-
Notifications
You must be signed in to change notification settings - Fork 459
vincent bernat articles
Source: https://vincent.bernat.ch/en Author: Vincent Bernat (Network Engineer, Experienced BGP/Linux Networking Expert) Date Compiled: 2025-11-09
Vincent Bernat has written several highly technical articles about BGP, network automation, and high availability. His work is widely cited in the ExaBGP community and provides practical, production-tested implementations.
URL: https://vincent.bernat.ch/en/blog/2013-exabgp-highavailability
Summary: Comprehensive guide on implementing high availability for web services using ExaBGP.
Key Points:
- ExaBGP described as "convenient tool to plug scripts into BGP"
- Scripts read routes from stdin, advertise on stdout
- Uses route servers (BIRD/Quagga) for scalable architecture
- Metric-based load distribution across nodes
- Health checks control route announcements
- Complete lab environment available on GitHub
Architecture:
[Web Servers + ExaBGP] β [Route Servers] β [Edge Routers]
Technical Details:
- Service IPs on loopback interfaces (2001:db8:30::1/2/3)
- Different metrics per node for load distribution (100-102 healthy, 1000+ failed)
- Route servers select best paths and propagate to routers
- BGP convergence provides automatic failover
Requirements: ExaBGP 3.2.5+
Status: β Already captured in detail in high-availability-patterns.md
URL: https://vincent.bernat.ch/en/blog/2018-multi-tier-loadbalancer
Summary: Four-tier load-balancing solution using ExaBGP, ECMP, IPVS, and HAProxy.
Key Points:
- Tier 0: DNS for geographic distribution
- Tier 1: ECMP routing with BGP/ExaBGP
- Tier 2: L4 load balancing with IPVS (Maglev consistent hashing)
- Tier 3: L7 load balancing with HAProxy
ExaBGP Usage: ExaBGP announces service availability to routers:
- Load balancers advertise IPs configured on loopback interface
- Conditional announcement based on readiness files
- If
/etc/lb/v6-readyexists AND/etc/lb/disableis absent β announce routes - Peering with both routers for redundancy
Implementation Pattern:
# Health check controls file presence
if service_ready():
touch('/etc/lb/v6-ready')
else:
remove('/etc/lb/v6-ready')
# ExaBGP script checks files and announces
if os.path.exists('/etc/lb/v6-ready') and not os.path.exists('/etc/lb/disable'):
for ip in loopback_ips:
announce(ip)Technologies Stack:
- ExaBGP: Route advertisement for service IPs
- BIRD: Edge router BGP
- ECMP: Flow distribution (via kernel routing)
- IPVS + Keepalived: Consistent hashing L4 LB
- HAProxy: L7 load balancing
- gdnsd: DNS failover for multi-DC
Key Insight: ECMP alone is insufficient due to flow reshuffling on topology changes. Adding IPVS with Maglev scheduling provides consistent hashing to minimize connection disruption.
Benefits:
- Stateless tier (ECMP) scales horizontally
- Consistent hashing minimizes connection breakage
- Direct Server Return for efficiency
- ExaBGP enables dynamic topology updates
Status: π New content - adds multi-tier architecture pattern
URL: https://vincent.bernat.ch/en/blog/2018-l3-routing-hypervisor
Summary: Implementing L3 routing at hypervisor level using BGP for VM networking.
Key Points:
- Hypervisors advertise /32 routes for VMs via BGP
- Eliminates layer 2 domain issues
- Enables flexible VM placement
- Uses BIRD (not ExaBGP) for hypervisor BGP
- Route reflectors for scalability
- BFD for fast failure detection
Architecture Options:
- Full L3 Leaf-Spine: Direct eBGP to ToR switches
- L2 Fabric + Route Reflectors: iBGP to dedicated reflectors (cost-effective)
ExaBGP Relevance: While this article uses BIRD, the same pattern could be implemented with ExaBGP for VM route advertisement. ExaBGP would be ideal for application-aware VM networking.
Status: Informational - alternative BGP daemon usage
URL: https://vincent.bernat.ch/en/blog/2018-bgp-llgr
Summary: Long-Lived Graceful Restart for maintaining BGP sessions during control plane stress.
Key Points:
- LLGR retains "stale routes" with lower preference after session failure
- Addresses control plane CPU overload scenarios
- RFC 9494 (published November 2023)
- Stale routes marked with community 65535:6
- Typical LLGR timer: 120 seconds
Supported Implementations:
- Juniper Junos (v15.1+)
- Cisco IOS XR (v7.3.2+)
- BIRD (v1.6.5+, v2.0.3+)
- FRR (v8.2+)
- GoBGP (v1.33+)
ExaBGP Status: Article does not mention ExaBGP LLGR support. This is a potential feature gap to investigate.
Status: Feature research - potential documentation topic
URL: https://vincent.bernat.ch/en/blog/2019-bgp-host-rpki
Summary: Implementing RPKI for BGP route origin validation in datacenter "BGP on the host" architectures.
Key Points:
- RPKI provides cryptographic validation of AS origin authorization
- Uses RTR (RPKI-to-Router) protocol with local validator
- GoRTR serves as RPKI validator
- Validates AS path has only one ASN and matches peer
- Prevents prefix hijacking
Security Considerations:
- ROA only certifies origin AS (not full path)
- Must validate AS path structure
- Custom JSON source of truth for internal prefixes
ExaBGP Status: Article does not mention ExaBGP. RPKI/RTR support in ExaBGP is a potential feature to investigate for documentation.
Status: Feature research - security topic
URL: https://vincent.bernat.ch/en/blog/2024-bgp-endless-aspath
Summary: Advanced BGP AS path manipulation creating infinitely expanding paths.
Key Points:
- Demonstrates creating BGP loops with expanding AS paths
- Technical exploration of BGP protocol edge cases
- Uses confederation and AS_SET manipulation
ExaBGP Relevance: Protocol testing and research use case.
Status: Advanced/niche topic
URL: https://vincent.bernat.ch/en/blog/2021-source-of-truth-network
Context: Version control for infrastructure, relevant for ExaBGP configuration management.
URL: https://vincent.bernat.ch/en/blog/2021-network-jerikan-ansible
Context: Network automation framework, relevant for ExaBGP deployment automation.
Vincent Bernat's articles provide production-tested architectures:
- β High availability with route servers
- β Multi-tier load balancing with ECMP
- β Metric-based load distribution
- β Health check integration patterns
- β File-based service readiness control
Multi-Tier Load Balancing is a major new use case to document:
- ExaBGP announces service IPs to ECMP routers
- Integrates with IPVS/Keepalived/HAProxy
- Production deployment pattern
- Solves ECMP reshuffling problem with consistent hashing
Common patterns across articles:
- Loopback IPs: Service IPs always on loopback
-
File-Based Control:
/etc/lb/v6-ready,/etc/lb/disablefor state management - Route Servers: Intermediate BGP speakers for scalability
- BFD Integration: Fast failure detection
- Health Checks: Application-level monitoring
Potential ExaBGP documentation topics:
- LLGR Support: Does ExaBGP support BGP Long-Lived Graceful Restart?
- RPKI/RTR: Does ExaBGP support RPKI validation?
- BFD: Does ExaBGP support BFD for fast failure detection?
- ADD-PATH: Does ExaBGP support ADD-PATH for anycast?
Vincent uses multiple BGP implementations:
- ExaBGP: Application-driven route advertisement
- BIRD: High-performance route server, hypervisor BGP
- GoBGP: Alternative to ExaBGP (Go-based)
- FRR: Full-featured routing suite
ExaBGP's Niche: Simple API for application control, not full routing daemon.
-
Update High Availability Guide
- β Already captured Vincent's 2013 article
- Comprehensive architecture examples
- Metric strategies
- Route server patterns
-
Create Multi-Tier Load Balancing Use Case
- π New content from 2018 article
- Four-tier architecture
- ExaBGP + ECMP + IPVS + HAProxy
- File-based readiness control
- Production pattern for large scale
-
Add Integration Examples
- File-based health check triggers
- Route server configurations (BIRD examples)
- ECMP routing patterns
- Consistent hashing with IPVS
-
BGP on the Host Use Case
- While article uses BIRD, pattern applicable to ExaBGP
- VM route advertisement
- Hypervisor networking
- Could be ExaBGP + lightweight BGP daemon combo
-
Feature Research
- Document LLGR support status in ExaBGP
- Document RPKI/RTR support status
- Document BFD support status
- Document ADD-PATH support status
-
BGP Protocol Edge Cases
- AS path manipulation
- Protocol testing use cases
- Research applications
Based on Vincent's 2018 article:
#!/usr/bin/env python3
"""
ExaBGP health check for multi-tier load balancer
Announces loopback IPs when service is ready
"""
import sys
import os
from time import sleep
import netifaces
READY_FILE = '/etc/lb/v6-ready'
DISABLE_FILE = '/etc/lb/disable'
LOOPBACK_INTERFACE = 'lo'
CHECK_INTERVAL = 5
def get_loopback_ips():
"""Get all IPs configured on loopback interface"""
addrs = netifaces.ifaddresses(LOOPBACK_INTERFACE)
ips = []
# IPv4 addresses
if netifaces.AF_INET in addrs:
ips.extend([a['addr'] for a in addrs[netifaces.AF_INET]])
# IPv6 addresses
if netifaces.AF_INET6 in addrs:
ips.extend([a['addr'].split('%')[0] for a in addrs[netifaces.AF_INET6]])
return [ip for ip in ips if not ip.startswith('127.') and ip != '::1']
def is_service_ready():
"""Check if service should announce routes"""
return os.path.exists(READY_FILE) and not os.path.exists(DISABLE_FILE)
# Get IPs to announce
service_ips = get_loopback_ips()
# Wait for ExaBGP to be ready
sleep(2)
while True:
if is_service_ready():
# Announce all service IPs
for ip in service_ips:
if ':' in ip:
# IPv6
sys.stdout.write(f'announce route {ip}/128 next-hop self\n')
else:
# IPv4
sys.stdout.write(f'announce route {ip}/32 next-hop self\n')
else:
# Withdraw all service IPs
for ip in service_ips:
if ':' in ip:
sys.stdout.write(f'withdraw route {ip}/128\n')
else:
sys.stdout.write(f'withdraw route {ip}/32\n')
sys.stdout.flush()
sleep(CHECK_INTERVAL)Usage:
# Enable service
touch /etc/lb/v6-ready
# Maintenance mode (withdraw routes)
touch /etc/lb/disable
# Re-enable
rm /etc/lb/disableTotal Articles Reviewed: 8 ExaBGP-Specific Articles: 2 (detailed implementations) BGP-Related Articles: 4 (context and alternatives) Network Automation Articles: 2 (deployment context)
New Use Cases Discovered: 1 (Multi-tier load balancing) Architecture Patterns: 5+ (HA, multi-tier, route servers, file-based control, ECMP) Code Examples: 10+ (health checks, announcements, integrations)
Documentation Value: βββββ (5/5)
- Production-tested implementations
- Real-world architectures
- Detailed technical explanations
- Complete working examples
- Industry expert (Vincent Bernat highly regarded in community)
For Documentation Writers: Vincent Bernat's articles are essential references for:
- High Availability patterns (metric strategies, route servers)
- Multi-tier load balancing architectures
- Production deployment patterns
- Integration with other technologies (BIRD, IPVS, HAProxy)
- File-based health check control
- ECMP routing with BGP
Status: Comprehensive review complete. Ready for integration into wiki documentation.
π Home
π Getting Started
π§ API
π‘οΈ Use Cases
π Address Families
βοΈ Configuration
π Operations
π Reference
- Architecture
- BGP State Machine
- Communities (RFC)
- Extended Communities
- BGP Ecosystem
- Capabilities (AFI/SAFI)
- RFC Support
π Migration
π Community
π External
- GitHub Repo β
- Slack β
- Issues β
π» Ghost written by Claude (Anthropic AI)