-
Notifications
You must be signed in to change notification settings - Fork 459
Configuration Syntax
Complete reference for ExaBGP configuration file format
- Overview
- File Structure
- Neighbor Configuration
- Process Configuration
- Static Routes
- Address Families
- API Configuration
- Capabilities
- Templates and Groups
- Environment Variables
- Complete Examples
ExaBGP uses a structured configuration file (typically /etc/exabgp/exabgp.conf).
Format:
- INI-like syntax with nested blocks
- Case-sensitive
- Comments start with
# - Blocks use
{ }braces - Semicolons
;optional but recommended
Basic structure:
# Global settings via environment variables
# Neighbor definitions
neighbor <ip> {
# BGP session parameters
}
# Process definitions
process <name> {
# API process parameters
}neighbor 192.168.1.1 {
router-id 192.168.1.2;
local-address 192.168.1.2;
local-as 65001;
peer-as 65000;
}# Process definitions (global)
process announce-routes {
run /etc/exabgp/api/announce.py;
encoder text;
}
process receive-routes {
run /etc/exabgp/api/receive.py;
encoder json;
receive {
parsed;
updates;
}
}
# Neighbor definitions
neighbor 192.168.1.1 {
# Identification
router-id 192.168.1.2;
local-address 192.168.1.2;
local-as 65001;
peer-as 65000;
# Optional parameters
description "Core Router 1";
md5-password "secret";
hold-time 180;
# Address families
family {
ipv4 unicast;
ipv6 unicast;
ipv4 flowspec;
}
# Capabilities
capability {
route-refresh;
graceful-restart;
add-path send/receive;
}
# API
api {
processes [ announce-routes, receive-routes ];
}
# Static routes
static {
route 100.10.0.0/24 next-hop self;
}
}router-id:
router-id 192.168.1.2;Unique identifier for this BGP speaker. Typically your local IP.
local-address:
local-address 192.168.1.2;IP address to bind to. Must be reachable by peer.
local-as:
local-as 65001;Your AS number (1-4294967295). Use 64512-65534 for private AS.
peer-as:
peer-as 65000;Peer's AS number.
- If different from
local-asβ eBGP - If same as
local-asβ iBGP
Description:
description "Core Router Primary";Hold Time:
hold-time 180;BGP hold timer in seconds (default: 180). Session drops if no keepalive/update for this duration.
MD5 Authentication:
md5-password "secretpassword";TCP MD5 authentication (RFC 2385).
TTL Security:
ttl-security 255;Generalized TTL Security Mechanism (GTSM, RFC 5082). Packets with TTL < this value are dropped.
Multihop:
multihop 3;Allow eBGP multihop (default: 1). Increase TTL for non-directly-connected peers.
Connect Retry:
connect 30;Connection retry timer in seconds (default: 30).
Peer Address:
peer-address 192.168.1.1;Explicit peer address (normally inferred from neighbor IP).
Local Port / Peer Port:
local-port 179;
peer-port 179;Custom BGP ports (default: 179).
neighbor 192.168.1.1 {
router-id 192.168.1.2;
local-address 192.168.1.2;
local-as 65001;
peer-as 65000;
}
neighbor 192.168.2.1 {
router-id 192.168.1.2;
local-address 192.168.1.2;
local-as 65001;
peer-as 65002;
}Important: router-id must be unique globally, but can be same across neighbors (it's YOUR id).
Defines API programs that ExaBGP will run.
process announce-routes {
run /etc/exabgp/api/announce.py;
encoder text;
}run:
run /etc/exabgp/api/announce.py;Absolute path to program. Must be executable.
encoder:
encoder text; # Text format
encoder json; # JSON formatMessage encoding format.
receive:
receive {
parsed; # Receive parsed BGP messages
updates; # Receive route updates only
neighbor-changes; # Receive session state changes
notifications; # Receive BGP notifications
opens; # Receive OPEN messages
keepalives; # Receive keepalives
refresh; # Receive route refresh
}send:
send {
packets; # Send raw BGP packets
parsed; # Send parsed updates
}process announce-routes {
run /etc/exabgp/api/announce.py;
encoder text;
env {
SERVICE_IP = "100.10.0.100";
SERVICE_PORT = "80";
}
}Environment variables available to the process.
process my-process {
run /etc/exabgp/api/my-script.py;
encoder text;
}
neighbor 192.168.1.1 {
router-id 192.168.1.2;
local-address 192.168.1.2;
local-as 65001;
peer-as 65000;
api {
processes [ my-process ];
}
}Multiple processes:
api {
processes [ announce-routes, receive-routes, healthcheck ];
}Announce static routes without API.
neighbor 192.168.1.1 {
router-id 192.168.1.2;
local-address 192.168.1.2;
local-as 65001;
peer-as 65000;
static {
route 100.10.0.0/24 next-hop self;
route 100.20.0.0/24 next-hop self;
route 100.30.0.0/24 next-hop self;
}
}static {
# With MED
route 100.10.0.0/24 {
next-hop self;
med 100;
}
# With communities
route 100.20.0.0/24 {
next-hop self;
community [ 65001:100 65001:200 ];
}
# With local-preference (iBGP)
route 100.30.0.0/24 {
next-hop self;
local-preference 200;
}
# With AS path prepending
route 100.40.0.0/24 {
next-hop self;
as-path [ 65001 65001 65001 ];
}
}static {
route 2001:db8::/32 next-hop self;
route 2001:db8:100::/48 {
next-hop self;
med 50;
}
}Configure which address families are enabled for the session.
neighbor 192.168.1.1 {
# ... other config ...
family {
ipv4 unicast;
ipv6 unicast;
}
}Default: If family is not specified, only ipv4 unicast is enabled.
family {
ipv4 flowspec;
ipv6 flowspec;
}Enables FlowSpec for DDoS mitigation and traffic filtering.
family {
ipv4 mpls-vpn;
ipv6 mpls-vpn;
}Enables MPLS L3VPN (RFC 4364).
family {
l2vpn evpn;
}Enables Ethernet VPN (RFC 7432) for data center fabrics.
family {
ipv4 link-state;
ipv6 link-state;
}Enables BGP Link-State (RFC 7752) for topology collection.
family {
l2vpn vpls;
}Enables Virtual Private LAN Service.
family {
ipv4 unicast;
ipv6 unicast;
ipv4 flowspec;
ipv6 flowspec;
ipv4 mpls-vpn;
l2vpn evpn;
}process my-program {
run /etc/exabgp/api/program.py;
encoder text;
}
neighbor 192.168.1.1 {
# ... other config ...
api {
processes [ my-program ];
}
}process receive-updates {
run /etc/exabgp/api/receive.py;
encoder json;
receive {
parsed; # Receive all parsed BGP messages
updates; # Filter: only route updates
}
}
neighbor 192.168.1.1 {
# ... other config ...
family {
ipv4 unicast;
}
api {
processes [ receive-updates ];
}
}Important: Must enable family to receive routes for that family.
process announce {
run /etc/exabgp/api/announce.py;
encoder text;
}
process receive {
run /etc/exabgp/api/receive.py;
encoder json;
receive {
parsed;
updates;
}
}
process healthcheck {
run /etc/exabgp/api/healthcheck.py;
encoder text;
}
neighbor 192.168.1.1 {
# ... other config ...
api {
processes [ announce, receive, healthcheck ];
}
}BGP capabilities negotiated during session establishment.
capability {
route-refresh;
}Enables route refresh capability (RFC 2918).
capability {
graceful-restart;
}Enables graceful restart (RFC 4724).
With parameters:
capability {
graceful-restart 120; # Restart time in seconds
}capability {
add-path send/receive; # Send and receive multiple paths
}Options:
-
send- Send multiple paths -
receive- Receive multiple paths -
send/receive- Both
Enables ADD-PATH (RFC 7911) for receiving multiple paths to same destination.
capability {
asn4;
}Enables four-byte AS numbers (RFC 6793). Automatically negotiated if local-as or peer-as > 65535.
capability {
extended-message;
}Enables extended message size (RFC 8654) for large BGP messages.
Automatically enabled when address families are configured.
family {
ipv4 unicast;
ipv6 unicast;
}
# Multi-protocol capability automatically negotiatedReduce configuration duplication with templates (ExaBGP 4.x+).
template {
neighbor basic-peer {
router-id 192.168.1.2;
local-address 192.168.1.2;
local-as 65001;
family {
ipv4 unicast;
ipv6 unicast;
}
capability {
route-refresh;
graceful-restart;
}
}
}# Inherit from template
neighbor 192.168.1.1 {
inherit basic-peer;
peer-as 65000;
description "Core Router 1";
}
neighbor 192.168.2.1 {
inherit basic-peer;
peer-as 65000;
description "Core Router 2";
}group internal-peers {
router-id 192.168.1.2;
local-address 192.168.1.2;
local-as 65001;
family {
ipv4 unicast;
}
# Neighbors in this group
neighbor 192.168.1.3 {
peer-as 65001; # iBGP
description "iBGP Peer 1";
}
neighbor 192.168.1.4 {
peer-as 65001; # iBGP
description "iBGP Peer 2";
}
}ExaBGP behavior can be configured with environment variables.
# Log level: DEBUG, INFO, WARNING, ERROR, CRITICAL
export exabgp.log.level=DEBUG
# Log destination
export exabgp.log.destination=/var/log/exabgp.log
# Enable specific loggers
export exabgp.log.parser=true
export exabgp.log.network=true
export exabgp.log.routes=true# Run as daemon
export exabgp.daemon.daemonize=true
# PID file
export exabgp.daemon.pid=/var/run/exabgp.pid
# User to drop privileges to
export exabgp.daemon.user=exabgp# ACL for API commands (allow specific IPs)
export exabgp.api.ack=true
# API encoder
export exabgp.api.encoder=json# Disable BGP
export exabgp.bgp.openwait=60# Not directly in config file - use process env instead
process announce {
run /etc/exabgp/api/announce.py;
encoder text;
env {
CUSTOM_VAR = "value";
}
}Or set before running:
env exabgp.log.level=DEBUG exabgp /etc/exabgp/exabgp.confneighbor 192.168.1.1 {
description "ISP Router";
router-id 192.168.1.2;
local-address 192.168.1.2;
local-as 65001;
peer-as 65000;
static {
route 100.10.0.0/24 next-hop self;
route 100.20.0.0/24 next-hop self;
}
}process healthcheck {
run /etc/exabgp/api/healthcheck.py;
encoder text;
}
neighbor 192.168.1.3 {
description "iBGP Peer";
router-id 192.168.1.2;
local-address 192.168.1.2;
local-as 65001;
peer-as 65001; # Same AS = iBGP
family {
ipv4 unicast;
}
capability {
route-refresh;
}
api {
processes [ healthcheck ];
}
}process flowspec-controller {
run /etc/exabgp/api/ddos_blocker.py;
encoder text;
}
neighbor 192.168.1.1 {
router-id 192.168.1.2;
local-address 192.168.1.2;
local-as 65001;
peer-as 65000;
family {
ipv4 flowspec;
}
api {
processes [ flowspec-controller ];
}
}process announce-all {
run /etc/exabgp/api/announce.py;
encoder text;
}
process receive-all {
run /etc/exabgp/api/receive.py;
encoder json;
receive {
parsed;
updates;
}
}
neighbor 192.168.1.1 {
router-id 192.168.1.2;
local-address 192.168.1.2;
local-as 65001;
peer-as 65000;
family {
ipv4 unicast;
ipv6 unicast;
ipv4 flowspec;
ipv4 mpls-vpn;
}
capability {
route-refresh;
graceful-restart;
add-path send/receive;
}
api {
processes [ announce-all, receive-all ];
}
}# Process definitions
process announce {
run /etc/exabgp/api/announce.py;
encoder text;
}
# Template
template {
neighbor common-config {
router-id 192.168.1.2;
local-address 192.168.1.2;
local-as 65001;
family {
ipv4 unicast;
}
capability {
route-refresh;
}
api {
processes [ announce ];
}
}
}
# Neighbors using template
neighbor 192.168.1.1 {
inherit common-config;
peer-as 65000;
description "Core Router 1";
}
neighbor 192.168.2.1 {
inherit common-config;
peer-as 65002;
description "Core Router 2";
}
neighbor 192.168.3.1 {
inherit common-config;
peer-as 65003;
description "Edge Router";
md5-password "secret123";
}exabgp --test /etc/exabgp/exabgp.confExpected output if valid:
OK
Missing semicolon:
# Wrong
router-id 192.168.1.2
# Correct
router-id 192.168.1.2;Missing braces:
# Wrong
neighbor 192.168.1.1
router-id 192.168.1.2;
# Correct
neighbor 192.168.1.1 {
router-id 192.168.1.2;
}Invalid IP format:
# Wrong
local-address 192.168.1;
# Correct
local-address 192.168.1.2;- First BGP Session - Step-by-step configuration guide
- Neighbor Configuration - Detailed neighbor reference
- Environment Variables - All environment variables
- Templates and Inheritance - Advanced configuration patterns
- API Overview - Process and API configuration
Ready to configure? Start with Quick Start Guide β
π» Ghost written by Claude (Anthropic AI)
π Home
π Getting Started
π§ API
π‘οΈ Use Cases
π Address Families
βοΈ Configuration
π Operations
π Reference
- Architecture
- BGP State Machine
- Communities (RFC)
- Extended Communities
- BGP Ecosystem
- Capabilities (AFI/SAFI)
- RFC Support
π Migration
π Community
π External
- GitHub Repo β
- Slack β
- Issues β
π» Ghost written by Claude (Anthropic AI)