Always-ON SR Linux Instance#
It is extremely easy and hassle free to run SR Linux, thanks to the public container image and topology builder tool - containerlab.
But wouldn't it be nice to have an SR Linux instance running in the cloud open for everyone to tinker with? We think it would, so we created an Always-ON SR Linux instance that we invite you to try out.
What is Always-ON SR Linux for?#
The Always-ON SR Linux instance is an Internet reachable SR Linux container running in the cloud. Although running in the read-only mode, the Always-ON instance can unlock some interesting use cases, which won't require anything but Internet connection from a curious user.
-
getting to know SR Linux CLI
SR Linux offers a modern, extensible CLI with unique features aimed to make Ops teams life easier.
New users can make their first steps by looking at theshow
commands, exploring the datastores, runninginfo from
commands and getting the grips of configuration basics by entering into the configuration mode. -
YANG browsing
By being a YANG-first Network OS, SR Linux is fully modelled with YANG. This means that by traversing the CLI users are inherently investigating the underlying YANG models that serve the base for all the programmable interfaces SR Linux offers. -
gNMI exploration
The de-facto king of the Streaming Telemetry - gNMI - is one of the programmable interfaces of SR Linux.
gNMI is enabled on the Always-ON instance, so anyone can stream the data out of the SR Linux and see how it works for themselves.
Connection details#
Always-ON SR Linux instance comes up with the SSH and gNMI management interfaces exposed. The following table summarizes the connection details for each of those interfaces:
Method | Details |
---|---|
SSH | address: ssh [email protected] -p 44268 password: n0k1asrlinux for key-based authentication use this key to authenticate the guest user |
gNMI1 |
|
JSON-RPC2 | http://http.on.srlinux.dev |
gNMI#
SR Linux runs a TLS-enabled gNMI server with a certificate already present on the system. The users of the gNMI interface can either skip verification of the node certificate, or they can use this CA.pem file to authenticate the node's TLS certificate.
Guest user#
The guest
user has the following settings applied to it:
- Read-only mode
bash
andfile
commands are disabled
Although the read-only mode is enforced, the guest user can still enter in the configuration mode and perform configuration actions, it is just that guest
can't commit them.
Always-ON sandbox setup#
The Always-ON sandbox consists of SR Linux node connected with a LAG interface towards an Nokia SR OS node.
Protocols and Services#
We pre-created a few services on the SR Linux node so that you would see a "real deal" configuration- and state-wise.
The underlay configuration consists of the two L3 links between the nodes with eBGP peering built on link addresses. The system/loopback interfaces are advertised via eBGP to enable overlay services.
In the overlay the following services are configured:
- Layer 2 EVPN with VXLAN dataplane1 with
mac-vrf-100
network instance created on SR Linux - Layer 3 EVPN with VXLAN dataplane with
ip-vrf-200
network instance created on SR Linux
-
check this tutorial to understand how this service is configured ↩↩
-
HTTP service running over port 80 ↩