Appliance Release v0.31

This page contains the release notes for the v0.31 Anapaya appliance software release. The appliance software release is applicable for the following Anapaya products:

  • Anapaya CORE

  • Anapaya EDGE

  • Anapaya GATE

We recommend always upgrading to the latest available patch release. Please refer to Upgrade Notes (if any) of each release if there are any special steps to be taken when upgrading. For general information, on how to upgrade your appliance, please refer to Software Updates.

Known Issues

  • Metrics exported by the appliance are missing labels for releases v0.31.0 - v0.31.2.

v0.31.0 (2022-10-06)

Features

Cryptographically Signed Releases

To verify that an Anapaya software release has not been tampered with from the time it is released until the user installs it on an appliance, we now cryptographically sign our software releases of the anapaya-scion and anapaya-system packages. This enables the appliance installer as well as third parties to verify the authenticity and integrity of our software releases against a root of trust.

To sign our releases, we generate an ECDSA-P256 key pair. Using the private key, our signing tool computes the signature over the SHA256 hash of an Anapaya software package, which will serve as the signature of the corresponding package. The private key is stored in a highly-secure, access-controlled location to ensure that it is not compromised.

The public keys and the signatures of each release is published on releases.anapaya.net.

For more information on how to verify the authenticity and integrity of Anapaya software release, please refer to the Signed Releases section of the documentation.

Automatic Topology Synchronization

Anapaya appliances can now be configured to automatically exchange network topology information with each other. This greatly simplifies the configuration of additional SCION links to other SCION ASes. Previously, the existence of a link needed to be manually configured in each appliance. With automatic topology synchronization, only the appliance that owns the SCION link needs to be configured and every other appliance will automatically learn about it dynamically.

For more information on how to configure automatic topology synchronization, please refer to Topology Synchronization.

Flow Metrics

Appliances can now be configured to export metrics for IP-in-SCION tunneling flows via HTTP, HTTPs, or gRPC to a flow collector. This allows for the collection of statistics on the number of flows, their duration, and the amount of traffic they have generated per source and destination. For more information, please refer to the telemetry configuration.

Improvements

  • The appliance now has an API gateway in front of the HTTP APIs. The /metrics telemetry endpoint is now also available on the management API address, the telemetry address is now optional. On installation, the appliance is configured to listen on all IPs on port 443 with a self-signed certificate for HTTPs and a default anapaya account for basic authentication. This should be changed with the initial configuration. The default configuration of the management API address is now :443. When upgrading from a previous release, we recommended to change the management API address port to 443.

Fixes

  • The appliance controller process no longer aborts execution if it encounters a missing SCION section.

  • Notification disabling is now working as expected. If disabled is set and the deadline is in the future or not set, notifications are disabled otherwise notifications are enabled.

Breaking Changes

  • The /scion_tunneling/path_filters/sequence is removed from the appliance configuration. This has already previously been renamed to /scion_tunneling/path_filters/hop_pattern. Please migrate your configuration to use the new name. There is no auto-migration support for this.

v0.31.1 (2022-10-18)

Fixes

  • Flow metrics are now correctly exported via HTTP(s).

v0.31.2 (2022-10-21)

Improvements

  • Added the option to configure the source address for the IPFIX exporter.

v0.31.3 (2022-11-04)

Improvements

  • Topology synchronization can now be deployed and enabled gradually. Previously, all appliances were required to be on release v0.31 to enable automatic topology synchronization.

  • The``anapaya-scion`` package can now be installed even if the API gateway is not available on the appliance yet. This is crucial for upgrades from previous releases.

Fixes

  • Metric labels are now correctly exported again.

  • The ports of the exported flow metrics are now correctly displayed. Previously, the endianness of the port numbers was inverted.

v0.31.4 (2022-11-15)

Fixes

  • The anapaya-scion package can now be correctly installed on appliances even when an API gateway has already been installed.