Overview

This chapter contains the following sections:

Supported Platforms

Starting with Cisco NX-OS release 7.0(3)I7(1), use the Nexus Switch Platform Support Matrix to know from which Cisco NX-OS releases various Cisco Nexus 9000 and 3000 switches support a selected feature.

Software Image

The Cisco NX-OS software consists of one NXOS software image.

Software Compatibility

The Cisco NX-OS software interoperates with Cisco products that run any variant of the Cisco IOS software. The Cisco NX-OS software also interoperates with any networking operating system that conforms to the IEEE and RFC compliance standards.

Spine/Leaf Topology

The Cisco Nexus 9000 Series switches support a two-tier spine/leaf topology.

Figure 1. Spine/Leaf Topology. This figure shows an example of a spine/leaf topology with four leaf switches (Cisco Nexus 9396 or 93128) connecting into two spine switches (Cisco Nexus 9508) and two 40G Ethernet uplinks from each leaf to each spine.

Modular Software Design

The Cisco NX-OS software supports distributed multithreaded processing on symmetric multiprocessors (SMPs), multi-core CPUs, and distributed data module processors. The Cisco NX-OS software offloads computationally intensive tasks, such as hardware table programming, to dedicated processors distributed across the data modules. The modular processes are created on demand, each in a separate protected memory space. Processes are started and system resources are allocated only when you enable a feature. A real-time preemptive scheduler helps to ensure the timely processing of critical functions.

Serviceability

The Cisco NX-OS software has serviceability functions that allow the device to respond to network trends and events. These features help you with network planning and improving response times.

Switched Port Analyzer

The Switched Port Analyzer (SPAN) feature allows you to analyze all traffic between ports (called the SPAN source ports) by nonintrusively directing the SPAN session traffic to a SPAN destination port that has an external analyzer attached to it. For more information about SPAN, see the Cisco Nexus 9000 Series NX-OS System Management Configuration Guide.

Ethanalyzer

Ethanalyzer is a Cisco NX-OS protocol analyzer tool based on the Wireshark (formerly Ethereal) open source code. Ethanalyzer is a command-line version of Wireshark for capturing and decoding packets. You can use Ethanalyzer to troubleshoot your network and analyze the control-plane traffic. For more information about Ethanalyzer, see the Cisco Nexus 9000 Series NX-OS Troubleshooting Guide.

Smart Call Home

The Call Home feature continuously monitors hardware and software components to provide e-mail-based notification of critical system events. A versatile range of message formats is available for optimal compatibility with standard e-mail and XML-based automated parsing applications. It offers alert grouping capabilities and customizable destination profiles. You can use this feature, for example, to send an e-mail message to a network operations center (NOC) and employ Cisco AutoNotify services to directly generate a case with the Cisco Technical Assistance Center (TAC). For more information about Smart Call Home, see the Cisco Nexus 9000 Series NX-OS System Management Configuration Guide.

Online Diagnostics

Cisco generic online diagnostics (GOLD) verify that hardware and internal data paths are operating as designed. Boot-time diagnostics, continuous monitoring, and on-demand and scheduled tests are part of the Cisco GOLD feature set. GOLD allows rapid fault isolation and continuous system monitoring. For information about configuring GOLD, see the Cisco Nexus 9000 Series NX-OS System Management Configuration Guide.

Embedded Event Manager

Cisco Embedded Event Manager (EEM) is a device and system management feature that helps you to customize behavior based on network events as they happen. For information about configuring EEM, see the Cisco Nexus 9000 Series NX-OS System Management Configuration Guide.

Manageability

This section describes the manageability features for the Cisco Nexus 9000 Series switches.

Simple Network Management Protocol

The Cisco NX-OS software is compliant with Simple Network Management Protocol (SNMP) version 1, version 2, and version 3. A large number of MIBs is supported. For more information about SNMP, see the Cisco Nexus 9000 Series NX-OS System Management Configuration Guide.

Configuration Verification and Rollback

The Cisco NX-OS software allows you to verify the consistency of a configuration and the availability of necessary hardware resources prior to committing the configuration. You can preconfigure a device and apply the verified configuration at a later time. Configurations also include checkpoints that allow you to roll back to a known good configuration as needed. For more information about rollbacks, see the Cisco Nexus 9000 Series NX-OS System Management Configuration Guide.

Role-Based Access Control

With role-based access control (RBAC), you can limit access to device operations by assigning roles to users. You can customize access and restrict it to the users who require it. For more information about RBAC, see the Cisco Nexus 9000 Series NX-OS Security Configuration Guide.

Cisco NX-OS Device Configuration Methods

You can use these methods to configure Cisco NX-OS devices:

  • The CLI from a Secure Shell (SSH) session, a Telnet session, or the console port. SSH provides a secure connection to the device. The CLI configuration guides are organized by feature. For more information, see the Cisco NX-OS configuration guides. For more information about SSH and Telnet, see the Cisco Nexus 9000 Series NX-OS Security Configuration Guide.
  • The XML management interface, which is a programmatic method based on the NETCONF protocol that complements the CLI. For more information, see the Cisco NX-OS XML Interface User Guide.
  • The Cisco Data Center Network Management (DCNM) client, which runs on your local PC and uses web services on the Cisco DCNM server. The Cisco DCNM server configures the device over the XML management interface. For more information about the Cisco DCNM client, see the Cisco DCNM Fundamentals Guide.

Programmability

This section describes the programmability features for the Cisco Nexus 9000 Series switches.

Python API

Python is an easy-to-learn, powerful programming language. It has efficient high-level data structures and a simple but effective approach to object-oriented programming. Python's elegant syntax and dynamic typing, together with its interpreted nature, make it an ideal language for scripting and rapid application development in many areas on most platforms. The Python interpreter and the extensive standard library are freely available in source or binary form for all major platforms from the Python website: http://www.python.org/. The Python scripting capability gives programmatic access to the CLI to perform various tasks and Power-On Auto Provisioning (POAP) or Embedded Event Manager (EEM) actions. For more information about the Python API and Python scripting, see the Cisco Nexus 9000 Series NX-OS Programmability Guide.

Tcl

Tool Command Language (Tcl) is a scripting language. With Tcl, you gain more flexibility in your use of the CLI commands on the device. You can use Tcl to extract certain values in the output of a show command, perform switch configurations, run Cisco NX-OS commands in a loop, or define EEM policies in a script.

Cisco NX-API

The Cisco NX-API provides web-based programmatic access to the Cisco Nexus 9000 Series switches. This support is delivered through the NX-API open-source web server. The Cisco NX-API exposes the complete configuration and management capabilities of the command-line interface (CLI) through web-based APIs. You can configure the switch to publish the output of the API calls in either XML or JSON format. For more information about the Cisco NX-API, see the Cisco Nexus 9000 Series NX-OS Programmability Guide.


Note
NX-API performs authentication through a programmable authentication module (PAM) on the switch. Use cookies to reduce the number of PAM authentications and thus reduce the load on PAM.

Bash Shell

The Cisco Nexus 9000 Series switches support direct Linux shell access. With Linux shell support, you can access the Linux system on the switch in order to use Linux commands and manage the underlying system. For more information about Bash shell support, see the Cisco Nexus 9000 Series NX-OS Programmability Guide.

Broadcom Shell

The Cisco Nexus 9000 Series switch front-panel and fabric module line cards contain several Broadcom ASICs. You can use the CLI to access the command-line shell (bcm shell) for these ASICs. The benefit of using this method to access the bcm shell is that you can use Cisco NX-OS command extensions such as pipe include and redirect output to file to manage the output. In addition, the activity is recorded in the system accounting log for audit purposes, unlike commands entered directly from the bcm shell, which are not recorded in the accounting log. For more information about Broadcom shell support, see the Cisco Nexus 9000 Series NX-OS Programmability Guide.


Caution
Use Broadcom shell commands with caution and only under the direct supervision or request of Cisco Support personnel.

Traffic Routing, Forwarding, and Management

This section describes the traffic routing, forwarding, and management features supported by the Cisco NX-OS software.

Ethernet Switching

The Cisco NX-OS software supports high-density, high-performance Ethernet systems and provides the following Ethernet switching features:

  • IEEE 802.1D-2004 Rapid and Multiple Spanning Tree Protocols (802.1w and 802.1s)

  • IEEE 802.1Q VLANs and trunks

  • IEEE 802.3ad link aggregation

  • Unidirectional Link Detection (UDLD) in aggressive and standard modes

For more information, see the Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide and the Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide.

IP Routing

The Cisco NX-OS software supports IP version 4 (IPv4) and IP version 6 (IPv6) and the following routing protocols:

  • Open Shortest Path First (OSPF) Protocol Versions 2 (IPv4) and 3 (IPv6)

  • Intermediate System-to-Intermediate System (IS-IS) Protocol (IPv4 and IPv6)

  • Border Gateway Protocol (BGP) (IPv4 and IPv6)

  • Enhanced Interior Gateway Routing Protocol (EIGRP) (IPv4 only)

  • Routing Information Protocol Version 2 (RIPv2) (IPv4 only)

The Cisco NX-OS software implementations of these protocols are fully compliant with the latest standards and include 4-byte autonomous system numbers (ASNs) and incremental shortest path first (SPF). All unicast protocols support Non-Stop Forwarding Graceful Restart (NSF-GR). All protocols support all interface types, including Ethernet interfaces, VLAN interfaces, subinterfaces, port channels, and loopback interfaces.

For more information, see the Cisco Nexus 9000 Series NX-OS Unicast Routing Configuration Guide.

IP Services

The following IP services are available in the Cisco NX-OS software:

  • Virtual routing and forwarding (VRF)

  • Dynamic Host Configuration Protocol (DHCP) helper

  • Hot Standby Router Protocol (HSRP)

  • Enhanced object tracking

  • Policy-based routing (PBR)

  • Unicast graceful restart for all protocols in IPv4 unicast graceful restart for OPSFv3 in IPv6

For more information, see the Cisco Nexus 9000 Series NX-OS Unicast Routing Configuration Guide.

IP Multicast

The Cisco NX-OS software includes the following multicast protocols and functions:

  • Protocol Independent Multicast (PIM) Version 2 (PIMv2)

  • PIM sparse mode (Any-Source Multicast [ASM] for IPv4)

  • Anycast rendezvous point (Anycast-RP)

  • Multicast NSF for IPv4

  • RP-Discovery using bootstrap router (BSR) (Auto-RP and static)

  • Internet Group Management Protocol (IGMP) Versions 1, 2, and 3 router role

  • IGMPv2 host mode

  • IGMP snooping

  • Multicast Source Discovery Protocol (MSDP) (for IPv4)


Note

The Cisco NX-OS software does not support PIM dense mode.

For more information, see the Cisco Nexus 9000 Series NX-OS Multicast Routing Configuration Guide.

Quality of Service

The Cisco NX-OS software supports quality of service (QoS) functions for classification, marking, queuing, policing, and scheduling. Modular QoS CLI (MQC) supports all QoS features. You can use MQC to provide uniform configurations across various Cisco platforms. For more information, see the Cisco Nexus 9000 Series NX-OS Quality of Service Configuration Guide.

Network Security Features

The Cisco NX-OS software includes the following security features:

  • Control Plane Policing (CoPP)

  • Message-digest algorithm 5 (MD5) routing protocol authentication

  • Authentication, authorization, and accounting (AAA)

  • RADIUS and TACACS+

  • SSH Protocol Version 2

  • SNMPv3

  • Policies based on MAC and IPv4 addresses supported by named ACLs (port-based ACLs [PACLs], VLAN-based ACLs [VACLs], and router-based ACLs [RACLs])

  • Traffic storm control (unicast, multicast, and broadcast)

For more information, see the Cisco Nexus 9000 Series NX-OS Security Configuration Guide.

Supported Standards

This table lists the IEEE compliance standards.

Table 1. IEEE Compliance Standards

Standard

Description

802.1D

MAC Bridges

802.1p

Class of Service Tagging for Ethernet frames

802.1Q

VLAN Tagging

802.1s

Multiple Spanning Tree Protocol

802.1w

Rapid Spanning Tree Protocol

802.3ab

1000Base-T (10/100/1000 Ethernet over copper)

802.3ad

Link aggregation with LACP

802.3ae

10-Gigabit Ethernet

This table lists the RFC compliance standards. For information on each RFC, see www.ietf.org.

Table 2. RFC Compliance Standards

Standard

Description

BGP

RFC 1997

BGP Communities Attribute

RFC 2385

Protection of BGP Sessions via the TCP MD5 Signature Option

RFC 2439

BGP Route flap damping

RFC 2519

A Framework for Inter-Domain Route Aggregation

RFC 2545

Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain Routing

RFC 2858

Multiprotocol Extensions for BGP-4

RFC 2918

Route Refresh Capability for BGP-4

RFC 3065

Autonomous System Confederations for BGP

RFC 3392

Capabilities Advertisement with BGP-4

RFC 4271

BGP version 4

RFC 4273

BGP4 MIB - Definitions of Managed Objects for BGP-4

RFC 4456

BGP Route Reflection: An Alternative to Full Mesh Internal BGP (IBGP)

RFC 4486

Subcodes for BGP cease notification message

RFC 4724

Graceful Restart Mechanism for BGP

RFC 4893

BGP Support for Four-octet AS Number Space

RFC 5004

Avoid BGP Best Path Transitions from One External to Another

RFC 5396

Textual Representation of Autonomous System (AS) Numbers

Note

 

RFC 5396 is partially supported. The asplain and asdot notations are supported, but the asdot+ notation is not.

RFC 5549

Advertising IPv4 Network Layer Reachability Information with an IPv6 Next Hop

RFC 5668

4-Octet AS Specific BGP Extended Community

ietf-draft

Bestpath transition avoidance (draft-ietf-idr-avoid-transition-05.txt)

ietf-draft

Peer table objects (draft-ietf-idr-bgp4-mib-15.txt)

ietf-draft

Dynamic Capability (draft-ietf-idr-dynamic-cap-03.txt)

IP Multicast

RFC 2236

Internet Group Management Protocol, Version 2

RFC 3376

Internet Group Management Protocol, Version 3

RFC 3446

Anycast Rendezvous Point (RP) mechanism using Protocol Independent Multicast (PIM) and Multicast Source Discovery Protocol (MSDP)

RFC 3569

An Overview of Source-Specific Multicast (SSM)

RFC 3618

Multicast Source Discovery Protocol (MSDP)

RFC 4601

Protocol Independent Multicast - Sparse Mode (PIM-SM): Protocol Specification (Revised)

RFC 4607

Source-Specific Multicast for IP

RFC 4610

Anycast-RP Using Protocol Independent Multicast (PIM)

RFC 6187

X.509v3 Certificates for Secure Shell Authentication

RFC 9465

PIM Null-Register Packing

ietf-draft

Mtrace server functionality, to process mtrace-requests, draft-ietf-idmr-traceroute-ipm-07.txt

IP Services

RFC 768

UDP

RFC 783

TFTP

RFC 791

IP

RFC 792

ICMP

RFC 793

TCP

RFC 826

ARP

RFC 854

Telnet

RFC 959

FTP

RFC 1027

Proxy ARP

RFC 8573

NTP security is enhanced with the AES128CMAC authentication mechanism

RFC 7822

NTP v4

RFC 1519

CIDR

RFC 1542

BootP relay

RFC 1591

DNS client

RFC 1812

IPv4 routers

RFC 2131

DHCP Helper

RFC 2338

VRRP

IS-IS

RFC 1142 (OSI 10589)

OSI 10589 Intermediate system to intermediate system intra-domain routing exchange protocol

RFC 1195

Use of OSI IS-IS for routing in TCP/IP and dual environment

RFC 2763

Dynamic Hostname Exchange Mechanism for IS-IS

RFC 2966

Domain-wide Prefix Distribution with Two-Level IS-IS

RFC 2973

IS-IS Mesh Groups

RFC 3277

IS-IS Transient Blackhole Avoidance

RFC 3373

Three-Way Handshake for IS-IS Point-to-Point Adjacencies

RFC 3567

IS-IS Cryptographic Authentication

RFC 3847

Restart Signaling for IS-IS

ietf-draft

Internet Draft Point-to-point operation over LAN in link-state routing protocols (draft-ietf-isis-igp-p2p-over-lan-06.txt)

OSPF

RFC 2328

OSPF Version 2

RFC 2370

OSPF Opaque LSA Option

RFC 2740

OSPF for IPv6 (OSPF version 3)

RFC 3101

OSPF Not-So-Stubby-Area (NSSA) Option

RFC 3137

OSPF Stub Router Advertisement

RFC 3509

Alternative Implementations of OSPF Area Border Routers

RFC 3623

Graceful OSPF Restart

RFC 4750

OSPF Version 2 MIB

Per-Hop Behavior (PHB)

RFC 2597

Assured Forwarding PHB Group

RFC 3246

An Expedited Forwarding PHB

RIP

RFC 1724

RIPv2 MIB extension

RFC 2082

RIPv2 MD5 Authentication

RFC 2453

RIP Version 2

SNMP

RFC 2579

Textual Conventions for SMIv2

RFC 2819

Remote Network Monitoring Management Information Base

RFC 2863

The Interfaces Group MIB

RFC 3164

The BSD syslog Protocol

RFC 3176

InMon Corporation's sFlow: A Method for Monitoring Traffic in Switched and Routed Networks

RFC 3411 and RFC 3418

An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks

RFC 3413

Simple Network Management Protocol (SNMP) Applications

RFC 3417

Transport Mappings for the Simple Network Management Protocol (SNMP)