Release Overview
OSPFv2 HMAC-SHA Cryptographic Authentication
Specify that HMAC cryptographic authentication must be used on a specific interface using a key chain.
BGP MAC-VRF Site-Of-Origin support
In some EVPN deployments, it is useful to associate a logical VTEP’s Layer 2 domain (MAC-VRF) with a Site-of-Origin “site” identifier. This provides a BGP topology-independent means of marking and import-filtering EVPN routes originating from a particular L2 domain. One situation where this is valuable is when deploying EVPN using anycast VTEPs, i.e. Active/Active MLAG, as it can be used to avoid ownership conflicts between the two control planes (EVPN vs MLAG).
BGP Dynamic capability support
Added support for Graceful-Restart, Long-lived Graceful-Restart, Software-version, and Role BGP capabilities to be adjusted dynamically using BGP dynamic capability.
Dynamic BGP capability allows the dynamic update of capabilities over an established BGP session. This capability would facilitate non-disruptive capability changes by BGP speakers.
IS-IS SRv6 uSID support (RFC 9352)
The Segment Routing (SR) architecture allows a flexible definition of the end-to-end path by encoding it as a sequence of topological elements called “segments”. It can be implemented over the MPLS or the IPv6 data plane. This feature enables extensions in IS-IS to support Segment Routing over the IPv6 data plane (SRv6) as per RFC 9352.
More details are here.
Next-hop resolution via the default route
Changed the default for a traditional profile to be enabled. The datacenter profile is left as disabled.
More details are on the links link, link.
Add support for VLAN, ECN, DSCP mangling/filtering
PBR maps are a way to specify a set of rules that are applied to packets received on individual interfaces. If a received packet matches a rule, the rule’s next-hop-group or next-hop is used to forward it; any other actions specified in the rule are also applied to the packet.
With this change, we added more commands for PBR maps, like matching src-ip, dst-ip, src-port, dst-port, vlan, dscp, ecn, and more.
More details are here.
libyang 2.1.80 related breaking changes
prefix-list matching in route-maps is fundamentally broken with libyang 2.1.111. If you have this version, please downgrade to the most stable version 2.1.80.
More details https://github.com/CESNET/libyang/issues/2090
- Other significant changes
- Zebra support for route replace semantics in FPM link
- New command for BGP neighbor x addpath-tx-best-selected link
- New command for BGP mpls bgp l3vpn-multi-domain-switching link
- A couple more new BGP route-map commands:
- set as-path exclude all link
- set as-path exclude as-path-access-list link
- set extended-comm-list delete link
- set as-path replace <any|ASN> [<ASN>] link
- set as-path replace as-path-access-list WORD [<ASN>] link
- match community-list X any UPDATE
Deprecations
- Deprecate pre-standard outbound route filtering capability
- Deprecate pre-standard route refresh capability
- Drop deprecated capability
A complete log of changes can be found by browsing the commit history of the FRR 9.1 tag here