Guidelines and Limitations

Guidelines and Limitations

  • Ensure that you have installed Visual C++ Redistributable Packages for Visual Studio 2013 64 bit before installing or upgrading to Cisco DCNM Release 11.4(1).

  • To check the status of the running Postgres database in Native HA setup, use pg_ctl command. Do not use the systemctl command.

  • Do not begin the password with Hash (#) symbol. Cisco DCNM considers the password as an encrypted text if it begins with # symbol.

  • Restoring DCNM with changes in IP addresses is not supported.

  • POAP Dynamic Breakout—From Cisco NX-OS Release 7.0(3)I4(1), POAP dynamically breaks out ports to detect a DHCP server behind one of the broken-out ports. Previously, the DHCP server that is used for POAP was directly connected to a normal cable as the breakout cables were not supported. POAP determines which breakout map (for example, 10gx4, 50gx2, 25gx4, or 10gx2) brings up the link that is connected to the DHCP server. If breakout is not supported on any of the ports, POAP skips the dynamic breakout process. After the breakout loop completes, POAP proceeds with the DHCP discovery phase as normal.

    Cisco DCNM leverages the dynamic breakout to simplify the fabric setup by retaining successful breakout configuration. Since dynamic breakout requires the other side of the link to be active, there are circumstances where you must manually breakout interfaces, or may notice breakout in places which are not desired. In those situations, you must adjust the ports on the Interfaces page before performing Save and Deploy in the Fabric Builder.

  • Before using the licensed features, install a Cisco DCNM license for each Nexus-managed or MDS-managed platform. For information about licensing, see the Cisco DCNM Licensing Guide, Release 11.x.

  • Create a free-form configuration on all the white box switches that are managed by Cisco DCNM as shown below, and deploy them on all the switches before the final Save and Deploy operation.

    line console
    speed 115200
    stopbits 2

    This is only applicable to the Cisco DCNM LAN Fabric mode.

  • On Microsoft Windows 2016 Standard server, run the Cisco DCNM installation EXE file as an administrator. Cisco DCNM installation will not start on Microsoft Windows 2016 Standard server unless you set the EXE file as an administrator. To start the installation EXE file, you can right-click on the EXE file, and choose Run as administrator.

  • When the Cisco Nexus 9000v Virtual Switches are cloned, they may use the same serial number. Since Cisco DCNM discovers them using the same serial number, the device discovery operation fails.

  • You cannot access the Cisco DCNM Web UI, when the user system is configured with the same IP address range as that of internal subnet used by the Application Framework in DCNM. For more information, see Cisco DCNM Troubleshooting Guide.

  • Though you can delete PMN hosts, we recommended that you use this option with extreme caution, understanding that manual effort is needed to bring the solution back in sync.

  • Cisco DCNM in Media Controller Deployment Release 11.x does not support non-default VRFs for Cisco Nexus 9000 Release 9.3(x).

  • Cisco DCNM does not support suspending or unsuspending of the VMs.

  • If NIR was installed and stopped, it does not stop service containers running on DCNM compute nodes.

    If the NIR application is deleted from DCNM, a few service containers continue to run DCNM compute nodes and must be stopped manually using afw service commands.

  • When NIR/NIA applications is enabled at higher scale, that is, with 250 switches and 10000 Hardware telemetry flows, DCNM Computes nodes must be connected on all eth0, eth1, and eth2 interfaces using a 10Gig link.

  • For leaf-leaf ports in non-VPC cases, DCNM will always push the shutdown command. If you want to bring up the port, add the no cdp enable command to the interface freeform policy on one of the ports.

    For leaf-leaf or border-border connected ports in non-VPC cases, DCNM will always push the shutdown command to avoid the potential of loops in a VXLAN EVPN fabric. To bring up the port, add no cdp enable command to the interface freeform policy on one of the ports. Consequently, the link will however not be discovered and consequently not show up in the topology but the interfaces will still be up.

  • Two-factor authentication is not supported in DCNM.

  • After the eth0 IP address (for standalone deployment) or the vip0 IP address (for Native HA deployment) is modified using the appmgr update network-properties command, on the Web UI > Administration > MultiSite Manager does not display the correct IP address for AMQP.

  • When a Nexus Dashboard server is adding a Site from DCNM 11.5(1), it must reach the DCNM server over the Data Network. DCNM Data Network connectivity is defined to be over eth2 interface of the DCNM server; also known as Inband Connectivity interface in DCNM. When the eth2 connectivity of the DCNM with the Data Network Connectivity of the Nexus Dashboard is spanning multiple subnets, that is, when they are Layer3 Route connected, you must add routes in DCNM before adding the Site on ND.

    To add route over the Inband Network in DCNM, on the Cisco DCNM Web UI, choose Administration > Customzation > Network Preferences. Enter the Routes to the ND Data Network over the In-band(eth2) inputs of the dashlet. For more information, see Network Preferences-Routes.

  • From Release 11.4(1), Cisco DCNM does not support syncing fabric with switches in VTP server mode. For more information, refer to CSCvx86976.

  • While upgrading from DCNM Release 11.5(1) to Release 11.5(4), if you try to retain when the CA-signed certificates, DCNM fails to launch. For more information, see CSCwb97942.

  • In a DCNM managed by NDO, the MSD fabric backup is not restored completely. The MSD fabric is reverted to the time where the deployed networks created on NDO are not yet available. While the fabric shows as in sync in DCNM, there will be no configuration drift notifications in NDO.

  • In Cisco DCNM SAN deployment, if the DCNM server streaming the SAN analytics is over-utilized, the Elasticsearch database service goes down. This results in performance issues. The Pipeline service may be consuming all the CPU and system resources on the Cisco DCNM server. To troubleshoot this, do the following task:

    1. Stop the Pipeline service.

    2. Reduce the streaming load from the MDS fabric.

    3. Start Elasticsearch service.

    4. Start the Pipeline service.

  • From Cisco DCNM Release 11.5(2), VLAN range is extended. After patch update for LAN Fabric deployment, you can set VLAN range to 4094.

  • In Cisco DCNM SAN deployment, when you enable or disable alarms on a Primary node, it will not be applied to all the nodes in the Federation. You must manually enable or disable alarms on all nodes on all servers in the Federation setup. You must restart the DCNM Server to apply the changes.

  • In Cisco DCNM SAN deployment, when you modify the server properties on Cisco DCNM Web UI > Administration > DCNM Server > Server Properties on a Primary node, it will not be applied to all the nodes in the Federation. You must manually make the changes to the server properties on all nodes on all servers in the Federation setup. You must restart the DCNM Server to apply the changes.

  • SAN Insights is best supported on Linux from Release 11.0(1), and on Cisco DCNM OVA/ISO deployments from Release 11.3(1).

  • From Cisco DCNM Release 11.3(1), you cannot download the SAN Client package from the Software Downloads page. You must install Cisco DCNM, launch Web UI to download the SAN Client and Device Manager. For more information, Cisco DCNM Installation and Upgrade Guide for SAN Deployment.

  • In Releases prior to 11.4, if you have installed a preview feature, perform the following before you upgrade to Release 11.4(1):

    • Remove the configuration from older release setup.

    • Reset the property to enable the preview feature. On the Cisco DCNM Web UI, choose Administration > DCNM Server > Server Properties. Reset the enable preview feature property.

Certain commands must not be executed on Cisco DCNM, as they may harm the functionality of various components on the network. The following table shows the commands and specifies the reason why they must not be executed.

Table 1. List of Commands that must not be executed on Cisco DCNM

Command

Reason

systemctl restart network

This is a common Linux command that the network administrators use when editing the interface properties. The command has shown to render the DCNM useless when converting to the cluster mode.

ifconfig ethx y.y.y.y/zz

Any change in the IP addresses of the DCNM nodes must be done with the appmgr update network-properties command. This includes changing the FQDN, adding static routes, adding/removing NTP servers etc.

Checking TPM Partition before Converting DCNM-SE to Nexus Dashboard

A few Cisco Application Services Engine (SE) nodes that was factory pre-installed with DCNM 11.5(2) or earlier may have a corrupted TPM partition. This causes the installation of Cisco Nexus Dashboard software to fail. You must check the TPM Partition before upgrading from Cisco DCNM-SE to Cisco Nexus Dashboard.


Note


TPM is not a requirement for DCNM 11.x releases. Therefore, this issue does not affect existing DCNM 11.x functionality of the device, even if the device is affected by this issue. No further action is required until you decide to upgrade to Cisco Nexus Dashboard.


To identify if your Cisco DCNM-SE is affected by this issue, perform the following steps:

Procedure


Step 1

SSH to Cisco Application Services Engine using sysadmin user.

Step 2

Run the following command to view the list of models and their vendors.

lsblk-S

[root@dcnm-se-active sysadmin]$ lsblk -S
NAME   HCTL       TYPE     VENDOR   MODEL             REV TRAN
...
sdc    0:2:2:0    disk     Cisco    UCSC-RAID12G-2GB  5.10
sdd    0:2:3:0    disk     Cisco    UCSC-RAID12G-2GB  5.10
sde    0:2:4:0    disk     Cisco    UCSC-RAID12G-2GB  5.10
sdf    7:0:0:0    disk     UNIGEN   PQT8000           1100 usb  /*identiifying device from UNIGEN Vendor*/
sdg    8:0:0:0    disk     UNIGEN   PHF16H0CM1-ETG    PMAP usb
sdl    1:0:0:0    disk     ATA      Micron_5100_MTFD  H072 sata
...

Applications Services Engine from UNIGEN vendor is detected with device name sdf.

Step 3

Run the following command to view the partitions in the disk.

lsblk -s or lsblk

  • Example1

    The following example shows functioning TPM disk with two partitions sdf1 and sdf2. This can be installed with Cisco Nexus Dashboard software with no issues.

    [root@dcnm-se-active sysadmin]$ lsblk
    NAME                 MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
    ... 
    sdc                    8:32   0   2.2T  0 disk
    sdd                    8:48   0   2.2T  0 disk
    sde                    8:64   0   371.6G  0 disk
    sdf                    8:80   1   7.7G  0 disk  /*functioning TPM with partition*/
     |--sdf1                 8:81   1    60M  0 part
     |--sdf2                 8:82   1   3.7G  0 part
    nvme0n1              259:0    0   1.5T  0 disk
     |--nvme0n1p1          259:1    0   1.5T  0 part
       |--flashvg-flashvol 253:3    0   1.5T  0 lvm  /var/afw/vols/data/flash
    ...
  • Example2

    The following example shows defective or corrupted TPM disk with no partitions defined on device sdf. This unit cannot be used to install Cisco Nexus Dashboard software, and must be replaced.

    [root@dcnm-se-active sysadmin]$ lsblk
    NAME                 MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
    ... 
    sdc                    8:32   0   2.2T  0 disk
    sdd                    8:48   0   2.2T  0 disk
    sde                    8:64   0   371.6G  0 disk
    sdf                    8:80   1   16G  0 disk  /*corrupted TPM without partition*/
    nvme0n1              259:0    0   1.5T  0 disk
     |--nvme0n1p1          259:1    0   1.5T  0 part
       |--flashvg-flashvol 253:3    0   1.5T  0 lvm  /var/afw/vols/data/flash
    ...

Step 4

If your device has a TPM disk with no partitions, contact Cisco Technical Assistance Center (TAC) to initiate RMA and replace the device.

No further action is required if your TPM has partitions.