Saturday 18 July 2015

IP Routing

I have VIRL installed on my HP Microserver running ESX, but having a few problems with running the simulations. :( I can't seem to telnet to the console port when the simulation is running. But that's a problem for another post and day. I really needed to do some solid lab work so went back to INE labs for a bit.

Today I reviewed static IP routing and the differences between setting next-hop, exit interface or both.

A few points I learnt are:
  • in DMVPN the hub can not use only exit-interface, it must use next-hop;
  • static routes using exit interface on a multipoint interface can have ARP issues;
I also reviewed the use of SLAs in creating redundancy in the routing table.

Monday 6 July 2015

Basic ASA VIRL Lab

Today I tried out the ASA - and it worked pretty well. It doesn't support context switching, which is a bit sad - but other than that, it seemed to do everything else I tried.

I figured, from now on I'll share my VIRL file and if people are really interested they can download and try it out themselves. Maybe I'll even write a blog post on how to open a virl file, but it's pretty easy.

Basic ASA Configuration & Failover Lab

You know this is working when you can ping R6 Lo0 ( from R4 - bring down ASA1 and it continues to work.
Click here to download VIRL file

In this lab I've configured standby and failover on the ASAs, ASA1 is the Primary, ASA2 is the Secondary. The VIRL lab looks like this:
But with the configuration of an inside and outside vlan on SW1, it looks logically like this:
When you load the VIRL file, the network is fully configured to work. To practice configuring the ASAs I recommend you open the console for both of the ASAs and run: "clear config all" (take a copy of the working running-config before doing this if you want)

Then the following steps should get the ASAs back to a working state:

  • Configure a hostname on ASA1
  • Configure the IP addresses on Gi0/0 and Gi0/1 as shown above, naming them outside and inside respectively. Configure a default route pointing at the R6 IP address.
  • Configure OSPF between ASA1 and R4
  • Configure NAT on the ASA
  • Configure ASA1 as a routed firewall
  • Configure ASA for active/standby failover
I should give more detail, but I'm new at this =P  I will admit that the majority of my working life as a network engineer I've used ASDM to configure firewalls (boo! hiss!) - this gave me an opportunity to run through the basics on the CLI.

Sunday 5 July 2015

A Little More VIRL

So I have spent a bit of time this week playing around with VIRL. I have trialed 3 instances:

  • local on my 8GB laptop in VMware
  • at work on an ESX, assigned 32GB
  • at home on my ESX - currently assigned 8GB but working on improving this
I think my takeaway points are:

Don't use VIRL for the NX-OS image!
I was pretty excited to do some NX-OS topologies but I found out pretty quickly that some of the technologies I wanted to play around with aren't support. Below shows the problems I had in trying to establish vPC.
After googling I realised that Layer 2 functionality is not supported in NX-OSv and there is no timeline for the features to be released. I don't think this is made very clear when VIRL is acquired.
Click here for a comprehensive list of what is available on NX-OS.

After this disappointment, I went back to switching and routing and was pretty happy with what I could do again. I tried out some various routing scenarios with multiple IGPs and VLANs. It worked very nicely with 32GB of memory.

I then tried to push it a little more to the limits, so I grew my network to something along the line of a service provider network. At this point I ran out of memory again. :( So I used the option of disabling some of the router from the configuration. See below the option to highlight nodes and click a box to exclude them from the simulation:

After I did this, the simulation launched without problem, with the two routers excluded. I thought this was pretty good, considering how many CSR routers I put into the network. You can see below on the right the routers that didn't launch are represented with an [ABSENT] tag next to them.

I guess at this point I'm still just feeling my way around, but would I buy it again? Considering how much I've spent on hardware, and with the current $50 off special making VIRL very cost effective comparatively. So yes, I despite some limitations, I think VIRL is a very good investment for anyone wanting to practice and trial network configurations.

Previous VIRL Post

Wednesday 1 July 2015

DMVPN Part 2

Go to DMVPN Part 1

4. DMVPN Routing Configuration

So each router doesn't know about the other routers attached networks (in this case its the loopback addresses). The routing can be completed using either static routes.

Because  "ip nhrp map multicast" command was used on the spoke routers they can only broadcast hellos to the hub router, so OSPF becomes a hub and spoke configuration. This means the hub router must become the DR and using the OSPF broadcast network type must be used.

It should look like this:

Pretty cool.

My First-Run VIRL Review

I have been so slack in blogging lately, the truth is I've been a bit slack in my CCIE study. Though I have been sidetracked in learning a heap about Cisco UCS - but that was for work.

Anyway, I have embarked on a new adventure - which is VIRL. This stands for Virtual Internet Routing Lab. I love my hardware lab, but I just had to try this virtualisation method. Installing it was pretty easy, it downloads as an OVF which you deploy as either standalone on a PC/Mac or onto an ESX. I used VMware Player and installed it on my laptop.

Here's what it looks like:

This was great and all you have to do is click on the VMMaestro icon to fire up the software that allows you to place virtual routers and do all sorts of network configurations. However, I ran into this error a lot:

It generally happens when stopping a simulation and restarting it or another simulation. I'm not 100% sure, but it feels like it takes a bit of time to release the memory once a simulation is stopped. This simulation above was 6 IOSv routers - I didn't even bother trying to run CSR1000vs which apparently use up 3GB of memory.

So my first bit of advice is... don't run VIRL on a PC with only 8GB. Although 8GB is the minimum requirement, you may get frustrated quickly.

I've since moved my installation to an ESX server, assigning the VM 32GB... and this is seamless. I've been running through the tutorials and am really enjoying the features that are available that you wouldn't get from using the VMs directly in KVM or whatever... or from using hardware. These features are things like the AutoNetkit which allows you to very quickly deploy configurations across a large network. So you can setup your test environment much faster than if you were setting it up on hardware or standalone VMs. I'll show you a screenshot here of auto configuring EIGRP on a bunch of routers - but this is directly from the tutorial mentioned above.

And secondly, the views allow you to troubleshoot so quickly what is going on in the network. You can click on various different configs to highlight what you expect to see.

Below is the eBGP neighbour relationships highlighted... but you can see the options on the left.

I am going move my installation one more time to my home ESX so that I can use it in the evenings. It has 16GB which I'm hoping is sufficient. But watch this space for some more VIRL fun. =)