Table of Contents
Cisco Nexus 1000V Release Notes, Release 4.2(1) SV1(4)
Software Compatibility with VMware
Software Compatibility with Cisco Nexus 1000V
Restricting the Visibility of Port Profiles
SPAN and ERSPAN with Port Profiles
Class-Based Weighted Fair Queueing
Network State Tracking for vPC-HM
Cisco NX-OS Commands May Differ from Cisco IOS
DHCP Not Supported for the Management IP
Platform, Infrastructure, Ports, Port Channel, and Port Profiles
Cisco Nexus 1000V Release Notes, Release 4.2(1) SV1(4)
This document describes the features, limitations, and caveats for the Cisco Nexus 1000V Release 4.2(1)SV1(4) software. Use this document in combination with documents listed in the “Obtaining Documentation and Submitting a Service Request” section. The following is the change history for this document.
Updated the “LACP” section and added the “Upstream Switch Ports” section.
Revisions to Open Caveats, Resolved Caveats, and Limitations and Restrictions sections per Bug ID CSCtn16260.
Added DNS Resolution to the Limitations and Restrictions section.
Added CSCtn70031 to the Platform, Infrastructure, Ports, Port Channel, and Port Profiles section of Open Caveats.
Added section on Pre-Upgrade Script and modified Open Caveats and Resolved Caveats tables.
Introduction
The Cisco Nexus 1000V provides a distributed, Layer 2 virtual switch that extends across many virtualized hosts. The Cisco Nexus 1000V manages a data center defined by the vCenter Server. Each server in the data center is represented as a line card in Cisco Nexus 1000V and can be managed as if it were a line card in a physical Cisco switch.
Software Compatibility
This section includes the following topics:
Software Compatibility with VMware
The servers that run the Cisco Nexus 1000V VSM and VEM must be in the VMware Hardware Compatibility list. This release of Cisco Nexus 1000V supports both ESX 4.0 and ESX 4.1 release trains. For additional compatibility information, see the Cisco Nexus 1000V Compatibility Information, Release 4.2(1)SV1(4) .
New and Changed Information
This section provides the following information about this release:
Installer Application
The Installer Application GUI for setting up an initial Cisco Nexus 1000V deployment is enhanced to include the following:
- New Layer 3 connectivity configuration option.
- New HA (primary/secondary) deployment options.
- New configuration file option to expedite the Installer Application usage.
For more information, see the Cisco Nexus 1000V Getting Started Guide, Release 4.2(1)SV1(4) .
Disabling HTTP Server
For security purposes, you can now disable the HTTP server which is embedded in the Virtual Supervisor Module (VSM). When using the VMWare Update Manager (VUM) , you need to enable the HTTP server while doing the upgrade. After the upgrade has completed, you have the option of disabling the HTTP server. For more information, see the Cisco Nexus 1000V Security Configuration Guide, Release 4.2(1)SV1(4) .
Feature Command
To enable features like DHCP, HTTPS, Link Aggregation Protocol (LACP), NetFlow, Port-Profile-Roles, Private VLANs (PVLANs), Secure Shell (SSH), TACACS, or Telnet, the feature feature_name command should be executed first.
If any of the features were configured before upgrading to Release 4.2(1)SV1(4), they will be automatically enabled during the upgrade process.
Port Profile Changes
The Port Profile Manager for the Cisco Nexus 1000V is enhanced to perform the following:
– Either all the commands within the port profile are applied successfully or the inherit process is marked as a failure.
– If an update of a port profile fails, the port profile and its inheriting interfaces roll back to the last known good configuration.
- When an interface is quarantined, it is put into a shutdown state and requires manual intervention to reconcile the port profile attributes with the target interfaces.
- Further CLI support for reverting child port profile and interface overrides to port profile defaults.
- Some commands that were previously uninheritable are now inheritable.
For more information, see the Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.2(1)SV1(4) .
Port Channel Changes
The channel-group id mode { on | active | passive } command under the Ethernet interface configuration mode is deprecated. Instead, you need to use the channel-group auto mode { on | active | passive } command in the uplink port profile used by Ethernet interfaces.
For more information, see the Cisco Nexus 1000V Interface Configuration Guide, Release 4.2(1)SV1(4) .
Scalability Limits
Scalability limits for multiple features have been increased in this release; refer to the “Configuration Limits” section for updated limits.
New Software Features
The following new software features were added in this release:
vPath Features
Cisco vPath plays an important role in providing flexible and scalable virtual network services architecture. The main components of this architecture are vPath and the Virtual Service Node (VSN) which provides the network service. The first instantiation of VSN is the Virtual Security Gateway (VSG).
Specifically, the Cisco vPath architecture provides:
– Redirects traffic from the server requesting network service to the VSN
– Extends port profile to include the network service profile
– Each VSN can serve multiple physical servers
– VSN can be hosted on a separate or dedicated server
– Network Service Decision Caching: Cisco Nexus 1000V remembers the network service policy from prior traffic reducing traffic steering
– Performance of virtual network services can be accelerated through enforcement in the hypervisor kernel
Pre-Upgrade Script
The upgrade procedure for Release 4.2(1)SV1(4) has changed. You must run the Pre-Upgrade Script prior to beginning the upgrade. Failing to run the Pre-Upgrade Script or Pre-Upgrade App could result in traffic disruption and might place your system in an unusable state.
Upgrade Application
An upgrade application has been added for VSM and VEM upgrades. For more information, see the Cisco Nexus 1000V Software Upgrade Guide, Release 4.2(1)SV1(4) .
Restricting the Visibility of Port Profiles
You can now restrict which vCenter Server users or user groups have visibility into specific port groups on the Cisco Nexus 1000V. For more information, see the Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.2(1)SV1(4) .
LACP Offload
You can offload operation of the LACP protocol from the VSM to the VEMs to prevent a situation where the VSM cannot negotiate LACP with the upstream switch when the VEM is disconnected from the VSM (referred to as headless mode). VEM management of LACP allows LACP to re-establish port channels after the reboot of a headless VEM.
For more information, see the Cisco Nexus 1000V Interface Configuration Guide, Release 4.2(1)SV1(4) .
SPAN and ERSPAN with Port Profiles
Port profiles can be used as a source and destination for SPAN and ERSPAN monitored traffic. For more information, see the Cisco Nexus 1000V System Management Configuration Guide, Release 4.2(1)SV1(4) .
Hardware iSCSI Multipathing
A hardware adapter is now supported for iSCSI multipathing. For more information, see the Cisco Nexus 1000V System Management Configuration Guide, Release 4.2(1)SV1(4) .
Class-Based Weighted Fair Queueing
Class-Based Weighted Fair Queueing (CBWFQ) is a network queuing technique that allows the user to configure custom traffic classes based on various criteria. Each of these classes can be assigned a share of the available bandwidth for a particular link. Queuing is performed on the outbound direction of a physical link, with each class having its own queue and specific bandwidth reservation value. For more information, see the Cisco Nexus 1000V Quality of Service Configuration Guide, Release 4.2(1)SV1(4) .
Network State Tracking for vPC-HM
Network state tracking allows you to pinpoint link failures on a port channel configured for vPC-HM. For more information, see the Cisco Nexus 1000V Interface Configuration Guide, Release 4.2(1)SV1(4) .
DHCP Option 82
This release supports DHCP option 82 with remote-id (VSM control interface MAC) and circuit-id (vethernet port name) attributes, which could be used as matching criteria for the IP address allocation on a DHCP server.
ACLs on Management Interface
The management interface supports IPv4 ACLs that provide management interface security.
Ephemeral Port-Binding Type
This release supports setting the port-binding type within a port profile. When the port-binding type is set to ephemeral, a new DVPortID is allocation for the port every time a virtual machine is powered on. The DVPortID is released when the virtual machine is powered off.
For more information, see the Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.2(1)SV1(4) .
Limitations and Restrictions
The Cisco Nexus 1000V has the following limitations and restrictions:
- Configuration Limits
- Single Data Center Supported
- vMotion of VSM
- VMware Lab Manager
- Upgrades
- Access Lists
- NetFlow
- Port Security
- Port Profiles
- Telnet Enabled by Default
- SSH Support
- Cisco NX-OS Commands May Differ from Cisco IOS
- Layer 2 Switching
- Cisco Discovery Protocol
- DHCP Not Supported for the Management IP
- LACP
- Upstream Switch Ports
- DNS Resolution
- Interfaces
Configuration Limits
Table 1 shows the Cisco Nexus 1000V configuration limits:
1.Only one connection to vCenter Server is permitted at a time.
Single Data Center Supported
The Cisco Nexus 1000V currently supports a single data center. The VSM cannot be deployed across more than one data center.
vMotion of VSM
vMotion of the VSM has the following limitations and restrictions:
- vMotion of a VSM is supported for both the active and standby VSM VMs. For high availability, we recommend that the active VSM and standby VSM reside on separate hosts.
- If you enable Distributed Resource Scheduler (DRS), then you must use the VMware anti-affinity rules to ensure that the two virtual machines are never on the same host, and that a host failure cannot result in the loss of both the active and standby VSM.
- VMware vMotion does not complete when using an open virtual appliance (OVA) VSM deployment if the CD image is still mounted. To complete the vMotion, either click Edit Settings on the VM to disconnect the mounted CD image, or power off the VM. No functional impact results from this limitation.
- If you are adding one host in a DRS cluster that is using vSwitch to a VSM, you must move the remaining hosts in the DRS cluster to the VSM. Otherwise, the DRS logic does not work, the VMs that are deployed on the VEM could be moved to a host in the cluster that does not have VEM, and the VMs lose network connectivity.
For more information about vMotion of VSM, see the Cisco Nexus 1000V Software Installation Guide, Release 4.2(1)SV1(4) .
Upgrades
Upgrading the software has the following limitations and restrictions:
- The upgrade procedure to Release 4.2(1)SV1(4) has changed depending on the version you are upgrading from.
- Unlike previous upgrades, disruption free upgrades from Release 4.0(4)SV1(3) and later to Release 4.2(1)SV1(4) require the VEMs to be upgraded prior to upgrading the VSM.
- VEM upgrade to Release 4.2(1)SV1(4) requires a minimum ESX/ESXi version of 4.0 Update 1 Patch 04 or later.
- VEM Upgrade using VMware Update Manager (VUM) requires vCenter Update 1, VUM Patch 2 or later.
For more information about VMware compatibility, see the Cisco Nexus 1000V Compatibility Information, Release 4.2(1)SV1(4) .
For more information about upgrades, see the Cisco Nexus 1000V Software Upgrade Guide, Release 4.2(1)SV1(4) .
Access Lists
NetFlow
The NetFlow configuration has the following support, limitations, and restrictions:
- Layer 2 match fields are not supported.
- NetFlow Sampler is not supported.
- NetFlow Exporter format V9 is supported
- NetFlow Exporter format V5 is not supported.
- The multicast traffic type is not supported. Cache entries are created for multicast packets, but the packet/byte count does not reflect replicated packets.
- NetFlow is not supported on port channels.
The NetFlow cache table has the following limitation:
Note The cache size that is configured using the CLI defines the number of entries, not the size in bytes. The configured entries are allocated for each processor in the ESX host and the total memory allocated depends on the number of processors.
Port Security
Port security has the following support, limitations, and restrictions:
• Port security is enabled globally by default.
The feature/no feature port-security command is not supported.Port Profiles
Port profiles have the following restrictions or limitations:
- There is a limit of 255 characters in a port-profile command attribute.
- We recommend that you save the configuration across reboots, which will shorten the VSM bringup time.
- We recommend that if you are altering or removing a port channel, you should migrate the interfaces that inherit the port channel port profile should migrate to a port profile with the desired configuration, rather than editing the original port channel port profile directly.
- If you attempt to remove a port profile that is in use, that is, one that has already been auto-assigned to an interface, the Cisco Nexus 1000V generates an error message and does not allow the removal.
- When you remove a port profile that is mapped to a VMware port group, the associated port group and settings within the vCenter Server are also removed.
- Policy names are not checked against the policy database when ACL/NetFlow policies are applied through the port profile. It is possible to apply a nonexistent policy.
Telnet Enabled by Default
The Telnet server is enabled by default.
For more information about Telnet, see the Cisco Nexus 1000V Security Configuration Guide, Release 4.2(1)SV1(4) .
SSH Support
Only SSH version 2 (SSHv2) is supported.
For more information, see the Cisco Nexus 1000V Security Configuration Guide, Release 4.2(1)SV1(4) .
Cisco NX-OS Commands May Differ from Cisco IOS
Be aware that the Cisco NX-OS CLI commands and modes might differ from those commands and modes used in the Cisco IOS software.
For information about CLI commands, see the Cisco Nexus 1000V Command Reference, Release 4.2(1)SV1(4) .
For more information about the CLI command modes, see the Cisco Nexus 1000V Getting Started Guide, Release 4.2(1)SV1(4)
Layer 2 Switching
This section lists the Layer 2 switching limitations and restrictions and includes the following topics:
For more information about Layer 2 switching, see the Cisco Nexus 1000V Layer 2 Switching Configuration Guide, Release 4.2(1)SV1(4) .
No Spanning Tree Protocol
The Cisco Nexus 1000V forwarding logic is designed to prevent network loops so it does not need to use the Spanning Tree Protocol. Packets that are received from the network on any link connecting the host to the network are not forwarded back to the network by the Cisco Nexus 1000V.
Cisco Discovery Protocol
The Cisco Discovery Protocol (CDP) is enabled globally by default.
CDP runs on all Cisco-manufactured equipment over the data link layer and does the following:
• Advertises information to all attached Cisco devices.
• Discovers and views information about those Cisco devices.
– CDP can discover up to 256 neighbors per port if the port is connected to a hub with 256 connections.
If you disable CDP globally, then CDP is also disabled for all interfaces.
For more information about CDP, see the Cisco Nexus 1000V System Management Configuration Guide, Release 4.2(1)SV1(4) .
DHCP Not Supported for the Management IP
DHCP is not supported for the management IP. The management IP must be configured statically.
LACP
The Link Aggregation Control Protocol (LACP) is an IEEE standard protocol that aggregates Ethernet links into an EtherChannel.
Cisco Nexus 1000V has the following restrictions for enabling LACP on ports carrying the control and packet VLANs:
Note These restrictions do not apply to other data ports using LACP.
Note This restriction is not applicable if LACP offload is enabled. You can check the LACP offload status using the show lacp offload status command.
- The upstream switch ports must be configured in spanning-tree port type edge trunk mode. For more information about this restriction, see the “Upstream Switch Ports” section.
Upstream Switch Ports
All upstream switch ports must be configured in spanning-tree port type edge trunk mode.
Without spanning-tree portfast on upstream switch ports, it takes approximately 30 seconds to recover these ports on the upstream switch. Because these ports are carrying control and packet VLANs, VSM loses connectivity to the VEM.
The following commands are available to use on Cisco upstream switch ports in interface configuration mode:
Caveats
This section includes the following topics:
Open Caveats
The following are descriptions of the caveats in Cisco Nexus 1000V Release 4.2(1)SV1(4). The ID links you into the Cisco Bug Toolkit.
Platform, Infrastructure, Ports, Port Channel, and Port Profiles
Need to send traffic from the destination VM to learn the vns-binding.
Cisco Nexus 1000Vcannot support more than 245 port (physical + virtual) per VEM.
Not able to migrate VC/VSM and normal VM when adding host to DVS.
Back-to-back clear counters (in < 35s) can move active port to inactive state.
Owner field missing for Ethernet ports in show port-profile virtual usage command.
Only system VLANs programmed on PC after rapid LACP member flaps.
Module does not attach after mode change from access to trunk.
Incorrect iSCSI multipathing configuration causes module flap or vMotion failure.
Ethernet port goes to admin down state while changing port profiles.
VPC subgroup manual comes up though subgroup IDs are not configured.
Traffic stops on upgrade when PLAN configuration under port channel.
vEthernets going down and auto-deleted on switchover with port profile migration.
CSC tl06194
UCS Blade Oplin adapter comes up with timing issue during Fl reboot.
CSCtl 12586
After VIB upgrade, some of the palo NICs go into INIT state on Fl.
MTU not getting set in VEM when inherited from a parent system port profile.
The no channel-group command displays the following:
ERROR:No profile matching given profile name.Quality of Service
Features
VMware
Resolved Caveats
The following are descriptions of caveats that were resolved in Cisco Nexus 1000V Release 4.2(1)SV1(4). The ID links you into the Cisco Bug Toolkit.
MIB Support
The Cisco Management Information Base (MIB) list includes Cisco proprietary MIBs and many other Internet Engineering Task Force (IETF) standard MIBs. These standard MIBs are defined in Requests for Comments (RFCs). To find specific MIB information, you must examine the Cisco proprietary MIB structure and related IETF-standard MIBs supported by the Cisco Nexus 1000V Series switch.
The MIB Support List is available at the following FTP site:
ftp://ftp.cisco.com/pub/mibs/supportlists/nexus1000v/Nexus1000VMIBSupportList.html
Available Documents
This section lists the documents used with the Cisco Nexus 1000V and available on Cisco.com at the following url:
http://www.cisco.com/en/US/products/ps9902/tsd_products_support_series_home.html
General Information
Cisco Nexus 1000V Documentation Roadmap, Release 4.2(1)SV1(4)
Cisco Nexus 1000V Release Notes, Release 4.2(1)SV1(4)
Cisco Nexus 1000V Compatibility Information, Release 4.2(1)SV1(4)
Cisco Nexus 1010 Management Software Release Notes, Release 4.2(1)SP1(2)
Install and Upgrade
Cisco Nexus 1000V Virtual Supervisor Module Software Installation Guide, Release 4.2(1)SV1(4)
Cisco Nexus 1000V Software Upgrade Guide, Release 4.2(1)SV1(4)
Cisco Nexus 1000V VEM Software Installation and Upgrade Guide, Release 4.2(1)SV1(4)
Cisco Nexus 1010 Virtual Services Appliance Hardware Installation Guide
Cisco Nexus 1010 Software Installation and Upgrade Guide, Release 4.2(1)SP1(2)
Configuration Guides
Cisco Nexus 1000V License Configuration Guide, Release 4.2(1)SV1(4)
Cisco Nexus 1000V Getting Started Guide, Release 4.2(1)SV1(4)
Cisco Nexus 1000V High Availability and Redundancy Configuration Guide, Release 4.2(1)SV1(4)
Cisco Nexus 1000V Interface Configuration Guide, Release 4.2(1)SV1(4)
Cisco Nexus 1000V Layer 2 Switching Configuration Guide, Release 4.2(1)SV1(4)
Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.2(1)SV1(4)
Cisco Nexus 1000V Quality of Service Configuration Guide, Release 4.2(1)SV1(4)
Cisco Nexus 1000V Security Configuration Guide, Release 4.2(1)SV1(4)
Cisco Nexus 1000V System Management Configuration Guide, Release 4.2(1)SV1(4)
Cisco Nexus 1010 Software Configuration Guide, Release 4.2(1)SP1(2)
Reference Guides
Cisco Nexus 1000V Command Reference, Release 4.2(1)SV1(4)
Troubleshooting and Alerts
Cisco Nexus 1000V Troubleshooting Guide, Release 4.2(1)SV1(4)
Virtual Security Gateway Documentation
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Release Notes, Release 4.2(1)VSG(1)
Cisco Virtual Security Gateway, Release 4.2(1)VSG1(1) and Cisco Virtual Network Management Center, Release 1.0.1 Installation Guide
Cisco Virtual Security Gateway for Nexus 1000V Series Switch License Configuration Guide, Release 4.2(1)VSG1(1)
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Configuration Guide, Release 4.2(1)VSG1(1)
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Command Reference, Release 4.2(1)VSG1(1)
Virtual Network Management Center
Release Notes for Cisco Virtual Network Management Center, Release 1.0.1
Cisco Virtual Security Gateway, Release 4.2(1)VSG1(1) and Cisco Virtual Network Management Center, Release 1.0.1 Installation Guide
Cisco Virtual Network Management Center CLI Configuration Guide, Release 1.0.1
Cisco Virtual Network Management Center GUI Configuration Guide, Release 1.0.1
Cisco Virtual Network Management Center XML API Reference Guide, Release 1.0.1
Network Analysis Module Documentation
Cisco Network Analysis Module Software Documentation Guide, 4.2
Cisco Nexus 1000V NAM Virtual Service Blade Installation and Configuration Guide
Network Analysis Module Command Reference Guide, 4.2
User Guide for the Cisco Network Analysis Module Virtual Service Blades, 4.2
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation , which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.
This document is to be used in conjunction with the documents listed in the “Obtaining Documentation and Submitting a Service Request” section.Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks . Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)