New Features and Enhancements

This release contains the following new features and enhancements:
nfa1000
The current
DX NetOps
release contains the following new features and enhancements:
10.0.7 New Features and Enhancements
Search and Sort Improvements
Starting with DX NetOps 20.2.10 and NFA 10.0.7, searching and sorting works on the whole data instead of the current page data. For detailed information, refer Manage Network Flow Processing page.
Search operation is now supported while using NFA OData APIs. You can search for the entities matching the specified search expression. You can also search using the combination of other operations like select, filter. For detailed information, refer Search page.
DSCP and ToS Enhancements
Starting from NFA 10.0.7, Differentiated Services Code Point (DSCP) value from the network flow is captured and stored as equivalent ToS value. For more information, refer ToS Summaries page.
Support for HMAC-SHA-2 for Authentication of SNMPv3
This release of NFA includes the support for HMAC-SHA-2 for Authentication of SNMPv3 devices. You can monitor devices with SNMPv3 SHA 256/512 security settings. For more information, refer Add SNMP Profiles page.
HTTPS Communication between NFA Console and Harvester
From this release, you can configure Network Flow Analysis (NFA) for secure communication between the NFA Console and the Harvester. For detailed information about enabling, refer Enable HTTPS Communication between NFA Console and Harvester page.
Support for TLS 1.2 on Harvester
From this release, you can enable TLS 1.2 on the Harvester machines for security over network. For detailed information about enabling, refer Enable TLS 1.2 on Harvester page.
Addressing Security Vulnerabilities
This release of NFA addresses some security vulnerabilities.
10.0.6 New Features and Enhancements
Platform Support
  • Windows Server 2019
  • Red Hat Enterprise Linux 8.0, or 8.1 on a 64-bit processor
Addressing Security Vulnerabilities
This release of NFA addresses some security vulnerabilities..
10.0.5 New Features and Enhancements
OData API Enhancements
In NFA 10.0.5, OData API is enhanced with many new features.
The following are the new APIs that are exposed through NFA OData APIs:
InSpeed/OutSpeed for Viptela Devices
You can now view the interface bandwidth up/down stream for the Viptela devices in the Physical & Virtual page under Administration. Currently NFA uses the 'ifTable' to capture a single bandwidth value and the same speed is shown as both IN and OUT for an interface. With this feature, the interface bandwidth up/down stream values that are present in the Viptela MIB are displayed as IN and OUT speed for the Viptela devices. See the following field mappings for the InSpeed and OutSpeed in the 'VIPTELA-OPER-VPN.mib'.
interfaceBandwidthDownstream - InSpeed
interfaceBandwidthUpstream - OutSpeed
The value in the interfaceSpeedMbps field is displayed as InSpeed and OutSpeed when the interfaceBandwidthDownstream and interfaceBandwidthUpstream does not have any data.
10.0.4 New Features and Enhancements
SNMP Router Refresh
From NFA 10.0.4, you can refresh the SNMP Router through the OData API. For detailed documentation, refer SNMP Router Refresh page.
10.0.3 New Features and Enhancements
Manage Address-Hostname
The NFA maintains only the latest resolved hostname against the IP address previously. From NFA 10.0.3, you can maintain the historical data of the IP address and hostname association.
NFA ODataAPI QueryBuilder
The ODataAPI is a flexible tool that lets users easily extract data from the
DX NetOps
database. The ODataAPI enables integration between
DX NetOps
data and external applications. The ODataAPI is a public API that uses the QueryBuilder GUI. The QueryBuilder is a guided URL builder that lets you create custom Query URLs to extract and explore performance data. The URLs return customized data in the specified format. You can view the data in a browser or process the data in a custom web application.
More Information:
NFA OData QueryBuilder
Platform Support
  • Red Hat Enterprise Linux 7.5, or 7.6 on a 64-bit processor
10.0.2 New Features and Enhancements
The current
DX NetOps
the release includes the following new and updated features.
Support for AdoptOpenJDK Java
CA Technologies, a Broadcom Company, is moving towards adopting more open source technologies in its products. As a part of this strategy, various products have started using open-source implementations of Java. To align with this corporate direction,
DX NetOps
has adopted AdoptOpenJDK (1.8.0.212), replacing Oracle JDK.
Edit a Report Without Opening the Report
From this release, you can edit a custom report without opening the report. You can use the
Edit
link against a specific report and change the report criteria. You can find the edit options in the following reports:
  • Custom Reports
  • Flow Forensics Reports
  • Analysis Reports
  • Site to Site reports
Generate Flow Forensic Report for Routers Common to Multiple Harvesters
With this enhancement, you can get flow forensic report from either specific harvester or from all harvester when you select the following ROUTER filter types.
  • Router Address
  • Router Address and Interface In
  • Router Address and Interface Out
  • Router Address and Interface In or Out
When you generate a report based on one of these filters, NFA prompts you to enter the router IP. Enter the router IP address.
DX NetOps
displays a drop-down with a list of associated harvesters. Based on your selection, the NFA displays a report from All Harvesters (Default) or from the selected harvester.
  • Harvesters Drop-down is displayed only if the specified IP is available on any of the harvesters.
  • Harvesters Drop-down is displayed even if the router belongs to only one harvester.
NAT Segment Group Reports
From the
DX NetOps
10.0 Service Pack 2, you can view NAT Segment Group reports. Network address translation (NAT) method maps one IP address into another by changing the network address information in the IP header of packets.
More Information:
NAT Segment Group
Support for Additional NetFlow Fields in Options Template
The current release supports sampling rates specified by SAMPLING_INTERVAL (34) and SAMPLING_ALGORITHM (35) fields in the Options template.
More Information:
Set Up the Routers
10.0.1 New Features and Enhancements
The
DX NetOps
the release includes the following new and updated features
Configure MySQL User Password
You can now manage the MySQL user password using the NFA MySQL User Password Change Utility.
Application Mapping API
Using the application mapping, you can discover and map all your entities and their inter-dependencies. CA Network Flow Analysis supports the ToS, host, and subnet applications.
More Information:
Application Mapping
Delete Available Interfaces
You can delete an interface from the available interfaces.
More Information:
Available Interface
Support for Microsoft Excel as OData Client
This release supports OData as a Data source for Microsoft Excel client only for entity collections.
Enabling Router Name Prefix in Interface Selection Tab
The interface selection tab in Custom and Analysis reports now shows an Interface name with Router Name/IP as a prefix. Now users can identify the correct interface to include/exclude in the report, when multiple interfaces have same name.
10.0.0 New Features and Enhancements
The
DX NetOps
the release includes the following new and updated features
Support for AWS VPC Flow Logs
When you enable the Amazon Web Services virtual private cloud flow, you can view the following network traffic flow reports:
  • Source and destination IPv4 address
  • Source and destination ports
  • Protocols used
  • Bytes and packets transferred
Support for
DX NetOps
OData API
This release supports APIs that enable you to extract data from the
DX NetOps
or perform Administrative Operations. The
DX NetOps
APIs use the OData v4.0 industry standard. OData enables integration between
DX NetOps
and other external applications.
You can perform the following actions using the
DX NetOps
OData API:
  • Generate data in smaller sets and view the result in multiple pages.
  • Use custom query to override the system default values for any specific query.
  • Use built-in filtering options to filter the required data. For example, you can retrieve a list of routers that are rebooted in last 24 hours.
  • Extract data for the entities and navigate to the associated entities. For example, you can retrieve data for protocol_traffic within a time duration.
You can perform various Administrative Operations on the
DX NetOps
entities. For more information, see Network Flow Analysis OData API.
Microsoft .NET Framework Update
Dependency on Microsoft .NET Framework 3.5.1 for using
DX NetOps
is removed.
More Information:
Compatibility Matrix.
Handling of Router Refresh Scenario - Fresh Installation
When there is a change in SysObjectID of a router sending NetFlow to
DX NetOps
,
DX NetOps
treats the change as a router refresh. Router Refresh detection can happen in one of the following scenarios:
  • Changing the configuration on the router with SysObjectID change.
  • Adding or deleting the router interface with SysObjectID change.
  • Using the same IP when replacing an existing router with a new router with SysObjectID change.
In the previous version of
DX NetOps
whenever a Router Refresh is detected in
DX NetOps
, the following changes are made to the interfaces/ routers:
  • CA NFA prefixes the existing interfaces of that router with string OLD -
  • CA NFA creates a set of interfaces and starts showing data on them.
Eventually, you see a router with multiple interfaces with duplicate ifIndex values.
When this information is synced up to CA PM, the interfaces were getting consolidated in CA PM due to duplicate ifIndex values. Hence it was not possible to view either historical or live data on those interfaces.
From the current release, the following changes are made in Router Refresh.
When a router Refresh is detected, the following changes are made to the interfaces/ routers:
  • CA NFA prefixes the existing interfaces of that router with string OLD - and suffix with timestamp to identify multiple routers Refresh.
  • CA NFA sets the LifeCycleState of Router to RETIRED in database.
  • CA NFA creates a router with the same IP in CA NFA Console with LifeCycleState ACTIVE.
  • The new interface is attached to the New router.
  • If there is another router refresh detection on the same router, the ACTIVE router is marked as RETIRED and a new ACTIVE router is created.
Eventually, you can see more than one router with the same IP, whenever a device refresh occurs.
Handling of Router Refresh Scenario - After Upgrade
When you upgrade to the current release from any supported version of CA NFA, the following changes occur.
When a router Refresh is detected before upgrade, [Interfaces with duplicate ifIndex attached to one router], the following changes are made to the interfaces/ routers:
  • CA NFA adds a router entry with LifeCycleState as RETIRED in the reporter DB for each such router
  • All the inactive interfaces [Interfaces with OLD - prefix] of each router point to the Retired routers
  • If more than one router refresh happened on a router before upgrade, you can see only one Retired router with all the Inactive Interfaces.
  • When you upgrade from CA NFA 9.3.6 and CA NFA 9.3.8 to the current release, you may not view the prefix OLD for refreshed devices as the prefix is not done in the base releases.