building a rest API for ExBGP

The last couple of years there is a trend to extend layer three to the top of rack switch (TOR). This gives a more stable and scalable design compared to the classic layer two network design. On major disadvantage of the layer 3 to the TOR switch is IP mobility. In the classic L2 design it was a simple live migration of a vm to a  different compute host in a different rack. When L3 is extended to the TOR IP mobility isn’t that simple anymore. A solution for this might be to let the VM Host advertise a unique service IP for a particular VM when it becomes active on that VM host. A great tool for this use case is ExaBGP.

ExaBGP does not modify the route table on the host itself it only announces routes to its neighbours. After ExaBGP starts the routes it advertises can be influenced by sending messages to STDIN

Below is the config used by the ExaBGP daemon

Most of this is pretty self explanatory the important stuff happens on line 9-11. These lines start a script and all output of this script is parsed by ExaBGP.

The script exabgp_rest3.py provides a rest API which outputs on STDOUT the announce and withdraw commands for ExaBGP.

For testing purposes I created a simple setup within KVM and two hosts, docker1 which runs ExaBGP and firewall-1 which runs the birdc bgp daemon. There is a L2 segment between those clients over which BGP peering is created

The python script is only 75 lines long.

The heavy lifting of the web service is handled by web.py this is a powerfull library to create a webserver in Python. I am a network engineer with very limitted experience with Python but creating the script only took me a couple of hours.

The script in action

We start with starting the ExaBGP Daemon

By default the service is started at port 8080

The BGP neighbor is also shown as established by bird

adding a route is as simple as doing a simple curl on the host on which the ExaBGP is running

ExaBGP gets the announce message

the bgp daemon on the firewall also knows the route

the REST API also accepts communities and meds

which is shown by the bird daemon as well

Withdrawing routes can also be done easily with a curl statement

And the route is gone

At the moment there is only limitted input validation. The REST API does check if the ip address entered is valid but no other checks are implemented at this moment. I might add this if need arises.

The script and configs used in this blog can be found on my Github

 

Hi There

Hi for the past 15 years I have been working as a network engineer/designer and in 2008 I obtained my CCIE certification and recently I passen my VMWare NSX as well.

I have been working at large ISP’s, Oil en Gas and goverment with a focus on datacenters projects.

Since the start I have been using various methods to make my work easier. I started with using Excel and Word and mailmerges to create Cisco configs. Later I switched to Perl and SNMP to create create configs and push them to the network devices. Sometimes it saved me a lot of time but often it took me more time to create some kind of Perl script than do the work by hard labour.

The last couple of years there is a shift  by vendors towards programmabillity based on REST API. Many vendors provide an Python SDK to ease the use of the REST API.

This blog will focus on automating network provisioning but you never know what’s the next big thing.