Theodore Baschak

BOFH. Open Source Guru. Founder/Operator of Hextet Systems, AS395089 and Network Architect for Daemon Defense Systems, AS55101.

exabgp: first lab

Sun, 27 Apr 2014 11:45:46 -0500 » Networking, Anycast, IPv6, BGP, Nerd Projects, Network Monitoring, Programming, Virtualization

I have been doing a lot of reading about exabgp. exabgp is a python BGP implementation which doesn’t implement any host routing functionality at all, just transforms BGP messages into plain text or JSON which can be easily manipulate by scripts. This works both directions, allowing monitoring of route advertisements received from other BGP speakers, and injection of routes into a system.

This can be used to create your own BGP looking glass tools and high availability tools which automatically isolate and remove dead/broken services, be part of DDoS mitigation strategy, be a route server, or even inject anycast routes. I have collected my exabgp-thoughts into a github repo. My lab config also gets its own repo althought this is still blank at the time of writing.

I am interested in exploring all of these different roles for exabgp, as well as others which I haven’t even conceived yet, so I have started setting up a lab to begin my own testing. My lab is pretty similar to vincentbernat/network-lab, I have the same host names and network topology. I have provisioned 8 Debian VMs so far for my lab. I have 2 edge routers which will run Bird fully meshed to 3 distribution routers, each distribution router has a worker connected to it totalling 3 workers as well. I intend on adding 2 route servers as well. In my case I will be attempting to build a route reflector (within one AS or confederation), and then also a route server (like an IX would use) using exabgp.

Scenarios I plan on labbing, and the order I’ll tackle them likely:

  • high availability and anycast (DNS, web) using BGP
  • exabgp as a route reflector within a single AS or confederation
  • exabgp as an IX route server
  • bgp looking glass on top of route reflector and route server as well
  • DDoS mitigation through blackholing, and also injection of more specific routes to direct traffic to a scrubber appliance
    • There is also another project I’d like to explore in combination with this – exaddos, which aims to integrate with exabgp to allow a one-click anti-DDoS solution

Update 2014-05-04: I haven’t had enough time this week to finish firing up these VMs and starting to create my labs yet.

© Theodore Baschak - https://github.com/tbaschak - Powered by Jekyll.
Powered by Les.net.
CiscoDude.net is a personal website. Opinions expressed are not necessarily those of his employer.