7.818 Mar 2023 00:06
Improved performance by optimising the output filters. Add Autonomous System Provider Authorization (ASPA) validaton based on draft-ietf-sidrops-aspa-verification-12. Introduce avs (ASPA validation state) filter and bgpctl filter argument. Add ASPA support for the RTR protocol based on draft-ietf-sidrops-8210bis-10. Improve open policy (RFC 9234) support and enable the capability automatically if a role is specified for the peer. Introduce a per neighbor 'role' configuration option to specify the session role used by ASPA verification and the open policy capability. The 'announce policy' statement was simplified at the same time. Improve startup behaviour by introducing a small delay before opening the connection to a new peer. Support for aspa-set table config which can be provided by rpki-client. Make it possible to filter the RIB by invalid and leaked prefixes in bgpctl and bgplgd. Add OpenMetrics output to bgpctl for various BGP statistics and add /metrics endpoint to bgplgd. Support the pftable attribute set on FreeBSD systems.
7.706 Oct 2022 21:29
Adjust pathid_assign() to be much faster for the common case. Improve performance for generating updates for sessions using add-path send all. Implement proper routing table sync in the kroute-linux.c code. Enable linux netlink integration by default. Add a --disable-fib-support config option to disable FIB sync on OpenBSD, FreeBSD and Linux systems.
7.615 Sep 2022 22:45
Include OpenBSD 7.1 errata 008: bgpd(8) could fail to invalidate nexthops and incorrectly leave them in the FIB or Adj-RIB-Out. Speedup bgpctl show rib 10/8 or-longer and show rib 10/8 or-shorter. Switch various static hash tables to RB trees improving performance on large systems. Export per neighbor pending update and withdraw statistics. Fix race between a neighbor session reset and its update message backlog. Improve handling of nexthop reachability state changes. Further improve portability of the FIB handling code.
7.505 Aug 2022 01:50
Implement RFC 9234 - Route Leak Prevention and Detection Using Roles in UPDATE and OPEN Messages. Full support for RFC 7911 - Advertisement of Multiple Paths in BGP. Include bgplgd(8) - a fastcgi server providing a REST API of bgpctl. Built by default but can be excluded with --disable-bgplgd. Add FIB and TCP MD5 support for FreeBSD. Disable Linux FIB support by default, add an --enable-netlink configure option to enable it for testing and development. Improve bgpd FIB code, make it more portable and properly handle IPv6 scoped addresses.
7.414 Jun 2022 21:09
Implement max-communities filter to limit the number of allowed communities, ext-communities and large-communities. Fix TCP-MD5 support on Linux systems. The TCP-MD5 keys were not correctly loaded on the listening sockets, which allowed unprotected connections in. Fix insertion of additional non-transitive extended communities when sending out prefixes. Relax IP address limitation by allowing prefixes in 240/4.
7.313 Apr 2022 20:29
Macro expansion in the config file is improved. It is now possible to expand 'set large-community myAS: location: transit'. Add initial FIB support for Linux. Routes can be added and removed. Nexthop tracking and dynamic interface detection are not yet implemented. Major refactoring in the RIB codebase to add multipath support in an upcoming release.
7.223 Sep 2021 22:54
Support for RFC 9072 - Extended Optional Parameters Length for BGP OPEN Message. Support for RFC 8050 - MRT Format with BGP Additional Path Extensions. Implement receive side of RFC 7911 - Advertisement of Multiple Paths in BGP. OpenBGPD is currently not able to send multiple paths out. Improve checks of VRPs loaded via RTR or from the roa-set table. Allow to optionally specify an expiry time for roa-set entries to mitigate BGP route decision making based on outdated RPKI data. OpenBGPD's companion rpki-client(8) produces roa-sets with the new 'expires' property.
7.125 Jun 2021 19:45
OpenBSD 6.9 errata 009: During bgpd(8) config reloads prefixes of the wrong address family could leak to peers resulting in session resets. Support for RFC 7313 - Enhanced Route Refresh: Disabled by default, to enable use 'announce enhanced refresh yes'. Improve output of Adj-RIB-Out by updating nexthop and ASPATH before adding the prefix to the RIB. This improves 'bgpctl show rib out' output. Add command line option to show the version.
7.005 Jun 2021 11:34
Stop processing queued UPDATES when the max-prefix limit was reached. Improve negotiation for route refresh, graceful restart and multi-protocol capabilities. Correctly track 'rde evaluate all' and 'export' settings during reload. Properly withdraw prefixes when 'rde evaluate all' is used. Fix MRT handling on initial startup for message dump types. Fix and use non-blocking connect for RTR sessions. Fully implement RFC 6286 by checking for BGP ID collisions. Adjust the 4-byte AS number handling to RFC 6793 by changing error behaviour from prefix witdraw to attribute discard. In bgpctl print out both the sent "Neighbor capabilities" and the "Negotiated capabilities" for a session. Print timestamps both as a formatted and a pure time in seconds filed in various JSON objects.
6.9p001 May 2021 11:54
Introduced bgpd(8) 'rde evaluate all' to reduce path hiding in IXP route-server environments. Added RTR support to OpenBGPD. Added bgpctl(8) 'show rtr' to display basic information about RTR sessions. Added bgpctl(8) 'show sets' to display information about the roa-set, as-sets and prefix-sets loaded into bgpd(8). Properly implemented 'rde med compare strict' in bgpd(8) and ensured that the order of prefixes is always correct. Introduced the bgpd.conf(5) per neighbor and global config option 'reject as-set yes/no' to allow rejection of received UPDATES with AS_SET segments. These rejected prefixes can be viewed with 'bgpctl show rib in error'. No longer allow configuration of the same neighbor multiple times. Introduced a send hold timer in bgpd(8) to detect stalls on the sending side of a TCP connection, acting as a last resort to detect faulty peers. pf(4) tables track now prefixes correctly even when received by multiple sessions.
6.8p105 Nov 2020 23:51
Include OpenBSD 6.8 errata 001: In bgpd, the roa-set parser could leak memory.
6.8p020 Oct 2020 21:35
In bgpctl(8), the 'reload' command now takes a 'reason' argument to use as Administrative Shutdown Communication to its neighbors. Added bgpctl(8) support for VPNv6 in the family option of the 'show rib' command. Added bgpctl(8) support for JSON formatted output in various 'show' commands. Support to build OpenBGPD on Alpine Linux added.