Tag :: DMF

The Analytics Node includes CIDR (Classless Inter-Domain Routing) filtering for records and documents. The feature applies to dashboards including Netflow, sFlow®, ICMP, Dapper, and others. The filtering utilizes Lucene and KQL syntaxes. The update introduces two new fields: sIp.ip and dIp.ip.

When configuring the MAC address of a switch, CLI commands and REST endpoints will accept a MAC address formatted as three groups of four hexadecimal digits separated by periods (e.g. 1122.3344.5566) in addition to the already accepted form of six hexadecimal digit pairs separated by colons (e.g. 11:22:33:44:55:66). 

Security policies occasionally prevent the download of PCAP files from packet queries. The integrated Wireshark web interface enables PCAP analysis within the DMF environment and requires authentication for access. This integration provides full Wireshark functionality while keeping the PCAP file on the Controller to maintain adherence to security requirements.

The AES-256 Support for SNMPv3 feature implements 256-bit encryption for SNMPv3 interactions on the DMF Controller and managed devices. Configuring the AES-256 privacy protocol option enhances the User-based Security Model (USM) by enforcing 256-bit encryption standards.

The DANZ Monitoring Fabric (DMF) Aggregate Arista GRE TAP action receives GRE-encapsulated packet samples from EOS switches, and generates an IPFIX report containing the flow 5-tuple, metadata, and timestamps from switches that the packet passed through.  Use the IPFIX report to determine the flows in a data fabric, monitor server session initialization delays, estimate the bandwidth of flows, and learn the path of packets through the fabric.

The DANZ Monitoring Fabric (DMF) Aggregate sFlow takes sFlow packet samples and generates an IPFIX report containing the flow 5-tuple, metadata, and timestamps from switches that the packet passed through.

The Clear Recorder Node (RN) Query History feature introduces CLI and GUI support on the DMF Controller for managing query records. Previously, deleting query history required direct interaction with the Floodlight (FL) API. This update allows for the removal of all query history entries through standard management interfaces. Note: The CLI and GUI support the deletion of the entire query history only; selective filtering of entries for deletion is not supported.

A DMF interface used by a DMF policy as both a filter and a delivery interface is known as a filter-and-delivery interface. Filter-and-delivery interfaces now support configuring sFlow in the DMF Controller.

MACsec operates as a global fabric configuration, encrypting traffic between core switches while excluding ancillary traffic, such as tap-to-filter or tool delivery. This feature introduces configurable MACsec path requirements, enabling the formation of multi-DC fabrics where inter-DC communication utilizes encrypted MACsec links while intra-DC traffic remains unencrypted.

This feature supports configuring more than one L3 delivery interface over the same subnet using the same gateway.

Until the DMF release 8.9, DMF users had no direct visibility into the current scale against the verified scale across the DMF fabric. This feature exposes the current scale against the verified scale via REST APIs, GUI, and CLI commands. The verified scale represents the capacity tested under reference conditions.

The Switch detail page in the DMF GUI has a new Inventory tab displaying information about optics, cables, and transceivers.

This document describes the updates to the DANZ Monitoring Fabric (DMF) 8.10 release verified scale and performance numbers.

This document describes the updates to the DANZ Monitoring Fabric (DMF) 8.7 release verified scale and performance numbers.

The hardware support update details newly supported hardware and other changes in the DANZ Monitoring Fabric (DMF) release 8.7.0.

This document describes the updates to the DANZ Monitoring Fabric (DMF) 8.8 release verified scale and performance numbers. Verified scale values for “DCA-DM-RN760” and “DCA-DM-RN760L” Recorder Nodes.

The hardware support update details newly supported hardware and other changes in the DANZ Monitoring Fabric (DMF) release 8.8.0.

The DMF 8.10.0 release introduces a completely redesigned Fabric page. This modernization effort improves visual clarity for data displays and the topology graph, providing an interactive fabric representation for a better understanding of device connectivity.

Before version DMF-8.4, the fabric-wide settings (Features section in the screenshot below) were available on the home page (after logging in). In DMF-8.4, a newly designed Dashboard replaces the old home page. The Features section is now the new DMF Features page.

Match rules define the specific traffic forwarded through the fabric. These criteria are applied directly within a policy, as part of a rule within a referenced rule group, or as a post-service match in a managed service. Each rule specifies parameters such as IP addresses, protocols, and ports. This update introduces expanded matching capabilities and removes previous restrictions regarding the combination of match criteria, allowing for more granular traffic steering.

As of DMF version 8.7.0, all DMF appliances will operate on the AlmaLinux 9.4 operating system, replacing the previous Ubuntu 20.04 LTS. This migration of the underlying operating system will not impact any currently supported features.

This feature provides a method to rename a DMF object. DMF 8.7 Controllers support the Policy rename feature.

The DMF VN-TAG Decapsulation (decap) feature introduces native support for removing the VN-TAG header within the DMF platform. This capability is implemented directly on the DMF Service Node to process traffic frames, and it integrates comprehensive control plane support via the Controller schema and the standard CLI workflow.

The DANZ Monitoring Fabric (DMF) allows the integration and monitoring of virtual machines in a VMware NSX fabric deployed in a vSphere environment. The DMF Controller communicates with NSX to retrieve its managed inventory and configures port mirroring sessions for selected virtual machines managed by the NSX fabric.

The DANZ Monitoring Fabric (DMF) allows the integration and monitoring of virtual machines in a VMware NSX fabric deployed in a vSphere environment. The DMF Controller communicates with NSX to retrieve its managed inventory and configures port mirroring sessions for selected virtual machines managed by the NSX fabric.

This feature prevents policy churn by automatically placing switch interfaces with frequent flapping into an error-disabled state, effectively performing an automatic administrative shutdown. The feature also allows for automatically recovering these interfaces after a specified time. This feature reduces the risk of lost packets caused by continuous recomputation of DANZ Monitoring Fabric (DMF) policies due to flapping interfaces.

If any two policies use the same filter interface and the same priority, then an additional dynamic policy will be created to ensure the delivery of packets matching both of the original policies. There is a limit on how many overlap policies can be created and it is configurable with a range between 0 to 10 with a default value of 4. Currently, we exclude policies configured as inactive in the overlap policy limit calculation. With this new feature, we exclude policies that have an expired duration from the overlap policies limit calculation.

The Filter managed service action filters packets on the Service Node (SN) interface and supports optional VLAN tagging. Utilizing ACL rules, the system forwards or drops matched traffic. Traffic tagged with a VLAN exits the interface (Tx) after processing through the action chain. VLAN tagging specifically facilitates traffic steering in Switch-less SN deployments, where the forwarding plane relies on VLANs. This configuration produces no functional impact when the SN connects directly to a DMF switch within the fabric.

Latency and drop information help determine if there is a loss in a particular flow and where the loss occurred. A Service Node action configured as a DANZ Monitoring Fabric (DMF) managed service has multiple separate taps or spans in the production network and can measure the latency of a flow traversing through any pair of these points. It can also detect packet drops between any two points in the network if the packet only appears on one point within a specified time frame, currently set to 200ms.

This feature enables the direct generation of public/private key pairs and TLS Certificate Signing Requests (CSRs) on Atlas appliances. The previous workflow required generating keys and CSRs externally, followed by importing the private key and CA-signed certificate. This enhancement simplifies the process by securely retaining the private key on the appliance, eliminating the need for external key management.

DMF 8.5 introduced a newly designed Create Policy configuration workflow, replacing the former workflow page.

Implementing these identifier fields ensures compatibility with IPFIX record collector tools that require both ingress and egress data for flow record processing.

Using the show switch <switch name/all> interface details or show switch <switch name/all> interface <interface name> details commands in the CLI will now include a Description column, which provides the configured description (if any) for the corresponding interface. This is a CLI-only change.

This document addresses LAG hashing improvements across different platforms. In DANZ Monitoring Fabric (DMF) 8.7, the Controller applies the default hash configuration if no hash fields are configured or the configuration contains an error. If the Controller detects any hash error, DMF reports it as a fabric error.

DMF 8.7.0 supports Media Access Control Security (MACsec) as an Early Field Trial (EFT) feature. MACsec is a global configuration option for the entire fabric, with the option to enable it on intracore traffic only. MACsec only encrypts traffic between core switches, ignoring all other ancillary traffic (e.g., tap to filter, delivery to tool). MACsec is a licensed feature. Verify a MACsec license is installed on all switches participating in MACsec before using this feature.

This document describes managing certificates and private keys in DMF.

Beginning with DMF version 8.9, the action keyword is required to add or modify actions within a managed service. This keyword is a mandatory token across all managed service submodes, providing a consistent way to define service behaviors.

DMF 8.9 introduces a redesigned Managed Services dashboard, replacing the former interface.

The Mask Dual-tone Multi-Frequency (DTMF) in Real-time Transport Protocol (RTP) feature supports masking digits in voice data to hide sensitive information, such as credit card or social security numbers. Masking of sensitive data is a compliance issue that various agencies require to obfuscate information before storage.

In DMF 8.7.0,  the redesigned integration configuration now masks the password field and improves the configuration management. Use the Edit icon to Add, Modify, or Delete the Integration configuration.

As of DMF-8.9.0, when several IP addresses are used in a single policy (whether via an address group or individually across match rules with otherwise identical conditions), the controller groups the addresses together and programs them as a field set on supported switches. This field set has a label that can be directly referenced by TCAM, which allows that TCAM entry to match against packets with any of the IP prefixes in that field set. This optimization dramatically reduces the TCAM consumption for policies that reference many addresses, allowing significantly more policies or addresses to be programmed without exceeding switch TCAM capacity limits. For example, on a switch incapable of performing this optimization, a policy matching traffic from a 100-entry source address group to a 100-entry destination address group would require 100x100=10,000 individual entries. With this optimization, the controller programs two field sets and a single match rule that references both field sets, reducing TCAM consumption from 10,000 entries to just 1 entry for that policy.

DMF 8.7.0 introduces an updated dashboard for viewing sFlow drops. The DMF analytics Node (AN) displays reasons for dropped packets as a Mirror on Drop (MOD) drop Flow sFlow collector by analyzing overall drops and drops by flow.

The Multi-vCenter VM Support in Single Policy feature enhances scalability and configuration management by allowing the inclusion of Virtual Machines (VMs) from multiple vCenters within a single policy. Previously, integrating a large number of vCenters with a single DMF fabric required a separate policy for each instance. With this update, DMF supports configuring match rules to include multiple VMs across disparate vCenters, unifying policy application and reducing configuration overhead.

The new Switches page provides a modernized overview of all switches configured in DMF. A header and tabulated layout allow observation of different aspects of installed switches and provisioning new switches while on the same dashboard.

DMF version 8.8.0 introduces a redesigned workflow for Interface Groups in the DMF UI. An interface group is a collection of one or more filter or delivery interfaces, making it more convenient to create a policy. Users won't need to specify each individual interface to which the policy will apply.

DMF 8.7.0 introduces a redesigned Recorder Node configuration workflow, monitoring page, and query workflow. 

The Nutanix Prism Central vendor integration enables the DANZ Monitoring Fabric (DMF) to fetch the inventory of the infrastructure and resources managed through Prism Central. This inventory includes information on entities such as virtual machines, virtual NICs, and hosts. The integration also helps to monitor virtual machines by creating network monitoring policies based on virtual machine names.

DANZ Monitoring Fabric (DMF) 8.9.0 adds a new managed service action, called record, to the Service Node (SN). This action enables packet recording using an SN similar to a Recorder Node (RN) and supports basic packet recording and querying capabilities.

In previous versions, the DMF Controller had a hidden CLI command to change the log level from INFO to WARN for a particular port down log in the DMF Controller. This hidden command has been removed in DMF 8.7.0. The following is an example of the hidden command:

This feature keeps the configured hostname for a managed appliance and the actual hostname on the managed appliance aligned. Before this change, the configured hostname for a managed appliance on the controller and the actual hostname on the managed appliance could be different.