Requirements for Deploying cSRX in Bare-Metal Linux Server
This section presents an overview of requirements for deploying a cSRX Container Firewall container on a bare-metal Linux server:
Host Requirements
Table 1 lists the Linux host requirement specifications for deploying a cSRX container on a bare-metal Linux server.
The cSRX can run either on a physical server or virtual machine. For scalability and availability reasons, we recommended using a physical server to deploy the cSRX container.
Component |
Specification |
Release Introduced |
|---|---|---|
Linux OS support |
CentOS 6.5 or later |
Junos OS Release 18.1R1 |
Red Hat Enterprise Linux (RHEL) 7.0 or later |
||
Ubuntu 14.04.2 or later |
||
Docker Engine |
Docker Engine 1.9 or later installed on a Linux host |
|
Contrail Cloud Platform |
Contrail 3.2 with OpenStack Liberty or OpenStack Mitaka |
|
vCPUs |
2 CPU cores |
|
Memory |
4 GB |
|
Disk space |
40 GB hard drive |
|
Host processor type |
x86_64 multicore CPU |
|
Network interface |
1 Ethernet port (minimum) |
cSRX Container Firewall Basic Configuration Settings
The cSRX container requires the following basic configuration settings:
Interfaces must be assigned IP addresses.
Policies must be configured between zones to permit or deny traffic.
Interface Naming and Mapping
A cSRX container supports 17 interfaces:
1 Out-of-band management Interface (eth0)
16 In-band interfaces (ge-0/0/0 to ge-0/0/15).
Table 2 lists the cSRX interface assignments with Docker.
InterfaceNumber |
cSRX Interfaces |
Docker Interfaces |
|---|---|---|
1 |
eth0 |
eth0 |
2 |
ge-0/0/0 |
eth1 |
3 |
ge-0/0/1 |
eth2 |
4 |
ge-0/0/2 |
eth3 |
6 |
ge-0/0/4 |
eth5 |
7 |
ge-0/0/5 |
eth6 |
8 |
ge-0/0/6 |
eth7 |
9 |
ge-0/0/7 |
eth8 |
10 |
ge-0/0/8 |
eth9 |
11 |
ge-0/0/9 |
eth10 |
12 |
ge-0/0/10 |
eth11 |
13 |
ge-0/0/11 |
eth12 |
14 |
ge-0/0/12 |
eth13 |
15 |
ge-0/0/13 |
eth14 |
16 |
ge-0/0/14 |
eth15 |
17 |
ge-0/0/15 |
eth16 |