Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

cSRX Container Firewall Environment Variables Overview

Docker allows you to store data such as configuration settings as environment variables. At runtime, the environment variables are exposed to the application inside the container. You can set any number of parameters to take effect when the cSRX Container Firewall image launches. You set an environment variable by specifying the docker run -e VARIABLE=VALUE ... key.

A series of cSRX Container Firewall environment variables enables you to modify the characteristics of the cSRX Container Firewall instance when it is launched. The specification of an environment variable is not mandatory; most environment variables have a default value as shown in Table 1. If desired, you can launch the cSRX Container Firewall using the default environment variable settings.

For example, to launch a cSRX Container Firewall instance in secure-wire forwarding mode, and using the middle size cSRX Container Firewall configuration:

root@csrx-ubuntu3:~/csrx# docker run -d --privileged --network=mgt_bridge - CSRX_FORWARD_MODE="wire" --name=<csrx-container-name> <csrx-image-name>

Note:

You must include the --privileged flag in the docker run command to enable the cSRX Container Firewall container to run in privileged mode.

Table 1 summarizes the list of available cSRX Container Firewall environment variables along with a link to the topic that outlines its usage.

Table 1: Summary of cSRX Container Firewall Environment Variables

Variable

Description

Values

Default

Topic

CSRX_FORWARD_MODE

Traffic forwarding mode.

"routing" | "wire"

"routing"

Configuring Traffic Forwarding on a cSRX Container Firewall Container

CSRX_PACKET_DRIVER

Packet I/O driver.

"poll" | "interrupt"

"poll"

Specifying the Packet I/O Driver for a cSRX Container

CSRX_CTRL_CPU

CPU mask, indicating which CPU is running the cSRX Container Firewall control plane daemons (such as nsd, mgd, nstraced, utmd, and so on).

hex value

No CPU affinity

Configuring CPU Affinity for a cSRX Container

CSRX_DATA_CPU

CPU mask, indicating which CPU is running the cSRX Container Firewall data plane daemon (srxpfe).

hex value

No CPU affinity

Configuring CPU Affinity for a cSRX Container

CSRX_ARP_TIMEOUT

ARP entry timeout value for the control plane ARP learning or response.

decimal value

Same as the Linux host

Configuring Traffic Forwarding on a cSRX Container Firewall Container

CSRX_NDP_TIMEOUT

NDP entry timeout value for the control plane NDP learning or response.

decimal value

Same as the Linux host

Configuring Traffic Forwarding on a cSRX Container Firewall Container

CSRX_PORT_NUM

Number of interfaces you need to add to container.

Example: docker run -d --privileged --net=none -e CSRX_PORT_NUM=17 e CSRX_HUGEPAGES=no -e CSRX_PACKET_DRIVER=interrupt -e CSRX_FORWARD_MODE=routing --name=<cSRX Container Firewall-container-name> <cSRX Container Firewall-image-name>

Default is 3, maximum is 17 (which means 1 management interfaces and 16 data interfaces)

3