Cisco Open NX-OS is a unique multi-process state-sharing architecture that separates an element's state from parent processes. This reflects Cisco’s core software design philosophy and enables fault recovery and real-time software updates on a process-level basis without affecting the running state of the system.

Protocol routing and switching processes, security functions, management processes, and even device drivers are decoupled from the kernel. These modules and processes run in user space, not in kernel space, which ensures process control system stability. The modular nature of the system allows for the update and restart of individual switch processes without requiring a switch reload.

The same binary image of NX-OS can be deployed across any family of Nexus 9000 and Nexus 3000 Series Switches. This improves the feature compatibility across platforms and ensures consistency in defect resolution. It also makes it much simpler for users to deploy, certify and validate new releases in their data center environment, and makes code portable across the environment.

Process Isolation and Scheduling

The Linux kernel backing Cisco Open NX-OS is a multi-tasking kernel leveraging the Linux Completely Fair Process Scheduler. The process scheduler within the kernel coordinates which processes are allowed to run at any given time, scheduling CPU equally amongst all user and NX-OS system processes. By taking scheduling class/policy and process priorities into account to balance processes between multiple CPU cores in SMP systems, the CPU cycles are maintained in fair access to maintain system stability.

Shell Environment

Cisco Nexus switches support direct Bourne Again SHell (Bash) access. With Bash, you can access the underlying Linux system on the device to manage the system. Most importantly, by providing users unrestricted access to the Linux shell, users can now leverage data center automation tools, which can utilize bash scripting and Linux interfaces natively. Access to the bash shell is controlled through RBAC. Users who are able to gain access can write shell scripts which leverage the network in a similar fashion for other parts of the IT organization.

Process Patching

The Open NX-OS Linux kernel's process isolation allows patching and modification of software independent of the traditional Cisco software release cycles. Features and fixes can be delivered in a more agile fashion to the end user. Modifications to the system can be released to users in the form of patches which can be installed without the need to reload the device being patched. An example of this might be the installation of security fixes for packages such as OpenSSL or OpenSSH

Process Restartability

Processes within Open NX-OS can be restarted on-demand without affecting other processes, and will automatically be restarted in the event of an unexpected exit condition.

Process restart via NX-OS:

Copyn9k-sw-1(config)# router bgp 65000  
n9k-sw-1(config-router)# restart bgp 65000  
%BGP-5-ADJCHANGE:  bgp-65000 [9224] (default) neighbor 192.168.1.2 Up  

For example, we can kill the BGP process and see that it is automatically restarted by NX-OS.

Automatic process restartability:

root 17073 5900 0 00:11 ? 00:00:00 /isan/bin/routing-sw/bgp -t 65000
admin 17137 17132 0 00:13 pts/2 00:00:00 grep bgp

bash-4.2$ sudo kill -9 17073
bash-4.2$ ps -ef | grep bgp
root 17221 5900 34 00:13 ? 00:00:01 /isan/bin/routing-sw/bgp -t 65000
admin 17258 17132 0 00:13 pts/2 00:00:00 grep bgp
bash-4.2$