DockerVPC: Using containers in GNS3 as Linux Virtual hosts instead of VPCS

More updated content about GNS3 and natively integrated Docker.

Introduction

I would like to share with you DockerVPC, a bash script that helps running containers for use within GNS3 as rich virtual end-host instead of VPCS.

I am using it to avoid dealing directly with docker commands and container id’s each time I would like to rapidly deploy some disposable end-host containers inside GNS3.

For now it runs only on linux platforms.  and tested on Ubuntu, RedHat and OpenSUSE.

Using DockerVPC doesn’t require knowledge of Docker containers, still I encourage you to take a look at this short introduction.

By the way, VIRL in its recent updates introduced lxc containers to simulate Ubuntu server (multiprocess environment) as well as single process container for iperf.

It is possible to implement docker containers on Windows or Mac OS X 
using lightweight boot2docker virtual machine or the newer Docker tool Kitematic,, 
The issue is that, there is no such tool as pipework for windows or Mac to set additional interfaces.

I use this is a temporary solution knowing that, Docker is on the way to 
be integrated to GNS3, until then, you can already take maximum profit 
of containers inside GNS3. (See Issues and limitations below)

The linux image used by DockerVPC is pre-built with the following apps:

• SSH server.
• Apache + PHP
• Ostinato / D-ITG / Iperf.
• BIRD Internet routing daemon.
• Linphone / sipp / pjsua. (VoIP host-to-host through GNS3 works perfectly)
• IPv6 THC tools.
• VLC (VideoLAN).
• Qupzilla browser + java & html5 plugins / links.
• vSFTPd server + ftp client.
• And many other tools: inetutils-traceroute, iputils-tracepath, mtr..

Which makes it almost a full-fledged Linux host.

By default containers are connected to the host through docker0 bridge, this tool allows you to connect the running containers to GNS3 through additional bridge interfaces so you can bind them to cloud elements in your GNS3 topology. In other words, containers run independently of GNS3. More on that in Simple lab.

Additionally, this script allows you to separately manage additional container images like cacti server or a 16-port (host bridges) OpenVSwitch.

For now, all you have to do is install the required applications and clone the repository

Installing requirements

You will need: git, docker, pipework and lxterminal.

1.git 

sudo apt-get install git

2.Docker easy to install 

docker -v
Docker version 1.8.1, build d12ea79

3.pipework, a simple yet powerful bash script, for advanced docker networking 

sudo bash -c “curl https://raw.githubusercontent.com/jpetazzo/pipework/master/pipework > /usr/local/bin/pipework”
sudo chmod a+x /usr/local/bin/pipework

4.lxterminal 

lxterminal is not required anymore, the script will detect the used terminal and use it to open interactive terminal access to containers.

To use docker as non-root user

sudo usermod -aG docker {user}

Clone DockerVPC repository

git clone https://github.com/AJNOURI/DockerVPC

cd DockerVPC

Here are some examples (on my GNS3 community blog) of how to use DockerVPC container with GNS3.

Once the installation is done and the images pulled, creating virtual end-hosts is a matter of seconds.

DockerVPC labs

• Simple lab
  • Explains how a containers talk to GNS3. Build 2 end hosts communicating through GNS3 cisco router.
• SSH server
  • Just enable sshd on your container and you can connect SSH from one container to another.
• Apache/PHP + Qupzilla browser + java & html5 plugins / links.
  • Just enable Apache and connect from another container using a browser.
• Ostinato / D-ITG / Iperf.
  • Use advanced traffic generators
• Bird Internet Routing daemon
  • Generate thousands of routes into your GNS3 topology from any DockerVPC container.
• VoIP testing
  • deploy peer-to-peer VoIP calls using Linphone,  sipp or pjsua and test your network QoS implementations.
• IPv6 THC tools.
  • Check IPv6 vulnerability with IPv6 THC
• VLC (VideoLAN).
  • Deploy multicast/unicast server members and check your device multicast configuration with real traffic.
• vSFTPd server + ftp client.
  • deploy and manage a real FTP application in your GNS3 topologies.
• Manage containers with Ansible
  • You can use Ansible to run the same command on multiple containers.
• Caci server in a container
  • Manage your GNS3 devices with  Cacti with no resource costs
• OpenVirtualSwitch container
  • A 16-port OVSwitch with rich features for switching between GNS3 devices

Issues and limitations:

• Originally, docker containers are not meant to run GUI applications, this is a workaround brought by docker community (by mounting docker host X11 and sound devices), so we must expect some issues with that.
• By default, Docker networking uses a single interface bridged to docker0. So, using additional container interfaces will bring additional complexity to networking configuration.
• DockerVPC is relying on pipework, an external script for advanced networking. Though this is an advantage comparing to the limited (for now) integrated networking functionalities, it brings new challenges.
• Bridge interfaces created with pipework do not persist after stopping the container or docker host reboot, so make sure to reconfigure your container networking parameters after you restart a stopped container.

This brings us to the conclusion that using Docker containers this way, it is NOT MEANT FOR PRODUCTION !!!

The purpose of DockerVPC is to hopefully give GNS3 users more flexibility with end-host simulation.

Hope you will find it useful!

AJ

Further readings:

• Flockport – LXC vs Docker
• Making docker multiprocess container: phusion/baseimage-docker · GitHub
• Understand the architecture
• Dockerfile reference
• Advanced Docker Networking with Pipework – OpsBot
• https://blog.jessfraz.com/posts/docker-containers-on-the-desktop.html