IP Fabric v4.x.x

IP Fabric v4.x.x

4.1.0 (15th November 2021)

OVA MD5SUM: 70CF5FCD46262EF621BFC2DCA8895B17
OVA SHA256SUM: DD5F1F0F701974CC8367336DDB7B3877CAAF3BD6DC114BB37C178CD104CA8BA7

WARNING: If you’re migrating from 4.0.2 to 4.1.0 then you have to reload all your snapshots manually

New Vendor Support

  • Added support for Cisco Viptela

Improvements

  • Add hostname to Detail tab in the Device Explorer component

  • Changes in POST /snapshots endpoint - the snapshot "name" and "note" can be set now

  • End of life database has been updated for Juniper, HP, Cisco, and Fortinet. Also, EOL dates for Cisco Meraki were fixed.

  • Fortinet FortiGate - show “Possible device error“ message in the “Discovery issues“ tab in case that all VDOMs can’t be discovered on FortiGate because of wrong permissions

  • Graphs - the Transit cloud has a different icon now

  • Inventory / Interface - add new column "Original Name" - Non-standardized interface name (hidden by default)

  • Inventory / Interface - column IP now shows the physical address of the interface (instead of virtual IP)

  • Paloalto pan-os - tasks/_helpers/security/preProcess - added support for application-filter

  • Significant optimization of DB queries for snapshots where exists hundreds of interfaces for a single device.

  • Snapshot download - the file name now consists from following <snapshotName>-<snapshotTime>-<snapshotKey>.tar

  • Snapshot download - the UI has been improved, added snapshot name and snapshot timestamp

  • Snapshot name in the UI - the order of labels was changed, the timestamp is first and the custom name is below that.

  • SSH connection to PaloAlto - confirmation for Do you accept and acknowledge the statement above ? fixed. It will allow the discovery of PaloAlto with this confirmation. SSH library was upgraded to new version.

Bug Fixes

  • API /graphs/png endpoint - the PNG export didn't work - fixed.

  • Arista EOS - added support for rules with DSCP in command "show ip access-lists"

  • Arista EOS - fixed parsing of "show ip virtual-router" for another output format

  • Arista EOS - fixed parsing of interface ranges in command "show ip access-lists summary"

  • Arista EOS - fixed parsing of logging and snmp information in command "show running-config"

  • CheckPoint Gaia - fixed missing zone firewall data for VSX clusters

  • CheckPoint Gaia - fixed version detection for OS versions

  • CheckPoint Gaia - policy rule was missing if “Install On“ was set to a group object

  • CheckPoint SMS - fixed processing of nested inline rulebase layers

  • Cisco - ASA - added support for FWSM detection (support for “show version” command parsing)

  • Cisco - fixed ACLs parsing in case they contain multiple white characters between keywords

  • Cisco - QoS fixed parsing for nested child service policies

  • Cisco IOS - commands/cisco/vxlan/nvePeers - added support for an additional type of "show nve peers" command output

  • Cisco IOS-XE - Added exclusion for ACL rule "system-cpp-energywise-disc" containing bug (CSCue04444) in "show ip access-list"

  • Cisco IOS-XE - fixed parsing of assigned ACLs from "show ip interface" command in case of different output format

  • Cisco IOS-XE - fixed parsing of recursive routes with MPLS label.

  • Cisco IOS/IOS-XE - routing table - added support for ICMP redirects and filtering out of "possibly down" routes

  • Cisco NX-OS - an icon of Nexus 9000 changed to match the icon of Nexus 7000.

  • Fixed advanced filtering in Snapshot Management / Inventory table (OR condition didn't work)

  • Fixed Interface edge classification for tunnel interfaces.

  • Fixed PNG export for graphs via API request

  • Fortinet FortiGate - fixed empty MAC table

  • HP ArubaCX - added support for another output format of command "show interface"

  • HP ArubaCX - added support for another output format of command "show ip ospf neighbor detail"

  • HP ArubaCX - Added support for task "vrf"

  • HP ArubaCX - Fix parsing for command "show ip route all-vrfs"

  • HP ArubaCX - fixed parsing of platform in command "show system"

  • Path lookup - ACI and firewall routing to duplicate IP addresses fix.

  • Router to switch L2 edges - same mac on multiple interfaces fix

  • Table Management / Changes - the column "#IP Addresses" had always 0 as a value - fixed

  • Versa - standardize duplex values

4.0.2 (11th October 2021)

OVA MD5SUM: 7b23502208cbffe07584e31ccd48f29e
OVA SHA256SUM: 045123c5ccfeeb0f89eb1af8fb6a1dd3de1d91a109f0024a281da2d788db6c40

Features - Protocol and technology support

  • Arista - added ACL support

  • CheckPoint Gaia - added VRRP support

  • Cisco - AAA - new local users table added, located at Technology / Management / AAA / Local users

  • Cisco IOS-XR - added ACL support

  • Cisco IOS-XR - added support for port channels

  • Extreme XOS - Add support for switchport

  • Juniper Junos - added support for OSPFv3

  • Juniper Junos - added VXLAN support

Breaking changes

  • Table Technology->Security->Object Groups was dropped. All object groups are now part of the new security model. API calls to URL /v1/tables/security/acl/object-groups will no longer be working.

  • For tables Technology->Security->Access lists (/v1/tables/security/acl) and Zone Firewall (/v1/tables/security/zone-firewall/policies), all columns except name were dropped (seq, srcAddresses, dstAddresses, inAcl, outAcl, term, action, actionName and matches for ACL table and type, fromZone, toZone, seq, src, dst, appNames and actions for Zone Firewall table) as new security model is represented by a tree. Because of that, it can't be simply fitted into a table format.

  • Snapshot cannot be refreshed from the graph in this release. This function will come back in the following release 4.1.

  • API for pathlookup has changed see API Documetation https://ipfabric.atlassian.net/wiki/spaces/ND/pages/2785640457

Improvements

The visualization part of the application was fully rewritten to boost performance and capabilities.

  • The brand new UI

  • Visualize your topology with a range of built-in layouts (or layout only selected nodes)

  • Intent-based networking has never been easier, the results are shown in the context of visualized devices.

  • Define your own preset, change colour or labels for any protocol

  • Use API to share visualizations with your wider ecosystem

  • Highlight device neighbour relationship

  • Share the view with your team

  • Export to SVG, PNG

  • Enhanced search capabilities

  • Collapse or hide devices

The path lookup simulation was also completely rewritten to packet-based path-lookup simulation.

  • The unicast simulation also supports subnets now

  • Improved ACI topology simulation

  • Added hairpin switching in different VLANs

  • Multicast options for filtering receivers added

  • Improved simulation through transit cloud including tunnelled traffic

  • New packet inspector - understand all forwarding decisions at every layer

  • Reworked security model - visualized in a tree

  • Change path lookup edge colours according to packet header priorities

Other improvements

  • Cisco ASA/FTD - added support for ‘show DNS’ command and use it for translation of FQDNs in objects/ACLs

  • Cisco WLC IOS-XE - Added parsing of wireless client IP address.

  • CheckPoint Gaia - added support for Link Aggregation (Bond interfaces)

  • Allow to use "-" or "." characters in username

  • Device type classification for a router with unused switch module changed. Now is recognized as a router, not a layer 3 switch.

  • Host table - IP host classification improved (OUI vendor check is removed).

  • Table Technology / Interfaces / Transceivers / Statistics - add Delta High-Value column

  • Fortinet FortiGate - added missing Part Numbers to Inventory

  • Add support for "onep-plain" port name to number (15001) translation

  • Table Technology / CDP/LLDP / All Neighbors - show "Device Explorer" component for values in Remote Neighbor column

  • Updated End of life records for Cisco, Arista, Fortinet, Juniper, ProCurve, Extreme

  • End of Life summary table improved - table now shows also records that don't have introduced EoL data yet, data are grouped per vendor and add new column "Replacement"

  • Routing edge improvement for tunnel interfaces with unnumbered IP addresses.

  • Make LDAP group matching case insensitive.

  • Inventory host table - hosts connected to ACI with default gateway on the non-ACI device have now edge switch.

  • Pathlookup - ACI to FW connection added

  • Table Management / Changes - added column "Snapshot name" for better orientation

  • Tables - CSV Export - the format was changed and it's fully compliant with RFC 4180 https://datatracker.ietf.org/doc/html/rfc4180

  • Site separation - added pagination when exists a lot of regex rules

Bug Fixes

  • Fix for snapshot clone process in a stuck state

  • Site separation - preview results now respect transformation settings.

  • Snapshot Management - fixed empty status of the snapshot

  • Table component - "Reset table settings" didn't work - fixed

  • The toggle "Allow using telnet protocol" didn't work - fixed

  • Transceivers statistics table - delta column calculation fix

  • Arista EOS - /commands/arista/_eos/switchport - full cmd syntax used to prevent ambiguous command errors

  • Arista EOS - add support for another format output of the "show poe" command

  • Arista EOS - ARP in some cases was not parsed whole interface name for ARP record

  • Arista EOS - fixed false-positive error regarding VPN/VRF in "show ip interface" command

  • Arista EOS - fixed missing IP phones on some devices

  • Arista EOS - fixed parsing of "show interfaces vxlan 1" for interfaces with description

  • Arista EOS - fixed parsing of “show ip route” command in case VRF Leaks are in it

  • Arista EOS - fixed parsing of different output for command "show mlag detail"

  • Arista EOS - fixed parsing of different output for command "show ntp ass"

  • Arista EOS - Syslog - information is parsed from “show running-config” instead of “show logging”

  • Aruba CX - commands/arubacx/interface - fixed parsing for ip address / mask

  • Aruba switch - standardize port speed units with other vendors

  • Checkpoint Gaia - commands/checkpoint/_gaia/cluster/members/interfacesAll - fixed parsing for different command output

  • CheckPoint Gaia - fixed collecting of nested network / service groups in security policies

  • CheckPoint Gaia - fixed discovery on devices where the command "show management interface" is not available

  • CheckPoint Gaia - fixed parsing of different output for command "show cluster members interfaces all"

  • CheckPoint Gaia - fixed parsing of OSPF InterArea and External routes

  • CheckPoint Gaia (Security Management) - don’t download policy packages without configured installation target

  • Cisco - fix error created by calling ambiguous command (show interface switchport, show interface status err-disabled, show ip interface, show spanning-tree bpdu)

  • Cisco - fixed ambiguous command "sh mpl interf" by "show mpls interfaces"

  • Cisco - fixed parsing of commands “show mac address-table multicast“ and “show mac-address-table multicast“ for cases there are unexpected lines at the beginning of the output

  • Cisco - Fixed parsing of VRF Route-Targets in an IP format

  • Cisco - various platforms - suppress error messages when tunnel present on port.

  • Cisco ACI - fixed parsing of 'inherit' speed value from "show interface" command

  • Cisco ACI, NX-OS - fixed parsing of "show environment" command in case power supply’s column model is empty

  • Cisco HSRP - fixed preemption

  • Cisco IOS - add stacking support for catalyst 2960-s platform

  • Cisco IOS - commands/cisco/mcast/macMulticast - add parsing support for MAC table records with multiple interfaces per row

  • Cisco IOS - commands/cisco/mcast/pimNeighbor - fixed missing PIM version & different output structure on old IOS version

  • Cisco IOS - commands/cisco/vrrp - fixed parsing of preempt parameter

  • Cisco IOS - Fixed parsing for AAA section from running config.

  • Cisco IOS - fixed parsing of "show power inline" command for cases of empty device name

  • Cisco IOS - fixed parsing of ”show version” command in case of faulty master switch

  • Cisco IOS - Fixed parsing of command "sh ip mroute vrf <vrfName>" that would get translated by the DNS server

  • Cisco IOS - fixed parsing of command ”show ip igmp snooping groups” in case port list does not contain any interface for a group

  • Cisco IOS - fixed parsing of the different output for command "show ip flow export command"

  • Cisco IOS - fixed parsing of the different output format of command “show ip mroute count“

  • Cisco IOS - removed false positive error emitting in "show monitor detail" command

  • Cisco IOS - tasks/deviceConfig/current - allow empty configuration when device return it

  • Cisco IOS + IOS-XE - fixed false-positive error detection in command “show dot1x all details“ in case of Tacacs session expiration.

  • Cisco IOS cat9300 - commands/cisco/vxlan/nveVni - fixed parsing for new command output format

  • Cisco IOS-XE - added parsing of another format of "show env all" and "show env status"

  • Cisco IOS-XE - Fixed parsing of command “show interfaces transceiver detail“ for another output format

  • Cisco IOS-XE fixed parsing of "show environment all" command for devices with multiple PSU

  • Cisco IOS-XR - ACL add suport for networks in CIDR format

  • Cisco IOS-XR - fixed parsing for dot1x interfaces configured as authenticator and supplicant

  • Cisco IOS-XR - Removed backup (FRR) routes from routing tables.

  • Cisco IOS-XRv - fixed platform, model and uptime parsing

  • Cisco IOS/IOS-XE - fixed parsing of “CVTA phone port” and “Two-port Mac Relay“ CDP capabilities

  • Cisco ISA - commands/_osVersions/showVersion - fixed parsing of ISA platform

  • Cisco Meraki - API v0 input validation updated for endpoint switch-ports/get-device-switch-port-statuses

  • Cisco Meraki - commands/cisco/_meraki/v0/devices/switch/ports - Unexpected stp guard value: root guard.

  • Cisco Meraki - fixed parsing of Meraki device clients.

  • Cisco Nexus - commands/cisco/mac - Added support for FabricPath MAC entries

  • Cisco Nexus - commands/cisco/switchport - fix parsing for VLAN ID ranges that are split over multiple lines

  • Cisco Nexus - fixed parsing of ”show policy-map system type network-qos” command to support another output format

  • Cisco Nexus - "show environment fex all" cmd - added support of "absent" PSU parsing

  • Cisco Nexus - added parsing of another output format of "show logging server” command

  • Cisco Nexus - fixed parsing of FEX environment information

  • Cisco Nexus - fixed parsing of in/out bytes, multicasts and broadcasts from "show interface" command

  • Cisco Nexus - Fixed parsing of STP port status on STP broken ports.

  • Cisco Nexus, ACI - fixed Device Mode value for FEX devices in Technology/Platforms/Environment

  • Cisco nx9000-aci - commands/cisco/igmp/group - Group IP parsing fix

  • Cisco SG - commands/_osVersions/showVersion - Add OS discovery support for cisco Sg220.

  • Dell Powerconnect - added MTU and MAC for interfaces

  • Dell Powerconnect - fixed parsing of MAC address from “show interfaces“ command

  • Dell Powerconnect - fixed parsing of speed and duplex from “show interfaces status“ command to support also N/A and unknown values

  • Dell Powerconnect n1500 - Fixed parsing for the command "show spanning-tree detail".

  • Duplicate IP table - false-positive unnumbered IP removed

  • Extreme XOS - added support for another output format of "show sharing" command

  • Extreme XOS - “show ports transceiver information detail“ fixed parsing of -infinity value

  • Extreme XOS - fixed parsing of port names for "show stpd <stpdDomain> ports counters" command

  • Extreme Enterasys - tasks/portChannel - port state fix

  • Extreme XOS - Fixed parsing of command 'show ip-security dhcp-snooping vlan' to allow more or none ports in Trusted ports section

  • Extreme XOS - fixed parsing of command “show ports transceiver information detail“ to allow transceivers without any statistics

  • F5 - commands/f5/_big-ip/listNetSelf - add support of ipv6 addresses

  • F5 BigIP - fixed parsing of Cluster members if they dont have Failover Unicast configured.

  • Fortinet FortiGate - commands/fortinet/diagSysNtpStatus - fixed parsing if all configured servers are unresolved

  • Fortinet FortiGate - fixed parsing of "get system status" command for FortiGateRugged platform to allow IPF device discovery

  • Fortinet FortiGate - LLDP link wasn’t established for HA ports

  • Fortinet FortiGate - Routed port classification fix for L2 edges

  • HP Aruba - commands/_osVersions/showVersion - fixed parsing for Aruba Mobility Master and Mobility Controller.

  • HP Aruba - Mobility Master - platform and LLDP parsing fixed

  • HP Aruba 7200 - Fix parsing for APs that dont respond to "show ap debug system-status ap-name <apName> command".

  • HP Aruba CX - fixed memory parsing

  • HP Aruba CX - fixed parsing for "show vsx brief" with state in sync-primary

  • HP Aruba CX - fixed parsing of "show interface" command with different output structure

  • HP Aruba CX - fixed parsing of different output for command "show vsx status"

  • HP Aruba CX - fixed parsing of property LAST in command "show ntp association"

  • HP Aruba S3500-24P - commands/hp/_aruba/inventory - Fixed parsing of serial number for Aruba switch.

  • HP Aruba switch - added parsing of the different output format of ”show tech buffers” command

  • HP Aruba switch - fixed parsing of different output for command "show spanning-tree"

  • HP Aruba switch - fixed STP task mapping for RPVST for cases designated bridge ID is missing.

  • HP ArubaCX - fix parsing of "show ip ospf neighbor detail" command in case priority is missing

  • HP ArubaCX - fix parsing of command 'show ip ospf interface' for cases local IP address is missing

  • HP ArubaCX - fix parsing of command 'show ip ospf interface' from Aruba OS version 10.07 and higher

  • HP ArubaCX - fixed parsing of "show interface mgmt" in case mgmt interface is disabled

  • HP ArubaCX - fixed parsing of "show ip ospf interface all-vrfs" and "show ip ospf neighbor detail" to not change VRF name to lower case

  • HP ArubaCX - fixed uptime parsing (it isn't always provided)

  • HP Comware - added support for another output format of “display arp“ command

  • HP Comware - fixed parsing of "display fan" command for the different output format

  • HP Comware - fixed parsing of "display ip interface" command

  • HP Comware - fixed parsing of "display power" command for the different output format

  • HP Comware - fixed parsing of “display ospf interface verbose“ command to support multiple areas for process ID and removed false positive error emitting in case there is configured process without any area

  • HP Comware - fixed parsing of commands with large output (added cli clearing for Comware 3 format)

  • HP Comware - tasks/l2Interfaces - fixed mapping of interfaces in case trunk doesn't contain any permitted vlans

  • HP Comware 5130 - commands/hp/_comware/currentConfiguration - AAA scheme fixed parsing for test-profile in aaa server configuration

  • Juniper Junes - fixed parsing of different output for command "show configuration | display set”

  • Juniper Junos - added parsing for another output format of command “show lldp neighbor“

  • Juniper Junos - fixed false-positive error emitting in STP task for STP disabled interfaces

  • Juniper Junos - fixed mapping of stacking for cases switch is not present (disconnected)

  • Juniper Junos - fixed parsing of "show chassis environment" command to support different output format of fans

  • Juniper Junos - fixed parsing of "show route" command for discarded routes

  • Juniper Junos - fixed parsing of "show vrrp detail" command in case "version" is missing

  • Juniper Junos - Fixed parsing of LLDP neighbors.

  • Juniper Junos - fixed parsing of the routing table to parse correctly Administrative Distance and Metric

  • Juniper Junos - fixed parsing of secondary address for command "show interfaces statistics detail"

  • Juniper Junos - removed duplicates in the routing table

  • Mikrotik RB1100 - Fixed parsing for command "ip ipsec installed-sa print detail"

  • Mikrotik RouterOS - fixed parsing of IP addresses of actual-interface in command 'ip address print detail'

  • Palo Alto - fixed parsing of different output for command "show routing route"

  • Palo Alto, F5 clusters - Fix for establishing routing protocol edges

  • Paloalto - fixed parsing for the routing table.

  • PaloAlto 5200 - commands/paloalto/showConfigMerged - fix parsing, when vsys has no configuration

  • Pathlookup - STP edge between switch and firewall in a cluster with virtual mac fix

  • Routing table recursive lookup for VXLAN and other forwarding properties fix

  • STP topology fix for port role master

  • Versa VOS - Fixed BGP task mapping for cases total received Pfx is not available.

  • Versa VOS - fixed mapping of API endpoint "/vnms/dashboard/appliance/<appliance>/live?command=ospf/interface/int-extensive"

  • Wrong MAC address classification as a phone for proxy ARP fix.