name: rtbh
mgmt:
  network: fixedips
  ipv4-subnet: 172.100.100.0/24
  ipv6-subnet: 2001:172:100:100::/80
topology:
  nodes:
    pe-router:
      kind: linux
      image: frrouting/frr:v8.2.2
      mgmt-ipv4: 172.100.100.2
      mgmt-ipv6: 2001:172:100:100::2
      binds:
      - ./pe-router/daemons:/etc/frr/daemons
      - ./pe-router/frr.conf:/etc/frr/frr.conf
      - ./pe-router/vtysh.conf:/etc/frr/vtysh.conf
      labels:
        graph-level: 1
    ce-router:
      kind: linux
      image: netreplica/frr-sflow:v8.2.2
      mgmt-ipv4: 172.100.100.3
      mgmt-ipv6: 2001:172:100:100::3
      binds:
      - ./ce-router/daemons:/etc/frr/daemons
      - ./ce-router/frr.conf:/etc/frr/frr.conf
      - ./ce-router/vtysh.conf:/etc/frr/vtysh.conf
      - ./ce-router/hsflowd.conf:/etc/hsflowd.conf
      env:
        COLLECTOR: yes
      exec:
        - touch /tmp/initialized
      labels:
        graph-level: 1
    ixia:
      kind: keysight_ixia-c-one
      image: ghcr.io/open-traffic-generator/ixia-c-one:0.1.0-3
      mgmt-ipv4: 172.100.100.10
      mgmt-ipv6: 2001:172:100:100::10
      exec:
        - sh -c './ifcfg add eth1 198.51.100.2 24 >/dev/null'
        - sh -c './ifcfg add eth2 192.0.2.2 24 >/dev/null'
        - sh -c './ifcfg add eth2 192.0.2.201 24 >/dev/null'
        - sh -c './ifcfg add eth2 192.0.2.202 24 >/dev/null'
      labels:
        graph-icon: cloud
        graph-mode: port
        graph-level: 2
    gosnappi:
      kind: linux
      image: gosnappi:local
      mgmt-ipv4: 172.100.100.101
      mgmt-ipv6: 2001:172:100:100::101
      binds:
        - .:/otg
      labels:
        graph-hide: yes
    controller:
      kind: linux
      image: sflow/ddos-protect
      mgmt-ipv4: 172.100.100.6
      mgmt-ipv6: 2001:172:100:100::6
      env:
        CLAB_SSH_CONNECTION: ${SSH_CONNECTION}
        RTPROP: >
          -Dddos_protect.as=64497
          -Dddos_protect.nexthop=203.0.113.2
          -Dddos_protect.enable.flowspec=yes
          -Dddos_protect.router=172.100.100.3
          -Dddos_protect.group.local=192.0.2.0/24
          -Dddos_protect.mode=automatic
          -Dddos_protect.icmp_flood.action=filter
          -Dddos_protect.icmp_flood.threshold=20000
          -Dddos_protect.icmp_flood.timeout=1
          -Dddos_protect.ip_flood.action=drop
          -Dddos_protect.ip_flood.threshold=8000
          -Dddos_protect.ip_flood.timeout=1
          -Dddos_protect.ip_fragmentation.action=filter
          -Dddos_protect.ip_fragmentation.threshold=20000
          -Dddos_protect.ip_fragmentation.timeout=1
          -Dddos_protect.tcp_amplification.action=filter
          -Dddos_protect.tcp_amplification.threshold=20000
          -Dddos_protect.tcp_amplification.timeout=1
          -Dddos_protect.tcp_flood.action=filter
          -Dddos_protect.tcp_flood.threshold=20000
          -Dddos_protect.tcp_flood.timeout=1
          -Dddos_protect.udp_amplification.action=filter
          -Dddos_protect.udp_amplification.threshold=20000
          -Dddos_protect.udp_amplification.timeout=1
          -Dddos_protect.udp_flood.action=filter
          -Dddos_protect.udp_flood.threshold=20000
          -Dddos_protect.udp_flood.timeout=1
      ports:
        - 8008:8008
      binds:
        - ./sflow/sflow_url.sh:/sflow-rt/sflow_url.sh:ro
      exec:
        - sh -c '/sflow-rt/sflow_url.sh 8008'
      labels:
        graph-icon: server
    graphite:
      kind: linux
      image: netreplica/graphite:latest
      mgmt-ipv4: 172.100.100.102
      mgmt-ipv6: 2001:172:100:100::102
      env:
        CLAB_SSH_CONNECTION: ${SSH_CONNECTION}
      binds:
        - __clabDir__/topology-data.json:/htdocs/default/default.json:ro
      ports:
        - 8080:80
      exec:
        - sh -c 'graphite_motd.sh 8080'
      labels:
        graph-hide: yes
  links:
    - endpoints: ["pe-router:eth1","ce-router:eth1"]
    - endpoints: ["pe-router:eth2","ixia:eth1"]
    - endpoints: ["ce-router:eth2","ixia:eth2"]