DMF 8.7.0 TOI

The DANZ Monitoring Fabric (DMF) Aggregate Arista GRE TAP action receives GRE-encapsulated packet samples from EOS switches, and generates an IPFIX report containing the flow 5-tuple, metadata, and timestamps from switches that the packet passed through.  Use the IPFIX report to determine the flows in a data fabric, monitor server session initialization delays, estimate the bandwidth of flows, and learn the path of packets through the fabric.

With the DANZ Monitoring Fabric (DMF) 8.7 release, DMF Controller support for modular chassis switches has been improved by adding platform compatibility for DCS-7289-CH switches. DMF Controller and switch sync-up have also been improved to maintain state consistency.

A DMF interface used by a DMF policy as both a filter and a delivery interface is known as a filter-and-delivery interface. Filter-and-delivery interfaces now support configuring sFlow in the DMF Controller.

The Switch detail page in the DMF GUI has a new Inventory tab displaying information about optics, cables, and transceivers.

Egress Filtering is an option to send different traffic to each tool attached to the policy's delivery setting. It provides additional filtering at the delivery ports based on the egress filtering rules specified at the interface.

As of DMF version 8.7.0, all DMF appliances will operate on the AlmaLinux 9.4 operating system, replacing the previous Ubuntu 20.04 LTS. This migration of the underlying operating system will not impact any currently supported features.

The DMF Recorder Node now supports deployment as a Virtual Machine (VM) for functional testing in Proof of Concept (POC) environments. Performance is limited and will vary based on allocated VM resources. DMF 8.7.0 and later Recorder Node images support being deployed as a VM.

This feature prevents policy churn by automatically placing switch interfaces with frequent flapping into an error-disabled state, effectively performing an automatic administrative shutdown. The feature also allows for automatically recovering these interfaces after a specified time. This feature reduces the risk of lost packets caused by continuous recomputation of DANZ Monitoring Fabric (DMF) policies due to flapping interfaces.

Latency and drop information help determine if there is a loss in a particular flow and where the loss occurred. A Service Node action configured as a DANZ Monitoring Fabric (DMF) managed service has multiple separate taps or spans in the production network and can measure the latency of a flow traversing through any pair of these points. It can also detect packet drops between any two points in the network if the packet only appears on one point within a specified time frame, currently set to 200ms.

This document addresses LAG hashing improvements across different platforms. In DANZ Monitoring Fabric (DMF) 8.7, the Controller applies the default hash configuration if no hash fields are configured or the configuration contains an error. If the Controller detects any hash error, DMF reports it as a fabric error.

DMF 8.7.0 supports Media Access Control Security (MACsec) as an Early Field Trial (EFT) feature. MACsec is a global configuration option for the entire fabric, with the option to enable it on intracore traffic only. MACsec only encrypts traffic between core switches, ignoring all other ancillary traffic (e.g., tap to filter, delivery to tool). MACsec is a licensed feature. Verify a MACsec license is installed on all switches participating in MACsec before using this feature.

This document describes managing certificates and private keys in DMF.

While preserving the information from the previous version, the updated DMF Interfaces UI introduces a new layout, design, and enhanced functionalities for improved interface viewing and monitoring for easy troubleshooting.

The new Switches page provides a modernized overview of all switches configured in DMF. A header and tabulated layout allow observation of different aspects of installed switches and provisioning new switches while on the same dashboard.

In previous versions, the DMF Controller had a hidden CLI command to change the log level from INFO to WARN for a particular port down log in the DMF Controller. This hidden command has been removed in DMF 8.7.0. The following is an example of the hidden command:

The new 96TB Recorder Node SKU (DCA-DM-RN760), primarily designed as a lower-cost model, meets lower data retention and recording performance requirements and is supported starting from DMF 8.7.0.

This document describes the workflow for renaming a Group Name in DMF. Navigate to Security → Groups and select Groups.

With the DANZ Monitoring Fabric (DMF) 8.7 release, a DMF Controller will allow sharing of managed services utilizing L3 delivery interfaces (e.g., NetFlow, IPFIX, app ID, etc.) across multiple policies. In prior releases, DMF did not support managed service sharing because the L3 delivery interface was an optional setting in a policy configuration. However, sharing is now supported because the managed service configuration must now specify the L3 delivery interface.

This feature supports enabling and configuring SSH host key algorithms. Along with existing SSH crypto configurations, this enables Secure Shell Daemon (sshd) configurations managed by DMF not to use SHA-1-based algorithms. DMF imposes the default SSHd configuration in the absence of configured SSH host key algorithms and MACs, which will not include SHA-1 algorithms by default.

DMF 8.7.0 provides support for Management Redundancy on an Extensible Operating System (EOS) Fixed System Chassis. It provides a method to enable redundant active/active connectivity on the management IP address for a Danz Monitoring Fabric (DMF) switch in a fixed system chassis using an out-of-band management port and a front-panel port on the switch.

The following describes LAG hashing for L2GRE and VXLAN transit traffic on Arista 7050X4 platforms: For L2GRE transit traffic, LAG hashing uses only the encapsulated (inner) packet header fields. There is no option to use underlay (outer) packet header fields. When the encapsulated packet is IP, the system uses the IP parameters configured with hash ipv4 or hash ipv6 for hashing.

UDF is an important DMF feature that matches customized fields in packet payloads for network traffic filtering on the Arista 7050X4 Series. Only supports IPv4 traffic UDF filtering, Maximum UDFs per rule: 6 UDFs.