On 14th April 2020, Cisco has published the latest IOS XE Standard Maintenance Release- Cisco IOS XE Amsterdam 17.2.1r. Like other Standard Maintenance releases, 17.2 as well will have sustaining lifetime of 12 months with one maintenance release and one PSIRT release each 6 months apart.
With 17.2.1r, there is a considerable change on software image orchestration. Cisco IOS XE and Cisco IOS XE SD-WAN use-cases will be offered via a single software binary image of type ‘universalk9’. The ‘ucmk9’ image will no longer be available. The universalk9 type single image offers Cisco IOS XE functionality through ‘Autonomous’ mode operation and Cisco IOS XE SD-WAN functionality can be accessed via ‘Controller’ mode enablement. Learn more about single image orchestration here.
IOS XE 17.2.1r continues to enhance the Enterprise Routing offerings. There are new hardware additions to product family as well as key software feature enhancements covering VPN, Security, Voice, Layer 2, Layer 3, Network Management areas. This blog will shelter applicable facts for ASR 1000, ISR 4000, ISR 1000 and CSR 1000v platform families.
New Hardware with IOS XE Release 17.2.1r
With IOS XE 17.2.1r Release, Cisco is adding next generation Embedded Services Processor modules- ASR1000-ESP100-X and ASR1000-ESP200-X to modular ASR 1000 product family. The ASR1000-ESP100-X will be supported with ASR1006-X, ASR1009-X and ASR1013 chassis models. The ASR1000-ESP200-X will be supported with ASR1006-X and ASR1009-X chassis models only.
Release 17.2.1r will also facilitate next generation C1100TG Terminal Server platforms. The C1100TG platforms are 1RU terminal server with integrated ASYNC ports and optional built-in switch hardware. With built-in switch, the platform enables simplified top of rack solution with single device for console server and management ethernet connectivity.
New Software Features with IOS XE Release 17.2.1r
Release 17.2.1r will enables key feature enhancements to address various use-cases in today’s network deployments.
Prior to 17.2 DMVPN spokes could only act as a CE or PE on the overlay. MPLS ‘P’ node support was limited to spoke-hub topology. So, multi-tenant and MSP deployments with a full-fledged MPLS L3VPN network behind the spokes could only be used in a spoke-hub-spoke topology. MPLS ‘P’ node support for DMVPN Spoke is added for direct spoke-spoke without next hop preservation. With this the NHRP redirect gets tag switched all the way to the far end PE behind the spoke. NHRP learnt routes/labels are propagated back to the ingress PE.
GETVPN fail-close ‘revert’ option will be supported from 17.2 onwards. With this user can configure ‘client fail-close revert’ under GETVPN crypto group configuration. This allows the GM to go back to operate in fail-closed mode with the fail-close policy locally configured fail-close ACL on GM after the SA expiry. If no local policy is configured on GM, it operates in fail-open mode.
With 6VPE over DMVPN over IPv6 Transport feature, user will be able to extend multi-tenant IPv6 LAN prefixes over IPv4 DMVPN tunnel over IPv6 transport.
In 17.2 release, we are also enabling MACSec capability on Port-Channel interfaces. User can enable MACSec on all port-channel member links that are capable of MACSec functionality. Traffic going out via port-channel to remote MACSec peer, will use MACSec layer encryption and decryption for the return traffic.
DSP based Call Protection Algorithm (CPA) gets new enhancements to better handle Voice traffic. It offers enhanced DSP algorithm to encounter background noise, improved speech detection with live call SNR monitoring and better CPA detection rate by 4-5%.
We have also enabled CUBE functionality for ISR4461 platform starting 17.2 release.
The built-in layer 2 switch ports on ISR 1000 and NIM, SM modules on ISR 4000 get L2TPv3 support on SVI interfaces. This will enable support of L2VPN pseudowire tunneling over an IP network. NIM-ES2-4, NIM-ES2-8, SM-X-16S4M2X and SM-X40S8M2X modules will support this feature when used with ISR 4000 platform.
We are also adding support for Layer Two Protocol Tunneling (L2PT) on ISR 1000 and ISR 4000 switch ports. This will enable layer 2 control protocol (L2CP) packets to be carried transparently to remote LAN networks.
Layer 3 IP Multiplexing capabilities are added with release 17.2.1r. To optimize IP traffic for environments where bandwidth or processing is constrained by packets per second limitation. The feature can multiplex the smaller packets addressed to same destination into a single IP packet called as super-frame. The destination router de-multiplexes the super-frame into original IP packet stream and routes it further.
Release 17.2 also adds new SNMP MIBs for VxLAN per VRF, per VNI accounting. The new MIB table cnvoVNetVrfStatsTable is added in CISCO-NETWORK-VIRTUALIZATION-OVERLAY-MIB to support this feature. New MIB view family names cnvoVNetVrfStatsTable, cnvoVNetVrfEgressBytes, cnvoNetEgressPackets, cnvoVNetVrfIngressBytes, cnvoVNetVrfIngressPackets can be added to SNMP view to allow SNMP client query. These are not writable OIDs.
With TR-069 Partial Config Download functionality, the TR-069 server can manage the configuration changes on CPE by applying only few lines of configuration. It is achieved by TR-069 server sending only partial configuration in a file to be applied on CPE using ‘download RPC’ method.
There is also a new transceiver addition on ASR 1000 Ethernet Port Adaptor family. QSFP-40/100-SRBD support is added for EPA-1x40GE, EPA-2X40GE and EPA-QSFP-1X100GE modules.
You will be able to find few additional feature support details on individual platform Release note pages:
Hi Guy's.I need to route windows Network Browser/Network Neighborhood from one network segment to another, I'm using a cisco 2801 router with IOS 15.2.I have tried everything I can think of, UDP forwarding, Multicast routing with PIM, IP Broadcast forward...
I have 4 Ubuntu servers that need to communicate with each other via multicast. 3 of VM's using Hyper V that and the 4th is a separate physical box. The 3 VM's see each other and not the physical box. The physical server sees none. ...
Hello,I am new to PPPoE setup and i have a basic query from client point of view. 1. Do we get an IP address also for the PPPOE interface? if So , will it get dynamically from the server or is it statically.2. When I looked at the RFC for pppoe...
We have 3 IR809s that previously worked, had Verizon SIMs from private APN. The cellular was used as a backup interface, and all 3 now have their cellular as down. All 3 list the profile as inactive:Profile 3 = INACTIVE*
PDP Type = IPv4