Bonded Internet 2014.2 release notes¶
May 14, 2014
Bonded Internet 2014.2 adds data encryption. Customer traffic can now be encrypted between bonders and aggregators without installing hardware VPN appliances at customer premises.
Aggregators must be upgraded to 2014.2 before upgrading their bonders. A 2014.2 bonder will not work properly on a 2014.1 or earlier aggregator.
Bonding node¶
Additions¶
- Customer data can be encrypted between bonders and aggregators. Encryption uses the DTLS 1.2 protocol with a choice of AES or Salsa20 ciphers and uses hardware acceleration where available.
Patches¶
| 2014.2-1: | Fixed an issue that could cause an encrypted link to not recover after going down, and improved encryption handshaking logic. |
|---|---|
| 2014.2-2: | Fixed an issue that could cause a tunnel process to take 100% of one CPU core, and improved socket connecting and binding logic on aggregator tunnels. |
| 2014.2-3: | Fixed issues relating to sending large packets on links with smaller-than-expected MTUs and improved process reliability under high packet loss scenarios. |
| 2014.2-4: | Fixed an issue that could cause a link to continue to be used after it had failed. |
| 2014.2-5: | Fixed a memory leak that could occur on aggregators after removing a bond. |
| 2014.2-6: | Fixed a tunnel and TCP proxy heartbeat check failure that could occur on bonders or aggregators after restarting a bond from the web interface. |
| 2014.2-7: | Fixed an issue in nodeconfig causing it to always recreate the node’s key and certificate, and an issue that prevented the tunnel from starting on default bonders. |
| 2014.2-8: | Added the fsmonitor application in the bonding package. |
| 2014.2-9: | Adjusted logging verbosity in nodeconfig/nodessl applications. |
| 2014.2-10: | Fixed a file descriptor leak between the web server and node service |
| 2014.2-11: | Improved supervision of PPP sessions when Ethernet connectivity on a leg is flapping. |
Bonding admin¶
Additions¶
- Encryption options have been added to the bond details and edit pages.
- The node details page shows whether or not the node CPU supports hardware AES acceleration.
- A column has been added to the bond index table that shows the options enabled for the bond.
Changes¶
- Leg status icons no longer show conflicted states. The leg status icon shows the worst state between the bonder and aggregator. For example, if the leg state according to the aggregator is up, but the state according to the bonder is down, the state will show as down.
- ISOs have been updated to support provisioning of bonders previously installed with FreeBSD-based operating systems as well as devices with Secure Digital-based primary disks, such as the PC Engines APU. Please download the new ISO files and reimage old provisioning USB disks.
- We provide instructions for making bootable USB disks from ISO files with a program called Rufus on Windows and dd on Linux. Creating bootable USB disks with Unetbootin is no longer supported.
Fixes¶
- The task queue process (“huey”) now avoids starting until Redis is ready to process requests.
- Improved validation of static leg IPs. The gateway can no longer be the network or broadcast address unless the netmask is /31.
- Improved validation of QoS profiles. Profiles can no longer be created with invalid filters, such as one that filters on ICMP type without also filtering on protocol = ICMP.
Patches¶
| 2014.2-1: | Provisioning ISOs are created as hybrid ISOs. |
|---|---|
| 2014.2-2: | Relaxed validation for static legs to allow /31 IPs. |
| 2014.2-3: | Fixed issue showing bond encryption details and status, added HTML to main web templates to allow partners to customize themes, and added versions of certain Python packages to the System Info page. |
| 2014.2-4: | Fixed a validation issue in the edit multiple bonds dialog. |