LISP VXLAN Fabric for a Wired Network

A LISP VXLAN fabric is an enterprise solution that enables policy-based segmentation over a LISP-based fabric overlay across a Campus and Branch network. It uses a LISP-based control plane and VXLAN-based data plane.

Cisco Catalyst 9300LM Series Switches

The following new models have been introduced in the series:

• C9300LM-48T-4Y: Stackable 48 x 10/100/1000 M Ethernet ports; 4 x 25 GE SFP28 fixed uplink ports; 600 WAC power supply and fixed fans; supports StackWise-320.

• C9300LM-24U-4Y: Stackable 24 x 10/100/1000 M UPOE ports; 4 x 25 GE SFP28 fixed uplink ports; PoE budget of 420 W with a single default 600 WAC power supply; supports StackWise-320.

• C9300LM-48U-4Y: Stackable 48 x 10/100/1000 M UPOE ports; 4 x 25 GE SFP28 fixed uplink ports; PoE budget of 790 W with a single default 1000 WAC power supply; supports StackWise-320.

• C9300LM-48UX-4Y: Stackable 40 x 10/100/1000 M and 8 Multigigabit Ethernet (100M/1000M/2.5GE/5GE/10GE) UPOE ports; 4 x 25 GE SFP28 fixed uplink ports; PoE budget of 790 W with a single default 1000 WAC power supply; supports StackWise-320.

For more information about the hardware, see the Cisco Catalyst 9300 Series Switches Hardware Installation Guide.

C9300X-24HX

Stackable 24 Multigigabit Ethernet (100 Mbps or 1/2.5/5/10 Gbps) UPOE+ ports; PoE budget of 735W with 1100WAC power supply; supports StackPower+, StackWise-1T and C9300X-NM network modules.

For more information about the hardware, see the Cisco Catalyst 9300 Series Switches Hardware Installation Guide.

Cisco 10GBASE-LR/10GBASE-BR/25GBASE-BR Modules on C9300-NM-2Y

On C9300-NM-2Y network module, the following SFPs are supported.

• SFP-10/25G-BXD-I

• SFP-10/25G-BXU-I

For information about the modules, see Cisco 25GBASE SFP28 Modules Data Sheet. For information about device compatibility, see the Transceiver Module Group (TMG) Compatibility Matrix.

BGP EVPN VXLAN: TCP MSS Adjustment

TCP MSS Adjustment: Introduces support for IPv4 and IPv6 TCP MSS Adjustment for EVPN Routed Overlay.

DHCP Snooping with Egress SPAN on the same interface

Introduces support for configuring concurrent DHCP Snooping and egress SPAN on the same interface for non-SDA deployments.

Programmability

• YANG Data Models

• Pubd Restartability

The following programmability features are introduced in this release:

• YANG Data Models: For the list of Cisco IOS XE YANG models available with this release, navigate to: https://github.com/YangModels/yang/tree/master/vendor/cisco/xe/1791.

  Revision statements embedded in the YANG files indicate if there has been a model revision. The README.md file in the same GitHub location highlights changes that have been made in the release.

  (Network Advantage)

• Pubd Restartability: The pubd process is restartable on all platforms in this release. Prior to this release, pubd was restartable only on certain platforms. On other platforms, to restart the pubd process, the whole device had to be restarted.

Smart Licensing Using Policy

• New mechanism to send data privacy related information

• Hostname support

The following Smart Licensing Using Policy features are introduced in this release:

• New mechanism to send data privacy related information: This information is no longer included in a RUM report.

  If data privacy is disabled (no license smart privacy { all | hostname | version} global configuration command), data privacy related information is sent in a separate sync message or offline file.

  Depending on the topology you have implemented, the product instance initiates the sending of this information in a separate message, or CSLU and SSM On-Prem initiates the retrieval of this information from the product instance, or this information is saved in the offline file that is generated when you enter the license smart save usage privileged EXEC command.

• Hostname support: Support for sending hostname information was introduced.

  If you configure a hostname on the product instance and disable the corresponding privacy setting (no license smart privacy hostname global configuration command), hostname information is sent from the product instance, in a separate sync message or offline file.

  Depending on the topology you have implemented, the hostname information is received by CSSM, and CSLU or SSM On-Prem. It is then displayed on the corresponding user interface.

  (Network Advantage)

SMU Installation disabled in bundle mode

Support for SMU installation is disabled in bundle mode. Installation is supported only in install mode.

(Network Advantage)

Support for PI SSH

Cisco IOS SSH Server and Client support for the following encryption algorithms have been introduced:

• aes128-gcm@openssh.com

• aes256-gcm@openssh.com

IPsec

• BGP EVPN VXLAN over IPSec

• IPsec NAT Transparency

• VRF Aware IPsec

The following IPsec features are introduced in this release:

• An IPSec-based underlay network securely transports the VXLAN-encapsulated packets between the source and destination VTEPs. Securing the BGP EVPN VXLAN data traffic using IPSec tunnel encrypts the data and maintains data integrity.

• The IPsec NAT Transparency feature introduces support for IP Security (IPsec) traffic to travel through Network Address Translation (NAT) or Port Address Translation (PAT) points in the network by addressing many known incompatibilities between NAT and IPsec.

• The VRF-Aware IPsec feature introduces IP Security (IPsec) tunnel mapping to Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs). Using the VRF-Aware IPsec feature, you can map IPsec tunnels to Virtual Routing and Forwarding (VRF) instances using a single public-facing address.

  (DNA Advantage)

SXP Version 5

SXP version 5 has been designed to export and import SXP mappings between specified SXP peers.

(DNA Advantage)