-
Notifications
You must be signed in to change notification settings - Fork 461
architecture overview
Thomas Mangin edited this page Feb 2, 2026
·
2 revisions
Purpose: Technical reference for understanding ExaBGP's internal architecture Audience: Documentation writers, contributors, advanced users Last Updated: 2025-11-09
┌─────────────────────────────────────────────────────────────┐
│ External Process │
│ (Python/Shell/Any Language Script) │
│ │
│ Reads STDIN ←──→ Writes STDOUT (Commands) │
└────────────────────────────┬────────────────────────────────┘
│ STDIN/STDOUT Pipes
┌────────────────────────────┴────────────────────────────────┐
│ ExaBGP Core │
│ │
│ ┌──────────────┐ ┌────────────┐ ┌────────────────────┐ │
│ │ Process │ │ Parser │ │ BGP Protocol │ │
│ │ Manager │ │ (Commands)│ │ State Machine │ │
│ └──────────────┘ └────────────┘ └────────────────────┘ │
│ │
│ ┌──────────────┐ ┌────────────┐ ┌────────────────────┐ │
│ │ Encoder │ │ Message │ │ Neighbor │ │
│ │ (JSON/Text) │ │ Builder │ │ Management │ │
│ └──────────────┘ └────────────┘ └────────────────────┘ │
└────────────────────────────┬────────────────────────────────┘
│ TCP/BGP
┌────────────────────────────┴────────────────────────────────┐
│ BGP Neighbor (Router) │
│ │
│ Receives/Sends BGP Protocol Messages │
└───────────────────────────────────────────────────────────────┘
ExaBGP is a pure BGP protocol implementation:
- Does NOT maintain routing tables (RIB)
- Does NOT modify kernel routing tables (FIB)
- Does NOT forward packets
- ONLY speaks the BGP protocol
Rationale: Separation of concerns - ExaBGP handles protocol, external processes handle routing decisions.
Everything is controlled via API:
- Configuration defines neighbors and processes
- External processes send commands via STDOUT
- ExaBGP sends BGP messages via STDIN
- Simple, language-agnostic integration
Business logic lives outside ExaBGP:
- Health checks → Python/Shell scripts
- Route decisions → Application logic
- Integration → Any programming language
- ExaBGP → BGP protocol only
Responsibilities:
- Launch configured external processes
- Monitor process health
- Manage STDIN/STDOUT pipes
- Handle process restarts on failure
Configuration:
process healthcheck {
run /usr/local/bin/healthcheck.py;
encoder json;
}Process Lifecycle:
- ExaBGP reads configuration
- Forks external process
- Establishes STDIN/STDOUT pipes
- Monitors process (restarts on crash)
- Cleans up on ExaBGP shutdown
Responsibilities:
- Read STDOUT from external processes
- Parse text/JSON commands
- Validate command syntax
- Queue commands for execution
Supported Command Formats:
# Text format
announce route 203.0.113.0/24 next-hop self
# JSON format (future)
{"exabgp": "4.0", "type": "announce", "route": {...}}
Command Types:
- Route announcements (
announce route) - Route withdrawals (
withdraw route) - FlowSpec rules (
announce flow) - Control commands (
shutdown,reload,restart) - Information queries (
show adj-rib out)
Responsibilities:
- Implement BGP FSM (RFC 4271)
- Handle BGP session establishment
- Process BGP messages (OPEN, UPDATE, KEEPALIVE, NOTIFICATION)
- Manage timers (hold time, keepalive)
- Validate BGP protocol correctness
BGP States:
Idle → Connect → OpenSent → OpenConfirm → Established
Message Types:
- OPEN: Session establishment, capability negotiation
- UPDATE: Route announcements/withdrawals
- NOTIFICATION: Error reporting, session termination
- KEEPALIVE: Session maintenance
- ROUTE-REFRESH: Request route re-advertisement
Responsibilities:
- Construct BGP UPDATE messages from commands
- Encode BGP attributes correctly
- Support IPv4, IPv6, FlowSpec, VPN, etc.
- Validate message format before sending
BGP UPDATE Structure:
+-----------------------------------------------+
| Withdrawn Routes Length (2 octets) |
+-----------------------------------------------+
| Withdrawn Routes (variable) |
+-----------------------------------------------+
| Total Path Attribute Length (2 octets) |
+-----------------------------------------------+
| Path Attributes (variable) |
+-----------------------------------------------+
| Network Layer Reachability Info (variable) |
+-----------------------------------------------+
Supported Attributes:
- ORIGIN (Type 1)
- AS_PATH (Type 2)
- NEXT_HOP (Type 3)
- MULTI_EXIT_DISC (Type 4)
- LOCAL_PREF (Type 5)
- COMMUNITIES (Type 8)
- MP_REACH_NLRI (Type 14) - IPv6, FlowSpec, VPN
- MP_UNREACH_NLRI (Type 15)
- EXTENDED_COMMUNITIES (Type 16)
- LARGE_COMMUNITIES (Type 32)
Responsibilities:
- Format received BGP messages for external processes
- Support text and JSON output formats
- Send formatted messages to process STDIN
Text Format Example:
neighbor 192.0.2.1 192.0.2.2 received update route 203.0.113.0/24 \
next-hop 192.0.2.1 origin igp as-path [65001 65002] med 100
JSON Format Example:
{
"exabgp": "4.0.0",
"time": 1234567890,
"type": "update",
"neighbor": {
"address": {"local": "192.0.2.2", "peer": "192.0.2.1"},
"asn": {"local": 65000, "peer": 65001}
},
"message": {
"update": {
"announce": {
"ipv4 unicast": {
"192.0.2.1": [{
"nlri": "203.0.113.0/24",
"attribute": {
"origin": "igp",
"as-path": [65001, 65002],
"med": 100
}
}]
}
}
}
}
}Responsibilities:
- Maintain neighbor configurations
- Manage TCP connections to peers
- Track neighbor state
- Apply per-neighbor policies
- Handle BGP capabilities negotiation
Neighbor Configuration:
neighbor 192.0.2.1 {
router-id 10.0.0.1;
local-address 192.0.2.2;
local-as 65000;
peer-as 65001;
family {
ipv4 unicast;
ipv6 unicast;
ipv4 flow;
}
capability {
graceful-restart;
add-path receive;
extended-message receive;
}
api {
processes [healthcheck];
receive {
parsed;
update;
notification;
}
}
}1. External Process
└─> STDOUT: "announce route 203.0.113.0/24 next-hop self"
2. Process Manager
└─> Reads STDOUT, forwards to Parser
3. Command Parser
└─> Parses command, extracts route details
4. Message Builder
└─> Constructs BGP UPDATE message
└─> Adds attributes (ORIGIN, AS_PATH, NEXT_HOP, etc.)
5. BGP Protocol
└─> Sends UPDATE message to neighbor via TCP
6. Router (Neighbor)
└─> Receives UPDATE, installs route
1. Router (Neighbor)
└─> Sends BGP UPDATE message via TCP
2. BGP Protocol
└─> Receives UPDATE, validates message
3. Encoder
└─> Formats message as JSON/Text
4. Process Manager
└─> Writes to process STDIN
5. External Process
└─> Reads STDIN, processes received route
└─> Makes routing decisions, sends commands via STDOUT
# Process definitions
process <name> {
run <command>;
encoder <json|text>;
}
# Global template (optional)
template {
neighbor <ip> {
# Shared neighbor configuration
}
}
# Neighbor definitions
neighbor <ip> {
router-id <id>;
local-address <ip>;
local-as <asn>;
peer-as <asn>;
family {
ipv4 unicast;
ipv6 unicast;
ipv4 flow;
l2vpn vpls;
}
capability {
graceful-restart;
add-path receive;
}
api {
processes [<name>];
receive {
parsed;
update;
}
}
# Static routes (optional)
static {
route 203.0.113.0/24 next-hop self;
}
}1. ExaBGP starts
└─> Loads configuration file
2. Validates syntax
└─> Checks neighbor parameters
└─> Validates process definitions
3. Applies templates
└─> Merges template with neighbor configs
4. Initializes components
└─> Creates neighbor objects
└─> Forks external processes
5. Establishes BGP sessions
└─> Connects to neighbors
└─> Negotiates capabilities
- Traditional IPv4 routing
- Most common use case
- IPv6 routing
- Uses MP_REACH_NLRI attribute
- Traffic filtering rules
- DDoS mitigation
- ExaBGP pioneered open-source FlowSpec (now also in GoBGP, FRR, BIRD)
- L3VPN over MPLS
- Route distinguisher support
- Virtual Private LAN Service
- Layer 2 VPN support
- Link-State distribution
- SDN integration
- Route Target filtering
- VPN route optimization
Core Protocol:
- RFC 4271: BGP-4
- RFC 4760: Multiprotocol Extensions for BGP-4
- RFC 5492: Capabilities Advertisement
Route Refresh:
- RFC 2918: Route Refresh Capability
Communities:
- RFC 1997: BGP Communities Attribute
- RFC 4360: BGP Extended Communities
- RFC 8092: BGP Large Communities
FlowSpec:
- RFC 5575: Dissemination of Flow Specification Rules
- RFC 8955: Dissemination of Flow Specification Rules (updated)
Graceful Restart:
- RFC 4724: Graceful Restart Mechanism for BGP
Add-Path:
- RFC 7911: Advertisement of Multiple Paths in BGP
See RFC-SUPPORT.md and RFC-Information.md for complete list
During OPEN message exchange, ExaBGP negotiates:
- Multiprotocol Extensions (IPv6, FlowSpec, VPN)
- Route Refresh
- Graceful Restart
- 4-byte AS numbers
- Add-Path
- Extended Message (for large UPDATEs)
ExaBGP uses single-threaded architecture:
- Main event loop handles all I/O
- Non-blocking sockets for BGP sessions
- Select/poll for process STDOUT monitoring
- Timer management for BGP keepalives
Advantages:
- Simple, no race conditions
- Low overhead
- Predictable behavior
Considerations:
- External processes must not block
- Long-running health checks should use separate processes
- Python GIL not a concern (no threading)
TCP MD5 Authentication (RFC 2385):
neighbor 192.0.2.1 {
md5-password "secret";
}- External processes run as separate OS processes
- Limited privilege escalation risk
- Process crashes don't affect ExaBGP core
- STDOUT/STDIN are isolated pipes
- All BGP messages validated against RFCs
- Command parser validates syntax
- Attribute validation before message construction
- Protection against malformed BGP messages
- Memory: 20-50MB typical, scales with routes
- CPU: Minimal, event-driven I/O
- Network: TCP keepalives every 60s (configurable)
- Routes: 100K+ routes per instance
- Neighbors: 100+ simultaneous neighbors
- Processes: Multiple external processes supported
- Speakers: 450+ speakers simulated from single host
- Python GIL for CPU-intensive tasks
- Network I/O bounded by TCP
- External process performance dependent on implementation
[ExaBGP + Health Check] ----BGP----> [Router]
Simple, single service announcement.
[ExaBGP + Multiple Processes] ----BGP----> [Router]
Multiple health checks, multiple service IPs.
[ExaBGP Nodes] ----BGP----> [Route Server] ----BGP----> [Edge Routers]
Scalable, with route server for path selection.
[ExaBGP Primary] ----BGP----> [Router]
[ExaBGP Secondary] ----BGP----> [Router]
High availability for ExaBGP itself.
[ExaBGP Node 1] ----BGP----> [Router 1]
[ExaBGP Node 2] ----BGP----> [Router 2]
[ExaBGP Node 3] ----BGP----> [Router 3]
Geographic distribution, anycast.
-
CRITICAL: Fatal errors -
ERROR: Errors (session failures, etc.) -
WARNING: Warnings (retries, etc.) -
INFO: Informational (route changes) -
DEBUG: Detailed debugging
-
stdout: Console output -
stderr: Error output - File: Specified log file path
- Syslog: System logger
[exabgp.log]
all = true
destination = /var/log/exabgp.log
level = DEBUG
[exabgp.api]
ack = true
encoder = json| Feature | ExaBGP | Quagga/FRR | BIRD |
|---|---|---|---|
| RIB | No | Yes | Yes |
| FIB | No | Yes | Yes |
| API | Full | Limited | Limited |
| Language | Python | C | C |
| FlowSpec | Full | Partial | Partial |
| Programmability | High | Low | Medium |
| Resource Usage | Low | Medium | Low |
| Primary Use Case | API Control | Router Daemon | Router Daemon |
exabgp/
├── application/ # CLI and main application
├── bgp/ # BGP protocol implementation
│ ├── message/ # BGP message types
│ ├── neighbor/ # Neighbor management
│ └── peer.py # BGP peer state machine
├── configuration/ # Configuration parsing
├── network/ # Network I/O
├── reactor/ # Event loop
├── rib/ # Adj-RIB-Out (not RIB!)
└── version.py # Version info
Note: Despite rib/ directory name, ExaBGP only maintains Adj-RIB-Out (routes sent to neighbors), not a full RIB.
Add new output formats for external processes.
Support new BGP attributes via message builder.
Add new address family support.
Unlimited flexibility via external processes.
Language-specific libraries for ExaBGP interaction.
ExaBGP's architecture is designed for:
- Simplicity: External process model, STDIN/STDOUT API
- Correctness: Pure BGP protocol implementation (55+ RFCs)
- Flexibility: Language-agnostic integration
- Separation: Protocol (ExaBGP) vs. Logic (external processes)
- Scalability: Lightweight, event-driven, single-threaded
Key Insight: By separating BGP protocol from routing logic, ExaBGP enables application-layer network control without requiring BGP expertise or router access.
For Documentation Writers: Use this architecture overview to:
- Explain how ExaBGP works internally
- Justify design decisions in documentation
- Help users understand the process model
- Clarify the "no RIB/FIB" principle
- Reference when explaining advanced features
Getting Started
Configuration
- Configuration Syntax
- Neighbor Configuration
- Directives A-Z
- Templates
- Environment Variables
- Process Configuration
API
- API Overview
- Text API Reference
- JSON API Reference
- API Commands
- Writing API Programs
- Error Handling
- Production Best Practices
Address Families
- Overview
- IPv4 Unicast
- IPv6 Unicast
- FlowSpec
- EVPN
- L3VPN
- BGP-LS
- VPLS
- SRv6 / MUP
- Multicast
- RT Constraint
Features
Use Cases
Tools
Operations
Reference
- Architecture
- Design
- Attribute Reference
- Command Reference
- BGP State Machine
- Capabilities
- Communities
- Examples Index
- Glossary
- RFC Support
Integration
Migration
Community
External