Introduction to Cisco NX-OS
The following sections will be covered in this chapter:
- NX-OS Overview
- NX-OS User Modes
- Management Interfaces
- Managing System Files
Cisco built the next-generation data center-class operating system designed for maximum scalability and application availability. The NX-OS data center-class operating system was built with modularity, resiliency, and serviceability at its foundation. NX-OS is based on the industry-proven Cisco Storage Area Network Operating System (SAN-OS) Software and helps ensure continuous availability to set the standard for mission-critical data center environments. The self-healing and highly modular design of Cisco NX-OS enables for operational excellence increasing the service levels and enabling exceptional operational flexibility. Several advantages of Cisco NX-OS include the following:
- Unified data center operating system
- Robust and rich feature set with a variety of Cisco innovations
- Flexibility and scalability
- IPv4 and IPv6 IP routing and multicast features
- Comprehensive security, availability, serviceability, and management features
Key features and benefits of NX-OS include
- Virtual device contexts (VDC): Cisco Nexus 7000 Series switches can be segmented into virtual devices based on customer requirements. VDCs offer several benefits such as fault isolation, administration plane, separation of data traffic, and enhanced security.
- Virtual Port Channels (vPC): Enables a server or switch to use an EtherChannel across two upstream switches without an STP-blocked port to enable use of all available uplink bandwidth.
- Continuous system operation: Maintenance, upgrades, and software certification can be performed without service interruptions due to the modular nature of NX-OS and features such as In-Service Software Upgrade (ISSU) and the capability for processes to restart dynamically.
- Security: Cisco NX-OS provides outstanding data confidentiality and integrity, supporting standard IEEE 802.1AE link-layer cryptography with 128-bit Advanced Encryption Standard (AES) cryptography. In addition to CTS, there are many additional security features such as access control lists (ACL) and port-security, for example.
- Base services: The default license that ships with NX-OS covers Layer 2 protocols including such features such as Spanning Tree, virtual LANs (VLAN), Private VLANS, and Unidirectional Link Detection (UDLD).
- Enterprise Services Package: Provides Layer 3 protocols such as Open Shortest Path First (OSPF), Border Gateway Protocol (BGP), Intermediate System-to-Intermediate System (ISIS), Enhanced Interior Gateway Routing Protocol (EIGRP), Policy-Based Routing (PBR), Protocol Independent Multicast (PIM), and Generic Routing Encapsulation (GRE).
- Advanced Services Package: Provides Virtual Device Contexts (VDC), Cisco Trustsec (CTS), and Overlay Transport Virtualization (OTV).
- Transport Services License: Provides Overlay Transport Virtualization (OTV) and Multiprotocol Label Switching (MPLS) (when available).
Example 1-1 shows the simplicity of installing the NX-OS license file.
Example 1-1. Displaying and Installing the NX-OS License File
! Once a license file is obtained from Cisco.com and copied to flash, it can be in-
stalled for the chassis.
! Displaying the host-id for License File Creation on Cisco.com:congo# show license host-id License hostid: VDH=TBM14404807 ! Installing a License File: congo# install license bootflash:license_file.lic Installing license ..done congo#
Using the grace period enables customers to test, configure, and fully operate a feature without the need for a license to be purchased. This is particularly helpful for testing a feature prior to purchasing a license.
NX-OS Supported Platforms
NX-OS data center-class operating system, designed for maximum scalability and application availability, has a wide variety of platform support, including the following:
- Nexus 7000
- Nexus 5000
- Nexus 2000
- Nexus 1000V
- Cisco MDS 9000
- Cisco Unified Computing System (UCS)
- Nexus 4000
Cisco NX-OS and Cisco IOS Comparison
If you are familiar with traditional Cisco IOS command-line interface (CLI), the CLI for NX-OS is similar to Cisco IOS. There are key differences that should be understood prior to working with NX-OS, however:
- When you first log into NX-OS, you go directly into EXEC mode.
- NX-OS has a setup utility that enables a user to specify the system defaults, perform basic configuration, and apply a predefined Control Plane Policing (CoPP) security policy.
- NX-OS uses a feature-based license model. An Enterprise or Advanced Services license is required depending on the features required.
- A 120-day license grace period is supported for testing, but features are automatically removed from the configuration after the expiration date is reached.
- NX-OS has the capability to enable and disable features such as OSPF, BGP, and so on via the feature configuration command. Configuration and verification commands are not available until you enable the specific feature.
- Interfaces are labeled in the configuration as Ethernet. There aren't any speed designations in the interface name. Interface speed is dynamically learned and reflected in the appropriate show commands and interface metrics.
- NX-OS supports Virtual Device Contexts (VDC), which enable a physical device to be partitioned into logical devices. When you log in for the first time, you are in the default VDC.
- The Cisco NX-OS has two preconfigured instances of VPN Routing Forwarding (VRF) by default (management, default). By default, all Layer 3 interfaces and routing protocols exist in the default VRF. The mgmt0 interface exists in the management VRF and is accessible from any VDC. If VDCs are configured, each VDC has a unique IP address for the mgmt0 interface.
- Secure Shell version 2 (SSHv2) is enabled by default. (Telnet is disabled by default.)
- Default login administrator user is predefined as admin; a password has to be specified when the system is first powered up. With NX-OS, you must enter a username and password; you cannot disable the username and password login. In contrast, in IOS you can simply type a password; you can optionally set the login to require the use of a username.
- NX-OS uses a kickstart image and a system image. Both images are identified in the configuration file as the kickstart and system boot variables; this is the same as the Cisco Multilayer Director Switch (MDS) Fibre Channel switches running SAN-OS.
- NX-OS removed the write memory command; use the copy running-config startup-config; there is also the alias command syntax.
- The default Spanning Tree mode in NX-OS is Rapid-PVST+.
For example, when configuring vty timeouts and session limits, consider Example 1-2, which illustrates the difference between IOS and NX-OS syntax.
Example 1-2. vty Configurations and Session Limits, Comparing the Differences Between Traditional IOS and NX-OS
! IOS: congo# congo(config)# line vty 0 9 congo(config)# exec-timeout 15 0 congo(config)# login congo# copy running-config startup-config ----------------------------------------------------------------- ! NX-OS: congo(config)# line vty congo(config)# session-limit 10 congo(config)# exec-timeout 15 congo# copy running-config startup-config