Cisco Intercloud Fabric Release Notes, Release
2.3.1
First Published: November 13, 2015
Last Modified: April 26, 2016
Cisco Intercloud Fabric Overview
Cisco Intercloud Fabric provides the architectural foundation for secure hybrid clouds, allowing enterprises
to connect the enterprise data center easily and securely to the public cloud as needed and on demand. With
a hybrid cloud, enterprises can combine the benefits of public and private clouds. Cisco Intercloud Fabric
provides the following benefits:
• Provides a single point of management and control for virtual workloads across multiple public clouds
• Provides a choice of cloud providers, such as Amazon, Azure, and Cisco Intercloud Services – V
• Provides highly secure, scalable connectivity to extend private clouds to service provider clouds
• Enforces consistent network and workload policies throughout the hybrid cloud
• Enables workload mobility to and from service provider clouds for virtual workloads
For information on Cisco Intercloud Fabric or the Cisco Intercloud Fabric Provider Platform, see Cisco
Intercloud Fabric.
Intercloud Fabric New Features and Enhancements
This release of Intercloud Fabric contains the following new features and enhancements:
• Intercloud Fabric Firewall (VSG) now supports:
◦Cisco Intercloud Services – V
◦Amazon
◦Microsoft Azure
◦Telstra - Cisco Intercloud Services - OpenStack
◦VMware vCloud Director (VCD)
• Intercloud Fabric Router (CSR) now supports:
◦Amazon
◦Cisco Intercloud Services – V
◦Telstra - Cisco Intercloud Services - OpenStack
Cisco Intercloud Fabric Release Notes, Release 2.3.1
1
Cisco Intercloud Fabric Overview
Software Compatibility
◦VMware vCloud Director (VCD)
• Support for the following providers:
◦Cisco Intercloud Services – V
◦Amazon AWS
◦Microsoft Azure
◦Telstra - Cisco Intercloud Services - OpenStack
◦Intercloudnow
◦iland
◦Dualtec
• AWS provider feature support:
◦Amazon EC2 Classic
◦Amazon VPC
• ICF upgrade support from 2.2.1a to 2.3.1
• Additional Intercloud Fabric licensing support
• ESX 6.0 support
• Amazon AWS Direct Connect capabilities
• Microsoft Azure Regional VNET
Software Compatibility
In this release, Cisco Intercloud Fabric is supported on VMware vSphere. Cisco Nexus 1000V is not a
prerequisite for Cisco Intercloud Fabric, but if used, must comply with the minimum version shown in the
following table.
The following table lists the minimum software versions required for deploying Cisco Intercloud Fabric,
Release 2.3.1.
Table 1: Software Compatibility
Software
Minimum Version Required
Intercloud Fabric Router (CSR)
CSR/AWS
3.14.01
CSR/Cisco Intercloud Services – V
3.14.1.S
CSR/VCD
3.16.1
Virtual Switches
Cisco Intercloud Fabric Release Notes, Release 2.3.1
2
Cisco Intercloud Fabric Overview
Supported Cloud Providers and VM Operating Systems
Software
Minimum Version Required
Cisco Nexus 1000V for VMware vSphere
4.2(1)SV2(2.1) and later
Hypervisors
VMware vSphere Client
5.1 (including update 1), 5.5, and 6.0
Supported Cloud Providers and VM Operating Systems
The following table identifies the cloud providers and VM operating system versions that are supported in
Cisco Intercloud Fabric, Release 2.3.1.
Table 2: Supported Cloud Providers
Supported Cloud Providers
Amazon Web Services (AWS)
• Amazon EC2 Classic
• Amazon VPC
Supported OS Version
• RHEL 6.0 - 6.5: 64-bit versions
• CentOS 6.2 - 6.5: 64-bit versions
• Windows 2008 R2 SP1
• Windows 2012
• Windows 2012 R2
• SUSE Linux 11 SP2 and SP3
Microsoft Azure
• RHEL 6.0 - 6.5: 64-bit versions
• CentOS 6.2 - 6.5: 64-bit versions
• Windows 2008 R2 SP1
• Windows 2012
• Windows 2012 R2
• SUSE Linux 11 SP2 and SP3
Cisco Intercloud Services – V
• RHEL 6.0 - 6.5: 64-bit versions
• CentOS 6.2 - 6.5: 64-bit versions
• Windows 2008 R2 SP1
• Windows 2012
• Windows 2012 R2
• SUSE Linux 11 SP2 and SP3
Cisco Intercloud Fabric Release Notes, Release 2.3.1
3
Cisco Intercloud Fabric Overview
Cloud Provider Prerequisites
Supported Cloud Providers
Telstra - Cisco Intercloud Services - OpenStack
Supported OS Version
• RHEL 6.0 - 6.5: 64-bit versions
• CentOS 6.2 - 6.5: 64-bit versions
• Windows 2008 R2 SP1
• Windows 2012
• Windows 2012 R2
• SUSE Linux 11 SP2 and SP3
Intercloudnow
• RHEL 6.0 - 6.5: 64-bit versions
• CentOS 6.2 - 6.5: 64-bit versions
• Windows 2008 R2 SP1
• Windows 2012
• Windows 2012 R2
• SUSE Linux 11 SP2 and SP3
iland
• RHEL 6.0 - 6.5: 64-bit versions
• CentOS 6.2 - 6.5: 64-bit versions
• Windows 2008 R2 SP1
• Windows 2012
• Windows 2012 R2
• SUSE Linux 11 SP2 and SP3
Dualtec
• RHEL 6.0 - 6.5: 64-bit versions
• CentOS 6.2 - 6.5: 64-bit versions
• Windows 2008 R2 SP1
• Windows 2012
• Windows 2012 R2
• SUSE Linux 11 SP2 and SP3
Cloud Provider Prerequisites
This section describes the cloud provider prerequisites for Cisco Intercloud Fabric.
Cisco Intercloud Fabric Release Notes, Release 2.3.1
4
Cisco Intercloud Fabric Overview
System Requirements
Note
Supported OS versions for cloud providers other than AWS and Aure are subject to change. Check with
the cloud provider for supported Cisco Intercloud Fabric OS versions.
• Create a provider account in the cloud provider.
• Certain ports must be open in the firewall to allow the Intercloud Fabric Extender to communicate with
the Intercloud Fabric Switch. Port 443 must always be open. For a UDP tunnel, port 6644 must also be
open. For a TCP tunnel, either ports 6644 and 6646, or port 443, can be used. Specify the choice of
tunnel protocol and port when configuring the tunnel profile.
• TCP ports 22 and 443 must be open in the firewall that is outbound from the Cisco Prime Network
Services Controller IP address to the cloud provider.
• Using a proxy on private cloud is not supported when Intercloud Fabric is being used to connect to
public cloud.
System Requirements
The following tables identify the system requirements for installing Cisco Intercloud Fabric.
Table 3: System Requirements
Requirement
Description
Intercloud Fabric
CPUs
8 vCPU (64-bit x86 CPU [VT-capable])
Network interface cards (vNICs)
1
RAM
20 GB
Disk
350 GB
Intercloud Fabric Extender
Memory
2 GB
CPU
2 vCPU
Disk
3 GB
Intercloud Fabric VSM
Memory
2 GB
CPU
1 vCPU
Disk
3 GB
Cisco Intercloud Fabric Release Notes, Release 2.3.1
5
Cisco Intercloud Fabric Overview
System Requirements
Note
The virtual disk must be capable of at least 40 MB/s bandwidth.
Table 4: Hypervisor Requirements
Requirement
Description
VMware
Version
5.1, 5.5, and 6.0, ESXi
Table 5: Client Browser Requirements
Requirement
Description
Browser
Google Chrome 32.0 or later
Note
We recommend that you use Google Chrome for Intercloud
Fabric.
Table 6: System Requirements for Provider Clouds
Provider/Model
Device
vCPU
Memory (GB)
Disk (GB)
c3.2xlarge
Intercloud Fabric Switch
8
15
20
c3.xlarge
Intercloud Fabric Router
4
7.5
8
m3.medium
Intercloud Fabric Firewall
(VSG)
1
3.75
2
A3
Intercloud Fabric Switch
4
7
20
A3
Intercloud Fabric Firewall
(VSG)
2
3.5
2
Intercloud Fabric Switch
4
4
20
Intercloud Fabric Firewall
(VSG)
1
3
3
AWS
Azure
All Other Providers
Cisco Intercloud Fabric Release Notes, Release 2.3.1
6
Cisco Intercloud Fabric Overview
Scalability Limits
Provider/Model
Note
Device
vCPU
Memory (GB)
Disk (GB)
Intercloud Fabric Router
(CSR)
4
4
8
For optimal performance, we recommend reserving extra system resources for Intercloud Fabric Director
above the minimum system requirements listed in the preceding table. For more information, see "Reserving
System Resources" in the Cisco Intercloud Fabric Getting Started Guide.
Scalability Limits
The following table lists the scalability limits for the Cisco Intercloud Fabric components.
Table 7: Scalability Limits
Cisco Intercloud Fabric Components
Scalability Limits
Number of VMs per Intercloud Fabric
Not to exceed 1000
Number of Intercloud Fabric clouds per Intercloud Fabric
32
Number of VLANs per Intercloud Fabric cloud
16
Number of VMs per Intercloud Fabric cloud
100
Number of vNICs per Intercloud Fabric cloud
256
Number of Intercloud Fabric Firewalls (VSGs) and Intercloud 2 each
Fabric Routers (CSR 1000Vs)
Important Notes
This section describes the important notes for using Cisco Intercloud Fabric, Release 2.3.1.
• Cisco Intercloud Fabric supports only the English version of vCenter.
• A Windows VM image that has been syspreped to certain cloud providers (such as Azure) cannot be
migrated.
• Prior to the general installation of Cisco Intercloud Fabric, you must configure the Network Time Protocol
(NTP) on ESXi so that its startup policy is set to "Start automatically if any ports are open, and stop
when all ports are closed." In addition, verify that the set time on vCenter hosts is synchronized with
NTP and on deployed VMs. For more information, see the Cisco Prime Network Services Controller
3.2 Quick Start Guide.
Cisco Intercloud Fabric Release Notes, Release 2.3.1
7
Cisco Intercloud Fabric Overview
Important Notes
• Physical hosts in an enterprise data center must use the correct date and time. We recommend that you
synchronize the host clock with an NTP server to ensure successful communication.
• Prior to Release 2.3.1, VMs created in Azure, either based on a template or moved from enterprise to
Azure, may have two default gateway entries: one via the enterprise overlay interface and another for
the Azure private network address space. This might cause unpredictable routing. For more information,
see the Cisco Intercloud Fabric Troubleshooting Guide.
• When cloning a Linux virtual machine in VMware, new MAC addresses are assigned. This causes a
MAC address mismatch between the VM settings and the Linux guest OS. If you encounter this situation,
the following message is displayed:
The Guest OS either does not contain interface configuration for the VM NICs or the
interfaces are explicitly disabled.
For information on how to resolve the MAC address mismatch, see the VMware Knowledge Base.
• Azure multi-disk VM instantiation on an Azure cloud (from template or migration) depends on the
number of attached disks. The maximum number of disks that can be attached to a VM varies according
to the size of the VM. For example, you can attach only four disks to the Standard A2, but you can attach
32 disks to the Standard D14 and 64 disks to the Standard G5. For reference, see http://
msdn.microsoft.com/en-us/library/azure/dn197896.aspx.
• Windows CVM instantiation fails on Azure, and the VM goes into the recovery console. After a set
timeout, the VM exits from the recovery console and boots up. However, the PNSC rekey attempt times
out before the Windows VM exits the recovery console and boots up. To avoid this problem, shut down
the VM cleanly from inside the guest OS before you create a template.
• When deploying an Intercloud Fabric cloud by using the Intercloud Fabric wizard, in the Location field,
choose a cloud provider location that matches your local time zone to avoid WAN delay and latency.
• While cloning an Intercloud Fabric cloud, you must not migrate the source virtual machine as well as
the destination virtual machine as it will impact the cloning operation and any operations carried out on
the destination virtual machine after migration.
• For the cloud provider Microsoft Azure, you must register the certificate with the Azure portal.
• Out-of-band operations are not supported in Intercloud Fabric. If you terminate a virtual machine from
the cloud provider portal, the status is not reflected in the Intercloud Fabric GUI.
• Trunk ports are not supported in cloud virtual machines.
• Trunk ports are not supported in virtual machines that have been migrated to the cloud.
• In Microsoft Azure, when you terminate a virtual machine in the cloud, the virtual machine is terminated;
however, the storage is not deleted from the image and the provider will charge you for the virtual
machine. To delete the storage and the image, use the Intercloud Fabric GUI to delete the template used
to create the virtual machine.
• Network Address Translation (NAT) functionality for the Intercloud Fabric Router (CSR 1000V) is
available only if there is a default VPC in Amazon Web Services (AWS).
• During deployment of the Intercloud Fabric Router (CSR 1000V) in the cloud, inter-VLAN traffic might
stop working between private and cloud virtual machines for VLANs that are not extended to the cloud.
For private VLANs that are not extended, you must add routing on the data interface configured as the
default gateway. If no data interface is configured as the default gateway, add one with one of the private
VLANs that are not extended, and add routing for the remaining VLANs under that interface.
Cisco Intercloud Fabric Release Notes, Release 2.3.1
8
Cisco Intercloud Fabric Overview
Prime Network Services Controller Important Notes
• If network connectivity between Intercloud Fabric and the cloud provider is slow, image upload operations,
such as migrating a virtual machine, might fail. If the image is not uploaded within 12 hours, the operation
fails and Intercloud Fabric tries to reupload the image.
• The cloud provider, Cisco Intercloud Services – V, requires execution of sysprep on the virtual machine
image after VM migration. Execution of sysprep leads to certain configuration changes within your
virtual machine. These changes include resetting the Windows Administrator password, removing the
virtual machine from its associated domain, and other changes. To address these effects of sysprep
execution, be aware of the following after migrating the virtual machine to the cloud provider:
1 The Windows password is reset to the name of the virtual machine that you enter in the VM name
field in the Assign VM dialog box. (See "Assigning a Virtual Machine to a Virtual Data Center" in
the Cisco Intercloud Fabric Getting Started Guide for more information.) If the name of the virtual
machine is less than ten characters, the password is reset to the name of the virtual machine appended
with the required number of 3s to reach the ten-character limit.
2 If the virtual machine was part of a domain, you must manually readd the virtual machine to the
domain after the migration is complete and connectivity to the private network is up.
• Before you migrate a virtual machine from the Intercloud Fabric cloud to the enterprise, make sure that
there is sufficient storage capacity in the enterprise for the virtual machine.
• Before you migrate a virtual machine from the Intercloud Fabric cloud to the enterprise, you must add
the resource pool to the default computing policy. You can then select the resource pool you added in
the Migrate VM Back on Premise window during migration.
Prime Network Services Controller Important Notes
The following topics provide important information for using Prime Network Services Controller:
• Do Not Use the service reinit Command, on page 9
• No Private Data Center Support in Prime Network Services Controller, on page 10
• Firewall Ports Requiring Access, on page 10
• Out-of-Band Operations on Cloud VMs Are Not Supported, on page 10
• Editing Firewall Interfaces, on page 10
• Searching with Special Characters, on page 10
Do Not Use the service reinit Command
In a Cisco Intercloud Fabric environment, do not enter the service reinit command on the Prime Network
Services Controller CLI. The service reinit command reinitializes the Prime Network Services Controller
databases and removes the existing configuration. You will need to manually remove any VMs and templates
created through Prime Network Services Controller, from VM managers, or cloud providers.
Cisco Intercloud Fabric Release Notes, Release 2.3.1
9
Cisco Intercloud Fabric Overview
No Private Data Center Support in Prime Network Services Controller
No Private Data Center Support in Prime Network Services Controller
Prime Network Services Controller does not support private data center service nodes even though the Cisco
Prime Network Services Controller 3.3 User Guide and online help describe how to configure and manage
these items. The affected service nodes are ASA 1000V edge firewalls, enterprise CSR 1000V edge routers,
enterprise VSG compute firewalls, Citrix NetScaler 1000V load balancers, and Citrix NetScaler VPX load
balancers.
Also, Prime Network Services Controller does not support integration with Prime Performance Manager even
though it is documented in the Cisco Prime Network Services Controller 3.3 User Guide and online help.
Firewall Ports Requiring Access
If Prime Network Services Controller is protected by a firewall, the following ports on the firewall must be
open so that clients can contact Prime Network Services Controller.
Port
Description
22
TCP
80
HTTP
443
HTTPS
843
Adobe Flash
Out-of-Band Operations on Cloud VMs Are Not Supported
Out-of-band operations on cloud VMs are not supported. For example, if you terminate a cloud VM from a
cloud provider portal, the status is not reflected in Prime Network Services Controller.
Editing Firewall Interfaces
We recommend that you do not edit the data interfaces of compute or edge firewalls. Changing the data
interface via the Prime Network Services Controller GUI stops communication between the Cisco Nexus
1000V VEM link and the firewall, and thereby stops vPath traffic.
If you change the data interfaces of compute or edge firewalls via the Prime Network Services Controller
GUI, make the appropriate configuration changes on the Cisco Nexus 1000V.
Searching with Special Characters
Searching for organization names does not work if the organization names include special characters, such
as $.
Cisco Intercloud Fabric Release Notes, Release 2.3.1
10
Cisco Intercloud Fabric Overview
Open and Resolved Bugs
Open and Resolved Bugs
The open and resolved bugs for this release are accessible through the Cisco Bug Search Tool. This web-based
tool provides you with access to the Cisco bug tracking system, which maintains information about bugs and
vulnerabilities in this product and other Cisco hardware and software products.
For more information about the Cisco Bug Search Tool, see the Bug Search Tool Help & FAQ.
Using the Bug Search Tool
You can use the Bug Search Tool to search for a specific bug or to search for all bugs in a release.
Step 1
Step 2
Step 3
Step 4
Go to Cisco Bug Search Tool.
In the Log In screen, enter your registered Cisco.com username and password, and then click Log In. The Bug Search
page opens.
Note
If you do not have a Cisco.com username and password, you can register for them at http://tools.cisco.com/RPF/
register/register.do.
To search for a specific bug, enter the bug ID in the Search For field and press Enter.
To search for bugs in the current release:
a) In the Search For field, enter Cisco Intercloud Fabric 2.3(1) and press Enter. (Leave the other fields empty.)
b) When the search results are displayed, use the filter tools to find the types of bugs you are looking for. You can search
for bugs by status, severity, modified date, and so forth.
Tip
To export the results to a spreadsheet, click the Export Results to Excel link.
Open Bugs
The following are descriptions of the open bugs in Cisco Intercloud Fabric, Release 2.3.1. The bug ID links
you to the Cisco Bug Search tool.
Bug ID
Headline
CSCuv03273
Validation of OpenStack provider account may fail.
CSCuv77368
When creating an Intercloud Link with VMware vCloud Director 5.5.4, the security
rules are not applied to the vShield Edge Gateway and the exception "Security rule
exceeded" is displayed.
CSCuw23850
Cloned functionality not supported on AWS Direct Connect Intercloud Link.
CSCuw67997
PNSC UI may not refresh until the user reloads the page.
CSCuw81285
Intercloud link deployment will fail if using an existing network.
Cisco Intercloud Fabric Release Notes, Release 2.3.1
11
Cisco Intercloud Fabric Overview
Resolved Bugs
Bug ID
Headline
CSCuw94080
Drives are mapped incorrectly after migration on a Windows multidisk in AWS.
CSCuw98456
ICS VM remains running on cloud if Intercloud Link deployment fails.
CSCuw98515
A Cisco Intercloud Fabric Switch (ICS) fails to register with Cisco PNSC, or the
ICS registers but the site-to-site tunnel fails to come up due to a "bad certificate"
error.
CSCux04062
After a Windows VM move from a local premise to a public cloud, the VM's disk
is missing or an extra temporary disk storage is added.
Resolved Bugs
The following are descriptions of the resolved bugs in Cisco Intercloud Fabric, Release 2.3.1. The bug ID
links you to the Cisco Bug Search tool.
Bug ID
Headline
CSCut19855
Inconsistencies arise with cVM when the number of NICs requested is greater than
the number of NICs in the template.
CSCut49291
When rebooting an onboarded VM, the overlay interfaces change the eth numbers.
CSCut52453
A Windows VM on Amazon fails to instantiate if an Intel driver is not installed.
CSCut60405
After upgrading, you cannot SSH into the ICS from the VSM console.
CSCut80946
In Intercloud Fabric, the ICS/ICX per second CPU usage always displays as 100%.
CSCut85580
Adding the subinterface to VLAN management causes ICS VEM flapping.
CSCut91599
Switchover fails during an upgrade on Azure with an Intercloud Fabric link in HA
mode, and the second Intercloud Fabric link does not upgrade.
Related Documentation for Cisco Intercloud Fabric
This section lists the documents used with Cisco Intercloud Fabric and available at the following URL:
http://www.cisco.com/c/en/us/support/cloud-systems-management/intercloud-fabric/
tsd-products-support-series-home.html
General Information
Cisco Intercloud Fabric Release Notes
Cisco Intercloud Fabric Release Notes, Release 2.3.1
12
Cisco Intercloud Fabric Overview
Related Documentation for Cisco Intercloud Fabric
Install and Upgrade
Cisco Intercloud Fabric Getting Started Guide
User Guides
Cisco Intercloud Fabric User Guide
Configuration Guides
Cisco Intercloud Fabric Configuration Guide
Cisco Intercloud Fabric Firewall Configuration Guide
Cisco vPath and vServices Reference Guide for Intercloud Fabric
Programming Guide
Cisco Intercloud Fabric Director REST API Guide
Troubleshooting and Alerts
Cisco Intercloud Fabric Troubleshooting Guide
Cisco Intercloud Fabric Provider Platform
The documentation listed below is available for use with Cisco Intercloud Fabric Provider Platform at the
following URL:
http://www.cisco.com/c/en/us/support/cloud-systems-management/intercloud-fabric/
tsd-products-support-series-home.html
Cisco Intercloud Fabric Provider Platform Release Notes
Cisco Intercloud Fabric Provider Platform Installation Guide
Cisco Intercloud Fabric Provider Platform Administrator Guide
Cisco Intercloud Fabric Provider Platform Troubleshooting Guide
Cisco Nexus 1000V Documentation
Cisco Nexus 1000V for VMware vSphere
Cisco Virtual Security Gateway Documentation
Cisco Virtual Security Gateway
Cisco Prime Network Services Controller Documentation
Cisco Prime Network Services Controller
Cisco Cloud Services Router Documentation
Cisco Cloud Services Router 1000V
Cisco Intercloud Fabric Release Notes, Release 2.3.1
13
Cisco Intercloud Fabric Overview
Documentation Feedback
Documentation Feedback
To provide technical feedback on this document, or to report an error or omission, please send your comments
to: [email protected].
We appreciate your feedback.
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service
request, and gathering additional information, see What's New in Cisco Product Documentation.
To receive new and revised Cisco technical content directly to your desktop, you can subscribe to the What's
New in Cisco Product Documentation RSS feed. RSS feeds are a free service.
Cisco Intercloud Fabric Release Notes, Release 2.3.1
14
© 2015-2016
Cisco Systems, Inc. All rights reserved.