You are here: Home > Publications > RIPE Labs > Thomas Mangin > ExaBGP - A new Tool to Interact with BGP

ExaBGP - A new Tool to Interact with BGP

Thomas Mangin — Jul 2010
ExaBGP is a new application designed to provide an easy way for programmers and system admistrators to interact with BGP networks.

ExaBGP is a new application designed to provide an easy way for programmers and system admistrators to interact with BGP networks. The program is designed to allow the injection of arbitrary routes into a network, including IPv6 and FlowSpec.

Introduction
 
Many security professionals are currently using NetFlow to monitor their network and react to DDOS attacks. By centralising their traffic information in one place, they are able to corrolate the information and detect more and more advanced attacks.
 
Many networks then use BGP to blackhole the destination IP of the attack at their edge, protecting their network core but still allowing the attacker to succeed. 

RFC 5575 , better known as FlowSpec, was designed to help security professionals react to such attacks in a more fine grained manner, by allowing precise filtering rules to be deployed, through BGP, to routers with advanced ASICS features.

ExaBGP is currently the only open source implementation of a route injector able to generate and propagate Flow Routes. 

Getting Started
 
ExaBGP is available on Google Code   and will run on most Unix flavours with any recent version of python 2 (2.4 to 2.7).
 
Simply untar the code into /opt, or any directory of your choice, then edit one of the template files in the etc/bgp folder to reflect what you want to do, and finally test your configuration calling “bin/bgpd” with your configuration as the first parameter.

What does it look like ...  

The configuration contains the usual BGP information fields; Cisco, Juniper, Quagga and BIRD users should find their mark very quickly.

A mixed IPv4/Flow configuration would look like the following:
 
neighbor 192.168.127.128 {
  description "a quagga test peer";
  router-id 192.168.127.1;
  local-address 192.168.127.1;
  local-as 65000;
  peer-as 65000;
  graceful-restart;
 

  static {
    route 10.0.3.0/24 {
      next-hop 10.0.255.254;
      community [ 30740:30740 30740:0 ];
      local-preference 200;
    }
    route 10.0.5.0/24 next-hop 10.0.255.254 local-preference 200;
  }
  flow {
    route slow-down-the-proxy-for-the-office {
      match {
        source 10.0.0.1/32;
        destination 192.168.0.1/32;
        destination-port >8080&<8088 =3128;
        source-port >1024;
        protocol tcp;
      }
      then {
        rate-limit 9600;
      }
    }
  }
}

 
We would love to hear from you...

The program wiki  has more information on how to install and configure the application.

As usual, comments and feedback are welcome. Feel free to use the site's bug tracker to contact us.

You can as well email or jabber the author at thomas.mangin AT exa-networks.co.uk

About the author

Thomas Mangin is Technical Director at Exa Networks Limited, a  B2B ISP based in the north of England.

Homepage: http://thomas.mangin.com/

11 Comments

Anonymous says:
20 Jun, 2011 07:49 PM
Could anybody name several vendors who supports FlowSpec technology?
And what is the percent of transit AS, that have already implemented it?
Thomas Mangin says:
31 Jan, 2012 03:28 PM
Depending when you read this, at least Juniper and Alcatel
Ivan says:
15 May, 2014 11:00 PM
Recent versions of Cisco IOS XR and IOS XE on CRS and ASR9K already support FlowSpec
Thomas says:
17 May, 2014 03:24 PM
Yvan, yes, Cisco recently implemented flowspec .. but the article is from 2010, 4 years ago.
Keshav says:
24 Feb, 2015 03:42 PM
I have requirement for a flowspec capable device for some testing within the lab. We have a few Cisco and Juniper routers that don't support flowspec. Is ExaBGP something that I can use along with my existing routers to fill in that gap? Can someone please clarify? Thanks.
Thomas Mangin says:
24 Feb, 2015 05:39 PM
You can use ExaBGP to both generate and parse flow routes. Cisco tested FlowSpec interop. with ExaBGP ( http://www.slideshare.net/[…]/cisco-live-milan-bgp-advance-2015 slide 59 ).
Keshav Prabhakar says:
24 Feb, 2015 07:15 PM
Awesome! Thank you! You just brightened up my day. :)
I'll keep you all posted on how things go.
Hajar says:
11 Apr, 2015 10:32 PM
Hello Thomas,thank you for the Exabgp project.
I installed exabgp on Ubuntu 14.04LTs ,and and couldn't find configuration files , I only find this exabgp folders:
./usr/local/lib/python2.7/dist-packages/exabgp
./usr/local/etc/exabgp
./usr/local/etc/exabgp
Thomas Mangin says:
14 Apr, 2015 01:58 AM
This discussion happened on https://github.com/Exa-Networks/exabgp/issues/247
Antony says:
19 Jan, 2016 03:12 PM
hi thomas,

   Does this exabgp supports BGP-LS ?

thanks,
Antony
Thomas Mangin says:
20 Jan, 2016 04:28 PM
Hi Antony,

Not in any useful way at the moment.

Thomas
Add comment

You can add a comment by filling out the form below. Comments are moderated so they won't appear immediately. If you have a RIPE NCC Access account, we would like you to log in.