The release of the portable edition of the OpenBGPD 8.2 routing package, developed by the developers of the OpenBSD project and adapted for use in FreeBSD and Linux (alpine, Debian, Fedora, RHEL/CentOS, Ubuntu support is announced). To ensure portability, parts of the code from the OpenNTPD, OpenSSH and LibreSSL projects were used. The project supports most of the BGP 4 specifications and complies with the requirements of RFC8212, but does not try to embrace the immensity and mainly provides support for the most requested and common functions.
The development of OpenBGPD is carried out with the support of the regional Internet registrar RIPE NCC, which is interested in bringing the functionality of OpenBGPD to suitability for use on servers for routing at interoperator traffic exchange points (IXP) and in creating a full-fledged alternative to the BIRD package (from open alternatives with the implementation of the BGP protocol, you can note the projects FRRouting, GoBGP, ExaBGP and Bio-Routing).
The project focuses on ensuring the maximum level of safety and reliability. For protection, a strict check of the correctness of all parameters, means for monitoring compliance with buffer boundaries, separation of privileges and restriction of access to system calls are used. Among the advantages, there is also a convenient syntax for the configuration definition language, high performance and memory efficiency (for example, OpenBGPD can work with routing tables that include hundreds of thousands of entries).
Key changes in the new version:
- The implementation of the ASPA (Autonomous System Provider Authorization) mechanism used in BPG to verify AS_PATH paths, authorize autonomous provider systems, and protect against leakage of incorrect routes has been updated. The ASPA implementation has been brought into compliance with the draft-ietf-sidrops-aspa-verification-16 and draft-ietf-sidrops-aspa-profile-16 specifications, and has been converted to use lookup tables independent of AFI (Address Family Indicator).
- Fixed a bug in the netlink message parser code related to incorrect message size determination and leading to a crash on the Linux platform.
- The code for generating UPDATE messages has been converted to use the new ibuf API.
- Improved error messages displayed in bgpctl when attempting to use features not supported in the portable version of OpenBGPD.
- The GRACEFUL_SHUTDOWN filter rule example has been modified to only handle ebgp sessions.
Source: opennet.ru