Follow

Version 3.0.0 - September 4, 2014

The final Meter 3.0.0 build is 3.0.0-388, available as of Sep 4th, 2014.

Features

More Efficient Flow Encoding

The amount of traffic that meters stream to the Boundary service is dependent on the amount of active flows the meter observes on the network. With previous meter versions, this is a fixed 124 bytes/sec per active flow.

Boundary meter 3.0.0 encodes flow data more efficiently, sending less data per active flow:

48 bytes for IPv4 flows
64 bytes for IPv4 flows that are experiencing retry/out-of-order behavior
72 bytes for IPv6 flows (IPv6 not actually supported upstream yet within Boundary)
88 bytes for IPv6 flows that are experiencing retry/out-of-order behavior

On average, the new Boundary meter consumes less than half of the bandwidth of previous versions.

Host Level Metrics

Boundary meter 3.0.0 adds support for collecting and reporting host-level metrics. The broad categories of data for which the meter reports are: CPU, Filesystem, Memory, Process, Swap, OS, User, Network Interface, and Network Flow.

Through per-OS tuning and an automatic adaptive backoff algorithm, the meter is able to provide 1 second resolution on these statistics with very little overhead, using about 1% additional CPU and 10 MB of memory.

The meter continuously monitors its own performance and poll rates, and can dynamically adjust the collection rate if it detects that some metrics are taking longer than expected to be acquired. The meter even reports metrics on its own performance.

These new metrics and all future metrics are piped over the same IPFIX channel as flow data, so no changes to your network or firewall infrastructure are required. In fact, many nodes will see reduced overall IPFIX bandwidth usage in spite of the additional metrics, due to the addition of more efficient flow encoding. The current set of host level metrics consume about 1 KB of bandwidth per second

Control Channel

The 3.0.0 Boundary meter adds the ability to interact with the Boundary backend via an embedded control channel in the existing IPFIX connection. This allows the Boundary service to adjust some parameters on the meter, like stream collection interval and metrics configuration. Because this control channel is built into the existing connection to Boundary, you do not need to change any firewall or networking rules to use it. Future meter features will continue to leverage this functionality.

Built-in Time Synchronization Support

The 3.0.0 Boundary meter no longer requires NTP to ensure that the meter's local time is synchronized. Replacing it is an in-band time synchronization via the new control channel. This allows the meter to ensure it has the correct time relative to the Boundary streaming system, while eliminating the need for extra traffic to external servers that may be undesirable in some networks.

Enhanced Proxy and Firewall Interoperability

The 3.0.0 Boundary meter includes a pair of new features designed to make installation into different network environments easier. First, the built-in meter provisioning code now supports the curl-compatible HTTPS_PROXY environment variable and this same variable works for the Windows MSI package. Additionally, the meter by default will try both the standard IPFIX port 4740, as well as port 443 if IPFIX is blocked by a firewall. The meter also allows specifying a list of possible ports to try via the COLLECTORPORT variable. This allows a single configuration to work in different environments without user intervention

Meter Connection Status File

On Unix/Linux systems, the 3.0.0 Boundary meter writes a status file by default in /var/run/boundary-meter.status. If you are using alternate configurations, the status files are appended with the corresponding configuration name. This file contains one of 3 possible status values, which are useful for diagnostics and monitoring:

 

  • disconnected: the meter is unable to connect to the Boundary collector service. If the status remains in this state, ensure that there is a route to the collector service.
  • connected: the meter has connected to the Boundary collector service, but has not authenticated. Ensure the meter is provisioned and not deleted from the Boundary service.
  • authenticated: the meter has connected and authenticated and is working normally 

New Package Name

Boundary meter package is now officially named 'boundary-meter'. The 'bprobe' package is made obsolete by this new package. The 'boundary-meter' and 'bprobe' packages cannot be installed at the same time. Boundary will be replacing its supported Chef and Puppet automation scripts with new ones to support the new meter. If you use customized automation scripts, we encourage you to make use of either the setup_meter.sh script or use the supported Meter Installer Variables, to provision the meter, rather than modifying meter configuration files directly.

Debian/Ubuntu Package Changes

For Debian/Ubuntu and other .deb based packages, the boundary-meter package will automatically migrate the configuration information from a previous bprobe installation. To upgrade to the new meter, simply update your repository and install the boundary-meter package. Here is an example upgrade session:

bcook@streaker01:~$ sudo apt-get install -y boundary-meter
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following package was automatically installed and is no longer required:
  libruby1.8
Use 'apt-get autoremove' to remove it.
The following packages will be REMOVED:
  bprobe
The following NEW packages will be installed:
  boundary-meter
0 upgraded, 1 newly installed, 1 to remove and 0 not upgraded.
Need to get 0 B/3,958 kB of archives.
After this operation, 9,276 kB of additional disk space will be used.
Preconfiguring packages ...
(Reading database ... 100231 files and directories currently installed.)
Removing bprobe (2.0.4-261~trusty) ...
 * Stopping Boundary meter bprobe_doppelganger [ OK ]
 * Stopping Boundary meter bprobe [ OK ]
Processing triggers for man-db (2.6.7.1-1) ...
Selecting previously unselected package boundary-meter.
(Reading database ... 100224 files and directories currently installed.)
Preparing to unpack .../boundary-meter_3.0.0-388~trusty_amd64.deb ...
Unpacking boundary-meter (3.0.0-388~trusty) ...
Processing triggers for ureadahead (0.100.0-16) ...
Processing triggers for man-db (2.6.7.1-1) ...
Setting up boundary-meter (3.0.0-388~trusty) ...
 * Restarting boundary-meter_doppelganger
 * boundary-meter_doppelganger not running, attempting to start [ OK ]
 * Restarting boundary-meter
 * boundary-meter not running, attempting to start [ OK ]
Processing triggers for libc-bin (2.19-0ubuntu6) ...

Note that downgrades are just a easy as upgrades. Simply install bprobe again and boundary-meter will automatically uninstall.

Debian/Ubuntu Package Change Details

 OLD PACKAGENEW PACKAGE
PACKAGE FILE bprobe_2.0.4-261~distro_arch.deb boundary-meter_3.0.0-388~distro_arch.deb
CONFIGURATION FILES /etc/default/bprobe, /etc/bprobe/bprobe.defaults, /etc/bprobe/bprobe.conf /etc/default/boundary-meter, /etc/boundary/meter.conf
DIRECTORIES /etc/bprobe /etc/boundary, /usr/lib/boundary
BINARIES /usr/bin/bprobe /usr/bin/boundary-meter

Redhat/CentOS/openSUSE/Amazon Package Changes

For Redhat/CentOS and other .rpm based packages, the boundary-meter package will automatically migrate the configuration information from a previous bprobe installation. To upgrade to the new meter, simply update your repository and install the boundary-meter package with yum or zypper.

 OLD PACKAGENEW PACKAGE
PACKAGE FILE bprobe-2.0.4-261-arch.rpm boundary-meter-3.0.0-388-arch.rpm
CONFIGURATION FILES /etc/sysconf/bprobe, /etc/bprobe/bprobe.defaults, /etc/bprobe/bprobe.conf /etc/default/boundary-meter, /etc/boundary/meter.conf
DIRECTORIES /etc/bprobe /etc/boundary, /usr/lib/boundary
BINARIES /usr/bin/bprobe /usr/bin/boundary-meter

 

Windows Package Changes

For Windows meters, the meter binary and service names change slightly. We recommend that Windows users uninstall bprobe before installing the boundary-meter package.

Boundary also recently updated its Windows code-signing certificate. If you see a warning from Windows SmartScreen while installing on Windows 8 or Windows 2012, this is because the certificate is new and has not had enough installs to gain a 'reputation'. This issue will resolve itself over time. In the mean time, you can right-click the MSI file and examine the Digital Signatures list to ensure that the new Windows meter is authentic. The new Boundary Certificate serial number is 7b ff 7d 8a 2e 88 e5 13 5f 29 e6 b1 74 6b 47 2f and the Thumbprint is ec 06 fb df 0f 1c de e1 8d 70 d4 d8 36 8e 2f a4 97 87 db 19

 OLD PACKAGENEW PACKAGE
PACKAGE FILE bprobe-2.0.4-261-arch.msi boundary_meter-3.0.0-388-arch.msi
CONFIGURATION FILES c:\Program Files\Boundary\bprobe.conf c:\Program Files\Boundary\meter.conf
DIRECTORIES c:\Program Files\Boundary c:\Program Files\Boundary
BINARIES c:\Program Files\Boundary\bprobe.exe c:\Program Files\Boundary\boundary_meter.exe

NOTE: meter installs on Windows Server releases prior to Windows Server 2008 R2 will NO LONGER AUTOMATICALLY START FOLLOWING INSTALLATION. A system reboot will be required, but not forced, on such systems before the meter will provide network traffic analysis and server metrics. The meter will appear as "Disconnected" in the UI until the system has been rebooted.

SmartOS Package Changes

For the SmartOS package, the boundary-meter package will automatically migrate the configuration information from a previous bprobe installation. To upgrade to the new meter, use pkgin to first remove the bprobe package, then update your repository and use pkgin to install the new boundary-meter package.

NOTE: the 64-bit-native SmartOS package is no longer available. The 32-bit package is now installed for both 32-bit and 64-bit SmartOS machines. There is no reduction in functionality or performance.

 OLD PACKAGENEW PACKAGE
PACKAGE FILE bprobe-2.0.x.321.tgz boundary-meter-3.0.0.321.tgz
CONFIGURATION FILES /opt/local/etc/sysconf/bprobe, /opt/local/etc/bprobe/bprobe.defaults, /opt/local/etc/bprobe/bprobe.conf /opt/local/etc/default/boundary-meter, /opt/local/etc/boundary/meter.conf
DIRECTORIES /opt/local/etc/bprobe /opt/local/etc/boundary, /opt/local/usr/lib/boundary
BINARIES /opt/local/usr/bin/bprobe /opt/local/usr/bin/boundary-meter

 

FreeBSD Package Changes

For FreeBSD, the boundary-meter is now packaged for use with pkgng (e.g. pkg) on the 9.X and 10.X FreeBSD releases. To upgrade to the new meter, remove the previous bprobe package (if installed; see note below), then update your repository and install the new boundary-meter package with the pkg command. Meter support for FreeBSD releases prior to 9.0 has been deprecated.

NOTE: if you have an existing bprobe package installed and want the configuration information migrated to the new boundary-meter package when you install it, you will need to first temporarily rename/move the /etc/bprobe directory to something else prior to removing the bprobe package, as the bprobe package removal will delete the configuration. Once the bprobe package has been removed, rename/move the directory back to /etc/bprobe and proceed with installation of the new boundary-meter package.

 OLD PACKAGENEW PACKAGE
PACKAGE FILE bprobe-2.0.4-261.tgz boundary-meter-3.0.0-388.txz
CONFIGURATION FILES /etc/sysconf/bprobe, /etc/bprobe/bprobe.defaults, /etc/bprobe/bprobe.conf /etc/default/boundary-meter, /etc/boundary/meter.conf
DIRECTORIES /etc/bprobe /etc/boundary, /usr/local/lib/boundary
BINARIES /usr/local/bin/bprobe /usr/local/bin/boundary-meter

 

Bug Fixes

Bundled OpenSSL library updated to version 1.0.1i

The bundled OpenSSL library with the meter is upgraded to version 1.0.1i, resolving CVE-2014-0224 among others. The meter does not normally interact with any OpenSSL v1.0.1 servers, required to exploit the weaknesses revealed in CVE-2014-0224, but we are updating out of an abundance of caution. The other fixes in OpenSSL v1.0.1i are not applicable to the meter's modes of operation.

Meter CPU can be very high if Linux syslog is not running

For some versions of Linux, the meter can consume a lot of CPU time if the syslog service is not running. This is due to a bad interaction between the syslog LOG_PERROR option and running a process as a daemon when the STDERR pipe is closed. The meter no longer enables the LOG_PERROR option when running as a daemon.

Meter provisioning script can fail to provision if a broken meter is already installed

Previous versions of the setup_meter.sh script would fail to fix broken meters if you ran them. They would check if the package was installed, or if some files were installed, and then abort. The 3.0.0 version of the setup_meter.sh script unconditionally reinstalls the meter and reprovisions it with Boundary. This means that, if there is a problem with a meter on a node, rerunning the setup_meter.sh script will generally fix it, compared to previous versions which required manual intervention and removal of the meter.

Have more questions? Submit a request