presented the tolerated edition of the routing package openbgpd 8.0 , developed by the developers of the OpenBSD project and adapted for use in FreeBSD and Linux (stated support for Alpine, Debian, Fedora, Rhel/Centos, Ubuntu). To ensure tolerance, parts of the code from Openntpd, Openssh and Libressl projects were used. The project supports most of the BGP 4 specifications and meets the requirements of the RFC8212, but does not try to embrace the immense and provides mainly the support of the most popular and common functions.
OPENBGPD development is supported by the RIPE NCC regional Internet registrar, which is interested in bringing the functionality of OpenBGPD to suitability for use on the inter-operator exchange of traffic (IXP) and the creation of a full-fledged alternative to the bird (from other open alternatives with the implementation of the BGP protocol, you can note the projects of Frrouting, Gobgp, Exabgp and bio-routing ).
In the project, the main attention is paid to ensuring the maximum level of safety and reliability. For protection, a rigid verification of the correctness of all parameters, means to monitor compliance with the boundaries of buffers, separation of privileges and restricting access to system calls are used. Of the advantages, convenient syntax of the language determination language is also noted, high performance and efficiency of memory (for example, OpenBGPD can work with routing tables, including hundreds of thousands of records).
Among the changes in the issue of Openbgpd 8.0:
- The initial support was added flowspec (RFC5575). In the current form, only the announcement of the FlowSpec rules.
- The capabilities of the Parser team in the BGPCTL utility, which can now process the commands specific for Flowspec and such structures as BGPCTL Show RIB 192.0.2.0/24 Detail. “
- added a semaphore to protect the publication in the ROUTE (Route Decision Engine) of the data session rtr (RPKI to Router).
- fixed error caused by the appearance of a new ASPA object in RPKI ( Resource Public Key Infrastructure).