Certification requires a lot of lab time. I mean a lot. Hundreds of hours of thorough, insightful, and meaningful labbing. Let alone the time invested behind the CLI of a CCIE certification. There are two routes these days that most people go. Hiring rack time or building their own lab. I am going to discuss the latter today including reproducing my setup!
Physical vs Semi-physical
There are two types of physical labs we can create. IF you have access to ex production kit, you are very wealthy, or happen to get lucky on eBay then a full physical topology is great. Routers, Switches, FR devices. When looking into a vendor topology for the CCIE lab you quickly realize it could be quite expensive. In this economic climate it ends up being quite expensive.
Albeit this is classed as a cheaper lab there are a lot of interfaces and expansion cards to get. The price does add up.
I have opted for a hybrid physical/virtual topology. What on Earth? GNS3 + 4 physical switches + a whole lotta NICs. Let us now together build our server.
I am lucky enough that my workplace has spare servers. Dell PowerEdge 710 is the flavor. It is highly over powered for what we plan to do.
- 2 x Xeon QC 2.8ghz
- 32 GB ram (It did have 96GB)
- 500GB 15k SAS
- 3 x Intel QUAD 1GB NIC
- 1 x Onboard NIC (4x 1GB)
Overkill. What I am doing can be re-produced on i5, 8gb ram, 3-4 quad NIC, machines. GNS3Vault, Matthew Mengelm, and Mellowd have done it on the above or less.
- 2 x 3560-X (48Port, PoE, 100/1000, 2 x 10GB card)
- 2 x 3750-G
I have installed Ubuntu 12.04 x64 onto this machine. I chose the desktop version and I am a grasshopper. The server is accessible when I am at work but I wanted easy access if I broke something
Install dependencies of GNS3/Dynamips
sudo apt-get update
sudo apt-get install python
sudo apt-get install qt4-dev-tools
sudo apt-get install pyqt4-dev-tools
Install GNS3 to /opt directory.
( I choose to keep all directories lowercase for sanity reasons)
sudo wget http://downloads.sourceforge.net/project/gns-3/GNS3/0.8.2/GNS3-0.8.2-src.tar.bz2
sudo tar -xjvf GNS3-0.8.2-src.tar.bz2
sudo mv GNS3-0.8.2-src /opt/gns3
sudo rm GNS3-0.8.2-src.tar.bz2
Creating subdirectories and adding Read Write permission to projects directory.
sudo mkdir dynamips
sudo mkdir ios
sudo mkdir project
sudo mkdir tmp
sudo chmod o+rw -R ./project
Time to install the Dynamips backend:
sudo wget http://downloads.sourceforge.net/project/gns-3/Dynamips/0.2.8-RC3-community/dynamips-0.2.8-RC3-community-x86.bin
sudo chmod +x ./dynamips-0.2.8-RC3-community-x86.bin
Now – before we begin I want to set up remote access. I use this machine via the internet. So once port forwarding is set up I need to add and change some SSH settings. I want GNS3 GUI to be X11 fowarding so I can access and change a topology and create new ones. My dynamips training wheels aren’t great.
sudo nano /etc/ssh/ssh_config
Remove the # and change ForwardX11 yes
Write these changes.
Access via CLI.
After SSH’ing into your box you land at the command prompt. To launch a GUI based GNS3 from CLI use the following.
sudo python /opt/gns3/gns3.pyw
That will launch GNS3. If you want it to auto boot a file too do the following
sudo python /opt/gns3/gns3.pyw /opt/gns3/project/ine/inev5.net
Due to having a bucket load of RAM I do the following to allow myself faster run times. I set the working directory for Dynamips to be my RAM swap. Pewpew!
Edit > Preferences > Dynamips >
Working Directory for Dynamips:
Now to set up the basics with GNS3/Dynamips.
Edit > Preferences > Dynamips >
Executable path to Dynamips:
Project directory : /opt/gns3/project
Image Directory :/opt/gns3/ios
Inside the ios folder I have the c3725-adventerprisek9-mz.124-15.T5 image.
My idle-pc value which selects when the CPU isn’t processing is 0x602649b4. This will change for your machine. Find a value when you calculuate it with a *.
I have also increased the RAM of my 3725 to 256MB.
Fully loaded and running my INEv5 topology uses 8 percent of ram.
This is the topology I am building. Where a SW is cabled into a router as far as the device is concerned they are adjacent. In the case of SW3 -> BB3 the physical connection is SW3 fa0/24 –> eth1 <— GNS3 cloud bound to eth1 <—- BB3 fa0/0 Rinse and repeat this step and you will find that you easily have this topology but also, IPExpert, Narbik, Cisco360 or any conceivable topology. Oh and you can have more than 4 switches!
Presenting the final GNS3 topology
Lab lab baby!
As the little clouds show they reflect which port they connect too. I hope by providing the physical serial, ethernet, and GNS3 diagrams you will be able to reproduce this nicely.
Extras to make labbing easy.
Now let us be cheeky and make full use of our Switches. Telnet to Serial!
I have 4 console cables, 2 USB, 2 Serial to access my switches. I access my switches my “telnetting” the console cables.
Install Serial to Telnet
sudo apt-get install ser2net
Edit the config
sudo nano /etc/ser2net.conf
I change to the TTY lines being used for my config.
6000:telnet:0:/dev/ttyS1:9600 8DATABITS NONE 1STOPBIT banner
6001:telnet:0:/dev/ttyS2:9600 8DATABITS NONE 1STOPBIT banner
6002:telnet:0:/dev/ttyUSB1:9600 8DATABITS NONE 1STOPBIT banner
6003:telnet:0:/dev/ttyUSB2:9600 8DATABITS NONE 1STOPBIT banner
The syntax above is portnumber:protocol:timeout:device:baud. Pretty easy.
Now lets restart the service so the config file is reloaded.
sudo service ser2net restart
To access all of my devices at once, conviniently and securely I use Byobu Terminal emulation over SSH.
sudo apt-get install byobu
F2 creates a new terminal. F3/F4 navigate across.
It make take a while to get through but now you have a pseudo console server! It will keep your history which is the best part so if you lab remotely you can resume exactly where you left off with the output of previous sessions.
I have uploaded my topology to ubuntu pastebin. Feel free to copy and paste this into a .net file and use it yourself. This applies to my computer only so do change it if you have different settings, install locations. Remember to adjust the IDLE-PC to match yours as a .NET file overrides global defaults.
My labbing has increased tenfold. The ability to spin up varying networks with L2/L3 technologies working harmoniously together. CLI access is fantastic and having now quite a few templates to work on I have zero excuse. I believe the hours I spent putting this together has already yielded dividends.
** EDIT – You can easily add in a Firewall using QEMU and ASA 8.4. More delicious topics to get your pretty faces into.
Additional and Supplementary post