Skip to content

IP Fabric v7.3

Unreleased Version

This is an upcoming IP Fabric version, which has not been released yet and is not available for download.

Upgrade Version Policy

We support the following upgrade paths:

  • The latest version in the previous major line → any version in the current major line (for example, 6.10.77.2.13).
  • Any version in the current major line → any newer version in the current major line (for example, 7.0.157.2.13).

Clearing Browser Cache

After upgrading IP Fabric to a newer version, you should see the Your application has been updated and must be refreshed dialog in the main GUI.

It is usually sufficient to just click the Refresh button.

However, in case of issues with the main GUI or if you did not see the mentioned dialog, please force refresh your browser cache.

The key combination for doing this depends on your operating system. In your browser window with your IP Fabric appliance’s URL open, use one of the following key combinations:

  • Windows: Ctrl + F5
  • macOS: Command + Shift + R
  • Linux: Ctrl + F5

This will only affect the browser cache for the IP Fabric appliance.

v7.3.0 (UNRELEASED)

Improvements

GUI

  • An additional column was added to the InventoryInterfaces table:
    • Last Status Change
  • An additional column was added to the TechnologyPlatformsCisco VSSChassis table:
    • Switch Priority

  • Removed tables of already deprecated API endpoints:

    • Managed Networks
    • Gateway Redundancy

    IPv4 Managed IP Summary table

    As of version 7.0, the Managed Networks and Gateway Redundancy tables have been replaced by the IPv4 Managed IP Summary table.

  • IP Input Enhancement:
    • Search Functionality: Users can perform keyword-based searches within the IP list to quickly locate specific entries.
    • IP List Management: Users can efficiently manage IP addresses through enhanced multi-selection capabilities. Multiple IPs can be selected via:
      • Shift + Left Click to select range.

      • Click-and-Drag, similar to text selection in a paragraph.

        Once selected, IP addresses can be copied or removed from the list.

Layout Optimization for Large Circular Graphs

In release 7.2, we added an autonomous optimization switch from circular to universal layout for graphs with more than 100 nodes. This functionality is now fully supported at the API level and is also fully integrated into the UI starting with this release.

IPv6 Support to Discovery

Extended network discovery capabilities to support IPv6 networks alongside IPv4, ensuring all existing IPv4 functionality remains unaffected.

Backward Compatibility
  • Existing IPv4 discovery workflows continue to function as expected.
  • No changes are required for IPv4-only setups.
API Enhancements
  • The /settings API now accepts and processes IPv6 addresses in:
    • Seed lists
    • Include/Exclude/Whitelist networks
    • Device credentials
    • Custom SSH/Telnet ports
  • Address-type validation ensures that:
    • IPv4 filters apply only to IPv4 addresses
    • IPv6 filters apply only to IPv6 addresses
Discovery Configuration Updates
  • Introduced a new task type: NDPv6, available under Global Discovery Tasks settings.
  • IPv6 networks can now be discovered using a combination of:
    • Seed addresses
    • Include/Exclude/Whitelist networks
    • Device credentials

Configuration Management

  • Simplified configuration selection for comparison.
  • Added a new Compare with previous version button to configuration entries in the table.

Network Discovery

  • New Device –- AWS Application Load Balancer (ALB)
    • Initial support for data collection & inventory. The path lookup via ALB is not supported yet.
  • New Device –- Azure ExpressRoute Circuit (ERC)
    • Data collection and end-to-end path lookup via ERC is now supported. The path lookup via ERC when deployed in vWAN is not supported yet.
  • New Device –- Azure RouteServer (ARS)
    • Initial support for data collection & inventory - end-to-end path lookup via Network Virtual Appliances has been improved.
  • New Capabilities – CheckPoint, Juniper
    • Support for URL filtering has been added.
  • New Capabilities – PaloAlto (PAN-OS)
    • Support for IP and PREDEFINED-IP type objects of External Dynamic List has been added.
  • New DeviceMeraki cloud-managed Catalyst switches
    • Now discoverable via the Meraki API
    • Identification: Firmware prefix CS and Monitoring Version n/a
    • Discovery can be disabled via feature flags.

Initial Transparent Firewall Support (Behind Feature Flag)

Initial support for transparent firewalls has been introduced. Since transparent firewalls typically operate at Layer 2 and remain invisible to other network devices, manual link configuration is required to incorporate them into the network model.

To enable this feature, the corresponding feature flag must be activated. Once enabled, transparent firewalls will appear in the graph topology, and basic path lookup (excluding security policy evaluation) will be supported.

Supported Vendors & Technologies

  • Virtual Wire Setup

    A new table has been added under Technology → Interfaces → Virtual-wires, supporting:

    • Palo Alto PAN-OS
    • Cisco Firepower
    • Fortinet FortiGate / FortiOS
    • Forcepoint NGFW

  • Virtual Bridge Property

    Currently supported for Cisco Firepower. A new Virtual Bridge attribute has been added to the following tables:

    • Technology → Interfaces → Switchport
    • Technology → Addressing → MAC Table

Vendor Support and Improvements

  • Added IPv6 support for the FortiGate zone firewall task.
  • Added IPv6 support for FortiGate GRE tunnels.
  • Added IPv6 support for the Cisco ACI, ASA, IOS, and IOS-XE NTP task.
  • Added IPv6 support for the Cisco IOS, IOS-XE, and ASA Syslog task.
  • Added IPv6 support for the Cisco IOS, IOS-XE, and ASA AAA task.
  • Added IPv6 support for the Cisco IOS, IOS-XE, and ASA SNMP task.
  • Added IPv6 support for the Cisco ASA Neighbor Discovery task.
  • Added IPv6 support for Cisco ASA IPv6 routing.
  • Added IPv6 support for Cisco ASA IPv6 tunnels.
  • Added IPv6 support for Cisco ASA, IOS, and IOS-XE IPv6 IPsec.

Path Lookup

  • Using Palo Alto’s External Dynamic List in combination with end to end path lookup:
    • To investigate a Path Lookup scenario for a specific IP expected to be in the dynamic list, use the Source / Destination IP fields and enter the IP address.
    • If the content of the dynamic list is not available, or if you need to find where a specific list is being used, use the Source / Destination Region fields and enter the name of the list as it appears in the configuration.

Vendor Support and Improvements

  • Interface uptime/downtime is now available for Arista.
  • Switch priority is now available for Cisco StackWise.
  • Downloading the content of the External Dynamic List object for Palo Alto’s URL Filtering and IP List must be enabled manually via a feature flag (ENABLE_PALOALTO_EDL_IPLIST, ENABLE_PALOALTO_EDL_URLLIST).

Advanced Filters

Intent Verification Rules

Updated Rules
  • Minor UI updates to remove the Green Success check from empty columns and to revise field descriptions.:
    • Technology > Security > DHCP Snooping
      • DHCP Snooping Enabled VLANs
      • DHCP Snooping Trusted Port
      • DHCP Snooping Dropped Packets
    • Inventory > OS Versions > Platforms
      • Devices with Unique Platform changed to Platforms with a Single Deployment
      • Devices with Unique OS changed to OS Versions with a Single Deployment
    • Inventory > OS Versions > Models
      • Devices with Unique Model changed to Models with a Single Deployment
    • Technology > Management > Port Mirroring > Port Mirroring - Port Mirroring Status
    • Technology > MPLS > L2 VPN > Circuit cross-connect
      • CCC state changed to Circuit Cross-Connect State
    • Technology > SDWAN > Versa > Sites
      • SDWAN Sites Uptime changed to Versa SDWAN Sites Uptime
  • Technology > Spanning Tree > STP Inconsistencies > Neighbor ports allowed VLAN mismatch - Trunk Allowed VLAN Mismatch
    • Removed Green Success check as this rule is not applicable.
  • Technology > FHRP > Group state - FHRP Active Group Priority
    • Adjusted active FHRP groups to include master for support on Aruba and Arista devices.
  • Technology > Platforms > Environment > Power Supplies - Power-Supply State
    • Adjusted Red Error states to include power supplies with a bad state.
  • Technology > Platforms > Environment > Fans - Fan Module State
    • Adjusted Green Success states to include fan modules that contain an ok - state.
  • Inventory > Interfaces - Interface Operational State
    • Green Success - Default which should match normal states.
    • Blue Info - Layer 2 states of unknown (i.e. IP Fabric is unable to discover states on some Meraki devices.)
    • Amber Warning - Interfaces with Layer 1 state matching regex up|enabled and Layer 2 state of down without monitoring status reason.
  • Technology > Addressing > MAC Table > MAC Table - MAC Address Source
    • Green Success - Added igmp to the list of acceptable source types.
    • Blue Info and Amber Warning have been swapped so static MAC address types report as Info instead of Warning.
    • Blue Info - Added svi, permanent, and management to the list of acceptable source types.
New Rules
  • SDWAN Uptime Verifications:
    • Rules:
      • Technology > SDWAN > Silverpeak > Overlay - Silverpeak Overlay Uptime
      • Technology > SDWAN > Viptela > Control Connections - Viptela Control Connections Uptime
      • Technology > SDWAN > VeloCloud > Overlay - VeloCloud Overlay Uptime
    • Green Success - 1 year >= uptime >= 1 week
    • Blue Info - uptime > 1 year
    • Amber Warning - uptime < 1 week
    • Red Error - uptime < 1 day
  • SDWAN Status Verifications:
    • Rules:
      • Technology > SDWAN > Silverpeak > Overlay - Silverpeak Overlay Status
      • Technology > SDWAN > Silverpeak > Underlay - Silverpeak Underlay Status
    • Green Success - Status that is Up Active or Up Idle
    • Blue Info - Status that is Down or other statuses
    • Amber Warning - Status that is Up but with IP SLA Disabled or Reduced Functionality
    • Red Error - Status that is Down and Misconfigured
  • Load Balancing Availability Verifications:
    • Rules:
      • Technology > Load-balancing > Virtual Servers - Load Balancing Virtual Server Availability
      • Technology > Load-balancing > Virtual Servers - Pool members - Load Balancing Pool Member Availability
    • Green Success - Up Availability and Enabled status
    • Blue Info - All other statuses.
    • Amber Warning - Down Availability and Enabled status
  • Technology > Management > AAA > Password Strength - Password Strength Enabled
    • Green Success - Check is enabled on supported platforms
    • Amber Warning - Check is not enabled on supported platforms