Skip to content
Skip to search
Skip to footer

Cisco Application Centric Infrastructure Fundamentals, Release 3.x and Earlier

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Book Contents

Find Matches in This Book

Results

Updated:: August 1, 2014

Chapter: New and Changed Information

New and Changed Information
New and Changed Information

New and Changed Information

This chapter contains the following sections:

New and Changed Information

The following table provides an overview of the significant changes to this guide for this current release. The table does not provide an exhaustive list of all changes made to the guide or of the new features in this release.

Table 1. New Features and Changed Information for Cisco APIC Release 3.2(1x)
Feature	Description	Where Documented
Contract and subject exceptions	Contracts between EPGs are enhanced to include exceptions to subjects or contracts. This enables a subset of EPGs to be excluded in contract filtering. For example, a provider EPG can communicate with all consumer EPGs except those that match criteria configured in a Subject Exception in the contract governing their communication.	ACI Policy Model
Optimize contract storage in hardware	Bidirectional standard contracts support more efficient hardware TCAM usage for contract data. The feature is supported on Nexus 9000 Series TOR switches with names ending with EX and FX, and later (for example, N9K-C93180LC-EX or N9K-C93180YC-FX). With optimization enabled, contract statistics for both directions are aggregated.	ACI Policy Model
Anycast Services	Anycast services are supported in the Cisco ACI fabric. A typical use case is to support ASA firewalls in the pods of a multipod fabric, but Anycast could be used to enable other services, such as DNS servers or printing services.	Networking and Management Connectivity
Enhanced Breakout Support on Profiled QSFP Ports on N9K-C93180YC-FX Switches	Support is added for 100 Gigabit (Gb) (4X25Gb) and 40Gb (4X10Gb) dynamic breakouts on profiled QSFP ports on the N9K-C93180YC-FX switch (in ACI mode).	Fabric Provisioning
Enhanced Port Profile Support on N9K-C93180YC-FX Switches	Support is added on the N9K-C93180YC-FX switch for port profiles to change ports from uplink to downlink or downlink to uplink.	Fabric Provisioning
Rogue Endpoint Control Policy	Support is added for global Rogue Endpoint Control to detect and delete unauthorized endpoints.	Forwarding Within the ACI Fabric
Remote Leaf Switch enhancements	New features and options are supported.	Networking and Management Connectivity
Flood in encapsulation enhancements	Information is added about protocols supporting the Flood in Encapsulationoption for bridge domains or EPGs.	ACI Policy Model

Table 2. New and Changed Behavior in Cisco ACI, Release 3.1(2m)
Feature	Description	Where Documented
QoS for L3Outs	In this release, QoS policy enforcement on L3Out ingress traffic is enhanced.	Cisco ACI QoS
Maximum MTU Increased	To enable setting the MTU used in communicating with the external network to 9216, the maximum MTU has been increased from 9000 to 9216 bytes.	Networking and Management Connectivity

Table 3. New and Changed Behavior in Cisco ACI, Release 3.1(1i)
Feature	Description	Where Documented
Configuring Port Profiles	Conversion from uplink port to downlink port and vice versa is now supported on Cisco ACI leaf switches.	Fabric Provisioning
Configuring Fast Link Failover Policy	Fast Link Failover policy is applicable to uplinks on Cisco N9K-C93180YC-EX and N9K-C93180YC-FX platforms only. It efficiently load balances the traffic based on the uplink MAC status. This functionality reduces the data traffic convergence to less than 10 Milliseconds.	Fabric Provisioning
Remote Leaf Switches	With an ACI fabric deployed, you can extend ACI services and APIC management to remote datacenters with Cisco ACI leaf switches that have no local spine switch or APIC attached.	Remote Leaf Switches in Network and Management Connectivity

Table 4. New and Changed Behavior in Cisco ACI, Release 3.0(1k)
Feature	Description	Where Documented
Q-in-Q Encapsulation Mapping for EPGs	Using Cisco APIC, you can map double-tagged VLAN traffic ingressing on a regular interface, PC, or VPC to an EPG. When this feature is enabled, when double-tagged traffic enters the network for an EPG, both tags are processed individually in the fabric and restored to double-tags when egressing the ACI switch. Ingressing single-tagged and untagged traffic is dropped.	Fabric Provisioning
Graceful Insertion and Removal (GIR) Mode	The Graceful Insertion and Removal (GIR) mode or maintenance mode allows you to isolate a switch from the network with minimum service disruption.	Fabric Provisioning
Local User Authentication using OTP	OTP is a one-time password that is valid for only one session. Once OTP is enabled, APIC generates a random human readable 16 binary octets that are base32 OTP Key.	User Access, Authentication, and Accounting
Password Strength	Allows configuration of user password parameters for security management.	User Access, Authentication, and Accounting

Table 5. New and Changed Behavior in Cisco ACI, Release 2.3(1e)
Feature	Description	Where Documented
Cisco APIC Quota Management	Creates, deletes, and updates a quota management configuration which enables the admin to limit what managed objects that can be added under a given tenant or globally across tenants.	About APIC Quota Management Configuration For more information, see the Cisco APIC Quota Management Configuration knowledge base article.
Contract Inheritance	To streamline associating contracts to new EPGs, you can now enable an EPG to inherit all the (provided/consumed) contracts associated directly to another EPG in the same tenant. Contract inheritance can be configured for application, microsegmented, L2Out, and L3Out EPGs. Any changes you make to the EPG contract master’s contracts, are received by the inheriting EPG.	ACI Policy Model
802.1Q Tunnel Enhancements	Now you can configure ports on core-switches for use in Dot1q Tunnels for multiple customers. You can also define access VLANs to distinguish between customers consuming the corePorts. You can also disable MAC learning on Dot1q Tunnels.	Fabric Provisioning

Table 6. New Features and Changed Behavior in Cisco ACI, Release 2.2(2e)
Feature or Change	Description	Where Documented
Name Change	Name of "Layer 3 EVPN Services for Fabric WAN" changed to "Cisco ACI GOLF."	Cisco ACI GOLF and Multipod in Networking and Management Connectivity
Layer 3 Out to Layer 3 Out Inter-VRF Leaking	With this release, shared Layer 3 Outs in different VRFs can communicate with each other using a contract.	Networking and Management Connectivity

Table 7. New Features and Changed Behavior in Cisco APIC 2.2(1n) Release
Feature	Description	Where Documented
Cisco ACI App Center	The Cisco ACI App Center allows you to fully enable the capabilities of the APIC by writing applications running on the controller.	Cisco ACI App Center Developer Guide and Cisco ACI App Center User Guide
802.1 Q Tunnels	You can now configure 802.1Q tunnels to enable point-to-multi-point tunneling of Ethernet frames in the fabric, with Quality of Service (QoS) priority settings.	802.1Q Tunnels in Network and Management Connectivity
APIC Cluster Cold Standby	Support is added to operate the APICs in a cluster in an Active/Standby mode. In an APIC cluster, the designated active APICs share the load and the designated standby APICs can act as an replacement for any of the APICs in an active cluster.	APIC Cluster Management in Fabric Provisioning
Contract Preferred Groups	Support is added for contract preferred groups that enable greater control of communication between EPGs in a VRF. If most of the EPGs in the VRF should have open communication, but a few should only have limited communication with the other EPGs, you can configure a combination of a contract preferred group and contracts with filters to control communication precisely.	Contracts in ACI Policy Model
Dynamic Breakout Ports	Support is added for connecting a 40 Gigabit Ethernet (GE) leaf switch port to 4-10GE capable (downlink) devices (with Cisco 40-Gigabit to 4X10-Gigabit breakout cables).	Dynamic Breakout Ports in Network and Management Connectivity
FCoE Supported over FEX	You can now configure FCoE over FEX ports.	Supporting Fibre Channel over Ethernet Traffic on the ACI Fabric in Fabric Provisioning
CDP supported in policies on interfaces to FEX devices	In this release, support is added for CDP on interfaces to FEX devices.	Fabric Provisioning
HSRP	Support is added for HSRP, a protocol that provides first-hop routing redundancy for IP hosts on Ethernet networks configured with a default router IP address.	HSRP in Networking and Management Connectivity
NetFlow	Support is added for NetFlow technology, which provides the metering base for a key set of applications, including network traffic accounting, usage-based network billing, network planning, as well as denial of services monitoring, network monitoring, outbound marketing, and data mining for both service providers and enterprise customers.	NetFlow in Monitoring

Table 8. New Features and Changed Bahavior in Cisco APIC 2.1(1h) Release
Feature	Description	Where Documented
Distribute EVPN Type-2 Host Routes	In this release, for optimal traffic forwarding in an EVPN topology, you can enable fabric spines to advertise host routes using EVPN type-2 (MAC-IP) routes to the DCIG along with public BD subnets in the form of BGP EVPN type-5 (IP Prefix) routes.	Distributing BGP EVPN Type-2 Host Routes in Configuring Layer 3 EVPN Services over Fabric WAN

Table 9. New Features and Changed Behavior in Cisco APIC 2.0(2f) release
Feature	Description	Where Documented
Proxy ARP	Proxy ARP in Cisco ACI is added to enable endpoints within a network or subnet to communicate with other endpoints without knowing the real MAC address of the endpoints.	About Proxy ARP
Install Tetration Analytics	Cisco Tetration Analytics agent installation is added.	About Cisco Tetration Analytics Agent Installation
Route Target Filtering	Route Target Filtering is added, to optimize BGP routing tables by filtering the routes that are stored on them.	Route Target filtering
Multipod QoS	Support for Preserving CoS and DSCP settings is added for Multipod topologies.	Preserving QoS Priority Settings in a Multipod Fabric

Table 10. New Features and Changed Behavior in Cisco APIC 2.0(1m) release
Feature	Description	Where Documented
-- Policy Based Routing	Cisco ACI policy based routing (PBR) enables provisioning service appliances such as firewalls or load balancers as managed or unmanaged nodes without needing an L4-L7 package. Typical use cases include provisioning service appliances that can be pooled, tailored to application profiles, scale easily, and reduce exposure to service outages.	--About Policy-Based Redirect
-- Copy Services	-- Unlike SPAN that duplicates all of the traffic, the Cisco Application Centric Infrastructure (ACI) copy services feature enables selectively copying portions of the traffic between endpoint groups, according to the specifications of the contract.	--About Copy Services
-- L3 Multicast	Border leafs run the full Protocol Independent Multicast (PIM) protocol. Non-border leaf switches run PIM in a passive mode on the interfaces. They do not peer with any other PIM routers. The border leafs peer with other PIM routers connected to them over L3 outs and also with each other.	--Tenant Routed Multicast
-- Layer 3 EVPN Services Over Fabric WAN	The Layer 3 EVPN services over fabric WAN feature enables much more efficient and scalable ACI fabric WAN connectivity. It uses EVPN over OSPF for WAN routers that are connected to spine switches.	--Cisco ACI GOLF
-- Multipod	Multipod enables provisioning a more fault tolerant fabric comprised of multiple pods with isolated control plane protocols. Also, multipod provides more flexibility with regard to the full mesh cabling between leaf and spine switches. For example, if leaf switches are spread across different floors or different buildings, multipod enables provisioning multiple pods per floor or building and providing connectivity between pods through spine switches.	--Multipod
-- EPG Deployment through AEP	Attached entity profiles can be associated directly with application EPGs, which deploys the associated application EPGs to all those ports associated with the attached entity profile.	Attachable Entity Profile
-- Fibre Channel over Ethernet (FCoE)	Fibre Channel over Ethernet (FCoE) ssupport.	--Supporting Fibre Channel over Ethernet Traffic on the ACI Fabric
-- Configuration Zone Supported Policies	Updated list of policies are supported for configuration zones.	--Configuration Zone Supported Policies
-- Port Security	The port security feature protects the ACI fabric from being flooded with unknown MAC addresses by limiting the number of MAC addresses learned per port. The port security feature support is available for physical ports, port channels, and virtual port channels.	--About Port Security and ACI

Table 11. New Features and Changed Behavior in Cisco APIC 1.3(x) and switch 11.3(x) release
Feature	Description	Where Documented
-- Microsegmentation	Microsegmentation associates endpoints from multiple EPGs into a microsegmented EPG according to virtual machine attributes, IP address, or MAC address. Virtual machine attributes include: VNic domain name, VM identifier, VM name, hypervisor identifier, VMM domain, datacenter, operating system, or custom attribute. When combined with intra-EPG isolation for bare metal and VM endpoints, microsegmentation can provide policy driven automated complete endpoint isolation within application tiers.	--Microsegmentation
-- Bug fixes	Updates to tagged EPG topic	-- Native 802.1p and Tagged EPGs on Interfaces

Table 12. New Features and Changed Behavior in Cisco APIC Release 1.2(2x)
Feature	Description	Where Documented
-- Intra-EPG deny	Intra-EPG deny policies provide full isolation for virtual or physical endpoints; no communication is allowed between endpoints in an EPG that is operating in full isolation mode.	--Intra-EPG Endpoint Isolation
-- Data plane policing	Use data plane policing (DPP) to manage bandwidth consumption on ACI fabric access interfaces.	--Data Plane Policing
--Set BGP attributes	The route control context specifies what to match, and the scope specifies what is set.	--Route Import and Export, Route Summarization, and Route Community Match
--BGP and OSPF summarization	Route summarization policies enable routes to be shared efficiently among border leaf switches and their neighbor leaf switches.
-- EIGRPv6	Support for EIGRPv6 is now enabled.	--EIGRP Protocol Support
--DSCP marking	Previously, DSCP marking could only be set on a L3Out but now can be set on the following: Contract; Subject; In Term; Out Term.	--Preserving 802.1P Class of Service Settings
--Bidirectional forwarding detection	Use Bidirectional Forwarding Detection (BFD) to provide sub-second failure detection times in the forwarding path between ACI fabric border leaf switches configured to support peering router connections.	--Bidirectional Forwarding Detection
--IPv6 support for management interfaces	Unrestricted IPv6 support for all ACI fabric and APIC interfaces; IPv4, or IPv6, or dual stack configurations are supported. The requirement to allow only IPv4 addresses on management interfaces no longer applies.	--IPv6 Support
--BGP dynamic neighbors, route dampening, weight attribute, remove-private-as --OSPF name lookup, prefix suppression, and type 7 translation	Expanded support for BGP and OSPF options.	--Route Peering by Protocol
--Configuration zones	Configuration zones divide the ACI fabric into different zones that can be updated with configuration changes at different times. This limits the risk of deploying a faulty fabric-wide configuration that might disrupt traffic or even bring the fabric down.	--Configuration Zones
--Port Tracking Policy for Uplink Failure Detection	Upon detection of uplink failure from a leaf switch to one or more spine switches, fabric link state tracking notifies an access port connected device that the link is down.	--Port Tracking Policy for Fabric Port Failure Detection

Table 13. New Features and Changed Behavior in Cisco APIC Release 1.2(1x)
Feature	Description	Where Documented
--IP based EPG	IP-based EPGs are suitable in settings where there is a need for large numbers of EPGs that cannot be supported by Longest Prefix Match (LPM) classification.	--Endpoint Groups
-- Support for Public Subnets under EPG	An EPG that provides a shared service must have its subnet configured under that EPG (not under a bridge domain), and its scope must be set to advertised externally, and shared between VRFs.	--Bridge Domains and Subnets
--Shared Layer 3 Out	A shared Layer 3 Out configuration provides routed connectivity to external networks as a shared service. An l3extInstP EPG provides routed connectivity to external networks. It can be can be provisioned as a shared service in any tenant (user, common, infra, or mgmt.).	--Shared Layer 3 Out
--Bug fix	Improved explanations of the subnet route export and route import configuration options.	--Route Import and Export, Route Summarization, and Route Community Match
-- Stats on Layer 3 routes interfaces for Billing	The APIC can be configured to collect byte count and packet count billing statistics from a port configured for routed connectivity to external networks (an `l3extInstP` EPG) as a shared service.	--Routed Connectivity to External Networks as a Shared Service Billing and Statistics
--Configure maximum prefixes	Tenant networking protocol policies for BGP l3extOut connections can be configured with a maximum prefix limit that enables monitoring and restricting the number of route prefixes received from a peer.	--Layer 3 Out for Routed Connectivity to External Networks
--Ingress policy enforcement for L3Out scale	Ingress based policy enforcement enables defining policy enforcement for Layer 3 Out traffic with regard to egress and ingress directions. Direct server return (DSR), and attribute EPGs require ingress based policy enforcement.	--Layer 3 Out for Routed Connectivity to External Networks
--Static route with weights	Static route preference within the ACI fabric is carried in MP-BGP using cost extended community.	--Static Route Preference
--Common pervasive gateway for IPv4 and secondary IP address for IPv4	Multiple ACI fabrics can be configured with an IPv4 common gateway on a per bridge domain basis.	--Common Pervasive Gateway
--Fabric secure mode	Fabric secure mode prevents parties with physical access to the fabric equipment from adding a switch or APIC controller to the fabric without manual authorization by an administrator.	--Fabric Secure Mode
--CoS (802.1p)	The ACI fabric enables preserving 802.1p class of service (CoS) within the fabric. Enable the fabric global QoS policy dot1p-preserve option to guarantee that the 802.1p value in packets which enter and transit the ACI fabric is preserved.	--Preserving 802.1P Class of Service Settings

Table 14. New Features and Changed Behavior in Cisco APIC Release 1.1(2x)
Feature	Description	Where Documented
--AES Encryption of APIC configuration files	The ACI fabric supports AES encryption of the secure properties in configuration export/import files.	--Configuration File Encryption --Secure Properties
--Updates and bug fixes	Label matching update. Added retention policy guidelines. Update regarding support for advertising tenant bridge domain public subnet though an L3extOut in tenant common.	--Label Matching --Endpoint Retention --Bridged Interface to an External Router

Table 15. New Features and Changed Behavior in Cisco APIC Release 1.1(1x)
Feature	Description	Where Documented
--IPv6 support	The ACI fabric supports IPv6 for tenant addressing, contracts, shared services, routing, Layer 4 - Layer 7 services, and troubleshooting. ACI fabric interfaces can be configured with link local, global unicast and Multicast IPv6 addresses.	--IPv6 Support
--Transit routing	The ACI fabric supports transit routing, including the necessary EIGRP, eBGP, and OSPF protocol support, which enables border routers to perform bidirectional redistribution with other routing domains.	--ACI Transit Routing
--EIGRP	The ACI fabric supports EIGRP protocol in L3 outside for IPv4 only.	--EIGRP Protocol Support
--EBGP	The ACI fabric supports eBGP in L3 outside for both IPv4/IPv6.	--Route Peering by Protocol
--Host vPC FEX	The ACI fabric supports Cisco Fabric Extender (FEX) server-side virtual port channels (VPC), also known as FEX straight-through VPC.	--FEX Virtual Port Channels
--Per bridge domain multicast/broadcast packet control	An administrator can control the behavior of these packets per bridge domain.	--Bridge Domains and Subnets
--Route peering with service appliances	Route Peering is used to configure OSPF/BGP peering on the L4-L7 service device so that it can exchange routes with the ACI leaf node to which it is connected.	--Transit Routing Use Cases See also Configuring L4-L7 Route Peering in Managing Layer 4 to Layer 7 Services in Cisco APIC REST API Configuration Guide.
--Per port VLAN.	Allows configuration of the same VLAN ID across different EPGs (on different bridge domains) on different ports on the same leaf switch. An administrator can now configure the same VLAN ID on every port on the same switch.	--Per Port VLAN
--Loop detection.	The ACI fabric can now detect loops in Layer 2 network segments that are connected to leaf switch access ports.	--Loop Detection
--Atomic counters path mode for scale topologies		--Atomic Counters
--Various updates and bug fixes	Added vzAny introduction. Accounting. Default policies. Contract scope. Networking domains. VMM domain concepts updated and procedures moved to new expanded ACI Virtualization Guide.	--What vzAny Is --Accounting --Default Policies --Contracts --Networking Domains --Cisco ACI VM Networking Support for Virtual Machine Managers

Table 16. New Features and Changed Behavior in Cisco APIC Release 1.0(3x)
Feature	Description	Where Documented
--Multi-site Stretched Fabric	Implements support for multi-site stretched fabric.	--Stretched ACI Fabric Design Overview
--Update to the Endpoint Retention topic	Clarifies behavior of Bridge Domain flooding that updated the location of endpoints within an EPG subnet that spans multiple leaf switches within the BD.	--Endpoint Retention
--Update to the Filters topic	Provides best practice guidelines when using the filter `matchT All` option.	--Labels, Filters, Aliases, and Subjects Govern EPG Communications
--Storm Control	Implements Layer 2 storm control.	--About Traffic Storm Control
--AAA VMM Domain tags	VMM domains can be tagged as security domains so that they become visible to the users contained in the security domain.	--User Access: Roles, Privileges, and Security Domains
--Atomic counters endpoint to IP address option	Enables selecting either the target MAC address or IP address.	--Atomic Counters
--Delete VMM domain guidelines	Identifies recommended workflow sequence.	--See the Guidelines for Deleting VMM Domains topic in the Virtual Machine Manager Domains Chapter.
--Custom RBAC Rules	Identifies use case scenarios and guidelines for developing custom RBAC rules.	Custom RBAC Rules See Sample RBAC Rules in Configuring Security in Cisco APIC REST API Configuration Guide
--Health Score calculations	Identifies how system, pod, tenant, and MO level health scores are calculated.	--Health Scores
--Multinode SPAN ERSPAN guidelines and header types	Identifies ERSPAN header types and guidelines for using ERSPAN.	--Multinode SPAN
--EPG untagged and tagged VLAN headers	Provides guidelines and limitations for using ungtagged EPG VLANS.	--Endpoint Groups
--Bridge Domain legacy mode	Provides guidelines for configuring legacy mode bridge domains.	--Bridge Domains and Subnets
--Updates to AAA LDAP and TCACS+ configurations with examples	Adds AAA LDAP and TCACS+ configuration examples.	--LDAP/Active Directory Authentication --TACACS+ Authentication
--Updates to configuration import/export best effort, atomic, merge, and replace options	Describes enhancements to configuration import/export policies.	--Configuration Export/Import
--Update to the decommission with wipe option	Provides guidelines for using the decommission leaf switch with wipe option.	--Fabric Inventory
--Update to the DHCP Relay topic	Provides guidelines regarding the requirement to configure a single bridge domain with a single sublet when establishing a relation with a DHCP relay.	--DHCP Relay
--Various text edits to improve readability and a correction to a misspelled word in an image	Readability improvements and additional details in several topics.	See the Fundamentals, Provisioning, and Networking chapters.

Was this Document Helpful?

Feedback

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)