==================================
SD-WAN 6.8 release notes
==================================

We are pleased to announce the release of SD-WAN 6.8. This release brings
improvements to the management server database, support for bridge interfaces,
as well as a number of new API endpoints.

Major Features
--------------

- The `SD-WAN 7.0 preview </node>`__, codenamed "Laywire", is now available.
  This version implements a new vision of SD-WAN that allows for many new use
  cases that were previously difficult or impossible to implement. Initially,
  a number of features will not be immediately available, but they will be
  added over the coming months. In this release the following features are
  available:
  - Basic interface configuration
    - Static IPv4 and IPv6 addresses with peer and gateway routing
    - DHCP
    - Configuration can be set to persist on service shutdown for maintenance
    - Alternative interface names can be set
  - SD-WAN tunnels, now called peers
    - Multiple peers can be established to any number of other nodes or groups
      of nodes simultaneously or as failover
    - Multiple levels of failover are supported
    - Failover is managed exclusively by the nodes themselves
  - Nexthop object based routing
    - Routes can be created that target peers and fall back to other peers or
      local gateways
  - Multiple VRFs can be defined for routing separation
    - Traffic for multiple VRFs can be passed over single peers
  - Manual network configuration is no longer required for nodes used as
    concentrators. All configuration is managed via the web interface
  - Orchestration mesh for reliable communication between nodes and the
    manager
  - Access rule configuration
- SD-WAN 6.8 now supports the following distributions:
  - openSUSE Leap 15.6
  - openSUSE Leap 15.5
  - openSUSE Leap 15.4
  - Debian 12 "Bookworm"
  - Debian 11 "Bullseye"
  - Debian 10 "Buster" is supported to allow migration of nodes to newer
    versions of Debian

Deprecations
------------

.. warning::

    The following distributions have been deprecated in SD-WAN 6.8:
      - Debian 8 "Jessie"
      - Debian 9 "Stretch"
      - All versions of Red Hat Enterprise Linux

.. warning::

    The following distributions will be deprecated in SD-WAN 6.9:
      - Debian 10 "Buster"
      - Debian 11 "Bullseye"
      - openSUSE Leap 15.3
      - openSUSE Leap 15.4


Bondingadmin
------------

Changes:

- Bondingadmin has been updated to run on Debian 11 "Bullseye"
- A new frontend framework has been built for managing 7.x nodes
- The main page shows a simple dashboard instead of the bond list
- All node keys are now generated with a common prefix specific to the
  management server. This will be used to allow pre-built images on deployed
  hardware without the need for server-specific customization
  - On upgrade all nodes will be assigned new node keys. However, any
    previously-set node keys will continue to work
- A new v5 API has been added for managing SD-WAN 7.0 configuration
  - HTTP basic authentication is no longer valid for V5. The login mechanism
    now returns a bearer token to be used on subsequent calls. This token is
    accepted for V4 and V3 calls as well
- New documentation viewers are available for all API versions:
  - Stoplight Elements (allows in-browser interaction)
  - Swagger-UI (allows in-browser interaction)
  - Redoc
- All cron-based task have been migrated to Systemd timers
- A configuration manager was added for tracking changes and building
  configurations for SD-WAN 7.x nodes
- A node manager was added for tracking the state of SD-WAN 7.x nodes and
  sending configurations generated by the configuration manager
- A new orchestration mesh was implemented to allow for reliable communication
  between the manager and nodes, as well as between nodes
- The TimescaleDB PostgreSQL extension has been added
- Migrated the SSH keys used for backups from RSA to ECDSA
- Updated the system requirements to reflect recent changes

Fixes:

- Some upgrade and migration issues that required manual intervention to
  resolve have been fixed
- The uWSGI cache size has been increased to match the expected size, solving
  cache-full issues found in some environments
- The openSUSE Leap repositories set via Salt now use the management server
  URLs instead of the upstream ones
- Fixed incorrect OSPF allow rule when OSPF was configured on an openSUSE node
- Fixed an issue where a bond could not be deleted while processing an update
  for it from an aggregator
- Fixed an issue where multiple spaces created at the same time sometimes
  resulted in resources appearing to be in multiple spaces


Bonding Node
------------

Changes:

- Support Debian 11 "Bullseye" and Debian 12 "Bookworm"
- Bumped the mimimum kernel version on Debian Buster to 5.10
- The DHCPv4 client was changed back from ISC to udhcpc due to incorrect
  renewal behaviour
- Support setting some modern Ethernet interface speeds:
  - 2.5Gbit
  - 25Gbit
  - 40Gbit
  - 100Gbit
- When unsetting a custom interface hardware address, it is now reverted to
  the recorded permanent address if available
- Custom BIRD configuration on Private WAN routers will now load even when not
  active
- ``bonding-deconfigure`` now calls ``bonding-setup`` to set up as a default
  bonder
- ``bonding-sysprep`` now supports all distributions
- Created a new troubleshooting interface setup service that works across
  distributions to replace the old Debian interfaces setup
- ``bonding-setup`` now ensures that the Systemd journal is preserved across
  reboots
- Ensure a time daemon is set up in ``bonding-setup``
- The Systemd service units were updated to use the newer
  ``StartLimitIntervalSec`` option
- All cron tasks have been migrated to use Systemd timers
- Changed all legacy syslog calls to log directly to the Systemd journal
- Use a direct netlink method of querying the root interface queuing
  discipline that is faster than calling an external command

Fixes:

- Fixed an issue with DHCP on legs wiping out the leg routing table on certain
  configuration changes
- Fixed an error that would occur on DHCP LEASEFAIL and NAK events
- Fixed a race condition in DHCP that would occur in certain environments
  where the service is not started quickly enough
- Fixed crash caused by sending a router solicitation on an interface without
  a link local address
- Fixed missing restart actions on legs that resulted in a crash on leg
  changes
- Fixed a race condition in the jitter buffer interface setup
- Fixed a crash setting a space gateway on an aggregator where the managed
  trunk interface is missing
- Changed the management tunnel notification timeout from 5 seconds to 30
  seconds to avoid an unnecessary failure on slower devices
- Don't crash on interface names with non-UTF8 characters
- Fixed an issue with tunnel bypass rule ordering
- Fixed an issue where a route change caused the nftables manager to crash
- Fixed an issue where a conencted IP change caused the nftables manager to crash
- Fixed custom filter-forward rules not getting picked up
- Fixed QoS not getting restored when nftables is manually restarted
- Fixed issues with usrmerge in Debian Buster
- ``bonding-setup`` no longer rejects partially working configurations
- ``bonding-setup`` now considers interface altnames when checking interfaces
- Fixed troubleshooting interface detection in ``bonding-setup``
- Fixed an issue in nodessl where the CA was not downloaded when changed on
  the manager


Laywire Node
------------

Changes:

- Added the Laywire node for version 7.0. This replaces all node types from
  bonding 6.x
  - A command line tool, ``laywire``, can be used used to check status and
    inject temporary custom configurations
  - A built-in multi-link caching DNS resolver was built
    - It keeps track of DNS connectivity on all available interfaces
    - It detects and rejects DNS servers that return bogus results as well as
      interfaces where redirection to such servers is present
  - Full traffic isolation avoids a number of undesirable situations that were
    possible in 6.x
  - Version 7 nodes are not compatible with version 6 nodes
