This distribution of "bgptools" is provides tools that aid in the analysis of BGP updates. We have developed this software in an attempt to solve the following problems:
Read the "INSTALL" file for installation specifics. We have successfully installed the libraries and applications in this distribution on Redhat Linux 7.1. However, the software should be portable to other platforms, as there are no Linux-specific directives in the source.
In addition to libbgpdump.a, our general purpose library, we provide several additional programs (as well as the source for these programs), all of which assist in the analysis of BGP udpates. This version of the software release includes two main applications.
bgpdump -- parse MRT-formatted update files and do useful things with them
Of particular interest is the -q option, which can be used to insert BGP updates into a MySQL database, and the -p option, which can generate prefix trees. Here's a screenshot of the output from the command:
bgpdump -d /usr/local/etc/bgpd_updates/ -a 11/1/2001_00:00:00 -b 11/1/2001_00:10:00 -p test.dotScreenshot (you will have to zoom out to 0.1 factor to get it nice and legible)
bgpquery -- query a database containing table data inserted from bgpdump. Right now, this program makes certain "fixed queries" to a SQL database, based on insertion with the "-q" option with "bgpdump"...add your own queries!
traced -- listens for BGP update packets from some other process on a UNIX domain socket, and notices when withdrawals occur. If a withdrawal occurs, this software runs a traceroute to an IP address "behind" the withdrawn prefix.
Also uses a blacklist file to prevent tracerouting to people who have complained about us. Also uses traceroute dampening.
Note: This program was designed as a companion to the "Zebra" software router. Please see our project website to download the patch to Zebra we have supplied to dump packet traces to a UNIX domain socket.
We provide a couple of auxiliary programs that can be used for testing, although their functionality is not essential:
buildtree -- makes a prefix tree (dot source) from an update file. This functionality is now incorporated into "bgpdump", and, thus, you shouldn't ever have to run this program.
trace_client -- this program reads a bgp packet dump file (i.e., MRT formatted ppacket dump) and sends the dump over a UNIX domain socket to the traced daemon. Mostly for testing.
bufwrite -- used by "traced" for "pseudo-atomic" writes. Not useful for BGP analysis per se.
|L C S||E E C S||M I T|