Week of 2026-06-01
The CLI grammar rollout finished, MRT tooling arrived, and a handful of quiet-but-important reliability bugs got fixed.
π₯οΈ CLI
The verb-first, show-a-noun command grammar reached the rest of the command surface this week: interfaces, process lifecycle, cache, log, metrics, MPLS, DNS, traffic/QoS, IKE, traceroute, ping, monitor, and BGP peer/cache/commit commands all follow the same pattern now. Bare list/summary commands without an explicit verb are gone. Interface commands also got smarter: creating a sub-interface auto-creates its parent, and the MAC address setting moved under a mac { } container.
π MRT tooling
Ze can now record, replay, and analyze BGP sessions in MRT format (RFC 6396/6397/8050), the standard used by RouteViews and RIPE RIS:
- A daemon component recording three independent dump streams with time-based file rotation
- RIB dumps (TABLE_DUMP_V2) and BGP4MP UPDATE recording
- Analysis tools: statistics, filtering by peer/prefix/timestamp/type, AS-path/community regex, inject, replay at configurable speed, and conversion to pcap or JSON
- A standalone offline BGP message decoder with
bgpdump-style human-readable output - MRT files servable over HTTP, and a
ze-chaos --mrt-fileflag for recording chaos-test sessions
πΏ Appliance & installer
The installer kernel now builds from a base config plus a profile (qemu or hardware), with a --profile override and PXE boot args tuned per architecture. ISO images gained a framebuffer console line for physical hardware with a monitor, plus gzip compression to shrink the image.
π Reliability fixes
- BMP now defaults to monitor-only, matching its role as a passive monitoring protocol (RFC 7854); it no longer injects received routes by default
- RPKI's validation gate now skips cleanly when no RTR cache servers are configured, instead of leaving every route waiting 30 seconds for a validation response that will never arrive
- L2TP tunnel IDs are now seeded from the listener port, so multiple ze instances (or parallel test runs) no longer collide on tunnel ID 1; a stale tunnel left behind by a crash is now detected and cleaned up automatically
- Config reload now falls through correctly to a newly-added peer's embedded config instead of erroring
- PKI certificates now load correctly during hub reload, not just at startup
π§© Config validation
Required-field enforcement, previously BGP-specific, is now generic: any YANG list can mark fields required and have them checked on ze config validate and in the editor, currently applied to VPN, PKI, and L2TP sections.