NX-OS 9000

Overview

The NX-OS 9000 node type is used for running Cisco Nexus 9000v, 9300v, and 9500v images. The NX-OS 9000 reference platform is a virtual platform that is designed to simulate a data center switch running Cisco Nexus 9000 software. The VM shares the same software image that runs on Cisco Nexus 9000 hardware platforms, but it does not implement any specific hardware emulation. When the software runs as a virtual machine, line card (LC) ASIC provisioning or any interaction from the control plane to hardware ASIC is handled by a software data plane.

Note: There is limited support for this image from Cisco's Technical Advisory Center. The Cisco Nexus 9000v, 9300v, and 9500v VM images are not intended for use in a production network. They are intended for use with NetDevOps workflows and to enable rapid testing of changes to the network infrastructure or to infrastructure automation tools.

For more details about the VM images associated with the NX-OS 9000 node type, refer to the following resources:

Using N9Kv Nodes in CML

VM Images and Resource Settings

Use the NX-OS 9000 node definition for Nexus 9000v VM images, including the Nexus 9300v and 9500v.

Note that different N9Kv images may require different default settings for the VM's CPU and memory. If you are adding VM images for alternate versions of NX-OS 9000, you can override the NX-OS 9000 node definition's default settings for that specific VM image. For example, the Nexus 95000v 9.3(x) image requires a minimum of 4 vCPUs. When adding a Nexus 9500v image, you can set the image definition's Linux Native > CPUs to 4.

Known Issues

Jumbo frames work by default in the NX-OS 9000 nodes in CML, but configuring MTU on an interface is not supported by NX-OS 9000 until version 9.3(3). To use jumbo frames, change your lab to use a NX-OS 9000 VM image version of 9.3(3) or higher.

Limitations

NX-OS 9000v is performance limited when forwarding traffic. Achieved throughputs are ~2.3 Mb/s when passing traffic through one NX-OS 9000v device, and ~2.19 Mb/s when chained over two NX-OS 9000v devices. Baseline throughput was 307 Mbits/sec.

Features Tested with CML

Each CML release is tested with the bundled version of NX-OS 9000. The tests validate the following features:

Test Name Result
CDP PASS
SVI PASS
Port-security PASS
Port-channel PASS
vPC PASS
DHCP Not supported
Spanning-tree PASS
HSRP PASS
Loopback PASS
Routed port PASS

The lab used for the tests is NX-OS 9500v Feature Tests, which is one of the sample labs included with CML on the Tools > Sample Labs page.

NX-OS 9500v Feature Test Topology

CDP

  • peer device is detected on the interface and listed in the CDP table
  • Neighbor type: IOSvL2
N9K-A(config-if-hsrp)# show cdp neighbors
Capability Codes: R - Router, T - Trans-Bridge, B - Source-Route-Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater,
                  V - VoIP-Phone, D - Remotely-Managed-Device,
                  s - Supports-STP-Dispute

Device-ID          Local Intrfce  Hldtme Capability  Platform      Port ID
C9K-2               mgmt0          127    R S I                   Gig3/0
N9K-B(9H2UNNA5TKE)
                    Eth1/1         156    R S I s   N9K-C9500v    Eth1/1
N9K-B(9H2UNNA5TKE)
                    Eth1/2         156    R S I s   N9K-C9500v    Eth1/2
N9K-1(92JUXDT7O5E)
                    Eth1/3         137    R S I s   N9K-C9500v    Eth1/1
C9K-2               Eth1/4         148    R S I                   Gig0/1

Total entries displayed: 5

SVI

  • Interface VLAN 100 configured with IP address 192.168.253.2
  • Alpine Linux VM in VLAN 100 can successfully ping the interface vlan 100
alpine-0:~$ ping 192.168.253.2
PING 192.168.253.2 (192.168.253.2): 56 data bytes
64 bytes from 192.168.253.2: seq=1 ttl=42 time=4.259 ms
64 bytes from 192.168.253.2: seq=2 ttl=42 time=3.570 ms
64 bytes from 192.168.253.2: seq=3 ttl=42 time=4.395 ms

Port-security

  • Port goes to err-disabled state if there is violation
  • Autorecovery also works, port goes back up if there is no violation

Port-channel

  • Links successfully grouped into etherchannel using LACP
N9K-A# show port-channel summary
--------------------------------------------------------------------------------
Group Port-       Type     Protocol  Member Ports
      Channel
--------------------------------------------------------------------------------
1     Po1(SU)     Eth      LACP      Eth1/1(P)    Eth1/2(P)
11    Po11(SU)    Eth      LACP      Eth1/3(P)
12    Po12(SU)    Eth      LACP      Eth1/4(P)

vPC

  • successful vPC configuration
N9K-A# show vpc
vPC Peer-link status
---------------------------------------------------------------------
id    Port   Status Active vlans
--    ----   ------ -------------------------------------------------
1     Po1    up     1,100


vPC status
----------------------------------------------------------------------------
Id    Port          Status Consistency Reason                Active vlans
--    ------------  ------ ----------- ------                ---------------
11    Po11          up     success     success               1,100

12    Po12          up     success     success               1,100

DHCP

Not supported on NX-OS 9000v

SPANNING-TREE

  • Spanning-tree successfully calculates a loop-free topology for every VLAN
N9K-A# show spanning-tree vlan 100

VLAN0100
  Spanning tree enabled protocol rstp
  Root ID    Priority    24676
             Address     5214.55bb.1b08
             This bridge is the root
             Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    24676  (priority 24576 sys-id-ext 100)
             Address     5214.55bb.1b08
             Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po1              Desg FWD 3         128.4096 (vPC peer-link) Network P2p
Po11             Desg FWD 1         128.4106 (vPC) P2p
Po12             Desg FWD 1         128.4107 (vPC) P2p

HSRP

  • HSRP configured on two N9K devices
  • VM can successfully ping HSRP IP address
  • Verification: failover test

Loopback

  • Loopback address configured on N9K
Lo0                  172.31.255.1    protocol-up/link-up/admin-up

Routed Port

  • Interface eth1/4 configured as routed port
  • VM can successfully ping the IP address set on eth1/4
Interface            IP Address      Interface Status
Eth1/4               10.10.10.1      protocol-up/link-up/admin-up

Interface counters

  • Interface counters work in image version 3.2.6
  • In previous versions they were always 0
N9K-1# show interface ethernet 1/3

<--- output omitted --->

  RX
    844 unicast packets  0 multicast packets  1641 broadcast packets
    2485 input packets  641546 bytes
    0 jumbo packets  0 storm suppression packets
    0 runts  0 giants  0 CRC  0 no buffer

  TX
    839 unicast packets  13845 multicast packets  1 broadcast packets
    14685 output packets  959012 bytes
    0 jumbo packets
    0 output error  0 collision  0 deferred  0 late collision