Lots of replies saying which of BIRD/exabgp/frr/quagga/openbgpd folks prefer, but they're all pretty good. Honestly for such a project they're all just as great, it comes down mostly to what you're used to config-wise. Used to big metal router configuration? You might find BIRD foreign. Used to more functional code stuff? BIRD is pretty great. Others I have less experience with. As for "something better than cobbling it together", I'd recommend just do that. Install your usual Linux/BSD distro, install one of the BGP daemons, and run a flow logger (eg pmacctd, which can split out flowspec which you can consume with whatever you're comfortable with). Setting up everything short of the actual flowspec inspection should be a half-hour endeavor, maybe three hours if you have to fight with the VM provider to get BGP filters working right :). Matt On 5/1/23 9:01 AM, Bryan Fields wrote:
I know best subjective, but I'm looking at a project to announce some IP space that's between uses now and see what's there. I'm planing to run a flow logger and ntop on the VM and see what is coming in if anything. I'm looking at the options for BGP out there, and there's quite a few (other than running a VM with a router doing BGP), but most data I've seen is focused on scale and filtering use, or RPKI. My use case is a bit different, and I can't find any best practices for this use case from what I've found.
That said, is there a better solution other than linux/ntop/ipt-netflow?