Cisco Nexus 9000 Series NX-OS Release Notes, Release 7.0(3)I1(1b)
Publication Date: April 16, 2015 Current Release: Release 7.0(3)I1(1b)
This document describes the features, caveats, and limitations for Cisco NX-OS Release 7.0(3)I1(1b) software for use on the Cisco Nexus 9000 Series switches and the Cisco Nexus 3164Q switch. Use this document in combination with documents listed in Related Documentation.
Table 1 shows the online change history for this document.
Table 1 Online History Change
April 16, 2015
Created the release notes for Release 7.0(3)I1(1b).
Cisco NX-OS software is a data center-class operating system designed for performance, resiliency, scalability, manageability, and programmability at its foundation. The Cisco NX-OS software provides a robust and comprehensive feature set that meets the requirements of virtualization and automation in mission-critical data center environments. The modular design of the Cisco NX-OS operating system makes zero-impact operations a reality and enables exceptional operational flexibility.
The Cisco Nexus 9000 Series uses an enhanced version of Cisco NX-OS software with a single binary image that supports every switch in the series, which simplifies image management.
New Hardware Features in Cisco NX-OS Release 7.0(3)I1(1b)
Cisco NX-OS Release 7.0(3)I1(1b) contains no new hardware features.
New Software Features in Cisco NX-OS Release 7.0(3)I1(1b)
Cisco NX-OS Release 7.0(3)I1(1b) contains no new software features.
Only one software image (called nx-os) is required to load the Cisco NX-OS operating system. This image runs on all Cisco Nexus 9000 Series switches and the Cisco Nexus 3164Q switch. For installation instructions, see the Cisco Nexus 9000 Series NX-OS Software Upgrade and Downgrade Guide.
To perform a software upgrade, follow the installation instructions in the Cisco Nexus 9000 Series NX-OS Software Upgrade and Downgrade Guide.
Disable the Guest Shell if you need to downgrade from Cisco NX-OS Release 7.0(3)I1(1b) to an earlier release.
Note If you perform a software maintenance upgrade (SMU) and later upgrade your device to a new Cisco NX-OS software release, the new image will overwrite both the previous Cisco NX-OS release and the SMU package file.
This section lists limitations related to Cisco NX-OS Release 7.0(3)I1(1b).
Layer 3 routed traffic for missing Layer 2 adjacency information is not flooded back onto VLAN members of ingress units when the source MAC address of routed traffic is a non-VDC MAC address. This limitation is for hardware flood traffic and can occur when the SVI has a user-configured MAC address.
DHCP relay with VxLAN is supported only in the following two scenarios:
– When the server is reachable through the default VRF.
– When the server and client are in the same VRF.
The neighbor-down fib-accelerate command is supported in a BGP-only environment.
The uplink module should not be removed from a Cisco Nexus 9300 Series switch that is running Cisco NX-OS Release 7.0(3)I1(1b). The ports on the uplink module should be used only for uplinks.
The PortLoopback and BootupPortLoopback tests are not supported.
The ASIC Memory-NS test is applicable only for the N9K-X9564PX and N9K-X9564TX line cards.
Priority flow control (PFC) is supported on Cisco Nexus 9500 Series switches with the N9K-X9636PQ line card. It is not yet supported on Cisco Nexus 9300 Series switches and Cisco Nexus 9500 Series switches with the N9K-X9564PX or N9K-X9564TX line card.
If you configure the FEX with 100/full-duplex speed and you do not explicitly configure the neighboring device with 100/full-duplex speed, the data packet traffic does not pass properly even though the link appears to be “up.”
– no speed–Auto negotiates and advertises all speeds (only full duplex).
– speed 100–Does not auto negotiate; pause cannot be advertised. The peer must be set to not auto negotiate (only 100 Mbps full duplex is supported).
– speed 1000–Auto negotiates and advertises pause (advertises only for 1000 Mbps full duplex).
Eight QoS groups are supported only on modular platforms with the following Cisco Nexus 9500 Series line cards:
In a non-BGP eVPN environment, the SVI for L2/L3 boundary is expected to be on a non-VTEP routing block (a router attached to a VTEP).
Cisco NX-OS Release 7.0(3)I1(1b) does not support these features from the Cisco Release 6.1(2)|3(3):
– The source interface support for traceroute feature.
– The Cisco NX-OS to ACI conversion feature with the ability to boot the ACI image from Cisco NX-OS mode instead of from the loader> prompt.
– The port-channel subinterface feature is not supported.
Cisco NX-OS Release 7.0(3)I1(1b) supports flooding for Microsoft Network Load Balancing (NLB) unicast mode on Cisco Nexus 9500 Series switches but not on Cisco Nexus 9300 Series switches. NLB is not supported in max-host system routing mode. NLB multicast mode is not supported on Cisco Nexus 9500 or 9300 Series switches.
Note To work around the situation of Unicast NLB limitation, we can statically hard code the ARP and MAC address pointing to the correct interface. Please refer to bug ID CSCuq03168 in detail in the “Open Caveats—Cisco NX-OS Release 7.0(3)I1(1b)” section.
TCAM resources are not shared when:
– Routed ACL is applied to multiple SVIs (switched virtual interfaces) in the egress direction.
– Applying VACL (VLAN ACL) to multiple VLANs.
Cisco Nexus 9000 Series hardware does not support range checks (layer 4 operators) in egress TCAM. Because of this, ACL/QoS policies with layer 4 operations-based classification need to be expanded to multiple entries in the egress TCAM. Egress TCAM space planning should take this limitation into account.
Applying the same QoS policy and ACL on multiple interfaces requires applying the qos-policy with the no-stats option to share the label.
Limitations for ALE uplink ports are listed at the following URL:
This section lists VXLAN features that are not supported.
VXLAN is not supported on Cisco Nexus 9500 Series switches.
TX SPAN (Switched Port Analyzer) for VXLAN traffic is not supported for the access-to-network direction.
QoS classification is not supported for VXLAN traffic in the network-to-access direction.
QoS buffer-boost feature is not applicable for VXLAN traffic.
ACL and QoS for VXLAN traffic in the network-to-access direction is not supported.
Native VLANs for VXLAN are not supported. All traffic on VXLAN Layer 2 trunks needs to be tagged.
Consistency checkers are not supported for VXLAN tables.
vPC type-1 consistency checkers are not supported for VXLAN configurations.
BGP eVPN neighbors are not supported over vPC interfaces.
VXLAN routing and VXLAN Bud Nodes features on the 3164Q platform are not supported.
DHCP snooping and DAI features are not supported on VXLAN VLANs.
IGMP snooping is not supported on VXLAN VLANs.
Configuring an RP (rendezvous point) on a VTEP device is not supported. When configuring a multicast group, the RP should be configured on non-VTEP devices.
VXLAN Topology Restrictions
FEX host interface ports are not supported for VLANs extended with VXLAN.
SVI uplinks are not supported on a VTEP when VTEP is in a Bud-Node topology (transit and gateway roles).
VXLAN ACL Limitations
The following ACL related features are not supported:
Ingress RACL that is applied on an uplink Layer 3 interface that matches on the inner or outer payload in the network-to-access direction (decapsulated path)
Egress RACL that is applied on an uplink Layer 3 interface that matches on the inner or outer payload in the access-to-network direction (encapsulated path)
Egress VACL for decapsulated VXLAN traffic
We recommend that you use a PACL or VACL on the access side to filter out traffic entering the overlay network.
Private VLANs (PVLANs) are not supported.
DHCP subnet broadcast is not supported.
FEX is supported only on the Cisco Nexus 9372PX and 9396PX switches. It is not supported on the other Cisco Nexus 9300 Series switches or the Cisco Nexus 9500 Series switches.
ASCII replay with FEX needs be done twice for HIF configurations to be applied. The second time should be done after the FEXs have come up.
IPSG is not supported on FEX ports.
Other Unsupported Features
The following lists other features not supported in the current release:
Due to a Poodle vulnerability, SSLv3 is no longer supported.
The Cisco Nexus 9300 Series switches and the Cisco Nexus 3164Q switch do not support the 64-bit ALPM routing mode.
IPSG is not supported on the following:
– The last 6 40G physical ports on the 9372PX, 9372TX, and 9332PQ switches
– All 40G physical ports on the 9396PX, 9396TX, and 93128TX switches
Configuring DHCP in VXLAN
This section demonstrates a new way to configure DHCP in VXLAN as supported in the Cisco NX-OS Release 7.0(3)I1(1b) release. Below is the configuration for a client and server in a different SVI and same tenant VRF.
Even though there are no QoS classification policies currently active on any of the FEX HIF interfaces, the show incompatibility command still reports FEX QoS incompatibility during downgrade from 3.2 to earlier versions of software.
BGP prefixes can experience temporary traffic drop during supervisor switchover when BGP prefixes have the Nexthop learned over BGP (Recursive Nexthop) in the presence of a default route in the system.
When a user reloads the active supervisor, the standby supervisor also reloads. During the reload process, the Service Policy Manager (SPM) cannot send data to the standby supervisor. A syslog is observed, notifying the active supervisor that the SPM has not successfully updated its data base to the standby supervisor. The active supervisor reloads the standby supervisor again, and the standby supervisor eventually reaches a good standby state.
After upgrading one of the Nexus 9000 switches in a vPC topology from a 6.1(2)|3(x) or earlier release to a 7.0(3)I1(1) or later release, while the other node still runs 6.1(2)|3(x) or earlier, STP disputes are seen on upstream devices. If bridge assurance (BA) is used, ports will be BA blocked.
Cisco Nexus 9000 Series FPGA/EPLD Upgrade Release Notes
Cisco Nexus 9000 Series NX-OS Release Note s
To provide technical feedback on this document, or to report an error or omission, please send your comments to email@example.com. We appreciate your feedback.
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.
This product includes cryptographic software written by Eric Young (firstname.lastname@example.org). This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/). This product includes software written by Tim Hudson (email@example.com).
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Cisco Nexus 9000 Series NX-OS Release Notes, Release 7.0(3)I1(1b)