# VPP Containerlab Docker image This docker container creates a VPP instance based on the latest VPP release. It starts up as per normal, using /etc/vpp/startup.conf (which Containerlab might replace when it starts its containers). Once started, it'll execute /etc/vpp/bootstrap.vpp within the dataplane. There are three relevant files: 1. `manual-pre.vpp` -- can be supplied by the user, to run any configuration statements before containerlab takes control. 1. `clab.vpp` -- generated by `files/container-init.sh`. Its purpose is to bind the `veth` interfaces that containerlab has added to the container into the VPP dataplane (see below). 1. `manual-post.vpp` -- can be supplied by the user, to run any configuration statements after containerlab is finished with its per-lab statements. ## Building ```bash IMG=git.ipng.ch/ipng/vpp-containerlab TAG=latest docker build --no-cache -f Dockerfile.bookworm -t $IMG . docker image tag $IMG $IMG:$TAG docker push $IMG docker push $IMG:$TAG ``` ## Testing the container standalone ```bash docker network create --driver=bridge clab-network --subnet=192.0.2.0/24 \ --ipv6 --subnet=2001:db8::/64 docker rm clab-pim docker run --cap-add=NET_ADMIN --cap-add=SYS_NICE --cap-add=SYS_PTRACE \ --device=/dev/net/tun:/dev/net/tun \ --device=/dev/vhost-net:/dev/vhost-net \ --privileged --name clab-pim \ docker.io/pimvanpelt/vpp-containerlab:latest docker network connect clab-network clab-pim ``` ### A note on DPDK DPDK will be disabled by default as it requires hugepages and VFIO and/or UIO to use physical network cards. If DPDK at some future point is desired, mapping VFIO can be done by adding this: ``` --device=/dev/vfio/vfio:/dev/vfio/vfio ``` or in Containerlab, using the `devices` feature: ``` my-node: image: vpp-containerlab:latest kind: vpp devices: - /dev/vfio/vfio - /dev/net/tun - /dev/vhost-net ``` If using DPDK in a container, one of the userspace IO kernel drivers must be loaded in the host kernel. Options are `igb_uio`, `vfio_pci`, or `uio_pci_generic`: ```bash $ sudo modprobe igb_uio $ sudo modprobe vfio_pci $ sudo modprobe uio_pci_generic ``` Particularly the VFIO driver needs to be present before one can attempt to bindmount `/dev/vfio/vfio` into the container! ## Configuring VPP When Containerlab starts the docker containers, it'll offer one or more `veth` point to point network links, which will show up as `eth1` and further. `eth0` is the default NIC that belongs to the management plane in Containerlab (the one which you'll see with `containerlab inspect`). Before VPP can use these `veth` interfaces, it needs to bind them, like so: ``` docker exec -it clab-pim vppctl ``` and then within the VPP control shell: ``` create host-interface v2 name eth1 set interface name host-eth1 eth1 set interface mtu 1500 eth1 set interface ip address eth1 192.0.2.2/24 set interface ip address eth1 2001:db8::2/64 set interface state eth1 up ``` Containerlab will attach these `veth` pairs to the container, and replace our Docker CMD with one that waits for all of these interfaces to be added (typically called `if-wait.sh`). In our own CMD, we then generate a config file called `/etc/vpp/clab.vpp` which contains the necessary VPP commands to take control over these `veth` pairs. In addition, you can add more commands that'll execute on startup by copying in `/etc/vpp/manual-pre.vpp` (to be executed _before_ the containerlab stuff) or `/etc/vpp/manual-post.vpp` (to be executed _after_ the containerlab stuff).