IP Fabric v6.0 (Aertex)
Clearing Browser Cache
After upgrading IP Fabric to a newer version, you should see the Your
application has been updated and must be refreshed
dialog in the main GUI.
It is usually sufficient to just click the Refresh button.
However, in case of issues with the main GUI or if you did not see the mentioned dialog, please force refresh your browser cache.
The key combination for doing this depends on your operating system. In your browser window with your IP Fabric appliance’s URL open, use one of the following key combinations:
- Windows:
Ctrl
+F5
- macOS:
Command
+Shift
+R
- Linux:
Ctrl
+F5
This will only affect the browser cache for the IP Fabric appliance.
v6.0.1 (Dec 21st, 2022)
# ipfabric-6-0-1+2.ova
OVA SHA256: a5a32953dce07ca4382196a008f9951f1cf46dd742c4399e28284f5d447bd095
OVA MD5: db20fbce5af3978ad4e6c72cb8319663
# ipfabric-6-0-1+2.qcow2
QCOW SHA256: e97f475dfe4481ca2cfc3cb38229e362a4459cae11d9e8e0dc3f8e31b8aba042
QCOW MD5: 6b572847b7230d05f484710dfeca7404
# ipfabric-update-6_0_1+2.tar.gz.sig
TAR SHA256: 8df19286b3481f4eb042238636bde733c931ce1b6e51b3f6cd37a8cb525f225b
TAR MD5: 426005561a1c0ebc0f399dcfdf102b8d
For the list of delivered tickets, please consult the Low-Level Release Notes for 6.0.1.
Bug Fixes
- Filesystem access rights prevented proper configuration of the customer’s name in the generated techsupports.
- Discovery – discovery was hanging on
loadGraphCache
causing infinite discovery - Logs – large logs in
/var/log/nimpee/*
are now not divided into multiple files and are compressed - Path Lookup – IP Fabric GUI crashed when running a certain E2E Path Lookup
- Path Lookup – MPLS Path lookup displayed a graph incorrectly
- Path Lookup – certain E2E Path lookups were displaying
id=null
- Diagrams –
xDP
endpoints were not displayed when viewing a link - Cisco – when
prefix-list
with no entries was present, no prefix lists were parsed for a device - Cisco –
static
MAC Addresses were not part of MAC address tables - Cisco – API calls to
APIC
were getting400/dataset is too big
response, data are now requested in smaller chunks - VMware NSX – Diagram routing view between
Tier1
andTier2
devices was fixed - VMware NSX – virtual machines were not parsed into Technology → Cloud
- Brocade – version detection for Ruckus Switches
08.0.70
was fixed - F5 – managed IP addresses had incorrect VRF
- Aruba – operating system for ArubaMM devices was not detected correctly
v6.0.0 (Nov 16th, 2022)
Not a GA
This release is available only to early adopters for testing purposes.
# ipfabric-6-0-0+21.ova
OVA SHA256: 1e38629e5e9601f996389d6e1eba3b4a0d526240dac5f42c7a7820379ca19a90
OVA MD5: edf241c2e1e8db2be17457bf5a1ae559
# ipfabric-6-0-0+21.qcow2
QCOW SHA256: 33fd3659b332605cc677ba396f56bee1e22dca6a783cbd196810722a0a97adaf
QCOW MD5: 12515e63fbff45ddd40ae24a02a9f13f
# ipfabric-update-6_0_0+21.tar.gz.sig
TAR SHA256: 3dad74435f66e26260b47f47616b5a680ab4fb71b535d35e437f868964e4d8b7
TAR MD5: afbe34c8e97bc66c2af111c1ad3715ac
For the list of delivered tickets, please consult the Low-Level Release Notes for 6.0.0.
Upgrade Notices
- Upgrading to
6.0
is only supported from5.0
. Please upgrade to the latest5.0
before attempting to upgrade to6.0
. - Upgrade to
6.0
will break custom SSO integrations and will require a change to the/etc/ipf-dex.yaml
file. Simply replace thev5.0
string in this file withv6.0
and then runsystemctl restart ipf-dex
. If you would like assistance, please contact your Solution Architect. - This release brings changes to IP Fabric data model. Snapshots need to be unloaded and loaded back to be updated. The locked snapshots are not unloaded automatically. It would help if you reloaded them manually after the upgrade (unlock them, perform unload, load them back and lock them again). Otherwise, you might experience issues with diagrams, and you will be missing attributes from the snapshot.
- Introduction of RBAC and how security tokens are currently handled led to a change in how large file downloads are handled (snapshots, tech supports, and such). Implementation has unfortunate limits, which we will address in the upcoming releases. These include missing the
Content-Length
header due to content being downloaded via JavaScript to browser memory. The practical impact is that the progress bar and ETA must be included. It may be extensive to the RAM.
Attributes
You can now configure custom attributes for devices, this can be found under Settings → Device Attributes.
Site separation is also fully backed by attributes by now. That resulted in API changes, for example siteKey
has been removed from inventory calls.
RBAC
You can now specify the level of access a user has by restricting the ability to use only certain API Endpoints (API calls), or you can restrict which devices the user has access to via siteName
Attributes scope. New settings can be found under:
- Settings → User Management → Polices
- Settings → User Management → Roles
Info
If you have defined custom roles
in the 5.0 release, create a new Attributes scope policy to allow access to sites users need access to. Also define new API Endpoints Scope if needed. See, Policies.
Assurance Engine
- Assurance Engine is a new tab found under global and snapshot settings.
- Users can now disable specific tasks to speed up discovery. You can toggle the following features from the Assurance Engine:
- Loading Graph Cache
- Save Historical Data
- Compute Intent Verification Rules
Changes to IP Fabric First Boot Wizard
-
Starting in 6.0, when setting the hostname in the First Boot Wizard, the hostname will follow RFC1035 Section 2.3.1 standards.
<domain> ::= <subdomain> | " " <subdomain> ::= <label> | <subdomain> "." <label> <label> ::= <letter> [ [ <ldh-str> ] <let-dig> ] <ldh-str> ::= <let-dig-hyp> | <let-dig-hyp> <ldh-str> <let-dig-hyp> ::= <let-dig> | "-" <let-dig> ::= <letter> | <digit> <letter> ::= any one of the 52 alphabetic characters A through Z in upper case and a through z in lower case <digit> ::= any one of the ten digits 0 through 9
Network Discovery
- Parallel command loading has been implemented for Cisco Meraki. This will significantly speed up discovery.
- VMware NSX-T – Added support for E2E PathLookup with evaluation of DFW and Gateway Firewall Policies.
- Forcepoint NGFW – Added support of basic discovery in firewall/VPN mode (see our feature matrix for more details).
- Cisco – Added support for collecting FabricPath data.
- Discovery bandwidth limit can be set up to 100Mb/s in UI.
- The number of discovery workers running in parallel can be tuned, please contact the IP Fabric support team for guidance.
- Cisco ASA, IOS, IOS-XE, NX-OS – Added support for route maps and prefix-lists (IPv4 and IPv6)
- Hostname parsing was improved, domain parsing was added (when applicable).
- On Palo Alto firewall new hostname format is used –
hostname/vsysName
instead ofhostname/vsysId
. - Logical Devices – Added a summary table of all discovered logical firewalls (contexts, VSYS, VDOM) and Cisco Nexus VDCs.
- AWS – it is now possible to set multiple regions and AssumeRoles in one configuration.
- Huawei – New OS version parsing. We now show more Huawei-like OS versioning e.g.
V800R021C00SPC100
instead of8.210
.
Logging
- JSON log files for all discovery services. Please note that these files can be several times (about 6x) larger than existing logs.
EULA
- Updated the End User Licensing agreement (EULA). Current users may be asked to re-sign any existing EULA.