Device Inventory
The lab consists of 12 network elements deployed via Containerlab, including BNG routers, transport switches, subscriber devices, and telemetry infrastructure.BNG Routers (ISP Edge)
BNG1 - ISP 1 Service Router
BNG1 - ISP 1 Service Router
Platform Details
- Type: Nokia SR-7 chassis
- Software: Nokia SR OS (SR-SIM) 25.10.R2
- Management IPv4: 10.77.1.2
- System Loopback: 1.1.1.1/32
- Autonomous System: 65510
- Chassis: SR-7 platform
- Control Modules: Slot A, Slot B (redundant CPM)
- Line Cards:
- Slot 1: IOM5-e
- MDA 1: ME6-100gb-qsfp28 (100GE ports)
- SFM: m-sfm6-7/12
- Slot 2: IOM4-e-b
- MDA 1: ISA2-bb (Integrated Services Adapter for NAT)
- SFM: m-sfm6-7/12
- Slot 1: IOM5-e
- 1/1/c1/1: To TX switch (hybrid mode, QinQ)
- 1/1/c2/1: To iPerf server (hybrid mode)
- 56661 → 22 (SSH)
- 56662 → 57400 (gRPC)
- 56663 → 830 (NETCONF)
configs/sros/config-bng.txtBNG2 - ISP 2 Service Router
BNG2 - ISP 2 Service Router
Platform Details
- Type: Nokia SR-7 chassis
- Software: Nokia SR OS (SR-SIM) 25.10.R2
- Management IPv4: 10.77.1.3
- System Loopback: 1.1.1.1/32
- Autonomous System: 65510
- Identical to BNG1
- Slot 1: IOM5-e with ME6-100gb-qsfp28
- Slot 2: IOM4-e-b with ISA2-bb
- 1/1/c1/1: To TX switch (hybrid mode, QinQ)
- 1/1/c2/1: To iPerf server (hybrid mode)
- 56664 → 22 (SSH)
- 56665 → 57400 (gRPC)
- 56666 → 830 (NETCONF)
configs/sros/config-bng-2.txtTransport Network
TX - Transport Aggregation Switch
TX - Transport Aggregation Switch
Platform Details
- Type: Nokia SR Linux (IXR)
- Software: SR Linux 25.10
- Management IPv4: 10.77.1.16
- Role: Core L2 transport switch
- ethernet-1/1: BNG1 connection
- ethernet-1/2: BNG2 connection
- ethernet-1/3: Switch connection
- 56676 → 22 (SSH)
configs/switch/srl.txtSwitch - Access Aggregation (7250)
Switch - Access Aggregation (7250)
Platform Details
- Type: Nokia IXR-ec (7250 series)
- Software: Nokia SR OS (SR-SIM) 25.10.R2
- Management IPv4: 10.77.1.4
- System Name: SWITCH-7250
- Slot A: cpm-ixr-ec
- MDA: m4-1g-tx+20-1g-sfp+6-10g-sfp+
- 1/1/1: To TX switch (hybrid, QinQ)
- 1/1/3: To OLT (hybrid, QinQ)
- 56667 → 22 (SSH)
- 56668 → 57400 (gRPC)
- 56669 → 830 (NETCONF)
configs/switch/switch.txtOLT - Optical Line Terminal
OLT - Optical Line Terminal
Platform Details
- Type: Nokia IXR-ec
- Software: Nokia SR OS (SR-SIM) 25.10.R2
- Management IPv4: 10.77.1.5
- System Name: OLT-NOKIA
- Slot A: cpm-ixr-ec
- MDA: m4-1g-tx+20-1g-sfp+6-10g-sfp+
- 1/1/1: To Switch (hybrid, QinQ)
- 1/1/2: To ONT1 (access mode, dot1q)
- 1/1/3: To ONT2 (access mode, dot1q)
- 56678 → 22 (SSH)
- 56671 → 57400 (gRPC)
- 56672 → 830 (NETCONF)
configs/olt/olt.txtSubscriber Devices
ONT1 - IPoE Customer Premises Equipment
ONT1 - IPoE Customer Premises Equipment
Platform Details
- Type: Linux container
- Image: ghcr.io/abelperezr/ont-ds:0.2
- Management IPv4: 10.77.1.6
- Group: leaf
- Connection Type: IPoE (DHCP-based)
- VLAN ID: 150
- Physical Interface: eth1
- LAN Interface: eth2
- MAC Address: 00:D0:F6:01:01:01
- User Password: test
- 56673 → 22 (SSH)
- 8081 → 8080 (Web UI)
ONT2 - PPPoE Customer Premises Equipment
ONT2 - PPPoE Customer Premises Equipment
Platform Details
- Type: Linux container
- Image: ghcr.io/abelperezr/ont-ds:0.2
- Management IPv4: 10.77.1.7
- Group: leaf
- Connection Type: PPPoE
- PPP Username: test@test.com
- PPP Password: testlab123
- VLAN ID: 150
- Physical Interface: eth1
- LAN Interface: eth2
- MAC Address: 00:D0:F6:01:01:02
- User Password: test
- 56674 → 22 (SSH)
- 8082 → 8080 (Web UI)
PC1 - End User Device
PC1 - End User Device
Platform Details
- Type: Linux container
- Image: ghcr.io/srl-labs/network-multitool
- Management IPv4: 10.77.1.17
- Group: leaf
- Connected to ONT1 eth2 (LAN side)
- IPv6 SLAAC enabled
- Dual-stack capable
- 56677 → 22 (SSH)
Support Infrastructure
RADIUS - Authentication Server
RADIUS - Authentication Server
Platform Details
- Type: Linux container (FreeRADIUS)
- Image: ghcr.io/srl-labs/network-multitool
- Management IPv4: 10.77.1.10
- Group: server
/etc/raddb/clients.conf- BNG client definitions/etc/raddb/radiusd.conf- Server configuration/etc/raddb/mods-config/files/authorize- User database
- BNG1: 10.77.1.2
- BNG2: 10.77.1.3
- Shared Secret: testlab123
- ONT1 (IPoE): 00:d0:f6:01:01:01
- ONT2 (PPPoE): test@test.com
gNMIc - Telemetry Collector
gNMIc - Telemetry Collector
Platform Details
- Type: Linux container
- Image: ghcr.io/openconfig/gnmic:latest
- Management IPv4: 10.77.1.12
- Group: server
- File:
configs/gnmic/config.yml - gNMI Username: admin
- gNMI Password: lab123
- Targets: BNG1, BNG2, Switch, OLT
- Output: Prometheus exporter
Prometheus - Metrics Database
Prometheus - Metrics Database
Platform Details
- Type: Linux container
- Image: prom/prometheus
- Management IPv4: 10.77.1.13
- Group: server
- File:
configs/prometheus/prometheus.yml - Scrape Interval: Defined per target
- Port: 9090 (mapped to host)
- gNMIc exporter endpoint
Grafana - Visualization Platform
Grafana - Visualization Platform
Platform Details
- Type: Linux container
- Image: grafana/grafana:10.3.5
- Management IPv4: 10.77.1.14
- Group: server
- Port: 3030 (mapped from 3000)
- Admin Password: admin
- Anonymous Access: Enabled
- Datasource: Prometheus (10.77.1.13:9090)
- Dashboards: Pre-configured BNG metrics
configs/grafana/datasource.ymlconfigs/grafana/dashboards.yml- Dashboard JSON files in
configs/grafana/dashboards/
iPerf - Traffic Generator
iPerf - Traffic Generator
Platform Details
- Type: Linux container
- Image: ghcr.io/srl-labs/network-multitool
- Management IPv4: 10.77.1.15
- eth1: 172.19.1.1/30 (connected to BNG1)
- Gateway: 172.19.1.2
- eth2: 172.20.1.1/30 (connected to BNG2)
- Default route via BNG1
- 56675 → 22 (SSH)
Physical Connections
All links are point-to-point Ethernet connections established by Containerlab.Link Topology
| Link ID | Endpoint A | Endpoint B | Description |
|---|---|---|---|
| 1 | bng1:1/1/c1/1 | tx:ethernet-1/1 | BNG1 to TX transport |
| 2 | bng2:1/1/c1/1 | tx:ethernet-1/2 | BNG2 to TX transport |
| 3 | tx:ethernet-1/3 | switch:1/1/1 | TX to Switch aggregation |
| 4 | switch:1/1/3 | olt:1/1/1 | Switch to OLT |
| 5 | olt:1/1/2 | ont1:eth1 | OLT to ONT1 subscriber |
| 6 | olt:1/1/3 | ont2:eth1 | OLT to ONT2 subscriber |
| 7 | bng1:1/1/c2/1 | iperf:eth1 | BNG1 to iPerf (test) |
| 8 | bng2:1/1/c2/1 | iperf:eth2 | BNG2 to iPerf (test) |
| 9 | ont1:eth2 | pc1:eth1 | ONT1 LAN to PC1 |
Connection Diagram
IP Addressing Scheme
Management Network (10.77.1.0/24)
All devices share the same management subnet for OOB access.
| Device | Management IP | Access Method |
|---|---|---|
| BNG1 | 10.77.1.2 | SSH: localhost:56661 |
| BNG2 | 10.77.1.3 | SSH: localhost:56664 |
| Switch | 10.77.1.4 | SSH: localhost:56667 |
| OLT | 10.77.1.5 | SSH: localhost:56678 |
| ONT1 | 10.77.1.6 | SSH: localhost:56673 |
| ONT2 | 10.77.1.7 | SSH: localhost:56674 |
| RADIUS | 10.77.1.10 | SSH via mgmt network |
| gNMIc | 10.77.1.12 | API access |
| Prometheus | 10.77.1.13 | http://localhost:9090 |
| Grafana | 10.77.1.14 | http://localhost:3030 |
| iPerf | 10.77.1.15 | SSH: localhost:56675 |
| TX | 10.77.1.16 | SSH: localhost:56676 |
| PC1 | 10.77.1.17 | SSH: localhost:56677 |
BNG1 Subscriber Addressing
IPv4 Subscriber Pool (NAT Inside)- Network: 100.80.0.0/29
- Gateway: 100.80.0.1
- DHCP Range: 100.80.0.2 - 100.80.0.7
- DHCP Server: 9.9.9.9 (loopback)
- DNS: 8.8.8.8, 8.8.4.4
- WAN Host: 2001:db8:100::/56
- Prefix Delegation: 2001:db8:200::/48
- DHCPv6 Server: fd07:47::aaaa
- DNS: 2001:4860:4860::8888, 2001:4860:4860::8844
- Public IP Pool: 99.99.99.99/32
- NAT Type: Deterministic NAT44 with port blocks
- Port Reservation: 64 ports per subscriber
- Subscriber Limit: 8 per address
- BNG1 Interface: 172.19.1.2/30
- iPerf Interface: 172.19.1.1/30
BNG2 Subscriber Addressing
IPv4 Subscriber Pool (NAT Inside)- Network: 100.90.0.0/29
- Gateway: 100.90.0.1
- DHCP Range: 100.90.0.2 - 100.90.0.7
- DHCP Server: 9.9.9.9 (loopback)
- DNS: 8.8.8.8, 8.8.4.4
- Same as BNG1 (2001:db8:100::/56 and 2001:db8:200::/48)
- Public IP Pool: 100.100.100.100/32
- NAT Type: Deterministic NAT44 with port blocks
- Port Reservation: 64 ports per subscriber
- Subscriber Limit: 8 per address
- BNG2 Interface: 172.20.1.2/30
- iPerf Interface: 172.20.1.1/30
VLAN Design
Service VLANs
VLAN 50 - BNG1 Subscriber Traffic
VLAN 50 - BNG1 Subscriber Traffic
Purpose: Isolates all BNG1 (ISP 1) subscriber trafficVPLS Service ID: 50Active on Devices:
- Switch: VPLS “to-tx-50”
- SAP: 1/1/1:50.* (to TX)
- SAP: 1/1/3:50.* (to OLT)
- OLT: VPLS “bng1-agg”
- SAP: 1/1/1:50.150 (to Switch, double-tagged)
- SAP: 1/1/2:150 (to ONT1, single-tagged)
- Outer VLAN: 50 (service identification)
- Inner VLAN: 150 (subscriber VLAN)
- Encapsulation type: QinQ (802.1ad)
VLAN 60 - BNG2 Subscriber Traffic
VLAN 60 - BNG2 Subscriber Traffic
Purpose: Isolates all BNG2 (ISP 2) subscriber trafficVPLS Service ID: 60Active on Devices:
- Switch: VPLS “to-tx-60”
- SAP: 1/1/1:60.* (to TX)
- SAP: 1/1/3:60.* (to OLT)
- OLT: VPLS “bng2-agg”
- SAP: 1/1/1:60.150 (to Switch, double-tagged)
- SAP: 1/1/3:150 (to ONT2, single-tagged)
- Outer VLAN: 60 (service identification)
- Inner VLAN: 150 (subscriber VLAN)
- Encapsulation type: QinQ (802.1ad)
VLAN 150 - Subscriber Access VLAN
VLAN 150 - Subscriber Access VLAN
Purpose: Subscriber-facing VLAN on ONT devicesUsed By:
- ONT1: Tagged VLAN 150 on eth1
- ONT2: Tagged VLAN 150 on eth1
- Combined with service VLAN (50 or 60) via QinQ
- Single tag visible to ONT devices
- Double tag (50.150 or 60.150) in core network
QinQ Encapsulation
The lab uses QinQ (802.1ad) for service multiplexing, allowing multiple ISPs to use the same underlying infrastructure with VLAN-based isolation.
- ONT1 sends traffic with VLAN 150
- OLT adds outer VLAN 50 → becomes 50.150
- Switch forwards 50.150 transparently
- TX forwards 50.150 to BNG1
- BNG1 receives capture-SAP matching 1/1/c1/1:. pattern
Port Mapping Summary
SSH Access Ports
| Device | Host Port | Container Port | Access Command |
|---|---|---|---|
| BNG1 | 56661 | 22 | ssh admin@localhost -p 56661 |
| BNG2 | 56664 | 22 | ssh admin@localhost -p 56664 |
| Switch | 56667 | 22 | ssh admin@localhost -p 56667 |
| OLT | 56678 | 22 | ssh admin@localhost -p 56678 |
| ONT1 | 56673 | 22 | ssh user@localhost -p 56673 |
| ONT2 | 56674 | 22 | ssh user@localhost -p 56674 |
| iPerf | 56675 | 22 | ssh root@localhost -p 56675 |
| TX | 56676 | 22 | ssh admin@localhost -p 56676 |
| PC1 | 56677 | 22 | ssh root@localhost -p 56677 |
Management API Ports
| Device | Host Port | Container Port | Protocol |
|---|---|---|---|
| BNG1 | 56662 | 57400 | gRPC |
| BNG1 | 56663 | 830 | NETCONF |
| BNG2 | 56665 | 57400 | gRPC |
| BNG2 | 56666 | 830 | NETCONF |
| Switch | 56668 | 57400 | gRPC |
| Switch | 56669 | 830 | NETCONF |
| OLT | 56671 | 57400 | gRPC |
| OLT | 56672 | 830 | NETCONF |
Web UI Ports
| Service | Host Port | Container Port | Access URL |
|---|---|---|---|
| Grafana | 3030 | 3000 | http://localhost:3030 |
| Prometheus | 9090 | 9090 | http://localhost:9090 |
| ONT1 | 8081 | 8080 | http://localhost:8081 |
| ONT2 | 8082 | 8080 | http://localhost:8082 |
Device Roles Summary
| Device Type | Count | Primary Function |
|---|---|---|
| BNG (SR-7) | 2 | Subscriber session termination, DHCP, NAT |
| Transport Switch | 1 | L2 aggregation between BNGs |
| Access Switch | 1 | Aggregation between transport and OLT |
| OLT | 1 | Optical/fiber access termination |
| ONT | 2 | Customer premises equipment (CPE) |
| RADIUS | 1 | AAA services |
| Telemetry | 3 | gNMIc collector, Prometheus, Grafana |
| Test Equipment | 2 | iPerf server, PC1 client |
All network devices support gNMI telemetry streaming for real-time monitoring and NETCONF/RESTCONF for configuration management.