Merge branch 'master' into transparent-mgmt-intfs-dev

Author: hellt

README.md

@@ -1,46 +1,84 @@
 # vrnetlab - VR Network Lab
 
-This is a fork of the original [plajjan/vrnetlab](https://github.com/plajjan/vrnetlab) project. The fork has been created specifically to make vrnetlab-based images to be runnable by [containerlab](https://containerlab.srlinux.dev).
+This is a fork of the original [plajjan/vrnetlab](https://github.com/plajjan/vrnetlab)
+project and was created specifically to make vrnetlab-based images runnable by
+[containerlab](https://containerlab.srlinux.dev).
 
-The documentation provided in this fork only explains the parts that have been changed in any way from the upstream project. To get a general overview of the vrnetlab project itself, consider reading the docs of the upstream repo.
+The documentation provided in this fork only explains the parts that have been
+changed from the upstream project. To get a general overview of the vrnetlab
+project itself, consider reading the [docs of the upstream repo](https://github.com/vrnetlab/vrnetlab/blob/master/README.md).
 
 ## What is this fork about?
 
-At [containerlab](https://containerlab.srlinux.dev) we needed to have [a way to run virtual routers](https://containerlab.srlinux.dev/manual/vrnetlab/) alongside the containerized Network Operating Systems.
+At [containerlab](https://containerlab.srlinux.dev) we needed to have
+[a way to run virtual routers](https://containerlab.dev/manual/vrnetlab/)
+alongside the containerized Network Operating Systems.
 
-Vrnetlab provides a perfect machinery to package most-common routing VMs in the container packaging. What upstream vrnetlab doesn't do, though, is creating datapath between the VMs in a "container-native" way.  
-Vrnetlab relies on a separate VM (vr-xcon) to stich sockets exposed on each container and that doesn't play well with the regular ways of interconnecting container workloads.
+Vrnetlab provides perfect machinery to package most-common routing VMs in
+container packaging. What upstream vrnetlab doesn't do, though, is create
+datapaths between the VMs in a "container-native" way.
 
-This fork adds additional option for `launch.py` script of the supported VMs called `connection-mode`. This option allows to choose the way vrnetlab will create datapath for the launched VMs.
+Vrnetlab relies on a separate VM ([vr-xcon](https://github.com/vrnetlab/vrnetlab/tree/master/vr-xcon))
+to stitch sockets exposed on each container and that doesn't play well with the
+regular ways of interconnecting container workloads.
 
-By adding a few options a `connection-mode` value can be set to, we made it possible to run vrnetlab containers with the networking that doesn't require a separate container and is native to the tools like docker.
+This fork adds the additional option `connection-mode` to the `launch.py` script
+of supported VMs. The `connection-mode` option controls how vrnetlab creates
+datapaths for launched VMs.
+
+The `connection-mode` values make it possible to run vrnetlab containers with
+networking that doesn't require a separate container and is native to tools such
+as docker.
 
 ### Container-native networking?
 
-Yes, the term is bloated, what it actually means is that with the changes we made in this fork it is possible to add interfaces to a container that hosts a qemu VM and vrnetlab will recognize those interfaces and stitch them with the VM interfaces.
+Yes, the term is bloated. What it actually means is this fork makes it possible
+to add interfaces to a container hosting a qemu VM and vrnetlab will recognize
+those interfaces and stitch them with the VM interfaces.
 
-With this you can just add, say, veth pairs between the containers as you would do normally, and vrnetlab will make sure that these ports get mapped to your router' ports. In essence, that allows you to work with your vrnetlab containers like with a normal container and get the datapath working in the same "native" way.
+With this you can, for example, add veth pairs between containers as you would
+normally and vrnetlab will make sure these ports get mapped to your routers'
+ports. In essence, that allows you to work with your vrnetlab containers like a
+normal container and get the datapath working in the same "native" way.
 
-> Although the changes we made here are of a general purpose and you can run vrnetlab routers with docker CLI or any other container runtime, the purpose of this work was to couple vrnetlab with containerlab.  
-> With this being said, we recommend the readers to start their journey from this [documentation entry](https://containerlab.srlinux.dev/manual/vrnetlab/) which will show you how easy it is to run routers in a containerized setting.
+> [!IMPORTANT]
+> Although the changes we made here are of a general purpose and you can run
+> vrnetlab routers with docker CLI or any other container runtime, the purpose
+> of this work was to couple vrnetlab with containerlab.
+>
+> With this being said, we recommend the readers start their journey from
+> this [documentation entry](https://containerlab.dev/manual/vrnetlab/)
+> which will show you how easy it is to run routers in a containerized setting.
 
 ## Connection modes
 
-As mentioned above, the major change this fork brings is the ability to run vrnetlab containers without requiring vr-xcon and by using container-native networking.
+As mentioned above, the major change this fork brings is the ability to run
+vrnetlab containers without requiring [vr-xcon](https://github.com/vrnetlab/vrnetlab/tree/master/vr-xcon)
+and instead uses container-native networking.
+
+For containerlab the default connection mode value is `connection-mode=tc`.
+With this particular mode we use **tc-mirred** redirects to stitch a container's
+interfaces `eth1+` with the ports of the qemu VM running inside.
 
-The default option that we use in containerlab for this setting is `connection-mode=tc`. With this particular mode we use tc-mirred redirects to stitch container's interfaces `eth1+` with the ports of the qemu VM running inside.
+![diagram showing network connections via tc redirects](https://gitlab.com/rdodin/pics/-/wikis/uploads/4d31c06e6258e70edc887b17e0e758e0/image.png)
 
-![tc](https://gitlab.com/rdodin/pics/-/wikis/uploads/4d31c06e6258e70edc887b17e0e758e0/image.png)
+Using tc redirection (tc-mirred) we get a transparent pipe between a container's
+interfaces and those of the VMs running within.
 
-Using tc redirection we get a transparent pipe between container's interfaces and VM's.
+We scrambled through many connection alternatives, which are described in
+[this post](https://netdevops.me/2021/transparently-redirecting-packetsframes-between-interfaces/),
+but tc redirect (tc-mirred :star:) works best of all.
 
-We scrambled through many alternatives, which I described in [this post](https://netdevops.me/2021/transparently-redirecting-packets/frames-between-interfaces/), but tc-redirect works best of them all.
+### Mode List
 
-Other connection mode values are:
+Full list of connection mode values:
 
-* bridge - creates a linux bridge and attaches `eth` and `tap` interfaces to it. Can't pass LACP traffic.
-* ovs-bridge - same as a regular bridge, but uses OvS. Can pass LACP traffic.
-* macvtap
+| Connection Mode | LACP Support        | Description |
+| --------------- | :-----------------: | :---------- |
+| tc-mirred       | :white_check_mark:  | Creates a linux bridge and attaches `eth` and `tap` interfaces to it. Cleanest solution for point-to-point links.
+| bridge          | :last_quarter_moon: | No additional kernel modules and has native qemu/libvirt support. Does not support passing STP. Requires restricting `MAC_PAUSE` frames in order to support LACP.
+| ovs-bridge      | :white_check_mark:  | Same as a regular bridge, but uses OvS (Open vSwitch).
+| macvtap         | :x:                 | Requires mounting entire `/dev` to a container namespace. Needs file descriptor manipulation due to no native qemu support.
 
 ## Management interface
 
@@ -62,7 +100,8 @@ It is possible to change from the default management interface mode by setting t
 
 ## Which vrnetlab routers are supported?
 
-Since the changes we made in this fork are VM specific, we added a few popular routing products:
+Since the changes we made in this fork are VM specific, we added a few popular
+routing products:
 
 * Arista vEOS
 * Cisco XRv9k

ocnos/Makefile

@@ -5,7 +5,11 @@ IMAGE_GLOB=*.qcow2
 
 # match versions like:
 # DEMO_VM-OcNOS-6.0.2.11-MPLS-x86-MR.qcow2
-VERSION=$(shell echo $(IMAGE) | sed -rn 's/DEMO_VM-OcNOS-(.+)-MPLS-.*.qcow/\1/p')
+#VERSION=$(shell echo $(IMAGE) | sed -rn 's/DEMO_VM-OcNOS-(.+)-MPLS-.*.qcow/\1/p')
+
+# match versions like:
+# OcNOS-SP-PLUS-x86-6.5.2-101-GA.qcow2
+VERSION=$(shell echo $(IMAGE) | sed -rn 's/OcNOS-SP-PLUS-x86-(.+)-GA.qcow2/\1/p')
 
 -include ../makefile-sanity.include
 -include ../makefile.include

ocnos/README.md

@@ -7,12 +7,18 @@ This is the vrnetlab docker image for IPInfusion OcNOS.
 Download the OcNOS-VM image from https://www.ipinfusion.com/products/ocnos-vm/
 Copy the qcow2 image into this folder, then run `make docker-image`.
 
-Tested booting and responding to SSH:
+Tested booting and responding to Telnet:
+
+- OcNOS-SP-PLUS-x86-6.5.2-101-GA.qcow2 MD5:796c121be77d43ffffbf6214a44f54eb
+
+Tested booting and responding to SSH:  
+(The relevant parts of the Makefile for this version are commented out.)
 
 - DEMO_VM-OcNOS-6.0.2.11-MPLS-x86-MR.qcow2 MD5:08bbaf99347c33f75d15f552bda762e1
 
 ## Serial console issues
 
+(This issue did not occur in version 6.5.2-101.)  
 The image of OcNOS version 6.0.2.11 distributed from the official website has a bug that prevents connection via serial console.
 This problem can be corrected by modifying /boot/grub/grub.cfg in the image.
 

ocnos/docker/launch.py

@@ -100,23 +100,44 @@ def bootstrap_config(self):
         """Do the actual bootstrap config"""
         self.logger.info("applying bootstrap configuration")
         self.wait_write("", None)
-        self.wait_write("enable", ">")
-        self.wait_write("configure terminal")
-        self.wait_write(
-            "username %s role network-admin password %s"
-            % (self.username, self.password)
-        )
 
-        # configure mgmt interface
-        self.wait_write("interface eth0")
-        self.wait_write("ip address 10.0.0.15 255.255.255.0")
-        self.wait_write("exit")
+        if self.spins > 300:
+            # too many spins with no result ->  give up
+            self.logger.info("To many spins with no result at logging in, restarting")
+            self.stop()
+            self.start()
+            return
 
-        self.wait_write(f"hostname {self.hostname}")
+        (ridx, match, res) = self.tn.expect([b"OcNOS> "], 1)
+        if match:  # got a match!
+            if ridx == 0:  # write config
+                self.logger.debug("matched logged in prompt")
+                self.wait_write("enable", None)
+                self.wait_write("configure terminal")
+                self.wait_write(
+                  "username %s role network-admin password %s"
+                  % (self.username, self.password)
+                )
+
+            # configure mgmt interface
+            self.wait_write("interface eth0")
+            self.wait_write("ip address 10.0.0.15 255.255.255.0")
+            self.wait_write("exit")
+
+            self.wait_write(f"hostname {self.hostname}")
+
+            self.wait_write("commit")
+            self.wait_write("exit")
+            self.wait_write("write memory")
+
+        # no match, if we saw executive mode from the router it's probably
+        # logging in or logging in failed, so let's give it some more time
+        if res != b"":
+            self.logger.trace("OUTPUT: %s" % res.decode())
+            # reset spins if we saw some output
+            self.spins = 0
 
-        self.wait_write("commit")
-        self.wait_write("exit")
-        self.wait_write("write memory")
+        self.spins += 1        
 
     def startup_config(self):
         """Load additional config provided by user."""