Show HN: Bgpipe – pipe live BGP sessions through Python, add RPKI, etc.

Y	Hacker News new \| ask \| show \| jobs

Show HN: Bgpipe – pipe live BGP sessions through Python, add RPKI, etc. (bgpipe.org)

2 points by pjf 129 days ago

bgpipe sits between BGP routers as a transparent proxy. It can work as a firewall for the Internet control plane. You build a pipeline of composable stages - connect, listen, grep, exec, rpki, write - and BGP messages flow through them, optionally being filtered, modified, or logged.

A few things you can do:

  # Monitor global BGP for your prefix in real-time (via RIPE RIS Live)
  bgpipe -g -- ris-live -- grep 'prefix ~ 1.1.1.0/24' -- stdout

  # Add RPKI validation between two routers
  bgpipe -- listen 1.2.3.4 -- rpki -- connect 5.6.7.8

  # Pipe through python
  bgpipe -- listen 1.2.3.4 -- exec -LR ./filter.py -- connect 5.6.7.8

  # Convert MRT dump to JSON
  bgpipe -- read updates.mrt.bz2 -- write output.json

The exec stage lets you process BGP in any language - bgpipe sends JSON to your script's stdin and reads JSON back. The grep stage has a small filter DSL (prefix operators, AS_PATH matching, community checks, RPKI tags, etc.).

Single static binary, pure Go, no deps. MIT license.

https://github.com/bgpfix/bgpipe https://bgpipe.org