On 18th December 2020, Cisco announced the latest IOS XE release - Cisco IOS XE Bengaluru 17.4.1a
The first one in the Cisco IOS XE Bengaluru release series, IOS XE 17.4.1a unlocks various routing features and enhancements comprehensively covering different technology segments such as voice, security, layer 2, layer 3, VPN, and the list goes on.
Here is a summary of all the key features introduced in all these segments:
IOS XE 17.4.1a key features summary
To begin with, starting IOS XE 17.4.1a routing release Cisco Cloud Services Router 1000V is being replaced with the Catalyst 8000vEdge platform. With this new virtual platform ,we have merged the Cisco Cloud Services Router 1000V and Cisco Integrated Services Virtual image to provide us with a single virtual platform to address cloud (GCP,AWS,Azure), colocation, on-prem, and virtualised branch use cases.
The NBAR support on the EVC service interfaceadds support for NBAR traffic classification specifically on the EFP ( ethernet flow point) interface. Previously the feature was limited to BDI ( bridge domain interface) only.
Then we have port-channel binding with SCCP dspfarmtested and validated to meet ACI redundancy requirements in a Voice network infrastructure design.
Segment routing, which is a flexible and scalable way of doing support routing , enhances the network traffic prioritisation and path selection mechanism on enterprise routing platforms. The solution as three aspects:
Per-flow Policy treatment for different applications while traversing the network
Performance management to monitor network latency performance automatically and enforce network policy
Flexible Algorithm support enables operator driven network slices mapping to meet specific transport SLA requirements including network delay
Also covered in the layer 3 segment we have a few NAT enhancements in the IOS XE code.
Firstly, With this software release, you can now re-use the same global address for outside static NAT and static PAT configuration.
Secondly, If no tracking is desired for static NAT mapping translations, we can now avoid creating the translation entries for such mappings using a new “stateless” keyword in the configuration.
For the endpoint security and access control, we have added TrustSec and COA support for the SM-X Etherswitch modules validated with ISE version 2.6.
TrustSec support enables the SGT/SGACL enforcement on SVI interface and for the SM-X Ether switch modules.
CoA (Change of Authorization) allows an ISE server to adjust an active client session and hence adds more control over endpoints that are already authenticated.
With more and more applications today moving away from http and adopting https for added security , we have improved the IP SLA device tracking with inclusion of HTTPS probes to verify reachability in the network.
To facilitate ease of provisioning in controller mode , we have now introduced manageability support for cellular gateway platform C418 with vManage 20.4 release. This includes zero touch provisioning , platform confirmation , profile configuration and maintenance.
As a security enhancement to CPE Wan management protocol based on DSL Forum’s TR-69 standard , now the management traffic can be transported over a VRF.
Then we have dynamic core allocation , which is a significant change to the way we utilize compute resources.In a nutshell, this feature allows in-service upgrade of services & helps eliminate the inactivity of compute resources. With the available options to make the platform either service plan heavy or data plane heavy, the feature adds flexibility to the platform CPU core allocation and leads to optimisation of compute resources
Highlighted in the table above is the breakout for the number of cores assigned in each mode for the supported platforms that exists today and at the time of writing this blog.
We also have a number of EVPN features and enhancements being introduced.
Support for Symmetric IRB model on Single-Homing Distributed Anycast Gateways for BGP EVPN over MPLS
ARP Flooding Suppression feature to minimize the flooding of a broadcast or multicast packet over EVPN fabric and to remote customer edge equipment.
Unknown unicast flooding suppression to prevent excessive unicast flooding & any adverse impact of that on the network performance.
Lastly ,we have the transceivers and breakout cable enhancements to the catalyst 8500 Edge platforms.
To aid high speed lan connectivity over coper cable we have added support for 10G Copper SFP transceivers (SFP-10G-T-X) on C8500-12X4QC and C8500-12X with multiple speed options such as 10G , 1G , 100M.
The breakout cable support on C8500-12X4QC enables high density 10G port offering on these platform by splitting a higher density 40G port to multiple independent and logical 10G ports.
Along with these key features there are few minor updates and serviceability enhancements. The following table briefly describes these enhancements
PPPOE Radio-Aware Routing QOS Enhancement
BGP Large Community support with 4-byte ASN tag
L2protocol tunnel under LAN Switching Interface
Embedded packet Capture support on LTE interface and FlexVPN interface
Hitless SMU for MIP100 and SIP40 on Cisco ASR 1000
SNMP reporting enhancement on dialer interface
Btrace support for IP Tunnels
Local WebUI support for CG418-E platform
By now you might have realised how how feature rich this latest IOS XE release is, but if you would like to know more , please check out the platform specific release notes on the portal.
Hi, I am using this link below to do Network Throughput Calculator https://wintelguy.com/wanperf.pl One of the parameter is RTT. Could someone advise where do I get RTT? As I remember, it is the time between 1st packet...
what meas the follow erros log.Is an information message or is necesary to take an action? Mar 3 10:40:50 GMT: %IOSXE-3-PLATFORM: Switch 2 R0/0: /usr/sbin/boot_verify_package: File /ucode0/lost+found is a directory
Hello!I have DNAC version 22.214.171.124 and SD access fabric based on two C9300-48U switches: one border&control plane node, another - edge node.I create one VN network USERS with one IP network and try to configure routing with server out of fabric but hav...