=====================================
SD-WAN 2015.3 release notes
=====================================

June 19, 2015

SD-WAN 2015.3 adds support for mobile broadband modems (both
USB and internal PCI), tracks leg outages to report the amount of
downtime prevented by SD-WAN, and adds an Administration
section to the management server that provides a central place to manage
various settings, many of which were previously available only by
modifying text files on the server.

As announced in the 2015.2 release notes, this version is not compatible
with versions of SD-WAN prior to 2014.1. Partners will only be
eligible for the 2015.3 upgrade when they have upgraded all their nodes
to 2014.1 or later.

This release deprecates support for the performance charting features of
SD-WAN 2014.3 and earlier. Support for performance metrics
collection from 2014.3 and earlier nodes will be removed in 2015.4.
Since only the old performance metrics feature is being deprecated,
partners with 2014.3 and earlier nodes will still receive the 2015.4
upgrade.

Bonding Node
-------------

Additions
^^^^^^^^^^

-  USB and internal PCI modems can be connected to a bonder and used as
   a leg. All leg features such as latency reporting, MTU detection, and
   bandwidth adaptation are supported. To use mobile broadband legs, a
   bonder must run Debian 7 ("Wheezy"), not Debian 6 ("Squeeze"). It
   also requires a recent Linux kernel such as 3.14 or later. The 3.16
   kernel has been installed by default for all new bonders since late
   2014. Wheezy bonders imaged prior to that can be remotely upgraded to
   a recent kernel.
-  Connectivity to DNS servers is monitored for each leg. This allows
   bonders to connect to the management server more reliably in rare
   cases where one or more legs cannot contact any DNS servers.
-  Default configurations have been added in core applications to
   improve reliability if certain config files are out-of-date.
-  A number of fields have been added to the bond, leg, connected IP,
   and route hooks. See the hook documentation for the latest list of
   fields.

Removals
^^^^^^^^^

-  Removed handling for certain cached configuration files from very old
   versions of SD-WAN.

Changes
^^^^^^^^

-  Error messages from the nodeconfig, nodessl, and installer
   applications have been improved and clarified.

Fixes
^^^^^^

-  Fixed an issue that could prevent a leg from being used as a failover
   leg in the tunnel even if it appeared as failover in the management
   interface.
-  The available Ethernet interface modes for legs and connected IPs are
   detected properly on Squeeze bonders.
-  Fixed an error in the tunnel that could occur under rare network or
   host error conditions.
-  Fixed an error handing issue in nodeconfig and nodessl that could
   result in a traceback being shown.

Bonding Admin
--------------

Additions
^^^^^^^^^^

-  Mobile broadband legs can be managed from the web interface.
   Available settings include a field to enable or disable roaming,
   options to limit the modem to certain access modes (2G/3G/4G) and
   radio bands, and an optional IMEI field to make the leg use a
   specific modem. Data reported from the modems include signal
   strength, carrier name and modem model information.
-  Mobile broadband provider settings are managed in profiles that are
   applied to one or more legs. Provider profiles can be created from
   scratch or by searching an included crowd-sourced database of mobile
   providers.
-  Leg outages are tracked in order to report the amount of downtime
   prevented by SD-WAN for a bond. For example, if a leg fails
   for one hour, but SD-WAN prevents an outage by failing the
   customer's traffic over to a different leg, this is reported as one
   hour of prevented downtime. Values are reported for individual bonds
   and for the partner's entire environment. Bonders must be upgraded to
   2015.3 to report this data.
-  Leg statuses are are tracked and displayed in a 24-hour line chart on
   the bond details page. This makes it easy to tell at a glance when a
   leg is down, up, or degraded over the past 24 hours.
-  The custom node provisioning ISO offers an option to use serial on
   ttyS1 instead only ttyS0, to support devices with USB-mode console
   connections such as the new Netgate RCC series.
-  The provisioning ISO shows the management server URL on the first
   dialog.
-  A set of pages dedicated to administrative settings has been added to
   the web interface:

   -  Aggregator failover—configures the timeout values used by the
      aggregator failover service
   -  HTTPS security page—shows details about the TLS/SSL certificate
      used by the management web server, and displays a certificate
      signing request that can be used to get a signed certificate from
      an SSL vendor
   -  ISO defaults—allows changing the root password and time zone
      settings configured when installing a node from from the custom
      ISO
   -  Backups—shows details about local backup files and offers a ZIP
      file download containing a backup of critical management server
      data

-  Certain environment-wide settings are available in the API and server
   command line. All new settings added in future releases will also be
   available in the API.

Removals
^^^^^^^^^

-  Removed compatibility with nodes running versions of SD-WAN
   earlier than 2014.1.

Changes
^^^^^^^^

-  The leg user interface and editing forms have been redesigned to make
   more effective use of screen space.
-  The bond edit form has been clarified by enabling or disabling fields
   that depend on certain values in other fields. For example, the
   encryption cipher option is disabled unless the tunnel security
   option is set to encryption.
-  Performance of the speed test API and index page has been
   significantly improved.
-  The Users page has been moved to the Administration section.
-  The software repository option has moved from the Node Setup page to
   a dedicated page in the Administration section.
-  The periodic task that updates the list of nodes connected to the
   management VPN server now fetches the data from OpenVPN's control
   socket, not from its status file.
-  Configuration updates for bonds, legs, and other objects are no
   longer sent to aggregators that have never been online.
-  Backup files in /var/lib/bondingadmin/backups are no longer
   compressed.

Fixes
^^^^^^

-  Validation of fields set via the API has been improved.
-  Validation is improved for node metric reporting and collection
   intervals.
-  Pagination of the bond index page and other index pages now works
   properly when a search filter is applied.
-  Speed test results no longer return with partial data.
-  The aggregator list page no longer has icons for sorting by bond
   counts, since this was never supported.
-  When a speed test fails, the speed test list shows the error message
   instead of a generic message.
