Cisco Nexus 1000V Release Notes, Release 4.2(1)SV2(1.1)
Software Compatibility with VMware
Software Compatibility with Cisco Nexus 1000V
Cross Data Center High Availability
Single VMware Data Center Support
Cisco NX-OS Commands Might Differ from Cisco IOS
Layer 2 Switching: No Spanning Tree Protocol
DHCP Not Supported for the Management IP
VM Name Display Length Limitation
Copy Running-Config Startup-Config Command
Error Messages Appear During ESX 4.1.0 Server Bootup
Dynamic Entries Are Not Deleted for a Linux VM
Source Filter TX VLANs Are Missing After the VSM Restarts
Default SSH Inactive Session Timeout
Queueing Policy Cannot Be Changed in Flexible Upgrade Setup
Clear QoS Statistics Fails on the VSM
Platform, Infrastructure, Ports, Port Channel, and Port Profiles
Obtaining Documentation and Submitting a Service Request
Last Updated: 2016-05-13
Release: NX-OS Release 4.2(1)SV2(1.1)
This document describes the features, limitations, and bugs for the Cisco Nexus 1000V Release 4.2(1)SV2(1.1) software. The following is the change history for this document.
Moved CSCtt40944 to the “Resolved Bugs” section. |
|
Updated the “LACP” section and added the “Upstream Switch Ports” section. |
|
Updated the support limit for “Distributed Virtual Switches (DVS) per vCenter with VMware vCloud Director (vCD)” in Table 1. |
|
Added a note about a VEM upgrade when LACP is configured to the “Software Compatibility with VMware” section. |
|
Created release notes for Release 4.2(1)SV2(1.1). Added vCD 5.1 support. |
The Cisco Nexus 1000V provides a distributed, Layer 2 virtual switch that extends across many virtualized hosts. The Cisco Nexus 1000V manages a data center defined by the vCenter Server. Each server in the data center is represented as a line card in the Cisco Nexus 1000V and can be managed as if it were a line card in a physical Cisco switch.
The servers that run the Cisco Nexus 1000V VSM and VEM must be in the VMware Hardware Compatibility list. This release of the Cisco Nexus 1000V supports vSphere 4.1.0, 5.0.0, and 5.1.0 release trains. For additional compatibility information, see the Cisco Nexus 1000V Compatibility Information, Release 4.2(1)SV2(1.1).
Note When LACP is configured on the Cisco Nexus 1000V and the ESXi version is 4.1.0 or 5.1.0, a VEM upgrade to Cisco NX-OS Release 4.2(1)SV2.1(1) from any earlier release is not supported.
Note All virtual machine network adapter types that VMware vSphere supports are supported with the Cisco Nexus 1000V. Refer to the VMware documentation when choosing a network adapter. For more information, see the VMware Knowledge Base article #1001805.
This release supports hitless upgrades from Release 4.0(4)SV1(3a) and later releases. Upgrades are supported from 4.0(4)SV1(3) and earlier releases. For additional information, see the Cisco Nexus 1000V Software Upgrade Guide, Release 4.2(1)SV2(1.1).
This section describes new and changed features in Cisco Nexus 1000V Release 4.2(1)SV2(1.1).
The Cisco Nexus 1000V Installer App is now a standalone Java application that can install the Cisco Nexus1000V VSM or VEM.
The Cisco Nexus 1000V Installer App supports a single pane for invoking the Cisco Nexus1000V VSM installer and VEM installer.
For more information, see the Cisco Nexus 1000V Installation and Upgrade Guide.
This section describes new software features in Cisco Nexus 1000V Release 4.2(1)SV2(1.1).
This feature supports split active and standby Nexus 1000V Virtual Supervisor Modules (VSMs) across two data centers to implement cross-DC clusters and VM mobility while ensuring high availability.
Starting with Release 4.2(1)SV2(1.1), you can filter the traffic based on the source IP address only as opposed to filtering the traffic based on the IP-MAC address pair. The Cisco Nexus 1000V ignores the MAC address and validates only the source IP address of the traffic from the VMs. The new functionality applies only to static bindings; for dynamic bindings, a new MAC address updates the dynamic binding on the Cisco Nexus 1000V.
To enable source IP-based filtering on the Cisco Nexus 1000V switch, set the filter mode to ip filtering. The default filtering mode is ip-mac filtering.
This feature simplifies the entire installation process via a single pane of glass.
Starting with Release 4.2(1)SV2(1.1), the upgrade process is simplified and flexible. You can schedule upgrades on a per-host basis, enabling an incremental upgrade even during a short maintenance window.
If a VEM loses the connection to its VSM, the Vmotions to that particular VEM are blocked. The VEM shows up in the VCenter Server as having a degraded (yellow) status.
Starting with Release 4.2(1)SV2(1.1), a tier-based licensing approach is adopted for the Cisco Nexus 1000V. The Cisco Nexus 1000V is shipped in two editions: Essential and Advanced. A new CLI command is provided to display the current switch edition and the other licensing information. In the two-tier licensing model supported with Release 4.2(1)SV2(1.1), the software image is the same for both editions. You can switch between the two editions at any time. The switch edition configuration is global. The entire switch (supervisor and all modules) is either in the Essential edition or the Advanced edition.
When the Release 4.2(1)SV2(1.1) software is installed, the Essential edition is the default edition. When the switch is configured in the Essential edition, all features (other than the advanced features) are available for free for an unlimited time. No licenses are required to operate the Essential edition. The switch edition configuration is global and not per module. In Essential edition, all modules are automatically licensed. Use the svs switch edition command to move the switch from the Essential edition to the Advanced edition, and vice versa.
The switch will come up in the Advanced edition when it is upgraded from a pre-4.2(1)SV2(1.1) release. When the license expires, the switch does not move from the Advanced edition to the Essential edition automatically. You must use svs switch edition CLI command to downgrade to the Essential edition.The licenses are required only when the switch edition is configured as the Advanced edition.
The following features are available as advanced features that require licenses:
Use the feature cts command to configure Cisco TrustSec on the Cisco Nexus 1000V. Enable DHCP snooping, Dynamic ARP inspection, and IP source guard on the Cisco Nexus 1000V using the feature dhcp command. See the Cisco Nexus 1000V License Configuration Guide for more information on licensing.
The high availability mechanism on Cisco Nexus 1000V is enhanced to select the VSM to be rebooted during the split-brain resolution. The following parameters are used to select the VSM in order of their precedence:
When a VSM is rebooted, the accounting logs that are stored on the VSM are lost. Starting with Release 4.2(1)SV2(1.1), new CLI commands are supported to display the accounting logs that were backed up during the split-brain resolution. You can also check the redundancy traces that are stored on the local and remote VSMs. See the Cisco Nexus 1000V High Availability Configuration Guide for more information.
The Cisco TrustSec security architecture builds secure networks by establishing clouds of trusted network devices. Each device in the cloud is authenticated by its neighbors. Communication on the links between devices in the cloud is secured with a combination of encryption, message integrity checks, and data-path replay protection mechanisms. Cisco TrustSec uses the device and user identification information acquired during authentication for classifying, or coloring, the packets as they enter the network. This packet classification is maintained by tagging packets on ingress to the Cisco TrustSec network so that they can be properly identified for the purpose of applying security and other policy criteria along the data path. The tag, also called the Security Group Tag (SGT), allows the network to enforce the access control policy by enabling the endpoint device to act upon the SGT to filter traffic.
This section describes the Cisco Nexus 1000V limitations and restrictions.
Table 1 lists the Cisco Nexus 1000V configuration limits.
The Cisco Nexus 1000V can be connected to a single VMware vCenter Server data center object. Note that this virtual data center can span multiple physical data centers.
VMotion of the VSM has the following limitations and restrictions:
For more information about VMotion of VSM, see the Cisco Nexus 1000V Software Installation Guide, Release 4.2(1)SV2(1.1).
The NetFlow configuration has the following support, limitations, and restrictions:
The NetFlow cache table has the following limitation:
Note The cache size that is configured using the CLI defines the number of entries, not the size in bytes. The configured entries are allocated for each processor in the ESX host and the total memory allocated depends on the number of processors.
Port security has the following support, limitations, and restrictions:
Port profiles have the following restrictions or limitations:
The Telnet server is enabled by default.
For information, see the Cisco Nexus 1000V Security Configuration Guide, Release 4.2(1)SV2(1.1).
Only SSH version 2 (SSHv2) is supported.
For information, see the Cisco Nexus 1000V Security Configuration Guide, Release 4.2(1)SV2(1.1).
Be aware that the Cisco NX-OS CLI commands and modes might differ from those commands and modes used in the Cisco IOS software.
For information, see the Cisco Nexus 1000V Command Reference, Release 4.2(1)SV2(1.1).
The Cisco Nexus 1000V forwarding logic is designed to prevent network loops so it does not need to use the Spanning Tree Protocol. Packets that are received from the network on any link connecting the host to the network are not forwarded back to the network by the Cisco Nexus 1000V.
For information about Layer 2 switching, see the Cisco Nexus 1000V Layer 2 Switching Configuration Guide, Release 4.2(1)SV2(1.1).
The Cisco Discovery Protocol (CDP) is enabled globally by default.
CDP runs on all Cisco-manufactured equipment over the data link layer and does the following:
– CDP can discover up to 256 neighbors per port if the port is connected to a hub with 256 connections.
If you disable CDP globally, CDP is also disabled for all interfaces.
For information about CDP, see the Cisco Nexus 1000V System Management Configuration Guide, Release 4.2(1)SV2(1.1).
DHCP is not supported for the management IP. The management IP must be configured statically.
The Link Aggregation Control Protocol (LACP) is an IEEE standard protocol that aggregates Ethernet links into an EtherChannel.
The Cisco Nexus 1000V has the following restrictions for enabling LACP on ports carrying the control and packet VLANs:
Note These restrictions do not apply to other data ports using LACP.
Note This restriction does not apply if LACP offload is enabled. You can check the LACP offload status by using the show lacp offload status command.
All upstream switch ports must be configured in spanning-tree port type edge trunk mode.
Without spanning-tree PortFast on upstream switch ports, it takes approximately 30 seconds to recover these ports on the upstream switch. Because these ports carry control and packet VLANs, the VSM loses connectivity to the VEM.
The following commands are available to use on Cisco upstream switch ports in interface configuration mode:
The Cisco Nexus 1010 (1000V) cannot resolve a domain name or hostname to an IP address.
When the maximum transmission unit (MTU) is configured on an operationally up interface, the interface goes down and comes back up.
When a VEM communicates with Cisco VSG in Layer 3 mode, an additional header with 94 bytes is added to the original packet. You must set the MTU to a minimum of 1594 bytes to accommodate this extra header for any network interface through which the traffic passes between the Cisco Nexus 1000V and the Cisco VSG. These interfaces can include the uplink port profile, the proxy ARP router, or a virtual switch.
VM names for VMs on ESX 4.1 hosts that exceed 21 characters are not displayed correctly on the VSM. When you use a show vservice command that displays the port profile name—for example, the show vservice port brief port-profile port-profile-name command—only VMs with names that are 21 characters or less are displayed correctly. Longer VM names might be truncated or have extra characters appended. Depending on the network adapter, the name length limitation varies. For example:
Note This is a display issue with ESX Release 4.1 only. Use VM names of 21 characters or less to avoid this issue.
Performing an ISSU from Cisco Nexus 1000V Release 4.2(1)SV1(4) or Release 4.2(1)SV1(4a) to Cisco Nexus 1000V Release 4.2(1)SV2(1.1) using the ISO files is not supported. You must use the kickstart and the system files to perform an ISSU upgrade to Cisco Nexus 1000V Release 4.2(1)SV2(1.1).
When running the copy running-config startup-config command, do not press the PrtScn key. If you do, the command will abort.
Vssnet-load error messages can occur during a classic ESX 4.1.0 server bootup or restart when the VEM is already installed. The issue occurs while booting up because the path environment variable is not set up correctly, and the system is not able to identify the VMware command. After the system boots up, it is set up correctly and so is the ESX 4.10 system. There is no functional impact of the error messages and they can be ignored.
On a Linux VM that has multiple adapters, a DHCP release packet is sent from an incorrect interface (because of OS functionality) and the DHCP release packet is dropped. As a result, the binding entry is not deleted. This issue is a Linux issue where the packets from all interfaces go out of one interface (which is the default interface). To avoid this issue, put the interfaces in different subnets and make sure that the default gateway for each interface is set.
When a SPAN (erspan-source) session is created and the source interface is configured as a port channel and PVLAN Promiscuous access is programmed, the filter RX is not configured and the configured programmed filter TX is not persistent on VSM reload.
To work around this issue, configure all the primary and secondary VLANs as filter VLANs while using the port channel with PVLAN Promiscuous access as the source interface.
The default SSH inactive session timeout is 30 minutes, but the timeout setting is disabled by default, so the connection remains active. Use the exec-timeout command to explicitly configure the inactive session timeout limit.
Queuing is valid starting from Cisco NX-OS Release 4.2(1)SV1(51). Any queueing configuration that exists on the VSM in an earlier release will stop working. All port profiles that have a queueing configuration cannot be used. If a port is down, it should be moved to a profile without QoS queueing.
When a policy map of type “queuing” has a class map of type “match-any” without any match criteria, and is applied on an interface, a resource pool is not created for that specific class ID. As a result, the collection of statistics fails and no data is sent back to the VSM. To work around this issue, add a match criteria on the empty class map.
This section includes the following topics:
The following are descriptions of bugs in Cisco Nexus 1000V Release 4.2(1)SV2(1.1). The ID links you into the Cisco Bug Search Tool.
The following are descriptions of bugs that are resolved in Cisco Nexus 1000V Release 4.2(1)SV2(1.1). The ID links you into the Cisco Bug Search Tool.
The Cisco Management Information Base (MIB) list includes Cisco proprietary MIBs and many other Internet Engineering Task Force (IETF) standard MIBs. These standard MIBs are defined in Requests for Comments (RFCs). To find specific MIB information, you must examine the Cisco proprietary MIB structure and related IETF-standard MIBs supported by the Cisco Nexus 1000V switch.
The MIB Support List is available at the following FTP site:
ftp://ftp.cisco.com/pub/mibs/supportlists/nexus1000v/Nexus1000VMIBSupportList.html
For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What’s New in Cisco Product Documentation.
To receive new and revised Cisco technical content directly to your desktop, you can subscribe to the What’s New in Cisco Product Documentation RSS feed. RSS feeds are a free service.