IP Fabric v6.7
IP Fabric Upgrade From Version 6.6.3
(or 6.7.6
)
Due to an issue identified within the System Administration UI, upgrading
IP Fabric from version 6.6.3
(or 6.7.6
) over the internet will fail with
Validation failed - Field pathName: "pathName" is required
. The issue has
been addressed in version 6.7.7
(or newer). If you are running any IP
Fabric versions from 6.6.3
to 6.7.6
, please upgrade to 6.7.7
or newer
manually with an update file from https://releases.ipfabric.io/updates/.
Upgrade Version Policy
We support the following upgrade paths:
- The latest version in the previous major line → any version in the
current major line (for example,
5.0.2
→6.1.3
). - Any version in the current major line → any newer version in the current
major line (for example,
6.0.1
→6.2.3
). - The latest version in the current major line → any version in the
next major line (for example,
6.2.5
→7.1.3
).
Clearing Browser Cache
After upgrading IP Fabric to a newer version, you should see the Your
application has been updated and must be refreshed
dialog in the main GUI.
It is usually sufficient to just click the Refresh button.
However, in case of issues with the main GUI or if you did not see the mentioned dialog, please force refresh your browser cache.
The key combination for doing this depends on your operating system. In your browser window with your IP Fabric appliance’s URL open, use one of the following key combinations:
- Windows:
Ctrl
+F5
- macOS:
Command
+Shift
+R
- Linux:
Ctrl
+F5
This will only affect the browser cache for the IP Fabric appliance.
Upgrade Notices
- During the update process, locked snapshots will be unloaded together with other snapshots and their lock will be preserved. Therefore, such snapshots won’t be deleted by snapshot retention.
-
Upgrade to
6.7
may break custom SSO integrations and will require a change to the/etc/ipf-dex.yaml
file. Since the6.3.2
release, we are omitting minor API version for SSO configuration, and only major version will need to be changed with the next major IP Fabric version. Simply replace thevX.Y
string in this file withv6
and then runsystemctl restart ipf-dex
.staticClients: - id: ipfabric redirectURIs: - "https://demo1.eu.ipfabric.io/api/vX/auth/external/azure"
For more information, please refer to the SSO documentation. If you would like assistance, please contact your Solution Architect.
v6.7.7 (March 20th, 2024; GA)
SHA256 (ipfabric-update-6-7-7+0.tar.gz.sig) = 6a1afac838cdcae141f5751a98f756034fe154ede5de5862bb41c6bdc91ecb37
MD5 (ipfabric-update-6-7-7+0.tar.gz.sig) = 58c323c6f2a6b50bd217a13b0a11c4df
SHA256 (ipfabric-6-7-7+0.qcow2) = 5a59379ba7eefba53af56c5e1c0b9ec0bf556349f232f3ad29646847a4fd02c8
MD5 (ipfabric-6-7-7+0.qcow2) = 28a08133ad0ce80b599161fbd18db4de
SHA256 (ipfabric-6-7-7+0.ova) = e90e80628ff1c57916b3951dc7abf99fdb4f70822425a1c60e8c16ad19d72d4c
MD5 (ipfabric-6-7-7+0.ova) = 6a1c06f404c8a174e045e14104ef727a
For the list of delivered tickets, please consult the Low-Level Release Notes for 6.7.0 and following minor releases.
Replacement of nimpee startprod
and nimpee stopprod
Commands
- The
nimpee
script (sys-nimpee.sh
) used to manage the IP Fabric services has been replaced with theipf-appliance
service group. You can use:systemctl start ipf-appliance
instead ofnimpee startprod
systemctl stop ipf-appliance
instead ofnimpee stoppprod
- We want to leverage system tooling instead of custom scripts.
Important Product Changes
- Cisco FMC client re-sends
GET
request once when it receives200 OK
response with empty body. - We have started collecting usage data.
Network Discovery
-
Azure – This release adds support for discovery of multiple subscriptions within the same tenant. The Subscription IDs field for
Azure
in Settings → Discovery & Snapshots → Discovery Settings → Vendors API is now optional, leave it empty to discover all available subscriptions.Required role permissions have been changed, see Azure Networking – Role Definitions for IP Fabric.
- Check Point – Added support for discovery of firewalls connected to Maestro Orchestrator.
- Cisco
- Viptela – Added support for Service Chaining. Service chaining policies are modeled in PBR task. Other PBR Viptela functionality isn’t supported.
- ENCS – Added support for the basic discovery.
- Juniper
- Mist – We have improved the discovery speed for large networks. Instead of fetching data from Redis cache for each device and task, we now access the data directly from memory. This significantly eliminates the loading time.
- FS – Devices banners are now being parsed and stored in our tables. See Banners for more details.
- Silver Peak (HPE Aruba EdgeConnect) – Added support for new API 9.3 Endpoints.
Other Changes
- MAC addresses starting with
649EF3
are no longer incorrectly detected as IP Phones but as network devices. - The parameters that were originally hard-coded in vendor API clients, such as timeouts and number of re-sends, can now be configured in situ with the assistance of IP Fabric Support.
- The dot character (
.
) can be used in usernames for jumphost settings, SNMP configuration, and system backup. - Sometimes Cisco FMC doesn’t return an access token, even for successful authentication requests. Our Cisco FMC client now detects this situation and re-authenticates.
- Fixed Silverpeak vendor API client that failed during re-authentication when it received no
orchCsrfToken
token. NULL
values were sometimes treated as the smallest numerical value in filters. This was rectified, andNULL
values cannot be compared to numerical values anymore (result of comparison will be alwaysfalse
).- Changed behavior of
Loading Graph cache
Assurance Engine task- With this task disabled (to skip topology calculation at the end of discovery and make discovery faster), the Network Viewer (Site Diagrams) and Path Lookup (End to end path, Host to Gateway path) are now still able to load diagrams; they will be just slower as the topology is not cached and needs to be calculated on demand.
- The NTP configuration step has been removed from the First Boot Wizard (
nimpee-net-config
). (Note: In version6.9
, this command changed toipf-cli-config
.)
3rd-party Updates
- dex – A federated OpenID Connect provider has been updated to version
2.38.0
.
Experimental Features
Newly added features which need to be explicitly enabled in service files. If you are interested in trying them out, please contact our Support or Solution Architect team and we will gladly help you with enabling these features.
-
FortiGate FortiSwitch
- Basic discovery support was added as PoC and needs to be enabled manually.
(
ENABLE_DISCOVERY_DEVICES_FORTISWITCH
)
- Basic discovery support was added as PoC and needs to be enabled manually.
(
- Google Cloud Platform
- Improved support for already implemented features.
- Added support for BGP routing task on cloud routers.
- Use feature flag
ENABLE_DISCOVERY_DEVICES_GCP
to enable GCP discovery.
Known Issues
- Google Cloud Platform – Regional routing mode is currently unavailable and will default to global routing mode. To learn more about the difference between these modes, please refer to the GCP API Documentation or the Cloud Router Overview.
Invalid Input
after editing instances of some Vendor APIs- In Settings → Discovery & Snapshots → Discovery Settings → Vendors API, after editing an existing instance of some Vendor APIs, clicking Update and Save, the error message
Invalid Input
is shown:
- This affects
Cisco APIC
,Ruckus Virtual SmartZone
,Silver Peak
,Versa
,Viptela
, andVMware NSX-T
. - The issue will be addressed in version
6.8
. - As a workaround, if you need to edit an instance of any of the mentioned Vendor APIs, please remove and re-create it.
- In Settings → Discovery & Snapshots → Discovery Settings → Vendors API, after editing an existing instance of some Vendor APIs, clicking Update and Save, the error message