bgptools

Note: This is a beta release. Please check the "TODO" file to see various functionality that is planned but not implemented.

This distribution of "bgptools" is provides tools that aid in the analysis of BGP updates. We have developed this software in an attempt to solve the following problems:

Provide a publicly-available tool for parsing MRT-formatted BGP update dumps (as various software routers, such as Zebra dump to a log file).
Provide a framework for real-time analysis of BGP update data ("traced" is an example of a tool that uses this framework).
Provide a publicly-available library, "libbgpdump.a", that exports a simple API that makes developing BGP analysis tools easy and fast.

Download

bgptools-0.2 (6/3/03)

Requirements

Various parts of this distribution require the use of other libraries. In particular, you should have installed:

libstdc++ >= 3
MySql >= 3.23
mysql++ >= 1.7.9
dot >= 1.7c

Installation

Read the "INSTALL" file for installation specifics. We have successfully installed the libraries and applications in this distribution on Redhat Linux 7.1. However, the software should be portable to other platforms, as there are no Linux-specific directives in the source.

Included Software

In addition to libbgpdump.a, our general purpose library, we provide several additional programs (as well as the source for these programs), all of which assist in the analysis of BGP udpates. This version of the software release includes two main applications.

The first is "bgpdump", which provides a way to parse MRT-formatted BGP update traces and do useful things with them, such as generate update visualizations and insert the update information into a SQL database.
The second is "traced", which interacts with a modified version of the Zebra software router to track BGP updates and perform real-time processing and analysis on them. This particular application runs a traceroute to an address for which it hears a BGP withdrawal of that prefix.

Below is a brief description and usage summary for the programs included in the distribution.

bgpdump -- parse MRT-formatted update files and do useful things with them

Of particular interest is the -q option, which can be used to insert BGP updates into a MySQL database, and the -p option, which can generate prefix trees. Here's a screenshot of the output from the command:

 bgpdump -d /usr/local/etc/bgpd_updates/ -a 11/1/2001_00:00:00 -b 11/1/2001_00:10:00 -p test.dot

Screenshot (you will have to zoom out to 0.1 factor to get it nice and legible)

bgpquery -- query a database containing table data inserted from bgpdump. Right now, this program makes certain "fixed queries" to a SQL database, based on insertion with the "-q" option with "bgpdump"...add your own queries!

traced -- listens for BGP update packets from some other process on a UNIX domain socket, and notices when withdrawals occur. If a withdrawal occurs, this software runs a traceroute to an IP address "behind" the withdrawn prefix.

Also uses a blacklist file to prevent tracerouting to people who have complained about us. Also uses traceroute dampening.

Note: This program was designed as a companion to the "Zebra" software router. Please see our project website to download the patch to Zebra we have supplied to dump packet traces to a UNIX domain socket.

We provide a couple of auxiliary programs that can be used for testing, although their functionality is not essential:

buildtree -- makes a prefix tree (dot source) from an update file. This functionality is now incorporated into "bgpdump", and, thus, you shouldn't ever have to run this program.

trace_client -- this program reads a bgp packet dump file (i.e., MRT formatted ppacket dump) and sends the dump over a UNIX domain socket to the traced daemon. Mostly for testing.

bufwrite -- used by "traced" for "pseudo-atomic" writes. Not useful for BGP analysis per se.

L C S E E C S M I T