Cisco recently announced availability of the latest release on the IOS-XE trainIOS-XE 17.6.1. Thisrelease is the newest Extended Maintenance release on the Catalyst 9000 platforms, which will be supported for lifetime of 36 months.The EMR release would provide multiple rebuildsprovidingfixes fordefectsand PSIRT.
Availability of IOS-XE 17.6.1 continues to evolve our Catalyst 9000 portfolio and delivers multiple key features across Platform Infrastructure, Security, High Availability, and Network Solutions, extending Intent Based Networking (IBN) for Enterprise Campus.
Extending Intent Based Networking
In this release, features across Zero-Trust, Flexible Architectures, and Platform infrastructure were delivered. Here’s some of the key features introduced in this release.
IOS-XE 17.6.1 Key Feature’s Summary
We continue to evolve our Zero-Trust framework by adding enhancements for various features to achieve a stronger overall network Solution. One of the enhancement is with Radsec CoA(Change of Authorization) for Secure Radius Cloud Network Access Control.
RADIUS over TLS is a key solution supported on Catalyst 9000 switches to provide secure communication between Network Access Switch and RADIUS which runs on cloud or require extra level of security for the transport. With this release, RADSEC CoA transmission and reception can now be achieved on the same Authentication channel, allowing client’s to fetch the updated policies over the same the Authentication channel.
MPLS has been enterprise grade solution for secure segmentation in campus from Access to WAN. With IOS-XE 17.6.1 we now introduced MPLS traffic engineering to accomplish number of goals like optimal bandwidth utilization, Capacity planning and congestion avoidance/handling in MPLS domain.
MPLS TE works by learning about the topology and resources available in a network. It then maps the traffic flows to a particular path based on the resources that the traffic flow requires and the available resources. MPLS TE builds unidirectional tunnels from a source to the destination in the form of LSPs, which is then used for forwarding traffic.Below are the steps MPLS TE take into account for Path computation:
With IOS-XE 17.6.1, MPLS TE Phase I the catalyst 9000 series switches are capable of supporting Explicit/Dynamic path with RSVP TE Label allocation and specific bandwidth. The tunnel forwarding options are based on Static or Autoroute Announce for PE-PE, P-P or PE-P tunnels with tunnel reoptimization support.
VRRP is a desired solution for customers to accomplish routing path reliability and eliminate single point of failure. With 17.6.1 VRRPv3 Stateful switchover support have been added for Catalyst 9300 Stackwise,9400 and 9600 with redundant Supervisors. VRRPv3 SSO helps to synchronize VRRP state information between redundant Supervisor/Switch so that the redundant Supervisor/Switch can continue the network’s activities or maintain the Active VRRP state within the VRRP group during and after a switchover. SSO mode also maintains VRRP state machine while redundant Supervisor/Switch running different version’s during ISSU ensuring minimal or no packet loss.
With this release we have also added couple of enhancement to elevate NAT infrastructure. All Enhanced NAT sessions can now be monitored using 5 tuple Netflow session data which provide ease of monitoring and troubleshooting.
Along with Enhanced NAT session monitoring, the support for Static NAT precedence over dynamic NAT is also added with this release. In case of overlapping Static and Dynamic NAT configuration/ip subnets Static NAT is designed to take precedence to provide constant mapping between the inside local and global addresses.
Platform & Infra
With IOS-XE 17.6.1, Application Hosting is supported on Catalyst 9300X platform. The Catalyst 9300X switches (12 and 24 Port SFP28) are the latest addition to Catalyst 9300 family which are based on UADP 2.5sec ASIC adding line rate for crypto ideal for secure cloud connectivity. These switches are equipped with Enhanced Application Hosting infrastructure with 2 X 10G Appgigabit ports and increased RAM /vCPU. This enables switches to support Multiple docker Applications which can use separate Appgig interfaces per docker Application. Appgigabit interfaces can also be leveraged to provide application level traffic segmentation (management/data traffic) and increased bandwidth for a single docker Application.
Container application Auto transfer from Flash to SSD is also added with this release which essentially help to seamlessly transfer Application persistent data and volumes from flash to SSD upon media change. This is helpful for customers upgrading to ThousandEyes 4.0 agent to run page/transaction load test to seamlessly transfer TE Application from Flash to SSD.
The ThousandEyes 4.0 Version agent capable of supporting BrowserBot is now available for Catalyst 9000 Platform. The BrowserBot is a component of the agent code that manages the page load and transaction-based tests. Now with ThousandEyes 4.0 version agent integration the Catalyst 9000 are capable of running all the tests to bring actionable visibility from each and every application over the network.
Bonjour continues to gain popularity with more than 1800+ production deployments with our customers. With 17.6.1 mDNS SSO is supported both at the SDG and Service-Peer level for Bonjour Solution which essentially provide a way to manage continuous queries in case of planned/unplanned switchover to prevent any impact on the services. Along with this we now support FHRP for Service peer to provide redundancy and resiliency in event of Primary SDG failure.
InProgrammabilityand Automation, support fortheNETCONF API fromGuestShell hasbeen added which ensures that theNETCONF APIisaccessiblefromwithintheGuest Shellcontainer.ThisenablesZTP at Day 0 to programmatically configureand managethe device using CLI andYANGRPC’swhichprovides moreflexibilityand operationalefficiencywhen onboarding.
New optics support has also been added for C9300X,C9500H and 9600 platforms which are listed in the release notes of individual switches. For complete list of features and other specific inclusions please do check out the release notes below:
I found following in one of the lectures.But I think following concept is not correct.As per my understanding cost is not the decision factor of following scenario.It should be port id value.Can you please help me to understand the correct logic..Thankyou...
Hi, i was following learn tech "Connecting cisco router to DSL Modem with SP configurations" tutorial with which i tried to setup my admin and http server so they could use the given isp router and reach 10.10.10.1 (google). However after following the tu...
This is the instructions. I created the PT top left to bottom to right following the instructions. Physical Configuration:Create the following network in Packet Tracer version 8:2 - Switches(2960), connected together using Ethernet Cables via port G0...
dear alli configured the isr4331 as dns server and it forwards requests to OpenDNS servers it works correctly without any problems my question is the dns records or hosts on the router do i need to clear them manually at specific peri...
I am not sure if its a limitation issue or maybe its something that not suppose to be in a network,The network works great,in the beginning I only configured the connection between R6 and R8 as NAT OUTand the PC connect to SW7 would get an IP address from...