commit 25b963a07dec86f9fb8a892f7f6736dc3a77d2fb Author: s3lph Date: Sun Dec 10 02:52:44 2023 +0100 feat: initial commit diff --git a/README.md b/README.md new file mode 100644 index 0000000..b37ba12 --- /dev/null +++ b/README.md @@ -0,0 +1,40 @@ +# routing-lab + +Hi, this is [me](https://s3lph.me) getting some hands-on experience with routing protocols by building a small docker-compose based lab environment. + +> [!IMPORTANT] +> This lab environment uses IPv6 **exclusively**. +> [IPv6 support](https://docs.docker.com/config/daemon/ipv6/) **must** be enabled in Docker beforehand! + +## Network Architecture + +- There are 3 AS: AS23, AS42 and AS1337 +- Each pair of AS' has its own direct interconnect in a dedicated docker network. + - Exception: There are two AS23-AS42 interconnects, each in its own docker network. + - The IP range used in each interconnect is `fd00:d0ca::::/64`, where AS1337 uses `13` instead. `` is the interconnect ID (as there's tw between AS23 and AS42). + +## eBGP + +- Each AS runs an OpenBGPD router for eBGP peering. +- An [alice-lg](https://github.com/alice-lg/alice-lg) looking class connecting to all 3 BGP routers is started on [http://localhost:7340](http://localhost:7340). +- Each AS announces the `fd00:d0ca::1::/64` prefix. + + +Example: traceroute from AS42 eBGP router to AS23 eBGP router: When the link is taken offline, the traffic is routed via AS1337 instead: + +```shell-session +routing-lab-as42-1:/ # traceroute fd00:d0ca:23:1::10 +traceroute to fd00:d0ca:23:1::10 (fd00:d0ca:23:1::10), 30 hops max, 72 byte packets + 1 fd00:d0ca:23:1::10 (fd00:d0ca:23:1::10) 0.022 ms 0.016 ms 0.014 ms +routing-lab-as42-1:/ # bgpctl -s /run/bgpd.sock.42 neigh as23_1 down +request processed +routing-lab-as42-1:/ # traceroute fd00:d0ca:23:1::10 +traceroute to fd00:d0ca:23:1::10 (fd00:d0ca:23:1::10), 30 hops max, 72 byte packets + 1 routing-lab-as1337-1.routing-lab_as42_as1337_1 (fd00:d0ca:4213:1::1337) 0.059 ms 0.016 ms 0.020 ms + 2 fd00:d0ca:23:1::10 (fd00:d0ca:23:1::10) 0.031 ms 0.019 ms 0.017 ms +routing-lab-as42-1:/ # bgpctl -s /run/bgpd.sock.42 neigh as23_1 up +request processed +routing-lab-as42-1:/ # traceroute fd00:d0ca:23:1::10 +traceroute to fd00:d0ca:23:1::10 (fd00:d0ca:23:1::10), 30 hops max, 72 byte packets + 1 fd00:d0ca:23:1::10 (fd00:d0ca:23:1::10) 0.017 ms 0.018 ms 0.018 ms +``` diff --git a/alice-lg/Dockerfile b/alice-lg/Dockerfile new file mode 100644 index 0000000..1dc5a3f --- /dev/null +++ b/alice-lg/Dockerfile @@ -0,0 +1,14 @@ +FROM debian:bookworm AS builder + +RUN apt update \ + && apt install --yes curl jq \ + && curl https://api.github.com/repos/alice-lg/alice-lg/releases \ + | jq -r '.[0].assets[] | select(.name | test("alice-lg_.*_linux_x86_64.tar.gz")).browser_download_url' | xargs curl -L -o /tmp/alice-lg.tar.gz \ + && tar -C /bin -xf /tmp/alice-lg.tar.gz alice-lg \ + && chmod +x /bin/alice-lg + +FROM scratch +COPY --from=builder /bin/alice-lg /bin/alice-lg +ADD alice.conf /etc/alice-lg/alice.conf +EXPOSE 3000 7340 +ENTRYPOINT ["/bin/alice-lg", "-config", "/etc/alice-lg/alice.conf"] diff --git a/alice-lg/alice.conf b/alice-lg/alice.conf new file mode 100644 index 0000000..2316507 --- /dev/null +++ b/alice-lg/alice.conf @@ -0,0 +1,24 @@ +[server] +listen_http = [::]:7340 + + + +[source.as23] +name = AS 23 + +[source.as23.openbgpd-bgplgd] +api = http://[fd00:d0ca:23:1::10]:9099/ + + +[source.as42] +name = AS 42 + +[source.as42.openbgpd-bgplgd] +api = http://[fd00:d0ca:42:1::10]:9099/ + + +[source.as1337] +name = AS 1337 + +[source.as1337.openbgpd-bgplgd] +api = http://[fd00:d0ca:42:1::10]:9099/ \ No newline at end of file diff --git a/as1337/conf/bgpd.conf b/as1337/conf/bgpd.conf new file mode 100644 index 0000000..8111393 --- /dev/null +++ b/as1337/conf/bgpd.conf @@ -0,0 +1,29 @@ + +AS 1337 +socket "/run/bgpd.sock.1337" + +prefix-set mynetworks { + fd00:d0ca:1337:1::/64 +} + +network prefix-set mynetworks + +neighbor fd00:d0ca:2313:1::23 { + remote-as 23 + descr "as23_1" + multihop 10 + announce IPv6 unicast +} + +neighbor fd00:d0ca:4213:1::42 { + remote-as 42 + descr "as42_1" + multihop 10 +} + +#allow to ebgp prefix-set mynetworks +allow to ebgp +allow from ebgp + +# restricted bgpd socket for bgplgd +socket "/run/bgpd/bgpd.rsock" restricted diff --git a/as23/conf/bgpd.conf b/as23/conf/bgpd.conf new file mode 100644 index 0000000..9f1d4af --- /dev/null +++ b/as23/conf/bgpd.conf @@ -0,0 +1,34 @@ + +AS 23 +socket "/run/bgpd.sock.23" + +prefix-set mynetworks { + fd00:d0ca:23:1::/64 +} + +network prefix-set mynetworks + +neighbor fd00:d0ca:2342:1::42 { + remote-as 42 + descr "as42_1" + multihop 10 +} + +#neighbor fd00:d0ca:2342:2::42 { +# remote-as 42 +# descr "as42_2" +# multihop 20 +#} + +neighbor fd00:d0ca:2313:1::1337 { + remote-as 1337 + descr "as1337_1" + multihop 10 +} + +#allow to ebgp prefix-set mynetworks +allow to ebgp +allow from ebgp + +# restricted bgpd socket for bgplgd +socket "/run/bgpd/bgpd.rsock" restricted diff --git a/as42/conf/bgpd.conf b/as42/conf/bgpd.conf new file mode 100644 index 0000000..4ecfed9 --- /dev/null +++ b/as42/conf/bgpd.conf @@ -0,0 +1,34 @@ + +AS 42 +socket "/run/bgpd.sock.42" + +prefix-set mynetworks { + fd00:d0ca:42:1::/64 +} + +network prefix-set mynetworks + +neighbor fd00:d0ca:2342:1::23 { + remote-as 23 + descr "as23_1" + multihop 20 +} + +#neighbor fd00:d0ca:2342:2::23 { +# remote-as 23 +# descr "as23_2" +# multihop 10 +#} + +neighbor fd00:d0ca:4213:1::1337 { + remote-as 1337 + descr "as1337_1" + multihop 10 +} + +#allow to ebgp prefix-set mynetworks +allow to ebgp +allow from ebgp + +# restricted bgpd socket for bgplgd +socket "/run/bgpd/bgpd.rsock" restricted diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..2151783 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,124 @@ +--- + +networks: + + as23_1: + driver: bridge + enable_ipv6: true + ipam: + config: + - subnet: fd00:d0ca:23:1::/64 + ip_range: fd00:d0ca:23:1::/96 + + as42_1: + driver: bridge + enable_ipv6: true + ipam: + config: + - subnet: fd00:d0ca:42:1::/64 + ip_range: fd00:d0ca:42:1::/96 + + as1337_1: + driver: bridge + enable_ipv6: true + ipam: + config: + - subnet: fd00:d0ca:1337:1::/64 + ip_range: fd00:d0ca:1337:1::/96 + + as23_as42_1: + driver: bridge + enable_ipv6: true + ipam: + config: + - subnet: fd00:d0ca:2342:1::/64 + ip_range: fd00:d0ca:2342:1::/96 + + as23_as42_2: + driver: bridge + enable_ipv6: true + ipam: + config: + - subnet: fd00:d0ca:2342:2::/64 + ip_range: fd00:d0ca:2342:2::/96 + + as23_as1337_1: + driver: bridge + enable_ipv6: true + ipam: + config: + - subnet: fd00:d0ca:2313:1::/64 + ip_range: fd00:d0ca:2313:1::/96 + + as42_as1337_1: + driver: bridge + enable_ipv6: true + ipam: + config: + - subnet: fd00:d0ca:4213:1::/64 + ip_range: fd00:d0ca:4213:1::/96 + + +services: + + as23: + image: docker.io/openbgpd/openbgpd + volumes: + - ./as23/conf:/etc/bgpd + - ./as23/rpki:/var/lib/rpki-client + - ./as23/run:/run/bgpd + sysctls: + - net.ipv6.conf.all.forwarding=1 + cap_add: + - NET_ADMIN + networks: + as23_1: + ipv6_address: fd00:d0ca:23:1::10 + as23_as42_1: + ipv6_address: fd00:d0ca:2342:1::23 + as23_as42_2: + ipv6_address: fd00:d0ca:2342:2::23 + as23_as1337_1: + ipv6_address: fd00:d0ca:2313:1::23 + + as42: + image: docker.io/openbgpd/openbgpd + volumes: + - ./as42/conf:/etc/bgpd + - ./as42/rpki:/var/lib/rpki-client + - ./as42/run:/run/bgpd + sysctls: + - net.ipv6.conf.all.forwarding=1 + cap_add: + - NET_ADMIN + networks: + as42_1: + ipv6_address: fd00:d0ca:42:1::10 + as23_as42_1: + ipv6_address: fd00:d0ca:2342:1::42 + as23_as42_2: + ipv6_address: fd00:d0ca:2342:2::42 + as42_as1337_1: + ipv6_address: fd00:d0ca:4213:1::42 + + as1337: + image: docker.io/openbgpd/openbgpd + volumes: + - ./as1337/conf:/etc/bgpd + - ./as1337/rpki:/var/lib/rpki-client + - ./as1337/run:/run/bgpd + sysctls: + - net.ipv6.conf.all.forwarding=1 + cap_add: + - NET_ADMIN + networks: + as1337_1: + ipv6_address: fd00:d0ca:1337:1::10 + as23_as1337_1: + ipv6_address: fd00:d0ca:2313:1::1337 + as42_as1337_1: + ipv6_address: fd00:d0ca:4213:1::1337 + + alice-lg: + build: ./alice-lg + network_mode: host