An open-source tool that processes BGP messages through a pipeline of composable stages, built on the bgpfix library.
Full documentation at bgpipe.org
bgpipe sits between routers as a transparent proxy, auditing, filtering, and transforming BGP sessions on the fly. Think of it as a scriptable BGP firewall and traffic processor.
Use cases:
- BGP firewall with RPKI validation, prefix limits, and rate limiting
- Bidirectional BGP to JSON translation including Flowspec — pipe through jq, Python, anything
- MRT file processing and conversion at scale
- Scriptable pipeline — chain stages or pipe through external programs
- Live BGP monitoring from RIPE RIS Live or RouteViews with real-time filters
- Secure transport — add TCP-MD5 to sessions, proxy over encrypted WebSockets
See the RIPE 88 bgpipe talk for background.
# Reverse proxy: expose internal BGP router, log all traffic to JSON
bgpipe --stdout \
-- listen :179 \
-- connect --wait listen 192.0.2.1
# Stream MRT file, filter by matching IP prefix, and store as JSON file
bgpipe \
-- read https://data.ris.ripe.net/rrc01/2025.11/updates.20251107.2300.gz \
-- grep 'prefix ~ 198.41.0.4' \
-- write output.jsonDocker (fastest):
docker pull ghcr.io/bgpfix/bgpipe:latest
docker run --rm ghcr.io/bgpfix/bgpipe:latest --helpBinary: download from GitHub Releases.
Go: go install github.com/bgpfix/bgpipe@latest
Run bgpipe -h or bgpipe <stage> -h for built-in help.
Visit bgpipe.org for:
- Quick start guide
- Examples and tutorials
- Filter reference
- Complete stage documentation
- Report bugs and request features on GitHub Issues
- For collaboration inquiries, contact [email protected]
Pawel Foremski @pforemski 2023-2026