Cisco recently announced the availability of the IOS XE train –IOS XE Cupertino 17.8.1. This is astandard maintenance releasesupporting switching, wireless, SP-Access, Routing as well as IoT (Internet of things) platforms with a sustaining support lifetime of twelve months and two scheduled rebuilds. As aunified softwarerelease for Enterprise Networking, it adds support fornew software featuresand introducesnew platformsacross various Enterprise Networking technology areas.
In this blog, we will discuss new software features that this release brings to the Catalyst 9000 switching platforms.
Below is a high-level list of features and enhancements that were added across Platform/Infra, Security, Routing/Overlay Solutions, and Programmability on the Catalyst 9000 Switching Platforms.
New Feature Support with IOS XE on Catalyst 9000 Switching Platforms
Time Sensitive Networking is critical in Financial, Broadcast, Automotive, Defense, Telecom and Manufacturing industries. We continue to add features and expand support across multiple platforms for seamless onboarding of time sensitive applications onto Ethernet networks.
IOS XE 17.8.1 introducessupport for theG.8275.1 profile for PTP. This profile is typically used in mobile cellular systems that require accurate synchronization of time and phase, specifically the fourth generation (4G) and fifth generation (5G) of mobile telecommunications technology. This profile has been enabled across theCatalyst 9300, 9500, and 9600 series.
Furthermore, with IOS XE 17.8.1, we have support for Sub-interface QoS on the new Catalyst 9500X and 9600X platforms. Policies can be applied to the sub-interface with a limit of 2Q per sub-interface and 8Q on the main interface.
With IOS XE 17.8.1, we also have the addition of Catalyst 9300 System Power Reporting. With the "show power module" command, we can view theInstantaneous Power (power that is utilized at any given time), Peak Power (maximum power that is consumed by the system in the time it has been powered up), andReset Power (power the system is allocated in the reset mode).
For security with IOS XE 17.8.1, we introduce Multicast over IPsec, which builds on the IPsec capabilities of the Catalyst 9300X—this gives us the capability to route both IPv4 and IPv6 Multicast over IPsec tunnels on the Catalyst 9300X platform and puts the Catalyst 9300X's100G L3 HW Encryption capabilities to further use.
We also introduce WAN MACsec support for the Catalyst 9500X and 9600X platforms. With support overL2 MPLS, VPLS, EoMPLS, QinQ, and Multiple Point to Point connection types, AES 128 and AES 256-bit encryption, and line rate on the Catalyst 9500X and Catalyst 9600X platforms, we are further securing the wide area network. HSEC License is required to enableWAN MACsec on the Catalyst 9500X and 9600X switches.
Lastly, with the IOS XE 17.8.1 security additions, we introduce SW SUDI 2099 Enablement. The Software Secure Unique Device Identity (SUDI) certificates are used by Catalyst 9000 switches as their device certificate for applications to authenticate such as HTTPS and SSL.SUDI certificates are provisioned on a hardware chip on the switch. Current SUDI certs will be expiring in either 2029 or 2037, giving most switches less than ten years of use of the SUDI certs. New SUDI certs, which will be expiring in 2099, are being provisioned during manufacturing. From IOS XE 17.8.1, the 2099 SUDI cert can be read and initialized from the hardware chip if the SUDI99 cert is present.
Previously, we had TRM support for L3 Multicast in an EVPN fabric, and now, in IOS XE 17.8.1, we introduce L2 TRM for EVPN fabric. With this enhancement, we route Multicast traffic to only those leaf’s who have an active receiver. Without this feature, all L2 Leaf’s would receive the packets and the ones without receivers would drop them. Now, with L2 TRM, only the L2 Leaf’s with active receivers will receive the packets (as seen in the diagram to the left). This enables better scale, performance, and security.
Finally, for Programmability & Automation with IOS XE 17.8.1, we introduce thegNMI Native Configuration Yang Model. This YANG model can be used to manage the gNMI infrastructure from any of the YANG based API’s. Furthermore, we also introduce theGuest Shell High Availability Guest-Share Folder Sync, which brings high availability (HA) to the Guest-Share folder within Guest Shell. This HA functionality will allow files stored within the Guest-Share folder to be maintained during N+1 stack failovers.When a failover event occurs, the data in /bootflash/guest-share is available on the standby switch. The linux inotify method is used to immediately sync files from the active guest-share to the standby switch so that Guest Shell scripts and files are always available.
These key enhancements and new features introduced with IOS XE 17.8.1 enrich the Catalyst Switching portfolio and make it ready to meet future demands.
For a complete List of Features, Release Notes, and Configuration Guide related to the IOS XE 17.8.1 release, please see the resource:Cisco IOS XE Cupertino 17.8.1