feat: initial commit

README.md

@@ -0,0 +1,40 @@
+# routing-lab
+
+Hi, this is [me](https://s3lph.me) getting some hands-on experience with routing protocols by building a small docker-compose based lab environment.
+
+> [!IMPORTANT]
+> This lab environment uses IPv6 **exclusively**.
+> [IPv6 support](https://docs.docker.com/config/daemon/ipv6/) **must** be enabled in Docker beforehand!
+
+## Network Architecture
+
+- There are 3 AS: AS23, AS42 and AS1337
+- Each pair of AS' has its own direct interconnect in a dedicated docker network.
+  - Exception: There are two AS23-AS42 interconnects, each in its own docker network.
+  - The IP range used in each interconnect is `fd00:d0ca:<ASN1><ASN2>:<IC#>::/64`, where AS1337 uses `13` instead.  `<IC#>` is the interconnect ID (as there's tw between AS23 and AS42).
+
+## eBGP
+
+- Each AS runs an OpenBGPD router for eBGP peering.
+- An [alice-lg](https://github.com/alice-lg/alice-lg) looking class connecting to all 3 BGP routers is started on [http://localhost:7340](http://localhost:7340).
+- Each AS announces the `fd00:d0ca:<ASN>:1::/64` prefix.
+
+
+Example: traceroute from AS42 eBGP router to AS23 eBGP router: When the link is taken offline, the traffic is routed via AS1337 instead:
+
+```shell-session
+routing-lab-as42-1:/ # traceroute fd00:d0ca:23:1::10
+traceroute to fd00:d0ca:23:1::10 (fd00:d0ca:23:1::10), 30 hops max, 72 byte packets
+ 1  fd00:d0ca:23:1::10 (fd00:d0ca:23:1::10)  0.022 ms  0.016 ms  0.014 ms
+routing-lab-as42-1:/ # bgpctl -s /run/bgpd.sock.42 neigh as23_1 down
+request processed
+routing-lab-as42-1:/ # traceroute fd00:d0ca:23:1::10
+traceroute to fd00:d0ca:23:1::10 (fd00:d0ca:23:1::10), 30 hops max, 72 byte packets
+ 1  routing-lab-as1337-1.routing-lab_as42_as1337_1 (fd00:d0ca:4213:1::1337)  0.059 ms  0.016 ms  0.020 ms
+ 2  fd00:d0ca:23:1::10 (fd00:d0ca:23:1::10)  0.031 ms  0.019 ms  0.017 ms
+routing-lab-as42-1:/ # bgpctl -s /run/bgpd.sock.42 neigh as23_1 up
+request processed
+routing-lab-as42-1:/ # traceroute fd00:d0ca:23:1::10
+traceroute to fd00:d0ca:23:1::10 (fd00:d0ca:23:1::10), 30 hops max, 72 byte packets
+ 1  fd00:d0ca:23:1::10 (fd00:d0ca:23:1::10)  0.017 ms  0.018 ms  0.018 ms
+```

alice-lg/Dockerfile

@@ -0,0 +1,14 @@
+FROM debian:bookworm AS builder
+
+RUN apt update \
+    && apt install --yes curl jq \
+    && curl https://api.github.com/repos/alice-lg/alice-lg/releases \
+    | jq -r '.[0].assets[] | select(.name | test("alice-lg_.*_linux_x86_64.tar.gz")).browser_download_url' | xargs curl -L -o /tmp/alice-lg.tar.gz \
+    && tar -C /bin -xf /tmp/alice-lg.tar.gz alice-lg \
+    && chmod +x /bin/alice-lg
+
+FROM scratch
+COPY --from=builder /bin/alice-lg /bin/alice-lg
+ADD alice.conf /etc/alice-lg/alice.conf
+EXPOSE 3000 7340
+ENTRYPOINT ["/bin/alice-lg", "-config", "/etc/alice-lg/alice.conf"]

alice-lg/alice.conf

@@ -0,0 +1,24 @@
+[server]
+listen_http = [::]:7340
+
+
+
+[source.as23]
+name = AS 23
+
+[source.as23.openbgpd-bgplgd]
+api = http://[fd00:d0ca:23:1::10]:9099/
+
+
+[source.as42]
+name = AS 42
+
+[source.as42.openbgpd-bgplgd]
+api = http://[fd00:d0ca:42:1::10]:9099/
+
+
+[source.as1337]
+name = AS 1337
+
+[source.as1337.openbgpd-bgplgd]
+api = http://[fd00:d0ca:42:1::10]:9099/

as1337/conf/bgpd.conf

@@ -0,0 +1,29 @@
+
+AS 1337
+socket "/run/bgpd.sock.1337"
+
+prefix-set mynetworks {
+  fd00:d0ca:1337:1::/64
+}
+
+network prefix-set mynetworks
+
+neighbor fd00:d0ca:2313:1::23 {
+  remote-as 23
+  descr "as23_1"
+  multihop 10
+  announce IPv6 unicast
+}
+
+neighbor fd00:d0ca:4213:1::42 {
+  remote-as 42
+  descr "as42_1"
+  multihop 10
+}
+
+#allow to ebgp prefix-set mynetworks
+allow to ebgp
+allow from ebgp
+
+# restricted bgpd socket for bgplgd
+socket "/run/bgpd/bgpd.rsock" restricted

as23/conf/bgpd.conf

@@ -0,0 +1,34 @@
+
+AS 23
+socket "/run/bgpd.sock.23"
+
+prefix-set mynetworks {
+  fd00:d0ca:23:1::/64
+}
+
+network prefix-set mynetworks
+
+neighbor fd00:d0ca:2342:1::42 {
+  remote-as 42
+  descr "as42_1"
+  multihop 10
+}
+
+#neighbor fd00:d0ca:2342:2::42 {
+#  remote-as 42
+#  descr "as42_2"
+#  multihop 20
+#}
+
+neighbor fd00:d0ca:2313:1::1337 {
+  remote-as 1337
+  descr "as1337_1"
+  multihop 10
+}
+
+#allow to ebgp prefix-set mynetworks
+allow to ebgp
+allow from ebgp
+
+# restricted bgpd socket for bgplgd
+socket "/run/bgpd/bgpd.rsock" restricted

as42/conf/bgpd.conf

@@ -0,0 +1,34 @@
+
+AS 42
+socket "/run/bgpd.sock.42"
+
+prefix-set mynetworks {
+  fd00:d0ca:42:1::/64
+}
+
+network prefix-set mynetworks
+
+neighbor fd00:d0ca:2342:1::23 {
+  remote-as 23
+  descr "as23_1"
+  multihop 20
+}
+
+#neighbor fd00:d0ca:2342:2::23 {
+#  remote-as 23
+#  descr "as23_2"
+#  multihop 10
+#}
+
+neighbor fd00:d0ca:4213:1::1337 {
+  remote-as 1337
+  descr "as1337_1"
+  multihop 10
+}
+
+#allow to ebgp prefix-set mynetworks
+allow to ebgp
+allow from ebgp
+
+# restricted bgpd socket for bgplgd
+socket "/run/bgpd/bgpd.rsock" restricted

docker-compose.yml

@@ -0,0 +1,124 @@
+---
+
+networks:
+
+  as23_1:
+    driver: bridge
+    enable_ipv6: true
+    ipam:
+      config:
+        - subnet: fd00:d0ca:23:1::/64
+          ip_range: fd00:d0ca:23:1::/96
+
+  as42_1:
+    driver: bridge
+    enable_ipv6: true
+    ipam:
+      config:
+        - subnet: fd00:d0ca:42:1::/64
+          ip_range: fd00:d0ca:42:1::/96
+
+  as1337_1:
+    driver: bridge
+    enable_ipv6: true
+    ipam:
+      config:
+        - subnet: fd00:d0ca:1337:1::/64
+          ip_range: fd00:d0ca:1337:1::/96
+
+  as23_as42_1:
+    driver: bridge
+    enable_ipv6: true
+    ipam:
+      config:
+        - subnet: fd00:d0ca:2342:1::/64
+          ip_range: fd00:d0ca:2342:1::/96
+          
+  as23_as42_2:
+    driver: bridge
+    enable_ipv6: true
+    ipam:
+      config:
+        - subnet: fd00:d0ca:2342:2::/64
+          ip_range: fd00:d0ca:2342:2::/96
+          
+  as23_as1337_1:
+    driver: bridge
+    enable_ipv6: true
+    ipam:
+      config:
+        - subnet: fd00:d0ca:2313:1::/64
+          ip_range: fd00:d0ca:2313:1::/96
+          
+  as42_as1337_1:
+    driver: bridge
+    enable_ipv6: true
+    ipam:
+      config:
+        - subnet: fd00:d0ca:4213:1::/64
+          ip_range: fd00:d0ca:4213:1::/96
+
+
+services:
+
+  as23:
+    image: docker.io/openbgpd/openbgpd
+    volumes:
+      - ./as23/conf:/etc/bgpd
+      - ./as23/rpki:/var/lib/rpki-client
+      - ./as23/run:/run/bgpd
+    sysctls:
+      - net.ipv6.conf.all.forwarding=1
+    cap_add:
+      - NET_ADMIN
+    networks:
+      as23_1:
+        ipv6_address: fd00:d0ca:23:1::10
+      as23_as42_1:
+        ipv6_address: fd00:d0ca:2342:1::23
+      as23_as42_2:
+        ipv6_address: fd00:d0ca:2342:2::23
+      as23_as1337_1:
+        ipv6_address: fd00:d0ca:2313:1::23
+
+  as42:
+    image: docker.io/openbgpd/openbgpd
+    volumes:
+      - ./as42/conf:/etc/bgpd
+      - ./as42/rpki:/var/lib/rpki-client
+      - ./as42/run:/run/bgpd
+    sysctls:
+      - net.ipv6.conf.all.forwarding=1
+    cap_add:
+      - NET_ADMIN
+    networks:
+      as42_1:
+        ipv6_address: fd00:d0ca:42:1::10
+      as23_as42_1:
+        ipv6_address: fd00:d0ca:2342:1::42
+      as23_as42_2:
+        ipv6_address: fd00:d0ca:2342:2::42
+      as42_as1337_1:
+        ipv6_address: fd00:d0ca:4213:1::42
+
+  as1337:
+    image: docker.io/openbgpd/openbgpd
+    volumes:
+      - ./as1337/conf:/etc/bgpd
+      - ./as1337/rpki:/var/lib/rpki-client
+      - ./as1337/run:/run/bgpd
+    sysctls:
+      - net.ipv6.conf.all.forwarding=1
+    cap_add:
+      - NET_ADMIN
+    networks:
+      as1337_1:
+        ipv6_address: fd00:d0ca:1337:1::10
+      as23_as1337_1:
+        ipv6_address: fd00:d0ca:2313:1::1337
+      as42_as1337_1:
+        ipv6_address: fd00:d0ca:4213:1::1337
+
+  alice-lg:
+    build: ./alice-lg
+    network_mode: host