IP Fabric v4.3
4.3.5+1 (9th March 2022)
Bug Fixes
- Routing protocol edges wrong establish to transit fix
Known issues
-
Discovery with added Vendor API can get stuck and doesn’t finish in some cases. Replicated on NSX-T v2.5, Azure, Meraki
- ID: NIM-7505, NIM-7479, NIM-7437
- Root cause: Unlocked resources after calling unsupported API endpoint
- Status: Fixed in 4.4.0 release
- Workaround: Stop discovery and disable Vendor API
-
When discovery is stopped after collection from devices is done, API will allow other jobs to run - making them run in parallel. It is especially an issue when running maintenance is started immediately because it re-indexes the DB - making caching take really long time.
- ID: NIM-7722
- Root cause: Discovery allows to run parallel jobs.
- Status: Fixed in 4.4.0 release
- Workaround: Do not stop discovery job or do not run maintenance (manually or as a scheduled job).
4.3.4+3 (7rd March 2022)
OVA MD5SUM: A5DB9B8C51169216167866C9AD6E951C
OVA SHA256SUM: 2D64A41DF78D3965F70AD80807D788FD12E0F7A1DDCF39A6B23911BF72A8311D
Bug Fixes
- Internet proxy was not working - fixed now
- Snapshot load with F5 device could fail on JSON error. This was hard to replicate, happened only occasionally. Fix should work.
- Fortinet FortiGate - fix
get system status
command parsing to handle operating system versions without any maintenance ID - L2 edges from switch to firewall - Multiple wrong edges were created because of same virtual mac address on Juniper SRX firewalls (could be also case for other vendors). This could cause too problems with graph cache calculations. Fixed and firewalls with same virtual mac are in different sites, L2 edges will be established properly.
- L2 edges for back-to-back connections - fix for non matching switchport modes.
- HP Comware – fix parsing of Route-Aggregation interfaces.
- HP 3Com - fixed parsing of
display device manuinfo
command - Duplicate IP on same device on different subinterfaces and different sites – establishing forwarding and routing protocols sessions is fixed.
- Some topology calculation speed ups for networks with many routing protocols sessions
- Pathlookup - Routing with OIDs, skip checking underlying L2 path
- Fix parsing Virtual Servers and Pool members with routing domains
and
any
ports. - VMWare NSX-T – fixed mapping of empty mac-table
- Error when opening Intent Rule verification in End Of Life Milestones page fix
- Arista – fixed parsing of platform
- Fixed possible crash in syslog worker when collecting device configurations
- Fixed POST
/snapshots
endpoint, it failed whensnapshotName
orsnapshotNote
was used - The site names could be wrong when the manual site separation rule was disabled - fixed
- Fix load of graph views
4.3.3+2 (23rd February 2022)
Bug Fixes
- Snapshot load time - data preparation before the process started was slow, fixed and speed is same as before
- Snapshot settings could overwrite global settings
- Migration of very old snapshot fix
4.3.2+2 (22nd February 2022)
Bug Fixes
- Palo Alto - Fixed discovery of multi VSYS firewalls.
- Mikrotik RouterOS - Fixed parsing of MTU in case it has value “auto”
in output of command
/interface print detail
- Fortinet FortiGate - Fixed wrongly assigned MAC address to link aggregation interfaces on HA primary units
- Jumphost - Jumphost was broken in 4.3.0 release, fixed.
- Graphs - Fail on hidden transit or clouds fixed.
/platforms/vdc/devices
table fail when snHw column was included
Improvements
- Check Point Gaia - improved pairing of gateways with management server data to fix missing zone firewall policies
4.3.1+1 (17th February 2022)
OVA MD5SUM: 0ab89eb2127d5a83f806876b438dcd95
OVA SHA256SUM: 3d07c8f1a51497eae671a43130cbf536b7e7bdf9ae6ba9030ebc50c981328119
Bug Fixes
- Missing hostname on Cisco devices with non standard transceivers
Features - Protocol and technology support
- HP ArubaCX - Added syslog support
4.3.0+4 (16th February 2022)
New Vendor Support
- Added support for Microsoft Azure Cloud infrastructure
- Added support for Silverpeak SD-WAN networks
- Added support for VMware NSX-T
- Added support for Brocade FastIron
New Features
- Added Single sign-on (SSO), read how to set it up Enabling SSO Providers
-
Device Attributes - the table is located in Settings / Device Attributes, where you can set attribute per device (SN) and the value for a specific attribute. Device Attributes. We support following attributes
siteName
- set a site name (location) for a specific device and in case you have enabled the Manual site separation rule in Site Separation settings then the name will be used in future snapshots for that device.
stpDomain
- set a name of the STP domain for a specific device and this domain name will be used in future snapshots for that device. But also other members that belong to the same STP domain and don’t have an attribute set will be moved there automatically.
routingDomain
- same as STP domain, but for Routing domain
- Added support for AWS Assume Role that can be configured in Vendor API settings
- Graphs - Path Lookup - Added simulation for Cloud / SD-WAN networks. Simulate packets between legacy and next-gen networks!
- Graphs - Path Lookup - Added detection of packets in the loop - the option is on Visualization Setup.
- Graphs - Path Lookup - The packet can be traced hop by hop in “Show Detail” by Next/Prev buttons
- Graphs - Path Lookup - added more options into path lookup form like L7 applications, ICMP options, IP Regions, TTL, and everything can be saved to setting preset
-
Graphs - Path Lookup - added “First hop algorithm” option, this will allow you to simulate external networks by specifying where the packet should start (device/interface)
- unfortunately, all the above Path lookup changes cause a breaking change in the API request payload.
Features - Protocol and technology support
- HP ArubaCX - Implement IGMP/PIM
-
F5 BigIP - Added support for virtual servers and pools. New tables added:
- Technology / Load-balancing / Virtual Servers
- Technology / Load-balancing / Virtual Servers Pools
- Technology / Load-balancing / Virtual Servers - Pool members
- Technology / Load-balancing / F5 Partitions
- Added new table Technology/ Port channels / MLAG / Cisco VPC
- ExtremeXOS - Added POE support
Improvements
- Site Separation has been rewritten, it respects Device Attributes
(see New Features)
- there was added an algorithm to determine the site name based on SNMP location.
- also added an option that will try to assign devices without site name to the site based on device neighborship.
- Discovery classification improved - only IP addresses with interfaces in UP state go to the discovery process.
- Router to switch connection with some members of port-channel in state down could prevent STP edge establishment.
- Updated EoL information for F5
- Router with no VLAN tag on the interface to ACI leaf connection over L2 with xDP added.
- Table Technology / Security / IPsec / IPsec tunnels - add new column “Tunnel interface description”
- Table Technology / Addressing / Manage IP - add new columns “Interfaces L1 state”, “Interfaces L2 state”
- Table Technology / Security / DMVPN - add interface column
- Zone Firewall and Access lists security tables are now broken to
rule level with columns that are string searchable for all values
(some of the columns are hidden by default). Tables also allow the
application of intent checks.
- Table Technology / Security / Access lists
- Table Technology / Security / Zone firewall
- The date and time values are now displayed in ISO8601 format
- Cisco Firepower - Change collecting data to use FMC API and add support for application rules: More Dropping support for ACL on Cisco Firepower
- Added API endpoint POST
/v1/tables/management/snapshots
for the possibility to get information about all snapshots (loaded, unloaded) via API - Path Lookup inspector - cosmetic improvement of ACI endpoint lookup reporting
- Path Lookup - Forwarding for explicit label 0 fix
- Check Point Gaia - added collecting of static ARP
- Cisco - IOS, IOS-XE, IOS-XR, NX-OS and Juniper JunOS - change BGP route max threshold evaluation to be done on a per VRF basis.
- Extreme XOS - Added new reason of disabled port
port not present
- Fortinet FortiGate - configured virtual IPs and IP pools were missing in the list of managed IP addresses
Bug Fixes
- If Snapshot Settings had stored credentials without username then credentials from the Global setting were taken
- Graph - The detail for XDP link between two devices could include records that pointed from one device to the Transit cloud.
- Table Management / Changes - fixed export of CSV that didn’t work
- Table Technology / MPLS / Forwarding - nexthop label 0 value was not previously shown. Fixed now
- Arista EOS - Fix parsing of the routing table.
- Arista EOS - fix subinterfaces parsing from command
show ip ospf neighbor detail
- Arista EOS - Fix parsing of command
show lldp neighbors detail
. - AWS - Fix mapping of
aws/_ec2/describeRouteTables
- AWS - Fix parsing for a command that shows tunnelOptions which can be empty.
- Check Point Gaia - Fix parsing for Alias interfaces.
- Check Point Gaia - Fix parsing for command
show cluster members interfaces all
. - Check Point Gaia - Fix parsing for empty management interface entry.
- Check Point Gaia - collect only relevant SNMP configuration according to agent version
- Check Point Gaia - Fix parsing for command
show ospf interfaces detailed
- Check Point Gaia - fixed error when only a virtual IP was assigned on an interface
- Check Point Gaia - fixed missing zone firewall policies on gateways with VPN tunnel interfaces
- Check Point Gaia - fixed parsing of physical interfaces from command
show cluster members interfaces all
- Cisco - fixed PID parsing for nonstandard Cisco transceivers from
command
show inventory
- Cisco - Fix duplicate entries for LLDP and CDP discovery.
- Cisco - Fix parsing of nexthop list from routing table
- Cisco - IOS/IOS-XE fixed parsing of
show ip mroute count
command - Cisco ASA - the discovery of firewall contexts fixed
- Cisco ASA - fixed MTUs and IP addresses parsing on tunnels.
- Cisco ASA - fixed parsing of named ip addresses from
show running-config
- Cisco IOS - add support for portgroups in ACL
- Cisco IOS - fix N/A value in current traffic from command
show storm-control
- Cisco IOS - Fix parsing of speed, duplex and tunnel type.
- Cisco IOS - fix state when two (current and trap) are outputed in
command
show storm-control
- Cisco IOS - fixed parsing of tunnels in case source/destination IP address is missing
- Cisco IOS - Remove emitting error for bgp neighbors in state ‘idle’
- Cisco IOS-XE - Add missing vlanId for the command
show interfaces
. - Cisco IOS-XE - added support for another output format of the
show env/environment status
command - Cisco IOS-XE - Fix parsing for no transceivers in command
show interfaces transceiver
- Cisco IOS-XE - Fix parsing of interface counters for command
show wireless client mac-address <int> detail
- Cisco IOS-XE - Fixed parsing for virtual IPv6 addresses in command
show standby
- Cisco IOS-XE - Removed PTP related errors throwing in case
show ptp clock dataset default
does not provide any results - Cisco IOS-XR -
commands/cisco/isis/neighborsDetail
- fixed parsing with different neighbors format. - Cisco IOS-XR -
commands/cisco/routingProtocols/ipRouteSummaryVrf
- fixed parsing with different format. - Cisco IOS-XR - Exclude parsing of monitor sessions in L2VPNs.
- Cisco IOS-XR - Fix parsing for the command
show bgp all neighbors
- Cisco IOS, IOS-XE - Fix parsing for command
show subscriber session all
. - Cisco IOS, IOS-XE, IOS-XR some routes with MPLS label were not used correctly even when next hop is known.
- Cisco NX-OS -
show vlan brief
parsing updated to handle error message displayed due to Cisco bug CSCvr88898 - Cisco NX-OS - Fix parsing of command
show password strength-check
- Cisco NX-OS - Fix parsing of OSPF state for the command
show ip ospf interface vrf all
. - Cisco NX-OS - Fixed parsing for negative DHCP snooping values in
command
show ip dhcp snooping statistics
, probably bug on device. - Cisco NX-OS - fixed parsing of command
show mac address-table
that were containing fabric path SWID. - Cisco NX-OS - fixed parsing of different output for command
show snmp user
- Cisco viptela - Fix parsing of uptime from command
/device/bfd/sessions?deviceId=
- F5 Big-IP - added support for IPv6 NTP source addresses in command
run util bash -c "ntpq -np"
- F5 Big-IP -
commands/f5/_big-ip/showSysHardware
- fix parsing various sections of command - F5 Big-IP - Fix parsing of translated ports in command
list /sys sflow receiver all-properties
- F5 BIG-IP 2000 - Fix parsing if the output of the command
list /sys management-ip
is empty. - F5 Big-IP - Fix parsing of invalid interfaces for command
show cm device
. - F5 Big-IP fix prompt detection - add the possibility for “(Sync Only)”
- Fortinet FortiGate - Added another parsing option of src-filter for
command
show firewall VIP
. - Fortinet FortiGate - Fix parsing for command
show system ha
- Fortinet FortiGate - Fix parsing for the command
get router info bgp nei
- Fortinet FortiGate - MAC address on link aggregation interfaces could be missing in some cases
- HP 3Com - Fix device detection from
display version
command - HP 3Com - remove ip address reference from directly connected routes.
- HP Comware - Added support for tunnel protocol: UDP_ADVPN/IP.
- HP Comware - Fix parsing for command
display arp
- HP Comware - Fix parsing for command
display fan
- HP Comware - Fix parsing of BGP peer instance regex for localID.
- HP Comware - Fix regex splitting of state and age for command
display ip routing-table verbose
. - HP Comware - Fixed parsing of M-Ethernet and TwentyGigE interfaces
- HP Comware - fixed parsing of power supplies from command
display power
- HP Comware - Fixed parsing of Route-Aggregation interface in the
command
display interfaces
. - HP Comware: fix routing relation on own address.
- Juniper - fixed parsing firewall rules - added nonterminating actions.
- Juniper JunOS - Add an exception for infinite values while parsing
the command
show interfaces diagnostics optics
- Juniper JunOS -
commands/juniper/junos/configurationDisplaySet
- added fromdscp
,ttl
,is-fragment
(with except actions if applicable) action to firewall parsing. - Juniper JunOS -
commands/juniper/_junos/interfacesStatisticsDetail
- fix parsing errors on interfaces - added support for a type of output. - Juniper JunOS -
commands/juniper/_junos/route
- Removed Service to routes, unable to resolve next hop for those routes - Juniper JunOS - Fix parsing of no output from command
show sflow
- Juniper JunOS - fixed parsing for fans which don’t have tray
information from command
show chassis environment
- Juniper JunOS - fixed parsing of “null” encryption in command
show security ipsec security-associations detail
- Juniper JunOS - improved information parsing of deactivated and protected configuration
- Juniper JunOS - removed management interfaces with configured ip
128.0.0.1/2
or10.0.0.1/8
- Juniper JunOS- fixed parsing of command
show interfaces statistics detail
for logical-unit-number larger than 4095 - Palo Alto pan-os -
commands/paloalto/showConfigPushedSharedPolicyVsys
- fixed parsing of none zone in security rule. - Palo Alto pan-os - fix services parsing from command
show config merged