Contents
- Cisco Nexus 1000V Release Notes
- Cisco Nexus 1000V for VMware
- Software Compatibility with VMware
- Software Compatibility with Cisco Nexus 1000V
- New Features and Enhancements
- Configuration Scale Limits
- Cisco Nexus 1000V Configuration Scale Limits
- Cisco VSG Configuration Scale Limits
- Cisco AVS Configuration Scale Limits
- VDP Configuration Scale Limits
- Important Notes and Limitations
- Configuration Container Names Must Be Unique
- Single VMware Datacenter Support
- VDP
- DFA
- ERSPAN
- VMotion of VSM
- Access Lists
- NetFlow
- Port Security
- Port Profiles
- SSH Support
- LACP
- Cisco NX-OS Commands Might Differ from Cisco IOS
- No Spanning Tree Protocol
- Cisco Discovery Protocol
- DHCP Not Supported for the Management IP
- Upstream Switch Ports
- Interfaces
- Layer 3 VSG
- Copy Running-Config Startup-Config Command
- SNMP User Accounts Must Be Reconfigured After an Upgrade
- Using the Bug Search Tool
- Resolved Bugs
- Accessibility Features in Cisco Nexus 1000V
- MIB Support
- Obtaining Documentation and Submitting a Service Request
Cisco Nexus 1000V Release Notes
This document describes the features, limitations, and caveats for the Cisco Nexus 1000V, Release 5.2(1)SV3(1.3) software.
Cisco Nexus 1000V for VMware
The Cisco Nexus 1000V for VMware provides a distributed, Layer 2 virtual switch that extends across multiple virtualized hosts. The Cisco Nexus 1000V manages a data center defined by the vCenter Server. Each server in the data center is represented as a line card in the Cisco Nexus 1000V and can be managed as if it were a line card in a physical Cisco switch.
The Cisco Nexus 1000V consists of the following components:Software Compatibility with VMware
The servers that run the Cisco Nexus 1000V VSM and VEM must be in the VMware Hardware Compatibility list. This release of the Cisco Nexus 1000V supports vSphere 5.5, 5.1, and 5.0 release trains. For additional compatibility information, see the Cisco Nexus 1000V and VMware Compatibility Information.
Note
The Cisco Nexus 1000V supports all virtual machine network adapter types that VMware vSphere supports. Refer to the VMware documentation when choosing a network adapter. For more information, see the VMware Knowledge Base article #1001805.
Software Compatibility with Cisco Nexus 1000V
This release supports hitless upgrades from Release 4.2(1)SV2(1.1) and later. For more information, see the Cisco Nexus 1000V Installation and Upgrade Guide.
New Features and Enhancements
Cisco Nexus 1000V 5.2(1)SV3(1.3) includes the following features, enhancements, and support:
Feature
Description
Cisco TrustSec SXP Listener mode support
In addition to supporting SXP Speaker mode, Cisco Nexus 1000V now supports SXP Listener mode starting with this release.
For more information, see the Cisco Nexus 1000V for VMware vSphere Security Configuration Guide.
Additional TACACS+ and RADIUS server authentication support
REST API is enhanced to also support AAA authentication using TACACS+ and RADIUS Servers.
For more information, see the Cisco Nexus 1000V for VMware vSphere REST API Plug-in Configuration Guide.
New documentation
The following new documentation is provided for this release:
Minimum and Recommended Releases for the Cisco Nexus 1000V for VMware Switch—Lists the minimum and recommended Cisco NX-OS software releases to be used with Cisco Nexus 1000V for VMware switches for both new and existing deployments.
Configuration Scale Limits
Cisco Nexus 1000V Configuration Scale Limits
The following table lists the configuration scale limit information for the Cisco Nexus 1000V Advanced edition.
Note
The scale limits for the Cisco Nexus 1000V Essential edition are half of the values stated in the following table.
Feature
VEM
DVS
Other
Hosts/DVS
—
250 (includes gateways)
—
Total vEth ports
1000
10,240
—
Ports per port profile
1024
2048
—
Port profiles
6144
6144
—
Physical NICs
32
2000
—
Physical trunks
32
2000
—
vEthernet trunks
32
1024
—
Port channels
8
1024
—
Active VLANs
4094
4094
—
VXLANs (bridge domains)
6144
6144
—
VXLAN gateway pairs
1
8
—
VXLAN mappings
512/GW
4094
—
VXLAN trunks
32
1024
—
VXLAN mappings per trunk
512
—
—
VXLAN VNI
1044
6144
—
VTEPs
4
1024
512 per bridge domain
BGP peers
8 VSM
—
—
Route reflectors
—
—
2 per VXLAN control plane
MAC addresses
32,000
—
—
MAC address per VLAN
4094
4094
—
DHCP IP bindings
1024
10,240
—
ACLs
128
128
—
ACEs per ACL
—
128
—
ACL instances
6000
42,000
6 instances per port
Net Flow policies
32,000 flows
—
QoS policy maps
—
128
—
QoS class
—
1024
—
QoS class maps/policy maps
—
—
64
QoS instances (ingress and egress)
—
9000
—
Multicast groups
1024
1024
—
PVLANs
512
512
—
Port security MACs
2048
24,000
5 MACs per port
SPAN/ERSPAN sessions
64
64
—
Source interfaces per session
—
128 vEths
or
32 physical Eths or port channels
—
Source VLANs per session
—
32
—
Destination interfaces per session
—
32
—
SPAN sessions per source interface
—
4
—
Source profiles per session
—
16
—
Destination profiles per session
—
8
—
Cisco TrustSec
—
—
Number of VSMs per VC
—
—
64
Domain ID range —
—
1-1023
Cisco VSG Configuration Scale Limits
Important Notes and Limitations
Configuration Container Names Must Be Unique
All Cisco Nexus 1000V VSM configuration containers—port profiles, bridge domains, ACLs, class maps, policy maps, and so on—must have unique names.
In releases earlier than 5.2(1)SV3(1.1) you could create two configuration containers (for example, two port profiles) with the same name but different case sensitivity; for example, vmotion and VMOTION.
In later releases, you cannot create two configuration containers (for example, two port profiles) with the same name but different case sensitivity. During an upgrade, one of the port profiles with a duplicate name is deleted, which moves the corresponding ports in vCenter into quarantined state.
For example, do not create bridge domains with the same name (one uppercase, one lowercase) that point to different segments. See the following examples:
Single VMware Datacenter Support
The Cisco Nexus 1000V for VMware can be connected to a single VMware vCenter Server datacenter object. Note that this virtual datacenter can span multiple physical datacenters.
Each VMware vCenter can support multiple Cisco Nexus 1000V VSMs per vCenter datacenter.
VDP
Implementing VDP on the Cisco Nexus 1000V has the following limitations and restrictions:
The Cisco Nexus 1000V supports the Cisco DFA-capable VDP based on the IEEE Standard 802.1 Qbg, Draft 2.2, and does not support the Link Layer Discovery Protocol (LLDP). Therefore, the EVB type, length, value are not originated or processed by the Cisco Nexus 1000V.
The VDP implementation in the current release supports a matching LLDP-less implementation on the bridge side, which is delivered as part of the Cisco DFA solution. For more information on the Cisco DFA, see the Cisco DFA Solutions Guide.
Timer-related parameters are individually configurable in the station and in the leaf.
Connectivity to multiple unclustered bridges is not supported in this release.
IPv6 addresses in filter format are not supported in this release.
VDP is supported for only segmentation-based port profiles. VDP for VLAN-based port profiles is not supported in this release.
The dynamic VLANs allocated by VDP are local to the VEM; they should not be configured on the Cisco Nexus 1000V VSM.
VDP is supported on VMware ESX releases 5.0, 5.1, 5.5 and 6.0 in the current release.
ERSPAN
If the ERSPAN source and destination are in different subnets, and if the ERSPAN source is an L3 control VM kernel NIC attached to a Cisco Nexus 1000V VEM, you must enable proxy-ARP on the upstream switch.
If you do not enable proxy-ARP on the upstream switch (or router, if there is no default gateway), ERSPAN packets are not sent to the destination.
VMotion of VSM
VMotion of VSM has the following limitations and restrictions:
VMotion of VSM is supported for both the active and standby VSM VMs. For high availability, we recommend that the active VSM and standby VSM reside on separate hosts.
If you enable Distributed Resource Scheduler (DRS), you must use the VMware anti-affinity rules to ensure that the two virtual machines are never on the same host, and that a host failure cannot result in the loss of both the active and standby VSM.
VMware VMotion does not complete when using an open virtual appliance (OVA) VSM deployment if the CD image is still mounted. To complete the VMotion, either click Edit Settings on the VM to disconnect the mounted CD image, or power off the VM. No functional impact results from this limitation.
If you are adding one host in a DRS cluster that is using a vSwitch to a VSM, you must move the remaining hosts in the DRS cluster to the VSM. Otherwise, the DRS logic does not work, the VMs that are deployed on the VEM could be moved to a host in the cluster that does not have a VEM, and the VMs lose network connectivity.
Note
For more information about VMotion of VSM, see the Cisco Nexus 1000V Installation and Upgrade Guide.
Port Profiles
Port profiles have the following limitations and restrictions:
There is a limit of 255 characters in a port-profile command attribute.
We recommend that if you are altering or removing a port channel, you should migrate the interfaces that inherit the port channel port profile to a port profile with the desired configuration, rather than editing the original port channel port profile directly.
When you remove a port profile that is mapped to a VMware port group, the associated port group and settings within the vCenter Server are also removed.
Policy names are not checked against the policy database when ACL/NetFlow policies are applied through the port profile. It is possible to apply a nonexistent policy.
The port profile name can be up to 80 alphanumeric characters, is not case-sensitive, and must be unique for each port profile on the Cisco Nexus 1000V. The port profile name cannot contain any spaces. The port profile name can include all the ASCII special characters except the forward slash (/), backslash (\), percent (%), and question mark (?).
Note
If there are any existing port profiles (created in earlier Cisco Nexus 1000V releases) with names that contain a forward slash (/), backslash (\), percent (%), or question mark (?), you can continue to use them in this release.
LACP
Only LACP offload to VEM is supported. Upgrades from earlier releases to this release change LACP to offload mode by default.
Cisco NX-OS Commands Might Differ from Cisco IOS
Be aware that the Cisco NX-OS CLI commands and modes might differ from those commands and modes used in the Cisco IOS software.
No Spanning Tree Protocol
The Cisco Nexus 1000V for VMware forwarding logic is designed to prevent network loops; therefore, it does not use the Spanning Tree Protocol. Packets that are received from the network on any link connecting the host to the network are not forwarded back to the network by the Cisco Nexus 1000V.
Cisco Discovery Protocol
The Cisco Discovery Protocol (CDP) is enabled globally by default.
CDP runs on all Cisco-manufactured equipment over the data link layer and does the following:
Note
If you disable CDP globally, CDP is also disabled for all interfaces.
For more information about CDP, see the Cisco Nexus 1000V System Management Configuration Guide.
DHCP Not Supported for the Management IP
DHCP is not supported for the management IP. The management IP must be configured statically.
Interfaces
When the maximum transmission unit (MTU) is configured on an operationally up interface, the interface goes down and comes back up.
Supported MTU values vary according to underlying physical NIC capability.
Layer 3 VSG
When a VEM communicates with the Cisco Virtual Security Gateway (VSG) in Layer 3 mode, an additional header with 94 bytes is added to the original packet. You must set the MTU to a minimum of 1594 bytes to accommodate this extra header for any network interface through which the traffic passes between the Cisco Nexus 1000V and the Cisco VSG. These interfaces can include the uplink port profile, the proxy ARP router, or a virtual switch.
Copy Running-Config Startup-Config Command
When you are using the copy running-config startup-config command, do not press the PrtScn key. If you do, the command aborts.
SNMP User Accounts Must Be Reconfigured After an Upgrade
ProcedureIf you are upgrading from a release earlier than 5.2(1)SV3(1.1), the SNMP engine ID changes internally to a unique engine ID. You must reconfigure all the SNMP user accounts to work with the new engine ID. Until the SNMP user accounts are reconfigured, all SNMPv3 queries fail. This restriction is associated with the defect CSCuo12696.
After an upgrade, use the show snmp user command to view the engine ID:switch# show snmp user ______________________________________________________________ SNMP USERS ______________________________________________________________ User Auth Priv(enforce) Groups ____ ____ _____________ ______ ______________________________________________________________ NOTIFICATION TARGET USERS (configured for sending V3 Inform) ______________________________________________________________ User Auth Priv ____ ____ ____ admin md5 des (EngineID 128:0:0:9:3:2:0:12:0:0:0)Complete the following steps to reconfigure SNMP user accounts. Reconfiguring SNMP user account involves deleting and recreating a new SNMP username and password.
Using the Bug Search Tool
Procedure
Step 1 Go to http://tools.cisco.com/bugsearch. Step 2 In the Log In screen, enter your registered Cisco.com username and password, and then click Log In. The Bug Search page opens.
Note If you do not have a Cisco.com username and password, you can register for them at http://tools.cisco.com/RPF/register/register.do. Step 3 To search for a specific bug, enter the bug ID in the Search For field and press Enter. Step 4 To search for bugs in a specific release: Step 5 To search for bugs in the current release:
Resolved Bugs
The following table lists the bug ID and description of a select number of resolved high-priority bugs in the Cisco Nexus 1000V for VMware.
Bug ID
Description
The Apache version used in Cisco Nexus 1000V is affected by the following CVE vulnerabilities: CVE-2014-0118, CVE-2014-0226, and CVE-2014-0231.
An OpenSSH security vulnerability exists.
Cannot add VM NICs to vEthernets after upgrading to version 5.2(1)SV3(1.1).
VMware storage VMotion blocks vEthernet with port security.
The VLAN list is lost or truncated during upgrade. The port profile service continually crashes when viewing or modifying configurations on a port profile.
A Bash Remote Code Execution (Shellshock) vulnerability exists.
The VEM loses connectivity to VSM due to VEMDPA process looping.
Cisco Nexus 1000V includes a version of NTPd that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs: CVE-2014-9293, CVE-2014-9294, CVE-2014-9295 and CVE-2014-9296.
An ESX SSLv3 Padding Encryption (POODLE) vulnerability exists.
Accessibility Features in Cisco Nexus 1000V
All product documents are accessible except for images, graphics, and some charts. If you would like to receive the product documentation in audio format, braille, or large print, contact accessibility@cisco.com.
MIB Support
The Cisco Management Information Base (MIB) list includes Cisco proprietary MIBs and many other Internet Engineering Task Force (IETF)-standard MIBs. These standard MIBs are defined in Requests for Comments (RFCs). To find specific MIB information, you must examine the Cisco proprietary MIB structure and related IETF-standard MIBs supported by the Cisco Nexus 1000V Series switch.
The MIB Support List is available at the following FTP site: ftp://ftp.cisco.com/pub/mibs/supportlists/nexus1000v/Nexus1000VMIBSupportList.html
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What's New in Cisco Product Documentation, at: http://www.cisco.com/c/en/us/td/docs/general/whatsnew/whatsnew.html.
Subscribe to What's New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation as an RSS feed and delivers content directly to your desktop using a reader application. The RSS feeds are a free service.
Copyright © 2015, Cisco Systems, Inc. All rights reserved.