v0.22.2

• Fix: prevent environment variables with unknown escapes (like \u) from interrupting the execution.

  Related: issue #50 on GitHub.

v0.22.1

• Fix: handle more formats for ROAs exported from the public instances of RIPE and NTT validators.

  A new way of representing ASNs (without the "AS" prefix) and new TA names which were not matched by the default values of rpki_roas.allowed_trust_anchors prevented ROAs from being imported and correctly processed when the default settings were used.

v0.22.0

This is the last release of ARouteServer for which Python 2.7 compatibility is guaranteed. From the next release, any new feature will not be tested against that version of Python.

• New: OpenBGPD Portable (release 6.5p1) also supported.

  Release 6.5p1 of OpenBGPD Portable edition passed the integration testing suite.

• New: add support for OpenBGPD/OpenBSD 6.5 enhancements.

  Support for matching multiple communities at the same time allows to create more readable configurations.

• Improvement: OpenBGPD, some filters refinement.

  Avoid checking AS0 in AS_PATH since 6.4.
  No needs to check routes of an address family different than the one used for the session.

As announced with release 0.20.0, OpenBGPD/OpenBSD 6.2 is no longer tested. Also OpenBGPD/OpenBSD 6.3 tests have been decommissioned.
Starting with this release, tests will be executed only against the 2 most recent releases of OpenBGPD/OpenBSD and against the last release of the supported major versions of BIRD.
The implementation of new features may break compatibility of the configurations built for unsupported releases.

v0.21.1

• Deprecation: SAVVIS IRR removed from the list of default sources used by bgpq3.

• Fix (minor): truncate the max length of AS-SET names to 64 characters.

  BIRD supports only names no longer than 64 characters.

  Related: issue #47 on GitHub. Thanks to David Garay for reporting this.

v0.21.0

• Improvement: when ripe-rpki-validator-cache is set as the source of ROAs, multiple URLs can now be specified to fetch data from.

  URLs will be tried in the same order as they are configured; if the attempt to download ROAs from the first URL fails, the second URL will be tried, an so on.

  By default, the RIPE NCC public instance of the RIPE RPKI Validator will be tried first, then the NTT instance. The list of URLs can be set in the general.yml configuration file, roas.ripe_rpki_validator_url option.

v0.20.0

This is the last release of ARouteServer for which OpenBGPD/OpenBSD 6.1 and 6.2 CI tests are ran. From the next release, any new feature will not be tested against these versions of OpenBGPD. Users are encouraged to move to newer releases.

• New: add support for OpenBGPD/OpenBSD 6.4 enhancements.

  Use new sets for prefixes, ASNum, and origins (prefix + source-as), and also RPKI ROA sets.

• Improvement: OpenBGPD, reduce the number of rules by combining some into the same rule.

• Improvement: route server policies definition files built using the configure command now have RPKI BGP Origin Validation and "use-ROAs-as-route-objects" enabled by default.

As announced with release 0.19.0, OpenBGPD/OpenBSD 6.0 is no longer tested. The implementation of new features may break compatibility of the configurations built for unsupported releases.

Most of this release is based on the work made by Claudio Jeker.

v0.19.1

• Fix (BIRD configuration only): change bgp_path.last with bgp_path.last_nonaggregated.

  When a route is originated from the aggregation of two different routes using the AS_SET, bgp_path.last always returns 0, so the origin ASN validation against IRR always fails.

  Thanks @s1sfa for reporting this.

v0.19.0

This is the last release of ARouteServer for which OpenBGPD/OpenBSD 6.0 CI tests are ran. Starting with the next release, any new feature will not be tested against version 6.0 of OpenBGPD. Users are encouraged to move to newer releases.

• New: use NIC.BR Whois data from Registro.br to enrich the dataset used for route validation.

  Details: RIPE76, Practical Data Sources For BGP Routing Security.

  Related: issue #28.

• New: introduce support for OpenBGPD/OpenBSD 6.4.

  OpenBSD 6.4 is not released yet, this is just in preparation of it.

  Related: issue #31.

• Fix (minor): RIPE NCC RPKI Validator v3 expects Accept: text/json as HTTP header.

  Related: PR #29.

v0.18.0

• New: add support for BIRD 1.6.4 and OpenBGPD/OpenBSD 6.3.

  This release breaks backward compatibility (OpenBGPD configs only): the default target version used to build OpenBGPD configurations (when the --target-version argument is not given) is now 6.2; previously it was 6.0. Use the --target-version 6.0 command line argument to build 6.0 compatible configurations.

• Improvement: transit-free ASNs filters are applied also to sessions toward transit-free peers.

  Related: issue #21 on GitHub.

• Fix (minor): better handling of user answers in configure and setup commands.

• Fix: clients-from-peeringdb, list of IXPs retrieved from PeeringDB and no longer from IXFDB.

v0.17.3

• Fix: clients-from-euroix command, use the configured cache directory.