Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Transparent management interfaces for Cisco nodes. #290

Merged
merged 15 commits into from
Dec 8, 2024
Merged

Transparent management interfaces for Cisco nodes. #290

merged 15 commits into from
Dec 8, 2024

Conversation

kaelemc
Copy link

@kaelemc kaelemc commented Dec 5, 2024
edited
Loading

As per #287 this PR adds the support for transparent management interfaces on the Cisco devices.

For IOS-XE a function has been added in vrnetlab.py which should take the self.mgmt_address_ipv4 and return the address and subnet mask in dotted-decimal notation.

Working nodes:

  • Cisco ASAv
  • Cisco Cat8kv
  • Cisco Cat9kv
  • Cisco CSR1kv
  • Cisco FTDv
  • Cisco Nexus 9k (n9kv)
  • Cisco NX-OS
  • Cisco IOSv
  • Cisco XRv
  • Cisco XRv9k

@kaelemc
Copy link
Author

kaelemc commented Dec 7, 2024

vIOS and n9kv are tested working with the transparent env var as true and false.

I've also made a change so that n9kv generates 2048-bit RSA keys, Newer OpenSSH versions won't connect to systems with 1024 bit keys or smaller (I ran into this issue on Rocky 9)

@hellt ASAv seems incomplete. It looks like there's some work to be done to get it working. I don't know if anyone can even use it in this incomplete state (hence I assume people aren't using it). I don't have any experience with ASAv but i'm sure I can figure it out.. will just need to find some time later.

@kaelemc
Copy link
Author

kaelemc commented Dec 7, 2024

As per the recent commit, I updated the vIOS default creds to admin:admin to line up with all the other Cisco devices (except XR which has 'strict' password strength requirements).

Previous creds were vrnetlab:VR-netlab9.. Let me know if you want me to rollback this one.

@kaelemc
Copy link
Author

kaelemc commented Dec 7, 2024

Ok, I have added NX-OS and made some modifications to add a management VRF as well as configuring the SSH keys to be 2048 bits.

I've only tested with titanium-final.7.3.0.D1.1, but it seems to work.

@hellt
Copy link
Owner

hellt commented Dec 7, 2024

thanks @kaelemc
this looks good to me, shall we merge and tackle ASA later? this is a massive set of systems already

hellt
hellt reviewed Dec 7, 2024
View reviewed changes
common/vrnetlab.py Outdated Show resolved Hide resolved
hellt
hellt reviewed Dec 7, 2024
View reviewed changes
xrv9k/docker/launch.py Outdated Show resolved Hide resolved
@kaelemc
Copy link
Author

kaelemc commented Dec 7, 2024

@hellt Yes ASAv is definitely something we should leave for later.. FTDv is a bit annoying since the boot time is so long even with the install process... and it looks like we'll have to partially rework it since if you take a look at launch.py, a day0 config is created (since before the mgmt ip was always the same)

So I'll have to figure out the syntax for ftdv CLI and then interactively update the mgmt IP.. it might be best to just leave transparent interfaces unsupported on this one (for the time being)

I'll make those changes

kaelemc
kaelemc commented Dec 7, 2024
View reviewed changes
n9kv/Makefile Outdated Show resolved Hide resolved
@kaelemc kaelemc marked this pull request as ready for review December 8, 2024 05:03
@kaelemc kaelemc requested a review from hellt December 8, 2024 05:03
@hellt
Copy link
Owner

hellt commented Dec 8, 2024

thanks mate, lets ship it
hopefully more people could test it out as well

@hellt hellt merged commit 7ff8969 into hellt:transparent-mgmt-intfs-dev Dec 8, 2024
1 check failed
@hellt hellt mentioned this pull request Dec 8, 2024
Open
16 tasks
hellt added a commit that referenced this pull request Dec 14, 2024
@hellt @vista-
@michelredondo @Arthur-K-99 @kaelemc
Transparent management interface (#287)
d139c83 
* Pass-through/transparent management interfaces (#268)

* vrnetlab: Add pass-through management interfaces

* vjunos: Add pass-through management interface support

* vrnetlab: Use JSON output of iproute2

* vrnetlab: Add exception for serial console ports 5000-5007 for transparent mode mgmt interface

* vrnetlab: Remove non-working port 5000 tc mirred exception, redirect to correct interface

* vrnetlab: Use tc clsact qdisc and flower matching as best practice

* vrnetlab: Re-add workaround for serial ports in transparent mgmt mode

* vrnetlab: Add IPv6 support to management address/gw functions

* vjunos: Add IPv6 management addresses, fix v4 address templating

* vrnetlab: Set dummy IPv6 address/gw for hostfwd management

* nokia_sros: Add pass-through management interface support (#272)

* vrnetlab: Add pass-through management interfaces

* vjunos: Add pass-through management interface support

* vrnetlab: Use JSON output of iproute2

* vrnetlab: Add exception for serial console ports 5000-5007 for transparent mode mgmt interface

* vrnetlab: Remove non-working port 5000 tc mirred exception, redirect to correct interface

* vrnetlab: Use tc clsact qdisc and flower matching as best practice

* vrnetlab: Re-add workaround for serial ports in transparent mgmt mode

* vrnetlab: Add IPv6 support to management address/gw functions

* vjunos: Add IPv6 management addresses, fix v4 address templating

* vrnetlab: Set dummy IPv6 address/gw for hostfwd management

* Fix CSR1000v and c8000v (#269)

* Remove whitespaces from IMG_NAME and IMG_VENDOR

* Fix Cisco CSR1000v

* Fix Cisco c8000v

* Use env var passed from containerlab for IOL launch PID (#270)

* nokia_sros: Add pass-through management interface support

* fix comment

* change mgmt address parsing

* added self.mgmt_nic_passthrough to VR and VM classes

* remove copy of a healthcheck

* formatting

* added mgmt passthrough to the VR class and aligned SR OS

* added v6 address to bof

---------

Co-authored-by: vista <[email protected]>
Co-authored-by: Athanasios Kompouras <[email protected]>
Co-authored-by: Kaelem <[email protected]>
Co-authored-by: Roman Dodin <[email protected]>

* default vjunos to to host-forwarded mgmt mode

* note on default systems

* vsrx: Add transparent management interface mode compatibility (#288)

* fix host vs passthrough notes

* Transparent management interfaces for Cisco nodes. (#290)

* Add function to convert CIDR to DDN notation

* Add IOS-XE device support for transparent mgmt intf

* Implement transparent mgmt intf on XRv

* Add transparent mgmt if functionality to xrv9k

* Add transparent mgmt intf to vIOS

* Add transparent mgmt intf to n9kv and use 2048 bit keys

* Remove incorrectly pasted command from n9kv

* Add explicit IPv6 enablement to vIOS

* Update vIOS default creds to `admin:admin`

* NXOS: Add transparent mgmt intf support + mgmt vrf + 2048-bit SSH keys

* change n9kv version parser and FROM image

* fix comment

* Update images to `debian:bookworm-slim`

* Update `cidr_to_ddn()` func to use stdlib for address splitting

* use `super().gen_mgmt()` to extend `gen_mgmt()` fn on XRv9k

---------

Co-authored-by: Roman Dodin <[email protected]>

* added dell sonic transparent mgmt (#292)

---------

Co-authored-by: vista- <[email protected]>
Co-authored-by: Michel Redondo <[email protected]>
Co-authored-by: Athanasios Kompouras <[email protected]>
Co-authored-by: Kaelem <[email protected]>
Co-authored-by: Kaelem Chandra <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hellt hellt Awaiting requested review from hellt

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kaelemc @hellt