Skip to content

bgpipe: BGP pipeline processor

bgpipe is an open-source tool that processes BGP messages through a pipeline of composable stages — bridging the gaps between monitoring and control.

Usually, bgpipe sits between routers as a transparent proxy, auditing, filtering, and transforming BGP sessions on the fly. Built on the bgpfix library, written in Go, and distributed under the MIT license. Started in 2023 as part of a research project at the Polish Academy of Sciences.

Quick Demo

Stream live from RIPE RIS, add RPKI validation on the fly, and show RPKI-invalid announcements:

$ docker run --rm ghcr.io/bgpfix/bgpipe:latest -go \
    -- ris-live \
    -- rov --invalid=keep \
    -- grep 'tag[rov/status] == INVALID'

Sample output: 

[
    "R",
    10843,
    "2026-02-10T12:47:02.900",
    "UPDATE",
    {
        "reach":["201.49.180.0/23","201.49.181.0/24"],
        "attrs":{
            "ORIGIN":{"flags":"T","value":"IGP"},
            "ASPATH":{"flags":"T","value":[199524,174,52320,53062,262907,262907,262907,262907,262907,52900,273801]},
            "NEXTHOP":{"flags":"T","value":"196.60.9.188"}
        }
    },
    {
        "PEER_IP":"196.60.9.188",
        "PEER_AS":"199524",
        "COLLECTOR":"rrc19",
        "RIS_HOST":"rrc19.ripe.net",
        "RIS_ID":"196.60.9.188-019c479748f40019",
        "rov/201.49.180.0/23":"INVALID",
        "rov/201.49.181.0/24":"INVALID",
        "rov/status":"INVALID"
    }
]

More one-liners:

# convert an MRT archive to JSON, straight from RIPE RIS (or RouteViews) URL
$ bgpipe read https://data.ris.ripe.net/rrc01/latest-update.gz | head

# proxy a BGP session, dump messages to stdout, withdraw RPKI-invalid prefixes
$ bgpipe -o -- listen :179 -- rov -- connect --wait listen 192.0.2.1

Install

docker pull ghcr.io/bgpfix/bgpipe:latest

wget -O bgpipe \
    https://github.com/bgpfix/bgpipe/releases/latest/download/bgpipe-linux-amd64
chmod +x bgpipe

go install github.com/bgpfix/bgpipe@latest

A single static binary, no dependencies — see the Quick Start for details and other platforms.

Use Cases

  • BGP Firewall

    Drop-in proxy with RPKI ROV + ASPA validation, prefix limits, and rate limiting

  • Full JSON Translation

    Bidirectional BGP ↔ JSON including Flowspec — pipe through jq, Python, anything

  • MRT Processing

    Read, convert, and filter compressed MRT archives at scale

  • Scriptable Pipeline

    Chain stages or pipe messages through external programs

  • Live BGP Monitoring

    Stream from RIPE RIS Live or RouteViews with real-time filters

  • Secure Transport

    Add TCP-MD5 to sessions, proxy over encrypted WebSockets

Features

  • Transparent proxy — sits between two BGP speakers; with TPROXY mode, invisible even at the IP layer — no router reconfiguration
  • Full JSON translation — bidirectional BGP ↔ JSON for every message type, including Flowspec
  • Built-in filters — match on prefixes, AS paths, communities, attributes, and tags with a concise filter language
  • RPKI origin validationrov stage implements RFC 6811, fed over RTR (e.g. Cloudflare, Routinator), HTTP(S), or files
  • ASPA path verificationaspa stage detects route leaks per the IETF draft — available today, before router vendors ship it
  • Prefix and rate limits — enforce prefix count/length thresholds and message rate limits per session
  • UPDATE rewriting — add, remove, or modify path attributes on the fly
  • Multiple data formats — read and write JSON, MRT, BMP, OpenBMP, ExaBGP, and raw BGP wire format
  • Compression support — transparent gzip/bzip2/zstd for MRT and other file formats
  • HTTP/HTTPS sources — read directly from URLs (e.g. RouteViews or RIS MRT archives)
  • External program integration — pipe messages through any process (exec, pipe stages)
  • WebSocket transport — exchange messages over encrypted WebSockets for remote processing
  • TCP-MD5 handling — add or drop TCP-MD5 independently on each side of a session
  • Live data feeds — stream from RIPE RIS Live or RouteViews in real time
  • Message tagging — attach metadata to messages for downstream filtering and routing decisions
  • 20 pipeline stages — composable building blocks, each doing one thing well (full list)

Project

bgpipe is hosted on GitHub under the MIT license, built on the bgpfix library.