ExaBGP is an application designed to provide an easy way for programmers and system admistrators to interact with BGP networks. The program allows the injection of arbitrary routes into a network, including IPv6 and FlowSpec, and the relaying of received routes to business logic backend applications.
Many security professionals are currently using NetFlow to monitor their networks and react to DDOS attacks. By centralising their traffic information, they are able to corrolate the information and detect more and more advanced attacks.
BGP is then often used to blackhole the destination IP of the attack at the network edge, protecting the core but still allowing the attacker to succeed.
RFC 5575, better known as FlowSpec, was designed to help security professionals react to such attacks in a more fine grained manner by deploying precise filtering rules, and by taking advantage of recent routers advanced ASICS/Traffic filtering features.
ExaBGP can be used for conditional announcements, for example only anycasting a service IP when the service is established as running correctly.
ExaBGP is available on github and will run on most Unix flavours with any recent version of python 2 (2.4 to 3.7).
pip install it, or
untar the code into any directory of your choice, then edit one of the template files to reflect what you want to do, and finally test your configuration calling “bin/bgpd” with your configuration as the first parameter.
What does it look like …
The configuration contains the usual BGP information fields; Cisco, Juniper, Quagga and BIRD users should find their mark very quickly.
The program wiki has more information on how to install and configure the application.
As usual, comments and feedback are welcome. Feel free to use the site’s bug tracker to contact us.