network services are not supported:
Services Router (CSR)
Wide Area Application Services (vWAAS)
Security Appliance (ASA) 1000V
You can no longer
create network profiles from the OpenStack CLI or the Horizon UI. Instead,
network profiles are created automatically. As a result of this change, the
networkProfileId command has been deprecated.
command syntax has changed. The
--n1kv:profile_id argument has been replaced with
--n1kv:profile. The full command is
If you do not
choose a policy profile while creating a port or launching a VM, the default
policy profile (default-pp) is used.
If you have more
than 200 ports provisioned in the Cisco Nexus 1000V, the OpenStack Horizon
dashboard navigation becomes very slow.
If you are using
the OpenStack Horizon dashboard, all vNIC interfaces on the same VM must have
the same policy profile. If you need to have different policy profiles assigned
to vNICs on the same VM, use the OpenStack CLI.
If the applied
Access Control List (ACL) has a rule with Layer 4 parameters, fragmented
packets use the slow path. Otherwise, fragmented packets get switched to the
When you bring up a
VSM, it should have the default port profile named
This port profile is not automatically created. You must create this port
port profile is used to create DHCP ports. Do not apply any features on this
port profile because it impacts the functioning of the DHCP ports. In addition,
do not use this port profile to bring up a VM to which you want to apply the
port profile features.
multicast traffic throughput without packets being dropped is 3 Gbps on a
If the NetFlow
record has Layer 4 match criteria, the fragmented packets use the slow path.
Otherwise, the fragmented packets get switched in the fast path.
The VSM CLI does
not prevent you from deleting or modifying objects on the VSM—such as a network
segment pool, IP pool template, network segment, or dynamic port profile—that
were created by the Network Segmentation Manager (NSM). If you delete or modify
objects, your VSM configuration could become out-of-sync with the network
configuration on OpenStack.
Neutron DHCP Port and Linux Router
router scheduling is random. At any time, one controller node might be
provisioned with a greater number of Linux routers than other controller nodes.
DHCP agent scheduler algorithm is also random. At any time, one controller node
might be provisioned with a greater number of DHCP ports than other controller
controller node can support up to 990 ports (DHCP and router ports). When this
limit is reached, any additional DHCP or router ports are not brought up on the
vEthernet trunk ports is possible using a trunk policy profile configured on
the VSM. With this profile configured on the port, all VLANs configured in the
VSM are allowed. You can restrict the set of allowed VLANs by editing the trunk
policy profile on the VSM. However, this change is applied to all ports
configured with this profile.
The slow path
is the path a packet takes when it is handed off to the user-space process
level for a switching decision before its kernel fast-path flow cache is
established. The VEM has a slow path maximum throughput of 300 Mbps, and when
the maximum throughput is reached and CPU utilization reaches 100 percent for
switching processes, traffic is dropped.
not support live migration to headless VEMs.
If a VLAN
reaches the 4000 MAC address limit, any additional traffic from new MAC
addresses uses the slow path.
configuration change to a port profile results in flows getting reprogrammed,
which temporarily slows traffic.
If you reboot the
VSM before you enter the
running-config startup-config command on the VSM, you must create the
missing policy port profiles in the VSM with the same UUID. For more
information, see the
Cisco Nexus 1000V for KVM
Starting with Release 5.2(1)SK3(1.1), Cisco Nexus 1000V for KVM does not support the
VXLAN Gateway feature.
and VXLAN Enhanced
multiple VXLAN Tunnel Endpoints (VTEPs) in the same subnet requires an
additional configuration file for the Address Resolution Protocol (ARP) to
function. You must add the following sysctl settings in the
traffic on a VXLAN might impact performance.
The show logging information has been
removed from the show tech-support svs command output because the
information it displayed was not related to the Cisco Nexus 1000V for KVM. If you
need additional technical support information, you can use the show tech-support svs
detail command. Optionally, you can add the exclude interface pipe;
for example, show
tech-support svs detail | exclude interface.