What's New in NEN 2.7.x Releases
This topic describes the new features introduced in the following NEN releases.
NEN 2.7.10 New Features
Client Auth EKU no longer required in TLS certificates
Prior to release 2.7.10, the NEN relied on TLS certificates with the Client Auth EKU for some internal services. Certificates issued without this EKU could've resulted in operational disruptions. However, with the release of NEN 2.7.10, Client Auth EKU is no longer required.
Support for Postgres 16.11
NEN 2.7.10 adds support for Postgres 16.11.
Discontinued dependency on net-tools
Beginning with release 2.7.10, Illumio has discontinued dependency on net-tools. The iproute(2) suite of tools, especially the
ipcommand, replaces the deprecated net-tools package.Support for Non-default Ports and Protocols for NEN Flow Collection
Beginning with release 2.7.10, the NEN supports configurable flow‑transport settings. Instead of using UDP and fixed destination ports, you can now configure TCP for flow collection and send flows to ports you define. This provides greater flexibility and support for diverse network and security requirements. For details, see Configure Non-default Ports and Protocols for NEN Flow Collection.
NEN 2.7.0 New Features
This release adds support for the following:
Top-of-rack Cisco IOS XR series routers
This release supports integrating the NEN with Cisco IOS series routers. (Illumio Core PCE 25.3.0 or later, SaaS only.)
Support for CIDR block interfaces
Allows you to assign CIDR blocks to unmanaged workloads. Each unmanaged workload can represent a subnet, a Layer 3 interface, or a group of workloads instead of just a single workload. (Illumio Core PCE 25.3.0 or later, SaaS only.) See Enhance network security for Top Of Rack routers using Illumio NEN 2.7.0 and Cisco IOS XR.
Support for NVIDIA BlueField DPU (with OVS)
OVS is a software-based network technology that enhances virtual machine (VM) communication within internal and external networks. It functions as a virtual switch, allowing VMs to communicate within a host and across different hosts. Typically installed on a NIC (for example NVIDIA's BlueField-3 Data Processing Unit; support for other cards may also be available), OVS' software-based approach for packet switching relieves the strain on CPU resources that can impact system performance and network bandwidth. See Integrate the NEN with the NVIDIA BlueField®-3 DPU featuring OVS.
Illumio NEN + OVS Use Case
Integrating the NEN with OVS enables visibility and policy enforcement for traffic within and between IT and OT layers, allowing you to visualize all traffic to and from OT systems. Illumio’s flexible labeling architecture helps you understand how your assets communicate. The NEN converts your segmentation policies into ACLs that are then installed on the OVS to secure your OT/IT infrastructure.
Streamlined integration through the Illumio API
Integrating the NEN with OVS through the PCE web console is straightforward enough, but integration through the PCE API is even easier: enter the IP address and credentials for the OVS switch (see note below) and the NEN automatically discovers the switch configuration, programs flow monitoring on the switch, discovers and creates workloads in the PCE, and programs the ACLs on the OVS.
Support for NetFlow and IPFIX flow data monitoring protocols
These protocols are added to the NEN's existing support for sFlow.
Support for IPv6 Access Control Lists (ACLs)
Provided in addition to existing support for IPv4.