-
Notifications
You must be signed in to change notification settings - Fork 459
Use Cases Financial Services
Thomas Mangin edited this page Nov 15, 2025
·
1 revision
ExaBGP enables low-latency, high-reliability networking for financial services including trading platforms, market data distribution, and compliance requirements.
- Overview
- Low-Latency Trading Networks
- Market Data Distribution
- Compliance and Security
- Configuration Examples
- See Also
Financial services networking demands:
- Ultra-low latency: Microseconds matter for high-frequency trading
- High reliability: 99.999% uptime for trading systems
- Deterministic routing: Predictable network paths
- Market data distribution: Efficient multicast for price feeds
- Security: Network segmentation, encryption, audit trails
- Compliance: Regulatory requirements (MiFID II, SEC, etc.)
- Geographic distribution: Connect to multiple exchanges globally
ExaBGP enables:
- Anycast for trading systems: Automatic failover between trading engines
- Market data routing: Distribute price feeds via multicast BGP
- Exchange connectivity: Manage routes to multiple exchanges
- Network segmentation: Isolate trading, market data, and corporate networks
- Disaster recovery: Instant failover between data centers
Important: ExaBGP announces routes but does NOT manipulate kernel routing tables. Ensure your routing daemon or application handles route installation for forwarding.
Multiple trading engines share one IP for instant failover:
#!/usr/bin/env python3
import sys
import time
import socket
# Trading engine anycast IP
TRADING_IP = "10.1.1.100/32"
NEXT_HOP = "10.0.0.1"
# Health check trading engine
def check_trading_engine():
"""Check if trading engine is accepting orders"""
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(0.001) # 1ms timeout - critical for trading
result = sock.connect_ex(('127.0.0.1', 7000))
sock.close()
return result == 0
except:
return False
# Aggressive health checking for fast failover
announced = False
CHECK_INTERVAL = 0.1 # 100ms checks
while True:
healthy = check_trading_engine()
if healthy and not announced:
print(f"announce route {TRADING_IP} next-hop {NEXT_HOP}", flush=True)
announced = True
elif not healthy and announced:
print(f"withdraw route {TRADING_IP} next-hop {NEXT_HOP}", flush=True)
announced = False
time.sleep(CHECK_INTERVAL)Manage routes to multiple exchanges:
#!/usr/bin/env python3
import sys
# Exchange connections
EXCHANGES = {
'NYSE': {
'prefix': '198.51.100.0/24',
'next_hop': '10.1.0.1',
'community': '65000:1', # Primary link
'local_pref': 200
},
'NASDAQ': {
'prefix': '203.0.113.0/24',
'next_hop': '10.1.0.2',
'community': '65000:2',
'local_pref': 200
},
'CME': {
'prefix': '192.0.2.0/24',
'next_hop': '10.1.0.3',
'community': '65000:3',
'local_pref': 200
}
}
# Announce exchange routes with high local preference
for exchange, config in EXCHANGES.items():
print(f"announce route {config['prefix']} "
f"next-hop {config['next_hop']} "
f"community [{config['community']}] "
f"local-preference {config['local_pref']}", flush=True)
while True:
line = sys.stdin.readline().strip()
if not line:
breakAchieve very fast failover using BFD-like health checks:
#!/usr/bin/env python3
import sys
import time
import select
TRADING_IP = "10.1.1.100/32"
NEXT_HOP = "10.0.0.1"
def fast_health_check():
"""Fast health check with immediate response"""
# Use UDP for minimal overhead
import socket
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.settimeout(0.0005) # 500 microseconds
try:
sock.sendto(b'HEALTH', ('127.0.0.1', 9000))
ready = select.select([sock], [], [], 0.001)
if ready[0]:
data, _ = sock.recvfrom(16)
return data == b'OK'
except:
return False
finally:
sock.close()
return False
# Ultra-fast monitoring
announced = False
failures = 0
FAILURE_THRESHOLD = 3 # Fail after 3 consecutive failures
while True:
start = time.time()
if fast_health_check():
failures = 0
if not announced:
print(f"announce route {TRADING_IP} next-hop {NEXT_HOP}", flush=True)
announced = True
else:
failures += 1
if failures >= FAILURE_THRESHOLD and announced:
print(f"withdraw route {TRADING_IP} next-hop {NEXT_HOP}", flush=True)
announced = False
# Maintain exact 10ms interval
elapsed = time.time() - start
sleep_time = max(0, 0.01 - elapsed)
time.sleep(sleep_time)Distribute market data feeds using multicast BGP:
#!/usr/bin/env python3
import sys
# Market data multicast groups
MARKET_DATA = {
'level1': {
'group': '239.1.1.1',
'source': '10.1.1.1',
'community': '65000:100'
},
'level2': {
'group': '239.1.1.2',
'source': '10.1.1.1',
'community': '65000:101'
},
'options': {
'group': '239.1.1.3',
'source': '10.1.1.1',
'community': '65000:102'
}
}
NEXT_HOP = "10.1.1.1"
# Announce multicast sources
for feed, config in MARKET_DATA.items():
# IPv4 multicast announcement
print(f"announce route {config['group']}/32 "
f"next-hop {NEXT_HOP} "
f"community [{config['community']}]", flush=True)
while True:
line = sys.stdin.readline().strip()
if not line:
breakRoute market data to regional offices:
#!/usr/bin/env python3
import sys
# Regional market data servers
REGIONS = {
'us-east': {
'prefix': '10.100.1.0/24',
'next_hop': '10.1.0.1',
'community': '65000:1',
'med': 10 # Prefer this path for US traders
},
'eu-london': {
'prefix': '10.100.2.0/24',
'next_hop': '10.2.0.1',
'community': '65000:2',
'med': 10 # Prefer for EU traders
},
'apac-tokyo': {
'prefix': '10.100.3.0/24',
'next_hop': '10.3.0.1',
'community': '65000:3',
'med': 10 # Prefer for APAC traders
}
}
# Announce with geographic communities
for region, config in REGIONS.items():
print(f"announce route {config['prefix']} "
f"next-hop {config['next_hop']} "
f"community [{config['community']}] "
f"med {config['med']}", flush=True)
while True:
line = sys.stdin.readline().strip()
if not line:
breakIsolate trading, market data, and corporate networks:
#!/usr/bin/env python3
import sys
# Network segments per compliance requirements
SEGMENTS = {
'trading': {
'vrf': 'TRADING',
'prefix': '10.1.0.0/16',
'rd': '10.0.0.1:1',
'rt': '65000:1'
},
'market-data': {
'vrf': 'MKTDATA',
'prefix': '10.2.0.0/16',
'rd': '10.0.0.1:2',
'rt': '65000:2'
},
'corporate': {
'vrf': 'CORP',
'prefix': '10.3.0.0/16',
'rd': '10.0.0.1:3',
'rt': '65000:3'
},
'dmz': {
'vrf': 'DMZ',
'prefix': '10.4.0.0/16',
'rd': '10.0.0.1:4',
'rt': '65000:4'
}
}
NEXT_HOP = "10.0.0.1"
# Announce segments with VRF isolation
for segment, config in SEGMENTS.items():
print(f"announce route {config['prefix']} "
f"next-hop {NEXT_HOP} "
f"route-distinguisher {config['rd']} "
f"route-target {config['rt']}", flush=True)
while True:
line = sys.stdin.readline().strip()
if not line:
breakLog all BGP route changes for compliance:
#!/usr/bin/env python3
import sys
import json
import logging
from datetime import datetime
# Compliance logging
logging.basicConfig(
filename='/var/log/bgp-audit.log',
level=logging.INFO,
format='%(message)s'
)
def log_route_change(action, route, next_hop, timestamp):
"""Log route changes with timestamp for audit"""
audit_entry = {
'timestamp': timestamp,
'action': action,
'route': route,
'next_hop': next_hop,
'source': 'exabgp'
}
logging.info(json.dumps(audit_entry))
TRADING_IP = "10.1.1.100/32"
NEXT_HOP = "10.0.0.1"
# Announce with audit
timestamp = datetime.utcnow().isoformat()
print(f"announce route {TRADING_IP} next-hop {NEXT_HOP}", flush=True)
log_route_change('announce', TRADING_IP, NEXT_HOP, timestamp)
# Process updates and log
while True:
line = sys.stdin.readline().strip()
if not line:
break
try:
data = json.loads(line)
# Log received route updates
timestamp = datetime.utcnow().isoformat()
logging.info(json.dumps({'timestamp': timestamp, 'update': data}))
except:
passUse FlowSpec to block malicious traffic:
#!/usr/bin/env python3
import sys
def block_malicious_ip(attacker_ip):
"""Block attacker IP using FlowSpec"""
print(f"announce flow route "
f"{{ match {{ source {attacker_ip}/32; }} "
f"then {{ discard; }} }}", flush=True)
def rate_limit_suspicious(source_ip, rate_kbps):
"""Rate limit suspicious traffic"""
print(f"announce flow route "
f"{{ match {{ source {source_ip}/32; }} "
f"then {{ rate-limit {rate_kbps}; }} }}", flush=True)
# Example: Block detected DDoS source
block_malicious_ip("192.0.2.100")
# Example: Rate limit suspicious trading client
rate_limit_suspicious("203.0.113.50", 1000)
while True:
line = sys.stdin.readline().strip()
if not line:
breakConfiguration (/etc/exabgp/trading.conf):
process trading-monitor {
run python3 /etc/exabgp/trading-health.py;
encoder json;
}
# Connection to core switches
neighbor 10.0.0.1 {
router-id 10.1.1.1;
local-address 10.1.1.1;
local-as 65001;
peer-as 65001;
family {
ipv4 unicast;
ipv4 flow;
}
# Fast convergence
hold-time 9;
api {
processes [ trading-monitor ];
}
}
neighbor 10.0.0.2 {
router-id 10.1.1.1;
local-address 10.1.1.1;
local-as 65001;
peer-as 65001;
family {
ipv4 unicast;
ipv4 flow;
}
hold-time 9;
api {
processes [ trading-monitor ];
}
}Connect trading sites globally:
process global-trading {
run python3 /etc/exabgp/global-announce.py;
encoder json;
}
# Local site connection
neighbor 10.1.0.1 {
router-id 10.1.1.1;
local-address 10.1.1.1;
local-as 65001;
peer-as 65001;
family {
ipv4 unicast;
ipv4 mpls-vpn;
}
api {
processes [ global-trading ];
}
}
# Remote site connection (London)
neighbor 10.2.0.1 {
router-id 10.1.1.1;
local-address 10.1.1.1;
local-as 65001;
peer-as 65002;
family {
ipv4 unicast;
ipv4 mpls-vpn;
}
api {
processes [ global-trading ];
}
}π» Ghost written by Claude (Anthropic AI)
π Home
π Getting Started
π§ API
π‘οΈ Use Cases
π Address Families
βοΈ Configuration
π Operations
π Reference
- Architecture
- BGP State Machine
- Communities (RFC)
- Extended Communities
- BGP Ecosystem
- Capabilities (AFI/SAFI)
- RFC Support
π Migration
π Community
π External
- GitHub Repo β
- Slack β
- Issues β
π» Ghost written by Claude (Anthropic AI)