The release of the portable edition of the OpenBGPD 8.0 routing package, developed by the developers of the OpenBSD project and adapted for use in FreeBSD and Linux (alpine, Debian, Fedora, RHEL/CentOS, Ubuntu support is announced). To ensure portability, parts of the code from the OpenNTPD, OpenSSH and LibreSSL projects were used. The project supports most of the BGP 4 specifications and complies with the requirements of RFC8212, but does not try to embrace the immensity and mainly provides support for the most requested and common functions.
The development of OpenBGPD is supported by the regional Internet registrar RIPE NCC, which is interested in bringing the functionality of OpenBGPD to suitability for use on servers for routing at points of inter-operator traffic exchange (IXP) and in creating a full-fledged alternative to the BIRD package (from other open alternatives with the implementation of the BGP protocol the FRRouting, GoBGP, ExaBGP and Bio-Routing projects can be noted).
The project focuses on ensuring the maximum level of safety and reliability. For protection, a strict check of the correctness of all parameters, means for monitoring compliance with buffer boundaries, separation of privileges and restriction of access to system calls are used. Among the advantages, there is also a convenient syntax for the configuration definition language, high performance and memory efficiency (for example, OpenBGPD can work with routing tables that include hundreds of thousands of entries).
Changes in the OpenBGPD 8.0 release include:
- Added initial support for Flowspec (RFC5575). In its current form, only announcing flowspec rules is supported.
- The bgpctl command parser has been enhanced to handle flowspec-specific commands and constructs such as "bgpctl show rib 192.0.2.0/24 detail".
- A semaphore has been added to protect the publication in RDE (Route Decision Engine) of RTR (RPKI to Router) session data.
- Fixed a bug caused by the appearance of a new ASPA object in RPKI (Resource Public Key Infrastructure).
Source: opennet.ru