FRR Release 10.0

We are pleased to announce FRR release 10.0.

FRR 10.0 brings a long list of enhancements and fixes with 938 commits from 54 developers. Thanks to all contributors.

Debian Packages - https://deb.frrouting.org

RPM Packages - https://rpm.frrouting.org

Snaps - https://snapcraft.io/frr

Docker - quay.io/frrouting/frr:10.0.0

Release Overview

Breaking changes

per-daemon config files no longer supported

Writing configuration works only with the unified configuration file frr.conf. I.e, writing to per-daemon config files is no longer supported.

noprefixroute flag for interface prefixes with NetworkManager

More details here.

Enable enforce-first-as by default for BGP

More details here.

A complete log of changes can be found by browsing the commit history of the FRR 10.0 tag here

Deprecate ConfD

ConfD is not supported anymore and its use is discouraged by developers.

Introduce local host routes

Host routes are needed on the router that owns the IP address to process packets destined for that IP address. redistribute local is also possible to redistribute local host routes into protocols.

Require libyang 2.1.128

In previous releases, we said that 2.1.80 is good, and 2.1.111 is bad (do not use this version). Now we recommend and even require 2.1.128 which is again good.

Log files per daemon

Configure file logging for a single FRR daemon.

More details are here.

BGP BMP Loc-RIB (RFC9069) support

The Loc-RIB contains the routes that have been selected by the local BGP speaker's Decision Process.

More details are here.

eBGP-OAD (One Administrative Domain) support

Add support for a new External BGP (EBGP) peering type known as EBGP-OAD, which is used between two EBGP peers that belong to One Administrative Domain (OAD). This is the implementation of this draft.

This implementation allows iBGP and non-transitive attributes to be optionally exchanged.

More details are here.

BGP RPKI VRF support

Now RPKI for BGP can be configured per-VRF.

More details are here.

BGP SNMP traps for BGP4-MIBV2

Recently added support for this draft got the support for SNMP traps in this release.

More details are here.

Management (mgmtd) daemon replace operation support

BGP dynamic capabilities for addpath, fqdn, orf capabilities

The previous release added support for BGP Graceful-Restart, Long-lived Graceful-Restart, and Role capabilities to be managed via BGP dynamic capabilities. With this release, we add support for AddPath, FQDN, and ORF capabilities.

E.g. to change the AddPath/ORF (Outbound Route Filtering) capability's flags, a session reset is not needed if the dynamic capability is enabled between the peers.

SRv6 encapsulation source address feature

Configure the source address of the outer encapsulating IPv6 header.

More details are here.

OSPFv3 Point-To-Multipoint mode

Add an ability to set the network type to point-to-multipoint for an interface.

More details are here.

Other significant changes

bgpd

• Add clear bgp capabilities command to resend some dynamic capabilities link
• Add debug bgp updates detail command link
• Add debug bgp updates <in|out> <X.Y.Z.W> prefix-list <NAME> command link
• Add neighbor capability fqdn command link
• Add redistribute table-direct support link
• Fix match ip address ... + match evpn ... commands for EVPN
• Remove aggregated (summary-only) suppressed routes from EVPN

mgmtd

• Implement full XPATH 1.0 predicate functionality
• Output staticd configuration from mgmtd

ospfd

• Fix crash in OSPF TE parsing

ospf6d

• Advertise local addresses with la bit
• Set loopback interface cost to 0
• Let the user override interface cost for a loopback

pathd

• Add dynamic candidate path metric [computed] keyword link
• Add no msd command in the pcc context
• Add no pcep command

vtysh

• Send interface commands to mgmtd

watchfrr

• Extend the ignore option to the daemon being killed

zebrad

• Add mpls label dynamic-block command link
• Add JSON support to show debugging label-table link
• Add zebra to mgmtd oper-state
• Allow longer prefix matches for the next hops
• Push all configured IP addresses when the interface comes up
• Remove static ARP entries on interface-down events
• Support to listen teamd netlink message as bond type
• Fix crash when macvlan link-interface is in another netns

FRR Release 9.0.2

We are pleased to announce FRR release 9.0.2.

Debian Packages - https://deb.frrouting.org

RPM Packages - https://rpm.frrouting.org

Snaps - https://snapcraft.io/frr

Docker - quay.io/frrouting/frr:9.0.2

Fixed CVE-2023-47235

More details: https://frrouting.org/security/cve-2023-47235

Bug Fixes

bgpd

• Fix aggregate-address summary-only suppressed export to EVPN
• Allow using attribute number 255 for path attr discard/withdraw cmds
• Check mandatory attributes more carefully for the UPDATE message
• Do not suppress conditional advertisement updates if triggered
• Fix Extended community memory leak
• Fix the no set as-path prepend command
• Fix heap-use-after-free for bgp_best_selection()
• Fix crash in SNMP BGP4V2-MIB bgpv2PeerErrorsTable()
• Fix clear bgp ipv6 unicast ... command
• Flush attributes only if we don't have to announce a conditional route (avoid use-after-free)
• Free memory for SRv6 functions and locator chunks
• Handle MP_UNREACH_NLRI malformed packets with session reset
• Ignore handling NLRIs if we received the MP_UNREACH_NLRI attribute
• Initialise timebuf arrays to zeros for dampening reuse timer
• Initialise buffer in bgp_notify_admin_message() before using it
• LTTng add EVPN route trace events
• Make sure dampening is enabled for the specified AFI/SAFI
• Use proper AFI when dumping information for dampening stuff
• Treat the AS4-PATH attribute as withdrawn if malformed
• Treat PMSI tunnel attribute as withdrawn if malformed
• Treat EOR as withdrawn to avoid unwanted handling of malformed attrs

eigrpd

• Use the correct memory pool on interface deletion

mgmtd

• Change mgmtd_vty_port to 2623
• Fix crash on show mgmtd datastore-contents

ospf6d

• Fix setting of the forwarding address in as-external LSAs
• Set loopback interface cost to 0

ospfd

• Fixing infinite loop when listing OSPF interfaces

pathd

• Add no msd command
• Add no pcep command

pbrd

• Fix show pbr map detail json command
• Free memory in pbr_map_delete()

pim6d

• Fix valgrind issues

pimd

• Fix missing pimreg interface

tools

• Fix the frr-reload interface description command
• Fix the frr-reload route-map description command
• Make --quiet actually suppress output

vtysh

• Fix entering configuration node in file-lock mode
• Fix configure terminal argument descriptions
• Fix working in file-lock mode
• Fix show route map json output

zebra

• Add encap type when building packet for FPM
• Display ptmStatus order in interface JSON
• Fix connected route deletion when multiple entry exists
• Fix FPM multipath encap addition
• Fix link update for veth interfaces
• Fix zebra crash when replacing nhe during shutdown
• Prevent null pointer dereference

FRR Release 8.5.4

We are pleased to announce FRR release 8.5.4.

Debian Packages - https://deb.frrouting.org

RPM Packages - https://rpm.frrouting.org

Snaps - https://snapcraft.io/frr

Docker - quay.io/frrouting/frr:8.5.4

Fixed CVE-2023-47235

More details: https://frrouting.org/security/cve-2023-47235

Bug Fixes

bgpd

• Check mandatory attributes more carefully for the UPDATE message
• Do not suppress conditional advertisement updates if triggered
• Fix crash in SNMP BGP4V2-MIB bgpv2PeerErrorsTable()
• Handle MP_UNREACH_NLRI malformed packets with session reset
• Ignore handling NLRIs if we received the MP_UNREACH_NLRI attribute
• Initialise timebuf arrays to zeros for dampening reuse timer
• Initialise buffer in bgp_notify_admin_message() before using it
• Make sure dampening is enabled for the specified AFI/SAFI
• Use proper AFI when dumping information for dampening stuff
• Treat EOR as withdrawn to avoid unwanted handling of malformed attrs

eigrpd

• Use the correct memory pool on interface deletion

vtysh

• Fix show route map JSON output

ospfd

• Fix infinite loop when listing OSPF interfaces

pbrd

• Fix show pbr map detail json output

zebra

• Add encap type when building packet for FPM
• Display ptmStatus order in interface JSON
• Fix connected route deletion when multiple entry exists
• Fix FPM multipath encap addition
• Fix link update for veth interfaces
• Fix zebra crash when replacing nhe during shutdown
• Prevent null pointer dereference

FRR 9.1 Release

We are pleased to announce FRR release 9.1.

FRR 9.1 brings a long list of enhancements and fixes with 941 commits from 73 developers. Thanks to all contributors.

Debian Packages - https://deb.frrouting.org

RPM Packages - https://rpm.frrouting.org

Snaps - https://snapcraft.io/frr

Docker - quay.io/frrouting/frr:9.1.0

Release Overview

OSPFv2 HMAC-SHA Cryptographic Authentication

Specify that HMAC cryptographic authentication must be used on a specific interface using a key chain.

More details are here.

BGP MAC-VRF Site-Of-Origin support

In some EVPN deployments, it is useful to associate a logical VTEP’s Layer 2 domain (MAC-VRF) with a Site-of-Origin “site” identifier. This provides a BGP topology-independent means of marking and import-filtering EVPN routes originating from a particular L2 domain. One situation where this is valuable is when deploying EVPN using anycast VTEPs, i.e. Active/Active MLAG, as it can be used to avoid ownership conflicts between the two control planes (EVPN vs MLAG).

More details are here.

BGP Dynamic capability support

Added support for Graceful-Restart, Long-lived Graceful-Restart, Software-version, and Role BGP capabilities to be adjusted dynamically using BGP dynamic capability.

Dynamic BGP capability allows the dynamic update of capabilities over an established BGP session. This capability would facilitate non-disruptive capability changes by BGP speakers.

Here is the draft implemented.

IS-IS SRv6 uSID support (RFC 9352)

The Segment Routing (SR) architecture allows a flexible definition of the end-to-end path by encoding it as a sequence of topological elements called "segments". It can be implemented over the MPLS or the IPv6 data plane. This feature enables extensions in IS-IS to support Segment Routing over the IPv6 data plane (SRv6) as per RFC 9352.

More details are here.

Next-hop resolution via the default route

Changed the default for a traditional profile to be enabled. The datacenter profile is left as disabled.

More details are on the links link, link.

Add support for VLAN, ECN, DSCP mangling/filtering

PBR maps are a way to specify a set of rules that are applied to packets received on individual interfaces. If a received packet matches a rule, the rule’s next-hop-group or next-hop is used to forward it; any other actions specified in the rule are also applied to the packet.

With this change, we added more commands for PBR maps, like matching src-ip, dst-ip, src-port, dst-port, vlan, dscp, ecn, and more.

More details are here.

libyang 2.1.80 related breaking changes

prefix-list matching in route-maps is fundamentally broken with libyang 2.1.111. If you have this version, please downgrade to the most stable version 2.1.80.

More details CESNET/libyang#2090

Other significant changes

• Zebra support for route replace semantics in FPM link
• New command for BGP neighbor x addpath-tx-best-selected link
• New command for BGP mpls bgp l3vpn-multi-domain-switching link
• A couple more new BGP route-map commands:
  • set as-path exclude all link
  • set as-path exclude as-path-access-list link
  • set extended-comm-list delete link
  • set as-path replace <any|ASN> [<ASN>] link
  • set as-path replace as-path-access-list WORD [<ASN>] link
  • match community-list X any UPDATE

Deprecations

• Deprecate pre-standard outbound route filtering capability
• Deprecate pre-standard route refresh capability
• Drop deprecated capability

A complete log of changes can be found by browsing the commit history of the FRR 9.1 tag here

FRR Release 9.0.1

We are pleased to announce FRR release 9.0.1

Debian Packages - https://deb.frrouting.org

RPM Packages - https://rpm.frrouting.org

Snaps - https://snapcraft.io/frr

Docker - quay.io/frrouting/frr:9.0.1

Bug Fixes

bgpd

• Add peers back to peer hash when peer_xfer_conn fails
• Check the length of the rcv software version
• Do not explicitly print maxttl value for ebgp-multihop vty output
• Do not process nlris if the attribute length is zero
• Don't read the first byte of orf header if we are ahead of stream
• Evpn code was not properly unlocking rd_dest
• Fix show bgp all rpki notfound
• Make sure we have enough data to read two bytes when validating aigp
• Use treat-as-withdraw for tunnel encapsulation attribute

zebra

• Fix evpn nexthop config order

lib

• Allow unsetting walltime-warning and cpu-warning

ospfd

• Prevent use after free( and crash of ospf ) when no router ospf

pimd

• Prevent crash when receiving register message when the rp() is unknown
• When receiving a packet be more careful with length in pim_pim_packet

vtysh

• Print uniq lines when parsing no service ...

FRR release 8.5.3

We are pleased to announce FRR release 8.5.3

Debian Packages - https://deb.frrouting.org

RPM Packages - https://rpm.frrouting.org

Snaps - https://snapcraft.io/frr

Docker - quay.io/frrouting/frr:8.5.3

Bug Fixes

bgpd

• Add peers back to peer hash when peer_xfer_conn fails
• Do not explicitly print maxttl value for ebgp-multihop vty output
• Do not process nlris if the attribute length is zero
• Do not try to redistribute routes if we are shutting down
• Don't read the first byte of orf header if we are ahead of stream
• Evpn code was not properly unlocking rd_dest
• Fix show bgp all rpki notfound
• Fix session reset issue caused by malformed core attributes
• Free bgp vpn policy
• Free previously dup'ed aspath attribute for aggregate routes
• Free temporary memory after using argv_concat()
• Intern attributes before putting into rib-out
• Make sure we have enough data to read two bytes when validating aigp
• Prevent use after free
• Rfapi memleak fixes, clean ce tables at exit
• Unlock dest if we return earlier for aggregate install
• Use treat-as-withdraw for tunnel encapsulation attribute

zebra

• Fix evpn nexthop config order
• Abstract dplane_ctx_route_init to init route without copying
• Fix crash when dplane_fpm_nl fails to process received routes
• Further handle route replace semantics
• Fix command ipv6 nht xxx

lib

• Allow unsetting walltime-warning and cpu-warning
• Skip route-map optimization if !af_inet(6)
• Use max_bitlen instead of magic number

ospf6d

• Fix crash because neighbor structure was freed
• Stop crash in ospf6_write

ospfd

• Check for nulls in vty code
• Prevent use after free( and crash of ospf ) when no router ospf

pbrd

• Fix crash with match command

pimd

• Prevent crash when receiving register message when the rp() is unknown
• When receiving a packet be more careful with length in pim_pim_packet

ripd, ripngd

• Revert "Cleanup memory allocations on shutdown"

tools

• Add what frr thinks as the fib routes for support_bundle

vtysh

• Print uniq lines when parsing no service ...

FRR 9.0 Release

We are pleased to announce FRR release 9.0.

FRR 9.0 brings a long list of enhancements and fixes with 942 commits from 70 developers. Thanks to all contributors.

Debian Packages - https://deb.frrouting.org

RPM Packages - https://rpm.frrouting.org

Snaps - https://snapcraft.io/frr

Docker - quay.io/frrouting/frr:9.0.0

Release Overview

Centralized Management Daemon

A new daemon called mgmtd has been added paving the way for a new northbound yang-based management interface. staticd has been converted to use mgmtd with more daemons to follow future releases. If you use custom configuration paths you may need to adapt these to use mgmtd. See the documentation for more info.

Switched to libyang minimum version 2.1.80!

The required minimum version for libyang is raised to 2.1.80. RPM/DEB packages are published on our repositories. Docker images are built using 2.1.80 also.

Memory footprint for BGP reduced drastically!

In FRR 8.4 release, we shipped Extended Message Support for BGP, which increased the memory usage significantly. In FRR 9.0 release, the memory footprint is back to normal again. We removed the unused structure fields that consumed a huge amount of memory unnecessarily.

Other significant changes

• Introduce mgmtd daemon link
• Add BGP neighbor path-attribute treat-as-withdraw command link
• Add BGP ASN dot notation support (RFC 5396) link
• Add BGP Software Version capability (draft-abraitis-bgp-version-capability) link
• Allow BGP peering via 127.0.0.0/8 link
• Deprecate BGP internet community - this is the Cisco-specific community, which is never been RFC-defined and confusing
• Implement match source-protocol for BGP route maps link
• Implement BGP Node Target extended communities (draft-ietf-idr-node-target-ext-comm) link
• Implement Flex-Algo for SR-MPLS (RFC 9350) link
• Add support for IS-IS advertise-passive-only link
• Add IS-IS affinity-map support link
• Add the graceful-restart hello-delay OSPFv2/OSPFv3 command link, link
• Add the ipv6 mld join PIMv6 command link
• Add allow-ecmp x RIP/RIPng command link, link
• Add BFD support for RIP

Memory leak fixes for BGP and other protocols.

New CLI debug and show commands were added and/or fixed.

Dropping package builds for EOL Debian 9 and Ubuntu 18.04.

A full log of changes can be found by browsing the commit history of the FRR 9.0 tag here

FRR 8.5.2 Release

We are pleased to announce FRR release 8.5.2

Debian Packages - https://deb.frrouting.org

RPM Packages - https://rpm.frrouting.org

Snaps - https://snapcraft.io/frr

Docker - quay.io/frrouting/frr:8.5.2

Attention

With the 8.5.0 release, the new BGP attribute AIGP (Accumulated IGP Metric Attribute) was introduced. This new attribute was mistakenly set as Transitive. This was fixed (53afb27) with the 8.5.2 release, but it's not backward-compatible between 8.5.x versions. We suggest using only the latest version of the 8.5 release.

If you see such errors/notifications, upgrade to the latest 8.5.x versions, and avoid using 8.5.0, and 8.5.1.

AIGP attribute must be flagged as "Transitive"

%NOTIFICATION: received from neighbor X.Y.Z.W 3/4 (UPDATE Message Error/Attribute 
Flags Error) 14 bytes 80 1a 0b 01 00 0b 00 00 00 00 00 00 00 01

(This affects only iBGP sessions).

Bug Fixes

bfdd

• Fix malformed session with vrf
• Remove redundant nb destroy callbacks

bgpd

• Ensure stream received has enough data
• Fix bgpd core when unintern attr
• Fix the json output of show bgp all json to be in a valid format
• Make sure aigp attribute is non-transitive
• Using no pretty json output for l2vpn-evpn routes

lib

• Fix memory leak in in link state
• Fix vtysh core when handling questionmark
• Link state memory corruption

ospfd

• Fix interface param type update
• Fix memory leaks w/ show ip ospf int x json commands
• Ospf opaque lsa stale processing fix and topotests.
• Respect loopback's cost that is set and set loopback costs to 0

pim6d

• Fix crash in ipv6 pim command

pimd

• Pim not sending register packets after changing from non dr to dr

tools

• Fix list value remove in frr-reload

vtysh

• Give actual pam error messages

zebra

• Evpn handle del event for dup detected mac
• Fix dp_out_queued counter to actually reflect real life
• Fix evpn dup detected local mac del event
• Reduce creation and fix memory leak of frrscripting pointers
• Unlock the route node when sending route notifications

FRR 8.5.1 Release

We are pleased to announce FRR release 8.5.1

Debian Packages - https://deb.frrouting.org

RPM Packages - https://rpm.frrouting.org

Snaps - https://snapcraft.io/frr

Docker - quay.io/frrouting/frr:8.5.1

Bug Fixes

bgpd

• Fix crash due to community aliases size
• Aggregate-address memory leak fix
• Bmp fix peer-up ports byte order
• Check 7 bytes for long-lived graceful-restart capability
• Copy the password from the previous peer on peer_xfer_config()
• Do not allow a no router bgp xxx when autoimport is happening
• Do not allow l3vni changes when shutting down
• Do not announce routes immediatelly on filter updates
• Do not call bgp_soft_reconfig_in() twice in a row on policy change
• Evpn-mh esi not active suppress ead-es route
• Fix crash for show bgp ... neighbor received-routes detail|prefix
• Fix debug output for route-map names when using a unsuppress-map
• Fix ecommunity parsing for as4
• Fix for ain->attr corruption during path update
• Increase buffer size used for dumping bgp to mrt files
• Limit flowspec to no attribute means a implicit withdrawal
• Prevent null pointer deref when outputting data

lib

• Adjust only any flag for prefix-list entries if destroying
• Destroy any flag when creating a prefix-list entry with prefix
• Fix clear route-map cmd using defpy
• Fix link state memory leak
• Include clippy generated commands for routemap.c
• On bfd peer shutdown actually stop event

ospfd

• Cleanup some memory leaks on shutdown in ospf_apiserver.c
• Fix for vitual-link crash in signal handler
• Fix ospf_lsa memory leak
• Fix ospf_ti_lfa drop of an entire table
• Fixing summary origination after range configuration
• Free up q_space in early return path
• Log adjacency changes with neighbor ip in addition to neighbor id

pbrd

• Fix mismatching in match src-dst

pim6d

• Fixing mroutes not created after disabling and enabling pimv6.

pimd

• Fix use after free issue for ifp's moving vrfs
• In_multicast needs host order
• Process no-forward bsm packet

ripd

• Fix malformed route-map
• Fix memory leak for ripd's route-map

staticd

• Tell bfd that we are shutting down

tools

• Fix missing remote-as configuration when reload
• Frr-reload fix list value not present
• Make check flag really work for reload
• Set correct directory of vtysh for frr-reload.py

zebra

• Add link_nsid to zebra interface
• Cleanup ctx leak on shutdown and turn off event
• Evpn mh sync mac install as inactive
• Fix for heap-use-after-free in evpn
• Fix race during shutdown
• Install directly connected route after interface flap

FRR 8.5 Release

We are pleased to announce FRR release 8.5.

FRR 8.5 brings a long list of enhancements and fixes with 947+ commits from 68 developers. Thanks to all contributors.

Debian Packages - https://deb.frrouting.org

RPM Packages - https://rpm.frrouting.org

Snaps - https://snapcraft.io/frr

Docker - quay.io/frrouting/frr:8.5.0

Release Overview

This release includes several new features, improvements, and bug fixes for various protocols and daemons. Some notable changes include:

• Set the BGP Input/Output Queue limit for all peers when messaging parsing. Increase this only if you have the memory to handle large queues of messages at once. link1 link2
• Add support for per-VRF SRv6 SID. link
• Add BGP labeled-unicast Add-Path functionality
• Implementation of SNMP BGP4v2-MIB. link for better network management and monitoring
• Add BGP new command neighbor path-attribute discard. link
• Implement L3 route-target auto/wildcard configuration. link
• Implement BGP ACCEPT_OWN Community Attribute / rfc7611. link
• Implement The Accumulated IGP Metric Attribute for BGP / rfc7311. link
• Implement graceful-shutdown command per neighbor. link
• Add BGP new command to configure TCP keepalives for a peer bgp tcp-keepalive. link
• Traffic control (TC) ZAPI implementation
• SRv6 uSID (microSID) implementation. link
• Start deprecating start-shell ..., ssh ..., telnet ... commands due to security reasons
• Add VRRPv3 an ability to disable IPv4 pseudo-header checksum. link
• BFD integration for static routes. link
• Allow protocols to configure BFD sessions with automatic source selection
• Allow zero-length opaque LSAs for OSPF (rfc5250)
• Add ISIS new command set-overload-bit on-startup. link
• PIMv6 BSM support. link
• A lots of bugs, especially for PIM/PIMv6/BGP
• Many commands got VRF and/or JSON/detail output options support
• Several fixes for memory leaks and race conditions
• Improved the consistency of output for several commands

A full log of changes can be found by browsing the commit history of FRR 8.5 tag here