Juniper Virtual SRX on Containerlab
https://containerlab.dev/manual/kinds/vr-vsrx/
Setup is Juniper vSRX3 with Containerlab and two linux hosts.
root@E5450:/home/sonicepk/clab-vsrx# clab version
_ _ _
_ (_) | | | |
____ ___ ____ | |_ ____ _ ____ ____ ____| | ____| | _
/ ___) _ \| _ \| _)/ _ | | _ \ / _ )/ ___) |/ _ | || \
( (__| |_|| | | | |_( ( | | | | | ( (/ /| | | ( ( | | |_) )
\____)___/|_| |_|\___)_||_|_|_| |_|\____)_| |_|\_||_|____/
version: 0.47.2
commit: 0b3991f0
date: 2023-10-26T10:18:52Z
source: https://github.com/srl-labs/containerlab
rel. notes: https://containerlab.dev/rn/0.47/#0472
root@E5450:/home/sonicepk/clab-vsrx#
root@E5450:/home/sonicepk/clab-vsrx# docker -v
Docker version 24.0.6, build ed223bc
root@E5450:/home/sonicepk/clab-vsrx#
root@E5450:/home/sonicepk/vrnetlab# git branch
* (HEAD detached at v0.12.0)
master
root@E5450:/home/sonicepk/vrnetlab#
root@E5450:/home/sonicepk/vrnetlab/vsrx# ls
docker junos-vsrx3-x86-64-23.2R1.13.qcow2 Makefile
root@E5450:/home/sonicepk/vrnetlab/vsrx#
root@E5450:/home/sonicepk/vrnetlab/vsrx# docker image ls | grep srx
vrnetlab/vr-vsrx 23.2R1.13 dd25f7b62ffc 2 days ago 1.67GB
root@E5450:/home/sonicepk/vrnetlab/vsrx#
root@E5450:/home/sonicepk/clab-vsrx# cat vsrx-linux.yml
name: vsrx1
topology:
nodes:
srx1:
kind: vr-vsrx
image: vrnetlab/vr-vsrx:23.2R1.13
startup-config: srx1.txt
client1:
kind: "linux"
image: wbitt/network-multitool:alpine-extra
exec:
- ip addr add 192.168.1.2/30 dev eth1
- ip route add 192.168.2.0/30 via 192.168.1.1
client2:
kind: "linux"
image: wbitt/network-multitool:alpine-extra
exec:
- ip addr add 192.168.2.2/30 dev eth1
- ip route add 192.168.1.0/30 via 192.168.2.1
links:
- endpoints: ["srx1:eth1", "client1:eth1"]
- endpoints: ["srx1:eth2", "client2:eth1"]
root@E5450:/home/sonicepk/clab-vsrx#
In my tests, the startup-config directive never worked. Containerlab did copy the contents of srx1.txt to the startup-configcfg but they never got loaded when the lab wsa started. I always had to log into the vsrx and add the commands via the Junos CLI.
root@E5450:/home/sonicepk/clab-vsrx/clab-vsrx1/srx1/config# cat startup-config.cfg
root@E5450:/home/sonicepk/clab-vsrx# cat srx1.txt
set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.1/30
set interfaces ge-0/0/1 unit 0 family inet address 192.168.2.1/30
set security zones security-zone trust interfaces ge-0/0/0 host-inbound-traffic system-services all
set security zones security-zone trust interfaces ge-0/0/1 host-inbound-traffic system-services all
set system services web-management https system-generated-certificate
set security forwarding-options family mpls mode packet-based
root@E5450:/home/sonicepk/clab-vsrx#
root@E5450:/home/sonicepk/clab-vsrx# clab inspect --all
+---+-----------------+----------+--------------------+--------------+--------------------------------------+---------+---------+----------------+----------------------+
| # | Topo Path | Lab Name | Name | Container ID | Image | Kind | State | IPv4 Address | IPv6 Address |
+---+-----------------+----------+--------------------+--------------+--------------------------------------+---------+---------+----------------+----------------------+
| 1 | vsrx-alpine.yml | vsrx1 | clab-vsrx1-client1 | f06a4997ac1b | wbitt/network-multitool:alpine-extra | linux | running | 172.20.20.4/24 | 2001:172:20:20::4/64 |
| 2 | | | clab-vsrx1-client2 | c77b68244805 | wbitt/network-multitool:alpine-extra | linux | running | 172.20.20.3/24 | 2001:172:20:20::3/64 |
| 3 | | | clab-vsrx1-srx1 | 85e3251a27c1 | vrnetlab/vr-vsrx:23.2R1.13 | vr-vsrx | running | 172.20.20.2/24 | 2001:172:20:20::2/64 |
+---+-----------------+----------+--------------------+--------------+--------------------------------------+---------+---------+----------------+----------------------+
root@E5450:/home/sonicepk/clab-vsrx#
Takes approx 5 minutes to boot the vsrx on my old laptop. Intel i5/8G of ram. My laptop does not have enough grunt to run two instances, but one works fine.
root@E5450:/home/sonicepk/clab-vsrx# docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
85e3251a27c1 vrnetlab/vr-vsrx:23.2R1.13 "/launch.py --userna…" 10 minutes ago Up 10 minutes (healthy) 22/tcp, 830/tcp, 5000/tcp, 10000-10099/tcp clab-vsrx1-srx1
f06a4997ac1b wbitt/network-multitool:alpine-extra "/bin/sh /docker-ent…" 10 minutes ago Up 10 minutes 80/tcp, 443/tcp, 1180/tcp, 11443/tcp clab-vsrx1-client1
c77b68244805 wbitt/network-multitool:alpine-extra "/bin/sh /docker-ent…" 10 minutes ago Up 10 minutes 80/tcp, 443/tcp, 1180/tcp, 11443/tcp clab-vsrx1-client2
root@E5450:/home/sonicepk/clab-vsrx#
admin> show configuration | display set
set version 23.2R1.13
set system root-authentication encrypted-password "$6$B5eNOTgy$Ty5MUZ7GaiTlN33doSrH4dP/mPNiyprXnnglpHeL9.HYcIL5bqtcPzIPVIKAEl0ExcyoMEOvsvH5/a3NH1Nnt1"
set system login user admin uid 2000
set system login user admin class super-user
set system login user admin authentication encrypted-password "$6$TUXLlZlu$.E9gHo.sljNzZCRdgsc1aAW5vkJb2VliIoZBbvqhHTuRXqfkp8PwhjLHT6Sfhm7lm6sht7Zl5zjD7nK3dJ.SJ0"
set system services ssh
set system services netconf ssh
set system services web-management https system-generated-certificate
set system management-instance
set security forwarding-options family mpls mode packet-based
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services all
set security zones security-zone trust interfaces ge-0/0/1.0 host-inbound-traffic system-services all
set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.1/30
set interfaces ge-0/0/1 unit 0 family inet address 192.168.2.1/30
set interfaces fxp0 unit 0 family inet address 10.0.0.15/24
set routing-instances mgmt_junos routing-options static route 0.0.0.0/0 next-hop 10.0.0.2
set routing-instances mgmt_junos description management-instance
admin>
Traceroute from client1---eth1------ge-0/0/0---VSRX---ge-0/0/1----eth1---client2
root@E5450:/home/sonicepk/clab-vsrx# docker exec -it clab-vsrx1-client1 ash
/ # ip a show dev eth1
131: eth1@if132: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9500 qdisc noqueue state UP group default
link/ether aa:c1:ab:ac:1b:19 brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet 192.168.1.2/30 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::a8c1:abff:feac:1b19/64 scope link
valid_lft forever preferred_lft forever
/ # ip route
default via 172.20.20.1 dev eth0
172.20.20.0/24 dev eth0 proto kernel scope link src 172.20.20.4
192.168.1.0/30 dev eth1 proto kernel scope link src 192.168.1.2
192.168.2.0/30 via 192.168.1.1 dev eth1
/ # traceroute 192.168.2.2
traceroute to 192.168.2.2 (192.168.2.2), 30 hops max, 46 byte packets
1 192.168.1.1 (192.168.1.1) 0.397 ms 0.347 ms 0.290 ms
2 192.168.2.2 (192.168.2.2) 0.263 ms 0.374 ms 0.762 ms
/ #