Re: DNSSEC in Traffic Router

hip between each zone and RR type. There are > two sites I use for this: > > http://dnsviz.net/ > http://dnssec-debugger.verisignlabs.com/ > > ..these sites will help you identify why DNSSEC validation might be > failing, which manifests only as a SERVFAIL at the client side,

DNSSEC in Traffic Router

Hello dev list. To avoid DNS cache pollusion, I would like to use DNSSEC, so that TR sign cdn- domain A records. The docs say that this feafure is only available for DNS based delivery services. My delivery services are HTTP. I would like to understand what are the gaps to fill in order to have

TC 2.1 postinstall errors

Hi, I am trying to install TC 2.1 on Centos 6.7. The RPM was built from master using the Vagrant build framework. I had some dependency issues around cpanm and carton and I had to manually install cpanm and upgrade Parse::CPAN::Meta before I managed to successfully run Carton and install Perl depe

Re: API GW route configuration

2. I may have missed it, but how is the route from the Gateway to TO > > > secured? > > > > > > On Fri, May 12, 2017 at 8:41 AM David Neuman > > > > wrote: > > > > > >> +1 on keeping in on the mailing list > > >> > > >

Re: API GW route configuration

> https://cwiki.apache.org/confluence/display/TC/API+Gateway > > > > Jeremy > > > > On Thu, May 11, 2017 at 2:14 PM, Amir Yeshurun wrote: > > > > > Hi Jeremy, > > > Note that attachments seems to be stripped off on this list and the > image

Re: API GW route configuration

gt; > > accepted >> > > > > >> by >> > > > > >>>> all Traffic Ops microservices, with no database >> authentication. >> > > > > >>>> >> > > > > >>>> It's a common misconception that JWT allows you aut

Re: Removing 'internal' from TO API

te: > > $r->get("/internal/api/$version/cdns/dnsseckeys/refresh")->to( > 'Cdn#dnssec_keys_refresh', namespace => $namespace ); > > 2 unauthenticated traffic stats routes: > > $r->get("internal/api/$version/daily_summary")->to( > 

Re: API GW route configuration

t; >> checks the token against the auth service (which may also be proxied), > > and > > >> redirects unauthorized requests to a login endpoint (which may also be > > >> proxied). > > >> > > >> The TO service (and any other s

Re: API GW route configuration

keys","auth": { "GET": ["cdn-security-keys-read"] }}, { "match": "/cdns/name/[^\/]+/dnsseckeys/delete", "auth": { "GET": ["cdn-security-keys-write"] }}, { "match": "/cdns/[^\/]+

Re: API GW route configuration

Attached please find examples for forwarding rules file (rules.json) and the authorization rules file (traffic-ops-routes.json) On Sun, May 7, 2017 at 10:39 AM Amir Yeshurun wrote: > Hi all, > > I am about to submit a PR with a first operational version of the API GW, > to the &

API GW route configuration

Hi all, I am about to submit a PR with a first operational version of the API GW, to the "experimental" code base. The API GW forwarding logic is as follow: 1. Find host to forward the request: Prefix match on the request path against a list of forwarding rules. The matched forwarding rule

Re: Proposal for CDN definition file based configuration management

It seems that with Nir's approach there is no problem to enforce a size limit on historical data On Fri, Apr 14, 2017 at 4:07 PM Eric Friedrich (efriedri) < efrie...@cisco.com> wrote: > I think this sounds good Nir. > > Its not so much the size that is the main concern. Rather, people tend to > h

Re: API GW, new AAA model and legacy AAA model in Traffic Ops

Re documentation - yes, there is no problem to share the JWT structure. The list of capability names is also part of TO API On Mon, Apr 3, 2017, 6:43 PM Eric Friedrich (efriedri) wrote: > Thanks Amir- > > On Apr 3, 2017, at 11:03 AM, Amir Yeshurun wrote: > > > > Hi Eric

Re: API GW, new AAA model and legacy AAA model in Traffic Ops

party service should return a JWT that contains the user's capabilities. > > > —Eric > > > > > On Apr 2, 2017, at 8:44 AM, Amir Yeshurun wrote: > > > > Hi, > > > > This email relates to an the API GW and to the new AAA model that are >

API GW, new AAA model and legacy AAA model in Traffic Ops

Hi, This email relates to an the API GW and to the new AAA model that are under development for post 2.0 TC. The purpose is to explain how new AAA model and existing AAA model live together then using the new API GW. Currently TO handles Authentication and Authorization. Authentication is handle

Re: TO API Versioning

+1 for choosing a versioning philosophy On Mon, Mar 27, 2017 at 5:15 PM Dewayne Richardson wrote: > Yes, the versioning wasn't consistent because we switched out the database > to Postgres which had several impacts to the API. The issue with API routes > being too granular in the versioning is t

Re: Removing 'internal' from TO API

With the API GW, such duplications, or modifications can be defined in the GW, if required, instead of in TO On Thu, Mar 16, 2017, 5:52 PM Jan van Doorn wrote: > We should also think about the API gateway future I think with that, we > don't need these special routes at all anymore, right Am

Re: Debugging TO in a local (dev) environment

ave some internal tools floating around to do some of that, but > nothing available publicly (or ready for public consumption). I would > definitely be in favor of adding some of those things to the project. > > On Fri, Jan 27, 2017 at 6:25 AM, Amir Yeshurun wrote: > > > Thanks

Re: Debugging TO in a local (dev) environment

ccontrol/blob/master/traffic_monitor/etc/ats_sim.js > which you can use with a Traffic Monitor to simulate traffic monitor > polling caches and sending responses. > Hopefully that helps. > > Thanks, > Dave > > On Thu, Jan 26, 2017 at 7:37 AM, Amir Yeshurun wrote: > > > Hi, >

Debugging TO in a local (dev) environment

Hi, I'm running a local instance of TO, and debugging the CDN health API route /api/1.2/cdns/health In order to report the CDN health, TO need to read cache status from Traffic Monitor, which in turn, has to collect status from the caches. I am looking for a way to create a dev setup on which I