Category Archives: Dynamips

Setting up an ntp/ftp/snmp/syslog/radius/dns proxy VM to test various router features

I just bought inetzero’s JNCIE-SP book and in their lab they have a server running providing a bunch of services. As I have my own lab I’m going to create my own server. A VM running all the above services can be very handy when testing and studying for your CCIE and JNCIE as certain things cannot be tested just on the router alone.

I’ll be creating this server through ESXi, but you can just as easily create it on any VM software. I’ll be installing Ubuntu server 12.04.2 LTS.

Initial Ubuntu install

This is going to be a pretty standard VM. I’ve installed 2 NICs. One will be connected to the internet, while the other will be connected to the test network:
Ubuntu VM Setting up an ntp/ftp/snmp/syslog/radius/dns proxy VM to test various router features
Go through most of your install and at the end ensure SSH is installed.
Ubuntu SSH1 Setting up an ntp/ftp/snmp/syslog/radius/dns proxy VM to test various router features

eth0 on my server will be the internet port. I’ll be configuring eth1 to be the test lab port with an IP address of 10.10.1.100/24

sudo vi /etc/network/interfaces

Add the following:

# Lab Interface
auto eth1
iface eth1 inet static
        address 10.10.1.100
        netmask 255.255.255.0

NTP Server

sudo apt-get install ntp

This will install the daemon. That’s all there is to it.

FTP Server

sudo apt-get install proftpd

Once installed, configure the server to only listen on 10.10.1.100. Add this to /etc/proftpd/proftpd.conf

DefaultAddress                  10.10.1.100
SocketBindTight                 on

SNMP

sudo apt-get install snmp

The above will give you snmpwalk which will be handy when pulling snmp off your kit

Syslog server

Rsyslog comes installed by default on Ubuntu 12.04, however it doesn’t listen for external connections. Edit /etc/rsyslog.conf and uncomment the the following two lines:

$ModLoad imudp
$UDPServerRun 514

Radius Server

sudo apt-get install freeradius

Once installed, edit /etc/freeradius/radiusd.conf – You’ll want to ensure the correct values are as follows:

listen {
        type = auth
        ipaddr = 10.10.1.100
        port = 1645

}

listen {
        ipaddr = 10.10.1.100
        port = 1646
        type = acct
}

log {
        destination = files
        file = ${logdir}/radius.log
        syslog_facility = daemon
        stripped_names = no
        auth = yes
        auth_badpass = yes
        auth_goodpass = yes
}

Edit clients.conf – I’ve simply deleted everything out of that file and added the following:

client 10.10.1.0/24 {
        secret          = radiuspassword
        shortname       = LAB
	require_message_authenticator = no
        nastype         = cisco
}

DNS Proxy

sudo apt-get install dnsproxy

Edit /etc/dnsproxy.conf – I’ve deleted everthing out of there and simply configured the following:

# Authoritative server
authoritative           8.8.8.8
authoritative-port      53              # It's port. Defaults to 53.
authoritative-timeout   10              # Seconds to wait for answers.

# Recursive resolver
recursive               8.8.8.8
recursive-port          53              # It's port. Defaults to 53.
recursive-timeout       90              # Seconds to wait for answers.

# Local address and port of dnsproxy
listen 10.10.1.100
port 53

# Security features
chroot /var/spool/dnsproxy
user dnsproxy

# Internal networks (allowed to do recursive queries)
internal 10.10.1.0/24   # Our internal network
internal 127.0.0.1

Verification

Nothing works until you verify. I’ll be using a 7200 as an IOS router to test all the features configured above.

NTP

R1#sh run | sec ntp
ntp peer 10.10.1.100
R1#sh ntp status
Clock is synchronized, stratum 3, reference is 10.10.1.100
nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**18
reference time is D55310A3.3153F82E (12:05:55.192 UTC Fri May 31 2013)
clock offset is -2.2801 msec, root delay is 115.22 msec
root dispersion is 44.40 msec, peer dispersion is 5.75 msec

FTP

R1#sh run | sec ftp
ip ftp username darreno
ip ftp password 7 BLAHBLAHBLAH
R1#copy run ftp
Address or name of remote host []? 10.10.1.100
Destination filename [r1-confg]?
Writing r1-confg !
1052 bytes copied in 1.496 secs (703 bytes/sec)

Back on server:

darreno@multiserver:~$ ls
r1-confg

SNMP

R1#sh run | sec snmp
snmp-server community snmpt3st1ng RO
snmp-server location "LAB"
snmp-server chassis-id test.7200
snmp-server host 10.10.1.100 snmpt3st1ng

On server:

darreno@multiserver:~$ snmpwalk -v 1 -c snmpt3st1ng 10.10.1.1
iso.3.6.1.2.1.1.1.0 = STRING: "Cisco IOS Software, 7200 Software (C7200-ADVIPSERVICESK9-M), 
Version 12.2(33)SRE7, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Thu 13-Sep-12 08:13 by prod_rel_team"
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.9.1.222
iso.3.6.1.2.1.1.3.0 = Timeticks: (51815) 0:08:38.15
iso.3.6.1.2.1.1.4.0 = ""
iso.3.6.1.2.1.1.5.0 = STRING: "R1"
iso.3.6.1.2.1.1.6.0 = STRING: "\"LAB\""
iso.3.6.1.2.1.1.7.0 = INTEGER: 78
etc
etc
etc

Syslog

Router:

archive
log config
 logging enable
 notify syslog
 hidekeys
logging trap debugging
logging facility local1
logging 10.10.1.100

This will send a message to syslog whenever a command is configured on the router. Let’s create a loopback and check the server:

darreno@multiserver:~$ tail -f /var/log/syslog
May 31 13:15:13 10.10.1.1 27: %PARSER-5-CFGLOG_LOGGEDCMD: User:console  logged command:interface lo100
May 31 13:15:13 10.10.1.1 28: %SYS-5-CONFIG_I: Configured from console by console
May 31 13:15:13 10.10.1.1 29: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback100, changed state to up

Radius

Router:

aaa new-model
!
aaa authentication login default group radius local none
!
radius-server host 10.10.1.100 auth-port 1645 acct-port 1646 key 7 111B18011E07181C05393833272131

On the server I need to create a user. Edit /etc/freeradius/users:

testuser     Password = "password"

Let’s go back to the router and login:

User Access Verification

Username: testuser
Password:

R1>

Back on the server:

darreno@multiserver:~$ sudo tail -f /var/log/freeradius/radius.log
Fri May 31 13:21:20 2013 : Auth: Login OK: [testuser/password] (from client LAB port 0)

DNS Proxy

Router:

ip name-server 10.10.1.100
R1#ping www.cisco.com

Translating "www.cisco.com"...domain server (10.10.1.100) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 95.100.128.170, timeout is 2 seconds:

Resolves just fine.

So there you have it. I might be adding more features to this VM, but for now it’ll suit me quite nicely.

Don’t install Ubuntu 11.10, or perhaps even 11.04

I’ve been running Ubuntu 9.10 on my dynamips box for sometime and it’s worked perfectly with my 4 quad NICs.

Last week I stupidly decided to upgrade my distro to 11.10. All looked fine. Dynamips still worked and everything looked okay.

However I was having some problems. Whenever I had a emulated router runs tags on a port, it refused to properly speak to a trunked switch port. CDP still worked, but nothing else. After hours of troubleshooting I knew nothing was wrong with my configs. The only recent change was the install.

So I reinstalled 9.10, and not a single problem again.

This has nothing to do with MTU size, as a ping packet and an ARP packet have tiny payloads. I probably could’ve figured out what the problem was eventually, but it was eating into my study time. Reinstalling only took about 40 minutes and I was back in action.

You can find the 9.10 iso over here: http://old-releases.ubuntu.com/releases/9.10/

The only problem with reinstalling is that Ubuntu changed the order of all my NICs. As my dynamips .net file maps certain router ports to certain breakout ports it completely screwed this up. I spent another hour sorting them out. This is my NIC file attached. Don’t use this yourself as your environment will be different of course.

Moral of the story. If you have a working system, don’t mess with it as you’re just wasting valuable time!

Final prep for my home lab

So now that I’ve got all the real equipment, it’s time to deploy everything.

As noted before, this is the way that I’ll be working: http://mellowd.co.uk/ccie/?p=1516

This is currently how the physical stuff actually looks like:

P1010984 Final prep for my home lab
P1010985 Final prep for my home lab

Now there were a couple of things I noticed when trying to get InternetworkExpert’s topologies onto my lab. Firstly I need to hard-code both my emulated routers and my real switches ethernet interfaces to 100Mb/full. Some of the interface names have also changed (s0/1/0 becomes s0/1, ethernet becomes fastethernet, etc) – Having to go through all the configs and doing it manually would take forever. Thankfully Daniel (http://lostintransit.se/) created a script to modify his startup configs. I’ve taken that script and modified it a bit more to come up with the following script:

#!/bin/sh
# Shell script to convert INE vol1 configs to Dynamips format
# Changes interface names
# Created by Daniel Dib @ http://http://lostintransit.se/
# Modified by Darren @ http://mellowd.co.uk/ccie

#Check if configs exist
for config in r1 r2 r3 r4 r5 r6 sw1 sw2 sw3 sw4
do
  if [ ! -r "$config.txt" ]; then
    doerror "Configuration file $config.txt does not exist"
  fi
done

echo "Files exist, continuing script..."

echo "Correcting configurations..."

echo "Starting with r1-r6..."

sed "
/FastEthernet0\/0/a \ speed 100\n duplex full
" r1.txt > r1.cfg

sed "
/FastEthernet0\/0/a \ speed 100\n duplex full
" r2.txt > r2.cfg

sed "
/FastEthernet0\/0/a \ speed 100\n duplex full
/FastEthernet0\/1/a \ speed 100\n duplex full
" r3.txt > r3.cfg

sed "
s/Serial0\/0\/0/Serial0\/0/g
s/Serial0\/1\/0/Serial0\/1/g
/FastEthernet0\/0/a \ speed 100\n duplex full
/FastEthernet0\/1/a \ speed 100\n duplex full
" r4.txt > r4.cfg

sed "
s/Serial0\/0\/0/Serial0\/0/g
s/Serial0\/1\/0/Serial0\/1/g
/FastEthernet0\/0/a \ speed 100\n duplex full
/FastEthernet0\/1/a \ speed 100\n duplex full
" r5.txt > r5.cfg

sed "
s/Serial0\/0\/0/Serial0\/0/g
/FastEthernet0\/0/a \ speed 100\n duplex full
/FastEthernet0\/1/a \ speed 100\n duplex full
" r6.txt > r6.cfg

echo "Routers done, starting with switches..."

sed "
s/switchport host/switchport mode access/g
/FastEthernet0\/1/a \ speed 100\n duplex full
/FastEthernet0\/2/a \ speed 100\n duplex full
/FastEthernet0\/3/a \ speed 100\n duplex full
/FastEthernet0\/4/a \ speed 100\n duplex full
/FastEthernet0\/5/a \ speed 100\n duplex full
/FastEthernet0\/6/a \ speed 100\n duplex full
/FastEthernet0\/7/a \ speed 100\n duplex full
/FastEthernet0\/8/a \ speed 100\n duplex full
/FastEthernet0\/9/a \ speed 100\n duplex full
/FastEthernet0\/10/a \ speed 100\n duplex full
/FastEthernet0\/11/a \ speed 100\n duplex full
/FastEthernet0\/12/a \ speed 100\n duplex full
/FastEthernet0\/13/a \ speed 100\n duplex full
/FastEthernet0\/14/a \ speed 100\n duplex full
/FastEthernet0\/15/a \ speed 100\n duplex full
/FastEthernet0\/16/a \ speed 100\n duplex full
/FastEthernet0\/17/a \ speed 100\n duplex full
/FastEthernet0\/18/a \ speed 100\n duplex full
/FastEthernet0\/19/a \ speed 100\n duplex full
/FastEthernet0\/20/a \ speed 100\n duplex full
/FastEthernet0\/21/a \ speed 100\n duplex full
/FastEthernet0\/22/a \ speed 100\n duplex full
/FastEthernet0\/23/a \ speed 100\n duplex full
/FastEthernet0\/24/a \ speed 100\n duplex full
" sw1.txt > sw1.cfg

sed "

s/switchport host/switchport mode access/g
/FastEthernet0\/1/a \ speed 100\n duplex full
/FastEthernet0\/2/a \ speed 100\n duplex full
/FastEthernet0\/3/a \ speed 100\n duplex full
/FastEthernet0\/4/a \ speed 100\n duplex full
/FastEthernet0\/5/a \ speed 100\n duplex full
/FastEthernet0\/6/a \ speed 100\n duplex full
/FastEthernet0\/7/a \ speed 100\n duplex full
/FastEthernet0\/8/a \ speed 100\n duplex full
/FastEthernet0\/9/a \ speed 100\n duplex full
/FastEthernet0\/10/a \ speed 100\n duplex full
/FastEthernet0\/11/a \ speed 100\n duplex full
/FastEthernet0\/12/a \ speed 100\n duplex full
/FastEthernet0\/13/a \ speed 100\n duplex full
/FastEthernet0\/14/a \ speed 100\n duplex full
/FastEthernet0\/15/a \ speed 100\n duplex full
/FastEthernet0\/16/a \ speed 100\n duplex full
/FastEthernet0\/17/a \ speed 100\n duplex full
/FastEthernet0\/18/a \ speed 100\n duplex full
/FastEthernet0\/19/a \ speed 100\n duplex full
/FastEthernet0\/20/a \ speed 100\n duplex full
/FastEthernet0\/21/a \ speed 100\n duplex full
/FastEthernet0\/22/a \ speed 100\n duplex full
/FastEthernet0\/23/a \ speed 100\n duplex full
/FastEthernet0\/24/a \ speed 100\n duplex full
" sw2.txt > sw2.cfg

sed "

s/switchport host/switchport mode access/g
/FastEthernet0\/1/a \ speed 100\n duplex full
/FastEthernet0\/2/a \ speed 100\n duplex full
/FastEthernet0\/3/a \ speed 100\n duplex full
/FastEthernet0\/4/a \ speed 100\n duplex full
/FastEthernet0\/5/a \ speed 100\n duplex full
/FastEthernet0\/6/a \ speed 100\n duplex full
/FastEthernet0\/7/a \ speed 100\n duplex full
/FastEthernet0\/8/a \ speed 100\n duplex full
/FastEthernet0\/9/a \ speed 100\n duplex full
/FastEthernet0\/10/a \ speed 100\n duplex full
/FastEthernet0\/11/a \ speed 100\n duplex full
/FastEthernet0\/12/a \ speed 100\n duplex full
/FastEthernet0\/13/a \ speed 100\n duplex full
/FastEthernet0\/14/a \ speed 100\n duplex full
/FastEthernet0\/15/a \ speed 100\n duplex full
/FastEthernet0\/16/a \ speed 100\n duplex full
/FastEthernet0\/17/a \ speed 100\n duplex full
/FastEthernet0\/18/a \ speed 100\n duplex full
/FastEthernet0\/19/a \ speed 100\n duplex full
/FastEthernet0\/20/a \ speed 100\n duplex full
/FastEthernet0\/21/a \ speed 100\n duplex full
/FastEthernet0\/22/a \ speed 100\n duplex full
/FastEthernet0\/23/a \ speed 100\n duplex full
/FastEthernet0\/24/a \ speed 100\n duplex full
" sw3.txt > sw3.cfg

sed "

s/switchport host/switchport mode access/g
/FastEthernet0\/1/a \ speed 100\n duplex full
/FastEthernet0\/2/a \ speed 100\n duplex full
/FastEthernet0\/3/a \ speed 100\n duplex full
/FastEthernet0\/4/a \ speed 100\n duplex full
/FastEthernet0\/5/a \ speed 100\n duplex full
/FastEthernet0\/6/a \ speed 100\n duplex full
/FastEthernet0\/7/a \ speed 100\n duplex full
/FastEthernet0\/8/a \ speed 100\n duplex full
/FastEthernet0\/9/a \ speed 100\n duplex full
/FastEthernet0\/10/a \ speed 100\n duplex full
/FastEthernet0\/11/a \ speed 100\n duplex full
/FastEthernet0\/12/a \ speed 100\n duplex full
/FastEthernet0\/13/a \ speed 100\n duplex full
/FastEthernet0\/14/a \ speed 100\n duplex full
/FastEthernet0\/15/a \ speed 100\n duplex full
/FastEthernet0\/16/a \ speed 100\n duplex full
/FastEthernet0\/17/a \ speed 100\n duplex full
/FastEthernet0\/18/a \ speed 100\n duplex full
/FastEthernet0\/19/a \ speed 100\n duplex full
/FastEthernet0\/20/a \ speed 100\n duplex full
/FastEthernet0\/21/a \ speed 100\n duplex full
/FastEthernet0\/22/a \ speed 100\n duplex full
/FastEthernet0\/23/a \ speed 100\n duplex full
/FastEthernet0\/24/a \ speed 100\n duplex full
" sw4.txt > sw4.cfg

The BB1, BB2 and BB3 routers also need to be changed, but as the config never changes in any of the labs you can just download the fixed versions of all 3 from here:

I also need a script on my dynamips box that will up all the interfaces on the NICs and then run dynamips. This is my start script:

#!/bin/bash
#Bring interfaces up
ifconfig eth1 up
ifconfig eth2 up
ifconfig eth3 up
ifconfig eth4 up
ifconfig eth5 up
ifconfig eth6 up
ifconfig eth7 up
ifconfig eth8 up
ifconfig eth9 up
ifconfig eth10 up
ifconfig eth11 up
ifconfig eth12 up

#Start Hypervisor
dynamips -H 7200 &

Finally, my actual dynagen .net file I use on my laptop looks like so:

 autostart = false

[10.20.30.12:7200]
 workingdir = /data/dynamips/working

[[3725]]
 image = /data/dynamips/ios/3725/c3725-adventerprisek9-mz.124-15.T14.UNCOMPRESSED.bin
 ram = 142
 idlepc = 0x6026be14
 ghostios = True
 mmap = True

[[ROUTER r1]]
        model = 3725
        console = 2001
        f0/0 = nio_linux_eth:eth4
        s0/0 = FRAME 1

[[ROUTER r2]]
        model = 3725
        console = 2002
        f0/0 = nio_linux_eth:eth5
        s0/0 = FRAME 2

[[ROUTER r3]]
        model = 3725
        console = 2003
        slot1 = NM-4T
        f0/0 = nio_linux_eth:eth8
        f0/1 = nio_linux_eth:eth12
        s1/0 = FRAME 3
        s1/1 = FRAME 13
        s1/2 = r1 s0/1
        s1/3 = r2 s0/1

[[ROUTER r4]]
        model = 3725
        console = 2004
        f0/0 = nio_linux_eth:eth7
        f0/1 = nio_linux_eth:eth11
        s0/0 = FRAME 4
        s0/1 = r5 s0/1

[[ROUTER r5]]
        model = 3725
        console = 2005
        f0/0 = nio_linux_eth:eth2
        f0/1 = nio_linux_eth:eth6
        s0/0 = FRAME 5

[[ROUTER r6]]
        model = 3725
        console = 2006
        f0/0 = nio_linux_eth:eth3
        f0/1 = nio_linux_eth:eth1
        s0/0 = FRAME 6

[[ROUTER bb1]]
        model = 3725
        console = 2007
        slot1 = NM-4T
        s1/0 = bb3 s1/0
        s1/1 = FRAME 21

[[ROUTER bb2]]
        model = 3725
        console = 2008
        f0/0 = nio_linux_eth:eth10

[[ROUTER bb3]]
        model = 3725
        console = 2009
        slot1 = NM-4T
        f0/0 = nio_linux_eth:eth9

[[FRSW FRAME]]

  #
  # R1 to FRSW
  #
  1:102 = 2:201
  1:103 = 3:301
  1:113 = 13:311
  1:104 = 4:401
  1:105 = 5:501
  #
  # R2 to FRSW
  #
  2:203 = 3:302
  2:213 = 13:312
  2:204 = 4:402
  2:205 = 5:502
  #
  # R3 to FRSW
  #
  3:304 = 4:403
  3:305 = 5:503
  13:314 = 4:413
  13:315 = 5:513
  #
  # R4 to FRSW
  #
  4:405 = 5:504
  #
  # R6 to FRSW
  #
  6:51 = 21:51
  6:100 = 21:100
  6:101 = 21:101
  6:201 = 21:201
  6:301 = 21:301
  6:401 = 21:401

Building my topology

So now it’s time to actually build my topology. There are a number of issues I’d like to get my head around. It helps to know what the planned set up is going to be.

I plan to use my laptop for my studies. From my laptop I’ll be connecting to my dynamips box. My dynamips box is connected to 4 switches. I need to be able to console into all 4 switches remotely, but I don’t want to buy a terminal server. I also want to be able to telnet into all the routers running on the dynamips box.

This is how it’ll look:
dynsetup Building my topology

This is all possible of course, and I’ll be showing how I did it.

I needed 12 ‘breakout’ ports on the system. Essentially dynamips can map emulated router ports to real ports, allowing you to connect your emulated routers to real switches. I went and bought 3 of these on ebay (Sun Quad Fast PCI Ethernet Card 501-4366):
 Building my topology

However, first issue. I can only fit 2 NIC’s in my box. The cards are long, and the 3rd simply down not fit in the box:P1010975 Building my topologyYou can see that there is a heatsinked chip in the way as these cards are very long.

So I went and bought 4 of these:
NT0014 bg Building my topologyBut these things are pretty awful. They are more bulky than they look, and Ubuntu just doesn’t like to see more than one of them. It’s also messy.

I then decided to find a smaller 4 port NIC that would work. I looked around and found the Dlink DFE-580TX.
CategoryImages DFE580TXl Building my topology

Will this fit? It does indeed!
P1010979 Building my topology

I’ve downloaded and installed the latest version of Ubuntu 64bit server (At this time, 10.10)

Does Ubuntu see all my NICs?

darreno@ubuntu10:~$ lspci | grep Ethernet
02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller (rev 03)
04:04.0 Ethernet controller: D-Link System Inc DL10050 Sundance Ethernet (rev 15)
04:05.0 Ethernet controller: D-Link System Inc DL10050 Sundance Ethernet (rev 15)
04:06.0 Ethernet controller: D-Link System Inc DL10050 Sundance Ethernet (rev 15)
04:07.0 Ethernet controller: D-Link System Inc DL10050 Sundance Ethernet (rev 15)
05:00.1 Ethernet controller: Sun Microsystems Computer Corp. Happy Meal 10/100 Ethernet [hme] (rev 01)
05:01.1 Ethernet controller: Sun Microsystems Computer Corp. Happy Meal 10/100 Ethernet [hme] (rev 01)
05:02.1 Ethernet controller: Sun Microsystems Computer Corp. Happy Meal 10/100 Ethernet [hme] (rev 01)
05:03.1 Ethernet controller: Sun Microsystems Computer Corp. Happy Meal 10/100 Ethernet [hme] (rev 01)
06:00.1 Ethernet controller: Sun Microsystems Computer Corp. Happy Meal 10/100 Ethernet [hme] (rev 01)
06:01.1 Ethernet controller: Sun Microsystems Computer Corp. Happy Meal 10/100 Ethernet [hme] (rev 01)
06:02.1 Ethernet controller: Sun Microsystems Computer Corp. Happy Meal 10/100 Ethernet [hme] (rev 01)
06:03.1 Ethernet controller: Sun Microsystems Computer Corp. Happy Meal 10/100 Ethernet [hme] (rev 01)

How has Ubuntu numbered those interfaces? You can find out like this:

darreno@ubuntu10:~$ sudo vi /etc/udev/rules.d/70-persistent-net.rules
# PCI device 0x10ec:0x8168 (r8169)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:24:21:de:ed:1e",
 ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"

# PCI device 0x108e:0x1001 (hme)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="08:00:20:8d:49:19",
 ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth6"

# PCI device 0x1186:0x1002 (sundance)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:0d:88:cd:4f:7a",
 ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth4"

You can see that eth0 is my onboard NIC. eth6 is one of the Sun’s ports and eth4 is one of the D-Link’s ports.

I need to set up my networking interfaces file so ifconfig knows that they are there. I’m going to be putting them in manual mode, and use a script to start them up when I need to run my topologies.

darreno@ubuntu10:~$ sudo vi /etc/network/interfaces
# The primary network interface
auto eth0
iface eth0 inet static
address 10.20.30.12
netmask 255.255.255.0
gateway 10.20.30.254
#
# Sun
auto eth1
iface eth1 inet manual

# D-Link
auto eth2
iface eth2 inet manual
#
auto eth3
iface eth3 inet manual
#
auto eth4
iface eth4 inet manual
#
auto eth5
iface eth5 inet manual

# Sun
auto eth6
iface eth6 inet manual
#
auto eth7
iface eth7 inet manual
etc....

I have no terminal server, so I’ve just done this: Why buy a terminal server when an old PC will do

Right. So now I have my 12 NIC ports. I have 4 serial cables connected for my switches. The only thing left now is the topology itself. Dynamips allows you to breakout your emulated routers to real switches. This is simple to do in the .net file.

Usually in a .net file, you specify that a particular router port is connected to another router port like so:

[[Router CR1]]
  model = 3725
  console = 2001
  slot1 = NM-4T
  slot2 = NM-1FE-TX
  s1/0 = AR1 s1/0
  s1/2 = AR3 s1/2
  Fa0/0 = CR3 Fa0/0
  Fa2/0 = CR2 Fa2/0

In the above configuration, I’m telling dynamips that R1′s S1/0 interface is connected to AR1′s S1/0 interface. R1′s Fa0/0 interface is connected to CR3′s Fa0/0 interface and so on.

Instead of doing it that way, you could do it this way:

[[Router CR1]]
  model = 3725
  console = 2001
  slot1 = NM-4T
  slot2 = NM-1FE-TX
  s1/0 = AR1 s1/0
  s1/2 = AR3 s1/2
  Fa0/0 = NIO_linux_eth:eth3
  Fa0/1 = NIO_linux_eth:eth2

In the above I’m telling dynamips to map R1′s Fa0/0 interface to eth3, and Fa0/1 to eth2. This then allows me to run a cat5 cable from eth3 on the server to a real switch. It’s also important to note that you can mix and match both modes so you can get very complex topologies.

Let’s cook up a quick bash script that will bring up my interfaces and start the dynamips process.

darreno@ubuntu10:~$ sudo vim /etc/ccie.sh
#!/bin/bash
#Bring interfaces up
ifconfig eth1 up
ifconfig eth2 up
ifconfig eth3 up
ifconfig eth4 up
ifconfig eth5 up
ifconfig eth6 up
ifconfig eth7 up
ifconfig eth8 up
ifconfig eth9 up
ifconfig eth10 up
ifconfig eth11 up
ifconfig eth12 up

#Start Hypervisor
dynamips -H 7200 &
sudo chmod +x /etc/ccie.sh
darreno@ubuntu10:~$ sudo /etc/ccie.sh
darreno@ubuntu10:~$ Cisco Router Simulation Platform (version 0.2.8-RC2-amd64)
Copyright (c) 2005-2007 Christophe Fillot.
Build date: May  9 2009 18:06:28

ILT: loaded table "mips64j" from cache.
ILT: loaded table "mips64e" from cache.
ILT: loaded table "ppc32j" from cache.
ILT: loaded table "ppc32e" from cache.

A quick look via ifconfig shows all 12 interfaces up.

Let’s test all of this with a simple topology. 3 routers to break out to a single 3560 switch:

autostart = False
[10.20.30.12:7200]
    workingdir = /data/dynamips/working
    [[3725]]
        image = /data/dynamips/ios/3725/c3725-adventerprisek9-mz.124-15.T14.UNCOMPRESSED.bin
        ram = 142
        idlepc = 0x6026be14
        ghostios = True
    [[ROUTER R5]]
        model = 3725
        console = 2005
        f0/0 = nio_linux_eth:eth4
        f0/1 = nio_linux_eth:eth5
    [[ROUTER R1]]
        model = 3725
        console = 2001
        f0/0 = nio_linux_eth:eth1
    [[ROUTER R3]]
        model = 3725
        console = 2003
        f0/0 = nio_linux_eth:eth2
        f0/1 = nio_linux_eth:eth3

I’ve started the topology up and connected the correct eth ports to the 3560. Let’s have a look at CDP:

R3#sh cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
3560TOP          Fas 0/1            158          S I      WS-C3560- Fas 0/6
3560TOP          Fas 0/0            129          S I      WS-C3560- Fas 0/4

What about on the switch itself?

darreno@ubuntu10:~$ telnet localhost 3000
3560TOP#sh cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
                  D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
R3               Fas 0/6           152             R S I  3725      Fas 0/1
R3               Fas 0/4           151             R S I  3725      Fas 0/0
R1               Fas 0/5           150             R S I  3725      Fas 0/0
R5               Fas 0/7           149             R S I  3725      Fas 0/0

Finally, let’s do a layer 3 test between 2 routers going through the 3560:
R5

interface FastEthernet0/0
 ip address 10.1.1.5 255.255.255.0

R1

interface FastEthernet0/0
 ip address 10.1.1.1 255.255.255.0

R1#ping 10.1.1.5 repeat 100

Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 10.1.1.5, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 1/4/24 ms

Perfect. Everything works just as expected :)

Capture packets directly inside dynamips

I had no idea that dynagen could actually do this, but it’s pretty damn awesome. Dynagen/Dynamips can output any interface’s traffic directly to a .cap file ready to be read in tcpdump or Wireshark.

How do we do this?

Let’s take a simple topology. R2 and R4 are running OSPF with each other, directly connected via their Fa0/1 interfaces. I want to capture packets going in and out of R2′s interface.

Dynamips/Dynagen has started:

=> list
Name       Type       State      Server          Console
R2         7200       running    localhost:7200  2002
R4         7200       running    localhost:7200  2004

You start capturing like so:

=> capture R2 fa0/1 /tmp/R2.cap

Stop the capture:

=> no capture R2 fa0/1

We now have a file named R2.cap in the /tmp folder. We can open it either in tcpdump or Wireshark:

darreno@Zenoss:/tmp$ sudo tcpdump -r R2.cap
reading from file R2.cap, link-type EN10MB (Ethernet)
16:37:26.959354 IP 7.3.24.2 > OSPF-ALL.MCAST.NET: OSPFv2, Hello, length 56
16:37:28.930017 CDPv2, ttl: 180s, Device-ID 'R2', length 318
16:37:32.827991
16:37:36.959745 IP 7.3.24.2 > OSPF-ALL.MCAST.NET: OSPFv2, Hello, length 56
16:37:42.855127
16:37:46.930856 IP 7.3.24.2 > OSPF-ALL.MCAST.NET: OSPFv2, Hello, length 56
16:37:52.846687
16:37:56.940269 IP 7.3.24.2 > OSPF-ALL.MCAST.NET: OSPFv2, Hello, length 56
16:38:02.826550
16:38:06.943788 IP 7.3.24.2 > OSPF-ALL.MCAST.NET: OSPFv2, Hello, length 56
16:38:12.836321
16:38:16.947188 IP 7.3.24.2 > OSPF-ALL.MCAST.NET: OSPFv2, Hello, length 56
16:38:22.835339
16:38:26.932277 IP 7.3.24.2 > OSPF-ALL.MCAST.NET: OSPFv2, Hello, length 56
16:38:28.940528 CDPv2, ttl: 180s, Device-ID 'R2', length 318

wiresharkdynamips Capture packets directly inside dynamips

Very handy indeed!