Get best of the week

Imitated Cisco identical to natural

image

Recently, I ran into the problem of choosing an environment for exploring some features of Cisco routers . I used to use GNS3, but now I decided to see what has changed in the world. As it turned out, progress has stepped far forward. Plunging into the abyss of articles and forums, I found that a huge amount of information from them is already outdated. In order not to get confused in the variety of software, I made myself a small cheat sheet (relevance - March 2020). Now I want to put it on public trial. Firstly, so as not to disappear (it seems to me that this can be useful to someone, since in one place I did not find all the means at once). Secondly, perhaps in the comments they will indicate errors in the descriptions and this will improve the review.

So, if you don’t have an “iron” switch / router (s) on hand to prepare for exams / practice features before implementation / advanced training, then most likely you will be helped out:

1. Simulators
1.1. Cisco Packet Tracer
1.2. Boson NetSim
2. Emulators
2.1. Dynamips + Dynagen
2.2. IOU / IOL + WebIOL
2.3. Virtual machines for QEMU / VMWare / ...
3. Laboratory environments
3.1. VIRL
3.2. GNS3
3.3. iou-web → UNetLab → EVE-NG
4. Remote laboratory of the manufacturer

1. Simulators


This class of software mimics the work of the original software, but it is not. Simulator software contains significant simplifications and is intended only to reproduce the external behavior of the object under study. Simulators have their own set of bugs, performance, and not all functionality is implemented. Therefore, they are mainly used at low levels of education. They are not suitable for sophisticated specialists. But for beginners - that’s it.

1.1. Cisco Packet Tracer (CPT)


The most famous simulator for Cisco. On the Internet (and on Habr in particular) there are a lot of materials devoted to work with it. This tool is well known to those who study Cisco in the official courses of the manufacturer. It allows you to make quite complex networks of Catalyst 2960 switches, ISR (Integrated Service Router), PC simulators and several other, less significant elements. Current version 7.3. It should be noted that CPT is developing much more slowly than the technologies of its manufacturer. So, for example, there you will not find any modern lineup such as Catalyst 9200, but at the same time there are dinosaurs such as Catalyst 2950, ​​which faithfully simulates a connection without Auto-MDI, 3560 and even an uncontrolled hub (do not confuse with a switch).

All network tools (analyzer, terminal client, etc.) are already included in the CPT interface in their own implementation (which is not surprising, since in reality there are simply no network packets inside the simulator). Therefore, using your favorite Wireshark and PuTTY will not succeed. But in it there is a debugger that allows you to step-by-step visualize the packet passing through the network - other tools cannot boast of such features.
CPT is a proprietary product and is not in the public domain. But getting it for free is easy enough. To do this, go to the website of the Cisco Network Academy - https://netacad.com, find the Cisco Packet Tracer course there, register on the site and sign up for it. After that, in the resources of the course you can download CPT (available for different operating systems). When launched, CPT will ask you for a network academy account. That is why do not waste time on versions from torrents with shared keys that are periodically banned.

By the way, Cisco ASA has a packet-tracer command that allows you to check your firewall settings. So, she has nothing to do with Packet Tracer.

1.2. Boson NetSim


Another simulator focused on exam preparation for CCNA and CCNP official Cisco certification. Available at https://www.boson.com/netsim-cisco-network-simulator . The simulator is paid: the price ranges from $ 179 to $ 349 for different versions of exams. Available only under Windows.

It is a collection of laboratory papers, grouped by examination topics. As can be seen from the screenshots, the interface consists of several sections: description of the task, network map, on the left side is a list of all the labs. After finishing work, you can check the result and find out if everything has been done. It is possible to create your own topologies, with some limitations. [ 1 ]
Perhaps this is all with simulators.

2. Emulators


Emulators are programs designed to run original or slightly modified software on an x86 or x64 platform (in this case). The work of emulators is much closer to the work of real equipment than the work of simulators. Although there may be slight differences. Consider the most common Cisco network device emulators.

2.1. Dynamips + Dynagen


A Cisco router emulator that can run on Windows, Linix, and Mac OS X. Distributed under the GNU GPLv2 license (which cannot be said for the images it uses). Allows you to start a virtual machine with an original OS image from old routers of the 1700, 3725, 7200 families and some others. Allows simulating Ethernet interfaces and endangered ATM and Serial. At the same time, Dynamips cannot work with the firmware of the switches, since their OSs are focused on the use of ASICs, which are found in many switches and are very difficult to simulate on x86 systems.

Dynamips was first published in 2005. It was developed by Christophe Fillot. However, already in 2007, on version 0.2.8 he abandoned this project. Wikipedia writes that there is version 0.2.15 of 2015, but the page with the proof is not available. For Dynamips there was a console frontend Dynagen.

The Cisco IOS operating system is very conservative, so you can easily learn some features even with such old software. However, there is a problem with OS images: IOS cannot officially be purchased for 7200 and others for a long time, because they are in a state of not only End of Sale (09/29/2012), but also Last Date of Support (09/30/2017) [ 2]. Therefore, you can not legally use Dynamips. Although it is unlikely that the damage to Cisco from such use can be considered at least any significant for initiating the prosecution, but it can be.

2.2. IOU / IOL + WebIOL


The next emulator is Cisco IOS on UNIX - IOU and its variation of Cisco IOS on Linux - IOL. It is a binary executable file containing the Catalyst switch L3 operating system (L2IOU, yes L2 is not a typo) or the multifunction router ISR (L3IOU), compiled by the manufacturer to run on UNIX / Linux. IOU is characterized by very low resource consumption (relative to other emulators). And unlike Dynamips, it can run switch software. For IOL, there is an official graphical frontend WebIOL (not to be confused with the unofficial iou-web [ 3 ]), which allows you to create complex network topologies from devices.

The problem is that the IOU was developed by Cisco Systems for internal use, so it is available only to employees and partners. Despite this, there are instructions on the Internet for downloading and installing it. However, remember that this is illegal.

Unfortunately, I could not find information about whether IOL is currently developing or whether images for QEMU and VMWare have supplanted it, which will be discussed later. If anyone knows about the fate of the IOU, please share the proofs to improve this paragraph.

2.3. Virtual machines for QEMU / VMWare / ...

In accordance with the general trend for virtualization (and virtualization of network functions in particular - NFV, Network Functions Virtualization), Cisco Systems itself is releasing more and more products in the form of so-called Virtual Appliance, or, more simply, ordinary virtual machines designed to run in common hypervisors: QEMU, VMWare, Hyper-V, etc.

For example, the following products are available as virtual machines.

  • ASAv (Cisco Adaptive Security Virtual Appliance) is a well-known, but somewhat outdated, ITU Cisco ASA. Now in the virtual machine.
  • NGFWv and NGIPSv (Cisco Firepower - Next Generation Firewall and Intrusion Prevention System) - a new generation of security devices.
  • IOS XRv is the IOS-XR version for carrier-grade routers. Such a thing can replace Quagga or something more powerful.
  • CSR1000v (Cloud Service Router) – IOS-XE. VPN, MPLS, VXLAN, .. .
  • NX-OSv – /, IOS-NX, «» Cisco Nexus. .
  • Nexus 1000v – Nexus, Hyper-V VMWare. , , , . [4] .
  • Cisco Nexus Titanum – NX-OS, Cisco.
  • Also, other popular products ISE, WLC, MSE / CMX, etc. are already available as virtual machines.

These software products can be purchased from the manufacturer (at least some of them are very expensive). Previously, the images were available for review at https://cisco.com . Now, to download them, you need a valid service contract for the product, or a secret link from the Cisco manager or their partner. Nevertheless, most images are on torrents and within 60-90 days they provide full functionality. But the use of such images is not entirely legal.
There are two more very interesting images of virtual machines.

  • IOSvL2 - A virtual image of a routing switch.
  • IOSv is a virtual image of a Cisco router.

These images are not distributed separately, but they can be extracted from the VIRL laboratory environment, which will be discussed later. Unfortunately, the VIRL license agreement does not describe the separate use of IOSv, therefore, legal incidents may arise here even with the acquired VIRL.

It should not be confused (and even google and Yandex sometimes confuse them in the issuance) the already considered L2IOU and IOSvL2. These are different software products. [ 5 ]

3. Virtual labs

One virtual machine is good, but a computer network is still a collection of independent nodes. Therefore, often, there is a need to run several emulated devices and make them interact as a whole. It is possible to do this manually, but this approach is difficult. Therefore, there are software products that allow you to automate the creation of virtual network environments and provide it with a graphical interface. There is no separate well-established term for them, so here we will call them virtual laboratories.

3.1. Cisco VIRL


First of all, it is necessary to mention the official virtual laboratory from Cisco. This is Cisco VIRL (Virtual Internet Routing Lab). Current version 1.6. The official site is http://virl.cisco.com (it is funny that in 2020 the site, created by one of the largest manufacturers of network security solutions, does not have a TLS version).

The product is distributed as a virtual machine or package for installation on bare metal. The cost is inhumane $ 199 for 365 days and no more than 20 virtual network nodes (urgent subscription to local software - everything is very fashionable and modern). On Packet.net we have a cloud version VIRL.

VIRL already includes training versions of IOSv, IOSvL2, IOS XRv, NX-OSv, CSR1000v, ASAv images. Also, third-party virtual machines of other network manufacturers can be added to it.

To work with VIRL, its own GUI client is VM Maestro.

3.2. GNS3


The next virtual lab is GNS (Graphical Network Simulator). The first version of GNS appeared in 2007 and was a graphical interface for Dynamips, written in Qt. In 2014, the project was greatly revised (according to the developers, it retained only 5% of the code) and GNS3 appeared. Moreover, “3” is not quite a version, but rather a name. The current version of GNS3 is 2.2. GNS3 now allows you to run not only Dynamips images, but also QEMUs, as well as interact with IOUs and other virtual machines. The application is “thick”, i.e. runs directly on the machine on which it is located. To emulate devices, it can use virtual machines located on the same host or remotely. Supported on Linux, Windows, and Mac OS X.A great advantage of GNS3 is the ability to use the same tools as for working with real hardware: PuTTY, SecureCRT, Wireshark, etc.

GNS3 is distributed free of charge under the GNU GPL. In order to download it, you need to register on the official website of the project: https://gns3.com , and then send a request (!) To receive the distribution, which is considered up to 2 (!) “Business days”. A rare example of network bureaucracy (I wonder what is being checked there during this time?). In the comments, @exhalance suggested that you can use the project page on github.com/GNS3/gns3-gui/releases - “without registration and SMS”.
But the images of virtual machines will have to be taken care of independently. Least of all questions is the use of images taken from VIRL. But these are legal problems. Technically, along with GNS3, you can run all the emulators described above. It must be noted here that GNS3 is not limited to launching Cisco emulators. It supports a number of equipment from various manufacturers: Juniper, MikroTik, Aruba (HPE), Fortinet, etc. [ 6], respectively, allows you to build heterogeneous networks. In addition, GNS3 contains several network primitives of its own: end nodes (Virtual PC Simulator - VPCS), switches, etc. Often you can come across a rebuke to GNS3 about the impossibility of starting switch emulators. But it is not so. Of course, the image of the original 2960 cannot be launched there, but IOSvL2 is supported or L2IOU can be connected.

Despite the fact that the product itself is free, there is a store on its website where they sell software (images), educational materials and just souvenirs.

Added by: It turns out that GNS3 has a WebUI, but it is still beta: https://github.com/GNS3/gns3-web-ui

3.3. iou-web → UNetLab → EVE-NG


And finally, for dessert, in my review there was a virtual laboratory EVE-NG (The Emulated Virtual Environment - Next Generation). Her story began with the fact that in 2012 Andrea Dainese published an unofficial web interface for IOL: iou-web. Then he taught his laboratory to work with other emulators, and so in 2014 UNetLab appeared. And in 2017, Alain Degreffe created a fork of the UNetLab project, which he called EVE-NG. The author of the original UNetLab also had big plans for the development of the project and the release of the second version [ 3 ], but gradually he abandoned this idea: “ Don’t ask for UNetLab2 and go with GNS3, VIRL or EVE-NG, ” he wrote as a result. Thus, EVE-NG is the only relevant product line. Current Version: 2.0
EVE-NG in its functionality is very similar to GNS3: almost the same set of emulators and support for similar device images (and in the same way many manufacturers other than Cisco are supported). However, the distribution form and interface are different: EVE-NG is a virtual machine that can be run at your workplace or on a dedicated server. Laboratory management is carried out from a browser (in the virtual machine, among other things, a web server is built in). Just like GNS3, EVE-NG comes without images and you need to get them (in the sense of “buy”, of course) and upload them to the laboratory yourself. Using a web interface makes the laboratory cross-platform.Also, a virtual machine is, by definition, easy to deploy and free from complex software dependencies (distributed in the OVF format - Open Virtualization Format and plays perfectly in the free (for private use) VMWare Player. Despite the isolation of the environment in a virtual machine, it also works You can use PuTTY, SecureCRT, Wireshark, etc.

EVE-NG supports multi-user lab experience. Including in different roles. For example, a student collecting a lab and a teacher looking after him.
EVE-NG is distributed under its own license in a free public (community) and paid professional or educational versions [ 7 ]. The paid version differs in the role model (in the free one there is only one administrator role), the limit on the number of nodes per laboratory is 1024 (in the free one - 63), etc.

4. Bonus: manufacturer's remote laboratory

In addition to simulators and emulators, you can also use remote access to hardware. Cisco officially presents some very interesting services: https://Developer.cisco.com/ and https://dCloud.cisco.com . These services have a set of sandboxes (Sandbox), both virtual and hardware (!), Allowing you to feel new equipment. Access to services is provided through a Cisco account. A NetAcad.com account is a good fit (if you have already registered to access CPT or courses). However, the number of available labs will depend on your status. The partner or customer account provides more opportunities than a simple student.

Developer is aimed at programmers who solve network automation problems, so the presented topologies are quite simple. Their task is to give the opportunity to "touch" the iron API. But despite the simplicity of the topologies, in some cases such a tool can provide something that a virtual laboratory will not. For example, yesterday I was able to get acquainted with the command line of the iron Cisco 9000 and the web interface of the Cisco WLC 9800. And dCloud introduces new products.

In most cases, connection to the laboratory is carried out through Cisco's proprietary VPN client - AnyConnect. Those. your machine is in the sandbox network. This means that you can combine a remote laboratory ... with local GNS3 [ 8 ] or EVE-NG!

Conclusion


In conclusion, I want to summarize what has been said in a small scheme (otherwise the small cheat sheet has grown into a big footcloth and this despite the fact that I very superficially described only the most important features of the tools):

image

Changes: added information about dCloud

More articles:


All Articles