cSRX Environment Variables Overview
Docker allows you to store data for example configuration settings, as environment variables. At
runtime, the environment variables are exposed to the application inside the container.
You can set any number of parameters to take effect when the cSRX Container Firewall
image launches. You can set an environment variable by specifying the docker run
-e VARIABLE=VALUE ...
key.
A series of cSRX environment variables enables you to modify the characteristics of the cSRX instance when it is launched. The specification of an environment variable is not mandatory; most environment variables have a default value as shown in Table 1. If desired, you can launch the cSRX using the default environment variable settings.
For example, to launch a cSRX instance in secure-wire forwarding mode using the CSRX-2CPU-4G size cSRX configuration:
root@csrx-ubuntu3:~/csrx# docker run -d --privileged --network=mgt_bridge -e
CSRX_FORWARD_MODE="wire"
--name=<csrx-container-name>
<csrx-image-name>
You must include the --privileged
flag in the docker run
command to enable the cSRX container to run in privileged mode.
Table 1 summarizes the list of available cSRX environment variables along with a link to the topic that outlines its usage.
Variable |
Description |
Values |
Default |
Topic |
---|---|---|---|---|
|
Traffic forwarding mode |
|
|
|
|
Packet I/O driver |
Note:
The "interrupt" and "poll" modes are only supported for large flavor of cSRX (CSRX-2CPU-4G), otherwise only "dpdk" mode is supported for any cSRX size larger than that. |
|
|
|
CPU mask, indicating which CPU is running the cSRX control plane daemons (such as nsd, mgd, nstraced, utmd, and so on) |
|
No CPU affinity |
|
|
CPU mask, indicating which CPU is running the cSRX data plane daemon (srxpfe) |
|
No CPU affinity |
|
|
ARP entry timeout value for the control plane ARP learning or response |
|
Same as the Linux host |
|
|
NDP entry timeout value for the control plane NDP learning or response |
|
Same as the Linux host |
|
|
Number of interfaces you need to add to the container Example: docker run -d --privileged --net=none -e CSRX_PORT_NUM=17 e CSRX_HUGEPAGES=no -e CSRX_PACKET_DRIVER=interrupt -e CSRX_FORWARD_MODE=routing --name=<cSRX-container-name> <cSRX-image-name> |
Default is 3, maximum is 17 (1 management interface and 16 data interfaces) |
3 |
|
CSRX_HUGEPAGES |
You can set this env variable to "yes" or "no" to enable or disable using hugepages in cSRX. By default, cSRX will set CSRX_HUGEPAGES to "no" |
Note:
This variable must be set to "yes" for any size larger than CSRX-2CPU-4G. |
It is important to note that cSRX only supports 1G hugepages. For some flavors of cSRX, it is required to set CSRX_HUGEPAGES = "yes". |