New Software Features in Cisco NX-OS Release 7.0(3)I1(1)
Cisco NX-OS Release 7.0(3)I1(1) includes the new software features described in these sections for the Cisco Nexus 9000 Series switches and the Cisco Nexus 3164Q switch:
– 10G dynamic breakout support - A port can have 10G or 40G bandwidth. Ports that have a 40G or higher bandwidth are considered high bandwidth ports (HBP). The dynamic breakout feature enables you to split any HBP into multiple 10G ports (breakout ports).
Dynamic breakout is supported only on the following:
- X9636PQ, X9432PQ, and X9536PQ line cards on a Cisco Nexus 9500 Series switch
- Cisco Nexus 9332PQ switch (all ports except 13-14 and 27-32 can support breakout) and the Cisco Nexus 3164Q switch
– Symmetric hashing - Symmetric hashing on a port channel ensures that bidirectional traffic uses the same physical interface to effectively monitor traffic on the port channel.
– Tunnel statistics - Provides statistics for an IP tunnel interface. Please note the following caveats for this feature:
- Only IPv4 Unicast forwarding is supported
- No additional features (ACL/QOS/PBR) are supported on tunnel interface
- Tunnel is only supported in Default routing mode
- No PMTU support on tunnel interface
– IPv6 for BFD - Provides IPv6 support for Bidirectional Forwarding Detection (BFD) to enable BGPv6, EIGRPv6, OSPFv3, and IS-ISv6 protocols for BFD.
– Multicast multipath enhancement – Added the ability to use the existing reverse path forwarding (RPF) information instead of performing a rehash if a change occurs in the equal-cost multi-path (ECMP) path list. For additional information, see the Cisco Nexus 9000 Series NX-OS Multicast Routing Configuration Guide.
– Egress QoS policy - Support for packet Marking and Policing in the egress direction. Interface policy-map statistics are enhanced to support output direction.
– DHCP snooping – Acts like a firewall between untrusted hosts and trusted DHCP servers. DHCP snooping can resolve some types of denial-of-service (DOS) attacks that can be engineered by DHCP messages.
– Dynamic ARP inspection (DAI) – Determines the validity of an ARP packet based on valid IP-to-MAC address bindings stored in a DHCP snooping binding database and ensures that only valid ARP requests and responses are relayed.
– IP source guard (IPSG) – A per-interface traffic filter that permits IP traffic only when the IP address and MAC address of each packet match one of two sources of IP and MAC address bindings: entries in the DHCP snooping binding table or static IP source entries that you configure.
For additional information, see the Cisco Nexus 9000 Series NX-OS Security Configuration Guide.
- System Management Features
– 1588 timestamping in ERSPAN Type III packets – PTP’s timestamping feature provides timestamp information in the ERSPAN Type III header that can be used to calculate packet latency among edge, aggregate, and core switches.
– TAP aggregation – Allows the aggregation of multiple test access points (TAPs) to help with monitoring and troubleshooting tasks in the data center. Tap aggregation switches link all of the monitoring devices to specific points in the network fabric that handle the packets that need to be observed.
– Precision Time Protocol (PTP) – A time synchronization protocol defined in IEEE 1588 for nodes distributed across a network. It specifies how real-time clocks in the system synchronize with each other.
Note Only these devices support PTP: Cisco Nexus 9332PQ switch (the last 6 physical ports do not support PTP), Cisco Nexus 9396PX switch (all 40G physical ports do not support PTP), Cisco Nexus 9504 or 9508 switch with an X9636PQ line card, and Cisco Nexus 3164Q switch.
For additional information, see the Cisco Nexus 9000 Series NX-OS System Management Configuration Guide.
– EIGRP NSF enhancement – Makes EIGRP wait for the convergence of redistributed protocols being tracked before installing its own routes in the Routing Information Base (RIB) during nonstop forwarding (NSF).
– IPv6 for BFD – Provides IPv6 support for Bidirectional Forwarding Detection (BFD) for the BGP, EIGRP, OSPFv3, and IS-IS Layer 3 routing protocols.
– Max L3 LPM routing mode – You can configure LPM mode 4 on Cisco Nexus 9300 Series switches in order to support significantly more LPM routes, specifically 128,000 IPv4 routes and 20,000 IPv6 routes.
– VRRPv3 – VRRP version 3 enables a group of switches to form a single virtual switch in order to provide redundancy and reduce the possibility of a single point of failure in a network.
For additional information, see the Cisco Nexus 9000 Series NX-OS Unicast Routing Configuration Guide.
– VXLAN MIB/counters - VXLAN MIB - CISCO-NETWORK-VIRTUALIZATION-OVERLAY-MIB provides SNMP access to manage the configuration, status, and statistics information of the virtual network overlay feature.
– VXLAN bud node - Support for bud-node topology on Cisco 9300 VTEP devices.
Note A bud node is a device that is a VXLAN VTEP device, and at the same time, an IP transit device for the same VXLAN VNIs.
– VXLAN ingress replication - Provides support to replicate multi-destination packets (broadcast, unknown unicast, or multicast packets) to statically defined peers, uses VxLAN unicast, and eliminates the need of a multicast core.
– VXLAN eVPN - Supports a BGP ethernet VPN (EVPN) control plane.
– VXLAN anycast gateway with eVPN - Provides anycast gateway addressing and an overlay network to enable a distributed control plane.
– ARP suppression - Provides suppression of ARP packets, which prevents flooding of ARPs in the core.