tux/netforge
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages 3 Wiki Activity Actions
No description
261 commits 1 branch 0 tags 7.6 MiB
  • Rust 91.1%
  • TypeScript 8.8%
Find a file
Exact
Tux e575ebe186
Some checks failed
CI / check (push) Successful in 3m40s
Details
CI / test (push) Failing after 49s
Details
Container Images / build-and-push (map[dockerfile:docker/host/Dockerfile name:netforge-host]) (push) Successful in 39s
Details
Container Images / build-and-push (map[dockerfile:docker/router/Dockerfile name:netforge-router]) (push) Successful in 2m36s
Details
Container Images / build-and-push (map[dockerfile:docker/switch/Dockerfile name:netforge-switch]) (push) Successful in 3s
Details
LinuxHost: flat eth0..eth3 naming and persistent /etc + /root 
LinuxHost containers previously emitted Cisco-shaped interface names
like eth0/0 (which the kernel-side rename further mangled to eth0-0)
and lost every /etc and /root edit on a power-cycle. Both were UX
surprises for users coming from real Linux boxes.

Naming: add a flat: bool field to InterfaceSlot. The LinuxHost
template (template-id 4) opts in and now exposes four ports — eth0,
eth1, eth2, eth3 — per DESIGN.md §4.1. validate_interface_name takes
a flat branch when the slot opts in and rejects the slot-prefixed
form so stale UIs can't smuggle eth0/0 back into the links table.
Migration 016 updates the seeded template and rewrites existing
host link interface columns from eth0/0 → eth0, scoped strictly to
device_type='host'. Existing Cisco templates are untouched (flat
defaults to false via serde).

Persistence: each LinuxHost device now gets two sibling Docker
named volumes — nfv-<uuid>-etc and nfv-<uuid>-root — bind-mounted
at /etc and /root. Docker's first-attach auto-populate gives a
sane starting filesystem from the image; subsequent edits to
interface config, hostname, dotfiles, and downloaded scripts
survive stop→start cycles. Volumes are provisioned in
api::devices::create and api::topology::import with full rollback
on partial failure, and torn down in api::devices::delete via a
template lookup. Routers and switches are unaffected.

Security follow-up from pre-commit audit: topology import never
validated imported link interfaces against the referenced
template's slots. A crafted .nflab could write arbitrary strings
into links.source_interface / target_interface that later flowed
into kernel ifname operations on device boot. Import now mirrors
the single-link create handler and calls validate_interface_name
on both endpoints before any DB write.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-14 10:24:12 +02:00
.claude Claude updates 2026-05-11 22:53:49 +02:00
.forgejo/workflows CI tests: fix stale fixtures, align with lazy-plumbing, throttle Docker 2026-05-11 23:53:10 +02:00
.vscode I-7: Spanning Tree Protocol (I-7a: CLI + config model + round-trip) 2026-04-11 00:41:22 +02:00
crates LinuxHost: flat eth0..eth3 naming and persistent /etc + /root 2026-05-14 10:24:12 +02:00
docker Implement DHCPv6 server/relay, SLAAC/RA, and DHCP client (I-19b/c/d) 2026-04-25 19:39:58 +02:00
docs Document the burned-in MAC derivation scheme in ARCHITECTURE.md 2026-05-12 20:04:03 +02:00
frontend LinuxHost: flat eth0..eth3 naming and persistent /etc + /root 2026-05-14 10:24:12 +02:00
migrations LinuxHost: flat eth0..eth3 naming and persistent /etc + /root 2026-05-14 10:24:12 +02:00
scripts B-1: Backend scaffold — API server, auth, projects, RBAC, CI 2026-04-17 22:54:24 +02:00
.dockerignore B-2 Slice 8: Dockerfiles + boot templates for router, switch, host 2026-04-18 01:43:46 +02:00
.gitattributes Git linguist-vendored 2026-04-12 22:14:21 +02:00
.gitignore Add dev environment setup: docker-compose for PostgreSQL, example config 2026-04-19 05:04:07 +02:00
.markdownlint.yaml Markdown reformat 2026-04-25 23:52:57 +02:00
.markdownlintignore B-2: Container lifecycle — shared types, Docker service, template/device APIs, health monitor 2026-04-18 01:22:59 +02:00
Cargo.lock Deterministic burned-in MAC per (device_id, interface) name 2026-05-12 19:27:38 +02:00
Cargo.toml Enforce clippy pedantic across the workspace 2026-05-11 23:23:45 +02:00
CHANGELOG.md LinuxHost: flat eth0..eth3 naming and persistent /etc + /root 2026-05-14 10:24:12 +02:00
CLAUDE.md Move project docs under docs/, update references 2026-05-11 22:57:06 +02:00
docker-compose.dev.yml Fix postgres image digest in docker-compose.dev.yml 2026-04-19 07:54:23 +02:00
LICENSE LICENSE 2026-04-10 01:42:02 +02:00
netforge.toml.example Refuse default database credentials on non-loopback binds 2026-05-02 17:22:36 +02:00
README.md Move project docs under docs/, update references 2026-05-11 22:57:06 +02:00

README.md

NetForge

A web-based network simulation platform with a built-in Cisco IOS CLI simulator.

Build network topologies visually, configure devices through a realistic command-line interface, and watch real routing protocols converge — all in your browser, no proprietary images required.

What Is This?

NetForge lets you drag routers, switches, and hosts onto a canvas, cable them together, and open terminal sessions to each device. Every device is a real Docker container running real Linux networking: OSPF neighbors form actual adjacencies via FRRouting, VLANs are tagged by Open vSwitch, ACLs are enforced by nftables. The custom IOS CLI simulator (netforge-agent) translates familiar Cisco commands into these real subsystems.

Target users:

  • Network engineers studying for CCNA/CCNP/CCIE certifications
  • University networking courses seeking a Packet Tracer alternative
  • Lab environments for testing configurations before production
  • Anyone who wants to prototype network designs visually

Key Features

  • Visual topology builder — drag-and-drop device placement, point-and-click cabling, real-time status indicators
  • Cisco IOS CLI simulator — abbreviated commands, tab completion, context-sensitive ? help, show running-config, write memory, pipe filters (| include, | section)
  • Real protocol behavior — OSPF, BGP, EIGRP, RIP, STP, HSRP/VRRP via FRRouting and Open vSwitch, not software models
  • Full L2/L3 stack — VLANs, trunking, ACLs, NAT/PAT, static routing, EtherChannel, MPLS/LDP, L3VPN
  • In-browser terminals — xterm.js with per-device tabs, split-view, and send-to-all
  • Multi-user collaboration — real-time topology sync, role-based access (Owner/Admin/Editor/Operator/Viewer), shared and independent terminal sessions
  • Lab assessments — author exercises with automated verification, "Check My Work" grading, import/export as .nfassess files
  • Packet capture — per-link tcpdump with live streaming, pcap download, and BPF filter support
  • Lightweight — Alpine-based containers target 32 MB (host) to 128 MB (router) RAM; run 100+ devices on a single host

Architecture at a Glance

Browser (React + xterm.js)
    |
    |  REST / WebSocket
    v
NetForge Backend (Rust / Axum)
    |
    +-- Docker Engine ----> Per-device containers
    +-- Open vSwitch -----> Virtual network fabric
    +-- PostgreSQL -------> State persistence
    |
    v
Container (e.g. router)
    +-- netforge-agent ---> IOS CLI simulator
    +-- FRRouting --------> OSPF, BGP, EIGRP, ...
    +-- nftables ---------> ACLs, NAT

Quick Start

See docs/DEVELOPMENT.md for the full setup guide. The short version:

git clone git@git.fiedler.live:tux/netforge.git && cd netforge
docker compose -f docker-compose.dev.yml up -d
export DATABASE_URL="postgres://netforge:netforge_dev@localhost:5432/netforge"
sqlx migrate run --source migrations
sudo systemctl start openvswitch-switch
cp netforge.toml.example netforge.toml
docker build -t netforge-router:dev -f docker/router/Dockerfile .
docker build -t netforge-switch:dev -f docker/switch/Dockerfile .
docker build -t netforge-host:dev   -f docker/host/Dockerfile .
cargo watch -x run &
cd frontend && pnpm install && pnpm dev &
# Open http://localhost:5173

Requirements: Linux (Ubuntu 22.04+), Rust, Node.js 20+, Docker Engine, Open vSwitch.

Documentation

Document Description
docs/DEVELOPMENT.md Development environment setup, building, testing, CI
docs/DESIGN.md Full project design document — vision, phasing, feature specs
docs/ARCHITECTURE.md Technical architecture — design decisions, tradeoffs, internals
docs/VERIFICATION.md Manual verification matrix — step-by-step CLI checks per agent phase

Tech Stack

Layer Technology
Frontend React, TypeScript, Vite, React Flow, xterm.js
Backend Rust, Axum, Tokio, Bollard, SQLx
Networking FRRouting, Open vSwitch, nftables, iproute2
Database PostgreSQL
Containers Docker, Alpine Linux

Project Status

NetForge is under active development. See docs/DESIGN.md for the full roadmap and phasing.

License

GNU Affero General Public License v3.0 (AGPLv3)