Cisco Application Policy Infrastructure Controller, Release 1.0(3o), Release Notes
Available Languages
Cisco Application Policy Infrastructure Controller, Release 1.0(3o), Release Notes
This document describes the features, caveats, and limitations for the Cisco Application Policy Infrastructure Controller (APIC) software. For more information on specific hardware features, see the Cisco NX-OS Release 11.0(3o) Release Notes for Cisco Nexus 9000 Series ACI-Mode Switches. Additional product documentation is listed in the “Related Documentation” section.
Release notes are sometimes updated with new information about restrictions and caveats. See the following website for the most recent version of this document:
Table 1 shows the online change history for this document.
Table 1. Online History Change
| Date |
Description |
| July 9, 2015 |
Created the release notes for Release 1.0(3o). |
| July 16, 2015 |
Fixed an incorrect resolved caveat bug ID in the table (CSCur88179 -> CSCut88179). The URL was correct; only the text shown on the table was wrong. |
| December 9, 2015 |
Fixed incorrect URLs to the documentation on cisco.com. |
| February 29, 2016 |
In the Compatibility Information section, added a link to the AVS Release Notes. |
| February 28, 2017 |
In the Usage Guidelines section, added: If the communication between the APIC and vCenter is impaired, some functionality is adversely affected. The APIC relies on the pulling of inventory information, updating vDS configuration, and receiving event notifications from the vCenter for performing certain operations. |
Contents
This document includes the following sections:
■ Caveats
Introduction
The Cisco Application Centric Infrastructure (ACI) is an architecture that allows the application to define the networking requirements in a programmatic way. This architecture simplifies, optimizes, and accelerates the entire application deployment life cycle.
The Cisco Application Centric Infrastructure Fundamentals guide provides complete details about the ACI.
Installation Notes
■ For installation instructions, see the Cisco ACI Fabric Hardware Installation Guide.
■ For instructions on how to access the APIC for the first time, see the Cisco APIC Getting Started Guide.
■ For the Cisco APIC Python SDK documentation, including installation instructions, see the Cisco APIC Python SDK Documentation.
Two installation egg files are needed for installation. You can download these files from a running APIC at the following URLs:
— http[s]://<APIC address>/cobra/_downloads/acimodel-1.0_3o-py2.7.egg
This is the SDK file.
— http[s]://<APIC address>/cobra/_downloads/acicobra-1.0_3o-py2.7.egg
This file includes the Python packages that model the Cisco ACI Management Information Tree.
Both files are required.
Note: Installation of the SDK with SSL support on Unix/Linux and Mac OS X requires a compiler. For a Windows installation, you can install the compiled shared objects for the SDK dependencies using wheel packages.
Note: The model package depends on the SDK package; be sure to install the SDK package first.
Upgrade Instructions
To upgrade from a 1.0(2x) release to a 1.0(3x) release:
1. Upgrade the APIC controller software image.
2. After all APICs in the cluster are successfully upgraded, upgrade all the switches in the fabric.
Note: The switches may need to be rebooted after upgrading (see CSCut32029).
Downgrade Instructions
To downgrade the APICs and switches from a 1.0(3x) release a 1.0(2x) release:
1. Downgrade the APIC controllers.
2. After all APICs in the cluster are successfully downgraded, downgrade the switches in the fabric.
The 1.0(3o) release does not support a stateful downgrade to the 1.0(3f) release or an earlier release. To downgrade from 1.0(3o) to an earlier release, you must perform a stateless downgrade:
1. Export the configuration.
2. Downgrade to the earlier release
3. Import the configuration in that release.
Note: Switch models N9K-C9372PX, N9K-C9332PQ, and N9K-C9372TX are not supported for downgrading in the APIC 1.0(3x) or the Cisco Nexus 9000 11.0(3x) releases. If your fabric has these models, do not downgrade.
Compatibility Information
■ Cisco APIC Release 1.0(3o) supports the hardware and software listed on the ACI Ecosystem Compatibility List and the software listed as follows:
— Cisco NX-OS Release 11.0(3o)
— Cisco AVS, Release 5.2(1)Sv3(1.3)
For more information about the supported AVS releases, see the AVS software compatibility information in the Cisco Application Virtual Switch Release Notes at the following URL:
— Cisco UCS Manager software Release 2.2(1c) or later is required for the Cisco UCS Fabric Interconnect and other components, including the BIOS, CIMC, and the adapter
■ The breakout of 40G ports to 4x10G on the N9332PQ switch is not supported in ACI-Mode.
■ To connect the APIC (the controller cluster) to the ACI fabric, it is required to have a 10G interface on the ACI leaf. You cannot connect the APIC directly to the N9332PQ ACI Leaf.
■ Cisco APIC Release 1.0(3o) supports the following firmware:
— 1.5(4e) CIMC HUU iso
— 2.0(3i) CIMC HUU iso
Usage Guidelines
This section lists usage guidelines for the APIC software.
■ The APIC GUI supports the following browsers:
— Chrome version 35 (at minimum) on Mac and Windows
— Firefox version 26 (at minimum) on Mac, Linux, and Windows
— Internet Explorer version 11(at minimum)
— Safari 7.0.3 (at minimum)
Note: Restart your browser after upgrading to 1.0(3o).
Caution: A known issue exists with the Safari browser and unsigned certificates. Read the information presented here before accepting an unsigned certificate for use with WebSockets.
When you access the HTTPS site, the following message appears:
“Safari can’t verify the identity of the website APIC. The certificate for this website is invalid. You might be connecting to a website that is pretending to be an APIC, which could put your confidential information at risk. Would you like to connect to the website anyway?”
To ensure that WebSockets can connect, you must do the following:
1. Click Show Certificate.
2. Select Always Trust in the three drop-down lists that appear.
If you do not follow these steps above, WebSockets will not be able to connect.
■ The APIC GUI includes an online version of the Quick Start guide that includes video demonstrations.
■ The infrastructure IP address range must not overlap with other IP addresses used in the fabric for inband and out-of-band networks.
■ The APIC does not provide an IPAM solution, so ensure that IP addresses are unique within a private network/ context.
■ Press the Escape key twice (<Esc> <Esc>) to display APIC CLI command options.
■ In some of the 5-minute statistics data, the count of ten-second samples is 29 instead of 30.
■ For the following services, use a DNS-based host name with out-of-band management connectivity. IP addresses can be used with both inband and out-of-band management connectivity.
— Syslog server
— Call Home SMTP server
— Tech support export server
— Configuration export server
— Statistics export server
■ Inband management connectivity to the spine switches is possible from any host that is connected to the leaf switches of the Fabric, and leaf switches can be managed from any host that has IP connectivity to the fabric.
■ When configuring an AC (atomic counter) policy between two endpoints, and an IP is learned on one of the two endpoints, it is recommended to use an IP-based policy, and not a client endpoint based policy.
■ If the communication between the APIC and vCenter is impaired, some functionality is adversely affected. The APIC relies on the pulling of inventory information, updating vDS configuration, and receiving event notifications from the vCenter for performing certain operations.
Verified Scalability Limits
For the verified scalability limits, see the Verified Scalability Guide for this release:
New and Changed Information
This section lists the new and changed features in Release 1.0(3o).
New Hardware Features in Cisco NX-OS Release 1.0(3o)
Cisco NX-OS Release 1.0(3o) supports no new hardware features.
New Software Features in Cisco NX-OS Release 1.0(3o)
Cisco NX-OS Release 1.0(3o) supports no new software features.
Caveats
This section contains lists of open and resolved caveats and known behaviors.
Open Caveats
The following table lists the open caveats in this release. Click the bug ID to access the Bug Search tool and see additional information about the bug.
Table 2. Open Caveats in Cisco APIC Release 1.0(3o)
| Bug ID |
Description |
| The switch disappears for several minutes from topology, firmware, and maintenance policies while being upgraded. |
|
| The APIC is rebooted using CIMC power reboot. On reboot, the system enters into fsck due to a corrupted disk. |
|
| When attempting to log into an LDAP provider configured in Strict SSL mode, and the system is not configured with the CA certificate for that LDAP SSL server, the nginx daemon will gracefully restart itself to attempt to work around an openldap library SSL certificate caching bug. |
|
| A tenant cannot be deleted because it is part of "mgmt" or "all" security domains. This may occur after an upgrade from a release 1.0.1x to 1.0.2x |
|
| During a policy upgrade of the APIC controller, some APICs fail to reboot after the upgrade process has completed. |
|
| The NTPD configuration is wiped out on a power shutdown. |
|
| Policy Elements crash on the leaf after deleting an infrastructure configuration such as infraAccBndlGrp, Selectors, or VLAN/VXLAN Namespace. |
|
| On large scale setups, some login requests are taking more than 30 seconds. |
|
| The serial baud rate is changed from 9600 to 115200. |
|
| An enhancement is needed to sync the hardware clock to the NTP clock once per day. |
|
| The APIC Controller Fan stats collection does not display the speed/PWM data regardless of the interval chosen. |
|
| Traffic between application endpoint groups and external Layer 3 networks on different leafs is dropped if multiple external Layer 3 networks are configured in the same context. |
Resolved Caveats
The following table lists the resolved caveats in this release. Click the bug ID to access the Bug Search tool and see additional information about the bug.
Table 3. Resolved Caveats in Cisco APIC Release 1.0(3o)
| Bug ID |
Description |
| An OpFlex flap sometimes causes the deletion of the tunnel to the ESX/AVS instance. |
Known Behaviors
The following table lists the caveats that describe known behaviors in this release. Click the Bug ID to access the Bug Search Tool and see additional information about the bug.
Table 4. Known Behaviors in Cisco APIC Release 1.0(3o)
| Bug ID |
Description |
| Following a FEX or switch reload, configured interface tags are no longer configured correctly. |
|
| Switches could get downgraded to a 1.0(1x) version if the imported configuration consists of a firmware policy with a desired version set to 1.0(1x). |
|
| DEs are not joining the fabric after being decommissioned. |
|
| Some reported client endpoints are not present on the APIC during an upgrade. |
■ During the upgrade from a 1.0(1x) to a 1.0(2x) release, endpoints reporting will be delayed until all APICs are upgraded to 1.0(2x).
Related Documentation
This section lists the product documentation for the Cisco APIC. Links to the documentation are available in the Cisco ACI Fabric Documentation Roadmap that is published here:
The Cisco Application Policy Infrastructure Controller (APIC) website is here:
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2015-2017 Cisco Systems, Inc. All rights reserved.
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)