PolicyBGP enables policy-driven traffic engineering for network operators, especially those without their own Autonomous System (AS), by advertising BGP routes for specific ASes with user-defined nexthops. This allows for granular control over traffic paths, optimizing for cost, latency, or bandwidth.
PolicyBGP is ideal for small network operators who do not own their own AS, but have access to multiple ISPs.
With PolicyBGP, you can direct different types of traffic through the most appropriate ISP—for example:
- Route video streaming (e.g., Netflix) through an unmetered connection.
- Route gaming traffic through a low-latency ISP.
- Prioritize critical business traffic over a reliable, high-availability ISP.
In enterprise environments, it is common to route all Internet traffic from branch offices through a central data center via VPN. However, due to increasing bandwidth demands, this approach is often unsustainable.
A "Local Internet Breakout" strategy allows sites to send low-risk traffic (e.g., video conferencing) directly to the Internet via local ISPs while retaining VPN paths for sensitive or critical data.
PolicyBGP enables site routers to selectively route traffic to local ISPs while maintaining the default route through the data center.
PolicyBGP uses the IP to ASN Lite database from db-ip.com, along with a set of user-defined policy rules.
It establishes a BGP session with your router and advertises routes for the specified ASes using the configured nexthops.
Note: Your router must support BGP. On Linux-based routers, you can use BGP daemons like BIRD to receive and inject routes into the kernel routing table. Most commercial routers also support BGP.
Requirements:
- Go 1.24.2 or later
Install using:
go install github.com/IPA-CyberLab/policybgp/cmd/policybgp@latestSpecify policies via the command line using the following format: --policy ASN,ip4-nexthop[,ip6-nexthop]
Example policies:
--policy 15169,192.168.1.1- Route traffic to Google (ASN 15169) via 192.168.1.1 (IPv4 only).--policy 32934,10.0.0.1,2001:db8::1- Route traffic to Facebook (ASN 32934) via both IPv4 and IPv6 nexthops.
policybgp serve \
--dbpath ./work/dbip-asn-lite.csv.gz \
--peer 192.168.0.1:10179 \
--policy 15169,192.168.1.1 \
--policy 32934,10.0.0.1,2001:db8::1-
Start BIRD BGP server for testing:
bird -c hack/bird3.test.conf -s /tmp/bird.test.ctl -d
-
Connect to BIRD CLI:
birdc -s /tmp/bird.test.ctl
-
Run PolicyBGP against the test instance:
go run ./cmd/policybgp --verbose serve \ --dbpath ./work/dbip-asn-lite.csv.gz \ --peer localhost:10179 \ --policy 15169,192.168.100.100
-
Inspect the advertised routes using GoBGP CLI:
gobgp neighbor localhost gobgp global rib summary
# Build the binary
go build ./cmd/policybgp
# Run tests
go test ./...We welcome contributions! Please feel free to submit issues, feature requests, or pull requests.
This project is licensed under Apache 2.0 License - see the LICENSE file for details.
- Built with GoBGP for BGP protocol implementation