Professional Documents
Culture Documents
March 2016
Introduction-What is Nexus9000/3000 Family
2
9500 Field Upgradeable Units (FRU)
• 9500 has the following modular components which can upgraded or
replaced in the field ®
Nexus 9508 Front View ®
Nexus 9508 Rear View
• Supervisor
• Fabric Module
• Line Card
• System Controller
• Fan Tray
• Power Supply
T2
e N9K-X9564PQ T2
-Donner
Note: Internal ports are called as Hi-Gig/HG ports 40G
QSFP
10G SFP+ Ports FPFPFPFP
F F F F F F F F F F F F F F F F F F F F F F F F F F F F F F F F F F F F F F F F F F F F F F F F 49 50 51 52
P P P P P P P P P P P P P P P P P P P P P P P P P P P P P P P P P P P P P P P P P P P P P P P P
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 2425 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
4
Nexus 9500 Fabric Module
Fabrics Modules
• Interconnect Line Card slots
• Installed at the rear of the chassis
• Leverages Broadcom Trident II ASICs
• Max 1.92 Tbps per line card slot (6 Fabric Cards)
• 960 Gbps per line card slot (3 Fabric Cards)
• All Fabric Cards are active and carry traffic
• Fan Tray requires Fabric Card to be present in even slot
Trident II Trident II
ASIC-NFE ASIC-NFE
32 x 40G 32 x 40G
Hi-Gig2 Hi-Gig2
5
Nexus9500 Series Line Card Summary
Information X9600 Series Line X9500 Series Line X9400 Series
Cards Cards
ASIC Technology Merchant only Merchant+ Merchant only
N9K-X9636PQ N9K-X9564PX •N9K-X9432PQ
N9K-X9564TX •N9K-X9464PX
N9K-X9536PQ •N9K-X9464TX
Oversubscribed No 1.5:1 No No No
Line Rate Yes Yes (packets > Yes Yes
194-Bytes)
QoS Classes 8 4 8 4 4
Buffer (MB) 36 (12*3) 104 24 (12*2) 104 (12*2+40*2) 104 (12*2+40*2)
(12*2+40*2)
8
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
General Recommendation for New and Existing
Deployments-Nexus9000
• Software Recommendation
Platform Series Recommended Release
Cisco Nexus 9500 6.1(2)I3(5), 7.0(3)I1(3), or 7.0(3)I2(2a)*
Cisco Nexus 9300 6.1(2)I3(5), 7.0(3)I1(3), or 7.0(3)I2(2a)*
Cisco NX-OS 7.0(3)I2(x) is the long-lived release train for the Cisco Nexus 9000 Series switches.
End-of-Sale and End-of-Life Announcements for Software Releases 6.1(2)I3(x), 7.0(3)IX1(x) and 7.0.3I1(x)
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/recommended_releaseb_Minimum_and_Recommended_Cisco_NXO
S_Releases_for_Cisco_Nexus_9000_Series_Switches.html
• Verified Scale limits for different features and protocol for each release
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-x/scalability/guide_34/b_Cisco_Nexus_9000_Series_
NXOS_Verified_Scalability_Guide_612I34/b_Cisco_Nexus_9000_Series_NXOS_Verified_Scalability_Guide_612I34_chapter_01.html
9
General Recommendation for New and Existing
Deployments-Nexus3000
• Software Recommendation
Platform Series Recommended Release
Cisco Nexus 3000 and Cisco 6.0(2)U6(5a) or 7.0(3)I2(2a)*
Nexus 3100
Cisco NX-OS 7.0(3)I2(x) is the long-lived release train for the Cisco Nexus 3000 Series switches.
End-of-Sale & End-of-Life Announcement for N3000/N3100 Software Releases 5.0.3Ux and 6.0.2U1x
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3000/sw/recommended_release/b_Minimum_and_Recommended_Cisco_NX-
OS_Releases_for_Cisco_Nexus_3000_Series_Switches.html
• Verified Scale limits for different features and protocol for each release
http:http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3000/sw/scalability/7x/b_Nexus3k_Verified_Scalability_7x.html
10
Release Timelines – Nexus 9000 Standalone
Jun’14 Jul’14
Jan’15 Apr’15
Ash2.2a Ash2.2b
Bronte 1.1 Bronte1.2
Jun’14
Shipped
To be Shipped
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Cisco NX-OS Release 7.0(3)I2(1) Overview For Nexus3000
Upgrade Matrix
From To Limitation Recommended Procedure
6.0(2)U6(3) 7.0(3)I2(1) None Install all and fast reload are the only upgrade methods supported
because of a BIOS upgrade requirement.
Store the pre-Release, 6.0(2)U6(3)’s configuration file
6.0(2)U6(2) or 7.0(3)I2(1) First, upgrade to Install all and fast reload are the only upgrade methods supported
earlier Cisco NX-OS because of a BIOS upgrade requirement.
Release 6.0(2)U6(3).
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Downgrading to Release 6.0(2)U6(3) from Release 7.0(3)I2(1)
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
ACL TCAM TABLE
Characteristic
• MAC-ACL IPv6 & any QOS needs double-width entries, which means needs at least 2 banks
• Next TCAM Bank will get assigned to Feature which need double Width.
15
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
TCAM for QoS policy
There are 4 types of policy-maps. Banks
• Control-plane --- for control plane policing (CoPP)
• Network-qos
• QoS --- (classification, marking, policing)
• Queuing --- egress queuing and scheduling
If using DSCP/COS as qualifier, don’t need to carve for IPv6. The region for IPv4 will be
used for both IPv4 and IPv6
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
TCAM Carving for QoS Policy on FEX Ports
• VLAN QoS policy applies to FEX ports in the VLAN without using FEX TCAM regions. Only
need the switch-level VLAN QoS regions.
• For port QoS policy on FEX ports, one or more of the following TCAM regions need to be
carved based on the classifiers:
FEX QoS
FEX IPV4 Port QoS [fex-qos]
FEX IPV6 Port QoS [fex-ipv6-qos]
FEX MAC Port QoS [fex-mac-qos]
FEX IPV4 Port QoS Lite [fex-qos-lite]
• When using DSCP/COS as the classifier, can use “fex-qos” or “fex-qos-lite” for both IPv4
and IPv6 port QoS policy on FEX ports.
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
TCAM Carving for QoS Policy on ALE/ALE-2 Ports
12 x 40 GE QSFP+ (on GEM N9K-M12PQ) 6 x 40 GE QSFP+
ALE ALE-2
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
QoS vs QoS-Lite
QoS TCAM regions are double width to support confirm/violate policer statistics in traffic policing.
IPv4 QoS-lite TCAM regions reduce the size to single width
QoS vs QoS-lite:
No difference for classification, marking functions.
No differences in the policing function itself, but QoS provide both confirm and violate statistics
while QoS-lite only provide violate statistics.
Either QoS or QoS-lite TCAM region can be enabled.
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
TCAM sharing for QoS policy
By default TCAM sharing among interfaces or VLANs isn’t enabled. When multiple interfaces or
VLANs have the same QoS policy, one copy of the QoS policy is programed for each interface or
VLAN.
TCAM sharing can be enabled by applying the QoS policy under interfaces or VLANs with the no-stats
option. The configuration command is “service-policy type qos input my-policy no-stats”.
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Nexus 3100 ACL
What has changed from N3000
Total Ingress ACL TCAM is 4096 compared to 2048 of N3000. But Egress ACL TCAM is same, 1024
entries
Default ACL TCAM carving size has changed at ingress due to increased total TCAM size
ARP ACL doesn't need separate ACL TCAM region, SUP TCAM be used for the ARP ACL
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Buffer And Queuing-T2-Nexus9000
• T2 has 12 Mbytes of
Buffer shared by all ports
for all Traffic
• Shared buffer divided Into Control
Control and default service
pool if module is T2 only Control
Shared Shared OOBFC
• Shared buffer divided into Buffer Buffer
Control, default and 12 MB Default 12 MB
OOBFC service Pool if Default
Module is T2 and NS
based
Module with T2 only Module with T2 And NS
22
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Buffer And Queuing-North Star-Nexus9000
Trident II SPAN
ASIC Shared
Buffer
12 x 40G Default
Ethernet
23
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Nexus 3100
Static/Dynamic Buffer
A pool of 12.2 MB Buffer (T2Base) space is divided up among Ingress per port & Egress per port/queue and
Dynamically shared buffer-Nexus3000 T+ base has 9MB of Shared buffer.
Total Buffer Cell Size
12.2M 208 Byte Cells
(59076 Cells) The first Cell of any packet uses 64 Bytes for internal header. Packets larger than 144 Bytes require more
cells.
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Instant Buffer Usage Stats
Buffer polling interval for 7.0
N9K#show hardware internal buffer info pkt-stats mod 1 Release is 500msecs
INSTANCE: 0
---------------------------------------------------------- • Instant Buffer utilization per queue
per port
Output Shared Service Pool Buffer Utilization (in cells)
• One cell represents 208 bytes
SP-0 SP-1 SP-2 SP-3
----------------------------------------------------------- Show hardware internal buffer info pkt-
stats input mod 1
Total Instant Usage 4474 0 89 2939
Remaining Instant • SP-3-Dedicted resource for Control
Usage 25466 0 14255 3405 Traffic
Peak/Max Cells Used 4821 0 327 3060 • SP-0-Resource for Locally Switched
Switch Cell Count 29940 0 14344 6344 Unicast ,Multicast and SPAN
---------------------------------------------------------- • SP-2 Extended Output queue for
show hardware internal ns buffer info pkt-stats Unicast using buffers from North
Star
25
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Broadcom Unified Forwarding Table
T2 has the following Unified Forwarding Table:
SUPPORTED COMBINATIONS
Mode L2 L3 Host LPM
26
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Nexus 3100 Capabilities
Flexible Forwarding Table
4
© 2013-2014 Cisco and/or its affiliates. All rights reserved. 32K 16K 128K N/ACisco Confidential 27
Routing Mode for Nexus9500
LPM Routing Mode Broadcom T2 Mode Cli Command
Default System routing mode 3 (For Line card)
4 (For Fabric Module)
Max-host routing mode 2--Line Card- V6 in LPM System routing max-mode host
3--For Fabric Module
Nonhierarchical routing 3--For Line Card System routing non-hierarchical
mode 4--With max-l3-mode Option [max-l3-mode]
option For Line card
No Routes on Fabric Module
64-bit ALPM routing mode Sub mode of mod 4 for System routing mode
Fabric modules hierarchical 64b-alpm
29
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Consistency Checkers-Mac address Table
N9K# show consistency-checker l2 module 1
Consistency check: PASSED
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen, + - primary entry using vPC Peer-Link,
(T) - True, (F) - False
Missing entries in the HW MAC Table
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
Extra and Discrepant entries in the HW MAC Table
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
30
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
Consistency Checker –Unicast Forwarding
N9K#test consistency-checker forwarding
Consistency check started.
N9K# show consistency-checker forwarding ipv4 unicast module 1
IPV4 Consistency check (in progress): table_id(0x1) slot(1)
Elapsed time : 8257 ms
N9K# show consistency-checker forwarding ipv4 unicast module 1
IPV4 Consistency check : table_id(0x1) slot(1)
Execution time : 13244 ms ()
No inconsistent adjacencies.
No inconsistent routes.
Consistency-Checker: PASS for 1
31
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
Troubleshooting Toolkit
32
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
Bash Support !!!! And Broadcom ASIC shell Access !!!!
• Goes beyond what standard CLI can provide
• Customers demand more capabilities/freedom Creativity
• Feature: bash-shell
• User Role: dev-ops or network-admin or vdc-admin*
• Strongly recommended: Some experience with shell/Linux-Use with extreme care
• Access is provided to each and every instance of the T2 ASIC
• No additional license is required to access the bcm-shell
• Permitted by default role network-admin
• Accounting log available for BCM activity
33
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
BCM Access some Examples hg0 hg11 hg0 hg11
T2 T2
Instance 0 Instance 1
34
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
FEX/Switch Support Matrix - NX-OS Mode
No FEX support on ALE Ports
TOR / Fixed Switches:
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
Modular Switches
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
Best Practices and Common Pitfall
• We do not support Lacp fast timers. Lacp fast configuration should be avoided in VPC peer-
link.
• Loopguard configuration on VPC Peer-link is not recommended.
• We recommend that you use the strict default CoPP policy initially and then later modify the
CoPP policies based on the data center and application requirements.
• Copp should not be disabled. When CoPP is removed, the system will by default limit traffic
to 50pps. Disabling of CoPP will not be allowed starting 7.0(3)I2(1x).
• TCAM Bank chaining or Bank-Mapping is not possible on Nexus 9000.
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
Important Caveats
Qos Clasification is not supported for VXlan traffcic in network-to-access direction
ACL and QOS for VXLAN traffic in the network-to-access direction is not supported.
VxLAN tunnels cannot have more than one underlay next hop on a given underlay port.
VXLAN EVPN ingress replication is supported on Cisco Nexus Series 9300 Series switches.
It is not supported on Cisco Nexus Series 9500 Series switches
ARP suppression is an enhancement provided by the MP-BGP EVPN control plane to
reduce network flooding caused by broadcast traffic from ARP requests.
ISSU is not supported when switches has FEX, VXLAN, NAT, and Segment Routing
configured. Upgrade will be disruptive when configuration for these features are present.
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
Critical Bugs
CSCux04393 - N9K stops responding to ARP request or packets sourced from the N9K
CSCuy34791 – upgrade fails when free space in /tmp folder is below threshold
For example, below two issues are software defects and not a hardware failure.
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
Tech Zone
https://techzone.cisco.com/
Discussions show up in CSE’s work queue
Topic searchable
Big push to move documents here and
eventually move some docs to CCO
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
Internal Documentation
N9K NPI
http://quakeroats.cisco.com/CustAdv/ts/ielc/tst/tstraining/catalog/index.shtml?tab1filter=NPI%20E-
Learning&nomsg=1&crs=npi
N9K FAQ
http://nexus9kaci.cisco.com/product-line/faq
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
Thank You For providing this opportunity
Our Team
Rajesh Gatti Somu Jayaraman
Clayton Sullivan Karthick Murugan
Shridhar V. Dhodapkar
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42