Second Bug Fix Release for v4.9.0

This is a bug fix release for version v4.9.0 that fixes some breaking changes.

If you are not yet running v4.9.0, please [follow the release notes for v4.9.0] and upgrade to v4.9.0 first. (It is not necessary to upgrade to v4.9.1, you can go straight from v4.9.0 -> v4.9.2.)

Quick Upgrade Instructions

This bug fix only has code changes and so the upgrade process is simple - in your IXP Manager installation directory (referred to as ${IXPROOT} in the usual upgrade instructions just run the following:

git fetch --all
git checkout v4.9.2

Bug Fixes

• Fix password reset location (68ae7c1)
• Remove CSRF from API POST routes (2f05ce4)
• Disable CSRF for the login page (c06ac1d)
• Fix and improve some issues with the switch configuration display (5274189, aa0344d)
• Restore name field to user profile - fixes #500

Bug Fix Release for v4.9.0

This is a bug fix release for version v4.9.0 that fixes some breaking changes.

If you are not yet running v4.9.0, please [follow the release notes for v4.9.0] and upgrade to v4.9.0 first.

Particular thanks to @nickhilliard and @rfc1036 for finding and reporting most of these.

Quick Upgrade Instructions

This bug fix only has code changes and so the upgrade process is simple - in your IXP Manager installation directory (referred to as ${IXPROOT} in the usual upgrade instructions just run the following:

git fetch --all
git checkout v4.9.1

Bug Fixes

• Fix API auth issue after removing Zend (57f5fdc)
• Fix issue with peering manager / peers and customer over display (5cf0de6)
• Route::redirect() does not use the base URL apparently (3731a1e)
• Ignore ports that are not up on port audit report (c03976f)
• Fix authenticated issue with lookingglass now that Zend auth is gone (f19e961)
• Use the "default route" rather than hard-coded "/" (afcddf0)
• update proxies to match entities (386905e)

4.9.0 - Zend's dead, baby

IXP Manager v4.9.0 is a milestone release for INEX and the IXP Manager project: it represents the completion of a ~2 year project to remove the end-of-life and end-of-support Zend Framework v1 which has been replaced by Laravel - a modern and hugely popular PHP web application framework.

Support Lifetime for v4: It is our intention to provide bug fix and security support for IXP Manager v4.9 in line with Laravel's published support policy for Laravel v5.5. Note that IXP Manager v4.9 runs on Laravel 5.5. This means bug fix support to August 2019 and security support to August 2020.

Primary IXP Manager development will shortly shift to a new v5 branch and all new features will be added here.

This is a large release and there are a number of user actions required to complete the upgrade from v4.8.x to 4.9.0 successfully - please get a ☕️ (or a 🍺 ) and read through these and perform all the required tasks.

Overall summary:

$ git --no-pager diff --shortstat --no-merges  v4.8.0 v4.9.0
 1064 files changed, 24949 insertions(+), 46369 deletions(-)

Upgrade Instructions

If you are using sflow to detect BGP sessions to populate the peering matrix and peering manager, please stop the sflow-detect-ixp-bgp-sessions daemon before you start the upgrade (see Peering Matrix and Peering Manager below).

1. please follow the official upgrade documentation without skipping any steps.
2. run this command: ${IXPROOT}/artisan ixp-manager:upgrade:copy-contact-names
3. if you missed it in the updated upgrade instructions, run this command: ${IXPROOT}/artisan migrate
4. remove any existing sessions: rm ${IXPROOT}/storage/framework/sessions/* (the authentication backend has switched from Zend Framework to Laravel)
5. complete some post-upgrade tasks and manual database changes covered in this release notification.

If you stopped sflow-detect-ixp-bgp-sessions, do not restart it just yet - see below.

Peering Matrix and Peering Manager

These two tools have been fully migrated to Laravel with a number of database optimisations and fixes. You can review the official documentation for these here:

• https://docs.ixpmanager.org/features/peering-matrix/
• https://docs.ixpmanager.org/features/peering-manager/

The following is only relevant to you if you are using sflow to detect BGP sessions to populate the peering matrix and peering manager. If you are not, skip ahead to the next section.

The original database schema required a row per detected BGP packet (TCP port 179, established) rather than a row per BGP session between two peers. We have created a new table called bgp_sessions which now implements this using the latter schema. We have however not yet updated the sflow-detect-ixp-bgp-sessions script to use this (that's a future release). During the upgrade process, you refreshed the database views - this will also have added a trigger on bgpsessiondata to maintain this new table. As IXP Manager's frontend uses the new table, you should populate it with this query:

INSERT INTO bgp_sessions (srcipaddressid, dstipaddressid, protocol, packetcount, last_seen, source)
    SELECT
        srcipaddressid, dstipaddressid, protocol, count(packetcount) AS packetcount, max(timestamp) AS last_seen, any_value (source) AS source
    FROM
        bgpsessiondata
    GROUP BY
        srcipaddressid, dstipaddressid, protocol;

If you stopped sflow-detect-ixp-bgp-sessions, you can now restart it.

Switches

All of the MVC (model-view-controller) code for managing switches has been migrated to Laravel in this release. The most important change for you is to update the cronjob that routinely polled your switches.

The old version would have looked like this:

php /srv/ixpmanager/bin/ixptool.php -a -a switch-cli.snmp-poll

This should be replaced with the following:

php /srv/ixpmanager/artisan switch:snmp-poll --quiet

You should read the new switch management documentation here:

• https://docs.ixpmanager.org/usage/switches/

We also added a new port speed audit tool which audits port speeds as configured in physical interfaces against what has been discovered in the last SNMP run.

We would recommend setting this up as a cronjob also as per the documentation.

RIR Objects

IXP Manager can generate (and email) your RIR objects - for example your AS-SETs, AS object, etc - to your RIR for automatic updates / maintenance. See the new documentation here.

This has been migrated also and requires changes to your cronjobs if you had this feature enabled. The main change is that it was previously triggered by a HTTP-based API call and it is now triggered as an artisan command.

Your old cronjob entries may have looked like this:

# RIPE - update AS-SET and AUTSYS objects
curl -sf "$IXP_API_URL/apiv1/rir/update-object/key/$IXP_API_KEY/tmpl/autnum/email/[email protected]"

These should be replaced with Artisan commands as per the above documentation.

Expunging Logs

For data protection best practices, we have added a new CLI based tool which expunges logs that are greater than 6 months old (such as a user's login history). Add a line such as the following to your crontab:

19 2 * * *    www-data    /srv/ixpmanager/artisan utils:expunge-logs

Users and Contacts

IXP Manager of pre-April 2013 had separate contacts and users which - at the time - some felt was quite confusing. LONAP sponsored a rework of this in 2013 to merge the concept of users and contacts with login privileges. Strangely, this actually caused more confusion and also was a developer nightmare with hacked in code to handle the database tables in multiple places. As such, in 2019 with release v4.9, this was undone and contacts and users are now separate entities again.

All user and contact management controllers have been migrated to Laravel and updated documentation now exists at:

• https://docs.ixpmanager.org/usage/users/
• https://docs.ixpmanager.org/usage/contacts/

Passwords

In previous versions of IXP Manager, administrators had the facility to set a user's password. This has been removed as we believe it to be bad practice - only a user should know their own password. User's can set (and reset) their passwords via their Profile page or using the password reset functionality.

Welcome Email Templates

As you may know, IXP Manager sends a welcome email to newly created users. If you had previously skinned this (or wish to customise it now), please see this documentation on how to do that with IXP Manager v4.9.

RIPE-NONAUTH

During 2018, RIPE moved route[6]: entries for IP space that was out-of-region for RIPE to a new source attribute - RIPE-NONAUTH. This means that those prefixes would not longer be found (and most likely deleted) by IXP Manager's IRRDB discovery for creating route server prefix lists.

If you wish to continue including those prefixes for the (most likely small) set of customers affected, add a new IRRDB source by selecting IRRDB Configuration on the left-hand-side menu under IXP ADMIN ACTIONS and then add a new source with these attributes:

Host:     whois.radb.net
Protocol: irrd
Source:   RIPE,RIPE-NONAUTH

and then edit the affected customers and update their IRRDB source.

Post-Upgrade Checks

Once you complete the upgrade, the application/, library/ and var/ directories in ${IXPROOT} should have been deleted. If they are not, it should be safe to remove them as IXP Manager does not use them. Do ensure you check what files remain in them to satisfy yourself that you do not need them.

Other New Features and Improvements

• Add API support for sflow receiver list in json / yaml format
• Added support for the sflow p2p graphing system to use configured MAC addresses
• Expose configured and learned mac address via sflow receiver interface
• Added a user interface to manage network information (network address and subnet mask) of peering LANs (previously this required manual database queries)
• A lot of house keeping to remove files that are no longer required / used
• Added UI (browser / Laravel Dusk) tests for a number of controllers
• Added support for Comware to update-l2database.pl
• Added documentation links to a number of controllers
• Add more detail to patch panel LoAs - closes #472
• Show reseller for resold customers - closes #478
• Port speeds are now correctly ordered - closes #482
• Add return to 'Virtual Interface Details' button on layer 2 ACLs page - islandbridgenetworks/IXP-Manager-Archive-Yann#49
• Add optic inventory function (closes islandbridgenetworks/IXP-Manager-Archive-Yann#190)
• Option to restrict access to the peering matrix

Bug Fixes

• #307 - issue with changing partner duplex port when editing a duplex patch panel
• #424 - p2p link from search needs updating
• #429 - issue with patch panel port js apostrophe
• #433 - Cross-connect email address changes - original addresses are kept (via @listerr)
• #435 - Deleting a customer note throws an error (via @listerr)
• #438 - Cannot save Left date in 4.8.0 interface.
• #439 - Contact groups not appearing...

Route Server Template Upgrades, Grapher Improvements, More ZF Migration, PeeringDB Integration, and More!

This release adds a bunch of new features and makes further significant progress in the migration from Zend Framework to Laravel and some of these changes may require manual fixes / changes by you. Please read these release notes carefully.

Summary:

$ git --no-pager diff --shortstat --no-merges  v4.7.0 v4.8.0
 669 files changed, 71892 insertions(+), 21802 deletions(-)

Upgrade Instructions

• perform the manual SQL queries below before doing anything else.
• please follow the official upgrade documentation without skipping any steps.
• complete some post-upgrade tasks and manual database changes covered in this release notification.

Pre-Upgrade Database Schema Changes

The following may affect zero database rows for most users. At INEX, some of our database entries date back >10 years so there is a little bit of crud in there from older tools and from times when MySQL was less strict on certain formats.

Please execute the following SQL manually:

UPDATE `contact` SET `created` = NULL WHERE CAST(`created` AS CHAR(20)) = '0000-00-00 00:00:00';
UPDATE `contact` SET `lastupdated` = NULL WHERE CAST(`lastupdated` AS CHAR(20)) = '0000-00-00 00:00:00';
DELETE FROM `user_pref` WHERE `user_pref`.`user_id` NOT IN ( SELECT `id` FROM `user`);
UPDATE `irrdb_asn` SET `last_seen` = NULL WHERE CAST(`last_seen` AS CHAR(20)) = '0000-00-00 00:00:00';
UPDATE `consoleserverconnection` SET `autobaud` = 0 WHERE autobaud IS NULL;

Post-Upgrade Tasks and Database Schema Changes

One of the new features of v4.8.0 is fixing the switch database table which until now could hold switches and console servers. This was awkward in practice and we have split these into distinct database tables. The schema changes you ran during the official upgrade will have put in the necessary database schema. You now need to run the following command to migrate the data:

cd $IXPROOT
php artisan ixp-manager:upgrade:split-conservers

If you get an error like:

SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry '1-8' for key 'console_server_port_uniq'

it means you have a console server with more than one entry for a given port. You need to root these out and fix them. The following SQL will provide these in the format switchid-consoleserverport:

SELECT CONCAT( `switchid`, '-', `port` ) AS `switchport`, 
            COUNT(CONCAT( `switchid`, '-', `port` )) AS `cnt`  
    FROM `consoleserverconnection` 
    GROUP BY `switchport` HAVING cnt > 1

Please read on through the rest of these release notes as there are a number of other important changes and new configuration options that you may wish to set.

Route Server Template Updates

If you are generating your route server configurations via IXP Manager with IRRDB filtering, then please make sure you add the following option to your local .env file:

# Absolute path to run the bgpq3 utility
# e.g. IXP_IRRDB_BGPQ3_PATH=/usr/local/bin/bgpq3
IXP_IRRDB_BGPQ3_PATH=/path/to/your/bgpq3

DEPRECATION: the former setting for the bgpq3 path in config/ixp_tools.php is no longer used and the entire irrdb section can be removed.

The route servers in their default configuration filter all IPv4 prefixes >/24. This version of IXP Manager now makes that configurable as well as adding the same restriction for IPv6 (at >/48). If you want to change these, add and set the following options to your .env (default values shown):

IXP_IRRDB_MIN_V4_SUBNET_SIZE=24
IXP_IRRDB_MIN_V6_SUBNET_SIZE=48

The IRRDB database update process now also honours these by passing bgpq3 the -m option (2ebcdc7).

We have extended BGP NEXT_HOP hijacking detection and prevention to v6 also (2893103).

We now optionally allow more specifics in route server inbound prefix filtering. This means, for example, if someone has a IRRDB entry for a.b.0.0/16 but advertises this as 2 /17's, these will be accepted if the user's VLAN interface is configured to allow this. This implements a feature as discussed in #281 and requested a number of times by others including @listerr (9f146d6). NB: you need to turn this on per member.

If you wish to do it for all existing members, you can run the following SQL command:

UPDATE vlaninterface SET rsmorespecifics = 1;

Latency Graphs (Smokeping) and Graphing

This release migrates all remaining frontend graphing operations to Grapher and Laravel and also migrates latency graphs (via Smokeping) to Grapher.

Grapher Documentation

We have reworked the graphing documentation: https://docs.ixpmanager.org/grapher/introduction/

UI Improvements

On the UI you will find a new layout which we feel better incorporates latency and peer to peer graphs. We have also updated the peer to peer graphing UI to better handle situations such as multiple interfaces for the same customer on the same peering LAN.

### Permissions

We have added options to make all customer graphs available to all logged in customer users or publicly available. Neither of these are the default - the default remains that a customer's graphs are only available to that customer. See the API & Permissions documentation section.

Latency / Smokeping Graphs

With the Smokeping migration to Grapher, the following .env parameters need to be updated:

### Sample pre-v4.8 configuration:
GRAPHER_BACKENDS="mrtg|sflow"

GRAPHER_SMOKEPING_URL="http://ixp.example.com/smokeping"

### New >=v4.8 configuration:
GRAPHER_BACKENDS="mrtg|sflow|smokeping"

GRAPHER_BACKEND_SMOKEPING_ENABLED=true
GRAPHER_BACKEND_SMOKEPING_URL="http://ixp.example.com/smokeping"

We have also changing the API endpoint for Smokeping configuration generation to Grapher's API system. As such, older URLs such as:

https://ixp.example.com/api/v4/vlan/smokeping/{vlanid}/{protocol}

need to be updated to:

https://ixp.example.com/api/v4/grapher/config?backend=smokeping&vlanid=10&protocol=ipv4

See the Smokeping Grapher documentation for complete details. And also, note particularly that if you are using the supplied Smokeping update script then you will need to update the URL, change the protocols from 4 6 to ipv4 ipv6 and change all instances of ipv${proto} to just $proto in this.

PeeringDB

When adding a new customer to IXP Manager, there is now the option to pre-fill that customer's details from PeeringDB based on their AS number. PeeringDB does not provide access to some information such as NOC contact details unless the query comes from an authenticated user.

If you configure the following settings in your .env file, then IXP Manager will query PeeringDB using an authenticated connection:

IXP_API_PEERING_DB_USERNAME=username
IXP_API_PEERING_DB_PASSWORD=password

(clearly, replacing 'username' and 'password' for valid details for a PeeringDB user in your organisation)

Docker

As the IXP Manager ecosystem grows, it becomes harder to maintain ubiquitous development environments for coding, testing and demonstrating IXP Manager.

Especially for emulating switches, route servers, graphing and tools such as Bird's Eye. Docker is ideally suited to solving these issues as well as providing the perfect environment for IXP Manager workshops.

To that end, we have creating two Docker systems.

1. The first is ideally suited for demonstrations, 'just playing' with IXP Manager and workshops: https://github.com/inex/ixp-manager-docker
2. The second is specifically targeted at IXP Manager developers: http://docs.ixpmanager.org/dev/docker/

These are in addition to the existing installation scripts and Vagrant:

• http://docs.ixpmanager.org/install/automated-script/
• http://docs.ixpmanager.org/dev/vagrant/

The Docker images currently reflect v4.7 but will updated shortly for v4.8.

Customer Notes

Customer note functionality has been ported to Laravel and improved. They now also support Markdown.

We have added documentation for this: https://docs.ixpmanager.org/usage/customer-notes/

One change from previous releases is that notification of customer note changes is now enabled by default for all superadmins. You may want to check system accounts with admin permissions (if you have any) and disable notifications for those as outlined in the documentation.

Exporting Member Details

The older Zend Framework method of exporting member details has been deprecated for sometime and is now removed in this release. If you were using this, please migrate to the new methods:

1. IX-F Member Export: http://docs.ixpmanager.org/features/ixf-export/
2. New Member Export: http://docs.ixpmanager.org/features/member-export/

The first link above includes sample JavaScript code for generating member lists using the IX-F Member Export.

Customer Tags

IXP Manager has always supported customer types for: Full, Pro-bono, Internal, Associate.

We appreciate these are sufficient to suit all use cases and from requests from users, we have added tags which allows administrators to tag customers to indicate specific properties that are not built into IXP Manager by default. Some examples might include:

• commercial vs membership based relationship;
• special billing relationship (e.g. customer originally connected via 100Mb port which has bee...

V4.7.3 - Security Fixes, Improvements and Bug Fixes

This is a security and bug fix release for versions v4.7.0 through to v4.7.2 inclusive.

If you are upgrading from v4.7.x, you should follow the standard upgrade instructions.

If you are upgrading from a version <v4.7.0 then you should upgrade to v4.7.0 first by following the specific upgrade instructions from v4.7.0.

Security Fix

This release includes a fix for a security bug introduced in v4.7.0. All users of v4.7.x should upgrade to v4.7.3 immediately. To allow people a chance to upgrade, we will delay publishing more information on the security issue until March 1st 2018.

Credit to @sparkeh for finding this.

Improvements and Bug Fixes

• Implement the IX-F Member Export Schema v0.7
• A management MAC address field has been added to the switch table. This is to allow for automated provisioning and particularly to allow you to create DHCP files with static addressing for your switches.
• A blank customer footer has been added as per #389 to allow for easy addition of Google Analytics/Piwik (now Matomo) tags.
• Do not include AS macro is IX-F export if none configured- fixes #379
• Escape SNMP commuities for MRTG - fixes #384
• Ensures looking glass API URLs do not end with a trailing slash (closes mailing list discussion)
• Add ping API endpoint (api/v4/ping)
• Add ability to allow customers to add/delete their configured MAC addresses (disabled by default). See documentation at: http://docs.ixpmanager.org/features/layer2-addresses/#end-user-access

HTTP[S] Proxy Support

Up until now, we have supported IXP Manager behind a proxy with some
custom variables. However, Laravel added built in support for this
in 5.5.

This commit removes our custom code in favour of the official version.

See: http://docs.ixpmanager.org/install/runtime/#behind-a-https-proxy

NB: Please make sure you have correctly set APP_URL in your local .env file.

NB 2: If upgrading from <4.7.0, please upgrade to v4.7.0 first.

Bug Fix Release for v4.7.0

This fixes an issue with Zend Framework / Laravel configuration such that the following Laravel options (in .env) should carry through the Zend_Mail.

MAIL_HOST
MAIL_PORT
MAIL_AUTH
MAIL_USERNAME
MAIL_PASSWORD

Fortunately, we've very close to the complete removal of ZF.

If upgrading from <4.7.0, please upgrade to v4.7.0 first.

Errata

We never updated the version before we tagged this. As such you will see 4.7.0 in the footer still but If you used the v4.7.1 tag, you're on 4.7.1 😉

Big Push to Remove a Lot of Zend Framework (and more!)

This release makes some significant progress in the migration from Zend Framework to Laravel and some of these changes may require manual fixes / changes by you. Please read these release notes carefully.

$ git --no-pager diff --shortstat --no-merges  v4.6.0 v4.7.0
 461 files changed, 17459 insertions(+), 19632 deletions(-)

Composer Version: before proceeding, please ensure you are running a version of composer that is at least v1.5. You can usually upgrade composer by using its self-update command.

PHP libraries: the bcmath extension is now required. On Ubuntu, something like: apt install php7.0-bcmath will take care of this.

This release also migrates from Laravel 5.4 to Laravel 5.5.

To upgrade:

• please follow the official upgrade documentation without skipping any steps.
• complete some manual database changes covered at the end of this release notification.

Inactive code: this release contains code that is not currently available via the UI relating to a new feature which we are working on called core interfaces and some new APIs around automation. This will be officially released and explained in a future version.

New Features and Improvements

For this release, we have created a Laravel based CRUD (CReate, Update, Delete and List) scaffolding framework along the lines as what we were using in Zend Framework (Doctrine2Frontend). We have also including developer documentation for this: http://docs.ixpmanager.org/dev/frontend-crud/

Using this, we have migrating the following CRUD controllers to Laravel (including better documentation, code review and improvements):

• Cabinet / Rack management
• Console server connections
• Customer / colo'd kit
• Facility / location management
• Infrastructure management
• IP Address management
• IRRDB configuration management
• IXP management
• MAC addresses (configured and discovered)
• Vendor management
• VLAN management

Additional non-CRUD controllers that have been migrated to Laravel include:

• the ZF index controller is now handled via the default route in routes/web.php
• the admin dashboard controller (plus styling and presentation updates)
• mailing list management (see below)
• the admin search controller
• the static content controller was migrated to Laravel and redesigned - see below and the documentation at http://docs.ixpmanager.org/features/static-content/
• statistics for ixp, infrastructure, switch and trunk graphs (includes backward incompatibilities - see below)
• weathermaps
• utilities (mainly phpinfo() access)
• user API key management
• user login history viewer
• the route server prefix analysis tool

Other improvements:

• Upgraded to Laravel 5.5 (Laravel release notes)
• Terminology change for MAC addresses - closes #344
• IP address management now has a proper CIDR network specification for adding addresses and removing unused addresses
• Big speed improvement for turning OUI MAC addresses into vendor names - see 333c52b and this blog post
• On the presentation layer, we have renamed Locations to Facilities to better match common industry language and Cabinets to Racks.
• handle failures with PeeringDB / IX-F API endpoints gracefully
• now using official parsedown/laravel package for Markdown - closes islandbridgenetworks/IXP-Manager-Archive-Yann#102

Bug Fixes

• Could not delete layer2 address - 60a7551
• Save loopback name and IP as null rather than empty string - 7a86c1c
• Max Prefixes - Required by backend but not in frontend - #342
• Setting ports as prewired - state stays 'available' - 5c3de38
• Various peering manager fixes - 63febeb, a8f5e5c, 7d0bd03 and be4548a
• The presentation of the MAC addresses in the IX-F Member Export function has been fixed to conform to the JSON schema.
• [BF] - Cannot delete infrastrucuture - fixes #359
• [BF] - Cannot access MAC Addresses link (/layer2-address/list) - fixes #360

Housekeeping

• The older (Zend Framework) method of generating Nagios configuration has been removed (c5ee6b7). If you haven't yet, you now need to migrate to the new APIs for this: http://docs.ixpmanager.org/features/nagios/

• A number of unused packages were removed from composer.json

• We have removed the meeting controller and all associated files. The meeting controller was written in house at INEX for our own particular purposes. It was never documented and was disabled by default. As such, we expect no one is using it and we have stopped for quite a while.

  There are other tools ( https://getindico.io/ ) and services (EventBrite) that solve this problem better than we ever did.

• The tool to export contacts by type/name has been migrated to Laravel. As such the old ./bin/ixptools.php cli.cli-export-group command has been migrated to artisan the the documentation has been updated to reflect this.

Database Cleanup / Schema Changes

Make sure you have completed any normal schema updates as per the standard upgrade instructions above. These include:

• vlan table: drop rcvrfname column as it is not used. Add config_name column which provides the vlan name as it should be used in automation / orchestration.

There are a number of tables that are deprecated and need to be removed. You can see these by running the following and you should see similar output. If your output includes view_* tables, that is okay:

./artisan doctrine:schema:update --clean --sql 

Checking if database connected to default entity manager needs updating...
ALTER TABLE meeting_item DROP FOREIGN KEY FK_F3EADDCC67433D9C;
DROP TABLE change_log;
DROP TABLE meeting;
DROP TABLE meeting_item;
DROP TABLE migrations;
DROP TABLE sec_event

If you are happy with the above, execute it via:

./artisan doctrine:schema:update --clean --force

You now need to recreate/refresh the view tables as follows:

mysql -u root $ixpmanager_database_name <tools/sql/views.sql

We have found more instances of tables that have had 0 or "" (empty string) used where null should have been used. Execute the following on your IXP Manager database to clean these up:

UPDATE `cabinet` SET `height` = NULL WHERE `height` = 0 OR `height` = "";

Static Content

The old Zend Framework had an undocumented StaticController which served static content. This has been replaced and documented at: http://docs.ixpmanager.org/features/static-content/

You need to perform a number of tasks because of this:

1. if you had skinned and added your own contact details to the $IXPROOT/application/views/[_skins/<your skin name>]/static/support.phtml file, you need to move this as per this documentation and update the template.
2. if you had created additional static documentation, you also need to migrate these over (e.g. content from $IXPROOT/application/views/_skins/<your skin name>/static.
3. if you changed the documentation menu, update two files (using $IXPROOT/resources/views/header-documentation.foil.php as a template):
   a. copy the template $IXPROOT/resources/views/header-documentation.foil.php to $IXPROOT/resources/skins/<your skin name>/header-documentation.foil.php and update.
   b. as some pages still use ZF, also update $IXPROOT/application/views/[_skins/<your skin name>]/header-documentation.phtml

Mailing List Management

Mailing list management was previously available via the ZF CLI (ixptool.php) interface and the ZF API v1 interface. These have both been migrated to Laravel using artisan and API v4. The documentation has been updated to reflect this at:

http://docs.ixpmanager.org/features/mailing-lists/

If you are using this, you will need to update your synchronization scripts. IXP Manager will generate new template scripts for you - see these instructions.

Statistics

Commit 9d11d00 converts the old double implemented IXP/Infrastructure, trunk and switch graph pages into a single implemented version in Laravel.

It also improves this by turning POSTs into GETs allowing easier sharing of specific graph links.

The URLs for this have also changed so if you are linking into graphs from other sites, please update those links or set up web server redirects.

Access Authorisation Changes: we previously used a configuration option ixp_fe.statistics.public defined in configs/ixp_fe.php to required authentication to access these graphs. That has been removed in favour of using Grapher's authorisation methods.

If you wish to make these graphs private, please see this updated documentation.

NB: by default, all of the IXP, infrastructure, switch and trunk graphs are publically accessible.

Bug Fix Release

This is a bug fix release for v4.6.0.

If you are upgrading from v4.6.0, you should follow the standard upgrade instructions.

If you are upgrading from a version <v4.6.0 then you should either upgrade to v4.6.0 first or follow the specific upgrade instructions from v4.6.

Bug Fixes

• Could not assign a prewired patch panel port - da188f8
• Patch Panels: can not select same customer / port details after a reset - fixes #350 / 007c712 and d870c09
• Available Patch Panel Ports not correct - #346 / fd7809a and a78b6c8
• Editing a patch panel port - populates incorrect switch port - 0c2fb6c
• Replace the downdown triggers we have used previously for the Chosen dropdown library for the type required for the newer Select2 library. Fixes a number of UI bugs - 1a9d5ab
• No Patch Panel auto-select for Duplex partner in 4.6.0 - #347 / 3a8fff1
• Switches menu item duplicated in a certain views in 4.6.0 - #349 / 81f73dc
• Fix MRTG config generation - #348 / 2c3330c

V4.6.0 - Security Fixes, New Features, Improvements and Bug Fixes

IXP Manager v4.6.0 has been crafted from almost 300 new commits since v4.5.0 and, as well as new features, improvements, security fixes and bug fixes, it represents a complete rewrite of the interface management code (as well as a porting of same from Zend Framework to Laravel).

We would like to particularly thank the generosity and support of our sponsors - the Internet Society, Netflix, SwissIX, NIX - and new sponsor GR-IX. We would also like to thank INEX for investing and allocating time from the operations team towards managing, supporting and developing the project. We continue to look for and welcome new sponsors! See details here.

To upgrade:

1. please follow the official upgrade documentation without skipping any steps. Particularly, we have added a new step which is essential called bower prune.
2. complete some manual database changes covered at the end of this release notification.

I have copied the commands that we ran at INEX to upgrade our own installation at the end of this release notice.

If it's available for your operating system, we also strongly advise that you install the php-ds package.

Inactive code: this release contains code that is not currently available via the UI relating to a new feature which we are working on called core interfaces and some new APIs around automation. This will be officially released and explained in a future version.

Security Fixes

The release fixes a number of security issues:

• CSRF attacks were possible on a number of UI actions such as GET requests used for deleting objects. These have been replaced with POST requests and implement a per-request CSRF validation token.
• a number of XSS issues have also been fixed. We have additionally double-checked all code where non-super admin users can enter data to ensure that data is filtered on input to prevent XSS attacks.

The developers would like to express their sincere gratitude to the team that found these security issues and responsibly disclosed them to us. They have asked to remain anonymous but they know who they are and we thank them!

New Features / Large Improvements

• Interface management controllers (all covered via this documentation has been ported from ZendFramework to Laravel with numerous improvements and bug fixes. This also includes on screen help messages / documentation.

• TACACS / User formatting. IXP Manager can generate formatted lists of user information. The best example of this is for TACACS. See the documentation here. This is a complete reimplementation of a similar feature in v3.

• Add support for Bird's Eye's new large BGP community support into IXP Manager's looking glass.

• NAGIOS config generation to monitor:

  • peering LAN switches;
  • member reachability (ping v4/v6);
  • member route collector sessions;
  • member route server sessions.

  This is a complete rewrite of a similar (but more opinionated and less flexible) version from v3. See the documentation here.

• (Significant) speed improvement for updating IRRDB prefixes by using php-ds - see issue #284.

• Admin view of member graphs now includes sflow / VLAN / protocol view as well as original MRTG / interface view.

• Addition of live status functionality for all routers that support the looking glass.

Bug Fixes / Small Improvements

• MAC addresses are now included on the IX-F Member Export. See IXP Manager's documentation here.
• The Chosen dropdown JS library has been replaced with the more modern Select2 across all Laravel-based pages.
• When allocating an IP address to a VLAN interface, IXP Manager now checks via AJAX that the IP address really free by checking across all VLANs. This is useful when, say, you add a quarantine and production VLAN interface at the same time.
• Ability to duplicate a VLAN interface (IP addresses, settings) to a second VLAN.
• Add unique index on vlan/address for IPv4 and v6 addresses.
• Fix billing details notification to use new config files (reported via the mailing list).
• MRTG fixed so that it now correctly displays graphs from the RRD backend. Rendering of RRD based graphs for MRTG and sflow also improved (53f8fe6 | a0e678b | b1b33e7), also closes #332.
• Fix admin view of all member interfaces which was broken since the move to Grapher (c6820b0).
• Add string length validator to abbreviated name - fixes #313
• Clear a number of cached database results when the underlying data changes (8c5950d | 4aa9198)
• Remove layer2 address when removing VLAN interfaces (5111644 | 15082c0)
• Fix issue displaying routes in the looking glass (4b81cbd)

Database Fixes

As well as running the database migration code, you will also need to run the following:

1. IXP Manager was not strict on how it treated 0 (int) versus '' (empty string) versus null in some cases and as such, some columns need to be cleaned.

If you are happy that you have no bonded interfaces with channel group 0, run the following:

UPDATE `virtualinterface` SET `channelgroup` = NULL where `channelgroup` = 0 OR `channelgroup` = "";

Similarly, you may have virtual interfaces with an MTU setting of 0 - fix this with:

UPDATE `virtualinterface` SET `mtu` = NULL where `mtu` = 0 OR `mtu` = "";

We have added a unique constraint on IP addresses per VLAN. If you have accidently managed to add the same IP address to the same VLAN more than once, you'll need to clean this up before the schema update applies. This query can help find such addresses:

SELECT * FROM ipv4address WHERE address IN 
    ( SELECT address FROM `ipv4address` GROUP BY vlanid,address HAVING count(address) > 1 ORDER BY address ) 
    ORDER BY address;

SELECT * FROM ipv6address WHERE address IN 
    ( SELECT address FROM `ipv6address` GROUP BY vlanid,address HAVING count(address) > 1 ORDER BY address ) 
    ORDER BY address;

INEX's Upgrade Commands

What follows is a copy of our own upgrade session at INEX (and yes, we followed the documentation!):

# Move to your IXP Manager installation
cd /srv/ixpmanager

# Disable IXP Manager (disables the frontend, API and commands)
./artisan down

# Optional but recommended: back up your database:
mysqldump -u ixpuser -ppassword ixpdbname | bzip2 >ixp-20171003.sql.bz2

# Update the source:
git fetch
git checkout v4.6.0

# Update PHP dependancies
composer install

# Update UI dependancies
bower prune 
bower install

# Restart memcached and clear Laravel's own cache:
systemctl restart memcached.service
./artisan cache:clear

# See what SQL schema changes are required and then do them:
./artisan doctrine:schema:update --sql
./artisan doctrine:schema:update --force

# We need to run three manual SQL commands:
# 1. update SQL views
% mysql -u ixpuser -ppassword ixpdbname < tools/sql/views.sql
# 2. update channel groups
% mysql -u ixpuser -ppassword ixpdbname

 mysql> UPDATE `virtualinterface` SET `channelgroup` = NULL where `channelgroup` = 0 OR `channelgroup` = "";
Query OK, 122 rows affected (0.01 sec)
Rows matched: 122  Changed: 122  Warnings: 0

mysql> UPDATE `virtualinterface` SET `mtu` = NULL where `mtu` = 0 OR `mtu` = "";
Query OK, 132 rows affected (0.00 sec)
Rows matched: 132  Changed: 132  Warnings: 0


# Now exit MySQM and restart memcached:
systemctl restart memcached.service

# Ensure file permissions are correct:
MY_WWW_USER=www-data 
chown -R $MY_WWW_USER: bootstrap/cache var storage
chmod -R u+rwX bootstrap/cache var storage

# Re-enable the application
./artisan up