Skip to content

v1.9.0
Compare
Choose a tag to compare
@pierky pierky released this 24 Jul 14:37
· 346 commits to master since this release
v1.9.0
ea47807

  • New: Add support for OpenBGPD 7.1, also added to the integration testing suite (portable edition only).

  • Improvement: provide hint on how to change URL for external IRR DB data sources.

    See also GitHub issue #77.

  • Fix (OpenBGPD only): RFC8097 communities were not added after BGP Origin Validation.

    The BGP Prefix Origin Validation State Extended Communities were not added when RPKI OV was performed. INVALID routes were still dropped when the route server was configured to do so (those routes are internally marked using locally-meaningful communities).

  • Improvement: RPKI ROAs files are checked for stale data.

    The JSON files fetched from validating caches are now checked to detect stale data (rpki-client and OctoRPKI formats include this information) and they are ignored if the data they contain is no longer valid. In this case, the next URL in the rpki_roas.ripe_rpki_validator_url list is used.

    By default, files whose content is older than 21600 seconds (6 hours) are ignored; it's possible to change this option via the newly introduced rpki_roas.ignore_cache_files_older_than setting.

    Where available (rpki-client format only at this time), also the VRP expiration time is checked.

    As a consequence of this, the default ARouteServer cache expiration time for RPKI ROAs JSON files has been reduced to 60 minutes, to avoid caching ROAs that would turn out being expired at the next use of their cached copy.

  • Improvement: new order for the default URLs of the RPKI JSON files.

    Since the RIPE NCC RPKI Validator is now in EoL, the URL of the JSON file that points to rpki-validator.ripe.net has been moved as the last resort option for rpki_roas.ripe_rpki_validator_url.
    The one exposed in the rpki-client dashboard has been added.

    Please note: this change only affects the default configuration file that ships with ARouteServer and is not be automatically reflected in existing configurations that route-servers operators are already using. If you wish this setup to be reflected in your configuration, please update your general.yml file accordingly.

Assets 2