Skip to content
Network as Code

Changelog

2.0.0 May 28, 2026

Section titled “2.0.0 May 28, 2026”

Tested versions: link

New Features

Section titled “New Features”

  • APIC: BREAKING CHANGE: Move old leaked_internal_prefixes (class leakInternalSubnet) to leaked_internal_subnets and add support for new leaked_internal_prefixes (class leakInternalPrefix) in a VRF leaking configuration

  • APIC: BREAKING CHANGE: Add support for configuring custom monitoring policy. Previous configuration needs to be moved to explicit common monitoring policy

  • APIC: BREAKING CHANGE: Update default values for various management access policy attributes (aes256_gcm, curve25519_sha256, curve25519_sha256_libssh,dh14_sha256, dh16_sha512, ecdh_sha2_nistp256, ecdh_sha2_nistp384, ecdh_sha2_nistp521, tlsv1_1, chacha, hmac_sha1)

  • APIC: BREAKING CHANGE: Remove default values for retries attribute under LDAP, RADIUS and TACACS configuration. This attribute is deprecated in ACI 6.2. For pre-6.2 versions these values need to be explicitely configured

  • APIC: Terraform only: BREAKING CHANGE: Fix L4L7 logical interface unique ID. Resource key will change that will result in resource recreation.

  • APIC: Terraform only: BREAKING CHANGE: Fix DHCP relay policy to support duplicate provider IPs. Resource key will change that will result in resource recreation.

  • APIC: Add support for port channel member policy in port selectors

  • APIC: Add support for filter match_only_fragments attribute

  • APIC: Add support for DVS version 8.0 and future versions

  • APIC: Add support for security attributes forged_transmit, mac_change and promiscous_mode for floating SVI in L3Out

  • APIC: Add support for static AAEP configuration under EPG

  • APIC: Add support for HSRP interface profile and group policies

  • APIC: Add support for specifying port_binding type in EPG VMM Domain Association

  • APIC: Add support to configure adjacency_type for a service graph template device

  • APIC: Add support for VRF SNMP context and community profiles

  • APIC: Add support for remote leaf resiliency groups

  • APIC: Add support for priority flow control and port security interface policies

  • APIC: Add support for using IP SLA policy from common tenant

  • APIC: Add support for configuring legacy_mode_vlan under bridge domain

  • APIC: Add support for L3Out contract masters configuration

  • APIC: Add support for port_channel_member_name configuration under leaf interface policy group

  • APIC: Add support for OOB contract filter action, priority, log and no_stats configuration

  • APIC: Add support for configuring fault severity policies under fabric monitoring policy

  • APIC: Add support for ACI border gateway

  • APIC: Add support for multi-device service graph and device selection policy

  • APIC: Add support to attach BGP route reflector policy in pod policy group

  • APIC: Add support to attach CDP and LLDP policy in spine policy group

  • APIC: Add support for description under L3Out node profile

  • APIC: Add support for mod1536, mod3072 and mod4096 modulus attribute in key ring configuration

  • APIC: Add support for ACI version 6.2

  • APIC: Add support for explicit-failover mode in port channel policy

  • APIC: Add support for auto_enforce attribute in a link level policy that would enforce autonegotation

  • APIC: Add support for unspecified OSPF network type

  • APIC: Terraform only: Add dependency between VRF and SR MPLS L3Out configuration

  • APIC: Terraform only: Add support for removing ACI undeletable objects (content_on_destroy) from state management (all policies under leaf/spine interface policy groups, that previously were not possible to be removed)

  • NDO: BREAKING CHANGE: Remove support for old DHCP relay and DHCP option policies

  • NDO: Add support for configuring new tenant policy templates: DHCP relay policies, IP SLA policies and multicast route maps (currently it is not supported to attach these policies in a schema template configuration)

  • NDO: Add partial support for ND 4.1. In this version only working configurations are: schemas, tenant templates, tenants and site fabric connectivity. Other system level configurations are not backwards compatible.

  • NDO: BREAKING CHANGE: nexus-pcv script is not compatible with ND 4.1+ versions

  • NDO: Terraform Only: Add dependency between EPG Contract and EPG Subnet

  • NDO: Terraform Only: Add support to undeploy templates automatically when destroyed

Bug Fixes

Section titled “Bug Fixes”
  • APIC: Fix filter no_stats directive configuration
  • APIC: Fix imported device in multi-node scenario
  • APIC: Terraform only: Fix null value for access spine selector policy group
  • APIC: Terraform only: Fix password class attribute order that was failing in ACI 6.1
  • APIC: Terraform only: Change L3Out set rule and external EPG configuration order
  • APIC: Terraform only: Remove nonexistent description attribute under L4L7 device
  • APIC: Terraform only: Fix incorrect max value validation for set rules metric attribute
  • APIC: Terraform only: Fix VRF name suffix support in a VRF leaking configuration
  • APIC: Terraform only: Fix ESG IP external subnet selector to support IPv6

1.2.0 November 24, 2025

Section titled “1.2.0 November 24, 2025”

Tested versions: link

New Features

Section titled “New Features”
  • APIC: Add support for new types of forwarding scale policies: high-policy, high-ipv4-ep, mcast-heavy and max-lpm
  • APIC: Add support for configuring subnets under inband endpoint groups
  • APIC: Add support for control plane MTU configuration
  • APIC: Add support to not set VRF enforcement direction when VRF is managed by NDO
  • APIC: Add access monitoring policy support
  • APIC: Add fabric MacSec policies support
  • APIC: Add data plane policing feature support
  • APIC: Add BFD multihop policy support for L3out node profiles
  • APIC: Add support for VMware VMM trunk port groups
  • APIC: Add support for configuring HTTP type IP SLA policy
  • APIC: Add tenant Netflow policy support
  • APIC: Add support for configuring deployment_immediacy under endpoint security groups
  • APIC: Add Nutanix VMM integration support
  • APIC: Add OSPF route summarization policy support with custom policy names
  • APIC: Add support for static routes with empty next hop, pointing to Null0 interface
  • APIC: Add leaf interface profile description attribute
  • APIC: Add fabric pod policy group description attribute
  • APIC: Add support for configuring VM attributes in usegEPG
  • APIC: Add support for ACI version 6.1
  • APIC: Add support for IPV6 subnet selectors in Endpoint Security Groups
  • APIC: Add support for configuring node-level BGP peers in the infra tenant
  • APIC: Add support for configuring ip_external_subnet_selectors under the Endpoint Security Groups
  • APIC: Terraform only: Add support for using system-generated breakout policy groups under interface selectors even if they are not managed by Terraform
  • NDO: Add support for custom fabric_id configuration
  • NDO: Terraform only: Remove inter-dependency between managing schema configuration and deployment
  • NDO: Terraform only: Ensure all unmanaged tenants can be referenced in schema templates
  • NDO: Terraform only: Add workaround for configuring redirect_policy under contract with service graph in a multisite scenario

Bug Fixes

Section titled “Bug Fixes”
  • APIC: Correct BD virtual_mac default value handling
  • APIC: Set minimum length of 16 characters for config_passphrase
  • APIC: Fix maintenance group scheduler deployment
  • APIC: Terraform only: Fix missing pod_id for interface shutdown module
  • APIC: Terraform only: Fix MacOS handling of null values
  • APIC: Terraform only: Fix ssh_keys validation for OpenTofu
  • APIC: Terraform only: Fix dependency between inband node addressing and inband endpoint group
  • APIC: Terraform only: Fix default values handling for service graph templates
  • APIC: Terraform only: Fix SR MPLS L3out name validation missing :
  • APIC: Terraform only: Fix L3out name to use name suffix in various places if suffix is provided

1.1.0 August 7, 2025

Section titled “1.1.0 August 7, 2025”

Tested versions: link

  • APIC: Add support for DCBXP version under LLDP interface policy
  • APIC: Add support for IP SLA policy under static route next hop
  • APIC: Fix track list default values for percentages and weights
  • APIC: Add support for fabric leaf interface selector
  • APIC: Add support for fabric leaf interface policy group
  • APIC: Add support for fabric spine interface selector
  • APIC: Add support for tenant monitoring policies
  • APIC: Fix minimum value for web session idle timeout
  • APIC: Fix OOB endpoint group to be an optional attribute
  • APIC: Fix OSPF metric type for set rules
  • APIC: Fix missing values for target DSCP under contract subjects
  • APIC: Fix the EIGRP key chain configuration under L3out interface profile

1.0.1 June 4, 2025

Section titled “1.0.1 June 4, 2025”

Tested versions: link

  • Terraform only: Fix handling of errors when merging invalid YAML content
  • Terraform only: Fix merging of boolean values, where values of false were not merged consistently

1.0.0 May 13, 2025

Section titled “1.0.0 May 13, 2025”

Tested versions: link

  • APIC: Add support for L3Out ND interface policy
  • APIC: Add support for endpoint MAC and IP tags
  • APIC: Add support for interface shutdown
  • APIC: Add support for encapsulation under floating L3outs
  • APIC: Add support for atomic counter
  • APIC: Add support for enhanced log format in syslog configuration
  • APIC: Add validation for VMM port group length
  • APIC: BREAKING CHANGE: Add support for multiple loopbacks in L3out nodes configuration
  • APIC: BREAKING CHANGE: Add support for multiple IPv4 and IPv6 import/export route targets under VRF
  • APIC: BREAKING CHANGE: Remove default value for smart licensing URL
  • APIC: Fix support for service graphs with copy device
  • APIC: Add support for MACsec policy in spine interface policy group
  • APIC: BREAKING CHANGE: Only booleans are supported in the data model instead of enabled/disabled, yes/no and on/off
  • APIC: Add support for BGP protocol profile name
  • APIC: Add support for port bringup delay to link level policies
  • BREAKING CHANGE: Terraform: Optimized interface and switch policy groups: empty policies will not be pushed anymore. Empty resources will be removed from existing statefile with no expected impact on fabric
  • BREAKING CHANGE: Terraform: Disable escaping HTML characters for all resources that contain passwords
  • APIC: Add support for route_maps under L3out to configure multiple route maps. This will deprecate import_route map and export_route_map in the future
  • APIC: Enhance SPAN filer group with name being optional attribute
  • APIC: BREAKING CHANGE: Enhance BGP best path policy with new attribute ignore_igp_metric. Change control_type attribute to as_path_multipath_relax boolean
  • APIC: Add support for endpoint retention policy
  • APIC: Add support for unidirectional contracts
  • APIC: Add support for rewrite_source_mac under redirect policy
  • APIC: Add support for DHCP relay in L3out secondary IP address configuration
  • APIC: Change to nac-test and nac-validate
  • APIC: Add support for application banners
  • APIC: Use Terraform functions to merge YAML content instead of data sources. This will result in merge data source being removed from the statefile
  • NDO: Add support for external TEP Pools
  • NDO: BREAKING CHANGE: Only booleans are supported in the data model instead of enabled/disabled, yes/no and on/off
  • NDO: Enhance contract filter chain with policy_compression attribute
  • NDO: BREAKING CHANGE: Remove support for NDO 3.7
  • NDO: Add support for NDO 4.3
  • NDO: Add support for NDO 4.4
  • NDO: Change to nac-test and nac-validate
  • NDO: Use Terraform functions to merge YAML content instead of data sources. This will result in merge data source being removed from the statefile

0.9.3 February 7, 2025

Section titled “0.9.3 February 7, 2025”

Tested versions: link

  • APIC: Fix validation for consumed contracts under external EPG
  • APIC: Add support for link local address in L3out interface profiles
  • APIC: Enhance static endpoints to not require name
  • APIC: Fix for EIGRP route summarization policy to refer to a user tenant
  • NDO: Add support for EP move detection mode under BD

0.9.2 December 8, 2024

Section titled “0.9.2 December 8, 2024”

Tested versions: link

  • APIC: Add support for interface selector description in auto-generated profiles
  • APIC: Add support for Netflow Exporter for VMM Networking
  • APIC: Add support for EIGRP route summarization
  • APIC: Add support to specify different type of a route control map
  • APIC: Add description under External EPG Subnet
  • APIC: Add support for NDO managed service graph templates and device selection policies
  • APIC: Add support for bulk EPG static ports optimization
  • APIC: Add support for FEX VPC static port configuration under EPG
  • APIC: Add support for global SR MPLS configuration
  • APIC: Add support for multicast ARP drop for BD
  • APIC: Add support for BGP route summarization at the VRF level
  • APIC: Add support for access MACsec Policies
  • NDO: Enhance support for site-specific external EPGs
  • NDO: Optimize retrieval of schema IDs
  • NDO: Add support for FEX VPC static port configuration under EPG
  • NDO: Add support for DHCP policies configuration under BD

0.9.1 September 2, 2024

Section titled “0.9.1 September 2, 2024”

Tested versions: link

  • APIC: Add support for vPC Delay Restore timer
  • APIC: Add support for Pod Peering Profile
  • APIC: Add support for Fabric Interface Link Level Policies
  • APIC: Add support for static vlan allocation under VMware VMM domain
  • APIC: Add support for ND interface policy under Bridge Domain
  • APIC: Add support for PBR L3 destination name
  • APIC: Add support for configuring node role during registration
  • APIC: Add support for allow_origins parameter in management access policy
  • APIC: Add support for Netflow policies
  • APIC: Add support for sub-interfaces in L3out
  • APIC: Enhance action support for EP loop protection
  • APIC: Add support for MicroBFD in L3out
  • APIC: Add support for BGP Route Summarization policies
  • APIC: Add description under interface selector, EPG static port, l3out interface profile and static route next hop
  • APIC: Add LDAP support in AAA login domains
  • APIC: Add support for Private VLANs on static ports
  • APIC: Add support for BGP profile in L3out
  • APIC: Add support for DHCP Labels under L3out interface profiles
  • APIC: Add support for escaping HTML in banners
  • APIC: Add support for L4L7 active-active device configuration
  • APIC: Fix support for imported devices in service graph templates
  • APIC: Add RBAC rules for nodes
  • APIC: Add support for MPLS Custom QoS policy in Terraform module
  • APIC: Add support for port channel member policies in new interface configuration mode
  • APIC: Add support for annotations in NDO-managed objects for tenant, VRF, BD, EPG, L3out and extEPG
  • APIC: BREAKING CHANGE: Remove private attribute from subnets under Bridge Domain, EPG, uEPG. Impact only for validation
  • NDO: Add support for site-aware policy enforcement mode
  • NDO: Add support for site-specific external EPG settings

0.9.0 May 29, 2024

Section titled “0.9.0 May 29, 2024”

Tested versions: link

  • APIC: Add support for PBR L1L2 destinations
  • APIC: Add support for additional AAA security management settings
  • APIC: Add support for syslog show timezone
  • APIC: Enhance set rules to support external EPG classification
  • APIC: Add support for colon character in contract names
  • APIC: Add support for all types of storm control attributes
  • APIC: Add support for multiple SR/MPLS Infra L3outs
  • APIC: BREAKING CHANGE: Add support for multiple match rules to L3out route maps
  • APIC: Add support for PTP profiles
  • APIC: Add support for vPC component SPAN source
  • APIC: Add support for Infra DHCP relay policies
  • APIC: Support for descriptions on SNMP policy user and client group
  • APIC: Add L3out SVI encapsulation scope
  • APIC: Add description to AAEP
  • APIC: Add track lists and track members
  • APIC: Add auto FEC mode to link level policies
  • APIC: Support IP data plane learning at subnet level
  • APIC: Align naming standard for fabricNodeBlk objects to what APIC uses
  • APIC: Add target version to update groups
  • APIC: Make routed domain vlan pool optional
  • APIC: BREAKING CHANGE: Add support for multiple ASN entries in AS path prepending
  • APIC: Add support for BFD switch policies
  • APIC: Add support for uSeg EPGs
  • NDO: Add custom_epg_name attribute to EPG VMM domain
  • NDI: Enhance nexus-pcv to support recent versions of ND/NDI

0.8.1 January 31, 2024

Section titled “0.8.1 January 31, 2024”

Tested versions: link

  • APIC: Make L3 PBR destination MAC optional
  • APIC: Add apic_include option to port_tracking configuration
  • APIC: Add support for Radius Provider
  • APIC: Enhance new interface configuration mode to support creating access and fabric policy groups on the created switch profiles
  • APIC: Enhance new interface configuration mode to support configuring fabric interfaces
  • APIC: Enhance new interface configuration mode to support interface shutdown option
  • APIC: Add support for physical_media_type to link level policies
  • APIC: Add support for imported L4L7 devices
  • APIC: Add support for PIM source and destination filters to bridge domains
  • APIC: Add support for DHCP label scope to bridge domains
  • APIC: Add support for ND interface policies
  • NDO: Add support for NDO 4.2

0.8.0 November 20, 2023

Section titled “0.8.0 November 20, 2023”

Tested versions: link

  • APIC: Fix replacement of placeholders in auto-generated objects
  • APIC: Fix error with sub-port static path bindings
  • APIC: Add support for static leafs under an EPG
  • APIC: Add auto to allowed values for speed in link level policies
  • APIC: Add support for tenant security domains
  • APIC: Add support for route tag policies
  • APIC: Add support for VRF transit route tag policies
  • APIC: Add support for L3out route control enforcement
  • APIC: Add support for LDAP login domains
  • APIC: Add support for LDAP configuration
  • APIC: Add support for BFD multihop node policies
  • APIC: Add support for security domains to physical and routed domains
  • APIC: Add support for SR MPLS L3outs
  • APIC: Add support for configuring mode of L3out SVI interfaces
  • APIC: Support additional values for authorization_type attribute of SNMP users
  • APIC: Allow : character in name attributes of various access policies objects
  • APIC: Add HTTPS TLS v1.3 to management access policies
  • APIC: Add SSH AES256-GCM to management access policies
  • APIC: Add SSH KEX Algorithms to management access policies
  • APIC: Improve handling of quad-dotted notation OSPF area IDs
  • APIC: Fix PIM policy compatibility issue with ACI 6.0.x
  • APIC: Add support for EPG contract masters
  • APIC: Add support for VMware VMM domain security domains
  • APIC: Add support for security domains
  • APIC: Add support for EIGRP to L3outs
  • APIC: Add support for new interface configuration mode
  • APIC: Add option to clear remote MAC entries of BDs
  • APIC: Add support for ND RA prefix policies
  • APIC: Add support for back-2-back Multi-Pod connections
  • APIC: Add support for system performance settings
  • APIC: Add support for OSPF timer policies
  • APIC: Add support for OSPF route summarization
  • APIC: Add support for copy services (service graphs)
  • APIC: Add support for “direct connect” in service graph templates
  • APIC: Add support for OSPF area control
  • APIC: Add support for L3out route control profiles
  • APIC: Add AAA user management settings
  • NDO: Add support for banner (system_config) configuration
  • NDO: Add support for remote locations
  • NDO: Add support for custom bridge domain MACs
  • NDO: Add support for no_default_gateway and primary attributes to endpoint group subnets
  • NDO: Switch from mso_schema_site_anp_epg_static_port to mso_schema_site_anp_epg_bulk_staticport resource
  • NDO: Add orchestrator_only attribute to tenants
  • NDO: Add data_plane_learning and preferred_group attributes to VRFs
  • NDO: Add multi_destination_flooding, unknown_ipv4_multicast and unknown_ipv6_multicast attributes to bridge domains
  • NDO: Add node_type attribute to service graph
  • NDO: Add type attribute to template
  • NDO: Add description attribute to template, bridge domain and endpoint group
  • NDO: Support optional ordering of template deployment
  • NDO: Add support for subport (breakout) EPG static ports