Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/pierky/arouteserver
A tool to automatically build (and test) feature-rich configurations for BGP route servers.
https://github.com/pierky/arouteserver
arouteserver bgp bgp-daemon bird internet-exchange ixp ixp-manager ixps network-automation openbgpd peering route-server routing
Last synced: 22 days ago
JSON representation
A tool to automatically build (and test) feature-rich configurations for BGP route servers.
- Host: GitHub
- URL: https://github.com/pierky/arouteserver
- Owner: pierky
- License: gpl-3.0
- Created: 2017-01-30T18:08:39.000Z (almost 8 years ago)
- Default Branch: master
- Last Pushed: 2024-09-09T19:39:48.000Z (3 months ago)
- Last Synced: 2024-09-10T00:08:36.833Z (3 months ago)
- Topics: arouteserver, bgp, bgp-daemon, bird, internet-exchange, ixp, ixp-manager, ixps, network-automation, openbgpd, peering, route-server, routing
- Language: Python
- Homepage: https://arouteserver.readthedocs.org/
- Size: 12.9 MB
- Stars: 284
- Watchers: 16
- Forks: 46
- Open Issues: 18
-
Metadata Files:
- Readme: README.rst
- Changelog: CHANGES.rst
- Contributing: docs/CONTRIBUTING.rst
- License: LICENSE
- Support: docs/SUPPORTED_SPEAKERS.rst
Awesome Lists containing this project
- awesome-hacking-lists - pierky/arouteserver - A tool to automatically build (and test) feature-rich configurations for BGP route servers. (Python)
README
.. DO NOT EDIT: this file is automatically created by /utils/build_doc
ARouteServer
============
|Documentation| |Build Status| |Unique test cases| |PYPI Version| |Python Versions|
A Python tool to automatically build (and test) feature-rich configurations for BGP route servers.
How it works
------------
#. Two YAML files provide *general policies* and *clients configurations* options:
.. code:: yaml
cfg:
rs_as: 64496
router_id: "192.0.2.2"
filtering:
irrdb:
enforce_origin_in_as_set: True
enforce_prefix_in_as_set: True
rpki_bgp_origin_validation:
enabled: True
reject_invalid: True
...
.. code:: yaml
clients:
- asn: 64511
ip:
- "192.0.2.11"
- "2001:db8:1:1::11"
irrdb:
as_sets:
- "RIPE::AS-FOO"
...
#. ARouteServer acquires external information to enrich them: i.e. `bgpq4`_/`bgpq3`_ for IRR data, `PeeringDB`_ for max-prefix limit and AS-SETs, RPKI ROAs, ...
#. `Jinja2`_ built-in templates are used to render the final route server's configuration file.
Currently, **BIRD** (>= 1.6.3 up to 1.6.8), **BIRD v2** (starting from 2.0.7), **BIRD v3** (only for testing, still in pre-release/alpha) and **OpenBGPD** (OpenBSD >= 7.0 also OpenBGPD Portable >= 7.0) are supported, with almost `feature parity `__ between them.
**Validation** and testing of the configurations generated with this tool are performed using the built-in **live tests** framework: `Docker`_ instances are used to simulate several scenarios and to validate the behaviour of the route server after configuring it with ARouteServer. More details on the `Live tests `__ section.
A Docker-based `playground `__ is available to experiment with the tool in a virtual IXP environment.
Also, a `Docker image `__ is provided to start building rich and secure configurations in a couple of minutes.
.. _bgpq3: https://github.com/snar/bgpq3
.. _bgpq4: https://github.com/bgp/bgpq4
.. _PeeringDB: https://www.peeringdb.com/
.. _Jinja2: http://jinja.pocoo.org/
.. _Docker: https://www.docker.com/
Features
--------
- **Path hiding** mitigation techniques (`RFC7947`_ `section 2.3.1 `__).
- Basic filters (mostly enabled by default):
- **NEXT_HOP** enforcement (strict / same AS - `RFC7948`_ `section 4.8 `__);
- minimum and maximum IPv4/IPv6 **prefix length**;
- maximum **AS_PATH length**;
- reject **invalid AS_PATHs** (containing `private/invalid ASNs `_);
- reject AS_PATHs containing **transit-free** or **never via route-servers** ASNs (using `PeeringDB info_never_via_route_servers attribute `__);
- reject **bogons**;
- **max-prefix limit** based on global or client-specific values or on **PeeringDB** data.
- Prefixes and origin ASNs validation (also in *tag-only* mode):
- **IRR-based filters** (`RFC7948`_ `section 4.6.2 `__);
- AS-SETs configured manually or fetched from PeeringDB;
- support for **IRR sources** (RIPE::AS-FOO, RADB::AS-BAR);
- **white lists** support;
- extended dataset for filters generation:
- RPKI **ROAs used as route objects**;
- `Origin AS `__ from **ARIN Whois** database dump;
- `NIC.BR Whois data `_ (slide n. 26) from Registro.br;
- **RPKI**-based filtering (BGP Prefix Origin Validation);
- ROAs can be retrieved from publicly available JSON files or from a local validating cache;
- Route Leak Prevention and Detection Using **BGP Roles** (`RFC9234`_).
- **Blackhole filtering** support:
- optional **NEXT_HOP rewriting**;
- signalling via BGP Communities (`BLACKHOLE `__ and custom communities);
- client-by-client control over propagation.
- **Graceful shutdown** support:
- honor the **GRACEFUL_SHUTDOWN** BGP community received from clients (`draft-ietf-grow-bgp-gshut-11 `_);
- allow to perform a graceful shutdown of the route server itself.
- Control and informative BGP communities:
- prefix/origin ASN present/not present in **IRRDBs data**;
- do (not) announce to any / **peer** / on **RTT basis**;
- **prepend** to any / **peer** / on **RTT basis**;
- add **NO_EXPORT** / **NO_ADVERTISE** to any / **peer**;
- **32bit ASNs mapping** to 16bit ASNs for announcement control BGP communities;
- `Euro-IX large BGP communities `__ to track reject reasons;
- custom informational BGP communities.
- Optional session features on a client-by-client basis:
- prepend route server ASN (`RFC7947`_ `section 2.2.2.1 `__);
- active sessions;
- **GTSM** (Generalized TTL Security Mechanism - `RFC5082`_);
- **ADD-PATH** capability (`RFC7911`_).
- `RFC8950`_ **IPv6 NEXT_HOP for IPv4 routes**.
- Automatic building of clients list:
- `integration `__ with **IXP-Manager**;
- `fetch lists `__ from **PeeringDB** records and **Euro-IX member list JSON** files.
- **IX-F Member Export** JSON files `creation `__.
- Related tools:
- The `Playground `__, to experiment with the tool in a virtual IXP environment.
- `Invalid routes reporter `__, to log or report invalid routes and their reject reason.
A comprehensive list of features can be found within the comments of the distributed configuration file on `GitHub `__ or on the `documentation web page `__.
More feature are already planned: see the `Future work `__ section for more details.
.. _RFC7947: https://tools.ietf.org/html/rfc7947
.. _RFC7948: https://tools.ietf.org/html/rfc7948
.. _RFC9234: https://tools.ietf.org/html/rfc9234
.. _RFC5082: https://tools.ietf.org/html/rfc5082
.. _RFC7911: https://tools.ietf.org/html/rfc7911
.. _RFC8950: https://tools.ietf.org/html/rfc8950
Full documentation
------------------
Full documentation can be found on ReadTheDocs: https://arouteserver.readthedocs.org/
Presentations
-------------
- Euro-IX "Learn with us: ARouteServer tutorial", 28 July 2021: `video `__ (33:13)
- RIPE74, 10 May 2017, Connect Working Group: `video `__ (9:53), `slides `__ (PDF)
- Salottino MIX, 30 May 2017: `slides `__
Mentions / endorsements:
- Job Snijders, LACNIC29, 3 May 2018: `slides `__ (PDF)
- Anurag Bhatia, APNIC46, 12 September 2018: `video `__, `slides `__ (PDF)
- Claudio Jeker, RIPE Labs, 28 November 2018: `OpenBGPD - Adding Diversity to the Route Server Landscape `__.
Who is using ARouteServer?
--------------------------
- `BharatIX `__, BIRD.
- `CATNIX `__, BIRD.
- `CHIX `__, BIRD and OpenBGPD.
- `CNX `__, BIRD v2.
- `DD-IX `__, BIRD v2.
- `DO-IX `__, BIRD.
- `EVIX `__, BIRD.
- `FCIX `__, BIRD.
- `GAVLIX `__.
- `GigaPIX `__, BIRD and BIRD v2.
- `IX Australia `__, BIRD v2.
- `IX-Denver `__, BIRD.
- `MBIX `__, BIRD.
- `MIX `__, BIRD.
- `Netnod `__, BIRD and GoBGP\ :sup:`1`\.
- `NIXI Mumbai (GPX) `__, BIRD.
- `NZIX `__, BIRD v2.
- `PIT-IX `__, BIRD.
- `QCIX `__, BIRD.
- `RO-CIX `__, OpenBGPD.
- `SFMIX `__, BIRD and OpenBGPD.
- `SONIX `__, BIRD v2.
- `SwissIX `__, OpenBGPD.
- `Unmetered.Exchange `__, BIRD.
- `VANIX `__.
- `YEGIX `__, OpenBGPD.
- `YXEIX `__, OpenBGPD.
- `YYCIX `__, OpenBGPD.
Are you using it? Do you want to be listed here? `Drop me a message `__!
\ :sup:`1`\: GoBGP configurations are generated using a fork of the project which is still WIP and that hopefully will be merged upstream in the future.
Bug? Issues? Support requests?
------------------------------
But also suggestions? New ideas?
Please create an `issue on GitHub `_ or `drop me a message `_.
A Slack channel is also available on the `network.toCode() `__ community: **arouteserver**.
Author
------
Pier Carlo Chiodi - https://pierky.com
Blog: https://blog.pierky.com Twitter: `@pierky `_
.. |Documentation| image:: https://readthedocs.org/projects/arouteserver/badge/?version=latest
:target: https://arouteserver.readthedocs.org/en/latest/?badge=latest
.. |Build Status| image:: https://github.com/pierky/arouteserver/actions/workflows/cicd.yml/badge.svg?branch=master
:target: https://github.com/pierky/arouteserver/actions/workflows/cicd.yml
.. |Unique test cases| image:: https://img.shields.io/badge/dynamic/json.svg?uri=https://raw.githubusercontent.com/pierky/arouteserver/master/tests/last.json&label=unique%20test%20cases&query=$.unique_test_cases&colorB=47C327
:target: https://github.com/pierky/arouteserver/blob/master/tests/last
.. |PYPI Version| image:: https://img.shields.io/pypi/v/arouteserver.svg
:target: https://pypi.python.org/pypi/arouteserver/
.. |Python Versions| image:: https://img.shields.io/pypi/pyversions/arouteserver.svg
:target: https://pypi.python.org/pypi/arouteserver/