ExaBGP is an application providing engineers with a way to control BGP from servers. The program allows the injection, and reception, of arbitrary routes into a network, including IPv6 and FlowSpec. It is designed to be flexible and give its users the flexibility a normal BGP router cannot.
ExaBGP was first released to the world in July 2010 as a route injector to announce IPs using BGP (see ExaBGP - A new Tool to Interact with BGP on RIPE Labs). Its first usage was for anycasting DNS servers.
It then gained the capacity to send flow routes, making it a useful tool for NOCs dealing with Distributed Denial of Service (DDOS) attacks. Many networks are currently using it to block unwanted traffic as Flow Routes allow for a more fine grained filtering than BGP RTBH.
To this day, ExaBGP remains the only open source implementation of BGP software able to generate and propagate Flow Routes. You can learn more about it here :
Since its creation it has seen many very different usages :
- Blocking compromised ranges at network level to reduce the number of malicious packets targeting load balancers
- FlowSpec route generation to block DDOS
- Route Collector usage, to log routes changes to DB and keep historical records
- Simulate over 450 BGP speakers from one machine, connecting simultaneously to a Route Server
Due to its rise in popularity, the program now has packagers for both Debian and ArchLinux.
The most exciting feature of ExaBGP is its capacity to use helper programs to modify the routes it announces.
ExaBGP can parse BGP UPDATE messages sent by its peers and send a textual representation, including the sending peer, to a forked process using standard input/output. It is then possible to look at the route and take action, for example adding communities or announcing more specific routes. Obviously, users will need to be careful, as ExaBGP generates arbitrary routes and could be used to create routing loops.
The route seen by the helper program is of the form "neighbor 10.0.0.10 route 192.0.2.0/16 next-hop 10.10.0.10 med 100 local-preference 100 community 65000:0 extended-community [ target:65000:10.0.0.100 origin:10.0.0.10:65000 ] origin IGP" , and a response such as " route 192.168.0.0/16 next-hop 10.0.0.10 split /24 " can be used to generate 256 /24 more specific routes to the peers.
BGP is a changing protocol with many RFC drafts currently in consideration. The most interesting ones on ExaBGP's roadmap are :
- Generalized Redirect Action in BGP Flow Specification Routes (draft-simpson-idr-flowspec-redirect-00)
- Flow Spec for IPv6 (draft-raszuk-idr-flow-spec-v6-01)
The only obstacle to their implementation is that no vendor implements these drafts on any purchasable hardware. The author would welcome any BGP sessions on routers supporting them.
Feel free to let your usage of ExaBGP known. Comments, feedback or feature requests are welcome. You can email or jabber the author at thomas.mangin AT exa-networks.co.uk
About the author
Thomas Mangin is Technical Director at Exa Networks Limited, a B2B ISP based in the north of England, and serves on the board of both of LINX and IXLeeds.