Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Running Third-Party Applications in Containers

To run your own applications on Junos OS Evolved, you have the option to deploy them as a Docker container. The container runs on Junos OS Evolved, and the applications run in the container, keeping them isolated from the host OS. Containers are installed in a separate partition mounted at /var/extensions. Containers persist across reboots and software upgrades.


Docker containers are not integrated into Junos OS Evolved, they are created and managed entirely through Linux by using Docker commands. For more information on Docker containers and commands, see the official Docker documentation:

Containers have default limits for the resources that they can use from the system:

  • Storage – The size of the /var/extensions partition is platform driven: 8GB or 30% of the total size of /var, whichever is smaller.

  • Memory – Containers have no default physical memory limit. This can be changed.

  • CPU – Containers have no default CPU limit. This can be changed.


You can modify the resource limits on containers if necessary. See Modifying Resource Limits for Containers.

Deploying a Docker Container

To deploy a docker container:

  1. Start the Docker service bound to a VRF (for example vrf0). All the containers managed by this Docker service will be bound to this Linux VRF.
  2. Set the Docker socket for the client by configuring the following environment variable:
  3. Import the image.

    The URL for the import command needs to be changed for different containers.

  4. Make sure the image is downloaded, and get the image ID.
  5. Create a container using the image ID and enter a bash session in that container.
  6. Create a container with Packet IO and Netlink capablity using the image ID and enter a bash session in that container.

    Docker containers are daemonized by default unless you use the -it argument.

Managing a Docker Container

Docker containers are managed through standard Docker Linux workflow. Use the docker ps, ps or top Linux commands to show which Docker containers are running, and use Docker commands to manage the containers. For more information on Docker commands, see:


Junos OS Evolved high availability features are not supported for custom applications in Docker containers, If an application has high availability functionality then you should run the application on each RE to ensure it can sync itself. Such an application will need to have the required business logic to manage itself and communicate with all instances.

Selecting a VRF for a Docker Container

Containers inherit virtual routing and forwarding (VRF) from the Docker daemon. In order to run containers in a distinct VRF, a Docker daemon instance needs to be started in the corresponding VRF. The docker@vrf.service instance allows for starting a daemon in the corresponding VRF. If the VRF is unspecified, the VRF defaults to vrf0.

The docker.service runs in vrf:none by default.

The docker daemon for a specific VRF listens on corresponding socket located at /run/docker-vrf.sock.

This is the VRF as seen on the Linux and not the Junos OS Evolved VRF. The utility evo_vrf_name (available starting in Junos OS Evolved release 24.1) can be used to find the Linux VRF that corresponds to a Junos OS Evolved VRF.

The Docker client gets associated with the VRF specific docker daemon by use the following arguments:

For example, to run a container in vrf0 enter the following Docker command and arguments:


A container can only be associated to a single VRF.

Modifying Resource Limits for Containers

The default resource limits for containers are controlled through a file located at /etc/extensions/platform_attributes. You will see the following text upon opening this file:

To change the resource limits for containers, add values to the EXTENSIONS entries at the bottom of the file:

  • EXTENSIONS_FS_DEVICE_SIZE_MIB= controls the maximum storage space that containers can use. Enter the value in bytes. The default value is 8GB or 30% of the total size of /var, whichever is smaller.

  • EXTENSIONS_CPU_QUOTA_PERCENTAGE= controls the maximum CPU usage that containers can use. Enter a value as a percentage of CPU usage.

  • EXTENSIONS_MEMORY_MAX_MIB= controls the maximum amount of physical memory that containers can use. Enter the value in bytes.


Before modifying the resource limits for containers, be aware of the CPU and memory requirements for the scale you have to support in your configuration. Exercise caution when increasing resource limits for containers to prevent them from causing a strain on your system.