bgpipe: a BGP firewall

bgpipe is an open-source tool for processing and filtering messages exchanged by the Border Gateway Protocol (BGP). BGP is the routing protocol that makes the Internet work, and thus it is considered to be critical to the global economic prosperity and security.

bgpipe operates as a proxy sitting between BGP routers, capable of auditing, fixing, and securing BGP sessions on the fly. It is based on the BGPFix library, distributed under the MIT license, and implemented in Go, making it widely available for many platforms.

Started in 2023 and currently in beta, bgpipe has its roots in a research project developed at the Institute of Theoretical and Applied Informatics, Polish Academy of Sciences.

• See examples

  Get BGP pipeline ideas
  Examples

• Downloads

  See released versions
  GitHub Releases

Features

• Works as a transparent man-in-the-middle proxy.
• Has full, bi-directional BGP to JSON translation.
• Can filter and archive BGP sessions through an external process, eg. a Python script.
• Supports remote processing over encrypted WebSockets (HTTPS), eg. in the cloud.
• Reads and writes MRT files (BGP4MP), optionally compressed.
• Can add and drop TCP-MD5 on multi-hop BGP sessions, independently on each side.
• Has built-in BGP message filters and session limiters.
• Supports popular BGP RFCs, including Flowspec.