For Recorder Node queries, the recorded packets matching a specified query filter may contain duplicates when packet recording occurs at several different TAPs within the same network; i.e., as a packet moves through the network, it may be recorded multiple times. 

DMF-8.4.0 Recorder Node

This document describes a new feature of Arista Analytics offering the ability to consolidate Netflow V9 and IPFIX records by grouping those sharing similar identifying characteristics within a configurable time window.

Text running-config commands can be converted into a snapshot (JSON snapshot). A new keyword is added to the ‘copy running-config snapshot://sample’ command: the ‘transaction’ CLI keyword can be used to perform the conversion, which can also be used to create a snapshot with specific commands included.

CLI DMF-8.4.0 Copy command

The D.MAC Rewrite feature provides user an option to identify Filter interface by overriding the destination MAC address of the packet received on the filter interface. This feature works in push-per-filter and push-per-policy modes and is used for auto-assigned and user-configured VLANs.

DMF-8.4.0 D.MAC Rewrite

The newly designed dashboard for DMF 8.4 onwards displays information about the controller, including switches, interfaces, policies, and Smart Nodes.

DMF-8.4.0

This document lists new hardware support and other changes in DMF release 8.4.0.

DMF-8.4.0

Before version DMF-8.4, the fabric-wide settings (Features section in the screenshot below) were available on the home page (after logging in). In DMF-8.4, a newly designed Dashboard replaces the old home page. The Features section is now the new DMF Features page.

DMF-8.4.0 DMF Features

Monitor applications identified from packets taken from filter interfaces and sent through the fabric by sending IPFIX reports to a collector. Filter by forwarding or dropping packets from specific applications before they are sent to the tools.

DMF-8.4.0 App ID

Currently, the controller uses HTTP to access ZTP install scripts and software images. HTTP does not provide the security required in today’s network environments, so the need for HTTPS support arose in those customer environments where all port 80 traffic (HTTP) is blocked. Blocking HTTP access makes the DHCP-based installation of Switchlight and other required software impossible.

DMF-8.4.0

IPAM-assigned IP addresses for switches should be persistent across DMF upgrades in single-node mode as they are in HA mode.

DMF-8.4.0 BSN IPAM BARFE-802

The L2GRE Key-based hashing feature allows the L2GRE packets to hash based on the L2GRE (Tunnel) Key on Core DMF switches. 

DMF-8.4.0 L2GRE

This document describes the L2GRE feature for Jericho switches. L2GRE tunnel support for DMF enables virtual connectivity when the DMF fabric lacks physical connectivity to either the production network, tool devices, or both. It does so by tunneling traffic from the production network to the DMF fabric or from the DMF fabric to tool devices. Using tunnels as core links enables virtual connectivity where the DMF fabric is not physically connected. 

DMF-8.4.0 Tunnels

This feature removes unwanted or unneeded bytes from a packet at a configurable byte position (offset). This approach is beneficial when the data of interest is situated within the headers or early in the packet payload. This action reduces the volume of the monitoring stream, particularly in cases where payload data is not necessary.

DMF-8.4.0 Packet slicing

Timestamping is an essential tool for network engineering and performance analysis. Users who wish to use the timestamping functionality of 7280R3 switches can now do so in their DMF environment. This functionality allows setting a high-precision timestamp on every data stream packet for analysis—the hardware clock of the switch syncs using PTP to attain high precision. Users choose a data stream by configuring a policy and enabling this feature on the same policy. Filter switches receiving production traffic in the DMF fabric use this feature to timestamp packets by matching them to the timestamping policy and forwarding these packets to tools using configured delivery interfaces in the policy.

DMF-8.4.0 PTP Timestamping

Users wishing to be notified about packet drops or high link saturation in the DMF fabric can receive SNMP traps for these events. Specifically, when trap generation is enabled, the following events will send an SNMP trap to the configured trap collector:

SNMP DMF-8.4.0

This feature introduces the ability to mirror the SSH/HTTPS cryptographic configuration of the DMF controller to the managed appliances (i.e., service nodes and recorder nodes) and the SSH cryptographic configuration of the controller to the EOS switches.

EOS DMF-8.4.0 ZTN MAs Ciphers/Macs

A DMF fabric is made up of groups of switches, known as islands, that are connected over the data plane. There are no data plane connections between switches in different islands. When Push-Per-Filter forwarding is enabled, monitored traffic is forwarded within an island using the VLAN ID associated with a Filter Interface. These VLAN IDs are configurable. Previously, the only recommended configuration was for these VLAN IDs to be globally unique. 

Vlan DMF-8.4.0

Use this feature to configure Access Control Lists (ACLs) on a managed device that do not directly reflect the ACLs configured on the controller. Specifically, a user can override the user-configured ACLs on the controller (generally inherited by the managed devices) so that ACLs allowing specific types of traffic from the controller-only are pushed to managed devices.

EOS DMF-8.4.0 DMF ZTN ACLs

The system reinstall feature allows users to reinstall EOS on an Arista switch. A system reinstall is accomplished by removing the local startup-config/zerotouch-config on the switch so the DMF controller no longer manages it. Rebooting the switch restarts the Arista native ZTP process and requests a fresh image from the controller.

EOS DMF-8.4.0 DMF ZTN

The Analytics Node (AN) incorporates a feature known as topic_indexer, designed to facilitate data ingestion from customer Kafka topics and its subsequent storage into Elasticsearch indices.

This document describes the new updates to DMF release 8.4’s verified scale and performance numbers.

DMF-8.4.0 Verified Scale

In DMF metadata is appended to the packets forwarded by the fabric to a tool attached to a delivery interface. This metadata is encoded primarily in the outer VLAN tag of the packets. By default (using the auto-delivery-strip feature), this outer VLAN tag is always removed on egress upon delivery to a tool. This feature introduces a choice to selectively preserve a packet's outer VLAN tag instead of either stripping all VLANs or preserving all of them.

DMF-8.4.0 VLAN Preservation

VxLAN hashing enables hashing on a VxLAN payload, including hashing on Inner L3 Source IP, Inner L3 Destination IP, Inner L2 Source MAC, and inner L2 Destination MAC. This only applies to terminated cases.

DMF-8.4.0 VxLAN Hashing

This document describes the usage of wildcard tunnels for VMware vCenter monitoring. The current implementation of VMware vCenter creates one tunnel interface from every ESXi host to DMF.