NAME¶

bgplgd — a bgpctl FastCGI server

SYNOPSIS¶

DESCRIPTION¶

bgplgd is a server which implements the FastCGI Protocol to execute bgpctl(8) commands. bgplgd is a simple server that implements a simple web API to query bgpd(8).

bgplgd opens a socket at /run/bgplgd.sock, owned by www-data, with permissions 0660. It will then drop privileges to user "_bgplgd", unveil(2) the bgpctl(8) binary and restrict itself with pledge(2).

The options are as follows:

-d

Do not daemonize. If this option is specified, bgplgd will run in the foreground and log to stderr.

-p path

Use path instead of bgpctl(8) to query bgpd(8).

-S socket

Use socket instead of the default /run/openbgpd/bgpd.rsock to communicate with bgpd(8).

-s socket

Create and bind to alternative local socket at socket.

-U user

Change the owner of /run/bgplgd.sock to user and its primary group instead of the default www-data.

-V

Show the version and exit.

bgplgd provides the following API endpoints. Unless further specified the endpoints do not take any parameters:

/interfaces

Show the interface states.

/memory

Show RIB memory statistics.

/metrics

Output various statistics in OpenMetrics format.

/neighbors

Show detailed neighbors information. The output can be limited with the following parameters:

neighbor=peer

Show information for a specific neighbor. peer may be the neighbor's address or description.

group=name

Show only entries from the specified peer group.

/nexthops

Show the list of BGP nexthops and the result of their validity check.

/rib

 

/rib/in

 

/rib/out

Show routes from the bgpd(8) Routing Information Base. For /rib/in the Adj-RIB-In will be queried and for /rib/out the Adj-RIB-out. The following parameters can be used to filter the output:

neighbor=peer

Show information for a specific neighbor. peer may be the neighbor's address or description.

group=name

Show only entries from the specified peer group.

as=number

Show only entries with the specified source AS number.

community=string

 

ext-community=string

 

large-community=string

Show only entries that match the specified community.

af=(ipv4 | ipv6 | vpnv4 | vpnv6)

Show only entries that match the specified address family.

rib=name

Show only entries from the RIB with name name. Can only be used with the /rib endpoint.

ovs=(valid | not-found | invalid)

Show only prefixes that match the specified Origin Validation State.

avs=(valid | invalid | unknown)

Show only prefixes that match the specified ASPA Validation State.

best=1

Show only selected routes.

error=1

Show only prefixes which are marked invalid and were treated as withdrawn.

filtered=1

Show only prefixes which are marked filtered by the input filter.

invalid=1

Show only prefixes which are not eligible.

leaked=1

Show only prefixes where a route leak was detected.

prefix=addr

Show only entries that match prefix either as the best matching route or show the entry for this CIDR prefix.

all=1

Show all entries in the specified prefix range.

or-shorter=1

Show all entries covering and including the specified prefix.

/rtr

Show a list of all RTR sessions.

/sets

Show a list summarizing all roa-set, as-set, prefix-set, and origin-set tables.

/summary

Show a list of all neighbors, including information about the session state and message counters.

EXAMPLES¶

Add the following to /etc/bgpd.conf to have bgpd(8) open a second, restricted, control socket:

An example setup in httpd(8) is:

        location "/bgplgd/*" {
                fastcgi socket "/run/bgplgd.sock"
                request strip 1
        }

SEE ALSO¶

bgpctl(8), bgpd(8), httpd(8)

HISTORY¶

The bgplgd server first appeared in OpenBSD 7.2.

AUTHORS¶

Claudio Jeker <claudio@openbsd.org>