v1.10.0

• New: add support for custom BGP communities to track rejected routes.

  A new section of the general.yml file (reject_cause_map) allows to configure custom BGP communities for each reject reason (the list can be found on the Reject reasons paragraph of on the doc site).

  When this is implemented along with reject_policy set to tag or tag_and_reject, ad-hoc custom BGP communities can be used to describe why a route was rejected by the route server.

• New: add support for custom BGP communities to internally track the outcome of BGP Origin Validation (or the lack of it).

  3 new BGP communities are introduced to track the outcome of BGP Origin Validation (if enabled): rpki_bgp_origin_validation_valid, rpki_bgp_origin_validation_unknown and rpki_bgp_origin_validation_invalid. These communities can be used to classify routes depending on the their validation state using custom values, in addition to RFC8097 communities. They are not announced to clients, but rather they are meant to be used only internally within the route server, just to make it easier the integration with external tools, like looking glasses.

  An additional fourth BGP community is also introduced, to classify routes for which BGP Origin Validation has not been performed: rpki_bgp_origin_validation_not_performed. When configured, this community is added when BOV is not enabled, or when it is not performed for some specific reasons (only blackhole route processing at the moment). Contrary to the 3 previous ones, this community is announced to the clients.

  See also GitHub issue #78.

• New: Euro-IX Large BGP Communities are included into the policy generated by the configure command.

  This feature leverages the new reject_cause_map option commented above.

  The general.yml file generated by the configure command now includes a mapping between internal reject codes and the communities proposed in the Euro-IX Large BGP Community standard document.

  Please note: to make the policies generated by configure consistent between BIRD and OpenBGPD, the reject_policy option for the latter is now set to tag (so rejected routes are kept in OpenBGPD but are still not advertised to the route server clients).

  In addition to this, some of the BGP communities set by the configure command have been changed in order to match those suggested in the Euro-IX document above.

• New: check-config command, to verify configuration files (general.yml and clients.yml).

  This command can be used to verify that the content of the two main configuration files is valid, without building the configurations.

  See also GitHub PR #82 and issue #79.

• Improvement (OpenBGPD): informational extended BGP communities are now scrubbed from outbound routes.

  Certain informational extended BGP communities that need dynamic values (like the one used to track the reject code of a route that is discarded when reject_policy is set to tag) were not scrubbed from outbound routes, because of lack of wildcard matching in OpenBGPD. Since this feature was recently added to the BGP speaker, they are now removed.

• Fix (OpenBGPD): make behaviour of rpki_bgp_origin_validation.reject_invalid consistent with BIRD.

  Contrary to what reject_invalid: False might seem doing, the actual behaviour it is designed for is to still prevent the propagation of INVALID routes when RPKI BOV is enabled. When it's set to True (the default value) the BGP daemons are configured to immediately drop INVALID routes in the inbound filters; when it's set to False those routes are accepted but not propagated to clients, they are blocked in the ou tbound filters: basically they are just kept internally within the route server to allow analysis and troubleshooting.

  While the BIRD implementation of reject_invalid: False was working fine, a bug was found in the OpenBGPD one that prevented those routes from being blocked in the outbound direction, letting them to be propagated to clients.

v1.9.0

• New: Add support for OpenBGPD 7.1, also added to the integration testing suite (portable edition only).

• Improvement: provide hint on how to change URL for external IRR DB data sources.

  See also GitHub issue #77.

• Fix (OpenBGPD only): RFC8097 communities were not added after BGP Origin Validation.

  The BGP Prefix Origin Validation State Extended Communities were not added when RPKI OV was performed. INVALID routes were still dropped when the route server was configured to do so (those routes are internally marked using locally-meaningful communities).

• Improvement: RPKI ROAs files are checked for stale data.

  The JSON files fetched from validating caches are now checked to detect stale data (rpki-client and OctoRPKI formats include this information) and they are ignored if the data they contain is no longer valid. In this case, the next URL in the rpki_roas.ripe_rpki_validator_url list is used.

  By default, files whose content is older than 21600 seconds (6 hours) are ignored; it's possible to change this option via the newly introduced rpki_roas.ignore_cache_files_older_than setting.

  Where available (rpki-client format only at this time), also the VRP expiration time is checked.

  As a consequence of this, the default ARouteServer cache expiration time for RPKI ROAs JSON files has been reduced to 60 minutes, to avoid caching ROAs that would turn out being expired at the next use of their cached copy.

• Improvement: new order for the default URLs of the RPKI JSON files.

  Since the RIPE NCC RPKI Validator is now in EoL, the URL of the JSON file that points to rpki-validator.ripe.net has been moved as the last resort option for rpki_roas.ripe_rpki_validator_url.
  The one exposed in the rpki-client dashboard has been added.

  Please note: this change only affects the default configuration file that ships with ARouteServer and is not be automatically reflected in existing configurations that route-servers operators are already using. If you wish this setup to be reflected in your configuration, please update your general.yml file accordingly.

v1.8.0

• Improvement: add the logging option to --use-local-files argument, to allow customization of logging settings.

  Details on the documentation: [Logging configuration of the BGP daemon](https://arouteserver.readthedocs.io/en/latest/CONFIG.html#logging-configuration-of-the-bgp-daemon>.

  See also GitHub issue #75

v1.7.0-post1

Docker image only: add support to use site-specific local files (see #75).

v1.7.0

• New: Add support for OpenBGPD 7.0, also added to the integration testing suite (portable edition only).

  Please note: starting with this release, since the default target version for OpenBGPD is 7.0, path-hiding mitigation will be enabled by default by the configure command. This option can be modified in the general.yml file.

v1.6.0

Starting with this release, the default target version for OpenBGPD will be the latest stable (6.9 in this case). Use the --target-version CLI option if you want to build your configurations for a previous release of OpenBGPD.

• New: Add support for OpenBGPD/OpenBSD 6.9 and OpenBGPD Portable 6.9p0, also added to the integration testing suite.

• New (OpenBGPD): add support for RTR sessions starting with version 6.9.

  Please note the following issues with OpenBGPD 6.9 if you want to enable RTR sessions; you might want to apply the available patches:

  • Invalid argument error and RTR session not coming up (issue openbgpd-portable/openbgpd-portable#23 on GitHub and "bgpd, fix RTR connect" post on openbsd-tech)

  • non blocking connect() call for RTR session establishment ("bgpd behaviour when RTR endpoint is not available" post on openbgpd-users and "bgpd, non-blocking rtr connect" post on openbsd-tech)

• New (OpenBGPD): enable support for path-hiding mitigation.

  Even though OpenBGPD supports path-hiding mitigation starting with version 6.9, the feature is not automatically enabled by the configure command because of some issues that might impair the stability of the routing ecosystem:

  • withdrawal of 2nd best route with rde evaluate all (issue openbgpd-portable/openbgpd-portable#21 on GitHub and "bgpd fix for rde evaluate all" post on openbsd-tech)

  • advertisement of 2nd best routes on reload with rde evaluate all (issue openbgpd-portable/openbgpd-portable#21 on GitHub and "bgpd better reload behaviour" post on openbsd-tech)

  Please apply the existing patches before enabling it on a production environment, and acknowledge the error produced by ARouteServer using the --ignore-issues path_hiding_69 CLI option.

• Improvement: the default list of "transit free" ASNs has been updated and some networks have been removed.

  See also GitHub PR #73.

v1.5.1

• Improvement (Docker image): generate HTML representation of the route server configuration through the Docker image.

  See also #70 and #69

• Fix (Docker image): make RS_ASN, ROUTER_ID and LOCAL_PREFIXES environment variables not required when a custom general.yml file is used.

  See also #68

• Fix: the "Reject reasons" table in the HTML representation was rendered improperly.

  See also #71

v1.5.1-alpha1

v1.5.1-alpha1

v1.5.0

• New: Add support for BIRD 2.0.8 (also included into the integration testing suite).

v1.4.0

Please note: this release changes the default tool used to pull information from IRR, moving from bgpq3 to bgpq4. If you upgrade to this release and you are using bgpq3 to fetch IRR information, you either need to install bgpq4 (instructions here) or be sure that the bgpq3_path line is configured in your arouteserver.yml file and pointed to your bgpq3 binary.

• New: Docker image to easily build route-server configurations.

  For more details, see the docker directory.

• Improvement: change the default value of bgpq3_path to bgpq4.

  The bgpq4 tool is now referenced as the default one in the bgpq3_path configuration line of arouteserver.yml.

  Please note: operators who are using the tool and who left the bgpq3_path configuration line unset will now need to either explicitly configure that line to point to their bgpq3 binary or to make sure bgpq4 is available on their system.

• Fix: the ixf-member-export command now produces a JSON file compliant with version 1.0 of the Euro-IX schema.

  See also GitHub #65.