Skip to content

IP Fabric v6.0 (Aertex)

v6.0.1 (TBD)

Bug Fixes

  • Filesystem access rights prevented proper configuration of the customer’s name in the generated techsupports.
  • Discovery – discovery was hanging on loadGraphCache causing infinite discovery
  • Logs – large logs in /var/log/nimpee/* are now not divided into multiple files and are compressed
  • Path Lookup – IP Fabric GUI crashed when running a certain E2E Path Lookup
  • Path Lookup – MPLS Path lookup displayed a graph incorrectly
  • Path Lookup – certain E2E Path lookups were displaying id=null
  • Diagrams – xDP endpoints were not displayed when viewing a link
  • Cisco – when prefix-list with no entries was present, no prefix lists were parsed for a device
  • Cisco – static MAC Addresses were not part of MAC address tables
  • Cisco – API calls to APIC were getting 400/dataset is too big response, data are now requested in smaller chunks
  • VMware NSX – Diagram routing view between Tier1 and Tier2 devices was fixed
  • VMware NSX – virtual machines were not parsed into Technology → Cloud
  • Brocade – version detection for Ruckus Switches 08.0.70 was fixed
  • F5 – managed IP addresses had incorrect VRF
  • Aruba – operating system for ArubaMM devices was not detected correctly

v6.0.0 (Nov 16th, 2022)

Not a GA

This release is available only to early adopters for testing purposes.

# ipfabric-6-0-0+21.ova
OVA SHA256: 1e38629e5e9601f996389d6e1eba3b4a0d526240dac5f42c7a7820379ca19a90
OVA MD5: edf241c2e1e8db2be17457bf5a1ae559
# ipfabric-6-0-0+21.qcow2
QCOW SHA256: 33fd3659b332605cc677ba396f56bee1e22dca6a783cbd196810722a0a97adaf
QCOW MD5: 12515e63fbff45ddd40ae24a02a9f13f
# ipfabric-update-6_0_0+21.tar.gz.sig
TAR SHA256: 3dad74435f66e26260b47f47616b5a680ab4fb71b535d35e437f868964e4d8b7
TAR MD5: afbe34c8e97bc66c2af111c1ad3715ac

For the list of delivered tickets, please consult the Low-Level Release Notes for 6.0.0.

Upgrade Notices

  • Upgrade to v6.0 is only supported from v5.0. Please, upgrade to the latest v5.0 before attempting upgrade to v6.0.
  • Upgrade to v6.0 will break custom SSO integrations and will require a change to the /etc/ipf-dex.yaml file. Simply replace the v5.0 in this file with v6.0 and then run systemctl restart ipf-dex. If you would like assistance please contact your Solution Architect.
  • This release brings changes to IP Fabric data model. Snapshots need to be unloaded and loaded back to be updated. The locked snapshots are not unloaded automatically. It would help if you reloaded them manually after the upgrade (unlock them, perform unload, load them back and lock them again). Otherwise, you might experience issues with diagrams, and you will be missing attributes from the snapshot.
  • Introduction of RBAC and how security tokens are currently handled led to change in how large file downloads are handled (snapshots, tech supports, and such). Implementation has unfortunate limits, which we will address in the upcoming releases. These include missing the Content-Length header due to content being downloaded via JavaScript to browser memory. The practical impact is that the progress bar and ETA must be included. It may be extensive to the RAM.

Attributes

You can now configure custom attributes for devices, this can be found under SettingsDevice Attributes.

Site separation is also fully backed by attributes by now. That resulted in API changes, for example siteKey has been removed from inventory calls.

RBAC

You can now specify the level of access a user has by restricting the ability to use certain API Endpoints, or you can restrict which devices the user has access to via Device Attributes. New settings can be found under:

  • SettingsUser ManagementPolices
  • SettingsUser ManagementRoles

Assurance Engine

  • Assurance Engine is a new tab found under global and snapshot settings.
  • Users can now disable specific tasks to speed up discovery. You can toggle the following features from the Assurance Engine:
    • Loading Graph Cache
    • Save Historical Data
    • Compute Intent Verification Rules

Changes to IP Fabric Appliance config wizard

  • Starting in 6.0, when setting the hostname in the config wizard, the hostname will follow RFC1035 Section 2.3.1 standards.

    <domain> ::= <subdomain> | " "
    <subdomain> ::= <label> | <subdomain> "." <label>
    <label> ::= <letter> [ [ <ldh-str> ] <let-dig> ]
    <ldh-str> ::= <let-dig-hyp> | <let-dig-hyp> <ldh-str>
    <let-dig-hyp> ::= <let-dig> | "-"
    <let-dig> ::= <letter> | <digit>
    <letter> ::= any one of the 52 alphabetic characters A through Z in upper case and a through z in lower case
    <digit> ::= any one of the ten digits 0 through 9
    

Network Discovery

  • Parallel command loading has been implemented for Cisco Meraki. This will significantly speed up discovery.
  • VMware NSX-T – Added support for E2E PathLookup with evaluation of DFW and Gateway Firewall Policies.
  • Forcepoint NGFW – Added support of basic discovery in firewall/vpn mode (see our feature matrix for more details).
  • Cisco – Added support for collecting FabricPath data.
  • Discovery bandwidth limit can be set up to 100Mb/s in UI.
  • The number of discovery workers running in parallel can be tuned, please contact the IP Fabric support team for guidance.
  • Cisco ASA, IOS, IOS-XE, NX-OS – Added support for route maps and prefix-lists (IPv4 and IPv6)
  • Hostname parsing was improved, domain parsing was added (when applicable).
  • On Palo Alto firewall new hostname format is used – hostname/vsysName instead of hostname/vsysId.
  • Logical Devices – Added a summary table of all discovered logical firewalls (contexts, VSYS, VDOM) and Cisco Nexus VDCs.
  • AWS – it is now possible to set multiple regions and AssumeRoles in one configuration.
  • Huawei – New OS version parsing. We now show more Huawei like OS versioning e.g. V800R021C00SPC100 instead of 8.210.

Logging

  • JSON log files for all discovery services. Please note that these files can be several times (about 6x) larger than existing logs.

EULA

  • Updated the End User Licensing agreement (EULA). Current users may be asked to re-sign any existing EULA.