-
Notifications
You must be signed in to change notification settings - Fork 461
use cases summary
Thomas Mangin edited this page Nov 10, 2025
·
1 revision
Last Updated: 2025-11-09 Purpose: Reference document for documentation writers, consolidating all ExaBGP use cases from external research
ExaBGP is a BGP engine that enables programmatic BGP control from applications. Unlike traditional BGP implementations that manipulate RIB/FIB, ExaBGP focuses purely on the BGP protocol layer, allowing external processes to inject and receive BGP routes.
Key Differentiator: ExaBGP pioneered open-source FlowSpec support and remains the most API-friendly implementation (now also supported by GoBGP, FRRouting, BIRD).
Description: Dynamic injection of FlowSpec rules for traffic filtering and rate limiting.
How It Works:
- Detection system (Arbor, ML, SIEM) identifies attack
- ExaBGP receives alert via syslog/API
- Generates FlowSpec rules dynamically
- Distributes via BGP to edge routers
- Routers install rules in hardware forwarding plane
- Traffic filtered/shaped at network edge
Advantages over RTBH:
- Precise matching (ports, protocols, packet length)
- Rate limiting instead of blackholing
- Single rule vs. thousands of /32 prefixes
- Surgical mitigation reduces collateral damage
Real-World Implementations:
- Integration with Arbor SP/TMS for automated response
- ElastiFlow + Elasticsearch ML for intelligent detection
- Wanguard BGP Connector for flow-based mitigation
- Upstream provider offload (traffic blocked before reaching network)
Example Scenario:
HTTP Flood Detected → FlowSpec Rule Generated → BGP Distribution →
Edge Routers Rate-Limit → Attack Mitigated in < 5 seconds
Description: Multiple servers announce same service IP; traffic routed to nearest/healthiest node.
How It Works:
- Service IPs configured on loopback interfaces
- ExaBGP announces availability via BGP
- Health checks monitor service state
- Failed nodes withdraw routes automatically
- Network converges to healthy nodes
Common Applications:
- DNS Anycast: Multiple DNS servers, geographic distribution
- Web Services: Global content delivery, latency reduction
- CDN Edge Nodes: Distributed content serving
- API Endpoints: Regional API gateways
Architecture Pattern:
[Web Servers + ExaBGP] ----BGP----> [Route Servers] ----BGP----> [Edge Routers]
(Health Checks) (Path Selection) (Traffic Fwd)
Key Benefits:
- Automatic failover (5-15 second convergence)
- Geographic load distribution
- No single point of failure
- Application-aware routing
Reference: Vincent Bernat's "High Availability with ExaBGP" (2013)
Description: Load distribution using BGP metrics (MED) based on real-time system state.
How It Works:
- Health check scripts monitor system metrics (CPU, memory, connections)
- Calculate BGP MED based on current load
- Lower metric = more traffic, higher metric = less traffic
- Automatic traffic distribution across healthy nodes
Metric Strategies:
- Binary: Announce (metric 100) vs. Withdraw
- Gradual: Metrics 100-500 based on load percentage
- Multi-Service: Different metrics per service IP for balanced distribution
Example:
# Node 1: 60% CPU → MED 160
# Node 2: 40% CPU → MED 140 (receives more traffic)
# Node 3: 85% CPU → MED 185 (receives less traffic)Applications:
- Web server pools
- Database read replicas (based on replication lag)
- API gateways (based on response time)
- Caching servers (based on cache hit rate)
Description: Programmatic BGP route injection for traffic steering and network optimization.
How It Works:
- SDN controller determines optimal paths
- Sends commands to ExaBGP via API
- ExaBGP announces routes with specific attributes
- Network devices route traffic accordingly
Use Cases:
- Path Optimization: Route traffic through optimal links
- Capacity Management: Balance traffic across multiple links
- Maintenance Windows: Gracefully drain traffic before maintenance
- Cost Optimization: Prefer less expensive transit paths
- BGP-LS Integration: Link-state information for SDN controllers
SDN Patterns:
- ExaBGP as BGP speaker for SDN controllers
- Segment Routing Traffic Engineering (SR-TE) with ExaBGP
- BGP-LS for topology discovery
- Integration with OpenFlow/P4 controllers
References:
- RIPE Labs: "ExaBGP - From BGP Route Injector to BGP Engine"
- BGP-SDN GitHub projects
- λBGP: Rethinking BGP programmability
Description: Automated route announcements based on application state and business logic.
How It Works:
- Application monitors its state (service health, capacity, license)
- Decides which routes to announce based on logic
- ExaBGP handles BGP protocol complexity
- Routes updated dynamically without manual intervention
Example Scenarios:
A. Service Discovery:
- New service instances register themselves via BGP
- Network automatically routes traffic to new instances
- Deregistration on shutdown
B. License-Based Routing:
- Announce premium routes only if license is valid
- Automatic route withdrawal on license expiration
C. Geographic Steering:
- Different routes announced from different regions
- AS path prepending for traffic steering
D. Blue/Green Deployments:
- Blue environment serves traffic (announces routes)
- Green environment deployed without announcement
- Switch traffic by changing BGP announcements
Description: Dynamic blackholing of malicious IPs at network edge.
How It Works:
- Security system identifies compromised/attacking IPs
- ExaBGP announces blackhole routes
- Edge routers drop traffic to/from blacklisted IPs
- Automatic expiration after specified time
Implementations:
- RTBH (Remote Triggered Black Hole): Announce with blackhole community
- FlowSpec: More granular filtering (specific ports/protocols)
- RPKI Integration: Route validation and filtering
Use Cases:
- Botnet C&C blocking
- Compromised host isolation
- Abuse mitigation
- Regulatory compliance (geo-blocking)
Description: BGP-based networking for cloud-native and virtual environments.
How It Works:
- Container/VM orchestration systems integrate with ExaBGP
- Services announce themselves as they scale
- Network provides dynamic routing without SDN overlay
- Native BGP for multi-cloud connectivity
Platforms:
- Kubernetes: BGP for pod networking (MetalLB alternative)
- AWS: BGP in VPCs, Direct Connect integration
- OpenStack: Neutron BGP dynamic routing
- Docker Swarm: Service mesh with BGP
Example - AWSnycast: Project using ExaBGP for anycast-style service discovery in AWS.
Description: BGP protocol testing, route injection at scale, and network simulation.
How It Works:
- ExaBGP simulates multiple BGP speakers from single host
- Injects large routing tables for testing
- Validates BGP implementation compliance
- Tests route convergence and stability
Capabilities:
- Scale: 450+ simultaneous BGP speakers from single machine
- Route Volume: Full internet routing table injection
- Protocol Testing: RFC compliance validation
- Interoperability: Multi-vendor BGP testing
Use Cases:
- Router performance testing
- Network design validation
- Capacity planning
- BGP security research
[SIEM/Monitoring] → [Detection Logic] → [ExaBGP API] → [BGP Network]
(Splunk) (Python/Go) (STDIN) (Routers)
[HAProxy/NGINX] → [Health Checks] → [ExaBGP] → [BGP] → [Edge Routers]
(Backends) (Python Script) (Route) (Update) (Traffic Fwd)
[Kubernetes] → [Operator/Controller] → [ExaBGP] → [BGP] → [Network Fabric]
(Services) (Service Discovery) (Routes) (Dist) (Pod Routing)
[DB Replicas] → [Lag Monitoring] → [ExaBGP] → [BGP] → [Read Traffic]
(PostgreSQL) (Metric Calc) (MED) (Dist) (Distribution)
- No RIB/FIB manipulation
- Focuses on BGP protocol correctness
- 55+ RFCs implemented
- Vendor-neutral
- STDIN/STDOUT communication
- Language-agnostic
- JSON and text encoders
- Easy integration
- Python-based (portable)
- Low resource usage (<50MB RAM typical)
- Single process or multiple speakers
- Runs on commodity hardware
- External process model
- Custom health checks
- Arbitrary route attributes
- FlowSpec rule generation
- 98 configuration examples
- Active community
- GitHub wiki
- Multiple blog articles and presentations
- Shutterstock (load balancing)
- LinkedIn (datacenter anycast)
- NSONE (anycasted DNS)
- Various ISPs and cloud providers (DDoS mitigation)
- Enterprise networks (high availability)
- RIPE: Multiple presentations on BGP control from applications
- UKNOF: BGP on the wire technical details
- LINX: FlowSpec and route injection
- UKUUG: Benefits of BGP for service providers
- SWINOG: DDoS blackholing in provider networks
- FRnOG: FlowSpec implementations
| Feature | ExaBGP | Traditional |
|---|---|---|
| RIB/FIB Manipulation | No | Yes |
| API-First Design | Yes | Limited |
| FlowSpec Support | Full | Partial/None |
| Programmability | Python/Any | Limited |
| Resource Usage | Low | Medium |
| Use Case | Application Control | Routing Daemon |
| Feature | ExaBGP | GoBGP |
|---|---|---|
| Language | Python | Go |
| Performance | Good | Excellent |
| FlowSpec | Yes | Yes |
| Maturity | Mature (2010) | Newer (2014) |
| API | STDIN/STDOUT | gRPC |
| Community | Large | Growing |
| Feature | ExaBGP | Hardware SDN |
|---|---|---|
| Cost | Open Source | Expensive |
| Deployment | Software Only | Hardware Required |
| Integration | Simple | Complex |
| Flexibility | High | Vendor-Locked |
| Learning Curve | Moderate | Steep |
ExaBGP includes 98 configuration examples covering:
- Basic Examples: First BGP session, simple announcements
- IPv4/IPv6: Unicast, multicast configurations
- FlowSpec: DDoS mitigation, traffic filtering
- L2VPN/L3VPN: VPLS, VPN configurations
- API Integration: Python scripts, health checks
- Advanced Features: Communities, AS-path manipulation
- Operational: Maintenance, debugging, monitoring
Location: /main/etc/exabgp/ directory (to be indexed in wiki)
- Use route servers for scalability
- Separate routing logic from route processing
- Configure service IPs on loopback interfaces
- Plan metric strategy carefully
- Implement retry logic (rise/fall counters)
- Set reasonable timeouts (2-5 seconds)
- Check all critical dependencies
- Support maintenance mode
- Monitor BGP session state
- Log all route changes
- Track failover events
- Alert on anomalies
- Validate FlowSpec rules before injection
- Use authentication for BGP sessions
- Rate-limit API commands
- Audit route announcements
- Test health checks independently
- Validate failover scenarios
- Verify route filtering
- Load test at scale
- Forgetting to flush stdout: Commands not sent to ExaBGP
- Incorrect next-hop: Routes not installed
- Missing loopback configuration: Service IPs not reachable
- No health check dampening: Route flapping
- Insufficient logging: Hard to troubleshoot issues
- No maintenance mode: Can't gracefully drain traffic
- Overly sensitive health checks: False positives
- Ignoring BGP timers: Slow failover
- BGP Convergence: 5-15 seconds typical
- Health Check Interval: 5-10 seconds recommended
- Resource Usage: <50MB RAM, minimal CPU
- Scale: 1000+ routes per ExaBGP instance
- Speakers: 450+ simultaneous from single host
- FlowSpec Rules: Thousands supported (hardware-dependent)
Based on RIPE Labs articles:
- IPv6 FlowSpec: Extended support for IPv6 flow specifications
- Generalized Redirect: More flexible traffic redirection
- Performance Optimization: Continued efficiency improvements
- Additional RFC Support: Ongoing protocol implementation
- Enhanced Monitoring: Better observability tools
This summary informs the following wiki documents:
- Getting Started/Quick-Start.md: Basic anycast example
- API/API-Overview.md: STDIN/STDOUT pattern, encoders
- FlowSpec/FlowSpec-Overview.md: DDoS mitigation use case
- Use-Cases/High-Availability.md: Anycast and health checks
- Use-Cases/DDoS-Mitigation.md: FlowSpec implementation
- Use-Cases/Load-Balancing.md: Metric-based distribution
- Use-Cases/Traffic-Engineering.md: SDN integration
- Use-Cases/Anycast-Services.md: DNS, web services
- Operations/Health-Checks.md: Implementation patterns
- Integration/SDN-Controllers.md: Controller integration
- Use-Cases/Network-Automation.md: Orchestration patterns
- Use-Cases/Cloud-Networking.md: AWS, Kubernetes
- Use-Cases/Security.md: Blackholing, RPKI
- Advanced/Performance-Testing.md: Scale testing
- Vincent Bernat - "High Availability with ExaBGP" (2013)
- RIPE Labs - "ExaBGP: From Route Injector to BGP Engine"
- thepacketgeek.com - ExaBGP Getting Started and Tutorials
- Shutterstock Tech Blog - "Stop Buying Load Balancers"
- Multiple conference presentations (RIPE, UKNOF, LINX, etc.)
- Official ExaBGP repository with 98 examples
- sysadminblog/exabgp-healthcheck
- Community health check implementations
- Integration examples (Kubernetes, AWS, etc.)
- ExaCheck - Dedicated health checker for ExaBGP
- Arbor SP/TMS - DDoS detection with FlowSpec
- Wanguard - FlowSpec controller integration
When writing use case documentation:
- Does this use case emphasize that ExaBGP doesn't manipulate RIB/FIB?
- Is there a practical example from etc/exabgp/ referenced?
- Does it cross-reference related documentation?
- Is the health check implementation explained?
- Are common errors and solutions included?
- Is there a working code example?
- Does it link to relevant RFCs?
- Is the BGP protocol behavior explained?
ExaBGP's killer features:
- ✅ Only open-source FlowSpec implementation
- ✅ Simple API (STDIN/STDOUT)
- ✅ Pure protocol implementation (no RIB/FIB)
- ✅ 55+ RFCs supported
- ✅ Lightweight and portable
- ✅ Proven at scale (thousands of deployments)
Core use cases:
- 🎯 DDoS mitigation with FlowSpec
- 🎯 Anycast high availability
- 🎯 Dynamic load balancing
- 🎯 Traffic engineering
- 🎯 Network automation
Primary value proposition: Enables application-layer control of BGP without requiring deep BGP expertise or router access. Network engineers can implement sophisticated traffic control using simple Python scripts.
For Documentation Writers: This summary provides the comprehensive knowledge base for writing ExaBGP documentation. All use cases, patterns, and examples should reference this document for accuracy and consistency.
Getting Started
Configuration
- Configuration Syntax
- Neighbor Configuration
- Directives A-Z
- Templates
- Environment Variables
- Process Configuration
API
- API Overview
- Text API Reference
- JSON API Reference
- API Commands
- Writing API Programs
- Error Handling
- Production Best Practices
Address Families
- Overview
- IPv4 Unicast
- IPv6 Unicast
- FlowSpec
- EVPN
- L3VPN
- BGP-LS
- VPLS
- SRv6 / MUP
- Multicast
- RT Constraint
Features
Use Cases
Tools
Operations
Reference
- Architecture
- Design
- Attribute Reference
- Command Reference
- BGP State Machine
- Capabilities
- Communities
- Examples Index
- Glossary
- RFC Support
Integration
Migration
Community
External