LXC as Virtual Service Container on IOS XE

In the last tutorial, we have discussed Cisco open service container based on Kernel Virtual Machine (KVM). Virtual machines include the application, binaries and libraries along with entire guest OS. As a result, we can run any guest OS supported by KVM hypervisor. Containers, however share the same kernel with; each container still acts as its own separate environment with their own respective file systems. Containers are virtualization at operating-system-level whereas VMs are virtualization at the hardware level.

Cisco IOS XE supports another type of service container - Linux Virtual Container (LXC). The goal of the tutorial is to explain how to create LXC container from Docker image and install the container on Cisco Cloud Service Router (CSR) 1000v. Network topology is depicted on the Picture 1.

Picture 1 - Network Topology

Software:

• Host OS: Debian 10 Buster with GNS3 2.2.5 and WMware Workstation 15.1.0 build-13591040 installed
• Guest OS: Cisco Cloud Services Router (CSR) 1000v, IOS XE Software version is 16.07.01
• Docker container - Debian 10 Buster

1. Docker

List available Docker images. Currently they are not any Docker images stored n local PC (Picture 2).

$ docker images

Picture 2 - Checking Available Docker Images

Search the Docker Hub for Debian images (Picture 3).

$ docker search debian

Picture 3 -  Debian Images in Docker Hub (Output is Truncated)

Download docker image debian and list docker images again.

$ docker pull debian
$ docker images

Picture 4 - Docker Image Downloaded

Note: To get the directory where the images are stored, enter the docker info command:

$ sudo docker info 2>/dev/null | grep '/var/lib/docker'

2. Creating LXC Container

Ioxclient is a command line tool to assist in app development for Cisco IOx platforms. We are going to use it for packaging an existing docker image as an IOx application (LXC container). The following configuration is done on Host PC (Debian Buster). Firstly, create a directory service-containers in your home dir and enter the directory.

$ mkdir ~/service-containers
$ cd service-containers/

Download the latest ioxclient and extract it.

~/service-containers$ wget https://pubhub.devnetcloud.com/media/iox/docs/artifacts/ioxclient/ioxclient-v1.10.1.0/ioxclient_1.10.1.0_linux_amd64.tar.gz
~/service-containers$ tar xxvf ioxclient_1.10.1.0_linux_amd64.tar.gz
~/service-containers$ cd ioxclient_1.10.1.0_linux_amd64/

Run the iox client without arguments, it will configure it.

~/service-containers/ioxclient_1.10.1.0_linux_amd64$ ./ioxclient
Config file not found : /home/brezular/.ioxclientcfg.yaml
Creating one time configuration..
Your / your organization's name : HOME
Your / your organization's URL : www.home.com
Your IOx platform's IP address[127.0.0.1] :
Your IOx platform's port number[8443] :
Authorized user name[root] :
Password for root :
Local repository path on IOx platform[/software/downloads]:
URL Scheme (http/https) [https]:
API Prefix[/iox/api/v2/hosting/]:
Your IOx platform's SSH Port[2222]:
Your RSA key, for signing packages, in PEM format[]:
Your x.509 certificate in PEM format[]:
Activating Profile default
Saving current configuration

Create a new file package.yaml in a project directory.

$ vi package.yaml

descriptor-schema-version: "2.2"
info:
name: debian
version: latest
app:
cpuarch: x86_64
env:
PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
kernel-version: 4.4.76
resources:
cpu: "1000"
disk: "2"
memory: "1000"
network:
- interface-name: eth0
ports: {}
profile: custom
startup:
rootfs: rootfs.img
target: /bin/bash
type: lxc

Generate IOx package type lxc (log_ioxclient_package.txt):

~/service-containers/ioxclient_1.10.1.0_linux_amd64$ ./ioxclient docker package debian .

The file package.tar is created; we need to copy it to the router's bootflash. Create a directory debian in CSR100v bootflash:/.

CSR1# mkdir bootflash:/debian

Copy the file package.tar from Debian 10 (Host OS) to the router.

CSR1# copy scp://brezular@172.17.100.80:/service-containers/ioxclient_1.10.1.0_linux_amd64/package.tar bootflash:/debian

3. Router Configuration

Configure access to the network 172.17.0.0/16 and the Internet from the router.

CSR1(config)# ip route 0.0.0.0 0.0.0.0 172.17.100.1

Note: Host OS - Debian 10 must be configured with the route 10.0.0.0/24 to be able forward packets to LXC container.  The IP address 172.17.100.85 is the IP of the interface GigabitEthernet2 on CSR1.

# ip route add 10.0.0.0/24 via 172.17.100.85

Enable iox service.

CSR1(config)# iox

Configure the VirtualPort group to provide IP connectivity to a service container. The interface  virtualportGroup 0 is a routed L3 interfaces which connects the container to IOS-XE. Therefore, the IP address 10.0.0.254/24 configured for Vi0 represents a default gateway address for the service  container.

CSR1(config)# interface virtualPortGroup 0
CSR1(config-if)# ip address 10.0.0.254 255.255.255.0

Configure virtual network interface

CSR1(config)# app-hosting appid debian
CSR1(config)# vnic gateway1 virtualportgroup 0 guest-interface 0 guest-ipaddress 10.0.0.1 netmask 255.255.255.0 gateway 10.0.0.254 default

Install appid name Debian from package.tar.

CSR1# app-hosting install appid debian package bootflash:/debian/package.tar

List containers; appid debian is in deployed state (Picture 5).

CSR1# show app-hosting list

Picture 5 - App ID Debian in Deployed State

Activate appid debian to switch from the deployed to activated state.

CSR1# app-hosting activate appid debian

Picture 6 - App ID Debian in Activated State

Now we start appid Debian.

CSR1# app-hosting start appid debian

Picture 7 - App ID Debian in Running State

Connect to Debian LXC container with console:

CSR1# app-hosting connect appid debian console

Picture 8 - Debian 10 Shell

Press 3x Ctrl-C to exit from container. In case, you want to stop container, enter the command:

CSR1# app-hosting stop appid debian

To get info about parameters and resource reservation of LXC container Debian enter the command:

CSR1# show app-hosting detail appid debian

Picture 9 - Detailed Information about Appid Debian

End.