This is a pre-production deployment of Warehouse, however changes made here WILL affect the production instance of PyPI.
Latest Version Dependencies status unknown Test status unknown Test coverage unknown
Project Description

ARouteServer

A Python tool to automatically build (and test) feature-rich configurations for BGP route servers.

How it works

  1. Two YAML files provide general policies and clients configurations options:

    cfg:
      rs_as: 999
      router_id: "192.0.2.2"
      add_path: True
      filtering:
        next_hop:
          policy: "same-as"
      blackhole_filtering:
        policy_ipv4: "rewrite-next-hop"
        ...
    
    clients:
      - asn: 111
        ip:
        - "192.0.2.11"
        - "2001:db8:1:1::11"
        irrdb:
          as_sets:
            - "AS-AS111MAIN"
      ...
    
  2. ARouteServer acquires external information to enrich them: bgpq3 for IRRDb data, PeeringDB for max-prefix limit, …

  3. Jinja2 built-in templates are used to render the final route server’s configuration file.

    Currently, BIRD (1.6.3) and OpenBGPD (OpenBSD 6.0 and 6.1) are supported.

Validation and testing are performed using the built-in live tests framework: Docker instances are used to simulate several scenarios, and more custom scenarios can be built on the basis of the user’s needs. More details on the Live tests section.

Features

  • Path hiding mitigation techniques (RFC7947 section 2.3.1).
  • Filtering features (most enabled by default):
    • NEXT_HOP enforcement (strict / same AS - RFC7948 section 4.8);
    • minimum and maximum IPv4/IPv6 prefix length;
    • maximum AS_PATH length;
    • reject invalid AS_PATHs (containing private/invalid ASNs);
    • reject AS_PATHs containing transit-free ASNs;
    • RPKI-based filtering (RFC6811);
    • reject bogons;
    • prefixes and origin ASNs enforcing via RPSL/IRRdb AS-SETs (RFC7948 section 4.6.2);
    • max-prefix limit based on global or client-specific values or on PeeringDB data.
  • Blackhole filtering support:
    • optional NEXT_HOP rewriting;
    • signalling via BGP Communities (BLACKHOLE and custom communities);
    • client-by-client control over propagation.
  • Control and informative communities:
    • prefix/origin ASN present/not present in IRRDB data;
    • routes RPKI validity state;
    • do (not) announce to any / peer;
    • prepend to any / peer;
    • add NO_EXPORT / NO_ADVERTISE to any / peer.
  • Optional session features on a client-by-client basis:
  • Automatic building of clients list:

A comprehensive list of features can be found within the comments of the distributed configuration file on GitHub.

More feature are already planned: see the Future work section for more details.

Full documentation

Full documentation can be found on ReadTheDocs: https://arouteserver.readthedocs.org/

Status

Beta testing, looking for testers and reviewers.

Anyone who wants to share his/her point of view, to review the output configurations or to test them is more than welcome!

Bug? Issues?

But also suggestions? New ideas?

Please create an issue on GitHub or drop me a message.

Author

Pier Carlo Chiodi - https://pierky.com

Blog: https://blog.pierky.com Twitter: @pierky

Change log

Note

Upgrade notes: after upgrading, run the arouteserver setup-templates command to sync the local templates with those distributed with the new version. More details on the Upgrading section of the documentation.

v0.6.0

  • OpenBGPD 6.1 support: enable large BGP communities support.

  • Improvement: the clients-from-peeringdb command now uses the IX-F database to show a list of IXP and their PeeringDB ID.

  • Improvement: enable NEXT_HOP rewriting for IPv6 blackhole filtering requests on OpenBGPD after OpenBSD 6.1 fixup.

    Related: issue #3.

  • Improvement: BIRD, client-level .local file.

  • Improvement: next-hop checks, the authorized_addresses option allows to authorize IP addresses of non-client routers for NEXT_HOP attribute of routes received from a client.

v0.5.0

  • Fix: avoid the use of standard communities in the range 65535:x.

  • Improvement: option to set max-prefix restart timer for OpenBGPD.

  • Deleted feature: tagging of routes à la RPKI-Light has been removed.

    • The reject_invalid flag, that previously was on general scope only, now can be set on a client-by-client basis.
    • The roa_valid, roa_invalid, and roa_unknown communities no longer exist.

    Related: issue #4 on GitHub

    This breaks backward compatibility.

  • New feature: BIRD hooks to add site-specific custom implementations.

  • Improvement: BIRD local files.

    This breaks backward compatibility: previously, *.local, *.local4 and *.local6 files that were found in the same directory where the BIRD configuration was stored were automatically included. Now, only the header([4|6]).local and footer([4|6]).local files are included, depending on the values passed to the --use-local-files command line argument.

  • Improvement: setup command and program’s configuration file.

    The default path of the cache directory (cache_dir option) has changed: it was /var/lib/arouteserver and now it is cache, that is a directory which is relative to the cfg_dir option (by default, the directory where the program’s configuration file is stored).

v0.4.0

  • OpenBGPD support (some limitations apply).
  • Add MD5 password support on clients configuration.
  • The build command used to generate route server configurations has been removed in favor of BGP-speaker-specific sub-commands: bird and openbgpd.

v0.3.0

  • New --test-only flag for builder commands.

  • New --clients-from-euroix command to build the clients.yml file on the basis of records from an Euro-IX member list JSON file.

    This also allows the integration with IXP-Manager.

  • New BGP communities: add NO_EXPORT and/or NO_ADVERTISE to any client or to specific peers.

  • New option (set by default) to automatically add the NO_EXPORT community to blackhole filtering announcements.

v0.2.0

  • setup-templates command to just sync local templates with those distributed within a new release.

  • Multithreading support for tasks that acquire data from external sources (IRRDB info, PeeringDB max-prefix).

    Can be set using the threads option in the arouteserver.yml configuration file.

  • New template-context command, useful to dump the list of context variables and data that can be used inside a template.

  • New empty AS-SETs handling: if an AS-SET is empty, no errors are given but only a warning is logged and the configuration building process goes on.

    Any client with IRRDB enforcing enabled and whose AS-SET is empty will have its routes rejected by the route server.

v0.1.2

  • Fix local files usage among IPv4/IPv6 processes.

    Before of this release, only .local files were included into the route server configuration, for both the IPv4 and IPv6 configurations. After this, .local files continue to be used for both the address families but .local4 and .local6 files can also be used to include IP version specific options, depending on the IP version used to build the configuration. Details here.

To upgrade:

# pull from GitHub master branch or use pip:
pip install --upgrade arouteserver

# install the new template files into local system
arouteserver setup

v0.1.1

  • Add local static files into the route server’s configuration.

v0.1.0

  • First beta version.

v0.1.0a11

  • The filtering.rpsl section of general and clients configuration files has been renamed into filtering.irrdb.
  • The command line argument --template-dir has been renamed into --templates-dir.
  • New options in the program’s configuration file: bgpq3_host and bgpq3_sources, used to set bgpq3 -h and -S arguments when gathering info from IRRDBs.

v0.1.0a10

  • New command to build textual representations of configurations: html.

v0.1.0a9

  • New command to initialize a custom live test scenario: init-scenario.

v0.1.0a8

  • New feature: selective path prepending via BGP communities.
  • The control_communities general option has been removed: it was redundant.

v0.1.0a7

  • Improved communities configuration and handling.
  • Fix issue on standard communities matching against 32-bit ASNs.
  • Fix issue on IPv6 prefix validation.

v0.1.0a6

  • New feature: RPKI-based filtering/tagging.

v0.1.0a5

  • New feature: transit-free ASNs filtering.
  • Program command line: subcommands + clients-from-peeringdb.
  • More logging and some warning.

v0.1.0a4

  • Fix issue with GTSM default value.
  • Add default route to bogons.
  • Better as-sets handling and cache handling.
  • Config syntax change: clients ‘as’ -> ‘asn’.
  • AS-SETs at AS-level.
  • Live tests: path hiding mitigation scenario.
  • Improvements in templates.

v0.1.0a3

  • Fix some cache issues.

v0.1.0a2

  • Packaging.
  • System setup via arouteserver --setup.

v0.1.0a1

First push on GitHub.

Release History

Release History

0.6.0

This version

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.5.0

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.4.0

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.3.0

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.2.0

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.1.2

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.1.1

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.1.0

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.1.0a11

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.1.0a10

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.1.0a9

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.1.0a8

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.1.0a7

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.1.0a6

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.1.0a5

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.1.0a4

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.1.0a3

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.1.0a2

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

Download Files

Download Files

TODO: Brief introduction on what you do with files - including link to relevant help section.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
arouteserver-0.6.0.tar.gz (138.5 kB) Copy SHA256 Checksum SHA256 Source Apr 21, 2017

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting