Cisco Virtual Application Cloud Segmentation Services 5.4STV3.0 Release Notes

Release Notes for Cisco Virtual Application Cloud Segmentation Services, Release 5.4STV3.0

---

First Published: 2016-05-06

Last Updated: 2016-07-14

This document describes the features, limitations, and bugs for the Cisco Virtual Application Cloud Segmentation (VACS) Services software solution. Use this document in combination with the documents listed in Related Documentation and Cisco VACS Documentation Matrix.

This document includes the following sections:

• Overview
• New Features and Enhancements in Release 5.4STV3.0
• Software Compatibility
• Limitations and Restrictions
• Using the Bug Search Tool
• Bugs
• Related Documentation
• Cisco VACS Documentation Matrix
• Documentation Feedback
• Obtaining Documentation and Submitting a Service Request

Overview

Cisco Virtual Application Cloud Segmentation (VACS) Services is a software solution that automates the coordinated licensing, installation, and deployment of multiple virtual services in your data center to enable an easy and efficient setup of virtualized applications. Cisco VACS provides a fully customizable, extended application container abstraction to simplify deploying and provisioning virtual services.

Cisco VACS lets you define extended application container templates and instantiate them through automated setup and provisioning of the underlying virtual components. Cisco UCS Director provides the management interface to deploy, provision, and monitor the Cisco VACS solution.

Cisco VACS leverages the features in the following virtual components to build a secure multi-tenant cloud and create application container templates:

• Cisco Nexus 1000V
• Cisco Prime Network Services Controller (PNSC)
• Cisco Cloud Services Router (CSR) 1000V
• Cisco Adaptive Security Virtual Appliance (ASAv)
• Cisco Virtual Security Gateway (VSG)
• Server Load Balancer (SLB)

Cisco VACS provides you with a choice of ready-to-use application container templates that define the rules for deploying a collection of virtual machines (VMs) within a private network secured by a firewall. An application container is a set of virtual services such as virtual switches, routers, firewalls, and other network devices configured in a consistent manner to deploy different workloads. When you create and instantiate an application container template, Cisco VACS deploys VMs, and configures networks, the firewall, and virtual switches, and enables network and security provisioning at the virtual layer.

Key features and benefits of Cisco VACS include:

• Single workflow automation to logically isolate virtual application workloads at the virtual layer.
• VMware vSphere support for interoperability across private cloud environments.
• Consistent provisioning and orchestration experience across physical and virtual assets through Cisco UCS Director.

New Features and Enhancements in Release 5.4STV3.0

This release of Cisco VACS contains the following new features and enhancements:

Software Compatibility

The following table lists the compatibility information for Cisco VACS, Cisco UCS Director, and the relevant Cisco VACS components.

Limitations and Restrictions

This section describes the limitations and restrictions of Cisco VACS.

General Cisco VACS Limitations

• Cisco VACS supports the following:

– ESX versions 5.0 and later

– vCenter versions 5.1 and later

• Only one Cisco PNSC can be deployed per vCenter, but there is no limit to the number of vCenters that can be managed as the virtual account and the number of Cisco Nexus 1000V deployed per vCenter.
• All VXLAN VTEPs added per host using the add host operation should be configured to be in the same subnet.
• During the add host operation, do not migrate the VSM VMs to VEM.
• If you upgrade to UCS Director patches after upgrading to Cisco VACS, you must reapply the Cisco VACS patch.
• Cisco VACS does not support multi-node UCS Director deployments.
• UCS Director supports only hosts or clusters under DC. It does not support any folder structures under DC.
• The add host operation could fail when you add a host that has a previous version of the Cisco Nexus 1000V VIB.

License Limitations

• Each Cisco Nexus 1000V is licensed with 1024 licenses.
• Cisco VACS does not support ELA UCS Director licenses.
• When upgrading from Cisco VACS evaluation to Cisco VACS production licenses, note the following:

– After installing the UCS Director production licenses, the Cisco VACS evaluation licenses are invalid. You must use a Cisco VACS production license.

– After installing the Cisco VACS production licenses, the existing Cisco Nexus 1000V that was installed with the evaluation license does not get a permanent Cisco Nexus 1000V license. You must deploy a new Cisco Nexus 1000V so that it gets a permanent license.

– A Cisco CSR 1000V or Cisco ASAv deployed during the Cisco VACS evaluation license (or with no Cisco ASAv licenses)comes up with default licenses and a maximum throughput of 100 Kbps.

– After installing the Cisco VACS production licenses, the existing Cisco CSR 1000V or Cisco ASAv of deployed containers is not automatically licensed with permanent licenses. If required, you must manually apply the permanent licenses for the Cisco CSR 1000V or Cisco ASAv.

Configuration Limitations

• IP pool limitations:

– The IP pools used for management and uplink pools should have mandatory VLAN and Gateway fields.

– The IP pools used for the port group-based VM networks in custom containers should not have the Gateway field.

– The broadcast and network IP addresses should not be used as the IP addresses in the pool.

– The IP subnet for the management and uplink networks must be different in a new Cisco VACS template, irrespective of the type of the edge gateway selected. For all existing templates, the same IP pool is supported for both these networks as long as the template is not edited.

• IP subnet pool limitations:

– The subnet cannot contain fewer than 4 IP addresses, or more than 1024 IP addresses.

• IP address limitations when an IP needs to be entered for install actions, IP pools, and ERSPAN:

– Do not use broadcast and network, Experimental/Use in research IP addresses.

• Cisco VACS does not configure the upstream switches and routers in the physical infrastructure. Cisco VACS only configures the virtual infrastructure for Cisco PNSC, Cisco Nexus 1000V, Cisco CSR 1000V and Cisco ASAv.
• You must configure the upstream devices such that the path MTU between the VEMs has an MTU of greater than or equal to 1600.

Container Limitations

• You are not allowed to execute the post container operations in parallel. You must wait for the current task to be completed before you proceed with the next task.
• Parallel container operations on multiple Cisco Nexus 1000V DVS might cause failures. Hence, you must execute the container deployment sequentially when there are multiple N1kv DVS present.
• Do not cancel the service request of any of the post container operations, such as add VM, delete VM, configure SNAT, configure ERSPAN, power on and power off a container.
• You cannot resubmit failed service requests of container add-on operations.
• Rollback of container add-on operations is not supported. To undo, you must use the UI for the add-on operation.
• Currently, all service options that are a part of PNSC are not available in UCS Director. The only available service options are http and https. To access the other service options, you must enter the appropriate standard port number by ignoring the type selection.
• During container deployment, the storage policy occasionally selects storage that does not belong to a shortlisted host from the compute policy.
• For cluster mode compute policy deployments, all hosts under the cluster must be a part of Cisco Nexus 1000V and must have the same common storage.
• If the network adapter type is VMXNET3, the container deployment fails intermittently on VMware ESXi 5.1.0 build-1483097 (ESXi 5.1.0 Update 2).
• When multiple application containers with SLB/CSR VMs are deployed, deployment fails for some of these application containers. You must resubmit the failed application containers after the other application containers are deployed successfully.
• Parallel deployment of application containers is serialized at the SLB task, which delays container deployment.
• Container deployment might take longer than expected if the containers are deployed in parallel and have SLB VMs.

SLB Limitations

• When workload VMs are added or deleted from the SLB zone, traffic impact for 2 to 3 seconds. This delay occurs because HA proxy must restart for the changes to take effect.

Secure Reports and VM Options Limitations

• The Accounting tab in the Self-Service Portal displays the service VM details, even when the secure container details option is enabled.
• The container icon (under the Options tab) available in the Self-Service Portal displays the total number of VMs (including service VMs), even though the secure container details option is enabled.

Note These limitations can mislead the end user about VM details that are displayed.

• Administrator-made changes in the Options menu do not reflect in the Self-Service Portal until the Refresh action is performed (Virtual Resources > Application Containers > Container Icon > Refresh).

Scale Limitations

Cisco VACS has the following scale limitations:

• Number of containers: 128
• Number of VMs per container: 60*(20 VMs in each zone of a 3-tier container)
• Number of containers per host: 15*
• Number of containers that can be deployed in parallel: 5*

*-These scale limits are the soft limits. The number of containers can vary, and it mainly depends on the below parameters:

• If VSG is present in the container or not (as one Cisco PNSC instance can support 128 VSGs)
• The Size of the containers (Small/Medium/Large)
• The vCPU/memory capacity of the individual hosts
• The type of Service VMs that are included in the container
• The Workload VM reservations in terms of vCPU/memory
• The defined VLAN/VXLAN/IP pool limits
• The Compute and storage policies

Using the Bug Search Tool

Use the Bug Search Tool to search for a specific bug or to search for all bugs in a release. This web-based tool provides you with access to the Cisco bug tracking system, which maintains information about bugs and vulnerabilities in this product and other Cisco hardware and software products.

For more information about the Bug Search Tool, see the Bug Search Tool Help & FAQ.

Step 1 Go to https://tools.cisco.com/bugsearch/.

Step 2 In the Log In screen, enter your registered Cisco.com username and password, and then click Log In. The Bug Search page opens.

Note You must have a Cisco.com account to log in and access the Cisco Bug Search Tool. If you do not have one, you can register for it at http://tools.cisco.com/RPF/register/register.do.

Step 3 To search for a specific bug, enter the bug ID in the Search For field and press Return.

Step 4 To search for bugs in the current release:

a. In the Search For field, enter Cisco Virtual Application Cloud Segmentation (VACS) Services and press Enter. (Leave the other fields empty.)

b. When the search results are displayed, use the filter tools to find the types of bugs you are looking for. You can search for bugs by status, severity, modified date, and so forth.

Tip To export the results to a spreadsheet, click the Export Results to Excel link.

Bugs

The following are descriptions of the open and resolved bugs in Cisco VACS Release 5.4STV3.0. The bug ID links you to the Cisco Bug Search Tool.

Related Documentation

The documentation for Cisco VACS is available at the following URL:

Cisco Virtual Application Cloud Segmentation Services Documentation

Cisco VACS Documentation Matrix

Not all Cisco VACS guides are updated for each release. The following table lists the guides that correspond to each Cisco VACS release.

Documentation Feedback

To provide technical feedback on this document or report an error or omission, please send your comments to:

• nexus1k-docfeedback@cisco.com

We appreciate your feedback.

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What’s New in Cisco Product Documentation.

To receive new and revised Cisco technical content directly to your desktop, you can subscribe to the  What’s New in Cisco Product Documentation RSS feed. The RSS feeds are a free service.