BRKARC-2090

#CiscoLiveAPJC
Cisco IOS XE Software

Architecture & Innovations
Catalyst 9000 Series
Cisco IOS XE
Cisco IOS16
XE&17.x
IOS Control Plane CAF / IOX

IOS Sub
IOS Sub
Docker C8Kv
IOSd Systems
IOS
Systems
sub-systems Docker
Scott Parry – High Touch Engineer
Guest Shell
Common Infrastructure & HA
Management Interfaces
BRKARC-2090 Module Drivers IOS XE

DB
Kernel
Protected Memory
#CiscoLiveAPJC
Cisco Webex App
Questions?
Use Cisco Webex App to chat
with the speaker after the session
How
1 Find this session in the Cisco Live Mobile App
2 Click “Join the Discussion”
3 Install the Webex App or go directly to the Webex space Enter your personal notes here
4 Enter messages/questions in the Webex space
Webex spaces will be moderated https://ciscolive.ciscoevents.com/ciscolivebot/#BRKARC-2090
by the speaker until Thursday 22 December, 2022.
#CiscoLiveAPJC BRKARC-2090 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Session
Agenda Abstract
You've used the CLI commands. You've tried the Programmable API’s.
You've seen the GUI screens.... but what’s REALLY happening inside IOS XE?
• How is Cisco IOS XE similar and what differentiates it from other Cisco Operating System
architectures?
• Do you wish you could look –inside- the different software layers, and
understand how they all work together (or when they don’t, for troubleshooting)?
This session will focus on the software components (processes) within IOS XE on
the Catalyst 9000 series:
1. Recap of the basic principles and history of IOS
2. Summary of basic components of Catalyst 9000 IOS XE
3. Summary of key technologies enabled by IOS XE
4. Catalyst 9000 IOS XE architecture up to 17.6.1 release
5. Catalyst 9000 IOS XE architecture after 17.7.1 release
1. Brief History of IOS XE
1
2. Basic IOS XE Components
2
3. IOS XE Technologies
3
Agenda
4. C9K IOS XE upto 17.6.1
4
5. C9K IOS XE after 17.7.1
5
6.
6 Summary & References
Cisco Catalyst 9000 Switching Portfolio
Adding the “X factor” to the industry’s leading switching family
Catalyst
9600X
Catalyst
9500X
Catalyst Catalyst
Catalyst 9400X Catalyst 9500 Series
9300X
9000 Catalyst
9600 Series
Catalyst
Switching
Catalyst
9200CX Compact 9400 Series Platform
Catalyst
9200 Series
Cisco Open
ASIC IOS XE
Catalyst Catalyst Catalyst Catalyst Catalyst Catalyst

2960-X/XR 3650/3850 4500-E Series 3850-XS/4500-X 6840-X/6880-X 6500-E/6807-XL
Access Switching Core Switching
Catalyst 9000 Series – Common Building Blocks
Silicon One™
Q200 © 2020
Programmable x86 Open IOS XE® Cisco UADP &

Multi-Core CPU Polaris Silicon One™
Application Hosting Model-Driven APIs Programmable Pipeline
Secure Containers Modular Patching Flexible Tables
Same IOS XE image for both UADP* and Silicon One C9K platforms
* Catalyst 9200 Series uses IOS XE Lite #CiscoLiveAPJC BRKARC-2090 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Multi-Core CPU – Built for App Hosting
Enterprise & IOT
D
Core Core Core Core
Cisco Application Framework (CAF)
D
R
P
C
M
i LXC KVM Docker Docker
D I s
M Shared L3 Cache e c
IOS
A Custo
I I m
O O App
Control
D Plane
D Core Core Core Core Kernel Kernel
R
IOS XE Kernel
x86
CPU
x86 CPU enables hosting NFV devices, Containers and 3rd-party Apps
* Catalyst 9200 Series uses an embedded ARMv8 CPU
Cisco IOS XE – A Modern Operating System
Cisco IOS XE
Cisco IOS16
XE&17.x

Cisco IOS subsystems
Resiliency and High Availability
IOS Sub Docker C8Kv
IOS Sub
IOSd Systems
IOS
Systems
sub-systems Docker Guest Shell
Common Infrastructure & HA Cisco IOS XE database

Programmability and Open models
Module Drivers IOS XE

DB IOX + Docker containers
Kernel
Cisco and 3rd-party App hosting
Protected Memory
Open, Model Driven & Secure Operating System

Custom ASICs – Programmable Silicon Silicon One™
Q200 ©2020
Cisco Unified
Access
Cisco Silicon One™ Flexible Pipelines
Data-Plane Investment Protection
(UADP®)
Adaptable Tables
Universal Deployment
Scalable Resources
Enhanced Scale and Buffering
Flexible & Programmable ASICs – Adapt to New Technologies

Cisco Catalyst 9000 Series IOS XE Software
History of IOS XE
CiscoCisco
IOS XE
IOS16
XE&17.x
• History of Cisco IOS® IOS Control Plane CAF / IOX

IOS Sub Docker C8Kv
IOS evolves into IOS XE

IOS Sub
IOSd Systems
•
IOS
Systems
• Nova IOS XE (Catalyst 3K) Common Infrastructure & HA
• Polaris IOS XE (Catalyst 9K) Module Drivers IOS XE

DB
Kernel
Protected Memory
1 2 3 4 5 6
BRKARC-2090 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Brief History of Cisco IOS NOTE: Timeline is just an approximation
NX-OS
2008
IOS-XR 2004
12.2SX 12.2SE
IOS 1986 12.2S
15.5SY
12.2SG 15.0SY
IOS 9.x 10.x… 11.x... 12.x
12.2SR
Operating System IOS 9.x – 12.x IOS XE IOS 15.x IOS XE IOS XE Open IOS XE
6.0 BinOS M&T Release NOVA Polaris 16.5.1
LAN Switching, 3.x 3.x 16.1
Remote Access, Catalyst 9K
WAN Switching Cat3850
Cisco’s ASR1K, ISR
Cisco was Shipped First Cat4500 Cat3850
born ASR1000
AGS Router
1984 1986 1993 2007 2009 2010 2015 2017
Cisco IOS XE - Architecture Evolution
Same look and feel - more powerful architecture
Cisco IOS Cisco IOS XE 3.7.x(SE) Cisco IOS XE 16.x
• Monolithic OS • Monolithic IOSd: Control-plane • IOSd: Component assemblies

• Compact • Sub-packages for data plane • Modularized features:
• High performance • Linux daemons hosting capability Sub-packages
• Message parsing capability • Distributed Operating System
• IOS XE (Crimson) Database
• Radioactive tracing and events
What is “Open” Cisco IOS XE?
Cisco IOS Cisco IOS XE 3.x (SE) Open Cisco IOS XE 16.x
Cisco IOS IOSd Hosted apps IOSd Hosted apps

WCM IOS Sub
Container iPerf
Features IOSd blob Systems
IOS Sub
IOS sub-
Features Components Components
Systems
systems Perfsonar Wireshark
Wireshark
Common
Common Infrastructure/HA
infrastructure/HA Infrastructure/HA
Management Interface
interface Management Interface
Cisco
IOS XE DB
Module Drivers
drivers Module Drivers
Config and
Operational states
Kernel Kernel
Modern Software Architecture - with the same look and feel
Open IOS XE – IOS Sub Systems
STP
IOS Sub Systems
OSPF
IOSd IOS Sub Systems BGP Failure of one
IOSd
Sub-Systems
MPLS IOS XE
etc
Sub-System(s) -
keeps rest of the
system intact
IOS XE DB
IOSd Sub-Systems enhance IOS Resiliency
Open IOS XE – Hardware DB
Higher Application UP Time

IOSd IOS XE
Sub-Systems DB
Quicker Recovery
Config & Operational
States
Better Convergence
Decoupling Code & Data
protects the Configuration
& Operational States
Open IOS XE – Hardware DB
Link STP OSPF
Logs
State State State
Link MST
Logs
State State
IOS XE
DB
BGP Tunnel
State State
The IOS XE DB contains

Configuration & Operational
States
Open IOS XE DB – Data Models
Link STP OSPF

Logs
State State State
Link MST
Logs
State State
Data Models
BGP Tunnel
State State
Basic Components
• IOS XE Architecture CiscoCisco

IOS XE
IOS16
XE&17.x

• Control Plane IOS Sub Docker C8Kv
IOS Sub
IOSd
Data Plane
Systems
IOS
Systems
• sub-systems Docker Guest Shell
• System Plane Common Infrastructure & HA
• Management Plane Management Interfaces
Module Drivers IOS XE

• IOS XE on Catalyst 9K Kernel
DB
Protected Memory
1 2 3 4 5 6
Cisco IOS XE Architecture
Modularized Components for Software Abstraction
Forwarding Process Route Process Chassis Mgmt

(FP) Complex (RP) Complex I/O Complex
Data Plane Control Plane Management Plane Data Plane

CMAN-
FMAN-FP FMAN-RP XE IOMD
RP
IOSd DB CMAN-
CMAN- Apps SSO (RF/CF)
FP CC
System Admin Platform Mgr System Admin Stack Mgr System Admin
Infra Services FED / CPP Infrastructure Services CPA / CIA Infra Services
Linux Kernel
Interfaces & Transceivers Device Interconnect (Backplane) ASICs & FPGAs
Cisco IOS XE Software
FMAN-FP FMAN-RP CMAN-RP IOMD

XE
IOSd DB
CMAN-FP Apps SSO (RF/CF) CMAN-CC
PI vs. PD Software Components

Linux Kernel
Platform Independent (PI) Platform Dependent (PD)

• IOS - Internetwork Operating System • CPA – Common Platform Abstraction
• FMAN - Forwarding Manager • IOMD – I/O Manager

• RP – Routing Process • CMAN - Chassis Manager
• FP – Forwarding Process • PMAN - Platform Manager

• CGM - Classification Group Manager • SMAN - Stack Manager
• WCM - Wireless Controller Module • XCVR = Transceiver/Optics
• IFM - Interface Manager • Table Manager - Client & Server

• PDS - Packet Distribution Service • Punject - Punt+Inject (CPU) interface
• LSMPI - • FED - Forwarding Engine Driver
Cisco IOS XE Architecture

XE
IOSd DB
High Level Overview

Linux Kernel
1 2 3 4
Control System Managemen
Data Plane t Plane
Plane Plane
5
Infrastructure Services
6
Linux Kernel & Platform Drivers

XE
IOSd DB
Cisco IOS XE - Control Plane

Linux Kernel
1
Data Plane
Plane Plane t Plane
This is the ‘brain’ of the network stack

Control Plane
• Most control-plane logic runs within IOSd
• Home to routing & bridging protocols (network learning) FMAN-RP
• Richest networking features in industry (~5000 features) IOSd
Apps
• Distributes protocol (RP) forwarding states to data-plane (FP)

XE
IOSd DB
Cisco IOS XE - Data Plane

Linux Kernel
2
Data Plane
Plane Plane t Plane
Handles high-speed Packet Forwarding Data Plane Data Plane

• Touches every packet! High-throughput and low-latency forwarding
• Programming from control-plane abstracted by well defined APIs FMAN-FP IOMD
• Supports multiple forwarding architectures: standalone & modular CMAN- CMAN-
FP CC
• Forwarding is generally handled in special hardware (e.g. UADP & QFP)

XE
IOSd DB
Cisco IOS XE - System Plane

Linux Kernel
3
Data Plane
Plane Plane t Plane
General Administration & functions of the System System

• manages the chassis, modules, I/O, power, fans Admin
• manages stacking & virtual chassis processing Platform Stack
Mgr Mgr
• Also manages software image management & patching

XE
IOSd DB
Cisco IOS XE – Management & Infra

Linux Kernel
4
Data Plane
Plane Plane t Plane
5
Device-Specific Services Management Plane

CMAN-RP XE
• XE Database • HA & ISSU • Compiler
SSO (RF/CF) DB
• TDL DSL • Messaging • Btrace
• HW Drivers • Licensing • Buildtime tools Infra Services
FED / CPA /
CPP CIA
Cisco IOS XE on Catalyst 9000 Series
Hardware Forwarding Architecture
FMAN-FP App(s)
IOSd
App Interface (shim)
FMAN-RP FED 2.0
ASIC Test
MPL
L2 L3 Security QoS SDA Netflow Framework
S
Doppler C Distributed
Platform A ASIC Abstraction Layer (AAL) App Obj

Manager
Resource
SDK
Manager
P
Management
A
Local
Stack
B
I Resource Abstraction Layer (RAL) Resource
Manager
Punt Rx/Tx APIs
Manager L
I Feature
Fabric
Manager
T
Y
ASIC Family Driver (AFD) Resource
Mapping
Datapath Debug
C9K IOS XE – System View
Fixed Modular
Platforms Platforms
IOSd CMAN-CC IOSd CMAN-CC
FMAN-RP FMAN-RP
CMAN-RP CMAN-RP
FMAN-FP FMAN-FP
IOMD LC #n
FED IOMD FED IOMD LC #1 LC #n
PHY
LC #1
ASIC PHY ASIC PHY
C9K IOS XE – System View
StackWise &
SVL
IOSd IOSd
Active Standby
Stack Mgr Stack Mgr

SDP SDP
NIF Mgr NIF Mgr

LMP LMP
FED IOMD LC #1 IOMD LC #1 FED

LMP SDP
LC #1
SVL LC #1
SDP LMP
ASIC NIF PHY PHY NIF ASIC
Features of IOS XE
CiscoCisco
IOS XE
IOS16
XE&17.x
• High Availability (SSO & StackWise) IOS Control Plane CAF / IOX
IOS Sub Docker C8Kv
Install Mode
IOS Sub
(SMU & ISSU/xFSU) IOSd Systems
•
IOS
Systems
• Model-Driven Telemetry Common Infrastructure & HA
• Application Hosting Module Drivers IOS XE

DB
Kernel
Protected Memory
1 2 3 4 5 6
Mission-Critical Resiliency
Your business stops if the network is down
(Dual chassis w/ StackWise Virtual)
Cost of only one hour of

downtime to an average Catalyst 9400 Series
enterprise > $300,000**

** Based on industry reports from Gartner and ITIC
Architecture Operating System Platform
StackWise® and StackWise Virtual Hot Patching (SMU) Redundant Supervisors

• Virtualized redundant systems for • Minimal or no downtime for critical fixes • Modular with SSO/NSF
simplified configuration & protocols In-Service Software Upgrade (ISSU) • SVL Quad-SUP RPR New
Graceful Insertion/Removal (GIR) • Upgrade with minimal or no traffic loss Redundant Power & Fans
• No downtime when device in xFSU on C9300/L Stack New
• In case of any hardware failure
maintenance mode • < 30 sec downtime - Stack upgrade
Eliminate downtime with High Availability designed at every level
Cisco IOS XE High Availability
SSO sync
CP to DP programming
Control Plane to Data Plane Programming Packet Flows
Active System Standby System Member System
Control Plane Control Plane

(FMAN-RP) (FMAN-RP)
Punt/Inject
Platform Infra Platform Infra Platform Infra
H H
W W
AP AP
Data Plane Data Plane Data Plane

I I
(FMAN-FP) (FMAN-FP) (FMAN-FP)

Transit
Forwarding Hardware Forwarding Hardware Forwarding Hardware
Cisco IOS XE - Install Mode
Single CLI set for Software Install, Patch & Upgrade
# install add <tftp://cisco.com/image.bin>
# install activate
Workflow Steps:
Install Add command will perform the image download from Cisco CCO Posted location
Install Activate command upgrade the control plane with new software version
Install Commit command makes the changes permanent (and deletes the older version)
Install Abort you can issue an abort command to revert the software back to
the original state
Successful J
# install commit
Something Wrong L
# install abort
IOS XE Install – SMU patches
Ready for software patching
A Software Maintenance Update (SMU) is an emergency point fix positioned for expedited
delivery to a customer in case of a network down or revenue-affecting scenario.
Cold Patching: Hot Patching:

Install of an SMU requires a system reload Install of an SMU does not require a reload.
in the first release. It is traffic impacting. No traffic impact.
Loading… Loading… Loading…
Install Add Install Activate Install Commit
In-Service Software Upgrade (ISSU)
Leverages SSO between IOS XE versions for seamless upgrade
1. ISSU started - image is expanded
on active and standby supervisors
If S2 fails to
become the
Upgrade
# install add V1 S1 Active standby, it will
start Abort revert back
V1 S2
V2 Standby timer starts to Step 1
2. Standby reloads with

the new V2 image
Expired abort timer

Upgrade
complete
V2 S1 Standby will revert to Step 2 V1 S1 Active
and then Step 1
5. ISSU
V2 S2 Active V1 V2 S2 Standby
complete
Abort timer
Abort timer expired
stopped
V1 V2 S1 Standby 3. Auto-switchover causes S2 to

# install commit 4. ‘Commit’ keyword become the new active and S1
stops the abort timer
V2 S2 Active reloads with the new V2 image
# install activate <> issu
37
C9300/L- 17.3.2
Extended Fast Software Upgrade (xFSU) C9300X- 17.7.1
Catalyst® 9300/9300L/9300X standalone Catalyst 9300/9300L/9300X stack
#install add file image activate reloadfast commit #install add file image activate reloadfast commit
Control plane Active Control plane
Data plane Data plane
A
< 30 seconds
< 30
of traffic impact
seconds of S for all ports in
traffic the stack
impact
M
Cisco IOS XE Programmability
Telemetry “Stack” developer.cisco.com/site/IOS
XE
CLI NETCONF, RETCONF, gNMI & gRPC are programmatic interfaces

WebUI
that provide additional methods for interfacing with an IOS XE device
NETCONF RESTCONF gNMI gRPC

YANG data models define the
what’s available for configuration YANG Data Models
and streaming telemetry
Open Native
Intent-Based
Network Infrastructure
Configuration & Operation
Switching Routing Wireless
Device Features
SNMP
Ports BGP QoS ACL …
Cisco IOS XE - Management
Management Plane – High-Level Overview
Custom App Open
DNAC vManage
App
Model Driven API
MDT
Automation Apps XML JSON TDL
Netconf GNMI CNDP
Yang Models
CLI or (OC, IETF, Native)
SNMP
NAM TDL Interface
Open Apps IOS XE Data Model Database
IOX App Hosting Control Plane
Linux Kernel
Data Plane
Cisco IOS XE Catalyst 9000
Application Hosting Application Ecosystem
REST
REST
IOS CLI DNA
Center
Cisco Application Framework (CAF)
LXC KVM Docker Docker

Custo DHCP
IOS m
App Server
Control
Plane
Kernel Kernel
IOS XE Kernel More…
• Cisco will not support third-party apps or open-source apps, unless specifically called out
• Such apps, however, will be validated for compatibility on Catalyst 9000 switches
• DevNet ecosystem will indicate the partners who have worked on Catalyst 9000 switches
Catalyst 9000 Series – App Hosting
Container Networking
C9K
Container 10.0.0.1 Container Container Container
eth0 eth1 eth0 eth0 eth0 eth1
172.19.0.24 10.0.0.2 10.0.0.3 10.0.0.6 10.0.0.5
Bridge Bridge
AppGigEthernet 1/0/1-2
IOS XE
Management
VRF
Layer 2
Gig0/0 Gig1/0/1 Gig1/0/2 Gig1/0/3

172.19.0.23
IOS XE up to 17.6.x
CiscoCisco
IOS XE
IOS16
XE&17.x
• History of Cisco IOS® IOS Control Plane CAF / IOX

IOS Sub Docker C8Kv
IOS evolves into IOS XE

IOS Sub
IOSd Systems
•
IOS
Systems
• Nova IOS XE (Catalyst 3K) Common Infrastructure & HA
• Polaris IOS XE (Catalyst 9K) Module Drivers IOS XE

DB
Kernel
Protected Memory
1 2 3 4 5 6
Cisco Catalyst 9000 Switching Portfolio IOS XE
17.3.x - 17.6.x
One Family from Access to Core – Common Hardware & Software
Catalyst
9000 Catalyst
9600 Series
Switching Catalyst
9500 Series
Catalyst
Catalyst
9400 Series Platform
9200 Series
Cisco Open
ASIC IOS XE

Cisco IOS XE - Release Schedule
3 Releases Annually (approx. every 4 months)
16.12.1 17.3.1 17.6.1 17.9.1
16.11.1 17.1.1 17.2.1 17.4.1 17.5.1 17.7.1 17.8.1
2019 2020 2021 2022
Extended Maintenance Release (EMR) – 36 months support

Recommended for wide-scale production deployments – Supports patches (SMU) and ISSU
Standard Maintenance Release (SMR) – 12 months support

Cisco IOS XE - Release Schedule
Graphical Overview
17.1.1
17.2.1
17.4.1
17.5.1
17.7.1
17.8.1
Maintenance Rebuilds – Cisco + Customer found defects

Restricted Rebuilds – Customer found detects + PSIRTs
PSIRT Rebuilds – PSIRTs Only Aug’21 Dec’2 Apr’2 Aug’2
1 2 2
Re
fe
re
nc
Catalyst 9000 Switching – Key Features
e
* Limited Availability (LA) only
IOS XE 17.1.1 IOS XE 17.2.1 IOS XE 17.3.1

(Nov’19) SMR (Mar’20) SMR (July’20) EMR
Enhanced Security Enhanced Security Enhanced Security
v 9200/9300 - Umbrella Integration v TWS – Secure Swipe Clean DoD 5220.22-M standard v Enhanced ACL Logging
v MACSEC over EoMPLS v Wired Client Sensor*
v ERSPAN to v6 Destination v 9200/9300 - Umbrella Switch Connector with AD Integration
Overlays & Segmentation Overlays & Segmentation Overlays & Segmentation

v Inter-AS Option A (VRF-Lite) v EVPN – VxLAN ARP/ND flooding suppression. v mLDP: Multicast LDP*
v VPLS Flow Aware Transport (FAT) PseudoWire v EVPN to MPLS hand off on Cat9K in Border spine role (single box) v VPLS Routed PseudoWire (IRB): IPv6 Unicast
v Extranet mVPN v Hierarchical VPLS v MVPNv6 (Multicast 6VPE)
v VXLAN aware Flexible Netflow v VPLS Multiple VCs per Spoke v MPLS VPN - Inter-AS Option AB
v EVPN to VRF-Lite handoff for Border Spine v BGP EVPN w VxLAN BUM rate-limiting support
v EVPN to MPLS handoff for Border Spine v BGP-EVPN w VXLAN MAC/IP learning on Access
v EVPN Tenant Routed Multicast (TRM) v Wide Area Bonjour with BGP-EVPN over VXLAN
Forwarding & Features Forwarding & Features Forwarding & Features

v 9600 - VRF aware PBR v NAT – VRF aware NAT (VRF to Global) v 9500H/9600 : Customized SDM Template Ph1 (FIB)
v 9400 - NAT Profile v IP-FRRv4: LFA EIGRP and OSPFv2 per prefix
v Non-Stop Routing (NSR): L3 Forwarding Redundancy
v LACP 1:1 redundancy and dampening
High Availability High Availability High Availability

v 9600 - Quad Sup SVL Support (RPR) v 9300 - xFSU reload with backside stacking* v Flexlink+ with VLAN Load Balancing
v 9300 - xFSU Standalone v 9300 - xFSU support with dot1x, MAB, Webauth* v 9300 - xFSU Reload: Stacked and Standalone (17.3.2)
v 9300 - xFSU : LACP Protocol support*
Platform & Programmability Platform & Programmability Platform & Programmability

v Per port MTU support v 9400 - 9216 bytes MTU v PVLAN on Trunks and Port Channels
v 9500H/9600 - Unified Port Buffer v 9600 - Breakout Support v PTPv2 and gPTP support on 9400*
v 9400 - Native Docker for App Hosting v gPTP/ PTPv2 support on Port Channels v ETA and AVC Interoperability on same port
v SHA-512 secure image-bootup integrity check
v gRPC Model Driven Telemetry (MDT) with TLS
Hardware & Optics Hardware & Optics Hardware & Optics

v C9300L mGig SKUs v 9500/9600 – AOC/DAC, QSFP-4SFP10G v
v C9600-LC-48TX mGig Linecard
Re
fe
re
nc
e

(Nov’20) SMR (Apr’21) SMR (Aug’21) EMR
v FQDN ACLs v FQDN Redirect ACL v 9300X – IPsec Phase1 – SVTI, IKEv2
v RADSEC - Radius over TLS and DTLS v Wired Dynamic VLAN v IPv6 FQDN Redirect ACL
v Stealthwatch Cloud Integration* v Secure Network Analytics Connector v RADSEC CoA Enhancement
v Wired Client Sensor with Flash* v DSCP Marking for RADIUS Packets
v Session timers AV Pair
v Interface Templates
v Trustworthy Systems

v PVLAN with BGP EVPN over VxLAN v Selective Q-in-Q v MPLS Traffic Engineering (TE) – Phase1
v BGP EVPN L2/L3 VNI scale v LACP/PAGP over EoMPLS
v MLD snooping over VPLS
Forwarding & Features Forwarding & Features Platform Features

v 9500H/9600 - Customized SDM Template Ph2 (ACL) v 9500H/9600 - Customized SDM Template Ph3 (4K VLAN) v VRF Aware WCCP
v Enhanced NAT scale v Enhanced NAT Session Monitoring
v BGP Monitoring Protocol v NAT Precedence
v WCCP Over GRE v Bonjour mDNS SSO, FHRP Service Peer Support

v VRRPv3 SSO

v YANG model updates v gPTP over L3 Unicast v App Hosting on 9300X
v Smart Licensing using Policy v Disable USB SSD v Thousand Eyes – 4.0 Version Agent
v App Hosting Updates v Perpetual PoE/UPOE with StackPower
v PTP on StackWise*, PTP over SDA
v Programmability & Automation updates

v 9500H/9600 - SFP-10G-TX, QSFP-40/100-SR4, v C9400-LC-48HN – 5G MGIG line card with 90W PoE v C9300X-12Y / 24Y - 10/25G Fiber Switch with Cisco UADP2.0sec
9600 - 4 x 25G Breakout, GLC-GE-100FX and GLC-TE-100M v C9300X-NM – 2x 40/100G, 8x 10/25G, 8x mGiG uplinks
IOS XE after 17.7.x
CiscoCisco
IOS XE
IOS16
XE&17.x
• IOS XE Continues to Evolve IOS Control Plane CAF / IOX

IOS Sub
IOS Sub
Docker C8Kv
New C9K Platforms IOSd Systems

IOS
• Systems
• Common Platform Abstraction Common Infrastructure & HA
• Forwarding Engine Driver Module Drivers IOS XE

DB
Kernel
Protected Memory
1 2 3 4 5 6
Cisco Catalyst 9000 Switching Portfolio IOS XE
17.7.x - 17.9.x
One Family from Access to Core – Common Hardware & Software
Catalyst
9600X
Catalyst
9500X
Catalyst
Catalyst 9400X Catalyst
9300X
9000 Catalyst
9600 Series
Catalyst
Switching Catalyst
9500 Series
Catalyst
9200CX
Catalyst
9400 Series Platform
9200 Series
Cisco Open
ASIC IOS XE

Re
fe
re
nc
e

(Dec’21) SMR SMR (Apr’22) SMR (Aug’22) EMR
v 9500X/9600X – MACsec v 9300X – IPsec Phase2 – Multicast (SVTI) v 9300X – IPsec Phase3 – NAT Traversal
v 9200/9300 - API Registration for Umbrella Switch connector v 9500X/9600X - WAN-MACsec, with HSEC license v 9300X – VRF-aware IPsec
v SW SUDI 2099 Enablement v Reflexive ACL

v 9500X/9600X - MPLS and TE Phase1 v EVPN L2 TRM v SDA LISP Graceful Restart for MAC cache
v 9500X/9600X – EoMPLS v SDA VN Extranet across SDA Transit
v EVPN L3 TRM with MDT Data
Forwarding & Features Forwarding & Features Forwarding & Features

v 9500X/9600X - L3 Routing (IGP, BGP) feature set v 9500X/9600X – Sampled Flexible NetFlow v Destination IP NAT scale enhancement
v Low priority Control packet mapping to Non-LLQ v PAT support for Enhanced NAT scale
v Bonjour – Micro-Location services v Conditional Static NAT using Route-map

v 9400X/9600X - SSO & ISSU v Graceful Insertion & Removal (GIR) - 9500H & 9600 v 9400X – StackWise Virtual (Dual-Sup)
v 9300X – xFSU

v PTP on 9300 StackWise v PTP - G8275.1 ITU Telcom Profile v 9500H – AVB support
v PTP on 9600 v 9500X/9600X – L3 Sub-Interface Queuing v 9400X - Perpetual PoE support
v PTP AES67 compliance v C9300 System Power-Consumption Reporting v 9400X - Support for hosting multiple applications
v AVNU Certification – 9300 & 9500 v gNMI Native Configuration Yang Model v 9400X – 432 Port-Channels
v gNOI reset.proto – tooling v Guest Shell HA - Guest-Share Folder Sync v 9400X – 4K VLANs support

v C9300X-48TX / 48HX – 48x mGig Switch with Cisco UADP2.0sec v C9400-LC-HX – 48x mGig Linecard v C9200CX-8P
v C9400X-SUP-2/XL – Supervisor 2 with Cisco UADP3.0sec v C9400-LC-XS – 48x 1/10G Linecard v C9200CX-12P
v C9500X-28C8D – 100/400G Fiber switch with Cisco S1 Q200 v C9600 - 3000W PSU v C9600-LC-32CD – 32x QSFP (32x 100G or 24x 100G + 2 x 400G)
v C9600X-SUP-2 – Supervisor 2 with Cisco S1 Q200
v C9600-LC-40YL4CD – 40x SFP + 4x QSFP Combo Linecard
C9K NG IOS XE - Highlights
IOS XE Secure
Programmable • Secure Boot, Image Signing
Security (TAM) • SELinux, X.509
• Managed Through Models
• Programmable through YANG
Control/Management
Plane
FED3.0 – Model Driven
• Forwarding
Enable Controller Visibility
CPA – Single Source of Truth, CMAN FED 3.0 • Bring Polaris infrastructure to FED
• Bring FED closer for stateful restart
Abstraction
• CPA architecture for sharing common CPA SDK/NPL
software across multiple platforms
• Single Source of Truth - for various
devices and interconnects XE Kernel + BSP
Software Punt
Common BIOS • High Speed zero-copy punt to enable
Software sampled Apps (e.g. NetFlow)
Differentiated ASIC + SDK

• High capacity, programmable ASIC
• Generic SDK as an integration layer
S1 ASIC ASIC Simulation
C9K NG-XE Overview
Hardware Forwarding Architecture
IOS FMAN-FP App(s)
d
FMAN- App Interface (shim)
FED 3.0
RP ASIC Test
MPL
L2 L3 Security QoS SDA Netflow Framework
S
S1 SDK C CPA North

ASIC Abstraction Layer (AAL) App Obj
Distributed
Resource
A
Platform
P
APIs Manager
Management
Manager A
B CPA South Local
Stack Resource Abstraction Layer (RAL) Resource Punt Rx/Tx APIs
Manager
I APIs Manager
L
I Feature
Fabric
Manager
T
Y
ASICS1
Family
ASICDriver
Drivers
(AFD) Resource
Mapping
Datapath Debug
C9K Next-Gen IOS XE
Platform Infra Overview
Single
Common Single Common
Platform
BIOS for Source Platform
Function
Enterprise of Truth Abstraction
Block
Common BIOS Single Source of Truth Common Platform Platform Function Block
Abstraction • Common CMAN,
• Common BIOS • Partially-automated way
repository for all to transfer hardware • Model-driven Device APIs CMCC, EMD, IOMD
Enterprise platforms attributes to software consistent across Cisco • For Enterprise
• Standardized • Single place for all • Easier to adopt for platforms running
customizations engineers to go to subsequent platform (limit on IOS XE (Polaris)
changes to certain files)
Summary
CiscoCisco
IOS XE
IOS16
XE&17.x
• Benefits of IOS XE IOS Control Plane CAF / IOX

IOS Sub Docker C8Kv
Cisco IOS XE References

IOS Sub
IOSd Systems
•
IOS
Systems
• Catalyst 9000X References Common Infrastructure & HA
• Thank You!! J Module Drivers IOS XE

DB
Kernel
Protected Memory
1 2 3 4 5 6
Why should you care?
Cisco IOS XE - Benefits for you
Run Any Feature

One Release
Anywhere
Train
(RAFA)
Operational Efficiency,
Consistency in Behavior, Feature Velocity
across Platforms
Software Patch Comprehensive Trustworthy &

Updates Programmability Secure Platform
Sub-package upgrades, Object based model, 64-bit ASLR, Secure Boot,
Cold and Hot Patching Netconf/REST Interfaces Hardware TAM
Would You Like to Know More?
Cisco IOS-XE & Cisco DNA Resources
cisco.com/go/dna
cisco.com/go/iosxe cisco.com/go/smartlicensing cisco.com/go/dnacenter
Catalyst 9000X Series Collateral
• Cisco.com - Enterprise Networks - Switching • Catalyst 9300 Series Switches data sheet
• Catalyst 9000 Switches At-a-Glance • Catalyst 9400 Series Switches data sheet
• Catalyst 9000 Frequently Asked Questions • Catalyst 9500 Series Switches data sheet
• Catalyst 9600 Series Switches data sheet
• Catalyst 9300X Technical Blog (Community) • Under the Hood of the Catalyst 9000X (TFD)
• Catalyst 9400X Technical Blog (Community) • Network Insiders Podcast
• Catalyst 9500X Technical Blog (Community) • Meet the C9300X
• Catalyst 9600X Technical Blog (Community) • Meet the C9400X
• Meet the C9500X and C9600X
Catalyst 9000 Series Enterprise Switches
FREE
• cisco.com/go/cat9K
• Cisco Catalyst 9000 at-a-Glance
• Cisco Catalyst 9000 Family FAQ
• Catalyst 9000 Series - Cisco Community
• Catalyst 9000 Series – CiscoLive Library
Session Surveys
We would love to know your feedback on this session!
• Complete the session surveys in the Cisco Events mobile app. You'll
earn some points in the Cisco Live Game and potentially win a prize.
• Complete a minimum of four session and the overall event surveys
to claim a Cisco Live cable bag.
Continue your education
Visit the Cisco Showcase for

related demos
Book your one-on-one

Meet the Expert meeting
Attend the interactive education with DevNet,

Capture the Flag, and Walk-in Labs
Visit the On-Demand Library for more sessions

at www.CiscoLive.com/on-demand
Pay for Learning with
Cisco Learning and Certifications

Cisco Learning Credits
(CLCs) are prepaid training
vouchers redeemed directly
From technology training and team development to Cisco certifications and learning with Cisco.
plans, let us help you empower your business and career. www.cisco.com/go/certs
Learn Train Certify

Cisco U. Cisco Training Bootcamps Cisco Certifications and
IT learning hub that guides teams Intensive team & individual automation Specialist Certifications
and learners toward their goals and technology training programs Award-winning certification
program empowers students
Cisco Digital Learning Cisco Learning Partner Program and IT Professionals to advance
Subscription-based product, technology, Authorized training partners supporting their technical careers
and certification training Cisco technology and career certifications
Cisco Guided Study Groups
Cisco Modeling Labs Cisco Instructor-led and 180-day certification prep program
with learning and support
Network simulation platform for design, Virtual Instructor-led training
testing, and troubleshooting Accelerated curriculum of product,
technology, and certification courses Cisco Continuing
Cisco Learning Network Education Program
Resource community portal for Recertification training options
certifications and learning for Cisco certified individuals
Thank you
#CiscoLiveAPJC
#CiscoLiveAPJC

BRKARC-2090

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

BRKARC-2090

Uploaded by

Copyright:

Available Formats

#CiscoLiveAPJC

Cisco IOS XE Software

IOS Control Plane CAF / IOX

Common Infrastructure & HA

BRKARC-2090 Module Drivers IOS XE

4 Enter messages/questions in the Webex space

Webex spaces will be moderated https://ciscolive.ciscoevents.com/ciscolivebot/#BRKARC-2090

by the speaker until Thursday 22 December, 2022.

Catalyst Catalyst Catalyst Catalyst Catalyst Catalyst

Access Switching Core Switching

Programmable x86 Open IOS XE® Cisco UADP &

IOS Control Plane CAF / IOX

Common Infrastructure & HA Cisco IOS XE database

Module Drivers IOS XE

Open, Model Driven & Secure Operating System

Flexible & Programmable ASICs – Adapt to New Technologies

• History of Cisco IOS® IOS Control Plane CAF / IOX

IOS evolves into IOS XE

• Nova IOS XE (Catalyst 3K) Common Infrastructure & HA

• Polaris IOS XE (Catalyst 9K) Module Drivers IOS XE

1984 1986 1993 2007 2009 2010 2015 2017

• Monolithic OS • Monolithic IOSd: Control-plane • IOSd: Component assemblies

Cisco IOS IOSd Hosted apps IOSd Hosted apps

Modern Software Architecture - with the same look and feel

IOSd Sub-Systems enhance IOS Resiliency

Higher Application UP Time

The IOS XE DB contains

Link STP OSPF

• IOS XE Architecture CiscoCisco

IOS Control Plane CAF / IOX

• System Plane Common Infrastructure & HA

• Management Plane Management Interfaces

Module Drivers IOS XE

Forwarding Process Route Process Chassis Mgmt

Data Plane Control Plane Management Plane Data Plane

Data Plane Control Plane Management Plane Data Plane

FMAN-FP FMAN-RP CMAN-RP IOMD

PI vs. PD Software Components

Interfaces & Transceivers Device Interconnect (Backplane) ASICs & FPGAs

Platform Independent (PI) Platform Dependent (PD)

• FMAN - Forwarding Manager • IOMD – I/O Manager

• FP – Forwarding Process • PMAN - Platform Manager

• WCM - Wireless Controller Module • XCVR = Transceiver/Optics

• IFM - Interface Manager • Table Manager - Client & Server

• LSMPI - • FED - Forwarding Engine Driver

Data Plane Control Plane Management Plane Data Plane

FMAN-FP FMAN-RP CMAN-RP IOMD

High Level Overview

Interfaces & Transceivers Device Interconnect (Backplane) ASICs & FPGAs

Data Plane Control Plane Management Plane Data Plane

FMAN-FP FMAN-RP CMAN-RP IOMD

Cisco IOS XE - Control Plane

Interfaces & Transceivers Device Interconnect (Backplane) ASICs & FPGAs

Linux Kernel & Platform Drivers

This is the ‘brain’ of the network stack

Data Plane Control Plane Management Plane Data Plane

FMAN-FP FMAN-RP CMAN-RP IOMD

Cisco IOS XE - Data Plane

Interfaces & Transceivers Device Interconnect (Backplane) ASICs & FPGAs

Linux Kernel & Platform Drivers

Handles high-speed Packet Forwarding Data Plane Data Plane

Data Plane Control Plane Management Plane Data Plane

FMAN-FP FMAN-RP CMAN-RP IOMD

Cisco IOS XE - System Plane