Update README with current state

Dockerfile.bookworm

@@ -2,19 +2,22 @@ FROM debian:bookworm
 ARG DEBIAN_FRONTEND=noninteractive
 ARG VPP_INSTALL_SKIP_SYSCTL=true
 ARG REPO=release
-RUN apt-get update
+EXPOSE 22/tcp
-RUN apt-get -y install curl procps tcpdump iproute2 iptables binutils \
+RUN apt-get update && apt-get -y install curl procps tcpdump iproute2 iptables \
-  bridge-utils iputils-ping netcat-traditional net-tools nmap \
+  iputils-ping net-tools git python3 python3-pip vim-tiny openssh-server && apt-get clean
-  python3 python3-dev python3-pip
-RUN mkdir -p /var/log/vpp
-RUN curl -s https://packagecloud.io/install/repositories/fdio/${REPO}/script.deb.sh |  bash
-RUN apt-get update
-RUN apt-get -y install vpp vpp-plugin-core
-RUN apt-get -y clean
-COPY startup.conf /etc/vpp/startup.conf
-COPY bootstrap.vpp /etc/vpp/bootstrap.vpp
-COPY manual-pre.vpp /etc/vpp/manual-pre.vpp
-COPY clab.vpp /etc/vpp/clab.vpp
-COPY manual-post.vpp /etc/vpp/manual-post.vpp
-CMD ["/usr/bin/vpp","-c","/etc/vpp/startup.conf"]
 
+# Install VPP
+RUN mkdir -p /var/log/vpp /root/.ssh/
+RUN curl -s https://packagecloud.io/install/repositories/fdio/${REPO}/script.deb.sh |  bash
+RUN apt-get update && apt-get -y install vpp vpp-plugin-core && apt-get clean
+
+# Build vppcfg
+RUN pip install --break-system-packages build netaddr yamale argparse pyyaml ipaddress
+RUN git clone https://github.com/pimvanpelt/vppcfg.git && cd vppcfg && python3 -m build && \
+    pip install --break-system-packages dist/vppcfg-*-py3-none-any.whl
+
+# Config files
+COPY files/startup.conf files/*.vpp /etc/vpp/
+COPY files/init-container.sh /sbin/
+RUN chmod 755 /sbin/init-container.sh
+CMD ["/sbin/init-container.sh"]

README.md

@@ -1,14 +1,15 @@
 # VPP Containerlab Docker image
 
-This docker container creates a VPP instance based on the latest release.  It starts up as per
+This docker container creates a VPP instance based on the latest VPP release. It starts up as per
-normal, using /etc/vpp/startup.conf (which Containerlab will replace), and once started, it'll
+normal, using /etc/vpp/startup.conf (which Containerlab might replace when it starts its
-execute /etc/vpp/bootstrap.vpp within the dataplane. There are three relevant files:
+containers). Once started, it'll execute /etc/vpp/bootstrap.vpp within the dataplane. There are
+three relevant files:
 
 1.   `manual-pre.vpp` -- can be supplied by the user, to run any configuration statements before
      containerlab takes control.
 
-1.   `clab.vpp` -- generated by containerlab. Its purpose is to bind the `vethpair` interfaces
+1.   `clab.vpp` -- generated by `files/container-init.sh`. Its purpose is to bind the `veth`
-     into theo dataplane (see below).
+     interfaces that containerlab has added to the container into the VPP dataplane (see below).
 
 1.   `manual-post.vpp` -- can be supplied by the user, to run any configuration statements after
      containerlab is finished with its per-lab statements.
@@ -16,24 +17,62 @@ execute /etc/vpp/bootstrap.vpp within the dataplane. There are three relevant fi
 ## Building
 
 ```bash
-docker build -f Dockerfile.bookworm . -t pimvanpelt/vpp-containerlab
+docker build --no-cache -f Dockerfile.bookworm . -t pimvanpelt/vpp-containerlab
 ```
 
-## Starting the container
+## Testing the container standalone
 
-```
+```bash
-docker network create --driver=bridge network2 --subnet=172.19.1.0/24
+docker network create --driver=bridge clab-network --subnet=192.0.2.0/24 \
+                      --ipv6 --subnet=2001:db8::/64
 docker rm clab-pim 
 docker run --cap-add=NET_ADMIN --cap-add=SYS_NICE --cap-add=SYS_PTRACE \
-           --device=/dev/net/tun:/dev/net/tun --device=/dev/vfio/vfio:/dev/vfio/vfio \
+           --device=/dev/net/tun:/dev/net/tun \
            --device=/dev/vhost-net:/dev/vhost-net \
-           --privileged=True --name clab-pim \
+           --privileged --name clab-pim \
-           docker.io/pimvanpelt/vpp-containerlab
+           docker.io/pimvanpelt/vpp-containerlab:latest
-docker network connect network2 clab-pim
+docker network connect clab-network clab-pim
 ```
 
+### A note on DPDK
+
+DPDK will be disabled by default as it requires hugepages and VFIO and/or UIO to use physical
+network cards. If DPDK at some future point is desired, mapping VFIO can be done by adding this:
+```
+           --device=/dev/vfio/vfio:/dev/vfio/vfio
+```
+
+or in Containerlab, using the `devices` feature:
+
+```
+my-node:
+  image: vpp-containerlab:latest
+  kind: vpp
+  devices:
+    - /dev/vfio/vfio
+    - /dev/net/tun
+    - /dev/vhost-net
+```
+
+If using DPDK in a container, one of the userspace IO kernel drivers must be loaded in the host
+kernel. Options are `igb_uio`, `vfio_pci`, or `uio_pci_generic`:
+
+```bash
+$ sudo modprobe igb_uio
+$ sudo modprobe vfio_pci
+$ sudo modprobe uio_pci_generic
+```
+
+Particularly the VFIO driver needs to be present before one can attempt to bindmount
+`/dev/vfio/vfio` into the container!
+
 ## Configuring VPP
 
+When Containerlab starts the docker containers, it'll offer one or more `veth` point to point
+network links, which will show up as `eth1` and further. `eth0` is the default NIC that belongs to
+the management plane in Containerlab (the one which you'll see with `containerlab inspect`). Before
+VPP can use these `veth` interfaces, it needs to bind them, like so:
+
 ```
 docker exec -it clab-pim vppctl
 ```
@@ -41,10 +80,19 @@ docker exec -it clab-pim vppctl
 and then within the VPP control shell:
 
 ```
-vpp-clab# create host-interface v2 name eth1
+create host-interface v2 name eth1
-vpp-clab# set interface name host-eth1 eth1
+set interface name host-eth1 eth1
-vpp-clab# set interface mtu 1500 eth1
+set interface mtu 1500 eth1
-vpp-clab# set interface ip address eth1 172.19.1.2/24
+set interface ip address eth1 192.0.2.2/24
-vpp-clab# set interface ip address eth1 fec0::2/64
+set interface ip address eth1 2001:db8::2/64
-vpp-clab# set interface state eth1 up
+set interface state eth1 up
 ```
+
+Containerlab will attach these `veth` pairs to the container, and replace our Docker CMD with one
+that waits for all of these interfaces to be added (typically called `if-wait.sh`). In our own CMD,
+we then generate a config file called `/etc/vpp/clab.vpp` which contains the necessary VPP commands
+to take control over these `veth` pairs.
+
+In addition, you can add more commands that'll execute on startup by copying in
+`/etc/vpp/manual-pre.vpp` (to be executed _before_ the containerlab stuff) or
+`/etc/vpp/manual-post.vpp` (to be executed _after_ the containerlab stuff).

files/init-container.sh

@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+
+STARTUP_CONFIG=${STARTUP_CONFIG:="/etc/vpp/startup.conf"}
+CLAB_VPP_FILE=${CLAB_VPP_FILE:=/etc/vpp/clab.vpp}
+NETNS=${NETNS:="dataplane"}
+
+echo "Creating dataplane namespace"
+/usr/bin/mkdir -p /etc/netns/$NETNS
+/usr/bin/touch /etc/netns/$NETNS/resolv.conf
+/usr/sbin/ip netns add $NETNS
+
+echo "Starting SSH, with credentials root:vpp"
+sed -i -e 's,^#PermitRootLogin prohibit-password,PermitRootLogin yes,' /etc/ssh/sshd_config
+sed -i -e 's,^root:.*,root:$y$j9T$kG8pyZEVmwLXEtXekQCRK.$9iJxq/bEx5buni1hrC8VmvkDHRy7ZMsw9wYvwrzexID:20211::::::,' /etc/shadow
+/etc/init.d/ssh start
+
+echo "Generating $CLAB_VPP_FILE"
+: > $CLAB_VPP_FILE
+MTU=9216
+for IFNAME in $(ip -br link show type veth | cut -f1 -d@ | grep -v '^eth0$' | sort); do
+  MAC=$(ip -br link show dev $IFNAME | awk '{ print $3 }')
+  echo " * $IFNAME hw-addr $MAC mtu $MTU"
+  ip link set $IFNAME up mtu $MTU
+  cat << EOF >> $CLAB_VPP_FILE
+create host-interface name $IFNAME hw-addr $MAC
+set interface name host-$IFNAME $IFNAME
+set interface mtu $MTU $IFNAME
+set interface state $IFNAME up
+
+EOF
+done
+
+echo "Starting VPP"
+exec /usr/bin/vpp -c $STARTUP_CONFIG

files/startup.conf

@@ -37,3 +37,11 @@ plugins {
   plugin linux_nl_plugin.so { enable }
   plugin sflow_plugin.so { enable }
 }
+
+linux-cp {
+  default netns dataplane
+  lcp-sync
+  lcp-auto-subint
+  del-static-on-link-down
+  del-dynamic-on-link-down
+}