Skip to content

Latest commit

 

History

History
134 lines (108 loc) · 6.22 KB

README.md

File metadata and controls

134 lines (108 loc) · 6.22 KB

vpp-container-fun

Build Status GitHub license

VPP for Docker containers

This repository can build you docker containers with VPP in one of two configurations:

  • A single container with two VPP instances running
  • One VPP instance per container

In either case, the configuration looks like the below:

Network Diagram

The following is the IP configuration of the VPP and host interfaces:

  • vpp1:
    • 10.10.2.1
  • vpp2:
    • 10.10.2.2
  • host interface in the container:
    • 10.10.1.1
  • host interface in vpp1:
    • 10.10.1.2

Building, running, testing

To build, run and test the allinone instance:

make docker-build-allinone
make run-allinone
make test-allinone

To build, run and test the setup where VPP instances run in their own containers:

make docker-build-multiple
make run-multiple
make test-multiple

Starting the containers manually is left as an exercise for the reader.

StrongSwan With VPP

There is another container which will setup and run a simple VPP and StrongSwan test.

To build, run, and test this, do the following:

make docker-build-strongswan
make run-strongswan
make test-strongswan

The above will build a configuration per the diagram below:

               +---------------+                +----------------+      +-------+
               |               | 10.10.1.0/24   |                |      |       | 10.10.10.10
192.168.125.100| StrongSwan    |                | VPP Responder  +------+IPSec  |
               | Initiator     +----------------+                |      +-------+
               |               |                |                |
               +---------------+ .2          .1 |                |      +-------+
                                                |                +------+       | 192.168.124.100
                                                +----------------+      |loop0  |
                                                                        +-------+

StrongSwan With Integrated VPP

A second set of containers will run StrongSwan with integrated VPP charon drivers to allow VPP to drive the ipsec dataplane.

To build, run, and test this, do the following:

make docker-build-vppvpn
make run-vppvpn
make test-vppvpn

This builds the following configuration:

+------------------------------------------------------------------------------------------------+
| Linux VM                                                                                       |
|                               +--------------------------------------------------------------+ |
|                               | StrongSwan Server and VPP Container                          | |
|                               |                                                              | |
|  +------------------------+   |  +----------------------------------------+                  | |
|  | StrongSwan Initiator   |   |  | VPP  +----------+     +----------+     |                  | |
|  | Container              |   |  |      | VPP      |     | IPSEC    |     |                  | |
|  |                        |   |  |      | Routing  |     | Dataplane|     |                  | |
|  |                        |   |  |      +----------+     +----------+     |                  | |
|  |                        |   |  |                                        |  +-------------+ | |
|  |                        |   |  | +---------------+    +---------------+ |  | StrongSwan  | | |
|  |                        |   |  | |192.168.124.100|    |10.10.1.2      | |  | Control     | | |
|  |                        |   |  | | gw-net tap    |    | gateway tap   | |  | Plane       | | |
|  |                        |   |  | +---------------+    +---------------+ |  +-------------+ | |
|  |                        |   |  +----------------------------------------+                  | |
|  |                        |   |          |                        |                          | |
|  |                        |   | +--------+------+         +-------+-------+                  | |
|  |                        |   | |192.168.124.200|         |10.10.1.1      |                  | |
|  |                        |   | |               |         |               |                  | |
|  |                        |   | | ns2 namespace |         | default ns    |                  | |
|  |                        |   | +---------------+         +---------------+                  | |
|  |      +--------+        |   |                          +--------+                          | |
|  |      |  eth0  |        |   |                          |  eth0  |                          | |
|  +------+---+----+--------+   +--------------------------+----+---+--------------------------+ |
|             |                                                 |                                |
|     10.200.200.100                                    10.200.200.50                            |
|             |                                                 |                                |
|             |                                                 |                                |
|             |           +--------------------------+          |                                |
|             |           |                          |          |                                |
|             +-----------+                          +----------+                                |
|                         |     docker0 bridge       |                                           |
|                         |                          |                                           |
|                         +--------------------------+                                           |
|                                                                                                |
+------------------------------------------------------------------------------------------------+