BGPalerter Versions Save

(what it is? how to install? read here)

[minor]

• included Trust Anchor specific tolerance on malfunctions (more tolerance for AFRINIC, see issue https://github.com/nttgin/BGPalerter/issues/1204)
• updated node version (previous version EOL)
• build debian packages on release (thanks @jbond)
• introduced auto-submitted header to reportEmail to avoid auto-responders replying to alert emails (thanks @XioNoX)
• introduced blacklistSources parameter in connectorRIS to ignore specific collectors' peers (thanks @tomsiewert)
• introduced skipPrefixMatch, which allows to send all the AS-related alerts to the AS monitoring rule instead of giving priority to prefix rules
• introduced specs check at boot
• enriched RPKI metadata payload to all RPKI events, to troubleshoot issues on vrp files

[patch]

• fixed memory usage spikes and reduced overall memory usage
• updated and patched dependencies (including security patches)
• improved CPU usage
• fixed RIPEstat connector timeouts while generating neighbor configurations of ASes with large customer cones
• fixed RIS connector to prevent triggering RIS flooding protections
• automatically create volume directories if not yet available at boot
• more robust AS number validation
• fixed update script erroneously wiping log files on software update (thanks @davemidd)
• reduced stack usage on match filtering
• fixed rare situation in which RPKI alerts were missing information about the expiring parent component
• fixed occasional duplicated alert about ROA diff due to unstable hashing

[minor]

• introduced reportMatrix (thanks @nickbouwhuis)
• introduced Jira integration (thanks @momorientes and @PacketVis)
• introduced safety threshold to avoid alerting on stale rpki data
• introduced possibility to specify notificationIntervalSeconds per reporting module
• default to enableAdvancedRpkiStats to false to reduce memory usage
• migrated to node 18

[patch]

• fixed memory usage peaks that was causing occasional crashes on low-spec VMs
• reduced data usage for rpki data downloads based on http headers
• updated dependencies, including security patches (https://github.com/nttgin/BGPalerter/pull/801, https://github.com/nttgin/BGPalerter/pull/1010)
• improved wording of misconfiguration alert (https://github.com/nttgin/BGPalerter/issues/940)
• improved documentation
• fixed alert text including multiple origin ASes that was provoking weird comma-separated listing
• fixed ambiguous reporting of expiring roa components in case of advanced stats out of sync with vrp file
• fixed rpki parsing util not accepting "api" as valid provider (https://github.com/nttgin/BGPalerter/issues/1005)

[patch]

• fixed a bug that was impacting the sensitivity of withdrawal detection for ipv6 prefixes (thanks @mfld-pub for reporting and helping with the debugging)
• fixed event context for path monitoring
• updated dependencies

[minor]

• Introduced Debian packaging (thanks @b4ldr)
• Enrich alert data with covering vrps at the time, for easier debugging (reported by @PacketVis)
• Add relevant data bits of path monitoring to context/email templates to be able to provide actionable alerts (reported by @PacketVis)

[patch]

• Fixed navigation of rpki chain (and improved performance), when ROAs were expiring due to a manifest, this was not reported correctly making the alert ambiguous (thanks @PacketVis)
• More reliable detection of silent sockets not based only on ws ping
• Added github-actions and docker to dependabot monitoring (thanks @GoliathLabs)
• Updated and patched dependencies

This is a patch on version 1.30.0, which introduced many improvements. Including, better RPKI monitoring able to self-debug some RPKI issues (thanks to rpki-client metadata, @job). E.g.,

The following ROAs will become invalid in less than 2 hours: <193.0.0.0/21, 3333, 21, ripe>; 
<193.0.10.0/23, 3333, 23, ripe>. The reason is the expiration of the following 
parent components: rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

--> See v1.30.0 for complete changelog.

[patch]

• Fixed missing metadata in some roa alerts.
• Allow disabling rpki stats to reduce memory usage and introduced memory requirements in documentation

[minor]

• Improved RPKI alerting to include more detailed information about the exact expiring/malfunctioning components. It will tell you whether your ROAs are expiring or something else in the validation chain (thanks to rpki-client metadata, @job). E.g.,

  The following ROAs will become invalid in less than 2 hours: <193.0.0.0/21, 3333, 21, ripe>; 
  <193.0.10.0/23, 3333, 23, ripe>. The reason is the expiration of the following 
  parent components: rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
  

• Improved alert metadata to include info about the exact ROAs covering the prefix at the time of the reporting, the validator used, the host used for the validation, the time of the last validation cycle, and more.
• Improved logs to inform when and where alerts are sent (to which email/ip/channel), in addition to the usual log in case of failure. This helps in discovering silent failures (e.g., a fw between BGPalerter and your syslog instance).
• Split channels between monitorRPKI and monitorROAs in the default configuration, to easily dispatch the alerts in different reports.
• Added support for docker-compose (thanks @GoliathLabs).

[patch]

• Updated dependencies and improved security.
• Fixed error in generating context when showPath is active but no paths are reported.
• Fixed error on neighbor auto-config on configurations when generating configurations based only on prefixes (reported by @donwito).
• Improved performance on watching prefix list.
• Fixed canary feature not recovering after multiple failures.
• Improved documentation about installation and ROA alerting.
• Updated version of supported Kafka.
• Improved linux doc on how to automatically run upgrades (thanks @herbetom).
• Reduced memory usage of prefix-generation phase.
• Many minor fixes...

[minor]

• Introduced authentication header for websocket connections 006eb64e6b5bbc428d125f7a041682a42b0eeb44
• Introduced timeout verification in case of missing open message from RIS 0125b17514145fd0c79bae244171a07588794239
• Introduced OpsGenie HTTP configuration example d1761bbf9c987881da9c2728efec02adee5e22db (thanks @trickv)
• Introduced RocketChat HTTP configuration example 0f52fb214bdf064209b00dd4b2ecdd94f0756daa (thanks @cadirol)
• Binaries are now compiled against node 14 006eb64e6b5bbc428d125f7a041682a42b0eeb44

[patch]

• Updated dependencies
• Fixed traling slash bug on ws parameters e4f19d35c7ef7dc1eaca74cd9754503c22762f35
• Improved documentation about volume parameter 2bb199a3d89f3502823953b41b408b7cbcfda9c5
• Update Kafka version in automated tests environment 53203ba7e1bc0e17920244c17d6d4d87a419eb11
• Adopted semver nomenclature in documentation 4491f4ee630728fe4e2210fd260a8d2c5e2b8d20
• Filter out RIS beacons when these are used only as a health check of the socket (preventing #732 for some RIS feeders) 4301b2b3a8d16911919b410745e2a98d04236ecc
• Improved TA malfunction alert fdce01d58fd42a08adee41446ce4c8d23a8cdadf

TODO

[patch]

• fixed bug in which monitoring rules were overwriting each other (#648);

This bug may have affected your auto-generated prefixes.yml file (delete prefixes.yml and generate it again)

• pointed RIPE's vrp api to the new api powered by routinator;
• updated dependencies.