Showing results for 
Search instead for 
Did you mean: 
Lokesh Kumar Lal
Cisco Employee
Cisco Employee

On 18th December 2020, Cisco announced the latest IOS XE release - Cisco IOS XE Bengaluru 17.4.1a

The first one in the Cisco IOS XE Bengaluru release series, IOS XE 17.4.1a unlocks various routing features and enhancements comprehensively covering different technology segments such as voice, security, layer 2, layer 3, VPN, and the list goes on.

Here is a summary of all the key features introduced in all these segments:

IOS XE 17.4.1a key features summary

Screenshot 2021-01-20 at 8.46.45 PM.png

To begin with, starting IOS XE 17.4.1a routing release Cisco Cloud Services Router 1000V is being replaced with the Catalyst 8000vEdge platform. With this new virtual platform ,we have merged the Cisco Cloud Services Router 1000V and Cisco Integrated Services Virtual image to provide us with a single virtual platform to address cloud (GCP,AWS,Azure), colocation, on-prem, and virtualised branch use cases.

The NBAR support on the EVC service interface adds support for NBAR traffic classification specifically on the EFP ( ethernet flow point) interface. Previously the feature was limited to BDI ( bridge domain interface) only.

Then we have port-channel binding with SCCP dspfarm tested and validated to meet ACI redundancy requirements in a Voice network infrastructure design.


Segment routing, which is a flexible and scalable way of doing support routing , enhances the network traffic prioritisation and path selection mechanism on enterprise routing platforms. The solution as three aspects:

  • Per-flow Policy treatment for different applications while traversing the network
  • Performance management to monitor network latency performance automatically and enforce network policy
  • Flexible Algorithm support enables operator driven network slices mapping to meet specific transport SLA requirements including network delay

Also covered in the layer 3 segment we have a few NAT enhancements in the IOS XE code.

Firstly, With this software release, you can now re-use the same global address for outside static NAT and static PAT configuration.

Secondly, If no tracking is desired for static NAT mapping translations, we can now avoid creating the translation entries for such mappings using a new “stateless” keyword in the configuration.


For the endpoint security and access control, we have added TrustSec and COA support for the SM-X Etherswitch modules validated with ISE version 2.6.

  • TrustSec support enables the SGT/SGACL enforcement on SVI interface and for the SM-X Ether switch modules.
  • CoA (Change of Authorization) allows an ISE server to adjust an active client session and hence adds more control over endpoints that are already authenticated.

With more and more applications today moving away from http and adopting https for added security , we have improved the  IP SLA device tracking with inclusion of HTTPS probes to verify reachability in the network.


To facilitate ease of provisioning in controller mode , we have now introduced manageability support for cellular gateway platform C418 with vManage 20.4 release. This includes zero touch provisioning , platform confirmation , profile configuration and maintenance.

As a security enhancement to CPE Wan management protocol based on DSL Forum’s TR-69 standard , now the management traffic can be transported over a VRF.

Then we have dynamic core allocation , which is a significant change to the way we utilize compute resources.In a nutshell, this feature allows in-service upgrade of services & helps eliminate the inactivity of compute resources. With the available options to make the platform either service plan heavy or data plane heavy, the feature adds flexibility to the platform CPU core allocation and leads to optimisation of compute resources

Screenshot 2021-01-20 at 9.05.36 PM.png

Highlighted in the table above is the breakout for the number of cores assigned in each mode for the supported platforms that exists today and at the time of writing this blog. 


We also have a number of EVPN features and enhancements being introduced.

  • Support for Symmetric IRB model on Single-Homing Distributed Anycast Gateways for BGP EVPN over MPLS
  • ARP Flooding Suppression feature to minimize the flooding of a broadcast or multicast packet over EVPN fabric and to remote customer edge equipment.
  • Unknown unicast flooding suppression to prevent excessive unicast flooding & any adverse impact of that on the network performance.

Lastly ,we have the transceivers and breakout cable enhancements to the catalyst 8500 Edge platforms.

To aid high speed lan connectivity over coper cable  we have added support for 10G Copper SFP transceivers (SFP-10G-T-X) on C8500-12X4QC and C8500-12X with multiple speed options such as 10G , 1G , 100M.

The breakout cable support on C8500-12X4QC  enables high density 10G port offering on these platform by splitting a higher density 40G port to multiple independent and logical 10G ports.


Along with these key features there are few minor updates and serviceability enhancements. The following table briefly describes these enhancements

PPPOE Radio-Aware Routing QOS Enhancement

BGP Large Community support with 4-byte ASN tag

L2protocol tunnel under LAN Switching Interface

Embedded packet Capture support on LTE interface and FlexVPN interface

Hitless SMU for MIP100 and SIP40 on Cisco ASR 1000

SNMP reporting enhancement on dialer interface

Btrace support for IP Tunnels

Local WebUI support for CG418-E platform


By now you might have realised how how feature rich this latest IOS XE release is, but if you would like to know more , please check out the platform specific release notes on the portal.

Cisco IOS XE Bengaluru 17.4.1

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers