IP Fabric v6.7

IP Fabric Upgrade From Version 6.6.3 (or 6.7.6)

Due to an issue identified within the System Administration UI, upgrading IP Fabric from version 6.6.3 (or 6.7.6) over the internet will fail with Validation failed - Field pathName: "pathName" is required. The issue has been addressed in version 6.7.7 (or newer). If you are running any IP Fabric versions from 6.6.3 to 6.7.6, please upgrade to 6.7.7 or newer manually with an update file from https://releases.ipfabric.io/updates/.

Upgrade Version Policy

We support the following upgrade paths:

the latest version in the previous major line → any version in the current major line (for example 5.0.2 → 6.1.3)
any version in the current major line → any newer version in the current major line (for example 6.0.1 → 6.2.3)
the latest version in the current major line → any version in the next major line (for example 6.2.5 → 7.1.3)

Clearing Browser Cache

To ensure the product works as intended, please force refresh your browser cache after each IP Fabric upgrade.

The key combination for doing this depends on your operating system. In your browser window with your IP Fabric appliance’s URL opened, use one of the following key combinations:

Windows: Ctrl + F5
macOS: Command + Shift + R
Linux: Ctrl + F5

This will only affect the browser cache for the IP Fabric appliance.

Upgrade Notices

During the update process, locked snapshots will be unloaded together with other snapshots and their lock will be preserved. Therefore, such snapshots won’t be deleted by snapshot retention.
Upgrade to 6.7 may break custom SSO integrations and will require a change to the /etc/ipf-dex.yaml file. Since the 6.3.2 release, we are omitting minor API version for SSO configuration, and only major version will need to be changed with the next major IP Fabric version. Simply replace the vX.Y string in this file with v6 and then run systemctl restart ipf-dex.
```
staticClients:
  - id: ipfabric
    redirectURIs:
      - "https://demo1.eu.ipfabric.io/api/vX/auth/external/azure"
```
For more information, please refer to the SSO documentation. If you would like assistance, please contact your Solution Architect.

v6.7.7 (March 20^th, 2024; GA)

SHA256 (ipfabric-update-6-7-7+0.tar.gz.sig) = 6a1afac838cdcae141f5751a98f756034fe154ede5de5862bb41c6bdc91ecb37
MD5 (ipfabric-update-6-7-7+0.tar.gz.sig) = 58c323c6f2a6b50bd217a13b0a11c4df
SHA256 (ipfabric-6-7-7+0.qcow2) = 5a59379ba7eefba53af56c5e1c0b9ec0bf556349f232f3ad29646847a4fd02c8
MD5 (ipfabric-6-7-7+0.qcow2) = 28a08133ad0ce80b599161fbd18db4de
SHA256 (ipfabric-6-7-7+0.ova) = e90e80628ff1c57916b3951dc7abf99fdb4f70822425a1c60e8c16ad19d72d4c
MD5 (ipfabric-6-7-7+0.ova) = 6a1c06f404c8a174e045e14104ef727a

For the list of delivered tickets, please consult the Low-Level Release Notes for 6.7.0 and following minor releases.

Replacement of `nimpee startprod` and `nimpee stopprod` Commands

The nimpee script (sys-nimpee.sh) used to manage the IP Fabric services has been replaced with the ipf-appliance service group. You can use:
- systemctl start ipf-appliance instead of nimpee startprod
- systemctl stop ipf-appliance instead of nimpee stoppprod
We want to leverage system tooling instead of custom scripts.

Important Product Changes

Cisco FMC client re-sends GET request once when it receives 200 OK response with empty body.
We have started collecting usage data.

Network Discovery

Azure – This release adds support for discovery of multiple subscriptions within the same tenant. The Subscription IDs field for Azure in Settings → Discovery & Snapshots → Discovery Settings → Vendors API is now optional, leave it empty to discover all available subscriptions.

Required role permissions have been changed, see Azure Networking – Role Definitions for IP Fabric.

Multiple subscriptions

Unfortunatelly, ther initial implementation contains a bug, which can cause missing data, when multiple subscriptions are used. The solution is to keep the settings the same as it was previously. Fix will be part of 6.8.

Check Point – Added support for discovery of firewalls connected to Maestro Orchestrator.
Cisco
- Viptela – Added support for Service Chaining. Service chaining policies are modeled in PBR task. Other PBR Viptela functionality isn’t supported.
- ENCS – Added support for the basic discovery.
Juniper
- Mist – We have improved the discovery speed for large networks. Instead of fetching data from Redis cache for each device and task, we now access the data directly from memory. This significantly eliminates the loading time.
FS – Devices banners are now being parsed and stored in our tables. See Banner for more details.
Silver Peak (HPE Aruba EdgeConnect) – Added support for new API 9.3 Endpoints.

Other Changes

MAC addresses starting with 649EF3 are no longer incorrectly detected as IP Phones but as network devices.
The parameters that were originally hard-coded in vendor API clients, such as timeouts and number of re-sends, can now be configured in situ with the assistance of IP Fabric Support.
The dot character (.) can be used in usernames for jumphost settings, SNMP configuration, and system backup.
Sometimes Cisco FMC doesn’t return an access token, even for successful authentication requests. Our Cisco FMC client now detects this situation and re-authenticates.
Fixed Silverpeak vendor API client that failed during re-authentication when it received no orchCsrfToken token.
NULL values were sometimes treated as the smallest numerical value in filters. This was rectified, and NULL values cannot be compared to numerical values anymore (result of comparison will be always false).
Changed behavior of Loading Graph cache Assurance Engine task
- With this task disabled (to skip topology calculation at the end of discovery and make discovery faster), the Network Viewer (Site Diagrams) and Path Lookup (End to end path, Host to Gateway path) are now still able to load diagrams; they will be just slower as the topology is not cached and needs to be calculated on demand.
The NTP configuration step has been removed from the First Boot Wizard (nimpee-net-config).

3^rd-party Updates

dex – A federated OpenID Connect provider has been updated to version 2.38.0.

Experimental Features

Newly added features which need to be explicitly enabled in service files. If you are interested in trying them out, please contact our Support or Solution Architect team and we will gladly help you with enabling these features.

FortiGate FortiSwitch
- Basic discovery support was added as PoC and needs to be enabled manually. (ENABLE_DISCOVERY_DEVICES_FORTISWITCH)

Google Cloud Platform
- Improved support for already implemented features.
- Added support for BGP routing task on cloud routers.
- Use feature flag ENABLE_DISCOVERY_DEVICES_GCP to enable GCP discovery.

Known Issues

Google Cloud Platform – Regional routing mode is currently unavailable and will default to global routing mode. To learn more about the difference between these modes, please refer to the GCP API Documentation or the Cloud Router Overview.
Invalid Input after editing instances of some Vendor APIs
- In Settings → Discovery & Snapshots → Discovery Settings → Vendors API, after editing an existing instance of some Vendor APIs, clicking Update and Save, the error message Invalid Input is shown:
- This affects Cisco APIC, Ruckus Virtual SmartZone, Silver Peak, Versa, Viptela, and VMware NSX-T.
- The issue will be addressed in version 6.8.
- As a workaround, if you need to edit an instance of any of the mentioned Vendor APIs, please remove and re-create it.