Bonded Internet 6.5 release notes

We are pleased to announce the release of Bonded Internet 6.5. This release introduces a new private WAN design along with several new features for network configuration.

Major Features

  • New private WAN design, introducing two new modes of private WAN that allow direct integration with aggregators, removing the need for private WAN routers.
  • Aggregators now have configurable networking similar to bonders.
  • Bonders and aggregators can now have dynamic routing configured through the management interface.
  • Bonders and aggregators can now create VXLAN interfaces.
  • Aggregators can associate interfaces with private WAN spaces.
  • Replify WAN optimization can be enabled to improve the performance of certain applications through caching, compression and various other optimizations.
  • Nodes now support both Debian 9 Stretch and Debian 10 Buster.

Errata

Warning

The primary address and gateway of an aggregator must still be manually configured in the node’s /etc/network/interfaces file and added to the aggregator node configuration, as described in changing a host IP address.

Do not also add this address as an interface address on the aggregator or it will conflict with the primary IP and prevent the aggregator from coming back online after bonding is restarted.

Warning

IPv6 private WAN is not compatible between 6.4 bonders and 6.5 aggregators. To maintain IPv6 private WAN connectivity between a bonder and an aggregator when upgrading to 6.5, both nodes must be upgraded.

IPv4 private WAN is fully compatible between versions.

Note

Aggregators must have their kernel upgraded as part of the upgrade to 6.5. This will require a reboot of the aggregator server.

Note

The bgpenable script is no longer supported and has been removed from version 6.5.

Deprecations

  • TCP proxy support for bonds running bonding 2015.4 or earlier will be removed in a future version.

Bondingadmin

Note

Bondingadmin now runs on Debian 10 Buster.

Note

The /api/v4/settings/ and /api/v3/settings API have had some fields removed and others added since most aggregator failover settings are now managed per-aggregator.

Note

Source address verification is now disabled by default on new bonds. Existing bonds will remain the same.

Note

Only the Administrator default user group is created on new bondingadmin servers. Existing bondingadmin servers are unaffected by this change.

Warning

Bonders in a private WAN space running in one of the new private WAN modes must be on an aggregator running version 6.5, or they will be isolated from the WAN.

Additions:

  • New private WAN system bypassing the need for private WAN routers.

    • Private WAN spaces now have managed mesh and unmanaged modes that do not require private WAN routers and allow many custom routing scenarios that were previously impossible or difficult.
    • Private WAN spaces can also continue to work as before in the ‘With private WAN routers’ mode.

  • The aggregator page now has a networking configuration section and addresses can be statically configured to interfaces.

  • Aggregators and bonders can be configured to use VXLAN interfaces.

  • Aggregators and bonders can be configured to use dynamic routing protocols and filters. Each node page now has protocols and filters panels added to their networking configuration interfaces for configuring dynamic routing.

  • Aggregator interfaces can be associated with private WAN spaces to ensure routing isolation.

  • A new method of defining per-space VLAN interfaces and protocols has been added, allowing automatic configuration of aggregators hosting bonds in a given space. This is similar to existing private WAN router integrations, but more customizable.

  • Aggregators and private WAN routers only receive configuration related to spaces containing a bond or gateway necessary for communication. In private WAN setups that contain many spaces, this can greatly reduce resource usage on aggregators and private WAN routers.

    Note

    This change does not require a bonding upgrade on private WAN routers or aggregators, but does require that the bonding service be restarted on those nodes.

  • Spaces can be nested arbitrarily deep (formerly, nesting was limited to 5 levels).

  • Aggregator failover settings are now managed on aggregators directly, allowing certain aggregators to have more or less tolerance to issues than others.

  • SSH keys can now be added to users, automatically adding or removing the keys from nodes according to the user’s permissions.

  • Each bond has a tunings list page at /bonds/<ID>/tunings/, listing all bond and leg tunings, and each tuning has a details page showing all logs, errors, and results for that tuning.

  • Aggregators now support edit-multiple functionality similar to bonds.

  • Significantly sped up retrieval of node configuration updates in the management interface.

  • The default minimum path MTU for legs is now 1383 (the IPv6 minimum MTU of 1280 bytes plus the worst case tunnel overhead of 103 bytes).

  • Leg speed tests keep track of the leg’s configuration at run time for later auditing.

  • All options are now displayed by default on the bond and aggregator pages.

  • IPv4 and IPv6 private WAN routing protocols are consolidated, significantly reducing overhead for running spaces.

    Note

    If you have any private WAN that utilizes IPv6 before 6.5; there will be an outage for the IPv6 private WAN until all relevant nodes are upgraded to 6.5 if any related nodes are upgraded.

  • Certificates for encryption are now signed with SHA256.

  • Salt states are applied to new nodes faster.

  • Replify WAN optimization can be enabled on bonds.

Fixes:

  • Fixed configuration updates being generated for offline nodes.
  • Fixed an issue causing superfluous queries to /bonds/X/config_updates/.
  • Fixed disabled legs sometimes reporting as flapping.
  • Fixed an issue with packet loss counts being reset to zero every time a leg flapped.
  • Fixed a bug where it was sometimes possible to define a DHCPv6-NA service with a prefix pool outside of the associated connected IP network.
  • Fixed management web server not being properly reloaded after renewing a lets-encrypt certificate.
  • Fixed several issues allowing the speed test queue to occasionally get stuck.
  • Fixed tunnel bypass configuration not being applied after starting.
  • Fixed display of API URIs.

Bonding Node

Note

Bonding now supports Debian 9 Stretch and Debian 10 Buster. A new ISO is available which provisions bonding on Debian 10. This new ISO is faster and more reliable than the previous ISO as it has bonding and its dependencies preinstalled. The previous ISO is still available for legacy purposes.

Warning

Debian 8 Jessie will lose LTS support as of June 30, 2020. After this point, there will be no future security updates for the operating system, but bonding will continue to run after this date. We recommend that all new nodes are provisioned with Debian 10.

Warning

Due to the migration to predictable interface names (e.g., enp1s0 over eth0), we strongly suggest not upgrading the Debian distribution on remote nodes. If a remote distribution upgrade is required, we recommend that an alternative access method (i.e., serial or IPMI) be utilized instead of relying on remote networking for access. Without such access, there is an extremely high chance that the remote node will be orphaned after the distribution upgrade and reboot. See Upgrading to Debian 9 and above for more details.

Additions:

  • Debian 9 and 10 support.
  • Kernel upgraded to 5.4.15.
  • Various updates to consume new configuration.
  • Nodeconfig timeout is now configurable, and the default is longer (1 minute).

Removals:

  • Debian 7 is no longer supported in this release. Bonding version 6.4 is the latest version to support that operating system.

Fixes:

  • Fixed a bug where tunnel bypass and CPE NAT IPs could conflict.
  • Fixed a bug allowing large config updates to bog down the config update queue.
  • Fixed aggregators not working behind NAT (this worked in 6.3).
  • Fixed rate-limits not working after a bond is moved to a different aggregator.
  • Fixed an issue with DHCP addressing hooks running before the address is actually applied to interface.
  • Fixed the INTERFACE variable not being properly set for connected IP hooks.
  • Fixed an issue causing slow failover times on bonds with encryption enabled.