Crates.io | bgpkit-parser |
lib.rs | bgpkit-parser |
version | 0.10.11 |
source | src |
created_at | 2021-10-23 21:52:48.566965 |
updated_at | 2024-10-27 15:27:14.436078 |
description | MRT/BGP/BMP data processing library |
homepage | |
repository | https://github.com/bgpkit/bgpkit-parser |
max_upload_size | |
id | 470033 |
size | 741,414 |
This readme is generated from the library's doc comments using cargo-readme. Please refer to the Rust docs website for the full documentation
BGPKIT Parser aims to provide the most ergonomic MRT/BGP/BMP message parsing Rust API.
BGPKIT Parser has the following features:
bgpdump
or bgpreader
.For complete examples, check out the examples folder.
Let's say we want to print out all the BGP announcements/withdrawal from a single MRT file, either located remotely or locally. Here is an example that does so.
use bgpkit_parser::BgpkitParser;
let parser = BgpkitParser::new("http://archive.routeviews.org/bgpdata/2021.10/UPDATES/updates.20211001.0000.bz2").unwrap();
for elem in parser {
println!("{}", elem)
}
Yes, it is this simple!
You can even do some more interesting iterator operations that are event shorter. For example, counting the number of announcements/withdrawals in that file:
use bgpkit_parser::BgpkitParser;
let url = "http://archive.routeviews.org/bgpdata/2021.10/UPDATES/updates.20211001.0000.bz2";
let count = BgpkitParser::new(url).unwrap().into_iter().count();
println!("total: {}", count);
and it prints out
total: 255849
BGPKIT Broker library provides search API for all RouteViews and RIPE RIS MRT data files. Using the
broker's Rust API (bgpkit-broker
), we can easily compile a list of MRT files that we are interested
in for any time period and any data type (update
or rib
). This allows users to gather information without needing to
know about the locations of specific data files.
The example below shows a relatively more interesting example that does the following:
use bgpkit_parser::{BgpkitParser, BgpElem};
let broker = bgpkit_broker::BgpkitBroker::new()
.ts_start("1634693400")
.ts_end("1634693400")
.page(1);
for item in broker.into_iter().take(2) {
log::info!("downloading updates file: {}", &item.url);
let parser = BgpkitParser::new(item.url.as_str()).unwrap();
log::info!("parsing updates file");
// iterating through the parser. the iterator returns `BgpElem` one at a time.
let elems = parser
.into_elem_iter()
.filter_map(|elem| {
if let Some(origins) = &elem.origin_asns {
if origins.contains(&13335.into()) {
Some(elem)
} else {
None
}
} else {
None
}
})
.collect::<Vec<BgpElem>>();
log::info!("{} elems matches", elems.len());
}
BGPKIT Parser also has a built-in [Filter] mechanism. When creating a new [BgpkitParser
] instance,
once can also call add_filter
function to customize the parser to only show matching messages
when iterating through [BgpElem]s.
For all types of filters, check out the [Filter] enum documentation.
use bgpkit_parser::BgpkitParser;
/// This example shows how to parse an MRT file and filter by prefix.
env_logger::Builder::from_env(env_logger::Env::default().default_filter_or("info")).init();
log::info!("downloading updates file");
// create a parser that takes the buffered reader
let parser = BgpkitParser::new("http://archive.routeviews.org/bgpdata/2021.10/UPDATES/updates.20211001.0000.bz2").unwrap()
.add_filter("prefix", "211.98.251.0/24").unwrap();
log::info!("parsing updates file");
// iterating through the parser. the iterator returns `BgpElem` one at a time.
for elem in parser {
log::info!("{}", &elem);
}
log::info!("done");
BGPKIT Parser also provides parsing functionalities for real-time data streams, including RIS-Live and BMP/OpenBMP messages. See the examples below and the documentation for more.
Here is an example of handling RIS-Live message streams. After connecting to the websocket server,
we need to subscribe to a specific data stream. In this example, we subscribe to the data stream
from on collector (rrc21
). We can then loop and read messages from the websocket.
use bgpkit_parser::parse_ris_live_message;
use serde_json::json;
use tungstenite::{connect, Message};
const RIS_LIVE_URL: &str = "ws://ris-live.ripe.net/v1/ws/?client=rust-bgpkit-parser";
/// This is an example of subscribing to RIS-Live's streaming data from one host (`rrc21`).
///
/// For more RIS-Live details, check out their documentation at https://ris-live.ripe.net/manual/
fn main() {
// connect to RIPE RIS Live websocket server
let (mut socket, _response) =
connect(RIS_LIVE_URL)
.expect("Can't connect to RIS Live websocket server");
// subscribe to messages from one collector
let msg = json!({"type": "ris_subscribe", "data": {"host": "rrc21"}}).to_string();
socket.send(Message::Text(msg)).unwrap();
loop {
let msg = socket.read().expect("Error reading message").to_string();
if let Ok(elems) = parse_ris_live_message(msg.as_str()) {
for elem in elems {
println!("{}", elem);
}
}
}
}
RouteViews provides a real-time Kafka stream of the OpenBMP data received from their collectors. Below is a partial example of how we handle the raw bytes received from the Kafka stream. For full examples, check out the examples folder on GitHub.
let bytes = m.value;
let mut reader = Cursor::new(Vec::from(bytes));
let header = parse_openbmp_header(&mut reader).unwrap();
let bmp_msg = parse_bmp_msg(&mut reader);
match bmp_msg {
Ok(msg) => {
let timestamp = header.timestamp;
let per_peer_header = msg.per_peer_header.unwrap();
match msg.message_body {
MessageBody::RouteMonitoring(m) => {
for elem in Elementor::bgp_to_elems(
m.bgp_message,
timestamp,
&per_peer_header.peer_ip,
&per_peer_header.peer_asn
)
{
info!("{}", elem);
}
}
_ => {}
}
}
Err(_e) => {
let hex = hex::encode(bytes);
error!("{}", hex);
break
}
}
The example will download one MRT file from RouteViews, filter out all the BGP messages that are not originated from AS3356, and write the filtered MRT records to disk. Then it re-parses the filtered MRT file and prints out the number of BGP messages.
use bgpkit_parser::Elementor;
use itertools::Itertools;
use std::io::Write;
let mut updates_encoder = bgpkit_parser::encoder::MrtUpdatesEncoder::new();
bgpkit_parser::BgpkitParser::new(
"http://archive.routeviews.org/bgpdata/2023.10/UPDATES/updates.20231029.2015.bz2",
).unwrap()
.add_filter("origin_asn", "3356").unwrap()
.into_iter()
.for_each(|elem| {
updates_encoder.process_elem(&elem);
});
let mut mrt_writer = oneio::get_writer("as3356_mrt.gz").unwrap();
mrt_writer.write_all(updates_encoder.export_bytes().as_ref()).unwrap();
drop(mrt_writer);
bgpkit-parser
is bundled with a utility commandline tool bgpkit-parser-cli
.
You can install the compiled bgpkit-parser
CLI binaries with the following methods:
brew install bgpkit/tap/bgpkit-parser
cargo binstall bgpkit-parser
You can install the tool by running
cargo install bgpkit-parser --features cli
or checkout this repository and run
cargo install --path . --features cli
Run bgpkit-parser --help
to see the full list of options.
MRT/BGP/BMP data processing library
Usage: bgpkit-parser [OPTIONS] <FILE>
Arguments:
<FILE> File path to a MRT file, local or remote
Options:
-c, --cache-dir <CACHE_DIR> Set the cache directory for caching remote files. Default behavior does not enable caching
--json Output as JSON objects
--psv Output as full PSV entries with header
--pretty Pretty-print JSON output
-e, --elems-count Count BGP elems
-r, --records-count Count MRT records
-o, --origin-asn <ORIGIN_ASN> Filter by origin AS Number
-p, --prefix <PREFIX> Filter by network prefix
-4, --ipv4-only Filter by IPv4 only
-6, --ipv6-only Filter by IPv6 only
-s, --include-super Include super-prefix when filtering
-S, --include-sub Include sub-prefix when filtering
-j, --peer-ip <PEER_IP> Filter by peer IP address
-J, --peer-asn <PEER_ASN> Filter by peer ASN
-m, --elem-type <ELEM_TYPE> Filter by elem type: announce (a) or withdraw (w)
-t, --start-ts <START_TS> Filter by start unix timestamp inclusive
-T, --end-ts <END_TS> Filter by end unix timestamp inclusive
-a, --as-path <AS_PATH> Filter by AS path regex string
-h, --help Print help
-V, --version Print version
There are two key data structures to understand for the parsing results: [MrtRecord] and [BgpElem].
MrtRecord
: unmodified MRT information representationThe [MrtRecord] is the data structure that holds the unmodified, complete information parsed from the MRT data file.
pub struct MrtRecord {
pub common_header: CommonHeader,
pub message: MrtMessage,
}
pub enum MrtMessage {
TableDumpMessage(TableDumpMessage),
TableDumpV2Message(TableDumpV2Message),
Bgp4Mp(Bgp4Mp),
}
MrtRecord
record representation is concise, storage efficient, but often less convenient to use. For example, when
trying to find out specific BGP announcements for certain IP prefix, we often needs to go through nested layers of
internal data structure (NLRI, announced, prefix, or even looking up peer index table for Table Dump V2 format), which
could be irrelevant to what users really want to do.
To facilitate simpler data analysis of BGP data, we defined a new data structure called [BgpElem] in this crate. Each [BgpElem] contains a piece of self-containing BGP information about one single IP prefix. For example, when a bundled announcement of three prefixes P1, P2, P3 that shares the same AS path is processed, we break the single record into three different [BgpElem] objects, each presenting a prefix.
pub struct BgpElem {
pub timestamp: f64,
pub elem_type: ElemType,
pub peer_ip: IpAddr,
pub peer_asn: Asn,
pub prefix: NetworkPrefix,
pub next_hop: Option<IpAddr>,
pub as_path: Option<AsPath>,
pub origin_asns: Option<Vec<Asn>>,
pub origin: Option<Origin>,
pub local_pref: Option<u32>,
pub med: Option<u32>,
pub communities: Option<Vec<Community>>,
pub atomic: Option<AtomicAggregate>,
pub aggr_asn: Option<Asn>,
pub aggr_ip: Option<IpAddr>,
}
The main benefit of using [BgpElem] is that the analysis can be executed on a per-prefix basis, generic to what the backend MRT data format (bgp4mp, tabledumpv1, tabledumpv2, etc.). The obvious drawback is that we will have to duplicate information to save at each elem, that consuming more memory.
We support most of the RFCs and plan to continue adding support for more recent RFCs in the future. Here is a list of relevant RFCs that we support or plan to add support.
If you would like to see any specific RFC's support, please submit an issue on GitHub.
We support normal communities, extended communities, and large communities.
MIT