Network Configuration

Container Application - Configure Docker run options, VLAN, Trunk, and IP

Learn how to configure the AppGigabitEthernet interface to receive all traffic or specific VLAN traffic by App, connect the container to Management port, assign IP address to the App, and Docker runtime options for container application on Catalyst 9000.

AppGigabitEthernet interface is used as data port for container. It can be configured as Trunk or VLAN specific interface.

Configure interface to receive all traffic by App

  • For trunk interface, all traffic received by port is available to App
interface AppGigabitEthernet 1/0/1
  swithport mode trunk

app-hosting appid MYAPP
   app-vnic AppGigabitEthernet trunk
      guest-interface <guest-interface-number>

Configure to receive specific VLAN traffic by App

  • For VLAN interface, Application is connected to specific VLAN
interface AppGigabitEthernet 1/0/1
   swithport mode allowed vlan 10

app-hosting appid MYAPP
   app-vnic AppGigabitEthernet trunk   
      vlan 10 guest-interface <guest-interface-number>

Management Interface

Use IOS XE Config to connect container to Management port.

interface GigabitEthernet0/0
    vrf forwarding Mgmt-vrf
    ip address 172.19.0.23 255.255.255.0

app-hosting appid MYAPP
  app-vnic management guest-interface 0

Assigning IP address to App Container

IP address for container interfaces can be either explicitly assigned by IOS XE CLI or using DHCP.

Configure Static IP address for App

app-hosting appid MYAPP
  app-vnic management guest-interface 0
     guest-ipaddress 10.0.0.3 netmask 255.255.255.0

app-hosting appid MYAPP
  app-vnic AppGigabitEthernet trunk
    vlan 10 guest-interface <guest-interface-number>
       guest-ipaddress 10.0.0.4 netmask 255.255.255.0

Configure Dynamic IP address for App

The external DHCP Server to be configured in Cat9k.

app-hosting appid MYAPP
  app-vnic management guest-interface 0

app-hosting appid MYAPP
  app-vnic AppGigabitEthernet trunk 
    vlan 10 guest-interface <guest-interface-number>

Docker Runtime options

If the Container Application is required to have run time options, which are passed as command line options, like controller IP, Data directory etc. then, those options can be configured using 'app-resource docker' command.

The system supports multiple lines of run-option string configuration. Here are the key considerations for the user:

  • The user can enter/copy-paste up to a maximum of 30 lines of docker run options.
  • The system will generate a concatenated string from the strings in lines 1 through 30 in that order.
  • Each string in each line of run-option can have a maximum of 235 characters.
  • Each string can have more than one "complete" docker run-option as long as they are all contained in the 235 characters.
  • Please note that no run-option string in any line can be split to the next line.
  • There is no need to terminate the string in each line with a space. The system will auto-generate a space for each line when it concatenates all the existing run-option strings into a single string.
  • If the user makes any changes to the run option, the user needs to stop, deactivate, activate and start the application again for the new run options to take effect.
docker run -v $(APP_DATA):/data --entrypoint startup.sh

Equivalent configuration in Cat9K could be:

One of the possibilities:

 app-hosting appid MYAPP
   app-resource docker
     run-opts 1 "-v $(APP_DATA):/data"
     run-opts 2 "--entrypoint startup.sh"

Note: we can use " run-opts 1 "-v /vol/usb1/iox_host_data_share:/(APP_DATA)" " for external persistent data storage.

Another of the possibilities:

app-hosting appid MYAPP
  app-resource docker
    run-opts 1 "-v $(APP_DATA):/data --entrypoint startup.sh"

To delete all the run-options in the configuration of an application, the user can execute the following configuration command:

Command:

app-hosting appid MYAPP
  no app-resource docker

Configuration before the command:

 app-hosting appid MYAPP
   app-resource docker
     run-opts 1 "-v $(APP_DATA):/data"
     run-opts 2 "--entrypoint startup.sh"

Configuration after the command:

 app-hosting appid MYAPP

To remove a run option line from the configuration, the user can execute something similar to this:

Command:

app-hosting appid MYAPP
  app-resource docker
     no run-opts 2

Configuration before the command:

 app-hosting appid MYAPP
   app-resource docker
     run-opts 1 "-v $(APP_DATA):/data"
     run-opts 2 "--entrypoint startup.sh"

Configuration after the command:

 app-hosting appid MYAPP
   app-resource docker
     run-opts 1 "-v $(APP_DATA):/data"

List of Unsupported Docker Runtime options

The following command line options in Docker are not supported in Application hosting framework due to either security reasons or beacuse option is no applicaable to Linux platform.

| Options | Comments | |------------------------- |---------------------------------------------------------------- | | --attach | Attach to STDIN, STDOUT or STDERR | | --blkio-weight-device | Block IO weight (relative device weight) | | --cgroup-parent | Optional parent cgroup for the container | | --cidfile | Write the container ID to the file | | --cpu-count | CPU count (Windows only) | | --cpu-percent | CPU percent (Windows only) | | --cpus | API 1.25+ | | --device-cgroup-rule | Add a rule to the cgroup allowed devices list | | --device-read-bps | Limit read rate (bytes per second) from a device | | --device-read-iops | Limit read rate (IO per second) from a device | | --device-write-bps | Limit write rate (bytes per second) to a device | | --device-write-iops | Limit write rate (IO per second) to a device | | --disable-content-trust | Skip image verification | | --env-file | Read in a file of environment variables | | --interactive , -i | Keep STDIN open even if not attached | | --io-maxbandwidth | Maximum IO bandwidth limit for the system drive (Windows only) | | --io-maxiops | Maximum IOps limit for the system drive (Windows only) | | --ip | IPv4 address (e.g., 172.30.100.104) | | --ip6 | IPv6 address (e.g., 2001:db8::33) | | --isolation | Container isolation technology | | --link | Add link to another container | | --name | Assign a name to the container | | --oomkilldisable | | | --pid | PID namespace to use | | --platform | experimental (daemon)API 1.32+ | | --privileged | Give extended privileges to this container | | --runtime | Runtime to use for this container | | --storage-opt | Storage driver options for the container | | --sysctl | Sysctl options | | --tty , -t | Allocate a pseudo-TTY | | --userns | User namespace to use | | --uts | UTS namespace to use | | --volume-driver | Optional volume driver for the container |

Appendix: Resource Configuration

The resources, CPU, memory and vCPU can be reserved with custom resource profile if default options are not sufficient. For Device resource limits refer to Resource Limits

app-hosting appid MYAPP
    app-resource profile custom
        cpu 7400
        memory 2048
        vcpu 2