Transparent management datapath

[hellt]

This is an overarching issue/tracker for the progress on delivering the transparent mgmt datapath

When vrnetlab spawns a container that runs a VM inside it uses qemu user networking mode to "stitch" the container's eth0 (management) interface to a management interface of a VM.

This approach has a major drawback of using a "fake" IP address assigned to the VM's management interface from the IP range of the qemu user network, which is in vrnetlab set to 10.0.0.0/24. Because of this, all VMs spawned by vrnetlab/containerlab have the same IP (10.0.0.15/24) assigned to their management interface.

This, of course, is not ideal, and it a big pita when trying to manage the containerlab lab nodes with some NMS, as they typically use the IP addresses from the mgmt interface to identify the nodes.

Thanks to @vista- work in #268 there has been added a mode to vrnetlab where the interface of a wrapping container (eth0) is transparently mapped (using tc) to the VM't tap0 interface, which allows the VMs to use the same IP address for its management interface as the eth0 interface of the wrapping container. Read more details about this in #268

Since this change is quite major, it is toggle-able, by setting the CLAB_MGMT_PASSTHROUGH env var to a string value of "true" to enable this new behavior.

The main development PR is #287. It should be used as a base for other vendor implementations. When we are happy with the coverage we will merge #287 into master.

Support for vendors

Nokia

SR OS

Nokia SR OS has to be refactored to support this mode, the work is done by @michelredondo in #272

Juniper

vJUNOS-X

Initial delivery in #268

Juniper vSRX

Added in #288

Cisco

• Cisco ASAv
• Cisco Cat8kv
• Cisco Cat9kv
• Cisco CSR1kv
• Cisco FTDv
• Cisco Nexus 9k (n9kv)
• Cisco NX-OS
• Cisco IOSv
• Cisco XRv
• Cisco XRv9k

all of the above added in #290 by @kaelemc

SONiC

• Dell SONiC (note, v6 address is not being applied) Dell sonic transparent mgmt support #292
• Community SONiC

Huawei

• VRP

Arista

• vEOS

MikroTik

• RouterOS

Dell

• FTOSv

[hellt]

with #287 merged into master we get a first batch of transparent mgmt interface-enabled systems.

Others will be added based upon a request. The issue stays open for tracking of this progress

[kaelemc]

Are we looking at making this the default anytime soon?

[hellt]

We can flip a switch for sros and give it a good test run along side srx hackathon prep

[mischadiehm]

This looks really promising. Hope it will make it soon to main! Also wondered why vrnetlab does DNAT for all Ports except 5000 but then no SRCNAT for the other way around. Would have been enough for my NMS use cases...

[vista-]

@mischadiehm You can already try this out by setting the envvar CLAB_MGMT_PASSTHROUGH to true on the nodes you want to transparently connect! Not all nodes support transparent management connections out of the box, but it's just a matter of changing the generated startup config in most cases (10.0.0.15 -> real mgmt IP, 10.0.0.2 -> real mgmt gw) to get it working again.

Please let us know how it goes, what vrnetlab node type you tested, any potential issues you might have run into, etc... it would be very helpful to get some more test data and use-cases.