v1.33.0

(what it is? how to install? read here)

[minor]

• included Trust Anchor specific tolerance on malfunctions (more tolerance for AFRINIC, see issue #1204)
• updated node version (previous version EOL)
• build debian packages on release (thanks @jbond)
• introduced auto-submitted header to reportEmail to avoid auto-responders replying to alert emails (thanks @XioNoX)
• introduced blacklistSources parameter in connectorRIS to ignore specific collectors' peers (thanks @tomsiewert)
• introduced skipPrefixMatch, which allows to send all the AS-related alerts to the AS monitoring rule instead of giving priority to prefix rules
• introduced specs check at boot
• enriched RPKI metadata payload to all RPKI events, to troubleshoot issues on vrp files

[patch]

• fixed memory usage spikes and reduced overall memory usage
• updated and patched dependencies (including security patches)
• improved CPU usage
• fixed RIPEstat connector timeouts while generating neighbor configurations of ASes with large customer cones
• fixed RIS connector to prevent triggering RIS flooding protections
• automatically create volume directories if not yet available at boot
• more robust AS number validation
• fixed update script erroneously wiping log files on software update (thanks @davemidd)
• reduced stack usage on match filtering
• fixed rare situation in which RPKI alerts were missing information about the expiring parent component
• fixed occasional duplicated alert about ROA diff due to unstable hashing

v1.32.0

[minor]

• introduced reportMatrix (thanks @NickBouwhuis)
• introduced Jira integration (thanks @momorientes and @PacketVis)
• introduced safety threshold to avoid alerting on stale rpki data
• introduced possibility to specify notificationIntervalSeconds per reporting module
• default to enableAdvancedRpkiStats to false to reduce memory usage
• migrated to node 18

[patch]

• fixed memory usage peaks that was causing occasional crashes on low-spec VMs
• reduced data usage for rpki data downloads based on http headers
• updated dependencies, including security patches (#801, #1010)
• improved wording of misconfiguration alert (#940)
• improved documentation
• fixed alert text including multiple origin ASes that was provoking weird comma-separated listing
• fixed ambiguous reporting of expiring roa components in case of advanced stats out of sync with vrp file
• fixed rpki parsing util not accepting "api" as valid provider (#1005)

v1.31.1

[patch]

• fixed a bug that was impacting the sensitivity of withdrawal detection for ipv6 prefixes (thanks @mfld-pub for reporting and helping with the debugging)
• fixed event context for path monitoring
• updated dependencies

v1.31.0

[minor]

• Introduced Debian packaging (thanks @b4ldr)
• Enrich alert data with covering vrps at the time, for easier debugging (reported by @PacketVis)
• Add relevant data bits of path monitoring to context/email templates to be able to provide actionable alerts (reported by @PacketVis)

[patch]

• Fixed navigation of rpki chain (and improved performance), when ROAs were expiring due to a manifest, this was not reported correctly making the alert ambiguous (thanks @PacketVis)
• More reliable detection of silent sockets not based only on ws ping
• Added github-actions and docker to dependabot monitoring (thanks @GoliathLabs)
• Updated and patched dependencies

v1.30.1

This is a patch on version 1.30.0, which introduced many improvements. Including, better RPKI monitoring able to self-debug some RPKI issues (thanks to rpki-client metadata, @job). E.g.,

The following ROAs will become invalid in less than 2 hours: <193.0.0.0/21, 3333, 21, ripe>; 
<193.0.10.0/23, 3333, 23, ripe>. The reason is the expiration of the following 
parent components: rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

--> See v1.30.0 for complete changelog.

[patch]

• Fixed missing metadata in some roa alerts.
• Allow disabling rpki stats to reduce memory usage and introduced memory requirements in documentation

v1.30.0

[minor]

• Improved RPKI alerting to include more detailed information about the exact expiring/malfunctioning components. It will tell you whether your ROAs are expiring or something else in the validation chain (thanks to rpki-client metadata, @job). E.g.,

  The following ROAs will become invalid in less than 2 hours: <193.0.0.0/21, 3333, 21, ripe>; 
  <193.0.10.0/23, 3333, 23, ripe>. The reason is the expiration of the following 
  parent components: rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
  

• Improved alert metadata to include info about the exact ROAs covering the prefix at the time of the reporting, the validator used, the host used for the validation, the time of the last validation cycle, and more.
• Improved logs to inform when and where alerts are sent (to which email/ip/channel), in addition to the usual log in case of failure. This helps in discovering silent failures (e.g., a fw between BGPalerter and your syslog instance).
• Split channels between monitorRPKI and monitorROAs in the default configuration, to easily dispatch the alerts in different reports.
• Added support for docker-compose (thanks @GoliathLabs).

[patch]

• Updated dependencies and improved security.
• Fixed error in generating context when showPath is active but no paths are reported.
• Fixed error on neighbor auto-config on configurations when generating configurations based only on prefixes (reported by @donwito).
• Improved performance on watching prefix list.
• Fixed canary feature not recovering after multiple failures.
• Improved documentation about installation and ROA alerting.
• Updated version of supported Kafka.
• Improved linux doc on how to automatically run upgrades (thanks @herbetom).
• Reduced memory usage of prefix-generation phase.
• Many minor fixes...

v1.29.0

[minor]

• Introduced authentication header for websocket connections 006eb64
• Introduced timeout verification in case of missing open message from RIS 0125b17
• Introduced OpsGenie HTTP configuration example d1761bb (thanks @trickv)
• Introduced RocketChat HTTP configuration example 0f52fb2 (thanks @cadirol)
• Binaries are now compiled against node 14 006eb64

[patch]

• Updated dependencies
• Fixed traling slash bug on ws parameters e4f19d3
• Improved documentation about volume parameter 2bb199a
• Update Kafka version in automated tests environment 53203ba
• Adopted semver nomenclature in documentation 4491f4e
• Filter out RIS beacons when these are used only as a health check of the socket (preventing #732 for some RIS feeders) 4301b2b
• Improved TA malfunction alert fdce01d

v1.28.4

[patch]

• fixed bug in which monitoring rules were overwriting each other (#648);

This bug may have affected your auto-generated prefixes.yml file (delete prefixes.yml and generate it again)

• pointed RIPE's vrp api to the new api powered by routinator;
• updated dependencies.

v1.28.3

[patch]

• fixed colors in reportSlack (#626, thanks @L0wbyte)
• fixed crashes in case of websocket stuck in connecting state while a beacon check is performed (#632)
• fixed reportEmail not sending emails in case of missing user group declaration (#634)

v1.28.2

[features]

• Introduced monitorPathNeighbors for monitoring peers. You will get notified when an unexpected downstream or upstream AS appears as peer of your AS in an AS path. Basically you can "lock" your peers (the peers you expect to see in the AS path) and get notified when these change (read more).
• Introduced reportPullAPI a REST API to retrieve alerts (pull, instead of the usual push approach; read more);
• Introduced feature in monitorROAS to receive notifications of expiring ROAs (read more).
• Introduced feature in monitorROAS to monitor for TA malfunctions; e.g., many ROAs disappearing or expiring in the same TA.

All features based on ROAs expiration times are currently supported only by vrp files generated by rpki-client 7.1
To enable these features use vrpProvider: rpkiclient in your config.yml or generate your own file with rpki-client 7.1

• Improved reliability of the WebSocket connection to RIS. In particular, added monitoring of beacon prefixes to detect "silent" sockets (#535).
• Introduced connectorRISDump, which, at boot time, retrieves a RIS dump about the monitored resources. This allows you to get notified about events that happened before BGPalerter started (read more).
• Introduced feature that allows you to use a remote REST API as VRP input (read more).
• Introduced groupsFile, an external file to define user groups. This allows to edit user groups for the report modules without changing the main config file (read more).
• Added rpki-client.org as remote vrpProvider (thanks @job, read more)
• Introduced checkDisappearing parameter in monitorRPKI in order to enable/disable disappearing ROAs alerting (similar alerts are also produced by monitorROAS).
• Introduced config file version check. While old config files remain valid, if BGPalerter finds out your are missing out some features due to a non up-to-date config file, it will suggest you to update it.
• Introduced possibility to use monitorROAS on specific prefixes (in addition to monitoring the entire AS).

[minor]

• Improved config.yml.example with more comments/documentation.
• Updated default thresholdMinPeers after review of last quarter reports.
• Renamed master branch to main. Updated all references.
• Fixed exception on reportSlack in case of missing default user group configuration.
• Fixed generate prefix list command in case of low visibility prefixes.
• Fixed bug which was deleting the configured rules of specific prefixes during prefix list regeneration (#518)
• Added in documentation an example of BGPalerter+Routinator integration (thanks @AlexanderBand, read more)
• Improved documentation, including: documentation on how to stage roas for testing, reorganized reports in dedicated section, and more.
• Improved error handling for reportTelegram, it now provides an error in case of null chatId (thanks @Antonio-Prado)
• Refactored rest and rpki configuration to be globally valid (instead of per module).

Special thanks to:

• @job for introducing ROA expiration data into the vrps produced by rpki-client, for helping with the definitions of monitorPathNeighbors, and expiring ROAs and TA malfunctions in monitorROAS.
• @chrisamin for the support/patches on the RIPE RIS side.

Patches:

• v1.28.1 fixed #593
• v1.28.2 fixed #606 and updated dependencies