Difference between revisions of "Maintenance/Network Software Update July 10 2019"

From Xertion Wiki
Jump to navigation Jump to search
m (Protected "Maintenance/Network Software Update July 10 2019" ([Edit=Allow only administrators] (indefinite) [Move=Allow only administrators] (indefinite)))
(Marking as completed, adding other details)
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
 +
{{Ambox
 +
|type = notice
 +
|image =
 +
|issue='''<span style="color:green">Maintenance Completed</span><br />'''
 +
|fix=This maintenance has been completed! Please see below for any further details.
 +
}}
 +
 
===Maintenance Details===
 
===Maintenance Details===
A major network software update will be performed on all servers on the Xertion network on July 10, 2019.
+
This was a major network software update performed on all servers on the Xertion network on July 10, 2019. The total maintenance window lasted approximately 1 hour and 15 minutes beginning shortly after 3:30 PM CDT (8:30 PM GMT).
 +
 
 +
The IRC server software on all Xertion servers was upgraded to the next major version, from InspIRCd 2.0.24 to InspIRCd 3.2.0. At the same time, the core TLS support library in use on the Xertion network - GnuTLS, was also synchronized to the same version across all servers. This required extra time in order to be able to properly link the software together.
 +
 
 +
Most of the changes with this version were internal in nature and thus will not be discussed here. However, there are still a few noteworthy changes to point out:
 +
 
 +
* With the GnuTLS support library version synchronization on all servers, TLS v1.3 - the latest version of the TLS protocol - was fully enabled and supported network wide for both users and server to server links. Our network makes full use of very strong encryption coupled with the TLS 1.3 protocol on each and every server uplink. While client support isn't nearly as widespread yet, especially for a lot of Windows users, it is fully supported in the current mIRC beta as well as HexChat with a recent enough OpenSSL installation (1.1.x series).
 +
 
 +
* Each server's "005" numeric (the features supported numeric) now contains a LINELEN token defining the maximum line length per line you can send to the server at a time, in characters. If you have any bots or scripts that tend to send long lines out, it might be worthwhile to have it pull the LINELEN token from the server's welcome message so it knows how long its text can be.
  
<ul>
+
* Full help documentation was finally merged into the /helpop command. This was long overdue, and we had been unsure of the best way to go about this. Fortunately for us, InspIRCd developers pushed everything into a single file. Try it out, see what you can learn about the various functionality available on our network!
<li>'''When:''' July 10th, 2019 from 11:00 AM CDT - 1:00 PM CDT (4:00 PM GMT - 6:00 PM GMT)</li>
 
<li>'''What:''' Major software update</li>
 
<li>'''Affected services/servers:''' All network servers</li>
 
<li>'''Predicted downtime:''' Variable, see below for details</li>
 
</ul>
 
  
We will be upgrading the IRC server software on all Xertion servers to the next major version. The [[User:IkarosBD|Routing Manager/Dev Lead]] has fully analyzed the new version and the changes contained within. The majority of these changes will be internal in nature. However there is one notable change we feel users should be made aware of, and that is that the HELPOP command (/helpop) has been extended to include the full documentation.
+
* Extended SSL information (like what SSL cipher a user might be connected with) is no longer available as that module was removed in version 3. This does not affect in any way the security of your connection to the network and was only provided for informational purposes only.
  
The new version is currently being tested via a secure network utilizing 3 of our existing servers (our existing services hub + two of our client servers - the client servers will NOT be named) to monitor its performance and stability, and to ensure maximum compatibility with our existing configuration. We will try to perform this upgrade in such a way that the disruption to each user is minimal, at most one disconnect per user as each server is upgraded and subsequently restarted to the new version. The current transition phase is as follows:
+
* IRCv3 support - we now support even more IRCv3 features, if your own client supports them. The specific IRCv3 features are as follows: account-notify, account-tag, away-notify, batch, chghost, echo-message, extended-join, invite-notify, message-tags, multi-prefix, sasl (both EXTERNAL and PLAIN types supported), server-time, and userhost-in-names. If your IRC client supports any of them, it should req them and use them transparently without you having to do anything.
  
* '''11:00 AM CDT:''' We will begin running final checks on the rest of the network, ensuring software runs and behaves as expected.
+
<u>'''SSL/TLS WARNING'''</u> - With this update, the TLS support libraries were standardized on each server. In addition to this, support for TLS 1.0 on ALL servers has officially been '''DEPRECIATED''' and have been moved to lowest priority. Servers were also configured to use their own preference for cipher and ignore the client's cipher request. All users wanting to use SSL connectivity are STRONGLY recommended to upgrade their IRC clients to the latest supported versions and/or ensure their TLS support libraries (OpenSSL and such) are the most recent versions available on their system. TLS 1.0 support '''WILL BE REMOVED''' from all servers effective '''October 9th, 2019''', making '''TLSv1.2''' the MINIMUM supported protocol. If your IRC client and/or TLS support library DO NOT SUPPORT TLSv1.2 by this date you WILL NOT BE ABLE to use encrypted connections on Xertion!
* '''11:25 AM CDT:''' Primary services hub will be switched to the new version, and the old version terminated. This will cause loss of services access to the "old version" side of the network temporarily, and this will be where the "downtime" is for users on each server.
 
* '''11:27 AM CDT:''' The DNS RR address of irc.xertion.org will be directed to (initially) one client server already running the new version.
 
* '''11:30 AM CDT:''' At an interval of every 10 minutes, we will begin switching servers - one at a time - over to the new version, starting with the client server we modified DNS for in the previous step. BEFORE each server is switched, we will modify the DNS RR address of irc.xertion.org to add that server into it. We will follow this order: EU-Hub -> ''[10 min]'' -> EU-Client Servers -> ''[10 min/server x2]'' -> US-Hub-2 -> ''[10 min]'' -> NA-Client Servers ''[10 min/server x3]''. NA client servers will be done from EAST to WEST.
 
* '''At/around 12:45-12:50 PM CDT:''' All servers should be switched at this point. We will begin making final corrections and adjustments to routing if necessary, which if needed will result in a number of additional netsplits as these adjustments are made.
 
  
<u>'''SSL/TLS WARNING'''</u> - With this update, we are standardizing the TLS support libraries in use on each server. In addition, support for TLS 1.0 on ALL servers will be '''DEPRECIATED''' with all such ciphers being DE-PRIORITIZED. You will also NOT be able to override the server's cipher choice when connecting over SSL after this update, as the server will ignore all attempts to do so. All users wanting to use SSL connectivity will now be required to upgrade their IRC clients to the latest supported versions and/or ensure their TLS support libraries (OpenSSL and such) are the most recent versions available on their system. TLS 1.0 support '''WILL BE REMOVED''' from all servers effective '''October 9th, 2019''', making '''TLSv1.2''' the MINIMUM supported protocol. If your IRC client and/or TLS support library DO NOT SUPPORT TLSv1.2 by this date you WILL NOT BE ABLE to use encrypted connections on Xertion!
+
Thank you for your patience with this transition and thanks for using Xertion!

Latest revision as of 05:10, 11 July 2019

Maintenance Details

This was a major network software update performed on all servers on the Xertion network on July 10, 2019. The total maintenance window lasted approximately 1 hour and 15 minutes beginning shortly after 3:30 PM CDT (8:30 PM GMT).

The IRC server software on all Xertion servers was upgraded to the next major version, from InspIRCd 2.0.24 to InspIRCd 3.2.0. At the same time, the core TLS support library in use on the Xertion network - GnuTLS, was also synchronized to the same version across all servers. This required extra time in order to be able to properly link the software together.

Most of the changes with this version were internal in nature and thus will not be discussed here. However, there are still a few noteworthy changes to point out:

  • With the GnuTLS support library version synchronization on all servers, TLS v1.3 - the latest version of the TLS protocol - was fully enabled and supported network wide for both users and server to server links. Our network makes full use of very strong encryption coupled with the TLS 1.3 protocol on each and every server uplink. While client support isn't nearly as widespread yet, especially for a lot of Windows users, it is fully supported in the current mIRC beta as well as HexChat with a recent enough OpenSSL installation (1.1.x series).
  • Each server's "005" numeric (the features supported numeric) now contains a LINELEN token defining the maximum line length per line you can send to the server at a time, in characters. If you have any bots or scripts that tend to send long lines out, it might be worthwhile to have it pull the LINELEN token from the server's welcome message so it knows how long its text can be.
  • Full help documentation was finally merged into the /helpop command. This was long overdue, and we had been unsure of the best way to go about this. Fortunately for us, InspIRCd developers pushed everything into a single file. Try it out, see what you can learn about the various functionality available on our network!
  • Extended SSL information (like what SSL cipher a user might be connected with) is no longer available as that module was removed in version 3. This does not affect in any way the security of your connection to the network and was only provided for informational purposes only.
  • IRCv3 support - we now support even more IRCv3 features, if your own client supports them. The specific IRCv3 features are as follows: account-notify, account-tag, away-notify, batch, chghost, echo-message, extended-join, invite-notify, message-tags, multi-prefix, sasl (both EXTERNAL and PLAIN types supported), server-time, and userhost-in-names. If your IRC client supports any of them, it should req them and use them transparently without you having to do anything.

SSL/TLS WARNING - With this update, the TLS support libraries were standardized on each server. In addition to this, support for TLS 1.0 on ALL servers has officially been DEPRECIATED and have been moved to lowest priority. Servers were also configured to use their own preference for cipher and ignore the client's cipher request. All users wanting to use SSL connectivity are STRONGLY recommended to upgrade their IRC clients to the latest supported versions and/or ensure their TLS support libraries (OpenSSL and such) are the most recent versions available on their system. TLS 1.0 support WILL BE REMOVED from all servers effective October 9th, 2019, making TLSv1.2 the MINIMUM supported protocol. If your IRC client and/or TLS support library DO NOT SUPPORT TLSv1.2 by this date you WILL NOT BE ABLE to use encrypted connections on Xertion!

Thank you for your patience with this transition and thanks for using Xertion!