Configuring AppNeta CPE40 for Non-Default VRFs on Arista Switches
search cancel

Configuring AppNeta CPE40 for Non-Default VRFs on Arista Switches

book

Article ID: 435035

calendar_today

Updated On:

Products

AppNeta

Issue/Introduction

Users may find that the AppNeta CPE40 container on Arista switches only connects via the default VRF.

In environments where monitoring is required via a non-default VRF (e.g., a dedicated 'management' or 'data' VRF), the container fails to see the necessary interfaces, routes, or DNS settings associated with that specific VRF.

Environment

  • Product: AppNeta
  • Model: CPE40 (Container Monitoring Point)
  • Platform: Arista Switch (EOS)
  • Requirement: Connection via non-default VRF/Network Namespace

Cause

By default, the cpe40-Arista container is deployed within the default network namespace.

Standard Docker configurations do not automatically bridge into Arista-specific VRF namespaces without manual overrides in the container startup options.

Resolution

To deploy the CPE40 container within a non-default VRF, follow these configuration changes during the initial setup or by modifying the existing container configuration on the Arista switch.

Link to main deployment steps: https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/appneta/GA/appliance-overview/arista-cpe40-mp-intro/arista-cpe40-setup/arista-cpe40-mp-setup-cpe-arista.html

Prerequisites

  1. A non-default VRF must be configured on the Arista switch (e.g., management).
  2. The VRF must have at least one 'Up' interface with a valid IP address.
  3. Valid routing and DNS (nameservers) must be configured specifically for that VRF.

Configuration Steps

1. Modify Container Options (Step 1 of "Start the cpe40-Arista" section)

In the options directive of the Arista container configuration, add the following arguments to allow the container to interact with the host's network namespaces:

Review this command before running it.

--user root --privileged -v /var/run/netns:/var/run/netns:ro --entrypoint ip
  • --user root and --privileged: Grants permissions to interact with network namespaces.
  • -v /var/run/netns...: Mounts the host's namespaces as a read-only volume.
  • --entrypoint ip: Overrides the default entrypoint to allow manual namespace execution.

2. Set the Execution Command

Add or update the command directive to wrap the standard entrypoint script within the specific VRF namespace.

Note: Arista prefixes VRF namespaces with ns-. If your VRF is named management, the namespace is ns-management.

Review this command before running it.

command netns exec ns-<VRF_NAME> /sbin/entrypoint.sh

(Example for management VRF: command netns exec ns-management /sbin/entrypoint.sh)

3. Verification

Follow the rest of the installation steps as normal. The CMP should come up as normal and report only the interfaces that are present in the management VRF.

Additional Information

Sample Configuration:

container-manager
   container cpe40-arista-vrf
      image pathview-cpe:[VERSION]
      no shutdown
      memory 1200m
      options --restart=always --user root --privileged -v /var/run/netns:/var/run/netns:ro --entrypoint ip -e APPNETA_SERVER_ADDRESS=<CUSTOMER_URL> -e APPNETA_SERVER_KEY=<SERVER_KEY> -e APPNETA_TENANT_ID=<TENANT_ID> -e APPNETA_DEVICE_KEY=<DEVICE_KEY> --network host
      command netns exec ns-[VRF_NAME] /sbin/entrypoint.sh
Powered by Wolken Software