Transparent management interface (#287)

* Pass-through/transparent management interfaces (#268)

* vrnetlab: Add pass-through management interfaces

* vjunos: Add pass-through management interface support

* vrnetlab: Use JSON output of iproute2

* vrnetlab: Add exception for serial console ports 5000-5007 for transparent mode mgmt interface

* vrnetlab: Remove non-working port 5000 tc mirred exception, redirect to correct interface

* vrnetlab: Use tc clsact qdisc and flower matching as best practice

* vrnetlab: Re-add workaround for serial ports in transparent mgmt mode

* vrnetlab: Add IPv6 support to management address/gw functions

* vjunos: Add IPv6 management addresses, fix v4 address templating

* vrnetlab: Set dummy IPv6 address/gw for hostfwd management

* nokia_sros: Add pass-through management interface support (#272)

* vrnetlab: Add pass-through management interfaces

* vjunos: Add pass-through management interface support

* vrnetlab: Use JSON output of iproute2

* vrnetlab: Add exception for serial console ports 5000-5007 for transparent mode mgmt interface

* vrnetlab: Remove non-working port 5000 tc mirred exception, redirect to correct interface

* vrnetlab: Use tc clsact qdisc and flower matching as best practice

* vrnetlab: Re-add workaround for serial ports in transparent mgmt mode

* vrnetlab: Add IPv6 support to management address/gw functions

* vjunos: Add IPv6 management addresses, fix v4 address templating

* vrnetlab: Set dummy IPv6 address/gw for hostfwd management

* Fix CSR1000v and c8000v (#269)

* Remove whitespaces from IMG_NAME and IMG_VENDOR

* Fix Cisco CSR1000v

* Fix Cisco c8000v

* Use env var passed from containerlab for IOL launch PID (#270)

* nokia_sros: Add pass-through management interface support

* fix comment

* change mgmt address parsing

* added self.mgmt_nic_passthrough to VR and VM classes

* remove copy of a healthcheck

* formatting

* added mgmt passthrough to the VR class and aligned SR OS

* added v6 address to bof

---------

Co-authored-by: vista <[email protected]>
Co-authored-by: Athanasios Kompouras <[email protected]>
Co-authored-by: Kaelem <[email protected]>
Co-authored-by: Roman Dodin <[email protected]>

* default vjunos to to host-forwarded mgmt mode

* note on default systems

* vsrx: Add transparent management interface mode compatibility (#288)

* fix host vs passthrough notes

* Transparent management interfaces for Cisco nodes. (#290)

* Add function to convert CIDR to DDN notation

* Add IOS-XE device support for transparent mgmt intf

* Implement transparent mgmt intf on XRv

* Add transparent mgmt if functionality to xrv9k

* Add transparent mgmt intf to vIOS

* Add transparent mgmt intf to n9kv and use 2048 bit keys

* Remove incorrectly pasted command from n9kv

* Add explicit IPv6 enablement to vIOS

* Update vIOS default creds to `admin:admin`

* NXOS: Add transparent mgmt intf support + mgmt vrf + 2048-bit SSH keys

* change n9kv version parser and FROM image

* fix comment

* Update images to `debian:bookworm-slim`

* Update `cidr_to_ddn()` func to use stdlib for address splitting

* use `super().gen_mgmt()` to extend `gen_mgmt()` fn on XRv9k

---------

Co-authored-by: Roman Dodin <[email protected]>

* added dell sonic transparent mgmt (#292)

---------

Co-authored-by: vista- <[email protected]>
Co-authored-by: Michel Redondo <[email protected]>
Co-authored-by: Athanasios Kompouras <[email protected]>
Co-authored-by: Kaelem <[email protected]>
Co-authored-by: Kaelem Chandra <[email protected]>

Author: 5 people

README.md

@@ -11,7 +11,7 @@ project itself, consider reading the [docs of the upstream repo](https://github.
 ## What is this fork about?
 
 At [containerlab](https://containerlab.srlinux.dev) we needed to have
-[a way to run virtual routers](https://containerlab.srlinux.dev/manual/vrnetlab/)
+[a way to run virtual routers](https://containerlab.dev/manual/vrnetlab/)
 alongside the containerized Network Operating Systems.
 
 Vrnetlab provides perfect machinery to package most-common routing VMs in
@@ -80,6 +80,24 @@ Full list of connection mode values:
 | ovs-bridge      | :white_check_mark:  | Same as a regular bridge, but uses OvS (Open vSwitch).
 | macvtap         | :x:                 | Requires mounting entire `/dev` to a container namespace. Needs file descriptor manipulation due to no native qemu support.
 
+## Management interface
+
+There are two types of management connectivity for NOS VMs: _pass-through_ and _host-forwarded_ (legacy) management interfaces.
+
+_Pass-through management_ interfaces allows the use of the assigned management IP within the NOS VM, management traffic is transparently passed through to the VM, and the NOS configuration can accurately reflect the management IP. However, it is no longer possible to send or receive traffic directly in the vrnetlab container (e.g. for installing additional packages within the container), other than to pre-defined exceptions, such as the QEMU serial port on TCP port 5000.
+
+NOSes defaulting to _pass-through_ management interfaces are:
+
+* None so far, we are gathering feedback on this, and will update this list as feedback is received. Please contact us in [Discord](https://discord.gg/vAyddtaEV9) or open up an issue here if you have found any issues when trying the passthrough mode.
+
+In case of _host-forwarded_ management interfaces, certain ports are forwarded to the NOS VM IP, which is always 10.0.0.15/24. The management gateway in this case is 10.0.0.2/24, and outgoing traffic is NATed to the container management IP. This management interface connection mode does not allow for traffic such as LLDP to pass through the management interface.
+
+NOSes defaulting to _host-forwarded_ management interfaces are:
+
+* all current systems
+
+It is possible to change from the default management interface mode by setting the `CLAB_MGMT_PASSTHROUGH` environment variable to 'true' or 'false', however, it is left up to the user to provide a startup configuration compatible with the requested mode.
+
 ## Which vrnetlab routers are supported?
 
 Since the changes we made in this fork are VM specific, we added a few popular

c8000v/docker/launch.py

@@ -151,6 +151,8 @@ def bootstrap_config(self):
         """Do the actual bootstrap config"""
         self.logger.info("applying bootstrap configuration")
 
+        v4_mgmt_address = vrnetlab.cidr_to_ddn(self.mgmt_address_ipv4)
+
         self.wait_write("", None)
         self.wait_write("enable", wait=">")
         self.wait_write("configure terminal", wait=">")
@@ -164,18 +166,24 @@ def bootstrap_config(self):
         else:
             self.wait_write("ip domain-name example.com")
         self.wait_write("crypto key generate rsa modulus 2048")
-        
+
+        self.wait_write("ipv6 unicast-routing")
+
         self.wait_write("vrf definition clab-mgmt")
+        self.wait_write("description Containerlab management VRF (DO NOT DELETE)")
         self.wait_write("address-family ipv4")
         self.wait_write("exit")
-        self.wait_write("description Containerlab management VRF (DO NOT DELETE)")
+        self.wait_write("address-family ipv6")
+        self.wait_write("exit")
         self.wait_write("exit")
 
-        self.wait_write("ip route vrf clab-mgmt 0.0.0.0 0.0.0.0 10.0.0.2")
+        self.wait_write(f"ip route vrf clab-mgmt 0.0.0.0 0.0.0.0 {self.mgmt_gw_ipv4}")
+        self.wait_write(f"ipv6 route vrf clab-mgmt ::/0 {self.mgmt_gw_ipv6}")
 
         self.wait_write("interface GigabitEthernet1")
         self.wait_write("vrf forwarding clab-mgmt")
-        self.wait_write("ip address 10.0.0.15 255.255.255.0")
+        self.wait_write(f"ip address {v4_mgmt_address[0]} {v4_mgmt_address[1]}")
+        self.wait_write(f"ipv6 address {self.mgmt_address_ipv6}")
         self.wait_write("no shut")
         self.wait_write("exit")
         self.wait_write("restconf")

cat9kv/docker/launch.py

@@ -157,6 +157,8 @@ def bootstrap_spin(self):
     def bootstrap_config(self):
         """Do the actual bootstrap config"""
         self.logger.info("applying bootstrap configuration")
+        
+        v4_mgmt_address = vrnetlab.cidr_to_ddn(self.mgmt_address_ipv4)
 
         self.wait_write("", None)
         self.wait_write("enable", wait=">")
@@ -173,12 +175,16 @@ def bootstrap_config(self):
         self.wait_write("crypto key generate rsa modulus 2048")
 
         self.wait_write("no ip domain lookup")
+        
+        self.wait_write("ipv6 unicast-routing")
 
         # add mgmt vrf static route
-        self.wait_write("ip route vrf Mgmt-vrf 0.0.0.0 0.0.0.0 10.0.0.2")
+        self.wait_write(f"ip route vrf clab-mgmt 0.0.0.0 0.0.0.0 {self.mgmt_gw_ipv4}")
+        self.wait_write(f"ipv6 route vrf clab-mgmt ::/0 {self.mgmt_gw_ipv6}")
 
         self.wait_write("interface GigabitEthernet0/0")
-        self.wait_write("ip address 10.0.0.15 255.255.255.0")
+        self.wait_write(f"ip address {v4_mgmt_address[0]} {v4_mgmt_address[1]}")
+        self.wait_write(f"ipv6 address {self.mgmt_address_ipv6}")
         self.wait_write("no shut")
         self.wait_write("exit")