BSDSec

deadsimple BSD Security Advisories and Announcements

OpenBGPD 7.8 released

We have released OpenBGPD 7.8, which will be arriving in the
OpenBGPD directory of your local OpenBSD mirror soon.

This release includes the following changes to the previous release:

   * Improved performance by optimising the output filters

   * Add Autonomous System Provider Authorization (ASPA) validaton based
     on draft-ietf-sidrops-aspa-verification-12

   * Introduce avs (ASPA validation state) filter and bgpctl filter argument

   * Add ASPA support for the RTR protocol based on
     draft-ietf-sidrops-8210bis-10

   * Improve open policy (RFC 9234) support and enable the capability
     automatically if a role is specified for the peer

   * Introduce a per neighbor 'role' configuration option to specify
     the session role used by ASPA verification and the open policy
     capability. The 'announce policy' statement was simplified at
     the same time.

   * Improve startup behaviour by introducing a small delay before
     opening the connection to a new peer

   * Support for aspa-set table config which can be provided by
     rpki-client

   * Make it possible to filter the RIB by invalid and leaked prefixes
     in bgpctl and bgplgd

   * Add OpenMetrics output to bgpctl for various BGP statistics and
     add /metrics endpoint to bgplgd

   * Support the pftable attribute set on FreeBSD systems

OpenBGPD-portable is known to compile and run on FreeBSD and the
Linux distributions Alpine, Debian, Fedora, RHEL/CentOS and Ubuntu.
It is our hope that packagers take interest and help adapt OpenBGPD-portable
to more distributions.

We welcome feedback and improvements from the broader community.
Thanks to all of the contributors who helped make this release
possible.