FRR Release 9.1.1

Fixed CVEs

• CVE-2024-31950
• CVE-2024-31951
• CVE-2024-31949

Bug Fixes

bgpd
    "default-originate" shouldn't withdraw non-default routes
    Aggr summary-only suppressed export to evpn
    Allow using optional table id for negative `no set table x` command
    Arrange peer notification to after zebra announce
    Check bgp evpn instance presence in soo
    Convert the bgp_advertise_attr->adv to a fifo
    Do not show tcp mss if the socket is broken
    Ensure bgp does not stop monitoring nexthops
    Ensure community data is freed in some cases.
    Ensure that the correct aspath is free'd
    Fix `match peer` when switching between ipv4/ipv6/interface
    Fix `no set as-path prepend asnum...`
    Fix bgp_best_selection heap-use-after-free
    Fix crash when deleting the srv6 locator
    Fix display when using `missing-as-worst`
    Fix dynamic peer graceful restart race condition
    Fix ecommunity_fill_pbr_action heap-buffer-overflow
    Fix error handling when receiving bgp prefix sid attribute
    Fix errors handling for mp/gr capabilities as dynamic capability
    Fix format overflow for graceful-restart debug logs
    Fix logging message when receiving a software version capability
    Fix no bgp as-path access-list  issue
    Fix route-map match probability deconfiguration callback
    Fix srv6 memory leak detection
    Fix the order of null check and zapi decode
    Fix vrf leaking with 'no bgp network import-check
    Free memory for srv6 functions and locator chunks
    Ignore validating the attribute flags if path-attribute is configured
    Include unsuppress-map as a valid outgoing policy
    Lttng tp add evpn route events
    Make `suppress-fib-pending` clear peering
    Note when receiving but not understanding a route notification
    Prevent from one more cve triggering this place
    Set correct ttl for the dynamic neighbor peers
    Update default-originate route-map actual map structure
    Revert "Fix pointer arithmetic in bgp snmp module"

doc
    Add param range for graceful-restart helper supported-grace-time
    Remove duplicated show route-map

isisd
    Fix _isis_spftree_del heap-use-after-free
    Fix dislaying lsp id
    Fix heap-after-free with prefix sid
    Fix ip/ipv6 reachability tlvs

lib
    Check for not being a blackhole route
    Fix show route map json output
    Do not convert evpn prefixes into ipv4/ipv6 if not needed
    Replace deprecated ares_gethostbyname
    Replace deprecated ares_process()

nhrpd
    Fix race condition
    Fix core dump on shutdown

ospf6d
    Ospfv3 route change comparision fixed for asbr-only change
    Prevent heap-buffer-overflow with unknown type

ospfd
    Add support for "no router-info [<area|as>] command"
    Can not delete "segment-routing node-msd" when sr if off
    Correct lsa parser which fulfill the ted
    Correct opaque lsa extended parser
    Correct sid check size
    Fix ospf dead-interval minimal hello-multiplier param range
    Fix the bug where ip_ospf_dead-interval_minimal_hello-multiplier did not reset hello timer
    Protect call to get_edge() in ospf_te.c
    Solved crash in ospf te parsing
    Solved crash in ri parsing with ospf te
    Revert "Fix some dicey pointer arith in snmp module"

pbrd
    Fix map seq installed flag in json
    Fix pbr handling for last rule deletion

pimd
    Fix crash unconfiguring rp keepalive timer
    Fix crash when configuring ssmpingd
    Fix dr-priority range
    Fix null register before aging out reg-stop
    Fix order of operations for evaluating join
    Re-evaluated s,g oils upon rp changes and for empty sg upstream oils
    Fix crash when mixing ssm/any-source joins

staticd
    Fix changing to source auto in bfd monitor

tests
    Check for 0.0.0.0/1 in bgp_default_route
    Check if ibgp session can drop invalid aigp attribute
    Extend tests for aspath exclude
    Update ospf te topotests

tools
    Apply black formatting for tools/frr-reload.py
    Fix frr-reload interface desc cmd
    Fix frr-reload multiple no description cmds
    Fix frr-reload multiple no description cmds
    Use error log level when failing to execute commands via frr-reload.py

topotests
    Do not check table version
    Redispatch tests in bfd_topo3
    Test wrong bfd source in bfd_topo3
    Vpnv4 route leaking with no import-check

vtysh
    Show `ip ospf network ...` even if it's not the same as the interface type

zebra
    Add missing whitespace when printing route entry status
    Deny the routes if ip protocol cli refers to an undefined rmap
    Don't deref vxlan-vni array
    Fix crash if macvlan link in another netns
    Fix crash on macvlan link down/up
    Fix evpn svd based remote nh neigh del
    Fix mpls command
    Fix route deletion during zebra shutdown
    The dplane_fpm_nl return path leaks memory

Full Changelog: frr-9.1...frr-9.1.1

FRR Release 9.0.3

Fixed CVEs

• CVE-2024-31950
• CVE-2024-31951

Bug Fixes

bgpd
    "default-originate" shouldn't withdraw non-default routes
    Arrange peer notification to after zebra announce
    Convert the bgp_advertise_attr->adv to a fifo
    Ensure community data is freed in some cases.
    Ensure that the correct aspath is free'd
    Fix `match peer` when switching between ipv4/ipv6/interface
    Fix display when using `missing-as-worst`
    Fix error handling when receiving bgp prefix sid attribute
    Fix format overflow for graceful-restart debug logs
    Fix route-map match probability deconfiguration callback
    Fix srv6 memory leak detection
    Include unsuppress-map as a valid outgoing policy
    Note when receiving but not understanding a route notification
    Prevent from one more cve triggering this place
    Set correct ttl for the dynamic neighbor peers
    Update default-originate route-map actual map structure

doc
    Add param range for graceful-restart helper supported-grace-time

isisd
    Fix dislaying lsp id
    Fix heap-after-free with prefix sid
    Fix ip/ipv6 reachability tlvs

lib
    Check for not being a blackhole route
    Do not convert evpn prefixes into ipv4/ipv6 if not needed
    Replace deprecated ares_gethostbyname
    Replace deprecated ares_process()

nhrpd
    Fix nhrp_peer leak
    Fix race condition

ospf6d
    Ospfv3 route change comparision fixed for asbr-only change
    Prevent heap-buffer-overflow with unknown type

ospfd
    Add support for "no router-info [<area|as>] command"
    Can not delete "segment-routing node-msd" when sr if off
    Correct lsa parser which fulfill the ted
    Correct opaque lsa extended parser
    Correct sid check size
    Fix ospf dead-interval minimal hello-multiplier param range
    Fix the bug where ip_ospf_dead-interval_minimal_hello-multiplier did not reset hello timer
    Protect call to get_edge() in ospf_te.c
    Solved crash in ospf te parsing
    Solved crash in ri parsing with ospf te

pbrd
    Fix map seq installed flag in json
    Fix pbr handling for last rule deletion

pimd
    Fix crash unconfiguring rp keepalive timer
    Fix crash when configuring ssmpingd
    Fix dr-priority range
    Fix null register before aging out reg-stop
    Fix order of operations for evaluating join
    Re-evaluated s,g oils upon rp changes and for empty sg upstream oils
    Fix crash when mixing ssm/any-source joins

staticd
    Fix changing to source auto in bfd monitor

tests
    Check for 0.0.0.0/1 in bgp_default_route
    Update ospf te topotests

tools
    Always append "exit" in frr-reload.py
    Apply black formatting for tools/frr-reload.py
    Fix frr-reload multiple no description cmds
    Fix key chain reload removal
    Fix ospf area stub summary in frr-reload
    Fix pim interface config deletion
    Use error log level when failing to execute commands via frr-reload.py

topotests
    Redispatch tests in bfd_topo3
    Test wrong bfd source in bfd_topo3

vtysh
    Show `ip ospf network ...` even if it's not the same as the interface type

zebra
    Add missing whitespace when printing route entry status
    Deny the routes if ip protocol cli refers to an undefined rmap
    Fix crash if macvlan link in another netns
    Fix crash on macvlan link down/up
    Fix nhg out of sync between zebra and kernel
    The dplane_fpm_nl return path leaks memory

Full Changelog: frr-9.0.2...frr-9.0.3

FRR Release 8.5.5

Fixed CVEs

• CVE-2024-31950
• CVE-2024-31951
• CVE-2024-31948

Bug Fixes

bgpd
    "default-originate" shouldn't withdraw non-default routes
    Ensure community data is freed in some cases.
    Ensure that the correct aspath is free'd
    Fix error handling when receiving bgp prefix sid attribute
    Fix format overflow for graceful-restart debug logs
    Fix null argument warning
    Include unsuppress-map as a valid outgoing policy
    Make `suppress-fib-pending` clear peering
    Prevent from one more cve triggering this place

doc
    Add param range for graceful-restart helper supported-grace-time

isisd
    Fix heap-after-free with prefix sid
    Need to link directly against libyang

lib
    Check for not being a blackhole route
    Do not convert evpn prefixes into ipv4/ipv6 if not needed

nhrpd
    Fix nhrp_peer leak
    Fix race condition
    Fix core dump on shutdown

ospf6d
    Ospfv3 route change comparision fixed for asbr-only change

ospfd
    Correct opaque lsa extended parser
    Fix ospf dead-interval minimal hello-multiplier param range
    Fix the bug where ip_ospf_dead-interval_minimal_hello-multiplier did not reset hello timer
    Protect call to get_edge() in ospf_te.c
    Solved crash in ri parsing with ospf te

pbrd
    Fix pbr handling for last rule deletion

pimd
    Fix crash unconfiguring rp keepalive timer
    Fix crash when configuring ssmpingd
    Fix dr-priority range
    Fix null register before aging out reg-stop
    Fix order of operations for evaluating join
    Re-evaluated s,g oils upon rp changes and for empty sg upstream oils

tests
    Check for 0.0.0.0/1 in bgp_default_route

vtysh
    Show `ip ospf network ...` even if it's not the same as the interface type

zebra
    Deny the routes if ip protocol cli refers to an undefined rmap
    Fix crash if macvlan link in another netns
    Fix nhg out of sync between zebra and kernel
    Re-install dependent nhgs on interface up
    Re-install nhg on interface up
    The dplane_fpm_nl return path leaks memory

Full Changelog: frr-8.5.4...frr-8.5.5

FRR Release 8.4.5

Fixed CVEs

• CVE-2024-31950
• CVE-2024-31951
• CVE-2023-38802
• CVE-2023-46752
• CVE-2023-46753
• CVE-2023-47235
• CVE-2024-31948

Bug Fixes

babeld
    Fix [#11808](https://github.com/FRRouting/frr/issues/11808) to avoid infinite loops

bgpd
    Check mandatory attributes more carefully for update message
    Do not explicitly print maxttl value for ebgp-multihop vty output
    Do not process nlris if the attribute length is zero
    Don't read the first byte of orf header if we are ahead of stream
    Ensure community data is freed in some cases.
    Ensure that the correct aspath is free'd
    Evpn code was not properly unlocking rd_dest
    Fix error handling when receiving bgp prefix sid attribute
    Fix null argument warning
    Fix session reset issue caused by malformed core attributes
    Fix use beyond end of stream of labeled unicast parsing
    Handle mp_reach_nlri malformed packets with session reset
    Ignore handling nlris if we received mp_unreach_nlri
    Include unsuppress-map as a valid outgoing policy
    Prevent from one more cve triggering this place
    Treat eor as withdrawn to avoid unwanted handling of malformed attrs
    Use enum bgp_create_error_code as argument in header
    Use treat-as-withdraw for tunnel encapsulation attribute

isisd
    Fix heap-after-free with prefix sid
    Staticd: need to link directly against libyang

lib
    Fix evpn nexthop config order
    Allow unsetting walltime-warning and cpu-warning
    Make cmd_element->attr a bitmask & clarify
    Replace deprecated ares_gethostbyname
    Replace deprecated ares_process()
  
nhrpd
    Fix nhrp_peer leak
    Fix core dump on shutdown
 
ospf6d
    Fix crash because neighbor structure was freed
    Fix uninitialized warnings
    Ospfv3 route change comparision fixed for asbr-only change
    Stop crash in ospf6_write

ospfd
    Check for nulls in vty code
    Correct opaque lsa extended parser
    Prevent use after free( and crash of ospf ) when no router ospf
    Protect call to get_edge() in ospf_te.c
    Solved crash in ospf te parsing
    Solved crash in ri parsing with ospf te

pimd
    Fix dr-priority range
    Fix null register before aging out reg-stop
    Fix order of operations for evaluating join
    Re-evaluated s,g oils upon rp changes and for empty sg upstream oils

ripd
    Revert "cleanup memory allocations on shutdown"

ripngd
    Revert "cleanup memory allocations on shutdown"

vtysh
    Print uniq lines when parsing `no service ...`

zebra
    Deny the routes if ip protocol cli refers to an undefined rmap
    Fix connected route deletion when multiple entry exists

Full Changelog: frr-8.4.4...frr-8.4.5

FRR Release 10.0.1

Fixed CVEs

• CVE-2024-31948
• CVE-2024-31949
• CVE-2024-31950
• CVE-2024-31951
• CVE-2024-27913
• CVE-2024-34088

Bug Fixes

bgpd
    Fix route leaking from the default l3vrf
    Allow using optional table id for negative `no set table x` command
    Apply noop when doing negative commands for gr operations
    Drop newline in json output for `show bgp afi safi json detail`
    Fix `match peer` when switching between ipv4/ipv6/interface
    Fix `no set as-path prepend asnum...`
    Fix crash when deleting the srv6 locator
    Fix display when using `missing-as-worst`
    Fix dynamic peer graceful restart race condition
    Fix logging message when receiving a software version capability
    Fix show run of network route-distinguisher
    Fix srv6 memory leaks spotted by asan
    Fix the order of null check and zapi decode
    Ignore validating the attribute flags if path-attribute is configured
    Inherit `capability software-version` flag from the peer-group
    Inherit `enforce-first-as` flag from the peer-group
    Move srv6 cleanup functions
    Print old/new states of graceful restart fsm
    Revert "Fix pointer arithmetic in bgp snmp module"

debian, redhat, snapcraft
    Libyang min version is 2.1.128

isisd
    Fix heap-after-free with prefix sid
    Fix ip/ipv6 reachability tlvs

lib
    Check for not being a blackhole route
    Fix exit commands
    Remove nb/yang memory cleanup when daemonizing
    Replace deprecated ares_gethostbyname
    Replace deprecated ares_process()

nhrpd
    Fix race condition
    Fix core dump on shutdown
    Clean up shortcut cache entries on termination

ospf6d
    Accept cli `no` for point-to-multipoint
    Fix defun formatting wrecked by clang
    Fix loopback/ptp/ptmp conn. route checks
    Force recalculate on interface_up
    Prevent heap-buffer-overflow with unknown
    Ospfv3 route change comparision fixed for asbr-only change

ospfd
    Correct opaque lsa extended parser
    Fix the bug where ip_ospf_dead-interval_minimal_hello-multiplier did not reset hello timer
    Protect call to get_edge() in ospf_te.c
    Solved crash in ri parsing with ospf te
    Revert "Fix some dicey pointer arith in snmp module"

pimd
    Fix crash unconfiguring rp keepalive timer
    Fix dr-priority range
    Fix null register before aging out reg-stop
    Fix order of operations for evaluating join
    Fix crash when mixing ssm/any-source joins

tests
    Check if ibgp session can drop invalid aigp attribute

tools
    Frr-reload strip interface vrf ctx line
    Handle seq num for bgp as-path in frr-reload.py

topotests
    Do not check table version

vtysh
    Check if bgpd is enabled before installing vtysh commands for rpki
    Fix `show route-map` command when calling via `do`
    Show `ip ospf network ...` even if it's not the same as the interface type

zebra
    Deny the routes if ip protocol cli refers to an undefined rmap
    Fix encoded dnssl length
    Fix evpn svd based remote nh neigh del
    Fix mpls command

Full Changelog: frr-10.0...frr-10.0.1

FRR Release 10.0

We are pleased to announce FRR release 10.0.

FRR 10.0 brings a long list of enhancements and fixes with 938 commits from 54 developers. Thanks to all contributors.

Debian Packages - https://deb.frrouting.org

RPM Packages - https://rpm.frrouting.org

Snaps - https://snapcraft.io/frr

Docker - quay.io/frrouting/frr:10.0.0

Release Overview

Breaking changes

per-daemon config files no longer supported

Writing configuration works only with the unified configuration file frr.conf. I.e, writing to per-daemon config files is no longer supported.

noprefixroute flag for interface prefixes with NetworkManager

Using NetworkManager can disrupt routing configurations where the noprefixroute flag is set, as NetworkManager automatically applies the noprefixroute flag by default. This behavior can interfere with custom routing rules and configurations that depend on the absence of this flag, leading to unintended routing issues. E.g. the next-hops might be resolved via incorrect interfaces (for instance, using a default route).

More details here.

Enable enforce-first-as by default for BGP

More details here.

A complete log of changes can be found by browsing the commit history of the FRR 10.0 tag here

Deprecate ConfD

ConfD is not supported anymore and its use is discouraged by developers.

Introduce local host routes

Host routes are needed on the router that owns the IP address to process packets destined for that IP address. redistribute local is also possible to redistribute local host routes into protocols.

Require libyang 2.1.128

In previous releases, we said that 2.1.80 is good, and 2.1.111 is bad (do not use this version). Now we recommend and even require 2.1.128 which is again good.

Log files per daemon

Configure file logging for a single FRR daemon.

More details are here.

BGP BMP Loc-RIB (RFC9069) support

The Loc-RIB contains the routes that have been selected by the local BGP speaker's Decision Process.

More details are here.

eBGP-OAD (One Administrative Domain) support

Add support for a new External BGP (EBGP) peering type known as EBGP-OAD, which is used between two EBGP peers that belong to One Administrative Domain (OAD). This is the implementation of this draft.

This implementation allows iBGP and non-transitive attributes to be optionally exchanged.

More details are here.

BGP RPKI VRF support

Now RPKI for BGP can be configured per-VRF.

More details are here.

BGP SNMP traps for BGP4-MIBV2

Recently added support for this draft got the support for SNMP traps in this release.

More details are here.

Management (mgmtd) daemon replace operation support

BGP dynamic capabilities for addpath, fqdn, orf capabilities

The previous release added support for BGP Graceful-Restart, Long-lived Graceful-Restart, and Role capabilities to be managed via BGP dynamic capabilities. With this release, we add support for AddPath, FQDN, and ORF capabilities.

E.g. to change the AddPath/ORF (Outbound Route Filtering) capability's flags, a session reset is not needed if the dynamic capability is enabled between the peers.

SRv6 encapsulation source address feature

Configure the source address of the outer encapsulating IPv6 header.

More details are here.

OSPFv3 Point-To-Multipoint mode

Add an ability to set the network type to point-to-multipoint for an interface.

More details are here.

Other significant changes

bgpd

• Add clear bgp capabilities command to resend some dynamic capabilities link
• Add debug bgp updates detail command link
• Add debug bgp updates <in|out> <X.Y.Z.W> prefix-list <NAME> command link
• Add neighbor capability fqdn command link
• Add redistribute table-direct support link
• Fix match ip address ... + match evpn ... commands for EVPN
• Remove aggregated (summary-only) suppressed routes from EVPN

mgmtd

• Implement full XPATH 1.0 predicate functionality
• Output staticd configuration from mgmtd

ospfd

• Fix crash in OSPF TE parsing

ospf6d

• Advertise local addresses with la bit
• Set loopback interface cost to 0
• Let the user override interface cost for a loopback

pathd

• Add dynamic candidate path metric [computed] keyword link
• Add no msd command in the pcc context
• Add no pcep command

vtysh

• Send interface commands to mgmtd

watchfrr

• Extend the ignore option to the daemon being killed

zebrad

• Add mpls label dynamic-block command link
• Add JSON support to show debugging label-table link
• Add zebra to mgmtd oper-state
• Allow longer prefix matches for the next hops
• Push all configured IP addresses when the interface comes up
• Remove static ARP entries on interface-down events
• Support to listen teamd netlink message as bond type
• Fix crash when macvlan link-interface is in another netns

FRR Release 9.0.2

We are pleased to announce FRR release 9.0.2.

Debian Packages - https://deb.frrouting.org

RPM Packages - https://rpm.frrouting.org

Snaps - https://snapcraft.io/frr

Docker - quay.io/frrouting/frr:9.0.2

Fixed CVE-2023-47235

More details: https://frrouting.org/security/cve-2023-47235

Bug Fixes

bgpd

• Fix aggregate-address summary-only suppressed export to EVPN
• Allow using attribute number 255 for path attr discard/withdraw cmds
• Check mandatory attributes more carefully for the UPDATE message
• Do not suppress conditional advertisement updates if triggered
• Fix Extended community memory leak
• Fix the no set as-path prepend command
• Fix heap-use-after-free for bgp_best_selection()
• Fix crash in SNMP BGP4V2-MIB bgpv2PeerErrorsTable()
• Fix clear bgp ipv6 unicast ... command
• Flush attributes only if we don't have to announce a conditional route (avoid use-after-free)
• Free memory for SRv6 functions and locator chunks
• Handle MP_UNREACH_NLRI malformed packets with session reset
• Ignore handling NLRIs if we received the MP_UNREACH_NLRI attribute
• Initialise timebuf arrays to zeros for dampening reuse timer
• Initialise buffer in bgp_notify_admin_message() before using it
• LTTng add EVPN route trace events
• Make sure dampening is enabled for the specified AFI/SAFI
• Use proper AFI when dumping information for dampening stuff
• Treat the AS4-PATH attribute as withdrawn if malformed
• Treat PMSI tunnel attribute as withdrawn if malformed
• Treat EOR as withdrawn to avoid unwanted handling of malformed attrs

eigrpd

• Use the correct memory pool on interface deletion

mgmtd

• Change mgmtd_vty_port to 2623
• Fix crash on show mgmtd datastore-contents

ospf6d

• Fix setting of the forwarding address in as-external LSAs
• Set loopback interface cost to 0

ospfd

• Fixing infinite loop when listing OSPF interfaces

pathd

• Add no msd command
• Add no pcep command

pbrd

• Fix show pbr map detail json command
• Free memory in pbr_map_delete()

pim6d

• Fix valgrind issues

pimd

• Fix missing pimreg interface

tools

• Fix the frr-reload interface description command
• Fix the frr-reload route-map description command
• Make --quiet actually suppress output

vtysh

• Fix entering configuration node in file-lock mode
• Fix configure terminal argument descriptions
• Fix working in file-lock mode
• Fix show route map json output

zebra

• Add encap type when building packet for FPM
• Display ptmStatus order in interface JSON
• Fix connected route deletion when multiple entry exists
• Fix FPM multipath encap addition
• Fix link update for veth interfaces
• Fix zebra crash when replacing nhe during shutdown
• Prevent null pointer dereference

FRR Release 8.5.4

We are pleased to announce FRR release 8.5.4.

Debian Packages - https://deb.frrouting.org

RPM Packages - https://rpm.frrouting.org

Snaps - https://snapcraft.io/frr

Docker - quay.io/frrouting/frr:8.5.4

Fixed CVE-2023-47235

More details: https://frrouting.org/security/cve-2023-47235

Bug Fixes

bgpd

• Check mandatory attributes more carefully for the UPDATE message
• Do not suppress conditional advertisement updates if triggered
• Fix crash in SNMP BGP4V2-MIB bgpv2PeerErrorsTable()
• Handle MP_UNREACH_NLRI malformed packets with session reset
• Ignore handling NLRIs if we received the MP_UNREACH_NLRI attribute
• Initialise timebuf arrays to zeros for dampening reuse timer
• Initialise buffer in bgp_notify_admin_message() before using it
• Make sure dampening is enabled for the specified AFI/SAFI
• Use proper AFI when dumping information for dampening stuff
• Treat EOR as withdrawn to avoid unwanted handling of malformed attrs

eigrpd

• Use the correct memory pool on interface deletion

vtysh

• Fix show route map JSON output

ospfd

• Fix infinite loop when listing OSPF interfaces

pbrd

• Fix show pbr map detail json output

zebra

• Add encap type when building packet for FPM
• Display ptmStatus order in interface JSON
• Fix connected route deletion when multiple entry exists
• Fix FPM multipath encap addition
• Fix link update for veth interfaces
• Fix zebra crash when replacing nhe during shutdown
• Prevent null pointer dereference

FRR 9.1 Release

We are pleased to announce FRR release 9.1.

FRR 9.1 brings a long list of enhancements and fixes with 941 commits from 73 developers. Thanks to all contributors.

Debian Packages - https://deb.frrouting.org

RPM Packages - https://rpm.frrouting.org

Snaps - https://snapcraft.io/frr

Docker - quay.io/frrouting/frr:9.1.0

Release Overview

OSPFv2 HMAC-SHA Cryptographic Authentication

Specify that HMAC cryptographic authentication must be used on a specific interface using a key chain.

More details are here.

BGP MAC-VRF Site-Of-Origin support

In some EVPN deployments, it is useful to associate a logical VTEP’s Layer 2 domain (MAC-VRF) with a Site-of-Origin “site” identifier. This provides a BGP topology-independent means of marking and import-filtering EVPN routes originating from a particular L2 domain. One situation where this is valuable is when deploying EVPN using anycast VTEPs, i.e. Active/Active MLAG, as it can be used to avoid ownership conflicts between the two control planes (EVPN vs MLAG).

More details are here.

BGP Dynamic capability support

Added support for Graceful-Restart, Long-lived Graceful-Restart, Software-version, and Role BGP capabilities to be adjusted dynamically using BGP dynamic capability.

Dynamic BGP capability allows the dynamic update of capabilities over an established BGP session. This capability would facilitate non-disruptive capability changes by BGP speakers.

Here is the draft implemented.

IS-IS SRv6 uSID support (RFC 9352)

The Segment Routing (SR) architecture allows a flexible definition of the end-to-end path by encoding it as a sequence of topological elements called "segments". It can be implemented over the MPLS or the IPv6 data plane. This feature enables extensions in IS-IS to support Segment Routing over the IPv6 data plane (SRv6) as per RFC 9352.

More details are here.

Next-hop resolution via the default route

Changed the default for a traditional profile to be enabled. The datacenter profile is left as disabled.

More details are on the links link, link.

Add support for VLAN, ECN, DSCP mangling/filtering

PBR maps are a way to specify a set of rules that are applied to packets received on individual interfaces. If a received packet matches a rule, the rule’s next-hop-group or next-hop is used to forward it; any other actions specified in the rule are also applied to the packet.

With this change, we added more commands for PBR maps, like matching src-ip, dst-ip, src-port, dst-port, vlan, dscp, ecn, and more.

More details are here.

libyang 2.1.80 related breaking changes

prefix-list matching in route-maps is fundamentally broken with libyang 2.1.111. If you have this version, please downgrade to the most stable version 2.1.80.

More details CESNET/libyang#2090

Other significant changes

• Zebra support for route replace semantics in FPM link
• New command for BGP neighbor x addpath-tx-best-selected link
• New command for BGP mpls bgp l3vpn-multi-domain-switching link
• A couple more new BGP route-map commands:
  • set as-path exclude all link
  • set as-path exclude as-path-access-list link
  • set extended-comm-list delete link
  • set as-path replace <any|ASN> [<ASN>] link
  • set as-path replace as-path-access-list WORD [<ASN>] link
  • match community-list X any UPDATE

Deprecations

• Deprecate pre-standard outbound route filtering capability
• Deprecate pre-standard route refresh capability
• Drop deprecated capability

A complete log of changes can be found by browsing the commit history of the FRR 9.1 tag here

FRR Release 9.0.1

We are pleased to announce FRR release 9.0.1

Debian Packages - https://deb.frrouting.org

RPM Packages - https://rpm.frrouting.org

Snaps - https://snapcraft.io/frr

Docker - quay.io/frrouting/frr:9.0.1

Bug Fixes

bgpd

• Add peers back to peer hash when peer_xfer_conn fails
• Check the length of the rcv software version
• Do not explicitly print maxttl value for ebgp-multihop vty output
• Do not process nlris if the attribute length is zero
• Don't read the first byte of orf header if we are ahead of stream
• Evpn code was not properly unlocking rd_dest
• Fix show bgp all rpki notfound
• Make sure we have enough data to read two bytes when validating aigp
• Use treat-as-withdraw for tunnel encapsulation attribute

zebra

• Fix evpn nexthop config order

lib

• Allow unsetting walltime-warning and cpu-warning

ospfd

• Prevent use after free( and crash of ospf ) when no router ospf

pimd

• Prevent crash when receiving register message when the rp() is unknown
• When receiving a packet be more careful with length in pim_pim_packet

vtysh

• Print uniq lines when parsing no service ...