• vEOS/cEOS GNS3 Labs

 
 
Print Friendly, PDF & Email

Introduction

vEOS-lab/cEOS-lab on GNS3 – What is it?

  • Fast, Multi-user, Efficient nested virtual lab using Qemu/Kvm/docker images of vEOS-lab/cEOS-lab
  • Dynamic persistent config/storage of each cEOS container across stop/starts and GNS3 project closure/re-opens
  • Deployed in minutes on ESXi host. Cloning and creating another bubble is easy, fast and can be moved around
  • Integrated data plane traffic generation tool (Ostinato) in this lab
  • Packet capture on any links between vEOS/cEOS devices

Required SW/HW 

GNS3 Server VM (Ubuntu 18.04 LTS VM + GNS3 Server)

  • VMware Host system running ESXi version 6 or above with Mgmt Network access
    • ESXi host to deploy this GNS3 Server VM – allocate about 16 Core/64G memory 
    • On the ESXi Host , change security settings for the Host/VM Network to allow Promisc mode, forged MAC etc
  • GNS3 Server VM running Ubuntu 18.04 LTS (hosted on the above VMWare ESXi host)
    • cEOS/vEOS images etc – Deployable OVA file
    • Optional Ostinato 0.9 appliance for traffic generator  
    • Optional openvpn for direct SSH from your laptop to internal virtual instances of vEOS/cEOS instances running on ESXi server
  • GNS3 Client running on your Mac/Windows system
    • GNS3 Client App for Mac/Linux v2.2.3
    • Optional – Chicken VNC for MAC for VNC consoles to GUI VMs/Ostinato appliances. You don’t need this if you only have cEOS/vEOS instances in your GNS3 topology
    • Optional – Ostinato 0.9 Client App for Mac – packet generation tool GUI ($15)
    • Optional – TunnelBlick VPN for Mac/Openvpn for Ubuntu – To run private tunnel from your Mac to GNS3 Lab Server VM for SSH access to vEOS/cEOS instances

vEOS-lab/cEOS-lab on GNS3 – how is it setup?

  • GNS3 server runs on Ubuntu VM on a remote ESXi host
  • GNS3 Client App for Mac/Linux v2.2.3 
  • vEOS/cEOS-lab images
  • GNS3 Server Ubuntu VM has 16 Core/128G memory to run multiple parallel topologies/gns3 projects and multiple users share the same resource on GNS3 server

vEOS/cEOS-Lab on GNS3 – How it works?

  • TunnelBlick VPN for Mac/Openvpn for Ubuntu – private tunnel from Mac to GNS3 server VM
  • Chicken VNC for MAC for VNC consoles to VMs/Ostinato appliances
  • Using qcow2 images rather than vmdk/Aboot due to increased performance with qcow2 when using Qemu/KVM
  • Allocate 2GB per vEOS-lab instance (4GB preferred) 

 

Setting up GNS3 Server VM/Client

GNS3 Server VM

  • Install/Setup VMware Host system running ESXi version 6 or above with Mgmt Network access that you can SSH/access the ESXi host from your Mac
    • Login to ESXi Web client and change security settings for the Host/VM Network to allow Promisc mode, forged MAC etc
    • Deploy new Ubuntu VM on this ESXi host using vCenter or ESXi host web client
      • Allocate 64GB memory/32 Core CPU/200GB HDD for this Ubuntu VM and 1 Network interface for Mgmt SSH access to this VM
      • Install Ubuntu 18.04 LTS version on this VM
      • Configure Mgmt network interface on the VM with IP address, DNS, default gw
  • Verify SSH access to Ubuntu VM from your MAC
  • Install GNS3 server on this Ubuntu VM using the steps below

GNS3 Client 

Assuming you have setup GNS3 Server VM in one of the above options and its up and running and you have IP reachability, proceed to setting up the GNS3 Client as per below,

  • Get your GNS3 Client install file from GNS3.com and install the same using steps here
  • Verify ping to GNS3 Lab Server is accessible from your Mac/system
  • Run GNS3 client from Mac by going to /Applications/GNS3.app/Contents/MacOS and issue ./gns3 
    • Goto Help – > Setup Wizard – > Select “Run everything on a remote server” option and – > Next 
    • Fill in the Host -> IP address of GNS3 Lab Server VM, Port ->  3080 TCP , User -> admin , Password -> admin
    • Next – > Finish. You should see “Main Server CPU / Memory “ in Servers summary tab on right side of GNS3 

You are done with setting up GNS3 Client and you can start using/building the topology.

Setting up new cEOS-lab image on GNS3 Server

  • Download the docker cEOS-lab (cEOS-lab.tar.xz) image into your Mac from Arista downloads page and rename this with version e.g cEOS-lab.4.21.0F.tar.xz
  • Scp the “cEOS-lab.4.21.0F.tar.xz” image file to GNS3 Lab Server VM 
    • scp cEOS-lab.4.21.0F.tar.xz gns3@gopi-vrouter:/tmp
  • SSH to GNS3 Lab Server VM and import the new docker image, (below step will take care of config persistent across container reboots and you can skip the steps in Setting up cEOS image for config persistence)
    • sudo docker import –change ‘VOLUME /mnt/flash/’ /tmp/cEOS-lab.4.21.0F.tar.xz ceosimage:4.21.0F
  • Run GNS3 client from Mac by going to /Applications/GNS3.app/Contents/MacOS and issue ./gns3 
  • Goto GNS3 Preferences -> Docker Containers -> Click New -> Select Existing Image and select “ceosimage:4.21.0f” from the dropdown list and -> Next -> 
  • Container Name -> type in “ceosimage:4.21.0f” => Next 
  • Network Adapters -> Type “22” -> Next 
  • Start Command “/sbin/init –privileged /sbin/init systemd.setenv=INTFTYPE=eth systemd.setenv=ETBA=1 systemd.setenv=SKIP_ZEROTOUCH_BARRIER_IN_SYSDBINIT=1 systemd.setenv=CEOS=1 systemd.setenv=EOS_PLATFORM=ceoslab systemd.setenv=container=docker” – > Next 
  • Console Type “telnet” -> Next 
  • Environment – Apply the following 

CEOS=1
container=docker
EOS_PLATFORM=ceoslab
SKIP_ZEROTOUCH_BARRIER_IN_SYSDBINIT=1
ETBA=1
INTFTYPE=eth
MGMT_INTF=eth21

  •  -> Finish – > Apply -> Ok
  • The new cEOS image 4.21.0F we uploaded now should be available in GNS3 as device template which we can add to topology

Setting up vEOS-lab image in GNS3 with QEMU/KVM support

This is better than running vEOS instances in ESX or Vbox directly as that requires high CPU/Memory.  This model requires no Vbox or running vEOS as VM into ESX. GNS3 uses QEMU to run the vEOS instances with KVM support.

Setting up Arista vEOS-lab in GNS3 using QEMU

  • Download both Aboot ISO file and vEOS-lab.vmdk files from Arista to your Mac.
  • Launch GNS3 Client app in your Mac
  • Goto GNS3 – Preferences – > Qemu VMs 
  • New -> Type name, -> Leave Qemu binary , RAM as defaults , Console as telnet, New Image and use Browse to select the vEOS-lab.vmdk Disk Image for HDA -> Finish
  • Finally, edit the same image and update Aboot*.iso image in place of CD/DVD image 

That’s it, all the setup done. Get started with building virtual topologies.

Building your new vEOS-lab/cEOS-lab Topology

  • You can start building the vEOS/cEOS topology using the GNS3 guide here
  • Create a new project from File menu 
  •  Add the “ceosimage-vxlan2” from “Browse All Devices” and drag that to workspace. Add as many devices you need for your topology. 
  • Use “Add a Link” tool to connect the cEOS instances (don’t use eth0)
  • Finally, start the vEOS/cEOS instances by clicking on the play button on the top which will start all the cEOS instances you added

You can select any of the ceos instance from the topology and select “AUX console” to access the console of cEOS instance for configuring it. It will give you # prompt and type “Cli” to get the Cli access of an cEOS docker container running. You can access vEOS console by selecting the “Console” option.

General Instructions

  • Use “docker ps -a” to see the container status in the cEOS console
  • Use “docker exec -it ceos bash” to enter the bash shell of cEOS. You can execute Cli on the bash to spawn a Cli session.
  • Use “docker exec -it <ContainerId/name> pstree” to list the process tree of a given docker container
  • Use “docker exec -it ceos Cli” to directly access the cEOS cli.

Optional tools setup

Setup Openvpn for SSH from Mac to vEOS/cEOS instances

This is required only if you need direct SSH access from your Mac to virtual vEOS/cEOS instances running on the remote GNS3 Server. Alternatively, you can console to each of these vEOS/cEOS instances from GNS3 GUI.

On GNS3 Server VM

  • Install Openvpn server using the “openvpn-install.sh” script steps here
  • Edit Openvpn server config using vi /etc/openvpn/server.conf and do the following 
    • #push “redirect-gateway def1 bypass-dhcp”
    • #push “dhcp-option DNS 127.0.0.1”
    • Add the following line, 
    • push “route 192.168.10.0 255.255.255.0” 
      • this subnet will be used by all the GNS3 emulated cEOS/vEOS/Ostinato VMs for Mgmt network SSH access from your Mac
  • Edit /etc/rc.local & update with following GNS bridge/tap interfaces to connect the GNS3 Cloud
    • #GNS3 Tap interfaces for accessing virtual devices from outside
      modprobe tun
      sleep 2
      tunctl -u gns3
      tunctl -u gns3
      tunctl -u gns3
      tunctl -u gns3
      sleep 2
      ifconfig tap0 0.0.0.0 promisc up
      ifconfig tap1 0.0.0.0 promisc up
      ifconfig tap2 0.0.0.0 promisc up
      ifconfig tap3 0.0.0.0 promisc up
      brctl addbr br0
      sleep 2
      brctl addif br0 tap0
      brctl addif br0 tap1
      brctl addif br0 tap2
      brctl addif br0 tap3
      sleep 2
      ifconfig br0 192.168.10.1 netmask 255.255.255.0 up
      exit 0
  • Cat /etc/network/interfaces and add the following
    # Host only interface
    auto eth0
    iface eth0 inet static
    address xxx.xx.xx.xx
    netmask xxx.xxx.xxx.0
    gateway xxx.xx.xx.x
    dns-nameservers xxx.xx.xx.x
    search sjc.aristanetworks.com
  • Reboot GNS3 Lab Server VM and verify the br0 and tap0 interfaces are UP (ifconfig br0 / ifconfig tap0 / brctl show )
    Verify the Openvpn server is running e.g
    root@gns3vm:~# sudo /etc/init.d/openvpn status
    * VPN ‘server’ is running

GNS3 Client System

Following steps are required only on GNS3 Client system (your Mac). 

Download Tunnelblick stable version from here and install the same in your Mac. Once the app installed in your Mac, now you need to create VPN configurations and the following steps have to be performed on the GNS3 Server VM. 

Follow instructions on the below URL in section “How to add a new Client?” Script for generating new client VPN configuration located in /root/openvpn-install.sh

Commands to start/stop openvpn server on linux,

sudo systemctl stop openvpn@server
sudo systemctl enable openvpn@server.service
sudo systemctl start openvpn@server

https://www.cyberciti.biz/faq/howto-setup-openvpn-server-on-ubuntu-linux-14-04-or-16-04-lts/

The new generated *.ovpn file needs to be copied to your local Mac system using Scp. Once the *.ovpn file copied to your Mac, you can drag that file from Finder and drop it in the “Configurations” tab of TunnelBlick application as below. 

Finally, select the dropped VPN config and settings for the same and modify the parameters as below in Settings, 

  • Select “do not set Nameserver”
  • Disable “Route all Ipv4 traffic through VPN”

From the Tunnelblick Icon on the top, connect to GNS3 Lab Server , 

Once tunnel established with GNS3 Server VM, you can SSH to vEOS/cEOS instances directly from your Mac. 

NOTE: You do need to connect the cEOS/vEOS to Cloud in GNS3 topology and also configure the devices with “192.168.10.x/24” subnet IPs and GW as 192.168.10.1 (GNS3 Server VM IP br0 192.168.10.1) which can be accessed over the VPN tunnel established between Mac and GNS3 Server VM.

Data/Control plane Traffic to vEOS/cEOS instances

  • IPterm-macVLAN – real end-host applications like ping/ftp, iperf
    • Use ipterm container simulating end hosts connected to vEOS/cEOS 
    • Using macVlan on the ipterm to sending VLAN tagged frames with unique MAC address
  • Ostinato – Custom traffic patterns/end host simulation
    • Can generate custom traffic patterns with 100s of packets per second
    • Can capture the received traffic and analyze using wireshark
  • Packet Capture – Data Plane/control plane traffic capture/analyze
    • Use any link between any devices to capture traffic
    • Uses wireshark to analyze the capture packets

Traffic Generation/Capture using Ostinato Appliance 

Follow this video to use the Ostinato appliance for setting up traffic generation/capture.https://www.youtube.com/watch?v=SmFWlIhOEQY

You can also install Ostinato Client application from Mac to control/generate/capture packets from the GNS3 appliance towards the vEOS/cEOS instances. This is much more convenient rather using VNC to access the Ostinato appliance and controlling the Ostinato application over VNC. This also requires IP access to virtual instances running on the GNS3 Lab Server. 

Please see check above on how to enable SSH access from your Mac to virtual lab instances (cEOS, vEOS, Ostinato).

Setting up new cEOS image for config persistence on /mnt/flash across reboots

Creating GNS3 Docker base image with VOLUME from existing CEOS image, this can be done in two ways, 

(https://www.mirantis.com/blog/how-do-i-create-a-new-docker-image-for-my-application/)

https://www.gns3.com/qa/gns3-overwrites-persistent-docke

  • Option 1 – Use the docker import to specify the mount directories for config persistence, 
  • Option 2 – Create Dockerfile and include the mount/persistence parameters in that. 

Steps for Option 1

Scp the new docker container cEOS-lab image to GNS3 Lab Server VM and issue the following command to import the new image with config persistence,

sudo docker import –change ‘VOLUME /mnt/flash/’ /tmp/cEOS-lab.4.21.0F.tar.xz ceosimage:4.21.0F

Steps for Option 2 

root@gns3vm:~# cat Dockerfile
FROM ceosimage:vxlan
RUN touch /mnt/flash/startup-config
VOLUME /mnt/flash/
Build the new base image using the Docker file created above with name ceosimage:vxlan2
docker build -t ceosimage:vxlan2 .

Finally, create the docker container using the new image, 

docker create –name=ceos13 –privileged -e CEOS=1 -e container=docker -e EOS_PLATFORM=ceoslab -e SKIP_ZEROTOUCH_BARRIER_IN_SYSDBINIT=1 -e ETBA=1 -e INTFTYPE=eth -t ceosimage:vxlan2 /sbin/init

Docker commands, 

docker stop $(docker ps -a -q) stops all running containers
kill all running containers with docker kill $(docker ps -q)
delete all stopped containers with docker rm $(docker ps -a -q)

Building docker ubuntu/ipterm image with startup script and VLAN/MacVLANs, 

Step 1:Build Dockerfile for ubuntu/ipterm Docker images

gns3@gopi-ubuntu18:~$ cat Dockerfile
FROM gns3/ipterm:latest
RUN sed -i ‘/jessie-updates/d’ /etc/apt/sources.list
RUN apt-get update && apt-get -y install openssh-server vlan net-tools sudo
RUN adduser gns3
RUN adduser gns3 sudo
RUN echo ‘gns3:gns3’ | chpasswd
RUN echo ‘%sudo ALL=(ALL) NOPASSWD:ALL’ >> /etc/sudoers
ADD startup.sh /root/
RUN chmod 755 /root/startup.sh
CMD [“/root/startup.sh”]

Step 2: Build the startup script for Docker containers to execute when they bootup

gns3@gopi-ubuntu18:~$ cat startup.sh
#!/bin/bash
/usr/sbin/service ssh start
echo “Started SSH service ..”
echo “Setting up eth0 for Mgmt access of this docker container ..”
ip addr add 192.168.10.201/24 dev eth0
ip link set dev eth0 up
route add default gw 192.168.10.1

echo “Starting VLAN and IP configurations.. modify /root/startup.sh if you need to change”
ip link add link eth1 name eth1.3001 address 00:aa:30:01:00:01 type vlan id 3001
ip link add macvlan1 link eth1.3001 type macvlan
ip addr add 168.1.1.10/24 dev eth1.3001
ip link set dev macvlan1 up
ip link set dev eth1.3001 up
ip -6 addr add 2000:168:1:1::10/118 dev eth1.3001
ip link add link eth1 name eth1.3002 address 00:aa:30:02:00:01 type vlan id 3002
ip link add macvlan2 link eth1.3002 type macvlan
ip addr add 168.1.2.10/24 dev eth1.3002
ip link set dev macvlan2 up
ip link set dev eth1.3002 up
ip -6 addr add 2000:168:1:2::10/118 dev eth1.3002
echo “Completed VLAN and IP configurations ..”
/bin/bash

Step 3: Set the 755 permission for startup.sh script

gns3@gopi-ubuntu18:~$ stat startup.sh
File: startup.sh
Size: 778       Blocks: 8          IO Block: 4096 regular file
Device: fd00h/64768d Inode: 786504      Links: 1
Access: (0755/-rwxr-xr-x)  Uid: ( 1001/ gns3) Gid: ( 1001/    gns3)
Access: 2019-05-02 16:20:49.317271541 -0700
Modify: 2019-05-02 16:20:44.509345593 -0700
Change: 2019-05-02 16:20:44.513345531 -0700

Step 4: Build the docker image using the above Dockerfile and startup.sh script

gns3@gopi-ubuntu18:~$ sudo docker build -t ipterm:gopi .

Ostinato GNS3 Appliance Config Persistence

Please follow the below link to setup Ostinato GNS3 appliance for persistence network configs.

http://www.brianlinkletter.com/persistent-configuration-changes-in-tinycore-linux/

 

 

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: