You are now ready to launch the cSRX container
that is running in Docker on the Linux bare-metal server. When you
start the cSRX image, you have a running container of the image. You
can stop and restart the cSRX container (see Managing cSRX Containers), and the container
will retain all settings and file system changes unless those changes
are explicitly deleted. However, the cSRX will lose anything in memory
and all processes will be restarted.
You have a series of cSRX environment variables that enable
you to modify operating characteristics of the cSRX container when
it is launched. You can modify:
Initial root account password to log in to the cSRX container
using SSH
Traffic forwarding mode (static route or secure-wire)
cSRX container size (small, medium, or large)
Packet I/O driver (polled or interrupt)
CPU affinity for cSRX control and data daemons
Address Resolution Protocol (ARP) and Neighbor Discovery
Protocol (NDP) entry timeout values
Number of interfaces you need to add to container. Default
is 3 and maximum is 17 (which means 1 management interfaces and 16
data interfaces).
Note: Specification of an environment variable is not mandatory
when launching the cSRX container; most environment variables have
a default value as shown in cSRX Environment Variables Overview. You can launch the cSRX using the
default environment variable settings.
To launch the cSRX container:
- Use the
docker run
command to launch the cSRX
container. You include the mgt_bridge
management
bridge to connect the cSRX to a network. If you intend to log into
the cSRX container using SSH, you must specify an initial root password
when launching the cSRX.root@csrx-ubuntu3:~/csrx# docker run
-d --privileged --network=mgt_bridge -e CSRX_ROOT_PASSWORD=<password> --name=<csrx-container-name> hub.juniper.net/security/<csrx-image-name>
For example, to launch csrx2
using
cSRX software image csrx:18.21R1.9
and root password root123
enter:
root@csrx-ubuntu3:~/csrx# docker run -d --privileged
--network=mgt_bridge -e CSRX_ROOT_PASSWORD=root123 —name=csrx2 hub.juniper.net/security/csrx:18.2R1.9
Note: You must include the --privileged
flag in the docker run
command to enable the cSRX container to run in privileged
mode.
- Connect the left and right bridges to the Docker network.
root@csrx-ubuntu3:~/csrx# docker network
connect left_bridge csrx2
root@csrx-ubuntu3:~/csrx#
root@csrx-ubuntu3:~/csrx# docker network connect
right_bridge csrx2
root@csrx-ubuntu3:~/csrx#
- Confirm that the three-bridge network has been created
for the cSRX container.
root@csrx-ubuntu3:~/csrx# docker network
ls
NETWORK ID NAME DRIVER
SCOPE
80bea9207560 bridge bridge
local
619da6736359 host host
local
112ab00aab1a left_bridge bridge
local
1484998f41bb mgt_bridge bridge
local
daf7a5a477bd none null
local
e409a4f54237 right_bridge bridge
local
- Confirm that the cSRX container is listed as a running
Docker container.
root@csrx-ubuntu3:~/csrx# docker ps
CONTAINER ID IMAGE COMMAND
CREATED STATUS PORTS
NAMES
35e33e8aa4af csrx "/etc/rc.local
init" 7 minutes ago Up 7 minutes 22/tcp, 830/tcp
csrx2
- Confirm that the cSRX container is up and running. You
should see the expected Junos OS processes, such as nsd, srxpfe, and
mgd.
root@csrx-ubuntu3:~/csrx# docker top
csrx2
UID PID PPID C STIME TTY TIME CMD
root 318 305 0 09:13 pts/1 00:00:00 bash
root 27423 27407 0 Mar30 pts/0 00:00:00 /bin/bash -e /etc/rc.local init
root 27867 27423 0 Mar30 ? 00:08:16 /usr/sbin/rsyslogd -M/usr/lib/rsyslog
root 27880 27423 0 Mar30 ? 00:00:00 /usr/sbin/sshd
root 27882 27423 0 Mar30 ? 00:00:00 /usr/sbin/nstraced
root 27907 27423 0 Mar30 ? 00:00:08 /usr/sbin/mgd
root 27963 27423 0 Mar30 pts/0 00:34:50 /usr/bin/monit -I
root 27979 27423 0 Mar30 ? 00:01:10 /usr/sbin/nsd
root 27989 27423 0 Mar30 ? 00:00:02 /usr/sbin/appidd -N
root 28023 27423 0 Mar30 ? 00:00:21 /usr/sbin/idpd -N
root 28040 27423 0 Mar30 ? 00:09:21 /usr/sbin/wmic -N
root 28048 27423 0 Mar30 ? 00:52:50 /usr/sbin/useridd -N
root 28126 27423 2 Mar30 ? 1-05:21:47 /usr/sbin/srxpfe -a -d
root 28186 27423 0 Mar30 ? 00:01:37 /usr/sbin/utmd -N
root 28348 27423 0 Mar30 ? 00:02:44 /usr/sbin/kmd
- Confirm the IP address of the management interface of
the cSRX container.
root@csrx-ubuntu3:~/csrx# docker inspect
csrx2 | grep IPAddress
"SecondaryIPAddresses": null,
"IPAddress": "",
"IPAddress": "172.19.0.2",
"IPAddress": "172.18.0.2",
"IPAddress": "172.20.0.2",