Apache Traffic Control - Current Release

Apache Traffic Control 4.1.1 - December 4th, 2020

Apache Traffic Control 4.1.1 is available here:

Release Notes


  • Added the ability to set TLS config provided here: https://golang.org/pkg/crypto/tls/#Config in Traffic Ops
  • Added --traffic_ops_insecure=<0|1> optional option to traffic_ops_ort.pl
  • Added ORT CentOS 8 support

  • Fixed #5188 - DSR (delivery service request) incorrectly marked as complete and error message not displaying when DSR fulfilled and DS update fails in Traffic Portal. Related Github issues
  • Fixed #5006 - Traffic Ops now generates the Monitoring on-the-fly if the snapshot doesn't exist, and logs an error. This fixes upgrading to 4.x to not break the CDN until a Snapshot is done.
  • Fixed #5180 - Global Max Mbps and Tps is not send to TM
  • Fixed #3528 - Fix Traffic Ops monitoring.json missing DeliveryServices
  • Fixed #5074 - Traffic Monitor logging "CreateStats not adding availability data for server: not found in DeliveryServices" for MID caches
  • Fixed #5274 - CDN in a Box's Traffic Vault image failed to build due to Basho's repo responding with 402 Payment Required. The repo has been removed from the image.
  • Fixed an issue that causes Traffic Router to mistakenly route to caches that had recently been set from ADMIN_DOWN to OFFLINE
  • Fixed a NullPointerException in Traffic Router that prevented it from properly updating cache health states
  • Fixed an issue where Traffic Router would erroneously return 503s or NXDOMAINs if the caches in a cachegroup were all unavailable for a client's requested IP version, rather than selecting caches from the next closest available cachegroup.
  • Traffic Ops Ort: Disabled ntpd verification (ntpd is deprecated in CentOS)
  • Fixed #5005: Traffic Monitor cannot be upgraded independently of Traffic Ops
  • Fixed an issue with Traffic Router failing to authenticate if secrets are changed
  • Fixed #4825 - Traffic Monitor error log spamming "incomparable stat type int"
  • Fixed #4899 - Traffic Monitor Web UI showing incorrect delivery service availability states
  • Fixed Traffic Monitor Web UI styling for unavailable caches
  • Fixed an issue with Traffic Monitor to fix peer polling to work as expected
  • Fixed #4845 - issue with ATS logging.yaml generation (missing newlines when filters are used)
  • Fixed ORT atstccfg to use log appending and log rotation
  • Fixed a bug in ATS remap.config generation that caused a double range directive if there was a __RANGE_DIRECTIVE__ override
  • Fixed ORT to be backwards compatible with Traffic Ops 3.x

  • Changed ORT/atstccfg ATS configuration generation to be deterministic in order to simplify diff checking
  • Changed ORT to not update ip_allow.config on SYNCDS runs by default


  • Deprecated the insecure option in traffic_ops_golang in favor of "tls_config": { "InsecureSkipVerify": <bool> }

Upgrade Requirements

  • Reminder: as of Apache Traffic Control 4.0, an IPv6-capable astats_over_http plugin (available since ATC 2.2+) is required for Apache Traffic Server in order to do IPv6 routing.

Signing Keys

It is essential that you verify the integrity of the downloaded files using the PGP or MD5 signatures.

The PGP signatures can be verified using PGP or GPG. First download the KEYS as well as the `ASC` signature file for the relevant distribution. Make sure you get these files from the main distribution directory, rather than from a mirror. Then verify the signatures using:

% pgpk -a KEYS % pgpv apache-trafficcontrol-4.1.0.tar.gz.asc


% pgp -ka KEYS
% pgp apache-trafficcontrol-4.1.0.tar.gz.asc


% gpg --import KEYS
% gpg --verify apache-trafficcontrol-4.1.0.tar.gz.asc apache-trafficcontrol-4.1.0.tar.gz

$ gpg --verify apache-trafficcontrol-4.1.0.tar.gz.asc apache-trafficcontrol-4.1.0.tar.gz
gpg: Signature made Tue Feb 11 09:38:30 2020 MST
gpg:                using RSA key BF4A8D7307B8EEC7BFB4D8CB8A0712500C70C06E
gpg: Good signature from "Rawlin Peters (apache signing key) " [ultimate]

Additionally, you should verify the SHA signature on the files. A unix program called `sha` or `shasum` is included in many unix distributions. It is also available as part of GNU Textutils. An MD5 signature (deprecated) consists of 32 hex characters, and a SHA512 signature consists of 128 hex characters. Ensure your generated signature string matches the signature string published in the files above.

Past Releases

Apache Traffic Control 4.1.0 - June 17th, 2020

Apache Traffic Control 4.1.0 is available here:

Release Notes

New Features

  • Added support for Let's Encrypt
  • Support for ATS Slice plugin in Traffic Ops, including new Delivery Service Raw Remap __RANGE_DIRECTIVE__ directive
  • Ability to enable EDNS0 client subnet at the delivery service level
  • New IPv6 changes:
    • Traffic Portal and Traffic Ops now accept IPv6-only servers
    • Traffic Monitor now polls caches over IPv6 in addition to IPv4, separating the availability status of each (make sure to update the allow_ip6 profile parameter to include the IPv6 addresses of your Traffic Monitors, otherwise they will fail to poll over IPv6 and consider those caches to be unavailable over IPv6)
    • Traffic Router will route IPv4 clients to caches with IPv4 availability and route IPv6 clients to caches with IPv6 availability
  • Traffic Router DNSSEC zone diffing performance enhancement
  • Traffic Monitor optimistic quorum
  • Traffic Ops API 2.0. This new major API version contains several new routes but does not contain many deprecated routes from API 1.x (which will be available until the ATC 5.0 release). API clients should begin migrating to API 2.0 as soon as possible. For the full lists of new or deprecated routes, please see the changelog.
  • Ability to choose the TLS version used for Traffic Ops to make requests to Traffic Vault. Note: the default is now TLSv1.1, which may require configuration changes to Riak. See Enabling TLS 1.1

Bug Fixes

  • This release contains many new bug fixes. For the full list, please see the changelog.


  • The Traffic Ops db/admin.pl script has now been removed. Please use the db/admin binary instead.
  • Removed from Traffic Portal the ability to view cache server config files as the contents are no longer reliable through the TO API due to the introduction of atstccfg.
  • Traffic Ops Python client no longer supports Python 2.