diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index a9892eb23..8fb794a68 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -13,7 +13,7 @@ on: env: GOVER: 1.20.2 CGO_ENABLED: 0 - MKDOCS_INS_VER: 9.0.13-insiders-4.32.0-hellt + MKDOCS_INS_VER: 9.1.4-insiders-4.32.4-hellt GORELEASER_VER: v1.11.4 PODMAN_VER: v4.4.2 diff --git a/Makefile b/Makefile index 73e1f4e90..74e05f818 100644 --- a/Makefile +++ b/Makefile @@ -1,9 +1,9 @@ BIN_DIR = $(CURDIR)/bin BINARY = $(CURDIR)/bin/containerlab -MKDOCS_VER = 9.0.13 +MKDOCS_VER = 9.1.4 # insiders version/tag https://github.com/srl-labs/mkdocs-material-insiders/pkgs/container/mkdocs-material-insiders # make sure to also change the mkdocs version in actions' cicd.yml and force-build.yml files -MKDOCS_INS_VER = 9.0.13-insiders-4.32.0-hellt +MKDOCS_INS_VER = 9.1.4-insiders-4.32.4-hellt DATE := $(shell date) COMMIT_HASH := $(shell git rev-parse --short HEAD) diff --git a/README.md b/README.md index 5e6c5dbc5..8229920b9 100644 --- a/README.md +++ b/README.md @@ -33,6 +33,7 @@ In addition to native containerized NOSes, containerlab can launch traditional v * [Nokia virtual SR OS (vSim/VSR)](https://containerlab.dev/manual/kinds/vr-sros/) * [Juniper vMX](https://containerlab.dev/manual/kinds/vr-vmx/) * [Juniper vQFX](https://containerlab.dev/manual/kinds/vr-vqfx/) +* [Juniper vSRX](https://containerlab.dev/manual/kinds/vr-vsrx/) * [Cisco IOS XRv9k](https://containerlab.dev/manual/kinds/vr-xrv9k/) * [Cisco Nexus 9000v](https://containerlab.dev/manual/kinds/vr-n9kv) * [Cisco CSR 1000v](https://containerlab.dev/manual/kinds/vr-csr) diff --git a/clab/register.go b/clab/register.go index cd316c431..7f2a07901 100644 --- a/clab/register.go +++ b/clab/register.go @@ -31,6 +31,7 @@ import ( vr_veos "github.com/srl-labs/containerlab/nodes/vr_veos" vr_vmx "github.com/srl-labs/containerlab/nodes/vr_vmx" vr_vqfx "github.com/srl-labs/containerlab/nodes/vr_vqfx" + vr_vsrx "github.com/srl-labs/containerlab/nodes/vr_vsrx" vr_xrv "github.com/srl-labs/containerlab/nodes/vr_xrv" vr_xrv9k "github.com/srl-labs/containerlab/nodes/vr_xrv9k" xrd "github.com/srl-labs/containerlab/nodes/xrd" @@ -60,6 +61,7 @@ func (c *CLab) RegisterNodes() { vr_sros.Register(c.Reg) vr_veos.Register(c.Reg) vr_vmx.Register(c.Reg) + vr_vsrx.Register(c.Reg) vr_vqfx.Register(c.Reg) vr_xrv.Register(c.Reg) vr_xrv9k.Register(c.Reg) diff --git a/cmd/generate.go b/cmd/generate.go index 70a8dffa3..f90d57ce1 100644 --- a/cmd/generate.go +++ b/cmd/generate.go @@ -28,6 +28,7 @@ var interfaceFormat = map[string]string{ "bridge": "veth%d", "vr-sros": "eth%d", "vr-vmx": "eth%d", + "vr-vsrx": "eth%d", "vr-vqfx": "eth%d", "vr-xrv9k": "eth%d", "vr-veos": "eth%d", @@ -37,7 +38,7 @@ var interfaceFormat = map[string]string{ var supportedKinds = []string{ "srl", "ceos", "linux", "bridge", "sonic-vs", "crpd", "vr-sros", - "vr-vmx", "vr-vqfx", "vr-xrv9k", "vr-veos", "xrd", "rare", + "vr-vmx", "vr-vsrx", "vr-vqfx", "vr-xrv9k", "vr-veos", "xrd", "rare", } const ( diff --git a/docs/index.md b/docs/index.md index bc9d9643f..db7a96fce 100644 --- a/docs/index.md +++ b/docs/index.md @@ -35,6 +35,7 @@ In addition to native containerized NOSes, containerlab can launch traditional v * [Nokia virtual SR OS (vSim/VSR)](manual/kinds/vr-sros.md) * [Juniper vMX](manual/kinds/vr-vmx.md) * [Juniper vQFX](manual/kinds/vr-vqfx.md) +* [Juniper vSRX](manual/kinds/vr-vsrx.md) * [Cisco IOS XRv9k](manual/kinds/vr-xrv9k.md) * [Cisco Nexus 9000v](manual/kinds/vr-n9kv.md) * [Dell FTOS10v](manual/kinds/vr-ftosv.md) diff --git a/docs/manual/kinds/index.md b/docs/manual/kinds/index.md index 6c0504e77..e0841909e 100644 --- a/docs/manual/kinds/index.md +++ b/docs/manual/kinds/index.md @@ -40,6 +40,7 @@ Within each predefined kind, we store the necessary information that is used to | **Juniper cRPD** | [`crpd/juniper_crpd`](crpd.md) | supported | container | | **Juniper vMX** | [`vr-vmx/vr-juniper_vmx`](vr-vmx.md) | supported | VM | | **Juniper vQFX** | [`vr-vqfx/vr-juniper_vqfx`](vr-vqfx.md) | supported | VM | +| **Juniper vSRX** | [`vr-vsrx/vr-juniper_vsrx`](vr-vsrx.md) | supported | VM | | **Cisco XRv9k** | [`vr-xrv9k/vr-cisco_xrv9k`](vr-xrv9k.md) | supported | VM | | **Cisco XRv** | [`vr-xrv/vr-cisco_xrv`](vr-xrv.md) | supported | VM | | **Cisco Nexus 9000v** | [`vr-n9kv/vr-cisco_n9kv`](vr-n9kv.md) | supported | VM | diff --git a/docs/manual/kinds/vr-vsrx.md b/docs/manual/kinds/vr-vsrx.md new file mode 100644 index 000000000..af42cf65b --- /dev/null +++ b/docs/manual/kinds/vr-vsrx.md @@ -0,0 +1,66 @@ +--- +search: + boost: 4 +--- +# Juniper vSRX + +[Juniper vSRX](https://www.juniper.net/us/en/dm/download-next-gen-vsrx-firewall-trial.html) virtualized firewall is identified with `vr-vsrx` or `vr-juniper_vsrx` kind in the [topology file](../topo-def-file.md). It is built using [vrnetlab](../vrnetlab.md) project and essentially is a Qemu VM packaged in a docker container format. + +## Managing vr-vsrx nodes + +!!!note + Containers with vSRX inside will take ~7min to fully boot. + You can monitor the progress with `docker logs -f `. + +Juniper vSRX node launched with containerlab can be managed via the following interfaces: + +=== "bash" + to connect to a `bash` shell of a running vr-vsrx container: + ```bash + docker exec -it bash + ``` +=== "CLI via SSH" + to connect to the vSRX CLI (password `admin@123`) + ```bash + ssh admin@ + ``` +=== "NETCONF" + Coming soon + +!!!info + Default user credentials: `admin:admin@123` + +## Interfaces mapping + +* `eth0` - management interface (fxp0) connected to the containerlab management network +* `eth1+` - second and subsequent data interface + +When containerlab launches vr-vsrx node, it will assign IPv4/6 address to the `eth0` interface. These addresses are used to reach the management plane of the router. + +Data interfaces `eth1+` need to be configured with IP addressing manually using CLI/management protocols. + +## Features and options + +### Node configuration + +`vr-vsrx` nodes come up with a basic configuration where only the control plane and line cards are provisioned and the `admin` user with the provided password. + +#### Startup configuration + +It is possible to make vSRX nodes boot up with a user-defined startup-config instead of a built-in one. With a [`startup-config`](../nodes.md#startup-config) property of the node/kind user sets the path to the config file that will be mounted to a container and used as a startup-config: + +```yaml +topology: + nodes: + node: + kind: vr-vsrx + startup-config: myconfig.txt +``` + +With this knob, containerlab is instructed to take a file `myconfig.txt` from the directory that hosts the topology file and copy it to the lab directory for that specific node under the `/config/startup-config.cfg` name. Then the directory that hosts the startup-config dir is mounted to the container. This will result in this config being applied at startup by the node. + +Configuration is applied after the node is started. Thus it can contain partial configuration snippets that you desire to add on top of the default config that a node boots up with. + +## Lab examples + +Coming soon. diff --git a/docs/manual/vrnetlab.md b/docs/manual/vrnetlab.md index 72c7f9325..3d825f586 100644 --- a/docs/manual/vrnetlab.md +++ b/docs/manual/vrnetlab.md @@ -29,23 +29,24 @@ Containerlab depends on `hellt/vrnetlab` project, and sometimes features added i The following table provides a link between the version combinations: -| containerlab[^3] | vrnetlab[^4] | Notes | -| ---------------- | ---------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | -| `0.10.4` | [`0.1.0-cl`](https://github.com/hellt/vrnetlab/tree/v0.1.0-cl) | Initial release. Images: sros, vmx, xrv, xrv9k | -| `0.11.0` | [`0.2.0`](https://github.com/hellt/vrnetlab/tree/v0.2.0) | added [vr-veos](kinds/vr-veos.md), support for [boot-delay](#boot-delay), SR OS will have a static route to docker network, improved XRv startup chances | -| -- | [`0.2.1`](https://github.com/hellt/vrnetlab/tree/v0.2.1) | added timeout for SR OS images to allow eth interfaces to appear in the container namespace. Other images are not touched. | -| -- | [`0.2.2`](https://github.com/hellt/vrnetlab/tree/v0.2.2) | fixed serial (telnet) access to SR OS nodes | -| -- | [`0.2.3`](https://github.com/hellt/vrnetlab/tree/v0.2.3) | set default cpu/ram for SR OS images | -| `0.13.0` | [`0.3.0`](https://github.com/hellt/vrnetlab/tree/v0.3.0) | added support for Cisco CSR1000v via [`vr-csr`](kinds/vr-csr.md) and MikroTik routeros via [`vr-ros`](kinds/vr-ros.md) kind | -| -- | [`0.3.1`](https://github.com/hellt/vrnetlab/tree/v0.3.1) | enhanced SR OS boot sequence | -| -- | [`0.4.0`](https://github.com/hellt/vrnetlab/tree/v0.4.0) | fixed SR OS CPU allocation and added Palo Alto PAN support [`vr-pan`](kinds/vr-pan.md) | -| `0.16.0` | [`0.5.0`](https://github.com/hellt/vrnetlab/tree/v0.5.0) | added support for Cisco Nexus 9000v via [`vr-n9kv`](kinds/vr-n9kv.md) kind, added support for non-continuous interfaces provisioning | -| `0.19.0` | [`0.6.0`](https://github.com/hellt/vrnetlab/tree/v0.6.0) | added experimental support for Juniper vQFX via [`vr-vqfx`](kinds/vr-vqfx.md) kind, added support Dell FTOS via [`vr-ftosv`](kinds/vr-ftosv.md) | -| | [`0.6.2`](https://github.com/hellt/vrnetlab/tree/v0.6.2) | support for IPv6 management for SR OS; support for RouterOS v7+ | -| | [`0.7.0`](https://github.com/hellt/vrnetlab/tree/v0.7.0) | startup-config support for vqfx and vmx | -| `0.32.2` | [`0.8.0`](https://github.com/hellt/vrnetlab/releases/tag/v0.8.0) | startup-config support for the rest of the kinds, support for multi line card SR OS | -| `0.34.0` | [`0.8.2`](https://github.com/hellt/vrnetlab/releases/tag/v0.8.2) | startup-config support for PANOS, ISA support for Nokia VSR-I and MGMT VRF for VMX | -| | [`0.9.0`](https://github.com/hellt/vrnetlab/releases/tag/v0.9.0) | Support for IPInfusion OcNOS with vrnetlab | +| containerlab[^3] | vrnetlab[^4] | Notes | +| ---------------- | ------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `0.10.4` | [`0.1.0-cl`](https://github.com/hellt/vrnetlab/tree/v0.1.0-cl) | Initial release. Images: sros, vmx, xrv, xrv9k | +| `0.11.0` | [`0.2.0`](https://github.com/hellt/vrnetlab/tree/v0.2.0) | added [vr-veos](kinds/vr-veos.md), support for [boot-delay](#boot-delay), SR OS will have a static route to docker network, improved XRv startup chances | +| -- | [`0.2.1`](https://github.com/hellt/vrnetlab/tree/v0.2.1) | added timeout for SR OS images to allow eth interfaces to appear in the container namespace. Other images are not touched. | +| -- | [`0.2.2`](https://github.com/hellt/vrnetlab/tree/v0.2.2) | fixed serial (telnet) access to SR OS nodes | +| -- | [`0.2.3`](https://github.com/hellt/vrnetlab/tree/v0.2.3) | set default cpu/ram for SR OS images | +| `0.13.0` | [`0.3.0`](https://github.com/hellt/vrnetlab/tree/v0.3.0) | added support for Cisco CSR1000v via [`vr-csr`](kinds/vr-csr.md) and MikroTik routeros via [`vr-ros`](kinds/vr-ros.md) kind | +| -- | [`0.3.1`](https://github.com/hellt/vrnetlab/tree/v0.3.1) | enhanced SR OS boot sequence | +| -- | [`0.4.0`](https://github.com/hellt/vrnetlab/tree/v0.4.0) | fixed SR OS CPU allocation and added Palo Alto PAN support [`vr-pan`](kinds/vr-pan.md) | +| `0.16.0` | [`0.5.0`](https://github.com/hellt/vrnetlab/tree/v0.5.0) | added support for Cisco Nexus 9000v via [`vr-n9kv`](kinds/vr-n9kv.md) kind, added support for non-continuous interfaces provisioning | +| `0.19.0` | [`0.6.0`](https://github.com/hellt/vrnetlab/tree/v0.6.0) | added experimental support for Juniper vQFX via [`vr-vqfx`](kinds/vr-vqfx.md) kind, added support Dell FTOS via [`vr-ftosv`](kinds/vr-ftosv.md) | +| | [`0.6.2`](https://github.com/hellt/vrnetlab/tree/v0.6.2) | support for IPv6 management for SR OS; support for RouterOS v7+ | +| | [`0.7.0`](https://github.com/hellt/vrnetlab/tree/v0.7.0) | startup-config support for vqfx and vmx | +| `0.32.2` | [`0.8.0`](https://github.com/hellt/vrnetlab/releases/tag/v0.8.0) | startup-config support for the rest of the kinds, support for multi line card SR OS | +| `0.34.0` | [`0.8.2`](https://github.com/hellt/vrnetlab/releases/tag/v0.8.2) | startup-config support for PANOS, ISA support for Nokia VSR-I and MGMT VRF for VMX | +| | [`0.9.0`](https://github.com/hellt/vrnetlab/releases/tag/v0.9.0) | Support for IPInfusion OcNOS with vrnetlab | +| `0.41.0` | [`0.11.0`](https://github.com/hellt/vrnetlab/releases/tag/v0.11.0) | Added support for Juniper vSRX3.0 via [`vr-vsrx`](kinds/vr-vsrx.md) kind | ### Building vrnetlab images @@ -79,6 +80,7 @@ The images that work with containerlab will appear in the supported list as we i | Nokia SR OS | [vr-sros](kinds/vr-sros.md) | [SRL & SR OS](../lab-examples/vr-sros.md) | When building SR OS vrnetlab image for use with containerlab, **do not** provide the license during the image build process. The license shall be provided in the containerlab topology definition file[^1]. | | Juniper vMX | [vr-vmx](kinds/vr-vmx.md) | [SRL & vMX](../lab-examples/vr-vmx.md) | | | Juniper vQFX | [vr-vqfx](kinds/vr-vqfx.md) | Coming soon | | +| Juniper vSRX | [vr-vsrx](kinds/vr-vsrx.md) | Coming soon | | | Cisco XRv | [vr-xrv](kinds/vr-xrv.md) | [SRL & XRv](../lab-examples/vr-xrv.md) | | | Cisco XRv9k | [vr-xrv9k](kinds/vr-xrv9k.md) | [SRL & XRv9k](../lab-examples/vr-xrv9k.md) | | | Cisco CSR1000v | [vr-csr](kinds/vr-csr.md) | | | diff --git a/mkdocs.yml b/mkdocs.yml index 28d1b6afb..1c04a85b4 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -16,6 +16,7 @@ nav: - Juniper cRPD: manual/kinds/crpd.md - Juniper vMX: manual/kinds/vr-vmx.md - Juniper vQFX: manual/kinds/vr-vqfx.md + - Juniper vSRX: manual/kinds/vr-vsrx.md - Cisco XRd: manual/kinds/xrd.md - Cisco XRv9k: manual/kinds/vr-xrv9k.md - Cisco XRv: manual/kinds/vr-xrv.md diff --git a/nodes/vr_vsrx/vr-vsrx.go b/nodes/vr_vsrx/vr-vsrx.go new file mode 100644 index 000000000..12eff38e2 --- /dev/null +++ b/nodes/vr_vsrx/vr-vsrx.go @@ -0,0 +1,102 @@ +// Copyright 2020 Nokia +// Licensed under the BSD 3-Clause License. +// SPDX-License-Identifier: BSD-3-Clause + +package vr_vsrx + +import ( + "context" + "fmt" + "path" + + log "github.com/sirupsen/logrus" + "github.com/srl-labs/containerlab/netconf" + "github.com/srl-labs/containerlab/nodes" + "github.com/srl-labs/containerlab/types" + "github.com/srl-labs/containerlab/utils" +) + +var ( + kindnames = []string{"vr-vsrx", "vr-juniper_vsrx"} + defaultCredentials = nodes.NewCredentials("admin", "admin@123") +) + +const ( + scrapliPlatformName = "juniper_junos" + + configDirName = "config" + startupCfgFName = "startup-config.cfg" +) + +// Register registers the node in the NodeRegistry. +func Register(r *nodes.NodeRegistry) { + r.Register(kindnames, func() nodes.Node { + return new(vrVSRX) + }, defaultCredentials) +} + +type vrVSRX struct { + nodes.DefaultNode +} + +func (n *vrVSRX) Init(cfg *types.NodeConfig, opts ...nodes.NodeOption) error { + // Init DefaultNode + n.DefaultNode = *nodes.NewDefaultNode(n) + // set virtualization requirement + n.HostRequirements.VirtRequired = true + + n.Cfg = cfg + for _, o := range opts { + o(n) + } + // env vars are used to set launch.py arguments in vrnetlab container + defEnv := map[string]string{ + "USERNAME": defaultCredentials.GetUsername(), + "PASSWORD": defaultCredentials.GetPassword(), + "CONNECTION_MODE": nodes.VrDefConnMode, + "DOCKER_NET_V4_ADDR": n.Mgmt.IPv4Subnet, + "DOCKER_NET_V6_ADDR": n.Mgmt.IPv6Subnet, + } + n.Cfg.Env = utils.MergeStringMaps(defEnv, n.Cfg.Env) + + // mount config dir to support startup-config functionality + n.Cfg.Binds = append(n.Cfg.Binds, fmt.Sprint(path.Join(n.Cfg.LabDir, configDirName), ":/config")) + + if n.Cfg.Env["CONNECTION_MODE"] == "macvtap" { + // mount dev dir to enable macvtap + n.Cfg.Binds = append(n.Cfg.Binds, "/dev:/dev") + } + + n.Cfg.Cmd = fmt.Sprintf("--username %s --password %s --hostname %s --connection-mode %s --trace", + defaultCredentials.GetUsername(), defaultCredentials.GetPassword(), n.Cfg.ShortName, n.Cfg.Env["CONNECTION_MODE"]) + + return nil +} + +func (n *vrVSRX) PreDeploy(_ context.Context, params *nodes.PreDeployParams) error { + utils.CreateDirectory(n.Cfg.LabDir, 0777) + _, err := n.LoadOrGenerateCertificate(params.Cert, params.TopologyName) + if err != nil { + return nil + } + return nodes.LoadStartupConfigFileVr(n, configDirName, startupCfgFName) +} + +func (n *vrVSRX) SaveConfig(_ context.Context) error { + err := netconf.SaveConfig(n.Cfg.LongName, + defaultCredentials.GetUsername(), + defaultCredentials.GetPassword(), + scrapliPlatformName, + ) + if err != nil { + return err + } + + log.Infof("saved %s running configuration to startup configuration file\n", n.Cfg.ShortName) + return nil +} + +// CheckInterfaceName checks if a name of the interface referenced in the topology file correct. +func (n *vrVSRX) CheckInterfaceName() error { + return nodes.GenericVMInterfaceCheck(n.Cfg.ShortName, n.Cfg.Endpoints) +} diff --git a/schemas/clab.schema.json b/schemas/clab.schema.json index 2ec8b0634..bcd8af838 100644 --- a/schemas/clab.schema.json +++ b/schemas/clab.schema.json @@ -53,6 +53,8 @@ "vr-juniper_vmx", "vr-vqfx", "vr-juniper_vqfx", + "vr-vsrx", + "vr-juniper_vsrx", "vr-xrv", "vr-cisco_xrv", "vr-xrv9k", @@ -566,6 +568,12 @@ "vr-vmx": { "$ref": "#/definitions/node-config" }, + "vr-juniper_vsrx": { + "$ref": "#/definitions/node-config" + }, + "vr-vsrx": { + "$ref": "#/definitions/node-config" + }, "vr-cisco_xrv": { "$ref": "#/definitions/node-config" }, @@ -651,4 +659,4 @@ "name", "topology" ] -} \ No newline at end of file +}