cSRX Container Firewall Environment Variables Overview
Docker allows you to store data such as configuration settings as environment variables. At
runtime, the environment variables are exposed to
the application inside the container. You can set
any number of parameters to take effect when the
cSRX Container Firewall image launches. You set an
environment variable by specifying the
docker run -e VARIABLE=VALUE ...
key.
A series of cSRX Container Firewall environment variables enables you to modify the characteristics of the cSRX Container Firewall instance when it is launched. The specification of an environment variable is not mandatory; most environment variables have a default value as shown in Table 1. If desired, you can launch the cSRX Container Firewall using the default environment variable settings.
For example, to launch a cSRX Container Firewall instance in secure-wire forwarding mode, and using the middle size cSRX Container Firewall configuration:
root@csrx-ubuntu3:~/csrx# docker run -d --privileged --network=mgt_bridge -e
CSRX_FORWARD_MODE="wire"
--name=<csrx-container-name>
<csrx-image-name>
You must include the --privileged
flag in the docker run
command to enable the cSRX Container Firewall
container to run in privileged mode.
Table 1 summarizes the list of available cSRX Container Firewall environment variables along with a link to the topic that outlines its usage.
Variable |
Description |
Values |
Default |
Topic |
---|---|---|---|---|
|
Traffic forwarding mode. |
|
|
Configuring Traffic Forwarding on a cSRX Container Firewall Container |
|
Packet I/O driver. |
|
|
|
|
CPU mask, indicating which CPU is running the cSRX Container Firewall control plane daemons (such as nsd, mgd, nstraced, utmd, and so on). |
|
No CPU affinity |
|
|
CPU mask, indicating which CPU is running the cSRX Container Firewall data plane daemon (srxpfe). |
|
No CPU affinity |
|
|
ARP entry timeout value for the control plane ARP learning or response. |
|
Same as the Linux host |
Configuring Traffic Forwarding on a cSRX Container Firewall Container |
|
NDP entry timeout value for the control plane NDP learning or response. |
|
Same as the Linux host |
Configuring Traffic Forwarding on a cSRX Container Firewall Container |
|
Number of interfaces you need to add to container. Example: docker run -d --privileged --net=none -e CSRX_PORT_NUM=17 e CSRX_HUGEPAGES=no -e CSRX_PACKET_DRIVER=interrupt -e CSRX_FORWARD_MODE=routing --name=<cSRX Container Firewall-container-name> <cSRX Container Firewall-image-name> |
Default is 3, maximum is 17 (which means 1 management interfaces and 16 data interfaces) |
3 |