Cisco Nexus 9000 Series NX-OS Release Notes, Release 6.1(2)I3(2)
Publication Date: November 10, 2014 Current Release: Release 6.1(2)I3(2)
This document describes the features, caveats, and limitations for Cisco NX-OS Release 6.1(2)I3(2) software for use on the Cisco Nexus 9000 Series switches and the Cisco Nexus 3164Q switch. Use this document in combination with documents listed in Related Documentation.
Table 1 shows the online change history for this document.
Table 1 Online History Change
November 10, 2014
Created the release notes for Release 6.1(2)I3(2).
Cisco NX-OS software is a data center-class operating system designed for performance, resiliency, scalability, manageability, and programmability at its foundation. The Cisco NX-OS software provides a robust and comprehensive feature set that meets the requirements of virtualization and automation in mission-critical data center environments. The modular design of the Cisco NX-OS operating system makes zero-impact operations a reality and enables exceptional operational flexibility.
The Cisco Nexus 9000 Series uses an enhanced version of Cisco NX-OS software with a single binary image that supports every switch in the series, which simplifies image management.
40GBASE-LR4 QSFP 40G transceiver module for single mode fiber, 4 CWDM lanes in 1310-nm window muxed inside module, duplex LC connector, 10-km, 40G Ethernet rate only
40GBASE-CR4 QSFP to four 10GBASE-CU SFP+ direct attach breakout cable assembly, 7 meter active
40GBASE-CR4 QSFP to four 10GBASE-CU SFP+ direct attach breakout cable assembly, 10 meter active
40GBASE-CR4 QSFP direct-attach copper cable, 5 meter passive
40GBASE-CR4 QSFP direct-attach copper cable, 3 meter passive
40GBASE-CR4 QSFP direct-attach copper cable, 1 meter passive
40GBASE-CR4 QSFP direct-attach copper cable, 7 meter active
40GBASE-CR4 QSFP direct-attach copper cable, 10 meter active
10GBASE-SR SFP+ module
10GBASE-LR SFP+ module
10GBASE-CU SFP+ cable 1 meter
10GBASE-CU SFP+ cable 3 meter
10GBASE-CU SFP+ cable 5 meter
Active Twinax cable assembly, 7 meter
Active Twinax cable assembly, 10 meter
GE SFP, LC connector SX transceiver
GE SFP, LC connector LX/LH transceiver
QSFP to SFP/SFP+ Adapter (QSA) module (for use with only the SFP-10G-SR and SFP-10G-LR modules)
Note For the current release, if you are using the four 10G breakout cables with a Cisco Nexus 9000 Series switch, all ports on the I/O module must be set to breakout mode. A maximum of three l/O modules can be placed in breakout mode.
Supported FEX Modules
The following is a list of FEX modules the Cisco NX-OS Release 6.1(2)I3(2) supports with Cisco Nexus 9372PX and 9396PX switches:
Cisco Nexus 2224TP
Cisco Nexus 2232PP
Cisco Nexus 2232TM and 2232TM-E
Cisco Nexus 2248PQ
Cisco Nexus 2248TP and 2248TP-E
New and Changed Information
This section lists the new and changed features in Release 6.1(2)I3(2), and includes the following topics:
New Hardware Features in Cisco NX-OS Release 6.1(2)I3(2)
The Cisco NX-OS Release 6.1(2)I3(2) supports the following new hardware features:
The Cisco Nexus 3164Q switch supports port-side exhaust airflow in addition to port-side intake airflow. This enables you to order the switch so that you can position it with the ports in either the cold aisle (port-side intake) or hot aisle (port-side exhaust). For port-side intake airflow, you must order the switch with N9K-C9300-FAN3 fan tray and N9K-PAC-1200W power supply modules. For port-side exhaust airflow, you must order the switch with N9K-C9300-FAN3-B fan tray and N9K-PAC-1200W-B power supply modules. You can easily identify the airflow direction for each of these modules by looking for a color designation on the module—a burgundy color indicates port-side intake airflow (N9K-C9300-FAN3 fan tray and N9K-PAC-1200W power supply modules) and a blue color indicates a port-side exhaust airflow (N9K-C9300-FAN3-B fan tray and N9K-PAC-1200W-B power supply modules).
Note All of the fan trays and power supplies in the same switch must have the same direction of airflow (that is, all of the modules must have the same color designation) or else the switch can overheat and shutdown.
The Cisco Nexus 9396PX switch supports the SFP-10G-LRM transceiver with Single-Mode Fiber (SMF) optics for distances up to 984 feet (300 m).
For listings of the transceivers supported by each switch, see
New Software Features in Cisco NX-OS Release 6.1(2)I3(2)
Cisco NX-OS Release 6.1(2)I3(2) includes the new software features described in these sections for the Cisco Nexus 9000 Series switches and the Cisco Nexus 3164Q switch:
FEX QoS policy – Supports the classification of traffic classes and the marking of incoming and outgoing packets. For additional information, see the Cisco Nexus 9000 Series NX-OS Quality of Service Configuration Guide.
QoS TCAM lite regions – Enables the configuration of single wide QoS TCAM entries for IPV4.
QoS TCAM lite regions support QoS policies for Layer 2, Layer 3, VLAN, and FEX interfaces. For additional information, see the Cisco Nexus 9000 Series NX-OS Quality of Service Configuration Guide.
GRE support for IP tunnels – Provides support for the GRE carrier protocol to enable IP tunnels to enable IPV4 transport between two devices. For additional information, see the Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide.
Security features added:
– MAC packet classification – Controls whether a MAC ACL that is on a Layer 2 interface applies to all traffic entering the interface, including IP traffic, or to non-IP traffic only.
– Policy-based ACLs (PBACLs) – Applies access control policies across object groups. An object group is a group of IP addresses or a group of TCP or UDP ports. Using object groups when you configure IPv4 or IPv6 ACLs can help to reduce the complexity of updating the ACLs when you need to add or remove IP addresses or ports from rules.
For additional information, see the Cisco Nexus 9000 Series NX-OS Security Configuration Guide.
64-bit algorithmic longest prefix match (ALPM) routing mode – Increases the scale for IPv6 route table entries with less than or equal to a 64-bit prefix length. This feature is supported only on Cisco Nexus 9500 Series switches. For the supported ratios of IPv4 and IPv6 entries and for additional information, see the Cisco Nexus 9000 Series NX-OS Unicast Routing Configuration Guide.
Designated router delay – Delays participation in designated router (DR) election, upon bootup or following an IP address or interface state change, by setting the DR priority that is advertised in PIM hello messages to 0 for a specified period. The designated router delay feature is supported only on the Cisco Nexus 9000 Series switches and is not supported on the Cisco Nexus 3164Q Switch. For additional information, see the Cisco Nexus 9000 Series NX-OS Multicast Routing Configuration Guide.
Disable policy batching – Disables the batching evaluation of prefix advertisements to all BGP peers. For more information, see the Cisco Nexus 9000 Series NX-OS Unicast Routing Configuration Guide.
Only one software image (called nx-os) is required to load the Cisco NX-OS operating system. This image runs on all Cisco Nexus 9000 Series switches and the Cisco Nexus 3164Q switch. For installation instructions, see the Cisco Nexus 9000 Series NX-OS Software Upgrade and Downgrade Guide.
To perform a software upgrade, follow the installation instructions in the Cisco Nexus 9000 Series NX-OS Software Upgrade and Downgrade Guide.
Disable the Guest Shell if you need to downgrade from Cisco NX-OS Release 6.1(2)I3(2) to an earlier release.
Note If you perform a software maintenance upgrade (SMU) and later upgrade your device to a new Cisco NX-OS software release, the new image will overwrite both the previous Cisco NX-OS release and the SMU package file.
This section lists limitations related to Cisco NX-OS Release 6.1(2)I3(2).
Layer 3 routed traffic for missing Layer 2 adjacency information is not flooded back onto VLAN members of ingress units when the source MAC address of routed traffic is a non-VDC MAC address. This limitation is for hardware flood traffic and can occur when the SVI has a user-configured MAC address.
The neighbor-down fib-accelerate command is supported in a BGP-only environment.
The uplink module should not be removed from a Cisco Nexus 9300 Series switch that is running Cisco NX-OS Release 6.1(2)I3(2). The ports on the uplink module should be used only for uplinks.
The PortLoopback and BootupPortLoopback tests are not supported.
The ASIC Memory-NS test is applicable only for the N9K-X9564PX and N9K-X9564TX line cards.
Priority flow control (PFC) is supported on Cisco Nexus 9500 Series switches with the N9K-X9636PQ line card. It is not yet supported on Cisco Nexus 9300 Series switches and Cisco Nexus 9500 Series switches with the N9K-X9564PX or N9K-X9564TX line card.
If you configure the FEX with 100/full-duplex speed and you do not explicitly configure the neighboring device with 100/full-duplex speed, the data packet traffic does not pass properly even though the link appears to be “up.”
– no speed: Auto negotiates and advertises all speeds (only full duplex).
– speed 100: Does not auto negotiate; pause cannot be advertised. The peer must be set to not auto negotiate (only 100 Mbps full duplex is supported).
– speed 1000: Auto negotiates and advertises pause (advertises only for 1000 Mbps full duplex).
Eight QoS groups are supported only on modular platforms with the following Cisco Nexus 9500 Series line cards: N9K-X9636PQ, N9K-X9464PX, N9K-X9464TX, and N9K-X9432PQ.
Cisco NX-OS Release 6.1(2)I3(2) supports flooding for Microsoft Network Load Balancing (NLB) unicast mode on Cisco Nexus 9500 Series switches but not on Cisco Nexus 9300 Series switches. NLB is not supported in max-host system routing mode. NLB multicast mode is not supported on Cisco Nexus 9500 or 9300 Series switches.
Note To workaround the situation of Unicast NLB limitation, we can statically hard code the ARP and MAC address pointing to the correct interface. Please refer to bug ID CSCuq03168 in detail in the “Open Caveats—Cisco NX-OS Release 6.1(2)I3(2)” section.
When routed ACL is applied to multiple SVIs (switched virtual interfaces) in the egress direction, TCAM resources are not shared.
When VACL (VLAN ACL) is applied to multiple VLANs, TCAM resources are not shared.
N9K hardware does not support range checks (layer 4 operators) in egress TCAM. Because of this, ACL/QoS policies with layer 4 operations-based classification need to be expanded to multiple entries in the egress TCAM. Egress TCAM space planning should take this limitation into account.
If the same QOS policy and ACL is applied on multiple interfaces, the label will be shared only when the qos-policy is applied with the no-stats option.
Limitations for ALE uplink ports are listed at the following URL:
This section lists features that are not supported in the current release.
This section lists VXLAN features that are not supported.
VXLAN routing is not supported.
The default Layer 3 gateway for VXLAN VLANs should be provisioned on a different device.
Switched Port Analyzer (SPAN) Tx for VXLAN traffic is not supported for the access-to-network direction.
Ingress router access control lists (RACLs) are not supported on Layer 3 uplinks for VXLAN traffic. Egress VACLs cannot be used on decapsulated packets in the network-to-access direction on the inner payload. As a best practice, use PACLs or VACLs for the access-to-network direction.
QoS classification is not supported for VXLAN traffic in the network-to-access direction.
The QoS buffer-boost feature is not applicable for VXLAN traffic.
ACL and QoS for VXLAN traffic in the network-to-access direction is not supported.
Native VLANs for VXLAN are not supported. All traffic on VXLAN Layer 2 trunks needs to be tagged.
Consistency checkers are not supported for VXLAN tables.
Just one network virtualization edge (NVE) interface is allowed on the switch.
Because the NVE (VXLAN) process is not restartable, patching support is not supported for VXLAN.
vPC type-1 consistency checkers are not supported for VXLAN configurations.
Dynamic re-IP of an NVE tunnel is not supported. Tunnels must be shut down prior to live IP address changes.
VXLAN Topology Restrictions
A device cannot be a VXLAN gateway (vxlan-vlan flows) and a VXLAN bridge (vxlan-vxlan flows) for the same multicast groups, which are also called the bud-node topology. As a best practice, use the device as either a bridging device or a gateway device, but not both.
Due to bud-node restrictions, a VXLAN tunnel endpoint (VTEP) cannot reach the rendezvous point (RP) through another VTEP. Because of this limitation, there can be no direct Layer 3 links between two VTEPs, unless one of the VTEPs is the RP.
FEX host interface ports are not supported for VLANs extended with VXLAN.
VXLAN ACL Limitations
The following ACL related features are not supported:
Ingress RACL that is applied on an uplink Layer 3 interface that matches on the inner or outer payload in the network-to-access direction (decapsulated path)
Egress RACL that is applied on an uplink Layer 3 interface that matches on the inner or outer payload in the access-to-network direction (encapsulated path)
Egress VACL for decapsulated VXLAN traffic
We recommend that you use a PACL or VACL on the access side to filter out traffic entering the overlay network.
Private VLANs (PVLANs) are not supported.
DHCP subnet broadcast is not supported.
FEX is supported only on the Cisco Nexus 9372PX and 9396PX switches. It is not supported on the other Cisco Nexus 9300 Series switches or the Cisco Nexus 9500 Series switches.
Other Unsupported Features
The following lists other features not supported in the current release:
Due to a Poodle vulnerability, SSLv3 is no longer supported.
The Cisco Nexus 9300 Series switches and the Cisco Nexus 3164Q switch do not support the 64-bit ALPM routing mode.
BGP prefixes can experience temporary traffic drop during supervisor switchover when BGP prefixes have the Nexthop learned over BGP (Recursive Nexthop) in the presence of a default route in the system.
When using a Nexus 9000 Switch with a FEX and an LACP port-channel with n o lacp suspend-individual configuration, the port channel gets stuck in I state if the end device stops sending LACP PDUs for a brief period of time.
Even though there are no QoS classification policies currently active on any of the FEX HIF interfaces, the show incompatibility command still reports FEX QoS incompatibility during downgrade from 3.2 to earlier versions of software.
Cisco Nexus 9000 Series FPGA/EPLD Upgrade Release Notes
Cisco Nexus 9000 Series NX-OS Release Note s
To provide technical feedback on this document, or to report an error or omission, please send your comments to firstname.lastname@example.org. We appreciate your feedback.
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.
This product includes cryptographic software written by Eric Young (email@example.com). This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/). This product includes software written by Tim Hudson (firstname.lastname@example.org).
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Cisco Nexus 9000 Series NX-OS Release Notes, Release 6.1(2)I3(2)