Tag :: DMF

The new 96TB Recorder Node SKU (DCA-DM-RN760), primarily designed as a lower-cost model, meets lower data retention and recording performance requirements and is supported starting from DMF 8.7.0.

The Analytics Node (AN) enables the correlation of 5-tuple data from Flows and DMF metadata with the corresponding packets retrieved from the Recorder Node (RN). Previously, the system displayed Egress sFlow® to indicate potentially recorded flow packets.

The Recorder Node (RN) supports being managed by CloudVision (CV) on-prem starting DMF 8.7.0. This feature extends support to CVaaS starting DMF 8.8.0. Recorder Node was not supported with CVaaS before 8.8.0 because of an RN requirement to store the query results file in CV while archiving the query results. However, this was not permitted on CVaaS as these files might contain data that cannot be stored in a cloud service. This feature supports CVaaS by allowing the RN to store query result files.

This document provides a comprehensive overview of the redesigned Alerts page, detailing its features and how to use them to monitor and manage Fabric health effectively. The new design improves clarity, usability, and the efficiency of alert management.

The regex-session action enables matching of Regular Expression patterns against packet content. When a packet matches the specified pattern, its session is tracked based on configured timeouts and other parameters including, anchor, offset, and ip-proto.

This document describes the workflow for renaming a Group Name in DMF. Navigate to Security → Groups and select Groups.

Link Aggregation Group (LAG) or port channel interfaces comprise multiple member interfaces. Network devices typically distribute packets across the member interfaces using a hash computed from packet header fields. The Round-Robin LAG Distribution feature introduces a new packet distribution method: the round-robin method. A round-robin LAG configuration balances packets evenly across all member interfaces in a sequential, round-robin fashion.

Beginning with DMF version 8.9, the action keyword is required to add or modify actions within a managed service. This keyword is a mandatory token across all managed service submodes, providing a consistent way to define service behaviors.

The Rule Groups Dashboard aligns with modern DMF User Interface (UI) standards. This view maintains full functional parity with the previous version while delivering a consistent and unified user experience.

Session templates allow supported DANZ Monitoring Fabric (DMF) managed service actions to specify a selection of keys for matching packet fields and classifying flows. If an action lacks a defined session template, the system applies the default template appropriate for that action. Specified keys provide valid values for the IPFIX record. As of release 8.10, session template support includes TCP Analysis, Flow Diff, and Session Slice.

Add support for configuring SHA-256 for NTP keys used in NTP server authentication.

The SHA-256 Support for SNMPv3 feature implements 256-bit encryption for SNMPv3 interactions on the DMF Controller and managed devices. Configuring the SHA-256 authentication protocol option enhances the User-based Security Model (USM) by enforcing 256-bit encryption standards.

With the DANZ Monitoring Fabric (DMF) 8.7 release, a DMF Controller will allow multiple managed services to share a delivery interface with an IP address, commonly called an L3 delivery interface. These interfaces redirect the packets processed by managed services to the required tool nodes for further analysis. Sharing an L3 delivery interface is useful when applying different actions to a packet that otherwise cannot be chained together in one managed service when sending it to the same destination.

With the DANZ Monitoring Fabric (DMF) 8.7 release, a DMF Controller will allow sharing of managed services utilizing L3 delivery interfaces (e.g., NetFlow, IPFIX, app ID, etc.) across multiple policies. In prior releases, DMF did not support managed service sharing because the L3 delivery interface was an optional setting in a policy configuration. However, sharing is now supported because the managed service configuration must now specify the L3 delivery interface.

This feature supports enabling and configuring SSH host key algorithms. Along with existing SSH crypto configurations, this enables Secure Shell Daemon (sshd) configurations managed by DMF not to use SHA-1-based algorithms. DMF imposes the default SSHd configuration in the absence of configured SSH host key algorithms and MACs, which will not include SHA-1 algorithms by default.

The feature exposes metrics and health status of storage devices on controllers and all managed nodes, but not switches.

The feature exposes metrics and health status of storage devices on controllers and all managed nodes, but not switches. Metrics and health status are updated every minute and exposed through the Telemetry collector

This feature adds support for the following IPFIX keys TCP Source Port, TCP Destination Port, UDP Source Port, UDP Destination Port

DMF 8.7.0 provides support for Management Redundancy on an Extensible Operating System (EOS) Fixed System Chassis. It provides a method to enable redundant active/active connectivity on the management IP address for a Danz Monitoring Fabric (DMF) switch in a fixed system chassis using an out-of-band management port and a front-panel port on the switch.

This document describes a new feature of Arista Analytics that can process sFlow^® records containing IP packets encapsulated in additional protocol headers.

Use this feature to configure Access Control Lists (ACLs) on a managed device that do not directly reflect the ACLs configured on the controller. Specifically, a user can override the user-configured ACLs on the controller (generally inherited by the managed devices) so that ACLs allowing specific types of traffic from the controller-only are pushed to managed devices.

Often, there is a need to accept IPFIX/NFv9 and NFv5 traffic arriving at ports other than the standard 4739 and 2055 ports, respectively. To address this need, DMF allows the following non-standard ports to forward traffic to their standard ports on the physical IP of the Analytics Node (AN) and the cluster's Virtual IP (VIP).

Often, there is a need to accept IPFIX/NFv9 and NFv5 traffic arriving at ports other than the standard 4739 and 2055 ports, respectively. To address this need, DMF allows the following non-standard ports to forward traffic to their standard ports on the physical IP of the Analytics Node (AN) and the cluster's Virtual IP (VIP).

The system reinstall feature allows users to reinstall EOS on an Arista switch. A system reinstall is accomplished by removing the local startup-config/zerotouch-config on the switch so the DMF controller no longer manages it. Rebooting the switch restarts the Arista native ZTP process and requests a fresh image from the controller.

The Switch-less Service Node (SN) feature enables the direct installation of managed services on a service node, eliminating the requirement for an associated policy or connected switch. This capability supports deployments that are independent of the full Network Packet Broker (NPB) switching infrastructure. Existing workflows support the direct installation of managed services, such as filtering and deduplication, on the SN.

On platforms with multiple FAPs (e.g., chassis), hashing parameters (hash seed, polynomial, etc.) must be synced across all the FAPs when symmetric hashing is enabled to ensure hashing behavior is consistent for any given ingress port. The fix applies to all DMF Sand platforms running EOS.

The Dapper action, derived from Brown University research, identifies TCP session issues by measuring specific connection attributes. This analysis determines whether performance degradation stems from the client, server, or network devices.

DMF 8.7.0 introduces an updated dashboard for analyzing TCP Flows from Dapper. The DMF Analytics Node (AN) displays TCP Window, Network Loss, Zero Window, RTT vs Sender Reaction Time for flows or select Flow from TCP Health Flows.

The following describes LAG hashing for L2GRE and VXLAN transit traffic on Arista 7050X4 platforms: For L2GRE transit traffic, LAG hashing uses only the encapsulated (inner) packet header fields. There is no option to use underlay (outer) packet header fields. When the encapsulated packet is IP, the system uses the IP parameters configured with hash ipv4 or hash ipv6 for hashing.

UDF is an important DMF feature that matches customized fields in packet payloads for network traffic filtering on the Arista 7050X4 Series. Only supports IPv4 traffic UDF filtering, Maximum UDFs per rule: 6 UDFs.

DMF 8.7.0 introduces an updated dashboard for viewing tunnel traffic. The widgets display traffic distribution by tunnel type using sFlow traffic categorized by a combination of Ethernet Type, Protocol, and L4 ports. Recognized tunnels include:

The Command-API (CAPI) client on the Controller utilizes port 443 for EOS connectivity.

The Arista Service Node (SN) provides specialized packet processing within the DANZ Monitoring Fabric (DMF), which is not easily accomplished within the CPU on a switch.  The SN provides a packet processing pipeline tied to a physical interface, reading packets and writing results from the same interface.

This document describes the usage of wildcard tunnels for VMware vCenter monitoring. The current implementation of VMware vCenter creates one tunnel interface from every ESXi host to DMF.