It is a pain to support Docker Compose V1 and depending on the versions,
we may not have "extends" at all. This is not that difficult to install
the V2 plugin (even if this is inconvenient for it not be shipped in
Debian for example).
At first, there was a tentative to use BMP collector implementation
from bio-rd. However, this current implementation is using GoBGP
instead:
- BMP is very simple from a protocol point of view. The hard work is
mostly around decoding. Both bio-rd and GoBGP can decode, but for
testing, GoBGP is able to generate messages as well (this is its
primary purpose, I suppose parsing was done for testing purpose).
Using only one library is always better. An alternative would be
GoBMP, but it also only do parsing.
- Logging and metrics can be customized easily (but the work was done
for bio-rd, so not a real argument).
- bio-rd is an application and there is no API stability (and I did
that too)
- GoBGP supports FlowSpec, which may be useful in the future for the
DDoS part. Again, one library for everything is better (but
honestly, GoBGP as a lib is not the best part of it, maybe
github.com/jwhited/corebgp would be a better fit while keeping GoBGP
for decoding/encoding).
There was a huge effort around having a RIB which is efficient
memory-wise (data are interned to save memory), performant during
reads, while being decent during insertions. We rely on a patched
version of Kentik's Patricia trees to be able to apply mutations to
the tree.
There was several tentatives to implement some kind of graceful
restart, but ultimetaly, the design is kept simple: when a BMP
connection goes down, routes will be removed after a configurable
time. If the connection comes back up, then it is just considered new.
It would have been ideal to rely on EoR markers, but the RFC is
unclear about them, and they are likely to be per peer, making it
difficult to know what to do if one peer is back, but not the other.
Remaining tasks:
- [ ] Confirm support for LocRIB
- [ ] Import data in ClickHouse
- [ ] Make data available in the frontend
Fix#52
We did not handle all cases, notably the case where default-community
was not set explicitely by the user. This seems a lot of code for
little gain, let's keep things simple.
Also propagate this rename to configuration and code. It makes easier
to understand the purpose of such a command in the provided
`docker-compose` file.
When the inlet container starts, there is a race condition between the
moment Docker sets up a competing listening socket on the host to
ensure the port is free and the moment it sets up the NAT rules. If
packets are received during this interval, a conntrack entry is
created and the NAT rule is ignored. These entries need to be flushed.
Docker tries to do that but is not very successful. The service watch
docker events and flush the needed conntrack entries when the
container starts.
