Nexus (NX-OS) protocol support (and cleanup)

Over the years, Cisco has been very instrumental in the design and standardization of many networking protocols.  There are lots of examples where a need for a protocol was identified and Cisco filled the need with a Cisco-proprietary protocol.  Cisco-proprietary can sound bad, but it really isn’t.  Let’s give them some credit here – network equipment vendors are in competition and don’t typically play well together.  Often times vendors pitch proprietary solutions in an attempt to carve out a niche that delineates them from their competitors.

There are several standards organizations in existence today (IEEE, IETF, CableLabs, etc.) which many vendors work with and closely follow.  While this sounds ideal (and is very beneficial), standards often take a significant amount of time to be ratified, leaving any current needs unaddressed from a standards perspective.  The only alternative (for a quick resolution) is a proprietary solution, while the standards process is given time to complete.

Prelude (Rant)

The above explanation is essentially justifying Cisco in forging ahead of the rest of the industry.  Proprietary solutions exist in nearly every network device platform in existence – that’s the point in a competitive industry.  Find something that you can do better than your competitors and win!  Okay, I’m going to stop the rant now, but I do get a little perturbed when I hear people about how they don’t like Cisco because Cisco has so many proprietary protocols.  What vendor doesn’t?  I could create a list of features on lots of different vendor platforms now — but I won’t.

Cisco has forged ahead and helped shape the networking industry in the past (and they continue to do so today).  Here’s a brief (brief as in incomplete) list of some of the proprietary protocols that Cisco developed which were later essentially copied into an industry standard:

Cisco-Proprietary Protocol Industry Standardized Protocol
CDP LLDP, LLDP-MED (IEEE 802.1AB)
PAgP LACP (IEEE 802.3ad, technically IEEE 802.1AX)
PVST+ (PortFast, UplinkFast, BackboneFast, etc.) RSTP (IEEE 802.1w (technically now within 802.1D))
VTP MRP (IEEE 802.1ak-2007)

Of course there are many more – again, this was a very short list.  The point is, that many of the protocols that have been Cisco-proprietary in the past are now essentially migrated to an industry-wide standard (often times many years later).  Albeit the standards aren’t always exactly the same as the Cisco-proprietary protocol, many of them are practically the processes/behavior with different terms.

Moving on…

The point of this article is to talk about some of the protocols supported in NX-OS.  The point of digressing into Cisco-proprietary protocols (above) is to point out how many protocols Cisco has developed, but are no longer needed.  In IOS, for years we’ve been burdened by dealing with the legacy (often Cisco-proprietary) protocols of times past.  For instance, ISL is finally being dropped from many newer IOS-based switches.  ISL has so many limitations over using 802.1Q, why use ISL?  Of course, if you’re having to support legacy Cisco equipment which only supports ISL, you have to (or better yet, upgrade the device so you can eliminate this legacy protocol).

Well, Cisco is slowly but surely cleaning up protocol support in IOS.  Since Cisco has an opportunity to essentially “start fresh” with NX-OS, they’ve stripped out a lot of the legacy protocols.  I’m very excited by this, as NX-OS adopts much more of a standards-based approach to the protocols it supports.  I’ve already covered how in STP on NX-OS, ports are no longer configured as PortFast, but you configure the link type as edge (see http://www.cciezone.com/?cat=263).

Protocols not supported in NX-OS

This article covers NX-OS – both for the Nexus 5000-series and the Nexus 7000-series (L2 and L3 services).  This might not be an exhaustive, complete list, however I’ve done my best to try to compile differences from IOS as I’ve found them.  I suspect that as I find additional differences, this list may be updated.  The point is that it may be incomplete – if you find any discrepancies, please let me know.

The following features/protocols are not supported on NX-OS:

  • Port Aggregation Protocol (PagP)
    • I’m glad to see this go, although I’ve seen situations where PAgP is the only protocol supported on host systems (servers).  This was odd to me as PAgP is Cisco-proprietary – I guess the server/NIC manufacturer licensed the feature from Cisco, rather than implementing LACP.
    • Recommendation:
      • If you must negotiate EtherChannels (aka LAGs), use LACP.
      • Hopefully there aren’t any PAgP-only devices.  If so, you may be stuck using a non-Nexus switch to provide access for the device(s).
      • Recommendation:
        • I don’t like PAgP or LACP and avoid them when possible.  It’s another protocol to negotiate and troubleshoot.  I’ve read different viewpoints, how using LACP can cause an increase in convergence time, and heard from others that it’s so minimal that we shouldn’t worry about it.  I try to stick to the KISS (Keep It Simple Silly) mantra when possible, so I eliminate PAgP/LACP from my designs whenever possible.  A benefit of using LACP/PAgP is that it can help in detecting and mitigating configuration errors, however I still avoid these protocols when possible.
  • VLAN Trunking Protocol (VTP)
    • This depends on the platform – the N7k supports off and transparent mode, however the N5k has no VTP awareness at all (essentially the same thing as having it in off mode).
    • Be aware of the ramifications of this.  When in VTP off mode, this means that it will not forward VTP messages (essentially resulting in VTP messages being filtered).
    • Recommendation:
      • Get rid of VTP (set all IOS switches to off, or when off isn’t supported, use transparent mode) and don’t worry about it.
      • If you must use VTP (why?!), then be aware of the fact that the Nexus switch(es) can partition your VTP domain – plan accordingly.
  • Spanning Tree Protocol (legacy, non-rapid STP)
    • Rapid PVST+ (RPVST+) is supported, as is MSTP
    • Recommendation:
      • Don’t use PVST+.  Ensure that the spanning-tree mode is set to rapid-pvst (this is the default on NX-OS).  Some environments may want to migrate to MST/MIST.
  • Inter-Switch Link (ISL)
    • 802.1Q provides a vendor-neutral solution, plus doesn’t limit the VLAN IDs as ISL does
    • Recommendation:
      • Who uses ISL anymore?  Standardize on IEEE 802.1Q for all trunks.
  • VLAN Membership Policy Server (VMPS)
    • I don’t see that this is supported in NX-OS – I’m glad for this!  VMPS is such a weak form of authenticating and authorizing network access that it should not be used.  MAC-Auth Bypass (MAB) provides virtually the same functionality as VMPS offers (weak, MAC-based authentication and VLAN assignment).
    • Recommendation:
      • Don’t use VMPS – IEEE 802.1X is more than sufficient to replace any VMPS environment (not to mention a lot more bells-and-whistles than VMPS ever offered).
  • Cisco Group Management Protocol (CGMP)
    • I don’t see that CGMP is supported on NX-OS.  Oh happy day!  IGMP is a mature protocol (several revisions, with IGMPv3 supporting source-specific multicast), coupled with IGMP Snooping (hardware-based in many current platforms) make CGMP unnecessary except for situations where legacy Cisco switches must be supported.  In environments with legacy Cisco switches, it will eventually become necessary to upgrade/replace the legacy equipment, as CGMP support is being dropped from many IOS platforms as well.
    • Recommendation:
      • If the equipment supports CGMP and IGMP, migrate away from CGMP to a pure IGMP environment.
      • If there are legacy Cisco switches which do not support CGMP, I’m guessing that it will become necessary to upgrade these at some point (lack of support, hardware failures and no real replacement options, lack of CGMP support on many IOS platforms, etc.).  If possible, move to hardware that supports IGMP Snooping so that CGMP can be eliminated.
  • Protocol Independent Multicast Dense Mode (PIM-DM)
    • PIM Sparse Mode (PIM-SM) is supported, but not PIM-DM.  Bidirectional PIM (BIDIR-PIM) and Source-Specific Multicast (SSM) is supported as well on NX-OS.
    • There’s a pretty full multicast feature-set on NX-OS, with the exception that it doesn’t support dense mode.  I’m fine with this as I do not recommend PIM-DM (or any other dense-mode multicast routing protocol) for the majority of network environments in existence today (true, there are exceptions where PIM-DM would be ideal, but these are few and far between).
    • Recommendation:
      • If you’re currently using PIM-DM, take a look at the multicast traffic flows and requirements.  It’s possible that PIM-SM would meet the requirements for the environment, allowing NX-OS to fit nicely within the architecture.
  • Dynamic Trunking Protocol (DTP)
    • DTP is gone!  I couldn’t be happier.
    • Recommendation:
      • In my humble opinion, DTP should not be used in any production environment (IOS switches, configure switchport nonegotiate on all Ethernet interfaces).  I strive for deterministic behavior – DTP violates this principle, in that my switch can negotiate a trunk or an access port.  With the known DTP vulnerabilities (exploits), this is a big security hole and should be avoided when possible.  It’s great that NX-OS does not support DTP.

Conclusion

This isn’t meant to be a comprehensive list of retired protocols, but highlights some of the biggies that I see.

Short of playing a quick round of taps, there’s no love lost for these retired protocols in NX-OS.  They’ve served their purposes in times past, but it’s time to move on.  I’m personally very glad to see these officially put to rest.  I’m looking forward to seeing IOS get cleaned up further in this area (it is in some areas, but I’m guessing that this will be a slow process).

Related posts:

  1. NX-OS – great interface range support (as I’ve been working with NX-OS as of late, I...
  2. Introducing the Nexus 2148T (Fabric Extenders) The Nexus 5000-series (5010 and 5020) support the Nexus 2000-series...
  3. A Primer on Some of the Differences Between IOS and NX-OS There are many similarities between IOS and NX-OS, however there...
  4. Some NX-OS features can’t be manually enabled The whole idea around features in NX-OS has been intriguing...
  5. VLANs in IOS and NX-OS There are always limitations and system-reserved resources on network platforms....

Related posts brought to you by Yet Another Related Posts Plugin.

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Leave a Reply