Upload
others
View
90
Download
0
Embed Size (px)
Citation preview
Using Docker and Docker-Compose to create router networks for training
or
Dabbling with Docker
Wolfgang Tremmel [email protected]
!2
The Task
!Create a router lab for BGP trainings !Does not really matter what router
!Number of participants is unknown - up to 20 !Training routers should interact with each other !Participants should only need a web browser !Training network should run on a server somewhere or local !Fast and easy switching between experiments
R01 172.16.1.1/32 2001:db8:500::1:1/128R02
172.16.1.2/32 2001:db8:500::1:2/128
R03 172.16.1.3/32 2001:db8:500::1:3/128
R04 172.16.1.4/32 2001:db8:500::1:4/128
R05 172.16.1.5/32 2001:db8:500::1:5/128
R06 172.16.1.6/32 2001:db8:500::1:6/128
R07 172.16.1.7/32 2001:db8:500::1:7/128
!3
Experiments 1: iBGP
Peer AS286
80.81.192.1/21
Peering LAN: 80.81.192.0/21
R01: AS64501
Upstream Provider A AS65550
10.200.1.1/30
10.200.1.2/30
Upstream Provider B AS64496
10.230.1.1/30
10.230.1.2/30
80.81.192.101/21
Rxx: AS645xx
Upstream Provider A AS65550
10.200.xx.1/30
10.200.xx.2/30
Upstream Provider B AS64496
10.230.xx.1/30
10.230.xx.2/30
80.81.192.1xx/21
Experiment 2: eBGP - IPv4
Peer AS286
2001:7f8::1
Peering LAN: 2001:7f8::/64
R01: AS64501
Upstream Provider A AS65550
2001:db8:200:1::1/64
2001:db8:200:1::2/64
Upstream Provider B AS64496
2001:db8:230:1::1/64
2001:db8:230:1::2/64
2001:7f8::fbf5:0:1
Rxx: AS645xx
Upstream Provider A AS65550
2001:db8:200:x::1/64
2001:db8:200:x::2/64
Upstream Provider B AS64496
2001:db8:230:x::1/64
2001:db8:230:x::2/64
2001:7f8::fbfY:0:1Y = fbf4+xx
Experiment 2: eBGP - IPv6
!6
Options!GNS3 !Great network emulation environment !All kind of devices possible !Resource hungry
!A farm of Raspberry PIs (I actually tried) !Virtualization !Is full virtualization really needed? (no)
!Router !do I really need Cisco, Juniper, etc.? (no)
!7
Have you heard about Docker? (yes, of course)!Lightweight virtualization !Automation using Docker-Compose !Build upon existing work !A dockerfile for frrouting already existed (thank you!) !Just add ttyd for web-access (that was easy) !And IPv6 (this was the hardest task)
!8
Dockerfile for frrouting
# HEADERFROM frrouting/frrLABEL maintainer="[email protected]"
# Install FRRoutingRUN apk update \ && apk upgrade \ && apk add supervisor \ ttyd \ && rm -rf /var/cache/apk/*
# SupervisordADD daemons /etc/frr/daemonsADD daemons.conf /etc/frr/daemons.confADD supervisord.conf /etc/supervisord.confADD shutdown-admin-interface /bin/shutdown-admin-interfaceADD rc.local /etc/rc.local
# Configuration filesVOLUME /etc/frr
# Expose portsEXPOSE 23 80 179
# CommandENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
!9
Using docker-compose!Create these files for experiments automatically: !docker-compose for docker containers and networks !router configs for each container (each router has its sub-directory) !solution files for each container !exabgp.conf to feed containers with BGP sessions !scripts for remote-control containers
./create-docker-compose -n 15 > docker-compose.yml docker-compose up & exabgp exabgp.conf &
!10
Auto-created Docker- compose
version: '2.1'services: r01: image: wtremmel/frr:latest hostname: r01 container_name: r01 sysctls: net.ipv6.conf.all.disable_ipv6: 0 net.ipv6.conf.all.forwarding: 1 cap_add: - ALL expose: - "179" ports: - "9001:80" - "2001:23" volumes: - ./config/r01:/etc/frr networks: admin: upstreamA01: ipv4_address: 10.200.1.2 ipv6_address: 2001:DB8:200:1::2 upstreamB01: ipv4_address: 10.230.1.2 ipv6_address: 2001:DB8:230:1::2 peering: ipv4_address: 80.81.192.101 ipv6_address: 2001:7F8::fbf5:0:1
!11
Download links!FRRouting: https://frrouting.org !ttyd: https://tsl0922.github.io/ttyd/ !Docker Image: wtremmel/frr-latest !https://cloud.docker.com/repository/docker/wtremmel/frr
!Training environment: ! git clone https://[email protected]/decix-
academy/dockerbgp.git
!BGP training videos: !https://www.de-cix.net/en/about-de-cix/academy/videos-and-webinars