Config File

IXpect is configured using a YAML based configuration file. By default the file is loaded from /etc/ixpect/ixpect.conf.yaml and needs to comply to the IXpect configuration JSON schema:

• schema description
• ixpect.conf.schema.json

The schema is also available in the JSON Schema Store (as ixpect.conf.yaml). Most modern editors and IDEs have native support for the JSON Schema Store.

Adding the following line to the configuration file instructs editors and IDEs using the YAML Language Server to load the IXpect schema automatically:

# yaml-language-server: $schema=https://ixpect.net/0.1/schema/ixpect.conf.schema.json

Example

# yaml-language-server: $schema=https://ixpect.net/0.1/schema/ixpect.conf.schema.json

# probe configurations
probes:
  arp_bogon:
    # enable this probe
    enable: true
    # list of prefixes that are connected
    prefixes:
    - 192.0.2.0/24

  arp_neighbor:
    # enable this probe
    enable: true
    # enable learning dynamic resolutions
    dynamic_enable: true
    # list of static resolutions
    static_resolutions:
    - ip: 192.0.2.1
      mac: 00:00:5e:00:53:01
    - ip: 192.0.2.42
      mac: 00:00:5e:00:53:2a

  bum_rate:
    # enable this probe
    enable: true
    # observation time window
    window: 15s
    # absolute packet thresholds by type
    # within `window`
    thresholds:
      broadcast: 500
      multicast: 500
      unicast: 500

  ether_type:
    # enable this probe
    enable: true
    # list of expected EtherType values
    allowed_ether_types:
     - 0x0800 # IPv4
     - 0x0806 # ARP
     - 0x86dd # IPv6

  ipv6_bogon:
    # enable this probe
    enable: true
    # list of prefixes that are connected
    prefixes:
      - 2001:db8::/32
    # do not ignore fe80::/64
    #ignore_link_local: false

  ipv6_neighbor:
    # enable this probe
    enable: true
    # learn dynamic resolutions
    dynamic_enable: true
    # list of static resolutions
    static_resolutions:
    - ip: 2a02::1
      mac: 00:00:5e:00:53:01
    - ip: 2a02::2
      mac: 00:00:5e:00:53:2a

  ipv6_router:
    # enable this probe
    enable: true

  stp:
    # enable this probe
    enable: true

# event notifications
event:
  notifiers:
    email:
      # enable mail notifications
      enable: true
      # mail server setup
      smtp:
        host: mailin.example.net
      # from address
      from: noreply+ixpect@example.net
      channels:
        # send important events to the NOC
        - to:
            - alert@example.net
          events:
            - ARP_NEIGHBOR_UNKNOWN
            - IPV6_NEIGHBOR_UNKNOWN
        # catch-all
        - to:
            - bulk@example.net

    log:
      # enable event logging
      enable: true
      events:
            - ARP_NEIGHBOR_UNKNOWN
            - IPV6_NEIGHBOR_UNKNOWN

    http:
      # enable HTTP callout
      enable: true
      channels:
        # send important events to HTTP API
        - url: https://example.net/call-in/foo
          # HTTP method
          method: POST
          # HTTP content type header
          content_type: application/json
          # MiniJinja template for HTTP body
          template: custom-http.json
          # event filter
          events:
            - ARP_NEIGHBOR_UNKNOWN
            - IPV6_NEIGHBOR_UNKNOWN

    matrix:
      # enable matrix notifications
      enable: true
      channels:
          # Matrix server and access token to send messages from
        - server: https://matrix.example.net
          access_token:
            file: /run/secrets/room_access_token
          # Matrix room ID
          internal_room_id: local_room_id:server.example.net
          # event filter
          events:
            - ARP_NEIGHBOR_UNKNOWN
            - IPV6_NEIGHBOR_UNKNOWN

    slack:
      # enable Slack notifications
      enable: true
      channels:
        # Slack access details
        - webhook:
            file: /run/secrets/slack_webhook_with_secret
          # event filter
          events:
            - ARP_NEIGHBOR_UNKNOWN
            - IPV6_NEIGHBOR_UNKNOWN