The following are the new software features that are supported on the Cisco CSR 1000v for Cisco IOS XE Gibraltar 16.11.1a release:

• Support for High Availability Version 3 - High Availability refers to the ability to establish redundancy of networking functionality and configuration data between two peer routers. Enable High Availability for your CSR 1000v routers running on cloud deployments for seamless services, by setting up failure detection and failover mechanism. High Availability Version 3 supports a number of new features including simplified deployment by predominantly using Guestshell.

• Factory Reset - Factory reset is a process of clearing the current running and start up configuration information on a router, and resetting the router to an earlier, fully functional state. The 16.11.1a release supports the factory reset process in CSR 1000v routers.

• Deploy GCP by using a solution template - You can now deploy a CSR 1000v solution template and the associated resources in the service provider’s cloud.

• Accelerated Networking enhancements - Accelerated Networking is a functionality that enables single root I/O virtualization on a Cisco CSR 1000v router running on Microsoft Azure. The 16.11.1a release supports enhanced Mellanox support from the Azure infrastructure.

• Port-Security Forbidden MAC - This feature addresses port security for EVCs by providing the capability to control and filter MAC-address learning behavior at the granularity of a per-Ethernet Flow Point (EFP). When a security violation requires a shutdown, only the customer assigned to a given EFP is affected rather than all the customers using the port.

• EST CA Certs on Reykey - This feature enables client devices to obtain CA certificate automatically as part of rekey. The CA certificate certifies a new public key for a device.

• Enhancements to Secure Password Migration - Support has been added for auto-conversion of weak password types 0 to 7 to encrypted password type 6. Configure AES password encryption feature and master encryption key to auto-convert password types 0 and 7 to password type 6.

• Intelligent load balancing - The PfRv3 Intelligent Load Balance feature detects the remote bandwidth overrun at the earliest possible. It helps to reduce the packet drop caused by per tunnel QoS and increases the bandwidth utilization.

• Support for IPFIX keyword - IP Flow Information Export (IPFIX) protocol is another way for transmitting Traffic Flow information over the network. The ipfix keyword is now supported in the ip flow-export destination command.

• Support for adding source interface for ETA netflow records - The source interface <interface name> keyword is now added to the existing ip flow-export destination command.

• ZBFW HSL Using Source Interface Capability - Zone-based Firewall supports export of logged data record to an external collector using NetFlow Version 9, where the collector parses and interprets the data record based on the template. Zone-based firewall uses the High Speed Logging (HSL) capability to generate NetFlow data through the log flow-export v9 udp destination command under the parameter-map type inspect-global configuration.

• Security Readiness Criteria (SRC) Closure - CUBE - Security Readiness Criteria (SRC) closure for Cisco Unified Border Element or SRC is a program to meet a set of security criteria before releasing the product offering to the customers. SRC helps to prioritize security requirements that are necessary to reduce the associated risk.

• CUBE Smart Licensing - Cisco Unified Border Element Smart Licensing—Cisco Smart Software Licensing provides a simple cloud-based solution for managing and tracking the use of your licenses and entitlements across your business. License requirements for the use of CUBE trunk sessions are reported to Cisco Smart Licensing.

  For a more detailed overview on Cisco Licensing, go to https://cisco.com/go/licensingguide.

• Support certificate CN/SAN validation - Server Identity Validation on Cisco Unified Border Element—Cisco Unified Border Element supports server identity validation through Common Name (CN) and Subject Alternate Name (SAN) fields in the server certificate during client-side SIP/TLS connections. Validation of CN and SAN fields of the server certificate ensures that the server-side domain is a valid entity.

• Specific License Reservation - Specific License Reservation (SLR) is a functionality that enables you to deploy a Smart License on a device without directly connecting it to the Cisco Cloud. SLR is supported for the CSR 1000v routers from this release.

• Interface overruns troubleshooting enhancements - The output of the show interface accounting command has now been modified.

• Kill Telemetry Subscription: The ability to delete a dynamic model driven telemetry dynamic subscription using either the clear telemetry ietf subscription Cisco IOS command, or the <kill-subscription> RPC.

• NETCONF and RESTCONF Service Level Access Control Lists: This programmability feature enables you to configure an IPv4 or IPv6 access control list (ACL) for NETCONF and RESTCONF sessions. If you do not conform to the configured ACL, you are not allowed to access the NETCONF or RESTCONF subsystems. When the service-level ACLs are configured, NETCONF and RESTCONF connection requests are filtered based on the source IP address.

• YANG Data Models: For the list of Cisco IOS XE YANG models available with this release, go to https://github.com/YangModels/yang/tree/master/vendor/cisco/xe/16111. Revision statements embedded in the YANG files indicate if there has been a model revision. The README.md file in the same GitHub location highlights the changes that have been made in the release.

• Web User Interface - Supports an embedded GUI-based device-management tool that provides the ability to provision the router, simplifies device deployment and manageability, and enhances user experience. The following features are supported on the Web User Interface from Cisco IOS XE Gibraltar 16.11.1a:

  Nat Statistics

  IPv6 Support for AAA

  For information on how to access the Web User Interface, see the Configure the Router for Web User Interface section.