Hi Jeremy, Thanks for the video. If i want to host an APP(PerfSonar) on the docker on with one of my existing VLAN in the switch other then Management (other than 101 in your case) how can we do that?
This is great for the gui piece but it's very convenient to just use the capture monitor on the switch itself and just push the file to a computer for analysis
I'm getting a permissions issue when I try to initiate a capture on eth1. It's telling me to run the sudo dpkg-reconfigure wireshark-common command but sudo isn't install on this image and the alpine user doesn't have permissions to run the install. Any thoughts?
You need to become the root user first... there is a command similar "$ su -" that will bring you into root then you can run the wireshark and make the capture.
Hi, I'm trying to get this to work on my 9300, with no success so far unfortunately. I'm not getting any mirrored data in guest-interface 1. I see that usually we need to set an RSPAN and set that interface's vlan to the RSPAN vlan. But somehow the configuration presented here doesn't contain that. So I'm not sure how it's supposed to work? Thanks for the help
How do we choose the ip range of the AppHosting Guest Interface? Can it be the same on any existing SVI on Cat93K? Or we need total separate subnets like OOB MGMT subnet?
On Catalyst 9300 it's configurable to use Mgmt port or front panel port SVI, the IP address can be same subnet as mgmt or can use private IP with NAT so the container has reachability
Hey Steve yeah you will need the SSD for sure, 120GB or 240GB now, some app's like ThousandEyes runs on the flash but we did bunch of MTBF work to ensure switch flash lifetime is now impacted. For the docker apps it needs the external SSD :) You can always use Guest Shell CentOS linux container within IOS XE without the SSD but obviously this container is not the same as what is available within Docker
After deployment on C9K, the container starts but stops automatically after some time. Cannot connect using RDP or SSH. IOS 17.3.1, C9300. Any troubleshooting tips to find error?
@@jeremycohoe1 Wow, that was quick. I did not expect an answer at all. I can ping from the moment after "app-hosting activate appid c9kwireshark". This is before "app-hosting start appid c9kwireshark" (so the switch replies??). Container is up for a short time, and stops after a few seconds(stopped). RDP and SSH conns are refused.
After removing, installing no pings anymore. Works for a few secs, then stopped. XXX-ATR-DIST#show app-hosting list App id State --------------------------------------------------------- c9kwireshark STOPPED XXX-ATR-DIST#app-hosting start appid c9kwireshark c9kwireshark started successfully Current state is: RUNNING XXX-ATR-DIST#app-hosting connect appid c9kwireshark session /tmp/libs # /tmp/libs # /tmp/libs # /tmp/libs # XXX-ATR-DIST# XXX-ATR-DIST#show app-hosting list App id State --------------------------------------------------------- c9kwireshark STOPPED
Maybe TAC Case is best, but I dont think they will support a docker app. Or I will try with your 17.1.1. the docker Container changed too, 3 month ago.
I just post a Video on how to create your own Container: th-cam.com/video/BqcDX0fB8FU/w-d-xo.html Potentially you could build a DNS Cache Server to enhance your network speed.
Hey Dino yep I have seen some healthcare/education customers run a very similar setup with the caching DNS service on the switch to provide DMZ access for specific clients using ISC-DHCP and ISC-DNS
who is asking for this stuff? this use case is ridiculous when there are already far better ways to do this. why you want docker on your router sorry switch sorry planform ?
this is just for demonstration. The use cases can vary. One can run a docker instance on a switch to deploy sensors to collect data for cybersecurity purposes.
thank you for taking time to create training videos
Hi Jeremy, Thanks for the video. If i want to host an APP(PerfSonar) on the docker on with one of my existing VLAN in the switch other then Management (other than 101 in your case) how can we do that?
This is great for the gui piece but it's very convenient to just use the capture monitor on the switch itself and just push the file to a computer for analysis
100% using the built in feature via CLI or API can be a much simpler and more effective way to achieve PCAP.
Can you make a video showing how to do this from downloading the Docker? basically start to finish.
I'm getting a permissions issue when I try to initiate a capture on eth1. It's telling me to run the sudo dpkg-reconfigure wireshark-common command but sudo isn't install on this image and the alpine user doesn't have permissions to run the install. Any thoughts?
You need to become the root user first... there is a command similar "$ su -" that will bring you into root then you can run the wireshark and make the capture.
Hi, I'm trying to get this to work on my 9300, with no success so far unfortunately. I'm not getting any mirrored data in guest-interface 1. I see that usually we need to set an RSPAN and set that interface's vlan to the RSPAN vlan. But somehow the configuration presented here doesn't contain that. So I'm not sure how it's supposed to work? Thanks for the help
Great video.. I am going to replicate it now.. just received usb SSD.
How do we choose the ip range of the AppHosting Guest Interface? Can it be the same on any existing SVI on Cat93K? Or we need total separate subnets like OOB MGMT subnet?
On Catalyst 9300 it's configurable to use Mgmt port or front panel port SVI, the IP address can be same subnet as mgmt or can use private IP with NAT so the container has reachability
Thank you So much .. I have question , If i use Windows is it possible to download the package or I have to use Linux OS ?
Docker is supported on both, should not make a difference :)
Jeremy, great video! Thanks for the sharing.
Just wondering if it would work without the Cisco 120GB ssd but an ordinary flash disk?
Hey Steve yeah you will need the SSD for sure, 120GB or 240GB now, some app's like ThousandEyes runs on the flash but we did bunch of MTBF work to ensure switch flash lifetime is now impacted. For the docker apps it needs the external SSD :) You can always use Guest Shell CentOS linux container within IOS XE without the SSD but obviously this container is not the same as what is available within Docker
After deployment on C9K, the container starts but stops automatically after some time. Cannot connect using RDP or SSH. IOS 17.3.1, C9300. Any troubleshooting tips to find error?
Is the container up ? Just not RDP ? You can ping???
@@jeremycohoe1 Wow, that was quick. I did not expect an answer at all. I can ping from the moment after "app-hosting activate appid c9kwireshark". This is before "app-hosting start appid c9kwireshark" (so the switch replies??). Container is up for a short time, and stops after a few seconds(stopped). RDP and SSH conns are refused.
After removing, installing no pings anymore. Works for a few secs, then stopped.
XXX-ATR-DIST#show app-hosting list
App id State
---------------------------------------------------------
c9kwireshark STOPPED
XXX-ATR-DIST#app-hosting start appid c9kwireshark
c9kwireshark started successfully
Current state is: RUNNING
XXX-ATR-DIST#app-hosting connect appid c9kwireshark session
/tmp/libs #
/tmp/libs #
/tmp/libs #
/tmp/libs # XXX-ATR-DIST#
XXX-ATR-DIST#show app-hosting list
App id State
---------------------------------------------------------
c9kwireshark STOPPED
app-hosting appid c9kwireshark
app-vnic AppGigabitEthernet trunk
guest-interface 1
mirroring
vlan 222 guest-interface 0
guest-ipaddress 10.X.X.170 netmask 255.255.255.128
app-default-gateway 10.X.X.129 guest-interface 0
app-resource docker
app-resource profile custom
cpu 7400
memory 2048
persist-disk 1024
vcpu 2
end
Maybe TAC Case is best, but I dont think they will support a docker app. Or I will try with your 17.1.1. the docker Container changed too, 3 month ago.
I just post a Video on how to create your own Container: th-cam.com/video/BqcDX0fB8FU/w-d-xo.html
Potentially you could build a DNS Cache Server to enhance your network speed.
Hey Dino yep I have seen some healthcare/education customers run a very similar setup with the caching DNS service on the switch to provide DMZ access for specific clients using ISC-DHCP and ISC-DNS
who is asking for this stuff? this use case is ridiculous when there are already far better ways to do this. why you want docker on your router sorry switch sorry planform ?
this is just for demonstration. The use cases can vary. One can run a docker instance on a switch to deploy sensors to collect data for cybersecurity purposes.