Network Automation 6.8.6 Release Notes

INTRODUCTION Network Automation 6.8.6 Maintenance Release is an important update that provides performance improvements and fixes for customer-reported issues. Customers running Network Automation 6.8.5 and earlier are encouraged to update their systems to this release at the earliest opportunity. Network Automation 6.8.6 is a cumulative release and includes all resolved issues from release 6.8.1 through 6.8.5. These Release Notes are also cumulative, and list resolved issues from releases 6.8.1 through 6.8.5, with a list of Open Issues as of the 6.8.6 Maintenance Release. The following sections describe upgrade guidelines, additional device support, resolved issues, and known issues.

GUIDELINES FOR UPGRADING TO NETWORK AUTOMATION 6.8.6 Network Automation 6.8.6 can be applied as an upgrade to systems running Network Automation 6.6.3, 6.7.3, or 6.8.1 through 6.8.5. Customers at an earlier release version must first upgrade to one of the listed releases, prior to applying the 6.8.6 upgrade. Note: Even though upgrades from 6.6.3 and 6.7.3 are supported, upgrades from 6.7.1 or 6.7.2 are not. If running one of those versions, upgrade to 6.7.3 first. Warning: Previous caveats about upgrades starting from the 6.6.3 and 6.7.3 releases still apply. A slight possibility exists that an upgrade from those releases may result in a system that requires a power-cycle during the upgrade-reboot process. Additionally, warning messages about connecting to MySQL may be displayed during the upgrade process. Corrections have been made, and upgrades from earlier versions of 6.8.x have not shown these problems. For customers at 6.8.x with systems that connect to the AutoUpdate server, the 6.8.6 upgrade can be done automatically. For customers at an earlier (supported) release, or for systems that do not connect to the Internet/AutoUpdate server, you will need to download the upgrade image file and SCP it to the admin users’ directory on the appliance. 

The upgrade image file is ib_network_automation-v6.8.6.74296.gpg. Run the standard AutoUpdate utility from the Network Automation Admin Shell to perform the upgrade.

Upgrade your Sandbox Instances Ensure that Sandboxes (either Local or Remote) are fully and properly upgraded (to the starting release version) prior to starting an upgrade to 6.8.6. If the sandbox is in an incorrect state prior to a 6.8.6 upgrade, this may create issues while upgrading to 6.8.6. 

Local sandbox instances for Network Automation will be automatically upgraded to 6.8.6.



Remote Sandbox instances (e.g., Sandbox instances on a VM server) must be manually upgraded using the ‘sandbox reset’ command from the admin shell. See the topics Using the Network Automation Sandbox and Setting Up a Remote Sandbox in the online Help for more information.

© 2014 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners. P/N 400-0517-005

Page 1 of 26 7/1/2014

Network Automation 6.8.6 Release Notes Supported VMware Versions The supported VMware versions now include ESXi 5.0x and ESXi 5.1x. Infoblox also offers Network Automation in a virtual machine version. The following VMware platform releases support Network Automation 6.8.6 VM operation (as a 6.8.x install followed by an upgrade to 6.8.6): 

ESX/ESXi 4.1



ESXi 5.0x and ESXi 5.1x



VMware Workstation 9.0 and 10.0



Fusion 5.0.3 on Mac OSX 10.8

Device Support Updates The following devices are supported, or have increased collection capabilities in Network Automation 6.8.6: 

Alcatel OS640048 v.6.4.3.717.R01 Switch-Router



Alcatel OS6850224X v.6.3.4.569.R01 Switch-Router



BlueCoat sg600 v.6.4.4.1 Proxy



BlueCoat sg900 v.6.5.2.3 Proxy



BNT g8124 v.6.8.12 and v.6.8.19 Switch-Router



Cisco SF300-24P v.1.2.7.76 Switch



Cisco SF300-48P v.1.3.5.58 Switch



Cisco SG300-10P v.1.2.7.76, and v.1.3.0.26 Switch



Cisco WsC3750g24ps v.7.0.230.0 Wireless Controller



H3C HP 6125XGXLG v.7.1.035 Switch



HP ProLiant C-Class BladeSystem GbE2c v.5.2.9 Ethernet Blade Switch



Nortel ERS-8306 v.4.2.3.0 Switch-Router

The following devices are newly supported, or have increased collection capabilities in Network Automation 6.8.5: 

No additional devices

The following devices are newly supported, or have increased collection capabilities in Network Automation 6.8.4 as noted below: 

Allied Telesys x610_24Ts v.5.4.1-2.8 Switch-Router



Allied Telesys x610_24Ts v.5.4.2-3.14 Switch-Router



BNT G8000 v6.8.6 Switch-Router (incomplete)



BNT G8124 v1.1.4 Switch-Router



Cisco Nexus 3000 C3064PQ10GE v5.0(3)U5(1c)



Cisco Nexus N5KC5596Up v5.0(3)N2(1) Switch



Cisco Nexus N5KC5596Up v5.1(3)N2(1a) Switch



Force10 s4810 v9.1(0.0) Switch-Router



H3C hpA360024V2EI v5.20.99, R.2101P01 Switch



Nortel ERS-4850GTS-PWR-PLUS v5.6.3.025 Switch

© 2014 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners. P/N 400-0517-005

Page 2 of 26 7/1/2014

Network Automation 6.8.6 Release Notes 

Nortel ERS-5650-TD-PWR v6.2.6.034 Switch-Router



Nortel ERS-5698-TFD-PWR v6.2.6.034 and v6.2.6.035 Switch-Router

The following devices are newly supported by Security Device Control in Network Automation 6.8.4 as noted below: 

Cisco Nexus 7009 NX-OS 6.1(4a)

The following devices are newly supported, or have increased collection capabilities in Network Automation 6.8.3 as noted below: 

Cisco ASASm1sc v9.1(3) Firewall



Enterasys K10 v07.72.01.0021 Switch-Router



Enterasys MatrixN1 v07.62.05.0001H Switch-Router



Enterasys MatrixN3 v07.62.05.0001H Switch



Enterasys MatrixN7 v07.62.05.0001H Switch



Enterasys MatrixN7Gold v07.62.05.0001H Switch



Enterasys MatrixX4 v02.00.00.0008H Switch-Router



Enterasys MatrixX4 v02.00.02.0001 Switch-Router



Enterasys MatrixX16 v02.00.00.0008H Switch-Router



Enterasys MatrixX16 v02.00.02.0001 Switch-Router



Enterasys S1A v08.11.01.0014 Switch-Router



Enterasys S8 v08.11.01.0014 Switch-Router



HP J9089A v. R.11.44 Switch



HP J9627A v. RA.15.10.0010 Switch

The following devices are newly supported, or have increased collection capabilities in Network Automation 6.8.2: 

Juniper SRX100 JunOS 12.1R6.5 Firewall



Improvements are also provided in this release for Juniper JunOS stateful (flow mode) firewall rules support.

The following devices are newly supported, or have increased collection capabilities in Network Automation 6.8.1: 

Alcatel Omnistack 6024 V2.50.05 Switch



Alcatel Omnistack 6124 V3.30.03 Switch



Alcatel Omnistack 6148 V3.30.03, V3.30.08 Switch



Blue Coat Proxy SG9000 V6.4.4.1



Cisco Nexus N1KV 4.2(1)SV2(2.1) Switch



H3C (HP) hpA51204PEI V5.20 Release 2208P01 Switch



Huawei ar28-10 V. RP3.40-RT-0103(L031) Router



Nortel ERS4550T V5.3.2.007 Switch



Nortel ERS-8310 V4.2.3.2 Switch-Router



Nortel ERS-8606 V5.1.8.1 Switch-Router

© 2014 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners. P/N 400-0517-005

Page 3 of 26 7/1/2014

Network Automation 6.8.6 Release Notes GUI REQUIREMENTS Infoblox supports the following Web browser versions for Network Automation 6.8.6 release: OS Microsoft Windows 7

Browser ®

Microsoft Internet Explorer® 9.x, 10.x Mozilla Firefox 24.x ESR, 17.x ESR Google Chrome 31

Microsoft Windows 8®

Microsoft Internet Explorer 10.x Mozilla Firefox 24.x ESR, 17.x (ESR)

Microsoft Windows XP® (SP2+)

Microsoft Internet Explorer 8.x Mozilla Firefox 24.x ESR, Mozilla Firefox 17.x ESR Google Chrome 31

Red Hat® Enterprise Linux® 6.x

Mozilla Firefox 24.x ESR, 17.x ESR Google Chrome 31

Red Hat Enterprise Linux 5.x

Mozilla Firefox 24.x ESR, 17.x ESR Google Chrome 31

Apple® Mac OS X 10.7.x/10.8.x

Safari 6.x Mozilla Firefox 24.x ESR, 17.x ESR Google Chrome 31

Infoblox recommends using Mozilla Firefox or Google Chrome for best performance. When viewing Network Automation, set the screen resolution of your monitor as follows: Minimum resolution: 1024x768 Recommended resolution: 1280x800 or better

TECHNICAL SUPPORT Infoblox technical support contact information: Telephone: 1-888-463-6259 (toll-free, U.S. and Canada); EMEA, +32 3 2590440; +1-408-986-4000, ext. 1 E-mail: [email protected] Web: https://support.infoblox.com

DOCUMENTATION Download the latest Network Automation Installation Guide from the Infoblox Support page: https://support.infoblox.com. Training Locate training information at the following address: https://support.infoblox.com/support/training.

© 2014 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners. P/N 400-0517-005

Page 4 of 26 7/1/2014

Network Automation 6.8.6 Release Notes NEW FEATURES IN 6.8.6 API Updates The Network Automation API is updated to version 2.9. Get Configs A new Get Configs provides on-demand configuration collection through the Network Automation API, CCS Scripting and through Perl scripting: 

Two new APIs: get_configs (initiates the GC request for a device and returns a TrackingID; and the get_config_status API polls the status of the TrackingID and returns the current Status;



The CCS scripting language supports a new GET-CONFIGS directive to collect configuration data in synchronous or asynchronous mode (synchronous determines that the script stops executing until the GET-CONFIG directive completes; asynchronous determines that the script resumes execution while the GET-CONFIGS directive executes in the background. The default mode is synchronous;



Perl scripting supports a new get_configs method in NetMRI_Easy.pm with an optional $mode parameter to specify synchronous or asynchronous mode. The default mode is synchronous.

See Appendix A for additional Details. Device Support Request Update Device Support Requests Worksheet has been improved to account for devices that time-out (or appear to timeout) while collecting SNMP Walk data. As before: if the device is reachable from Network Automation, the task runs in Automated mode, where SNMP data collection is automatically handled in the background; and if the device is not reachable from Network Automation, the tool runs in Manual mode, where the user manually uploads the SNMP walk data. Now, however, if the device times out, the Worksheet will allow the user to continue, as if in Manual mode, and provide an SNMP Walk collected through other means, or verify that the Walk already collected is complete, and use that for the submission. The md5sum command is available from the Network Automation Admin Shell The md5sum command allows users to directly verify a file against a known md5sum value. It is the standard Linux command, made available within the Admin shell to allow the Admin user to verify the integrity of file transfers, by comparing the md5 value of the transferred file.

NEW FEATURES in 6.8.5 No new features are provided in the 6.8.5 release.

© 2014 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners. P/N 400-0517-005

Page 5 of 26 7/1/2014

Network Automation 6.8.6 Release Notes NEW FEATURES in 6.8.4 Download config templates to a text file Release 6.8.4 enables downloading of a previously defined config template as a text file for use in handconfiguring an undiscovered device. The Config Management –> Job Management –> Config Templates page’s Run Now feature offers a new Text File push mode. For more information, see the sub-topic Downloading a Config Template in the online Help or in the Infoblox Network Automation Administrator’s Guide. New Standard Report: Discovery Status The Discovery Status Report appears in the Reports -> Report Gallery -> Assets category. You can select one or more device groups and receive a report detailing CLI and SNMP data collection status, and config collection status. It provides the following data points and the timestamps for the last actions for each device involved in the report: 

IP Address and Device Name



License Status – Indicates whether device is licensed or trial, and if any feature licenses are in place



Device Type – Router, Switch-Router and other associated device types.



CLI Credential status – indicates successful or failed authentication



SNMP Credential status – indicates successful or failed authentication



SNMP Collection status – indicates successful or failed data collection through SNMP



Config Collection status – indicates whether configuration changed prior to last collection cycle



Reachable – OK indicates verified device reachability.

Discovery API Calls Network Automation 6.8.4 provides a set of API calls in the new Discovery API category. Go to Tools -> Options -> API Documentation for more information. New Standard Report: Config Change Audit Details The Config Change Audit Details Report appears in the Reports -> Report Gallery -> Change and Config category. You can select one or more device groups and receive a report of summary information of config changes made to a group of network devices over a specified time period. The Detected Changes chart shows the number of changes that occurred for each date in the measurement period. A Most Changed Models pie chart shows the devices exhibiting the largest number of changes. Improved Security Device Controller support for Nexus 6.1 Security Device Controller provides an update to Cisco Nexus device support for improved provisioning support of multiple ACLs.

© 2014 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners. P/N 400-0517-005

Page 6 of 26 7/1/2014

Network Automation 6.8.6 Release Notes NEW FEATURES in 6.8.3 New privilege available Release 6.8.3 adds a new privilege for User Roles. Custom Data: Input Data enables non-SysAdmin users to edit custom field values. Previously only SysAdmin users could create custom fields and edit them. Creating customs fields still requires a SysAdmin role; with this change, other roles can be granted the privilege to edit the data in these fields.

NEW FEATURES in 6.8.2 Juniper Flow Mode Support The Security Device Controller (SDC) feature now supports JunOS 12.1X (specifically 12.1R6.5) devices that are configured with Flow Mode.

NEW FEATURES in 6.8.1 System Health Monitoring Network Automation offers a System Health feature to provide a detailed view of the system health of the Network Automation appliance, including status of hardware components such as RAID hard drives and power supplies, system temperatures, resource utilization, network connectivity, software versions and operating system status, and many more aspects of Network Automation health. Network Automation provides two visual inputs to notify and assist the administrator in responding to issues in the Network Automation appliance: •

Report message banners at the top of the Network Automation screen provide quick notification of problems. The banner provides a link to immediately determine details for the issue, and to provide issue codes to Infoblox Support.

•

A Settings page, System Health, provides a more-detailed list of the problems affecting the system, including Collector appliances in an Operation Center environment (where applicable).

Platform Capacity The Platform Capacity feature ensures that all Network Automation appliances (virtual, 1102-A, NT-1400, NT-2200 and NT-4000) maintain effective performance by enforcing capacity limits for each appliance type. Each appliance model supports a specific number of network infrastructure devices. Feature licensing is another consideration for each appliance: for example, you should determine when a feature license for Security Device Control or Switch Port Manager is fully allocated. In an Operations Center environment, you may need to verify that a Collector’s device licensing is fully used and locate other Collectors with available capacity. Platform Capacity enables users to know when Network Automation licensing levels and licensed device support are fully utilized. You can decide when discovery and management tasks may need to be distributed to other appliances, and when you can increase allocations on an appliance to manage more devices. Platform capacity uses three metrics: Platform Limits, Licensing Limits and Effective Limits. Through the System Health and Platform Capacity features, Network Automation provides system hardening features to help prevent job overloading on a Network Automation appliance. For example, if a user specifies a very large Job while the appliance is currently running a large Report or is performing a large Discovery process, the appliance may notify the user of a possible system utilization issue, and automatically reduces the system resources allocated to current tasks to prevent overloading. © 2014 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners. P/N 400-0517-005

Page 7 of 26 7/1/2014

Network Automation 6.8.6 Release Notes Device Support Requests Device Support Requests provides an Automated Data Collection feature for new versions, makes and models of infrastructure devices. Network Automation users may use both SNMP and command-line instructions to quickly build a custom Device Support Request package. Sending the compiled Device Support Request to Infoblox enables faster support and control for new types of infrastructure devices, new operating system versions, and new models of existing device product lines that are not supported by Network Automation. Though you can submit this data to Infoblox without prior coordination, Infoblox recommends that you work with your account team to coordinate all device support requests, to ensure they are properly prioritized.

© 2014 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners. P/N 400-0517-005

Page 8 of 26 7/1/2014

Network Automation 6.8.6 Release Notes RESOLVED ISSUES 6.8.6 NETMRI-21216 – Network Automation does not exit out of F5 devices. NETMRI-21215 – SSL certificates are lost on every Network Automation upgrade. NETMRI-21185 – OC: Slow Device Group Member consolidation causes a System Health PROC070 message. NETMRI-21154 – Job Notification Emails are broken. NETMRI-21112 – Network Automation tests remote storage availability even when the frequency setting is disabled. NETMRI-21111 – Update to assist in identification of Cisco WOC devices. NETMRI-21076 – Correct sort data for customer reports in CustomReportRunner. NETMRI-21048 – Prevent raising of Backpressure alarms against features when those specific features are not licensed. NETMRI-21036 – Perl update: Fix for DoTest.pl which previously tested all enable passwords even after correctly guessing one. NETMRI-21030 – Explicitly set SQL delimiter prior to running query in qBridge.pm to correct Juniper endhost display issue. NETMRI-21024 – Upgrade OpenSSL to 1.0.0.m. NETMRI-20984 – ARP Cache Refresh pings bogus IP Addresses during Weekly Maintenance. NETMRI-20983 – Weekly Maintenance Notifier Page should not return status 200 messages. NETMRI-20972 – Network Automation does not create the /var/local/netmri/certs/https directory before trying to write to it. NETMRI-20967 – Add debug logging back for CLI route collection. NETMRI-20958 - Sorting by multiple columns is broken for Custom Reports when scheduling or exporting to CSV. NETMRI-20956 – Notification Subscriptions run for too long and eventually time out. NETMRI-20954 – Custom VLAN reports (for root bridge) returns a NULL value in the VTP Domain report data column. NETMRI-20940 – Remote Config Archive should include last revision for each device regardless of age. NETMRI-20939 – SNMPv3 passphrase changes not honored. Walk still successful using default passphrase rather than newly added one. NETMRI-20915 – Device Support Request tool will timeout if device does not return expected ‘end of SNMP walk’ data. NETMRI-20914 – OC/Collector Resyncs lead to out-of-sync data if factory default scripts have been deleted. NETMRI-20903 – Jobs and config collections fail for CatOS devices with a "PTY allocation request failed on channel 0" message. NETMRI-20898 – Cisco VLAN collection does not get VTP data from some device types. © 2014 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners. P/N 400-0517-005

Page 9 of 26 7/1/2014

Network Automation 6.8.6 Release Notes NETMRI-20863 – Security log needs to be rotated and pruned. NETMRI-20854 – OSPF-related issues (example: ‘OSPF Area not connected to backbone’) display N/A fields In Settings -> Issue Analysis -> Suppression. NETMRI-20849 – API sometimes returns all data, regardless of limits by multiple group IDs. NETMRI-20780, NETMRI-20799 – ImportDSB times out under certain conditions. NETMRI-20778 – Add md5sum command to Admin Shell. NETMRI-20777 – Overall Score History graph is incomplete if timeframe spans a device group add/delete. NETMRI-20773 – Issue Detail viewer may not display any devices for past dates. NETMRI-20771 – Network Automation showing Enabled for Trunk ports as disabled when the port is trunking. NETMRI-20764 – Numerical IP address column in custom reports split in two when exported to CSV. NETMRI-20757 – Config archives only need to include configs from the past 7 days. NETMRI-20749 – The Ports screen in Network Insight -> Summaries -> Ports is slow when selecting past dates. NETMRI-20725 – Sent Notifications screen is slow due to size of reported Event. NETMRI-20724 - Custom Report ignores specific column sort order. NETMRI-20716 – OC: Deployed Policies are Not evaluated and Observed Repetitive warnings NETMRI-20708 – TAE: Allowed DHCP Servers list is cleared on upgrade NETMRI-20705 - VLAN Definition Missing issue always displays N/A for the data fields in Settings -> Issue Analysis -> Suppression view. NETMRI-20689 – Nexus CLI route collection parsing fails for a duration of a year or longer. NETMRI-20687 – Improve "Confirmation failed, halting download" failure reporting. NETMRI-20685 – OC – Job Viewer - Error during tar extraction in jobs. NETMRI-20671 – SOFT132-A software problem message was detected. NETMRI-20667 – Storage Trend Chart gets confused by negative numbers. NETMRI-20620 – FactoryReset needs to remove archive database. NETMRI-20611 – Custom report ‘EndHost History’ may have blank output in some circumstances. NETMRI-20593 - Issue Viewer Last Seen time is incorrect. NETMRI-20579 - Cisco memory OIDs can return 0, causing Network Automation to assume Memory collection failed. NETMRI-20573 - Custom reports containing IP address columns include extra columns with numeric IPs when exported to CSV. NETMRI-20567 – ‘File not available’ message seen in displaying job details on an OC system under certain conditions. © 2014 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners. P/N 400-0517-005

Page 10 of 26 7/1/2014

Network Automation 6.8.6 Release Notes NETMRI-20556 - Expand database coverage for getMySQLStats (SendTechData). NETMRI-20423 - Policy rules fail due to "Invalid Indent" message. NETMRI-20416 - "704 Content Delivery Failed" message in Device Viewer -> Configuration Management -> Errors page when upgrading from 6.4. NETMRI-20407 - Missing tacacs-server lines and Hang-up in command pager prompt. NETMRI-20413, NetMRI-20288 – The reference registration process to convert from a standalone to Operations Center fails on larger data-sets. Customers who are converting to the OC architecture should not do so without coordination with Infoblox support. Recommend that any such conversion be delayed until after 6.8.5 is installed. NETMRI-20379 – If a credential is guessed via SNMPv1, v1 is used for all other device interaction, instead of v2, resulting in possible gaps in data collection for some categories where v1 does not have the same data as v2 (e.g. support for 64 bit). NETMRI-20366 – NetMRI Device Support Collection may not complete if started close to maintenance. NETMRI-20364 – The Device Support Request tool can fail on a NetMRI that is configured to use https only. NETMRI-20355 – Network Automation can occasionally mistake a BGP route for a static route. NETMRI-20351 - Add support for "&" character in Group Membership criteria (Settings -> Collectors and Groups). NETMRI-20349 – Disable PortControl “Edit VLAN Membership” option for aggregate member interfaces in Interface Viewer and SPM screen. NETMRI-20336 - OC: Reference registration takes many hours for collector with restored DB archive. NETMRI-20330 – Error when manually running Discovery Diagnostics. NETMRI-20324 – In the Settings -> Users table, sorting is incorrect with more than one page of results. NETMRI-20275 – DiscoveryStatuses#static fails on an OC when a UnitID value is not provided. NETMRI-20260 - ILO ports on HP windows servers don't get discovered properly. NETMRI-20221 – Network Automation may incorrectly set the time zone during an upgrade. NETMRI-20046 - Discovery Diag shows incorrect timestamps in 90 Day History. NETMRI-19959 - The application watchdog needs to ensure that there is one AnalysisBatch.pl process and another child process. NETMRI-19919 – The dataEngine.log file may contain numbers of extraneous messages, causing an excessively large log file. NETMRI-19876 – New Device Found will not trigger reliably in an Operations Center environment. NETMRI-19640 – Errors in firewall serial number values when polling Cisco ASA’s for inventory information. NETMRI-17678 – Issues do not stay suppressed after suppressing them in Network Automation.

© 2014 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners. P/N 400-0517-005

Page 11 of 26 7/1/2014

Network Automation 6.8.6 Release Notes RESOLVED ISSUES 6.8.5 NETMRI-20710 – Fix CVE-2014-3418.

RESOLVED ISSUES 6.8.4 NETMRI-20547 – Issue Viewer History graph incomplete when timeframe spans a device group add/delete. NETMRI-20499 – OC: Undeployed policies remain in the NA>Policy Compliance Page. NETMRI-20461 – Watchdog is restarting Skipjack and observing “system service restarting” dialog NETMRI-20440 – Generate System health message in cases of unexpected reboot. NETMRI-20438 – RESTful API autogenerated search method returns rows in reverse order. NETMRI-20436, NETMRI-20437 – Reduce memory usage and improve process management of System health processes. NETMRI-20417 – Collected configurations not visible in Operations Center. NETMRI-20389 – Configuration consolidation sometimes fails to complete. NETMRI-20374 – Operations Center: Collectors should overwrite existing scripts as an alternative to raising errors. NETMRI-20368 – Operations Center: Improve backpressure tuning for configuration consolidation. NETMRI-20363 – "Enforce this rule" field in Device Filter for Rule is not persistent between edits. NETMRI-20360 – Incorrect interface descriptions on Juniper devices. NETMRI-20333, NETMRI-20292 – Appliance experienced sudden stoppage, requiring power cycle to correct. Kernel change avoids deadlock on multi-CPU systems, so reboot will be automatic. NETMRI-20281 – ACL hit data collection occurs with licenses other than Security Device Controller, impacting performance. NETMRI-20258, – Large CCS and Perl jobs may sometimes never run for some devices, and show as ‘pending’. NETMRI-20243 – Data Pruning occasionally failed with large tables. NETMRI-20241 – Differences in Total Device Count following upgrade from 6.7.3 to 6.8.2. NETMRI-20232 – Script execution sometimes stalls when executing for larger data sets. NETMRI-20212 – User able to enter invalid characters when creating custom Policy Rule. NETMRI-20203 – remote Config Archive does not back up all config archives from the appliance. NETMRI-20199 – A custom Daily Config Change report could provide confusing output. NETMRI-20192, NETMRI-20217 – API script removes a link to the user Role but does not remove the User. NETMRI-20165 – "Error getting grid config from server" messages for deployed Custom Policy. NETMRI-20135 – v6.8-EnableRootDiagnostic.gpg Perl script fails on Operations Center. NETMRI-20133 – Nexus VLAN Viewer data shows wrong Root Bridge MAC address. © 2014 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners. P/N 400-0517-005

Page 12 of 26 7/1/2014

Network Automation 6.8.6 Release Notes NETMRI-20103 – API script does not handle device_ids across multiple collectors. NETMRI-20102 – Script processing backlogs when processing policies. NETMRI-20095, NETMRI-19964 – XFS file system may be corrupted after power cycling an NT-2200 Network Automation appliance shortly after startup. NETMRI-20070 – Correct occasional problem creating error message for ‘Add New User’. NETMRI-20062 – The System Health log journal file is not being pruned, causing large log file packages. NETMRI-20059 – Unable to view config files for some H3C devices using non-ASCII character set. NETMRI-20031 – In Settings -> Issue Analysis -> Suppression, random Suppressed Interfaces and Suppressed Devices display N/A for data fields. NETMRI-20023 – NT-1400 network interface error. NETMRI-20022 – Performing a Discover Now on a device logs the same message multiple times to the User Admin Audit Log. NETMRI-20018 – Some Health Diagnostic / System Alert info not logged. NETMRI-20006 – Config Manager cannot correctly update status when there is a semicolon in a device password. NETMRI-20005 – During Juniper DeviceContext collection, if no data is collected from the current poll, the collector does not remove existing entries from the database. NETMRI-19991 – Increase time to 15 minutes between SCP connection health check messages to the external archive storage system. NETMRI-19989 – Nortel ERS switch has space after prompt, causing CCS scripts to fail. NETMRI-19978 – When run over a 30-day period, the Change Audit Summary report displays an error message. NETMRI-19968 – Network Automation fails to configure Cisco devices if "Enter Enable Mode" is turned off. NETMRI-19955 – Security Control not properly parsing correctly collected Fortinet device configs into Rules. NETMRI-19948 – Some device configs are never collected when too many detected changes events occur. NETMRI-19944 – Config Search not respecting i (case insensitive) modifier for RegEx searches. NETMRI-19927 – Removal of a self-signed certificate from configurations to prevent running-config vs. saved-config diff issues, fails to properly remove the certificate, triggering a false "Config Running Not Saved" issue. NETMRI-19924 – SNMP credential guesser does not guess manually entered credentials. NETMRI-19871 – The Hardware Status page needs to be periodically pruned for out-of-date information. NETMRI-19870 – API call discoverNow.pl does not return correct output. NETMRI-19827 – Performance reports fails when passing the 1-Month boundary. NETMRI-19808, NETMRI-19809 – On an Operations Center, Scheduled and Ad Hoc jobs do not move past “Running” status on the first run, or past “Pending” for future job runs, and are not sent to the Collector. © 2014 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners. P/N 400-0517-005

Page 13 of 26 7/1/2014

Network Automation 6.8.6 Release Notes NETMRI-19787 – Policies having the DISA v8, r11 NET-NAC-009 rule take over an hour to evaluate after deploying the policy. NETMRI-19772 – Too many rows for Device Port partition tables. NETMRI-19752 – Network Automation not correctly identifying an Infoblox TE-1420 as a NIOS system. NETMRI-19447 – Network Automation does not log out from F5 Big IP systems after config collection. NETMRI-18330 – End Hosts routes (/32) need to be excluded from some devices. NETMRI-17864 – “Cannot create regular file” and Permission Denied” error when importing MIB through UI or CLI if file is already imported. NETMRI-16673 – Perl API should fallback to simple hashref if a remote class is not available. NETMRI-16666 – CLI credential guesser does not guess manually entered credentials.

© 2014 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners. P/N 400-0517-005

Page 14 of 26 7/1/2014

Network Automation 6.8.6 Release Notes RESOLVED ISSUES 6.8.3 NETMRI-19884 – Authenticated users with only ‘view’ privilege could retrieve device configurations via direct API calls. NETMRI-19839 – Configuration collection errors could occur on Riverbed Steelhead devices. NETMRI-19755 – Certain Network Automation appliance models fail to prune and/or collect certain types of log data. NETMRI-19750 – Network Automation allows copying of scripts into new copies, but disallows the deletion of the newly copied script. NETMRI-19749 – Custom views in Device Viewer -> Interfaces -> Performance page available only for date and period for which they were created. NETMRI-19734 – Perl jobs, shown as Running on Operations Center, do not run. NETMRI-19725 – Network Insight -> Inventory ->Interface Config displays swapped IP addresses for router interfaces. NETMRI-19717 – Some device names are not being populated through SNMP discovery. NETMRI-19701 – Some default policies may return an Unexpected Error message, possibly due to overly conservative default timeout settings. NETMRI-19699, NETMRI-19348 – Network Automation logging SQL error messages. NETMRI-19686 – Network Automation appliance could experience instability during maintenance. NETMRI-19663 – Found New Device events that are set to trigger a Job may produce ‘Could not determine Job ID’ messages. NETMRI-19661 – Interfaces previously showing as Available appear as Free after switch reboots. NETMRI-19637 – Some systems may experience occasional loss of network connectivity to the Network Automation appliance. A hotfix is available for this issue. To obtain the hotfix, contact Infoblox Support and provide this issue number. NETMRI-19628 – Config running Not Saved Issues displays invalid Time Difference values. NETMRI-19586 – Difference between unit scales of VLAN timers collected via SNMP and CLI. NETMRI-19556 – Upgrade from 6.7.3 to 6.8 GA release may display an error message when running a remote archive simultaneously with the upgrade. NETMRI-19544 – A supported device stuck at 72% Assurance level. NETMRI-19531 – A few forwarding table data entries might not be updated on some HP 2610 devices. NETMRI-19458 – Documentation needs updating to describe the required reboot during the Weekly Maintenance procedure. NETMRI-19424 – Add privilege for Roles that enables non-Admin users to edit custom field values. NETMRI-19348 – For some wireless devices, a base station name containing an apostrophe might not be fully parsed by the SNMP polling engine, causing a SQL error.

© 2014 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners. P/N 400-0517-005

Page 15 of 26 7/1/2014

Network Automation 6.8.6 Release Notes NETMRI-19346 – Users do not get notification emails regarding a needed job approval unless "Entire Network" is selected. Selection by device groups does not provide the notification emails. NETMRI-19337 – HTTP(S) headers could disclose information that could be useful in malicious attacks. NETMRI-19202 – Network Automation not displaying correct Root Priority for Nexus 7010 devices though correct value is polled through SNMP. NETMRI-19030 – Occasional Rerun Batch errors on job scripts. NETMRI-18987 - The current 2-second timeout and 3-retry count set during SNMP Polling may cause a Cisco 3750 device to not respond to other polling. NETMRI-18900 – No VLAN information reported by Network Automation for Alcatel switch and switch-router devices. NETMRI-18873 – Selecting "All" Issues for some date in the past, shows issues from the selected date and from 1 day ahead. NETMRI-18695 – Some devices show No Data to Display messages on Config Archive records for some Configuration Management grids. NETMRI-18963 – Prevent OpenSSH connection slot exhaustion attacks that could cause DoS. This issue does not cause access privileges or elevated privileges to be exposed. (CERT vulnerability for OpenSSH: CVE-20105107) NETMRI-17590 – UI strips out ‘#’ characters in Device Name field. NETMRI-16750 – Incorrect Device Memory Utilization High Issues appearing on Cisco ASR Devices. NETMRI-16132 – Config Search not working as expected with more than two search criteria. NETMRI-15757 – Custom Report ignores specific column sort order. NETMRI-15194 – (Operations Center only) Hardware failure detected for Sensors Reachable: Connection to OC Collector. NETMRI-13579 – Disable debug outputs from Infoblox administrative interface from tools such as Ping/Traceroute.

© 2014 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners. P/N 400-0517-005

Page 16 of 26 7/1/2014

Network Automation 6.8.6 Release Notes RESOLVED ISSUES 6.8.2 NETMRI-19655 – Policy Management: some deployed policies are not evaluated and remain in deployed state as shown on the Network Analysis -> Policy Compliance page. NETMRI-19642 – VLAN info not set in a NIOS IPAM Sync of interfaces that have no neighbors. NETMRI-19608 – Testing Policy Rules against a device attribute that is a Date/Time skips the Date/Time evaluation. NETMRI-19605 – Prevent excessive firing of SPM End Hosts Present issues due to frequent interface changes. NETMRI-19595 – Cisco 3750s of a specific model were not detected. NETMRI-19577 – Switch and Switch-Router Seed Devices are not fully discovered and remain at 20% Assurance level. NETMRI-19561 – Network Automation displaying No Such Object messages for Cisco ASA device serial numbers. NETMRI-19555 – Uppercase misspellings in discovery support scripts. NETMRI-19541 – After upgrade, receiving errors when polling System SNMP OIDs. NETMRI-19523 – The Update Notification displays an unending series of logs when config variables lead to errors. NETMRI-19489 – System Health receiving alerts for restarts of MQ Daemon. NETMRI-19477 – Excessive SQL Syntax error messages may impact system performance. NETMRI-19473 – VLAN Assignment Job failing on devices. NETMRI-19442 – Custom Fields filters do not accept the YYYY-MM-DD format. NETMRI-19441 – Network Automation does not properly display the Protocol Type for some Juniper devices. NETMRI-19424 – Add privilege for Roles that enables non-Admin users to edit custom field values. NETMRI-19332 - Suppress the 0.0.0.0 values in HSRP in Initial State. NETMRI-18910 – Cisco 3750s of a specific model were not detected.

© 2014 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners. P/N 400-0517-005

Page 17 of 26 7/1/2014

Network Automation 6.8.6 Release Notes RESOLVED ISSUES in 6.8.1 NETMRI-19479 - (Operations Center) The “Discovery Setting Filter by Collector” drop-down menu shows “unknown” for “Device Limit” on an upgraded collector. This does not affect service. If desired, you can reapply license on the collector to address this issue. NETMRI-19332 - Suppress the 0.0.0.0 values in HSRP in Initial State. NETMRI-19256 – Issue Details Report may not list all current Issues. NETMRI-19156 – (Operations Center) Disabling JobSelfApproval causes a collector resync. NETMRI-19010 – (Operations Center) Database size is too large to complete an upgrade or archive. NETMRI-18978 – Whenever a sting is converted to a floating point value, a specially crafted string can cause a heap overflow. (CERT vulnerability for Ruby/Rails: CVE-2013-4164) NETMRI-18971 - CCS/Perl Jobs are sometimes never launched due to concurrency issues. NETMRI-18970 – Scheduled Jobs Last run shows dates in the past. NETMRI-18914 – This release adds support for forwarding and VLAN data collection (through the CLI) for the Cisco Nexus 1000V v4.2(1)SV2(2.1) switch. NETMRI-18894 – Undocumented non-interactive auto-clear feature for Custom Issues. NETMRI-18874 – Network Analysis -> Changes page may show a blank page with no records when switching between Change type pages in the UI. NETMRI-18865 – End Hosts being shown as connected to the wrong interface. NETMRI-18824 – Script names over 80 characters will not run on a first attempt. Editing the script name to less than but close to 80 characters may continue to cause the script to display the same error. NETMRI-18805 – Scheduled Jobs Last run shows dates in the past. NETMRI-18794 – Failure to collect configuration on a Cisco ASA-5540. NETMRI-18792 – NetMRI fails to detect SNMPv3 credential change on some devices, resulting in no reguessing of credentials and in disabled SNMP collection. NETMRI-18773 – Asset Inventory Report displaying incorrect chassis serial numbers. NETMRI-18741 – Scripts may accidentally run on multiple devices. NETMRI-18711 – Config script file changes may not be flushed out to disk. NETMRI-18708 – IPAM sync and other data tables not including switchport/VLAN information for some end hosts. NETMRI-18656 - Link between access port present and connected end host displays wrong information. NETMRI-18548 - IPAM sync incorrectly creates multiple entries for IP Addresses on a port with multiple VLANs. NETMRI-18417, NETMRI-18765, NETMRI-7519 – Device Count fluctuating dramatically. NETMRI-18368, NETMRI-16079 - Archive import for older archives can fail, and not provide information on why the failure occurs. © 2014 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners. P/N 400-0517-005

Page 18 of 26 7/1/2014

Network Automation 6.8.6 Release Notes NETMRI-18363 – Enabling Device Group Suppression does not remove issues that were previously raised. NETMRI-18329 – Character "M" appears in the stored configuration for Cisco VG224 devices. NETMRI-18324 – Diagnostic improvement to gather IPC stats to help diagnose Shared Memory usage. NETMRI-18289 - Slow Discovery investigation reveals Slow Query times. NETMRI-18143 – The TLS protocol 1.2 and earlier, as used in browsers, can encrypt compressed data without obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack. (CERT vulnerability for TLS: CVE-2012-4929) NETMRI-18063 - Support for BlueCoat-ProxySG300 device configuration difference issue. NETMRI-18031 – SPM end host reporting inconsistent MAC information. NETMRI-18029 - Prompt detection fails with Cisco ASA device with long banner (over one screen in length). NETMRI-18012 - Devices marked as Unmanaged show SNMP credentials failed in Network Insight -> Discovery page. NETMRI-17990 – (Cisco ASA and IOS) If the last rule of an ACL is removed, the ACL is also deleted without warning. NETMRI-17980 – (Operations Center) When a user opens the Issue Viewer, some IP addresses of HSRP groups are blank. NETMRI-17957 – Settings -> Database Settings -> Scheduled Archive no longer allows “Hourly” settings. Systems with the “Hourly” configuration will automatically be adjusted to the “Daily” configuration after an upgrade. NETMRI-17919 – Interface performance data uses exponential notation for small performance percentages. NETMRI-17911 – VPN Tunnel MTU Mismatch. NETMRI-17787 – Edit and Install of DSB using Network Automation GUI fails intermittently with a "Not valid *.tgz" file message. NETMRI-17548 – NetMRI_Easy Perl library used an uninitialized $error_message value. NETMRI-17401 - In custom report filters, regex matching does not work against custom Job fields. NETMRI-17395 – License installation may fail through UI by a SysAdmin-privileged user. NETMRI-17375 – JSON Gems before 1.7.7 for Ruby on Rails could allow a denial of service attack based on crafted JSON documents. (CERT vulnerability for Ruby/Rails: CVE-2013-0269) NETMRI-17351 – Some fields no longer present in the Report Manager CSV Export after 6.6.x release. NETMRI-17335 – The Discover pane for the Network Insight page may show the “Existing” field greyed out for select devices. NETMRI-17331 – Updates needed for InvalidAdminOperState and RouterInterfaceDown Issue descriptions. NETMRI-17192 - Error message is not properly worded while adding a network with "Exclude from Management" as Discovery mode and by enabling Discovery Ping Sweep check box.

© 2014 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners. P/N 400-0517-005

Page 19 of 26 7/1/2014

Network Automation 6.8.6 Release Notes NETMRI-16973 - Report Values Sorting as text vs. numbers. NETMRI-16785 – Device Issues suppressed from Issue Viewer Details page missing on the Device Viewer -> Issues page and Issue Management suppression pages. NETMRI-16743 – Device being continually deleted as a false duplicate/collect Nexus 5548 data via CLI. NETMRI-16689 – Data collection errors observed in logs for Huawei devices. NETMRI-16538 – SNMP collection errors on Cisco Catalyst 4900M device. NETMRI-16455 – The View Job Session Logs Role does not allow viewing of the Job History. NETMRI-16398 – (Operations Center only) Running a Config Template from a Perl script may not execute. NETMRI-16243 – Cisco object group on an ASA shows text, does not offer hyperlink for an object group. NETMRI-16079 – As of Network Automation 6.8, the minimum archive restore version is 6.6.0. NETMRI-15646 – Policy details not displayed properly in the Device Viewer. NETMRI-15645 - Topology Viewer: Config Changes details are not displayed properly in the viewer. NETMRI-14122 – Use HTTPOnly cookies to prevent information disclosure (CERT vulnerability for Apache: CVE-2012-0053) NETMRI-11508, NETMRI-11743 – Custom Report - Policy Rules Status missing some fields. NETMRI-11047 - Deleting or Renaming a policy while it is in use can create appliance performance issues. NETMRI-4953 – Creating a new Role and attempting to add Privileges does not allow saving of settings.

© 2014 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners. P/N 400-0517-005

Page 20 of 26 7/1/2014

Network Automation 6.8.6 Release Notes KNOWN ISSUES/ CAVEATS in 6.8.6 NETMRI-20899 – Log4Perl initialization errors can crash Analysis Engine. NETMRI-20802 – Scripts run on collector can falsely return success under certain conditions. NETMRI-20756 – The System Health check for Disk Space Available may trigger a false alarm if archiving is in process during the check. NETMRI-20754 – OC should not process Jobs off queue if sandbox is unavailable. NETMRI-20753 – OC manual batch canceling may not result in the batch being labeled as “Canceled.” NETMRI-20682 – Device Group Counts in GUI may be incorrect due to Devices expiring or being rediscovered. NETMRI-20621 – Reboot during database archive may lead to bad MySQL Trigger. NETMRI-20577 – OC/Collector health monitoring will not detect down Collector when VPN tunnel is still established, even if Collector is no longer processing. NETMRI-20349 – Edit VLAN Membership port control option is active for non-trunking EtherChannel member interfaces in SPM and in the Interface Viewer. NETMRI-20283 – If credentials are manually entered for a device, CLI credential guessing does not consider them for bulk multi-select discovery. NETMRI-20250 – When jobs are sent to a collector and the collector is down or goes down before job completion, the jobs may remain in varying states of completion without ever finishing. NETMRI-20061 – Device Group with "&" in name causes devices to become UNASSIGNED. NETMRI-20032 – “Large Device Count” and “Device Limit Possibly Exceeded” messages for discovery statistics are inaccurate and may not match values shown in System Health NETMRI-19993 – Route Summary count value always shows 1 under Network Insight -> Summaries -> Routing. NETMRI-19852 – Operations Center: Noticeable latency for completed jobs and viewing their associated scripts, session logs and other files. NETMRI-19796 – Typing Cisco ASR 1000 as HSRP device prevents device discovery. NETMRI-19706 – Remote Sandbox displays 'Net-SNMP' as Vendor under Network Automation. NETMRI-19687 – Upgrading from 6.7.3 may produce a "Lost connection to MySQL server during query" message. NETMRI-19674 – Juniper EX devices with Interface/Subinterface configs have the Vlan configuration on the Subinterface, but the SPM Access Ports Present table displays the Interface (not the Subinterface), so the VLAN information is not populated. NETMRI-19573 – Neighboring interface information is incorrectly calculated for Nortel VSP devices with MultiLink Trunking (MLT) configuration. NETMRI-19394 – Forwarding data not collected with SNMPv3 in Enterasys E-Series 1H152x50 and 1H582x25 devices.

© 2014 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners. P/N 400-0517-005

Page 21 of 26 7/1/2014

Network Automation 6.8.6 Release Notes NETMRI-19332 – No IP address (instead of 0.0.0.0) appears for devices in HSRP group in Initial state. NETMRI-19272 – Operations Center: Two distinct networks, named Custom and Default, appear in the right pane of any Device Group window when the Operations Center is configured for a single network. Workaround: Run the refresh groups command from the CLI, which will reset the device groups and begin displaying the correct network listing. NETMRI-19229 – The “sandbox configure” command does not correctly change the IP address of the Local Sandbox. NETMRI-19200 – Script Names should not accept a character length of greater than 80 characters. NETMRI-19044 – You may not be able to select Today’s Date in the Device Viewer’s Network Analysis -> Issues page. NETMRI-18701 – Error registering Collector to Operations Center, if documented process is not strictly followed. NETMRI-18141 – Custom scripts fail with errors when the task is in fact successfully performed by the script, based on specific Cisco messages that are misinterpreted as errors NETMRI-18000 – Some switch forwarding tables on trunk ports becoming too large. NETMRI-17798 – Network Automation DNS entry seen in local firewall. WORKAROUND: Ensure that configuring NetMRI and changing DNS Servers correctly updates the DNS Server entries in /etc/resolv.conf on the Sandbox. NETMRI-17796 – Executing Discover Now for a single IP address could be optimized. NETMRI-17693 – Issues do not stay in Suppressed state. NETMRI-17648 – HTTP 503 error messages when trying to view reports. NETMRI-17060 –Reports including the Device Timestamp = Month setting can give unexpected results. NETMRI-16775 – Changing a network name in Network Automation may result in related data not properly updating, such as End Host MAC values. NETMRI-16361 – Jobs run as System User do not track who originally initiated them. NETMRI-16120 – View Members action menu option on an Operation Center’s Settings -> Collectors and Groups -> Groups table is disabled for non-Admin accounts. The option still works for the system admin. NETMRI-16046 – Network Topology pages do not display Huawei S5328 devices. NETMRI-15685 – Updated Date feature does not appear in all required contexts. NETMRI-15260 – An Appliance will occasionally hang during the shut-down phase of reboot, requiring that the system be manually power-cycled. Note: This was believed resolved as of 6.8.1, but subsequently an issue was found in the Linux kernel that was contributing to this issue. The kernel has been corrected as of 6.8.4, and additionally a hardware watchdog has been added as of 6.8.6. The caveat is left open, as we want any customer who experiences this issue to immediately contact customer support. NETMRI-13970 – Unable to deploy Custom Issue Help Files. NETMRI-11718 - Network Automation may not honor explicit router lifetime and hop limit settings in IPv6 Router Advertisement (RA) messages.

© 2014 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners. P/N 400-0517-005

Page 22 of 26 7/1/2014

Network Automation 6.8.6 Release Notes NETMRI-11206 – Scheduling the Issue Details report displays incorrectly formatted HTML notification data. NETMRI-8038 – (Operations Center only): Collector work queue tables not being updated.

© 2014 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners. P/N 400-0517-005

Page 23 of 26 7/1/2014

Network Automation 6.8.6 Release Notes APPENDIX A - Get Configs API calls and Scripting The “Get Configs” (GC) feature allows for on-demand config collection via the NetMRI API, CCS scripting and Perl scripting. The CCS and Perl scripting implementations allow for either synchronous or asynchronous operation.

API Calls At the API level, two new APIs (shown below) have been introduced to support the GC feature. The get_configs API is used to initiate the GC request for a specific device and returns a TrackingID, whereas, the get_config_status API is used to poll the status of the TrackingID and returns the current Status. As the GC request progresses through the system it will transition between the following states: Pending, Queued, Running, OK and/or Error. A GC request is considered complete when the Status is either OK or Error.

URI: /api/2.9/config_revisions/get_configs Available Since: API v2.9 Privilege Required: view_sensitive Feature Required: None Request on demand configuration collection for the specified device. Inputs DeviceID (or device_id) Required Integer The internal Network Automation identifier for the device. TrackingID Optional Integer, Default: 0 The Tracking ID. Used for internal purposes and ignored if user specified. Outputs TrackingID Integer The TrackingID assigned to this get configs request. URI: /api/2.9/config_revisions/get_configs_status Available Since: API v2.9 Privilege Required: view_sensitive Feature Required: None Get the status of an on demand configuration collection request. Inputs TrackingID Required Integer The TrackingID assigned to the get configs request. Outputs Status String The current status of the get configs request. Timestamp DateTime The timestamp of the last status change.

© 2014 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners. P/N 400-0517-005

Page 24 of 26 7/1/2014

Network Automation 6.8.6 Release Notes CCS Scripting For CCS scripting, a new GET-CONFIGS: directive has been introduced to support the GC feature. An optional [MODE] can be specified to the right of the “:” to indicate whether synchronous or asynchronous behavior is desired. Valid values for [MODE] are “synchronous” and “asynchronous”. If not specified, [MODE] defaults to “synchronous”. Synchronous behavior implies that the script will block until the GC operation has completed (i.e. the operation terminates with an OK status) or abort if an error is encountered (i.e. the operation terminates with an Error status). Asynchronous behavior implies that the script will continue processing after the GC request is initiated. Example Script-Filter: Action: Action-Description: Action-Commands:

true Get Configs Test Demonstrates the Get Configs functionality via CCS

# Ensure that NetMRI has the most up-to-date configurations on file. The script # will block until the first Get Configs operation has completed (synchronous mode). GET-CONFIGS: # Modify the interface description for Fa0/1. config t interface Fa0/1 description Get Configs Test end # # # #

Request another Get Configs operation to audit the above change. Since this is the end of the script and there is no need (for this particular use case) to block until this Get Configs operation has completed, the asynchronous mode has been chosen. Allowing the job to complete, and collection in the background.

GET-CONFIGS: asynchronous

After the script run has completed, output similar to the following can be seen in the Status Log of the Job Details Viewer: +++ +++ +++ +++ +++ +++ +++ +++ +++ +++ +++ +++ +++ +++ +++ +++ +++ +++ +++ ***

1. Action: Get Configs Test 1. [Action-Commands] Requesting on demand configuration collection (synchronous) ........ Received TrackingID 1 .............................................. Getting the status of TrackingID 1 ................................. Sending 'Keep Alive CR/LF' ......................................... Getting the status of TrackingID 1 ................................. Sending 'Keep Alive CR/LF' ......................................... Getting the status of TrackingID 1 ................................. Sending 'Keep Alive CR/LF' ......................................... Getting the status of TrackingID 1 ................................. Sending 'Keep Alive CR/LF' ......................................... Getting the status of TrackingID 1 ................................. 1. Sending 'config t' .............................................. 1. Sending 'interface Fa0/1' ....................................... 1. Sending 'description Get Configs Test' .......................... 1. Sending 'end' ................................................... Requesting on demand configuration collection (asynchronous) ....... Closing session .................................................... Successfully ran configuration command script ***

OK OK PENDING OK QUEUED OK QUEUED OK RUNNING OK OK OK OK OK OK OK OK

© 2014 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners. P/N 400-0517-005

Page 25 of 26 7/1/2014

Network Automation 6.8.6 Release Notes Perl Scripting For Perl scripting, a new get_configs method has been introduced in NetMRI_Easy.pm to support the GC feature. An optional $mode parameter can be passed in to indicate whether synchronous or asynchronous behavior is desired. Valid values for $mode are “synchronous” and “asynchronous”. If not specified, $mode defaults to “synchronous”. Synchronous behavior implies that the method will block until the GC operation has completed (i.e. the operation terminates with an OK status) or abort if an error is encountered (i.e. the operation terminates with an Error status). Asynchronous behavior implies that the method will return after the GC request is initiated. Example # BEGIN-SCRIPT-BLOCK # Script-Filter: true # END-SCRIPT-BLOCK use strict; use warnings; use NetMRI_Easy 0.6; my $easy = new NetMRI_Easy({ debug => 1 }); # Ensure that NetMRI has the most up-to-date configurations on file. The script # will block until the Get Configs operation has completed since the # synchronous mode is used. $easy->get_configs(); # Modify the interface description for Fa0/1. $easy->send_command("config t"); $easy->send_command("interface Fa0/1"); $easy->send_command("description Get Configs Test"); $easy->send_command("end"); # # # # #

Request another Get Configs operation to is the end of the script and there is no to block until the Get Configs operation has been chosen. That allows the job to handed off to the background.

audit the above change. Since this need (for this particular use case) has completed, the asynchronous mode complete, and the collection to be

$easy->get_configs("asynchronous");

If debug has been enabled via the NetMRI_Easy.pm constructor (see example above), after the script run has completed, output similar to the following can be seen in the Status Log of the Job Details Viewer: DEBUG: DEBUG: DEBUG: DEBUG: DEBUG: DEBUG: DEBUG: DEBUG: DEBUG: DEBUG: DEBUG: DEBUG:

Requesting on demand configuration Received TrackingID 1 ... OK Getting the status of TrackingID 1 Sending 'Keep Alive CR/LF' ... OK Getting the status of TrackingID 1 Sending 'Keep Alive CR/LF' ... OK Getting the status of TrackingID 1 Sending 'Keep Alive CR/LF' ... OK Getting the status of TrackingID 1 Sending 'Keep Alive CR/LF' ... OK Getting the status of TrackingID 1 Requesting on demand configuration

collection (synchronous) ... OK ... PENDING ... QUEUED ... QUEUED ... RUNNING ... OK collection (asynchronous) ... OK

© 2014 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners. P/N 400-0517-005

Page 26 of 26 7/1/2014