SD-WAN 2015.1 release notes

January 21, 2015

SD-WAN 2015.1 adds automatic detection of leg MTUs, the ability to set leg and connected IP Ethernet modes and the ability to manage and monitor node connection tracking table settings from the web admin, and improves the management server API.

Bonding Node

Additions

  • Leg MTUs are detected automatically. This eliminates the need to test and set MTUs manually, as was previously required in certain situations. MTU detection is enabled on both new and existing bonds.
  • Leg and connected IP Ethernet interface configuration is taken from the management server. It is no longer necessary to make a hook script to make Ethernet mode changes persistent.
  • Interface errors and collisions are reported to the performance charting database on the management server.
  • Connection tracking table sizes are reported to the management server.
  • Nodes report if their filesystem is read-only. They test the filesystem where /var/lib/bonding/ is mounted.
  • The node process tries to ensure that the Quagga zebra daemon is always enabled.

Changes

  • MTUs on tunnel interfaces can now be different between bonders and aggregators. This can happen if MTU detection finds different upload and download MTUs on a leg.
  • TCP MSS clamping now occurs when TCP packets come out of a tunnel interface, rather than when the packets go into a tunnel interface.

Fixes

  • The timeout for configuration to complete after submitting a node key on a default bonder has been increased from 30 seconds to 60 seconds. This improves reliability when configuring slow devices such as the PC Engines Alix.
  • Tunnels stop speed tests properly even when speed test initiation packets are lost between the aggregator and bonder. This eliminates an issue where too many test results packets could be reported during speed tests, resulting in sawtooth patterns in throughput charts.
  • Various improvements have been made to performance collection and reporting applications on the node.
  • Fewer updates are sent to the management server about changes in leg latency, ping timing, and detected speeds.

Patches

2015.1-5:Minor change to socket creation behaviour of TCP proxy to reduce the number of “address already in use” warnings.
2015.1-6:Fixed an issue performing TCP clamping with bonds using Private WAN and fixed an issue establishing encrypted links in some scenarios on bonds with only one available leg.
2015.1-7:Fixed an issue creating connected IPs on VLAN interfaces.
2015.1-8:Fixed an issue that could reduce bonded throughput with compression enabled and an issue that could cause the tunnel latency chart to report higher-than-expected values.
2015.1-11:Fixed an issue that prevented speed test chart data from being recorded with a 2015.1 aggregator and older bonder versions. Fixed an issue on Debian Wheezy bonders that prevented outgoing connections being made with the expected IP address on bonds with multiple CPE NAT IPs and the TCP proxy enabled. The issue has not been fixed on Debian Squeeze bonders due to limitations in the iptables package on Squeeze.
2015.1-12:Fixed an issue with the TCP proxy that caused web pages to load slowly when a bulk upload was taking place.

Bonding Admin

Additions

  • Detected leg MTU values are shown on bond details pages. Fields have been added to change or disable automatic detection.
  • Ethernet speed and duplex settings for leg and connected IP interfaces can be changed from the web interface.
  • The size of connection tracking tables on nodes can be changed and monitored from the web interface. A warning is shown for a node when it approaches the maximum table size, and the node details page has a chart that shows the connection tracking table size over time.
  • DTLS replay protection for tunnel encryption can be disabled with a new bond option. This increases the risk of a replay attack, but can reduce observed packet loss on legs with significant reordering.
  • The web interface shows an error message for bonders or aggregators that have a read-only filesystem.

Changes

  • API resources now contain a version number in the URI. This improves our ability to update and deprecate API features. The root API, without a version number, will continue to operate like the original API until it is deprecated.
  • Certain API resources now include child objects. For example, the bond resource includes information on each of a bond’s legs. This can significantly reduce the number of requests necessary to fetch information from the API.
  • The edit multiple bonds dialog now allows the secondary aggregator and QoS profile fields to be cleared.
  • Various pages, most notably the bond index page, are generated on the browser using information from the API. This is part of a series of planned improvements to make the user interface faster.
  • Various pages, menus, and dialogs in the management server have been changed to maintain usability.
  • Backup files in /var/lib/bondingadmin/primary-backups are purged after 30 days.
  • Configuration updates related to QoS profiles are no longer sent to aggregators that have never been online.
  • Configurations in the Nginx web server have been changed to improve SSL security, compress all responses, improve web client security, and prevent Internet Explorer displaying the web site in compatibility mode.

Removals

  • Integration with FreeRadius servers for PPP leg authentication has been removed. No partners were using this feature.

Fixes

  • Aggregator failover emails are only sent to users set as active.
  • Various improvements have been made to the management server performance reporting and time-series database, InfluxDB.
  • Various unhandled exceptions in the API are now handled properly.
  • The leg state changes chart no longer connects points improperly under certain circumstances.

Patches

2015.1-8:Improved validation of API objects.