plugins

Pre-Alpha. This page describes behavior that may change.

A plugin in Ze is a unit of behaviour that registers itself with the engine and reacts to events on the bus. The engine itself does not know about BGP. BGP is implemented as a stack of plugins on top of a generic message bus and a generic plugin manager. Interface management, the FIB pipeline, RPKI, address families, and the route selection policy are all plugins by the same definition.

A plugin is either an in-tree Go module compiled into the binary, or an external process started by the daemon and spoken to through a TLS-framed line protocol. The two paths use the same APIs, the same event types, and the same registration model. The trade-off is the obvious one: in-tree plugins have direct access and lower latency; external plugins can be written in any language and crash without taking the daemon down with them.

Storage

Plugin	Description
bgp-rib	The main RIB store.
bgp-adj-rib-in	Per-peer Adj-RIB-In with raw hex replay.
bgp-persist	On-disk persistence across restarts.

Core

Plugin	Description
bgp	The core BGP engine: FSM, message handling, peer reactor.
bgp-healthcheck	Service healthcheck with FSM-controlled announcement and withdrawal.
interface	OS network interface monitoring and management.
loop	Route loop detection per RFC 4271.

Policy

Plugin	Description
bgp-rs	Route server: client-to-client reflection per RFC 7947 with zero-copy fast path.
bgp-rr	Route reflector per RFC 4456, as an alternative to the route server forward-all model.
bgp-filter-community	Community tag and strip filter (standard, large, extended).
bgp-filter-prefix	Per-prefix modify path for multi-prefix updates.
bgp-filter-aspath	AS-path regex filter.
bgp-route-modify	Route attribute modifier on import/export.
bgp-role	BGP Role capability enforcement (RFC 9234).
bgp-redistribute	Cross-protocol route advertising (L2TP subscriber routes into BGP).

Resilience

Plugin	Description
bgp-gr	Graceful Restart (RFC 4724) and Long-Lived GR (RFC 9494).
bgp-watchdog	Deferred announcement controlled by named watchdog groups.
bgp-route-refresh	Route Refresh and Enhanced Route Refresh (RFC 2918, RFC 7313).

Validation

Plugin	Description
bgp-rpki	RPKI origin validation through the RTR protocol (RFC 6811, RFC 8210).
bgp-rpki-decorator	Correlates UPDATE and RPKI events into merged update-rpki events.

Capabilities

Plugin	Description
bgp-aigp	Accumulated IGP Metric (RFC 7311).
bgp-hostname	FQDN capability.
bgp-llnh	Link-local next-hop for IPv6 (RFC 2545).
bgp-softver	Software version capability.

Address families

The IPv4 and IPv6 unicast and multicast families are part of the engine. Everything else is provided by an nlri plugin and is only available if the plugin is loaded.

Plugin	Description
bgp-nlri-vpn	IPv4 and IPv6 MPLS-VPN.
bgp-nlri-evpn	L2VPN EVPN.
bgp-nlri-flowspec	IPv4 and IPv6 FlowSpec, with VPN variants.
bgp-nlri-ls	BGP-LS.
bgp-nlri-labeled	MPLS-labelled unicast.
bgp-nlri-vpls	L2VPN VPLS.
bgp-nlri-mvpn	Multicast VPN.
bgp-nlri-rtc	Route Target Constrain.
bgp-nlri-mup	Mobile User Plane.

Run ze --plugins to list every plugin compiled into the binary you are running.

Protocol

Plugin	Description
bfd	Bidirectional Forwarding Detection (RFC 5880/5881/5882/5883). Echo mode, keyed SHA1/MD5 auth, BGP peer opt-in. See BFD.
bgp-bmp	BGP Monitoring Protocol (RFC 7854). Receiver and sender with Adj-RIB-Out (RFC 8671). See BMP.

Subsystems

Plugin	Description
l2tp	L2TPv2 LNS/LAC (RFC 2661). Tunnel and session FSMs, PPP negotiation, kernel data plane. See L2TP.
firewall	Stateful packet filtering with nftables backend. See Firewall.
traffic-control	Per-interface queueing disciplines with tc and VPP backends. See Traffic Control.
ntp	NTP client for system clock synchronization with clock readiness gate.
sysctl	Named sysctl profiles (dsr, router, hardened, multihomed, proxy) for interface units.
tacacs	TACACS+ AAA client (RFC 8907). SSH authentication, priv-lvl mapping, accounting. See TACACS+.

Infrastructure

Plugin	Description
interface	OS network interface monitoring through netlink (Linux). Publishes interface and address events to the bus.
fib-kernel	Programs the Linux FIB through netlink.
fib-vpp	Programs the VPP FIB through GoVPP binary API. See VPP.
fib-p4	Experimental P4 dataplane.
iface-dhcp	DHCP client for managed interfaces with route/DNS/NTP discovery.
iface-netlink	Netlink-driven interface manager (WireGuard, tunnels, bridges, VLAN).
iface-vpp	VPP interface backend via GoVPP (lifecycle, addressing, monitor).
sysrib	System RIB shared between protocols, with unified Loc-RIB.
host	Hardware inventory library and show host surface.
vpp	VPP process lifecycle management: startup, DPDK NIC binding, crash recovery, GoVPP connection.

Plugin health metrics

Every plugin exposes a few standard Prometheus metrics so you can tell at a glance whether they are healthy.

Metric	Description
ze_plugin_status{plugin}	Current stage. 6 means running.
ze_plugin_restarts_total{plugin}	Cumulative restart count.
ze_plugin_events_delivered_total{plugin}	Total events enqueued to the plugin.

When a plugin is disabled (respawn limit exceeded) its metrics are deleted rather than left stale.

Beyond the standard health metrics, Go plugins can register their own Prometheus counters and gauges through a ConfigureMetrics callback on the plugin registration. bgp-rib, bgp-watchdog, bgp-rpki, bgp-persist, fib-kernel, and sysrib each ship with their own metric sets on the same Prometheus endpoint. See Go plugins — Prometheus metrics for the API and naming convention.

See also

• Plugin development for writing your own.
• Configuration overview for how plugins bind to peers and receive events.
• Monitoring for the event-stream surface plugins consume.

Adapted from main/docs/features/plugins.md and main/README.md.