SD-WAN 6.2 release notes

We are pleased to announce the release of SD-WAN 6.2. The focus on this release is a new traffic classification system allowing for tunnel bypass of particular traffic and flow collection and export for greater visibility into the network traffic passing through bonders.

Important notes:

Warning

The deprecated v1 and v2 versions of the Bondingadmin REST API will be removed in the next release. Any applications utilizing these deprecated APIs should be migrated to the v3 API as soon as possible.

These API URLs will be removed in a future release:

  • /api/ (this is an alias for /api/v1/)
  • /api/v1/
  • /api/v2/

This URL will be the only supported one going forward:

  • /api/v3/

Warning

Breaking API change: The roaming field for mobile broadband legs in the API is now a proper boolean rather than a string which returns “True” or “False”. Any customizations that make use of this field need to be updated to account for this.

Major Features

  • A new traffic classification system was implemented to allow for more control of bonder traffic using Classification Profiles. In previous releases, all non-local traffic from connected IP interfaces was directed into the bonding tunnel and routed through aggregators and private WAN routers. In this release traffic can be classified according to packet filters in a Classification Profile and directed into the tunnel or via a Tunnel Bypass configuration on the bond, which will send the traffic directly via a leg interface. See the Tunnel Bypass documentation for more information.
  • A flow collection feature has been added so that bonders can report flow data via the IPFIX, Netflow, and sFlow protocols. This allows for fine-grained monitoring of the bonder traffic when coupled with an external flow collector such as Scrutinizer, SolarWinds, ntop, or Elastic (ELK) stack. See the Flow Collectors documentation for more information.
  • The leg display on bond detail views have been completely redesigned to show data in a more concise manner. We believe this improves readability, particularly on mobile devices.
  • The Bonding Admin documentation has been migrated to a new format that includes a search function.

Bonding Admin

Additions:

  • A new Classification section is available under the Policies menu where Classification Profiles can be managed. The Classification Profiles are currently used to classify traffic for Tunnel Bypass.
  • Bond pages have a new Tunnel Bypass button which leads to the configuration of Classification Profiles and Tunnel Bypass for the bond. See the Tunnel Bypass documentation for more information.
  • When Tunnel Bypass is enabled on a bond, a new chart is displayed to show the amount of traffic that is bypassed via legs instead of sent through the tunnel.
  • A new Flow collectors section is available under the Policies menu where flow collectors can be configured. Any number of flow collectors can be added using the IPFIX, Netflow, or sFlow protocols. Individual bonds may be configured to use one or more of these collectors. See the Flow Collectors documentation for more information.
  • The bond edit and multiple edit views allow for adding and removing flow collectors that have been defined under the Policies menu. This operates similarly to QoS profiles, except that multiple collectors may be added.
  • Permissions have been added to regulate access to Classification Profiles and Flow Collectors. These are found under the Policies section of the user and group permission pages. By default, each group has been granted access to Classification Profiles and Flow Collectors to the same degree that they currently have with QoS profiles.
  • The leg displays on the bond detail view has been completely redesigned to display information is a more concise manner. Feedback on this change is welcome.
  • The system for sending configuration updates to nodes has been rebuilt into a new service called Homestead. This new service was built to increase reliability of the update scheduling, which, in previous versions, could get stuck in rare circumstances.
  • Documentation was migrated to a new format with search capabilities.
  • The CPU governer of nodes can now be managed in the respective edit views. Selection of an alternate governer, particularly performance, may improve bonding throughput on certain platforms. The governer for a node can be set under the advanced section of that node’s edit view. The default governer for new nodes can be set in the Node Defaults view under the Administration menu.
  • The system requirements and recommendations for nodes are now included in the documentation. See System requirements for more information.
  • TCP segmentation offloading can now be disabled for private WAN backhauls on aggregators and private WAN routers. This is necessary on some platforms, particularly VMWare, that suffer severe performance degradation when the backhaul is encrypted. The relevant option can be found under the advanced section of the aggregator and private WAN router configuration views.
  • On the bond edit view and via the API, the aggregator and the space may now be set simultaneously.
  • On aggregator and private WAN edit views, options that require a manual restart of services are marked as such.
  • The default settings for leg and bond speed tuning have been adjusted for new Bonding Admin installs. Testing has revealed that these new settings decrease the amount of time the tuning process takes in most cases without sacrificing accuracy. Note that these settings are not automatically applied to existing Bonding Admin servers. If you would like to try them, go to the Speed Tuning item in the Administration menu and change the following settings:
    • Binary search range threshold factor: 0.1
    • Binary search range threshold minimum up: 0.1
    • Binary search range threshold minimum down: 0.1

Fixes:

  • If invalid email settings are configured, the management server no longer fails silently when adding new users.
  • Detection of the primary private WAN router has been improved to be more accurate in certain circumstances.
  • The time zones used for the time display of speed tests are now consistent between the list and detail views when the client browser is in a different time zone than the Bonding Admin server.
  • The display of routing groups in the IP allocation edit view is now correct on Internet Explorer/Edge.
  • The display of the latest bonding version on the Software Repository view under Administration sometimes showed an older version. This has been fixed.
  • If a space shares a key with one that had been previously deleted, some operations involving the new space would fail. This has been fixed.
  • The downtime prevented data for previous months no longer degrades over time.
  • Certain private WAN configuration changes are no longer sent to older nodes that don’t support them.
  • New routing groups can now re-use names that match names of deleted routing groups.
  • The process for collecting metrics from nodes now operates more efficiently when accepting data from a large number of nodes.
  • The aggregator failover process now gracefully handles a certain type of protocol error with the aggregator monitoring that can occur in rare cases.
  • The edit multiple bonds view now no longer allows selection of aggregators or QoS profiles that are not valid for the entire set of selected bonds.
  • Static legs can now be configured with private IP addresses that are also configured on legs on other bonders.
  • The private WAN router provisioning instructions incorrectly instructed to not configure the ext bridge when using a separate VLAN trunk interface. The instructions have been updated with the correct information.
  • The downstream packet loss chart now shows the downstream packet loss across the whole timeframe if the aggregator was changed during that period.
  • An error is now shown if an attempt to delete a QoS profile that is in use by a bond is made.
  • The QoS profile packet filter edit view now shows the appropriate error if the source network field contains invalid data.
  • Certain incorrect hashlimit settings in QoS profiles are now detected properly in the QoS profile edit view.
  • The leg MTU detection time field in the bond edit view no longer accepts a blank input.

Bonding Node

Additions:

  • Bonders now have the ability to classify traffic and and optionally bypass traffic via a leg interface. See the Tunnel Bypass documentation for more information.
  • Bonders will now export flow information for client traffic to flow collectors if configured in Bonding Admin. See the Flow Collectors documentation for more information.
  • Nodes will now set the CPU governor according to settings in Bonding Admin. Selection of an alternate governor, particularly Performance. may result in increased throughput on certain platforms.
  • The boot menus on the provisioning images have been updated:
  • On the first menu:
  • Serial (ttyS0) is now Via Device Serial Port
  • USB Serial (ttyS1) is now Via Device USB Port
  • Virtual is now Display with keyboard
  • On the second menu:
  • Automatic is now Image with Node Key (ZTP)
  • Automatic default Bonder is now Image without Node Key
  • Auto except Net is now Static IP (Aggregator)
  • Regular has been removed

Fixes:

  • The provisioning images now correctly format devices using EFI firmware.
  • The bondlog program now correctly shows private WAN agent logs using the space parameter. See the bondlog section in Node Applications for more information.