BSDSec

deadsimple BSD Security Advisories and Announcements

OpenBGPD 8.7 released

17 December, 2024 by claudio@openbsd.org | openbsd 

We have released OpenBGPD 8.7, which will be arriving in the
OpenBGPD directory of your local OpenBSD mirror soon.

This release includes the following changes to the previous release:

    * Cache the Adj-RIB-Out for sessions that have not been down for
      more than 1h. This significantly improves synchronisation time
      of peers that flap.

    * Implement RFC 8538: Notification Message Support for
      BGP Graceful Restart.

    * Add support for RFC 8654, extended messages.

    * In bgplgd add additional endpoints to query the Adj-RIB-In and
      Adj-RIB-Out.

    * Bump internal message size limit to 128k and handle up to 10 000
      ASPA SPAS entries as suggested in draft-ietf-sidrops-aspa-profile.

    * Various improvements to the ibuf API including a new reader API
      which is used to make all message parsing in bgpd memory safe.

    * Added support for IPsec and TCP MD5 to RTR sessions.

OpenBGPD-portable is known to compile and run on FreeBSD, NetBSD and the
Linux distributions Alpine, Debian, CentOS/RHEL/Rocky, Fedora, openSUSE/SLE,
and Ubuntu. It is our hope that packagers take interest and help adapt
OpenBGPD-portable to more distributions.

We welcome feedback and improvements from the broader community.
Thanks to all of the contributors who helped make this release
possible.