v0.27.0

Release 0.27.0

What's New

• Ziti CLI
  • The CLI has been cleaned up and unused, unusable and underused components have been removed or hidden
  • Add create/delete transit-router CLI commands
  • Issue-706 - Add port check to quickstart

Ziti CLI

• The update command has been removed. It was non-functional, so this should not affect anyone
• The adhoc, ping and playbook commands have been removed. These were ansible and vagrant commands that were not widely used.
• Make the art command hidden, doesn't need to be removed, leave it as an easter egg
• Move ziti ps command under ziti agent. Remove all ziti ps subcommands, as they already exist as ziti agent subcommands
• Add ziti controller and ziti router commands
  • They should work exactly the same as ziti-controller and ziti router
  • The standalone binaries for ziti-controller and ziti-router are deprecated and will be removed in a future release
• Add hidden ziti tunnel command
  • Should work exactly the same as ziti-tunnel
  • Is hidden as ziti-edge-tunnel is the preferred tunnelling application
  • The standalone binary ziti-tunnel is deprecated and will be removed in a future release
• The db, log-format and unwrap commands have been moved under a new ops command
• ziti executable download management has been deprecated
  • The init and uninstall commands have been removed
  • The install, upgrade, use and version commands have been hidden and will be hidden once tests using them are updated or replaced
• The demo and tutorial commands have been moved under the new learn subcommand
• ziti edge enroll now has a verbose option for additional debugging
• The ziti edge CLI now support create/delete transit-router. This allows transit/fabric routers to be provisioned using an enrollment process, rather than requiring certs to be created externally. Note that this requires that the fabric router config file has a csr section.

Component Updates and Bug Fixes

• github.com/openziti/agent: v1.0.5 -> v1.0.7

• github.com/openziti/channel/v2: v2.0.12 -> v2.0.24

• github.com/openziti/edge: v0.24.36 -> v0.24.75

  • Issue #1253 - Panic in controller getting hello from edge router
  • Issue #1233 - edge-routers ref link in identities endpoint is incorrectly keyed
  • Issue #1234 - identities missing service-config link ref
  • Issue #1232 - edge management api identity-types endpoint produces incorrect links

• github.com/openziti/fabric: v0.21.17 -> v0.21.36

  • Issue #525 - Update metrics message propagation from router to controller for HA

• github.com/openziti/foundation/v2: v2.0.7 -> v2.0.9

• github.com/openziti/identity: v1.0.20 -> v1.0.28

• github.com/openziti/runzmd: v1.0.3 -> v1.0.7

• github.com/openziti/sdk-golang: v0.16.146 -> v0.18.19

• github.com/openziti/storage: v0.1.26 -> v0.1.30

• github.com/openziti/transport/v2: v2.0.38 -> v2.0.48

• github.com/openziti/metrics: v1.1.5 -> v1.2.2

• github.com/openziti/ziti: v0.26.11 -> v0.26.12

  • Issue #892 - Add timeout to ziti agent controller snapshot-db command
  • Issue #917 - ZITI_BIN_ROOT is incorrect in docker env
  • Issue #912 - Binaries not updated in docker-compose env with new image
  • Issue #897 - Add CLI options to manage /edge/v1/transit-routers
  • Issue #706 - Add port check to quickstart

v0.26.11

Release 0.26.11

What's New

This is mainly a bugfix release.

• Ziti CLI
  • Bug Fixes (See Component Updates and Bug Fixes below)
  • Added CLI flags for setting router tunneler capability

Ziti CLI

Added CLI flags for setting router tunneler capability

Ziti CLI ziti create config router edge now has two new flags; --tunnelerMode and --lanInterface

--tunnelerMode

The --tunnelerMode flag enables tunneling and sets the tunneler mode. Currently, there are none, host and tproxy
modes. The default tunneler mode is host mode, choosing none will disable tunnel capabilities for the router.

Examples:

ziti create config router edge --routerName myRouter --tunnelerMode tproxy

ziti create config router edge --routerName myRouter --tunnelerMode none

--lanInterface

If using the tproxy tunneler mode, there is an optional lanIf section in the config to identify an interface to use.

Example:

ziti create config router edge --routerName myRouter --tunnelerMode tproxy --lanInterface tun0

Component Updates and Bug Fixes

• github.com/openziti/agent: v1.0.4 -> v1.0.5

• github.com/openziti/channel/v2: v2.0.9 -> v2.0.12

• github.com/openziti/edge: v0.24.12 -> v0.24.36

  • Issue #1217 - Ziti Edge lists the edge router to be offline after recovering from an internet fluctuation

• github.com/openziti/fabric: v0.21.9 -> v0.21.17

• github.com/openziti/foundation/v2: v2.0.6 -> v2.0.7

• github.com/openziti/identity: v1.0.18 -> v1.0.20

• github.com/openziti/runzmd: v1.0.3 (new)

• github.com/openziti/sdk-golang: v0.16.135 -> v0.16.146

  • Issue #328 - enrollment has no 'verbose' option for debugging
  • Issue #314 - Incorrect documentation for grpc-example
  • Issue #317 - No documenation for call example
  • Issue #311 - Chat Client and Server needs documentation

• github.com/openziti/storage: v0.1.25 -> v0.1.26

• github.com/openziti/transport/v2: v2.0.36 -> v2.0.38

• github.com/openziti/metrics: v1.1.4 -> v1.1.5

• github.com/openziti/ziti: v0.26.10 -> v0.26.11

  • Issue 868: ZITI_EDGE_ROUTER_IP_OVERRIDE does not override the edge router advertise hostname
  • Issue 882: ZITI_EDGE_ROUTER_RAWNAME not stored in quickstart .env file

v0.26.10

Release 0.26.10

What's New

This release has a single fix for a panic in edge routers with embedded tunnelers hosting services.
The only other changes are build updates.

Ziti Component Updates and Bug Fixes

• github.com/openziti/agent: v1.0.3 -> v1.0.4

• github.com/openziti/channel/v2: v2.0.5 -> v2.0.9

• github.com/openziti/edge: v0.24.7 -> v0.24.12

  • Issue #1209 - edge router with embedded tunneler panics when intercepting services

• github.com/openziti/fabric: v0.21.3 -> v0.21.9

• github.com/openziti/foundation/v2: v2.0.5 -> v2.0.6

• github.com/openziti/identity: v1.0.16 -> v1.0.18

• github.com/openziti/sdk-golang: v0.16.129 -> v0.16.135

• github.com/openziti/storage: v0.1.23 -> v0.1.25

• github.com/openziti/transport/v2: v2.0.33 -> v2.0.36

• github.com/openziti/metrics: v1.1.2 -> v1.1.4

• github.com/openziti/ziti: v0.26.9 -> v0.26.10

v0.26.9

Release 0.26.9

What's New

• Edge
  • Bug Fixes
• Fabric
  • Bug Fixes
• Ziti CLI
  • Allow dynamic modification of enrollment durations
  • Bug Fixes
• SDK Golang
  • Bug Fixes
• Identity

Ziti CLI

Allow dynamic modification of enrollment durations

Identity Enrollment Duration

Setting the environment variable ZITI_EDGE_IDENTITY_ENROLLMENT_DURATION to some value in minutes will override the default identity enrollment duration configuration
when creating new controller configurations. If left unset, the default value is used. Using this method applies to controller config generation through the CLI as
well as quickstart deployments.

Example:

# Set identity enrollment to 60 minutes, controller configs created afterward will use this value
export ZITI_EDGE_IDENTITY_ENROLLMENT_DURATION=60

An additional argument --identityEnrollmentDuration has been added to the CLI controller config generation. If the argument is provided, the value of the argument will take
precedence, followed by the value of the environment variable (noted above), and if neither are used, the default value is used. Note that the argument takes a time unit
(m for minutes, h for hour, etc.)

Example:

# Create a controller config with an identity enrollment duration of 60 minutes
ziti create config controller --identityEnrollmentDuration 60m
# OR
ziti create config controller --identityEnrollmentDuration 1h

Router Enrollment Duration

Setting the environment variable ZITI_EDGE_ROUTER_ENROLLMENT_DURATION to some value in minutes will override the default router enrollment duration configuration
when creating new controller configurations. If left unset, the default value is used. Using this method applies to controller config generation through the CLI as
well as quickstart deployments.

Example:

# Set router enrollment to 60 minutes, controller configs created afterward will use this value
export ZITI_EDGE_ROUTER_ENROLLMENT_DURATION=60

An additional argument --routerEnrollmentDuration has been added to the CLI controller config generation. If the argument is provided, the value of the argument will take
precedence, followed by the value of the environment variable (noted above), and if neither are used, the default value is used. Note that the argument takes a time unit
(m for minutes, h for hour, etc.)

Example:

# Create a controller config with a router enrollment duration of 60 minutes
ziti create config controller --routerEnrollmentDuration 60m
# OR
ziti create config controller --routerEnrollmentDuration 1h

Ziti Component Updates and Bug Fixes

• github.com/openziti/channel/v2: v1.0.3 -> v2.0.4

• github.com/openziti/edge: v0.23.0 -> v0.24.3

  • Issue #1189 - router embedded tunneler can create redundant api session if initial requests come in a flood
  • Issue #1186 - Panic when creating sdk hosted terminator

• github.com/openziti/fabric: v0.20.0 -> v0.21.2

  • Issue #469 - Initial support for multiple control channels in routers

• github.com/openziti/foundation/v2: v2.0.4 -> v2.0.5

• github.com/openziti/identity: v1.0.12 -> v1.0.16

• github.com/openziti/sdk-golang: v0.16.121 -> v0.16.128

• github.com/openziti/storage: v0.1.21 -> v0.1.23

  • Issue #23 - fix panic: IterateLink on ref counted link collection should never return a nil cursor

• github.com/openziti/transport/v2: v2.0.29 -> v2.0.33

• github.com/openziti/jwks: v1.0.1 -> v1.0.2

• github.com/openziti/metrics: v1.1.0 -> v1.1.2

• github.com/openziti/x509-claims: v1.0.2 -> v1.0.3

• github.com/openziti/ziti: 0.26.8 -> 0.26.9

  • Issue #845 - Setting ZITI_EDGE_ROUTER_IP_OVERRIDE now adds the IP to the CSR SANs of the router config

v0.26.8

Release 0.26.8

What's New

• General
  • Allow filtering model entities by tag
• Fabric
  • Usage v3 metrics
• Edge
  • Bug Fixes
• Ziti CLI
  • ziti edge create|update ca now supports externalIdClaim
  • Improved List CAs
• Identity
  • Automatic File Reloads

General

Model entities can now be filtered by tags. This works via the fabric and edge REST APIs and can be
used from the ziti CLI.

Example:

$ ziti edge update service demo --tags location=PA 
$ ziti edge update service echo --tags location=NY 
$ ziti edge ls services 'limit 4'
╭────────────────────────┬──────────────┬────────────┬─────────────────────┬────────────╮
│ ID                     │ NAME         │ ENCRYPTION │ TERMINATOR STRATEGY │ ATTRIBUTES │
│                        │              │  REQUIRED  │                     │            │
├────────────────────────┼──────────────┼────────────┼─────────────────────┼────────────┤
│ 1WztJ.YuMY             │ demo         │ true       │ smartrouting        │            │
│ 68kYZOS54kAbU4hEhKHgHT │ echo         │ true       │ smartrouting        │ echo       │
│ EjaiJkYuMY             │ project.mgmt │ true       │ smartrouting        │            │
│ F0JVJkY40Y             │ mattermost   │ true       │ smartrouting        │            │
╰────────────────────────┴──────────────┴────────────┴─────────────────────┴────────────╯
results: 1-4 of 13

$ ziti edge ls services 'tags.location != null'
╭────────────────────────┬──────┬────────────┬─────────────────────┬────────────╮
│ ID                     │ NAME │ ENCRYPTION │ TERMINATOR STRATEGY │ ATTRIBUTES │
│                        │      │  REQUIRED  │                     │            │
├────────────────────────┼──────┼────────────┼─────────────────────┼────────────┤
│ 1WztJ.YuMY             │ demo │ true       │ smartrouting        │            │
│ 68kYZOS54kAbU4hEhKHgHT │ echo │ true       │ smartrouting        │ echo       │
╰────────────────────────┴──────┴────────────┴─────────────────────┴────────────╯
results: 1-2 of 2

$ ziti edge ls services 'tags.location = "NY"'
╭────────────────────────┬──────┬────────────┬─────────────────────┬────────────╮
│ ID                     │ NAME │ ENCRYPTION │ TERMINATOR STRATEGY │ ATTRIBUTES │
│                        │      │  REQUIRED  │                     │            │
├────────────────────────┼──────┼────────────┼─────────────────────┼────────────┤
│ 68kYZOS54kAbU4hEhKHgHT │ echo │ true       │ smartrouting        │ echo       │
╰────────────────────────┴──────┴────────────┴─────────────────────┴────────────╯
results: 1-1 of 1

Fabric

Usage v3

This a new version of usage events available. The existing v2 version events can still be used. The version
is selected in the events configuration.

Here is a config showing how to get both sets of events:

events:
  jsonLogger:
    subscriptions:
      - type: fabric.usage
        version: 2
      - type: fabric.usage
        versin: 3

If no version is provided for usage, then v2 events will still be outputted by default.

Event Consolidation

V3 events consolidate multiple usage metrics together to minimize the number of events.

Example:

{
  "namespace": "fabric.usage",
  "version": 3,
  "source_id": "cjc.1kYu0",
  "circuit_id": "CwbENl.lW",
  "usage": {
    "egress.rx": 47,
    "egress.tx": 47
  },
  "interval_start_utc": 1663342500,
  "interval_length": 60,
  "tags": {
    "clientId": "XtYOStBYgd",
    "hostId": "f3ltEI8Iok",
    "serviceId": "fclVFecdgakAoHyBvtIGy"
  }
}

Ingress and egress usage for a given circuit will consolidated into a single event per router. Fabric usage
will also be consolided into a single, separate event.

Event tagging

Usage events for ingress and egress usage will be annotated with edge information for both v2 and v3.

In the example above the event has tags for clientId, hostId and serviceId.

• clientId - The id of the edge identity using the service
• hostId - The id of the edge identity hosting the service (will be blank if not applicable, such as for router hosted)
• serviceId - The id of the service being used

Edge

Bug Fixes

• Issue 1176: Patching CA externalIdClaim Does Not Work

Ziti CLI

ziti edge create|update ca now support `externalIdClaim

Identities now have a field named externalId that can be used with 3rd Party CAs in addition to the existing
External JWT Signer support. 3rd Party CAs now support the following optional fields:

• externalIdClaim.index - if multiple externalId claims are located, the index will be used to select one, default 0
• externalIdClaim.location - extracts values from one of the following locations on a x509 certificate: SAN_URI, SAN_EMAIL, COMMON_NAME
• externalIdClaim.matcher - matches values in one of the following ways PREFIX, SUFFIX, SCHEME in conjunction with matcherCriteria or select all values via ALL
• externalIdClaim.matcherCriteria - matcher values of PREFIX, SUFFIX, and SCHEME will use matcherCriteria as a matching value
• externalIdClaim.parser: - supports parsing values from all matched externalIds via SPLIT or NONE
• externalIdClaim.parserCriteria - for a parser value of SPLIT, parserCriteria will be used to split values

When defined the externalIdClaim configuration will be used to locate any externalIds present in the client
supplied x509 certificate. If an externalId is located, it will be used to associate the authentication request
with an identity. If found, authentication is considered successful if not the authentication request fails. If the
client certificate does not contain an externalId then identities will be searched for that have a certificate
authenticator that matches the supplied client certificate. Should that fail, the authentication request fails.

This functionality can be used to support SPIFFE provisioned identities. For any specific SPIFFE ID, assign it to an
identity's externalId and then use the following externalIdClaim configurations.

CA Create/Update REST API

{
  ...
  "externalIdClaim": {
    "location": "SAN_URI",
    "index": 0,
    "matcher": "SCHEME",
    "matcherCriteria": "spiffe",
    "parser": "NONE",
    "parserCriteria": ""
  }
}

Ziti CLI

ziti edge create ca myCa ca.pem -l SAN_URI -m SCHEME -x spiffe -p "NONE"

ziti edge update ca myCa -l SAN_URI -m SCHEME -x spiffe -p "NONE"

Improved List CAs Output

The output for listing CAs in non-JSON format has been improved.

Example:

╭────────────────────────┬─────────┬────────┬────────────┬─────────────┬─────────────────────────────────────────────────────────────────╮
│ ID                     │ NAME    │ FLAGS  │ TOKEN      │ FINGERPRINT │ CONFIGURATION                                                   │
├────────────────────────┼─────────┼────────┼────────────┼─────────────┼─────────────────┬──────────────────────┬────────────────────────┤
│ 1tu6CbXT18Dd9rybjCW5eX │ 2       │ [AOE]  │ KaPxRiKbk  │ -           │ AutoCA          │ Identity Name Format │ [caName]-[commonName]  │
│                        │         │        │            │             │                 ├──────────────────────┼────────────────────────┤
│                        │         │        │            │             │                 │ Identity Roles       │ a,b,c                  │
│                        │         │        │            │             ├─────────────────┼──────────────────────┼────────────────────────┤
│                        │         │        │            │             │ ExternalIdClaim │ Index                │ 2                      │
│                        │         │        │            │             │                 ├──────────────────────┼────────────────────────┤
│                        │         │        │            │             │                 │ Location             │ SAN_URI                │
│                        │         │        │            │             │                 ├──────────────────────┼────────────────────────┤
│                        │         │        │            │             │                 │ Matcher              │ ALL                    │
│                        │         │        │            │             │                 ├──────────────────────┼────────────────────────┤
│                        │         │        │            │             │                 │ Matcher Criteria     │                        │
│                        │         │        │            │             │                 ├──────────────────────┼────────────────────────┤
│                        │         │        │            │             │                 │ Parser               │ NONE                   │
│                        │         │        │            │             │                 ├──────────────────────┼────────────────────────┤
│                        │         │        │            │             │                 │ Parser Criteria      │                        │
├────────────────────────┼─────────┼────────┼────────────┼─────────────┼─────────────────┼──────────────────────┼────────────────────────┤
│ 7AGp9vUttJHKA1JWujNtpR │ test-ca │ [VAOE] │ -          │ 315e...ba   │ AutoCA          │ Identity Name Format │ [caName]-[commonName]  │
│                        │         │        │            │             │                 ├──────────────────────┼────────────────────────┤
│                        │         │        │            │             │                 │ Identity Roles       │  three, two,one        │
╰────────────────────────┴─────────┴────────┴────────────┴─────────────┴─────────────────┴──────────────────────┴────────────────────────╯

Ziti Library Updates

• github.com/openziti/channel: v1.0.2 -> v1.0.3
• github.com/openziti/edge: [v0.22.91...

v0.26.7

Release 0.26.7

What's New

The only change in this release is updating from Golang 1.18 to 1.19

v0.26.6

Release 0.26.6

What's New

• Edge
  • N/A
• Fabric
  • Don't allow slow or blocked links to impede other links
  • Add destination address to circuit events
• Ziti CLI
  • Bug Fixes
• SDK Golang
  • N/A
• Identity

Fabric

Address slow/blocked links

Previously if a router had multiple links and one of them was slow or blocked, it could prevent other traffic from moving. Now, if a link is unable to keep up with incoming traffic, payloads will be dropped. The end-to-end flow control and retransmission logic will handle re-sending the packet.

Links have a 64 message queue for incoming messages. Up to 64 messages are taken off the queue, sorted in priority order and then sent. Once the sorted list of messages has been sent, the next set of messages are dequeue, sorted and sent. If the queue fills while the current set of sorted messges is being sent, message will now be dropped instead of waiting for queue space to open up.

There is now a new per-link link.dropped_msgs metric to track how often links are dropping messages.

Destination Address added to Circuit Events

When available, the remote address of the terminating side of a circuit is now available in the circuit event.

Example:

{
  "namespace": "fabric.circuits",
  "version": 2,
  "event_type": "created",
  "circuit_id": "kh7myU.bX",
  "timestamp": "2022-09-12T19:08:20.461576428-04:00",
  "client_id": "cl7zdm0d0000fbygdlzh268uq",
  "service_id": "6SIomYCjH5Jio52szEtX7W",
  "terminator_id": "7IIb1nU5yTfJVbaD8Tjuf3",
  "instance_id": "",
  "creation_timespan": 949916,
  "path": {
    "nodes": [
      "B3V.1kN40Y"
    ],
    "links": null,
    "ingress_id": "26D7",
    "egress_id": "wjo7",
    "terminator_local_addr": "127.0.0.1:44822",
    "terminator_remote_addr": "127.0.0.1:1234"
  },
  "link_count": 0,
  "path_cost": 262140
}

Ziti CLI

Bug Fixes

• Issue 823: Fixed quickstart bug with architecture detection not supporting aarch64

Identity

Identity is a low-level library within Ziti and affects all Ziti components.

Bug Fixes

• Fixed an issue where alt_server_certs were not always loaded and used for presenting TLS configurations

Ziti Library Updates

• github.com/openziti/agent: v1.0.1 -> v1.0.3

• github.com/openziti/channel: v0.18.58 -> v1.0.2

  • Issue #68 - Allow send with no wait, if queue is full
  • Issue #69 - Respect OutQueueSize option

• github.com/openziti/edge: v0.22.54 -> v0.22.91

  • Issue #1167 - Send remote addr of dialed connection for xgress_edge_tunnel and xgress_edge_transport
  • Issue #1169 - Update of service policy with patch fails if service policy type is not provided
  • Issue #1163 - Support flushing dns cache with resolvectl
  • Issue #1164 - Fix panic in xgress conn LogContext()

• github.com/openziti/fabric: v0.19.34 -> v0.19.67

  • Issue #484 - Don't let slow/stalled links block other links
  • Issue #459 - Add destination IP to fabric.circuits created message
  • Issue #492 - Add HostId to terminator events
  • Issue #485 - Metrics events timestamp format changed

• github.com/openziti/foundation/v2: v2.0.2 -> v2.0.4

• github.com/openziti/identity: v1.0.5 -> v1.0.11

• github.com/openziti/metrics: v1.0.3 -> v1.0.7

• github.com/openziti/sdk-golang: v0.16.104 -> v0.16.119

• github.com/openziti/storage: v0.1.16 -> v0.1.20

• github.com/openziti/transport/v2: v2.0.20 -> v2.0.28

• github.com/openziti/ziti: 0.26.5 -> 0.26.6

7f698a9 (Update deps and changelog)

v0.26.5

Release 0.26.5

What's New

This build has no functional changes, but does have changes to the build workflow,
because github is deprecating certain action runners. See
https://github.blog/changelog/2022-08-09-github-actions-the-ubuntu-18-04-actions-runner-image-is-being-deprecated-and-will-be-removed-by-12-1-22/
and
https://github.blog/changelog/2022-07-20-github-actions-the-macos-10-15-actions-runner-image-is-being-deprecated-and-will-be-removed-by-8-30-22/
for details

• MacOS builds are now done on the macos-11 github builder
• Linux builds are now done on the ubuntu-20.04 builder

This changes the oldest supported operating system versions for ziti-controller and ziti-router to those
listed above, due to dependencies on system shared libraries that may not be available on older operating
system versions.

If this change negatively impacts you, please let us on Discourse.

v0.26.4

Release 0.26.4

What's New

• Edge
  • N/A
• Fabric
  • Bug Fixes
• Ziti CLI
  • ziti fabric inspect can now emit results to individual files using the -f flag
• SDK Golang
  • N/A

Fabric

Bug Fixes

• Issue 463: fix for panic when dial service with instanceId and service has terminators but non for requested instanceId

v0.26.3

Release 0.26.3

What's New

• Edge
  • N/A
• Fabric
  • Link Events
  • Circuit Event Path Changes
  • Allow attributing usage to hosting identities
  • Capture IP/Port of edge routers creating api sessions
  • Report high link latency when heartbeats time out
  • Bug Fixes
• Ziti CLI
  • N/A
• SDK Golang
  • N/A
• Transport
  • WS/WSS no longer require client certificate

Fabric

Link Events

Link events can now be configured in the controller events configuration.

events:
  jsonLogger:
    subscriptions:
      - type: fabric.links
    handler:
      type: file
      format: json
      path: /var/log/ziti-events.log

Link Event Types

• dialed : Generated when the controller sends a link dial message to a router
• connected : Generated when a router sends a link connected message to the controller
• fault : Generated when a router sends a link fault to the controller
• routerLinkNew : Generated when a router sends a router link message to the controler and the link is new to the controller
• routerLinkKnown : Generated when a router sends a router link message to the controller and the link is known
• routerLinkDisconnectedDest : Generated when a router sends a route link message to the controller and the router on the other side of the link is not currently connected.

Link Dialed Event Example

{
  "namespace": "fabric.links",
  "event_type": "dialed",
  "timestamp": "2022-07-15T18:10:19.752766075-04:00",
  "link_id": "47kGIApCXI29VQoCA1xXWI",
  "src_router_id": "niY.XmLArx",
  "dst_router_id": "YPpTEd8JP",
  "protocol": "tls",
  "dial_address": "tls:127.0.0.1:4024",
  "cost": 1
}

Link Connected Example

{
  "namespace": "fabric.links",
  "event_type": "connected",
  "timestamp": "2022-07-15T18:10:19.973626185-04:00",
  "link_id": "47kGIApCXI29VQoCA1xXWI",
  "src_router_id": "niY.XmLArx",
  "dst_router_id": "YPpTEd8JP",
  "protocol": "tls",
  "dial_address": "tls:127.0.0.1:4024",
  "cost": 1,
  "connections": [
    {
      "id": "ack",
      "local_addr": "tcp:127.0.0.1:49138",
      "remote_addr": "tcp:127.0.0.1:4024"
    },
    {
      "id": "payload",
      "local_addr": "tcp:127.0.0.1:49136",
      "remote_addr": "tcp:127.0.0.1:4024"
    }
  ]
}

Link Fault Example

{
  "namespace": "fabric.links",
  "event_type": "fault",
  "timestamp": "2022-07-15T18:10:19.973867809-04:00",
  "link_id": "6slUYCqOB85YTfdiD8I5pl",
  "src_router_id": "YPpTEd8JP",
  "dst_router_id": "niY.XmLArx",
  "protocol": "tls",
  "dial_address": "tls:127.0.0.1:4023",
  "cost": 1
}
```

#### Router Link Known Example

{
"namespace": "fabric.links",
"event_type": "routerLinkKnown",
"timestamp": "2022-07-15T18:10:19.974177638-04:00",
"link_id": "47kGIApCXI29VQoCA1xXWI",
"src_router_id": "niY.XmLArx",
"dst_router_id": "YPpTEd8JP",
"protocol": "tls",
"dial_address": "tls:127.0.0.1:4024",
"cost": 1
}

### Circuit Event Path Changes

* Circuit event paths are now structured, rather than being a string
* The path structure contains a string list of routers in the path, ordered from initiator to terminator
* The path structure contains a string list of links in the path, ordered from initiator to terminator
* The path structure also contains the initiator and terminator xgress instance ids
* `terminator_local_addr` has been moved inside the nested path structure
* There is also a new version field, which is set to 2.

Old circuit event:

{
"namespace": "fabric.circuits",
"event_type": "created",
"circuit_id": "Y4aVR-QfM",
"timestamp": "2022-07-19T12:39:21.500700972-04:00",
"client_id": "cl5sehx8k000d0agdrqyh9aa4",
"service_id": "bnNbAbsiYM",
"instance_id": "",
"creation_timespan": 812887,
"path": "[r/niY.XmLArx]",
"terminator_local_address": "",
"link_count": 0,
"path_cost": 262140,
"failure_cause": null
}

New circuit event:

{
"namespace": "fabric.circuits",
"version": 2,
"event_type": "created",
"circuit_id": "Llm58Bn-J",
"timestamp": "2022-07-19T12:41:31.043070164-04:00",
"client_id": "cl5sekp6z000dk0gdej54ipgx",
"service_id": "bnNbAbsiYM",
"terminator_id": "6CNJIXdRQ6mctdzHXEx8nW",
"instance_id": "",
"creation_timespan": 781618,
"path": {
"nodes": [
"niY.XmLArx"
],
"links": null,
"ingress_id": "v9yv",
"egress_id": "2mOq",
"terminator_local_addr": ""
},
"link_count": 0,
"path_cost": 262140
}

### Allow attributing usage to hosting endpoints
Terminator now has a Host ID, similar to the session Client ID. This can be used by higher levels to associate an id 
with the terminator. The edge sets this field to the hosting session id. 
Circuits now also track which terminator they are using, with a new terminatorId field. 
These two changes together allow usage to be attributed to hosting entities as well
as dialing entities.

### Capture IP/Port of edge routers creatign api sessions
When an edge router creates an API session, the ip:port of the edge router control channel will be captured.

### Report high link latency when heartbeats time out
Previously when latency probes/heatbeats timed out, we wouldn't update the link latency. 
Now, link latency will be set to 88888888888ns (or ~88seconds). This will help keep
these links from being used. The use of this marker value will also let timeouts be 
identitied.

### Bug Fixes

* [Circuits on single router which is deleted are ophaned](https://github.com/openziti/fabric/issues/452)
* [API Session Certs not updated on ERs](https://github.com/openziti/edge/issues/1096)