Skip to content

Release 0.24#


Enabling external lab access#

As more users started playing with containerlab, more deployment use cases began to surface. One of the most common non-trivial deployment use cases was enabling external access from systems deployed outside of containerlab with the topology nodes.

This use case was not that apparent because of the way Docker secures the host. By default, Docker doesn't allow external packets to reach containers, while containers can initiate connections to outside hosts. These security measures are carried out via iptables rules Docker maintains.

In this release, containerlab will automatically create an allowing rule in the DOCKER-USER chain to allow external systems to reach containerlab nodes. Read more about this feature in our docs.

Docker authentication#

Containerlab pulls the images at deploy stage, if the images are not present. To support pulling the images from the repos which require authentication @lbaker-esnet in #755 added the logic to fetch the authentication data from local docker config store.

Now if you have logged in to a certain repo with docker login, containerlab will be able to pull the images from this repo, using the credentials stored locally.

Binds merge#

One of the most used containerlab options -- binds -- got even better. Now the bind paths will get merged should you define them on the defaults, kinds and nodes levels.

This makes it possible to define some default binds and have node-specific binds to be added to them.

Restart on failure for linux nodes#

Now containerlab will automatically restart the nodes of linux kind if their main process exited with a non-0 return code. This will ensure longevity of the services such as Telemetry stacks or management software that may crash for various reasons.

Shared network namespaces#

Our own @LimeHat added support for making containerlab nodes to join in Pods formation. That is when multiple nodes share the same network namespace.

This is done with a new network-mode property value.


  • SR Linux breakout support has been fixed in #765
  • It is now possible to create ansible inventory without auto-populated ansible_host variables. Thanks to @tobbbles for his work in #793
  • A new flag has been added to deploy command to skip the post deploy actions. This may optimize the boot time if you have static configs provided. Thanks to @bjmeuer for adding this in #773
  • podman β-support that we announced in 0.23.0 has fallen victim to a misconfigured build pipeline. Hopefully, in this release, you will be able to use it :D
  • Linux nodes can now use ignite runtime #759
  • SR Linux nodes now not only will get the authz keys from pub keys available at ~/.ssh dir, but will also get everything from ~/.ssh/authorized_keys file as well. Thanks to @hansthienpondt for adding this in #778
  • destroy command will remove the lab dir even if no containers for that lab was found #753
  • new community posts.



  • Do not stop containerlab deploy/destroy in case of a missing iptables DOCKER-USER chain. This is typical to docker installations older than 17.06 version. #797
  • Fix directory removal flow during cleanup #799