Release Notes

Platform Version 1.2 (Sep, 2019)

Fabric Manager

  • Fabric manager access to workload nodes additionally secured by processor nodes
  • Single sign-on required to access Grafana and Kibana
  • All sflow telemetry enriched with service names
  • All sflow data encrypted
  • Fabric manager Terraform plans and Ansible playbooks open to the public

Orchestrator

  • Egress protocol filtering rules generated automatically from opposite-role ingress rules
  • Simplified policy data model for fully automatic resource management
  • Certificate-based node authentication by orchestrator is mandatory
  • CA-signed Flow-Sign certificate is mandatory
  • Status of orchestrator certificates displayed on new info page

Processor

  • Improved policy execution performance
  • Reduced network protocol overhead

Workload

  • Stateful firewall functionality added to TCP/UDP protocol filtering in eBPF

Platform Version 1.1 (Jul, 2019)

Fabric Manager

  • Orchestrator, processor and workload nodes automatically placed in three separate subnets
  • New SG rules allowed inter-VPC IPsec traffic between processors only
  • New SG rules allowed intra-VPC IPsec workload connection to processor only
  • CA-signed certificate for orchestrator southbound interface automatically installed
  • IPsec events from workloads and processors pushed to orchestrator
  • Compatible versions of platform components isolated within a family

Orchestrator

  • Multiple processors and locations per availability zone supported
  • Location-based automatic workload attachment replaced address-based link configuration
  • Southbound interface decoupled from northbound
  • mTLS is mandatory for all agent and engine communication with controller
  • CA-signed certificate for each node is mandatory

Processor

  • Improved performance of engine-OVS control channel
  • Improved IPsec establishment time
  • Improved virtual interface management

Workload

  • Service authorization tokens stored in Kubernetes secrets
  • Bayware CNI-plugin interoperability with Kubernetes bridge, Calico and Cilium CNIs added
  • Port mirroring option added to contract role settings
  • Policy agent graceful restart introduced

Platform Version 1.0 (May, 2019)

Fabric Manager

  • Fabric Manager introduced
  • Basic Root CA functionality for automatic node certificate mgmt added
  • The BWCTL command line tool for vpc, VM and component mgmt introduced
  • The BWCTL-API command line tool for app’s communication policy mgmt introduced
  • Images for FM, orchestrator, processor and workload published in AWS, Azure, GCP

Orchestrator

  • Service type graph enhanced with service instance representation
  • Service endpoint, network endpoint and service token added to the data model
  • Unified RESTful API for third-party automation systems, BWCTL-API CLI and GUI introduced
  • All orchestrator components containerized

Processor

  • Handshake between opposite-role instances required for creating network microsegment
  • Packet path cost evaluation added
  • sFlow telemetry uploaded

Workload

  • Service authorization tokens supported
  • Automatic discovery of the opposite-role instances introduced
  • Instance affinity option added to name resolution
  • Local DNS server for containers and resolver library for VMs supported
  • Kubernetes support added
  • All data packet processing moved from user space dataplane to eBPF
  • Debian/Ubuntu 18.04 LTS required