Add python and crypto

Set client<->vpp MTU to 1500

BUILDING.md

@@ -0,0 +1,224 @@
+# Building vpp-containerlab
+
+This docker container creates a VPP instance based on the latest VPP release. It starts up as per
+normal, using /etc/vpp/startup.conf (which Containerlab might replace when it starts its
+containers). Once started, it'll execute `/etc/vpp/bootstrap.vpp` within the dataplane. There are
+two relevant files:
+
+1.   `clab.vpp` -- generated by `files/init-container.sh`. Its purpose is to bind the `veth`
+     interfaces that containerlab has added to the container into the VPP dataplane (see below).
+1.   `vppcfg.vpp` -- generated by `files/init-container.sh`. Its purpose is to read the user
+     specified `vppcfg.yaml` file and convert it into VPP CLI commands. If no YAML file is
+     specified, or if it is not syntactically valid, an empty file is generated instead.
+
+For Containerlab users who wish to have more control over their VPP bootstrap, it's possible to
+bind-mount `/etc/vpp/bootstrap.vpp`.
+
+## Building
+
+To build, this container uses Docker's `buildx`, for which on Debian Bookworm it's required to use
+the upstream (docker.com) packages described [[here](https://docs.docker.com/engine/install/debian/)].
+To allow the buildx to build for multi-arch, it's also required to install the Qemu `binfmt`
+emulators, with:
+
+```bash
+docker run --privileged --rm tonistiigi/binfmt --install all
+```
+
+Then, ongoing builds can be cross-platform and take about 1500 seconds on an AMD64 i7-12700T
+The buildx invocation will build 'latest' and then tag it with the current VPP package release,
+which you can get from `vppcfg show version`, like so:
+
+```bash
+IMG=git.ipng.ch/ipng/vpp-containerlab
+ARCH=linux/$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/')
+TAG=latest
+docker buildx build --load --platform $ARCH \
+  --tag $IMG:$TAG -f docker/Dockerfile docker/
+
+TAG=v25.10-release
+docker buildx build --load --build-arg REPO=2510 --platform $ARCH \
+  --tag $IMG:$TAG -f docker/Dockerfile docker/
+```
+
+### Sideloading locally built VPP packages
+
+Instead of pulling VPP from packagecloud, you can sideload locally built `.deb` packages using
+Docker buildx's `--build-context` flag. This is useful for testing unreleased VPP builds or
+working around version-specific issues (for example, VPP 25.10 fails to start on kernels that
+do not expose NUMA topology via sysfs, such as OrbStack on Apple Silicon; VPP 26.06+ fixes this).
+
+Point `--build-context vppdebs=<path>` at a directory containing `libvppinfra_*.deb`,
+`vpp_*.deb`, and `vpp-plugin-core_*.deb`. If the context is not provided, the build falls back
+to packagecloud as normal. The `.deb` files are bind-mounted during the build and never stored
+in an image layer. **Note:** the directory must contain `.deb` files for exactly one VPP version;
+if multiple versions are present the glob patterns will match ambiguously and the build will fail.
+
+```bash
+# Build from locally compiled VPP packages (e.g. from ~/src/vpp after make pkg-deb):
+IMG=git.ipng.ch/ipng/vpp-containerlab
+ARCH=linux/$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/')
+VPPDEBS=~/src/vpp/build-root
+docker buildx build --load --platform $ARCH \
+  --build-context vppdebs=$VPPDEBS \
+  --tag $IMG:latest -f docker/Dockerfile docker/
+
+# Build from packagecloud as normal (no --build-context needed):
+docker buildx build --load --platform $ARCH \
+  --tag $IMG:latest -f docker/Dockerfile docker/
+```
+
+### Multiarch
+
+Building a combined `linux/amd64` + `linux/arm64` manifest requires two machines building natively
+— one per architecture. The setup below uses `summer` (amd64, Linux) and `jessica` (arm64, macOS
+running OrbStack). **VPP must be compiled on each machine before building the Docker image**, because
+the sideloader mounts locally built `.deb` files that are architecture-specific.
+
+#### Setup
+
+On `jessica`, the Docker daemon runs inside OrbStack's Linux VM. Expose its SSH port so `summer`
+can reach it. OrbStack listens on `127.0.0.1:32222`; add a jump-host entry to `~/.ssh/config` on
+`summer`:
+
+```
+Host jessica-orb
+    HostName 127.0.0.1
+    Port 32222
+    User pim
+    ProxyCommand ssh jessica -W 127.0.0.1:32222
+    IdentityFile ~/.ssh/jessica-orb-key
+    IdentitiesOnly yes
+    UserKnownHostsFile /dev/null
+    StrictHostKeyChecking no
+```
+
+Copy OrbStack's SSH key from `jessica` to `summer`:
+
+```bash
+scp jessica:~/.orbstack/ssh/id_ed25519 ~/.ssh/jessica-orb-key
+chmod 600 ~/.ssh/jessica-orb-key
+```
+
+Verify the full chain works:
+
+```bash
+ssh jessica-orb 'uname -m && docker info | head -3'
+# expected: aarch64
+```
+
+Create the multiarch builder (run once on `summer`):
+
+```bash
+docker buildx create --name multiarch --driver docker-container --platform linux/amd64 --node summer-amd64
+docker buildx create --append --name multiarch --driver docker-container --platform linux/arm64 --node jessica-arm64 ssh://jessica-orb
+docker buildx inspect multiarch --bootstrap
+```
+
+#### Build
+
+Build VPP on both machines first (`make pkg-deb` in your VPP source tree on both `summer` and the
+OrbStack VM on `jessica`). When sideloading `.deb` files, Docker sends the build context from the
+client to every builder node — meaning `summer`'s amd64 debs would be sent to `jessica-orb` for
+the arm64 build (wrong arch). The solution is to build each platform separately on its native
+machine and combine them into a manifest.
+
+```bash
+IMG=git.ipng.ch/ipng/vpp-containerlab
+VPPDEBS=~/src/vpp/build-root
+
+# Step 1: build amd64 on summer, push with platform tag
+docker buildx build --platform linux/amd64 \
+  --build-context vppdebs=$VPPDEBS \
+  --push --tag $IMG:latest-amd64 \
+  -f docker/Dockerfile docker/
+
+# Step 2: build arm64 natively on jessica-orb, push with platform tag
+#   (repo and VPP debs must be present on jessica-orb at the same paths)
+#   Note: $IMG and $VPPDEBS expand on summer before being sent over SSH -- set them first.
+ssh jessica-orb "cd ~/src/vpp-containerlab && \
+  docker buildx build --platform linux/arm64 \
+    --build-context vppdebs=$VPPDEBS \
+    --push --tag $IMG:latest-arm64 \
+    -f docker/Dockerfile docker/"
+
+# Step 3: combine into a single multi-arch manifest and push in one step
+# (docker buildx build --push produces manifest lists, so use imagetools, not docker manifest)
+docker buildx imagetools create \
+  --tag $IMG:latest \
+  $IMG:latest-amd64 \
+  $IMG:latest-arm64
+```
+
+## Testing standalone container
+
+```bash
+docker network create --driver=bridge clab-network --subnet=192.0.2.0/24 \
+                      --ipv6 --subnet=2001:db8::/64
+docker rm clab-pim
+docker run --cap-add=NET_ADMIN --cap-add=SYS_NICE --cap-add=SYS_PTRACE \
+           --device=/dev/net/tun:/dev/net/tun \
+           --device=/dev/vhost-net:/dev/vhost-net \
+           --privileged --name clab-pim \
+           git.ipng.ch/ipng/vpp-containerlab:latest
+docker network connect clab-network clab-pim
+```
+
+### A note on DPDK
+
+DPDK will be disabled by default as it requires hugepages and VFIO and/or UIO to use physical
+network cards. If DPDK at some future point is desired, mapping VFIO can be done by adding this:
+```
+           --device=/dev/vfio/vfio:/dev/vfio/vfio
+```
+
+or in Containerlab, using the `devices` feature:
+
+```yaml
+my-node:
+  image: git.ipng.ch/ipng/vpp-containerlab:latest
+  kind: fdio_vpp
+  devices:
+    - /dev/vfio/vfio
+    - /dev/net/tun
+    - /dev/vhost-net
+```
+
+If using DPDK in a container, one of the userspace IO kernel drivers must be loaded in the host
+kernel. Options are `igb_uio`, `vfio_pci`, or `uio_pci_generic`:
+
+```bash
+$ sudo modprobe igb_uio
+$ sudo modprobe vfio_pci
+$ sudo modprobe uio_pci_generic
+```
+
+Particularly the VFIO driver needs to be present before one can attempt to bindmount
+`/dev/vfio/vfio` into the container!
+
+## Configuring VPP
+
+When Containerlab starts the docker containers, it'll offer one or more `veth` point to point
+network links, which will show up as `eth1` and further. `eth0` is the default NIC that belongs to
+the management plane in Containerlab (the one which you'll see with `containerlab inspect`). Before
+VPP can use these `veth` interfaces, it needs to bind them, like so:
+
+```bash
+docker exec -it clab-pim vppctl
+```
+
+and then within the VPP control shell:
+
+```
+create host-interface v2 name eth1
+set interface name host-eth1 eth1
+set interface mtu 1500 eth1
+set interface ip address eth1 192.0.2.2/24
+set interface ip address eth1 2001:db8::2/64
+set interface state eth1 up
+```
+
+Containerlab will attach these `veth` pairs to the container, and replace our Docker CMD with one
+that waits for all of these interfaces to be added (typically called `if-wait.sh`). In our own CMD,
+we then generate a config file called `/etc/vpp/clab.vpp` which contains the necessary VPP commands
+to take control over these `veth` pairs.

README.md

@@ -1,103 +1,79 @@
 # VPP Containerlab Docker image
 
-This docker container creates a VPP instance based on the latest VPP release. It starts up as per
+## User Documentation
-normal, using /etc/vpp/startup.conf (which Containerlab might replace when it starts its
-containers). Once started, it'll execute `/etc/vpp/bootstrap.vpp` within the dataplane. There are
-two relevant files:
 
-1.   `clab.vpp` -- generated by `files/init-container.sh`. Its purpose is to bind the `veth`
+The file `vpp.clab.yml` contains an example topology existing of two VPP instances connected each to
-     interfaces that containerlab has added to the container into the VPP dataplane (see below).
+one Alpine linux container, in the following topology:
-1.   `vppcfg.vpp` -- generated by `files/init-container.sh`. Its purpose is to read the user
-     specified `vppcfg.yaml` file and convert it into VPP CLI commands. If no YAML file is
-     specified, or if it is not syntactically valid, an empty file is generated instead.
 
-For Containerlab users who wish to have more control over their VPP bootstrap, it's possible to
+![learn-vpp](learn-vpp.png)
-bind-mount `/etc/vpp/bootstrap.vpp`.
 
-## Building
+This container ships with both Bird2 and FRRouting as controlplane agents.
+
+You can deploy:
+*   Bird2: `containerlab deploy --topo vpp-bird.clab.yml`.
+*   FRR: `containerlab deploy --topo vpp-frr.clab.yml`.
+
+three relevant files for VPP are included in this repository:
+1.   `config/vpp*/vppcfg.yaml` configures the dataplane interfaces, including a loopback address.
+1.   `config/vpp*/bird-local.conf` configures the controlplane to enable BFD and OSPF.
+1.   `config/vpp*/frr.conf` configures the controlplane to enable BFD and OSPF.
+
+Once the lab comes up, you can SSH to the VPP containers (`vpp1` and `vpp2`) which will have your
+SSH keys installed (if available). Otherwise, you can log in as user `root` using password `vpp`.
+
+VPP runs its own network namespace called `dataplane`, which is very similar to SR Linux default
+`network-instance`. You can join it to take a look:
 
 ```bash
-IMG=git.ipng.ch/ipng/vpp-containerlab
+pim@summer:~/src/vpp-containerlab$ ssh root@vpp1
-TAG=latest
+root@vpp1:~# nsenter --net=/var/run/netns/dataplane
-docker build --no-cache -f docker/Dockerfile.bookworm -t $IMG docker/
+root@vpp1:~# ip -br a
-docker image tag $IMG $IMG:$TAG
+lo               DOWN           
-docker push $IMG
+loop0            UP             10.82.98.0/32 2001:db8:8298::/128 fe80::dcad:ff:fe00:0/64 
-docker push $IMG:$TAG
+eth1             UNKNOWN        10.82.98.65/28 2001:db8:8298:101::1/64 fe80::a8c1:abff:fe77:acb9/64 
+eth2             UNKNOWN        10.82.98.16/31 2001:db8:8298:1::1/64 fe80::a8c1:abff:fef0:7125/64 
+
+root@vpp1:~# ping 10.82.98.1 ## The vpp2 IPv4 loopback address
+PING 10.82.98.1 (10.82.98.1) 56(84) bytes of data.
+64 bytes from 10.82.98.1: icmp_seq=1 ttl=64 time=9.53 ms
+64 bytes from 10.82.98.1: icmp_seq=2 ttl=64 time=15.9 ms
+^C
+--- 10.82.98.1 ping statistics ---
+2 packets transmitted, 2 received, 0% packet loss, time 1002ms
+rtt min/avg/max/mdev = 9.530/12.735/15.941/3.205 ms
 ```
 
-## Testing the container standalone
+The two clients are running a minimalistic Alpine Linux container, which doesn't ship with SSH by
+default. You can enter the containers as following:
 
 ```bash
-docker network create --driver=bridge clab-network --subnet=192.0.2.0/24 \
+pim@summer:~/src/vpp-containerlab$ docker exec -it client1 sh
-                      --ipv6 --subnet=2001:db8::/64
+/ # ip addr show dev eth1
-docker rm clab-pim 
+531235: eth1@if531234: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 9500 qdisc noqueue state UP 
-docker run --cap-add=NET_ADMIN --cap-add=SYS_NICE --cap-add=SYS_PTRACE \
+    link/ether 00:c1:ab:00:00:01 brd ff:ff:ff:ff:ff:ff
-           --device=/dev/net/tun:/dev/net/tun \
+    inet 10.82.98.66/28 scope global eth1
-           --device=/dev/vhost-net:/dev/vhost-net \
+       valid_lft forever preferred_lft forever
-           --privileged --name clab-pim \
+    inet6 2001:db8:8298:101::2/64 scope global 
-           docker.io/pimvanpelt/vpp-containerlab:latest
+       valid_lft forever preferred_lft forever
-docker network connect clab-network clab-pim
+    inet6 fe80::2c1:abff:fe00:1/64 scope link 
+       valid_lft forever preferred_lft forever
+/ # traceroute 10.82.98.82
+traceroute to 10.82.98.82 (10.82.98.82), 30 hops max, 46 byte packets
+ 1  10.82.98.65 (10.82.98.65)  5.906 ms  7.086 ms  7.868 ms
+ 2  10.82.98.17 (10.82.98.17)  24.007 ms  23.349 ms  15.933 ms
+ 3  10.82.98.82 (10.82.98.82)  39.978 ms  31.127 ms  31.854 ms
+
+/ # traceroute 2001:db8:8298:102::2
+traceroute to 2001:db8:8298:102::2 (2001:db8:8298:102::2), 30 hops max, 72 byte packets
+ 1  2001:db8:8298:101::1 (2001:db8:8298:101::1)  0.701 ms  7.144 ms  7.900 ms
+ 2  2001:db8:8298:1::2 (2001:db8:8298:1::2)  23.909 ms  22.943 ms  23.893 ms
+ 3  2001:db8:8298:102::2 (2001:db8:8298:102::2)  31.964 ms  30.814 ms  32.000 ms
 ```
 
-### A note on DPDK
+From the vantage point of `client1`, the first hop represents the `vpp1` node, which forwards to
+`vpp2`, which finally forwards to `client2`.
 
-DPDK will be disabled by default as it requires hugepages and VFIO and/or UIO to use physical
+## Developer Documentation
-network cards. If DPDK at some future point is desired, mapping VFIO can be done by adding this:
-```
-           --device=/dev/vfio/vfio:/dev/vfio/vfio
-```
 
-or in Containerlab, using the `devices` feature:
+See [BUILDING.md](BUILDING.md) for instructions on building the image, sideloading locally built
-
+VPP packages, multiarch builds, testing, and configuring VPP.
-```
-my-node:
-  image: vpp-containerlab:latest
-  kind: vpp
-  devices:
-    - /dev/vfio/vfio
-    - /dev/net/tun
-    - /dev/vhost-net
-```
-
-If using DPDK in a container, one of the userspace IO kernel drivers must be loaded in the host
-kernel. Options are `igb_uio`, `vfio_pci`, or `uio_pci_generic`:
-
-```bash
-$ sudo modprobe igb_uio
-$ sudo modprobe vfio_pci
-$ sudo modprobe uio_pci_generic
-```
-
-Particularly the VFIO driver needs to be present before one can attempt to bindmount
-`/dev/vfio/vfio` into the container!
-
-## Configuring VPP
-
-When Containerlab starts the docker containers, it'll offer one or more `veth` point to point
-network links, which will show up as `eth1` and further. `eth0` is the default NIC that belongs to
-the management plane in Containerlab (the one which you'll see with `containerlab inspect`). Before
-VPP can use these `veth` interfaces, it needs to bind them, like so:
-
-```
-docker exec -it clab-pim vppctl
-```
-
-and then within the VPP control shell:
-
-```
-create host-interface v2 name eth1
-set interface name host-eth1 eth1
-set interface mtu 1500 eth1
-set interface ip address eth1 192.0.2.2/24
-set interface ip address eth1 2001:db8::2/64
-set interface state eth1 up
-```
-
-Containerlab will attach these `veth` pairs to the container, and replace our Docker CMD with one
-that waits for all of these interfaces to be added (typically called `if-wait.sh`). In our own CMD,
-we then generate a config file called `/etc/vpp/clab.vpp` which contains the necessary VPP commands
-to take control over these `veth` pairs.
-
-In addition, you can add more commands that'll execute on startup by copying in
-`/etc/vpp/manual-pre.vpp` (to be executed _before_ the containerlab stuff) or
-`/etc/vpp/manual-post.vpp` (to be executed _after_ the containerlab stuff).

config/lab-frr.env

@@ -0,0 +1,2 @@
+BIRD_ENABLED=false
+FRR_ENABLED=true

config/vpp1/frr.conf

@@ -0,0 +1,34 @@
+frr version 10.3
+frr defaults traditional
+hostname vpp1
+log syslog informational
+service integrated-vtysh-config
+!
+ip router-id 10.82.98.0
+!
+interface eth2
+ ip ospf bfd
+ ip ospf cost 10
+ ip ospf network point-to-point
+ ipv6 ospf6 area 0
+ ipv6 ospf6 bfd
+ ipv6 ospf6 cost 10
+ ipv6 ospf6 network point-to-point
+exit
+!
+interface loop0
+ ip ospf passive
+exit
+!
+router ospf
+ redistribute connected
+ network 10.82.98.0/24 area 0
+exit
+!
+router ospf6
+ redistribute connected
+exit
+!
+bfd
+exit
+!

config/vpp1/vppcfg.yaml

@@ -6,7 +6,7 @@ interfaces:
     addresses: [ 10.82.98.65/28, 2001:db8:8298:101::1/64 ]
   eth2:
     description: 'To vpp2'
-    mtu: 9000
+    mtu: 9216
     lcp: eth2
     addresses: [ 10.82.98.16/31, 2001:db8:8298:1::1/64 ]
 loopbacks:

config/vpp2/frr.conf

@@ -0,0 +1,31 @@
+frr version 10.3
+frr defaults traditional
+hostname vpp2
+log syslog informational
+service integrated-vtysh-config
+!
+ip router-id 10.82.98.1
+!
+interface eth2
+ ip ospf bfd
+ ip ospf cost 10
+ ip ospf network point-to-point
+ ipv6 ospf6 area 0
+ ipv6 ospf6 bfd
+ ipv6 ospf6 cost 10
+ ipv6 ospf6 network point-to-point
+exit
+!
+interface loop0
+ ip ospf passive
+exit
+!
+router ospf
+ redistribute connected
+ network 10.82.98.0/24 area 0
+exit
+!
+router ospf6
+ redistribute connected
+exit
+!

config/vpp2/vppcfg.yaml

@@ -6,7 +6,7 @@ interfaces:
     addresses: [ 10.82.98.81/28, 2001:db8:8298:102::1/64 ]
   eth2:
     description: 'To vpp1'
-    mtu: 9000
+    mtu: 9216
     lcp: eth2
     addresses: [ 10.82.98.17/31, 2001:db8:8298:1::2/64 ]
 loopbacks:

docker/Dockerfile

@@ -0,0 +1,52 @@
+# Default empty stage for local VPP debs. Override at build time with:
+#   --build-context vppdebs=/path/to/debs  (e.g. ~/src/vpp/build-root/)
+# If not overridden, falls back to installing VPP from packagecloud (ARG REPO).
+FROM scratch AS vppdebs
+
+FROM ubuntu:noble
+ARG DEBIAN_FRONTEND=noninteractive
+ARG VPP_INSTALL_SKIP_SYSCTL=true
+ARG REPO=release
+EXPOSE 22/tcp
+RUN apt-get update && apt-get -y install curl procps tcpdump iproute2 iptables \
+  iputils-ping net-tools git python3 python3-pip vim-tiny openssh-server \
+  mtr-tiny traceroute && apt-get clean
+
+# Install VPP - sideload from local debs if --build-context vppdebs=<path> is provided,
+# otherwise install from packagecloud. Debs are bind-mounted and never stored in a layer.
+RUN --mount=type=bind,from=vppdebs,target=/tmp/vpp-debs \
+    mkdir -p /var/log/vpp /root/.ssh/ && \
+    if ls /tmp/vpp-debs/vpp_*.deb 1>/dev/null 2>&1; then \
+      apt-get -y install /tmp/vpp-debs/libvppinfra_*.deb \
+                         /tmp/vpp-debs/python3-vpp-api_*.deb \
+                         /tmp/vpp-debs/vpp_*.deb \
+                         /tmp/vpp-debs/vpp-crypto-engines_*.deb \
+                         /tmp/vpp-debs/vpp-plugin-core_*.deb; \
+    else \
+      curl -s https://packagecloud.io/install/repositories/fdio/${REPO}/script.deb.sh | bash && \
+      apt-get -y install vpp vpp-plugin-core; \
+    fi && \
+    apt-get clean
+
+# Build vppcfg
+RUN pip install --break-system-packages build netaddr yamale argparse pyyaml ipaddress && \
+    git clone https://git.ipng.ch/ipng/vppcfg.git && cd vppcfg && python3 -m build && \
+    pip install --break-system-packages dist/vppcfg-*-py3-none-any.whl
+
+# Install FRR
+RUN curl -s -o /usr/share/keyrings/frrouting.gpg https://deb.frrouting.org/frr/keys.gpg && \
+    echo deb '[signed-by=/usr/share/keyrings/frrouting.gpg]' https://deb.frrouting.org/frr noble frr-stable \
+         > /etc/apt/sources.list.d/frr.list && \
+    apt -y update && apt -y install frr frr-pythontools && apt clean
+
+# Install Bird2
+RUN curl -s -o /usr/share/keyrings/cznic-labs-pkg.gpg https://pkg.labs.nic.cz/gpg && \
+    echo "deb [signed-by=/usr/share/keyrings/cznic-labs-pkg.gpg] https://pkg.labs.nic.cz/bird2 noble main" \
+         > /etc/apt/sources.list.d/cznic-labs-bird2.list  && \
+    apt -y update && apt -y install bird2 && apt clean
+
+# Config files
+COPY files/etc/ /etc/
+COPY files/init-container.sh /sbin/
+RUN chmod 755 /sbin/init-container.sh
+CMD ["/sbin/init-container.sh"]

docker/Dockerfile.bookworm

@@ -1,25 +0,0 @@
-FROM debian:bookworm
-ARG DEBIAN_FRONTEND=noninteractive
-ARG VPP_INSTALL_SKIP_SYSCTL=true
-ARG REPO=release
-EXPOSE 22/tcp
-RUN apt-get update && apt-get -y install curl procps tcpdump iproute2 iptables \
-  iputils-ping net-tools git python3 python3-pip vim-tiny openssh-server bird2 \
-  mtr-tiny traceroute && apt-get clean
-
-# Install VPP
-RUN mkdir -p /var/log/vpp /root/.ssh/
-RUN curl -s https://packagecloud.io/install/repositories/fdio/${REPO}/script.deb.sh |  bash
-RUN apt-get update && apt-get -y install vpp vpp-plugin-core && apt-get clean
-
-# Build vppcfg
-RUN pip install --break-system-packages build netaddr yamale argparse pyyaml ipaddress
-RUN git clone https://github.com/pimvanpelt/vppcfg.git && cd vppcfg && python3 -m build && \
-    pip install --break-system-packages dist/vppcfg-*-py3-none-any.whl
-
-# Config files
-COPY files/etc/vpp/* /etc/vpp/
-COPY files/etc/bird/* /etc/bird/
-COPY files/init-container.sh /sbin/
-RUN chmod 755 /sbin/init-container.sh
-CMD ["/sbin/init-container.sh"]

docker/files/etc/frr/daemons

@@ -0,0 +1,17 @@
+# These are the daemons that FRR will use for VPP Containerlab
+# NOTE: we need to run in the 'dataplane' network namespace, and use the `dplane_fpm_nl` plugin
+bgpd=yes
+ospfd=yes
+ospf6d=yes
+bfdd=yes
+ldpd=yes
+
+vtysh_enable=yes
+watchfrr_options="--netns=dataplane"
+zebra_options="  -A 127.0.0.1 -s 67108864 -M dplane_fpm_nl"
+bgpd_options="   -A 127.0.0.1"
+ospfd_options="  -A 127.0.0.1"
+ospf6d_options=" -A ::1"
+staticd_options="-A 127.0.0.1"
+bfdd_options="   -A 127.0.0.1"
+ldpd_options="   -A 127.0.0.1"

docker/files/etc/frr/frr.conf

@@ -0,0 +1,10 @@
+# This is the VPP Containerlab default FRR configuration.
+
+frr defaults traditional
+log syslog informational
+ip forwarding
+ipv6 forwarding
+service integrated-vtysh-config
+!
+ip router-id 192.0.2.1
+!

docker/files/etc/vpp/startup.conf

@@ -34,11 +34,16 @@ statseg {
 }
 
 plugins {
-  plugin default { enable }
+  plugin default { disable }
-  plugin dpdk_plugin.so { disable }
+  plugin acl_plugin.so { enable }
+  plugin geneve_plugin.so { enable }
+  plugin gre_plugin.so { enable }
+  plugin ipip_plugin.so { enable }
   plugin linux_cp_plugin.so { enable }
   plugin linux_nl_plugin.so { enable }
   plugin sflow_plugin.so { enable }
+  plugin tap_plugin.so { enable }
+  plugin vxlan_plugin.so { enable }
 }
 
 linux-cp {

docker/files/init-container.sh

@@ -5,6 +5,7 @@ CLAB_VPP_FILE=${CLAB_VPP_FILE:=/etc/vpp/clab.vpp}
 VPPCFG_VPP_FILE=${VPPCFG_VPP_FILE:=/etc/vpp/vppcfg.vpp}
 NETNS=${NETNS:="dataplane"}
 BIRD_ENABLED=${BIRD_ENABLED:="true"}
+FRR_ENABLED=${FRR_ENABLED:="false"}
 
 echo "Creating dataplane namespace"
 /usr/bin/mkdir -p /etc/netns/$NETNS
@@ -25,6 +26,13 @@ if [ "$BIRD_ENABLED" == "true" ]; then
   /usr/bin/nsenter --net=/var/run/netns/$NETNS /usr/sbin/bird -u bird -g bird
 fi
 
+if [ "$FRR_ENABLED" == "true" ]; then
+  echo "Starting FRRouting in $NETNS"
+  ROUTERID=$(ip -br a show eth0 | awk '{ print $3 }' | cut -f1 -d/)
+  sed -i -e "s,^ip router-id .*,ip router-id $ROUTERID," /etc/frr/frr.conf
+  /etc/init.d/frr start
+fi
+
 echo "Generating $CLAB_VPP_FILE"
 : > $CLAB_VPP_FILE
 MTU=9216

vpp-bird.clab.yml

@@ -0,0 +1,39 @@
+name: learn-vpp
+prefix: ""
+
+topology:
+  kinds:
+    fdio_vpp:
+      image: git.ipng.ch/ipng/vpp-containerlab:latest
+      startup-config: config/__clabNodeName__/vppcfg.yaml
+      binds:
+        - config/__clabNodeName__/bird-local.conf:/etc/bird/bird-local.conf:ro
+    linux:
+      image: alpine:latest
+
+  nodes:
+    vpp1:
+      kind: fdio_vpp
+    vpp2:
+      kind: fdio_vpp
+    client1:
+      kind: linux
+      exec:
+        - ip link set address 00:c1:ab:00:00:01 mtu 1500 dev eth1
+        - ip addr add 10.82.98.66/28 dev eth1
+        - ip route add 10.82.98.0/24 via 10.82.98.65
+        - ip addr add 2001:db8:8298:101::2/64 dev eth1
+        - ip route add 2001:db8:8298::/48 via 2001:db8:8298:101::1
+    client2:
+      kind: linux
+      exec:
+        - ip link set address 00:c1:ab:00:00:02 mtu 1500 dev eth1
+        - ip addr add 10.82.98.82/28 dev eth1
+        - ip route add 10.82.98.0/24 via 10.82.98.81
+        - ip addr add 2001:db8:8298:102::2/64 dev eth1
+        - ip route add 2001:db8:8298::/48 via 2001:db8:8298:102::1
+
+  links:
+    - endpoints: ["vpp1:eth2", "vpp2:eth2"]
+    - endpoints: ["client1:eth1", "vpp1:eth1"]
+    - endpoints: ["client2:eth1", "vpp2:eth1"]

vpp-frr.clab.yml

@@ -0,0 +1,41 @@
+name: learn-vpp
+prefix: ""
+
+topology:
+  kinds:
+    fdio_vpp:
+      image: git.ipng.ch/ipng/vpp-containerlab:latest
+      startup-config: config/__clabNodeName__/vppcfg.yaml
+      binds:
+        - config/__clabNodeName__/frr.conf:/etc/frr/frr.conf
+      env-files:
+        - config/lab-frr.env
+    linux:
+      image: alpine:latest
+
+  nodes:
+    vpp1:
+      kind: fdio_vpp
+    vpp2:
+      kind: fdio_vpp
+    client1:
+      kind: linux
+      exec:
+        - ip link set address 00:c1:ab:00:00:01 mtu 1500 dev eth1
+        - ip addr add 10.82.98.66/28 dev eth1
+        - ip route add 10.82.98.0/24 via 10.82.98.65
+        - ip addr add 2001:db8:8298:101::2/64 dev eth1
+        - ip route add 2001:db8:8298::/48 via 2001:db8:8298:101::1
+    client2:
+      kind: linux
+      exec:
+        - ip link set address 00:c1:ab:00:00:02 mtu 1500 dev eth1
+        - ip addr add 10.82.98.82/28 dev eth1
+        - ip route add 10.82.98.0/24 via 10.82.98.81
+        - ip addr add 2001:db8:8298:102::2/64 dev eth1
+        - ip route add 2001:db8:8298::/48 via 2001:db8:8298:102::1
+
+  links:
+    - endpoints: ["vpp1:eth2", "vpp2:eth2"]
+    - endpoints: ["client1:eth1", "vpp1:eth1"]
+    - endpoints: ["client2:eth1", "vpp2:eth1"]

vpp.clab.yml

@@ -1,42 +0,0 @@
-name: learn-vpp
-prefix: ""
-
-topology:
-  kinds:
-    fdio_vpp:
-      image: git.ipng.ch/ipng/vpp-containerlab:latest
-    linux:
-      image: alpine:latest
-
-  nodes:
-    vpp1:
-      kind: fdio_vpp
-      binds:
-        - config/vpp1/vppcfg.yaml:/etc/vpp/vppcfg.yaml:ro
-        - config/vpp1/bird-local.conf:/etc/bird/bird-local.conf:ro
-    vpp2:
-      kind: fdio_vpp
-      binds:
-        - config/vpp2/vppcfg.yaml:/etc/vpp/vppcfg.yaml:ro
-        - config/vpp2/bird-local.conf:/etc/bird/bird-local.conf:ro
-    client1:
-      kind: linux
-      exec:
-        - ip link set address 00:c1:ab:00:00:01 dev eth1
-        - ip addr add 10.82.98.66/28 dev eth1
-        - ip route add 10.82.98.0/24 via 10.82.98.65
-        - ip addr add 2001:db8:8298:101::2/64 dev eth1
-        - ip route add 2001:db8:8298::/48 via 2001:db8:8298:101::1
-    client2:
-      kind: linux
-      exec:
-        - ip link set address 00:c1:ab:00:00:02 dev eth1
-        - ip addr add 10.82.98.82/28 dev eth1
-        - ip route add 10.82.98.0/24 via 10.82.98.81
-        - ip addr add 2001:db8:8298:102::2/64 dev eth1
-        - ip route add 2001:db8:8298::/48 via 2001:db8:8298:102::1
-
-  links:
-    - endpoints: ["vpp1:eth2", "vpp2:eth2"]
-    - endpoints: ["client1:eth1", "vpp1:eth1"]
-    - endpoints: ["client2:eth1", "vpp2:eth1"]

vpp.clab.yml

@@ -0,0 +1 @@
+vpp-bird.clab.yml