Provided by: openbgpd_8.8-1_amd64 
NAME
bgplgd — a bgpctl FastCGI server
SYNOPSIS
bgplgd [-d] [-p path] [-S socket] [-s socket] [-U user] [-V]
DESCRIPTION
bgplgd is a server which implements the FastCGI Protocol to execute bgpctl(8) commands. bgplgd is a
simple server that implements a simple web API to query bgpd(8).
bgplgd opens a socket at /run/bgplgd.sock, owned by www-data, with permissions 0660. It will then drop
privileges to user "_bgplgd", unveil(2) the bgpctl(8) binary and restrict itself with pledge(2).
The options are as follows:
-d Do not daemonize. If this option is specified, bgplgd will run in the foreground and log to
stderr.
-p path
Use path instead of bgpctl(8) to query bgpd(8).
-S socket
Use socket instead of the default /run/openbgpd/bgpd.rsock to communicate with bgpd(8).
-s socket
Create and bind to alternative local socket at socket.
-U user
Change the owner of /run/bgplgd.sock to user and its primary group instead of the default www-
data.
-V Show the version and exit.
bgplgd provides the following API endpoints. Unless further specified the endpoints do not take any
parameters:
/interfaces Show the interface states.
/memory Show RIB memory statistics.
/metrics Output various statistics in OpenMetrics format.
/neighbors Show detailed neighbors information. The output can be limited with the following
parameters:
neighbor=peer Show information for a specific neighbor. peer may be the neighbor's address
or description.
group=name Show only entries from the specified peer group.
/nexthops Show the list of BGP nexthops and the result of their validity check.
/rib
/rib/in
/rib/out Show routes from the bgpd(8) Routing Information Base. For /rib/in the Adj-RIB-In will be
queried and for /rib/out the Adj-RIB-out. The following parameters can be used to filter
the output:
neighbor=peer Show information for a specific neighbor. peer may be the neighbor's address
or description.
group=name Show only entries from the specified peer group.
as=number Show only entries with the specified source AS number.
community=string
ext-community=string
large-community=string
Show only entries that match the specified community.
af=(ipv4 | ipv6 | vpnv4 | vpnv6)
Show only entries that match the specified address family.
rib=name Show only entries from the RIB with name name. Can only be used with the
/rib endpoint.
ovs=(valid | not-found | invalid)
Show only prefixes that match the specified Origin Validation State.
avs=(valid | invalid | unknown)
Show only prefixes that match the specified ASPA Validation State.
best=1 Show only selected routes.
error=1 Show only prefixes which are marked invalid and were treated as withdrawn.
filtered=1 Show only prefixes which are marked filtered by the input filter.
invalid=1 Show only prefixes which are not eligible.
leaked=1 Show only prefixes where a route leak was detected.
prefix=addr Show only entries that match prefix either as the best matching route or show
the entry for this CIDR prefix.
all=1 Show all entries in the specified prefix range.
or-shorter=1 Show all entries covering and including the specified prefix.
/rtr Show a list of all RTR sessions.
/sets Show a list summarizing all roa-set, as-set, prefix-set, and origin-set tables.
/summary Show a list of all neighbors, including information about the session state and message
counters.
EXAMPLES
Add the following to /etc/bgpd.conf to have bgpd(8) open a second, restricted, control socket:
socket "/run/openbgpd/bgpd.rsock" restricted
An example setup in httpd(8) is:
location "/bgplgd/*" {
fastcgi socket "/run/bgplgd.sock"
request strip 1
}
SEE ALSO
bgpctl(8), bgpd(8), httpd(8)
HISTORY
The bgplgd server first appeared in OpenBSD 7.2.
AUTHORS
Claudio Jeker <claudio@openbsd.org>
Debian December 3, 2024 BGPLGD(8)