NetGauze

Weaving network protocols into one toolkit

NetGauze is a set of Rust libraries and programs for network monitoring, telemetry collection, and protocol analysis. It provides high-performance, type-safe packet parsing and serialization for key network protocols, along with a network telemetry collector daemon that can be used to collect and process telemetry data from multiple sources.

Get Started View on GitHub
cargo add netgauze-bgp-pkt
Protocol Libraries

Production-grade protocol support

Each protocol gets a dedicated packet crate for representation and wire format serialization, plus service crates for building receivers and speakers. All parsers are continuously fuzz-tested.

BGP

BGP-4, MP-BGP (IPv4/IPv6 Unicast & Multicast, MPLS VPN, EVPN, BGP-LS), 4-octet ASN, Add-Path, Route Refresh, Extended Messages, and communities.

bgp-pkt bgp-speaker

BMP

BMP v3 and v4 with all message types and peer states. Includes a service building block for receiving BMP messages.

bmp-pkt bmp-service

IPFIX & NetFlow V9

IANA IPFIX Information Elements code generation, enterprise-specific IEs (VMware, Nokia), and full wire format support.

flow-pkt flow-service

UDP-Notif

Packet representation and wire format serialization/deserialization with a service building block for receiving messages.

udp-notif-pkt udp-notif-service

YANG Push

Data models and YANG validation for network configuration and telemetry push notifications.

yang-push

NETCONF

Protocol types, XML parsing, and SSH client wiring for NETCONF-based network management.

netconf-proto
Design Principles

Built for correctness

NetGauze leverages Rust's type system to ensure protocol correctness at compile time. Packets are rich, immutable data structures where invalid states are unrepresentable.

Immutable PDUs

Packets are immutable once constructed, preventing accidental mutation and ensuring thread safety.

Enum-driven correctness

Protocol constants as enums catch invalid values at compile time rather than runtime.

Separated concerns

Packet representation is independent of wire format parsing and service integration.

Fuzz-tested

All protocol parsers are continuously fuzzed via cargo-fuzz to catch edge cases.

Collector Daemon

Network telemetry collector

A deployable service that ties the protocol libraries together for production network telemetry collection.

netgauze-collector

Collect, aggregate, and publish network telemetry data from multiple sources with a single daemon.

Inputs

  • IPFIX / NetFlow V9
  • UDP-Notif
  • YANG Push
  • Kafka (enrichment)
  • BMP & BGP (WIP)

Features

  • Kafka publishing (Avro, JSON, YANG)
  • OpenTelemetry metrics (OTLP)
  • Flow aggregation & enrichment
  • YAML configuration
  • RPM packaging
$ cargo run -p netgauze-collector -- /path/to/config.yaml
Quick Start

Up and running in minutes

Add the crate you need and start parsing protocol messages from bytes.

1

Add the dependency

# Cargo.toml
[dependencies]
netgauze-bgp-pkt = "0.9"
2

Parse a BGP message

use netgauze_bgp_pkt::BgpMessage;
use netgauze_bgp_pkt::wire
    ::deserializer::BgpParsingContext;
use netgauze_parse_utils
    ::{ReadablePduWithOneInput, Span};

let raw: &[u8] = &[/* bytes */];
let span = Span::new(raw);
let mut ctx = BgpParsingContext::default();
let (_, msg) =
    BgpMessage::from_wire(span, &mut ctx)
    .unwrap();
Tools

PCAP Decoder

Swiss army knife CLI to decode BGP, BMP, IPFIX/NetFlow, and UDP-Notif from PCAP files into JSON Lines format. 

$ cargo run -p netgauze-pcap-decoder -- \
    --protocol bmp \
    --ports 11019 \
    input.pcap -o output.jsonl