Diode Multivendor Discovery

Introduction

This lab simulates a network with 3 routers from different vendors (Juniper, Cisco, and Huawei) configured with OSPF and SNMP, integrating Diode components (plugin, server, and agent) and Netbox for automated device import and management.

1. Description

1.1 Lab Objective

The objective of this lab is to practically demonstrate the process of automated discovery and import of multivendor network devices, encompassing different models and manufacturers, and their respective configurations into Netbox, using the diode-plugin, diode-server, and orb-agent.

1.2 Lab Topology

Below is the topology showing the three routers — Juniper, Cisco, and Huawei — in addition to the servers involved in the architecture.

The routers are configured with the following technologies:

OSPF (Open Shortest Path First): Used for dynamic routing, allowing devices (regardless of manufacturer) to exchange information about routes and topology.
SNMP (Simple Network Management Protocol): Used for telemetry collection and discovery, ensuring compatibility with Juniper, Cisco, and Huawei devices.

2. Applications

Examples of Applications

This lab demonstrates a realistic architecture for automatic device discovery in environments where multiple vendors coexist.

Possible Applications:

Multivendor discovery automation: Automatic detection of Juniper, Cisco, and Huawei devices and registration of their inventories in Netbox.
Standardization of heterogeneous inventory: Creation of a unified device database regardless of the vendor.
Creation of a centralized device repository: Building a reliable database of real-time network data.
Practical study of SNMP in hybrid environments: Practical comparison between different MIBs and manufacturer standards.
Diode + Netbox integration in real-world scenarios: Practice in collecting and integrating network data.

3. Requirements

3.1 Prerequisites

To start the lab, it is necessary to install and configure the following components:

Netbox
Diode Plugin
Diode Server
Orb Agent
Containerlab
Docker

If your environment is not configured, follow the steps in Configuration Guide

3.2 Computational Requirements Table

Requirement	Details
CPUs	4 vCPUs (minimum recommended)
RAM Memory	12 GB
Disk Space	10 GB
Containerlab	0.64.0
Created Network	br-lab

Tip

Verify that the Docker and Containerlab versions are compatible to avoid errors during deployment.

Attention

Verify that your processor has hardware virtualization support and that this functionality is enabled in the BIOS/UEFI. - In Intel processors, this technology is called VT-x (Intel Virtualization Technology). - In AMD processors, it is known as AMD-V (AMD Virtualization).

Without this feature enabled, images like vJunos-router will not function correctly.

4. Installation

4.1 Configuring the Docker Network

Before starting the containers, create the bridge network that will interconnect the devices:

docker network create \
  --driver=bridge \
  --opt com.docker.network.bridge.name=br-lab \
  --subnet=172.10.10.0/24 \
  br-lab

4.2 Cloning the Lab Repository

Execute the script below to download and configure the lab automatically:

Linux/MacWindows

curl -L -o get.sh "https://git.rnp.br/redes-abertas/labs/-/raw/main/discovery-lab-diode-multivendor/get.sh?ref_type=heads&inline=false" && sh get.sh && cd discovery-lab

curl -L -o get.bat "https://git.rnp.br/redes-abertas/labs/-/raw/main/discovery-lab-diode-multivendor/get.bat?ref_type=heads&inline=false" && call get.bat && cd discovery-lab

Tip

On Linux/Mac, use chmod +x get.sh before running the script if it does not have execute permissions.

5. Environment Deployment

5.1 Starting the Routers with Containerlab

Here, the three Juniper/Cisco/Huawei devices will be initialized. The boot time may vary depending on the manufacturer.

sudo clab deploy -t clab/discovery-lab.clab.yaml

Debug

The devices may take about 10 minutes to become fully operational. If an error occurs, check the command output for possible error messages. Use docker logs <container_name> to debug.

5.2 Starting the Diode Server

Tip

If you already have the Diode server configured, just skip this step.

Let's create a new folder to store the diode-server files:
```
mkdir diode-server
cd diode-server
```

Now, let's download the quick start script:

curl -sSfLo quickstart.sh https://raw.githubusercontent.com/netboxlabs/diode/release/diode-server/docker/scripts/quickstart.sh
chmod +x quickstart.sh

Then, just run the script passing the url of your netbox:
```
./quickstart.sh https://<netbox-server>
```
Finally, just start the containers:
```
docker compose up -d
```

To extract the credentials needed to install the plugin, execute the command below:

echo $(jq -r '.[] | select(.client_id == "netbox-to-diode") | .client_secret' ./oauth2/client/client-credentials.json)

Tip

Store the token, you will need to add it to the configuration below.

5.3 Installing the Plugin in Netbox

In this step, we will install the diode plugin, which is responsible for establishing the connection between the diode-server and Netbox.

5.3.1 Configuring the Netbox version:

First, let's clone the Netbox Docker repository:

git clone -b release https://github.com/netbox-community/netbox-docker.git

Now, let's go to Release 3.2.1:
```
cd netbox-docker/
git checkout 3.2.1
```

Information

We changed the repository branch to have access to Netbox version 4.2.4.

Tip

All commands below will be executed inside the netbox root directory netbox-docker/.

5.3.2 plugin_requirements.txt

This file contains a list of Netbox plugins (as PyPI Python packages) that must be installed during the Docker image build.

Execute the following command to write the package inside the plugin_requirements.txt file.

echo "netboxlabs-diode-netbox-plugin" >> plugin_requirements.txt

5.3.3 DockerFile-Plugins

This is the DockerFile used to build the custom docker image.

Create the file and access it with an editor:
```
nano DockerFile-Plugins
```

Copy the content below and paste it into the file:

FROM netboxcommunity/netbox:v4.2.4

COPY ./plugin_requirements.txt /opt/netbox/
RUN /usr/local/bin/uv pip install -r /opt/netbox/plugin_requirements.txt

5.3.4. docker-compose.override.yml

As the name implies, this file contains the configurations that will overwrite the docker-compose.yml.

If you haven't configured the br-lab network yet. Access: Configuring the Docker Network

Create the file and access it with an editor:
```
nano docker-compose.override.yml
```

Copy the content below and paste it into the file:

services:
  netbox:
    image: netbox:latest-plugins
    pull_policy: never
    ports:
      - 8000:8080
    build:
      context: .
      dockerfile: Dockerfile-Plugins
    networks:
      - br-lab

  netbox-worker:
    image: netbox:latest-plugins
    pull_policy: never
    networks:
      - br-lab

  netbox-housekeeping:
    image: netbox:latest-plugins
    pull_policy: never
    networks:
      - br-lab

  postgres:
    networks:
      - br-lab

  redis:
    networks:
      - br-lab

  redis-cache:
    networks:
      - br-lab

networks:
  br-lab:
    external: true

The changes made were:

adding Netbox to the br-lab network.
changing the dockerfile to Dockerfile-Plugins, created previously.
Also changed the image of the services to: netbox:latest-plugins.

5.3.5. plugins.py

This file is responsible for setting the specific configurations for each plugin.

Access the file with the editor:
```
nano configuration/plugins.py
```

Copy and paste the content into the file:

PLUGINS = [
    "netbox_diode_plugin",
]

PLUGINS_CONFIG = {
    "netbox_diode_plugin": {
        # Diode gRPC target for communication with Diode server
        "diode_target_override": "grpc://localhost:8080/diode",

        # Username associated with changes applied via plugin
        "diode_username": "diode",

        # netbox-to-diode client_secret created during diode bootstrap.
        "netbox_to_diode_client_secret": "..."
    },
}

Tip

The token stored during diode-server installation must be passed in the option: netbox_to_diode_client_secret.

5.3.6 Build and Deploy!

Now your Netbox is configured and ready for deploy, follow the commands below and build a new instance of Netbox!

Build the image:
```
docker compose build --no-cache
```
Start the containers:
```
docker compose up -d
```

Create the necessary migrations with the command below:

docker compose exec -it netbox ./manage.py migrate netbox_diode_plugin

5.3.7. Generating credentials for the agent

We need to create credentials for the diode agent to communicate and forward the data collected from the devices to the diode-server.

Access your Netbox and go to the side menu.
Go to Diode > Client Credentials.
Click on the top button Add Credential.
Type a name for your credential.
Store the Client Id and Client Secret.

6. Orb-Agent

The orb-agent is a diode component responsible for collecting data on devices.

6.1 Configuring the agent

Access the orb-agent folder:
```
cd ./orb-agent
```

In the .env file, configure the variables according to your environment.

DOCKER_NETWORK=br-lab                      # Container Network
DOCKER_SUBNET=172.10.10.0/24               # Devices Network
DIODE_CLIENT_ID=                           # Diode Client Id
DIODE_CLIENT_SECRET=                       # Diode Client Secret
DIODE_HOST=<your-ip>:8080                  # Diode Server Url
AGENT_NAME=agent1                          # Agent Name
SITE_NAME=RNP                              # Netbox Site Name
MULTIDEVICE_COMMUNITY="public"             # Device Community

Here are the Client Id and Client Secret generated in the diode plugin in Netbox.

Now, let's apply the variables to the juniper import template with the command:

set -o allexport && source .env && envsubst < agent.snmp.template.yaml > agent.yaml

6.2 Starting Data Collection

Finally, just bring up the container to start importing devices into Netbox!

docker compose up

✅ Track in real-time in Netbox the devices being collected by the agent.

⏱️ In addition, you can configure a collection interval for the agent to perform the import automatically and periodically, without the need for manual intervention.

7. Access

After the lab is started, you can access the devices and services configured on the network.

7.1 Table of IPs and Service Ports

Here is the table of devices, IPs, and service ports available in the lab.

Device	Manufacturer	IP	Port	Service
node1	Juniper	172.10.10.201	22	SSH
node2	Cisco	172.10.10.202	22	SSH
node3	Huawei	172.10.10.203	22	SSH
Diode	—	localhost	8080	API
Netbox	—	localhost	8000	Web UI
Graphite	—	172.20.20.1	8081	Web UI

7.2 Access Passwords

Here is the table with the access passwords for the services configured in the lab.

Service	User	Password
node1 (SSH)	admin	admin@123
node2 (SSH)	clab	clab@123
node3 (SSH)	admin	admin
Netbox (Web)	Admin	Admin

Attention

Before accessing, access the log of a device to verify that it has been started and configured correctly.

8. Next Steps

With the lab completed, you can follow some of the steps below as extra.

Test SNMP collection differences between Juniper, Cisco, and Huawei.
Compare the structure of MIBs used in the import.
Add new devices from any manufacturer to check compatibility.

9. Conclusion

✅ Now you have learned how to use Diode components to automatically import a network composed of Juniper, Cisco, and Huawei devices, building a complete inventory in Netbox and enabling the creation of your Digital Twin with Netreplica.