Add documentation about ExaBGP

2015-04-26 16:00:47 +03:00 · 2015-04-26 16:00:47 +03:00 · 79b7aac3c0
commit 79b7aac3c0
parent 806035a88b
2 changed files with 69 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -30,6 +30,7 @@ Features:
 - Can trigger block script if certain IP loads network with a large amount of packets per second
 - Can trigger block script if certain IP loads network with a large amount of bytes per second
 - Can trigger block script if certain IP loads network with a large amount of flows per second
+- Could [announce blocked IPs](docs/EXABGP_INTEGRATION.md) to BGP router with [ExaBGP](https://github.com/Exa-Networks/exabgp)
 - netmap support (open source; wire speed processing; only Intel hardware NICs or any hypervisor VM type)
 - Supports L2TP decapsulation, VLAN untagging and MPLS processing in mirror mode 
 - Can work on server/soft-router
--- a/docs/EXABGP_INTEGRATION.md
+++ b/docs/EXABGP_INTEGRATION.md
@ -0,0 +1,68 @@
+# FastNetMon and ExaBGP integration
+
+FastNetMon could enable/disable announce of blackholed IPs (/32) to BGP core router (Cisco, Juniper, Quagga). This feature implemented with ExaBGP toolkit.
+
+If you want to use this capability, please set following params in /etc/fastnetmon.conf and tune they to values suitable in your network:
+```bash
+exabgp = on
+exabgp_command_pipe = /var/run/exabgp.cmd
+exabgp_community = 65001:666
+exabgp_next_hop = 10.0.3.114
+```
+
+Secondly, you should install, configure and run ExaBGP toolkit.
+
+Install ExaBGP:
+```bash
+pip install exabgp
+```
+
+Create example configuration: ```vim /etc/exabgp_blackhole.conf```
+
+Example here (please fix this configuration to your network):
+```bash
+group Core_v4 {
+    hold-time 180;
+    local-as 65001;
+    peer-as 1234;
+    router-id 10.0.3.114;
+    graceful-restart 1200;
+
+    # Static announce is not used
+    # static {
+    #     route 10.10.10.1/32 next-hop 10.0.3.114 community 65001:666;
+    # }   
+
+    neighbor 10.0.3.115 {
+        local-address 10.0.3.114;
+        description "Quagga";
+    }   
+
+    # Add this line for process management
+    process service-dynamic {
+        run /etc/exabgp/exabgp_pipe_provider.sh;
+    }   
+}
+```
+
+For PIPE API we need create this script: ```vim /etc/exabgp/exabgp_pipe_provider.sh```
+
+Script code here:
+```bash
+
+```#!/bin/sh
+FIFO="/var/run/exabgp.cmd"
+
+rm -f $FIFO
+mkfifo $FIFO
+tail -f $FIFO
+```
+
+Set exec flag for script: ```chmod +x /etc/exabgp/exabgp_pipe_provider.sh```
+
+Run ExaBGP:
+```bash
+env exabgp.daemon.user=root exabgp.daemon.daemonize=true exabgp.daemon.pid=/var/run/exabgp.pid exabgp.log.destination=/var/log/exabgp.log exabgp /etc/exabgp_blackhole.conf
+```
+
+You could read my articles about ExaBGP configuration too: [](http://www.stableit.ru/2015/04/quagga-bgp-and-exabgp-work-together-for.html) and [this](http://www.stableit.ru/2015/04/how-to-control-exabgp-from-external-tool.html)