Cisco IWAN Application on APIC-EM Release Notes, Release 1.5.1 First Published: 2017-08-04 Last Modified: 2017-08-16 Cisco IWAN Application on APIC-EM Release Notes, Release 1.5.1 ThesereleasenotesprovideasummaryofthecomponentsinCiscoIntelligentWideAreaNetworkApplication (CiscoIWANApp),Release1.5.1. CiscoIWANApp(ortheCiscoIWANonAPIC-EM)extendsSoftwareDefinedNetworkingtothebranch withanapplication-centricapproachbasedonbusinesspolicyandapplicationrules.ThisprovidesITcentralized managementwithdistributedenforcementacrossthenetwork. CiscoIWANAppautomatesandorchestratesCiscoIWANdeploymentswithanintuitivebrowser-based GUI.AnewroutercanbeprovisionedinamatterofminuteswithoutanyknowledgeoftheCommandLine Interface(CLI).BusinessprioritiesaretranslatedintonetworkpoliciesbasedonCiscobestpracticesand validateddesigns.CiscoIWANAppdramaticallyreducesthetimerequiredforconfiguringadvancednetwork servicesthroughtheuseofautomationandsimple,predefinedworkflows. CiscoIWANAppoffersaturnkeysolutionthatallowsITtogetoutoftheweedsofmanaginglow-level semanticslikeVPN,QoS,optimization,ACLpolicies.Instead,ITcanfocusonthebiggerpicture,suchas, aligningnetworkresourceswithbusinessprioritiesanddeliveringoutstandinguserexperiencethatresultin betterbusinessoutcomes. CiscoIWANAppincludesthefollowingfeatures: •Zerotouchprovisioning—Plugandplayforremotedeviceswithoutuserintervention •Simpleworkflows—Usecasedrivenwithstep-by-stepandsite-to-siteprovisioning •Businesslevelpolicies—Rulesdrivenetworkactions,abstractionofunderlyingpolicyconfiguration •Networkmonitoring—Status,alertingofnetworkissues What’s New in Cisco IWAN App Release 1.5.1 ThefollowingfeaturesareavailableinCiscoIWANAppRelease1.5.1. Cisco IWAN Application on APIC-EM Release Notes, Release 1.5.1 1 Cisco IWAN Application on APIC-EM Release Notes, Release 1.5.1 Separation of Cisco IWAN Application from APIC-EM Releases Feature Name Description Multi-tunneltermination(MTT) SupportformultipleWANlinksforahubdevice. Multiplelinksmaybeaddedtoadeviceatthetime ofsiteprovisioning(Day0)orafterprovisioning(Day N).Thisfeatureisavailablebothforprimaryand transithubsites. GlobalDayNmodificationofQoSbandwidthat Abilitytoallocateuser-definedbandwidthpercentages serviceprofilelevel toaQoSclassmodelafterprovisioning(DayN).Any WANconnectionusingtheclassmodelisupdated, whethertheconnectionisatahuborbranchsite. 4GSupportforMPLSCloud Supportfor4GWANlinksonaprivateMPLScloud. Beforethisrelease,4GWANlinksweresupported onlyonapublicINETcloud. •Alltopologiesaresupported. •Anytopologymayincludeone4G-cellular interface. •The4G-cellularinterfacemaybeusedforWAN clouds,notwithinaLAN. EnhancedIPPoolprovisioningoptions AbilitytoconfigureIPaddresspoolsforService Provider(overlay)andmanagementloopback. AbilitytomodifyServiceProviderlabel,type,and addresspooluntilhubprovisioningiscomplete. Improvedsupportforreplacingaprovisionedhub Abilitytoreplaceaprovisioneddevice(DayN)ona device(RMA) hubsite,ensuringthatthenewrouteroperatesexactly liketherouterthathasbeenreplaced. AdditionalCiscoISR89xrouterssupport SupportaddedforseveralCiscoISR89xroutersfor branchsites.Seethereleasenotesfordetails. Separation of Cisco IWAN Application from APIC-EM Releases CiscoIWANapprelease1.3.2introducedanewapproachtoIWANappreleases.Beginningwiththisrelease: •TheIWANapphasbeendecoupledfromtheAPIC-EMreleaseschedule,andfromtheAPIC-EM installationandupgradeprocesses. •IWANappreleasenumberingisnowindependentofAPIC-EMreleasenumbering. •DownloadtheIWANappseparatelyfromAPIC-EM,theninstallorupgradetheappusingtheAPIC-EM “AppManagement”page.SeeCiscoIWANApplicationonCiscoAPIC-EMUserGuide,Release1.5.0 fordetailsaboutdeployment. Cisco IWAN Application on APIC-EM Release Notes, Release 1.5.1 2 Cisco IWAN Application on APIC-EM Release Notes, Release 1.5.1 Integral Part of APIC-EM Integral Part of APIC-EM WhilethereleasescheduleandinstallationarenowhandledseparatelyfromAPIC-EM,CiscoIWANApp continuestobeanintegralpartofAPIC-EMandcontinuestoappearintheAPIC-EMGUIasbefore. SystemrequirementsfortheAPIC-EMcontinuetoapplytoCiscoIWANApp. SeeCiscoIWANAppSoftwareCompatibilityinCiscoIWANAppReleaseforinformationaboutthesoftware compatiblewithCiscoIWANAppreleases,includingAPIC-EMandCiscoPrimeInfrastructureversions. Supported Cisco Platforms and Software Releases in Cisco IWAN App Release 1.5.1 CiscoIWANAppRelease1.5.1supportsthefollowingCiscorouterplatformsandsoftwarereleases. Platform Models Software Release Cisco4000SeriesIntegrated 4321 CiscoIOSXEDenali16.3.31 ServicesRouters 4331 4351 4431-X 4451-X CiscoASR1000Series ASR1001 CiscoIOSXEDenali16.3.3 AggregationServicesRouters ASR1001-X ASR1001-HX ASR1002 ASR1002-X ASR1002-HX ASR1004 ASR1006 ASR1006-X CiscoCSR1000vSeriesRouters CloudServicesRouter1000V CiscoIOSXEDenali16.3.3 Cisco IWAN Application on APIC-EM Release Notes, Release 1.5.1 3 Cisco IWAN Application on APIC-EM Release Notes, Release 1.5.1 Supported Cisco Platforms and Software Releases in Cisco IWAN App Release 1.5.1 Platform Models Software Release CiscoIntegratedServicesRouters CiscoIOS15.6(3)M2 Generation2(ISR-G2)Series Routers Cisco IWAN Application on APIC-EM Release Notes, Release 1.5.1 4 Cisco IWAN Application on APIC-EM Release Notes, Release 1.5.1 Supported Cisco Platforms and Software Releases in Cisco IWAN App Release 1.5.1 Platform Models Software Release ENCS5400(ISRv—supportedon CiscoIOSXEDenali16.3.3) ISR1921 ISR1921-ISM ISR1941 ISR1941-ISM ISR2901 ISR2901-ISM ISR2911 ISR2911-ISM ISR2921 ISR2921-ISM ISR2951 ISR2951-ISM ISR3925 ISR3925E ISR3925E-ISM ISR3925-ISM ISR3945 ISR3945-E ISR3945E-ISM ISR3945-ISM ISR892FSP ISR892-FSP ISR897VA ISR897VAB ISR897VAG-LTE-GA ISR897VAG-LTE-GA-K9 ISR897VAG-LTE-LA ISR897VAGW-LTE-GAE ISR897VA-M ISR897VAMG-LTE-GA ISR897VA-M-K9 ISR897VAM-W-E ISR897VAW-A Cisco IWAN Application on APIC-EM Release Notes, Release 1.5.1 5 Cisco IWAN Application on APIC-EM Release Notes, Release 1.5.1 Limitations and Restrictions Platform Models Software Release ISR897VAW-E ISR898EA ISR898EAG-LTE-GA ISR898EAG-LTE-LA ISR899G-LTE-GA ISR899G-LTE-JP ISR899G-LTE-LA ISR899G-LTE-NA ISR899G-LTE-ST ISR899G-LTE-VZ 1 ThisreleaseisrequiredonhubdevicestosupportMulti-tunnelTermination[MTT](multipleWANlinks)feature.Hence,CiscoIOSXEEverest16.4.1isnot supported. Limitations and Restrictions Note ItisrecommendedthatyouupgradetoNBAR2AdvancedProtocolPack27.0.0onyourdeviceswiththe recommendedlatestCiscoIOSandCiscoIOSXEsoftwarereleases. WhenusingEasyQoSandCiscoIWANApponAPIC-EM,youmustadheretothefollowing: •Thenetworksegmentsforeachsolutionaredisjoint.AdevicecontrolledbytheIWANsolutioncannot simultaneouslybecontrolledbytheEasyQoSsolution.ApplicationareofglobalscopeacrossAPIC-EM andassuch,customapplicationscreatedinEasyQoSapplicationmayshowupintheIWANsolutionif applicabletotheWANsolution. •YoumustcompletethefollowingtasksondevicesclaimedbyEasyQoS,tobringthemintheIWAN workflow: ◦QoSpolicytagsshouldberemovedpriortobeingclaimed ◦ThedevicemustbecleanedofremainingEasyQoSpolicyorconfigurationandthedevicemust broughttogreenfieldstate. Hub Router EIGRP Process Downtime Duing Upgrade WhenupgradingtoCiscoIWANApp1.5.1,afterclickingtheUpgradeNetworkbutton(arequiredstepin theupgradeprocess),CiscoIWANApppushesaseriesofcommandstothehubBRrouters,whichtriggers routingtableupdatesfromhubrouterstobranchsiterouters.Duringthisupdateandresynchronizationprocess, thehubrouter’sEIGRPprocessisinactive.ThelengthofthisEIGRPdowntimedependsonthenumberof branchsiteroutersundergoingupdate,andmaybeseveralminutes. Cisco IWAN Application on APIC-EM Release Notes, Release 1.5.1 6 Cisco IWAN Application on APIC-EM Release Notes, Release 1.5.1 Caveats Thisoccursonlywhenoperatinganetworkwithaddressingwithinoneofthefollowingsubnets:10.0.0.0/8, 172.16.0.0/12,192.168.0.0/16. Caveats Open Caveats in Cisco IWAN App Release 1.5.1 Caveat ID Number Description CSCvc46613 Spokeprovisionfailureduetomultipleusersaredefinedandthenotallofthemare tried CSCvb95745 Unabletoaddadevicethatwasdeletedwiththesitethatfailedatbusinesspolicy configphase CSCve03315 CustomConfig:Repeatedappearanceofcustom-templateinformview CSCvf25809 Day-NQoSprofileupdatefor4Ginterfacefailedwithfetchingbandwidthdetailerror CSCvf23932 JDBCexceptioncausedDBqueryfailurewhenclicknewlydiscovereddevicelist CSCvf29226 SpokesitewithOSPFasLANprovisioningfailedduetoEIGRPflap CSCvf33086 DeviceSyncfailureforc898brownfieldprovisionwithpppoe CSCvf38414 TransitHub(MTT)failedwith"InternalError"onAppPolicyUpdate Resolved Caveats in Cisco IWAN App Release 1.5.1 Caveat ID Number Description CSCvd04725 HubARACLsnotremovedwhenbranchsitesaredeleted CSCvc16668 SA:AlarmtabseenonthesitewithnoalarmsshownonUI CSCve21086 [SA]GenericAlarmthrownforrequirementsnotmetduetoincorrectMTUsize CSCve17599 [SA]WANinterfacediscoveryfailurealarmrecommendedactionsneedmoredetails CSCvd83658 [SA]Wrongentryinhubalarmforeigrpsafentry--showingnon-existingSAFentry CSCve19568 [SA]DMVPNalarmshowsNBMA/peersarepingunreachablewhentheyarereachable viaping CSCve21952 “SetGeo”fieldfortransitpopdisappearsifclickondeletingtransitpopthencancelled Cisco IWAN Application on APIC-EM Release Notes, Release 1.5.1 7 Cisco IWAN Application on APIC-EM Release Notes, Release 1.5.1 System Requirements Caveat ID Number Description CSCve21281 UIshouldlimitcustomappURLlengthto29characters-Addatooltipaboutthe30 characters CSCvc07291 SA:UncontrolledTCalarmnotshownforsiteswithnopolicyforbackuplink CSCvc36842 [SA]NorouteisfoundatdeviceisMisleadingunderchildAlarm System Requirements ThefollowingsectionsdescribethesystemrequirementsforCiscoIWANApp: Hardware Requirements CiscoIWANApprequiresaserverwiththefollowingcapabilities/software: •Server—64-bitx86 •CPU—6(2.4GHz) •RAM—32GB Note:Foramulti-hosthardwaredeployment(twoorthreehosts),32GBRAMissufficientforeachhost. •Storage—500Gigabytesorpreferably1TerabyteHDD •NetworkAdapter—1x •200MBpsDiskI/Ospeed Software Requirements ForCiscoIWANonAPIC-EM,thefollowingsoftwareisrequiredontheserver: •Browser ◦Chrome(version50.0orhigher) ◦MozillaFirefox(version46.0orhigher) Cisco IWAN App Software Compatibility in Cisco IWAN App Release ThefollowingtabledescribescompatibleandrecommendedsoftwareversionsforoperationwiththeCisco IWANapplication,runningonCiscoAPIC-EM. Cisco IWAN Application on APIC-EM Release Notes, Release 1.5.1 8 Cisco IWAN Application on APIC-EM Release Notes, Release 1.5.1 Firewall Requirements IWAN App APIC-EM Prime Network OS on OS on Protocol Plug and Infrastructure Collector - ASR1000 ISR-G2 Pack Play LiveNX Series, Series ISR4000 Routers Series, and CSR1000V Series Routers 1.5.1 1.5.0 3.2 LiveNX CiscoIOS CiscoIOS 27.0.0 1.5.0 6.1.2 XEDenali Release 31.0.0 1.5.1 16.3.32 15.6(3)M2 1.4.2 1.4.2 3.1.6 LiveNX6.1 CiscoIOS CiscoIOS 27.0.0 XE Release 1.5.0 3.16.5aS3 15.6(3)M2 CiscoIOS XEDenali 16.3.3 1.3.2 1.3.2 3.1.4 N/A IOSXE CiscoIOS Update1 3.16.4bS Release (15.5(3)S4) 15.5(3)M4a 2 ThisreleaseisrequiredonhubdevicestosupportMulti-tunnelTermination[MTT](multipleWANlinks)feature.Hence,CiscoIOSXEEverest16.4.1isnot supported. 3 Link:https://software.cisco.com/download/special/release.html?config=684110644675436ad1349ee490ed79ff Note IfyourequireafixforCSCvc99738andCSCvb66590,chooseCiscoIOSXE3.16.5aSandCiscoIOS release15.5(3)M5a. Firewall Requirements IfthereisafirewallbetweenthebranchandtheAPIC-EMcontroller,pleaseensurethatthefollowingports areopen: •BranchtotheAPIC-EMcontroller: ◦PKI—TCP80 ◦PNP—TCP80,443 ◦NTP—UDP123 •APIC-EMcontrollertobranch: ◦SNMP—TCPandUDPports:161,162 ◦SSH—TCP22 Cisco IWAN Application on APIC-EM Release Notes, Release 1.5.1 9 Cisco IWAN Application on APIC-EM Release Notes, Release 1.5.1 NetFlow Collectors ◦ECHO—TCP7 •Internetbranchtohubrouters: ◦GREandIPsec—UDP500,4500,IP—50 IfthereisafirewallbetweenAPIC-EMandPrimeInfrastructure,ensurethatport443isopenforAPIC-EM toaccessPrimeInfrastructureAPI. NetFlow Collectors NetFlowcollectorprovidesApplicationVisibility.ThesupportedNetFlowcollectorsforCiscoIWANApp areLiveNXandCiscoPrime.ForinformationaboutcompatibleversionsofCiscoPrimeInfrastructureand othersoftware,seeCiscoIWANAppSoftwareCompatibilityinCiscoIWANAppRelease, onpage8. Supported Hub Devices — Required License SeePlatformsandtheirRolesfordetailspermodel. •ASR1000Series ◦License—ImagewithlicensesforAdvancedIPServicesorAdvancedEnterpriseServices •ISR4451and4431 ◦License—AppxandSecurity ThefollowingisasampleconfigurationthatshowshowtoenableIPseclicenseandaccepttheEndUser LicenseAgreement(EULA)onCiscoASR1000SeriesAggregationServicesRouters. Router(config)# crypto ipsec profile TEST Router(ipsec-profile)# exit Router(config)# interface tunnel 123 Router(config-if)# tunnel protection ipsec profile TEST Note TheconfigurationmustberemovedaftertheEULAisaccepted. Supported Spoke Devices — Required License SeePlatformsandtheirRolesfordetailspermodel. •ASR1000Series ◦License—AdvancedIPServicesorAdvancedEnterpriseServices •CSR1000vSeries ◦License—AXthroughput •ISR4000Series Cisco IWAN Application on APIC-EM Release Notes, Release 1.5.1 10
Description: