# GoBGP daemon configuration -- OpenBMP "global Internet table" feed (roadmap E1) # # Pulls the full real Internet routing table (IPv4 ~1M + IPv6 ~200k routes) # from Lukasz Bromirski's lab route server (AS57355) and BMP-exports every # received route to the OpenBMP collector, where it lands in PostgreSQL ip_rib. # Peering spec: https://lukasz.bromirski.net/post/bgp-w-labie-3/ # # It ALSO re-advertises the full table to the two CML core routers # (CORE-01/CORE-02, AS65020) over eBGP. As route reflectors the cores # propagate it to every R9K client -- so all 9 lab routers carry and # BMP-export a full table. This is an intentional lab stress test of the # OpenBMP ingestion/storage path (~9x full feeds; DB grows to ~55-65 GB). # # Local AS is 65001 (the value the Bromirski route server expects). # Bromirski peering: eBGP multihop, no password, keepalive 3600 / hold 7200. # TOML syntax targets GoBGP v3.x / v4.x. [global] [global.config] as = 65001 router-id = "10.40.40.250" # We only originate outbound sessions (to the route server and to the # two cores) so the inbound BGP listener stays disabled (port -1) -- no # privileged (<1024) bind needed under docker network_mode: host. port = -1 # Note: once we peer with the cores, GoBGP learns the cores' lab routes over # eBGP. To guarantee none of that leaks back to AS57355 (which asks peers to # announce NOTHING), the route-server sessions below carry an apply-policy # with default-export-policy = "reject-route" -- every export is dropped. # --- Neighbor: route server, IPv4 feed -------------------------------------- # The IPv4 transport session carries the full IPv4 table only. [[neighbors]] [neighbors.config] neighbor-address = "85.232.240.179" peer-as = 57355 description = "AS57355 Bromirski lab route-server (IPv4 feed)" [neighbors.timers.config] keepalive-interval = 3600 hold-time = 7200 [neighbors.ebgp-multihop.config] enabled = true multihop-ttl = 64 [neighbors.transport.config] # we initiate the session; no local-address pinning passive-mode = false [neighbors.apply-policy.config] # reject every export toward the route server default-export-policy = "reject-route" [[neighbors.afi-safis]] [neighbors.afi-safis.config] afi-safi-name = "ipv4-unicast" # --- Neighbor: route server, IPv6 feed -------------------------------------- # The IPv6 transport session carries the full IPv6 table only. [[neighbors]] [neighbors.config] neighbor-address = "2001:1a68:2c:2::179" peer-as = 57355 description = "AS57355 Bromirski lab route-server (IPv6 feed)" [neighbors.timers.config] keepalive-interval = 3600 hold-time = 7200 [neighbors.ebgp-multihop.config] enabled = true multihop-ttl = 64 [neighbors.transport.config] passive-mode = false [neighbors.apply-policy.config] # reject every export toward the route server default-export-policy = "reject-route" [[neighbors.afi-safis]] [neighbors.afi-safis.config] afi-safi-name = "ipv6-unicast" # --- Neighbor: CML CORE-01 (AS65020) ---------------------------------------- # GoBGP initiates outbound to the core's mgmt IP (reachable from the docker # host -- the cores already reach the host for BMP). GoBGP sources the session # from the host IP 10.40.40.202. eBGP multihop: the host is several hops from # the core. Default export policy (accept) re-advertises the full Bromirski # table to the core. prefix-limit is a safety cap on what the core can send # back (its lab routes only -- small). # IPv4-unicast only: the cores have no global IPv6 address, so an ipv6 AF # would hold the session Idle. IPv6 full-table feed is a separate phase. [[neighbors]] [neighbors.config] neighbor-address = "10.100.0.100" peer-as = 65020 description = "CML CORE-01 -- full-table injection (lab stress test)" [neighbors.ebgp-multihop.config] enabled = true multihop-ttl = 64 [neighbors.transport.config] passive-mode = false [[neighbors.afi-safis]] [neighbors.afi-safis.config] afi-safi-name = "ipv4-unicast" [neighbors.afi-safis.prefix-limit.config] max-prefixes = 2000000 shutdown-threshold-pct = 90 # --- Neighbor: CML CORE-02 (AS65020) ---------------------------------------- [[neighbors]] [neighbors.config] neighbor-address = "10.100.0.200" peer-as = 65020 description = "CML CORE-02 -- full-table injection (lab stress test)" [neighbors.ebgp-multihop.config] enabled = true multihop-ttl = 64 [neighbors.transport.config] passive-mode = false [[neighbors.afi-safis]] [neighbors.afi-safis.config] afi-safi-name = "ipv4-unicast" [neighbors.afi-safis.prefix-limit.config] max-prefixes = 2000000 shutdown-threshold-pct = 90 # --- Neighbor: PROX CORE-01 (AS65021) --------------------------------------- # Second lab. Same IPv4-unicast-only full-table injection as the CML cores. [[neighbors]] [neighbors.config] neighbor-address = "10.100.1.100" peer-as = 65021 description = "PROX CORE-01 -- full-table injection (lab stress test)" [neighbors.ebgp-multihop.config] enabled = true multihop-ttl = 64 [neighbors.transport.config] passive-mode = false [[neighbors.afi-safis]] [neighbors.afi-safis.config] afi-safi-name = "ipv4-unicast" [neighbors.afi-safis.prefix-limit.config] max-prefixes = 2000000 shutdown-threshold-pct = 90 # --- Neighbor: PROX CORE-02 (AS65021) --------------------------------------- [[neighbors]] [neighbors.config] neighbor-address = "10.100.1.200" peer-as = 65021 description = "PROX CORE-02 -- full-table injection (lab stress test)" [neighbors.ebgp-multihop.config] enabled = true multihop-ttl = 64 [neighbors.transport.config] passive-mode = false [[neighbors.afi-safis]] [neighbors.afi-safis.config] afi-safi-name = "ipv4-unicast" [neighbors.afi-safis.prefix-limit.config] max-prefixes = 2000000 shutdown-threshold-pct = 90 # --- BMP export to the OpenBMP collector ------------------------------------ # GoBGP connects OUT to the collector. GoBGP's BMP config requires a literal # IP (it cannot resolve a hostname), so we target the docker host IP where the # collector publishes port 5000 -- stable across container recreation, unlike # the collector's internal docker IP. Matches HOST_IP in .env. # route-monitoring-policy = "pre-policy" exports the Adj-RIB-In (received # routes, pre import-policy) -- consistent with the rest of the OpenBMP fleet. [[bmp-servers]] [bmp-servers.config] address = "10.40.40.202" port = 5000 route-monitoring-policy = "pre-policy" statistics-timeout = 3600