Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

cSRX Environment Variables Overview

Docker allows you to store data for example configuration settings, as environment variables. At runtime, the environment variables are exposed to the application inside the container. You can set any number of parameters to take effect when the cSRX Container Firewall image launches. You can set an environment variable by specifying the docker run -e VARIABLE=VALUE ... key.

A series of cSRX environment variables enables you to modify the characteristics of the cSRX instance when it is launched. The specification of an environment variable is not mandatory; most environment variables have a default value as shown in Table 1. If desired, you can launch the cSRX using the default environment variable settings.

For example, to launch a cSRX instance in secure-wire forwarding mode using the CSRX-2CPU-4G size cSRX configuration:

root@csrx-ubuntu3:~/csrx# docker run -d --privileged --network=mgt_bridge -e CSRX_FORWARD_MODE="wire" --name=<csrx-container-name> <csrx-image-name>

Note:

You must include the --privileged flag in the docker run command to enable the cSRX container to run in privileged mode.

Table 1 summarizes the list of available cSRX environment variables along with a link to the topic that outlines its usage.

Table 1: Summary of cSRX Container Firewall Environment Variables

Variable

Description

Values

Default

Topic

CSRX_FORWARD_MODE

Traffic forwarding mode

"routing" | "wire"

"routing"

Configure Traffic Forwarding on cSRX

CSRX_PACKET_DRIVER

Packet I/O driver

"poll" | "dpdk" | "interrupt"

Note:

The "interrupt" and "poll" modes are only supported for large flavor of cSRX (CSRX-2CPU-4G), otherwise only "dpdk" mode is supported for any cSRX size larger than that.

"poll"

Specifying the Packet I/O Driver for a cSRX Container

CSRX_CTRL_CPU

CPU mask, indicating which CPU is running the cSRX control plane daemons (such as nsd, mgd, nstraced, utmd, and so on)

hex value

No CPU affinity

Configuring CPU Affinity for a cSRX Container

CSRX_DATA_CPU

CPU mask, indicating which CPU is running the cSRX data plane daemon (srxpfe)

hex value

No CPU affinity

Configuring CPU Affinity for a cSRX Container

CSRX_ARP_TIMEOUT

ARP entry timeout value for the control plane ARP learning or response

decimal value

Same as the Linux host

Configure Traffic Forwarding on cSRX

CSRX_NDP_TIMEOUT

NDP entry timeout value for the control plane NDP learning or response

decimal value

Same as the Linux host

Configure Traffic Forwarding on cSRX

CSRX_PORT_NUM

Number of interfaces you need to add to the container

Example: docker run -d --privileged --net=none -e CSRX_PORT_NUM=17 e CSRX_HUGEPAGES=no -e CSRX_PACKET_DRIVER=interrupt -e CSRX_FORWARD_MODE=routing --name=<cSRX-container-name> <cSRX-image-name>

Default is 3, maximum is 17 (1 management interface and 16 data interfaces)

3

 
CSRX_HUGEPAGES

You can set this env variable to "yes" or "no" to enable or disable using hugepages in cSRX. By default, cSRX will set CSRX_HUGEPAGES to "no"

Note:

This variable must be set to "yes" for any size larger than CSRX-2CPU-4G.

It is important to note that cSRX only supports 1G hugepages. For some flavors of cSRX, it is required to set CSRX_HUGEPAGES = "yes".