TaBi - Track BGP Hijacks
## Building TaBi
TaBi depends on two external Python modules. The easiest method to install them is to use virtualenv and pip.
If you use a Debian-like system you can install these dependencies using:
Then install TaBi in a virtual environment:
Removing TaBi and its dependencies is therefore as simple as removing the cloned repository.
Historically TaBi was designed to process MRT dump files from the collectors of the RIPE RIS.
### Grabbing MRT dumps
You will then need to retrieve some MRT dumps. Copying and pasting the following commands in a terminal will grab a full BGP view and some updates.
tabi- the command line tool
tabicommand is the legacy tool that uses TaBi to build technical indicators for the Observatory reports. It uses mabo to parse MRT dumps.
Given the name of the BGP collector, an output directory and MRT dumps using the RIS naming convention,
tabiwill follow the evolution of routes seen in MRT dumps (or provided with the
--asesoption), and detect BGP IP prefixes conflicts.
Several options can be used to control tabi behavior:
Among this options, two are very interesting:
Note that the legacy output mode will likely consume all file descriptors as it creates two files per processed AS (i.e. around 100k opened files). The default is the combined output mode.
Here is an example call to tabi:
After around 5 minutes of processing, you will find the following files in
## Using TaBi as a Python module
TaBi could also be used as a regular Python module in order to use it in your own tool.
The example provided in this repository enhance BGP prefix conflicts detection, with possible hijacks classification. To do so, it relies on external data sources such as RPKI ROA, route objects and other IRR objects.