NX-OS - Some Software For all that New Nexus 7000 Hardware

NEWS FLASH - Cisco has released a new operating system for the new Nexus 7000 series switches: NX-OS. ;-)

NX-OS is based on the MDS series SAN-OS with a Cisco IOS CLI interface. NX-OS delivers a set of impressive software features all designed to provide 100% uptime and zero packet loss for traffic. Cisco understands we are entering, if not already in, a zero-defect world. Cisco is building products that operate in that manner.

As I mentioned, NX-OS is built on SAN-OS because of its inherent high-availability in SANs, but includes technologies from many areas. The Layer-3 routing code came from Cisco's aquisition of Procket several years ago. Procket was a startup focused on high-performance routing. It folded at the end of the boom and Cisco bought its technology and engineers, including Tony Li. The Layer-2 code came from Cisco's Catalyst team and the CLI is IOS.

The overriding goal of NX-OS is zero downtime. To achieve this lofty goal, NX-OS provides many features; some new and some already available in other Cisco (and competitor) operating systems.

NX-OS's In Service Software Upgrade (ISSU) provides the capability to perform transparent software upgrades on platforms with redundant supervisors, minimizing downtime and allowing customers to integrate the newest features and functions with little or no impact to network operation. Essentially, with dual supervisors that fail between each other without packet loss, a software upgrade can be done on one supervisor, a statefull switchover (SSO) occurs, and the second supervisor is upgraded. ISSU uses a Persistent Storage Service (PSS) to track the state of most processes and uses the standard-based graceful restart (NSF-GR) process for routing protocols. This can be done for major software upgrades or simple patches.

While in operation, NX-OS has process survivability. Process survivability ensures critical processes are run in protected memory space and independently from each other and the kernel. This provides granular service isolation and fault containment. So, if OSPF fails, it won't take down spanning-tree. Using NSF-GR, the OSPF process is restarted without needing to reboot the entire switch. All other processes run without impact.

For day-to-day management, Cisco included Generic Online Diagnostics (GOLD), Embedded Event Manager (EEM), Switch Port Analyzer (SPAN), Smart Call Home, and a XML API for device management. Plus, configuration verification and rollback is included. This has been around since IOS 12.3T, but was much too "new" for most networks (yes, part of JunOS). Having used this on JunOS, I can't tell you how nice that feature is.

NX-OS also removes "obsolete functions in order to harden the operating system". The thinking is to get rid of old features that no one uses anymore to reduce the possibilities of bugs. One of the technologies removed was PIM Dense Mode. I'm sure IPX isn't included either. ;-)

While all of these are very impressive, the pinnacle of new features is Virtual Device Contexts (VDCs). VDCs create logical switches out of a single physical switch. This is like VMware for Cisco. Not only does it mean separation of control, limited fault domains, and increased hardware capabilities, it also has radical effects on network design. I'll cover VDCs in a forthcoming blog, but, needless to say, it's an impressive technology.

The NX-OS software lifecycle seems similar to the SX-series for 7600s/6500s. There is a major release every 36 months (4.0, 5.0, 6.0, etc), feature releases every 6 months (4.1, 4.2, 4.3), and maintenance releases ever 4-6 weeks (4.1(1), 4.1(2), 4.1(3)). This is all tied into a general deployment, mature maintenance, and end-of-life program.

Overall, I'm impressed, especially with VDCs. I'd like these features availabile in all Cisco operating systems.

I have two problems with NX-OS. First, as I have mentioned before, it's another software line to manage. Yes, it may look like IOS, but it's not IOS. It has different features, bugs, versions, and supportability concerns. Many enterprises are looking at managing 4-5 types of Cisco software (IOS, IOS-modular, SAN-OS, NX-OS, and ASA/PIX); some six (for those with enough $$$s to get IOS-XR). This is just another software version to learn, understand, track, and test/verify.

Second, in grand Cisco tradition, there are three different types of NX-OS: Standard, Enterprise, and Advanced. IP Routing isn't even included with standard. That makes it look like a 3750 SMI. VDCs aren't included until you get to Advanced, so get ready to pay for the true power of the Nexus. NX-OS and the Nexus 7000 weren't expensive and complicated enough; let's try to ring some more money out of the product. I think Cisco was over thinking this part (marketing people). The Nexus 7000 is a core DC box. Trying to differentiate its use based on software feature sets is silly and petty.