Skip to main content

Snapshot Obfuscation

The Forward Platform provides the ability to obfuscate a collected snapshot before downloading it to the local disk. Obfuscation enables users to share snapshots with Forward Support for troubleshooting purposes, without revealing sensitive data. If anyone else were to open the obfuscated snapshot zip, they would see the same device layout and topology, but randomized forwarding rules and (optionally) device names.

tip

Under preliminary testing at Forward, obfuscation worked well to hide addressing details about a network, while preserving its fundamental structure. However, in some cases, we have found that devices in the obfuscated snapshot have parsing or other exceptions that they did not in the original snapshot. We're working on ironing these out. If you see any issues, please report them.

During obfuscation, the following sensitive data is obfuscated:

  • IPv4 and IPv6 addresses and subnets
  • MAC addresses
  • Device names (optional)

For some rare sentinel values (e.g., the IP address 0.0.0.0), we preserve the original address.

How To Retrieve Obfuscated snapshots

You can retrieve an obfuscated snapshot via the Forward GUI or via the Forward REST APIs.

caution

Depending on the size of your snapshot, the devices that compose it, and your hardware resources, retrieving an obfuscate Snapshot could take anywhere from a few seconds to several hours to complete.
If you retrieve it from the Forward UI, the session might time out. Please consider using the REST APIs instead.

Obfuscated snapshots via GUI

You can retrive an obfuscated snapshot via the Forward GUI by customizing the advanced Snapshot export provided by the Snapshot Selector.

Click on the Snapshot Selector, then click on the kebab button on the right side of the Snapshot you want to obfuscate and select Advanced export:

Advanced Snapshot Export

Select the devices you want to be included in the export by using the Include, Exclude or All options in the Export Snapshot page.
Provide a Secret Key that will be used to encrypt the obfuscated portions of the Snapshot.
Optionally, you can select Also obfuscate device names as well. Notice that this option is not recommended.
Then, select the Obfuscate IP and MAC addresses option and, finally, click on Export to start the obfuscated export process.

Snapshot Export Options

Obfuscated snapshots via REST APIS

To retrive an obfuscated snapshot via REST APIs you can use the POST /api/snapshots/{snapshotId} API endpoint.

You can find the endpoint details in the Forward API documentation page, which includes interactive Try it out functionality and generates working cURL commands. Type your API credentials in the Credentials for API Calls box to get started.

Snapshot Comparison Before And After Obfuscation

Device Information in the original snapshot: Before Obfuscation

Device Information in the obfuscated snapshot. Note changes to the hostname and to IP addresses on interfaces: After Obfuscation