[FROG] BGP on FreeBSD: Feature Parity with Linux?

Christoph cm at appliedprivacy.net
Fri Oct 18 11:18:00 EDT 2019 

Hello,

recently we started using BIRD as BGP daemon, but since we realized that
BIRD has some (security) limitations on FreeBSD 12 [1] (when compared to
Linux) we are looking for an alternative and consider switching
to FRR 7.2

Therefore we wanted to verify that FRR does not have similar limitations.

We found some platform specific information in the documentation here:
http://docs.frrouting.org/en/latest/overview.html#supported-protocols-vs-platform
(vrrp has not been added yet)

but would have some additional questions:

- Should we expect any (notable) differences of FRR on FreeBSD when
compared to Linux that go beyond what is documented on the page
mentioned above?
Is FRR on BSD a second class citizen?

- Does FRR (BGP) support ECMP on FreeBSD?
http://docs.frrouting.org/en/latest/installation.html#cmdoption-configure-enable-multipath

- What memory footprint should we expect on an FRR BGP router with two
neighbors with a bgp fulltable each?

- Does FRR support privilege dropping (on FreeBSD) or does it run as
root entirely?
I see zebra and bgpd runs as user 'frr' by default on FreeBSD, so I can
answer this one myself (yes it drops privileges to a non-root user).

answered via the documentation:

- Does FRR's RPKI support include support for re-validation of affected
routes after an RPKI ROA update or has it the same limitation as BIRD
that requires re-validating all routes? [2]

According to
http://docs.frrouting.org/en/latest/bgp.html#prefix-origin-validation-using-rpki
this appears to be supported:

> Updates from the RPKI cache servers are directly applied and path
> selection is updated accordingly. (Soft reconfiguration must be
> enabled for this to work).

thanks,
Christoph

[1] https://bird.network.cz/pipermail/bird-users/2019-October/013845.html
[2] https://bird.network.cz/?get_doc&v=20&f=bird-6.html#ss6.13
> BIRD should re-validate all of affected routes after RPKI update by 
> RFC 6811, but we don't support it yet! You can use a BIRD's client 
> command reload in bgp_protocol_name for manual call of revalidation 
> of all routes.

More information about the frog mailing list