6.1.0

Version requirements

Controller version: mercury_1.0

Device version: 6.1.0

Compatibility Notes

Controller 6.1.0 is compatible with all versions below 6.1.0. Device version 6.1.0 requires controller 6.1.0 or above.

New features

SDWAN-270

CPE integrates third-party SSE (mainly NGFW and SWG) and deploys it at the customer site in docker format. It has requirements for hardware equipment and provides this site with security detection and protection for inbound and outbound traffic. POP points open cloud security resource pools through third-party SSE (mainly NGFW, SWG and zero-trust gateways) to provide security protection for traffic flowing into the Nova backbone network, including east-west traffic, App Acceleration traffic, and cleaning of zero-trust access terminals and office traffic. Provides multi-tenant controller and monitoring system, network (SDWAN) and security configuration management as a set of controller and monitoring system. Provides tools to view network security resource usage, security events, and troubleshooting.

• Tenants first configure relevant security objects according to personalized needs: https://nsc.nova.net.cn/docs/tenant/config-security-safety-object
• Configure Security Profile: https://nsc.nova.net.cn/docs/tenant/config-security-template
• Reference the Security Profile in Template-VRF Configuration-Security: https://nsc.nova.net.cn/docs/tenant/config-profile#vrf-configuration

Configure security services on CPE:

1. In site editing, quote the relevant template: https://nsc.nova.net.cn/docs/tenant/config-site#edit-site
2. In the VRF security configuration, you can configure the Security Service and override the template custom configuration: https://nsc.nova.net.cn/docs/tenant/config-site#vrf-security-configuration
3. Enable Security Service capabilities on cpe: https://nsc.nova.net.cn/docs/tenant/monitor-site#maintain

Configure security services on the POP point:

1. First create a new Security Cloud Instance: https://nsc.nova.net.cn/docs/tenant/config-security-cloud-safety-instance
2. Configure rules to redirect traffic to Cloud Security Service: https://nsc.nova.net.cn/docs/tenant/VRF-vpe-connecting#nova-gateway-traffic-guidance
3. Finally, apply the Security Profile on the security instance: https://nsc.nova.net.cn/docs/tenant/config-security-cloud-safety-instance#associate-security-profile

• Provides multi-tenant controller and monitoring system: https://nsc.nova.net.cn/docs/provider/tenant-and-site
• View network security resource usage:
• View via alarm: https://nsc.nova.net.cn/docs/tenant/monitor-alarm
• Check the log to see: https://nsc.nova.net.cn/docs/tenant/monitor-log
• View via monitoring, security services: https://nsc.nova.net.cn/docs/tenant/monitor-security

SDWAN-110 controller portal is split into two parts, provider and tenant

Note: Taking into account the needs of customized pages and future authentication passport integration, the UI portal will be split into 2

1. Provider is used for global administrator login, and tenant is used for tenant administrator login.
2. After the administrator clicks on the tenant, a new page will open.

https://nsc.nova.net.cn/docs/provider/tenant-and-site#tenants

SDWAN-347 Support viewing the history of uploaded versions

https://nsc.nova.net.cn/docs/provider/configure-alert/#upload-history

SDWAN-316 ICCID needs to be displayed on both the controller and local management pages

SDWAN-315 Disk failure event occurs

https://nsc.nova.net.cn/docs/provider/monitor#alerts

SDWAN-214 supports configuration of Policy Routing SDWAN-214

https://nsc.nova.net.cn/docs/tenant/config-site#vrf-routing

SDWAN-262 supports configuring bgp acl inside cpe

Note: The current acceleration implementation is to configure the IP or domain on the acceleration gateway side, and suck the traffic of the vrf to the acceleration gateway through the routing protocol. Based on Policy Routing and cpe internal ACL, a new acceleration scenario can be provided. The traffic can be imported into the tunnel by configuring matching IP and domain at the site. The acceleration gateway only publishes the default routes of 0.0.0.1 and 128.0.0.0/1

https://nsc.nova.net.cn/docs/tenant/config-site/#overlay-routing-strategy

SDWAN-258 Business Assurance-Failover supports flow switchback

Note: Currently, if a flow undergoes link switching due to quality of service, as long as the new link meets the quality of service, it will not switch back even if the old link is restored. The new function provides an interface to make it configurable whether to switch back.

https://nsc.nova.net.cn/docs/tenant/VRF-internet-object/#create-a-business-assurance-level

SDWAN-175 ha switch disable slave ssid advertisement

Note: The behavior is changed so that only the SSID of the main device is working (including the management SSID). When the device role is switched, the related SSID of the other device will take effect.

SDWAN-174 supports dhcp-boot option

https://nsc.nova.net.cn/docs/tenant/config-site/#lan-configuration

SDWAN-173 When deleting a site, the site name is highlighted in the pop-up prompt.

SDWAN-171 Add box activation event

SDWAN-170 topology layout optimization, adding topology filtering function to optimize the display layout in different topology modes

https://nsc.nova.net.cn/docs/tenant/monitor-site#topology-filtering

SDWAN-165 displays offline sites and links, and can display broken links through topology filtering

The SDWAN-164 vpe page displays the latest total connection statistics and the connection history data of top5 vrf

SDWAN-162 supports sending alarms for flapping events

SDWAN-144 supports carrying site and cpe sn information when exporting logs

SDWAN-142 nni's vpe can configure filtering routing entries

https://nsc.nova.net.cn/docs/tenant/VRF-vpe-connecting/#route-publishingreceiving-strategy

SDWAN-117 Customized modifications for channel customers (some end customers)

https://nsc.nova.net.cn/docs/provider/configure-alert#customization

SDWAN-91 front end: supports import and export dhcp static binding

https://nsc.nova.net.cn/docs/tenant/config-site/#lan-configuration

SDWAN-85 supports specifying conditions to clean flows

https://nsc.nova.net.cn/docs/tenant/monitor-site#diagnosis

SDWAN-80 hotline operation and maintenance monitoring problem: edge down and link down are inconsistent

SDWAN-75 provides operation and maintenance tools that can test the continuity of the tunnel.

https://nsc.nova.net.cn/docs/tenant/monitor-site#link-diagnostics

Note: Usually when the device is offline, the disconnection status of the tunnel cannot be sensed quickly. You can use this tool to detect whether the tunnel is normal at the opposite end of the tunnel.

SDWAN-73 wireless supports hiding the default ssid

https://nsc.nova.net.cn/docs/tenant/config-site#management-port

The SDWAN-72 controller supports modification of the management port SSID and password.

https://nsc.nova.net.cn/docs/tenant/config-site#management-port

SDWAN-69 management interface can be managed by the controller

https://nsc.nova.net.cn/docs/tenant/config-site#management-port

The SDWAN-54 monitoring page can display the burst bandwidth at a specified time

https://nsc.nova.net.cn/docs/tenant/monitor-site#displays-the-burst-bandwidth-at-a-specified-time

SDWAN-50 does not allow users to configure the maximum rate percentage of qos bandwidth

Note: Currently, qos bandwidth supports configuration of gold, silver, and copper guarantees and maximum rates. The maximum rate will limit the maximum traffic used at this level, especially the incoming direction of cpe will be dropped at the remote vpe or other sites. Because of the bandwidth guarantee, the maximum rate at each level should be 100%. To prevent customer misconfiguration, this configuration will be removed from the controller interface after version 6.1.

SDWAN-48 supports qos configuration based on transport and wan

https://nsc.nova.net.cn/docs/tenant/config-site#transport-network-qos

Note: The current qos bandwidth is based on transport. If the same transport has two wans with different bandwidths, it needs to be set based on wan at the same time.

SDWAN-47 provides operation and maintenance tools nc

https://nsc.nova.net.cn/docs/tenant/monitor-site#diagnosis

SDWAN-46 Configure congestion parameters to the corresponding vpe

NOTE: Apply the same congestion configuration for downstream traffic

SDWAN-40 controller can issue operation and maintenance notifications

SDWAN-52 provides alarms based on qos gold, silver and copper bandwidth

https://nsc.nova.net.cn/docs/tenant/system-warning/#alert-rules

SDWAN-51 monitoring displays incoming Network Traffic based on qos gold, silver and copper bandwidth

https://nsc.nova.net.cn/docs/tenant/monitor-site#qos-network-traffic

SDWAN-28 device diagnostic active flow display optimization: when the interface type is tunnel, the transmission network, WAN, and peer name are displayed

SDWAN-26 For the gateway, you can configure the track parameters of wan

SDWAN-19 allows adjusting the mtu of the interconnection port k of the ha site

Note: Self-developed sdwan ha usually requires direct connection between two boxes. The default mtu is 9000. If you want to interconnect through a switch, you may need to make corresponding configurations based on the switch port mtu configuration.

SDWAN-18 gateway monitoring displays management ip

SDWAN-2 vpe plus physical network card continues to flow

Fix bug

SDWAN-278 There are too many bgp neighbors in vpe, causing the system hard disk to be full.

When the SDWAN-484 LTE module returns the AT command block, it will cause the agent to restart.

SDWAN-397 packet loop between global and vrf global