Deprecation of Azure CDN from Edgio (azureedge.net), replaced by Azure Front Door (azurefd.net), affects snowflake-broker.azureedge.net
I got an email on 2024-12-05 saying that that Azure CDN from Edgio/Verizon is going to shut down sooner than expected. The shutdown date was supposed to be 2025-11-04, now it is 2024-01-15 (about one month from now). This affects (at least) snowflake-broker.azureedge.net, which was first set up and is still on Azure CDN with Edgio. I think that snowflake-broker.azureedge.net has not been used by this team since 2021 and https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_req.... But it is still getting some use from somewhere, as evidenced by the nonzero monthly bills: https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-cos... Whatever is out there that is still using snowflake-broker.azureedge.net will likely stop working after 2025-01-15.
Date: 5 Dec 2024 17:03:50 +0000 From: Microsoft Azure <azure-noreply@microsoft.com> Subject: Urgent action required: Migrate workloads on Azure CDN from Edgio (formerly Verizon) before 15 January 2025
Migrate to Azure Front Door or other CDN services as soon as possible to avoid service disruptions.
Migrate workloads on Azure CDN from Edgio (formerly Verizon) before 15 January 2025.
You're receiving this notice because you're currently using Azure CDN Standard/Premium from Edgio.
All Azure CDN from Edgio customers must migrate their workloads to Azure Front Door or other CDN services before 15 January 2025 as Edgio has advised their platform is currently scheduled to be shut down by that date. Migrate as soon as possible to avoid an imminent service shut-down.
On 31 October 2024, we sent you a notice advising that Azure CDN Standard/Premium from Edgio (formerly Verizon) will be retired on 4 November 2025, and that customers of this service must migrate their workload(s) to a comparable service before this date to avoid service interruptions. In that email we also advised given that Edgio filed for Chapter 11 Bankruptcy on 9 September 2024, Microsoft cannot guarantee that Edgio will continue to support this service through 4 November 2025 as previously stated.
Online references about Azure CDN with Edgio retirement: https://learn.microsoft.com/en-us/azure/cdn/edgio-retirement-faq https://azure.microsoft.com/updates?id=467688 I did try setting up a Front Door CDN profile (which is the recommended replacement for Edgio), following the migration instructions: https://learn.microsoft.com/en-us/azure/frontdoor/migrate-cdn-to-front-door I got the hostname: snowflake-broker-hadmaqbnc4dmcffs.z03.azurefd.net It works as an alias for the broker: curl -i https://snowflake-broker-hadmaqbnc4dmcffs.z03.azurefd.net/debug However, it apparently does not work with domain fronting, so is likely not actually useful. Front Door not working with domain fronting is consistent with prior announcements by Azure: https://github.com/net4people/bbs/issues/67
meek.azureedge.net is also still advertised: ``` % curl https://bridges.torproject.org/moat/circumvention/builtin {"meek-azure":["meek_lite 192.0.2.18:80 BE776A53492E1E044A26F17306E1BC46A55A1625 url=https://meek.azureedge.net/ front=ajax.aspnetcdn.com"],"obfs4":[...],"snowflake":[...]} ``` My iOS apps still use this, since it never went away and people wanted it. I guess, that is affected, too? ~tla Am 11.12.24 um 07:09 schrieb David Fifield via anti-censorship-team:
I got an email on 2024-12-05 saying that that Azure CDN from Edgio/Verizon is going to shut down sooner than expected. The shutdown date was supposed to be 2025-11-04, now it is 2024-01-15 (about one month from now).
This affects (at least) snowflake-broker.azureedge.net, which was first set up and is still on Azure CDN with Edgio. I think that snowflake-broker.azureedge.net has not been used by this team since 2021 and https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_req.... But it is still getting some use from somewhere, as evidenced by the nonzero monthly bills: https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-cos... Whatever is out there that is still using snowflake-broker.azureedge.net will likely stop working after 2025-01-15.
That seems likely, yes, unless I am misinterpreting the announcement from Azure. I get the impression that the exact date is uncertain, as it has to do with the bankruptcy of Edgio. On Wed, Dec 11, 2024 at 11:13:42AM +0100, Benjamin Erhart via anti-censorship-team wrote:
meek.azureedge.net is also still advertised:
``` % curl https://bridges.torproject.org/moat/circumvention/builtin {"meek-azure":["meek_lite 192.0.2.18:80 BE776A53492E1E044A26F17306E1BC46A55A1625 url=https://meek.azureedge.net/ front=ajax.aspnetcdn.com"],"obfs4":[...],"snowflake":[...]} ```
My iOS apps still use this, since it never went away and people wanted it.
I guess, that is affected, too?
~tla
Am 11.12.24 um 07:09 schrieb David Fifield via anti-censorship-team:
I got an email on 2024-12-05 saying that that Azure CDN from Edgio/Verizon is going to shut down sooner than expected. The shutdown date was supposed to be 2025-11-04, now it is 2024-01-15 (about one month from now).
This affects (at least) snowflake-broker.azureedge.net, which was first set up and is still on Azure CDN with Edgio. I think that snowflake-broker.azureedge.net has not been used by this team since 2021 and https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_req.... But it is still getting some use from somewhere, as evidenced by the nonzero monthly bills: https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-cos... Whatever is out there that is still using snowflake-broker.azureedge.net will likely stop working after 2025-01-15.
Who is responsible for https://bridges.torproject.org/moat/circumvention/ ? Is there already a planned change to the `builtin` endpoint? I guess I'll just leave it in Onion Browser, Orbot Apple and OnionShare for now, as long as there is no Meek alternative planned. ~tla Am 11.12.24 um 16:50 schrieb David Fifield via anti-censorship-team:
That seems likely, yes, unless I am misinterpreting the announcement from Azure. I get the impression that the exact date is uncertain, as it has to do with the bankruptcy of Edgio.
On Wed, Dec 11, 2024 at 11:13:42AM +0100, Benjamin Erhart via anti-censorship-team wrote:
meek.azureedge.net is also still advertised:
``` % curl https://bridges.torproject.org/moat/circumvention/builtin {"meek-azure":["meek_lite 192.0.2.18:80 BE776A53492E1E044A26F17306E1BC46A55A1625 url=https://meek.azureedge.net/ front=ajax.aspnetcdn.com"],"obfs4":[...],"snowflake":[...]} ```
My iOS apps still use this, since it never went away and people wanted it.
I guess, that is affected, too?
~tla
Am 11.12.24 um 07:09 schrieb David Fifield via anti-censorship-team:
I got an email on 2024-12-05 saying that that Azure CDN from Edgio/Verizon is going to shut down sooner than expected. The shutdown date was supposed to be 2025-11-04, now it is 2024-01-15 (about one month from now).
This affects (at least) snowflake-broker.azureedge.net, which was first set up and is still on Azure CDN with Edgio. I think that snowflake-broker.azureedge.net has not been used by this team since 2021 and https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_req.... But it is still getting some use from somewhere, as evidenced by the nonzero monthly bills: https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-cos... Whatever is out there that is still using snowflake-broker.azureedge.net will likely stop working after 2025-01-15.
anti-censorship-team mailing list -- anti-censorship-team@lists.torproject.org To unsubscribe send an email to anti-censorship-team-leave@lists.torproject.org
Who is responsible for https://bridges.torproject.org/moat/circumvention/ ? Is there already a planned change to the `builtin` endpoint? I guess I'll just leave it in Onion Browser, Orbot Apple and OnionShare for now, as long as there is no Meek alternative planned. ~tla Am 11.12.24 um 16:50 schrieb David Fifield via anti-censorship-team:
That seems likely, yes, unless I am misinterpreting the announcement from Azure. I get the impression that the exact date is uncertain, as it has to do with the bankruptcy of Edgio.
On Wed, Dec 11, 2024 at 11:13:42AM +0100, Benjamin Erhart via anti-censorship-team wrote:
meek.azureedge.net is also still advertised:
``` % curl https://bridges.torproject.org/moat/circumvention/builtin {"meek-azure":["meek_lite 192.0.2.18:80 BE776A53492E1E044A26F17306E1BC46A55A1625 url=https://meek.azureedge.net/ front=ajax.aspnetcdn.com"],"obfs4":[...],"snowflake":[...]} ```
My iOS apps still use this, since it never went away and people wanted it.
I guess, that is affected, too?
~tla
I don't know the answers to those questions but someone else may. On Fri, Dec 13, 2024 at 10:50:29AM +0100, Benjamin Erhart via anti-censorship-team wrote:
Who is responsible for https://bridges.torproject.org/moat/circumvention/ ?
Is there already a planned change to the `builtin` endpoint?
I guess I'll just leave it in Onion Browser, Orbot Apple and OnionShare for now, as long as there is no Meek alternative planned.
~tla
Am 11.12.24 um 16:50 schrieb David Fifield via anti-censorship-team:
That seems likely, yes, unless I am misinterpreting the announcement from Azure. I get the impression that the exact date is uncertain, as it has to do with the bankruptcy of Edgio.
On Wed, Dec 11, 2024 at 11:13:42AM +0100, Benjamin Erhart via anti-censorship-team wrote:
meek.azureedge.net is also still advertised:
``` % curl https://bridges.torproject.org/moat/circumvention/builtin {"meek-azure":["meek_lite 192.0.2.18:80 BE776A53492E1E044A26F17306E1BC46A55A1625 url=https://meek.azureedge.net/ front=ajax.aspnetcdn.com"],"obfs4":[...],"snowflake":[...]} ```
My iOS apps still use this, since it never went away and people wanted it.
I guess, that is affected, too?
~tla
Quoting David Fifield via anti-censorship-team (2024-12-13 18:35:05)
On Fri, Dec 13, 2024 at 10:50:29AM +0100, Benjamin Erhart via anti-censorship-team wrote:
Who is responsible for https://bridges.torproject.org/moat/circumvention/ ?
Anybody in the Team, but if you look for a concrete person I guess you can point to me.
Is there already a planned change to the `builtin` endpoint?
There is no plan already done. We've being planning to fase out meek for years[0] but kept it around as it was the last resort in some cases. We could set up a meek bridge in another provider, but there are less and less providers that allow domain fronting and places that currently relay on meek like turkmenistan have other providers blocked. We might want to keep the existing meek-azure up and running until the last day for those cases. There is an issue created to work on this: https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/155 [0] https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/33
I guess I'll just leave it in Onion Browser, Orbot Apple and OnionShare for now, as long as there is no Meek alternative planned.
Yes, that makes sense. -- meskio | https://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: https://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan.
The onionwrapper library (which is used by Briar and OnionShare Android) uses snowflake-broker.azureedge.net and meektm.azureedge.net for certain configurations (depending on the country and Android version, as some older Android devices can't verify Let's Encrypt certificates). If we want to follow the upstream PT configuration, what's the best way to do that? The config files seem to move around various Tor repositories and at the moment I think we're basing our config on the expert bundle - but does that reflect what actually works/is used by Tor Browser? Cheers, Michael On 11/12/2024 06:09, David Fifield via anti-censorship-team wrote:
I got an email on 2024-12-05 saying that that Azure CDN from Edgio/Verizon is going to shut down sooner than expected. The shutdown date was supposed to be 2025-11-04, now it is 2024-01-15 (about one month from now).
This affects (at least) snowflake-broker.azureedge.net, which was first set up and is still on Azure CDN with Edgio. I think that snowflake-broker.azureedge.net has not been used by this team since 2021 and https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_req.... But it is still getting some use from somewhere, as evidenced by the nonzero monthly bills: https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-cos... Whatever is out there that is still using snowflake-broker.azureedge.net will likely stop working after 2025-01-15.
Date: 5 Dec 2024 17:03:50 +0000 From: Microsoft Azure <azure-noreply@microsoft.com> Subject: Urgent action required: Migrate workloads on Azure CDN from Edgio (formerly Verizon) before 15 January 2025
Migrate to Azure Front Door or other CDN services as soon as possible to avoid service disruptions.
Migrate workloads on Azure CDN from Edgio (formerly Verizon) before 15 January 2025.
You're receiving this notice because you're currently using Azure CDN Standard/Premium from Edgio.
All Azure CDN from Edgio customers must migrate their workloads to Azure Front Door or other CDN services before 15 January 2025 as Edgio has advised their platform is currently scheduled to be shut down by that date. Migrate as soon as possible to avoid an imminent service shut-down.
On 31 October 2024, we sent you a notice advising that Azure CDN Standard/Premium from Edgio (formerly Verizon) will be retired on 4 November 2025, and that customers of this service must migrate their workload(s) to a comparable service before this date to avoid service interruptions. In that email we also advised given that Edgio filed for Chapter 11 Bankruptcy on 9 September 2024, Microsoft cannot guarantee that Edgio will continue to support this service through 4 November 2025 as previously stated.
Online references about Azure CDN with Edgio retirement: https://learn.microsoft.com/en-us/azure/cdn/edgio-retirement-faq https://azure.microsoft.com/updates?id=467688
I did try setting up a Front Door CDN profile (which is the recommended replacement for Edgio), following the migration instructions: https://learn.microsoft.com/en-us/azure/frontdoor/migrate-cdn-to-front-door I got the hostname: snowflake-broker-hadmaqbnc4dmcffs.z03.azurefd.net It works as an alias for the broker: curl -i https://snowflake-broker-hadmaqbnc4dmcffs.z03.azurefd.net/debug However, it apparently does not work with domain fronting, so is likely not actually useful. Front Door not working with domain fronting is consistent with prior announcements by Azure: https://github.com/net4people/bbs/issues/67 _______________________________________________ anti-censorship-team mailing list -- anti-censorship-team@lists.torproject.org To unsubscribe send an email to anti-censorship-team-leave@lists.torproject.org
On Wed, 11 Dec 2024, Michael Rogers via anti-censorship-team wrote:
If we want to follow the upstream PT configuration, what's the best way to do that? The config files seem to move around various Tor repositories and at the moment I think we're basing our config on the expert bundle - but does that reflect what actually works/is used by Tor Browser?
Yes, the `tor/pluggable_transports/pt_config.json` in tor-expert-bundle should reflect what is being used in Tor Browser. You can also find it in git (in the `main` branch for alpha releases and the `maint-14.0` branch for the 14.0.* releases): * https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/raw/main/... * https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/raw/maint... Nicolas
On 11/12/2024 10:51, Nicolas Vigier via anti-censorship-team wrote:
On Wed, 11 Dec 2024, Michael Rogers via anti-censorship-team wrote:
If we want to follow the upstream PT configuration, what's the best way to do that? The config files seem to move around various Tor repositories and at the moment I think we're basing our config on the expert bundle - but does that reflect what actually works/is used by Tor Browser?
Yes, the `tor/pluggable_transports/pt_config.json` in tor-expert-bundle should reflect what is being used in Tor Browser. You can also find it in git (in the `main` branch for alpha releases and the `maint-14.0` branch for the 14.0.* releases): * https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/raw/main/... * https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/raw/maint...
Fantastic, thank you!
Nicolas
_______________________________________________ anti-censorship-team mailing list -- anti-censorship-team@lists.torproject.org To unsubscribe send an email to anti-censorship-team-leave@lists.torproject.org
Quoting Michael Rogers via anti-censorship-team (2024-12-11 13:51:37)
On 11/12/2024 10:51, Nicolas Vigier via anti-censorship-team wrote:
On Wed, 11 Dec 2024, Michael Rogers via anti-censorship-team wrote:
If we want to follow the upstream PT configuration, what's the best way to do that? The config files seem to move around various Tor repositories and at the moment I think we're basing our config on the expert bundle - but does that reflect what actually works/is used by Tor Browser?
Yes, the `tor/pluggable_transports/pt_config.json` in tor-expert-bundle should reflect what is being used in Tor Browser. You can also find it in git (in the `main` branch for alpha releases and the `maint-14.0` branch for the 14.0.* releases): * https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/raw/main/... * https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/raw/maint...
Fantastic, thank you!
Better than pooling from the tor-browser-build repo you can get the same information from the circumvention settings API: https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/blob/main/doc/moat... $ curl https://bridges.torproject.org/moat/circumvention/builtin -- meskio | https://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: https://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan.
On 16/12/2024 18:32, meskio wrote:
Quoting Michael Rogers via anti-censorship-team (2024-12-11 13:51:37)
On 11/12/2024 10:51, Nicolas Vigier via anti-censorship-team wrote:
On Wed, 11 Dec 2024, Michael Rogers via anti-censorship-team wrote:
If we want to follow the upstream PT configuration, what's the best way to do that? The config files seem to move around various Tor repositories and at the moment I think we're basing our config on the expert bundle - but does that reflect what actually works/is used by Tor Browser?
Yes, the `tor/pluggable_transports/pt_config.json` in tor-expert-bundle should reflect what is being used in Tor Browser. You can also find it in git (in the `main` branch for alpha releases and the `maint-14.0` branch for the 14.0.* releases): * https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/raw/main/... * https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/raw/maint...
Fantastic, thank you!
Better than pooling from the tor-browser-build repo you can get the same information from the circumvention settings API: https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/blob/main/doc/moat...
$ curl https://bridges.torproject.org/moat/circumvention/builtin
Thanks! I was reluctant to use this before because I wasn't sure whether the results would be affected by my client IP address. Does the builtin endpoint return the same results for all clients? Cheers, Michael
Quoting Michael Rogers (2024-12-17 12:39:28)
On 16/12/2024 18:32, meskio wrote:
Quoting Michael Rogers via anti-censorship-team (2024-12-11 13:51:37)
On 11/12/2024 10:51, Nicolas Vigier via anti-censorship-team wrote:
On Wed, 11 Dec 2024, Michael Rogers via anti-censorship-team wrote:
If we want to follow the upstream PT configuration, what's the best way to do that? The config files seem to move around various Tor repositories and at the moment I think we're basing our config on the expert bundle - but does that reflect what actually works/is used by Tor Browser?
Yes, the `tor/pluggable_transports/pt_config.json` in tor-expert-bundle should reflect what is being used in Tor Browser. You can also find it in git (in the `main` branch for alpha releases and the `maint-14.0` branch for the 14.0.* releases): * https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/raw/main/... * https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/raw/maint...
Fantastic, thank you!
Better than pooling from the tor-browser-build repo you can get the same information from the circumvention settings API: https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/blob/main/doc/moat...
$ curl https://bridges.torproject.org/moat/circumvention/builtin
Thanks! I was reluctant to use this before because I wasn't sure whether the results would be affected by my client IP address. Does the builtin endpoint return the same results for all clients?
Yes it does. The only thing that changes is that it will randomly sort the bridges so if clients always use the first few not all clients will use the same. -- meskio | https://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: https://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan.
Incidentally, the team discovered a configuration error today. The Snowflake broker was recently upgraded and reinstalled on a new host (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...) but the snowflake-broker.azureedge.net CDN configuration was still pointing to the *old* broker (which for the time being is still running in parallel. I'm about to adjust the CDN configuration to point to the new broker: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... It's like that this will require no action on your part, but if something stops working, it may be the reason why. On Wed, Dec 11, 2024 at 10:16:32AM +0000, Michael Rogers via anti-censorship-team wrote:
The onionwrapper library (which is used by Briar and OnionShare Android) uses snowflake-broker.azureedge.net and meektm.azureedge.net for certain configurations (depending on the country and Android version, as some older Android devices can't verify Let's Encrypt certificates).
If we want to follow the upstream PT configuration, what's the best way to do that? The config files seem to move around various Tor repositories and at the moment I think we're basing our config on the expert bundle - but does that reflect what actually works/is used by Tor Browser?
Cheers, Michael
On 11/12/2024 06:09, David Fifield via anti-censorship-team wrote:
I got an email on 2024-12-05 saying that that Azure CDN from Edgio/Verizon is going to shut down sooner than expected. The shutdown date was supposed to be 2025-11-04, now it is 2024-01-15 (about one month from now).
This affects (at least) snowflake-broker.azureedge.net, which was first set up and is still on Azure CDN with Edgio. I think that snowflake-broker.azureedge.net has not been used by this team since 2021 and https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_req.... But it is still getting some use from somewhere, as evidenced by the nonzero monthly bills: https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-cos... Whatever is out there that is still using snowflake-broker.azureedge.net will likely stop working after 2025-01-15.
Date: 5 Dec 2024 17:03:50 +0000 From: Microsoft Azure <azure-noreply@microsoft.com> Subject: Urgent action required: Migrate workloads on Azure CDN from Edgio (formerly Verizon) before 15 January 2025
Migrate to Azure Front Door or other CDN services as soon as possible to avoid service disruptions.
Migrate workloads on Azure CDN from Edgio (formerly Verizon) before 15 January 2025.
You're receiving this notice because you're currently using Azure CDN Standard/Premium from Edgio.
All Azure CDN from Edgio customers must migrate their workloads to Azure Front Door or other CDN services before 15 January 2025 as Edgio has advised their platform is currently scheduled to be shut down by that date. Migrate as soon as possible to avoid an imminent service shut-down.
On 31 October 2024, we sent you a notice advising that Azure CDN Standard/Premium from Edgio (formerly Verizon) will be retired on 4 November 2025, and that customers of this service must migrate their workload(s) to a comparable service before this date to avoid service interruptions. In that email we also advised given that Edgio filed for Chapter 11 Bankruptcy on 9 September 2024, Microsoft cannot guarantee that Edgio will continue to support this service through 4 November 2025 as previously stated.
Online references about Azure CDN with Edgio retirement: https://learn.microsoft.com/en-us/azure/cdn/edgio-retirement-faq https://azure.microsoft.com/updates?id=467688
I did try setting up a Front Door CDN profile (which is the recommended replacement for Edgio), following the migration instructions: https://learn.microsoft.com/en-us/azure/frontdoor/migrate-cdn-to-front-door I got the hostname: snowflake-broker-hadmaqbnc4dmcffs.z03.azurefd.net It works as an alias for the broker: curl -i https://snowflake-broker-hadmaqbnc4dmcffs.z03.azurefd.net/debug However, it apparently does not work with domain fronting, so is likely not actually useful. Front Door not working with domain fronting is consistent with prior announcements by Azure: https://github.com/net4people/bbs/issues/67
The adjustment to make snowflake-broker.azureedge.net point at the new broker ran into unexpected complications, but it's finished now. https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... On Thu, Dec 12, 2024 at 09:57:19AM -0700, David Fifield wrote:
Incidentally, the team discovered a configuration error today. The Snowflake broker was recently upgraded and reinstalled on a new host (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...) but the snowflake-broker.azureedge.net CDN configuration was still pointing to the *old* broker (which for the time being is still running in parallel.
I'm about to adjust the CDN configuration to point to the new broker: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...
It's like that this will require no action on your part, but if something stops working, it may be the reason why.
The unexpected early shutdown of Azure CDN from Edgio/Verizon highlights the challenges of maintaining consistent services amidst infrastructure changes. For those affected, transitioning to alternatives like Azure Front Door, despite its limitations with domain fronting, seems necessary but imperfect. During such transitions, reliable platforms for other critical tasks can help bridge the gap. For instance, users facing downtime or service issues can still rely on resources like https://tmsimregister.ph/tm-sim-no-signal/ or similar tools to stay informed and manage their needs
Today I got an email saying that Azure CDN from Edgio profiles will be automatically migrated to Azure Front Door on 2025-01-07, unless a configuration flag is set. Because such an automatic migration is not useful for us, I set the "DoNotForceMigrateEdgioCDNProfiles" flag.
Date: 19 Dec 2024 20:26:56 +0000 From: Microsoft Azure <azure-noreply@microsoft.com> Subject: Urgent action required: Migrate workloads on Azure CDN from Edgio (formerly Verizon) before 7 January 2025
The CDN services from Edgio will be shut-down after 15 January 2025. All Azure CDN from Edgio customers must migrate their workloads out of Azure CDN from Edgio before 7 January 2025. Please notify Microsoft of your plans as soon as possible and no later than 6 January 2025. If Microsoft has not heard from you, Microsoft will migrate your workloads on a "best effort" basis to Azure Front Door on 7 January 2025.
In addition, please be advised we will need to halt all configuration changes to Azure CDN by Edgio profiles starting on 3 January 2025. This means you will not be able update your CDN profile configuration, but your services on Azure CDN from Edgio will still operate until you are migrated or the Edgio platform is shut down on 15 January 2025.
* If you plan a migration to Akamai or another CDN provider, you will need set a Feature Flag by following these instructions (select the Feature Flag "DoNotForceMigrateEdgioCDNProfiles") before 7 January 2025. Doing so will prevent Microsoft from migrating you to Azure Front Door. Note that you will have until 14 of January 2025 to complete your migration, but again Microsoft cannot guarantee your services will be available on the Edgio platform before this date.
On Tue, Dec 10, 2024 at 11:09:59PM -0700, David Fifield via anti-censorship-team wrote:
I got an email on 2024-12-05 saying that that Azure CDN from Edgio/Verizon is going to shut down sooner than expected. The shutdown date was supposed to be 2025-11-04, now it is 2024-01-15 (about one month from now).
This affects (at least) snowflake-broker.azureedge.net, which was first set up and is still on Azure CDN with Edgio. I think that snowflake-broker.azureedge.net has not been used by this team since 2021 and https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_req.... But it is still getting some use from somewhere, as evidenced by the nonzero monthly bills: https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-cos... Whatever is out there that is still using snowflake-broker.azureedge.net will likely stop working after 2025-01-15.
Date: 5 Dec 2024 17:03:50 +0000 From: Microsoft Azure <azure-noreply@microsoft.com> Subject: Urgent action required: Migrate workloads on Azure CDN from Edgio (formerly Verizon) before 15 January 2025
Migrate to Azure Front Door or other CDN services as soon as possible to avoid service disruptions.
Migrate workloads on Azure CDN from Edgio (formerly Verizon) before 15 January 2025.
You're receiving this notice because you're currently using Azure CDN Standard/Premium from Edgio.
All Azure CDN from Edgio customers must migrate their workloads to Azure Front Door or other CDN services before 15 January 2025 as Edgio has advised their platform is currently scheduled to be shut down by that date. Migrate as soon as possible to avoid an imminent service shut-down.
On 31 October 2024, we sent you a notice advising that Azure CDN Standard/Premium from Edgio (formerly Verizon) will be retired on 4 November 2025, and that customers of this service must migrate their workload(s) to a comparable service before this date to avoid service interruptions. In that email we also advised given that Edgio filed for Chapter 11 Bankruptcy on 9 September 2024, Microsoft cannot guarantee that Edgio will continue to support this service through 4 November 2025 as previously stated.
Online references about Azure CDN with Edgio retirement: https://learn.microsoft.com/en-us/azure/cdn/edgio-retirement-faq https://azure.microsoft.com/updates?id=467688
I did try setting up a Front Door CDN profile (which is the recommended replacement for Edgio), following the migration instructions: https://learn.microsoft.com/en-us/azure/frontdoor/migrate-cdn-to-front-door I got the hostname: snowflake-broker-hadmaqbnc4dmcffs.z03.azurefd.net It works as an alias for the broker: curl -i https://snowflake-broker-hadmaqbnc4dmcffs.z03.azurefd.net/debug However, it apparently does not work with domain fronting, so is likely not actually useful. Front Door not working with domain fronting is consistent with prior announcements by Azure: https://github.com/net4people/bbs/issues/67
On Tue, Dec 10, 2024 at 11:09:59PM -0700, David Fifield via anti-censorship-team wrote:
I did try setting up a Front Door CDN profile (which is the recommended replacement for Edgio), following the migration instructions: https://learn.microsoft.com/en-us/azure/frontdoor/migrate-cdn-to-front-door I got the hostname: snowflake-broker-hadmaqbnc4dmcffs.z03.azurefd.net It works as an alias for the broker: curl -i https://snowflake-broker-hadmaqbnc4dmcffs.z03.azurefd.net/debug However, it apparently does not work with domain fronting, so is likely not actually useful. Front Door not working with domain fronting is consistent with prior announcements by Azure: https://github.com/net4people/bbs/issues/67
The Azure CDN invoice was much higher in December 2024 than usual – 24.43 USD, when usually it is less than 1 USD. https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-cos... Almost all the cost is attributable to the Azure Front Door profile I set up as a test on 2024-12-11. The invoice breaks down as follows: $22.63 Azure Front Door - Standard - Zone 1 $1.28 Azure CDN from Verizon - Standard - Zone 1 $0.53 Azure CDN from Verizon - Standard - Zone 2 "Azure CDN from Verizon" is the old Edgio CDN endpoint, which is due to stop working soon. "Azure Front Door" is the new CDN endpoint I set up as a test, which does not support domain fronting. I thought at first that the cause was people using the new CDN profile, despite the lack of domain fronting, but I checked and the amount of traffic on the endpoint is practically zero. The explanation is actually that Azure Front Door is billed on an hourly basis, in addition to charging for the amount of traffic. There's a "base fee" per hour that works out to 35 USD per month. https://azure.microsoft.com/en-in/pricing/details/frontdoor/ https://learn.microsoft.com/en-in/azure/frontdoor/billing I'm going to delete the snowflake-broker-hadmaqbnc4dmcffs.z03.azurefd.net profile now.
Azure sent out an email saying that Edgio was to shut down at 2025-01-16 07:59:00 (about 8 hours ago as of this moment). Despite that, snowflake-broker.azureedge.net is still working for now.
Date: 15 Jan 2025 20:03:17 +0000 From: Microsoft Azure <azure-noreply@microsoft.com> Subject: Urgent Action Required: Azure CDN from Edgio will be shut down today 15 January 2025 at 11:59pm PST
If you haven't already, please take the previously communicated mitigation steps.
Microsoft Azure Urgent Action Required: Azure CDN from Edgio will be shut down today 15 January 2025 at 11:59pm PST.
You're receiving this notice because you recently consumed services from Azure CDN Standard/Premium from Edgio, and the Edgio platform will be shut down today 15 January 2025 at 11:59pm PST.
On 31 October 2024, we sent customers a notice advising that Azure CDN Standard /Premium from Edgio (formerly Verizon) will be retired on 4 November 2025, and that customers of this service must migrate their workload(s) to a comparable service before this date to avoid service interruptions. In that notice we also advised given that Edgio filed for Chapter 11 Bankruptcy on 9 September 2024, Microsoft couldn't guarantee that Edgio will continue to support this service through 4 November 2025 as previously stated. Subsequently, the situation with Edgio deteriorated rapidly and Edgio started advising customers in December 2024 that their platform will shut down by 15 January 2025.
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... $ curl -s https://snowflake-broker.azureedge.net/amp/client/ | head -n 2 <!doctype html> <html amp> On Tue, Dec 10, 2024 at 11:09:59PM -0700, David Fifield via anti-censorship-team wrote:
I got an email on 2024-12-05 saying that that Azure CDN from Edgio/Verizon is going to shut down sooner than expected. The shutdown date was supposed to be 2025-11-04, now it is 2024-01-15 (about one month from now).
This affects (at least) snowflake-broker.azureedge.net, which was first set up and is still on Azure CDN with Edgio. I think that snowflake-broker.azureedge.net has not been used by this team since 2021 and https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_req.... But it is still getting some use from somewhere, as evidenced by the nonzero monthly bills: https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-cos... Whatever is out there that is still using snowflake-broker.azureedge.net will likely stop working after 2025-01-15.
Date: 5 Dec 2024 17:03:50 +0000 From: Microsoft Azure <azure-noreply@microsoft.com> Subject: Urgent action required: Migrate workloads on Azure CDN from Edgio (formerly Verizon) before 15 January 2025
Migrate to Azure Front Door or other CDN services as soon as possible to avoid service disruptions.
Migrate workloads on Azure CDN from Edgio (formerly Verizon) before 15 January 2025.
You're receiving this notice because you're currently using Azure CDN Standard/Premium from Edgio.
All Azure CDN from Edgio customers must migrate their workloads to Azure Front Door or other CDN services before 15 January 2025 as Edgio has advised their platform is currently scheduled to be shut down by that date. Migrate as soon as possible to avoid an imminent service shut-down.
On 31 October 2024, we sent you a notice advising that Azure CDN Standard/Premium from Edgio (formerly Verizon) will be retired on 4 November 2025, and that customers of this service must migrate their workload(s) to a comparable service before this date to avoid service interruptions. In that email we also advised given that Edgio filed for Chapter 11 Bankruptcy on 9 September 2024, Microsoft cannot guarantee that Edgio will continue to support this service through 4 November 2025 as previously stated.
Online references about Azure CDN with Edgio retirement: https://learn.microsoft.com/en-us/azure/cdn/edgio-retirement-faq https://azure.microsoft.com/updates?id=467688
I did try setting up a Front Door CDN profile (which is the recommended replacement for Edgio), following the migration instructions: https://learn.microsoft.com/en-us/azure/frontdoor/migrate-cdn-to-front-door I got the hostname: snowflake-broker-hadmaqbnc4dmcffs.z03.azurefd.net It works as an alias for the broker: curl -i https://snowflake-broker-hadmaqbnc4dmcffs.z03.azurefd.net/debug However, it apparently does not work with domain fronting, so is likely not actually useful. Front Door not working with domain fronting is consistent with prior announcements by Azure: https://github.com/net4people/bbs/issues/67
It looks like snowflake-broker.azureedge.net has stopped resolving (meek-reflect.azureedge.net as well). I don't know exactly when they stopped working. According to the 2025-01-30 team meeting notes (https://lists.torproject.org/mailman3/hyperkitty/list/tor-project@lists.torp...), it was still working on that day. ``` $ dig snowflake-broker.azureedge.net @1.1.1.1 ; <<>> DiG 9.18.28-1~deb12u2-Debian <<>> snowflake-broker.azureedge.net @1.1.1.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 32799 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; EDE: 20 (Not Authoritative) ; EDE: 22 (No Reachable Authority): (at delegation ec.azureedge.net.) ;; QUESTION SECTION: ;snowflake-broker.azureedge.net. IN A ;; Query time: 311 msec ;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP) ;; WHEN: Wed Feb 05 05:24:59 UTC 2025 ;; MSG SIZE rcvd: 102 ``` On Thu, Jan 16, 2025 at 09:05:31AM -0700, David Fifield via anti-censorship-team wrote:
Azure sent out an email saying that Edgio was to shut down at 2025-01-16 07:59:00 (about 8 hours ago as of this moment). Despite that, snowflake-broker.azureedge.net is still working for now.
Date: 15 Jan 2025 20:03:17 +0000 From: Microsoft Azure <azure-noreply@microsoft.com> Subject: Urgent Action Required: Azure CDN from Edgio will be shut down today 15 January 2025 at 11:59pm PST
If you haven't already, please take the previously communicated mitigation steps.
Microsoft Azure Urgent Action Required: Azure CDN from Edgio will be shut down today 15 January 2025 at 11:59pm PST.
You're receiving this notice because you recently consumed services from Azure CDN Standard/Premium from Edgio, and the Edgio platform will be shut down today 15 January 2025 at 11:59pm PST.
On 31 October 2024, we sent customers a notice advising that Azure CDN Standard /Premium from Edgio (formerly Verizon) will be retired on 4 November 2025, and that customers of this service must migrate their workload(s) to a comparable service before this date to avoid service interruptions. In that notice we also advised given that Edgio filed for Chapter 11 Bankruptcy on 9 September 2024, Microsoft couldn't guarantee that Edgio will continue to support this service through 4 November 2025 as previously stated. Subsequently, the situation with Edgio deteriorated rapidly and Edgio started advising customers in December 2024 that their platform will shut down by 15 January 2025.
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... $ curl -s https://snowflake-broker.azureedge.net/amp/client/ | head -n 2 <!doctype html> <html amp>
On Tue, Dec 10, 2024 at 11:09:59PM -0700, David Fifield via anti-censorship-team wrote:
I got an email on 2024-12-05 saying that that Azure CDN from Edgio/Verizon is going to shut down sooner than expected. The shutdown date was supposed to be 2025-11-04, now it is 2024-01-15 (about one month from now).
This affects (at least) snowflake-broker.azureedge.net, which was first set up and is still on Azure CDN with Edgio. I think that snowflake-broker.azureedge.net has not been used by this team since 2021 and https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_req.... But it is still getting some use from somewhere, as evidenced by the nonzero monthly bills: https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-cos... Whatever is out there that is still using snowflake-broker.azureedge.net will likely stop working after 2025-01-15.
Date: 5 Dec 2024 17:03:50 +0000 From: Microsoft Azure <azure-noreply@microsoft.com> Subject: Urgent action required: Migrate workloads on Azure CDN from Edgio (formerly Verizon) before 15 January 2025
Migrate to Azure Front Door or other CDN services as soon as possible to avoid service disruptions.
Migrate workloads on Azure CDN from Edgio (formerly Verizon) before 15 January 2025.
You're receiving this notice because you're currently using Azure CDN Standard/Premium from Edgio.
All Azure CDN from Edgio customers must migrate their workloads to Azure Front Door or other CDN services before 15 January 2025 as Edgio has advised their platform is currently scheduled to be shut down by that date. Migrate as soon as possible to avoid an imminent service shut-down.
On 31 October 2024, we sent you a notice advising that Azure CDN Standard/Premium from Edgio (formerly Verizon) will be retired on 4 November 2025, and that customers of this service must migrate their workload(s) to a comparable service before this date to avoid service interruptions. In that email we also advised given that Edgio filed for Chapter 11 Bankruptcy on 9 September 2024, Microsoft cannot guarantee that Edgio will continue to support this service through 4 November 2025 as previously stated.
Online references about Azure CDN with Edgio retirement: https://learn.microsoft.com/en-us/azure/cdn/edgio-retirement-faq https://azure.microsoft.com/updates?id=467688
I did try setting up a Front Door CDN profile (which is the recommended replacement for Edgio), following the migration instructions: https://learn.microsoft.com/en-us/azure/frontdoor/migrate-cdn-to-front-door I got the hostname: snowflake-broker-hadmaqbnc4dmcffs.z03.azurefd.net It works as an alias for the broker: curl -i https://snowflake-broker-hadmaqbnc4dmcffs.z03.azurefd.net/debug However, it apparently does not work with domain fronting, so is likely not actually useful. Front Door not working with domain fronting is consistent with prior announcements by Azure: https://github.com/net4people/bbs/issues/67
On Tue, Feb 04, 2025 at 10:34:11PM -0700, David Fifield via anti-censorship-team wrote:
It looks like snowflake-broker.azureedge.net has stopped resolving (meek-reflect.azureedge.net as well). I don't know exactly when they stopped working. According to the 2025-01-30 team meeting notes (https://lists.torproject.org/mailman3/hyperkitty/list/tor-project@lists.torp...), it was still working on that day.
``` $ dig snowflake-broker.azureedge.net @1.1.1.1
; <<>> DiG 9.18.28-1~deb12u2-Debian <<>> snowflake-broker.azureedge.net @1.1.1.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 32799 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; EDE: 20 (Not Authoritative) ; EDE: 22 (No Reachable Authority): (at delegation ec.azureedge.net.) ;; QUESTION SECTION: ;snowflake-broker.azureedge.net. IN A
;; Query time: 311 msec ;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP) ;; WHEN: Wed Feb 05 05:24:59 UTC 2025 ;; MSG SIZE rcvd: 102 ```
P.S. I checked the billing graph to try to find when it stopped working, but the graph stops showing charges after 2025-01-16. We know it was working for a while after that.
Quoting David Fifield via anti-censorship-team (2025-02-05 06:34:11)
It looks like snowflake-broker.azureedge.net has stopped resolving (meek-reflect.azureedge.net as well). I don't know exactly when they stopped working. According to the 2025-01-30 team meeting notes (https://lists.torproject.org/mailman3/hyperkitty/list/tor-project@lists.torp...), it was still working on that day.
I created a merge request to remove it from TB and circumvention settings: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_req... https://gitlab.torproject.org/tpo/anti-censorship/rdsys-admin/-/merge_reques... Thanks for keeping an eye to it. -- meskio | https://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: https://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan.
The deprecation of Azure CDN from Edgio (azureedge.net) has led to its replacement by Azure Front Door (azurefd.net). As a result, endpoints like snowflake-broker.azureedge.net may face service disruptions or require migration. This shift could impact services linked with https://tmsimregistration.ph/ if they rely on the outdated CDN.
participants (8)
-
beckyricee@gmail.com -
Benjamin Erhart -
Benjamin Erhart -
David Fifield -
meskio -
Michael Rogers -
Nicolas Vigier -
rutificador7@gmail.com