. To see additional information, click the bug ID to access the Cisco Bug Search Tool. To search for a documented Cisco product issue, type in the browser: <bug_number> site:cisco.com.
Resolved issues in Cisco IOS XE 17.18.2
Table 3. Resolved issues for Cisco Catalyst 8000V Edge Software, Release 17.18.2
| Description |
|
| On-demand tunnels in SD-WAN do not expire when Universal Mobile Telecommunications System (UMTS) is enabled. |
|
| A NAT64 static entry is removed when a command to delete a non-existent entry is applied. |
|
| The device may boot up with the previous packages configuration file due to a power outage. |
|
| Network-Based Packet Inspection (NWPI) is not capturing self-generated syslog traffic. |
|
| The router may crash when Security Group Tag (SGT) caching is removed from an interface. |
|
| The router sends a 2-byte packet for the FLOW_SAMPLER_RANDOM_INTERVAL field instead of a 4-byte packet. |
|
| After an upgrade, the SD-WAN service tracker in a VRF instance may select the source IP address from the global routing table when Multiprotocol Label Switching (MPLS) Inter-AS Virtual Private Network (VPN) option B is configured. |
|
| Integrated Services Router (ISR) exporters with Encrypted Traffic Analytics (ETA) enabled generate invalid template data errors in Secure Network Analytics (SNA). |
|
| The Enhanced Policy-Based Routing (EPBR) set interface action is missing after a reboot. |
Resolved issues in Cisco IOS XE 17.18.1a
Table 4. Resolved issues for Cisco Catalyst 8000V Edge Software, Release 17.18.1a
| Bug ID |
Description |
| Devices lose all BFD sessions while control connections remain up |
|
| Unable to come up with control connections with controllers after controllers added and down/up |
|
| All BFD sessions for dialer interfaces are down. SA ID is 0 for all of them |
|
| Memory leak under vdaemon process with DTLS on SNMP polling |
|
| Device reloads after VPN configuration changes |
|
| CXP with data policy redirect-DNS via overlay causes blackhole |
|
| BFD sessions via TLOC-ext do not come up when IPv6 is dynamically changed |
|
| VFR is not dynamically disabled after ZBFW removal |
|
| Maximum control connection is not equal to maximum OMP sessions |
|
| FTMD zero pointer dereference is seen leading to crash |
|
| SGW offline with SSH error Unable to open socket while establishing netconf session |
This table lists the open issues in this specific software release.
Note: This software release may contain open bugs first identified in other releases. To see additional information, click the bug ID to access the Cisco Bug Search Tool. To search for a documented Cisco product issue, type in the browser: <bug_number> site:cisco.com.
Open issues in Cisco IOS XE 17.18.2
Table 5. Open issues for Cisco Catalyst 8000V Edge Software, Release 17.18.2
| Bug ID |
Description |
| The router ignores the keepalive command under the Secure Internet Gateway (SIG) tunnel interface when pushed by the management platform. |
|
| Incorrect NAT occurs from the service Virtual Routing and Forwarding (VRF) to the global table for self-generated Internet Control Message Protocol (ICMP) Time Exceeded (Type 11) packets |
|
| The forwarding manager process crashes after Flexible NetFlow (FNF) configuration changes. |
|
| The router is unable to onboard SD-Routing devices using a generic bootstrap file stored on a USB drive. |
|
| Periodic service restarts on the edge device may generate crash files |
|
| Configuration is out of sync when a CLI template is attached, due to a missing authentication element in the configuration). |
|
| During extended testing, a core dump related to the QFP microcode was observed, indicating an issue within a thread responsible for managing memory ring operations. |
|
| Unexpected behavior occurs with Secure Internet Gateway (SIG) tunnels configured from the management platform to the Umbrella service. |
|
| Template push or CLI configuration updates may fail due to duplicate VTY or asynchronous lines in the configuration. |
|
| TLOC extension cannot be programmed due to module boot-up timing issues. |
|
| Only Transport Layer Security (TLS) 1.2 cipher suites are supported for control connections. |
|
| The router fails when configuring SSL VPN with PBR and NAT. |
|
| There is an issue where the NAT router does not respond to Address Resolution Protocol (ARP) requests. |
|
| The router fails due to high CPU usage when memory pressure exceeds the threshold. |
|
| Slow performance is observed on Network Configuration Protocol (Netconf) Remote Procedure Call (RPC) with stateless static NAT translation. |
|
| The router experiences a critical process fault in the Operations, Management, and Policy Daemon (OMPD) on the route processor. |
|
| The authentication process daemon (dmiauthd) crashes, causing the configuration to become unsynchronized between the startup and running configuration files. |
|
| A traceback is seen when detaching customer configurations for a railway client. |
|
| The control connection to the management platform is only attempted over the highest priority Transport Locator (TLOC). |
|
| A CLI option is needed to change the query interval for per-Multiprotocol Label Switching (MPLS) label Cisco Express Forwarding (CEF) statistics on the forwarding manager |
|
| The Forwarding Information Base (FIB) table routes have a corrupted Next Hop (NH) ID 0, which is assigned to a value other than blackhole |
|
| The router fails during Time-Division Multiplexing (TDM) calls when debug Voice over IP (VoIP) Forwarding Path Interface (FPI) is enabled |
|
| Port forwarding issues occur on the router when using multiple Internet Service Providers |
|
| Multicast traffic is not forwarded over point-to-point Dynamic Multipoint VPN (DMVPN) phase 1 tunnel. |
|
| BFD sessions flap and do not recover because the symmetric NAT (SYMNAT) port is not updating to the data plane. |
|
| The Gigabit Ethernet interface does not consistently obtain an IP address from Dynamic Host Configuration Protocol (DHCP) |
|
| The router experiences an unexpected reload due to the forwarding and traffic management daemon. |
|
| The router unexpectedly reboots due to NAT in the data plane after a policy is pushed. |
|
| Stopping the virtual router in a cloud environment results in a device reload, followed by a shutdown after 10 minutes |
|
| Interface counters do not increment when using the 'show interfaces' command on the virtual router |
|
| Flapping NAT causes BFD session loss, and the IPSec session is shown as down. |
|
| Path Maximum Transmission Unit Discovery (PMTUD) for BFD over SD-WAN converges unexpectedly to 970 bytes after a diagnostic event. |
|
| The virtual router fails in the cryptography library |
Open issues in Cisco IOS XE 17.18.1a
Table 6. Open issues for Cisco Catalyst 8000V Edge Software, Release 17.18.1a
| Bug ID |
Description |
| Router unexpectedly reloads due to memory corruption on a notification queue in FTMd |
|
| BFD session down due to unencrypted outbound BFD packets despite active IPsec SA |
|
| Device may boot up into prev_packages.conf due to power outage |
|
| Keyman core files on device |
|
| EPFR-High latency times are observed on the hub device |
|
| Memory leak under cfgmgr process on SNMP polling |
|
| Device does not install service-side static route to CEF after upgrade |
|
| Unexpected reboot occurs due to Process FTMD |
|
| TLOC disabled after link is down; no automatic tunnel recovery after link restores and TLOC state is Up |
● Cisco Catalyst 8000V Edge Software Product Page
● Cisco Catalyst 8000V Edge Software Data Sheet
● Cisco Catalyst 8000V Edge Software Installation And Configuration Guide
● Cisco Catalyst 8000V Edge Software High Availability Configuration Guide
● Troubleshooting Guide for Cisco Catalyst 8000V Edge Software
● Configure Licenses and Throughput for Cisco Catalyst 8000V Edge Software
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2025 Cisco Systems, Inc. All rights reserved.