T3 or E3 CEM Interface Module

Channelize the T3 interface into E1 lines

Support for the T3 interface to be channelized into 21 E1 lines.

Quality of Service

Inter-cos bursting support

This feature introduces color-blind mode of policer operation that is supported on routers with single-rate policer (1R2C) and two-rate policer (2R3C) policing types. With this feature, all policers are supported on color-blind mode with the new template.

LAN Switching

G.8032 Support for IEEE 802.1Q EFPs

This feature supports G.8032 Ethernet ring protection for IEEE 802.1Q Ethernet Flow Points (EFPs). Prior to this release, G.8032 Ethernet ring protection for IEEE 802.1Q was supported only for Trunk Ethernet Flow Points (TEFPs).

High Availability

Secure eUSB Configuration

Use the platform secure-cfg command to provide enhanced security to the routers.

Layer 2

802.1AE WAN MACsec for 1GE and 10GE NCS4200-1T16G-PS

The WAN MACsec and MKA feature introduce MACsec support on WAN and uplink support and pre-shared key support for the MACsec Key Agreement protocol (MKA).

The WAN MACsec supports 1GE and 10GE interfaces for NCS4200-1T16G-PS interface module.

IP Routing: BFD

Micro BFD over LAG Convergence Optimization

Starting with 17.6.x release, the convergence for port-channel failures with Fast Reroute (FRR) is less than 50 milliseconds, when min-links is configured and equal to the total-links available under the port-channel.

This feature is supported on the Cisco RSP3 module.

First Hop Redundancy Protocols

Support for BFD, sub-second fast hello for VRRPv3 convergence and re-convergence

This feature supports VRRP failover such that the fault is detected by the VRRP-BFD client within the configured value – when the connection to the remote interface IP address fails.

This feature is supported on both the Cisco RSP2 and RSP3 modules.

MPLS Layer 2 VPNs

Remote LFA for MLDP

Remote Loop-Free Alternate (RLFA) based Fast Reroute (FRR) improves LFA coverage. When used with Multicast Label Distribution Protocol (MLDP) for IPv4, there is no need for an extra protocol in the control plane.

CEM Generic

Test Access Port (TAP) or Test Access Digroup (TAD)

Support for Test access port or digroup (TAP/TAD) in the following aspects:

• Non-intrusive monitoring for both receive and transmit directions.

• Split and terminate cross connection for intrusive testing in both directions. The TAP feature helps in monitoring and debugging purpose.

Network Management

Ingress and Egress Flexible NetFlow

Flexible NetFlow allows you to monitor the traffic from access circuit on an L2VPN and L3VPN network. In addition to monitoring traffic in routed and ethernet service interfaces, you can now monitor traffic in VRF enabled L2 VFI (virtual forwarding interfaces) and cross-connect services.

This is only supported on NCS 4206 and NCS 4201/4202 routers.

System Logging

Cisco Secure Development Lifecycle—Factory Reset

This feature removes all the customer-specific data that stored on the device since the time of its shipping. Data erased includes configurations, log files, boot variables, core files, and credentials like FIPS-related keys. Cisco Secure Development Lifecycle (CSDL) is a repeatable and measurable proces designed to increse Cisco product resiliency and trustworthiness.

The following new commands are introduced:

• factory-reset all

• factory reset keep-licensing-info

• factory-reset all secure 3-pass DoD 5220.22-M

Segment Routing

IS-IS Flexible Algorithm Include Affinity Support

This feature supports "include-any" and "include-all" affinities in IS-IS. Prior to Cisco IOS XE Bengaluru 17.6.1 release, only Flexible Algorithm affinity "exclude-any" was supported.

OSPF Flexible Algorithm (Ph2): Topology-Independent Loop-Free Alternate (TI-LFA) Path

This feature allows you to configure the Loop-Free Alternate (LFA) and TI-LFA backup or repair paths for a Flexible Algorithm. The backup path is computed based on the constraints and metrics of the primary path. Prior to Cisco IOS XE Bengaluru 17.6.1, OSPF Flexible Algorithm supported only the primary path.

SR-PCE: Enabling SR PM Delay or Liveness for PCE-Initiated Policies

This feature enables the Path Computation Element (PCE) that can provision a Segment Routing Traffic Engineering (SR-TE) policy to mitigate link congestion. Prior to this release, you could only enable PM link and delay measurement using CLI-based policies. Starting with this release, you can also use PCE to enable PM link and delay measurement.

EVPN-IRB DHCP v4 and v6 Relay over Segment Routing

This feature introduces a specialised implementation of DHCP packets to support DHCPv4 and DHCPv6 in an EVPN Fabric with Distributed Anycast Gateways (DAGs) on the same Virtual Routing and Forwarding (VRF). It also avoids DHCP discovery packet floods across the fabric.

The flooding suppression feature is also enhanced to intercept multicast or broadcast DHCP packets when DHCP relay is configured on the DAG to perform the required action and localize the scope of the service.

This feature is not supported with RSP3 module. It is only supported with RSP2 module.

This feature is only supported on NCS 4206 and NCS 4201/4202 routers.

Stitching of Subnet Route from EVPN to L3VPN

This feature introduces the collpased spine and border leaf node in the network topology of single homing DAGs with symmetric IRB, inter-subnet layer 3 traffic within fabric and inter-subnet layer 3 stitching through layer 3 border gateway. The hosts participating in fabric IRB are directly attached with the collapsed spine and border leaf node.

This feature is not supported with the RSP3 module. It is only supported with the RSP2 module.

This is only supported on NCS 4206 and NCS 4201/4202 routers.

IP Routing

Establish GRE Tunnel over VRF Routes

This feature establishes GRE tunnels over Virtual Route Forward (VRF) routes.

This feature is not supported with the RSP3 module. It is only supported with the RSP2 module. This is only supported on NCS 4206 and NCS 4201/4202 routers.

Programmability

FQDN Support for gRPC Subscriptions

With the introduction of the FQDN Support for gRPC Subscriptions feature, along with IP addresses, FQDN can also be used for gRPC subscriptions.

Platforms: Cisco Catalyst 9200 Series Switches, Cisco NCS 4200 Series Network Convergence System (RSP2) Cisco Catalyst 9800-40 Series Wireless Controllers, Cisco Catalyst 9800-80 Series Wireless Controllers

YANG Model Support for show mpls ldp neighbor Command

This feature enables you to display the status of LDP sessions from YANG models.

YANG Model support for show mpls tr tunnel command

This feature enables you to verify the show mpls traffic engineering tunnel command to check the status from YANG models.

YANG Model support for RSVP Commands

You can use the interface BDI 10 and ip rsvp bandwidth percent 4 commands to configure the RSVP bandwidth on a BDI interface from YANG. You can configure, modify and verify different bandwidth values using these commands.

YANG Model support for IPSLA Operating Model for Y1731

You can check the history interval statistics of delay operations like DMM, DMMv1 and 1DM, and loss operations like LMM and SLM using the Netconf-yang command to enable YANG data collection.

YANG Model support for QoS Overhead Accounting

QoS Overhead Accounting feature enables a particular port to consider a particular number of bits that are removed from the packet when the egress packet is re-edited. The traffic scheduler allows more bits than the configured rate at the port, without exceeding the number of bytes that is configured on a port. Yang QOS Overhead accounting configuration model supports the configuration on the router accounting on router from yang/Netconf protocol.

YANG Model support for alarm profile configurations

This feature enables you to configure the alarm profile on the interface through native YANG models that run on Cisco IOS XE.

YANG Model support for Shared Risk Link Groups (SRLG) Group Identification (GID) configurations

Shared Risk Link Groups (SRLG) Group Identification (GID) configurations can be enabled on YANG using the srlg gid command. Multiple groups and interfaces can be enabled on the interface mode.