v0.8.0

What's New

Dynamic Prefix-Based Neighbors

Auto-accept inbound BGP connections from configured IP prefix ranges — the standard IX route server pattern (FRR bgp listen range, GoBGP [[dynamic-neighbors]]).

[peer_groups.ix-members]
hold_time = 90

[[dynamic_neighbors]]
prefix = "10.0.0.0/24"
peer_group = "ix-members"
remote_asn = 0              # accept any ASN from OPEN
description = "IXP auto-accept"

• Peers inherit all config from the referenced peer group (timers, families, policies, GR, etc.)
• remote_asn = 0 accepts any ASN — validated from the OPEN message
• Auto-removed when session disconnects (ephemeral, not persisted to config)
• Configurable limit: dynamic_neighbor_limit in [global] (default 100, max 5000)
• is_dynamic flag in gRPC NeighborState and ListNeighbors output
• ListDynamicNeighbors gRPC RPC queries configured ranges
• Static [[neighbors]] reject remote_asn = 0 — sentinel reserved for dynamic ranges

RPKI/ASPA Validation in Import Policy

match_rpki_validation and match_aspa_validation now work in import policy (previously export-only).

[[neighbors]]
address = "10.0.0.2"
remote_asn = 65002
import_policy = [
  { action = "deny", match_rpki_validation = "invalid" },
]

• Transport sessions receive current VRP + ASPA tables via tokio::sync::watch channel
• Each session evaluates import policy against real validation states (not hardcoded NotFound/Unknown)
• Best-effort semantics: routes arriving before the first VRP/ASPA table loads see not_found/unknown

New Interop Test Suites (M22–M28)

Seven new automated interop tests against FRR, GoBGP, and StayRTR:

Suite	Description
M22	FlowSpec peer interop
M23	GoBGP peer interop
M24	BMP collector interop
M25	TCP MD5 + GTSM interop
M26	Cease subcode compatibility
M27	ASPA/RTR v2 cache interop
M28	Dynamic neighbor interop

Shared test infrastructure extracted into test-lib.sh for all interop scripts.

Fixes

• Peer slot leak: dynamic peers are only inserted and counted after handle.start() succeeds
• Config validation: remote_asn = 0 rejected for static neighbors; impossible prefix lengths rejected for dynamic ranges
• BMP duplicate detection: canonicalized through SocketAddr, not string comparison
• M11 GR test: replaced sleep 10 with EoR polling loop (eliminates flake)
• M22 FlowSpec test: fixed race condition in withdrawal rule 2 check
• M21 RPKI interop: switched from GoRTR to StayRTR

Stats

• 1166 tests, all passing
• 22 automated interop suites (up from 15 in v0.7.0)

Full Changelog: v0.7.0...v0.8.0

v0.7.0

What's Changed

• v0.7.0: Best-path explain, looking glass API, optional Prometheus by @lance0 in #3

Full Changelog: v0.6.0...v0.7.0

v0.6.0

What's Changed

• Add ASPA upstream path verification by @lance0 in #1

New Contributors

• @lance0 made their first contribution in #1

Full Changelog: v0.5.1...v0.6.0

v0.5.1

Full Changelog: v0.5.0...v0.5.1

v0.5.0

rustbgpd v0.5.0 — First Public Alpha

An API-first BGP daemon in Rust, built for programmable route-server and control-plane use cases.

Highlights

• Dual-stack BGP with MP-BGP, Add-Path, Extended Next Hop, Extended Messages
• Graceful Restart / LLGR with race-free EoR delivery and FlowSpec stale-sweep support
• RPKI/RTR origin validation with prefix-based filtering
• FlowSpec for programmatic traffic filtering (DDoS mitigation, RTBH)
• BMP export to monitoring collectors, MRT TABLE_DUMP_V2 snapshots
• Full gRPC API across 7 services — peer lifecycle, route injection, policy CRUD, peer groups, streaming route updates, daemon control
• CLI tool (rustbgpctl) with colored tables, dynamic column alignment, shell completions, and a live TUI dashboard
• Rustc-style config error diagnostics with source spans and underlined errors
• Per-peer log level filtering via config or RUST_LOG span syntax

Performance

200k-prefix benchmark: ~257 MB RSS vs GoBGP at 578 MB for the same workload. Key optimizations: AdjRibOut secondary prefix index (5.9x convergence improvement), Arc copy-on-write route storage, chunked RIB processing with fair query scheduling.

Install

Docker (quickest):

docker compose -f examples/docker-compose/docker-compose.yml up -d

Pre-built binaries: Download rustbgpd and rustbgpctl from the assets below (linux-amd64, linux-arm64).

Container image:

docker pull ghcr.io/lance0/rustbgpd:0.5.0

Wire codec (standalone): rustbgpd-wire on crates.io

From source: Requires Rust 1.88+ and protobuf-compiler.

cargo install --path .
cargo install --path crates/cli

What this release is not

This is a control plane, not a forwarding engine. There is no FIB integration. EVPN, VPN overlays, and broader router features are future work. The config format and gRPC API are not yet frozen — breaking changes are possible between minor versions.

Full changelog

See CHANGELOG.md for the complete list of fixes, additions, and changes since v0.4.2.

v0.4.2 — First Public Alpha

First public alpha release of rustbgpd.

Target use case: IXP route servers, programmable BGP control planes, lab/test environments.

What's included:

• Dual-stack BGP/MP-BGP with Add-Path, Extended Next Hop, Extended Messages
• GR/LLGR/Notification GR, Route Refresh/Enhanced Route Refresh
• RPKI origin validation (RTR), FlowSpec, Route Reflector
• BMP export to collectors, MRT TABLE_DUMP_V2 snapshots
• Full gRPC control plane (5 services) + rustbgpctl CLI
• Secure-by-default UDS gRPC listener with optional token auth
• Policy engine with prefix/community/AS_PATH matching, named chains
• 950+ workspace tests, fuzz targets, 10 automated interop suites against FRR 10.3.1 and BIRD 2.0.12

Alpha expectations:

• Config format and gRPC API are not yet frozen — breaking changes possible between minor versions
• Linux is the primary target; other platforms are not tested
• No kernel FIB integration — this is a control-plane daemon

Getting started:

cargo build --workspace --release
cp examples/minimal/config.toml config.toml
./target/release/rustbgpd config.toml

See the README for full quickstart, and docs/OPERATIONS.md for the operations guide.

Full changelog: CHANGELOG.md