Networks for the smallest. Micro issue №1. Switch to GNS3

We will slightly break the chronology of the Network cycle for the smallest
The company LiftMiAP grows, buying new branches throughout the country. Therefore, our next article will be devoted to VPN technologies and connecting remote offices to the central one. Topics like GRE, IPSec and DMVN will be discussed. Here Packet Tracer can hardly help us.
The time has come for big games and the transition to professional network simulation software. And the themes, hand on heart, are no longer for the little ones.

Choose from today's menu:
')

• GNS3 - Graphical Network Simulator
• IOU - IOS on UNIX

Under the cut are the pros and cons and partial transfer of topology from RT to GNS, and first the traditional video, this time of moderate length.





GNS or IOU? Iou or gns? Let's start with IOU, because we will not use it.

IOS On UNIX

As the name implies - put on top of UNIX. Previously, it was only Solaris, now Linux is also supported.
Its most significant advantages:
1) Almost full support for both L3 and L2. This emulator is used when passing CCIE lab exams.
2) Low PC resource requirements. More precisely to the CPU. Memory also needs a lot.
3) There are no restrictions on boards and interfaces. In the settings you simply specify how much and what you want.

Minuses:
1) The most important thing is proprietary software, which is not officially distributed at all. In torrents, there are images of L2IOU, L3IOU, but this is illegal.
In general, the legend goes that one time was written on the cisco site:

Cisco IOS on Unix is ​​a tool designed for internal use only. Distribution of IOU images with customers or external persons, is prohibited. You don't have to come and kill you.

This is the main reason why we abandoned the idea of ​​using IOU in our cycle.

2) Installing and configuring IOU is not easy. It is necessary to have a clear sense of calm and some kind of experience in Nix to deal with topologies, configuration files and saving device configuration.
Also an important reason - we would have to make the transition with less victims and not to scare away the “little ones”.

3) No GUI.

In general, this is a good utility for unprincipled labor of IT. If you need a lab from 20+ devices or need to work with QinQ, Rapid PVST (and other L2 technologies), or you want to get serious about Tshoot, then this is for you.

Graphical Network Simulator

Our choice. It has two serious drawbacks:

- Strongly demanding of CPU and memory. 10 routers will already seriously load the PC. CPU usage can be reduced using the Idle PC mechanism. Without this, 3-4 would hardly have gone.
- Very little support for L2 functions. There is only the similarity of switches, on which you can configure Access / Trunk ports and switch cards for routers, the L2-functionality of which is also very limited.

You need to get somewhere else the images of iOS. GNS is practically a virtual router and it also needs software, which is IOS, to run.
You can take it from the cisco site, if you have an account there with the necessary rights, download it from the equipment you have, or another well-known method.

But at the same time GNS has a graphical interface (technically, this is a Dynamips GUI), which greatly facilitates the creation of virtual laboratories.

The computer can be connected to a real network as a virtual router.

Installation and preparation for work

You can download it here . For Ubuntu, Debian GNS is available from the repository.

apt-get install gns3

After installation, perform the initial setup.

We believe that you already have images. Add them:





The router model is automatically determined.

Note the IDLE PC field. Do not touch yet.
Save.

When creating a new project, you are prompted to enter a name and parameters.



The most important thing here is do not forget to put the checkbox "Save nvram and other disk files" , otherwise after restarting the application you will not save the configuration.

Drag the router onto the working platform. Naturally, we take the model for which there is an image. Errors should not be.
Zhmakay on top of the button . Notice how the CPU load has increased: . Now you need to calm the excitement. To do this, select in the context menu Idle PC.


This mechanism allows you to optimize the use of processor resources.

The PC calculates several values ​​and offers you a list of them. It is recommended to select values ​​with *. As soon as they are applied, the CPU load drops.



If suddenly it did not work out, we iterate until we reach the desired.
Now rewrite the most successful value on a piece of paper , open the image management window Edit-> IOS Image and hyervisors and fill in the same field IDLE PC. Now the next time you start after booting the IOS, the GNS should not have lost all CPU time.

Everything is ready to connect.
GNS has standard tools for this:



By default, it uses the xTerm application, which, for sure, is available in almost any distribution.
To admit, for some reason it does not work for me - you cannot type characters. You can choose another application in the settings of terminal programs, for example, Konsole - it worked for me.



For the Gnome (Unity) shell, when setting up a terminal, you can choose a native terminal, despite the fact that it is not listed by default. Simply insert the following line in the Preconfigurated terminal commands field:

gnome-terminal -t %d -e 'telnet %h %p' >/dev/null 2>&1 &

But in fact, you can use any other terminal application you are used to. Moreover, you can even connect from another computer on the network, because this is done with the command:
telnet abcd 2000

What is telnet is understandable, abcd is the address of the computer (if you connect from the same PC, the address is 127.0.0.1), 2000 is the TCP port number allocated for this device (usually starts from 2000 for such programs). Each router will have its own.
Port number can be viewed as:



or so



All is ready:

Transferring configuration from RT to GNS

Here lies the devil. In GNS, we have a maximum of 3 interfaces: FE0 / 0, Fe0 / 1, and we can add another board with FE1 / 0, and in the lab at RT we sometimes use FE1 / 1. Therefore, you can not just copy and paste - sometimes you have to rework the configuration.

The scheme that we will reproduce:



We took only the Siberian ring to show how this is done, and not to upload the scheme to other branches.

Add routers. We will work, for example, with 2691-mi.



Device names are limited in the characters used, so we will add descriptions to them:



We also add switches: one for Balagan Telecom, the second for Filkin certificate.



Before launching, we will add a fee to the MSC.



There is only one board with FE ports in the list. We could well add serial cards, but why?

Configure the so-called switches. Only GUI is available for this.

Remove all ports.
We add several new ones, but you specify 0 as the vlan number, and the port type is dot1q. This means a trunk port, which passes all vlana.



The same with the second.

Before starting the routers, you need to create all the links at least approximately according to the old scheme.

You need to select Manual, then you can specify specific ports.



And you can even specify in the settings that only Manual is always selected.







If you have not selected the Idle Pc value for this image before, it is better to launch one device and do it.
Run the rest. You can take turns, all at once, if you set a pause between launches in the settings.



If you have an old computer, at this moment it can seriously hang. It will be necessary to wait.

The configuration for the router in Moscow can be simply copied - everything is in order with the interfaces.

Two notes:

• Be careful when copying commands.
• After inserting the configuration, the interfaces remain in the shutdown state.

We include all interfaces:

msk-arbat-gw1 (config) #interface fastEthernet 0/0
msk-arbat-gw1 (config-if) #no shutdown

And save the configuration:

msk-arbat-gw1 # write memory
Building configuration ...
[OK]

When setting up the Krasnoyarsk tsiska, we need to keep in mind the difference in the interfaces and change their numbers. (from FE1 / 0 to FE0 / 0 and from FE1 / 1 to FE0 / 1).
After the interfaces are enabled, the OSPF neighborhood relationship is immediately established:

krs-stolbi-gw1 (config) #int fa0 / 0
krs-stolbi-gw1 (config-if) #no sh
% LINK-3-UPDOWN: Interface FastEthernet0 / 0, changed state to up1
% OSPF-5-ADJCHG: Process 1, Nbr 172.16.255.1 on FastEthernet0 / 0.8 from LOADING to FULL, Loading Done
% LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0 / 0, changed state to up

After all routers have been configured, we’ll check the operation of OSPF:

msk-arbat-gw1 # sh ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface
172.16.255.112 1 FULL / DR 00:00:36 172.16.2.197 FastEthernet1 / 0.911
172.16.255.80 1 FULL / BDR 00:00:34 172.16.2.130 FastEthernet0 / 1.8

msk-arbat-gw1 # sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded downloaded route

Gateway of last resort is 198.51.100.1 to network 0.0.0.0

172.16.0.0/16 is variably subnetted, 17 subnets, 3 masks
O 172.16.255.80/32
[110/11] via 172.16.2.130, 01:32:53, FastEthernet0 / 1.8
O 172.16.2.160/30 [110/20] via 172.16.2.130, 01:32:53, FastEthernet0 / 1.8
O 172.16.255.96/32
[110/12] via 172.16.2.197, 01:32:53, FastEthernet1 / 0.911
O 172.16.255.112/32
[110/2] via 172.16.2.197, 01:32:53, FastEthernet1 / 0.911
C 172.16.2.128/30 is directly connected, FastEthernet0 / 1.8
C 172.16.255.1/32 is directly connected, Loopback0
C 172.16.2.196/30 is directly connected, FastEthernet1 / 0.911
O 172.16.2.192/30
[110/11] via 172.16.2.197, 01:32:53, FastEthernet1 / 0.911
C 172.16.2.32/30 is directly connected, FastEthernet0 / 1.7
C 172.16.2.16/30 is directly connected, FastEthernet0 / 1.5
C 172.16.4.0/24 is directly connected, FastEthernet0 / 0.102
C 172.16.5.0/24 is directly connected, FastEthernet0 / 0.103
C 172.16.6.0/24 is directly connected, FastEthernet0 / 0.104
C 172.16.0.0/24 is directly connected, FastEthernet0 / 0.3
C 172.16.1.0/24 is directly connected, FastEthernet0 / 0.2
C 172.16.2.0/30 is directly connected, FastEthernet0 / 1.4
C 172.16.3.0/24 is directly connected, FastEthernet0 / 0.101
198.51.100.0/28 is subnetted, 1 subnets
C 198.51.100.0 is directly connected, FastEthernet0 / 1.6
S * 0.0.0.0/0 [1/0] via 198.51.100.1

The way to Khabarovsk lies through Vladivostok:

msk-arbat-gw1 # tracer 172.16.255.96

Type escape sequence to abort.
Tracing the route to 172.16.255.96

1,172.16.2.197 860 msec 64 msec 4 msec
2 172.16.2.193 412 msec 56 msec *

Break this link:

msk-arbat-gw1 (config) #int fa1 / 0.911
msk-arbat-gw1 (config-subif) #sh

* Mar 1 00: 57: 43.995:% OSPF-5-ADJCHG: Process 1, Nbr 172.16.255.112 on FastEthernet1 / 0.911 from FULL to DOWN, Neighbor Down: Interface down or detached
msk-arbat-gw1 #

And check the service:

msk-arbat-gw1 # tracer 172.16.255.96

Type escape sequence to abort.
Tracing the route to 172.16.255.96

1,172.16.2.130 4 msec 12 msec 12 msec
2 172.16.2.162 28 msec 20 msec *

Everything works through Krasnoyarsk.

msk-arbat-gw1 (config) #int fa1 / 0.911
msk-arbat-gw1 (config-subif) #no sh
msk-arbat-gw1 (config-subif) #
* Mar 1 00: 59: 21.179:% OSPF-5-ADJCHG: Process 1, Nbr 172.16.255.112 on Fast Ethernet 1 / 0.911 from LOADING to FULL, Loadingping 172.16.255.96

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.255.96, timeout is 2 seconds:
!!!
Success rate is 100 percent (5/5), round-trip min / avg / max = 12/28/60 ms
msk-arbat-gw1 # tracer 172.16.255.96

Type escape sequence to abort.
Tracing the route to 172.16.255.96

1,172.16.2.197 8 msec 16 msec 12 msec
2 172.16.2.193 12 msec 8 msec *

After the interface returns to its original state, the route also switches back to Vladivostok.

With GNS, you can easily capture traffic dumps. Wireshark is enough for this. But under Linux, for some reason, I could not run.

To do this, just do the following:
1) right click on the link between two devices
2) Select capture in the context menu. If after this, a windshark was launched, you can close it - in real time it does not collect data. To prevent it from starting in the future, you can remove the check mark in the settings:



3) Perform scheduled actions.
4) From the context menu of the link, select Start Wireshark .

In the window that opens, there will be all the packages you wanted to catch.

HD

There are other network simulators that are not covered by this article.

For example, Bosson , who asks for sane money for his product to prepare for the delivery of CCNA / CCNP. Unfortunately, I did not test it, I can not say anything about its quality.

In the Russian segment, the NS3 project is completely unfairly deprived of attention. Very powerful utility without reference to specific vendors.
A completely different paradigm of creating topologies and settings, more like a programming language.
The product is well documented, but apparently, because of its complexity, it still did not find great fame on the web.
NS3 is used mainly in foreign universities, but even we have interesting projects turned out on its basis.

In addition, for sure, every vendor has some kind of internal simulator of their equipment.

I can say for Huawei that they have two powerful applications:
WVRP is an internal product, requires licenses and works only in the corporate network. Analogue GNS3, but with great potential and less resource consumption.
eNSP is a public simulator of Huawei equipment. It has reduced functionality compared to WVRP. Rather similar to Packet Tracer in its simplicity, but with much greater capabilities.
There is a video instruction .
Free, free to download (just create an account on the site). Most likely, we will be working on Multicast in the future - in eNSP this can be done quite clearly.

I found a Juniper simulator on the network, but I do not know how functional it is or whether it is official.

Useful links on the topic

GNS Simulator Website: www.gns3.net
How to spread GNS and Dynamyps to different computers: habrahabr.ru/post/135884
IOU installation instructions: admindoc.ru/990/emulyatsiya-cisco-ios-s-pomoshhyu-cisco-iou
Same in English: evilrouters.net/2011/01/18/cisco-iou-faq
Comparison of two simulators: rendoaw.blogspot.ru/2011/05/cisco-iou-vs-dynamips.html

You can also read this article on our website: linkmeup.ru/blog/36.html .
You may be more comfortable using LJ.

==========================

Friends and colleagues, our team leading the podcast is in dire need of a female voice that will brighten up male bass on the air.