About this document

This Fabric Services System User Guide describes the system's user interface (UI), and includes procedures that guide you through the design and deployment of a fabric intent.

This document is intended for network technicians, administrators, operators, service providers, and others who use the Fabric Services System.

Note:

This manual covers the current release and may also contain some content that will be released in later maintenance loads. See the Fabric Services System Release Notes for information about features supported in each load.

What's new

This section lists the changes that were made in this release.

Table 1. What's new in Release 23.8.2
Description	Location
Updated usage information for the fss-backup.py command to reflect that the -s argument requires the true string (-s true)	Backup and restore Backing up
Updated topics to reflect that only the deployer-tech-support.sh script should be used to generate the files for technical support debugging.	The technical support script How to run the technical support script

Table 2. What's new in Release 23.8.1
Description	Location
Region management
Support for multiple regions	Deployment regions, plus minor updates to many other sections and procedures: Many procedure now include a step to select the appropriate region The following sections mention multi-region impacts on the UI, or that certain items (such as fabric intents) are region-specific: The dashboard Lists Fabrics Workload VPN intents Configuration overrides Maintenance intents Labels Inventories Management profiles Network resources User groups
Fabric design
Fabric design no longer uses standard templates (Leaf/Spine, Backbone); all initial fabric designs are imported a manual topology.	Fabric intents
Support for SR Linux 23.7	Maintenance intents
Support for 7220 IXR-D1 as an unmanaged node	Supported hardware
Support for a different domain name per fabric	Domain name parameter now described in Manual fabric topology parameters
Support for enabling BFD on system interfaces	Notable fabric intent configuration values
Support for fabrics consisting of nodes that are not primarily managed by the Fabric Services System (" unmanaged nodes")	Elements of a topology file Fabric intents with unmanaged nodes Creating a fabric intent for unmanaged nodes inventory-manipulation.html#assoc-planned-node__prereq_lyz_zpq_brb Network Resource properties Creating IP and Autonomous System pools
Fabric intent deployment will now automatically resume when a gNMI connection is restored	Deploying a fabric intent from the deployment pipeline
LAGs now support 50G port speeds	Creating LAGs
Workload intents
Changes to BGP provisioning workflow	Routing Displaying the routing view for a node BGP parameters Configuring BGP
PE-CE static routes with BFD support	Static route parameters Configuring static routes
PE-CE BGP route summarization / aggregate routes	Aggregate route parameters Configuring aggregate routes
Support for auto attach and detach of fabric from a workload intent	Creating the basic workload VPN intent
Support for VLAN ranges on sub-interface attachment	Sub-interface parameters, added the Single Tagged Range parameter
Configuration overrides
Global Configuration Overrides: Can now include the deletion of configurations on the target node (using "Delete Path") Support the duplication of a read-only system GCO as a "normal," editable GCO. Support the deletion of a system GCO (usually after duplicating it)	Global configuration overrides Viewing and managing configuration overrides
Maintenance
Adds note related to 7220 IXR-D1 support	Labeling objects for maintenance Maintenance intents Creating a maintenance intent Using an external DHCP server
Support for maintenance timers for node replacement	Creating a maintenance intent Progress of a deployed maintenance intent
System administration
Support for adding, removing (and replacing) Fabric Services System nodes	Repairing a Fabric Services System cluster Updating the deployer installation file Adding a worker node to a cluster Adding a master node to a cluster Removing a node from a cluster
Mirroring	Configuration parameters, added a note that indicates that an IP address for the remote destination is required for unmanaged nodes. Configuring mirroring sources and Configuring a mirror destination, removed notes indicating that the mirror source and destination cannot be edited.
Software images can now be uploaded using HTTP, HTTPS, FTP	Adding a new software image
Security
Support for changing internal passwords after installation	Platform password management Changing internal passwords
Support for password complexity	User password management Password policy parameters Managing user password policies Managing a user profile and password Resetting admin and ZTP user passwords
Support for autolocking user accounts
Support for granular permission model
Support for customer-provided signing certificate	Platform password management Deploying a user-provided CA certificate Deploying a user-provided server certificate for northbound services Uploading a customer-generated root CA to the trust store Deploying a user-provided node CA certificate Generating a CSR Generate a self-signed root CA certificate
Customer provided Northbound interface certificate
Support for auto-generated rootCA
Support for generating a CSR for the Northbound interface certificate for signing
Alarms
New alarms are supported in this release	Appendix A: Supported alarms

Precautionary and information messages

The following are information symbols used in the documentation.

DANGER: Danger warns that the described activity or situation may result in serious personal injury or death. An electric shock hazard could exist. Before you begin work on this equipment, be aware of hazards involving electrical circuitry, be familiar with networking environments, and implement accident prevention procedures.

WARNING: Warning indicates that the described activity or situation may, or will, cause equipment damage, serious performance problems, or loss of data.

Caution: Caution indicates that the described activity or situation may reduce your component or system performance.

Note: Note provides additional operational information.

Tip: Tip provides suggestions for use or best practices.

Conventions

Commands use the following conventions

Bold type indicates a command that the user must enter.
Input and output examples are displayed in Courier text.
An open right angle bracket indicates a progression of menu choices or simple command sequence (often selected from a user interface). Example: start > connect to
Angle brackets (< >) indicate an item that is not used verbatim. For example, for the command show ethernet <name>, name should be replaced with the name of the interface.
A vertical bar (|) indicates a mutually exclusive argument.
Square brackets ([ ]) indicate optional elements.
Braces ({ }) indicate a required choice. When braces are contained within square brackets, they indicate a required choice within an optional element.
Italic type indicates a variable.

Examples use generic IP addresses. Replace these with the appropriate IP addresses used in your system.