|
Software Feature
|
Description
|
|
Virtual device contexts (VDCs)
|
VDCs emulate a virtual device. Each VDC has its own software processes, dedicated hardware resources (interfaces), and independent management environment.
|
|
Cisco In Service Software Upgrade (ISSU)
|
Cisco ISSU provides the capability to perform transparent software upgrades on platforms with redundant supervisors.
|
|
Process survivability
|
Individual processes can be restarted independently without loss of state information and without affecting data forwarding. Highly stateful processes such as IP routing protocols are restarted using standards-based non-stop forwarding (NSF) graceful restart mechanisms, and other processes use a local persistent storage service (PSS) to maintain their state.
|
|
Support for distributed and parallel processing
|
Cisco NX-OS is designed to support distributed multithreaded processing on symmetric multiprocessors (SMPs), multicore CPUs, and distributed line card processors.
|
|
Stateful supervisor failover
|
Redundant supervisors are kept synchronized at all times to enable rapid stateful supervisor failover.
|
|
Modular software fix capability
|
Fixes addressing caveats in the software are developed modularly and can be quickly incorporated into the software image.
|
|
Network-based availability
|
• Spanning Tree Protocol enhancements, to guarantee the health of the Spanning Tree Protocol control plane
• Unidirectional Link Detection (UDLD) Protocol
• NSF graceful restart of routing protocols
• Millisecond timers for first-hop resiliency protocols
• Shortest-path first (SPF) optimizations (link-state advertisement [LSA] pacing and incremental SPF)
• IEEE 802.3ad link aggregation with adjustable timers
|
|
Switched Port Analyzer (SPAN)
|
SPAN nonintrusively directs copies of the traffic on selected ports to a destination port that may have an external analyzer attached to it.
|
|
Embedded packet analyzer
|
The built-in packet analyzer helps monitor and troubleshoot control plane traffic.
|
|
Cisco Generic Online Diagnostics (GOLD)
|
Cisco GOLD is a suite of diagnostic facilities to verify that hardware and internal data paths are operating as designed. Boot-time diagnostics, continuous monitoring, and on-demand and scheduled tests are part of the Cisco GOLD feature set.
|
|
Cisco Embedded Event Manager (EEM)
|
Based on a set of configurable network events, Cisco EEM can initiate user-defined actions; for example, it can generate syslog notifications or even send commands from the command-line interface (CLI) to modify traffic routing.
|
|
Cisco Netflow
|
Cisco NX-OS implementation of Netflow supports version 5 and version 9 exports as well as the Flexible Netflow configuration model and hardware-based Sampled Netflow for enhanced scalability.
|
|
Smart Call Home
|
Smart Call Home continuously monitors hardware and software components to provide e-mail-based notification of critical system events.
|
|
Simple Network Management Protocol (SNMP)
|
Cisco NX-OS complies with SNMP Versions 1, 2, and 3. A rich collection of MIBs is supported.
|
|
Programmatic Extensible Markup Language (XML) interface
|
The XML interface provides a consistent API for the device.
|
|
Configuration verification and rollback
|
The consistency of a configuration can be verified, along with the availability of necessary hardware resources, prior to committing the configuration. Configurations are also checkpointed to allow operators to roll back to a known good configuration as needed.
|
|
Role-based access control (RBAC)
|
Different levels of management privileges can be customized for different users.
|
|
Connectivity management processor (CMP) support
|
Cisco NX-OS supports the use of a CMP for remote "lights-out" management of the platform. The CMP aids operations by providing an out-of-band access channel to the Cisco NX-OS console.
|
|
Ethernet switching
|
• Rapid Per VLAN Spanning Tree Plus (PVST+) (IEEE 802.1D-2004 and 802.1w)
• Multi-Instance Spanning Tree Protocol (MISTP) (IEEE 802.1Q and 802.1s)
• IEEE 802.1Q VLANs and trunks
• 16,384 VLANs
• IEEE 802.3ad link aggregation
• Private VLANs and cross-chassis private-VLANs
• Unidirectional Link Detection (UDLD) Protocol in Aggressive and Standard modes
• Traffic suppression (unicast, multicast, and broadcast), SST
• Spanning Tree Protocol enhancements: bridge protocol data unit (BPDU) guard, loop guard, root guard, BPDU filters, and bridge assurance
• Jumbo frame support
|
|
Seamless Spanning Tree (SST) Protocol
|
This extension to the Spanning Tree Protocol allows user traffic to remain uninterrupted during ISSU+ operations when connecting to SST-aware switches.
|
|
Bridge assurance for Spanning Tree Protocol
|
This protocol enhances the Spanning Tree Protocol to prevent bridging loops caused by continuous data forwarding in the absence of an operational Spanning Tree Protocol control plane. Control plane failures can be caused by a software glitch or undetected unidirectional links.
|
|
IP routing
|
The following protocols are supported with the graceful restart function:
• Open Shortest Path First (OSPF) Protocol Versions 2, and 3 (IPv6)
• Intermediate System-to-Intermediate System (IS-IS) Protocol
• Border Gateway Protocol (BGP)
• Enhanced Interior Gateway Protocol (EIGRP)
• Routing Information Protocol (RIP) Version 2
|
|
IP services
|
The following IP services are supported in Cisco NX-OS Release 4.0:
• Virtual Routing and Forwarding (VRF)
• Dynamic Host Configuration Protocol (DHCP) relay
• Unicast Reverse Path Forwarding (uRPF)
• Hot-Standby Routing Protocol (HSRP)
• Virtual Router Redundancy Protocol (VRRP)
• Gateway Load Balancing Protocol (GLBP)
• Enhanced object tracking (EOT)
• Policy-based routing (PBR)
• Generic routing encapsulation (GRE) tunneling
|
|
IP Multicast
|
• Protocol Independent Multicast Version 2 (PIMv2)
• Source Specific Multicast (SSM)
• PIM Sparse mode (Any Source Multicast [ASM]) (IPv4 and IPv6)
• Bidirectional Protocol Independent Multicast (Bidir PIM)
• Anycast Rendezvous Points (RP)
• Multicast NSF for IPv4 and IPv6
• Rendezvous point discovery using Bootstrap Router (BSR), Auto-RP, and Static mode
• Internet Group Management Protocol (IGMP) Version 1, 2, and 3 router role
• IGMPv2 host mode
• IGMP snooping
• Multicast Listener Discovery (MLD) Protocol Version 2 (for IPv6)
• Multicast Source Discovery Protocol (MSDP) (for IPv4 only)
|
|
Quality of service (QoS)
|
The following QoS functions are supported in the Cisco Modular QoS CLI (MQC) framework:
• Ingress and egress queuing and scheduling
• Traffic classification based on QoS class (class of service [CoS], IP precedence, or differentiated services code point [DSCP]) and protocol fields
• Traffic marking or remarking
• QoS class (CoS, IP precedence, or DSCP) mutation
• Ingress and egress aggregate and color-aware policing
|
|
Cisco TrustSec
|
The Cisco TrustSec security suite provides these features:
• Data confidentiality and integrity with IEEE 802.1AE 128-bit Advanced Encryption Standard (AES) link-layer cryptography
• Network device and host authentication using IEEE 802.1x
• Scalable network access control with security group access control lists (SGACLs)
|
|
Network security
|
Beyond Cisco TrustSec, Cisco NX-OS Release 4.0 delivers the following security features:
• Intrusion detection system (IDS) for protocol conformance checks.
• Control plane policing (CoPP)
• MD5 routing protocol authentication
• Cisco Integrated Security Features (CISF) including:
• Dynamic Address Resolution Protocol (ARP) inspection (DAI)
• DHCP snooping
• IP source guard
• Authentication, authorization, and accounting (AAA) and TACACS+
• Secure Shell (SSH) Protocol Version 2
• SNMPv3 support
• Port security
• IEEE 802.1x authentication and RADIUS support
• Layer 2 Cisco Network Access Control (NAC) and LAN-port-IP
• Named ACLs: Port ACLs (PACLs), VLAN ACLs (VACLs), and router ACLs (RACLs) support policies based on MAC and IPv4 addresses
|
