.. DO NOT EDIT: this file is automatically created by /utils/build_doc
ARouteServer
============
|Documentation| |Build Status| |Unique test cases| |PYPI Version| |Python Versions|
A Python tool to automatically build (and test) feature-rich configurations for BGP route servers.
How it works
------------
#. Two YAML files provide *general policies* and *clients configurations* options:
.. code:: yaml
cfg:
rs_as: 64496
router_id: "192.0.2.2"
filtering:
irrdb:
enforce_origin_in_as_set: True
enforce_prefix_in_as_set: True
rpki_bgp_origin_validation:
enabled: True
reject_invalid: True
...
.. code:: yaml
clients:
- asn: 64511
ip:
- "192.0.2.11"
- "2001:db8:1:1::11"
irrdb:
as_sets:
- "RIPE::AS-FOO"
...
#. ARouteServer acquires external information to enrich them: i.e. `bgpq4`_/`bgpq3`_ for IRR data, `PeeringDB`_ for max-prefix limit and AS-SETs, RPKI ROAs, ...
#. `Jinja2`_ built-in templates are used to render the final route server's configuration file.
Currently, **BIRD** (>= 1.6.3 up to 1.6.8), **BIRD v2** (starting from 2.0.7), **BIRD v3** (only for testing, still in pre-release/alpha) and **OpenBGPD** (OpenBSD >= 7.0 also OpenBGPD Portable >= 7.0) are supported, with almost `feature parity <https://arouteserver.readthedocs.io/en/latest/SUPPORTED_SPEAKERS.html#supported-features>`__ between them.
**Validation** and testing of the configurations generated with this tool are performed using the built-in **live tests** framework: `Docker`_ instances are used to simulate several scenarios and to validate the behaviour of the route server after configuring it with ARouteServer. More details on the `Live tests <https://arouteserver.readthedocs.io/en/latest/LIVETESTS.html>`__ section.
A Docker-based `playground <https://github.com/pierky/arouteserver/tree/master/tools/playground>`__ is available to experiment with the tool in a virtual IXP environment.
Also, a `Docker image <https://hub.docker.com/r/pierky/arouteserver>`__ is provided to start building rich and secure configurations in a couple of minutes.
.. _bgpq3: https://github.com/snar/bgpq3
.. _bgpq4: https://github.com/bgp/bgpq4
.. _PeeringDB: https://www.peeringdb.com/
.. _Jinja2: http://jinja.pocoo.org/
.. _Docker: https://www.docker.com/
Features
--------
- **Path hiding** mitigation techniques (`RFC7947`_ `section 2.3.1 <https://tools.ietf.org/html/rfc7947#section-2.3.1>`__).
- Basic filters (mostly enabled by default):
- **NEXT_HOP** enforcement (strict / same AS - `RFC7948`_ `section 4.8 <https://tools.ietf.org/html/rfc7948#section-4.8>`__);
- minimum and maximum IPv4/IPv6 **prefix length**;
- maximum **AS_PATH length**;
- reject **invalid AS_PATHs** (containing `private/invalid ASNs <http://mailman.nanog.org/pipermail/nanog/2016-June/086078.html>`_);
- reject AS_PATHs containing **transit-free** or **never via route-servers** ASNs (using `PeeringDB info_never_via_route_servers attribute <https://github.com/peeringdb/peeringdb/issues/394>`__);
- reject **bogons**;
- **max-prefix limit** based on global or client-specific values or on **PeeringDB** data.
- Prefixes and origin ASNs validation (also in *tag-only* mode):
- **IRR-based filters** (`RFC7948`_ `section 4.6.2 <https://tools.ietf.org/html/rfc7948#section-4.6.2>`__);
- AS-SETs configured manually or fetched from PeeringDB;
- support for **IRR sources** (RIPE::AS-FOO, RADB::AS-BAR);
- **white lists** support;
- extended dataset for filters generation:
- RPKI **ROAs used as route objects**;
- `Origin AS <https://mailman.nanog.org/pipermail/nanog/2017-December/093525.html>`__ from **ARIN Whois** database dump;
- `NIC.BR Whois data <https://ripe76.ripe.net/presentations/43-RIPE76_IRR101_Job_Snijders.pdf>`_ (slide n. 26) from Registro.br;
- **RPKI**-based filtering (BGP Prefix Origin Validation);
- ROAs can be retrieved from publicly available JSON files or from a local validating cache;
- Route Leak Prevention and Detection Using **BGP Roles** (`RFC9234`_).
- **Blackhole filtering** support:
- optional **NEXT_HOP rewriting**;
- signalling via BGP Communities (`BLACKHOLE <https://tools.ietf.org/html/rfc7999#section-5>`__ and custom communities);
- client-by-client control over propagation.
- **Graceful shutdown** support:
- honor the **GRACEFUL_SHUTDOWN** BGP community received from clients (`draft-ietf-grow-bgp-gshut-11 <https://tools.ietf.org/html/draft-ietf-grow-bgp-gshut-11>`_);
- allow to perform a graceful shutdown of the route server itself.
- Control and informative BGP communities:
- prefix/origin ASN present/not present in **IRRDBs data**;
- do (not) announce to any / **peer** / on **RTT basis**;
- **prepend** to any / **peer** / on **RTT basis**;
- add **NO_EXPORT** / **NO_ADVERTISE** to any / **peer**;
- **32bit ASNs mapping** to 16bit ASNs for announcement control BGP communities;
- `Euro-IX large BGP communities <https://www.euro-ix.net/en/forixps/large-bgp-communities/>`__ to track reject reasons;
- custom informational BGP communities.
- Optional session features on a client-by-client basis:
- prepend route server ASN (`RFC7947`_ `section 2.2.2.1 <https://tools.ietf.org/html/rfc7947#section-2.2.2.1>`__);
- active sessions;
- **GTSM** (Generalized TTL Security Mechanism - `RFC5082`_);
- **ADD-PATH** capability (`RFC7911`_).
- `RFC8950`_ **IPv6 NEXT_HOP for IPv4 routes**.
- Automatic building of clients list:
- `integration <https://arouteserver.readthedocs.io/en/latest/USAGE.html#ixp-manager-integration>`__ with **IXP-Manager**;
- `fetch lists <https://arouteserver.readthedocs.io/en/latest/USAGE.html#automatic-clients>`__ from **PeeringDB** records and **Euro-IX member list JSON** files.
- **IX-F Member Export** JSON files `creation <https://arouteserver.readthedocs.io/en/latest/USAGE.html#ixf-member-export-command>`__.
- Related tools:
- The `Playground <https://github.com/pierky/arouteserver/tree/master/tools/playground>`__, to experiment with the tool in a virtual IXP environment.
- `Invalid routes reporter <https://arouteserver.readthedocs.io/en/latest/TOOLS.html#invalid-routes-reporter>`__, to log or report invalid routes and their reject reason.
A comprehensive list of features can be found within the comments of the distributed configuration file on `GitHub <https://github.com/pierky/arouteserver/blob/master/config.d/general.yml>`__ or on the `documentation web page <https://arouteserver.readthedocs.io/en/latest/GENERAL.html>`__.
More feature are already planned: see the `Future work <https://arouteserver.readthedocs.io/en/latest/FUTUREWORK.html>`__ section for more details.
.. _RFC7947: https://tools.ietf.org/html/rfc7947
.. _RFC7948: https://tools.ietf.org/html/rfc7948
.. _RFC9234: https://tools.ietf.org/html/rfc9234
.. _RFC5082: https://tools.ietf.org/html/rfc5082
.. _RFC7911: https://tools.ietf.org/html/rfc7911
.. _RFC8950: https://tools.ietf.org/html/rfc8950
Full documentation
------------------
Full documentation can be found on ReadTheDocs: https://arouteserver.readthedocs.org/
Presentations
-------------
- Euro-IX "Learn with us: ARouteServer tutorial", 28 July 2021: `video <https://www.youtube.com/watch?v=aiBeFs6xnYs>`__ (33:13)
- RIPE74, 10 May 2017, Connect Working Group: `video <https://ripe74.ripe.net/archives/video/87/>`__ (9:53), `slides <https://ripe74.ripe.net/presentations/22-RIPE74-ARouteServer.pdf>`__ (PDF)
- Salottino MIX, 30 May 2017: `slides <https://www.slideshare.net/PierCarloChiodi/salottino-mix-2017-arouteserver-ixp-automation-made-easy>`__
Mentions / endorsements:
- Job Snijders, LACNIC29, 3 May 2018: `slides <https://www.lacnic.net/innovaportal/file/2621/1/lacnic29_peering_tutorial.pdf>`__ (PDF)
- Anurag Bhatia, APNIC46, 12 September 2018: `video <https://www.youtube.com/watch?v=XfSNQbiR1cg&t=3140>`__, `slides <https://conference.apnic.net/46/assets/files/APNC402/Automate-your-IX-config.pdf>`__ (PDF)
- Claudio Jeker, RIPE Labs, 28 November 2018: `OpenBGPD - Adding Diversity to the Route Server Landscape <https://labs.ripe.net/Members/claudio_jeker/openbgpd-adding-diversity-to-route-server-landscape>`__.
Who is using ARouteServer?
--------------------------
- `BharatIX <https://www.bharatix.net/>`__, BIRD.
- `CATNIX <http://www.catnix.net/en/>`__, BIRD.
- `CHIX <https://chix.ch/>`__, BIRD and OpenBGPD.
- `CNX <http://cnx.net.kh/>`__, BIRD v2.
- `DO-IX <https://www.do-ix.net/>`__, BIRD.
- `EVIX <https://evix.org/>`__, BIRD.
- `FCIX <https://fcix.net/>`__, BIRD.
- `GAVLIX <https://gavlix.se/>`__.
- `GigaPIX <https://gigapix.pt/>`__, BIRD and BIRD v2.
- `IX Australia <https://www.ix.asn.au/>`__, BIRD v2.
- `IX-Denver <http://ix-denver.org/>`__, BIRD.
- `MBIX <http://www.mbix.ca/>`__, BIRD.
- `MIX <https://www.mix-it.net/>`__, BIRD.
- `Netnod <https://www.netnod.se/>`__, BIRD and GoBGP\ :sup:`1`\.
- `NIXI Mumbai (GPX) <https://nixi.in/>`__, BIRD.
- `NZIX <https://ix.nz/>`__, BIRD v2.
- `PIT-IX <https://pit-ix.net/>`__, BIRD.
- `QCIX <http://www.qcix.net/>`__, BIRD.
- `RO-CIX <https://roix.net/>`__, OpenBGPD.
- `SFMIX <https://sfmix.org/>`__, BIRD and OpenBGPD.
- `SONIX <https://sonix.network/>`__, BIRD v2.
- `SwissIX <https://www.swissix.ch/>`__, OpenBGPD.
- `Unmetered.Exchange <https://unmetered.exchange/>`__, BIRD.
- `VANIX <https://vanix.ca/>`__.
- `YEGIX <https://yegix.ca>`__, OpenBGPD.
- `YXEIX <http://yxeix.ca/>`__, OpenBGPD.
- `YYCIX <https://yycix.ca>`__, OpenBGPD.
Are you using it? Do you want to be listed here? `Drop me a message <https://pierky.com/#contactme>`__!
\ :sup:`1`\: GoBGP configurations are generated using a fork of the project which is still WIP and that hopefully will be merged upstream in the future.
Bug? Issues? Support requests?
------------------------------
But also suggestions? New ideas?
Please create an `issue on GitHub <https://github.com/pierky/arouteserver/issues>`_ or `drop me a message <https://pierky.com/#contactme>`_.
A Slack channel is also available on the `network.toCode() <https://networktocode.herokuapp.com/>`__ community: **arouteserver**.
Author
------
Pier Carlo Chiodi - https://pierky.com
Blog: https://blog.pierky.com Twitter: `@pierky <https://twitter.com/pierky>`_
.. |Documentation| image:: https://readthedocs.org/projects/arouteserver/badge/?version=latest
:target: https://arouteserver.readthedocs.org/en/latest/?badge=latest
.. |Build Status| image:: https://github.com/pierky/arouteserver/actions/workflows/cicd.yml/badge.svg?branch=master
:target: https://github.com/pierky/arouteserver/actions/workflows/cicd.yml
.. |Unique test cases| image:: https://img.shields.io/badge/dynamic/json.svg?uri=https://raw.githubusercontent.com/pierky/arouteserver/master/tests/last.json&label=unique%20test%20cases&query=$.unique_test_cases&colorB=47C327
:target: https://github.com/pierky/arouteserver/blob/master/tests/last
.. |PYPI Version| image:: https://img.shields.io/pypi/v/arouteserver.svg
:target: https://pypi.python.org/pypi/arouteserver/
.. |Python Versions| image:: https://img.shields.io/pypi/pyversions/arouteserver.svg
:target: https://pypi.python.org/pypi/arouteserver/
Change log
==========
.. note:: **Upgrade notes**: after upgrading, run the ``arouteserver setup-templates`` command to sync the local templates with those distributed with the new version. More details on the `Upgrading <https://arouteserver.readthedocs.io/en/latest/INSTALLATION.html#upgrading>`__ section of the documentation.
1.23.1
------
- Fix: ``clients-from-euroix`` ``--guess-custom-bgp-communities`` multiple values not handled
When ``clients-from-euroix`` was used with ``--guess-custom-bgp-communities``, if multiple values were passed (like country colocation city) only one was used to attach the custom community to the client.
1.23
----
- Fix: Remove second double string 'AS'.
Cosmetic: remove the double 'AS' prefix from the comments in AS-SET names in BIRD configurations.
See also `GitHub issue 132 <https://github.com/pierky/arouteserver/issues/132>`__.
- Fix: parse Registro.br records gracefully.
In case of parsing issues in the records exported by the Registro.br dataset, the tool now logs a warning message and skips the record.
The configuration generation no longer fails in this case.
See also `GitHub PR 135 <https://github.com/pierky/arouteserver/pull/135>`__, `GitHub issue 138 <https://github.com/pierky/arouteserver/issues/138>`__.
- Fix: just log failed Registro.br record content in case of issues.
When a parsing error occurs in the Registro.br dataset, the tool now logs the content of the record that caused the issue, instead of the whole file.
See also `GitHub issue 138 <https://github.com/pierky/arouteserver/issues/138>`__.
- Fix: ``clients-from-peeringdb``, reduce the number of PeeringDB API queries per minute.
To avoid hitting the PeeringDB API rate limit, a delay is introduced between the queries performed to fetch clients' details when the ``clients-from-peeringdb`` command is used.
See also `GitHub issue 139 <https://github.com/pierky/arouteserver/issues/139>`__.
- Improvement: avoid warnings when ``bgpq4`` prints ``Invalid AS number:`` errors.
When ``Invalid AS number:`` lines are printed by ``bgpq4``, avoid generating the ``bgpq4 succeeded but an error was printed`` warnings.
- Improvement (Docker image): allow generation of clients.yml from Euro-IX files.
A new environment variable is introduced (``EURO_IX_URL``) to instruct the Docker container to build the clients.yml file from the Euro-IX JSON export file.
See also `GitHub PR 136 <https://github.com/pierky/arouteserver/pull/136>`__.
- Improvement (Docker image): allow use of custom templates.
A new environment variable is introduced (``TEMPLATES_DIR``) to instruct the Docker container to use custom templates for the configuration generation.
- Tests are no longer performed for Python 3.7 (EoL).
- Tests for Python 3.12 are introduced: that's the release used to perform the integration tests.
- Docker images are built on top of Python 3.12 and PyPy 3.10, and use ``bgpq4`` version 1.12.
1.22.1
------
- Fix: IPv4 prefix length verification when RFC8950 is enabled.
When a peer is configured for RFC8950 support, the prefix length is checked for the IPv6 limits only. This will permit too long IPv4 (up to /48) prefixes and will reject short IPv4 (< /12) prefixes.
See also `GitHub issue 130 <https://github.com/pierky/arouteserver/issues/130>`__.
1.22.0
------
- New: add support of IPv6 NEXT_HOP for IPv4 routes (`RFC8950 <https://tools.ietf.org/html/rfc8950>`__).
Only available for BIRD 2.x.
1.21.7
------
- New: add support for `BIRD 2.15 <https://www.mail-archive.com/bird-users@network.cz/msg07905.html>`__ and `OpenBGPD 8.4 <https://www.undeadly.org/cgi?action=article;sid=20240308064655>`__, also added to the integration testing suite.
1.21.6
------
- Fix: fetching Registro.br dataset via HTTPS.
A *"Can't decode Registro.br Whois DB raw file"* error was raised when trying to fetch the dataset from Registro.br using HTTPS.
See also `GitHub PR 128 <https://github.com/pierky/arouteserver/issues/128>`__.
1.21.5
------
- Fix: ``irr-as-set`` command, the parser considers hierarchical AS-SET names.
Names in the format ``AS<n>:<s>`` were considered as in the format ``source:name``.
See also `GitHub issue 126 <https://github.com/pierky/arouteserver/issues/126>`__.
1.21.4
------
- Fix: ``irr-as-set`` command, omit AS-SETs having a source different from the target registry.
The list of members used to build the IRR object no longer includes client's AS-SETs if their origin does not match the registry for which the object is being created.
See also `GitHub issue 126 <https://github.com/pierky/arouteserver/issues/126>`__.
- Improvement: ``irr-as-set`` command, ``--include-members`` and ``--exclude-members`` options.
Add options to the command that allow the operator to include/exclude AS-SETs from the members list of the object being generated.
1.21.3
------
- Fix: ``--merge-from-custom-file`` overriding configs from ``clients-from-euroix``.
The ``--merge-from-custom-file`` option of the ``clients-from-euroix`` command is supposed to merge the configurations from a local file into the final content that it generates for clients.yml. However, a bug was triggering an undesired behaviour, for which the ``cfg`` settings from the local file were overriding those automatically generated by the command. This was leading to the removal of information such as max-prefix and as-set that were originally populated using the Euro-IX records.
1.21.2
------
- New: add support for `BIRD 2.14 <http://trubka.network.cz/pipermail/bird-users/2023-October/017161.html>`__ and `OpenBGPD 8.3 <https://www.mail-archive.com/tech@openbsd.org/msg76545.html>`__, also added to the integration testing suite.
1.21.1
------
- New: add support for `OpenBGPD 8.0 <https://undeadly.org/cgi?action=article;sid=20230505054214>`__, also added to the integration testing suite.
- New: add early support for BIRD v3 (current release `3.0alpha2 <https://bird.network.cz/pipermail/bird-users/2023-May/016913.html>`__), for testing purposes only.
1.21.0
------
This release **breaks backward compatibility** (BIRD configs only): the default target version used to build BIRD configurations (when the ``--target-version`` argument is not given) is now the latest from the version 2 of BIRD (2.13 at the moment); previously it was 1.6.8. Use the ``--target-version 1.6.8`` command line argument to build 1.6 compatible configurations.
Please note: `BIRD 1 will reach end of life at the end of the year 2023 <https://www.mail-archive.com/bird-users@network.cz/msg07316.html>`__.
- New: add support for `BIRD 2.13 <https://www.mail-archive.com/bird-users@network.cz/msg07305.html>`__, also added to the integration testing suite.
- New: support to build configurations for multiple route servers at once.
Providing a list of values in the ``router_id`` setting of the ``general.yml`` file allows ARouteServer to build configurations for multiple route servers during the same execution.
For more details see `Building configurations for multiple route servers <https://arouteserver.readthedocs.io/en/latest/CONFIG.html#building-configurations-for-multiple-route-servers>`__ on the doc web site.
- Fix: ``ixf-member-export`` (to build an Euro-IX JSON export file from clients.yml) now sets the ``routeserver`` flag of members to ``True``.
See also `GitHub issue 120 <https://github.com/pierky/arouteserver/issues/120>`__.
1.20.1
------
- New: add support for `OpenBGPD 7.8 <https://www.mail-archive.com/tech@openbsd.org/msg74147.html>`__, also added to the integration testing suite.
1.20.0
------
- Deprecation: support for overly old OpenBGPD versions (< 7.0) is removed.
See `GitHub PR 117 <https://github.com/pierky/arouteserver/pull/117>`__.
- New: add support for `BIRD 2.0.11 <https://bird.network.cz/pipermail/bird-users/2022-December/016431.html>`__, also added to the integration testing suite.
- New: mapping of 32bit ASNs to 16bit private ASNs for announcement control standard BGP communities.
A new feature is added to allow 32bit ASN clients to be mapped to 16bit ASNs in the standard BGP communities used for announcement control. This feature allows clients to use the 16bit mapped ASN as the ``peer_as`` value for standard BGP communities like *do not announce to $PEER*. In those communities, the 32bit ASN will be represented by the 16bit value which is mapped to it.
For details on how to configure this feature, see the documentation, `"BGP Communities" section <https://arouteserver.readthedocs.io/en/latest/CONFIG.html#bgp-communities>`__.
See also `GitHub issue 101 <https://github.com/pierky/arouteserver/issues/101>`__.
- New: add support for `RFC9234 Route Leak Prevention and Detection Using Roles <https://www.rfc-editor.org/rfc/rfc9234>`__.
A new configuration option is available in general.yml to enable RFC9234 roles (supported by BIRD >= 2.0.11 and OpenBGPD >= 7.5, even though `discouraged until 7.8 will be out <https://github.com/openbgpd-portable/openbgpd-portable/issues/51>`__).
When that's set, BGP sessions on the route server are configured to announce the route-server role and routes received from clients and tagged with the OTC (Only To Customer) attribute are dropped.
This option can be enabled in backward compatibility mode in the general.yml file, and can also be tuned on a client-by-client basis via the clients.yml file.
Details can be found in the `documentation page of general.yml <https://arouteserver.readthedocs.io/en/latest/GENERAL.html#rfc9234-roles-roles>`__.
- New: anchors in HTML pages.
The route server policy textual representation HTML files generated via the ``html`` command now have anchors at the various headers and sub-headers, so when referring other parties to the policy they can be pointed directly to the relevant section.
See also `GitHub issue 119 <https://github.com/pierky/arouteserver/issues/119>`__.
- Fix: minor issues with the HTML pages.
Wrong URL in some links and a misleading reference to a wrong mailing list post about private ASNs.
See also `GitHub issue 119 <https://github.com/pierky/arouteserver/issues/119>`__.
Please note: starting with the next release, the default target version used to build BIRD configurations (when the ``--target-version`` argument is not given) will be the latest from the 2.x major version; until now it was 1.6.8. Operators will need to use the ``--target-version 1.6.8`` command line argument to build BIRD 1.x compatible configurations.
1.19.0
------
- Deprecation: the ARIN Whois OriginAS feature (config knob ``use_arin_bulk_whois_data``, documented in `Use ARIN Whois database to accept routes <https://arouteserver.readthedocs.io/en/latest/CONFIG.html#use-arin-whois-database-to-accept-routes>`__) is being deprecated.
Per `Recommended Draft Policy ARIN-2021-8 <https://www.arin.net/participate/policy/drafts/2021_8/>`__, the "Autonomous System Originations" field is going to be removed from the ARIN database. Consequentially, this feature that is based on that is going to be deprecated as well and will be dropped in future releases of ARouteServer.
Operators that will run ARouteServer with ``use_arin_bulk_whois_data.enabled`` set to ``True`` will see a warning message being logged, about the deprecation.
The publicly available intermediate data relay which was running on the NLNOG infrastructure already removed the source file, which was used to fetch those records. So, operators willing to support this feature will need to provide their own version of the file.
See also `GitHub issue 116 <https://github.com/pierky/arouteserver/issues/116>`__.
1.18.0
------
No new functionalities nor bug fixes here, just a change in the releases of Python which are supported and tested.
- Tests are no longer performed for Python 3.6 (EoL).
- Tests for Python 3.10 and 3.11 are introduced: 3.11 is the release used to perform the integration tests.
- Docker images are built on top of Python 3.11 and PyPy 3.9.
1.17.1
------
- New: add support for OpenBGPD 7.6 and 7.7, also added to the integration testing suite (portable edition only).
1.17.0
------
- New: add support for `BIRD 2.0.10 <https://www.mail-archive.com/bird-users@network.cz/msg06819.html>`__, also added to the integration testing suite.
- New: add support for `OpenBGPD 7.5 <https://undeadly.org/cgi?action=article;sid=20220716101930>`__, also added to the integration testing suite (portable edition only).
- New (OpenBGPD): add support for ADD-PATH (on version 7.5 or above).
- Improvement: abort the configuration building process as soon as one *enricher* fails.
This shorten the user feedback in case of errors that unavoidably would make the final configuration broken and not usable.
- Fix: remove ``RGNET`` from the list of default IRR sources.
To remove it from existing deployments, or to add it back, users can edit the arouteserver.yml file, ``bgpq3_sources`` section.
See also `GitHub issue 111 <https://github.com/pierky/arouteserver/issues/111>`__.
1.16.1
------
- New: add support for OpenBGPD 7.4, also added to the integration testing suite (portable edition only).
- Fix: pin down `urllib3` version to avoid issues on upgrade.
See also `GitHub issue 110 <https://github.com/pierky/arouteserver/issues/110>`__.
- Fix: the `playground <https://github.com/pierky/arouteserver/tree/master/tools/playground>`__ Docker image was not building anymore.
Go and AliceLG birdwatcher versions have been bumped to the latest available.
1.16.0
------
- Improvement: use bulk queries to get clients' records from PeeringDB.
Clients' details (such as IRR records and max-prefix limits) are now retrieved from PeeringDB using *bulk* API queries, where multiple ASNs are checked at once.
This speeds up the configuration building process and reduces the number of queries to PeeringDB, reducing the risk of hitting the API rate limit.
See also `GitHub issue 107 <https://github.com/pierky/arouteserver/issues/107>`__.
1.15.1
------
- Fix: update the requirements.
The min. version of Jinja2 reported in the requirements file was not enough to satisfy the needs of the templates.
See also `GitHub issue 106 <https://github.com/pierky/arouteserver/issues/106>`__.
- Fix: allow setting PeeringDB API key to mitigate anonymous API throttling mechanism.
ARouteServer can now be instructed to use an API key to perform authentication against the PeeringDB API server. This can be done by setting the environment variable ``SECRET_PEERINGDB_API_KEY`` or by storing the same key inside one of the following well-known files: ``~/.arouteserver/peeringdb_api.key``, ``~/.peeringdb_api.key``.
This should mitigate the effects of the anonymous API throttling mechanism introduced on PeeringDB.
See also `GitHub issue 107 <https://github.com/pierky/arouteserver/issues/107>`__.
- Improvement: retry on PeeringDB API failure or rate-limit.
In case of failure or rate-limit of the PeeringDB API the tool now retries the same query multiple times.
See also `GitHub issue 107 <https://github.com/pierky/arouteserver/issues/107>`__.
1.15.0
------
- New: add support for OpenBGPD 7.3, also added to the integration testing suite (portable edition only).
- New: ``md`` command, to build a textual representation in Markdown format.
This command works like the ``html`` command and can be used to build a textual representation of the route server's configuration policy in Markdown format.
For more details see the `Textual representation <https://arouteserver.readthedocs.io/en/latest/USAGE.html#textual-representation>`__ section of the documentation.
- New: add ``custom_options`` to the clients definition file.
This new section can be used to add BGP-speaker-specific arbitrary lines of configuration to the file generated by ARouteServer.
For more details see the `Client custom options <https://arouteserver.readthedocs.io/en/latest/CONFIG.html#custom_options>`_.>`__ section of the documentation.
See also `GitHub PR 104 <https://github.com/pierky/arouteserver/pull/104>`__.
- Improvement (BIRD): skip NEXT_HOP check for IPv6 link-local clients.
Due to a limitation of BIRD, it is not possible to verify the NEXT_HOP attribute of routes announced by IPv6 clients configured using link-local addresses.
The configurations generated using this release skip that check (upon operator's approval if such clients are present).
See also `GitHub PR 104 <https://github.com/pierky/arouteserver/pull/104>`__.
- Fix: detect infeasible extended BGP communities when a 32bit ASN is used for the route server.
When the route server uses a 32bit ASN, certain extended BGP communities may end being configured to match multiple 32bit values, which is not possible because the way they are encoded.
This release detects similar situations in advance and aborts the configuration building process.
See also `GitHub PR 104 <https://github.com/pierky/arouteserver/pull/104>`__.
1.14.1
------
- Fix: import limit is not set if PeeringDB records are not found.
For clients not configured with a specific max-prefix value, when a PeeringDB record was not found the value from the general limit was not used to build the import limit configuration. The tool was expected to fallback to the ``general_limit_ipv4`` value instead.
See also `GitHub issue 105 <https://github.com/pierky/arouteserver/issues/105>`_.
1.14.0
------
- New: Add support for `BIRD 2.0.9 <https://www.mail-archive.com/bird-users@network.cz/msg06594.html>`_ (also included into the integration testing suite).
- Improvement (OpenBGPD): improve readability of the configurations.
A better formatting of the output configuration allows a better readability. Also, wherever possible, extended communities are removed using wildcard matching, allowing a more compact configuration.
See also `GitHub issue 97 <https://github.com/pierky/arouteserver/issues/97>`_ and `99 <https://github.com/pierky/arouteserver/issues/99>`_.
- Improvement (Docker image): use ``bgpq4`` version 1.4.
The Docker image was using version 1.2.
- Improvement (Docker image): PyPy3-based image added.
The Docker images based on PyPy3 will have tags in the form ``latest-pypy3`` and ``<version>-pypy3`` (like ``1.14.0-pypy3``).
- Improvements: drop dependencies on libraries needed for Python 2 compatibility.
Also, tests are now performed using Python 3.6, 3.8 and 3.9 too.
1.13.1
------
- Fix: avoid running ``bgpq4`` using the ``-3`` option.
It seems that the ``-3`` CLI option has been dropped in ``bgpq4`` and is no longer supported (it was added as a way to not break compatibility with ``bgpq3`` syntax).
See also `GitHub issue 95 <https://github.com/pierky/arouteserver/issues/95>`_.
- Fix (OpenBGPD): syntax error when prepend functionalities were configured with 'std' communities only and 32bit ASN clients were present.
See also `GitHub issue 98 <https://github.com/pierky/arouteserver/issues/98>`_.
- Improvement: better explaination of when error messages can be ignored.
See also `GitHub issue 96 <https://github.com/pierky/arouteserver/issues/96>`_.
1.13.0
------
- New (OpenBGPD): use the ``expires`` attribute of ROAs from rpki-client format.
In OpenBGPD configurations (starting with 7.2), the ``expires`` attribute of ROAs gathered from JSON feeds that contain it is passed on into the configuration of the ``roa-set``.
See also `GitHub issue 92 <https://github.com/pierky/arouteserver/issues/92>`_.
1.12.0
------
- New: add the ``--merge-file`` option to the ``ixf-member-export`` command, to include user-created content into the IX-F Member Export JSON file.
For more details on how it works please check the `documentation <https://arouteserver.readthedocs.io/en/latest/USAGE.html#ixf-member-export-command>`__.
See also `GitHub issue 89 <https://github.com/pierky/arouteserver/issues/89>`_.
- Improvement: in the ``ixf-member-export`` command, the value of IXP ID can now be set via the ``--ixp-id`` in addition to the existing ``--ixp_id`` option.
In the future, the ``--ixp_id`` version of the option will be dropped. A warning message will be shown when the deprecated version of that command line argument is used.
- Improvement: ask for 16bit placeholder ASN in ``configure`` when the route-server is on a 32bit ASN.
When the ``configure`` command is used to generate the policy for a route-server running on a 32bit ASN, a prompt asks the operator which 16bit placeholder ASN should be used to setup the BGP communities. So far, the fixed value 65534 was used.
See also `GitHub issue 88 <https://github.com/pierky/arouteserver/issues/88>`_.
- Improvement (OpenBGPD): use ``as-set`` to configure the list of "never via route server" ASNs.
This change reduces the size of the configuration and hopefully makes the filter processing faster.
See also `GitHub issue 90 <https://github.com/pierky/arouteserver/issues/90>`_.
- Fix: when the route-server ASN was a 32bit value, the `Euro-IX Large BGP Communities <https://www.euro-ix.net/en/forixps/large-bgp-communities/>`__ automatically configured via ``configure`` were using the 16bit placeholder ASN.
When the ``configure`` command was used to build the ``genera.yml`` policy for route-servers running on 32bit ASNs, the Large BGP Communities used to map route reject causes to Euro-IX codes were using the 16bit placeholder ASN instead of the actual route-server's 32bit ASN.
1.11.1
------
- Fix: better error handling for clients configured with no IP address.
When a client was mistakenly configured with no IP addresses, the program raised an unhandled exception, instead of providing a good feedback to the user.
See also `GitHub issue 87 <https://github.com/pierky/arouteserver/issues/87>`_.
1.11.0
------
- New: add support for `OpenBGPD 7.2 <https://marc.info/?l=openbsd-announce&m=163239274430211&w=2>`__, also added to the integration testing suite (portable edition only).
- Improvement: better handling of IRRd query failures.
Multiple hosts can now be configured as servers used for the IRR queries performed via ``bgpq3``/``bgpq4``. In case of timeout or failure, the next host in the list is used.
A timeout of 2 minutes is used by default. These settings can be modified in the ``arouteserver.yml`` file.
See also `GitHub issue 85 <https://github.com/pierky/arouteserver/issues/85>`_.
1.10.1
------
- Fix: the HTML representation of RPKI validation custom communities was broken.
After adding custom RPKI validation communities implemented as part of v1.10.0 the route server configuration textual representation file hada small cosmetic problem.
See also `GitHub issue 83 <https://github.com/pierky/arouteserver/issues/83>`_.
1.10.0
------
- New: add support for custom BGP communities to track rejected routes.
A new section of the general.yml file (``reject_cause_map``) allows to configure custom BGP communities for each reject reason (the list can be found on the `Reject reasons <https://arouteserver.readthedocs.io/en/latest/CONFIG.html#reject-reasons>`__ paragraph of on the doc site).
When this is implemented along with ``reject_policy`` set to ``tag`` or ``tag_and_reject``, ad-hoc custom BGP communities can be used to describe why a route was rejected by the route server.
- New: add support for custom BGP communities to internally track the outcome of BGP Origin Validation (or the lack of it).
3 new BGP communities are introduced to track the outcome of BGP Origin Validation (if enabled): ``rpki_bgp_origin_validation_valid``, ``rpki_bgp_origin_validation_unknown`` and ``rpki_bgp_origin_validation_invalid``. These communities can be used to classify routes depending on the their validation state using custom values, in addition to `RFC8097 communities <https://datatracker.ietf.org/doc/html/rfc8097>`__. They are not announced to clients, but rather they are meant to be used only internally within the route server, just to make it easier the integration with external tools, like looking glasses.
An additional fourth BGP community is also introduced, to classify routes for which BGP Origin Validation has not been performed: ``rpki_bgp_origin_validation_not_performed``. When configured, this community is added when BOV is not enabled, or when it is not performed for some specific reasons (only blackhole route processing at the moment). Contrary to the 3 previous ones, this community is announced to the clients.
See also `GitHub issue 78 <https://github.com/pierky/arouteserver/issues/78>`_.
- New: Euro-IX Large BGP Communities are included into the policy generated by the ``configure`` command.
This feature leverages the new ``reject_cause_map`` option commented above.
The general.yml file generated by the ``configure`` command now includes a mapping between internal reject codes and the communities proposed in the `Euro-IX Large BGP Community standard <https://www.euro-ix.net/en/forixps/large-bgp-communities/>`__ document.
Please note: to make the policies generated by ``configure`` consistent between BIRD and OpenBGPD, the ``reject_policy`` option for the latter is now set to ``tag`` (so rejected routes are kept in OpenBGPD but are still not advertised to the route server clients).
In addition to this, some of the BGP communities set by the ``configure`` command have been changed in order to match those suggested in the Euro-IX document above.
- New: ``check-config`` command, to verify configuration files (general.yml and clients.yml).
This command can be used to verify that the content of the two main configuration files is valid, without building the configurations.
See also `GitHub PR 82 <https://github.com/pierky/arouteserver/pull/82>`_ and `issue 79 <https://github.com/pierky/arouteserver/issues/79>`_.
- Improvement (OpenBGPD): informational extended BGP communities are now scrubbed from outbound routes.
Certain informational extended BGP communities that need dynamic values (like the one used to track the reject code of a route that is discarded when ``reject_policy`` is set to ``tag``) were not scrubbed from outbound routes, because of lack of wildcard matching in OpenBGPD. Since this feature was recently added to the BGP speaker, they are now removed.
- Fix (OpenBGPD): make behaviour of ``rpki_bgp_origin_validation.reject_invalid`` consistent with BIRD.
Contrary to what ``reject_invalid: False`` might seem doing, the actual behaviour it is designed for is to still prevent the propagation of INVALID routes when RPKI BOV is enabled. When it's set to ``True`` (the default value) the BGP daemons are configured to immediately drop INVALID routes in the inbound filters; when it's set to ``False`` those routes are accepted but not propagated to clients, they are blocked in the outbound filters: basically they are just kept internally within the route server to allow analysis and troubleshooting.
While the BIRD implementation of ``reject_invalid: False`` was working fine, a bug was found in the OpenBGPD one that prevented those routes from being blocked in the outbound direction, letting them to be propagated to clients.
1.9.0
-----
- New: Add support for `OpenBGPD 7.1 <https://marc.info/?l=openbgpd-users&m=162461267419135&w=2>`__, also added to the integration testing suite (portable edition only).
- Improvement: provide hint on how to change URL for external IRR DB data sources.
See also `GitHub issue 77 <https://github.com/pierky/arouteserver/issues/77>`_.
- Fix (OpenBGPD only): `RFC8097 communities <https://datatracker.ietf.org/doc/html/rfc8097>`_ were not added after BGP Origin Validation.
The *BGP Prefix Origin Validation State Extended Communities* were not added when RPKI OV was performed. INVALID routes were still dropped when the route server was configured to do so (those routes are internally marked using locally-meaningful communities).
- Improvement: RPKI ROAs files are checked for stale data.
The JSON files fetched from validating caches are now checked to detect stale data (rpki-client and OctoRPKI formats include this information) and they are ignored if the data they contain is no longer valid. In this case, the next URL in the ``rpki_roas.ripe_rpki_validator_url`` list is used.
By default, files whose content is older than 21600 seconds (6 hours) are ignored; it's possible to change this option via the newly introduced ``rpki_roas.ignore_cache_files_older_than`` setting.
Where available (rpki-client format only at this time), also the `VRP expiration time <https://github.com/openbsd/src/commit/a66158d7f8cdffc32bf2f8aa5d8bbed1f08a3a3d#diff-b2e9c61c4c7cfd2d5a0cde6066efe9a7c18dd1bdf06b1e473abc054261ea315c>`__ is checked.
As a consequence of this, the default ARouteServer cache expiration time for RPKI ROAs JSON files has been reduced to 60 minutes, to avoid caching ROAs that would turn out being expired at the next use of their cached copy.
- Improvement: new order for the default URLs of the RPKI JSON files.
Since the RIPE NCC RPKI Validator `is now in EoL <https://labs.ripe.net/author/nathalie_nathalie/lifecycle-of-the-ripe-ncc-rpki-validator/>`__, the URL of the JSON file that points to rpki-validator.ripe.net has been moved as the last resort option for ``rpki_roas.ripe_rpki_validator_url``.
The one exposed in the `rpki-client dashboard <https://console.rpki-client.org/>`__ has been added.
Please note: this change only affects the default configuration file that ships with ARouteServer and is not be automatically reflected in existing configurations that route-servers operators are already using. If you wish this setup to be reflected in your configuration, please update your general.yml file accordingly.
1.8.0
-----
- Improvement: add the ``logging`` option to ``--use-local-files`` argument, to allow customization of logging settings.
Details on the documentation: `Logging configuration of the BGP daemon <https://arouteserver.readthedocs.io/en/latest/CONFIG.html#logging-configuration-of-the-bgp-daemon>`__.
See also `GitHub issue 75 <https://github.com/pierky/arouteserver/issues/75>`_.
1.7.0
-----
- New: Add support for `OpenBGPD 7.0 <https://marc.info/?l=openbgpd-users&m=162282647904441&w=2>`__, also added to the integration testing suite (portable edition only).
Please note: starting with this release, since the default target version for OpenBGPD is 7.0, path-hiding mitigation will be enabled by default by the ``configure`` command. This option can be modified in the ``general.yml`` file.
1.6.0
-----
Starting with this release, the default target version for OpenBGPD will be the latest stable (6.9 in this case). Use the ``--target-version`` CLI option if you want to build your configurations for a previous release of OpenBGPD.
- New: Add support for OpenBGPD/OpenBSD 6.9 and OpenBGPD Portable 6.9p0, also added to the integration testing suite.
- New (OpenBGPD): add support for RTR sessions starting with version 6.9.
Please note the following issues with OpenBGPD 6.9 if you want to enable RTR sessions; you might want to apply the available patches:
- ``Invalid argument`` error and RTR session not coming up (`issue #23 on GitHub <https://github.com/openbgpd-portable/openbgpd-portable/issues/23>`__ and `"bgpd, fix RTR connect" <https://marc.info/?l=openbsd-tech&m=162004696829635&w=2>`__ post on openbsd-tech)
- non blocking ``connect()`` call for RTR session establishment (`"bgpd behaviour when RTR endpoint is not available" <https://marc.info/?l=openbgpd-users&m=161997334304946&w=2>`__ post on openbgpd-users and `"bgpd, non-blocking rtr connect" <https://marc.info/?l=openbsd-tech&m=162005636502085&w=2>`__ post on openbsd-tech)
- New (OpenBGPD): enable support for path-hiding mitigation.
Even though OpenBGPD supports path-hiding mitigation starting with version 6.9, the feature is not automatically enabled by the ``configure`` command because of some issues that might impair the stability of the routing ecosystem:
- withdrawal of 2nd best route with ``rde evaluate all`` (`issue #21 on GitHub <https://github.com/openbgpd-portable/openbgpd-portable/issues/21>`__ and `"bgpd fix for rde evaluate all" <https://marc.info/?l=openbsd-tech&m=162011500326166&w=2>`__ post on openbsd-tech)
- advertisement of 2nd best routes on reload with ``rde evaluate all`` (`issue #21 on GitHub <https://github.com/openbgpd-portable/openbgpd-portable/issues/21>`__ and `"bgpd better reload behaviour" <https://marc.info/?l=openbsd-tech&m=162021735205669&w=2>`__ post on openbsd-tech)
Please apply the existing patches before enabling it on a production environment, and acknowledge the error produced by ARouteServer using the ``--ignore-issues path_hiding_69`` CLI option.
- Improvement: the default list of `"transit free" <https://arouteserver.readthedocs.io/en/latest/GENERAL.html#transit-free-networks-transit-free>`__ ASNs has been updated and some networks have been removed.
See also `GitHub PR73 <https://github.com/pierky/arouteserver/pull/73>`_.
v1.5.1
------
- Improvement (Docker image): generate HTML representation of the route server configuration through the Docker image.
See also `GitHub PR70 <https://github.com/pierky/arouteserver/pull/70>`_ and `issue 69 <https://github.com/pierky/arouteserver/issues/69>`_.
- Fix (Docker image): make ``RS_ASN``, ``ROUTER_ID`` and ``LOCAL_PREFIXES`` environment variables not required when a custom general.yml file is used.
See also `GitHub PR68 <https://github.com/pierky/arouteserver/pull/68>`_.
- Fix: the "Reject reasons" table in the HTML representation was rendered improperly.
See also `GitHub issue 71 <https://github.com/pierky/arouteserver/issues/71>`_.
v1.5.0
------
- New: Add support for `BIRD 2.0.8 <https://www.mail-archive.com/bird-users@network.cz/msg05937.html>`_ (also included into the integration testing suite).
v1.4.0
------
- New: Docker image to easily build route-server configurations.
For more details, see the `docker directory <https://github.com/pierky/arouteserver/tree/master/docker>`_.
- Improvement: change the default value of ``bgpq3_path`` to ``bgpq4``.
The ``bgpq4`` tool is now referenced as the default one in the ``bgpq3_path`` configuration line of arouteserver.yml.
**Please note**: operators who are using the tool and who left the ``bgpq3_path`` configuration line unset will now need to either explicitly configure that line to point to their ``bgpq3`` binary or to make sure ``bgpq4`` is available on their system.
- Fix: the ``ixf-member-export`` command now produces a JSON file compliant with `version 1.0 <https://github.com/euro-ix/json-schemas/blob/master/versions/ixp-member-list-1.0.schema.json>`_ of the `Euro-IX schema <https://github.com/euro-ix/json-schemas>`_.
See also `GitHub PR65 <https://github.com/pierky/arouteserver/pull/65>`_.
v1.3.0
------
- New: ``irr-as-set`` command, to build the route server AS-SET object for IRR databases.
This new command can be used to build the AS-SET RPSL object that describes the ASes and AS-SETs of route server clients. Details and usage: https://arouteserver.readthedocs.io/en/latest/USAGE.html#irr-as-set
Related: `issue #49 on GitHub <https://github.com/pierky/arouteserver/issues/49>`_.
v1.2.0
------
- Improvement (BIRD only): ``tag_and_reject`` is now the default reject policy set by the ``configure`` command.
When the ``configure`` command is initially used to setup ARouteServer and to generate the ``general.yml`` file, the `reject policy <https://arouteserver.readthedocs.io/en/latest/CONFIG.html#reject-policy-and-invalid-routes-tracking>`__ that it configures is ``tag_and_reject`` if BIRD is specified as the route server daemon.
- Fix: ``setup-templates`` was not generating the correct backup of customized templates.
The bug only affected the upgrade procedure of deployments where the Jinja2 templates were locally customized. More details on the comments of commit `2ea6df69106d473f9f4170c65f929bab4a0d7676 <https://github.com/pierky/arouteserver/commit/2ea6df69106d473f9f4170c65f929bab4a0d7676>`_.
v1.1.0
------
- Improvement: multihop support.
For BIRD, this option can be configured only when path-hiding mitigation is turned off.
More details on `GitHub PR61 <https://github.com/pierky/arouteserver/pull/61>`_.
- Improvement (BIRD only): allow ``count_rejected_routes: True`` in BIRD 2.0.7 when the patch is used.
A `patch for BIRD 2.0.7 <https://www.mail-archive.com/bird-users@network.cz/msg05638.html>`_ was released to address the bug that leads the daemon to crash when a configuration is built using ``count_rejected_routes: True``. This release adds a new locally meaningful fictitious version of BIRD that can be used to overcome the limitation enforced in ARouteServer 1.0.1, by signalling to the tool the usage of a patched version of BIRD (``--target-version 2.0.7+b962967e``).
See the notes for the 1.0.1 release for more details.
- New: Add support for OpenBGPD/OpenBSD 6.8 and OpenBGPD Portable 6.8p1, also added to the integration testing suite.
v1.0.1
------
- Fix (BIRD only): change default behaviour to count rejected routes towards the max-prefix limit threshold.
So far, routes received by the route server and rejected as a result of ingress filtering were not counted towards the max-prefix limit threshold; **this release changes the default behaviour** in a way that they are now taken into account.
Example: a peer is configured with max-prefix limit 10 and action 'shutdown'. It announces 15 routes, 5 of which are rejected due to inbound filters.
BIRD route servers configured using previous releases will not perform any action on that peer, while a configuration generated with this release will lead to the shutdown of the BGP session with that peer.
In case the previous implementation of the max-prefix limit is the desired one, it can be restored by setting the new configuration statement that has been introduced with this release, ``count_rejected_routes``, to ``False``. More details in the `general.yml file <https://github.com/pierky/arouteserver/blob/master/config.d/general.yml>`_.
**BIRD 2.0.7 users, please note**: if you are using ARouteServer to configure route servers which are based on BIRD 2.0.7, you'll get an error message at configuration build time. This is due to the fact that in BIRD 2.0.7 there is `a bug <https://www.mail-archive.com/bird-users@network.cz/msg05597.html>`_ that affects configurations generated using the statement that implements the new default behaviour for max-prefix limit handling. The error message will show you the options to unblock the config generation, but in any case it will not be possible to implement this new way of handling the max-prefix limit.
v1.0.0
------
- No changes, just make it "stable"!
v0.26.0
-------
- New: Add support for OpenBGPD/OpenBSD 6.7 and OpenBGPD Portable 6.7p0, also added to the integration testing suite.
v0.25.1
-------
- Fix: BIRD, use ``bgp_path.last`` since it's consistent with `RFC 6907 7.1.9-11 <https://tools.ietf.org/html/rfc6907#section-7.1.9>` (RPKI BOV of routes whose AS_PATH ends with an AS_SET).
More info: https://www.mail-archive.com/bird-users@network.cz/msg05152.html
Related: `PR #56 on GitHub <https://github.com/pierky/arouteserver/pull/56>`_.
v0.25.0
-------
- New feature: ``tag_and_reject`` reject policy for BIRD.
Invalid routes can be tagged with informational BGP communities and then discarded by BIRD.
With this option, alice-lg reject reasons are supported nicely, whilst keeping ``show routes all filtered`` working to keep birdwatcher happy.
Related: `PR #57 on GitHub <https://github.com/pierky/arouteserver/pull/57>`_.
- Improvement: ``clients-from-euroix`` command, option ``--merge-from-custom-file`` to customise the list of clients generated from an Euro-IX JSON file.
More details on how to use this option can be found running ``arouteserver clients-from-euroix --help-merge-from-custom-file``.
v0.24.1
-------
- Improvement: add support for `bgpq4 <https://github.com/bgp/bgpq4>`__.
At least version 0.0.5 is required.
Related: `PR #53 on GitHub <https://github.com/pierky/arouteserver/pull/53>`_.
- Fix: ``clients-from-euroix`` command, route server detection on Euro-IX schema versions 0.7 and 1.0.
In version 0.7 and 1.0 of the `Euro-IX member list JSON file <https://github.com/euro-ix/json-schemas>`__ the way the route server information are exported changed. The ``clients-from-euroix`` command was no longer able to filter out the IP addresses that represent the route server of the same IXP for which the members are processed, basically generating a client entry for the same route server being configured.
v0.24.0
-------
- New feature: *never via route-servers* ASNs filtering.
To drop routes containing an ASN which is classified as "never via route-servers" on PeeringDB (`info_never_via_route_servers` `attribute <https://github.com/peeringdb/peeringdb/issues/394>`_).
**Please note**: this feature is enabled by default.
Related: `issue #55 on GitHub <https://github.com/pierky/arouteserver/issues/55>`_.
- Improvement: add `alice-lg/birdwatcher <https://github.com/alice-lg/birdwatcher>`__ support to BIRD configs.
Changes the default BIRD time format to support `alice-lg/birdwatcher <https://github.com/alice-lg/birdwatcher>`__ out of the box.
- Improvement: include a table with the reject codes in the HTML output.
Related: `issue #54 on GitHub <https://github.com/pierky/arouteserver/issues/54>`_.
v0.23.0
-------
- New: add support for BIRD v2.
**Please note**: BIRD v2 support is in early stages. Before moving any production platform to instances of BIRD v2 configured with this tool, please review the configurations carefully and run some simulations.
- New: OpenBGPD/OpenBSD 6.6, OpenBGPD Portable 6.6p0 and BIRD 1.6.8 added to the integration testing suite.
v0.22.2
-------
- Fix: prevent environment variables with unknown escapes (like `\u`) from interrupting the execution.
Related: `issue #50 on GitHub <https://github.com/pierky/arouteserver/issues/50>`_.
v0.22.1
-------
- Fix: handle more formats for ROAs exported from the public instances of RIPE and NTT validators.
A new way of representing ASNs (without the "AS" prefix) and new TA names which were not matched by the default values of ``rpki_roas.allowed_trust_anchors`` prevented ROAs from being imported and correctly processed when the default settings were used.
v0.22.0
-------
This is the last release of ARouteServer for which Python 2.7 compatibility is guaranteed. From the next release, any new feature will not be tested against that version of Python.
- New: `OpenBGPD Portable <https://github.com/openbgpd-portable/openbgpd-portable>` (release 6.5p1) also supported.
Release 6.5p1 of OpenBGPD Portable edition passed the integration testing suite.
- New: add support for OpenBGPD/OpenBSD 6.5 enhancements.
Support for matching multiple communities at the same time allows to create more readable configurations.
- Improvement: OpenBGPD, some filters refinement.
Avoid checking AS0 in AS_PATH since 6.4.
No needs to check routes of an address family different than the one used for the session.
As announced with release 0.20.0, OpenBGPD/OpenBSD 6.2 is no longer tested. Also OpenBGPD/OpenBSD 6.3 tests have been decommissioned.
Starting with this release, tests will be executed only against the 2 most recent releases of OpenBGPD/OpenBSD and against the last release of the supported major versions of BIRD.
The implementation of new features may break compatibility of the configurations built for unsupported releases.
v0.21.1
-------
- Deprecation: SAVVIS IRR removed from the list of default sources used by bgpq3.
- Fix (minor): truncate the max length of AS-SET names to 64 characters.
BIRD supports only names no longer than 64 characters.
Related: `issue #47 on GitHub <https://github.com/pierky/arouteserver/issues/47>`_.
v0.21.0
-------
- Improvement: when ``ripe-rpki-validator-cache`` is set as the source of ROAs, multiple URLs can now be specified to fetch data from.
URLs will be tried in the same order as they are configured; if the attempt to download ROAs from the first URL fails, the second URL will be tried, an so on.
By default, the `RIPE NCC public instance <https://rpki-validator.ripe.net/>`_ of the RIPE RPKI Validator will be tried first, then the `NTT instance <https://rpki.gin.ntt.net/>`_. The list of URLs can be set in the ``general.yml`` configuration file, ``roas.ripe_rpki_validator_url`` option.
v0.20.0
-------
This is the last release of ARouteServer for which OpenBGPD/OpenBSD 6.1 and 6.2 CI tests are ran. From the next release, any new feature will not be tested against these versions of OpenBGPD. Users are encouraged to move to newer releases.
- New: add support for OpenBGPD/OpenBSD 6.4 `enhancements <https://ripe77.ripe.net/presentations/143-openbsd-status.pdf>`_.
Use new sets for prefixes, ASNum, and origins (prefix + source-as), and also RPKI ROA sets.
- Improvement: OpenBGPD, reduce the number of rules by combining some into the same rule.
- Improvement: route server policies definition files built using the ``configure`` command now have RPKI BGP Origin Validation and "use-ROAs-as-route-objects" enabled by default.
As announced with release 0.19.0, OpenBGPD/OpenBSD 6.0 is no longer tested.
The implementation of new features may break compatibility of the configurations built for unsupported releases.
Most of this release is based on the work made by `Claudio Jeker <https://github.com/cjeker>`_.
v0.19.1
-------
- Fix (BIRD configuration only): change ``bgp_path.last`` with ``bgp_path.last_nonaggregated``.
When a route is originated from the aggregation of two different routes using the AS_SET, ``bgp_path.last`` always returns 0, so the origin ASN validation against IRR always fails.
Related: `issue #34 on GitHub <https://github.com/pierky/arouteserver/issues/34>`_.
v0.19.0
-------
This is the last release of ARouteServer for which OpenBGPD/OpenBSD 6.0 CI tests are ran. Starting with the next release, any new feature will not be tested against version 6.0 of OpenBGPD. Users are encouraged to move to newer releases.
- New: use NIC.BR Whois data from Registro.br to enrich the dataset used for route validation.
Details: `RIPE76, Practical Data Sources For BGP Routing Security <https://ripe76.ripe.net/presentations/43-RIPE76_IRR101_Job_Snijders.pdf>`_.
Related: `issue #28 on GitHub <https://github.com/pierky/arouteserver/issues/28>`_.
- New: introduce support for OpenBGPD/OpenBSD 6.4.
OpenBSD 6.4 is not released yet, this is just in preparation of it.
Related: `issue #31 on GitHub <https://github.com/pierky/arouteserver/issues/31>`_.
- Fix (minor): RIPE NCC RPKI Validator v3 expects ``Accept: text/json`` as HTTP header.
Related: `PR #29 on GitHub <https://github.com/pierky/arouteserver/issues/29>`_.
v0.18.0
-------
- New: add support for BIRD 1.6.4 and OpenBGPD/OpenBSD 6.3.
This release **breaks backward compatibility** (OpenBGPD configs only): the default target version used to build OpenBGPD configurations (when the ``--target-version`` argument is not given) is now 6.2; previously it was 6.0. Use the ``--target-version 6.0`` command line argument to build 6.0 compatible configurations.
- Improvement: transit-free ASNs filters are applied also to sessions toward transit-free peers.
Related: `issue #21 on GitHub <https://github.com/pierky/arouteserver/issues/21>`_.
- Fix (minor): better handling of user answers in ``configure`` and ``setup`` commands.
- Fix: ``clients-from-peeringdb``, list of IXPs retrieved from PeeringDB and no longer from IXFDB.
v0.17.3
-------
- Fix: ``clients-from-euroix`` command, use the configured cache directory.
v0.17.2
-------
- Fix: ``configure`` command, omit extended communities for OpenBGPD configurations.
This is to avoid the need of using the ``--ignore-issues extended_communities`` command line argument.
- Improvement: environment variables expansion when YAML configuration files are read.
v0.17.1
-------
- Fix: minor installation issues.
v0.17.0
-------
- New feature: allow to set the source of IRR objects.
AS-SETs can be prepended with an optional source: ``RIPE::AS-FOO``, ``RIPE::AS64496:AS-FOO``.
- New feature: support for RPKI-based Origin Validation added to OpenBGPD configurations.
RPKI ROAs must be loaded from a RIPE RPKI Validator cache file (local or via HTTP).
Mostly inspired by Job Snijders' tool https://github.com/job/rtrsub
- Improvement: RPKI ROAs can be loaded from a local file too.
The file must be in RIPE RPKI Validator cache format.
- Fix (minor): remove internal communities before accepting blackhole routes tagged with a custom blackhole community.
This bug did not affect routes tagged with the BLACKHOLE community; anyway, the internal communities were scrubbed before routes were announced to clients.
v0.16.2
-------
- Fix: avoid empty lists of prefixes when a client's ``white_list_pref`` contains only prefixes for an IP version different from the current one.
v0.16.1
-------
- Fix: handle the new version of the JSON schema built by `arin-whois-bulk-parser <https://github.com/NLNOG/arin-whois-bulk-parser>`__.
v0.16.0
-------
- Improvement: OpenBGPD, more flexibility for inbound communities values.
This allows to use inbound 'peer_as' communities which overlap with other inbound communities whose last *part* is a private ASN.
- New feature: use ARIN Whois database dump to authorize routes.
This feature allows to accept those routes whose origin ASN is authorized by a client AS-SET, whose prefix has not a corresponding route object but is covered by an ARIN Whois record for the same origin ASN.
- Improvement: extend the use of *RPKI ROAs as route objects* and *ARIN Whois database dump* to ``tag_as_set``-only mode.
Before of this, the *RPKI ROAs as route objects* and *ARIN Whois DB dump* features were used only when origin AS and prefix enforcing was set.
Starting with this release they are used even when enforcing is not configured and only the ``tag_as_set`` mode is used.
v0.15.0
-------
- New feature: ``configure`` and ``show_config`` *support* commands.
- ``configure``: it can be used to quickly generate a route server policy definition file (``general.yml``) on the basis of best practices and suggestions.
- ``show_config``: to display current configuration settings and also options that have been left to their default values.
- New feature: ``ixf-member-export`` command, to build `IX-F Member Export JSON files <https://github.com/euro-ix/json-schemas>`__ from the list of clients.
- Improvement: cache expiry time values can be set for each external resource type: PeeringDB info, IRR data, ...
v0.14.1
-------
- Fix: BIRD, "Unknown instruction 8574 in same (~)" error when reloading IPv6 configurations.
A `missing case <http://bird.network.cz/pipermail/bird-users/2017-January/010880.html>`__ for the ``!~`` operator triggers this bug when neighbors are established and trying to reload bird6 configuration.
Related: `issue #20 on GitHub <https://github.com/pierky/arouteserver/issues/20>`_.
v0.14.0
-------
This release **breaks backward compatibility** (OpenBGPD configs only): for OpenBGPD configurations, starting with this release the Site of Origin Extended BGP communities in the range 65535:* (``soo 65535:*``) are reserved for internal reasons.
- New feature: use RPKI ROAs as if they were route objects.
This feature allows to accept those routes whose origin ASN is authorized by a client AS-SET, whose prefix is not but it is covered by a RPKI ROA for the same origin ASN.
Related: `issue #19 on GitHub <https://github.com/pierky/arouteserver/issues/19>`_.
- New feature: automatic checking for new releases.
This can be disabled by setting ``check_new_release`` to False in ``arouteserver.yml``.
- Improvement: routes accepted solely because of a ``white_list_route`` entry are now tagged with the ``route_validated_via_white_list`` BGP community.
- Fix: on OpenBGPD configurations, in case of duplicate definition of a client's AS-SETs, duplicate BGP informational communities were added after the IRR validation process.
v0.13.0
-------
- New feature: an option to set RFC1997 well-known communities (NO_EXPORT/NO_ADVERTISE) handling policy: pass-through or strict RFC1997 behaviour.
This **breaks backward compatibility**: previously, NO_EXPORT/NO_ADVERTISE communities were treated accordingly to the default implementation of the BGP speaker daemon (BIRD, OpenBGPD). Now, ARouteServer's default setting is to treat routes tagged with those communities transparently, that is to announce them to other clients and to pass-through the original RFC1997 communities.
- Improvement: when using PeeringDB records to configure the max-prefix limits, a margin is took into account to accomodate networks that fill the PeeringDB records with their exact route announcement count.
This **breaks backward compatibility**: if using max-prefix from PeeringDB, current limits will be raised by the default increment values (+100, +15%): this behaviour can be reverted to the pre-v0.13.0 situation by explicitly setting the ``max_prefix.peering_db.increment`` configuration section to ``0/0``.
Related: `issue #12 on GitHub <https://github.com/pierky/arouteserver/issues/12>`_.
- New feature: client-level white lists for IRRdb-based filters.
This allows to manually enter routes that must always be accepted by IRRdb-level checks and prefixes and ASNs that must be treated as if they were included within client's AS-SETs.
Related: `issue #16 on GitHub <https://github.com/pierky/arouteserver/issues/16>`_.
v0.12.3
-------
- Improvement: always take the AS*n* macro into account when building IRRdb-based filters.
Related: `issue #15 on GitHub <https://github.com/pierky/arouteserver/issues/15>`_.
v0.12.2
-------
- Fix: an issue on OpenBGPD builder class was preventing features offered via large BGP communities only from being actually implemented into the final configuration.
Related: `issue #11 on GitHub <https://github.com/pierky/arouteserver/issues/11>`_.
v0.12.1
-------
- Fix an issue that was impacting templates upgrading under certain circumstances.
Related: `issue #10 on GitHub <https://github.com/pierky/arouteserver/issues/10>`_.
v0.12.0
-------
- OpenBGPD 6.2 support.
- New feature: `Graceful BGP session shutdown <https://tools.ietf.org/html/draft-ietf-grow-bgp-gshut-11>`_ support, to honor GRACEFUL_SHUTDOWN communities received from clients and also to perform graceful shutdown of the route server itself (``--perform-graceful-shutdown`` `command line argument <https://arouteserver.readthedocs.io/en/latest/USAGE.html#perform-graceful-shutdown>`__).
v0.11.0
-------
- Python 3.4 support.
- Improvement: GT registry removed from the sources used to gather info from IRRDB.
Related: `PR #8 on GitHub <https://github.com/pierky/arouteserver/pull/8>`_.
- Improvement: multiple AS-SETs used for the same client are now grouped together and queried at one time.
This allows to leverage bgpq3's ability and speed to aggregate results in order to have smaller configuration files.
v0.10.0
-------
- New feature: when IRRDB-based filters are enabled and no AS-SETs are configured for a client, if the ``cfg.filtering.irrdb.peering_db`` option is set ARouteServer tries to fetch their values from the client's ASN record on PeeringDB.
Related: `issue #7 on GitHub <https://github.com/pierky/arouteserver/issues/7>`_.
- Improvement: config building process performances,
- reduced memory consumption by moving IRRDB information from memory to temporary files;
- responses for empty/missing resources are also cached;
- fix a wrong behaviour that led to multiple PeeringDB requests for the same ASN.
- Improvement: ``clients-from-euroix`` command, the new ``--merge-from-peeringdb`` option can be used to integrate missing information into the output clients list by fetching AS-SETs and max-prefix limit from PeeringDB.
v0.9.3
------
- Fix: OpenBGPD, an issue was causing values > 65535 to be used in standard BGP communities matching.
v0.9.2
------
- Fix: remove quotes from clients description.
- Fix: OpenBGPD, syntax error for prefix lists with 'range X - X' format.
- Fix: ``clients-from-euroix`` command, members with multiple ``vlan`` objects with the same ``vlan_id`` were not properly listed in the output, only the first object was used.
v0.9.1
------
- Improvement: BIRD, new default debug options (``states, routes, filters, interfaces, events``, was ``all``).
If needed, they can be overwritten using the ``header`` `custom .local file <https://arouteserver.readthedocs.io/en/latest/CONFIG.html#site-specific-custom-config>`_.
- Fix: *enrichers* errors handling reported a generic message with no further details.
- Fix: HTTP 404 error handling for "Entity not found" error from PeeringDB.
- Fix: OpenBGPD, large prefix lists were causing a "string too long" error.
- Fix: OpenBGPD, clients descriptions longer than 31 characters were not properly truncated.
v0.9.0
------
- New feature: RTT-based communities to control propagation of routes on the basis of peers round trip time.
- Improvement: in conjunction with the "tag" reject policy, the ``rejected_route_announced_by`` BGP community can be used to track the ASN of the client that announced an invalid route to the server.
- Fix: when the "tag" reject policy is used, verify that the ``reject_cause`` BGP community is also set.
v0.8.1
------
- Fix: default user configuration path not working.
v0.8.0
------
- New feature: `reject policy <https://arouteserver.readthedocs.io/en/latest/CONFIG.html#reject-policy>`_ configuration option, to control how invalid routes must be treated: immediately discarded or kept for troubleshooting purposes, analysis or statistic reporting.
- New tool: `invalid routes reporter <https://arouteserver.readthedocs.io/en/latest/TOOLS.html>`_.
- Fix: the following networks have been removed from the bogons.yml file: 193.239.116.0/22, 80.249.208.0/21, 164.138.24.80/29.
v0.7.0
------
- New feature: `custom BGP communities <https://arouteserver.readthedocs.io/en/latest/CONFIG.html#custom-bgp-communities>`_ can be configured on a client-by-client basis to tag routes entering the route server (for example, for informative purposes).
- Fix: validation of BGP communities configuration for OpenBGPD.
Error is given if a peer-AS-specific BGP community overlaps with another community, even if the last part of the latter is a private/reserved ASN.
- Improvement: the custom ``!include <filepath>`` statement can be used now in YAML configuration files to include other files.
More details `here <https://arouteserver.readthedocs.io/en/latest/CONFIG.html#yaml-files-inclusion>`__.
- Improvement: IRRDB-based filters can be configured to allow more specific prefixes (``allow_longer_prefixes`` option).
v0.6.0
------
- OpenBGPD 6.1 support: enable large BGP communities support.
- Improvement: the ``clients-from-peeringdb`` command now uses the `IX-F database <http://www.ix-f.net/ixp-database.html>`_ to show a list of IXP and their PeeringDB ID.
- Improvement: enable NEXT_HOP rewriting for IPv6 blackhole filtering requests on OpenBGPD after `OpenBSD 6.1 fixup <https://github.com/openbsd/src/commit/f1385c8f4f9b9e193ff65d9f2039862d3e230a45>`_.
Related: `issue #3 <https://github.com/pierky/arouteserver/issues/3>`_.
- Improvement: BIRD, client-level `.local file <https://arouteserver.readthedocs.io/en/latest/CONFIG.html#site-specific-custom-config>`_.
- Improvement: next-hop checks, the ``authorized_addresses`` option allows to authorize IP addresses of non-client routers for NEXT_HOP attribute of routes received from a client.
v0.5.0
------
- Fix: avoid the use of standard communities in the range 65535:x.
- Improvement: option to set max-prefix restart timer for OpenBGPD.
- Deleted feature: tagging of routes a' la RPKI-Light has been removed.
- The ``reject_invalid`` flag, that previously was on general scope only, now can be set on a client-by-client basis.
- The ``roa_valid``, ``roa_invalid``, and ``roa_unknown`` communities no longer exist.
Related: `issue #4 on GitHub <https://github.com/pierky/arouteserver/issues/4>`_
This **breaks backward compatibility**.
- New feature: `BIRD hooks <https://arouteserver.readthedocs.io/en/latest/CONFIG.html#bird-hooks>`_ to add site-specific custom implementations.
- Improvement: `BIRD local files <https://arouteserver.readthedocs.io/en/latest/CONFIG.html#site-specific-custom-config>`_.
This **breaks backward compatibility**: previously, \*.local, \*.local4 and \*.local6 files that were found in the same directory where the BIRD configuration was stored were automatically included. Now, only the header([4|6]).local and footer([4|6]).local files are included, depending on the values passed to the ``--use-local-files`` command line argument.
- Improvement: ``setup`` command and program's configuration file.
The default path of the cache directory (*cache_dir* option) has changed: it was ``/var/lib/arouteserver`` and now it is ``cache``, that is a directory which is relative to the *cfg_dir* option (by default, the directory where the program's configuration file is stored).
v0.4.0
------
- OpenBGPD support (some `limitations <https://arouteserver.readthedocs.io/en/latest/CONFIG.html#caveats-and-limitations>`_ apply).
- Add MD5 password support on clients configuration.
- The ``build`` command used to generate route server configurations has been removed in favor of BGP-speaker-specific sub-commands: ``bird`` and ``openbgpd``.
v0.3.0
------
- New ``--test-only`` flag for builder commands.
- New ``--clients-from-euroix`` `command <https://arouteserver.readthedocs.io/en/latest/USAGE.html#create-clients-yml-file-from-euro-ix-member-list-json-file>`_ to build the ``clients.yml`` file on the basis of records from an `Euro-IX member list JSON file <https://github.com/euro-ix/json-schemas>`_.
This also allows the `integration <https://arouteserver.readthedocs.io/en/latest/USAGE.html#ixp-manager-integration>`_ with `IXP-Manager <https://github.com/inex/IXP-Manager>`_.
- New BGP communities: add NO_EXPORT and/or NO_ADVERTISE to any client or to specific peers.
- New option (set by default) to automatically add the NO_EXPORT community to blackhole filtering announcements.
v0.2.0
------
- ``setup-templates`` command to just sync local templates with those distributed within a new release.
- Multithreading support for tasks that acquire data from external sources (IRRDB info, PeeringDB max-prefix).
Can be set using the ``threads`` option in the ``arouteserver.yml`` configuration file.
- New ``template-context`` command, useful to dump the list of context variables and data that can be used inside a template.
- New empty AS-SETs handling: if an AS-SET is empty, no errors are given but only a warning is logged and the configuration building process goes on.
Any client with IRRDB enforcing enabled and whose AS-SET is empty will have its routes rejected by the route server.
v0.1.2
------
- Fix local files usage among IPv4/IPv6 processes.
Before of this release, only *.local* files were included into the route server configuration, for both the IPv4 and IPv6 configurations.
After this, *.local* files continue to be used for both the address families but *.local4* and *.local6* files can also be used to include IP version specific options, depending on the IP version used to build the configuration. Details `here <https://arouteserver.readthedocs.io/en/latest/CONFIG.html#site-specific-custom-configuration-files>`__.
To upgrade:
.. code:: bash
# pull from GitHub master branch or use pip:
pip install --upgrade arouteserver
# install the new template files into local system
arouteserver setup
v0.1.1
------
- Add local static files into the route server's configuration.
v0.1.0
------
- First beta version.
v0.1.0a11
---------
- The ``filtering.rpsl`` section of general and clients configuration files has been renamed into ``filtering.irrdb``.
- The command line argument ``--template-dir`` has been renamed into ``--templates-dir``.
- New options in the program's configuration file: ``bgpq3_host`` and ``bgpq3_sources``, used to set bgpq3 ``-h`` and ``-S`` arguments when gathering info from IRRDBs.
v0.1.0a10
---------
- New command to build textual representations of configurations: ``html``.
v0.1.0a9
--------
- New command to initialize a custom live test scenario: ``init-scenario``.
v0.1.0a8
--------
- New feature: selective path prepending via BGP communities.
- The ``control_communities`` general option has been removed: it was redundant.
v0.1.0a7
--------
- Improved communities configuration and handling.
- Fix issue on standard communities matching against 32-bit ASNs.
- Fix issue on IPv6 prefix validation.
v0.1.0a6
--------
- New feature: RPKI-based filtering/tagging.
v0.1.0a5
--------
- New feature: transit-free ASNs filtering.
- Program command line: subcommands + ``clients-from-peeringdb``.
- More logging and some warning.
v0.1.0a4
--------
- Fix issue with GTSM default value.
- Add default route to bogons.
- Better as-sets handling and cache handling.
- Config syntax change: clients 'as' -> 'asn'.
- AS-SETs at AS-level.
- Live tests: path hiding mitigation scenario.
- Improvements in templates.
v0.1.0a3
--------
- Fix some cache issues.
v0.1.0a2
--------
- Packaging.
- System setup via ``arouteserver --setup``.
v0.1.0a1
--------
First push on GitHub.
Raw data
{
"_id": null,
"home_page": "https://github.com/pierky/arouteserver",
"name": "arouteserver",
"maintainer": "Pier Carlo Chiodi",
"docs_url": null,
"requires_python": null,
"maintainer_email": "pierky@pierky.com",
"keywords": "BGP, Route server, BIRD, IP Routing, OpenBGPD, IXP, IX, Internet Exchange",
"author": "Pier Carlo Chiodi",
"author_email": "pierky@pierky.com",
"download_url": "https://files.pythonhosted.org/packages/61/77/4f2505326f3d14021565e1a54711e18513fa3778e8d0822885539ab23846/arouteserver-1.23.1.tar.gz",
"platform": null,
"description": ".. DO NOT EDIT: this file is automatically created by /utils/build_doc\n\nARouteServer\n============\n\n|Documentation| |Build Status| |Unique test cases| |PYPI Version| |Python Versions|\n\n\nA Python tool to automatically build (and test) feature-rich configurations for BGP route servers.\n\nHow it works\n------------\n\n#. Two YAML files provide *general policies* and *clients configurations* options:\n\n .. code:: yaml\n\n cfg:\n rs_as: 64496\n router_id: \"192.0.2.2\"\n filtering:\n irrdb:\n enforce_origin_in_as_set: True\n enforce_prefix_in_as_set: True\n rpki_bgp_origin_validation:\n enabled: True\n reject_invalid: True\n ...\n\n .. code:: yaml\n\n clients:\n - asn: 64511\n ip:\n - \"192.0.2.11\"\n - \"2001:db8:1:1::11\"\n irrdb:\n as_sets:\n - \"RIPE::AS-FOO\"\n ...\n\n#. ARouteServer acquires external information to enrich them: i.e. `bgpq4`_/`bgpq3`_ for IRR data, `PeeringDB`_ for max-prefix limit and AS-SETs, RPKI ROAs, ...\n\n#. `Jinja2`_ built-in templates are used to render the final route server's configuration file.\n\n Currently, **BIRD** (>= 1.6.3 up to 1.6.8), **BIRD v2** (starting from 2.0.7), **BIRD v3** (only for testing, still in pre-release/alpha) and **OpenBGPD** (OpenBSD >= 7.0 also OpenBGPD Portable >= 7.0) are supported, with almost `feature parity <https://arouteserver.readthedocs.io/en/latest/SUPPORTED_SPEAKERS.html#supported-features>`__ between them.\n\n**Validation** and testing of the configurations generated with this tool are performed using the built-in **live tests** framework: `Docker`_ instances are used to simulate several scenarios and to validate the behaviour of the route server after configuring it with ARouteServer. More details on the `Live tests <https://arouteserver.readthedocs.io/en/latest/LIVETESTS.html>`__ section.\n\nA Docker-based `playground <https://github.com/pierky/arouteserver/tree/master/tools/playground>`__ is available to experiment with the tool in a virtual IXP environment.\n\nAlso, a `Docker image <https://hub.docker.com/r/pierky/arouteserver>`__ is provided to start building rich and secure configurations in a couple of minutes.\n\n.. _bgpq3: https://github.com/snar/bgpq3\n.. _bgpq4: https://github.com/bgp/bgpq4\n.. _PeeringDB: https://www.peeringdb.com/\n.. _Jinja2: http://jinja.pocoo.org/\n.. _Docker: https://www.docker.com/\n\nFeatures\n--------\n\n- **Path hiding** mitigation techniques (`RFC7947`_ `section 2.3.1 <https://tools.ietf.org/html/rfc7947#section-2.3.1>`__).\n\n- Basic filters (mostly enabled by default):\n\n - **NEXT_HOP** enforcement (strict / same AS - `RFC7948`_ `section 4.8 <https://tools.ietf.org/html/rfc7948#section-4.8>`__);\n - minimum and maximum IPv4/IPv6 **prefix length**;\n - maximum **AS_PATH length**;\n - reject **invalid AS_PATHs** (containing `private/invalid ASNs <http://mailman.nanog.org/pipermail/nanog/2016-June/086078.html>`_);\n - reject AS_PATHs containing **transit-free** or **never via route-servers** ASNs (using `PeeringDB info_never_via_route_servers attribute <https://github.com/peeringdb/peeringdb/issues/394>`__);\n - reject **bogons**;\n - **max-prefix limit** based on global or client-specific values or on **PeeringDB** data.\n\n- Prefixes and origin ASNs validation (also in *tag-only* mode):\n\n - **IRR-based filters** (`RFC7948`_ `section 4.6.2 <https://tools.ietf.org/html/rfc7948#section-4.6.2>`__);\n - AS-SETs configured manually or fetched from PeeringDB;\n - support for **IRR sources** (RIPE::AS-FOO, RADB::AS-BAR);\n - **white lists** support;\n - extended dataset for filters generation:\n\n - RPKI **ROAs used as route objects**;\n - `Origin AS <https://mailman.nanog.org/pipermail/nanog/2017-December/093525.html>`__ from **ARIN Whois** database dump;\n - `NIC.BR Whois data <https://ripe76.ripe.net/presentations/43-RIPE76_IRR101_Job_Snijders.pdf>`_ (slide n. 26) from Registro.br;\n\n - **RPKI**-based filtering (BGP Prefix Origin Validation);\n\n - ROAs can be retrieved from publicly available JSON files or from a local validating cache;\n\n - Route Leak Prevention and Detection Using **BGP Roles** (`RFC9234`_).\n\n- **Blackhole filtering** support:\n\n - optional **NEXT_HOP rewriting**;\n - signalling via BGP Communities (`BLACKHOLE <https://tools.ietf.org/html/rfc7999#section-5>`__ and custom communities);\n - client-by-client control over propagation.\n\n- **Graceful shutdown** support:\n\n - honor the **GRACEFUL_SHUTDOWN** BGP community received from clients (`draft-ietf-grow-bgp-gshut-11 <https://tools.ietf.org/html/draft-ietf-grow-bgp-gshut-11>`_);\n - allow to perform a graceful shutdown of the route server itself.\n\n- Control and informative BGP communities:\n\n - prefix/origin ASN present/not present in **IRRDBs data**;\n - do (not) announce to any / **peer** / on **RTT basis**;\n - **prepend** to any / **peer** / on **RTT basis**;\n - add **NO_EXPORT** / **NO_ADVERTISE** to any / **peer**;\n - **32bit ASNs mapping** to 16bit ASNs for announcement control BGP communities;\n - `Euro-IX large BGP communities <https://www.euro-ix.net/en/forixps/large-bgp-communities/>`__ to track reject reasons;\n - custom informational BGP communities.\n\n- Optional session features on a client-by-client basis:\n\n - prepend route server ASN (`RFC7947`_ `section 2.2.2.1 <https://tools.ietf.org/html/rfc7947#section-2.2.2.1>`__);\n - active sessions;\n - **GTSM** (Generalized TTL Security Mechanism - `RFC5082`_);\n - **ADD-PATH** capability (`RFC7911`_).\n - `RFC8950`_ **IPv6 NEXT_HOP for IPv4 routes**.\n\n- Automatic building of clients list:\n\n - `integration <https://arouteserver.readthedocs.io/en/latest/USAGE.html#ixp-manager-integration>`__ with **IXP-Manager**;\n - `fetch lists <https://arouteserver.readthedocs.io/en/latest/USAGE.html#automatic-clients>`__ from **PeeringDB** records and **Euro-IX member list JSON** files.\n\n- **IX-F Member Export** JSON files `creation <https://arouteserver.readthedocs.io/en/latest/USAGE.html#ixf-member-export-command>`__.\n\n- Related tools:\n\n - The `Playground <https://github.com/pierky/arouteserver/tree/master/tools/playground>`__, to experiment with the tool in a virtual IXP environment.\n\n - `Invalid routes reporter <https://arouteserver.readthedocs.io/en/latest/TOOLS.html#invalid-routes-reporter>`__, to log or report invalid routes and their reject reason.\n\nA comprehensive list of features can be found within the comments of the distributed configuration file on `GitHub <https://github.com/pierky/arouteserver/blob/master/config.d/general.yml>`__ or on the `documentation web page <https://arouteserver.readthedocs.io/en/latest/GENERAL.html>`__.\n\nMore feature are already planned: see the `Future work <https://arouteserver.readthedocs.io/en/latest/FUTUREWORK.html>`__ section for more details.\n\n.. _RFC7947: https://tools.ietf.org/html/rfc7947\n.. _RFC7948: https://tools.ietf.org/html/rfc7948\n.. _RFC9234: https://tools.ietf.org/html/rfc9234\n.. _RFC5082: https://tools.ietf.org/html/rfc5082\n.. _RFC7911: https://tools.ietf.org/html/rfc7911\n.. _RFC8950: https://tools.ietf.org/html/rfc8950\n\nFull documentation\n------------------\n\nFull documentation can be found on ReadTheDocs: https://arouteserver.readthedocs.org/\n\nPresentations\n-------------\n\n- Euro-IX \"Learn with us: ARouteServer tutorial\", 28 July 2021: `video <https://www.youtube.com/watch?v=aiBeFs6xnYs>`__ (33:13)\n\n- RIPE74, 10 May 2017, Connect Working Group: `video <https://ripe74.ripe.net/archives/video/87/>`__ (9:53), `slides <https://ripe74.ripe.net/presentations/22-RIPE74-ARouteServer.pdf>`__ (PDF)\n\n- Salottino MIX, 30 May 2017: `slides <https://www.slideshare.net/PierCarloChiodi/salottino-mix-2017-arouteserver-ixp-automation-made-easy>`__\n\nMentions / endorsements:\n\n- Job Snijders, LACNIC29, 3 May 2018: `slides <https://www.lacnic.net/innovaportal/file/2621/1/lacnic29_peering_tutorial.pdf>`__ (PDF)\n\n- Anurag Bhatia, APNIC46, 12 September 2018: `video <https://www.youtube.com/watch?v=XfSNQbiR1cg&t=3140>`__, `slides <https://conference.apnic.net/46/assets/files/APNC402/Automate-your-IX-config.pdf>`__ (PDF)\n\n- Claudio Jeker, RIPE Labs, 28 November 2018: `OpenBGPD - Adding Diversity to the Route Server Landscape <https://labs.ripe.net/Members/claudio_jeker/openbgpd-adding-diversity-to-route-server-landscape>`__.\n\nWho is using ARouteServer?\n--------------------------\n\n- `BharatIX <https://www.bharatix.net/>`__, BIRD.\n\n- `CATNIX <http://www.catnix.net/en/>`__, BIRD.\n\n- `CHIX <https://chix.ch/>`__, BIRD and OpenBGPD.\n\n- `CNX <http://cnx.net.kh/>`__, BIRD v2.\n\n- `DO-IX <https://www.do-ix.net/>`__, BIRD.\n\n- `EVIX <https://evix.org/>`__, BIRD.\n\n- `FCIX <https://fcix.net/>`__, BIRD.\n\n- `GAVLIX <https://gavlix.se/>`__.\n\n- `GigaPIX <https://gigapix.pt/>`__, BIRD and BIRD v2.\n\n- `IX Australia <https://www.ix.asn.au/>`__, BIRD v2.\n\n- `IX-Denver <http://ix-denver.org/>`__, BIRD.\n\n- `MBIX <http://www.mbix.ca/>`__, BIRD.\n\n- `MIX <https://www.mix-it.net/>`__, BIRD.\n\n- `Netnod <https://www.netnod.se/>`__, BIRD and GoBGP\\ :sup:`1`\\.\n\n- `NIXI Mumbai (GPX) <https://nixi.in/>`__, BIRD.\n\n- `NZIX <https://ix.nz/>`__, BIRD v2.\n\n- `PIT-IX <https://pit-ix.net/>`__, BIRD.\n\n- `QCIX <http://www.qcix.net/>`__, BIRD.\n\n- `RO-CIX <https://roix.net/>`__, OpenBGPD.\n\n- `SFMIX <https://sfmix.org/>`__, BIRD and OpenBGPD.\n\n- `SONIX <https://sonix.network/>`__, BIRD v2.\n\n- `SwissIX <https://www.swissix.ch/>`__, OpenBGPD.\n\n- `Unmetered.Exchange <https://unmetered.exchange/>`__, BIRD.\n\n- `VANIX <https://vanix.ca/>`__.\n\n- `YEGIX <https://yegix.ca>`__, OpenBGPD.\n\n- `YXEIX <http://yxeix.ca/>`__, OpenBGPD.\n\n- `YYCIX <https://yycix.ca>`__, OpenBGPD.\n\nAre you using it? Do you want to be listed here? `Drop me a message <https://pierky.com/#contactme>`__!\n\n\\ :sup:`1`\\: GoBGP configurations are generated using a fork of the project which is still WIP and that hopefully will be merged upstream in the future.\n\nBug? Issues? Support requests?\n------------------------------\n\nBut also suggestions? New ideas?\n\nPlease create an `issue on GitHub <https://github.com/pierky/arouteserver/issues>`_ or `drop me a message <https://pierky.com/#contactme>`_.\n\nA Slack channel is also available on the `network.toCode() <https://networktocode.herokuapp.com/>`__ community: **arouteserver**.\n\nAuthor\n------\n\nPier Carlo Chiodi - https://pierky.com\n\nBlog: https://blog.pierky.com Twitter: `@pierky <https://twitter.com/pierky>`_\n\n.. |Documentation| image:: https://readthedocs.org/projects/arouteserver/badge/?version=latest\n :target: https://arouteserver.readthedocs.org/en/latest/?badge=latest\n.. |Build Status| image:: https://github.com/pierky/arouteserver/actions/workflows/cicd.yml/badge.svg?branch=master\n :target: https://github.com/pierky/arouteserver/actions/workflows/cicd.yml\n.. |Unique test cases| image:: https://img.shields.io/badge/dynamic/json.svg?uri=https://raw.githubusercontent.com/pierky/arouteserver/master/tests/last.json&label=unique%20test%20cases&query=$.unique_test_cases&colorB=47C327\n :target: https://github.com/pierky/arouteserver/blob/master/tests/last\n.. |PYPI Version| image:: https://img.shields.io/pypi/v/arouteserver.svg\n :target: https://pypi.python.org/pypi/arouteserver/\n.. |Python Versions| image:: https://img.shields.io/pypi/pyversions/arouteserver.svg\n :target: https://pypi.python.org/pypi/arouteserver/\n\n\nChange log\n==========\n\n.. note:: **Upgrade notes**: after upgrading, run the ``arouteserver setup-templates`` command to sync the local templates with those distributed with the new version. More details on the `Upgrading <https://arouteserver.readthedocs.io/en/latest/INSTALLATION.html#upgrading>`__ section of the documentation.\n\n1.23.1\n------\n\n- Fix: ``clients-from-euroix`` ``--guess-custom-bgp-communities`` multiple values not handled\n\n When ``clients-from-euroix`` was used with ``--guess-custom-bgp-communities``, if multiple values were passed (like country colocation city) only one was used to attach the custom community to the client.\n\n1.23\n----\n\n- Fix: Remove second double string 'AS'.\n\n Cosmetic: remove the double 'AS' prefix from the comments in AS-SET names in BIRD configurations.\n\n See also `GitHub issue 132 <https://github.com/pierky/arouteserver/issues/132>`__.\n\n- Fix: parse Registro.br records gracefully.\n\n In case of parsing issues in the records exported by the Registro.br dataset, the tool now logs a warning message and skips the record.\n The configuration generation no longer fails in this case.\n\n See also `GitHub PR 135 <https://github.com/pierky/arouteserver/pull/135>`__, `GitHub issue 138 <https://github.com/pierky/arouteserver/issues/138>`__.\n\n- Fix: just log failed Registro.br record content in case of issues.\n\n When a parsing error occurs in the Registro.br dataset, the tool now logs the content of the record that caused the issue, instead of the whole file.\n\n See also `GitHub issue 138 <https://github.com/pierky/arouteserver/issues/138>`__.\n\n- Fix: ``clients-from-peeringdb``, reduce the number of PeeringDB API queries per minute.\n\n To avoid hitting the PeeringDB API rate limit, a delay is introduced between the queries performed to fetch clients' details when the ``clients-from-peeringdb`` command is used.\n\n See also `GitHub issue 139 <https://github.com/pierky/arouteserver/issues/139>`__.\n\n- Improvement: avoid warnings when ``bgpq4`` prints ``Invalid AS number:`` errors.\n\n When ``Invalid AS number:`` lines are printed by ``bgpq4``, avoid generating the ``bgpq4 succeeded but an error was printed`` warnings.\n\n- Improvement (Docker image): allow generation of clients.yml from Euro-IX files.\n\n A new environment variable is introduced (``EURO_IX_URL``) to instruct the Docker container to build the clients.yml file from the Euro-IX JSON export file.\n\n See also `GitHub PR 136 <https://github.com/pierky/arouteserver/pull/136>`__.\n\n- Improvement (Docker image): allow use of custom templates.\n\n A new environment variable is introduced (``TEMPLATES_DIR``) to instruct the Docker container to use custom templates for the configuration generation.\n\n- Tests are no longer performed for Python 3.7 (EoL).\n\n- Tests for Python 3.12 are introduced: that's the release used to perform the integration tests.\n\n- Docker images are built on top of Python 3.12 and PyPy 3.10, and use ``bgpq4`` version 1.12.\n\n1.22.1\n------\n\n- Fix: IPv4 prefix length verification when RFC8950 is enabled.\n\n When a peer is configured for RFC8950 support, the prefix length is checked for the IPv6 limits only. This will permit too long IPv4 (up to /48) prefixes and will reject short IPv4 (< /12) prefixes.\n\n See also `GitHub issue 130 <https://github.com/pierky/arouteserver/issues/130>`__.\n\n1.22.0\n------\n\n- New: add support of IPv6 NEXT_HOP for IPv4 routes (`RFC8950 <https://tools.ietf.org/html/rfc8950>`__).\n\n Only available for BIRD 2.x.\n\n1.21.7\n------\n\n- New: add support for `BIRD 2.15 <https://www.mail-archive.com/bird-users@network.cz/msg07905.html>`__ and `OpenBGPD 8.4 <https://www.undeadly.org/cgi?action=article;sid=20240308064655>`__, also added to the integration testing suite.\n\n1.21.6\n------\n\n- Fix: fetching Registro.br dataset via HTTPS.\n\n A *\"Can't decode Registro.br Whois DB raw file\"* error was raised when trying to fetch the dataset from Registro.br using HTTPS.\n\n See also `GitHub PR 128 <https://github.com/pierky/arouteserver/issues/128>`__.\n\n1.21.5\n------\n\n- Fix: ``irr-as-set`` command, the parser considers hierarchical AS-SET names.\n\n Names in the format ``AS<n>:<s>`` were considered as in the format ``source:name``.\n\n See also `GitHub issue 126 <https://github.com/pierky/arouteserver/issues/126>`__.\n\n1.21.4\n------\n\n- Fix: ``irr-as-set`` command, omit AS-SETs having a source different from the target registry.\n\n The list of members used to build the IRR object no longer includes client's AS-SETs if their origin does not match the registry for which the object is being created.\n\n See also `GitHub issue 126 <https://github.com/pierky/arouteserver/issues/126>`__.\n\n- Improvement: ``irr-as-set`` command, ``--include-members`` and ``--exclude-members`` options.\n\n Add options to the command that allow the operator to include/exclude AS-SETs from the members list of the object being generated.\n\n1.21.3\n------\n\n- Fix: ``--merge-from-custom-file`` overriding configs from ``clients-from-euroix``.\n\n The ``--merge-from-custom-file`` option of the ``clients-from-euroix`` command is supposed to merge the configurations from a local file into the final content that it generates for clients.yml. However, a bug was triggering an undesired behaviour, for which the ``cfg`` settings from the local file were overriding those automatically generated by the command. This was leading to the removal of information such as max-prefix and as-set that were originally populated using the Euro-IX records.\n\n1.21.2\n------\n\n- New: add support for `BIRD 2.14 <http://trubka.network.cz/pipermail/bird-users/2023-October/017161.html>`__ and `OpenBGPD 8.3 <https://www.mail-archive.com/tech@openbsd.org/msg76545.html>`__, also added to the integration testing suite.\n\n1.21.1\n------\n\n- New: add support for `OpenBGPD 8.0 <https://undeadly.org/cgi?action=article;sid=20230505054214>`__, also added to the integration testing suite.\n\n- New: add early support for BIRD v3 (current release `3.0alpha2 <https://bird.network.cz/pipermail/bird-users/2023-May/016913.html>`__), for testing purposes only.\n\n1.21.0\n------\n\nThis release **breaks backward compatibility** (BIRD configs only): the default target version used to build BIRD configurations (when the ``--target-version`` argument is not given) is now the latest from the version 2 of BIRD (2.13 at the moment); previously it was 1.6.8. Use the ``--target-version 1.6.8`` command line argument to build 1.6 compatible configurations.\n\nPlease note: `BIRD 1 will reach end of life at the end of the year 2023 <https://www.mail-archive.com/bird-users@network.cz/msg07316.html>`__.\n\n- New: add support for `BIRD 2.13 <https://www.mail-archive.com/bird-users@network.cz/msg07305.html>`__, also added to the integration testing suite.\n\n- New: support to build configurations for multiple route servers at once.\n\n Providing a list of values in the ``router_id`` setting of the ``general.yml`` file allows ARouteServer to build configurations for multiple route servers during the same execution.\n\n For more details see `Building configurations for multiple route servers <https://arouteserver.readthedocs.io/en/latest/CONFIG.html#building-configurations-for-multiple-route-servers>`__ on the doc web site.\n\n- Fix: ``ixf-member-export`` (to build an Euro-IX JSON export file from clients.yml) now sets the ``routeserver`` flag of members to ``True``.\n\n See also `GitHub issue 120 <https://github.com/pierky/arouteserver/issues/120>`__.\n\n1.20.1\n------\n\n- New: add support for `OpenBGPD 7.8 <https://www.mail-archive.com/tech@openbsd.org/msg74147.html>`__, also added to the integration testing suite.\n\n1.20.0\n------\n\n- Deprecation: support for overly old OpenBGPD versions (< 7.0) is removed.\n\n See `GitHub PR 117 <https://github.com/pierky/arouteserver/pull/117>`__.\n\n- New: add support for `BIRD 2.0.11 <https://bird.network.cz/pipermail/bird-users/2022-December/016431.html>`__, also added to the integration testing suite.\n\n- New: mapping of 32bit ASNs to 16bit private ASNs for announcement control standard BGP communities.\n\n A new feature is added to allow 32bit ASN clients to be mapped to 16bit ASNs in the standard BGP communities used for announcement control. This feature allows clients to use the 16bit mapped ASN as the ``peer_as`` value for standard BGP communities like *do not announce to $PEER*. In those communities, the 32bit ASN will be represented by the 16bit value which is mapped to it.\n\n For details on how to configure this feature, see the documentation, `\"BGP Communities\" section <https://arouteserver.readthedocs.io/en/latest/CONFIG.html#bgp-communities>`__.\n\n See also `GitHub issue 101 <https://github.com/pierky/arouteserver/issues/101>`__.\n\n- New: add support for `RFC9234 Route Leak Prevention and Detection Using Roles <https://www.rfc-editor.org/rfc/rfc9234>`__.\n\n A new configuration option is available in general.yml to enable RFC9234 roles (supported by BIRD >= 2.0.11 and OpenBGPD >= 7.5, even though `discouraged until 7.8 will be out <https://github.com/openbgpd-portable/openbgpd-portable/issues/51>`__).\n When that's set, BGP sessions on the route server are configured to announce the route-server role and routes received from clients and tagged with the OTC (Only To Customer) attribute are dropped.\n\n This option can be enabled in backward compatibility mode in the general.yml file, and can also be tuned on a client-by-client basis via the clients.yml file.\n\n Details can be found in the `documentation page of general.yml <https://arouteserver.readthedocs.io/en/latest/GENERAL.html#rfc9234-roles-roles>`__.\n\n- New: anchors in HTML pages.\n\n The route server policy textual representation HTML files generated via the ``html`` command now have anchors at the various headers and sub-headers, so when referring other parties to the policy they can be pointed directly to the relevant section.\n\n See also `GitHub issue 119 <https://github.com/pierky/arouteserver/issues/119>`__.\n\n- Fix: minor issues with the HTML pages.\n\n Wrong URL in some links and a misleading reference to a wrong mailing list post about private ASNs.\n\n See also `GitHub issue 119 <https://github.com/pierky/arouteserver/issues/119>`__.\n\nPlease note: starting with the next release, the default target version used to build BIRD configurations (when the ``--target-version`` argument is not given) will be the latest from the 2.x major version; until now it was 1.6.8. Operators will need to use the ``--target-version 1.6.8`` command line argument to build BIRD 1.x compatible configurations.\n\n1.19.0\n------\n\n- Deprecation: the ARIN Whois OriginAS feature (config knob ``use_arin_bulk_whois_data``, documented in `Use ARIN Whois database to accept routes <https://arouteserver.readthedocs.io/en/latest/CONFIG.html#use-arin-whois-database-to-accept-routes>`__) is being deprecated.\n\n Per `Recommended Draft Policy ARIN-2021-8 <https://www.arin.net/participate/policy/drafts/2021_8/>`__, the \"Autonomous System Originations\" field is going to be removed from the ARIN database. Consequentially, this feature that is based on that is going to be deprecated as well and will be dropped in future releases of ARouteServer.\n\n Operators that will run ARouteServer with ``use_arin_bulk_whois_data.enabled`` set to ``True`` will see a warning message being logged, about the deprecation.\n\n The publicly available intermediate data relay which was running on the NLNOG infrastructure already removed the source file, which was used to fetch those records. So, operators willing to support this feature will need to provide their own version of the file.\n\n See also `GitHub issue 116 <https://github.com/pierky/arouteserver/issues/116>`__.\n\n1.18.0\n------\n\nNo new functionalities nor bug fixes here, just a change in the releases of Python which are supported and tested.\n\n- Tests are no longer performed for Python 3.6 (EoL).\n\n- Tests for Python 3.10 and 3.11 are introduced: 3.11 is the release used to perform the integration tests.\n\n- Docker images are built on top of Python 3.11 and PyPy 3.9.\n\n1.17.1\n------\n\n- New: add support for OpenBGPD 7.6 and 7.7, also added to the integration testing suite (portable edition only).\n\n1.17.0\n------\n\n- New: add support for `BIRD 2.0.10 <https://www.mail-archive.com/bird-users@network.cz/msg06819.html>`__, also added to the integration testing suite.\n\n- New: add support for `OpenBGPD 7.5 <https://undeadly.org/cgi?action=article;sid=20220716101930>`__, also added to the integration testing suite (portable edition only).\n\n- New (OpenBGPD): add support for ADD-PATH (on version 7.5 or above).\n\n- Improvement: abort the configuration building process as soon as one *enricher* fails.\n\n This shorten the user feedback in case of errors that unavoidably would make the final configuration broken and not usable.\n\n- Fix: remove ``RGNET`` from the list of default IRR sources.\n\n To remove it from existing deployments, or to add it back, users can edit the arouteserver.yml file, ``bgpq3_sources`` section.\n\n See also `GitHub issue 111 <https://github.com/pierky/arouteserver/issues/111>`__.\n\n1.16.1\n------\n\n- New: add support for OpenBGPD 7.4, also added to the integration testing suite (portable edition only).\n\n- Fix: pin down `urllib3` version to avoid issues on upgrade.\n\n See also `GitHub issue 110 <https://github.com/pierky/arouteserver/issues/110>`__.\n\n- Fix: the `playground <https://github.com/pierky/arouteserver/tree/master/tools/playground>`__ Docker image was not building anymore.\n\n Go and AliceLG birdwatcher versions have been bumped to the latest available.\n\n1.16.0\n------\n\n- Improvement: use bulk queries to get clients' records from PeeringDB.\n\n Clients' details (such as IRR records and max-prefix limits) are now retrieved from PeeringDB using *bulk* API queries, where multiple ASNs are checked at once.\n\n This speeds up the configuration building process and reduces the number of queries to PeeringDB, reducing the risk of hitting the API rate limit.\n\n See also `GitHub issue 107 <https://github.com/pierky/arouteserver/issues/107>`__.\n\n1.15.1\n------\n\n- Fix: update the requirements.\n\n The min. version of Jinja2 reported in the requirements file was not enough to satisfy the needs of the templates.\n\n See also `GitHub issue 106 <https://github.com/pierky/arouteserver/issues/106>`__.\n\n- Fix: allow setting PeeringDB API key to mitigate anonymous API throttling mechanism.\n\n ARouteServer can now be instructed to use an API key to perform authentication against the PeeringDB API server. This can be done by setting the environment variable ``SECRET_PEERINGDB_API_KEY`` or by storing the same key inside one of the following well-known files: ``~/.arouteserver/peeringdb_api.key``, ``~/.peeringdb_api.key``.\n\n This should mitigate the effects of the anonymous API throttling mechanism introduced on PeeringDB.\n\n See also `GitHub issue 107 <https://github.com/pierky/arouteserver/issues/107>`__.\n\n- Improvement: retry on PeeringDB API failure or rate-limit.\n\n In case of failure or rate-limit of the PeeringDB API the tool now retries the same query multiple times.\n\n See also `GitHub issue 107 <https://github.com/pierky/arouteserver/issues/107>`__.\n\n1.15.0\n------\n\n- New: add support for OpenBGPD 7.3, also added to the integration testing suite (portable edition only).\n\n- New: ``md`` command, to build a textual representation in Markdown format.\n\n This command works like the ``html`` command and can be used to build a textual representation of the route server's configuration policy in Markdown format.\n\n For more details see the `Textual representation <https://arouteserver.readthedocs.io/en/latest/USAGE.html#textual-representation>`__ section of the documentation.\n\n- New: add ``custom_options`` to the clients definition file.\n\n This new section can be used to add BGP-speaker-specific arbitrary lines of configuration to the file generated by ARouteServer.\n\n For more details see the `Client custom options <https://arouteserver.readthedocs.io/en/latest/CONFIG.html#custom_options>`_.>`__ section of the documentation.\n\n See also `GitHub PR 104 <https://github.com/pierky/arouteserver/pull/104>`__.\n\n- Improvement (BIRD): skip NEXT_HOP check for IPv6 link-local clients.\n\n Due to a limitation of BIRD, it is not possible to verify the NEXT_HOP attribute of routes announced by IPv6 clients configured using link-local addresses.\n The configurations generated using this release skip that check (upon operator's approval if such clients are present).\n\n See also `GitHub PR 104 <https://github.com/pierky/arouteserver/pull/104>`__.\n\n- Fix: detect infeasible extended BGP communities when a 32bit ASN is used for the route server.\n\n When the route server uses a 32bit ASN, certain extended BGP communities may end being configured to match multiple 32bit values, which is not possible because the way they are encoded.\n\n This release detects similar situations in advance and aborts the configuration building process.\n\n See also `GitHub PR 104 <https://github.com/pierky/arouteserver/pull/104>`__.\n\n1.14.1\n------\n\n- Fix: import limit is not set if PeeringDB records are not found.\n\n For clients not configured with a specific max-prefix value, when a PeeringDB record was not found the value from the general limit was not used to build the import limit configuration. The tool was expected to fallback to the ``general_limit_ipv4`` value instead.\n\n See also `GitHub issue 105 <https://github.com/pierky/arouteserver/issues/105>`_.\n\n1.14.0\n------\n\n- New: Add support for `BIRD 2.0.9 <https://www.mail-archive.com/bird-users@network.cz/msg06594.html>`_ (also included into the integration testing suite).\n\n- Improvement (OpenBGPD): improve readability of the configurations.\n\n A better formatting of the output configuration allows a better readability. Also, wherever possible, extended communities are removed using wildcard matching, allowing a more compact configuration.\n\n See also `GitHub issue 97 <https://github.com/pierky/arouteserver/issues/97>`_ and `99 <https://github.com/pierky/arouteserver/issues/99>`_.\n\n- Improvement (Docker image): use ``bgpq4`` version 1.4.\n\n The Docker image was using version 1.2.\n\n- Improvement (Docker image): PyPy3-based image added.\n\n The Docker images based on PyPy3 will have tags in the form ``latest-pypy3`` and ``<version>-pypy3`` (like ``1.14.0-pypy3``).\n\n- Improvements: drop dependencies on libraries needed for Python 2 compatibility.\n\n Also, tests are now performed using Python 3.6, 3.8 and 3.9 too.\n\n1.13.1\n------\n\n- Fix: avoid running ``bgpq4`` using the ``-3`` option.\n\n It seems that the ``-3`` CLI option has been dropped in ``bgpq4`` and is no longer supported (it was added as a way to not break compatibility with ``bgpq3`` syntax).\n\n See also `GitHub issue 95 <https://github.com/pierky/arouteserver/issues/95>`_.\n\n- Fix (OpenBGPD): syntax error when prepend functionalities were configured with 'std' communities only and 32bit ASN clients were present.\n\n See also `GitHub issue 98 <https://github.com/pierky/arouteserver/issues/98>`_.\n\n- Improvement: better explaination of when error messages can be ignored.\n\n See also `GitHub issue 96 <https://github.com/pierky/arouteserver/issues/96>`_.\n\n1.13.0\n------\n\n- New (OpenBGPD): use the ``expires`` attribute of ROAs from rpki-client format.\n\n In OpenBGPD configurations (starting with 7.2), the ``expires`` attribute of ROAs gathered from JSON feeds that contain it is passed on into the configuration of the ``roa-set``.\n\n See also `GitHub issue 92 <https://github.com/pierky/arouteserver/issues/92>`_.\n\n1.12.0\n------\n\n- New: add the ``--merge-file`` option to the ``ixf-member-export`` command, to include user-created content into the IX-F Member Export JSON file.\n\n For more details on how it works please check the `documentation <https://arouteserver.readthedocs.io/en/latest/USAGE.html#ixf-member-export-command>`__.\n\n See also `GitHub issue 89 <https://github.com/pierky/arouteserver/issues/89>`_.\n\n- Improvement: in the ``ixf-member-export`` command, the value of IXP ID can now be set via the ``--ixp-id`` in addition to the existing ``--ixp_id`` option.\n\n In the future, the ``--ixp_id`` version of the option will be dropped. A warning message will be shown when the deprecated version of that command line argument is used.\n\n- Improvement: ask for 16bit placeholder ASN in ``configure`` when the route-server is on a 32bit ASN.\n\n When the ``configure`` command is used to generate the policy for a route-server running on a 32bit ASN, a prompt asks the operator which 16bit placeholder ASN should be used to setup the BGP communities. So far, the fixed value 65534 was used.\n\n See also `GitHub issue 88 <https://github.com/pierky/arouteserver/issues/88>`_.\n\n- Improvement (OpenBGPD): use ``as-set`` to configure the list of \"never via route server\" ASNs.\n\n This change reduces the size of the configuration and hopefully makes the filter processing faster.\n\n See also `GitHub issue 90 <https://github.com/pierky/arouteserver/issues/90>`_.\n\n- Fix: when the route-server ASN was a 32bit value, the `Euro-IX Large BGP Communities <https://www.euro-ix.net/en/forixps/large-bgp-communities/>`__ automatically configured via ``configure`` were using the 16bit placeholder ASN.\n\n When the ``configure`` command was used to build the ``genera.yml`` policy for route-servers running on 32bit ASNs, the Large BGP Communities used to map route reject causes to Euro-IX codes were using the 16bit placeholder ASN instead of the actual route-server's 32bit ASN.\n\n1.11.1\n------\n\n- Fix: better error handling for clients configured with no IP address.\n\n When a client was mistakenly configured with no IP addresses, the program raised an unhandled exception, instead of providing a good feedback to the user.\n\n See also `GitHub issue 87 <https://github.com/pierky/arouteserver/issues/87>`_.\n\n1.11.0\n------\n\n- New: add support for `OpenBGPD 7.2 <https://marc.info/?l=openbsd-announce&m=163239274430211&w=2>`__, also added to the integration testing suite (portable edition only).\n\n- Improvement: better handling of IRRd query failures.\n\n Multiple hosts can now be configured as servers used for the IRR queries performed via ``bgpq3``/``bgpq4``. In case of timeout or failure, the next host in the list is used.\n A timeout of 2 minutes is used by default. These settings can be modified in the ``arouteserver.yml`` file.\n\n See also `GitHub issue 85 <https://github.com/pierky/arouteserver/issues/85>`_.\n\n1.10.1\n------\n\n- Fix: the HTML representation of RPKI validation custom communities was broken.\n\n After adding custom RPKI validation communities implemented as part of v1.10.0 the route server configuration textual representation file hada small cosmetic problem.\n\n See also `GitHub issue 83 <https://github.com/pierky/arouteserver/issues/83>`_.\n\n1.10.0\n------\n\n- New: add support for custom BGP communities to track rejected routes.\n\n A new section of the general.yml file (``reject_cause_map``) allows to configure custom BGP communities for each reject reason (the list can be found on the `Reject reasons <https://arouteserver.readthedocs.io/en/latest/CONFIG.html#reject-reasons>`__ paragraph of on the doc site).\n\n When this is implemented along with ``reject_policy`` set to ``tag`` or ``tag_and_reject``, ad-hoc custom BGP communities can be used to describe why a route was rejected by the route server.\n\n- New: add support for custom BGP communities to internally track the outcome of BGP Origin Validation (or the lack of it).\n\n 3 new BGP communities are introduced to track the outcome of BGP Origin Validation (if enabled): ``rpki_bgp_origin_validation_valid``, ``rpki_bgp_origin_validation_unknown`` and ``rpki_bgp_origin_validation_invalid``. These communities can be used to classify routes depending on the their validation state using custom values, in addition to `RFC8097 communities <https://datatracker.ietf.org/doc/html/rfc8097>`__. They are not announced to clients, but rather they are meant to be used only internally within the route server, just to make it easier the integration with external tools, like looking glasses.\n\n An additional fourth BGP community is also introduced, to classify routes for which BGP Origin Validation has not been performed: ``rpki_bgp_origin_validation_not_performed``. When configured, this community is added when BOV is not enabled, or when it is not performed for some specific reasons (only blackhole route processing at the moment). Contrary to the 3 previous ones, this community is announced to the clients.\n\n See also `GitHub issue 78 <https://github.com/pierky/arouteserver/issues/78>`_.\n\n- New: Euro-IX Large BGP Communities are included into the policy generated by the ``configure`` command.\n\n This feature leverages the new ``reject_cause_map`` option commented above.\n\n The general.yml file generated by the ``configure`` command now includes a mapping between internal reject codes and the communities proposed in the `Euro-IX Large BGP Community standard <https://www.euro-ix.net/en/forixps/large-bgp-communities/>`__ document.\n\n Please note: to make the policies generated by ``configure`` consistent between BIRD and OpenBGPD, the ``reject_policy`` option for the latter is now set to ``tag`` (so rejected routes are kept in OpenBGPD but are still not advertised to the route server clients).\n\n In addition to this, some of the BGP communities set by the ``configure`` command have been changed in order to match those suggested in the Euro-IX document above.\n\n- New: ``check-config`` command, to verify configuration files (general.yml and clients.yml).\n\n This command can be used to verify that the content of the two main configuration files is valid, without building the configurations.\n\n See also `GitHub PR 82 <https://github.com/pierky/arouteserver/pull/82>`_ and `issue 79 <https://github.com/pierky/arouteserver/issues/79>`_.\n\n- Improvement (OpenBGPD): informational extended BGP communities are now scrubbed from outbound routes.\n\n Certain informational extended BGP communities that need dynamic values (like the one used to track the reject code of a route that is discarded when ``reject_policy`` is set to ``tag``) were not scrubbed from outbound routes, because of lack of wildcard matching in OpenBGPD. Since this feature was recently added to the BGP speaker, they are now removed.\n\n- Fix (OpenBGPD): make behaviour of ``rpki_bgp_origin_validation.reject_invalid`` consistent with BIRD.\n\n Contrary to what ``reject_invalid: False`` might seem doing, the actual behaviour it is designed for is to still prevent the propagation of INVALID routes when RPKI BOV is enabled. When it's set to ``True`` (the default value) the BGP daemons are configured to immediately drop INVALID routes in the inbound filters; when it's set to ``False`` those routes are accepted but not propagated to clients, they are blocked in the outbound filters: basically they are just kept internally within the route server to allow analysis and troubleshooting.\n\n While the BIRD implementation of ``reject_invalid: False`` was working fine, a bug was found in the OpenBGPD one that prevented those routes from being blocked in the outbound direction, letting them to be propagated to clients.\n\n1.9.0\n-----\n\n- New: Add support for `OpenBGPD 7.1 <https://marc.info/?l=openbgpd-users&m=162461267419135&w=2>`__, also added to the integration testing suite (portable edition only).\n\n- Improvement: provide hint on how to change URL for external IRR DB data sources.\n\n See also `GitHub issue 77 <https://github.com/pierky/arouteserver/issues/77>`_.\n\n- Fix (OpenBGPD only): `RFC8097 communities <https://datatracker.ietf.org/doc/html/rfc8097>`_ were not added after BGP Origin Validation.\n\n The *BGP Prefix Origin Validation State Extended Communities* were not added when RPKI OV was performed. INVALID routes were still dropped when the route server was configured to do so (those routes are internally marked using locally-meaningful communities).\n\n- Improvement: RPKI ROAs files are checked for stale data.\n\n The JSON files fetched from validating caches are now checked to detect stale data (rpki-client and OctoRPKI formats include this information) and they are ignored if the data they contain is no longer valid. In this case, the next URL in the ``rpki_roas.ripe_rpki_validator_url`` list is used.\n\n By default, files whose content is older than 21600 seconds (6 hours) are ignored; it's possible to change this option via the newly introduced ``rpki_roas.ignore_cache_files_older_than`` setting.\n\n Where available (rpki-client format only at this time), also the `VRP expiration time <https://github.com/openbsd/src/commit/a66158d7f8cdffc32bf2f8aa5d8bbed1f08a3a3d#diff-b2e9c61c4c7cfd2d5a0cde6066efe9a7c18dd1bdf06b1e473abc054261ea315c>`__ is checked.\n\n As a consequence of this, the default ARouteServer cache expiration time for RPKI ROAs JSON files has been reduced to 60 minutes, to avoid caching ROAs that would turn out being expired at the next use of their cached copy.\n\n- Improvement: new order for the default URLs of the RPKI JSON files.\n\n Since the RIPE NCC RPKI Validator `is now in EoL <https://labs.ripe.net/author/nathalie_nathalie/lifecycle-of-the-ripe-ncc-rpki-validator/>`__, the URL of the JSON file that points to rpki-validator.ripe.net has been moved as the last resort option for ``rpki_roas.ripe_rpki_validator_url``.\n The one exposed in the `rpki-client dashboard <https://console.rpki-client.org/>`__ has been added.\n\n Please note: this change only affects the default configuration file that ships with ARouteServer and is not be automatically reflected in existing configurations that route-servers operators are already using. If you wish this setup to be reflected in your configuration, please update your general.yml file accordingly.\n\n1.8.0\n-----\n\n- Improvement: add the ``logging`` option to ``--use-local-files`` argument, to allow customization of logging settings.\n\n Details on the documentation: `Logging configuration of the BGP daemon <https://arouteserver.readthedocs.io/en/latest/CONFIG.html#logging-configuration-of-the-bgp-daemon>`__.\n\n See also `GitHub issue 75 <https://github.com/pierky/arouteserver/issues/75>`_.\n\n1.7.0\n-----\n\n- New: Add support for `OpenBGPD 7.0 <https://marc.info/?l=openbgpd-users&m=162282647904441&w=2>`__, also added to the integration testing suite (portable edition only).\n\n Please note: starting with this release, since the default target version for OpenBGPD is 7.0, path-hiding mitigation will be enabled by default by the ``configure`` command. This option can be modified in the ``general.yml`` file.\n\n1.6.0\n-----\n\nStarting with this release, the default target version for OpenBGPD will be the latest stable (6.9 in this case). Use the ``--target-version`` CLI option if you want to build your configurations for a previous release of OpenBGPD.\n\n- New: Add support for OpenBGPD/OpenBSD 6.9 and OpenBGPD Portable 6.9p0, also added to the integration testing suite.\n\n- New (OpenBGPD): add support for RTR sessions starting with version 6.9.\n\n Please note the following issues with OpenBGPD 6.9 if you want to enable RTR sessions; you might want to apply the available patches:\n\n - ``Invalid argument`` error and RTR session not coming up (`issue #23 on GitHub <https://github.com/openbgpd-portable/openbgpd-portable/issues/23>`__ and `\"bgpd, fix RTR connect\" <https://marc.info/?l=openbsd-tech&m=162004696829635&w=2>`__ post on openbsd-tech)\n\n - non blocking ``connect()`` call for RTR session establishment (`\"bgpd behaviour when RTR endpoint is not available\" <https://marc.info/?l=openbgpd-users&m=161997334304946&w=2>`__ post on openbgpd-users and `\"bgpd, non-blocking rtr connect\" <https://marc.info/?l=openbsd-tech&m=162005636502085&w=2>`__ post on openbsd-tech)\n\n- New (OpenBGPD): enable support for path-hiding mitigation.\n\n Even though OpenBGPD supports path-hiding mitigation starting with version 6.9, the feature is not automatically enabled by the ``configure`` command because of some issues that might impair the stability of the routing ecosystem:\n\n - withdrawal of 2nd best route with ``rde evaluate all`` (`issue #21 on GitHub <https://github.com/openbgpd-portable/openbgpd-portable/issues/21>`__ and `\"bgpd fix for rde evaluate all\" <https://marc.info/?l=openbsd-tech&m=162011500326166&w=2>`__ post on openbsd-tech)\n\n - advertisement of 2nd best routes on reload with ``rde evaluate all`` (`issue #21 on GitHub <https://github.com/openbgpd-portable/openbgpd-portable/issues/21>`__ and `\"bgpd better reload behaviour\" <https://marc.info/?l=openbsd-tech&m=162021735205669&w=2>`__ post on openbsd-tech)\n\n Please apply the existing patches before enabling it on a production environment, and acknowledge the error produced by ARouteServer using the ``--ignore-issues path_hiding_69`` CLI option.\n\n- Improvement: the default list of `\"transit free\" <https://arouteserver.readthedocs.io/en/latest/GENERAL.html#transit-free-networks-transit-free>`__ ASNs has been updated and some networks have been removed.\n\n See also `GitHub PR73 <https://github.com/pierky/arouteserver/pull/73>`_.\n\nv1.5.1\n------\n\n- Improvement (Docker image): generate HTML representation of the route server configuration through the Docker image.\n\n See also `GitHub PR70 <https://github.com/pierky/arouteserver/pull/70>`_ and `issue 69 <https://github.com/pierky/arouteserver/issues/69>`_.\n\n- Fix (Docker image): make ``RS_ASN``, ``ROUTER_ID`` and ``LOCAL_PREFIXES`` environment variables not required when a custom general.yml file is used.\n\n See also `GitHub PR68 <https://github.com/pierky/arouteserver/pull/68>`_.\n\n- Fix: the \"Reject reasons\" table in the HTML representation was rendered improperly.\n\n See also `GitHub issue 71 <https://github.com/pierky/arouteserver/issues/71>`_.\n\nv1.5.0\n------\n\n- New: Add support for `BIRD 2.0.8 <https://www.mail-archive.com/bird-users@network.cz/msg05937.html>`_ (also included into the integration testing suite).\n\nv1.4.0\n------\n\n- New: Docker image to easily build route-server configurations.\n\n For more details, see the `docker directory <https://github.com/pierky/arouteserver/tree/master/docker>`_.\n\n- Improvement: change the default value of ``bgpq3_path`` to ``bgpq4``.\n\n The ``bgpq4`` tool is now referenced as the default one in the ``bgpq3_path`` configuration line of arouteserver.yml.\n\n **Please note**: operators who are using the tool and who left the ``bgpq3_path`` configuration line unset will now need to either explicitly configure that line to point to their ``bgpq3`` binary or to make sure ``bgpq4`` is available on their system.\n\n- Fix: the ``ixf-member-export`` command now produces a JSON file compliant with `version 1.0 <https://github.com/euro-ix/json-schemas/blob/master/versions/ixp-member-list-1.0.schema.json>`_ of the `Euro-IX schema <https://github.com/euro-ix/json-schemas>`_.\n\n See also `GitHub PR65 <https://github.com/pierky/arouteserver/pull/65>`_.\n\nv1.3.0\n------\n\n- New: ``irr-as-set`` command, to build the route server AS-SET object for IRR databases.\n\n This new command can be used to build the AS-SET RPSL object that describes the ASes and AS-SETs of route server clients. Details and usage: https://arouteserver.readthedocs.io/en/latest/USAGE.html#irr-as-set\n\n Related: `issue #49 on GitHub <https://github.com/pierky/arouteserver/issues/49>`_.\n\nv1.2.0\n------\n\n- Improvement (BIRD only): ``tag_and_reject`` is now the default reject policy set by the ``configure`` command.\n\n When the ``configure`` command is initially used to setup ARouteServer and to generate the ``general.yml`` file, the `reject policy <https://arouteserver.readthedocs.io/en/latest/CONFIG.html#reject-policy-and-invalid-routes-tracking>`__ that it configures is ``tag_and_reject`` if BIRD is specified as the route server daemon.\n\n- Fix: ``setup-templates`` was not generating the correct backup of customized templates.\n\n The bug only affected the upgrade procedure of deployments where the Jinja2 templates were locally customized. More details on the comments of commit `2ea6df69106d473f9f4170c65f929bab4a0d7676 <https://github.com/pierky/arouteserver/commit/2ea6df69106d473f9f4170c65f929bab4a0d7676>`_.\n\nv1.1.0\n------\n\n- Improvement: multihop support.\n\n For BIRD, this option can be configured only when path-hiding mitigation is turned off.\n\n More details on `GitHub PR61 <https://github.com/pierky/arouteserver/pull/61>`_.\n\n- Improvement (BIRD only): allow ``count_rejected_routes: True`` in BIRD 2.0.7 when the patch is used.\n\n A `patch for BIRD 2.0.7 <https://www.mail-archive.com/bird-users@network.cz/msg05638.html>`_ was released to address the bug that leads the daemon to crash when a configuration is built using ``count_rejected_routes: True``. This release adds a new locally meaningful fictitious version of BIRD that can be used to overcome the limitation enforced in ARouteServer 1.0.1, by signalling to the tool the usage of a patched version of BIRD (``--target-version 2.0.7+b962967e``).\n\n See the notes for the 1.0.1 release for more details.\n\n- New: Add support for OpenBGPD/OpenBSD 6.8 and OpenBGPD Portable 6.8p1, also added to the integration testing suite.\n\nv1.0.1\n------\n\n- Fix (BIRD only): change default behaviour to count rejected routes towards the max-prefix limit threshold.\n\n So far, routes received by the route server and rejected as a result of ingress filtering were not counted towards the max-prefix limit threshold; **this release changes the default behaviour** in a way that they are now taken into account.\n\n Example: a peer is configured with max-prefix limit 10 and action 'shutdown'. It announces 15 routes, 5 of which are rejected due to inbound filters.\n BIRD route servers configured using previous releases will not perform any action on that peer, while a configuration generated with this release will lead to the shutdown of the BGP session with that peer.\n\n In case the previous implementation of the max-prefix limit is the desired one, it can be restored by setting the new configuration statement that has been introduced with this release, ``count_rejected_routes``, to ``False``. More details in the `general.yml file <https://github.com/pierky/arouteserver/blob/master/config.d/general.yml>`_.\n\n **BIRD 2.0.7 users, please note**: if you are using ARouteServer to configure route servers which are based on BIRD 2.0.7, you'll get an error message at configuration build time. This is due to the fact that in BIRD 2.0.7 there is `a bug <https://www.mail-archive.com/bird-users@network.cz/msg05597.html>`_ that affects configurations generated using the statement that implements the new default behaviour for max-prefix limit handling. The error message will show you the options to unblock the config generation, but in any case it will not be possible to implement this new way of handling the max-prefix limit.\n\nv1.0.0\n------\n\n- No changes, just make it \"stable\"!\n\nv0.26.0\n-------\n\n- New: Add support for OpenBGPD/OpenBSD 6.7 and OpenBGPD Portable 6.7p0, also added to the integration testing suite.\n\nv0.25.1\n-------\n\n- Fix: BIRD, use ``bgp_path.last`` since it's consistent with `RFC 6907 7.1.9-11 <https://tools.ietf.org/html/rfc6907#section-7.1.9>` (RPKI BOV of routes whose AS_PATH ends with an AS_SET).\n\n More info: https://www.mail-archive.com/bird-users@network.cz/msg05152.html\n\n Related: `PR #56 on GitHub <https://github.com/pierky/arouteserver/pull/56>`_.\n\nv0.25.0\n-------\n\n- New feature: ``tag_and_reject`` reject policy for BIRD.\n\n Invalid routes can be tagged with informational BGP communities and then discarded by BIRD.\n With this option, alice-lg reject reasons are supported nicely, whilst keeping ``show routes all filtered`` working to keep birdwatcher happy.\n\n Related: `PR #57 on GitHub <https://github.com/pierky/arouteserver/pull/57>`_.\n\n- Improvement: ``clients-from-euroix`` command, option ``--merge-from-custom-file`` to customise the list of clients generated from an Euro-IX JSON file.\n\n More details on how to use this option can be found running ``arouteserver clients-from-euroix --help-merge-from-custom-file``.\n\nv0.24.1\n-------\n\n- Improvement: add support for `bgpq4 <https://github.com/bgp/bgpq4>`__.\n\n At least version 0.0.5 is required.\n\n Related: `PR #53 on GitHub <https://github.com/pierky/arouteserver/pull/53>`_.\n\n- Fix: ``clients-from-euroix`` command, route server detection on Euro-IX schema versions 0.7 and 1.0.\n\n In version 0.7 and 1.0 of the `Euro-IX member list JSON file <https://github.com/euro-ix/json-schemas>`__ the way the route server information are exported changed. The ``clients-from-euroix`` command was no longer able to filter out the IP addresses that represent the route server of the same IXP for which the members are processed, basically generating a client entry for the same route server being configured.\n\nv0.24.0\n-------\n\n- New feature: *never via route-servers* ASNs filtering.\n\n To drop routes containing an ASN which is classified as \"never via route-servers\" on PeeringDB (`info_never_via_route_servers` `attribute <https://github.com/peeringdb/peeringdb/issues/394>`_).\n\n **Please note**: this feature is enabled by default.\n\n Related: `issue #55 on GitHub <https://github.com/pierky/arouteserver/issues/55>`_.\n\n- Improvement: add `alice-lg/birdwatcher <https://github.com/alice-lg/birdwatcher>`__ support to BIRD configs.\n\n Changes the default BIRD time format to support `alice-lg/birdwatcher <https://github.com/alice-lg/birdwatcher>`__ out of the box.\n\n- Improvement: include a table with the reject codes in the HTML output.\n\n Related: `issue #54 on GitHub <https://github.com/pierky/arouteserver/issues/54>`_.\n\nv0.23.0\n-------\n\n- New: add support for BIRD v2.\n\n **Please note**: BIRD v2 support is in early stages. Before moving any production platform to instances of BIRD v2 configured with this tool, please review the configurations carefully and run some simulations.\n\n- New: OpenBGPD/OpenBSD 6.6, OpenBGPD Portable 6.6p0 and BIRD 1.6.8 added to the integration testing suite.\n\nv0.22.2\n-------\n\n- Fix: prevent environment variables with unknown escapes (like `\\u`) from interrupting the execution.\n\n Related: `issue #50 on GitHub <https://github.com/pierky/arouteserver/issues/50>`_.\n\nv0.22.1\n-------\n\n- Fix: handle more formats for ROAs exported from the public instances of RIPE and NTT validators.\n\n A new way of representing ASNs (without the \"AS\" prefix) and new TA names which were not matched by the default values of ``rpki_roas.allowed_trust_anchors`` prevented ROAs from being imported and correctly processed when the default settings were used.\n\nv0.22.0\n-------\n\nThis is the last release of ARouteServer for which Python 2.7 compatibility is guaranteed. From the next release, any new feature will not be tested against that version of Python.\n\n- New: `OpenBGPD Portable <https://github.com/openbgpd-portable/openbgpd-portable>` (release 6.5p1) also supported.\n\n Release 6.5p1 of OpenBGPD Portable edition passed the integration testing suite.\n\n- New: add support for OpenBGPD/OpenBSD 6.5 enhancements.\n\n Support for matching multiple communities at the same time allows to create more readable configurations.\n\n- Improvement: OpenBGPD, some filters refinement.\n\n Avoid checking AS0 in AS_PATH since 6.4.\n No needs to check routes of an address family different than the one used for the session.\n\nAs announced with release 0.20.0, OpenBGPD/OpenBSD 6.2 is no longer tested. Also OpenBGPD/OpenBSD 6.3 tests have been decommissioned.\nStarting with this release, tests will be executed only against the 2 most recent releases of OpenBGPD/OpenBSD and against the last release of the supported major versions of BIRD.\nThe implementation of new features may break compatibility of the configurations built for unsupported releases.\n\nv0.21.1\n-------\n\n- Deprecation: SAVVIS IRR removed from the list of default sources used by bgpq3.\n\n- Fix (minor): truncate the max length of AS-SET names to 64 characters.\n\n BIRD supports only names no longer than 64 characters.\n\n Related: `issue #47 on GitHub <https://github.com/pierky/arouteserver/issues/47>`_.\n\nv0.21.0\n-------\n\n- Improvement: when ``ripe-rpki-validator-cache`` is set as the source of ROAs, multiple URLs can now be specified to fetch data from.\n\n URLs will be tried in the same order as they are configured; if the attempt to download ROAs from the first URL fails, the second URL will be tried, an so on.\n\n By default, the `RIPE NCC public instance <https://rpki-validator.ripe.net/>`_ of the RIPE RPKI Validator will be tried first, then the `NTT instance <https://rpki.gin.ntt.net/>`_. The list of URLs can be set in the ``general.yml`` configuration file, ``roas.ripe_rpki_validator_url`` option.\n\nv0.20.0\n-------\n\nThis is the last release of ARouteServer for which OpenBGPD/OpenBSD 6.1 and 6.2 CI tests are ran. From the next release, any new feature will not be tested against these versions of OpenBGPD. Users are encouraged to move to newer releases.\n\n- New: add support for OpenBGPD/OpenBSD 6.4 `enhancements <https://ripe77.ripe.net/presentations/143-openbsd-status.pdf>`_.\n\n Use new sets for prefixes, ASNum, and origins (prefix + source-as), and also RPKI ROA sets.\n\n- Improvement: OpenBGPD, reduce the number of rules by combining some into the same rule.\n\n- Improvement: route server policies definition files built using the ``configure`` command now have RPKI BGP Origin Validation and \"use-ROAs-as-route-objects\" enabled by default.\n\nAs announced with release 0.19.0, OpenBGPD/OpenBSD 6.0 is no longer tested.\nThe implementation of new features may break compatibility of the configurations built for unsupported releases.\n\nMost of this release is based on the work made by `Claudio Jeker <https://github.com/cjeker>`_.\n\nv0.19.1\n-------\n\n- Fix (BIRD configuration only): change ``bgp_path.last`` with ``bgp_path.last_nonaggregated``.\n\n When a route is originated from the aggregation of two different routes using the AS_SET, ``bgp_path.last`` always returns 0, so the origin ASN validation against IRR always fails.\n\n Related: `issue #34 on GitHub <https://github.com/pierky/arouteserver/issues/34>`_.\n\nv0.19.0\n-------\n\nThis is the last release of ARouteServer for which OpenBGPD/OpenBSD 6.0 CI tests are ran. Starting with the next release, any new feature will not be tested against version 6.0 of OpenBGPD. Users are encouraged to move to newer releases.\n\n- New: use NIC.BR Whois data from Registro.br to enrich the dataset used for route validation.\n\n Details: `RIPE76, Practical Data Sources For BGP Routing Security <https://ripe76.ripe.net/presentations/43-RIPE76_IRR101_Job_Snijders.pdf>`_.\n\n Related: `issue #28 on GitHub <https://github.com/pierky/arouteserver/issues/28>`_.\n\n- New: introduce support for OpenBGPD/OpenBSD 6.4.\n\n OpenBSD 6.4 is not released yet, this is just in preparation of it.\n\n Related: `issue #31 on GitHub <https://github.com/pierky/arouteserver/issues/31>`_.\n\n- Fix (minor): RIPE NCC RPKI Validator v3 expects ``Accept: text/json`` as HTTP header.\n\n Related: `PR #29 on GitHub <https://github.com/pierky/arouteserver/issues/29>`_.\n\nv0.18.0\n-------\n\n- New: add support for BIRD 1.6.4 and OpenBGPD/OpenBSD 6.3.\n\n This release **breaks backward compatibility** (OpenBGPD configs only): the default target version used to build OpenBGPD configurations (when the ``--target-version`` argument is not given) is now 6.2; previously it was 6.0. Use the ``--target-version 6.0`` command line argument to build 6.0 compatible configurations.\n\n- Improvement: transit-free ASNs filters are applied also to sessions toward transit-free peers.\n\n Related: `issue #21 on GitHub <https://github.com/pierky/arouteserver/issues/21>`_.\n\n- Fix (minor): better handling of user answers in ``configure`` and ``setup`` commands.\n\n- Fix: ``clients-from-peeringdb``, list of IXPs retrieved from PeeringDB and no longer from IXFDB.\n\nv0.17.3\n-------\n\n- Fix: ``clients-from-euroix`` command, use the configured cache directory.\n\nv0.17.2\n-------\n\n- Fix: ``configure`` command, omit extended communities for OpenBGPD configurations.\n\n This is to avoid the need of using the ``--ignore-issues extended_communities`` command line argument.\n\n- Improvement: environment variables expansion when YAML configuration files are read.\n\nv0.17.1\n-------\n\n- Fix: minor installation issues.\n\nv0.17.0\n-------\n\n- New feature: allow to set the source of IRR objects.\n\n AS-SETs can be prepended with an optional source: ``RIPE::AS-FOO``, ``RIPE::AS64496:AS-FOO``.\n\n- New feature: support for RPKI-based Origin Validation added to OpenBGPD configurations.\n\n RPKI ROAs must be loaded from a RIPE RPKI Validator cache file (local or via HTTP).\n Mostly inspired by Job Snijders' tool https://github.com/job/rtrsub\n\n- Improvement: RPKI ROAs can be loaded from a local file too.\n\n The file must be in RIPE RPKI Validator cache format.\n\n- Fix (minor): remove internal communities before accepting blackhole routes tagged with a custom blackhole community.\n\n This bug did not affect routes tagged with the BLACKHOLE community; anyway, the internal communities were scrubbed before routes were announced to clients.\n\nv0.16.2\n-------\n\n- Fix: avoid empty lists of prefixes when a client's ``white_list_pref`` contains only prefixes for an IP version different from the current one.\n\nv0.16.1\n-------\n\n- Fix: handle the new version of the JSON schema built by `arin-whois-bulk-parser <https://github.com/NLNOG/arin-whois-bulk-parser>`__.\n\nv0.16.0\n-------\n\n- Improvement: OpenBGPD, more flexibility for inbound communities values.\n\n This allows to use inbound 'peer_as' communities which overlap with other inbound communities whose last *part* is a private ASN.\n\n- New feature: use ARIN Whois database dump to authorize routes.\n\n This feature allows to accept those routes whose origin ASN is authorized by a client AS-SET, whose prefix has not a corresponding route object but is covered by an ARIN Whois record for the same origin ASN.\n\n- Improvement: extend the use of *RPKI ROAs as route objects* and *ARIN Whois database dump* to ``tag_as_set``-only mode.\n\n Before of this, the *RPKI ROAs as route objects* and *ARIN Whois DB dump* features were used only when origin AS and prefix enforcing was set.\n Starting with this release they are used even when enforcing is not configured and only the ``tag_as_set`` mode is used.\n\nv0.15.0\n-------\n\n- New feature: ``configure`` and ``show_config`` *support* commands.\n\n - ``configure``: it can be used to quickly generate a route server policy definition file (``general.yml``) on the basis of best practices and suggestions.\n\n - ``show_config``: to display current configuration settings and also options that have been left to their default values.\n\n- New feature: ``ixf-member-export`` command, to build `IX-F Member Export JSON files <https://github.com/euro-ix/json-schemas>`__ from the list of clients.\n\n- Improvement: cache expiry time values can be set for each external resource type: PeeringDB info, IRR data, ...\n\nv0.14.1\n-------\n\n- Fix: BIRD, \"Unknown instruction 8574 in same (~)\" error when reloading IPv6 configurations.\n\n A `missing case <http://bird.network.cz/pipermail/bird-users/2017-January/010880.html>`__ for the ``!~`` operator triggers this bug when neighbors are established and trying to reload bird6 configuration.\n\n Related: `issue #20 on GitHub <https://github.com/pierky/arouteserver/issues/20>`_.\n\nv0.14.0\n-------\n\nThis release **breaks backward compatibility** (OpenBGPD configs only): for OpenBGPD configurations, starting with this release the Site of Origin Extended BGP communities in the range 65535:* (``soo 65535:*``) are reserved for internal reasons.\n\n- New feature: use RPKI ROAs as if they were route objects.\n\n This feature allows to accept those routes whose origin ASN is authorized by a client AS-SET, whose prefix is not but it is covered by a RPKI ROA for the same origin ASN.\n\n Related: `issue #19 on GitHub <https://github.com/pierky/arouteserver/issues/19>`_.\n\n- New feature: automatic checking for new releases.\n\n This can be disabled by setting ``check_new_release`` to False in ``arouteserver.yml``.\n\n- Improvement: routes accepted solely because of a ``white_list_route`` entry are now tagged with the ``route_validated_via_white_list`` BGP community.\n\n- Fix: on OpenBGPD configurations, in case of duplicate definition of a client's AS-SETs, duplicate BGP informational communities were added after the IRR validation process.\n\nv0.13.0\n-------\n\n- New feature: an option to set RFC1997 well-known communities (NO_EXPORT/NO_ADVERTISE) handling policy: pass-through or strict RFC1997 behaviour.\n\n This **breaks backward compatibility**: previously, NO_EXPORT/NO_ADVERTISE communities were treated accordingly to the default implementation of the BGP speaker daemon (BIRD, OpenBGPD). Now, ARouteServer's default setting is to treat routes tagged with those communities transparently, that is to announce them to other clients and to pass-through the original RFC1997 communities.\n\n- Improvement: when using PeeringDB records to configure the max-prefix limits, a margin is took into account to accomodate networks that fill the PeeringDB records with their exact route announcement count.\n\n This **breaks backward compatibility**: if using max-prefix from PeeringDB, current limits will be raised by the default increment values (+100, +15%): this behaviour can be reverted to the pre-v0.13.0 situation by explicitly setting the ``max_prefix.peering_db.increment`` configuration section to ``0/0``.\n\n Related: `issue #12 on GitHub <https://github.com/pierky/arouteserver/issues/12>`_.\n\n- New feature: client-level white lists for IRRdb-based filters.\n\n This allows to manually enter routes that must always be accepted by IRRdb-level checks and prefixes and ASNs that must be treated as if they were included within client's AS-SETs.\n\n Related: `issue #16 on GitHub <https://github.com/pierky/arouteserver/issues/16>`_.\n\nv0.12.3\n-------\n\n- Improvement: always take the AS*n* macro into account when building IRRdb-based filters.\n\n Related: `issue #15 on GitHub <https://github.com/pierky/arouteserver/issues/15>`_.\n\nv0.12.2\n-------\n\n- Fix: an issue on OpenBGPD builder class was preventing features offered via large BGP communities only from being actually implemented into the final configuration.\n\n Related: `issue #11 on GitHub <https://github.com/pierky/arouteserver/issues/11>`_.\n\nv0.12.1\n-------\n\n- Fix an issue that was impacting templates upgrading under certain circumstances.\n\n Related: `issue #10 on GitHub <https://github.com/pierky/arouteserver/issues/10>`_.\n\nv0.12.0\n-------\n\n- OpenBGPD 6.2 support.\n\n- New feature: `Graceful BGP session shutdown <https://tools.ietf.org/html/draft-ietf-grow-bgp-gshut-11>`_ support, to honor GRACEFUL_SHUTDOWN communities received from clients and also to perform graceful shutdown of the route server itself (``--perform-graceful-shutdown`` `command line argument <https://arouteserver.readthedocs.io/en/latest/USAGE.html#perform-graceful-shutdown>`__).\n\nv0.11.0\n-------\n\n- Python 3.4 support.\n\n- Improvement: GT registry removed from the sources used to gather info from IRRDB.\n\n Related: `PR #8 on GitHub <https://github.com/pierky/arouteserver/pull/8>`_.\n\n- Improvement: multiple AS-SETs used for the same client are now grouped together and queried at one time.\n This allows to leverage bgpq3's ability and speed to aggregate results in order to have smaller configuration files.\n\nv0.10.0\n-------\n\n- New feature: when IRRDB-based filters are enabled and no AS-SETs are configured for a client, if the ``cfg.filtering.irrdb.peering_db`` option is set ARouteServer tries to fetch their values from the client's ASN record on PeeringDB.\n\n Related: `issue #7 on GitHub <https://github.com/pierky/arouteserver/issues/7>`_.\n\n- Improvement: config building process performances,\n\n - reduced memory consumption by moving IRRDB information from memory to temporary files;\n\n - responses for empty/missing resources are also cached;\n\n - fix a wrong behaviour that led to multiple PeeringDB requests for the same ASN.\n\n- Improvement: ``clients-from-euroix`` command, the new ``--merge-from-peeringdb`` option can be used to integrate missing information into the output clients list by fetching AS-SETs and max-prefix limit from PeeringDB.\n\nv0.9.3\n------\n\n- Fix: OpenBGPD, an issue was causing values > 65535 to be used in standard BGP communities matching.\n\nv0.9.2\n------\n\n- Fix: remove quotes from clients description.\n\n- Fix: OpenBGPD, syntax error for prefix lists with 'range X - X' format.\n\n- Fix: ``clients-from-euroix`` command, members with multiple ``vlan`` objects with the same ``vlan_id`` were not properly listed in the output, only the first object was used.\n\nv0.9.1\n------\n\n- Improvement: BIRD, new default debug options (``states, routes, filters, interfaces, events``, was ``all``).\n\n If needed, they can be overwritten using the ``header`` `custom .local file <https://arouteserver.readthedocs.io/en/latest/CONFIG.html#site-specific-custom-config>`_.\n\n- Fix: *enrichers* errors handling reported a generic message with no further details.\n\n- Fix: HTTP 404 error handling for \"Entity not found\" error from PeeringDB.\n\n- Fix: OpenBGPD, large prefix lists were causing a \"string too long\" error.\n\n- Fix: OpenBGPD, clients descriptions longer than 31 characters were not properly truncated.\n\nv0.9.0\n------\n\n- New feature: RTT-based communities to control propagation of routes on the basis of peers round trip time.\n\n- Improvement: in conjunction with the \"tag\" reject policy, the ``rejected_route_announced_by`` BGP community can be used to track the ASN of the client that announced an invalid route to the server.\n\n- Fix: when the \"tag\" reject policy is used, verify that the ``reject_cause`` BGP community is also set.\n\nv0.8.1\n------\n\n- Fix: default user configuration path not working.\n\nv0.8.0\n------\n\n- New feature: `reject policy <https://arouteserver.readthedocs.io/en/latest/CONFIG.html#reject-policy>`_ configuration option, to control how invalid routes must be treated: immediately discarded or kept for troubleshooting purposes, analysis or statistic reporting.\n\n- New tool: `invalid routes reporter <https://arouteserver.readthedocs.io/en/latest/TOOLS.html>`_.\n\n- Fix: the following networks have been removed from the bogons.yml file: 193.239.116.0/22, 80.249.208.0/21, 164.138.24.80/29.\n\nv0.7.0\n------\n\n- New feature: `custom BGP communities <https://arouteserver.readthedocs.io/en/latest/CONFIG.html#custom-bgp-communities>`_ can be configured on a client-by-client basis to tag routes entering the route server (for example, for informative purposes).\n- Fix: validation of BGP communities configuration for OpenBGPD.\n\n Error is given if a peer-AS-specific BGP community overlaps with another community, even if the last part of the latter is a private/reserved ASN.\n- Improvement: the custom ``!include <filepath>`` statement can be used now in YAML configuration files to include other files.\n\n More details `here <https://arouteserver.readthedocs.io/en/latest/CONFIG.html#yaml-files-inclusion>`__.\n- Improvement: IRRDB-based filters can be configured to allow more specific prefixes (``allow_longer_prefixes`` option).\n\nv0.6.0\n------\n\n- OpenBGPD 6.1 support: enable large BGP communities support.\n- Improvement: the ``clients-from-peeringdb`` command now uses the `IX-F database <http://www.ix-f.net/ixp-database.html>`_ to show a list of IXP and their PeeringDB ID.\n- Improvement: enable NEXT_HOP rewriting for IPv6 blackhole filtering requests on OpenBGPD after `OpenBSD 6.1 fixup <https://github.com/openbsd/src/commit/f1385c8f4f9b9e193ff65d9f2039862d3e230a45>`_.\n\n Related: `issue #3 <https://github.com/pierky/arouteserver/issues/3>`_.\n- Improvement: BIRD, client-level `.local file <https://arouteserver.readthedocs.io/en/latest/CONFIG.html#site-specific-custom-config>`_.\n- Improvement: next-hop checks, the ``authorized_addresses`` option allows to authorize IP addresses of non-client routers for NEXT_HOP attribute of routes received from a client.\n\nv0.5.0\n------\n\n- Fix: avoid the use of standard communities in the range 65535:x.\n- Improvement: option to set max-prefix restart timer for OpenBGPD.\n- Deleted feature: tagging of routes a' la RPKI-Light has been removed.\n\n - The ``reject_invalid`` flag, that previously was on general scope only, now can be set on a client-by-client basis.\n - The ``roa_valid``, ``roa_invalid``, and ``roa_unknown`` communities no longer exist.\n\n Related: `issue #4 on GitHub <https://github.com/pierky/arouteserver/issues/4>`_\n\n This **breaks backward compatibility**.\n\n- New feature: `BIRD hooks <https://arouteserver.readthedocs.io/en/latest/CONFIG.html#bird-hooks>`_ to add site-specific custom implementations.\n- Improvement: `BIRD local files <https://arouteserver.readthedocs.io/en/latest/CONFIG.html#site-specific-custom-config>`_.\n\n This **breaks backward compatibility**: previously, \\*.local, \\*.local4 and \\*.local6 files that were found in the same directory where the BIRD configuration was stored were automatically included. Now, only the header([4|6]).local and footer([4|6]).local files are included, depending on the values passed to the ``--use-local-files`` command line argument.\n- Improvement: ``setup`` command and program's configuration file.\n\n The default path of the cache directory (*cache_dir* option) has changed: it was ``/var/lib/arouteserver`` and now it is ``cache``, that is a directory which is relative to the *cfg_dir* option (by default, the directory where the program's configuration file is stored).\n\nv0.4.0\n------\n\n- OpenBGPD support (some `limitations <https://arouteserver.readthedocs.io/en/latest/CONFIG.html#caveats-and-limitations>`_ apply).\n- Add MD5 password support on clients configuration.\n- The ``build`` command used to generate route server configurations has been removed in favor of BGP-speaker-specific sub-commands: ``bird`` and ``openbgpd``.\n\nv0.3.0\n------\n\n- New ``--test-only`` flag for builder commands.\n- New ``--clients-from-euroix`` `command <https://arouteserver.readthedocs.io/en/latest/USAGE.html#create-clients-yml-file-from-euro-ix-member-list-json-file>`_ to build the ``clients.yml`` file on the basis of records from an `Euro-IX member list JSON file <https://github.com/euro-ix/json-schemas>`_.\n\n This also allows the `integration <https://arouteserver.readthedocs.io/en/latest/USAGE.html#ixp-manager-integration>`_ with `IXP-Manager <https://github.com/inex/IXP-Manager>`_.\n- New BGP communities: add NO_EXPORT and/or NO_ADVERTISE to any client or to specific peers.\n- New option (set by default) to automatically add the NO_EXPORT community to blackhole filtering announcements.\n\nv0.2.0\n------\n\n- ``setup-templates`` command to just sync local templates with those distributed within a new release.\n- Multithreading support for tasks that acquire data from external sources (IRRDB info, PeeringDB max-prefix).\n\n Can be set using the ``threads`` option in the ``arouteserver.yml`` configuration file.\n- New ``template-context`` command, useful to dump the list of context variables and data that can be used inside a template.\n- New empty AS-SETs handling: if an AS-SET is empty, no errors are given but only a warning is logged and the configuration building process goes on.\n\n Any client with IRRDB enforcing enabled and whose AS-SET is empty will have its routes rejected by the route server.\n\nv0.1.2\n------\n\n- Fix local files usage among IPv4/IPv6 processes.\n\n Before of this release, only *.local* files were included into the route server configuration, for both the IPv4 and IPv6 configurations.\n After this, *.local* files continue to be used for both the address families but *.local4* and *.local6* files can also be used to include IP version specific options, depending on the IP version used to build the configuration. Details `here <https://arouteserver.readthedocs.io/en/latest/CONFIG.html#site-specific-custom-configuration-files>`__.\n\nTo upgrade:\n\n.. code:: bash\n\n # pull from GitHub master branch or use pip:\n pip install --upgrade arouteserver\n\n # install the new template files into local system\n arouteserver setup\n\nv0.1.1\n------\n\n- Add local static files into the route server's configuration.\n\nv0.1.0\n------\n\n- First beta version.\n\nv0.1.0a11\n---------\n\n- The ``filtering.rpsl`` section of general and clients configuration files has been renamed into ``filtering.irrdb``.\n- The command line argument ``--template-dir`` has been renamed into ``--templates-dir``.\n- New options in the program's configuration file: ``bgpq3_host`` and ``bgpq3_sources``, used to set bgpq3 ``-h`` and ``-S`` arguments when gathering info from IRRDBs.\n\nv0.1.0a10\n---------\n\n- New command to build textual representations of configurations: ``html``.\n\nv0.1.0a9\n--------\n\n- New command to initialize a custom live test scenario: ``init-scenario``.\n\nv0.1.0a8\n--------\n\n- New feature: selective path prepending via BGP communities.\n- The ``control_communities`` general option has been removed: it was redundant.\n\nv0.1.0a7\n--------\n\n- Improved communities configuration and handling.\n- Fix issue on standard communities matching against 32-bit ASNs.\n- Fix issue on IPv6 prefix validation.\n\nv0.1.0a6\n--------\n\n- New feature: RPKI-based filtering/tagging.\n\nv0.1.0a5\n--------\n\n- New feature: transit-free ASNs filtering.\n- Program command line: subcommands + ``clients-from-peeringdb``.\n- More logging and some warning.\n\nv0.1.0a4\n--------\n\n- Fix issue with GTSM default value.\n- Add default route to bogons.\n- Better as-sets handling and cache handling.\n- Config syntax change: clients 'as' -> 'asn'.\n- AS-SETs at AS-level.\n- Live tests: path hiding mitigation scenario.\n- Improvements in templates.\n\nv0.1.0a3\n--------\n\n- Fix some cache issues.\n\nv0.1.0a2\n--------\n\n- Packaging.\n- System setup via ``arouteserver --setup``.\n\nv0.1.0a1\n--------\n\nFirst push on GitHub.\n",
"bugtrack_url": null,
"license": "GPLv3",
"summary": "A Python tool to automatically build (and test) configurations for BGP route servers.",
"version": "1.23.1",
"project_urls": {
"Download": "https://github.com/pierky/arouteserver",
"Homepage": "https://github.com/pierky/arouteserver"
},
"split_keywords": [
"bgp",
" route server",
" bird",
" ip routing",
" openbgpd",
" ixp",
" ix",
" internet exchange"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "61774f2505326f3d14021565e1a54711e18513fa3778e8d0822885539ab23846",
"md5": "8e722c42cbfaeaf1ec8b89fd25cd68bd",
"sha256": "1ea505fb34222a1dbf6bbe9ee1c3530530b39814f0f85082bddec59df04c548c"
},
"downloads": -1,
"filename": "arouteserver-1.23.1.tar.gz",
"has_sig": false,
"md5_digest": "8e722c42cbfaeaf1ec8b89fd25cd68bd",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 267828,
"upload_time": "2024-09-06T17:24:13",
"upload_time_iso_8601": "2024-09-06T17:24:13.688869Z",
"url": "https://files.pythonhosted.org/packages/61/77/4f2505326f3d14021565e1a54711e18513fa3778e8d0822885539ab23846/arouteserver-1.23.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-09-06 17:24:13",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "pierky",
"github_project": "arouteserver",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [],
"lcname": "arouteserver"
}