Chapter 1: Introduction to Cisco NX-OS
Excerpt from NX-OS and Cisco Nexus Switching: Next-Generation Data Center Architectures. | |
By Kevin Corbin, Ron Fuller, and David Jansen Published by Cisco Press ISBN-10: 1-58705-892-8 ISBN-13: 978-1-58705-892-9 |
E-mail this to a friend
This chapter provides an introduction and overview of NX-OS and a comparison between traditional IOS and NX-OS configurations and terminology. The following sections will be covered in this chapter:
NX-OS Overview
NX-OS User Modes
Management Interfaces
Managing System Files
NX-OS Overview
Cisco built the next-generation data center-class operating system designed for maximum scalability and application availability. The NX-OS data center-class operating system was built with modularity, resiliency, and serviceability at its foundation. NX-OS is based on the industry-proven Cisco Storage Area Network Operating System (SAN-OS) Software and helps ensure continuous availability to set the standard for mission-critical data center environments. The self-healing and highly modular design of Cisco NX-OS enables for operational excellence increasing the service levels and enabling exceptional operational flexibility. Several advantages of Cisco NX-OS include the following:
Unified data center operating system
Robust and rich feature set with a variety of Cisco innovations
Flexibility and scalability
Modularity
Virtualization
Resiliency
IPv4 and IPv6 IP routing and multicast features
Comprehensive security, availability, serviceability, and management features
Key features and benefits of NX-OS include
Virtual device contexts (VDC): Cisco Nexus 7000 Series switches can be segmented into virtual devices based on customer requirements. VDCs offer several benefits such as fault isolation, administration plane, separation of data traffic, and enhanced security.
Virtual Port Channels (vPC): Enables a server or switch to use an EtherChannel across two upstream switches without an STP-blocked port to enable use of all available uplink bandwidth.
Continuous system operation: Maintenance, upgrades, and software certification can be performed without service interruptions due to the modular nature of NX-OS and features such as In-Service Software Upgrade (ISSU) and the capability for processes to restart dynamically.
Security: Cisco NX-OS provides outstanding data confidentiality and integrity, supporting standard IEEE 802.1AE link-layer cryptography with 128-bit Advanced Encryption Standard (AES) cryptography. In addition to CTS, there are many additional security features such as access control lists (ACL) and port-security, for example.
Base services: The default license that ships with NX-OS covers Layer 2 protocols including such features such as Spanning Tree, virtual LANs (VLAN), Private VLANS, and Unidirectional Link Detection (UDLD).
Enterprise Services Package: Provides Layer 3 protocols such as Open Shortest Path First (OSPF), Border Gateway Protocol (BGP), Intermediate System-to-Intermediate System (ISIS), Enhanced Interior Gateway Routing Protocol (EIGRP), Policy-Based Routing (PBR), Protocol Independent Multicast (PIM), and Generic Routing Encapsulation (GRE).
Advanced Services Package: Provides Virtual Device Contexts (VDC), Cisco Trustsec (CTS), and Overlay Transport Virtualization (OTV).
Transport Services License: Provides Overlay Transport Virtualization (OTV) and Multiprotocol Label Switching (MPLS) (when available).
Example 1-1 shows the simplicity of installing the NX-OS license file.
Example 1-1 Displaying and Installing the NX-OS License File
! Once a license file is obtained from Cisco.com and copied to flash, it can be in- stalled for the chassis. ! Displaying the host-id for License File Creation on Cisco.com: congo# show license host-idLicense hostid: VDH=TBM14404807! Installing a License File:congo# install license bootflash:license_file.licInstalling license ..donecongo#
Note - NX-OS offers feature testing for a 120-day grace period. Here is how to enable a 120-day grace period:
congo(config)# license grace-period
The feature is disabled after the 120-day grace period begins. The license grace period is enabled only for the default admin VDC, VDC1.
Using the grace period enables customers to test, configure, and fully operate a feature without the need for a license to be purchased. This is particularly helpful for testing a feature prior to purchasing a license.
NX-OS Supported Platforms
NX-OS data center-class operating system, designed for maximum scalability and application availability, has a wide variety of platform support, including the following:
Nexus 7000
Nexus 5000
Nexus 2000
Nexus 1000V
Cisco MDS 9000
Cisco Unified Computing System Manager (UCS)
Nexus 4000
Cisco NX-OS and Cisco IOS Comparison
If you are familiar with traditional Cisco IOS command-line interface (CLI), the CLI for NX-OS is similar to Cisco IOS. There are key differences that should be understood prior to working with NX-OS, however:
When you first log into NX-OS, you go directly into EXEC mode.
NX-OS has a setup utility that enables a user to specify the system defaults, perform basic configuration, and apply a predefined Control Plane Policing (CoPP) security policy.
NX-OS uses a feature-based license model. An Enterprise or Advanced Services license is required depending on the features required.
A 120-day license grace period is supported for testing, but features are automatically removed from the configuration after the expiration date is reached.
NX-OS has the capability to enable and disable features such as OSPF, BGP, and so on via the feature configuration command. Configuration and verification commands are not available until you enable the specific feature.
Interfaces are labeled in the configuration as Ethernet. There aren’t any speed designations in the interface name. Interface speed is dynamically learned and reflected in the appropriate show commands and interface metrics.
NX-OS supports Virtual Device Contexts (VDC), which enable a physical device to be partitioned into logical devices. When you log in for the first time, you are in the default VDC.
The Cisco NX-OS has two preconfigured instances of VPN Routing Forwarding (VRF) by default (management, default). By default, all Layer 3 interfaces and routing protocols exist in the default VRF. The mgmt0 interface exists in the management VRF and is accessible from any VDC. If VDCs are configured, each VDC has a unique IP address for the mgmt0 interface.
Secure Shell version 2 (SSHv2) is enabled by default. (Telnet is disabled by default.)
Default login administrator user is predefined as admin; a password has to be specified when the system is first powered up. With NX-OS, you must enter a username and password; you cannot disable the username and password login. In contrast, in IOS you can simply type a password; you can optionally set the login to require the use of a username.
NX-OS uses a kickstart image and a system image. Both images are identified in the configuration file as the kickstart and system boot variables; this is the same as the Cisco Multilayer Director Switch (MDS) Fibre Channel switches running SAN-OS.
NX-OS removed the write memory command; use the copy running-config startup-config; there is also the alias command syntax.
The default Spanning Tree mode in NX-OS is Rapid-PVST+.
Caution - In NX-OS, you have to enable features such as OSPF, BGP, and CTS; if you remove a feature via the no feature command, all relevant commands related to that feature are removed from the running configuration.
For example, when configuring vty timeouts and session limits, consider Example 1-2, which illustrates the difference between IOS and NX-OS syntax.
Example 1-2 vty Configurations and Session Limits, Comparing the Differences Between Traditional IOS and NX-OS
! IOS:congo#congo(config)# line vty 0 9congo(config)# exec-timeout 15 0congo(config)# logincongo# copy running-config startup-config-----------------------------------------------------------------! NX-OS:congo(config)# line vtycongo(config)# session-limit 10congo(config)# exec-timeout 15congo# copy running-config startup-config
NX-OS User Modes
Cisco NX-OS CLI is divided into command modes, which define the actions available to the user. Command modes are “nested” and must be accessed in sequence. As you navigate from one command mode to another, an increasingly larger set of commands become available. All commands in a higher command mode are accessible from lower command modes. For example, the show commands are available from any configuration command mode. Figure 1-1 shows how command access builds from EXEC mode to global configuration mode.
NX-OS Command Access from EXEC Mode to Global Configuration Mode
EXEC Command Mode
When you first log in, Cisco NX-OS Software places you in EXEC mode. As demonstrated in Example 1-3, the commands available in EXEC mode include the show commands that display device status and configuration information, the clear commands, and other commands that perform actions that you do not save in the device configuration.
Example 1-3 Cisco NX-OS EXEC Mode
Congo# show interface ethernet 1/15Ethernet1/15 is down (SFP not inserted) Hardware: 10000 Ethernet, address: 001b.54c2.bbc1 (bia 001b.54c1.e4da) MTU 1500 bytes, BW 10000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA auto-duplex, auto-speed Beacon is turned off Auto-Negotiation is turned off Input flow-control is off, output flow-control is off Switchport monitor is off Last link flapped never Last clearing of “show interface” counters never 30 seconds input rate 0 bits/sec, 0 packets/sec 30 seconds output rate 0 bits/sec, 0 packets/sec Load-Interval #2: 5 minute (300 seconds) input rate 0 bps, 0 pps; output rate 0 bps, 0 pps L3 in Switched: ucast: 0 pkts, 0 bytes - mcast: 0 pkts, 0 bytes L3 out Switched: ucast: 0 pkts, 0 bytes - mcast: 0 pkts, 0 bytes! Output omitted for brevityCongo#
Global Configuration Command Mode
Global configuration mode provides access to the broadest range of commands. The term global indicates characteristics or features that affect the device as a whole. You can enter commands in global configuration mode to configure your device globally or enter more specific configuration modes to configure specific elements such as interfaces or protocols as demonstrated here:
Nx7000# conf tNx7000(config)# interface ethernet 1/15
Interface Configuration Command Mode
One example of a specific configuration mode that you enter from global configuration mode is interface configuration mode. To configure interfaces on your device, you must specify the interface and enter interface configuration mode.
You must enable many features on a per-interface basis. Interface configuration commands modify the operation of the interfaces on the device, such as Ethernet interfaces or management interfaces (mgmt 0).
Example 1-4 demonstrates moving between the different command modes in NX-OS.
Example 1-4 Interface Ethernet1/5 Is a 10Gigabit Ethernet Interface—Show How the Interface Is Designated at Ethernet and Not Interface Ten1/15.
congo# conf tcongo(config)# interface ethernet 1/15congo(config-if)# exitCongo# show interface ethernet 1/15Ethernet1/15 is down (SFP not inserted) Hardware: 10000 Ethernet, address: 001b.54c2.bbc1 (bia 001b.54c1.e4da) MTU 1500 bytes, BW 10000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA auto-duplex, auto-speed Beacon is turned off Auto-Negotiation is turned off Input flow-control is off, output flow-control is off Switchport monitor is off Last link flapped never Last clearing of “show interface” counters never 30 seconds input rate 0 bits/sec, 0 packets/sec 30 seconds output rate 0 bits/sec, 0 packets/sec Load-Interval #2: 5 minute (300 seconds) input rate 0 bps, 0 pps; output rate 0 bps, 0 pps L3 in Switched: ucast: 0 pkts, 0 bytes - mcast: 0 pkts, 0 bytes L3 out Switched: ucast: 0 pkts, 0 bytes - mcast: 0 pkts, 0 bytesCongo#
NX-OS supports different Ethernet interface types such as Gigabit Ethernet and 10-Gigabit Ethernet interfaces. All interfaces are referred to Ethernet; NX-OS does not designate Gigabit or 10-Gigabit Ethernet interfaces. In Example 1-4, interface 1/15 is a 10-Gigabit Ethernet interface.
Management Interfaces
NX-OS has many different type of management interfaces, all of which the following section covers: