ACI Release 5.1 New Features

On October 26, 2020 Cisco released ACI version 5.1. As has been customary for me I write a blogpost about this new ACI version looking into some of the new features.

When we look into the release notes of version 5.1 it would appear that there aren’t any major new features. The biggest new features aren’t listed in the release notes at this time. That might be because some of these features are as of yet undocumented.

According to the release notes there are only five new features:

  • The Upgrade process has been improved
  • IGMP snooping querier version 2 support
  • SSD write optimization
  • Support for associating a L3 EPG from the in-band management tenant with a netflow exporter
  • Support for SHA-2 authentication on SNMPv3

These are all minor features (unless of course you were waiting for them). The SSD write optimization I wouldn’t even call a feature, but a bug fix.

When logging in to the new version of ACI you will also get the “what’s new in version 5.1” popup. This shows some things that have not been mentioned in the release notes:

ACI What’s new

Hardware

The release notes don’t mention any changes in hardware support. However, some new line cards for the Nexus 9500 series chassis switches are added. These focus on 100G and 400G line cards.

No new fixed leaf of spine switches are mentioned.

Troubleshooting

We also get some new troubleshooting options:

  • Packet drop detection and RCA options based on Flow Table Export
  • Microburst detection (NFE2 switches)

I’m very interested in the microburst detection possibilities. Microbursts are very hard to detect, but can cause measurable issues on the network. Being able to detect these microbursts enables us to take measures to prevent these microbursts from happening.

The packet drop detection is also a very interesting option. This enables us to know when and where packets are dropped on a hardware asic level. The reason for this drop is also recorded which can help resolve these issues.

These two features together might show you dropped packets that were dropped due to buffer overruns caused by microbursts.

Container networking

This list also includes some improvements in the area of container networking. Most notable one probably being support for Rancher, which means that Rancher and ACI will be able to work together hosting your container environment.

ACI has also been updated to support the latest version of Kubernetes.

Upgrade process

The upgrade process has changed a lot over the last few versions and this new release again changes this process. I must be fair, it does look a lot better now:

ACI Upgrade dashboard

The side menu has changed a lot. So far the side menu on most pages in the APIC GUI is still the old menu, but I expect this style to appear on more pages in the GUI. That would again be a change in the appearance of the APIC GUI, but so far all changes have been an upgrade in my opinion.

When you want to upgrade a (group of) switches you can use a wizard to select both the target software version and the switches to apply them to.

VMware NSX-T support

ACI has supported integration with VMware vDS for a long time. NSX and ACI have been separate worlds for a long time. Yes, NSX can run over ACI, but you don’t need ACI to run NSX. A big downside for having NSX run over ACI is the loss of visibility in endpoints.

ACI now supports integration with VMware NSX-T. I haven’t been able to configure this, and for now there’s no documentation available about this. But as far as I’ve been able to tell it looks a lot like the regular VMware integration. It is solely based on vlans for now, so no VXLAN or Geneve support for now.

Update: I configured the NSX-T integration in my lab. You can find how I did it here: ACI and NSX-T integration in ACI 5.1

This feature is not listed anywhere, but when you go into ACI to the Virtual Networking page you can see it’s already there.

ACI NSX-T integration

Cisco Principal Architect Carlos Campos Torres also tweeted about this: