Vsrxlab1 (#1695)

* Create vsrx01.yml Adding simple Juniper vSRX demo lab * Update vr-vsrx.md Adding link to vSRX demo page * Create vsrx01.md Details of the lab config * Create srx1.txt Adding the vSRX minimal Junos config * Update vsrx01.md Adding Web Gui comment * added lab example to the toc --------- Co-authored-by: Roman Dodin <[email protected]>
srl-labs · Nov 6, 2023 · d95817d · d95817d
1 parent 5a97e11
commit d95817d
Show file tree

Hide file tree

Showing 5 changed files with 123 additions and 2 deletions.
diff --git a/docs/lab-examples/vsrx01.md b/docs/lab-examples/vsrx01.md
@@ -0,0 +1,90 @@
+|                               |                                                                                    |
+| ----------------------------- | ---------------------------------------------------------------------------------- |
+| **Description**               | A Juniper vSRX connected to two Alpine Linux Hosts                                 |
+| **Components**                | [Juniper vSRX][vsrx], [Multitool Alpine Linux][client]                             |
+| **Resource requirements**[^1] | :fontawesome-solid-microchip: 2 <br/>:fontawesome-solid-memory: 4 GB               |
+| **Topology file**             | [vsrx01.yml][topofile]                                                             |
+| **Name**                      | vsrx01                                                                             |
+| **Version information**[^2]   | `containerlab:0.47.2`, `junos-vsrx3-x86-64-23.2R1.13.qcow2`, `docker:24.0.6`       |
+
+## Description
+
+This lab consists of one Juniper vSRX router connected to two Alpine Linux nodes.
+
+```
+client1<---->vSRX<---->client2
+```
+
+### Configuration
+
+The vSRX takes about 5 minutes to complete its start up. Check using "docker container ls" until the vSRX shows up as "healthy"
+
+```
+# docker container ls
+CONTAINER ID   IMAGE                                  COMMAND                  CREATED          STATUS                    PORTS                                        NAMES
+85e3251a27c1   vrnetlab/vr-vsrx:23.2R1.13             "/launch.py --userna…"   10 minutes ago   Up 10 minutes (healthy)   22/tcp, 830/tcp, 5000/tcp, 10000-10099/tcp   clab-vsrx1-srx1
+f06a4997ac1b   wbitt/network-multitool:alpine-extra   "/bin/sh /docker-ent…"   10 minutes ago   Up 10 minutes             80/tcp, 443/tcp, 1180/tcp, 11443/tcp         clab-vsrx1-client1
+c77b68244805   wbitt/network-multitool:alpine-extra   "/bin/sh /docker-ent…"   10 minutes ago   Up 10 minutes             80/tcp, 443/tcp, 1180/tcp, 11443/tcp         clab-vsrx1-client2
+```
+
+#### vsrx1
+
+Log into the vSRX using SSH with `ssh admin@clab-vsrx1-srx1` and add the configuration from srx01.cfg. Password is `admin@123`.
+
+```
+admin>configure
+set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.1/30
+set interfaces ge-0/0/1 unit 0 family inet address 192.168.2.1/30
+set security zones security-zone trust interfaces ge-0/0/0 host-inbound-traffic system-services all
+set security zones security-zone trust interfaces ge-0/0/1 host-inbound-traffic system-services all
+set system services web-management https system-generated-certificate
+set security forwarding-options family mpls mode packet-based
+# commit 
+```
+
+#### client1
+
+The two clients should be configured with the correct IP addresses and a route to the other client via the vSRX.
+First attach to the container process `docker exec -it clab-vsrx1-client1 ash`
+
+```
+docker exec -it clab-vsrx1-client1 ash
+
+# ip a show dev eth1
+131: eth1@if132: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9500 qdisc noqueue state UP group default
+   link/ether aa:c1:ab:ac:1b:19 brd ff:ff:ff:ff:ff:ff link-netnsid 1
+   inet 192.168.1.2/30 scope global eth1
+      valid_lft forever preferred_lft forever
+   inet6 fe80::a8c1:abff:feac:1b19/64 scope link
+      valid_lft forever preferred_lft forever
+
+# ip route
+default via 172.20.20.1 dev eth0
+172.20.20.0/24 dev eth0 proto kernel scope link src 172.20.20.4
+192.168.1.0/30 dev eth1 proto kernel scope link src 192.168.1.2
+192.168.2.0/30 via 192.168.1.1 dev eth1
+```
+
+### Verification
+
+Traceroute from client1 to client2 to verify the dataplane via the vSRX.
+
+#### client1
+
+```
+# traceroute 192.168.2.2
+traceroute to 192.168.2.2 (192.168.2.2), 30 hops max, 46 byte packets
+1  192.168.1.1 (192.168.1.1)  0.397 ms  0.347 ms  0.290 ms
+2  192.168.2.2 (192.168.2.2)  0.263 ms  0.374 ms  0.762 ms
+```
+
+#### vSRX Web Gui
+
+To access the vSRX web interface point a browsers at the vSRX management IP address (fxp0) and use https. Login is `admin/admin@123`.
+
+[vsrx]: https://www.juniper.net/us/en/products/security/srx-series/vsrx-virtual-firewall-datasheet.html
+[client]: https://github.com/wbitt/Network-MultiTool
+[topofile]: https://github.com/srl-labs/containerlab/tree/main/lab-examples/vsrx1/vsrx01.yml
+
+[^1]: Resource requirements are provisional. Consult with the installation guides for additional information.
+[^2]: The lab has been validated using these versions of the required tools/components. Using versions other than stated might lead to a non-operational setup process.
diff --git a/docs/manual/kinds/vr-vsrx.md b/docs/manual/kinds/vr-vsrx.md
@@ -63,4 +63,6 @@ Configuration is applied after the node is started. Thus it can contain partial
 
 ## Lab examples
 
-Coming soon.
+The following simple lab consists of two Linux hosts connected via one vSRX:
+
+* [SR Linux and cRPD](../../lab-examples/vsrx01.md)
diff --git a/lab-examples/vsrx01/srx1.txt b/lab-examples/vsrx01/srx1.txt
@@ -0,0 +1,6 @@
+set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.1/30
+set interfaces ge-0/0/1 unit 0 family inet address 192.168.2.1/30
+set security zones security-zone trust interfaces ge-0/0/0 host-inbound-traffic system-services all
+set security zones security-zone trust interfaces ge-0/0/1 host-inbound-traffic system-services all
+set system services web-management https system-generated-certificate
+set security forwarding-options family mpls mode packet-based
diff --git a/lab-examples/vsrx01/vsrx01.yml b/lab-examples/vsrx01/vsrx01.yml
@@ -0,0 +1,22 @@
+name: vsrx1
+topology:
+  nodes:
+    srx1:
+      kind: vr-vsrx
+      image: vrnetlab/vr-vsrx:23.2R1.13
+      startup-config: srx1.txt 
+    client1:
+      kind: "linux"
+      image: wbitt/network-multitool:alpine-extra
+      exec:
+        - ip addr add 192.168.1.2/30 dev eth1
+        - ip route add 192.168.2.0/30 via 192.168.1.1
+    client2:
+      kind: "linux"
+      image: wbitt/network-multitool:alpine-extra
+      exec:
+        - ip addr add 192.168.2.2/30 dev eth1
+        - ip route add 192.168.1.0/30 via 192.168.2.1
+  links:
+    - endpoints: ["srx1:eth1", "client1:eth1"]
+    - endpoints: ["srx1:eth2", "client2:eth1"]
diff --git a/mkdocs.yml b/mkdocs.yml
@@ -102,10 +102,11 @@ nav:
       - BGP VPLS between Nokia and Juniper: lab-examples/bgp-vpls-nok-jun.md
       - Keysight IXIA-C and Nokia SR Linux: lab-examples/ixiacone-srl.md
       - Multi-node labs: lab-examples/multinode.md
+      - RARE/freeRtr: lab-examples/rare-freertr.md
+      - Juniper vSRX: lab-examples/vsrx01.md
       - Templated labs:
           - Leaf-spine topology: lab-examples/templated01.md
           - 5-stage Clos topology: lab-examples/templated02.md
-      - RARE/freeRtr: lab-examples/rare-freertr.md
   - Release notes:
       - "0.47": rn/0.47.md
       - "0.46": rn/0.46.md