ExtremeXOS Release Notes
Software Version ExtremeXOS 15.4.2-Patch1-3
Published September 2014
120864-00 Rev 11Published September 2014
120864-00 Rev 11
120864-00 Rev 11Copyright 2014 Extreme Networks, Inc. All Rights Reserved.
Legal NoticesExtreme Networks, Inc., on behalf of or through its wholly-owned subsidiary, Enterasys Networks, Inc., reserves the right to make changes in specifications and other information contained in this document and its website without prior notice. The reader should in all cases consult representatives of Extreme Networks to determine whether any such changes have been made.
The hardware, firmware, software or any specifications described or referred to in this document are subject to change without notice.
TrademarksExtreme Networks and the Extreme Networks logo are trademarks or registered trademarks of Extreme Networks, Inc. in the United States and/or other countries.
All other names (including any product names) mentioned in this document are the property of their respective owners and may be trademarks or registered trademarks of their respective companies/owners.
For additional information about Extreme Networks trademarks, go to: www.extremenetworks.com/company/legal/trademarks/
SupportFor product support, including documentation, visit: www.extremenetworks.com/support/
ContactExtreme Networks, Inc. 145 Rio RoblesSan Jose, CA 19534Tel: +1 408-579-2800Toll-free: +1 888-257-3000
Supported Platforms ........................................................................................................................... 19
Limitations ..............................................................................................................................................20Table of Contents
Overview .............................................................................................................7
New and Corrected Features in ExtremeXOS 15.4.2 ........................................................................... 8Re-authentication Using Simple Network Management Protocol (SNMP) for Network Management System (NMS) Operation ............................................................................................. 8
Supported Platforms ............................................................................................................................ 8Multi-chassis Link Aggregation GroupLink Aggregation Control Protocol (MLAG-LACP) Enhancements ................................................................................................................................ 8
Supported Platforms ............................................................................................................................ 8New and Corrected Features in ExtremeXOS 15.4.1 ............................................................................ 9
Egress sFlow Sampling ............................................................................................................................. 9Supported Platforms ............................................................................................................................ 9Limitations ...............................................................................................................................................10Changed CLI Commands ...................................................................................................................10
Energy Efficient Ethernet ......................................................................................................................... 11Supported Platforms ............................................................................................................................ 11CLI Commands ....................................................................................................................................... 11
L3 Interface Scaling .................................................................................................................................... 12Supported Platforms ........................................................................................................................... 12Handling a Mixed Stack Configuration ........................................................................................ 12Viewing Configuration Details ........................................................................................................ 12
OpenFlow Enhancements ....................................................................................................................... 13Supported Platforms ........................................................................................................................... 13Limitations ............................................................................................................................................... 14
Port-Based Link Aggregation Group (Load Sharing) .................................................................. 15Supported Platforms ........................................................................................................................... 15Limitations ............................................................................................................................................... 15Changed CLI Commands ................................................................................................................... 15
Identity Management (IDM) Role-Based VLANs ........................................................................... 16Supported Platforms ........................................................................................................................... 16Limitations ............................................................................................................................................... 16Changed CLI Commands ................................................................................................................... 16
Cisco Discovery Protocol (CDP v1) ............................................................................................................ 17Supported Platforms ........................................................................................................................... 17Limitations ............................................................................................................................................... 17CLI Commands ...................................................................................................................................... 18
Static Ethernet and Time Division Multiplexing (TDM) Multi-Protocol Label Switching (MPLS) Pseudowire (PW) ....................................................................................................................... 18
Supported Platforms for Static Ethernet Pseudowire .......................................................... 19Supported Platforms for TDM MPLS Pseudowire ................................................................... 19CLI Commands ...................................................................................................................................... 19
Selective VLAN Mapping to Virtual Private LAN Service (VPLS) ........................................... 19 3ExtremeXOS 15.4.2 Release Notes
Table of Contents
Pseudowire (PW) Label-Switched Path (LSP) Load Sharing ..................................................20Supported Platforms ..........................................................................................................................20Limitations ..............................................................................................................................................20New CLI Commands ...........................................................................................................................20Changed CLI Commands ................................................................................................................... 21
Proactive Service Framework ................................................................................................................ 21Limitations ............................................................................................................................................... 21New CLI Commands ............................................................................................................................ 21Changed CLI Commands .................................................................................................................. 22
Non-Extreme Networks Optics Licensing ....................................................................................... 22Changed CLI Commands .................................................................................................................. 22
Transparent Interconnection of Lots of Links (TRILL) ............................................................... 23Supported Platforms .......................................................................................................................... 23Limitations .............................................................................................................................................. 23New CLI Commands ........................................................................................................................... 25Changed CLI Commands .................................................................................................................. 27
Dynamic Host Configuration Protocol (DHCP) Smart Relay Support for Secondary IP ad-dress IDs ........................................................................................................................................................28
Supported Platforms ..........................................................................................................................28New CLI Commands ...........................................................................................................................28Changed CLI Commands ..................................................................................................................28
Port-Specific VLAN Tagging .................................................................................................................29Supported Platforms ..........................................................................................................................29Limitations ..............................................................................................................................................29Changed CLI Commands ..................................................................................................................30
Access Control List (ACL) Customer VLAN ID (CVID) Match Criteria .................................30Supported Platforms ..........................................................................................................................30Limitations ..............................................................................................................................................30
Multi-Protocol Label Switching/Virtual Private LAN Services (MPLS/VPLS) Enhance-ments ............................................................................................................................................................... 31
Changed CLI Commands ................................................................................................................... 31Joint Interoperability Test Command (JITC) Compliance ................................................................ 31New Hardware Supported in ExtremeXOS 15.4 .................................................................................. 32Hardware No Longer Supported ............................................................................................................... 32ExtremeXOS Hardware and Software Compatibility Matrix .......................................................... 32Upgrading to ExtremeXOS .......................................................................................................................... 33Downloading Supported MIBs .................................................................................................................... 33Tested Third-Party Products .......................................................................................................................34
Tested RADIUS Servers ...........................................................................................................................34Tested Third-Party Clients .....................................................................................................................34PoE Capable VoIP Phones ......................................................................................................................34
Extreme Switch Security Assessment ..................................................................................................... 35DoS Attack Assessment .......................................................................................................................... 35ICMP Attack Assessment ........................................................................................................................ 35Port Scan Assessment ............................................................................................................................. 35
Service Notifications ....................................................................................................................................... 35ExtremeXOS 15.4.2 Release Notes 4
Table of Contents
Limits .................................................................................................................37
Open Issues, Known Behaviors, and Resolved Issues................................85
Open Issues ........................................................................................................................................................85Corrections to Open Issues Table ............................................................................................................ 105Known Behaviors ........................................................................................................................................... 109Resolved Issues in ExtremeXOS 15.4.2-Patch1-3 .................................................................................118Resolved Issues in ExtremeXOS 15.4.2 ....................................................................................................121Resolved Issues in ExtremeXOS 15.4 .......................................................................................................133
ExtremeXOS Documentation Corrections .................................................149
ACLs .................................................................................................................................................................... 149ELRP ......................................................................................................................................................................151End of Support for BlackDiamond 12800 Series Switches ............................................................152Multi-cast VLAN Registration .....................................................................................................................152Network Login: Web-Based Authentication ........................................................................................152Policies and Security ......................................................................................................................................153RADIUS Server Client Configuration .......................................................................................................153Rate Limiting/Meters .................................................................................................................................... 154sFlow Sampling ................................................................................................................................................155
ExtremeXOS Concepts Guide Change .............................................................................................155ExtremeXOS Command Reference Change ..................................................................................155
Show Ports Transceiver Information Command ............................................................................... 156Configuring VMANs (PBNs) ....................................................................................................................... 156VRRP ....................................................................................................................................................................157ExtremeXOS 15.4.2 Release Notes 5
Table of ContentsExtremeXOS 15.4.2 Release Notes 6
ExtremeXOS1 OverviewThese release notes document ExtremeXOS 15.4.2-Patch1-3, which adds and corrects features, adds supported hardware, and resolves software deficiencies.
This chapter contains the following sections:
New and Corrected Features in ExtremeXOS 15.4.2 on page 8
New and Corrected Features in ExtremeXOS 15.4.1 on page 9
Joint Interoperability Test Command (JITC) Compliance on page 31
New Hardware Supported in ExtremeXOS 15.4 on page 32
Hardware No Longer Supported on page 32
ExtremeXOS Hardware and Software Compatibility Matrix on page 32
Upgrading to ExtremeXOS on page 33
Downloading Supported MIBs on page 33
Tested Third-Party Products on page 34
Extreme Switch Security Assessment on page 35
Service Notifications on page 357 15.4.2 Release Notes
Overview
New and Corrected Features in ExtremeXOS 15.4.2
This section lists the feature corrections supported in ExtremeXOS 15.4.2 software:
Re-authentication Using Simple Network Management Protocol (SNMP) for Network Management System (NMS) Operation on page 8
Multi-chassis Link Aggregation GroupLink Aggregation Control Protocol (MLAG-LACP) Enhancements on page 8
Re-authentication Using Simple Network Management Protocol (SNMP) for Network Management System (NMS) Operation
This feature adds a proprietary MIB (EXTREME-MAC-AUTH-MIB) to ExtremeXOS that allows an NMS to force re-authentication of clients authenticated using MAC-based or dot1x authentication.
Supported Platforms
All platforms
Multi-chassis Link Aggregation GroupLink Aggregation Control Protocol (MLAG-LACP) Enhancements
When MLAG LACP is configured, if both MLAG peers go down and then one of them never boots up, the connection between the remote node and the single MLAG peer stays logically down. This feature requires the MLAG peer in active state to send LACP PDUs with its MAC address or configured LACP addresses even when MLAG peering is not established, thus maintaining the connection between remote node and single MLAG peer.
It is recommended that you configure LACP MAC on both MLAG peers to minimize the traffic disruption when the second MLAG peer comes up.
Supported Platforms
All platformsExtremeXOS 15.4.2 Release Notes 8
Overview
New and Corrected Features in ExtremeXOS 15.4.1
This section lists the feature corrections supported in ExtremeXOS 15.4.1 software:
Egress sFlow Sampling on page 9
Energy Efficient Ethernet on page 11
L3 Interface Scaling on page 12
OpenFlow Enhancements on page 13
Port-Based Link Aggregation Group (Load Sharing) on page 15
Identity Management (IDM) Role-Based VLANs on page 16
Cisco Discovery Protocol (CDP v1) on page 17
Static Ethernet and Time Division Multiplexing (TDM) Multi-Protocol Label Switching (MPLS) Pseudowire (PW) on page 18
Selective VLAN Mapping to Virtual Private LAN Service (VPLS) on page 19
Pseudowire (PW) Label-Switched Path (LSP) Load Sharing on page 20
Proactive Service Framework on page 21
Non-Extreme Networks Optics Licensing on page 22
Transparent Interconnection of Lots of Links (TRILL) on page 23
Dynamic Host Configuration Protocol (DHCP) Smart Relay Support for Secondary IP address IDs on page 28
Port-Specific VLAN Tagging on page 29
Access Control List (ACL) Customer VLAN ID (CVID) Match Criteria on page 30
Multi-Protocol Label Switching/Virtual Private LAN Services (MPLS/VPLS) Enhancements on page 31
Egress sFlow Sampling
Previous releases of ExtremeXOS already have sFlow sampling functionality, but it was restricted to the ingress port traffic. This enhancement of this feature extends the sampling to the egress traffic as well, both unicast and multicast streams. When egress sFlow sampling is enabled on a port, the sFlow agent in hardware samples the egress traffic on that port and these sampled packets are further processed by slow path and are then passed to the collector. The rate at which the packets are sampled can be controlled through the user configuration.
Supported Platforms All Summit series switches
BlackDiamond 8800 series switches
BlackDiamond X8 series switchesExtremeXOS 15.4.2 Release Notes 9
Overview
Limitations Due to the hardware limitations, destination port information is not be supported for
multicast traffic. The output interface index is set to 0.
The egress sFlow sampling does not support de-duplication of packets.
For multicast traffic, the sampling rate, sample pool of the egress sFlow sampled datagram, is set to zero, because the source ID of the egress sampled multicast packet is unknown.
For L3 unicast traffic, unmodified packets are sampled and the destination port is supplied if the L3 traffic is directed within a single port group. When the egress port and ingress port are on different port groups, then modified packets are sampled and destination ports are supplied.
For L3 multicast traffic, unmodified packets are sampled and destination port is set to zero.
Packets dropped due to egress ACL are sampled.
In flooding cases (unicast and multicast), the packets are sampled before packet replication (if the ingress and member ports are in the same port group, then a single copy of the packet is sampled even though egress sFlow is enabled on more than one member port).
In flooding cases (unicast and multicast), if the member ports are spread across different port group, packets are sampled on a per port group basis.
In flooding cases the least configured sampling rate among the member ports on a port group is considered as the sample rate (even though if we configure different sample rates on member ports, egress sampling will be performed based on least configured sample rate among the member ports on a port group.
Changed CLI Commands
Changes are in bold.enable sflow ports {ingress | egress | both}
Additionally, the following command is modified to show the type of sFlow configured on the physical interface:
show sflow configurationExtremeXOS 15.4.2 Release Notes 10
Overview
Energy Efficient Ethernet
IT organizations benefit from reducing the power consumption of network equipment, which in turn reduces energy usage and lowers overall operating costs.
Energy efficient Ethernet (EEE) is used during idle periods by the PHYs to reduce power. If EEE is not used, the PHY draws full power even when not sending traffic. Enabling EEE significantly reduces the power consumption of the switch.
Within ExtremeXOS, a PHY/switch combination (BlackDiamond and Summit switches) or a PHY with AutoGrEEEn capability (E4G cell site routers) is needed to allow EEE to work. In a typical setup, the PHY and switch communicate when to enter or exit low power idle (LPI) mode.
AutoGrEEEn technology implements the EEE standard (802.3az specification) directly in PHYs on E4G cell site routers, enabling EEE mode when interfacing with non-EEEenabled MAC devices. This allows you to make existing network equipment EEE-compliant by changing the PHY devices.
Supported Platforms BlackDiamond X8 10G48T switches1
Summit 670V-48T switches1
Summit X4402
E4G-200 and E4G-400 cell site routers3
CLI Commands config port portlist eee enable show port portlist eee
1. EEE is only supported at 10G on this card.ExtremeXOS 15.4.2 Release Notes 11
2. All copper ports support EEE.3. EEE is implemented using AutoGrEEEn.
Overview
L3 Interface Scaling
The L3 interface scaling feature increases the number of routed interfaces from 512 to 2,048 on those switches that can support 2,048 L3 interfaces in hardware. See IP router interfaces limit under Table 1. This feature allows you to configure L3 (routed) interfaces by assigning IPv4 and/or IPv6 addresses on VLAN interfaces as follows:
All 2,048 VLAN interfaces are IPv4 routed.
All 2,048 VLAN interfaces are IPv6 routed on selected platforms.
Combination of IPv4 and IPv6 routed VLAN interfaces totaling 2,048.
Supported Platforms Summit X670 and X770 series switches1
BlackDiamond X8 series switches
Handling a Mixed Stack Configuration
The L3 interface scaling feature is not supported on all platforms, so you must consider stack configurations that contain a mix of supported and unsupported slots. These configurations are described as follows, and help to dynamically modify the maximum number of supported L3 interfaces:
The maximum number of L3 interfaces supported is initially computed based on the configuration of the stack during boot time, and is limited by the slot that can support the least number of L3 interfaces.
When a slot is hot plugged, it can boot up only if the number of configured L3 interfaces is fewer than what is supported by the slot being inserted. Consequently the maximum number of L3 interfaces is recomputed across all slots, including the newly inserted slot.
When a slot is removed from a stack, the maximum number of L3 interfaces supported by the platform is recomputed excluding the slot that was removed.
Viewing Configuration Details
Use the max router interfaces field of the show vr command to view the maximum number of router interfaces that are supported.ExtremeXOS 15.4.2 Release Notes 12
1. Individual switches and in stacks.
Overview
OpenFlow Enhancements
The ExtremeXOS OpenFlow implementation enables an external OpenFlow Controller to manipulate data flows within an Extreme Networks switch using a standard protocol to dynamically configure a flow table abstraction. Flow table entries consist of a set of packet matching criteria (L2, L3, and L4 packet headers), a set of actions associated with a flow (flood, modify, forward, divert to controller, etc.), and a set of per flow packet and byte counters. Flow table entries are implemented using hardware ACLs and FDB entries. ExtremeXOS supports a subset of OpenFlow classification capabilities, forwarding actions, and statistics operations.
ExtremeXOS Release 15.4 provides the following OpenFlow enhancements:
Increases the number of supported OpenFlow VLANs. ExtremeXOS 15.3 supported a single OpenFlow VLAN. ExtremeXOS 15.4 increases this limit to the memory scaling capabilities of the platform.
Adds VLAN ID editing functions (VLAN ID add, strip, and modify).
Adds source and destination MAC modify actions to the platforms that can support it.
Supports the increased scaling of simple L2 flows by including the use of the FDB table to support OpenFlow flows.
Adds OpenFlow platform support for BlackDiamond X8 and BlackDiamond 8800 series switches using select interface cards. OpenFlow works with a single management/master switch fabric module. Failover with dual management/master switch fabric modules is not supported.
Provides the ability for multiple OpenFlow controllers to be configured to support high availability.
Provides for VLANs to be configured for OpenFlow control. The same port on a switch can support both OpenFlow-managed and non-OpenFlow managed VLANs.
Supported Platforms
ExtremeXOS wide-key ACL platform is required to support OpenFlow because of the potential for L2, L3, and L4 simultaneous header match conditions. OpenFlow is supported on the following platforms:
Summit X440, X430, X460, X480, X670, X770 series switches
E4G-200 and 400 cell site routers
BlackDiamond X8 series switches (with a single management module)
BlackDiamond 88008900 xl-series and c-series (with a single master switch fabric module)ExtremeXOS 15.4.2 Release Notes 13
Overview
Limitations Supported platforms do not implement both packet and byte counters simultaneously
on dynamic ACL entries. Only packet counters are supported in the current implementation. Counters are not supported with FDB flows.
IN_PORT, FLOOD, NORMAL, and TOS/DSCP editing actions are not supported.
Flows implemented using ACL hardware have platform limitations on the simultaneous combinations of flow match conditions that can be supported. These limitations are described in each version of ExtremeXOS Release Notes under the Limits section, and in the Flow Match combinations table in The ExtremeXOS Concepts Guide. When receiving a flow match combination that cannot be supported with the platforms ACL hardware, the switch generates an OpenFlow error message to the controller.
Flows implemented using FDB entries are subject to normal FDB constraints, including platform dependent table sizes.
Platforms using hardware-accelerated aging do not provide aging based on SA-Mac and DA-Mac activity at a per-entry level, thus flows may never reach idle timeout expiration due to SA-Mac activity. The same behavior, never reaching idle timeout expiration, is also true for L2 flows that are shadowed by ACL flows. Hard timeout functions correctly.
ExtremeXOS OpenFlow supports one physical table, and ingress table. The concept of an emergency flow table is not supported.
OpenFlow 1.0 describes a secure fail model where a switch immediately removes all of its flows when it loses connectivity to its controller. ExtremeXOS implements an open fail mode. In this mode the switch maintains its existing flows after losing connectivity to a controller. The open fail model is required to support controller high availability solutions.
High availability for controllers is available through the following two mechanisms:
Some controller clusters present a single IP address. The switch treats the cluster as a single controller.
Some controller clusters present multiple IP addresses. The switch connects simultaneously to primary and secondary controller targets and enables the controllers to manage failover.
OpenFlow, XNV, and IDM are all features that enable an external agent to control resources on a switch. Due to their interaction models and resource requirements, these features are mutually exclusive. The ExtremeXOS OpenFlow implementation prevents these services from being simultaneously configured on the same port.
NOTE
There are other ExtremeXOS features that may not perform optimally when configured on OpenFlow-enabled VLANs or switch ports with OpenFlow-supported VLANS. We make no attempt to prevent you from configuring additional services on these interfaces.ExtremeXOS 15.4.2 Release Notes 14
Overview
Port-Based Link Aggregation Group (Load Sharing)
Port-based load sharing is a useful tool for addressing certain types of networking problems involving link aggregation. Network designers should carefully consider both the advantages and disadvantages of port-based load sharing before deciding to use it in their networks.
Supported Platforms BlackDiamond X8 series switches
Summit X670 and X770 series switches1
Limitations Distribution is limited to 16 aggregator ports.
Port-based load sharing groups cannot be created if any custom load sharing groups exist on the switch. Likewise, no custom load sharing groups can be created if any port-based load sharing groups exist on the switch.
On BlackDiamond X8 series switches, distribution keys may only be programmed if the fabric on the slot is configured to use packet (address-based) hashing. Port-based load sharing can distribute a maximum of 12 aggregator ports when fabric packet hashing is not configured.
Changed CLI Commands
Changes are bolded.
enable sharing grouping {algorithm [address-based {L2 | L3 | L3_L4 | custom} | port-based]} {lacp | health-check}
configure sharing port-based key [ | default] ports
show sharing port-based keys {ports } show sharing port-based distribution {ports }ExtremeXOS 15.4.2 Release Notes 15
Overview
Identity Management (IDM) Role-Based VLANs
Previous versions of ExtremeXOS identity management (IDM) require that ports on which the users/devices are connected can only be added statically to VLANs. There was no mechanism to classify traffic from an identity (device/ user) to a particular VLAN. For this new feature, when an identity is detected and the role is determined, ExtremeXOS dynamically creates the VLAN that is required for the identity to send traffic. If the identity was deleted, aged out, or is moved, its VLAN is pruned to preserve bandwidth. This feature leverages MVRP to add uplink ports to the dynamically created VLAN.
This feature is enabled on a per-port basis. IDM requires that the port on which role-based VLANs are enabled be part of a default or base (not necessarily the default) VLAN as untagged. This default or base VLAN for the port is the VLAN on which untagged packets are classified to when no VLAN configuration is available for the MAC address. This default VLAN should be present before enabling the feature and the port should have already been added to this VLAN manually before enabling the feature. Enabling this feature on a port results in a failure if either of the following conditions is true:
IDM is not enabled globally.
IDM is not enabled on the port.
Supported Platforms
All platforms.
Limitations
The IDM role-based VLAN feature cannot be enabled on NetLogin-enabled ports.
Changed CLI Commands
Changes are bolded.
configure identity-management role-based-vlan [add | delete] ports [ | all]
configure identity-management role {tag [ | none]} {vr [ | none]}
Additionally, the show identity-management command now displays role-based VLAN enabled ports, VLAN tag, and VR Name. Also, the flag is now available to indicate dynamically added by IDM.ExtremeXOS 15.4.2 Release Notes 16
Overview
Cisco Discovery Protocol (CDP v1)
This feature adds support for Cisco Discovery Protocol (CDP v1). CDP v1 is a proprietary protocol designed by Cisco to help administrators collect information about nearby, and directly connected, devices. Support of listening, lifting, and periodic transmission of the CDP v1 PDUs is implemented in this current release.
ExtremeXOS-CDP v1 runs on top of the controlled port of an 802 MAC client. If port access is being controlled by IEEE 802.1X, the port must be authorized prior to CDP v1 protocol receive functionality. CDP v1 must also run over an aggregated MAC client, and the CDP v1 protocol information must run over all the physical MAC clients of the aggregated ports. The spanning tree state of a port does not affect the transmission of CDP v1 PDUs.
Each CDP v1 message contains information identifying the source port as a connection endpoint identifier. It also contains at least one network address which can be used by a network management system to reach a management agent on the device (via the indicated source port). Each CDP v1 message contains a time-to-live value, which tells the recipient CDP v1 when to discard each element of learned topology information.
By default, ExtremeXOS-CDP v1 feature is disabled.
Supported Platforms
All platforms.
Limitations Feature applies to CDP version 1 only.
SNMP for this feature is not supported.
While this feature is mainly for network-endpoint devices, it can also be used in network-network devices that have CDP v1 support.
When port access is controlled by NetLogin, the port must be authorized prior to receiving CDP v1 packets.
CDP v1 with IPv6 is not supported in this release.ExtremeXOS 15.4.2 Release Notes 17
Overview
CLI Commands [enable | disable] cdp ports [ | all] configure cdp frequency configure cdp hold-time configure cdp device-id [ | system-mac] clear cdp neighbor [device-id | all] clear cdp counters {ports } show cdp show cdp ports {} show cdp neighbor {detail} show cdp counters {ports }
Static Ethernet and Time Division Multiplexing (TDM) Multi-Protocol Label Switching (MPLS) Pseudowire (PW)
Static Multi-Protocol Label Switching (MPLS) pseudowires (PWs) are configurable point-to-point emulated circuits that have statically configured MPLS PW labels. Static PWs do not use targeted Label Distribution Protocol (LDP) to negotiate setup and exchange peer status. They can use any type of MPLS tunnel label-switched paths (LSPs). When used in conjunction with static routes and static LSPs, no routing protocol, such as Open Shortest Path First (OSPF) or Intermediate System to Intermediate System (IS-IS), and no label distribution protocol, such as LDP or Resource Reservation Protocol-Traffic Engineering (RSVP-TE), are needed to provision and manage static PWs. Management of such a network can provide a disruptive architectural solution for building large backhaul networks that are easy to provision, operate, and incrementally expand. Since protocols are no longer required to set up emulated circuits over MPLS, capabilities are also available to proactively, or on-demand, verify end-to-end PW connectivity and provide remote endpoint status as well as provide options for configuring redundant PWs to maintain high network availability.
Statically configured PWs provide greater administrative and management control over the network. It also allows MPLS PWs to be configured across a network when no label distribution protocol is running. This can simplify the operational management and reduce equipment interoperability issues that can arise when deploying routing packet networks. Provided a tested and proven network management platform is used to centralize the network configuration and monitoring, operating expense and equipment costs can be reduced.
Static PWs are created by adding a peer with configured labels. If the configured labels are not in the allowable range or are already in use by some other statically configured entity, such as static LSPs, then the command is rejected. Once a static PW is created, the labels for that PW can be changed without deleting and re-adding the peer. The Circuit Emulation Service (CES) or L2VPN can remain operational during the change; however, the PW does go down and come back up.ExtremeXOS 15.4.2 Release Notes 18
Overview
Supported Platforms for Static Ethernet Pseudowire BlackDiamond 8900-XL and -40G
BlackDiamond X8
Summit X770, X670, X480, and X460
E4G-200 and E4G-400 cell site routers
Supported Platforms for TDM MPLS Pseudowire
E4G-200 and E4G-400 cell site routers
CLI Commands configure ces ces_name add peer ipaddress ipaddress fec-id-
type pseudo-wire pw_id {static-pw transmit-label outgoing_pw_label receive-label incoming_pw_label}{lsp lsp_name}
configure {l2vpn} vpls add peer ipaddress {core} {full-mesh} {static-pw transmit-label receive-label }
configure l2vpn vpws add peer ipaddress {static-pw transmit-label receive-label }
configure {l2vpn} vpls peer static-pw [{transmit-label }{receive-label }]
configure l2vpn vpws peer static-pw [{transmit-label } {receive-label }]
configure mpls labels max-static show mpls label usage
Selective VLAN Mapping to Virtual Private LAN Service (VPLS)
VMAN customer edge ports (CEPs) can filter incoming frames matching a set of VIDs. Multiple VMANs can have CEP ports that are on the same Ethernet port provided that the VIDs do not overlap. This feature adds the capability to assign VMANs with CEP ports to a VPLS.
VMAN is the VLAN stacking (Q-in-Q) feature in ExtremeXOS. There are two types of ports: access and network. The access port can be unaware or aware of the VLAN. The customer edge port is the VLAN-aware port of the VMAN. This is also known as selective Q-in-Q.
Supported Platforms Summit X670 and X770 series switches
BlackDiamond X8 series switchesExtremeXOS 15.4.2 Release Notes 19
Overview
Limitations Cannot assign multiple VMANs to a VPLS.
No support for SNMP and/or XML assigning of VMANs with CEP ports to VPLS.
Counter and ingress rate-limiting per CVID.
Pseudowire (PW) Label-Switched Path (LSP) Load Sharing
This feature increases the number of named Label-Switched Paths (LSPs) to be configured per L2VPN pseudowires (PWs) for use as the transport LSP from 1 to 16. This includes Resource Reservation Protocol (RSVP-TE) LSPs and static LSPs. This feature also provides Equal-Cost Multi-path (ECMP) address-based hashing on L2VPN ingress nodes when transmitting into Link Aggregation Group (LAG).
Supported Platforms Summit X670 and X770 series switches
BlackDiamond X8 series switches
Limitations Label Distribution Protocol (LDP) LSPs are not supported.
Hardware counters are supported for PW packet counts only (VC LSP), not transport LSP (outer label).
RSVP-TE FRR is not supported.
ECMP is not supported in slow-path forwarding.
Virtual Private Wire Service (VPWS) is not supported.
ECMP is not supported for flood traffic (unknown unicast, multicast, broadcast). These packets go over only one LSP.
When multiple LSPs are configured for use by a PW, the hardware counts packets for the PW only, not individual LSPs associated with the PW.
New CLI Commands [enable|disable] l2vpn sharing show l2vpn sharing
NOTE
ACLs may be used instead to implement counter and ingress rate limiting.ExtremeXOS 15.4.2 Release Notes 20
Overview
Changed CLI Commands
This command is modified to display the status of L2VPN sharing configuration:
show vpls detail
This command is modified to display a message when multiple transport LSPs are configured for a VPLS PW and LSP sharing is not enabled. This message only appears once per switch boot:
configure vpls peer add mpls lsp
Proactive Service Framework
This feature enables the switch to proactively send basic configuration and operation information to a cloud-hosted collector for the purpose of assisting the Extreme Networks TAC to resolve customer-reported issues.
Limitations This feature uses SSL to secure the switch information transmission on the Internet. SSL
functionality is provided by a separate XMOD, called ssh.xmod. If the feature is enabled and ssh.xmod is not installed, the switch information is transmitted as clear text.
XMOD applications can be dynamically upgraded without restarting the switch, but the upgraded XMOD version must match the installed ExtremeXOS version.
New CLI Commands [enable | disable] tech-support collector configure tech-support add collector [ |
] tcp-port {vr } {from } {ssl [on | off]}
configure tech-support collector [ | ] tcp-port {vr } {from } {ssl [on | off]}
configure tech-support delete collector [all | | ]
configure tech-support collector [all | | ] frequency [bootup [on | off]| error-detected [on | off]| daily [on {time } | off]]
configure tech-support collector [all | | ] data-set [summary | detail]
run tech-support report {now | in } {collector [all | | ]}
show tech-support collector { | }ExtremeXOS 15.4.2 Release Notes 21
Overview
Changed CLI Commands
Changes are in bold.
show tech-support {[all | ]{detail} {logto [file]}}
Non-Extreme Networks Optics Licensing
Starting with ExtremeXOS 15.4, Extreme Networks will begin issuing a purchasable software license, non-Extreme Optics to use optical devices from third-party vendors on 40G and 100G ports. Currently this feature only issues warning messages, but the actual restriction of the ports will be implemented in a future release.
Like other feature licenses, once the license is applied to a specific switch, that switch is permanently enabled to allow the unrestricted use of non-Extreme Networks optical devices. Without the license, ports which are attached to such devices are continuously restricted.
The devices subject to restriction are:
QSFP+ SR4
QSFP+ LR4
QSFP+ passive copper 0.5m, 1m, 3m, and 5m cable
QSFP+ active optical 5m, 10m, 20m, 50m, and 100m cable
QSFP+ to SFP+ fan 0ut passive copper 3m and 5 m cable - QSFP+ end
Changed CLI Commands
The show ports configuration and show ports information detail commands include flags showing the summary status of non-Extreme Networks optical devices:
Licensedthe optics license is installed (the 40G+ device is unrestricted, but still unsupported by Extreme Networks TAC.
Unsupportedthe non-Extreme Networks device is unsupported by Extreme Networks, but is unrestricted because it does not require a license (1G/10G).
Unlicensedthe non-Extreme Networks 40G+ device may be restricted in a future release.
NOTE
This feature restriction does not apply to stacking ports.ExtremeXOS 15.4.2 Release Notes 22
Overview
Transparent Interconnection of Lots of Links (TRILL)
Transparent Interconnection of Lots of Links (TRILL) is packet encapsulation standard specifically designed to meet the requirements of the data center. It is similar to Service Provider Bridging (SPB) and Virtual Private LAN Service (VPLS), but it is different in a few key areas. Like Multi-Protocol Label Switching (MPLS), TRILL is considered a Layer 2 protocol. From the end station device perspective, the network looks like a large, flat Layer 2 network.
Within the network, bridge traffic is transported across the network using Layer 3 route forwarding techniques. Similar to SPB and VPLS, the TRILL packet payload includes the entire Ethernet packet starting with the destination MAC address (DA) field in the Ethernet header through the Ethernet PDU (but does not include the FCS). TRILL also requires edge TRILL networking devices, referred to as RBridges, to learn both local MAC address port/VLAN bindings and remote network MAC address TRILL link/VLAN bindings associated with egress RBridges.
The TRILL standard is documented in RFC6325.
Supported Platforms
TRILL is supported on the following platforms:
BlackDiamond X8 series switches
Summit X670 series switches1
Summit X770 32x40G series switches1
Limitations Multicast, flood, and broadcast traffic is limited to 6G per 240G packet processor.
Multicast is not supported. All multicast traffic is transmitted over a single DTree.
Only supports forwarding to one neighbor RBridge per port.
No support for Hybrid TRILL VLANs. A VLAN must either be a TRILL network VLAN or an access VLAN.
Hybrid ports are not supported (though VLANs can have TRILL network ports and native 802.1Q Ethernet ports in the same VLAN).
On a transit Rbridge, the VLANs being transported still consume hardware resources (multicast indices and FDB entries) if VLAN pruning is enabled, even if the VLAN is not present on the transit Rbridge.
Hitless failover high availability is not supported.
TRILL is supported on the default VR only.
Network recovery times are similar to other routing protocols, such as Open Shortest Path First (OSPF).
No Operations and Management (OAM) protocol (for example, Bi-directional Forwarding Detection [BFD]) fault detection is providedonly link LoL and Hello timeouts,
No RBridge TRILL peering authentication to prevent network spoofing.ExtremeXOS 15.4.2 Release Notes 23
1. Individual switches and in stacks.
Overview
IGMP snooping must be disabled on access VLANs before they are added to TRILL (disable igmp snooping vlan vlan_name).
MLAG and TRILL are not supported on the same VLANs/ports. Enabling MLAG for a different set of VLANs/ports puts the entire switch in software learning mode, including TRILL FDB entries.
The following protocol features cannot be configured on a TRILL network VLAN:
IP forwarding
IP routing protocols
IP multicast protocols
MPLS
ESRP
Ring protocols (for example: EAPS, ERPS)
MLAG
Private VLANs
VLAN translation
VLAN aggregation
VMANs
VPLS
VRRP
STP
Customer edge ports (CEP)
Multicast snooping
Any type of tunneling (for example: GRE, IPv6-to-IPv4, IPv6-in-IPv4)
Protocols such as STP, EAPS, ERPS, and ELRP can be configured on TRILL access VLANs and function correctly in some network configurations. You cannot configure IP addresses on TRILL access VLANs.
Although not specifically designed to support this, VMAN packets with an outer VMAN tag of Ethertype 0x8100 can be carried over a TRILL network provided they are treated as basic Ethernet-tagged packets.ExtremeXOS 15.4.2 Release Notes 24
Overview
New CLI Commands enable trill disable trill configure trill add access tag {- } configure trill delete access tag < first_tag > {- <
last_tag >} configure trill designated-vlan desired configure trill add network vlan configure trill delete network vlan [ | all] create trill nickname {nickname-priority
} {root-priority } {name }
delete trill nickname [ | | all]
configure trill nickname [ | ] {new-nicknname } {nickname-priority } {root-priority } {name }
configure trill ports [ | all] protocol [enable | disable]
configure trill ports [ | all] {drb-election }
configure trill ports [ | all] {link-type [broadcast | point-to-point]}
configure trill ports [ | all] {metric [ | automatic]}
configure trill system-id [switch-mac | ] configure trill pseudonode [enable | disable] configure trill inhibit-time configure trill maintenance-mode [enable | disable] configure trill sharing max-next-hops configure trill mtu size configure trill mtu probe [enable | disable] configure trill mtu probe fail-count configure trill tree prune vlans [enable | disable] configure trill timers lsp [generation-interval
| refresh-interval | lifetime | transmit-interval | retransmit-interval |checksum [enable | disable]]
configure trill timers spf {restart } {interval }ExtremeXOS 15.4.2 Release Notes 25
configure trill timers spf backoff-delay {minimum } {maximum }
Overview
configure trill timers hello {multiplier } {interval [ | minimal]}
configure trill timers csnp {interval } show trill {detail | counters} show trill rbridges show trill neighbor {nickname | system-id
| mac-address } show trill neighbor {nickname | system-id
| mac-address } show trill ports {} {counters {no-refresh |
detail}} show trill lsdb {lsp-id | detail} show trill distribution-tree {[pruning vlan | rpf]
{}} clear trill counters ping trill {count } {interval }
traceroute trill ExtremeXOS 15.4.2 Release Notes 26
Overview
Changed CLI Commands
The following ExtremeXOS CLI commands have been modified to support TRILL feature. The syntax of these commands is not changed:
create [fdbentry | fdb] {vlan} rbridge
delete [fdbentry | fdb] {vlan} rbridge
clear fdb rbridge [ | all] show fdb {rbridge [ | all]}The following command behavior is modified to support the TRILL feature:
If a VLAN is deleted that has TRILL configured, the VLAN is removed from the list of TRILL-configured VLANs automatically. The TRILL links associated with the VLAN are immediately torn down.
If learning is disabled on a TRILL access VLAN, learning of egress RBridge to remote MAC addresses is also disabled. Thus, all unicast traffic is flooded across the traffic since no learning takes place.
If packet flooding is disabled on a TRILL access VLAN, unknown unicast, broadcast, and multicast packets are discarded by the RBridge. MAC address to egress RBridge FDB entries must be configured to forward traffic.
The command show vlan output is modified to include the RBridge flag (h). If TRILL is enabled on the VLAN, then the h-flag is displayed indicating that the VLAN can peer with other RBridges in a TRILL network.
The show vlan vlan_name command includes a new line indicating if TRILL is enabled and whether the VLAN is a TRILL network VLAN or an access VLAN.
The configured FDB aging time applies to RBridge FDB entries.
Creating an FDB tracking entry performs the same function for RBridge FDB entries as it does for native VLAN FDB entries.ExtremeXOS 15.4.2 Release Notes 27
Overview
Dynamic Host Configuration Protocol (DHCP) Smart Relay Support for Secondary IP address IDs
This feature adds capabilities to the Dynamic Host Configuration Protocol (DHCP) Relay module in ExtremeXOS to include secondary IP addresses of the VLAN as the gateway address (giaddr) while relaying a DHCP request. There are two modes of operation: sequential and parallel.
Supported Platforms
All platforms.
New CLI Commands configure bootprelay {ipv4 | ipv6} include-secondary
{sequential | parallel | off} {vr } configure bootprelay {ipv4 | ipv6} {vlan}
include-secondary {sequential | parallel | off} unconfigure bootprelay {ipv4 | ipv6} {vlan}
include-secondary show bootprelay configuration ipv4
show bootprelay configuration ipv6
Changed CLI Commands
The following show commands are modified to show secondary IP address information:
show bootprelay show bootprelay ipv6 show bootprelay configuration ipv4 show bootprelay configuration ipv6ExtremeXOS 15.4.2 Release Notes 28
Overview
Port-Specific VLAN Tagging
This feature allows bridging of frames with different VLAN IDs that have been trunked by third-party equipment. Frames with different VLAN IDs are treated as belonging to the same VLAN.
Different VLAN IDs can be on different ports or on the same ports. Different VLAN IDs are used to accept packets to the VLAN, and the right VLAN ID is used when forwarding the frames out. The same VLAN ID on different ports can be associated with different VLANs. Forwarding can also be done over L2VPN when the switches are connected with pseudowires.
Supported Platforms BlackDiamond 8800 xl-series only switches
BlackDiamond X8 series switches
Summit X480, X460, X670, and X770 series switches
E4G-400 and E4G-200 cell site routers
Limitations Protocols are not supported on port-specific VLAN tags. They are prevented from being
configured.
VMANs are not supported.
Configuration input and output are only through the CLI.
IP unicast/multicast forwarding is not supported.
Within a single broadcast domain (VLAN) there is only one MAC address. When a MAC address is learned on different tag (on the same port or on a different port), it is considered a MAC move.
Multicast is not supported. Internet Group Management Protocol (IGMP) snooping must be disabled.
VLAN translation functionality is essentially provided by port-specific VLAN tag, so port-specific VLAN tag cannot be part of VLAN translation (either as a translation VLAN, or a member VLAN).
VLANs with a port-specific tag cannot be part of a private VLAN.
Remote-mirroring is not supported on VLANs with port-specific tags.ExtremeXOS 15.4.2 Release Notes 29
Overview
Changed CLI Commands
Changes are in bold.
configure {vlan} vlan_name add ports [port_list | all] {tagged {} | untagged} {{stpd} stpd_name} {dot1d | emistp | pvst-plus}}
configure {vlan} vlan_name delete ports [all | port_list {tagged }]
create fdbentry vlan [ports {tagged } | blackhole]
configure ports port_list {tagged } vlan vlan_name [limit-learning number {action[blackhole | stop-learning]} | lock-learning | unlimited-learning | unlocklearning]
Additionally, the output of the following commands is modified to show VLAN bridging information:
show vlan show port info detail show fdb
Access Control List (ACL) Customer VLAN ID (CVID) Match Criteria
This access control list (ACL) match criteria feature allows you to specify access-lists that filter on the inner-VLAN-id field of a double-tagged packet. You can use this match criteria in the following ways:
Tagged VMAN portsinstalling an ACL matching CVID on ingress or egress matches the inner VID of a double-tagged packet on a tagged VMAN port.
Untagged VMAN ports with port-CVIDinstalling an ACL matching CVID on ingress matches the port-CVID inserted into an untagged packet entering this VMAN.
CEP VMAN ports (with or without VPLS)installing an ACL matching CVID on ingress or egress matches the single VLAN tag on a CEP VMAN port (without translation).
CEP VMAN ports with CVID translation (with or without translation)installing an ACL matching CVID on ingress matches the post-translation CVID. Installing an ACL matching CVID on egress matches the post-translation CVID.
Supported Platforms All Summit series switches
BlackDiamond 8800 and BlackDiamond X8 series switches
Limitations Platforms that do not support egress ACLs do not support this match criteria on egress.
Using CVID with an egress ACL does not match egress packets matching the port-CVID, since the CVID has been stripped.
Using CVID does not provide symmetrical results when applied to VMAN CEP ports also ExtremeXOS 15.4.2 Release Notes 30
enabling CVID translation. Ingress ACLs match the CVID after ingress translation, while egress ACLs also match the CVID after egress translation.
Overview
Multi-Protocol Label Switching/Virtual Private LAN Services (MPLS/VPLS) Enhancements
The following EMS logs allow you to track Multi-Protocol Label Switching (MPLS) protocols, some label-switched paths (LSPs), pseudowires (PWs) and MPLS interface operational states. These logs are at the Info level and are not generated in the default log output (the default level for MPLS is Warning).
LSPs MPLS.ChgStaticIngrLSPState
MPLS.ChgStaticTrnstLSPState
MPLS.ChgStaticEgrLSPState
MPLS.RSVPTE.ChgIngrLSPState
Pseudowires MPLS.L2VPN.ChgPWState
MPLS Protocol Interfaces
MPLS.ChgIfState
MPLS.ChgProtoState
MPLS.LDP.ChgProtoState
MPLS.RSVPTE.ChgProtoState
Changed CLI Commands
The following commands are modified to show additional information:
show tech mpls show mpls rsvp-te lsp
Joint Interoperability Test Command (JITC) Compliance
If you require Joint Interoperability Test Command (JITC) compliance, you can use the command configure snmp compatibility get-bulk reply-too-big-action [standard | too-big-error] to change ExtremeXOS from Ridgeline-compatible mode (standard), the default mode, to JITC-compliant mode (too-big-error).
NOTE
CES.TDM.PWUp and CES.TDM.PWDown EMS logs already exist.ExtremeXOS 15.4.2 Release Notes 31
Please note that switching to JITC-compliant mode causes Ridgeline to display potentially unreliable information.
Overview
New Hardware Supported in ExtremeXOS 15.4
This section lists the new hardware supported in ExtremeXOS 15.4:
Summit X770 32x40G series switches
Hardware No Longer Supported
The following hardware is no longer supported in ExtremeXOS 15.4:
Summit X150
Summit X250e
Summit X350e
Summit X450e
Summit x450a
Summit X650
ExtremeXOS Hardware and Software Compatibility Matrix
The ExtremeXOS Hardware and Software Compatibility Matrix provides information about the minimum version of ExtremeXOS software required to support BlackDiamond and Summit switches, as well as SFPs, XENPAKs, XFPs, and other pluggable interfaces.
The latest version of the ExtremeXOS Hardware and Software Compatibility Matrix can be found at:
www.extremenetworks.com/documentationExtremeXOS 15.4.2 Release Notes 32
Overview
Upgrading to ExtremeXOS
See Software Upgrade and Boot Options in the ExtremeXOS Concepts Guide for instructions on upgrading ExtremeXOS software. Following are miscellaneous hitless upgrade notes:
Beginning with ExtremeXOS 12.1, an ExtremeXOS core image (.xos file) must be downloaded and installed on the alternate (non-active) partition. If you try to download to an active partition, the error message "Error: Image can only be installed to the non-active partition." is displayed. An ExtremeXOS modular software package (.xmod file) can still be downloaded and installed on either the active or alternate partition.
SummitX software is required for E4G cell site routers.
Beginning with ExtremeXOS 15.4, a limited hitless upgrade procedure is supported on the BlackDiamond X8 and BlackDiamond 8800 series switches For more information, see the ExtremeXOS Concepts Guide.
Downloading Supported MIBs
The Extreme Networks MIBs are located on the eSupport website under Download Software Updates, located at:
https://esupport.extremenetworks.com/ExtremeXOS 15.4.2 Release Notes 33
Overview
Tested Third-Party Products
This section lists the third-party products tested for ExtremeXOS 15.2.
Tested RADIUS Servers
The following RADIUS servers are fully tested:
MicrosoftInternet Authentication Server
Meetinghouse
FreeRADIUS
Tested Third-Party Clients
The following third-party clients are fully tested:
Windows 7
Windows Vista
Linux (IPv4 and IPv6)
Windows XP (IPv4)
PoE Capable VoIP Phones
The following PoE capable VoIP phones are fully tested:
Avaya 4620
Avaya 4620SW IP telephone
Avaya 9620
Avaya 4602
Avaya 9630
Avaya 4621SW
Avaya 4610
Avaya 1616
Avaya one-X
Cisco 7970
Cisco 7910
Cisco 7960
ShoreTel ShorePhone IP 212k
ShoreTel ShorePhone IP 560
ShoreTel ShorePhone IP 560g
ShoreTel ShorePhone IP 8000
ShoreTel ShorePhone IP BB 24 ExtremeXOS 15.4.2 Release Notes 34
Siemens OptiPoint 410 standard2
Overview
Siemens OpenStage 20
Siemens OpenStage 40
Siemens OpenStage 60
Siemens OpenStage 80
Extreme Switch Security Assessment
DoS Attack Assessment
Tools used to assess DoS attack vulnerability:
Network Mapper (NMAP)
ICMP Attack Assessment
Tools used to assess ICMP attack vulnerability:
SSPing
Twinge
Nuke
WinFreeze
Port Scan Assessment
Tools used to assess port scan assessment:
Nessus
Service Notifications
To receive proactive service notification about newly released software or technical service communications (for example, field notices, product change notices, etc.), please go to:
www.extremenetworks.com/services/service_notification_form.aspxExtremeXOS 15.4.2 Release Notes 35
OverviewExtremeXOS 15.4.2 Release Notes 36
ExtremeXOS2 LimitsThis chapter summarizes the supported limits in ExtremeXOS 15.4.2-Patch1-3.
Table 1 summarizes tested metrics for a variety of features, as measured in a per-system basis unless otherwise noted. These limits may change but represent the current status. The contents of this table supersede any values mentioned in the ExtremeXOS Concepts Guide.
The scaling and performance information shown in Table 1 is provided for the purpose of assisting with network design. It is recommended that network architects and administrators design and manage networks with an appropriate level of network scaling head room. The scaling and performance figures provided have been verified using specific network topologies using limited switch configurations. There is no guarantee that the scaling and performance figures shown are applicable to all network topologies and switch configurations and are provided as a realistic estimation only. If you experience scaling and performance characteristics that you feel are sufficiently below what has been documented, contact Extreme Networks technical support for additional assistance.
The route limits shown in Table 1 for IPv4 and IPv6 routing protocols are software limits only. The actual hardware limits may be higher or lower than the software limits, based on platform. The hardware limits for specific platforms are specified as "IPv4/IPv6 routes (LPM entries in hardware)" in the following table.
On products other than the BlackDiamond 8900 xl-series, BlackDiamond X8 series, and Summit X480 series, it is not advised to have greater than 25,000 total IP routes from all routing protocols. Adverse effects can occur with routing tables larger than this, especially when a single network event or CLI command affects a significant number of routes. For example, just after such a network event, the added system load will cause a save configuration command to time out.
NOTE
The term BlackDiamond 8000 e-series refers to all BlackDiamond 8500 e-series and 8800 e-series modules.The term BlackDiamond 8000 series refers to all BlackDiamond 8500, 8800, and 8900 series modules.37 15.4.2 Release Notes
Limits
Table 1: Supported Limits
Metric Product LimitAAA (local)maximum number of admin and local user accounts.
All platforms 16
Access lists (meters)maximum number of meters.
BlackDiamond 8000 series
e-series, group of 24 ports
c-series
BlackDiamond 8900 series
8900-10G24X-c, group of 12 ports
8900 xl-series, 8900-G96T-c
8900-40G6X-xm
BlackDiamond X8 series
E4G-200
Summit X440, X430 per group of 24 ports
Summit X460, E4G-400, per group of 24 ports
Summit X480
Summit X670 with VIM4-40G4xSummit X480 with VIM3-40G4X
Summit X770
512
2,048 ingress,256 egress
1,024 ingress,256 egress
4,096 ingress,512 egress
512 ingress512 egress
512 ingress,512 egress
1,024 ingress256 egress
512 ingress
2,048 ingress,256 egress
4,096 ingress,512 egress
512 ingress512 egress
1,024 ingress,512 egress
Access lists (policies)suggested maximum number of lines in a single policy file.
All platforms 300,00038ExtremeXOS 15.4.2 Release Notes
Limits
Access lists (policies)maximum number of rules in a single policy file.a
BlackDiamond 8000 series
c-series, group of 24 ports
e-series, group of 24 ports
BlackDiamond 8900
8900-10G24X-c modules, group of 12 ports
8900-G96T-c modules, group of 48 ports
8900 xl-series
8900-40G6X-xm
BlackDiamond X8 series
Summit X440, X430 group of 24 ports
Summit X460, E4G-400
Summit X480
Summit X670
VIM4-40G4x
Summit X480
VIM3-40G4X
Summit X770
4,096 ingress, 512 egress
1,024 ingress
2,048 ingress,512 egress
8,192 ingress,1,024 egress
61,440 (up to)
2,048 ingress,1,024 egress
2,048 ingress,1,024 egress
1,024 ingress
4,096 ingress,512 egress
(up to) 61,440 ingress,1,024 egress
2,048 ingress1,024 egress
2048 ingress1024 egress
4,096 ingress1,024 egress
Table 1: Supported Limits (Continued)
Metric Product Limit39ExtremeXOS 15.4.2 Release Notes
Limits
Access lists (slices)number of ACL slices.
BlackDiamond 8000 series
c-series, group of 48 ports
BlackDiamond 8900 series
8900-10G24X-c modules, group of 12 ports
8900-G96T-c modules, group of 48 ports
8900 xl-series
8900-40G6X-xm
BlackDiamond X8 series
E4G-200
Summit X440, X430
Summit X460, E4G-400
Summit X480
Summit X670
VIM4-40G4x
Summit X480
VIM3-40G4X
Summit X770
16
12 ingress,4 egress
16 ingress,4 egress
17b
10 ingress,4 egress
10 ingress,4 egress
8 ingress,4 egress
4 ingress
16 ingress,4 egress
17b ingress,4 egress
10 ingress,4 egress
10 ingress,4 egress
12 ingress4 egress
AVB (audio video bridging)maximum number of active streams
NOTE: * It is recommended that you do not use on more than 8 ports on this switch.
Summit X440, X460
Summit X670
Summit X430
1,024
4,096
100*
BFD sessionsmaximum number of BFD sessions
All platforms (default timers1 sec)
BlackDiamond X8 and 8800 (minimal timers50 msec)
512
10c
Table 1: Supported Limits (Continued)
Metric Product Limit40ExtremeXOS 15.4.2 Release Notes
All Summits (minimal timers100 msec)
10c
Limits
BGP (aggregates)maximum number of BGP aggregates.
All platforms with Core license or higher 256
BGP (networks)maximum number of BGP networks.
All platforms with Core license or higher
BlackDiamond X8 series
1,024
1,024
BGP (peers)maximum number of BGP peers.
NOTE: * With default keepalive and hold timers.
BlackDiamond X8 series
BlackDiamond 8000 series
BlackDiamond xl-series
Summit X460, X670, X770
E4G-400, E4G-200
Summit X480
512
512
512
128*
128*
512
BGP (peer groups)maximum number of BGP peer groups.
BlackDiamond 8900 series
BlackDiamond X8 series
Summit X480
All platforms (except BlackDiamond X8 series, BlackDiamond 8900 series, and Summit X480) with Core license or higher
128
128
128
64
BGP (policy entries)maximum number of BGP policy entries per route policy.
All platforms with Core license or higher 256
BGP (policy statements)maximum number of BGP policy statements per route policy.
All platforms with Core license or higher 1,024
BGP multi-cast address-family routes maximum number of multi-cast address-family routes.
BlackDiamond 8000 series
BlackDiamond 8900 xl-series
BlackDiamond X8 series
Summit X460, X670, X770
Summit X480
E4G-400
25,000
524,256 (up to)b
25,000
25,000
524,256 (up to)b
25,000
BGP (unicast address-family routes)maximum number of unicast address-family routes.
BlackDiamond 8000 series
BlackDiamond 8900 xl-series
BlackDiamond X8 series
Summit X460, X670, X770
Summit X480
E4G-400
25,000
524,256 (up to)b
25,000
25,000
524,256 (up to)b
25,000
Table 1: Supported Limits (Continued)
Metric Product Limit41ExtremeXOS 15.4.2 Release Notes
Limits
BGP (non-unique routes)maximum number of non-unique BGP routes.
BlackDiamond 8000 series
BlackDiamond 8900 xl-series
BlackDiamond X8 series
Summit X460, X670, X770
Summit X480
E4G-400, E4G-200
25,000
1,200,000
25,000
25,000
1,000,000
25,000
BGP ECMPmaximum number of equalcost multipath for BGP and BGPv6.
All platforms, except Summit X440 2, 4, or 8
BGPv6 (unicast address-family routes) maximum number of unicast address family routes.
BlackDiamond 8900 xl-series
BlackDiamond 8800 c-series
BlackDiamond 8000 e-series
BlackDiamond X8 series
Summit X460
Summit X480
Summit X670, X770
E4G-400
20,000
6,000
240
8,000
6,000
20,000
8,000
6,000
BGPv6 (non-unique routes)maximum number of non-unique BGP routes
BlackDiamond 8900 xl-series
BlackDiamond 8800 c-series
BlackDiamond 8000 e-series
BlackDiamond X8 series
Summit X460
Summit X480, X670, X770
E4G-400
24,000
18,000
720
24,000
18,000
24,000
18,000
BOOTP/DHCP relaymaximum number of BOOTP or DHCP servers per virtual router.
All platforms 4
BOOTP/DHCP relaymaximum number of BOOTP or DHCP servers per VLAN.
All platforms 4
CES TDM pseudowiresmaximum number of CES TDM pseudowires per switch.
E4G-200 and E4G-400 256
Connectivity fault management (CFM)maximum number or CFM domains.
All platforms 8
CFMmaximum number of CFM associations.
All platforms 256
Table 1: Supported Limits (Continued)
Metric Product Limit42ExtremeXOS 15.4.2 Release Notes
Limits
CFMmaximum number of CFM up end points.
BlackDiamond 8000 series
BlackDiamond X8 series
Summit series
32
32
32
CFMmaximum number of CFM down end points.
BlackDiamond 8000 series
BlackDiamond X8 series
Summit series X460, E4G-200, E4G-400 (non-load shared ports)
Summit series X460, E4G-200, E4G-400 (load shared ports)
Summit series
All other platforms
32
32
256
32
32
32
CFMmaximum number of CFM remote end points per up/down end point.
All platforms 2,000
CFMmaximum number of dot1ag ports.
All platforms 128
CFMmaximum number of CFM segments.
All platforms 1,000
CLEAR-Flowtotal number of rules supported. The ACL rules plus CLEAR-Flow rules must be less than the total number of supported ACLs.
BlackDiamond 8800 c-series
BlackDiamond 8900 series
BlackDiamond X8 series
Summit X440
Summit X670
Summit X480, Summit X770
4,096
4,096
4,096
1,024
2,048
4,096
Data Center Bridging eXchange (DCBX) protocol Type Length Value (TLVs)maximum number of DCBX application TLVs.
All platforms 8
Dynamic ACLsmaximum number of ACLs processed per second.
NOTE: Limits are load dependent.
BlackDiamond 8800 with c-series MSM and I/O modules
BlackDiamond 8900 series
BlackDiamond X8 series
Summit X480, X670
with 50 DACLswith 500 DACLs
8
8
8
105
Table 1: Supported Limits (Continued)
Metric Product Limit43ExtremeXOS 15.4.2 Release Notes
Limits
EAPS domainsmaximum number of EAPS domains.
NOTE: An EAPS ring that is being spatially reused cannot have more than four configured EAPS domains.
BlackDiamond 8000 series
BlackDiamond X8 series
Summit series (except X430), E4G-200, E4G-400
Summit X430
64
64
32
4
EAPSv1 protected VLANsmaximum number of protected VLANs.
BlackDiamond 8000 series
BlackDiamond X8 series
Summit series, E4G-200, E4G-400
2,000
4,000
1,000
EAPSv2 protected VLANsmaximum number of protected VLANs.
BlackDiamond 8000 series
BlackDiamond X8 series
Summit series, E4G-200, E4G-400
2,000
4,000
500
ELSM (vlan-ports)maximum number of VLAN ports.
BlackDiamond 8000 series
BlackDiamond X8 series
Summit series, E4G-200, E4G-400
5,000
5,000
5,000
ERPS domainsmaximum number of ERPS domains without CFM configured
BlackDiamond 8806 series
BlackDiamond X8 series
Summit series (except X430), E4G-200, E4G-400
Summit X430
32
32
32
4
ERPS domainsmaximum number of ERPS domains with CFM configured.
BlackDiamond 8806 series
BlackDiamond X8 series
Summit series non-CSR platforms
Summit X460
E4G-200, E4G-400
16
16
16
32
32
ERPSv1 protected VLANsmaximum number of protected VLANs.
BlackDiamond 8806 series
BlackDiamond X8 series
Summit series, E4G-200, E4G-400
2,000
2,000
1,000
ERPSv2 protected VLANsmaximum number of protected VLANs
BlackDiamond 8806 series
BlackDiamond X8 series
Summit series, E4G-200, E4G-400
2,000
2,000
500
ESRP groupsmaximum number of ESRP groups.
All platforms 7
ESRP domainsmaximum number of ESRP domains.
BlackDiamond 8000 series
BlackDiamond X8 series
BlackDiamond 8900 series
Summit series
64
64
128
64
Table 1: Supported Limits (Continued)
Metric Product Limit44ExtremeXOS 15.4.2 Release Notes
Limits
ESRP VLANsmaximum number of ESRP VLANs.
BlackDiamond 8000 series
BlackDiamond X8 and 8900 series
Summit series
1,000
2,048
1,000
ESRP (maximum ping tracks)maximum number of ping tracks per VLAN.
All platforms 8
ESRP (IP route tracks)maximum IP route tracks per VLAN.
All platforms 8
ESRP (VLAN tracks)maximum number of VLAN tracks per VLAN.
All platforms 1
Forwarding ratemaximum L2/L3 software forwarding rate.
BlackDiamond 8000 series
BlackDiamond X8 series
Summit series, except Summit X770
Summit X770
10,000 pps
20,000 pps
10,000 pps
16,000 pps
FDB (blackhole entries)maximum number of unicast blackhole FDB entries.
BlackDiamond 8800 c-series
BlackDiamond 8000 e-series
BlackDiamond 8900 series
8900 c-series8900 xl-series8900-40G6X-xm
BlackDiamond X8 series
E4G-200, E4G-400
Summit X440, X430
Summit X480
Summit X460
Summit X670
VIM4-40G4x
Summit X770
32,000
8,000
32,000524,288 (up to)b128,000
128,000
32,000
16,000
524,288 (up to)b
32,000
128,000
288,000d
FDB (blackhole entries)maximum number of multi-cast blackhole FDB entries.
BlackDiamond 8000 series
BlackDiamond X8 series
All Summit series switches, except X770
Summit X770
1,024
1,024
1,024
4,000
Table 1: Supported Limits (Continued)
Metric Product Limit45ExtremeXOS 15.4.2 Release Notes
Limits
FDB (maximum L2 entries)maximum number of MAC addresses.
BlackDiamond 8000 c-series
BlackDiamond 8000 e-series
BlackDiamond 8000 (system), except 8900 xl-series
BlackDiamond 8900 xl-series
BlackDiamond X8 series
E4G-200, E4G-400
Summit X440, X430
Summit X480
Summit X480
VIM3-40G4X
Summit X460
SummitStack (except X480)
Summit X670
Summit X770
32,768e
8,192e
128,000e
524,488 (up to)b
128,000e
32,000e
16,000e
524,488 (up to)b
128,000e
32,768e
128,000e
128,000e
288,000d e
FDB (Maximum L2 entries)maximum number of multi-cast FDB entries.
BlackDiamond X8
BlackDiamond 8800
All Summit series switches, except X770
Summit X770
1,024
4,000
FIP Snooping VLANs BlackDiamond X8 768BlackDiamond 8800 (8900-40G6X-c only)
Summit X670
FIP Snooping Virtual Links (FPMA mode) per port group
BlackDiamond X8 1,908
BlackDiamond 8800 (8900-40G6X-c only)
Summit X670
FIP Snooping FCFs (with perimeter port) per port group
BlackDiamond X8 238
BlackDiamond 8800 (8900-40G6X-c only)
FIP Snooping FCFs (with Enode-to-FCF port)
BlackDiamond X8 212
BlackDiamond 8800 (8900-40G6X-c only)
Summit X670
Identity managementmaximum number of Blacklist entries.
All platforms 512
Table 1: Supported Limits (Continued)
Metric Product Limit46ExtremeXOS 15.4.2 Release Notes
Limits
Identity managementmaximum number of Whitelist entries.
All platforms 512
Identity managementmaximum number of roles that can be created.
All platforms 64
Identity managementmaximum role hierarchy depth allowed.
All platforms 5
Identity managementmaximum number of attribute value pairs in a role match criteria.
All platforms 16
Identity managementmaximum of child roles for a role.
All platforms 8
Identity managementmaximum number of policies/dynamic ACLs that can be configured per role.
All platforms 8
Identity managementmaximum number of LDAP servers that can be configured.
All platforms 8
Identity managementmaximum number of Kerberos servers that can be configured.
All platforms 20
Identity managementmaximum database memory-size.
All platforms 6449, 152
Identity managementrecommended number of identities per switch.
NOTE: Number of identities per switch is for a default identity management database size (512 Kbytes) across all platforms.
All platforms 100
Identity managementrecommended number of ACL entries per identity.
NOTE: Number of ACLs per identity based on system ACL limitation.
All platforms 20
Identity managementmaximum number of dynamic ACL entries configured as an individual dynamic rule, or as an ACL entry in a policy file.
All platforms (except Summit X430)
Summit X430
500
512
Table 1: Supported Limits (Continued)
Metric Product Limit47ExtremeXOS 15.4.2 Release Notes
Limits
IGMP sendermaximum number of IGMP senders per switch (IP multi-cast compression disabled).l
NOTE: Assumes source-group-vlan mode.
BlackDiamond 8800 c-series
BlackDiamond 8000 e-series
BlackDiamond 8900-10G24X-c modules
BlackDiamond 8900-G96T-c modules
BlackDiamond 8900-40G6X-xm
BlackDiamond 8900 xl-series
BlackDiamond X8 series
E4G-200, E4G-400
Summit X440
Summit X480
Summit X460
Summit X670
VIM4-40G4x
Summit X770
2,048f
500g
2,048f
4,096f
3,000g
4,096f
4,096h
2,048
64
4,096
2,048
3,000g
4,000
IGMP sendermaximum number of IGMP senders per switch (IP multi-cast compression enabled).l
NOTE: Assumes source-group-vlan mode.
For additional limits, see:
Layer-2 IPMC forwarding caches(IGMP/MLD/PIM snooping) in mac-vlan mode. on page 59
Layer-2 IPMC forwarding caches (IGMP/MLD/PIM snooping) in mixed-mode. on page 59
BlackDiamond 8800 c-series
BlackDiamond 8000 e-series
BlackDiamond 8900 c-series
BlackDiamond 8900 xl-series
BlackDiamond 8900-40G6X-xm
BlackDiamond X8 series
E4G-200
E4G-400
Summit X440
Summit X460
Summit X480
Summit X670
VIM4-40G4x
Summit X770
6,000g
500g
6,000g
12,000b
3,000g
6,000g h
3,000g
6,000g
192g
6,000g
12,000b
3,000g
16,000
Table 1: Supported Limits (Continued)
Metric Product Limit48ExtremeXOS 15.4.2 Release Notes
Limits
IGMP snooping per VLAN filtersmaximum number of VLANs supported in per-VLAN IGMP snooping mode.
BlackDiamond 8800 c-series
BlackDiamond 8000 e-series
BlackDiamond 8900 c-series
BlackDiamond 8900 xl-series
BlackDiamond 8900-40G6X-xm
BlackDiamond X8 series
E4G-200, E4G-400
Summit X440
Summit X460, X670
Summit X480
Summit X770
2,000
448
1,000
4,000
1,000
1,000
1,000
448
1,000
4,000
2,000
IGMPv1/v2 SSM-map entriesmaximum number of IGMPv1/v2 SSM mapping entries.
All platforms 500
IGMPv1/v2 SSM-MAP entriesmaximum number of sources per group in IGMPv1/v2 SSM mapping entries.
All platforms 50
IGMPv2 subscribermaximum number of IGMPv2 subscribers per port.m
BlackDiamond 8800 c-series
BlackDiamond 8900 c-series
BlackDiamond X8 series
Summit series (except Summit X460, X480, X770, and X670)
Summit X460, X480, X670, E4G-400
Summit X770
2,000
2,000
2,000
1,000
2,000
3,000
IGMPv2 subscribermaximum number of IGMPv2 subscribers per switch.m
BlackDiamond 8800 c-series
BlackDiamond 8900 c-series
BlackDiamond X8 series
Summit series (except Summit X480, X770, and X670)
Summit X460, X480, X670, E4G-400
Summit X770
20,000
20,000
20,000
10,000
20,000
25,000
IGMPv3 maximum source per groupmaximum number of source addresses per group.
All platforms 250
Table 1: Supported Limits (Continued)
Metric Product Limit49ExtremeXOS 15.4.2 Release Notes
Limits
IGMPv3 subscribermaximum number of IGMPv3 subscribers per port.m
BlackDiamond 8800 e-series
BlackDiamond 8800 c-series
BlackDiamond 8900 series
BlackDiamond X8 series
Summit series (except Summit X460, X770)
Summit X770
Summit X460, E4G-400
1,000
2,000
5,000
3,000
1,000
2,500
2,000
IGMPv3 subscribermaximum number of IGMPv3 subscribers per switch.m
BlackDiamond 8800 e-series
BlackDiamond 8800 c-series
BlackDiamond 8900 series
BlackDiamond X8 series
Summit series (except Summit X460 and X770)
Summit X460, E4G-400
Summit X770
10,000
20,000
30,000
30,000
10,000
20,000
30,000
IP ARP entries in softwaremaximum number of IP ARP entries in software.
NOTE: May be limited by hardware capacity of FDB (maximum L2 entries).
Summit X770
All other platforms
13,1072i
20,480
IP ARP entries in software with distributed mode onmaximum number of IP ARP entries in software with distributed mode on.
BlackDiamond 8000 series with 8900-MSM128 or MSM-48c, and only 8900 xl-series I/O modules
BlackDiamond 8000 series with any I/O modules that are not 8900 xl-series
BlackDiamond X8 series
All other platforms
260,000
100,000
28,000
N/A
Table 1: Supported Limits (Continued)
Metric Product Limit50ExtremeXOS 15.4.2 Release Notes
Limits
IPv4 ARP entries in hardware with distributed mode onmaximum number of IP ARP entries in hardware with distributed mode on
Per BlackDiamond 8900-10G8X-xl, up to 260,000 per system
Per BlackDiamond 8900-G48X-xl or 8900-G48T-xl, up to 130,000 per system
Per BlackDiamond 8000 c-series, up to 18,000 per system
BlackDiamond 8900-40G6X-xm, up to 22,000 per system
BlackDiamond X8 series, up to 28,000 per system
All other platforms
32,500b
16,250b
8,000
8,000
12,000
N/A
IPv4 ARP entries in hardware with minimum LPM routesmaximum recommended number of IPv4 ARP entries in hardware, with minimum LPM routes present. For BlackDiamond 8800, BlackDiamond X8, E4G, and Summit series switches, assumes number of IP route reserved entries is 100 or less.
BlackDiamond 8800 c-, xm-series
BlackDiamond 8000 e-series
BlackDiamond 8900 xl-series
BlackDiamond X8 series
E4G-200
E4G-400
Summit X440
Summit X670
Summit X460, X480
Summit X770
8,000
1,000g
16,000
16,000
8,000
16,000
412
8,000
16,000
106,000i
IPv4 ARP entries in hardware with maximum LPM routesmaximum recommended number of IPv4 ARP entries in hardware, with maximum LPM routes present. For BlackDiamond 8800, BlackDiamond X8, E4G, and Summit series, assumes number of IP route reserved entries is maximum.
BlackDiamond 8800 c-, xm-series
BlackDiamond 8000 e-series
BlackDiamond 8900 xl-series
BlackDiamond X8 seri
Top Related