Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Debug cSRX Container Firewall in Contrail Network

Stop a cSRX Pod

By default, cSRX Container Firewall does not mount any external volumes from compute node. When a new cSRX instance is started, then that instance synchronizes the configuration from Security Director. Any syslog and security logs are posted to Security Director as well. So cSRX POD can be stopped and destroyed directly by Contrail Service Orchestration (CSO).

To stop the cSRX POD:

  • Run the Docker command to stop cSRX.

    # kubectl delete -f <csrx-yaml-file>

    After the cSRX POD is stopped and destroyed, compute and storage resources of this cSRX POD are released.

# kubectl delete -f <csrx-yaml-file>

Verify Network Name

To verify the network name:

Run the following command to check the network name:

# kubectl get network-attachment-definitions -n

Verify Logs

To view and verify logs:

  1. Run the following command to access the path for log details:

    # cat /var/log/contrail/

  2. Run the following command to view the logs:

    # kubectl describe pods -n