On 14th April 2020, Cisco has published the latest IOS XE Standard Maintenance Release- Cisco IOS XE Amsterdam 17.2.1r. Like other Standard Maintenance releases, 17.2 as well will have sustaining lifetime of 12 months with one maintenance release and one PSIRT release each 6 months apart.
With 17.2.1r, there is a considerable change on software image orchestration. Cisco IOS XE and Cisco IOS XE SD-WAN use-cases will be offered via a single software binary image of type ‘universalk9’. The ‘ucmk9’ image will no longer be available. The universalk9 type single image offers Cisco IOS XE functionality through ‘Autonomous’ mode operation and Cisco IOS XE SD-WAN functionality can be accessed via ‘Controller’ mode enablement. Learn more about single image orchestration here.
IOS XE 17.2.1r continues to enhance the Enterprise Routing offerings. There are new hardware additions to product family as well as key software feature enhancements covering VPN, Security, Voice, Layer 2, Layer 3, Network Management areas. This blog will shelter applicable facts for ASR 1000, ISR 4000, ISR 1000 and CSR 1000v platform families.
New Hardware with IOS XE Release 17.2.1r
With IOS XE 17.2.1r Release, Cisco is adding next generation Embedded Services Processor modules- ASR1000-ESP100-X and ASR1000-ESP200-X to modular ASR 1000 product family. The ASR1000-ESP100-X will be supported with ASR1006-X, ASR1009-X and ASR1013 chassis models. The ASR1000-ESP200-X will be supported with ASR1006-X and ASR1009-X chassis models only.
Release 17.2.1r will also facilitate next generation C1100TG Terminal Server platforms. The C1100TG platforms are 1RU terminal server with integrated ASYNC ports and optional built-in switch hardware. With built-in switch, the platform enables simplified top of rack solution with single device for console server and management ethernet connectivity.
New Software Features with IOS XE Release 17.2.1r
Release 17.2.1r will enables key feature enhancements to address various use-cases in today’s network deployments.
Prior to 17.2 DMVPN spokes could only act as a CE or PE on the overlay. MPLS ‘P’ node support was limited to spoke-hub topology. So, multi-tenant and MSP deployments with a full-fledged MPLS L3VPN network behind the spokes could only be used in a spoke-hub-spoke topology. MPLS ‘P’ node support for DMVPN Spoke is added for direct spoke-spoke without next hop preservation. With this the NHRP redirect gets tag switched all the way to the far end PE behind the spoke. NHRP learnt routes/labels are propagated back to the ingress PE.
GETVPN fail-close ‘revert’ option will be supported from 17.2 onwards. With this user can configure ‘client fail-close revert’ under GETVPN crypto group configuration. This allows the GM to go back to operate in fail-closed mode with the fail-close policy locally configured fail-close ACL on GM after the SA expiry. If no local policy is configured on GM, it operates in fail-open mode.
With 6VPE over DMVPN over IPv6 Transport feature, user will be able to extend multi-tenant IPv6 LAN prefixes over IPv4 DMVPN tunnel over IPv6 transport.
In 17.2 release, we are also enabling MACSec capability on Port-Channel interfaces. User can enable MACSec on all port-channel member links that are capable of MACSec functionality. Traffic going out via port-channel to remote MACSec peer, will use MACSec layer encryption and decryption for the return traffic.
DSP based Call Protection Algorithm (CPA) gets new enhancements to better handle Voice traffic. It offers enhanced DSP algorithm to encounter background noise, improved speech detection with live call SNR monitoring and better CPA detection rate by 4-5%.
We have also enabled CUBE functionality for ISR4461 platform starting 17.2 release.
The built-in layer 2 switch ports on ISR 1000 and NIM, SM modules on ISR 4000 get L2TPv3 support on SVI interfaces. This will enable support of L2VPN pseudowire tunneling over an IP network. NIM-ES2-4, NIM-ES2-8, SM-X-16S4M2X and SM-X40S8M2X modules will support this feature when used with ISR 4000 platform.
We are also adding support for Layer Two Protocol Tunneling (L2PT) on ISR 1000 and ISR 4000 switch ports. This will enable layer 2 control protocol (L2CP) packets to be carried transparently to remote LAN networks.
Layer 3 IP Multiplexing capabilities are added with release 17.2.1r. To optimize IP traffic for environments where bandwidth or processing is constrained by packets per second limitation. The feature can multiplex the smaller packets addressed to same destination into a single IP packet called as super-frame. The destination router de-multiplexes the super-frame into original IP packet stream and routes it further.
Release 17.2 also adds new SNMP MIBs for VxLAN per VRF, per VNI accounting. The new MIB table cnvoVNetVrfStatsTable is added in CISCO-NETWORK-VIRTUALIZATION-OVERLAY-MIB to support this feature. New MIB view family names cnvoVNetVrfStatsTable, cnvoVNetVrfEgressBytes, cnvoNetEgressPackets, cnvoVNetVrfIngressBytes, cnvoVNetVrfIngressPackets can be added to SNMP view to allow SNMP client query. These are not writable OIDs.
With TR-069 Partial Config Download functionality, the TR-069 server can manage the configuration changes on CPE by applying only few lines of configuration. It is achieved by TR-069 server sending only partial configuration in a file to be applied on CPE using ‘download RPC’ method.
There is also a new transceiver addition on ASR 1000 Ethernet Port Adaptor family. QSFP-40/100-SRBD support is added for EPA-1x40GE, EPA-2X40GE and EPA-QSFP-1X100GE modules.
You will be able to find few additional feature support details on individual platform Release note pages:
Hello guys, we have 3 cisco sbc 350 -48-fp-4x and connecting ip phones and pc to them via single port. The problem we have - ip phones are not detected on the random ports of all 3 switches : switch1- 19 ports , sw2 - 12 ports , sw3 - 42 ...
I came across a practice question of true/false answer type . The statement is:"A router has single network layer that will interact with 2 Data link layers" .Ans:True (no explanation given) I get that N/w layer is common for all interfaces on r...
My all over country branch location connected to TATA MPLS but This particular branch (XYZ_Branch) location don't have TATA MPLS reachability at this area so we have decided to configure IPSEC tunnel between XYZ_Branch and TATA_MPLS. My local internet ser...
Hi there, I'm just working my through some online lab activities with packet tracer and have gotten stuck on one activity. In this lab I'm basically troubleshooting a network and fixing errors, making sure it adheres to the IP addressing table and ha...
Hello all, I'have mount a new BGP session with amazon and I receives the prefixes : edge01.par9k(config)# sh ip bgp neighbors 220.127.116.11 routes received
Peer 18.104.22.168 routes for address family IPv4 Unicast:
BGP table version is 3...