For each version, changes are listed in order of importance. Minor changes are not listed here. Each change is mapped to a category identified with a specific icon:
- π₯: breaking change
- β¨: new feature
- π: removed feature
- π: security fix
- π©Ή: bug fix
- π±: miscellaneous change
- π₯ console: persist metadata cache on the default
docker composesetup - π©Ή clickhouse: disable experimental analyzer on recent versions of ClickHouse
- π©Ή orchestrator: fix population of
DstNetSiteandSrcNetSite - π©Ή orchestrator: remove previous networks.csv temporary files on start
- π± inlet: add support Netflow V5
- π± console: add support for PostgreSQL and MySQL to store filters
- π± console: add
consoleβhomepage-graph-timerangeto define the time range for the homepage graph - π± console: enable round-robin for ClickHouse connections
- π± docker: update to Traefik 3.0 (not mandatory)
- π± docker: build IPinfo update image to make it available for non-x86 architectures
- π©Ή orchestrator: do not use AS names from GeoIP as tenant for networks
- π©Ή inlet: fix sampling rate parsing for IPFIX packets using "packet interval"
- π©Ή inlet: fix
inletβmetadataβprovidersβtargetsfor gNMI provider
- π©Ή inlet: fix versioning of metadata cache
- π©Ή orchestrator: fix panic in networks CSV refresher
On this release, geo IP is now performed in ClickHouse instead of inlet. When
using the standard docker compose setup, the configuration should be
automatically migrated from the inlet component to the clickhouse component.
This also changes how geo IP is used for AS numbers: geo IP is used as last
resort when configured. It also increases memory usage (1.3GB for ClickHouse).
Another new feature is the ability to use a ClickHouse cluster deployment. This
is enabled when specifying a cluster name in clickhouseβcluster. There is no
automatic migration of an existing database. You should start from scratch and
copy data from the previous setup. Do not try to enable the cluster mode on
existing setup!
New installations should also get better compression and performance from the main table, due to a change to the primary key used for this table. Check this Altinity article if you want to apply the change on your installation.
Support for Docker Compose V1 (docker-compose command) has been removed in
favor of Docker Compose V2 (docker compose command). On Ubuntu/Debian systems,
this means you can no longer use the docker-compose package. On Ubuntu, you
can install the docker-compose-v2 package. For other options, check the
documentation for installing the Compose plugin.
- π₯ inlet: GeoIP data is moved from inlets to ClickHouse, add city and region
- π₯ console: persist console database on the default
docker composesetup - π₯ docker: remove support for
docker-composeV1 - β¨ orchestrator: add support for ClickHouse clusters
- β¨ inlet: add gNMI metadata provider
- β¨ inlet: static metadata provider can provide exporter and interface metadata
- β¨ inlet: static metadata provider can fetch its configuration from an HTTP endpoint
- β¨ inlet: metadata can be fetched from multiple providers (eg, static, then SNMP)
- β¨ inlet: add support for several SNMPv2 communities
- β¨ inlet: timestamps for Netflow/IPFIX can now be retrieved from packet content, see
inletβflowβinputsβtimestamp-source - π©Ή cmd: fix parsing of
inletβmetadataβproviderβports - π©Ή console: fix use of
InIfBoundaryandOutIfBoundaryas dimensions - π± orchestrator: add TLS support to connect to ClickHouse database
- π± docker: update to Redis 7.2, Kafka 3.7, Kafka UI 0.7.1, and Zookeeper 3.8 (not mandatory)
- π± orchestrator: improved ClickHouse schema to increase performance
- π₯ inlet: many metrics renamed to match Prometheus best practices
- β¨ inlet: add the following collected data (disabled by default):
MPLSLabels,MPLS1stLabel,MPLS2ndLabel,MPLS3rdLabel, andMPLS4thLabel - π©Ή inlet: fix static metadata provider configuration validation
- π©Ή inlet: fix a performance regression when enriching flows
- π©Ή inlet: do not decode L4 header if IP packet is fragmented
- π©Ή inlet: handle exporters using several sampling rates
- π± docker: update ClickHouse to 23.8 (this is not mandatory)
- π± orchestrator: add
orchestratorβclickhouseβprometheus-endpointto configure an endpoint to expose metrics to Prometheus
- π©Ή docker: ensure ClickHouse init script is executed even when database already exists
- π± console: add filtering support for custom columns
- π± inlet: update Expr, the language behind the classifiers: support for variables
- π± inlet: support for RFC 7133 for IPFIX
- π± orchestrator: improve performance when looking up for
SrcNetPrefixandDstNetPrefixwhen these columns are materialized
- π₯ cmd: use
AKVORADO_CFG_as a prefix for environment variables used to modify configuration (AKVORADO_CFG_ORCHESTRATOR_HTTP_LISTENinstead ofAKVORADO_ORCHESTRATOR_HTTP_LISTEN) - π₯ inlet:
inletβmetadataβprovider(snmp)βportsis now a map from exporter subnets to ports, instead of a map from agent subnets to ports. This is aligned with howcommunitiesandsecurity-parametersoptions behave. - β¨ inlet: support for IPinfo geo IP database and use it by default
- β¨ inlet: metadata retrieval is now pluggable. In addition to SNMP, it is
now possible to set exporter names, interface names and descriptions directly
in the configuration file. See
inletβmetadata. - β¨ inlet: routing information is now pluggable. See
inletβrouting. - β¨ inlet: BioRIS provider to retrieve routing information
- β¨ inlet: allow extraction of prefix length from routing information. See
inletβcoreβnet-providers. - β¨ inlet: add the following collected data (disabled by default):
IPTTLIPTosFragmentIDandFragmentOffsetTCPFlagsICMPv4Type,ICMPv4Code,ICMPv6Type,ICMPv6Code,ICMPv4, andICMPv6NextHop
- β¨ orchestrator: add custom dictionaries for additional flow hydration. See
orchestratorβschemaβcustom-dictionaries. Currently, filtering on the generated data is not available. - π©Ή inlet: fix Netflow processing when template is received with data
- π©Ή inlet: use sampling rate in Netflow data packet if available
- π©Ή console: fix display when using β%β units and interface speed is 0
- π©Ή orchestrator: create flows table with
allow_suspicious_low_cardinality_typesto ensure we can useLowCardinality(IPv6). - π± inlet: update Expr, the language behind the classifiers: new builtins are available
- π± build: minimum supported Node version is now 16
- π± docker: move Docker-related files to
docker/ - π± docker: update ClickHouse to 23.3 (not mandatory)
- π± docker: update to Zookeeper 3.8 (not mandatory)
- π± docker: update to Kafka 3.5 (not mandatory, but there is also a configuration change)
- π± docker: add healthchecks for Redis and Zookeeper
- π± console: emphasize trajectory on Sankey graphs
- π©Ή docker: ensure Kafka is not using KRaft by default
- π©Ή console: fix
SrcVlanandDstVlanas a dimension - π± orchestrator: add
methodandheadersto specify HTTP method and additional headers to use when requesting a network source
- β¨ orchestrator: add an option to materialize a column instead of using an alias
- π©Ή inlet: fix caching when setting interface name or description
- π©Ή console: fix subnet aggregation when IPv4 or IPv6 is set to its default value
- π©Ή console: fix
SrcNetPrefix,DstNetPrefix,PacketSize, andPacketSizeBucketdimensions
- π₯ docker-compose: the configuration files are now shipped in a
config/directory: you need to move yourakvorado.yamlinconfig/as well - π₯ inlet: unknown interfaces are not skipped anymore
- β¨ console: add subnet aggregation for
SrcAddrandDstAddr - β¨ inlet: expose
Interface.IndexandInterface.VLANto interface classification - β¨ inlet: add
Reject()to the set of classification functions to drop the current flow - β¨ inlet: add
SetName()andSetDescription()to modify interface name and description during classification - β¨ inlet: add
Format()to format a string during classification - π©Ή inlet: fix parsing of sFlow containing IPv4/IPv6 headers
- π± orchestrator: accept an
!includetag to include other YAML files inakvorado.yaml
When upgrading to this release, it takes some time to reduce the storage size for a few columns.
- β¨ console: add β%β to available units
- π©Ή inlet: fix parsing of sFlow IPv4/IPv6 data
- π©Ή inlet: fix
Bytesvalue for sFlow (this is the L3 length) - π©Ή orchestrator: fix disabling of
DstASPath - π©Ή console: fix time range selection
- π©Ή console: fix calculation of the L2 overhead when selecting L2 bps
- π©Ή console: fix behavior of dimension limit field when empty
- π± console: accept
INandNOTINoperators forExporterAddr,SrcAddr,DstAddr,SrcAddrNAT,DstAddrNAT - π± inlet: optimize to reduce the number of queries to the system clock
- π± orchestrator: reduce storage for
InIfDescription,OutIfDescription,SrcAddr,DstAddr,Bytes, andPackets
This is an important bugfix release. DstNet* values were classified using the
source address instead of the destination address.
- π©Ή orchestrator: fix
DstNet*values - π± inlet: if available, use sFlow for
DstASPath - π± docker: update Kafka UI image
This version introduces the ability to customize the data schema used by
Akvorado. This change is quite invasive and you should be cautious when
deploying it. It requires a restart of ClickHouse after upgrading the
orchestrator. It also takes some time to reduce the storage size for SrcPort
and DstPort.
The orchestrator automatically defines the TTL for the system log tables (like
system.query_log). The default TTL is 30 days. You can disable that by setting
orchestratorβclickhouseβsystem-log-ttl to 0.
- β¨ inlet: add
schemaβenabled,schemaβdisabled,schemaβmain-table-only, andschemaβnot-main-table-onlyto alter collected data - β¨ inlet: add the following collected data (disabled by default):
SrcAddrNATandDstAddrNATSrcPortNATandDstPortNATSrcMACandDstMACSrcVlanandDstVlan
- π©Ή inlet: handle correctly interfaces with high indexes for sFlow
- π©Ή docker: fix Kafka healthcheck
- π± inlet: improve decoding/encoding performance (twice faster!)
- π± orchestrator: set TTL for ClickHouse system log tables and
exporterstable - π± orchestrator: reduce storage size for
SrcPortandDstPort - π± orchestrator: add
clickhouseβkafkaβengine-settingsto configure additional settings for the Kafka engine - π± common: Go profiler endpoints are enabled by default
There is a schema update in this version: you also have to restart ClickHouse after upgrading for it to pick the new schema.
This version also introduces a cache for some HTTP requests, notably those to
plot the graphs in the βVisualizeβ tab. The default backend is in-memory,
however the shipped akvorado.yaml configuration file is using Redis instead.
The docker-compose setup has also been updated to start a Redis container for
this usage. Use of Redis is preferred but on upgrade, you need to enable it
explicitely by adding consoleβhttpβcache in your configuration.
- β¨ console: cache some costly requests to the backend
- β¨ console: add
SrcNetPrefixandDstNetPrefix(as a dimension and a filter attribute) - β¨ inlet: add
inletβflowβinputsβuse-src-addr-for-exporter-addrto override exporter address - π± console: add
limitandgraph-typetoconsoleβdefault-visualize-options - π± docker: published
docker-compose.ymlfile pins Akvorado image to the associated release - π± docker: update Zookeeper and Kafka images (this upgrade is optional)
- β¨ console: add 100% stacked graph type
- π©Ή inlet: handle non-fatal BMP decoding errors more gracefully
- π©Ή inlet: fix a small memory leak in BMP collector
- π©Ή console: fix selection of the aggregate table to not get empty graphs
- π©Ή console: use configured dimensions limit for βVisualizeβ tab
- π± inlet: optimize BMP CPU usage, memory usage, and lock times
- π± inlet: replace LRU cache for classifiers by a time-based cache
- π± inlet: add TLS support for Kafka transport
- π± console: Ctrl-Enter or Cmd-Enter when editing a filter now applies the changes
- π± console: switch to TypeScript for the frontend code
- β¨ orchestrator: add
orchestratorβnetwork-sourcesto fetch network attributes with HTTP - β¨ console: add
consoleβdatabaseβsaved-filtersto populate filters from the configuration file - π©Ή doc: durations must be written using a suffix (like
5s) - π± docker: provider a tarball with essential files to install or upgrade a
docker-composesetup - π± inlet: skip unknown AFI/SAFI in BMP route monitoring messages
- π©Ή inlet: fix SrcAS when receiving flows with sFlow
- π©Ή inlet: do not half-close BMP connection (a remote IOS XR closes its own end)
- π± docker: split demo exporters out of
docker-compose.yml - π± console: make the upper limit for dimensions configurable
(
consoleβdimensions-limit)
This release features a BMP collector to grab BGP routes from one or
several routers. The routes can be used to determine source and
destination AS (instead of using GeoIP or information from the flows)
but also the AS paths and the communities. Check inletβbmp and
inletβcore configuration settings for more information.
- β¨ inlet: BMP collector to get AS numbers, AS paths, and communities from BGP PR #155
- β¨ inlet: add
inletβsnmpβagentsto override exporter IP address for SNMP queries - π©Ή inlet: handle sFlow specific interface number for locally originated/terminated traffic, discarded traffic and traffic sent to multiple interfaces
- π± build: Docker image is built using Nix instead of Alpine
This release bumps the minimal required version for ClickHouse to
22.4. The docker-compose file has been updated to use ClickHouse
22.8 (which is a long term version). Moreover, Akvorado now has its
own organisation and the code is hosted at
akvorado/akvorado.
- π₯ console: make ClickHouse interpolate missing values (ClickHouse 22.4+ is required)
- π©Ή orchestrator: validate configuration of other services on start
- π©Ή inlet: correctly parse
inletβsnmpβcommunitieswhen it is just a string - π± cmd: print a shorter message when an internal error happens when parsing configuration
- π± inlet: add
inletβsnmpβportsto configure SNMP exporter ports
- β¨ inlet: add support for flow rate-limiting with
inletβflowβrate-limit - π± inlet: improve performance of GeoIP lookup
- π± inlet: add
inletβcoreβasn-providersto specify how to get AS numbers.inletβcoreβignore-asn-from-flowis deprecated and mapped togeoip.
- β¨ inlet: add support for SNMPv3 protocol
- π± inlet:
inletβsnmpβdefault-communityis now deprecated - π± console: make βprevious periodβ line more visible
- π©Ή geoip: fix
inletβgeoipβcountry-databaserename toinletβgeoipβgeo-database
- β¨ console: add an option to also display flows in the opposite direction on time series graph
- β¨ console: add an option to also display the previous period (day, week, month, year) on stacked graphs
- π± inlet: Kafka key is now a 4-byte random value making scaling less dependent on the number of exporters
- π± demo-exporter: add a setting to automatically generate a reverse flow
- π± docker-compose: loosen required privileges for
conntrack-fixer
SrcCountry/DstCountry were incorrectly filled in aggregated
tables. This is fixed with this release, but this implies dropping the
existing data (only the country information). See PR #61 for more
details.
- β¨ inlet:
inletβcoreβdefault-sampling-ratealso accepts a map from subnet to sampling rate - β¨ inlet:
inletβcoreβoverride-sampling-rateenables overriding the sampling rate received from a device - π©Ή orchestrator: fix
SrcCountry/DstCountrycolumns in aggregated tables PR #61 - π± inlet:
inletβgeoipβcountry-databasehas been renamed toinletβgeoipβgeo-database - π± inlet: add counters for GeoIP database hit/miss
- π± inlet:
inletβsnmpβcommunitiesaccepts subnets as keys - π± docker-compose: disable healthcheck for the conntrack-fixer container
- π₯ cmd: replace the
fake-exportersubcommand bydemo-exporterto make easier to understand its purpose - π± console: make
<<and!<<operators more efficient
- β¨ console: add
<</!<<operator forSrcAddrandDstAddrto match on a subnet PR #57 - π©Ή build: remove
-dirtyfrom version number in released Docker images - π± console: hide
::ffff:prefix from IPv6-mapped IPv4 addresses
- π©Ή cmd: do not merge user-provided lists with defaults when parsing configuration
- π©Ή docker-compose: make
docker-compose.ymlwork with Docker Compose v2/v3 - π©Ή inlet: update UDP packet counters when receiving packets, not after decoding
- π± console: add configuration for default options of the visualize tab and the top widgets to display on the home page.
This release introduce a new protobuf schema. When using
docker-compose, a restart of ClickHouse is needed after upgrading
the orchestrator to load this new schema.
- β¨ inlet: add sflow support PR #23
- β¨ inlet: classify exporters to group, role, site, region, and tenant PR #14
- β¨ orchestrator: add role, site, region, and tenant attributes to networks PR #15
- β¨ docker-compose: clean conntrack entries when inlet container starts
- π©Ή console: fix use of
InIfBoundaryandOutIfBoundaryas dimensions PR #11 - π©Ή build: make Akvorado compile on MacOS
- π± inlet: ask the kernel to timestamp incoming packets
- π± orchestrator: limit number of Kafka consumers in ClickHouse to the number of CPUs
- π± doc: add configuration for Juniper devices
- π± docker-compose: add UI for Apache Kafka to help debug starter issues
- β¨ inlet: add an option to ignore ASN received from flows PR #7
- π©Ή console: fix maximum value for the grid view
- π± orchestrator: adapt partition key for each consolidated flow tables in ClickHouse to limit the number of partitions (this change won't be applied on an existing installation)
- π± inlet: add
default-sampling-rateas an option - π± inlet: only require either input or output interface for a valid flow
- π± build: switch from Yarn to npm as a Javascript package manager PR #4
- π± docker-compose: pull image from GitHub instead of building it
- π± doc: add more tips to the troubleshooting section
- π docker-compose: expose two HTTP endpoints, one public (8081) and one private (8080)
- π± docker-compose: restart ClickHouse container on failure
- π first public release under the AGPL 3.0 license