Skip to main content

A Python tool to automatically build (and test) configurations for BGP route servers.

Project description


Documentation Build Status

A Python tool to automatically build (and test) feature-rich configurations for BGP route servers.

How it works

  1. Two YAML files provide general policies and clients configurations options:

      rs_as: 999
      router_id: ""
      add_path: True
        next_hop_policy: "same-as"
        policy_ipv4: "rewrite-next-hop"
      - as: 111
        - ""
        - "2001:db8:1:1::11"
            - "AS-AS111MAIN"
  2. ARouteServer acquires external information to enrich them: bgpq3 for IRRDb data, PeeringDB for max-prefix limit, …

  3. Jinja2 built-in templates are used to render the final route server’s configuration file.

    Currently, only BIRD is supported.

Validation and testing is performed using the built-in live tests framework: Docker instances are used to simulate several scenarios, and more custom scenarios can be built on the basis of the user’s needs. More details on the Live tests section.


  • Path hiding mitigation techniques (RFC7947 section 2.3.1).
  • Filtering features on by default:
    • NEXT_HOP enforcement (strict / same AS - RFC7948 section 4.8);
    • minimum and maximum IPv4/IPv6 prefix length;
    • maximum AS_PATH length;
    • reject invalid AS_PATHs (containing private/invalid ASNs);
    • reject bogons;
    • prefixes and origin ASNs enforcing via RPSL/IRRdb AS-SETs (RFC7948 section 4.6.2);
    • max-prefix limit based on global or client-specific values or on PeeringDB data.
  • Blackhole filtering support:
    • optional NEXT_HOP rewriting;
    • signalling via BGP Communities (BLACKHOLE and custom communities);
    • client-by-client control over propagation.
  • Control and informative communities:
    • prefix/origin ASN present/not present in IRRDB data;
    • do (not) announce to any / peer;
    • prepend to any.
  • Optional session features on a client-by-client basis:
    • prepend route server ASN;
    • active sessions;
    • GTSM (Generalized TTL Security Mechanism - RFC5082);
    • ADD-PATH capability (RFC7911).

A comprehensive list of features can be found within the comments of the distributed configuration file on GitHub.

More feature are already planned: see the Future work section for more details.

Full documentation

Full documentation can be found on ReadTheDocs:


Highly experimental!

Bug? Issues?

But also suggestions? New ideas?

Please create an issue on GitHub at


Pier Carlo Chiodi -

Blog: Twitter: @pierky

Change log


  • Packaging.
  • System setup via arouteserver --setup.


First push on GitHub.

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for arouteserver, version 0.1.0a2
Filename, size File type Python version Upload date Hashes
Filename, size arouteserver-0.1.0a2.tar.gz (73.7 kB) File type Source Python version None Upload date Hashes View hashes

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page