IP Fabric v6.5
Upgrade Version Policy
We support the following upgrade paths:
- the latest version in the previous major line → any version in the
current major line (for example
5.0.2→6.1.3) - any version in the current major line → any newer version in the current
major line (for example
6.0.1→6.2.3) - the latest version in the current major line → any version in the
next major line (for example
6.2.5→7.1.3)
Clearing Browser Cache
To ensure the product works as intended, please force refresh your browser cache after each IP Fabric upgrade.
The key combination for doing this depends on your operating system. In your browser window with your IP Fabric appliance’s URL opened, use one of the following key combinations:
- Windows:
Ctrl+F5 - macOS:
Command+Shift+R - Linux:
Ctrl+F5
This will only affect the browser cache for the IP Fabric appliance.
Upgrade Notices
- During the update process, locked snapshots will be unloaded together with other snapshots and their lock will be preserved. Therefore, such snapshots won’t be deleted by snapshot retention.
-
Upgrade to
6.5may break custom SSO integrations and will require a change to the/etc/ipf-dex.yamlfile. Since the6.3.2release, we are omitting minor API version for SSO configuration, and only major version will need to be changed with the next major IP Fabric version. Simply replace thevX.Ystring in this file withv6and then runsystemctl restart ipf-dex.staticClients: - id: ipfabric redirectURIs: - "https://demo1.eu.ipfabric.io/api/vX/auth/external/azure"For more information, please refer to the SSO documentation. If you would like assistance, please contact your Solution Architect.
v6.5.2 (GA, December 04th, 2023)
SHA256 (ipfabric-update-6-5-2+0.tar.gz.sig) = f0f2a6404e106d5406f781d815ff59584b90077571b80d9aa0d7b584536deaab
MD5 (ipfabric-update-6-5-2+0.tar.gz.sig) = 829238ee70286b0fbf4a1c610772f847
SHA256 (ipfabric-6-5-2+0.qcow2) = b18b2dda87f0c80203928a4e774a0630c922bfd14a270315d013f352ae5f5775
MD5 (ipfabric-6-5-2+0.qcow2) = 6ffc5e209fdd364b071eed67a0edfa17
SHA256 (ipfabric-6-5-2+0.ova) = afb6dd08c4dfb8f727da05f3cf187ce86f31ce4a2bb792822d66c92060f77ec3
MD5 (ipfabric-6-5-2+0.ova) = 21b5634e141149deb607a84b89035c78
For the list of delivered tickets, please consult the Low-Level Release Notes for 6.5.2.
Bug Fixes
- LDAP is now working with local authentication enabled
v6.5.1 (November 14th, 2023)
SHA256 (ipfabric-update-6-5-1+0.tar.gz.sig) = 8820b67b4931a0de27e39ec60785ba7821819c894a4e402b6155ca
MD5 (ipfabric-update-6-5-1+0.tar.gz.sig) = 626f42c20b106715daf233e5baceebff
SHA256 (ipfabric-6-5-1+0.qcow2) = e544d45da0a758daf05d053845de2500d16d12c9e2e34070e972421dc6fee163
MD5 (ipfabric-6-5-1+0.qcow2) = b419855b077a0e85791ca4275f22dfbf
SHA256 (ipfabric-6-5-1+0.ova) = cf6dd27630087154657bfd926fd8ea1b6fb2bdd6916ead77907012edcec9f122
MD5 (ipfabric-6-5-1+0.ova) = 1113c4c4ea684651414bfa307b0ca149
Important Product Changes
Forcing DEFAULT@SECLEVEL=0
All secure (read “encrypted with OpenSSL”) connections made by IP Fabric have
forced DEFAULT@SECLEVEL=0 to allow connections to devices with older OpenSSL
versions (which leads to the use of ciphers that are now considered weak). This
is just a temporary solution and will be removed in the future. We are working
on a solution to allow OpenSSL to be configured by the user from the outside of
the node.js process.
Known Issues
- LDAP authentication is not working if local authentication is enabled
- We are working on a fix. The hotfix is to disable local authentication
(
"enableLocalAuthentication": false). If you are interested in the hotfix, please contact IP Fabric Support.
- We are working on a fix. The hotfix is to disable local authentication
(
Network Discovery
- AWS – Support for Direct Connect Gateway (DXGW)
- Added support for routing via Virtual Private Gateway (VGW). A Direct Connect Gateway can be associated either with Transit Gateways or Virtual Private Gateways (not both types at the same time).
- DXGW partial routing table – based on allowed prefixes specified in Direct Connect Gateway Association. DXGW routing table is currently missing prefixes from on-premises routers.
- L2/L3 interfaces name on TGWs and VGWs directing towards DXGW.
- Renamed DCGW to DXGW
- Check Point Gaia
- Initial support for Identity Awareness (access-role objects) in security policies was added. See our documentation about how to set up management servers.
- Cisco
- Viptela – to prevent long discovery time, limit for OMP route API endpoints was added. The default value is 100. (see our documentation for more details)
- Firepower – extend support to map policies assigned to device clusters.
- F5 BIG-IP
- End-to-End Path Lookup support was added for F5. Now you can see paths after load-balancing action to exact pool members.
- Advanced settings for Vendor APIs
- It is now possible to fine-tune maximum concurrent requests,
maxCapacity, andrefillRatefor each Vendor API. For more details, see Vendors API - Advanced settings.
- It is now possible to fine-tune maximum concurrent requests,
- ARP Table
- Only records retrieved from a particular operational command are shown. In previous versions, local interfaces addresses, which were generated by IP Fabric for diagram modeling, could be also visible.
Other Minor Changes
When a user uploads a snapshot archive, they are set as the creator of the snapshot (discarding the information about the original creator).
Experimental Features
Newly added features which need to be explicitly enabled in service files. If you are interested in trying them out, please contact our Support or Solution Architect team and we will gladly help you with enabling these features.
- Cisco
- FMC – FMC API has a bug which causes calling of
/objects/icmpv4objects?expanded=truereturning malformed data. We introduced a new feature flagUSE_FMC_NONEXPANDED_ICMP_CALLwhich downloads ICMP objects definition 1 by 1. - ACI –
fvTenantCisco APIC endpoint can fail in some environments due to the size of response output. TheUSE_ACI_FVTENANT_ENDPOINTflag separates subclasses into single parameter requests.
- FMC – FMC API has a bug which causes calling of
- Google Cloud Platform
- Basic discovery support was added, still under development as firewall and
NAT feature is not finished yet. Only VPC, cloud routers, subnets, routes,
and instances are discovered. Might be problematic in E2E discovery.
(
ENABLE_DISCOVERY_DEVICES_GCP)
- Basic discovery support was added, still under development as firewall and
NAT feature is not finished yet. Only VPC, cloud routers, subnets, routes,
and instances are discovered. Might be problematic in E2E discovery.
(
- Stormshield
- Basic discovery support was added as PoC and needs to be enabled manually.
(
ENABLE_DISCOVERY_DEVICES_STORMSHIELD)
- Basic discovery support was added as PoC and needs to be enabled manually.
(
- Nokia SROS
- Basic discovery support was added as PoC and needs to be enabled manually.
(
ENABLE_DISCOVERY_DEVICES_NOKIA)
- Basic discovery support was added as PoC and needs to be enabled manually.
(