Bird monitoring

Dockerfile.bird

@@ -36,4 +36,4 @@ RUN cd bird-2.0.7 && \
     make && \
     make install
 
-CMD bird -c /etc/bird/bird.conf -d
+CMD bird -s /var/run/bird/bird.ctl -c /etc/bird/bird.conf -d

README.md

@@ -122,6 +122,7 @@ default         172.31.8.1      0.0.0.0         UG    202    0        0 eth0
 #### Tinc options
  * `network_name` - The name of the interface that Tinc should create when it's started.  Defaults to `lixonet`.  Set this for multiple networks.
  * `tinc_bind_address` - The address that Tinc should bind to to _listen_ for incoming WAN-sided connections (i.e. 10.0.0.1).  This is _not_ the Lixonet router IP (i.e. 172.31.0.8).  Use this if you have an `eth1` that you _don't_ want to use for binding tinc to, and would prefer to bind tinc exclusivley to `eth0` instead.
+ * `tinc_bind_port` - The Tinc server port to listen on.  Defaults to `9994`.
  * `tinc_connect_to` - A comma-separated list of well-known/pre-defined hosts to connect to (i.e. `denco_mane_lixo`).  If not supplied, this is automatically set to all core routers that aren't yourself (`name`).
 
 #### BGP options
@@ -161,4 +162,4 @@ These settings are optional, and are already defaulted to general network common
 You should **no longer** need to run `build.sh` directly.  Instead, use a "self-configuring" Docker container to make your life easier.
 
 1. On the cloned repository, run `docker build -t lixonet-ee .`
-2. Run `docker run -it -v /etc/bird:/etc/bird/ -v /etc/tinc:/etc/tinc -v /etc/bind:/etc/bind -v /etc/lixonet:/etc/lixonet -v /var/run/docker.sock:/var/run/docker.sock lixonet-ee`
+2. Run `docker run -it -v /etc/bird:/etc/bird/ -v /etc/tinc:/etc/tinc -v /etc/bind:/etc/bind -v /etc/lixonet:/etc/lixonet -v /var/run/docker.sock:/var/run/docker.sock lixonet-ee`

bind/named.conf.tmpl

@@ -10,7 +10,7 @@ acl "lixonet_local" {
 options {
     directory "/var/cache/bind";
     
-    listen-on { ${tinc_peer_address}; };
+    listen-on { any; };
     
     forward only;
     forwarders { ${bind_forward_address-"${internal_gateway}"}; };

bird/bird.conf.tmpl

@@ -13,6 +13,7 @@
 log stderr all;         # Using docker; defer logging to stderr (to Docker logs)
 #debug protocols all;    # Enable debugging (this should be switched off in prod)
 router id ${tinc_peer_address};
+timeformat protocol     iso long; # See: https://github.com/czerwonk/bird_exporter
 
 # Custom routing tables
 # See: https://bird.network.cz/?get_doc&v=20&f=bird-2.html (recommended read)
@@ -167,6 +168,15 @@ protocol kernel {               # Primary routing table
     };
 };
 
+# BFD
+protocol bfd {
+    interface "${network_name:-lixonet}" {
+        min rx interval 20 ms;
+        min tx interval 250 ms;
+        idle tx interval 300 ms;
+    };
+};
+
 # BGP (primary Lixonet routing protocol)
 # This is a template to use when connecting to other BGP clients on the EE network
 # This template is applied to ALL neighbors, so consider these global settings that
@@ -181,6 +191,9 @@ template bgp lixonet_client {
 
     path metric ${bgp_path_metric:-1}; # 1 = Prefer routes with shorter paths (like Cisco does)
 
+    # Turn on BFD (bidirectional forwarding detection)
+    bfd on;
+
     # BGP channels
     # See: Channel configuration (BIRD BGP configuration) and the table shown there.
 

build.sh

@@ -59,6 +59,9 @@ do
     #  Copy all tinc default files to /etc/(tinc)
     find tinc -type d | sed -e "s@tinc@tinc/${netname}@g" | xargs -I '{}' mkdir --verbose -p /etc/{}
     find tinc -type f | sed -e "s@tinc/@@g" | xargs -I '{}' cp --verbose tinc/{} /etc/tinc/$netname/{}
+    #  Build list of all peer IP addresses
+    tinc_peers=$(cat /etc/tinc/$netname/hosts/* | grep 'Subnet' | grep '/32' | grep -oE '((1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])' | sed -e ':a;N;$!ba;s/\n/,/g')
+    sigil_vars=$(echo "$sigil_vars tinc_peers=$tinc_peers")
     #  Fill out templates and remove them after
     process_templates "/etc/tinc/$netname/" "$sigil_vars"
     #  Copy private key
@@ -87,8 +90,8 @@ do
     #  Fill out templates and remove them after
     process_templates "/etc/bind/$netname/" "$sigil_vars"
 
-    echo "COMPOSE_PROJECT_NAME=$netname" > .env
-    docker-compose -p $netname up -d --build
+    printf "COMPOSE_PROJECT_NAME=$netname\nBIND_ADDRESS=$tinc_peer_address" > .env
+    docker-compose -p $netname up -d --build --remove-orphans
     rm .env
 
     # Pop directory

docker-compose.yml

@@ -6,8 +6,8 @@ services:
       context: .
       dockerfile: Dockerfile.tinc
     ports:
-      - "655:655/tcp"
-      - "655:655/udp"
+      - "${BIND_ADDRESS}:655:655/tcp"
+      - "${BIND_ADDRESS}:655:655/udp"
     volumes:
       - /etc/tinc/${COMPOSE_PROJECT_NAME}:/etc/tinc/${COMPOSE_PROJECT_NAME}
     environment:
@@ -20,26 +20,51 @@ services:
     restart: always
   bird:
     network_mode: host
+    depends_on:
+      - tinc
     build:
       context: .
       dockerfile: Dockerfile.bird
     ports:
-      - "179:179/tcp"
+      - "${BIND_ADDRESS}:179:179/tcp"
     volumes:
       - /etc/bird/${COMPOSE_PROJECT_NAME}/:/etc/bird/
+      - bird-run:/var/run/bird/
     cap_add:
       - NET_ADMIN
     restart: always
   bind:
-    network_mode: host
     depends_on:
       - tinc
     build:
       context: .
       dockerfile: Dockerfile.bind
     ports:
-      - "53:53/udp"
-      - "53:53/tcp"
+      - "${BIND_ADDRESS}:53:53/udp"
+      - "${BIND_ADDRESS}:53:53/tcp"
     volumes:
       - /etc/bind/${COMPOSE_PROJECT_NAME}/:/etc/bind/
     restart: always
+  bird_exporter:
+    image: czerwonk/bird_exporter
+    command: '-bird.v2=true -bird.socket=/var/run/bird/bird.ctl'
+    depends_on:
+      - bird
+    ports:
+      - "${BIND_ADDRESS}:9324:9324/tcp"
+    volumes:
+      - bird-run:/var/run/bird/
+    restart: always
+  ping_exporter:
+    image: czerwonk/ping_exporter
+    command: './ping_exporter --config.path /pinger.yml'
+    depends_on:
+      - tinc
+    ports:
+      - "${BIND_ADDRESS}:9427:9427/tcp"
+    volumes:
+      - /etc/tinc/${COMPOSE_PROJECT_NAME}/pinger.yml:/pinger.yml
+    restart: always
+
+volumes:
+  bird-run:

tinc/pinger.yml.tmpl

@@ -0,0 +1,14 @@
+targets:
+{{ if len "${tinc_peers:-}" }}{{ range "$tinc_peers" | split "," }}{{ if ne . "${tinc_peer_address}" }}  - {{ . }}
+{{ end }}{{ end }}{{ end }}
+
+dns:
+  refresh: 2m15s
+  nameserver: ${tinc_peer_address}
+
+ping:
+  interval: 2s
+  timeout: 3s
+  history-size: 42
+  payload-size: 32
+