sam/obmp-docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
obmp-docker/gobgp/gobgpd.conf.tmpl
sam 2634aada24 Parameterize HOST_IP everywhere -- portable to another lab host 
Removes hardcoded 10.40.40.202 references so a fresh clone + .env-only
edit can stand the stack up on a new compute node.

  * docker-compose.yml: rib-poller PG_DSN now uses ${HOST_IP:-...}.
  * obmp-rib-poller/poller.py: default PG_DSN host falls back to
    ${HOST_IP} env (compose passes it; manual runs honour $HOST_IP too).
  * cml/gobgp_peering_config.py: GOBGP_IP read from $HOST_IP or the
    HOST_IP= line in repo-root .env, with a small _env_default helper.
  * cml/proxmox_bmp_config.py: COLLECTOR_HOST resolved the same way.

For gobgp/gobgpd.conf and gobgp-evpn/gobgpd.conf -- jauderho/gobgp is
distroless (no shell), so we can't sed-substitute at container start.
Pattern instead:

  * gobgpd.conf is now gobgpd.conf.tmpl with __HOST_IP__ placeholders
    (committed). The rendered gobgpd.conf is gitignored.
  * setup.sh renders the .tmpl(s) to .conf using $HOST_IP from .env.
  * compose `command` stays the simple `gobgpd -f /config/gobgpd.conf`.

After cloning on a new host:  cp .env.example .env  -> edit HOST_IP ->
./setup.sh -> docker compose up -d. Verified locally by force-recreating
gobgp; all 6 sessions (4 cores + 2 Bromirski) re-established in <60s.

Known portability gaps still to address (separate work):
  * Hardcoded lab-router inventories in cml/*.py and
    obmp-rib-poller/poller.py.
  * The /etc/cron.d/openbmp */5 -> */15 edit inside obmp-psql-app is
    not persistent (regenerated by config_cron on every container start).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-19 18:34:51 -07:00

171 lines
6.6 KiB
Cheetah
Raw Blame History

# GoBGP daemon configuration -- OpenBMP "global Internet table" feed (roadmap E1)
#
# Pulls the full real Internet routing table (IPv4 ~1M + IPv6 ~200k routes)
# from Lukasz Bromirski's lab route server (AS57355) and BMP-exports every
# received route to the OpenBMP collector, where it lands in PostgreSQL ip_rib.
# Peering spec: https://lukasz.bromirski.net/post/bgp-w-labie-3/
#
# It ALSO re-advertises the full table to the two CML core routers
# (CORE-01/CORE-02, AS65020) over eBGP. As route reflectors the cores
# propagate it to every R9K client -- so all 9 lab routers carry and
# BMP-export a full table. This is an intentional lab stress test of the
# OpenBMP ingestion/storage path (~9x full feeds; DB grows to ~55-65 GB).
#
# Local AS is 65001 (the value the Bromirski route server expects).
# Bromirski peering: eBGP multihop, no password, keepalive 3600 / hold 7200.
# TOML syntax targets GoBGP v3.x / v4.x.
[global]
[global.config]
as = 65001
router-id = "10.40.40.250"
# We only originate outbound sessions (to the route server and to the
# two cores) so the inbound BGP listener stays disabled (port -1) -- no
# privileged (<1024) bind needed under docker network_mode: host.
port = -1
# Note: once we peer with the cores, GoBGP learns the cores' lab routes over
# eBGP. To guarantee none of that leaks back to AS57355 (which asks peers to
# announce NOTHING), the route-server sessions below carry an apply-policy
# with default-export-policy = "reject-route" -- every export is dropped.
# --- Neighbor: route server, IPv4 feed --------------------------------------
# The IPv4 transport session carries the full IPv4 table only.
[[neighbors]]
[neighbors.config]
neighbor-address = "85.232.240.179"
peer-as = 57355
description = "AS57355 Bromirski lab route-server (IPv4 feed)"
[neighbors.timers.config]
keepalive-interval = 3600
hold-time = 7200
[neighbors.ebgp-multihop.config]
enabled = true
multihop-ttl = 64
[neighbors.transport.config]
# we initiate the session; no local-address pinning
passive-mode = false
[neighbors.apply-policy.config]
# reject every export toward the route server
default-export-policy = "reject-route"
[[neighbors.afi-safis]]
[neighbors.afi-safis.config]
afi-safi-name = "ipv4-unicast"
# --- Neighbor: route server, IPv6 feed --------------------------------------
# The IPv6 transport session carries the full IPv6 table only.
[[neighbors]]
[neighbors.config]
neighbor-address = "2001:1a68:2c:2::179"
peer-as = 57355
description = "AS57355 Bromirski lab route-server (IPv6 feed)"
[neighbors.timers.config]
keepalive-interval = 3600
hold-time = 7200
[neighbors.ebgp-multihop.config]
enabled = true
multihop-ttl = 64
[neighbors.transport.config]
passive-mode = false
[neighbors.apply-policy.config]
# reject every export toward the route server
default-export-policy = "reject-route"
[[neighbors.afi-safis]]
[neighbors.afi-safis.config]
afi-safi-name = "ipv6-unicast"
# --- Neighbor: CML CORE-01 (AS65020) ----------------------------------------
# GoBGP initiates outbound to the core's mgmt IP (reachable from the docker
# host -- the cores already reach the host for BMP). GoBGP sources the session
# from the host IP __HOST_IP__. eBGP multihop: the host is several hops from
# the core. Default export policy (accept) re-advertises the full Bromirski
# table to the core. prefix-limit is a safety cap on what the core can send
# back (its lab routes only -- small).
# IPv4-unicast only: the cores have no global IPv6 address, so an ipv6 AF
# would hold the session Idle. IPv6 full-table feed is a separate phase.
[[neighbors]]
[neighbors.config]
neighbor-address = "10.100.0.100"
peer-as = 65020
description = "CML CORE-01 -- full-table injection (lab stress test)"
[neighbors.ebgp-multihop.config]
enabled = true
multihop-ttl = 64
[neighbors.transport.config]
passive-mode = false
[[neighbors.afi-safis]]
[neighbors.afi-safis.config]
afi-safi-name = "ipv4-unicast"
[neighbors.afi-safis.prefix-limit.config]
max-prefixes = 2000000
shutdown-threshold-pct = 90
# --- Neighbor: CML CORE-02 (AS65020) ----------------------------------------
[[neighbors]]
[neighbors.config]
neighbor-address = "10.100.0.200"
peer-as = 65020
description = "CML CORE-02 -- full-table injection (lab stress test)"
[neighbors.ebgp-multihop.config]
enabled = true
multihop-ttl = 64
[neighbors.transport.config]
passive-mode = false
[[neighbors.afi-safis]]
[neighbors.afi-safis.config]
afi-safi-name = "ipv4-unicast"
[neighbors.afi-safis.prefix-limit.config]
max-prefixes = 2000000
shutdown-threshold-pct = 90
# --- Neighbor: PROX CORE-01 (AS65021) ---------------------------------------
# Second lab. Same IPv4-unicast-only full-table injection as the CML cores.
[[neighbors]]
[neighbors.config]
neighbor-address = "10.100.1.100"
peer-as = 65021
description = "PROX CORE-01 -- full-table injection (lab stress test)"
[neighbors.ebgp-multihop.config]
enabled = true
multihop-ttl = 64
[neighbors.transport.config]
passive-mode = false
[[neighbors.afi-safis]]
[neighbors.afi-safis.config]
afi-safi-name = "ipv4-unicast"
[neighbors.afi-safis.prefix-limit.config]
max-prefixes = 2000000
shutdown-threshold-pct = 90
# --- Neighbor: PROX CORE-02 (AS65021) ---------------------------------------
[[neighbors]]
[neighbors.config]
neighbor-address = "10.100.1.200"
peer-as = 65021
description = "PROX CORE-02 -- full-table injection (lab stress test)"
[neighbors.ebgp-multihop.config]
enabled = true
multihop-ttl = 64
[neighbors.transport.config]
passive-mode = false
[[neighbors.afi-safis]]
[neighbors.afi-safis.config]
afi-safi-name = "ipv4-unicast"
[neighbors.afi-safis.prefix-limit.config]
max-prefixes = 2000000
shutdown-threshold-pct = 90
# --- BMP export to the OpenBMP collector ------------------------------------
# GoBGP connects OUT to the collector. GoBGP's BMP config requires a literal
# IP (it cannot resolve a hostname), so we target the docker host IP where the
# collector publishes port 5000 -- stable across container recreation, unlike
# the collector's internal docker IP. Matches HOST_IP in .env.
# route-monitoring-policy = "pre-policy" exports the Adj-RIB-In (received
# routes, pre import-policy) -- consistent with the rest of the OpenBMP fleet.
[[bmp-servers]]
[bmp-servers.config]
address = "__HOST_IP__"
port = 5000
route-monitoring-policy = "pre-policy"
statistics-timeout = 3600
Reference in New Issue View Git Blame Copy Permalink