Guest

Support

Cisco Nexus 1000V Release Notes, Release 5.2(1)SV3(1.5a)

Hierarchical Navigation

  • Viewing Options

  • MOBI (208.9 KB)
  • PDF (551.9 KB)
  • EPUB (134.5 KB)
  • Feedback
Cisco Nexus 1000V Release Notes

Contents


First Published: August 17, 2015


Cisco Nexus 1000V Release Notes

This document describes the features, limitations, and caveats for the Cisco Nexus 1000V, Release 5.2(1)SV3(1.5a) software.

Cisco Nexus 1000V for VMware

The Cisco Nexus 1000V for VMware provides a distributed, Layer 2 virtual switch that extends across many virtualized hosts. The Cisco Nexus 1000V manages a datacenter defined by the vCenter Server. Each server in the datacenter is represented as a line card in the Cisco Nexus 1000V and can be managed as if it were a line card in a physical Cisco switch.

The Cisco Nexus 1000V consists of the following components:

  • Virtual Supervisor Module (VSM), which contains the Cisco CLI, configuration, and high-level features.

  • Virtual Ethernet Module (VEM), which acts as a line card and runs in each virtualized server to handle packet forwarding and other localized functions.

Software Compatibility with VMware

The servers that run the Cisco Nexus 1000V VSM and VEM must be in the VMware Hardware Compatibility list. This release of the Cisco Nexus 1000V supports vSphere 6.0, 5.5, 5.1, and 5.0 release trains. For additional compatibility information, see the Cisco Nexus 1000V and VMware Compatibility Information.


Note

  • VSM hardware versions 7, 8, 9, and 10 are supported. VSM hardware version 11 is not supported.

  • The Cisco Nexus 1000V supports all virtual machine network adapter types that VMware vSphere supports. Refer to the VMware documentation when choosing a network adapter. For more information, see the VMware Knowledge Base article #1001805.

Software Compatibility with Cisco Nexus 1000V

This release supports hitless upgrades from Release 4.2(1)SV2(1.1) and later. For more information, see the Cisco Nexus 1000V Installation and Upgrade Guide.

New Features and Enhancements

Cisco Nexus 1000V 5.2(1)SV3(1.5a) includes the following features, enhancements, and support:

Feature

Description

Fixes for various customer issues

See Resolved Bugs.

Updated documentation

The following documents have been updated for this release:

Configuration Scale Limits

Cisco Nexus 1000V Configuration Scale Limits

The following table lists the configuration scale limit information for the Cisco Nexus 1000V Advanced edition.

Note

The scale limits for the Cisco Nexus 1000V Essential edition are half of what is stated in the following table.

Feature

VEM

DVS

Other

Hosts/DVS

250 (includes gateways)

Total vEth ports

1000

10,240

Ports per port profile

1024

2048

Port profiles

6144

6144

Physical NICs

32

2000

Physical trunks

32

2000

vEthernet trunks

32

1024

Port channels

8

1024

Active VLANs

4094

4094

VXLANs (bridge domains)

6144

6144

VXLAN gateway pairs

1

8

VXLAN mappings

512/GW

4094

VXLAN trunks

32

1024

VXLAN mappings per trunk

512

VXLAN VNI

1044

6144

VTEPs

16,000

512 per bridge domain

BGP peers

8 VSM

Route reflectors

2 per VXLAN control plane

MAC addresses

32,000

MAC address per VLAN

4094

4094

DHCP IP bindings

1024

10,240

ACLs

128

128

ACEs per ACL

128

ACL instances

6000

42,000

6 instances per port

Net Flow policies

32,000 flows

  • 64 monitor sessions

  • 64 records

  • 64 exporters

QoS policy maps

128

QoS class

1024

QoS class maps/policy maps

64

QoS instances (ingress and egress)

9000

Multicast groups

1024

1024

PVLANs

512

512

Port security MACs

2048

24,000

5 MACs per port

SPAN/ERSPAN sessions

64

64

Source interfaces per session

128 vEths

or

32 physical Eths or port channels

Source VLANs per session

32

Destination interfaces per session

32

SPAN sessions per source interface

4

Source profiles per session

16

Destination profiles per session

8

Cisco TrustSec

  • 6000 IP-SGT mappings

  • 128 SGACLs

  • 128 ACEs per SGACL

  • 8 SXP peers

Number of VSMs per VC

64

Domain ID range

1-1023

VSG Configuration Scale Limits

In this release, when Cisco Virtual Security Gateway (VSG) solutions using version 5.2(1)VSG3(1.2c) are deployed, the following scale limitations apply and supersede the scale numbers shown in Cisco Nexus 1000V Configuration Scale Limits.

Feature

VEM

DVS

Number of VEM Modules

VSG

512 vEth ports per VEM

10,000 vEth ports with up to 6000 vEth ports protected by VSG

250 per DVS

AVS Configuration Scale Limits

In this release, when Cisco Application Virtual Switch (AVS) solutions are deployed, the following scale limitations apply and supercede the scale numbers shown in Cisco Nexus 1000V Configuration Scale Limits.

Feature

VEM

Top of Rack

AVS

300 vEth ports per VEM

40 VEM modules

VDP Configuration Scale Limits

In this release, when VSI Discovery Protocol (VDP) solutions are deployed, the following scale limitations apply and supersede the scale numbers shown in Cisco Nexus 1000V Configuration Scale Limits.

Feature

VEM

DVS

Number of VEM Modules

VDP

300 vEth ports per VEM

4000 vEth ports

128 per DVS

Important Notes and Limitations

Configuration Container Names Must Be Unique

All Cisco Nexus 1000V VSM configuration containers—port profiles, bridge domains, ACLs, class maps, policy maps, and so on—must have unique names.

In releases earlier than 5.2(1)SV3(1.1) you could create two configuration containers (for example, two port profiles) with the same name but different case sensitivity; for example, vmotion and VMOTION.

In later releases, you cannot create two configuration containers (for example, two port profiles) with the same name but different case sensitivity. During an upgrade, one of the port profiles with a duplicate name is deleted, which moves the corresponding ports in vCenter into quarantined state.

For example, do not create bridge domains with the same name (one uppercase, one lowercase) that point to different segments. See the following examples:

This is an example of an uppercase name: 

switch# show bridge-domain VXLAN14095 
Bridge-domain VXLAN14095 (0 ports in all)
Segment ID: 12333 (Manual/Active)
Mode: Unicast-only
MAC Distribution: Disable
BGP control mode: Enable
Group IP: NULL
Encap Mode: VXLAN*
State: UP Mac learning: Enabled

This is an example of a lowercase name: 

switch# show bridge-domain vxlan14095
Bridge-domain vxlan14095 (0 ports in all)
Segment ID: 14095 (Manual/Active)
Mode: Unicast-only
MAC Distribution: Disable
BGP control mode: Enable
Group IP: 237.1.1.196
Encap Mode: VXLAN*
State: UP Mac learning: Enabled

Single VMware Datacenter Support

The Cisco Nexus 1000V for VMware can be connected to a single VMware vCenter Server datacenter object. Note that this virtual datacenter can span multiple physical datacenters.

Each VMware vCenter can support multiple Cisco Nexus 1000V VSMs per vCenter datacenter.

VDP

Implementing VDP on the Cisco Nexus 1000V has the following limitations and restrictions:

  • The Cisco Nexus 1000V supports the Cisco DFA-capable VDP based on the IEEE Standard 802.1 Qbg, Draft 2.2, and does not support the Link Layer Discovery Protocol (LLDP). Therefore, the EVB type, length, value are not originated or processed by the Cisco Nexus 1000V.

  • The VDP implementation in the current release supports a matching LLDP-less implementation on the bridge side, which is delivered as part of the Cisco DFA solution. For more information on the Cisco DFA, see the Cisco DFA Solutions Guide.

  • Timer-related parameters are individually configurable in the station and in the leaf.

  • Connectivity to multiple unclustered bridges is not supported in this release.

  • IPv6 addresses in filter format are not supported in this release.

  • VDP is supported for only segmentation-based port profiles. VDP for VLAN-based port profiles is not supported in this release.

  • The dynamic VLANs allocated by VDP are local to the VEM; they should not be configured on the Cisco Nexus 1000V VSM.

  • VDP is supported on VMware ESX releases 5.0, 5.1, 5.5 and 6.0 in the current release.

DFA

Fabric forwarding mode is not supported under the VLAN configuration.

ERSPAN

If the ERSPAN source and destination are in different subnets, and if the ERSPAN source is an L3 control VM kernel NIC attached to a Cisco Nexus 1000V VEM, you must enable proxy-ARP on the upstream switch.

If you do not enable proxy-ARP on the upstream switch (or router, if there is no default gateway), ERSPAN packets are not sent to the destination.

VMotion of VSM

VMotion of VSM has the following limitations and restrictions:

  • VMotion of VSM is supported for both the active and standby VSM VMs. For high availability, we recommend that the active VSM and standby VSM reside on separate hosts.

  • If you enable Distributed Resource Scheduler (DRS), you must use the VMware anti-affinity rules to ensure that the two virtual machines are never on the same host, and that a host failure cannot result in the loss of both the active and standby VSM.

  • VMware VMotion does not complete when using an open virtual appliance (OVA) VSM deployment if the CD image is still mounted. To complete the VMotion, either click Edit Settings on the VM to disconnect the mounted CD image, or power off the VM. No functional impact results from this limitation.

  • If you are adding one host in a DRS cluster that is using a vSwitch to a VSM, you must move the remaining hosts in the DRS cluster to the VSM. Otherwise, the DRS logic does not work, the VMs that are deployed on the VEM could be moved to a host in the cluster that does not have a VEM, and the VMs lose network connectivity.


Note

For more information about VMotion of VSM, see the Cisco Nexus 1000V Installation and Upgrade Guide.

Access Lists

ACLs have the following limitations and restrictions:

  • VLAN-based ACLs (VACLs) are not supported.

  • ACLs are not supported on port channels.

NetFlow

The NetFlow configuration has the following limitations and restrictions:

  • NetFlow Sampler is not supported.

  • NetFlow Exporter format V9 is supported.

  • NetFlow Exporter format V5 is not supported.

  • NetFlow is not supported on port channels.

  • The NetFlow cache table does not support immediate or permanent cache types.

Port Security

Port security has the following limitations and restrictions:

  • Port security is enabled globally by default.

  • The feature/no feature port-security command is not supported.

  • In response to a security violation, you can shut down the port.

Port Profiles

Port profiles have the following limitations and restrictions:

  • There is a limit of 255 characters in a port-profile command attribute.

  • We recommend that if you are altering or removing a port channel, you should migrate the interfaces that inherit the port channel port profile to a port profile with the desired configuration, rather than editing the original port channel port profile directly.

  • When you remove a port profile that is mapped to a VMware port group, the associated port group and settings within the vCenter Server are also removed.

  • Policy names are not checked against the policy database when ACL/NetFlow policies are applied through the port profile. It is possible to apply a nonexistent policy.

  • The port profile name can be up to 80 alphanumeric characters, is not case-sensitive, and must be unique for each port profile on the Cisco Nexus 1000V. The port profile name cannot contain any spaces. The port profile name can include all the ASCII special characters except the forward slash (/), backslash (\), percent (%), and question mark (?).


    Note

    If there are any existing port profiles (created in earlier Cisco Nexus 1000V releases) with names that contain a forward slash (/), backslash (\), percent (%), or question mark (?), you can continue to use them in this release.

SSH Support

Only SSH version 2(SSHv2) is supported.

LACP

Only LACP offload to VEM is supported. Upgrades from earlier releases to this release change LACP to offload mode by default.

Cisco NX-OS Commands Might Differ from Cisco IOS

Be aware that the Cisco NX-OS CLI commands and modes might differ from those commands and modes used in the Cisco IOS software.

No Spanning Tree Protocol

The Cisco Nexus 1000V for VMware forwarding logic is designed to prevent network loops; therefore, it does not use the Spanning Tree Protocol. Packets that are received from the network on any link connecting the host to the network are not forwarded back to the network by the Cisco Nexus 1000V.

Cisco Discovery Protocol

The Cisco Discovery Protocol (CDP) is enabled globally by default.

CDP runs on all Cisco-manufactured equipment over the data link layer and does the following:

  • Advertises information to all attached Cisco devices.

  • Discovers and views information about those Cisco devices.

    • CDP can discover up to 256 neighbors per port if the port is connected to a hub with 256 connections.


Note

If you disable CDP globally, CDP is also disabled for all interfaces.

For more information about CDP, see the Cisco Nexus 1000V System Management Configuration Guide.

DHCP Not Supported for the Management IP

DHCP is not supported for the management IP. The management IP must be configured statically.

Upstream Switch Ports

We recommend that you configure spanning-tree port type edge on upstream switches for faster convergence.

The following commands are available to use on Cisco upstream switch ports in interface configuration mode:

  • spanning-tree portfast

  • spanning-tree portfast trunk

  • spanning-tree portfast edge trunk

Interfaces

When the maximum transmission unit (MTU) is configured on an operationally up interface, the interface goes down and comes back up.

Supported MTU values vary according to underlying physical NIC capability.

Layer 3 VSG

When a VEM communicates with the Cisco Virtual Security Gateway (VSG) in Layer 3 mode, an additional header with 94 bytes is added to the original packet. You must set the MTU to a minimum of 1594 bytes to accommodate this extra header for any network interface through which the traffic passes between the Cisco Nexus 1000V and the Cisco VSG. These interfaces can include the uplink port profile, the proxy ARP router, or a virtual switch.

Copy Running-Config Startup-Config Command

When you are using the copy running-config startup-config command, do not press the PrtScn key. If you do, the command aborts.

Using the Bug Search Tool

Use the Bug Search Tool to search for a specific bug or to search for all bugs in a release.

Procedure
    Step 1   Go to http:/​/​tools.cisco.com/​bugsearch.
    Step 2   In the Log In screen, enter your registered Cisco.com username and password, and then click Log In. The Bug Search page opens.
    Note    If you do not have a Cisco.com username and password, you can register for them at http:/​/​tools.cisco.com/​RPF/​register/​register.do.
    Step 3   To search for a specific bug, enter the bug ID in the Search For field and press Enter.
    Step 4   To search for bugs in a specific release:
    1. In the Product field, choose Series/Model from the drop-down list and then enter the product name in the text field.
    Step 5   To search for bugs in the current release:
    1. In the Search For field, enter Cisco Nexus 1000V for VMware and press Enter. Leave the other fields empty.
    2. When the search results are displayed, use the filter tools to find the types of bugs you are looking for. You can search for bugs by status, severity, modified date, and so forth.
      Tip    To export the results to a spreadsheet, click the Export Results to Excel link.     

    Open Bugs

    The following table lists the bug ID and description of open bugs that apply to Cisco Nexus 1000V, Release 5.2(1)SV3(1.5a).

    Bug ID

    Description

    CSCut71618

    The ARP reply frames that have CRC offloaded to Cisco UCS Gen 3 VIC cards (VXLAN TSO or HW Offload) are corrupted on egress, all such ARP reply frames are dropped on the ingress adapter.

    CSCuu88333

    Rate and PPS counters are not accurate for Cisco Nexus 1000V interfaces.

    CSCus72554

    Cisco Nexus 1000V QoS rate statistics show 0 intermittently and updates after 20 seconds until next update.

    CSCuu41957

    The SVS is not Connecting to VC from VSM if the VC is using DNS Name and the primary DNS server is down and secondary is available.

    Resolved Bugs

    The following table lists the bug ID and description of a select number of resolved high-priority bugs in the Cisco Nexus 1000V for VMware, Release 5.2(1)SV3(1.5a).

    Bug ID

    Description

    CSCut77414

    Cisco Nexus 1000V includes fixes for the following April 2015 NTPd vulnerabilities: CVE-2015-1798 and CVE-2015-1799.

    CSCut45889

    Cisco Nexus 1000V includes fixes for the following MARCH 2015 OpenSSL vulnerabilities: CVE-2015-0291, CVE-2015-0204, CVE-2015-0290, CVE-2015-0207, CVE-2015-0286, CVE-2015-0208, CVE-2015-0287, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293, CVE-2015-1787, CVE-2015-0285, and CVE-2015-0288.

    CSCuu82360

    Cisco Nexus 1000V includes fixes for the following June 2015 OpenSSL vulnerabilities: CVE-2015-4000, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, CVE-2015-1791, and CVE-2014-8176.

    CSCuv26134

    Cisco Nexus 1000V includes fixes for the following July 2015 Open SSL vulnerability: CVE-2015-1793.

    CSCup47557

    Cisco Nexus 1000V includes fixes for the following multiple vulnerabilities in libxml2 : CVE-2008-3529, CVE-2008-4226, CVE-2011-3102, CVE-2011-3919, CVE-2011-4461, CVE-2011-4815, CVE-2011-4885, CVE-2012-0193, CVE-2012-0841, CVE-2012-2807, CVE-2012-5134, CVE-2014-0191, and CVE-2014-3660.

    CSCup47558

    Cisco Nexus 1000V includes fixes for the following multiple vulnerabilities in logrotate: CVE-2011-1098, CVE-2011-1154, and CVE-2011-1155.

    CSCuo43740

    Cisco Nexus 1000V VSM's Platform process (pfm) CPU utilization going high during SNMP walk.

    CSCuv10722

    VMWare ESXi 5.5 host crashes due to stale QoS Queuing queues available in the VEM.

    CSCut08678

    VMWare ESXi 5.5 U2 hosts crash with TSO offload enabled while sending VXLAN traffic.

    CSCun21945

    Cisco vPath offload fails to operate properly when enabled on NetScaler 1000v, this occurs due to the initial packet getting dropped by the VEM.

    CSCuv07448

    Cisco Nexus 1000V VEM has wrong ACL entries programmed for the interfaces when it has interface-override configured in it and the port-profile of that interface is changed.

    CSCuu03567

    Cisco Nexus 1000V VEM performance is low with Cisco vPath, TSO, and MAC-pinning.

    CSCuu12167

    Cisco Nexus 1000V VSM's forwarding manager (fwm) process crashes when there is bulk VEM module add or remove event in the VSM.

    CSCuv19159

    Cisco Nexus 1000V VSM's SNMP (SNMPD) process crashes when there is frequent polling using monitoring tools based on SNMP.

    CSCuv09908

    Enhancements in VSM to avoid PSS or storage corruption when there is storage loss if the VSM is hosted as VM in remote storage.

    CSCud66828

    Cisco Nexus 1000V VSM is not able to authenticate users with AAA servers when the users are configured for server monitoring with idle and dead times.

    CSCuv48080

    Cisco Nexus 1000V VSM's xml process crashes when the show running-config | tr -d a command is run over netconf.

    CSCuv64034

    A static route added on ESXi that has a vmkernel port added to Cisco Nexus 1000V as gateway goes missing after host reboots.

    CSCuv30131

    Performance of IPV6 VM to VM traffic is very low when TSO is enabled on the guest OS.

    CSCut03224

    Attaching IPv6 ACL in port-profile is failing.

    Accessibility Features in Cisco Nexus 1000V

    All product documents are accessible except for images, graphics, and some charts. If you would like to receive the product documentation in audio format, braille, or large print, contact accessibility@cisco.com.

    MIB Support

    The Cisco Management Information Base (MIB) list includes Cisco proprietary MIBs and many other Internet Engineering Task Force (IETF)-standard MIBs. These standard MIBs are defined in Requests for Comments (RFCs). To find specific MIB information, you must examine the Cisco proprietary MIB structure and related IETF-standard MIBs supported by the Cisco Nexus 1000V Series switch.

    The MIB Support List is available at the following FTP site: ftp:/​/​ftp.cisco.com/​pub/​mibs/​supportlists/​nexus1000v/​Nexus1000VMIBSupportList.html

    Obtaining Documentation and Submitting a Service Request

    For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What's New in Cisco Product Documentation, at: http:/​/​www.cisco.com/​c/​en/​us/​td/​docs/​general/​whatsnew/​whatsnew.html.

    Subscribe to What's New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation as an RSS feed and delivers content directly to your desktop using a reader application. The RSS feeds are a free service.

    Copyright © 2015, Cisco Systems, Inc. All rights reserved.