Release Notes

Platform Version 1.3 (Nov, 2019)

Fabric Manager

  • Workload images on RHEL 8 added to GCP, AWS, Azure
  • Telemetry node deployment simplified
  • Statistics per each service endpoint displayed in Grafana
  • Public git repository with fabric manager resource templates

Orchestrator

  • New service graph management commands in BWCTL-API CLI
  • Centralized management of link labels for advanced service connectivity policy
  • Multiple processors per zone for redundancy and load distribution
  • Contract templates are available for direct upload from SDK
  • Web-SDK enhanced with resource graphs and automatic tests of contract templates

Processor

  • Reduced network protocol overhead

Workload

  • Policy agent resolver interface updated for better support of client-side load balancers
  • RHEL 8 support
  • Libreswan support
  • Policy agent deployed in pod on Kubernetes worker node

Platform Version 1.2 (Sep, 2019)

Fabric Manager

  • Fabric manager access to workload nodes additionally secured by processor nodes
  • Single sign-on required to access Grafana and Kibana
  • All sflow telemetry enriched with service names
  • All sflow data encrypted
  • Fabric manager Terraform plans and Ansible playbooks open to the public

Orchestrator

  • Egress protocol filtering rules generated automatically from opposite-role ingress rules
  • Simplified policy data model for fully automatic resource management
  • Certificate-based node authentication by orchestrator is mandatory
  • CA-signed Flow-Sign certificate is mandatory
  • Status of orchestrator certificates displayed on new info page

Processor

  • Improved policy execution performance

Workload

  • Stateful firewall functionality added to TCP/UDP protocol filtering in eBPF
  • Improved performance of agent lib-nss and DNS resolver

Platform Version 1.1 (Jul, 2019)

Fabric Manager

  • Orchestrator, processor and workload nodes automatically placed in three separate subnets
  • New SG rules allowed inter-VPC IPsec traffic between processors only
  • New SG rules allowed intra-VPC IPsec workload connection to processor only
  • CA-signed certificate for orchestrator southbound interface automatically installed
  • IPsec events from workloads and processors pushed to orchestrator
  • Compatible versions of platform components isolated within a family

Orchestrator

  • Multiple processors and locations per availability zone supported
  • Location-based automatic workload attachment replaced address-based link configuration
  • Southbound interface decoupled from northbound
  • mTLS is mandatory for all agent and engine communication with controller
  • CA-signed certificate for each node is mandatory

Processor

  • Improved performance of engine-OVS control channel
  • Improved IPsec establishment time
  • Improved virtual interface management

Workload

  • Service authorization tokens stored in Kubernetes secrets
  • Bayware CNI-plugin interoperability with Kubernetes bridge, Calico and Cilium CNIs added
  • Port mirroring option added to contract role settings
  • Policy agent graceful restart introduced

Platform Version 1.0 (May, 2019)

Fabric Manager

  • Fabric Manager introduced
  • Basic Root CA functionality for automatic node certificate mgmt added
  • The BWCTL command line tool for vpc, VM and component mgmt introduced
  • The BWCTL-API command line tool for app’s communication policy mgmt introduced
  • Images for FM, orchestrator, processor and workload published in AWS, Azure, GCP

Orchestrator

  • Service type graph enhanced with service instance representation
  • Service endpoint, network endpoint and service token added to the data model
  • Unified RESTful API for third-party automation systems, BWCTL-API CLI and GUI introduced
  • All orchestrator components containerized

Processor

  • Handshake between opposite-role instances required for creating network microsegment
  • Packet path cost evaluation added
  • sFlow telemetry uploaded

Workload

  • Service authorization tokens supported
  • Automatic discovery of the opposite-role instances introduced
  • Instance affinity option added to name resolution
  • Local DNS server for containers and resolver library for VMs supported
  • Kubernetes support added
  • All data packet processing moved from user space dataplane to eBPF
  • Debian/Ubuntu 18.04 LTS required