IP Fabric v7.2

Upgrade Version Policy

We support the following upgrade paths:

• The latest version in the previous major line → any version in the current major line (for example, 5.0.2 → 6.1.3).
• Any version in the current major line → any newer version in the current major line (for example, 6.0.1 → 6.2.3).
• The latest version in the current major line → any version in the next major line (for example, 6.2.5 → 7.1.3).

Clearing Browser Cache

After upgrading IP Fabric to a newer version, you should see the Your application has been updated and must be refreshed dialog in the main GUI.

It is usually sufficient to just click the Refresh button.

However, in case of issues with the main GUI or if you did not see the mentioned dialog, please force refresh your browser cache.

The key combination for doing this depends on your operating system. In your browser window with your IP Fabric appliance’s URL open, use one of the following key combinations:

• Windows: Ctrl + F5
• macOS: Command + Shift + R
• Linux: Ctrl + F5

This will only affect the browser cache for the IP Fabric appliance.

v7.2.5 (March 17^th, 2025; EA)

SHA256 (ipfabric-update-7-2-5+0.tar.zst.sig) = d109880359565d8fe25a0f9e0f8f961c261a2c6d84b3a907637266c1e7b18f26
MD5 (ipfabric-update-7-2-5+0.tar.zst.sig) = 2932f484391d11ea3b79bdccfbb6407d
SHA256 (ipfabric-7-2-5+0.ova) = caf82d11c7ada6c98056c7787d0b249b0347bfa60afcedba361bf56fa1ee855b
MD5 (ipfabric-7-2-5+0.ova) = 70e5ff7b1befc776d207c907029c93b8
SHA256 (unsupported-sha1-ipfabric-7-2-5+0.ova) = 5f60e1a5c2325a3b2da9989308b6f600a41c64a3557f26ec108e9b4f32af7660
MD5 (unsupported-sha1-ipfabric-7-2-5+0.ova) = be4aafed9d63b12eebdbef46d56b7733
SHA256 (ipfabric-7-2-5+0.qcow2) = 741074a9a5d15fdb8d82ea98ba9f15b19570d34a072766687af5038a869dbd4b
MD5 (ipfabric-7-2-5+0.qcow2) = 7784fd5faa8e48217690c071e167a2be
SHA256 (ipfabric-7-2-5+0.vmdk) = 33173b31cb00fc56489284218e7ca03033cf41e9a5011a5bb0ebc02f0e8a9965
MD5 (ipfabric-7-2-5+0.vmdk) = 5bc4182ddf2545932f70ddd7b463e365
SHA256 (ipfabric-7-2-5+0.vhdx.zst) = 5606326c1ee96927804957bfc72c09acde89e91233f54265b440d812bc2499a7
MD5 (ipfabric-7-2-5+0.vhdx.zst) = eb33e6d0e2a631730d5ffb426633f28e

API Endpoints Deprecation

The below API endpoints have been marked as deprecated and the intention is to remove them in the next major version 8.0.

• /tables/networks/gatewayRedundancy
• /tables/networks/networks

System Administration UI Removal

The System Administration UI on port 8443 has been deprecated in version 7.0 and is no longer accessible. All its functionalities have been replaced by an alternative:

• System Status
• Backup and Maintenance
• System Update
• Restore Admin Access

Layout Optimization for Large Circular Graphs

Circular graphs with over 100 nodes experienced slow rendering and oversized layouts due to complex line-crossing minimization calculations. This also impacted snapshot discovery/loading performance due to prolonged node position caching.

For graphs exceeding 100 nodes, we now automatically apply the universal layout instead of the circular layout. This ensures:

• Faster rendering (reduced layout computation time)
• Improved readability of large graphs
• Optimized snapshot performance (quicker node position caching)

The layout type change (circular → universal) is not yet reflected in API responses or the UI. This visibility will be added in an upcoming release.

New Features

Configuration Import/Export

• We have developed a new feature that allows you to import and export configurations of the IP Fabric application across multiple IP Fabric instances. More details can be found on the Configuration Import/Export page.

Automated SSO

• We have developed a new script to simplify the SSO setup process for the IP Fabric application. More details can be found on the Automated Single Sign-On (SSO) page.

Azure Network Load Balancers (NLB) support

• Data collection and end-to-end path lookup via NLB nodes are supported. However, path lookup via Azure private links is not supported yet.

  Do not forget to update IAM policy

  To collect Azure Network Load Balancers, the corresponding IAM policy must be updated. You can download the new policy here.

Enhanced BGP Community Controls for Optimized Discovery

• Introduced per-device, per-protocol (IPv4/IPv6), and per-VRF BGP community configurations to limit downloaded routes during discovery.
• This feature prioritizes community-based filtering over global thresholds, ensuring precise data collection while reducing processing time. Ideal for large-scale networks with extensive BGP tables. For more information see Routing

Connections between IPsec & VXLAN tunnel endpoints now visible in path-lookup

• For easier identification of where IPsec and VXLAN tunnels start and end, especially when traversing multiple devices, direct links between tunnel endpoints are now visible in path lookups. More details can be found in IPsec & VXLAN tunnel endpoints.

BGP Route Collection Enhancement

We have introduced filtered BGP route collection support, allowing network administrators to explicitly define which networks to collect. This enables focused BGP route analysis while optimizing system resources across Cisco IOS/IOS-XE, IOS-XR, NX-OS, Juniper JunOS and Arista EOS platforms.

For detailed information about the new API endpoints and configuration options, see BGP Route Collection API.

Improvements

GUI

• We have updated default tabs settings for consoleServer devices in Device Explorer: added Serial Ports, removed QoS, MAC and Port Channel. This resets previous tab settings for this device type.
• Edges in topology graphs now support multiple labels, which can be displayed either inline or on separate lines. These settings are customizable in the Visualization Setup panel of the Network Viewer, allowing configuration for each protocol or group type individually.
• Additional columns were added to Inventory → Interfaces table, all hidden by default:
  • Clearing Type
  • Clearing Value
  • Last Input Type
  • Last Input Value
  • Last Output Type
  • Last Output Value
• An additional column was added to the Inventory → Devices table and is hidden by default:
  • Credentials Notes

Advanced Filters

• Device Attribute-Based Advanced Filters now supports Attributes as a device property.

  This allows you to:

  • Filter data using predefined Attributes, such as siteName.
  • Use custom Attributes for more specific filtering.

• For a complete list of properties and supported tables, refer to Technology Tables – Device-Based Advanced Filters.

Discovery Settings

• Saving discovery settings with missing or expired credentials is now allowed. Users can decide whether the missing data is important for running the discovery or can add the data later. Clear messages and dialogs will inform users of any potential issues.

Network Discovery

• New Capabilities – Cisco (FTD), Fortinet (FortiGate), PaloAlto (PAN-OS)

  • Support for URL filtering has been added.
  • In Path Lookup under Advanced Packet Options, new search fields are now available:
    • Site category: Matches the name of a URL filter category. Works for both built-in and custom categories. The field accepts regex if multiple categories are needed in the result.
    • URL / DOMAIN: Matches a specific URL against applicable security rules.

• New Capabilities – PaloAlto (PAN-OS)
  • Support for URL-type objects of External Dynamic List has been added.

• New Capabilities – Fortinet (FortiGate)
  • Support for URL-type objects of External Resource has been added.

Vendor Support and Improvements

• Added Silver Peak API key authentication support.
• Added IPv6 BGP neighbors support for Arista (EOS), Cisco (IOS, IOS-XE, NX-OS), FS (FSOS), PaloAlto (PAN-OS).
• Added support for IPv6 BGP Route limit - see documentation
  • Arista: EOS
  • Cisco: NX-OS, IOS, IOS-XE, IOS-XR, Viptela
  • Juniper: JunOS
  • Nokia: TiMOS
• Added URL filtering support in firewall rules for Cisco (FTD), Fortinet (FortiGate), PaloAlto (PAN-OS).
• Added support for SR-MPLS TE with BGP On-Demand Next Hop (ODN) functionality for Cisco (IOS-XR).
• Added threat feeds support for FortiGate firewalls (IP lists only).
• The HP vendor has been renamed to HPE.
• The bookmark Detail for all AWS devices has changed. The differences are:
  • The Family column value is now empty (previously was set to ec2)
  • The Version column value is now empty (previously was set to 2016-11-15)

Technology Tables

• Unmanaged Neighbors Detail – Fixed an issue in the Technology → Interfaces → Connectivity matrix → Unmanaged Neighbors Detail table where Intent Verification rules could incorrectly highlight rows for specific datasets. Unique row IDs have been enforced to resolve the inconsistency.

  Important

  If Intent Verification rules were configured for this table, you may need to trigger their recalculation. To do this, you can either:

  • In local settings of the relevant snapshot(s), toggle “Compute Intent Verification” off, save settings, then toggle the rule back on; or

  

  • Manually unload and reload the relevant snapshot(s)

Site separation

• Devices now automatically inherit their site name from connected peers via CDP/LLDP, STP topology neighbors, or devices in the same L3 network, in order of priority, when rule Try to assign devices without sites based on device neighborship is enabled.