{ "info": { "author": "Thomas MORIN", "author_email": "thomas.morin@orange.com", "bugtrack_url": null, "classifiers": [ "Environment :: No Input/Output (Daemon)", "Intended Audience :: Developers", "Intended Audience :: System Administrators", "Intended Audience :: Telecommunications Industry", "License :: OSI Approved :: Apache Software License", "Operating System :: POSIX :: Linux", "Programming Language :: Python", "Programming Language :: Python :: 2", "Programming Language :: Python :: 2.7" ], "description": ".. image:: https://badges.gitter.im/Join%20Chat.svg\n :target: https://gitter.im/Orange-OpenSource/bagpipe-bgp\n :alt: Join Glitter Chat\n\nBaGPipe BGP\n===========\n\nBaGPipe BGP is a lightweight implementation of BGP VPNs (IP VPNs and\nE-VPNs), targeting deployments on servers hosting VMs, in particular for\nOpenstack/KVM platforms.\n\nThe goal is *not* to fully implement BGP specifications, but only the\nsubset of specifications required to implement IP VPN VRFs and E-VPN\nEVIs (`RFC4364 `__ a.k.a RFC2547bis,\n`RFC7432 `__/`draft-ietf-bess-evpn-overlay `__,\nand `RFC4684 `__).\n\nBaGPipe BGP is designed to use encapsulations over IP (such as\nMPLS-over-GRE or VXLAN), and thus does not require the use of LDP. Bare\nMPLS over Ethernet is also supported and can be used if servers/routers\nhave direct Ethernet connectivity.\n\nTypical Use\n-----------\n\nBaGPipe-BGP has been designed to provide VPN (IP VPN or E-VPN)\nconnectivity to VMs running on a local server.\n\nThe target is to provide VPN connectivity to VMs deployed by Openstack.\nA typical target architecture is to have BaGPipe-BGP be driven by\nOpenstack Neutron components:\n\n* the `bagpipe driver for the BGP VPN interconnection service\n plugin `__\n* the `bagpipe ML2 mechanism\n driver `__ using E-VPN\n\nBaGPipe-BGP can also be used standalone (e.g. for testing purposes),\nwith for instance VMs tap interfaces or veth interfaces to network\nnamespaces (see `below <#netns-example>`__).\n\nInstallation\n------------\n\nInstallation can be done with ``python setup.py install``.\n\nRunning ``install.sh`` will take care of this and will *also* install\nstartup scripts in ``/etc/init.d`` and sample config files in\n``/etc/bagpipe-bgp``.\n\nBGP and Route Reflection\n------------------------\n\nIf you only want to test how to interconnect one server running\nbagpipe-bgp and an IP/MPLS router, you don't need to setup a BGP Route\nReflector. But to use BaGPipe BGP on more than one server, the current\ncode currently requires setting up a BGP Route Reflector (see\n`Caveats <#caveats>`__).\n\nThe term \"BGP Route Reflector\" refers to a BGP implementation that\nredistribute routes between iBGP peers\n`RFC4456 `__.\n\nWhen using bagpipe-bgp on more than one server, we thus need each\ninstance of BaGPipe BGP to be configured to peer with at least one route\nreflector (see `Configuration <#config>`__).\n\nWe provide a tool that can be used to emulate a route reflector to\ninterconnect **2** BaGPipe BGP implementations, typically for test\npurposes (see `Fake RR <#fakerr>`__).\n\nFor more than 2 servers running BaGPipe BGP, you will need a real BGP\nimplementation supporting RFC4364 and BGP route reflection (and ideally\nalso RFC4684).\n\nDifferent options can be considered:\n\n* A router from for instance, Alcatel-Lucent, Cisco or Juniper can be\n used; some of these vendors also provide their OSes as virtual\n machines\n\n* BGP implementations in other opensource projects would possibly be\n suitable, but we did not explore i these exhaustively:\n\n - there has been some work to allow the use of OpenContrail's BGP\n implementation as a Route Reflector; although this is currently\n unfinished, we have done rough hacks to confirm the feasibility\n and the interoperability\n\n - `GoBGP `__ team has sucessfully\n deployed a setup with `GoBGP as a RR for bagpipe-bgp PE\n implementations, with\n E-VPN `__\n\n - we have sucessfully used OpenBSD BGPd as an IP VPN RR for\n bagpipe-bgp\n\n - Quagga is supposed to support IP VPNs (untested AFAIK)\n\nConfiguration\n-------------\n\nThe bagpipe-bgp daemon config file default location is:\n``/etc/bagpipe-bgp/bgp.conf``.\n\nThe ``install.sh`` script will install a template as an example\nconfiguration.\n\nIt needs to be customized, at least for the following:\n\n* local\\_address: the local address to use for BGP sessions and traffic\n encapsulation\n* peers: the list of BGP peers, it depends on the BGP setup that you\n have chosen (see above `BGP Route Reflection <#bgprr>`__)\n* dataplane configuration, if you really want packets to get through\n (see `Dataplane configuration <#dpconfig>`__)\n\nExample with two servers and relying on bagpipe fake route reflector:\n\n* On server A (local\\_address=10.0.0.1):\n\n - run bagpipe-fakerr\n\n - run bagpipe-bgp with peers=127.0.0.1 (server A will thus connect to the locally running fake route-reflector)\n\n* On server B (local\\_address=10.0.0.2):\n\n - run bagpipe-bgp with peers=10.0.0.1\n\nDataplane driver configuration\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nNote well that the dataplane drivers proposed in the sample config file\nare *dummy* drivers that will **not** actually drive any dataplane\nstate. To have traffic really forwarded into IP VPNs or E-VPNs, you need\nto select real dataplane drivers.\n\nFor instance, you can use the\n``mpls_ovs_dataplane.MPLSOVSDataplaneDriver`` for IP VPN, and the\n``linux_vxlan.LinuxVXLANDataplaneDriver`` for E-VPN.\n\n**Note well** that there are specific constraints on which dataplane\ndrivers can currently be used for IP VPNs:\n\n* the MPLSOVSDataplaneDriver can be used on most recent Linux kernels,\n but requires an OpenVSwitch with suitable MPLS code (OVS 2.4 was\n tested); this driver can do bare-MPLS or MPLS-over-GRE (but see\n `Caveats <#caveats>`__ for MPLS-over-GRE); for bare MPLS, this driver\n requires the OVS bridge to be associated with an IP address, and that\n VRF interfaces be plugged into OVS prior to calling BaGPipe BGP API\n to attach them (details in\n `mpls\\_ovs\\_dataplane.py `__)\n\n* (the MPLSLinuxDataplaneDriver is based on an unmaintained MPLS stack\n for the Linux 3.7 kernel, and should be considered *obsolete* ; see\n `mpls\\_linux\\_dataplane.py `__)\n\nFor E-VPN, the ``linux_vxlan.LinuxVXLANDataplaneDriver`` is usable\nwithout any particular additional configuration, and simply requires a\nLinux kernel >=3.10 with VXLAN compiled-in or provided as a module\n(`linux\\_vxlan.py `__).\n\nUsage\n-----\n\nBaGPipe BGP daemon\n~~~~~~~~~~~~~~~~~~\n\nIf init scripts are installed, the daemon is typically started with:\n``service bagpipe-bgp start``\n\nIt can also be started directly with the ``bagpipe-bgp`` command\n(``--help`` to see what parameters can be used; e.g. ``--no-deamon``).\n\nIt outputs logs in ``/var/log/bagpipe-bgp/bagpipe-bgp.log``.\n\nBaGPipe Fake BGP Route Reflector\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nIf you choose to use our fake BGP Route Reflector (see `BGP Route\nReflection <#bgprr>`__), you can start it whether with the\n``bagpipe-fakerr`` command, or if you have startup scripts installed,\nwith ``service bagpipe-bgp start``.\n\nThere isn't anything to configure, logs will be in syslog.\n\nThis tool is not a BGP implementation and simply plugs together two TCP\nconnections face to face.\n\nREST API tool for interface attachments\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nThe ``bagpipe-rest-attach`` tool allows to exercise the REST API through\nthe command line to attach and detach interfaces from ip VPN VRFs and\nE-VPN EVIs.\n\nSee ``bagpipe-rest-attach --help``.\n\nIP VPN example with a VM tap interface\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\nThis example assumes that there is a pre-existing tap interface 'tap42'.\n\n* on server A, plug tap interface tap42, MAC de:ad:00:00:be:ef, IP\n 11.11.11.1 into an IP VPN VRF with route-target 64512:77:\n\n ::\n\n bagpipe-rest-attach --attach --port tap42 --mac de:ad:00:00:be:ef --ip 11.11.11.1 --gateway-ip 11.11.11.254 --network-type ipvpn --rt 64512:77\n\n* on server B, plug tap interface tap56, MAC ba:d0:00:00:ca:fe, IP\n 11.11.11.2 into an IP VPN VRF with route-target 64512:77:\n\n ::\n\n bagpipe-rest-attach --attach --port tap56 --mac ba:d0:00:00:ca:fe --ip 11.11.11.2 --gateway-ip 11.11.11.254 --network-type ipvpn --rt 64512:77\n\nNote that this example is a schoolbook example only, but does not\nactually work unless you try to use one of the two MPLS Linux dataplane\ndrivers.\n\nNote also that, assuming that VMs are behind these tap interfaces, these\nVMs will need to have proper IP configuration. When BaGPipe BGP is use\nstandalone, no DHCP service is provided, and the IP configuration will\nhave to be static.\n\nAnother IP VPN example...\n^^^^^^^^^^^^^^^^^^^^^^^^^\n\nIn this example, the bagpipe-rest-attach tool will build for you a\nnetwork namespace and a properly configured pair of veth interfaces, and\nwill plug one of the veth to the VRF:\n\n* on server A, plug a netns interface with IP 12.11.11.1 into a new IP\n VPN VRF named \"test\", with route-target 64512:78\n\n ::\n\n bagpipe-rest-attach --attach --port netns --ip 12.11.11.1 --network-type ipvpn --vpn-instance-id test --rt 64512:78\n\n* on server B, plug a netns interface with IP 12.11.11.2 into a new IP\n VPN VRF named \"test\", with route-target 64512:78\n\n ::\n\n bagpipe-rest-attach --attach --port netns --ip 12.11.11.2 --network-type ipvpn --vpn-instance-id test --rt 64512:78\n\nFor this last example, assuming that you have configured bagpipe-bgp to\nuse the ``MPLSOVSDataplaneDriver`` for IP VPN, you will actually be able\nto have traffic exchanged between the network namespaces:\n\n::\n\n ip netns exec test ping 12.11.11.2\n PING 12.11.11.2 (12.11.11.2) 56(84) bytes of data.\n 64 bytes from 12.11.11.2: icmp_req=6 ttl=64 time=1.08 ms\n 64 bytes from 12.11.11.2: icmp_req=7 ttl=64 time=0.652 ms\n\nAn E-VPN example\n^^^^^^^^^^^^^^^^\n\nIn this example, similarly as the previous one, the bagpipe-rest-attach\ntool will build for you a network namespace and a properly configured\npair of veth interfaces, and will plug one of the veth to the E-VPN\ninstance:\n\n* on server A, plug a netns interface with IP 12.11.11.1 into a new\n E-VPN named \"test2\", with route-target 64512:79\n\n ::\n\n bagpipe-rest-attach --attach --port netns --ip 12.11.11.1 --network-type evpn --vpn-instance-id test2 --rt 64512:79\n\n* on server B, plug a netns interface with IP 12.11.11.2 into a new\n E-VPN named \"test2\", with route-target 64512:79\n\n ::\n\n bagpipe-rest-attach --attach --port netns --ip 12.11.11.2 --network-type evpn --vpn-instance-id test2 --rt 64512:79\n\nFor this last example, assuming that you have configured bagpipe-bgp to\nuse the ``linux_vxlan.LinuxVXLANDataplaneDriver`` for E-VPN, you will\nactually be able to have traffic exchanged between the network\nnamespaces:\n\n::\n\n ip netns exec test2 ping 12.11.11.2\n PING 12.11.11.2 (12.11.11.2) 56(84) bytes of data.\n 64 bytes from 12.11.11.2: icmp_req=1 ttl=64 time=1.71 ms\n 64 bytes from 12.11.11.2: icmp_req=2 ttl=64 time=1.06 ms\n\nLooking glass\n~~~~~~~~~~~~~\n\nThe REST API (default port 8082) provide troubleshooting information, in\nread-only, through the /looking-glass URL.\n\nIt can be accessed with a browser: e.g.\nhttp://10.0.0.1:8082/looking-glass or\nhttp://127.0.0.1:8082/looking-glass (a browser extension to nicely\ndisplay JSON data is recommended).\n\nIt can also be accessed with the ``bagpipe-looking-glass`` utility:\n\n::\n\n # bagpipe-looking-glass\n bgp: (...)\n vpns: (...)\n config: (...)\n logs: (...)\n summary:\n warnings_and_errors: 2\n start_time: 2014-06-11 14:52:32\n local_routes_count: 1\n BGP_established_peers: 0\n vpn_instances_count: 1\n received_routes_count: 0\n\n::\n\n # bagpipe-looking-glass bgp peers\n * 192.168.122.1 (...)\n state: Idle\n\n::\n\n # bagpipe-looking-glass bgp routes\n match:IPv4/mpls-vpn,*:\n * RD:192.168.122.101:1 12.11.11.1/32 MPLS:[129-B]:\n attributes:\n next_hop: 192.168.122.101\n extended_community: target:64512:78\n afi-safi: IPv4/mpls-vpn\n source: VRF 1 (...)\n route_targets:\n * target:64512:78\n match:IPv4/rtc,*:\n * RTC<64512>:target:64512:78:\n attributes:\n next_hop: 192.168.122.101\n afi-safi: IPv4/rtc\n source: BGPManager (...)\n match:L2VPN/evpn,*: -\n\nDesign overview\n---------------\n\nThe main components of BaGPipe-BGP are:\n\n* the engine dispatching events related to BGP routes between workers\n* a worker for each BGP peers\n* a VPN manager managing the life-cycle of VRFs, EVIs\n* a worker for each IP VPN VRF, or E-VPN EVI\n* a REST API:\n\n - to attach/detach interfaces to VRFs and control the parameters for said VRFs\n\n - to access internal information useful for troubleshooting (/looking-glass/ URL sub-tree)\n\nPublish/Subscribe design\n~~~~~~~~~~~~~~~~~~~~~~~~\n\nThe engine dispatching events related to BGP routes is designed with a\npublish/subscribe pattern based on the principles in\n`RFC4684 `__. Workers (a worker can\nbe a BGP peer or a local worker responsible for an IP VPN VRF) publish\nBGP VPN routes with specified Route Targets, and subscribe to the Route\nTargets that they need to receive. The engine takes care of propagating\nadvertisement and withdrawal events between the workers, based on\nsubscriptions and BGP semantics (e.g. no redistribution between BGP\npeers sessions).\n\nBest path selection\n~~~~~~~~~~~~~~~~~~~\n\nThe core engine does not do any BGP best path selection. For routes\nreceived from external BGP peers, best path selection happens in the VRF\nworkers. For routes that local workers advertise, no best path selection\nis done because two distinct workers will never advertise a route of\nsame BGP NLRI.\n\nMulti-threading\n~~~~~~~~~~~~~~~\n\nFor implementation convenience, the design choice was made to use Python\nnative threads and python Queues to manage the API, local workers, and\nBGP peers workloads:\n\n* the engine (RouteTableManager) is running as a single thread\n* each local VPN worker has its own thread to process route events\n* each BGP peer worker has two threads to process outgoing route\n events, and receive socket data, plus a few timers.\n* VPN port attachement actions are done in the main thread handling\n initial setup and API calls, these calls are protected by Python\n locks\n\nNon-persistency of VPN and port attachements\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nThe BaGPipe BGP daemon, as currently designed, does not persist\ninformation on VPNs (VRFs or EVIs) and the ports attached to them. On a\nrestart, the component responsible triggering the attachement of\ninterfaces to VPNs, can detect the restart of the BGP daemon and\nre-trigger these attachements.\n\nBGP Implementation\n~~~~~~~~~~~~~~~~~~\n\nThe BGP protocol implementation extends an reuses BGP code from\n`ExaBGP `__. Information about what was\nmodified in ExaBGP is in `README.exabgp `__. BaGPipe BGP\nonly reuses the low-level Connection and Protocol classes, with\nadditions to encode and decode NLRI and attribute specific to BGP VPN\nextensions.\n\nNon-goals for this BGP implementation:\n\n* full-fledged BGP implementation\n* redistribution of routes between BGP peers (hence, no route reflection, no eBGP)\n* accepting incoming BGP connections\n* scaling to a number of routes beyond the number of routes required to\n route traffic in/out of VMs hosted on a server running BaGPipe\n\nDataplanes\n~~~~~~~~~~\n\nBaGPIpe BGP was designed to allow for a modular dataplane\nimplementation. For each type of VPN (IP VPN, E-VPN) a dataplane driver\nis chosen through configuration. A dataplane driver is responsible for\nsetting up forwarding state for incoming and outgoing traffic based on\nport attachement information and BGP routes.\n\n(see `Dataplane driver configuration <#dpconfig>`__)\n\nCaveats\n-------\n\n* release early, release often: not everything is perfect yet\n* BGP implementation not written for compliancy\n\n - the BaGPipe BGP daemon does not listen for incoming BGP connections\n\n - the state machine, in particular retry timers are certainly not compliant yet\n\n - however, interop testing has been done with a fair amount of implementations\n\n* MPLS-over-GRE is supported for IP VPNs, but is not yet standard (OpenVSwitch currently does MPLS-o-Ethernet-o-GRE and not MPLS-o-GRE)\n\n\nUnit Tests\n----------\n\nUnit tests can be run with:\n\n::\n\n nosetests\n\nA report of unit tests coverage can be produced with:\n\n::\n\n nosetests --with-coverage --cover-package=bagpipe.bgp --cover-html\n\nLicense\n-------\n\nApache 2.0 license (except additions and modifications to ExaBGP,\nlicensed as 3-Clause BSD license).\n\nSee `LICENSE `__ file.\n\n", "description_content_type": null, "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/Orange-OpenSource/bagpipe-bgp", "keywords": "", "license": "Apache-2", "maintainer": "", "maintainer_email": "", "name": "bagpipe-bgp", "package_url": "https://pypi.org/project/bagpipe-bgp/", "platform": "", "project_url": "https://pypi.org/project/bagpipe-bgp/", "project_urls": { "Homepage": "https://github.com/Orange-OpenSource/bagpipe-bgp" }, "release_url": "https://pypi.org/project/bagpipe-bgp/1.80.0/", "requires_dist": null, "requires_python": "", "summary": "Lightweight implementation of BGP IP VPN and E-VPN", "version": "1.80.0" }, "last_serial": 2616314, "releases": { "1.70.0.dev152": [ { "comment_text": "", "digests": { "md5": "76fdd8649b066932c54c14b038c0b628", "sha256": "4ad79295460f7ac10b7cba297b48c5b2d85bb4eff58df007d0525502d311adc8" }, "downloads": -1, "filename": "bagpipe-bgp-1.70.0.dev152.tar.gz", "has_sig": false, "md5_digest": "76fdd8649b066932c54c14b038c0b628", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 163404, "upload_time": "2017-02-02T10:17:14", "url": "https://files.pythonhosted.org/packages/f3/f7/b9f52d481bfbfde351fff913ac81aebf6095c26de6f7f0e9cedd64eb51d2/bagpipe-bgp-1.70.0.dev152.tar.gz" } ], "1.80.0": [ { "comment_text": "", "digests": { "md5": "d111ca0a4010f9e1bb0082f38d7da628", "sha256": "f1845a3bf5c68e425de2f0f9eee3b16433efe5a20bca00e082cb0a681879bf41" }, "downloads": -1, "filename": "bagpipe-bgp-1.80.0.tar.gz", "has_sig": false, "md5_digest": "d111ca0a4010f9e1bb0082f38d7da628", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 163387, "upload_time": "2017-02-03T09:46:21", "url": "https://files.pythonhosted.org/packages/94/33/77c22c3c3656252763e2474b6f580c249b932b7a3c83ae52eddd8b8fc8ae/bagpipe-bgp-1.80.0.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "d111ca0a4010f9e1bb0082f38d7da628", "sha256": "f1845a3bf5c68e425de2f0f9eee3b16433efe5a20bca00e082cb0a681879bf41" }, "downloads": -1, "filename": "bagpipe-bgp-1.80.0.tar.gz", "has_sig": false, "md5_digest": "d111ca0a4010f9e1bb0082f38d7da628", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 163387, "upload_time": "2017-02-03T09:46:21", "url": "https://files.pythonhosted.org/packages/94/33/77c22c3c3656252763e2474b6f580c249b932b7a3c83ae52eddd8b8fc8ae/bagpipe-bgp-1.80.0.tar.gz" } ] }