Last updated April 22, 2024
Thank you to the many list contributors that added their favorite projects to this LinkedIn thread. I had no idea how much joyful work I was creating for myself when I posted it.
🤔 Did we miss a project? Tell us about it here.
About This List
This list of public projects is provided as a service to the IT infrastructure community by Packet Pushers. The goal is to spread awareness of tools that might make your job easier.
Consider that these networking projects are all, to the best of my knowledge, free and open source. That means three important things.
- The project is open to you. Generally the code is found in a publicly accessible code repository such as GitHub or GitLab. If you understand the code, you can confirm that it’s safe, secure, and suitable for you to run. If you don’t understand the code, you can hope that others who do have reviewed the code and addressed flaws.
- The project is contributable by you. Open source projects tend to be started by individuals with an itch to scratch or problem to solve. When these projects become popular, they also become a time-consuming burden to their authors. Without community contributors, these projects become unsustainable and die. Seriously consider giving back. Writing documentation is as valuable a service as coding.
- The project is free for you to use, but might not be free for you to incorporate into your own for-profit projects. The licenses vary with these projects. Be careful to review the license associated with a project before re-using the code as part of your own unique project.
Not All Free Open Source Software Is The Same
Open source networking projects exist for a variety of reasons. Those reasons could influence whether or not you want to use a given project, so it’s a good idea to know what’s going on with a project before you make it an important part of your network.
- Vendor or business-backed projects. Some projects are backed by vendors or service providers who need the project to support their own networks or products. These folks will generally employ people to write code for the project. These projects might serve you well, but the first priority of the maintainers is meeting the needs of the businesses funding them. Probably not your needs.
- Projects as marketing tools. Other projects are marketing tools created by vendors to create awareness of a related product they want you to buy. That doesn’t mean there’s anything wrong with their project, but be aware of the project’s point of view. I have eliminated from this list vendor-driven projects of no particular use unless you’re in the vendor’s ecosystem.
- Open, community, and feature-limited projects. Yet other projects you’ll find here might be open or community editions with commercial variants that may not be free or open source. That means the author hopes to feed their families with their programming efforts using the freemium model. You have to feed your family too, which should give you pause to think. Even though the projects here won’t cost you money, nothing is free. Every line of code represented in this list cost someone something.
- Altruistic projects. Some projects exist for the betterment of the community with no strings attached. If you get a benefit from the project, you should let the maintainer know how you’re using it and express your appreciation. That would be cool of you.
How To Use This Open Source Networking List
The list lacks a perfect heading for every project under a given category. Therefore, you should read category headings and the projects with an open mind, recognizing that a project might be capable of more than what the heading implies.
The Packet Pushers team has not personally tried all of these projects. A project’s inclusion here isn’t an endorsement or even a recommendation. Use your own discretion before using any of the software identified here.
Attribution. Most project descriptions are quoted from the project’s website, code repo, documentation, or wiki, and might be edited for brevity.
Open Source Networking Projects: Main Index
There are currently 136 projects on this list.
BGP – Daemons (2)
BGP – Looking Glasses (2)
BGP – RKPI Tools (3)
BGP – Session Monitoring & Management (2)
Cloud Native Networking (7)
Developer Tools (19)
Labbing (7)
Management – Automation (11)
Management – Configuration (6)
Management – DCIM, IPAM, Network Source Of Truth (3)
Management – Network Management Systems (6)
Monitoring – Flow Collectors & Generators (4)
Monitoring – Log Management (2)
Monitoring – Observability (3)
Network Services (7)
Operating Systems (8)
Routing Platforms (7)
Security – DDoS Mitigation (1)
Security – Firewalls & Filtering (3)
Security – Intrusion Detection/Prevention (4)
Security – Scanning (4)
Security – VPN (2)
Tools – CLI Utilities (13)
Tools – Packet Capture & Analysis (2)
Tools – Traffic Generators (8)
BGP – Daemons
ExaBGP
https://github.com/Exa-Networks/exabgp
ExaBGP was designed to be an easy to script BGP-based SDN application that doesn’t get in the way. Like every application, the software is not without fault but has seen large scale deployment.
GoBGP
https://github.com/osrg/gobgp
BGP implementation designed from scratch for modern environments and implemented in Go.
BGP – Looking Glasses
Alice-LG
https://github.com/alice-lg/alice-lg
Alice-LG is a BGP looking glass which gets its data from external APIs. Currently Alice-LG supports the following APIs: birdwatcher API for BIRD and GoBGP.
Hyperglass
https://github.com/thatmattlove/hyperglass
Intended to make implementing a looking glass too easy not to do, with the lofty goal of improving the internet community at large by making looking glasses more common across autonomous systems of any size.
BGP – RKPI Tools
Routinator
https://nlnetlabs.nl/projects/routing/routinator/
RPKI Relying Party software written in Rust. The application is designed to be secure and is greatly portable. It’s a lightweight implementation that can run effortlessly on almost any operating system using minimalist hardware.
RTRTR
https://nlnetlabs.nl/projects/routing/rtrtr/
RPKI data proxy, designed to collect Validated ROA Payloads from one or more sources in multiple formats and dispatch it onwards. It provides the means to implement multiple distribution architectures for RPKI such as centralized RPKI validators that dispatch data to local caching RTR servers. For larger networks, RTRTR is an ideal companion to Routinator.
StayRTR
https://github.com/bgp/stayrtr
RPKI-to-Router protocol (RFC 6810, RFC 8210, RFC 8210bis); based on GoRTR using Go.
BGP – Session Monitoring & Management
BGPAlerter
https://github.com/nttgin/BGPalerter
Self-configuring BGP monitoring tool which allows you to monitor in real-time. You just run it. You don’t need to provide any data source or connect it to anything in your network since it connects to public repos. It can deliver alerts on files, email, Kafka, Slack, and more.
Peering Manager
https://github.com/peering-manager/peering-manager
BGP session management tool. Initially conceived as a way to document Internet Exchanges points and peering sessions, its goal is now to provide a source of truth and configuration management for external BGP sessions of all kinds (transit, customers, peering, …).
Cloud Native Networking
Calico
https://www.tigera.io/tigera-products/calico/
Networking and security solution for containers, virtual machines, and native host-based workloads. It supports a broad range of platforms including Kubernetes, OpenShift, Docker EE, OpenStack, and bare metal services.
Cilium
https://cilium.io/
Cloud native solution for providing, securing, and observing network connectivity between workloads, fueled by the revolutionary Kernel technology eBPF.
- 🎧️ BiB099: Isovalent Brings You Cilium Enterprise
- 🎧️ FSJ061: Linux Networking And Observability With eBPF And Cilium
- 🎧️ D2C160: Going Deep Into Cilium Service Mesh With eBPF
- 🎧️ KU022: Kubernetes Networking And Abstraction With Cilium And eBPF
- 🎧️ NB463: Cisco Buys eBPF Startup For Cloud-Native Networking
Envoy
https://www.envoyproxy.io/
High performance C++ distributed proxy designed for single services and applications, as well as a communication bus and “universal data plane” designed for large microservice “service mesh” architectures.
Hubble
https://github.com/cilium/hubble
Hubble is a fully distributed networking and security observability platform for cloud native workloads. It’s built on top of Cilium and eBPF to enable deep visibility into the communication and behavior of services as well as the networking infrastructure in a completely transparent manner.
Loxilb
https://github.com/loxilb-io/loxilb
Cloud-native load-balancer based on GoLang/eBPF with the goal of achieving cross-compatibility across a wide range of on-prem, public-cloud, or hybrid K8s environments.
Metallb
https://github.com/metallb/metallb
A load-balancer implementation for bare metal Kubernetes clusters, using standard routing protocols.
Multus-CNI
https://github.com/k8snetworkplumbingwg/multus-cni
Enables attaching multiple network interfaces to pods in Kubernetes.
Developer Tools
DPDK
https://www.dpdk.org/
The most popular kit to accelerate packet processing on a wide variety of CPU architectures. Designed to run on x86, POWER, and ARM processors, DPDK is a set of libraries running mostly in Linux userland.
eBPF
https://ebpf.io/
Technology with origins in the Linux kernel that can run sandboxed programs in a privileged context such as the operating system kernel. It’s used to safely and efficiently extend the capabilities of the kernel without requiring you to change kernel source code or load kernel modules.
- 🎧️ HN614: eBPF, Cloud-Native Networking, And Other Modern Networking Trends
- 🎧️ D2C 154: Can eBPF Replace Sidecar Proxies?
Gribi
https://github.com/openconfig/gribi
Defines an interface via which entries can be injected from an external client to a network element. The gRIBI interface is defined in the proto/service/gribi.proto — which defines a simple API for adding and removing routing entries. The RIB entries are described using a protobuf translated version of the OpenConfig AFT model.
gRPC
http://www.grpc.io
Remote procedure call framework used commonly in network operating system communications. Carries messages related to programming the network device or telemetry data.
JSON
https://www.json.org/json-en.html
Lightweight data-interchange format. It’s easy for humans to read and write. It’s easy for machines to parse and generate. JSON is built on two structures: a collection of name/value pairs and an ordered list of values.
Kne
https://github.com/openconfig/kne
Kubernetes network emulation. Provide a standard “interface” so that vendors can produce a standard container implementation which can be used to build complex topologies. Primary use cases are test development and software development.
Libyang
https://github.com/CESNET/libyang
YANG data modeling language parser and toolkit written (and providing API) in C. The library is used e.g. in libnetconf2, Netopeer2, or sysrepo projects.
NETCONF
https://www.rfc-editor.org/rfc/rfc6241
RPC wrapped in XML for network device configuration.
Netmap
https://github.com/luigirizzo/netmap
Framework for very fast packet I/O from userspace. VALE is an equally fast in-kernel L2 software switch using the netmap API. Both are implemented as a single kernel module for FreeBSD and Linux. Netmap/VALE can handle tens of millions of packets per second, matching the speed of 10G and 40G ports even with minimum sized frames.
Netopeer
https://github.com/CESNET/netopeer
Set of NETCONF tools built on the libnetconf library. It allows operators to connect to their NETCONF-enabled devices as well as developers to allow control of their devices via NETCONF.
Netutils
https://github.com/networktocode/netutils
Python library that’s a collection of functions that are used in the common network automation tasks. Tasks such as converting a BGP ASN to and from dotted format, normalizing an interface name, or “type 5” encrypting a password. The intention is to centralize these functions while keeping the library light.
OpenBCM
https://github.com/Broadcom-Network-Switching-Software/OpenBCM
Contains the source code for Broadcom network switch APIs and drivers for programming Broadcom network switch silicon based platforms. Support for XGS switch devices such as Trident (TD2, TD3, TD4), Tomahawk (TH, TH2, TH3) and DNX devices such as Ramon, Qumran (Q2A, Q2U), and Jericho (JR2, J2C).
OpenConfig
https://www.openconfig.net/
Defines and implements a common, vendor-independent software layer for managing network devices. OpenConfig operates as an open source project with contributions from network operators, equipment vendors, and the wider community.
OpenFlow
https://www.opennetworking.org/ja/sdn-resources-ja/onf-specifications/openflow
A means of programming the forwarding table of a network device over the network. While OpenFlow might still have production use cases, it’s noted here primarily as a historical artifact. OpenFlow was an important part of early software defined networking (SDN) discussions.
- 🎧️ HN076: Why OpenFlow Has Mind-Melting Potential
- 🎧️ HN231: OpenFlow’s Possible Futures with Curt Beckmann
- 🎧️ HN340: OpenFlow, Fabrics & Network Virtualization
OpenZiti
https://openziti.io/
OpenZiti is a secure networking platform that allows you to build a zero trust overlay network right into your application. Any sort of network topology is possible. SDKs are available for C, Go, Python, Swift, Android, Java, Node JS, and C# (.NET).
QUIC Implementations List
https://github.com/quicwg/base-drafts/wiki/Implementations
Maintained by the IETF QUIC working group co-chair Lucas Pardue, this list documents several implementations of the QUIC protocol as well as HTTP/3. The list might not be completely current. Not all implementations listed are open source.
Vagrant
https://www.vagrantup.com/
Enables the creation and configuration of lightweight, reproducible, and portable development environments.
VPP
https://github.com/FDio/vpp
Vector Packet Processing platform is an extensible framework that provides out-of-the-box production quality switch/router functionality. It’s the open source version of Cisco’s VPP technology: a high performance, packet-processing stack that can run on commodity CPUs.
vSSH
https://github.com/yahoo/vssh
Go library to handle tens of thousands SSH connections and execute the command(s) with higher-level API for building network device / server automation. Documentation and examples are available via godoc.
XDP
https://www.iovisor.org/technology/xdp
eXpress Data Path provides a high performance, programmable network data path in the Linux kernel as part of the IO Visor Project. XDP provides bare metal packet processing at the lowest point in the software stack which makes it ideal for speed without compromising programmability.
Labbing
BGPLabs
https://bgplabs.net
This series of BGP hands-on labs by Ivan Pepelnjak will help you master numerous aspects of EBGP, IBGP, and BGP routing policy configuration on a platform of your choice. More than a dozen labs are already waiting for you.
Containerlab
https://containerlab.dev/
Provides a CLI for orchestrating and managing container-based networking labs. It starts the containers, builds a virtual wiring between them to create lab topologies of users choice and manages labs lifecycle.
EVE-NG Community Edition
https://www.eve-ng.net/index.php/download/#DL-COMM
First clientless multi-vendor network emulation software that empowers network and security professionals with huge opportunities in the networking world.
GNS3
https://www.gns3.com/
Build, design, and test your network in a risk-free virtual environment and access the largest networking community to help. Whether you’re studying for your first networking exam or building out a state-wide telecommunications network, GNS3 offers an easy way to design and build networks of any size without the need for hardware.
Mininet
https://mininet.org/
Creates a realistic virtual network, running real kernel, switch, and application code, on a single machine (VM, cloud or native), in seconds, with a single command. Because you can easily interact with your network using the Mininet CLI (and API), customize it, share it with others, or deploy it on real hardware, Mininet is useful for development, teaching, and research. Mininet is also a great way to develop, share, and experiment with SDN systems using OpenFlow and P4.
Netlab
https://netlab.tools
Ivan Pepelnjak’s network lab orchestrator for people who are weary of clicky-clicky. Use YAML to define a lab environment including device links, routing protocols, IP addressing, and more and then say “netlab up”.
NRX
https://github.com/netreplica/nrx
Reads a network topology graph from NetBox DCIM system and exports as Containerlab, Cisco Modeling Labs, Graphite, D2, Cytoscape CYJS, or other format defined by a Jinja2 template.
Management – Automation
Ansible
https://www.ansible.com/
IT automation system. It handles configuration management, application deployment, cloud provisioning, ad-hoc task execution, network automation, and multi-node orchestration.
- 🎧️ HN198: Kirk Byers on Network Automation with Python & Ansible
- 🎧️ D2C064: Bringing Ansible Into A Windows Shop
- 🎧️ HN537: Ansible Vs. Terraform For Network Automation
- 📺️ Ansible For Network Automation Video Tutorial Series
Awesome Network Automation list
https://github.com/networktocode/awesome-network-automation
Network automation is a cross between the discipline of network infrastructure and the discipline of programming. This list was created to serve as a one-stop shop for information related to network automation.
AWX
https://github.com/ansible/awx
Provides a web-based user interface, REST API, and task engine built on top of Ansible. It’s one of the upstream projects for Red Hat Ansible Automation Platform.
Jinja
https://jinja.palletsprojects.com/en/3.1.x/
Fast, expressive, extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. Then the template is passed data to render the final document.
Netmiko
https://github.com/ktbyers/netmiko
Network automation to screen-scraping devices is primarily concerned with gathering output from show commands and with making configuration changes. Netmiko aims to accomplish both of these operations and to do it across a very broad set of platforms. It seeks to do this while abstracting away low-level state control (i.e., eliminate low-level regex pattern matching to the extent practical).
Network Unit Testing System (NUTS)
https://github.com/network-unit-testing-system/nuts
The Network Unit Testing System or “nuts” in short draws on the concept of unit tests, known from the domain of programming, and applies it to the domain of networking. In the network testing domain, tests are less about edge cases, but more about testing existing network states with pre-defined test cases. Such a single test case might be “can host A reach neighbors X, Y, Z?” on many different devices. This is what nuts tries to achieve: Apply test cases based on your pre-defined network topology to your actual network and have the tests confirm the correct state.
Nornir
https://github.com/nornir-automation/nornir
A pure Python automation framework intended to be used directly from Python. While most automation frameworks use their own Domain Specific Language (DSL) which you use to describe what you want to have done, Nornir lets you control everything from Python. See also Gornir.
- 🎧️ HN445: An Introduction To The Nornir Automation Framework
- 📺️ Practical Python For Networking: 3.1 – Detection With Nornir
Orchestrator-Core
https://workfloworchestrator.org/orchestrator-core/
Provides a framework through which you can manage service orchestration for your end users. It enables you to define products to which users can subscribe, and helps you intelligently manage the lifecycle of Creation, Modification, Termination and Validation of a customer subscription.
Pydantic
https://docs.pydantic.dev/latest/
The most widely used data validation library for Python. Fast and extensible, Pydantic plays nicely with your linters/IDE/brain. Define how data should be in pure, canonical Python 3.8+; validate it with Pydantic.
Scrapli
https://carlmontanari.github.io/scrapli/
Python library focused on connecting to devices, specifically network devices (routers, switches, firewalls, etc.) via SSH or Telnet. The name scrapli is just “scrape cli” (as in screen scrape) squished together! See also scapligo.
Terraform
https://www.terraform.io/use-cases/manage-network-infrastructure
https://github.com/hashicorp/terraform
IT automation system. Build, change, and version infrastructure safely and efficiently. It’s notable that Hashicorp, the company behind Terraform, changed Terraform’s licensing in mid-2023 such that another project can’t use Terraform source code to make a competing product. This caused outrage for some in the TF community, with purists insisting that Terraform is no longer truly open source. The main result of this outrage was the OpenTofu project, a fork of Terraform that’s part of the Linux Foundation and backed by many commercial interests. If open source licensing distinctions are important to you or your company, pay careful attention to Terraform’s licensing.
- 🎧️ FSJ027: Understanding Infrastructure As Code And Terraform With Curt Micol
- 🎧️ HN537: Ansible Vs. Terraform For Network Automation
- 🎧️ KU004: Pros And Cons Of Using Terraform With Kubernetes
- 🎧️ D2C 155: Terraform Stinks
- 🎧️ D2C202: How Azure Embraces Terraform For Infrastructure As Code
- 🎧️ HN711: Get Cloud-Like Operation Of Your Data Center With Juniper Apstra And Terraform
Management – Configuration
Aerleon
https://github.com/aerleon/aerleon
Generate firewall configs for multiple firewall platforms from a single platform-agnostic configuration language through a command line tool and Python API. Aerleon is a fork of Capirca.
Batfish
https://www.batfish.org/
Network configuration analysis tool. Batfish finds errors and guarantees the correctness of planned or current network configurations. It enables safe and rapid network evolution, without the fear of outages or security breaches.
Netshot
https://www.netfishers.onl/netshot
Netshot is a network device manager for configuration and compliance management. Many of the most used network devices in the world are supported out-of-the-box and you can easily add your own drivers — this is a simple script file to write. Netshot is available through a web application GUI.
Network Configuration Backup
https://github.com/jeremyschulman/netcfgbu
As a network engineer I need to backup my network configuration files into a version control system, and I need a tool to automate this process. My primary means of accessing the devices is SSH. The netcfgbu tool was built specifically to backup network operating system (NOS) configurations that are monolithic in nature. That is to say the entire configuration can be captured using a command such as “show running-config”. Any NOS that provides a monolithic configuration should be supported by netcfgbu.
Oxidized
https://github.com/ytti/oxidized
Oxidized is a network device configuration backup tool. It’s a RANCID replacement! It’s light and extensible and supports over 130 operating system types.
rConfig Community Edition
https://github.com/rconfig
An enterprise grade network configuration management (NCM) software package with superior NCM features and capabilities to help you easily manage configurations on large and small heterogenous networks.
Management – DCIM, IPAM, Network Source Of Truth
Nautobot
https://networktocode.com/nautobot/
A network source of truth that’s the foundation required for successful enterprise network automation. A fork of NetBox.
NetBox
https://netboxlabs.com/open-source-netbox/
The source of truth for everything on your network, from physical components like power systems and cabling to virtual assets like IP addresses and VLANs. Network automation and observability tools depend on NetBox’s authoritative data to roll out configurations, monitor changes, and accelerate operations across the enterprise.
phpIPAM
https://phpipam.net/
Web IP address management application (IPAM). Its goal is to provide light, modern, and useful IP address management. It’s a PHP-based application with MySQL database backend, using jQuery libraries, ajax, and HTML5/CSS3 features.
Management – Network Management Systems
LibreNMS
https://www.librenms.org/
Fully featured network monitoring system that provides a wealth of features and device support.
NeDi
https://www.nedi.ch/
NeDi discovers your network devices and tracks connected end-nodes. It contains many additional features for managing enterprise networks including intelligent topology awareness, MAC address mapping/tracking, traffic, error, discard and broadcast graphing with threshold based alerting, uptime, BGP peer and interface status monitoring, correlate syslog messages and traps with discovery events, network maps for documentation and monitoring dashboards, detecting rouge access points and finding missing devices, and extensive reporting ranging from devices, modules, interfaces all the way to assets and nodes.
Netdisco
https://netdisco.org
Web-based network management tool suitable for small to very large networks. IP and MAC address data is collected into a PostgreSQL database using SNMP, CLI, or device APIs.
Observium Community
https://www.observium.org/
Network monitoring and management platform that provides real-time insight into network health and performance. It can automatically discover network devices and services, collect performance metrics, and generate alerts when problems are detected. Observium includes a web UI.
OpenWisp
https://openwisp.org/
Modular network management system built on top of OpenWRT (but designed to allow supporting multiple embedded operating systems) that allows managing and automating several aspects of IT network deployment, monitoring, and management.
Zabbix
https://www.zabbix.com/network_monitoring
Keep track of your network’s health and performance. Collect SNMP metrics or deploy a Zabbix agent to monitor a variety of network metrics. Apply the appropriate template on your network monitoring endpoint and start collecting network metrics, including incoming and outgoing traffic, total bandwidth usage, packet loss and interface error rates, number of TCP connections, link status, and interface speed and status. Supports SNMP versions v1, v2c, and v3 and SNMP trap collection, enabling compatibility with legacy and modern devices.
Monitoring – Flow Collectors & Generators
Akvorado
https://github.com/akvorado/akvorado
Receives flows (currently Netflow/IPFIX and sFlow), enriches them with interface names (using SNMP), geo information (using IPinfo.io), and exports them to Kafka, then ClickHouse. It also exposes a web interface to browse the collected data.
GoFlow2
https://github.com/netsampler/goflow2
NetFlow, IPFIX, sFlow collector in Go. It gathers network information (IP, interfaces, routers) from different flow protocols, serializes it in a common format. This software is the entry point of a pipeline. The storage, transport, enrichment, graphing, alerting are not provided. A fork of CloudFlare’s GoFlow project.
Host sFlow
https://sflow.net/
Exports physical and virtual server performance metrics using the sFlow protocol. The agent provides scalable, multi-vendor, multi-OS performance monitoring with minimal impact on the systems being monitored.
Pmacct
https://github.com/pmacct/pmacct
Collect, replicate, and export network information. On the data plane it can cache in memory tables, store persistently to RDBMS, noSQL databases and flat-files, publish to AMQP and Kafka brokers. Export sFlowv5, NetFlow v5/v9 and IPFIX. Perform data aggregation. It can also filter, sample, renormalize, tag, and classify at L7. On the control and infrastructure planes it can collect and publish to AMQP and Kafka brokers BGP, BMP, RPKI, and streaming telemetry data both standalone and as correlation/enrichment of data plane information.
Monitoring – Log Management
Fluentd
https://www.fluentd.org/
Data collector that lets you unify the data collection and consumption for a better use and understanding of data. Normalize and filter inbound logs and ship them out.
Graylog Open
https://graylog.org/products/source-available/
Provides the core centralized log management functionality you need to collect, enhance, store, and analyze data. Support is through Graylog’s online resources, community, and other Open groups.
Monitoring – Observability
Checkmk Raw Edition
https://checkmk.com/product/raw-edition
Monitoring for enterprises and power-users, offering extensibility, flexibility and adaptability without hassle or cumbersome configuration. The Checkmk team recommends Checkmk Raw Edition for small enterprises or hobbyists running a home lab.
Grafana
https://grafana.com/oss/grafana/
Easily collect, correlate, and visualize data with beautiful dashboards. Data visualization and monitoring solution that drives informed decisions, enhances system performance, and streamlines troubleshooting.
SuzieQ
https://github.com/netenglabs/suzieq
The first open source, multi-vendor network observability platform application. It’s both a framework and an application using that framework that’s focused on improving your understanding of your network.
Network Services
Bind (DNS)
https://www.isc.org/bind/
Very flexible, full-featured DNS system. Whatever your application is, BIND 9 probably has the required features. As the first, oldest, and most commonly deployed solution, there are more network engineers who are already familiar with BIND 9 than with any other system.
Kea (DHCP)
https://www.isc.org/kea/
ISC distributes TWO full-featured, open source, standards-based DHCP server distributions: Kea DHCP and ISC DHCP. Kea includes all the most-requested features, is far newer, and is designed for a more modern network environment.
LibreQoS
https://libreqos.io/
Quality of Experience (QoE) platform that helps Internet Service Providers (ISPs) enhance their customers’ internet connections. It leverages state of the art Flow Queueing (FQ) and Active Queue Management (AQM) algorithms to manage latency and bufferbloat over existing infrastructure. It also monitors performance by measuring end-to-end TCP round trip time for each subscriber, Access Point, and Site on a network. LibreQoS ensures fair allocation of bandwidth, prioritizes critical real-time applications, and promotes connection quality, equity and access.
Mosh
https://mosh.org/
Remote terminal application that allows roaming, supports intermittent connectivity, and provides intelligent local echo and line editing of user keystrokes. Mosh is a replacement for interactive SSH terminals. It’s more robust and responsive, especially over Wi-Fi, cellular, and long-distance links.
OpenNTPD
https://www.openntpd.org/
Easy-to-use implementation of the Network Time Protocol. It provides the ability to sync the local clock to remote NTP servers and can act as NTP server itself, redistributing the local clock.
PTPd
https://github.com/ptpd/ptpd
Implementation of the Precision Time Protocol (PTP) version 2 as defined by IEEE Std 1588-2008. PTP provides precise time coordination of Ethernet LAN connected computers. It was designed primarily for instrumentation and control systems.
Squid
https://www.squid-cache.org/
Caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently requested web pages. Squid has extensive access controls and makes a great server accelerator.
Operating Systems
Dent
https://dent.dev/
Uses the Linux kernel, Switchdev, and other Linux-based projects as the basis for building a new standardized network operating system without abstractions or overhead. All underlying infrastructure — including ASIC and silicon for networking and datapath — is treated equally, while existing abstractions, APIs, drivers, low-level overhead, and other open software are simplified. DENT unites silicon vendors, ODMs, SIs, OEMs, and end users across all verticals to enable the transition to disaggregated networks.
- 🎧️ NB373: Network OS DENT 2.0 Released
- 🗒️ Putting A Dent In Open-Source Switches: NOS/Device-Driver Combo Gains Traction
Open Network Install Environment
https://opencomputeproject.github.io/onie/
Creates an installation environment for bare-metal switches. ONIE is the tool that enables bare metal switches to have different network operating systems installed on a switch by providing a simple execution environment with basic network connectivity.
Open Network Linux
https://github.com/opencomputeproject/OpenNetworkLinux
Linux distribution for bare metal switches. ONL builds an ONIE-compatible installer and a switch image which contains a complete Debian distribution with added drivers and configuration for running on bare metal switches. Has been moved to maintenance mode, pending archival.
OpenSwitch
https://www.openswitch.net/
The OPX project creates an operating system abstracting a variety of switching chips and providing a programmable interface. The project was deemed mature as of August 2020.
Open vSwitch
https://openvswitch.org/
A virtual switch akin to Broadcom VMware’s vSwitch or Cisco’s Nexus 1000V. OVS can also sit on a hypervisor or a network switch. OVS can run across servers as a distributed virtual switch. The feature focus is on L2 functions such as VLANs, LACP, spanning tree, and L2 QoS.
OpenWRT
https://openwrt.org/
Open Wireless RouTer. Linux operating system targeting embedded devices. Instead of trying to create a single, static firmware, OpenWRT provides a fully writable filesystem with package management. This frees you from the application selection and configuration provided by the vendor and allows you to customize the device through the use of packages to suit any application.
SoNiC
https://github.com/sonic-net/SONiC
Network operating system based on Linux that runs on switches from multiple vendors and ASICs. SONiC offers a full-suite of network functionality, like BGP and RDMA, that has been production-hardened in the data centers of some of the largest cloud-service providers. It offers teams the flexibility to create the network solutions they need while leveraging the collective strength of a large ecosystem and community.
- 🎧️ HN521: Diving Into Dell Technologies’ SONiC Network OS For The Enterprise
- 🎧️ HN551: An Insider’s Guide To The SONiC Network OS
- 🎧️ HN570: Dell Brings The SONiC NOS To SmartNICs And DPUs
- 🗒️ What People Get Wrong About Microsoft SONiC
VyOS
https://vyos.io/
Network operating system based on Debian GNU/Linux. VyOS provides a free routing platform that competes directly with other commercially available solutions from well known network providers. Because VyOS runs on standard amd64, i586, and ARM systems, it’s able to be used as a router and firewall platform for cloud deployments.
Routing Platforms
Bio-Routing
https://github.com/bio-routing/bio-rd
A versatile, fast and reliable routing daemon in Golang. bio = BGP + IS-IS + OSPF. We value respect and robustness!
Bird
https://bird.network.cz/
Aims to develop a fully functional dynamic IP routing daemon. Supports IPv4 and IPv6, multiple routing tables, BGP, RIP, OSPF, BFD, Babel, static routes, IPv6 RA, and inter-table protocol, and offers a CLI using the `birdc’ client and a powerful language for route filtering.
freeRtr
http://www.freertr.org/
Control plane meant to be paired with a programmable dataplane. P4, DPDK, XDP, and TCPDUMP/libpcap are cited as dataplane possibilities. Think of freeRtr as a learning tool that allows for several router instances to be stood up on the same device and connected to each other using UDP encapsulation.
Free Range Routing
https://frrouting.org/
Internet routing protocol suite for Linux and Unix platforms. It implements BGP, OSPF, RIP, IS-IS, PIM, LDP, BFD, Babel, PBR, OpenFabric, and VRRP, with alpha support for EIGRP and NHRP. FRR’s seamless integration with native Linux/Unix IP networking stacks makes it a general purpose routing stack applicable to a wide variety of use cases including connecting hosts/VMs/containers to the network, advertising network services, LAN switching and routing, internet access routers, and internet peering.
Holo
https://github.com/holo-routing/holo
Suite of routing protocols designed to support high-scale and automation-driven networks. Holo’s main goal is to create a reliable, easy-to-maintain, and extensible codebase. With the ever increasing complexity of routing protocols and their extensions, it’s crucial to have routing protocol implementations built on a robust foundation. Supports BFD, MPLS LDP, OSPF, and RIP, with BGP and IS-IS on the roadmap.
Pathvector
https://pathvector.io/
Declarative edge routing platform that automates route optimization and control plane configuration with secure and repeatable routing policy. Features include automatic configuration from PeeringDB, automatic route optimization by enriching the standard set of BGP attributes with latency and packet loss metrics, declarative configuration model, data-plane agnosticism, BFD and VRRP support, and an extensible Go plugin API.
SCION
https://github.com/netsec-ethz/scion
Scalability, Control and Isolation On next-generation Networks, a future Internet architecture. SCION is the first clean-slate Internet architecture designed to provide route control, failure isolation, and explicit trust information for end-to-end communication. To find out more about the project, please visit our documentation site.
Security – DDoS Mitigation
FastNetMon Community Edition
https://github.com/pavel-odintsov/fastnetmon
High-performance DDoS detector/sensor built on top of multiple packet capture engines: NetFlow, IPFIX, sFlow, AF_PACKET (port mirror). Detects hosts in the deployed network sending or receiving large volumes of traffic, packets/bytes/flows per second and perform a configurable action to handle that event. These configurable actions include notifying you, calling script or making BGP announcements.
Security – Firewalls & Filtering
Iptables
https://www.netfilter.org/projects/iptables/index.html
Userspace command line program used to configure the Linux 2.4.x and later packet filtering ruleset. It’s targeted towards system administrators. Since NAT is also configured from the packet filter ruleset, iptables is used for this too. The iptables package also includes ip6tables. ip6tables is used for configuring the IPv6 packet filter.
Nftables
https://netfilter.org/projects/nftables/
Replaces the popular {ip,ip6,arp,eb} tables. This software provides a new in-kernel packet classification framework that’s based on a network-specific virtual machine and a new nft userspace command line tool. nftables reuses the existing Netfilter subsystems such as the existing hook infrastructure, the connection tracking system, NAT, userspace queueing, and logging subsystem.
Opnsense
https://opnsense.org/
Easy-to-use and easy-to-build FreeBSD based firewall and routing platform. OPNsense includes most of the features available in expensive commercial firewalls, and more in many cases. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources.
Security – Intrusion Detection & Prevention
CrowdSec Free Edition
https://github.com/crowdsecurity/crowdsec
CrowdSec is a free, modern, and collaborative behavior detection engine, coupled with a global IP reputation network. It stacks on fail2ban’s philosophy but is IPV6 compatible and 60x faster (Go vs Python), it uses Grok patterns to parse logs, and YAML scenarios to identify behaviors. CrowdSec is engineered for modern cloud / containers / VM-based infrastructures (by decoupling detection and remediation). Once detected you can remedy threats with various bouncers (firewall block, nginx http 403, captchas, etc.) while the aggressive IP can be sent to CrowdSec for curation before being shared among all users to further improve everyone’s security.
Snort
https://www.snort.org/
Snort has three primary uses: As a packet sniffer like tcpdump, as a packet logger — which is useful for network traffic debugging, or it can be used as a full-blown network intrusion prevention system. Snort can be downloaded and configured for personal and business use alike.
Suricata
https://suricata.io/
High performance, open source network analysis and threat detection software used by most private and public organizations, and embedded by major vendors to protect their assets. Not only IDS/IPS, but also transaction logging, packet capture, and more.
Zeek (formerly Bro)
https://zeek.org/
Sits on a “sensor,” a hardware, software, virtual, or cloud platform that quietly and unobtrusively observes network traffic. Zeek interprets what it sees and creates compact, high-fidelity transaction logs, file content, and fully customized output, suitable for manual review on disk or in a more analyst-friendly tool like a security and information event management (SIEM) system.
Security – Scanning & Reconnaissance
Bettercap
https://github.com/bettercap/bettercap
Powerful, easily extensible and portable framework written in Go which aims to offer to security researchers, red teamers and reverse engineers an easy to use, all-in-one solution with all the features they might possibly need for performing reconnaissance and attacking WiFi networks, Bluetooth Low Energy devices, wireless HID devices and Ethernet networks.
Furious IP/Port Scanner
https://github.com/liamg/furious
Furious is a fast, lightweight, portable network scanner. A SYN scan of a single host, including all known ports (~6000) will typically take in the region of 4 seconds. On the same machine, nmap took 98 seconds and produced exactly the same results.
Ivre
https://github.com/ivre/ivre
Network recon framework, including tools for passive and active recon. IVRE can use data from Zeek, Argus, Nfdump, p0f, airodump-ng, Nmap, Masscan, ZGrab2, ZDNS, Nuclei, httpx, dnsx, tlsx, and Dismap.
Nmap
https://nmap.org/
Tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. While Nmap is commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.
Security – VPN
strongSwan
https://www.strongswan.org/
Comprehensive implementation of the Internet Key Exchange (IKE) protocols that allows securing IP traffic in policy- and route-based IPsec scenarios from simple to very complex.
Wireguard
https://www.wireguard.com/
Extremely simple yet fast and modern VPN that uses state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN.
Tools – CLI Utilities
BNG Blaster
https://github.com/rtbrick/bngblaster
Network tester for access and routing protocols. Originally developed as an access protocol tester, the BNG Blaster has undergone a significant evolution, transforming into a comprehensive network testing tool that now encompasses both access and routing functionalities. Its scope has expanded beyond the assessment of access protocols and now encompasses a broader spectrum, involving the evaluation of network functionalities at large. BNG Blaster isn’t restricted only to BNG (Broadband Network Gateway) testing. It simulates a massive number of PPPoE and IPoE (DHCP) subscribers, encompassing IPTV and L2TP (LNS). Additionally it supports all common routing protocols such as IS-IS, OSPF, LDP, and BGP.
Commando
https://github.com/hellt/cmdo
Commando is a tiny tool that enables users to collect command outputs from a single or a multiple networking devices defined in an inventory file and send file-based or string-based configs towards the devices defined in the inventory file. All that with zero dependencies and a 1-click installation.
Ethtool
https://mirrors.edge.kernel.org/pub/software/network/ethtool/
Standard Linux utility for controlling network drivers and hardware, particularly for wired Ethernet devices.
gNMIc
https://gnmic.openconfig.net
A gNMI CLI client that provides full support for Capabilities, Get, Set and Subscribe RPCs with collector capabilities.
gNOIc
https://gnoic.kmrd.dev
gNOI CLI client that provides support for select gNOI Services: Certificate Management, File, System, and OS.
Iproute2
https://wiki.linuxfoundation.org/networking/iproute2
Collection of utilities for controlling TCP / IP networking and traffic control in Linux. Most network configuration manuals still refer to ifconfig and route as the primary network configuration tools, but ifconfig is known to behave inadequately in modern network environments. They should be deprecated, but most distros still include them.
lswifi
https://github.com/joshschmelzle/lswifi
CLI-centric Wi-Fi scanning tool for Windows that provides more information about nearby Wi-Fi networks than built-in tools (e.g. netsh show wlan networks). Examples include Received Signal Strength Indicator (RSSI), showing security AKMs and ciphers, parsing 802.11 feature set, looking at 6 GHz Reduced Neighbor Reports, and more. With capable Wi-Fi adapters, lswifi can detect and show networks in 2.4 GHz, 5 GHz, and 6 GHz bands.
Mtr
https://bitwizard.nl/mtr/
Combines the functionality of the ‘traceroute’ and ‘ping’ programs in a single network diagnostic tool. As mtr starts, it investigates the network connection between the host mtr runs on and a user-specified destination host. After it determines the address of each network hop between the machines, it sends a sequence ICMP ECHO requests to each one to determine the quality of the link to each machine. As it does this, it prints running statistics about each machine.
Netcat
https://nc110.sourceforge.io/
Aka “nc”. Simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol. It’s designed to be a reliable “back-end” tool that can be used directly or easily driven by other programs and scripts. At the same time, it’s a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities.
Scapy
https://github.com/secdev/scapy
Powerful Python-based interactive packet manipulation program and library. It’s able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, store or read them using pcap files, match requests and replies, and much more. It’s designed to allow fast packet prototyping by using default values that work.
Sipcalc
https://github.com/sii/sipcalc
Console-based IP subnet calculator with IPv4 and IPv6 support.
Speedtest CLI
https://www.speedtest.net/apps/cli
CLI-based up/down bandwidth test.
Switchmap
https://switchmap.sourceforge.net/
Perl program that creates HTML pages that show information about a set of Cisco Ethernet switches. The program uses SNMP to gather data from the switches.
Tools – Packet Capture & Analysis
TCPdump & libpcap
https://www.tcpdump.org/
Tcpdump, a powerful command-line packet analyzer, and libpcap, a portable C/C++ library for network traffic capture.
Wireshark
https://www.wireshark.org/
The world’s most popular network protocol analyzer. It lets you see what’s happening on your network at a microscopic level. It’s the de facto (and often de jure) standard across many industries and educational institutions.
Tools – Traffic Generators
Arachne
https://github.com/uber/arachne
Arachne is a packet loss detection system and an underperforming path detection system. It provides fast and easy active end-to-end functional testing of all the components in Data Center and Cloud infrastructures. Arachne is able to detect intra-DC, inter-DC, DC-to-Cloud, and DC-to-External-Services issues by generating minimal traffic.
Ethr
https://github.com/microsoft/ethr
Ethr is a cross platform network performance measurement tool written in golang. The goal of this project is to provide a native tool for comprehensive network performance measurements of bandwidth, connections/s, packets/s, latency, loss & jitter, across multiple protocols such as TCP, UDP, HTTP, HTTPS, and across multiple platforms such as Windows, Linux and other Unix systems. Ethr takes inspiration from existing open source network performance tools and builds upon those ideas.
Iperf
https://github.com/esnet/iperf
Tool for active measurements of the maximum achievable bandwidth on IP networks. It supports tuning of various parameters related to timing, protocols, and buffers. For each test it reports the measured throughput / bitrate, loss, and other parameters.
Magna
https://github.com/openconfig/magna
Open Traffic Generator implementation from OpenConfig project.
Ostinato
https://github.com/pstavirs/ostinato/
Network packet crafter and traffic generator. Source available to DIY build. Purchasing the binaries and add-ons supports the creator and maintainer.
Pktgen
https://github.com/pktgen/Pktgen-DPDK
Traffic generator powered by DPDK at wire rate traffic with 64 byte frames.
T-rex
https://trex-tgn.cisco.com/
Low cost, stateful, and stateless traffic generator fuelled by DPDK. It generates L3-7 traffic and provides in one tool capabilities provided by commercial tools.
Warp17
https://github.com/Juniper/warp17
Lightweight solution for generating high volumes of session based traffic with very high setup rates. WARP17 currently focuses on L5-L7 application traffic (e.g., HTTP) running on top of TCP as this kind of traffic requires a complete TCP implementation. Nevertheless, WARP17 also supports application traffic running on top of UDP.
🤔 Did we miss a project? Tell us about it here.
