Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new blog
4790
Views
2
Helpful
2
Comments

Cisco IOS XE 17.12.1 for Catalyst Switching

szeya
Cisco Employee
Cisco Employee
‎07-31-2023 01:31 PM

Cisco brings in its new software release IOS-XE 17.12.1 which offers a suite of new software features and introduces new hardware in Catalyst 9K portfolio. This is the Extended Maintenance Release (EMR) for all C9K platforms. EMR release comes with a support lifetime of thirty-six months and will be the recommended release for wide-scale production deployments supporting SMU and ISSU/xFSU. This release focusses on delivering key capabilities with quality across products and solutions, as well as encompasses key customer asks for ease of deployment. 

szeya_0-1690833035934.png

This release introduces both hardware and software capabilities added across areas of Catalyst C9K Switching Platform, Security, EVPN Fabric solution, and Programmability. Key feature summary of the 17.12.1 release. 

szeya_1-1690833035979.png

 

New Hardware additions with IOS-XE 17.12.1 

IOS-XE 17.12.1 introduces two new hardware line cards to the C9400 portfolios. These two line cards are Generation 2 line cards compatible with C9400X-SUP-2 and SUP-2XL. These line cards provide higher speed downlinks for expanded High-end Access designs.

Picture1.png

C9400-LC-12QC line card comes with 12 QSFP ports. First 8 ports can support 40G speed and last 4 ports can support 40G/100G speed. By default, all 12 ports will be running as 40G speed. If the “100G mode” is enabled on any of the last 4 ports, one 40G port in the same port group is disabled. i.e , Port 1 , 5 and 9 are part of the same port-group (below diagram) . If port 9 is enable for 100G speed. Port 5 will be disable while Port 1 and 9 are active.

szeya_3-1690833036004.png

C9400-LC-24XY line card comes with 24 SFP ports. First 4 ports can support 10G speed and last 20 ports can support 10G/25G speed.

Picture2.png

50G optics supported on C9500X and 9600X platforms has been officially introduced with this release. Additionally, CVR-QSFP28-SFP25G adapter support is added to C9300X and C9400X platforms. 

New software features introduced with IOS-XE 17.12.1 

Infra Features

Single Reload Firmware Upgrade

Prior IOS-XE release, Catalyst 9K platform takes an additional reload to upgrade ROMMON or FPGA image to the latest version respectively. If the Catalyst 9K switch must be upgraded to new IOS XE image then it can take 3 reloads to upgrade IOS-XE, ROMMON and then FPGA image. With this release, this can all be done with a single reload reducing the overall time for upgrades for both IOS-XE and Firmware.

Embedded Packet Capture (EPC) on AppGigEthernet Port

EPC is an onboard packet capture facility that allows network administrators to capture packet flowing to, through, and from the device and to analyze them locally or save and export them for offline analysis by using a tool such as Wireshark. This capability is now available on AppGigEthernet port. So, Analyzing application traffic is a lot easier for troubleshooting.

DHCPv6 Relay - Lightweight DHCPv6 Relay Agent

DHCPv6 Relay Agents are deployed to forward DHCPv6 messages between clients and servers when they are not on the same IPv6 link. Such relays are often implemented alongside a routing function on a common node. A Lightweight DHCPv6 Relay Agent (LDRA) allows Relay Agent Information to be inserted by an access node that performs a link-layer bridging (i.e., non-routing) function. In Layer 2 aggregation networks, when access nodes handle aggregations,  a DHCPv6 server or DHCP Relay Agent would normally be unaware of how a DHCP client is attached to the network. The LDRA allows Relay Agent Information, including the Interface-ID option, to be inserted by the access node so that it may be used by the DHCPv6 server for client identification.

Wide Area Bonjour SDG Agent Support for C9200

With IOS-XE 17.12.1, the Catalyst 9200 family (9200/9200L/9200CX) of switches can now operate in SDG-Agent mode. The C9200 family of switches can be used to provide Bonjour gateway functionality of an IP gateway for wired endpoints that could reside in distribution or in routed Access network designs.

This new functionality on the Catalyst 9200 family of switches means that the entire Catalyst 9000 Family is Bonjour ready to route policy-based mDNS traffic within the enterprise network. Like the rest of the Catalyst 9000 family, the C9200/C9200L/C9200CX can now be used as network-wide distributed SDG-Agent devices in order to establish lightweight, stateful and reliable communication channels with a centralized Cisco DNA-Center Controller running the Wide Area Bonjour application service.

Security

GRE over IPsec – C9400X

GRE can encapsulate several types of traffic such as unicast, multicast, broadcast, and MPLS. However, GRE doesn't provide any type of protection for the transmitted payload. IPsec provides confidentiality, integrity, and authentication to the payloads transmitted through IPsec tunnels. However, IPsec can function only with IP packets. The GRE over IPsec feature allows for the flexibility of using GRE along with the security of IPsec. This feature is now added to C9400X platforms.

DSCP marking of RADIUS Packets

Prior 17.12.1 release, If the switch performs 802.1x authentication, then the communication towards the RADIUS server is marked with the configured DSCP value. However, if the switch is accessed via SSH, the communication towards the RADIUS server has DSCP default [0] instead of the configured value. 

With 17.12.1 release, RADIUS marking capability is now expanded on all types of RADIUS packets regardless of which subsystem they originate from.

Fabric Solution 

BGP EVPN provides a scalable solution to build different Layer 3 and Layer 2 overlay topologies over existing infrastructure. IPv6 Undelay support for EVPN Fabric was introduced with 17.11 release. With 17.11, Unicast IPv4 only overlay’s or IPv6 only Overlay’s or Dual Stack on an IPv6 Underlay was supported. This provides a seamless migration from IPv4 to IPv6 for customer who are migrating to IPv6 only environments. Starting 17.12.1 release , IPv4 Overlay Multicast to transport on existing IPv6 Undelay is added to EVPN portfolio.

Moreover, VNI scale has increased from 512 to 1000.

Programmability & Automation 

Lastly, Cisco IOS XE 17.12.1 brings enhancement features to the programmability and automation.

With the 17.12.1 release, Cisco IOS XE introduces PROTO encoding for gNMI GET and SET operations and SNMP to YANG mappings. In previous Cisco IOS XE releases, PROTO encoding for gNMI telemetry subscriptions was enabled. The PROTO encoding mechanism uses the binary encoding format for both path and value to increase the efficiency of telemetry data transfer. With JSON_IETF the aggregated data is sent to the collector and with PROTO, there is more granularity in the transmitted data. Both Telegraf and YANG Suite toolings already support PROTO. Additionally, there is an industry trend of are moving from SNMP to YANG. Cisco is helping to ease the transition by providing mappings between SNMP OIDs to YANG Xpaths starting in 17.12.1. With this release, the following features are mapped: POE, LLDP, Interfaces, Cisco-IOS-XE-lisp-oper, Memory, CPU, and Process. Additional mappings will come in future releases. With this programmability updates, Cisco IOS XE enables faster telemetry and eases the SNMP to YANG transition.

Beta Features

In additional to official / generally available features, the below features are available for Beta testing with 17.12.1 release and timeframe (under Limited Availability). Please note that these features are not TAC supported until they become generally available i.e., at the completion of beta testing.

IPsec support on C9500X-60L4D Limited IPsec features can support on C9500X-60L4D up to 400G HW encryption.

C9400 VLAN scale enhancements – 1000 STP instances, 16K PVST Virtual Ports, 32K MSTP Virtual Posts can support with Sup2 and Sup2XL.

EVPN with Dynamic NAT64 - Adding the capability of leveraging Dynamic NAT64 in EVPN Fabric.

If interested in trying out any of the above, please reach out to ask-c9k-eft@cisco.com for details on participating in the beta testing.

Summary 

IOS-XE 17.12.1 brings key features in Platform, Security, EVPN Fabric and Programmability. 9400 platforms added two new high speed line cards along with useful infra features, new platform addition in GRE over IPsec, adding IPv6 Underlay support on EVPN fabric and introducing proto encoding in Programmability area.

Find platform specific release notes for IOS-XE 17.12.1 below: 

Catalyst 9600 Release Notes 

Catalyst 9500 Release Notes 

Catalyst 9400 Release Notes 

Catalyst 9300 Release Notes 

Catalyst 9200 Release Notes 

What’s Next? 

IOS-XE 17.13.1 will be a standard maintenance release and is targeted for release in November of 2023. Stay tuned for more information on new software releases! 

 

2 Comments
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Popular Articles
Customers Also Viewed These Support Documents