Hello, recently we started using BIRD as BGP daemon, but since we realized that BIRD has some (security) limitations on FreeBSD 12 [1] (when compared to Linux) we are looking for an alternative and consider switching to FRR 7.2 Therefore we wanted to verify that FRR does not have similar limitations. We found some platform specific information in the documentation here: http://docs.frrouting.org/en/latest/overview.html#supported-protocols-vs-pla... (vrrp has not been added yet) but would have some additional questions: - Should we expect any (notable) differences of FRR on FreeBSD when compared to Linux that go beyond what is documented on the page mentioned above? Is FRR on BSD a second class citizen? - Does FRR (BGP) support ECMP on FreeBSD? http://docs.frrouting.org/en/latest/installation.html#cmdoption-configure-en... - What memory footprint should we expect on an FRR BGP router with two neighbors with a bgp fulltable each? - Does FRR support privilege dropping (on FreeBSD) or does it run as root entirely? I see zebra and bgpd runs as user 'frr' by default on FreeBSD, so I can answer this one myself (yes it drops privileges to a non-root user). answered via the documentation: - Does FRR's RPKI support include support for re-validation of affected routes after an RPKI ROA update or has it the same limitation as BIRD that requires re-validating all routes? [2] According to http://docs.frrouting.org/en/latest/bgp.html#prefix-origin-validation-using-... this appears to be supported:
Updates from the RPKI cache servers are directly applied and path selection is updated accordingly. (Soft reconfiguration must be enabled for this to work).
thanks, Christoph [1] https://bird.network.cz/pipermail/bird-users/2019-October/013845.html [2] https://bird.network.cz/?get_doc&v=20&f=bird-6.html#ss6.13
BIRD should re-validate all of affected routes after RPKI update by RFC 6811, but we don't support it yet! You can use a BIRD's client command reload in bgp_protocol_name for manual call of revalidation of all routes.