From b5d5bb933a1952ba237c8c534dae4f56b323c193 Mon Sep 17 00:00:00 2001
From: Roman Dodin <dodin.roman@gmail.com>
Date: Sun, 11 Apr 2021 10:14:50 +0200
Subject: [PATCH 1/2] added support for mgmt-net attachment

---
 clab/config.go  | 15 ++++++++++++---
 clab/docker.go  |  1 +
 clab/netlink.go | 15 +++++++++++++--
 3 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/clab/config.go b/clab/config.go
index b08819ec7..b20053b88 100644
--- a/clab/config.go
+++ b/clab/config.go
@@ -89,6 +89,7 @@ type Config struct {
 // it is provided via docker network object
 type mgmtNet struct {
 	Network    string `yaml:"network,omitempty"` // docker network name
+	Bridge     string // linux bridge backing the docker network
 	IPv4Subnet string `yaml:"ipv4_subnet,omitempty"`
 	IPv6Subnet string `yaml:"ipv6_subnet,omitempty"`
 	MTU        string `yaml:"mtu,omitempty"`
@@ -612,15 +613,23 @@ func (c *CLab) NewEndpoint(e string) *Endpoint {
 	nName := split[0]  // node name
 	epName := split[1] // endpoint name
 	// search the node pointer for a node name referenced in endpoint section
-	// if node name is not "host", since "host" is a special reference to host namespace
+	switch nName {
+	// "host" is a special reference to host namespace
 	// for which we create an special Node with kind "host"
-	if nName == "host" {
+	case "host":
 		endpoint.Node = &Node{
 			Kind:      "host",
 			ShortName: "host",
 			NSPath:    hostNSPath,
 		}
-	} else {
+	// mgmt-net is a special reference to a bridge of the docker network
+	// that is used as the management network
+	case "mgmt-net":
+		endpoint.Node = &Node{
+			Kind:      "bridge",
+			ShortName: "mgmt-net",
+		}
+	default:
 		for name, n := range c.Nodes {
 			if name == split[0] {
 				endpoint.Node = n
diff --git a/clab/docker.go b/clab/docker.go
index 8e7846ceb..69a9ac695 100644
--- a/clab/docker.go
+++ b/clab/docker.go
@@ -98,6 +98,7 @@ func (c *CLab) CreateDockerNet(ctx context.Context) (err error) {
 	default:
 		return err
 	}
+	c.Config.Mgmt.Bridge = bridgeName
 
 	log.Debugf("Docker network '%s', bridge name '%s'", c.Config.Mgmt.Network, bridgeName)
 
diff --git a/clab/netlink.go b/clab/netlink.go
index 5f5e8af2e..8f5fbc4bd 100644
--- a/clab/netlink.go
+++ b/clab/netlink.go
@@ -48,12 +48,23 @@ func (c *CLab) CreateVirtualWiring(l *Link) (err error) {
 	// set bridge name for endpoint that should be connect to linux bridge
 	switch {
 	case l.A.Node.Kind == "bridge":
-		vA.Bridge = l.A.Node.ShortName
+
+		// mgmt-net is a reserved node name that means
+		// connect this endpoint to docker management bridged network
+		if l.A.Node.ShortName != "mgmt-net" {
+			vA.Bridge = l.A.Node.ShortName
+		} else {
+			vA.Bridge = c.Config.Mgmt.Bridge
+		}
 		// veth endpoint destined to connect to the bridge in the host netns
 		// will not have a random name
 		ARndmName = l.A.EndpointName
 	case l.B.Node.Kind == "bridge":
-		vB.Bridge = l.B.Node.ShortName
+		if l.B.Node.ShortName != "mgmt-net" {
+			vB.Bridge = l.A.Node.ShortName
+		} else {
+			vB.Bridge = c.Config.Mgmt.Bridge
+		}
 		BRndmName = l.B.EndpointName
 	case l.A.Node.Kind == "ovs-bridge":
 		vA.OvsBridge = l.A.Node.ShortName

From 1cd4bf3542b8082d8ac304d5c1662f0cab0ccb34 Mon Sep 17 00:00:00 2001
From: Roman Dodin <dodin.roman@gmail.com>
Date: Sun, 11 Apr 2021 10:45:57 +0200
Subject: [PATCH 2/2] added docs

---
 docs/manual/network.md | 32 +++++++++++++++++++++++++++++++-
 1 file changed, 31 insertions(+), 1 deletion(-)

diff --git a/docs/manual/network.md b/docs/manual/network.md
index fb36b88fe..10ba19156 100644
--- a/docs/manual/network.md
+++ b/docs/manual/network.md
@@ -229,4 +229,34 @@ ip link
 # SNIP
 433: srl_e1-1@if434: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
     link/ether b2:80:e9:60:c7:9d brd ff:ff:ff:ff:ff:ff link-netns clab-srl01-srl
-```
\ No newline at end of file
+```
+
+### Additional connections to management network
+By default every lab node will be connected to the docker network named `clab` which acts as a management network for the nodes.
+
+In addition to that mandatory connection, users can attach additional interfaces to this management network. This might be needed, for example, when data interface of a node needs to talk to the nodes on the management network.
+
+For such connections a special form of endpoint definition was created - `mgmt-net:$iface-name`.
+
+```yaml
+name: mgmt
+topology:
+  nodes:
+    n1:
+      kind: srl
+      image: srlinux:21.3.1-410
+      license: license.key
+  links:
+    - endpoints:
+        - "n1:e1-1"
+        - "mgmt-net:n1-e1-1"
+
+```
+
+In the above example the node `n1` connects with its `e1-1` interface to the management network. This is done by specifying the endpoint with a reserved name `mgmt-net` and defining the name of the interface that should be used in that bridge (`nq-e1-1`).
+
+By specifying `mgmt-net` name of the node in the endpoint definition we tell containerlab to find out which bridge is used by the management network of our lab and use this bridge as the attachment point for our veth pair.
+
+This is best illustrated with the following diagram:
+
+<div class="mxgraph" style="max-width:100%;border:1px solid transparent;margin:0 auto; display:block;" data-mxgraph="{&quot;page&quot;:14,&quot;zoom&quot;:1.5,&quot;highlight&quot;:&quot;#0000ff&quot;,&quot;nav&quot;:true,&quot;check-visible-state&quot;:true,&quot;resize&quot;:true,&quot;url&quot;:&quot;https://raw.githubusercontent.com/srl-labs/containerlab/diagrams/containerlab.drawio&quot;}"></div>
\ No newline at end of file