Version Compatibility

Hi there!

I am about to update our controller & routers in K8s and I am wondering whether there are some version restrictions we need to adhere to, meaning should we also update other edge routers ziti binaries and/or ziti-edge-tunnelers (linux-based). Can you provide some insight here ?

BR
Jan

At this time we are still recommending all overlay component versions be at the same level/number/version.

We expect this will change in the future, but when is not exactly known. Generally, most things would probably work fine but to be more certain, we still recommend keeping them aligned

Hi @TheLumberjack thank you for the response!

Can you provide an example to illustrate what that means for the ziti-edge-tunnel and windows tunneler ? :slight_smile: Are they somehow related via the SDK version ?

Ah. Those are different. Those were guarantee backwards comparability expectations. Old tunnelers are expected to work with new networks. You originally mentioned what I consider the overlay network pieces which are different to me than the edge clients connecting to the overlay and I didn't see the rest of your message some how. :face_with_diagonal_mouth:.

So there's no need to upgrade those. We recommend you upgrade them but it should be fine if they're "older". The zdew (desktop edge for Windows) is set to automatically upgrade itself and a newer version of that is coming out relatively soon

no worries :wink:
Ok thanks for the info!

Hi @TheLumberjack ,

I hope you're doing well! :slight_smile:

I wanted to ask about the backwards-compatibility of Ziti networks with older versions of the ziti-edge-tunnel. You mentioned that it should be fine if the ziti-edge-tunnel installations aren't updated, but could you clarify what that means exactly?

In our case, we're planning to run a Ziti network (controller & router) with version 1.3.3, while some of our Ziti clients will have version 0.22.26 of the ziti-edge-tunnel installed. Have these combinations been tested or in others words is backwards-compatibility guaranteed to this extent ?

Thanks a lot!

BR
Jan

Hi @janst, been busy and didn't get a chance to reply and then forgot about you for a bit. Sorry about that. :slight_smile: The short (TL;DR) answer is "we don't track the versions in a matrix".

In general, OpenZiti has a strong philosophy that new versions of the network itself (controller/router) should not break old versions of the tunnelers/sdk clients. We expect people to be able to update the network constantly. We do try very hard to ensure that is the case. In general, it's much easier to update a small number of cloud-based resources (controller, routers, etc) than 100's or 1000's of endpoints and we understand how important it is to make sure newer versions of the controller and routers work with older versions of the tunnelers.

That said, any major version bumps in versions are certainly times when breaking changes might occur. We obviously hope that isn't the case, but it might be necessary. We are also constantly finding and fixing bugs that have never popped up before. So in general, it's recommend that all the bits be on the latest versions as much as possible. Any 0.x.y versions really should be brought up to a 1.+ version so I'd really recommend you upgrade the old 0.x tunnelers. Also overlay components are best to be kept at the same release. Mixing those versions should be fine, but we don't test that scenario. All the components of the overlay should be kept at the same version.

When we discover bugs in older clients that break some functionality we fix it really quickly. When we find these, they are captured in release notes and issues. We don't track the specific versions because we find/fix the issues quickly. This is why in general, while we try to ensure backward compatibility, we always recommend people use the latest.

Thank your for answering!

So all the cloud components (= overlay components like controller and routers) have to be kept at the same version (which is usually not a problem) and for the ziti tunnelers you recommend to update to the latest versions, but breaking changes with in-use ziti tunnelers should only occur in case of major version bumps of the cloud components.

Did I get that correctly ? :slight_smile:

So there is no relation between the version of the ziti overlay components and the tunneler/sdk versions ? :slight_smile:

Yes. If at all, the only time when it would be expected and/or permissible is on a major version bump. Other than that, it's expected that older versions of the tunnelers 1.0+ would work with newer versions of the overlay.

There's no relation of the versions of the overlay to the versions of the tunnelers because each piece of software is using it's own version to expresses compatibility with downstreams. Version 2 or 3 of the overlay might work just fine with 1.x version of the tunnelers. If the tunnelers were to change substantially, only then would the major version of the tunnelers change.

If anything, I would expect the major versions of the tunnelers to remain low, while the overlay versions keep marching forward.