In a previous blog post, I explained how you can use bridges in a netlab topology to create custom LAN segments. Netlab supports two other node roles (host and router), and we’ll eventually add gateways.

netlab assumes that most network devices are routers (it considers a firewall to be a router in disguise), apart from Linux hosts, but you can always change what a node is with the role node attribute:

• host nodes do not forward packets¹. They usually don’t have a loopback interface (but you can request one by setting the loopback node attribute to true) and use static routing toward an adjacent router node (or anycast/VRRP gateway) instead of routing protocols. Needless to say, they cannot serve as default gateways for other hosts.
• router nodes should do packet forwarding and advertise themselves as routers using IPv6 RA (if you decide to run IPv6 in your lab topology). They usually have a loopback interface, but you can tell netlab not to create it; simply set the loopback node attribute to false. They are also supposed to run routing protocols, although you can decide to use static routing.
• gateway nodes will be somewhere between the two. Once I find time to write that bit of code, you’ll be able to use gateway nodes for layer-3 firewalls.
• bridge nodes perform layer-2 forwarding in one or more VLANs. They typically don’t have IP addresses, except for the management IP address.

In theory, any device supported by netlab could be a router if you can create a loopback interface on it², a host if it supports static routing, or a bridge if it supports VLANs. In practice, we test the devices (see the second half of the initial configuration test coverage) and limit the roles a device can take.

Does this all make sense? Trying to make a Linux VM or container into a router definitely does not; instead, you should use bird or frr devices. What about using a Cisco IOS or Arista EOS device as a host? That would give you more realistic DHCP servers (for example) or single-uplink BGP route reflectors that do not use any other routing protocol but BGP. You can also use this functionality to use devices you’re familiar with (for example, Arista cEOS containers or Cisco IOL containers) as end hosts when you need functionality that is not easily accessible on Linux (for instance, traceroute with MPLS labels).

Any other ideas? Please leave a comment!