Network Address Translation (NAT) is a common technology used on firewalls, translating the IP address used by the host when the user wants to connect to applications in our internal network. A key piece of information used to identify the user is the translated IP addresses. Starting in v6.0, NAT data will be collected for the following vendors:
For a while, we had basic support of IPv6 for OSPFv3. To properly support IPv6, we had to change the legacy properties in our model. This means IPv6 information present in older snapshots will no longer be supported.
Information collected about IPv6 is now available in a number of existing tables and new dedicated ones have been created, for example:
Public or Private Cloud routers (AWS VPC, Azure VNet, VMware NSX, ACI…) require a different approach when handling security.
With the release v4.0 of IP Fabric, we changed the security model to prepare exactly for this! Without going into too much detail – there will be a future blog on this subject – IP Fabric supports:
Azure Network Security Groups
AWS Network ACLs & Security Groups
ACI information on tenants, contexts, applications, endpoints, bridge domains, and Contracts are now collected via Cisco APIC. You will need to set the details of the APIC in the Vendors API settings.
NSX-T security is coming soon
Adding the cloud security support allows you to quickly visualize where a flow transiting to a Cloud, is being dropped or why an end user is complaining about a connectivity issue, in one single pane of glass.
IP Fabric now collects information about DHCP Servers used for relay, option82 information, and statistics (per device or per interface - depending on vendor/family).
DHCP Server, currently implemented for Cisco and Juniper, brings information about configured DHCP servers including DHCP options, pools, leased addresses, excluded addresses, and interfaces listening for DHCP requests.
RSVP (Resource Reservation Protocol) support has been added for Juniper Junos and Cisco IOS, IOS-XE, and IOS-XR. We collect information about interfaces and neighbors. For Juniper, we also collect information about link protection.
A lot has changed under the hood to ensure better stability of the tool. You may not be able to spot some of these updates, but if you want more information, don’t hesitate to reach out.
Automation – we added the possibility to write integration/plugins directly from the IP Fabric instance. You can expect to hear more on this subject in the coming weeks.
We are introducing a new API Versioning strategy. Our customers are building integrations around our API and we can no longer afford to suddenly remove any endpoints without communicating this beforehand.
ACI information on tenants, contexts, applications, endpoints, bridge domains, and Contracts are now collected via Cisco APIC. You will need to set the details of the APIC in the Vendors API settings.
NSX-T security is coming soon
IP Fabric commits to keep support for all minor versions within the major version, for example in release 5.3.1 we will allow /api/v5.1/ calls. But API may break between major releases.
If API request status is 410 - it means you’re using the wrong version in the URL then we’re showing an Unknown error
RBAC
This is the first phase of the implementation of RBAC. It will be propagated fully over the next few releases. You will already be able to refine access policies, using the new tables under Settings > User Authentication