Releases: pierky/arouteserver
v0.24.0
-
New feature: never via route-servers ASNs filtering.
To drop routes containing an ASN which is classified as "never via route-servers" on PeeringDB (
info_never_via_route_servers
attribute).Please note: this feature is enabled by default.
Related: issue #55.
-
Improvement: add alice-lg/birdwatcher support to BIRD configs.
Changes the default BIRD time format to support alice-lg/birdwatcher out of the box.
-
Improvement: include a table with the reject codes in the HTML output.
Related: issue #54.
v0.23.0
-
New: add support for BIRD v2.
Please note: BIRD v2 support is in early stages. Before moving any production platform to instances of BIRD v2 configured with this tool, please review the configurations carefully and run some simulations.
-
New: OpenBGPD/OpenBSD 6.6, OpenBGPD Portable 6.6p0 and BIRD 1.6.8 added to the integration testing suite.
v0.22.2
v0.22.1
-
Fix: handle more formats for ROAs exported from the public instances of RIPE and NTT validators.
A new way of representing ASNs (without the "AS" prefix) and new TA names which were not matched by the default values of
rpki_roas.allowed_trust_anchors
prevented ROAs from being imported and correctly processed when the default settings were used.
v0.22.0
This is the last release of ARouteServer for which Python 2.7 compatibility is guaranteed. From the next release, any new feature will not be tested against that version of Python.
-
New: OpenBGPD Portable (release 6.5p1) also supported.
Release 6.5p1 of OpenBGPD Portable edition passed the integration testing suite.
-
New: add support for OpenBGPD/OpenBSD 6.5 enhancements.
Support for matching multiple communities at the same time allows to create more readable configurations.
-
Improvement: OpenBGPD, some filters refinement.
Avoid checking AS0 in AS_PATH since 6.4.
No needs to check routes of an address family different than the one used for the session.
As announced with release 0.20.0, OpenBGPD/OpenBSD 6.2 is no longer tested. Also OpenBGPD/OpenBSD 6.3 tests have been decommissioned.
Starting with this release, tests will be executed only against the 2 most recent releases of OpenBGPD/OpenBSD and against the last release of the supported major versions of BIRD.
The implementation of new features may break compatibility of the configurations built for unsupported releases.
v0.21.1
v0.21.0
-
Improvement: when
ripe-rpki-validator-cache
is set as the source of ROAs, multiple URLs can now be specified to fetch data from.URLs will be tried in the same order as they are configured; if the attempt to download ROAs from the first URL fails, the second URL will be tried, an so on.
By default, the RIPE NCC public instance of the RIPE RPKI Validator will be tried first, then the NTT instance. The list of URLs can be set in the
general.yml
configuration file,roas.ripe_rpki_validator_url
option.
v0.20.0
This is the last release of ARouteServer for which OpenBGPD/OpenBSD 6.1 and 6.2 CI tests are ran. From the next release, any new feature will not be tested against these versions of OpenBGPD. Users are encouraged to move to newer releases.
-
New: add support for OpenBGPD/OpenBSD 6.4 enhancements.
Use new sets for prefixes, ASNum, and origins (prefix + source-as), and also RPKI ROA sets.
-
Improvement: OpenBGPD, reduce the number of rules by combining some into the same rule.
-
Improvement: route server policies definition files built using the
configure
command now have RPKI BGP Origin Validation and "use-ROAs-as-route-objects" enabled by default.
As announced with release 0.19.0, OpenBGPD/OpenBSD 6.0 is no longer tested. The implementation of new features may break compatibility of the configurations built for unsupported releases.
Most of this release is based on the work made by Claudio Jeker.
v0.19.1
-
Fix (BIRD configuration only): change
bgp_path.last
withbgp_path.last_nonaggregated
.When a route is originated from the aggregation of two different routes using the AS_SET,
bgp_path.last
always returns 0, so the origin ASN validation against IRR always fails.Thanks @s1sfa for reporting this.
v0.19.0
This is the last release of ARouteServer for which OpenBGPD/OpenBSD 6.0 CI tests are ran. Starting with the next release, any new feature will not be tested against version 6.0 of OpenBGPD. Users are encouraged to move to newer releases.
-
New: use NIC.BR Whois data from Registro.br to enrich the dataset used for route validation.
Details: RIPE76, Practical Data Sources For BGP Routing Security.
Related: issue #28.
-
New: introduce support for OpenBGPD/OpenBSD 6.4.
OpenBSD 6.4 is not released yet, this is just in preparation of it.
Related: issue #31.
-
Fix (minor): RIPE NCC RPKI Validator v3 expects
Accept: text/json
as HTTP header.Related: PR #29.