Cisco Tetration Release Notes
Release 3.5.1.2
This release has been deprecated and is no longer available.
For information, see https://www.cisco.com/c/en/us/td/docs/security/workload_security/tetration-analytics/sw/advisory/Software-Advisory-Notice-CSCvx74789.html.
This document describes the features, compatibility, scalability, usage guidelines, caveats, bug fixes and any behavior changes for the Cisco Tetration software patch release 3.5.1.2. This patch is associated with the Tetration software major release 3.5.1.1. Details of the major release can be found here: https://www.cisco.com/c/en/us/td/docs/security/workload_security/tetration-analytics/sw/release-notes/cta_rn_3_5_1_1.html.
Release Notes are sometimes updated with new information about restrictions and caveats. See the following website for the most recent version of this document:
https://www.cisco.com/c/en/us/support/security/tetration/products-release-notes-list.html
The following table shows the online change history for this document.
Table 1 Document Change History
Date |
Description |
March 16, 2021 |
Release 3.5.1.2 became available. |
March 22, 2021 |
Corrected Windows Server 2008 versions supported for software agent. Corrected operating systems supported for visibility and universal visibility. |
April 8, 2021 |
This release has been deprecated and is no longer available. |
Contents
This document includes the following sections:
■ Caveats
New and Changed Information
This section lists the new and changed features in this release and includes the following topics:
■ No new software features in this patch release
■ No new enhancements in this patch release
■ No changes in platform behavior
Caveats
This section contains lists of open and resolved caveats, as well as known behaviors.
The following table lists the open caveats in this release. Click a bug ID to access Cisco’s Bug Search Tool to see additional information about that bug.
Description |
|
Kubernetes daemonset agent uninstall requires jq utility |
|
(Static Enforcement) Pausing enforcement policy update is not supported in the federation setup in the current release. |
|
Kubernetes traffic from the host network to cluster ip services escapes Tetration policies. |
The following table lists the resolved caveats in this release. Click a bug ID to access Cisco’s Bug Search Tool to see additional information about that bug.
Table 3 Resolved Caveats
Bug ID |
Description |
Upgrading Tetration to 3.5.1.1 may cause IFE annotation pipeline to crash/restart due to OOM |
■ See Cisco Tetration software major release 3.5.1.1 release notes: https://www.cisco.com/c/en/us/td/docs/security/workload_security/tetration-analytics/sw/release-notes/cta_rn_3_5_1_1.html.
■ This software patch release does not include any new agent updates, so the software agent version remains at 3.5.1.1
Compatibility Information
The software agents in the 3.5.1.2 release support the following operating systems (virtual machines and bare-metal servers) for micro segmentation (deep visibility and enforcement):
■ Linux:
● Amazon Linux 2
● CentOS-6.x: 6.1 to 6.10
● CentOS-7.x: 7.0 to 7.9
● CentOS-8.x: 8.0 to 8.3
● Red Hat Enterprise Linux-6.x: 6.1 to 6.10
● Red Hat Enterprise Linux-7.x: 7.0 to 7.9
● Red Hat Enterprise Linux-8.x: 8.0 to 8.3
● Oracle Linux Server-6.x: 6.1 to 6.10
● Oracle Linux Server-7x: 7.0 to 7.9
● Oracle Linux Server-8.x: 8.0 to 8.3
● SUSE Linux-11.x: 11.2, 11.3, and 11.4
● SUSE Linux-12.x: 12.0, 12.1, 12.2,12.3, 12.4
● SUSE Linux-15.x: 15.0, 15.1
● Ubuntu-14.04
● Ubuntu-16.04
● Ubuntu-18.04
● Ubuntu-20.04
■ Windows Server (64-bit):
● Windows Server 2008R2 Datacenter
● Windows Server 2008R2 Enterprise
● Windows Server 2008R2 Essentials
● Windows Server 2008R2 Standard
● Windows Server 2012 Datacenter
● Windows Server 2012 Enterprise
● Windows Server 2012 Essentials
● Windows Server 2012 Standard
● Windows Server 2012R2 Datacenter
● Windows Server 2012R2 Enterprise
● Windows Server 2012R2 Essentials
● Windows Server 2012R2 Standard
● Windows Server 2016 Standard
● Windows Server 2016 Essentials
● Windows Server 2016 Datacenter
● Windows Server 2019 Standard
● Windows Server 2019 Essentials
● Windows Server 2019 Datacenter
■ Windows VDI desktop Client:
● Microsoft Windows 8
● Microsoft Windows 8 Pro
● Microsoft Windows 8 Enterprise
● Microsoft Windows 8.1
● Microsoft Windows 8.1 Pro
● Microsoft Windows 8.1 Enterprise
● Microsoft Windows 10
● Microsoft Windows 10 Pro
● Microsoft Windows 10 Enterprise
● Microsoft Windows 10 Enterprise 2016 LTSB
■ IBM AIX operating system:
● AIX version 7.1
● AIX version 7.2
■ Container host OS version for policy enforcement:
● Red Hat Enterprise Linux Release 7.1, 7.2, 7.3, 7.4, 7.7
● CentOS Release 7.1, 7.2, 7.3, 7.4, 7.7
● Ubuntu-16.04
The 3.5.1.2 release supports the following operating systems for visibility use cases only:
■ Windows VDI desktop Client:
● Microsoft Windows 7
● Microsoft Windows 7 Pro
● Microsoft Windows 7 Enterprise
The 3.5.1.2 release supports the following operating systems for the universal visibility agent:
■ Red Hat Enterprise Linux 4.0 (32-bit and 64-bit)
■ CentOS 4.0 (32-bit and 64-bit)
■ Red Hat Enterprise Linux 5.0 (32-bit and 64-bit)
■ CentOS 5.0 (32-bit and 64-bit)
■ Windows Server (32-bit and 64-bit)
■ Solaris 11 on x86 (64-bit)
■ AIX 5.3 (PPC)
The 3.5.1.2 release no longer supports the following operating systems for any software agent:
■ Red Hat Enterprise Linux Release 5.x
■ CentOS Release 5.x
The 3.5.1.2 release supports the following Cisco Nexus 9000 series switches in NX-OS and Cisco Application Centric Infrastructure (ACI) mode:
Table 4 Supported Cisco Nexus 9000 Series Switches in NX-OS and ACI Mode
Product line |
Platform |
Minimum Software release |
Cisco Nexus 9300 platform switches (NX-OS mode) |
Cisco Nexus 93180YC-EX, 93108TC-EX, and 93180LC-EX |
Cisco NX-OS Release 9.2.1 and later |
Cisco Nexus 93180YC-FX, 93108TC-FX, and 9348GC-FXP |
Cisco NX-OS Release 9.2.1 and later |
|
Cisco Nexus 9336C-FX2 |
Cisco NX-OS Release 9.2.1 and later |
|
Cisco Nexus 9300 platform switches (ACI mode) |
Cisco Nexus 93180YC-EX, 93108TC-EX, and 93180LC-EX |
Cisco ACI Release 3.1(1i) and later |
Cisco Nexus 93180YC-FX, 93108TC-FX |
Cisco ACI Release 3.1(1i) and later |
|
Cisco Nexus 9348GC-FXP |
Cisco ACI Release 3.1(1i) and later |
|
Cisco Nexus 9336C-FX2 |
Cisco ACI Release 3.2 and later |
|
Cisco Nexus 9500 series switches with N9K-X9736C-FX linecards only |
Cisco ACI Release 3.1(1i) and later |
Usage Guidelines
See the Cisco Tetration software major release 3.5.1.1 release notes: https://www.cisco.com/c/en/us/td/docs/security/workload_security/tetration-analytics/sw/release-notes/cta_rn_3_5_1_1.html.
The following tables provide the scalability limits for Cisco Tetration (39-RU), Cisco Tetration-M (8-RU), and Cisco Tetration Cloud:
Table 5 Scalability Limits for Cisco Tetration (39-RU)
Configurable Option |
Scale |
Number of workloads |
Up to 25,000 (VM or Baremetal) |
Flow features per second |
Up to 2 Million |
Number of hardware agent enabled Cisco Nexus 9000 series switches |
Up to 100 |
Note: Supported scale will always be based on which ever parameter reaches the limit first
Table 6 Scalability Limits for Cisco Tetration-M (8-RU)
Configurable Option |
Scale |
Number of workloads |
Up to 5,000 (VM or Baremetal) |
Flow features per second |
Up to 500,000 |
Number of hardware agent enabled Cisco Nexus 9000 series switches |
Up to 100 |
Note: Supported scale will always be based on which ever parameter reaches the limit first
Table 7 Scalability Limits for Cisco Tetration Virtual (VMWare ESXi)
Configurable Option |
Scale |
Number of workloads |
Up to 1,000 (VM or bare-metal) |
Flow features per second |
Up to 70,000 |
Number of hardware agent enabled Cisco Nexus 9000 series switches |
Not supported |
Note: Supported scale will always be based on which ever parameter reaches the limit first.
Related Documentation
The Cisco Tetration Analytics documentation can be accessed from the following websites:
Tetration Analytics Platform Datasheet: http://www.cisco.com/c/en/us/products/collateral/data-center-analytics/tetration-analytics/datasheet-c78-737256.html
General Documentation: http://www.cisco.com/c/en/us/support/data-center-analytics/tetration-analytics/tsd-products-support-series-home.html
The documentation includes installation information and release notes.
Table 8 Installation Documentation
Document |
Description |
Cisco Tetration Analytics Cluster |
Describes the physical configuration, site preparation, and cabling of a single- and dual-rack installation for Cisco Tetration (39-RU) platform and Cisco Tetration-M (8-RU). |
Cisco Tetration Virtual Deployment Guide |
Describes the deployment of Tetration virtual appliance. |
NOTE: As a best practice, it’s always recommended to patch cluster to latest available patch version before performing major version upgrade. |
|
Latest Threat Data Sources |
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2021 Cisco Systems, Inc. All rights reserved.