Cisco IOS-XE 17.2.1 – Catalyst Switching Updates
Cisco has announced the availability of the latest IOS-XE release - IOS-XE Amsterdam 17.2. This release IOS-XE 17.2 is the next Standard Maintenance Release after 17.1 which also has a sustaining lifetime of 12 months with a Restricted build and a PSIRT build. IOS-XE 17.2.1 continues to evolve the hardware portfolio and delivers multiple key features across Platform Infrastructure, Security, High Availability, and Network Solutions extending Intent-Based Networking (IBN) for Enterprise Campus.
Catalyst 9000 Family– One Operating System (Open IOS-XE)
Cisco IOS-XE 17.2.1 continues the momentum of the common base operating system across the Catalyst 9000 family. Catalyst 9300,9400,9500 and 9600 run the same exact binary image with Catalyst 9200 running the lighter version of the same base image.
Hardware Additions since 17.1.1
From 17.1 to 17.2 software release, the entire focus has been towards filling certain functionality gaps among the catalyst 9000 families starting by completing the Multigigabit Offering on Catalyst 9200 Flexible Uplink models, Increasing the Virtual Networks (VN’s) scale on specific Catalyst 9200 Flexible Uplink models, supporting 90W offering on Catalyst 9300 Series Switches and adding 1-Gigabit Fiber Line card on Catalyst 9600.
Catalyst 9200 added the support of Multigigabit speeds ( 100M to 10G) across its Flexible Uplink models in conjunction with POE+ completing the multigigabit offerings on its entire series. In addition to the multigigabit speeds, they have also added the support of new uplink modules which provide the flexibility of speeds varying from 25G to 40G offerings.
9200 Multigigabit SKU’s are available in 24 and 48 port variants with the last 8 ports offering the full multigigabit speeds and the remaining ports offering up to 1G speeds with POE+ Support. The minimum supported software version for 9200 Mgig is 16.12.2 or 17.1.1 release.
Hardware Additions with IOS-XE 17.2.1
With IOS-XE 17.2.1, Catalyst 9200 has added a new series of switches under Flexible Uplink models with an increased virtual network (VN’s) or Virtual Routing and Forwarding (VRF) scale to accommodate Software-Defined Access (SDA) Deployments. This specific catalyst 9200 model can be deployed as “ Fabric Edge Node” with support of 32 VRF’s comprising of 31 user-configurable VRF’s and remaining one as Default VRF and supports all other catalysts 9200 capabilities.
Below are the 9200 models with 32 VRF’s support and comes with all C9200 features:
With recent IEEE 802.3bt standardization, there has been a huge momentum across different PoE endpoints and the whole ecosystem is ever-growing. Cisco had already introduced 90W standard line cards on Catalyst 9400 last year. But now, 90W capability has also been added on Catalyst 9300 Series under flexible uplink models to provide more choice for customers in picking modular chassis vs fixed switches based on their specific needs. These new 9300 models can provide 90W on all ports based on the IEEE 802.3 BT standards and also are backward compatible with all previous standards.
Below are the 9300 models with 90W Support and come with all C9300 features:
Fiber to the Desktop is becoming common these days and we do support 1G fiber across most of our portfolio except for Catalyst 9600. Catalyst 9600 typically being positioned in the Core did not require it as much even till today. But in order to provide flexibility to end customers a new line card “ C9600-48S” with all 48-ports of 1G Fiber has been introduced. This line card supports 1G speed today and will also support 10M and 100M with the right optics in the future.
Key Summary Features
With every software release, the focus has always been towards introducing features that can strengthen the Intent-Based Networking Journey. 17.2 Release also continues the innovations and introduces features across different realms of the network from enhancing the existing feature set, securing them further and then building resiliency around them to achieve a stronger overall network solution.
One of the common problems with Layer 2 services in the network is around detecting loops and Spanning-Tree Protocol (STP) plays a major role in keeping the network loop-free. But what if the Catalyst switch is connected to an unmanaged switch outside of the network and does not support STP then there is a potential for a network loop. To solve this problem, there is a new feature “ Loop Detection Guard” which can detect the loops by sending special frames at specific intervals and can error-disable the port accordingly at either source or destination.
Support of Jumbo frames has always been there on Catalyst 9k Family but we have now unified the support of 9216 Bytes Frame size on Catalyst 9400 to match with Core platforms like Catalyst 9500H and 9600 which already support this frame size.
With the advent of 90W capable switches in Catalyst 9300 Series discussed earlier, IEEE 802.3bt Type 4 Compliance support was added and is also backward compatible will all previous standards allowing all kinds of PoE endpoints to work on the switches.
10G support has also been added on Catalyst 9600 100G Line Card using breakout cables for providing flexibility in case the operator has a requirement of mixed speeds on the same line card. All ports on the 100G line card support the breakout support and it can be used in conjunction with QSA adaptor and also 100G QSFP Optics.
Flex Links Plus Feature which is an alternate to Spanning-Tree Protocol with faster convergence is configured with a notion of active and a standby interface. This feature has been enhanced with VLAN Load-balancing capability and Preempt Option. This enhancement allows users to configure a Flex Link pair so that both ports simultaneously forward the traffic for some mutually exclusive VLANs. With the Pre-empt option, the active interface with higher bandwidth can be specified as preferred over the standby interface. If the active interface fails, the standby would become the new active but after some time if the old active interface recovers, then it will go back to become active if this option was already pre-configured. Another Protocol that limits the Spanning-Tree in the network is Resilient Ethernet Protocol (REP) primarily used in Metro Ethernet ring topologies has also been enhanced to support multiple admin VLAN’s to limit flooding in the segments during the topology changes.
With the above capabilities, it is very critical to have resiliency in the network. Because without resiliency in place, the new and existing features cannot provide the much-needed benefit to the network. StackWise Virtual feature in this context plays a major role in providing hardware and link-level resiliency has now being enhanced in the following ways:
- Support of local switching of Broadcast/Unknown Unicast/Multicast (BUM) traffic in order to eliminate unnecessary traffic over the StackWise Virtual link and freeing up resources and bandwidth for handling the required control and critical data traffic
- Support of Dual Supervisors in RPR mode on Catalyst 9600 in StackWise Virtual Configuration providing an additional level of resiliency within existing resiliency. Previously, during the supervisor failure, someone had to go in and manually replace the supervisor but now the secondary supervisor will immediately boot up upon the detection of active supervisor eliminating the manual work and recovering the network in few minutes compared to hours and days earlier
- Support of StackWise Virtual Link Configuration on Multigigabit Line card on Catalyst 9600 Platform.
With Design resiliency being taken care of, operational resiliency during maintenance is also a critical element of the network. Extended fast Software Upgrade (xFSU) on Catalyst 9300 Series Switches which allows the software upgrade or reload-only with less than 30 seconds of traffic impact has also added the support for LACP Protocol, and various authentication mechanisms like MAB, Dot1x, and Web authentication on standalone devices. The reload-only option is supported in the 17.2.1 release and the software upgrade option is planned to be supported in later releases.
Now coming to security, especially on the operational front, it is important to securely wipe out all the information from the devices when it is either repurposed or replaced in the network. As part of the trustworthy suite of features, Catalyst 9000 can now be factory-reset as per DOD 5220.22 standards which means all customer-specific data is erased and the device is restored to its original configuration at the time of shipping.
For data security and isolation, the NAT feature has also been made VRF-aware, especially for multi-tenancy use cases. With multi-tenancy and traffic segmentation, MPLS and EVPN solutions continue to play a wider role in the campus networks and Catalyst 9000 Series of switches continue to add features to make the solution deployable for all customer use cases. With a Hierarchical VPLS solution, the Provider Edge (PE) device no longer needs to be connected to customer equipment, instead, hierarchy is added with another PE device in between for better scaling and control. With EVPN Solution, Catalyst 9600 has been certified in a BGP Route reflector role and the Core/Spine has been tested as the Border Node for interacting with non-EVPN networks.
Now finally, the support for new optics and other specific features can be found at individual Release note pages below.
IOS-XE 17.2.1 brings in some key features to the Catalyst 9000 switching Portfolio making it ever-ready for future challenges in Intent-Based Networking Journey
You can access the Cat9k GitHub Repository to browse through the examples of how you can use the Yang models or Ansible to automate various Network tasks. If you have an idea and a script that can automate the network, please do a git push to the repository!
