BSDSec

deadsimple BSD Security Advisories and Announcements

OpenBGPD 8.8 released

We have released OpenBGPD 8.8, which will be arriving in the
OpenBGPD directory of your local OpenBSD mirror soon.

This release includes the following changes to the previous release:

    * Improve default multiproto capability announcement selection.
      The default MP capability is only set if no other capability is
      configured on the neighbor.

    * The `reject as-set` configuration option now defaults to yes.
      Route announcements with AS_SET segments in the AS_PATH Attribute
      will be rejected. See draft-ietf-idr-deprecate-as-set-confed-set
      for more information.

    * The RFC 8654 Extended Message configuration changed from
      "announce extended (yes|no|enforce)" to
      "announce extended message (yes|no|enforce)"

    * RFC 8950 - Extended nexthop encoding support in the RIB.

    * Preliminary support for EVPN in the RIB.

    * When "transparent-as yes" is set, well-known BGP communities are
      passed on according to RFC 7947. This means that IX Route Servers
      transparently pass through NO_EXPORT, NO_ADVERTISE, etc.

    * Fix an error introduced in the previous release that prevented
      sessions from staying down.

    * Fix add-path send support using best, ecmp, or as-wide-best mode
      which was not working correctly in the previous release.

    * Fix FIB handling on FreeBSD when an interface is destroyed.

    * Make the example bgpd.conf work out of the box with 4byte ASN.

OpenBGPD-portable is known to compile and run on FreeBSD and the
Linux distributions Alpine, Debian, Fedora, RHEL/CentOS and Ubuntu.
It is our hope that packagers take interest and help adapt OpenBGPD-portable
to more distributions.

We welcome feedback and improvements from the broader community.
Thanks to all of the contributors who helped make this release
possible.