Netris Release 3.3.0
Release date: 05 December 2022
- Equinix Metal users can now optionally use tags for associating servers with Netris V-Net service. This comes handy, especially for Infrastructure as Code (IaC) situations, to request servers and network resources in a single iteration.
Create V-Net based on existing unmanaged Layer-2 services in Bare Metal Cloud environments.
- Layer-2 services that exist in a bare metal cloud environment but are not yet part of any service that is managed by Netris will show up under the V-Nets section marked as Unmanaged. Users can use the “Manage” function to easily create a new V-Net service that will automatically apply the VLAN id and the list of servers associated with.
Multiple fixes to improve SoftGate nodes failover mechanisms to address high availability (HA) issues under specific circumstances.
- SoftGate nodes now have a local data store for caching controller data to better handle situations when a SoftGate node is being booted or re-booted during headless operations when Netris controller is unreachable.
- Access Control Lists (ACL) are applied symmetrically (where possible), so any SoftGate node is ready to permit/deny traffic in the event of a failover. Previously it required two cycles of Netris agent execution to populate ACLs after a failover event.
- Disabled preemption. For services that require active/standby operation (default gateway, SNAT) the last active SoftGate will remain active until the next failover.
- Fixed DHCP service failover. Previously KEA DHCP server daemon was failing on standby SoftGate node + in case of headless failover Netris agent was failing to auto-generate the right configs for KEA. Both issues are resolved.
- Improved NAT service failover when using BGP to advertise public IP address space. Previously NAT failover could take up to 10 seconds randomly.
- Improved failover of static routes defined through Netris. Previously failover of static route entries was taking up to 20 seconds.
Various improvements and bug fixes
- Users with switches running Cumulus NOS can now create security rules in inventory profiles also with any protocol, previously due to a software bug it was limited to tcp/udp only.
- More efficient auto-generation of ACL rules that are using port-ranges for SoftGate and SoftGate PRO.
- Access Control Lists (ACLs) with established=on are now using individual (per flow) “permit reversed established” rules for SoftGate nodes. While we keep using a general (for all flows) “permit anything established” for Switches to preserve TCAM.
- API logging is fixed.
- DHCP server service is now also supported for switches running Cumulus NOS.
- Support both bonded Layer-2 and Hybrid bonded interfaces in Equinix Metal. Previously switching server interface type to Layer-2 was causing issues.
- Netris agent managing Bare Metal Cloud environment now writes logs into Netris Controllers available under API logs section.
- Custom DHCP option sets can be attached to multiple V-Nets, previously due to a software bug it was limited to a single V-Net.
- NTP servers with FQDN are now supported in Inventory Profiles.
- L4LB used with multiple Kubernetes Clusters now can control which Kubernetes Cluster to be served through which load-balancer pool.