Skip to content


Transparently redirecting packets/frames between interfaces

Lately I have been consumed by an idea of running container-based labs that span containerized NOSes, classical VM-based routers and regular containers with a single and uniform UX.

Luckily the foundation was already there. With plajjan/vrnetlab you get a toolchain that cleverly packages qemu-based VMs inside the container packaging, and with networkop/docker-topo you can run, deploy and wire containers in meshed topologies.

One particular thing though we needed to address, and it was the way we interconnect containers which host vrnetlab-created routers inside.

Vrnetlab uses its own "overlay datapath" to wire up containers by means of an additional "vr-xcon" container that stitches the exposed sockets. Although this approach allows to re-wire containers in different topologies after the start, this was not something that we could use if we wanted use non-vrnetlab containers in our topology. Ideally I wanted to emulate p2p links between the routers (running inside containers) by veth pairs stretched between them, pretty much like docker does when it launches containers. And that is also the way docker-topo works.

How to patch Ubuntu 20.04 Focal Fossa with UKSM?

Running multiple VMs out of the same disk image is something we, network engineers, do quite often. A virtualized network usually consists of a few identical virtualized network elements that we interconnected with links making a topology.


In the example above we have 7 virtualized routers in total, although we used only two VM images to create this topology (virtualized Nokia router and it's Juniper vMX counterpart). Each of this VMs require some memory to run, for the simplicity, lets say each VM requires 5GB of RAM.

So roughly, the above topology will claim 30-35GB of RAM in order to operate. Enriching the topology by adding more VMs of the same type will continue to push for more memory, thus running big topologies often becomes an exercise of hunting for RAM.

Luckily, there are technologies like Kernel Same Merging (KSM) and it's enhanced version Ultra-KSM (UKSM) that are able to lift the memory requirement for use cases like above. In a nutshell, they allow to merge mem pages of the same content, effectively reusing the same memory pages between virtual machines.

Remove binaries and big files from Git repo

You slice and dice your files in a Git repo like a pro and accidentally commit a binary file. It happened to you as well, don't pretend it didn't.
Sooner or later you recognizes this file shouldn't be there, it is clogging your Git repo for no reason. OK, you delete the file and commit. But the repo size doesn't get any smaller. Hm...


I am a firm believer that documentation is an integral part of the project. A terse, twisted, incomplete or sometimes even missing documentation penalizes your projects success. At the same time clean, concise and comprehensive documentation is not only something worth being proud of, but an opening to a users' appreciation and fame.

I am sharing the way I build, publish and host documentation sites for my projects via this live-example site -

gNMIc got better with YANG-completions

gnmic was the first opensource project that I've been part of that got widely adopted. As the maintainers of a public project, Karim and I were wondering when would we get the first external contribution.

To our surprise, the very first external contribution laid out the foundation to one of the most exciting features of gnmic - YANG-Completions.

I thought that the best way to describe what YANG-completions is showing you a quick demo augmented with some comments. This resulted in this twitter-series:

Arista EOS gNMI Tutorial

We were pleasantly surprised by the way community appreciated gNMIc release. Thank you ๐Ÿ™! That solidifies the fact that a well-formed, documented and easy to use gNMI tool was needed.

Now with gNMIc available to everybody its easy like never before to test gNMI implementation of different routing OSes. And in this post we will get our hands on Arista vEOS.

gNMIc - gNMI CLI client and collector

Despite the fact that gNMI is defacto the go-to interface for a model-driven telemetry collection, we, as a community, had no gNMI tool that was easy to install, pleasure to use, documented and pre-built for common platforms. Until now.

I am excited to announce the public release of gnmic - a CLI client and a collector that talks gNMI to your devices.


October 2022: gNMIc has joined Openconfig.

NETCONF subtree filtering by example

If you pick a random NetEng and ask them if they love NETCONF they would likely say "Nah". The hate-hate love-hate kind of relationship with NETCONF mostly roots in its XML layer that one can't swap out. But if we set the XML-related challenges aside, it will become clear that NETCONF is a very well designed management interface with lots of capabilities.

In this topic we will touch on the NETCONF's subtree filtering capabilities.

gNMI Map

Lately I've been involved in project that required quite a deep understanding of OpenConfig gRPC Network Management Interface (gNMI). Going over the gNMI specification multiple times made me realize that I can't fully build a mental map of all the messages and encapsulations without having a visual representation of it. So I've made one, lets see what it has to offer.

Using Wireshark remote capture with EVE-NG

The power of a packet capture is boundless... Sometimes its indeed a pcap that can save you nights of troubleshooting, so being able to get one quickly and easily is an ace up a neteng sleeve.
In this post I'll show you how I use Wireshark's remote capture ability to sniff on packets running in EVE-NG without being need to install any custom plugins or packages from EVE.