OpenBSD Developers release of a portable edition of the routing package , which can be used on operating systems other than OpenBSD. To ensure portability, parts of the code from the OpenNTPD, OpenSSH and LibreSSL projects were used. In addition to OpenBSD, support for Linux and FreeBSD is announced. OpenBGPD has been tested on Debian 9, Ubuntu 14.04+ and FreeBSD 12.
OpenBGPD is being developed under regional Internet registrar RIPE NCC, which is interested in bringing the functionality of OpenBGPD to suitability for use on servers for routing at points of inter-operator exchange of traffic (IXP) and in creating a full-fledged alternative to the packet (from other open alternatives with the implementation of the BGP protocol, projects can be noted , , и ).
When developing OpenBGPD, the focus is on providing the highest level of security and reliability. For protection, a strict check of the correctness of all parameters, means for monitoring compliance with buffer boundaries, separation of privileges and restriction of access to system calls are used. Among the advantages, there is also a convenient syntax for the configuration definition language, high performance and memory efficiency (for example, OpenBGPD can work with routing tables that include hundreds of thousands of entries). The project supports most of the BGP 4 specifications and complies with the requirements of RFC8212, but does not try to embrace the immensity and mainly provides support for the most requested and common functions.
In the release of OpenBGPD 6.7 the following improvements:
- The bgpctl utility has initial support for JSON output;
- В it is allowed to set IPv4 and IPv6 addresses at the same time in the local-address directive in the "group" blocks;
- Correct aggregation of ROA-tables (Route Origin Authorization) with prefix/source-as pairs into one element with the longest "maxlen" value is provided;
- Added "max-prefix {NUM} out" property to bgpd.conf to limit the number of advertised prefixes to avoid leaking full tables;
- In bgpctl, the 'show neighbor' command has been expanded to display the counters of received and set prefixes, as well as the value of the "max-prefix out" limit;
- Notifications include information about the cause of nested errors. The "bgpctl show neighbor" command provides output of the cause of the last error received;
- For the correct execution of the “graceful reload” operation, obsolete prefixes are marked in the Adj-RIB-Out table, which stores information about the routes chosen by the local BGP router to announce optimal routes to peers;
- Added the ability to build OpenBGPD using a package for writing bison parsers without byacc;
- Added "--runstatedir" option, through which you can determine the path to bgpctl.sock;
- Cleaned up the configure script to improve portability.
Source: opennet.ru