Ze Architecture
A one-page guide to how Ze is structured. For the full design document with rationale, wire format details, and performance analysis, see DESIGN.md. For the canonical architecture reference, see architecture/core-design.md.
What Ze Is
Ze is a network operating system built in Go. A small, protocol-agnostic engine supervises a message bus, a config provider, and a plugin manager. The engine has no knowledge of BGP or any specific protocol. BGP, interface management, firewall, traffic control, and everything else register as subsystems and plugins.
Component Map
Engine (supervisor, lifecycle, config)
|
+-- Hub / Bus (content-agnostic message routing, []byte on hierarchical topics)
| |
| +-- BGP Subsystem (TCP, FSM, wire parsing, capability negotiation, reactor)
| +-- Interface component (netlink/VPP backend, DHCP, NTP)
| +-- Firewall component (nftables/VPP backend)
| +-- Traffic component (tc/VPP backend)
| +-- Config provider (YANG-parsed tree, transaction protocol)
| +-- Plugin infrastructure (registry, process manager, DirectBridge)
| |
| +-- bgp-rib, bgp-rs, bgp-gr, bgp-role, and many more
| +-- fib-kernel, sysrib, static, sysctl, ...
| +-- External plugins (any language, TLS connect-back)
|
+-- CLI (SSH-accessible editor and command shell)
+-- Web UI (HTMX-based config editor, admin dashboard, SSE live updates)
+-- Looking Glass (peer/route viewer, birdwatcher-compatible API)
+-- Telemetry (Prometheus metrics, optional Basic Auth)
+-- MCP server (Model Context Protocol for AI tool integration)
Key Design Choices
| Principle | What it means |
|---|---|
| Wire-first | BGP messages are byte buffers, not parsed structs. Parsing is lazy via offset iterators. |
| Buffer-first encoding | All wire writes go into pooled, bounded buffers via WriteTo(buf, off) int. No append() in encoding. |
| Zero-copy forwarding | When source and destination peers share the same ContextID (negotiated capabilities hash), UPDATE bytes are forwarded unchanged. |
| Pool-based dedup | Per-attribute-type memory pools with refcounted handles. ORIGIN has 3 values; dedup saves memory at scale. |
| Registration pattern | Components and plugins register at startup via init(). Core discovers through registries, never imports directly. |
| YANG-modeled everything | Config schemas, CLI dispatch, plugin registration, and RPC discovery all flow from YANG modules. |
Key Wire Abstractions
| Abstraction | Purpose | Location |
|---|---|---|
WireUpdate |
Lazy-parsed BGP UPDATE: iterators over wire bytes, no intermediate structs | internal/component/bgp/wireu/ |
PackContext |
Negotiated capabilities that determine encoding (ASN4, ADD-PATH, ExtNH) | internal/core/bgp/context/ |
ContextID |
uint16 hash of capabilities. Same ID = forward wire bytes unchanged. | internal/core/bgp/context/ |
Pool / Handle |
Per-attribute-type pools with refcounted handles and incremental compaction | internal/component/bgp/attrpool/ |
DirectBridge |
Bypasses IPC serialization for internal plugins (direct function calls) | pkg/plugin/rpc/ |
Hub / Bus
The bus is the central notification router. It routes opaque []byte payloads
on hierarchical topics (e.g., bgp/update, interface/up) with prefix-based
subscription matching. It is used for broadcast state changes and event fan-out;
request/response calls use the plugin dispatcher, DirectBridge, or typed package
interfaces. The bus never inspects payload content.
Components avoid importing each other's implementation packages. They communicate through registries, bus topics, plugin RPC, DirectBridge, or shared core value types depending on the direction and latency requirements. BGP subscribes to interface events to react when addresses appear or disappear. The FIB pipeline uses bus topics to carry best-path decisions from BGP RIB through system RIB to kernel route installation.
BGP Subsystem
The BGP subsystem owns the protocol: TCP connections, FSM state machines, wire parsing, capability negotiation, and the reactor event loop. It produces structured events and consumes commands. It never imports plugin code.
For a walk-through of the BGP state machine, see bgp-fsm.md.
Configuration
JUNOS-like hierarchical syntax: {} blocks, ; terminators, # comments.
YANG-driven parsing. Three-level inheritance: BGP globals, group defaults, peer
overrides. Configuration is stored in ZeFS (a blob store with commit/rollback)
and managed through an interactive editor accessible over SSH.
For the full config syntax reference, see config-reference.md.
Plugin Architecture
All features beyond core engine operation are plugins: RIB storage, route reflection, graceful restart, RPKI validation, NLRI encoding, FIB programming, firewall, traffic control, and more. Plugins run in-process (goroutine + DirectBridge) or as external processes (TLS connect-back in any language).
For the plugin architecture overview, see plugin-overview.md. For writing plugins, see plugin-development/.
Data Flow
Receive: Network -> WireUpdate -> Reactor -> EventDispatcher -> Plugins
Announce: Text command -> ParseUpdate() -> WireUpdate -> Peer
Forward: Cache lookup -> Egress filters -> Wire (zero-copy when ContextID matches)
The reactor fires a single StructuredEvent per received UPDATE. Forwarders
(route server, route reflector) and state trackers (RIB plugin) both subscribe
to the same dispatch but consume it differently: forwarders make per-peer
forwarding decisions, state trackers update best-path state.
FIB Pipeline
Best-path decisions flow through the bus:
- BGP RIB detects best-path changes, publishes to
bgp-rib/best-change/bgp - System RIB selects system-wide best by administrative distance, publishes to
system-rib/best-change - FIB Kernel programs OS routes via netlink (
RTPROT_ZE=250)
Programs
| Binary | Purpose |
|---|---|
ze |
Network OS: BGP, CLI, config, hub, interface, ExaBGP migration, plugin, schema, signal, completion |
ze-chaos |
Chaos testing orchestrator: fault injection, scheduling |
ze-perf |
Performance benchmarking: UPDATE throughput tracking |
ze-analyze |
MRT/RIB analysis: attributes, communities, density, dump |
ze-test |
Functional test runner: BGP, editor, peer, MCP, web, RPKI, managed |
Source Layout
| Area | Location |
|---|---|
| Components | internal/component/ (api, bgp, cli, config, firewall, flowexport, gnmi, iface, ike, ipsec, l2tp, ldp, lg, mcp, pki, pppoe, resolve, rsvpte, ssh, storage, telemetry, traffic, vpp, web, ...) |
| BGP engine | internal/component/bgp/ (reactor, FSM, wire, message, capability) |
| Plugin implementations | internal/plugins/ and internal/component/bgp/plugins/ |
| Plugin infrastructure | internal/component/plugin/ (registry, process, hub, SDK) |
| Programs | cmd/ze/ (build tags: ze_core, ze_test, ze_chaos, ze_perf, ze_analyze) |
| Public SDKs | pkg/plugin/sdk/, pkg/plugin/rpc/, pkg/zefs/ |
| Tests | test/ (.ci files), *_test.go |
Deeper Reading
| Topic | Document |
|---|---|
| Full design document | DESIGN.md |
| Canonical architecture reference | architecture/core-design.md |
| System architecture (hub mode) | architecture/system-architecture.md |
| Buffer-first architecture | architecture/buffer-architecture.md |
| Pool architecture | architecture/pool-architecture.md |
| Wire format details | architecture/wire/ |
| Hub architecture | architecture/hub-architecture.md |
| Config syntax | config-reference.md |
| BGP FSM | bgp-fsm.md |
| Plugin architecture | plugin-overview.md |
| Feature inventory | features.md |