GNS3 and dynamips on a remote server
Today, we will look at the diversity of GNS3 shell and Cisco IOS Dynamips emulator to different computers.
Given: a
powerful server (home / work / Hetzner / Amazone) and a fairly weak workplace (laptop / netbook / etc.).
Task:
transfer the load from emulation of a large number of IOS to the server for comfortable work.
Solution:
Several options will be considered - regular (! Yes, you did not notice the “Hypervisors” tab in the settings?) And working with crutches [unix way], but in my opinion it is somewhat more convenient.
To work, we will use the following software:
- GNS3 0.8.2-BETA, but it should work on the 0.7.x branch
- Dinamips 0.2.8-RC2
- Linux Ununtu 11.10 / Windows 7
- bash, tmux, ssh
How it works.
The server is running dynamips in hypervisor mode. On the client (workstation with GNS3), the management of local hypervisors is disabled and the remote ones are registered.
If you see a similar message about starting the server, everything works.
Before launching the hypervisor, you need to go to the "working" directory, because in the process, he creates a lot of temporary files. In this case, they do not interest us, so we will work in the tmp folder.
You can leave the server and go to another terminal or stop the hypervisor.
For convenience, I advise you to use tmux .
Also, when using a firewall, do not forget to make exceptions to the incoming port of the hypervisor (in this case, TCP 7220) and console connections (configured in GNS3).
The hypervisor is ready, it remains to prepare the images of iOS.
Download the image from cisco.com or, in the absence of a subscription, from a known torrent tracker.
We do not forget to speed up the unpacking of images, for this we download the “ Cisco image unpacker 0.1 source code ” from the GNS3 website
As they say, knowledgeable people - dynamips under win works stably worse, but proceed to install.
Downloading " GNS3 v0.8.2 BETA all-in-one ".
After installation, open the folder with GNS3 and dynamips and find the .bat file to start the hypervisor.
You can take a shortcut to a convenient place, for example on the desktop, because will have to run it often.
Next, in the editor, edit the port from the standard 7200 to 7220:
After launch, the console window should look like this.
All other actions are not very different from those under Linux (see above):
- open ports in the firewall;
- download iOS images;
- unpack the image, unpacker .
Ubuntu can install GNS3 through packages
But there is a rather old version (0.7.4), so download the source code. You don't have to compile because it is written in python. To satisfy all dependencies, we first install GNS3 from the package, then download the latest version from the repository.
Edit-> Preferences check the local dynamic settings.
Do not forget to click "Test Settings"
Edit-> IOS images and hypervisors
In the HOST field, enter the ip address of our server with dynamips, PORT - the port selected for manual launch of dynamips.
Now in the tab IOS images add the image.
IMPORTANT. The path to the "Image file" and "Base config" are indicated on the server. For the user from which dynamips is running, these files must be readable.
Locally such files may not exist.
Remove the item “Use the hypervisor manager” and select the server you need.
Then save. In the list of images, we see that the call will go not to the local hypervisor, but to that on server 172.16.1.1.
Further, as usual, we create a topology and work.
From here, download and install " GNS3 v0.8.2 BETA all-in-one " - compiled the latest version of GNS3.
All settings correspond to the client under Linux.
There are two
minuses to the regular solution: - the need to manually log in to a remote server to start the hypervisor;
- the open channel of the control connection with the hyper-visitor and consoles.
When you start the device with the key "-H 7220", dynamips opens a listening socket on all available addresses:
No authorization and encryption is provided, and when the paranoia mode is on, this is not exposed to the Internet. There is no opportunity to hang the hypervisor on a specific ip, for example 127.0.0.1, and in any case the port must be closed with a firewall.
At first glance, you need to use a VPN, which is beyond the scope of this article.
Also, when working locally, the manager of the hyper-detectors, under certain circumstances, runs several copies of dynamips on different ports.
Solution option - we configure GNS3 to work with local dynamips, but we create a layer that opens a remote connection via ssh to the server, automatically starts the hypervisor there and forwards ports on top of its encrypted connection. In fact, it will be one script, run with different keys - for the control connection and for the remote console.
Let's get started!
NOTE. For correct operation, authentication in SSH using the keys || edit the script.
NOTE. The GNS3 version should be above 0.8.2 beta2 (for example, from the repository), because it has a bug in which the control script cannot correctly extinguish the remote dynamips.
Edit-> Preferences in the settings of the local dynamips and instead of its binary we write the path to our script
We also change the console connection string
Do not forget to set the full path to the file in the command and replace the variables in the script.
Principle of operation:
- an attempt to start the master connection to the server (automatically completing by idle timeout);
in the course of work, quite a lot of dynamips-over-ssh and telnet-over-ssh sessions are created and multiplexing, in this case, significantly speeds up the work.
- the creation of a trap for the correct stopping of a remote dynamips;
- launch a hypervisor or telnet connection.
Forwarding X11 GUI applications.
Pros: it works, and everything is out of the box.
Cons: slowly. A satisfactory result is only within the LAN at low latency and high speeds.
-C enables compression
-X activates X11 session forwarding / don't forget to enable 'X11 Forwarding yes' in sshd_config /
But if you use X11 Forwording, we are in fact deprived of the opportunity to load .net files and view saved configurations locally.
For users of heavy shells can take advantage of built-in functions. For example, Nautilus can add sftp links to bookmarks.
A more versatile option is possible in conjunction fuse + ssh = sshfs.
This topic has already been discussed in Habré, so there will be only an idea.
Create in the home directory the main folder for working with GNS and the auxiliary script.
Work model:
- Download, for example, laboratory. Assume ROUTE: EIGRP .
- Mount sshfs.
- Unpack the archive in ~ / CISCO
- Launch
PS1
baseconfig.txt
This is not a combat configuration and has security problems, but is convenient for training.
PS2
Configure tmux to work with dynamips consoles.
In tmux, I create a separate session for consoles, and from GNS3 I only add a connection to an existing one.
GNS3 Edit-> Preferences "Terminal command"
Materials:
Given: a
powerful server (home / work / Hetzner / Amazone) and a fairly weak workplace (laptop / netbook / etc.).
Task:
transfer the load from emulation of a large number of IOS to the server for comfortable work.
Solution:
Several options will be considered - regular (! Yes, you did not notice the “Hypervisors” tab in the settings?) And working with crutches [unix way], but in my opinion it is somewhat more convenient.
To work, we will use the following software:
- GNS3 0.8.2-BETA, but it should work on the 0.7.x branch
- Dinamips 0.2.8-RC2
- Linux Ununtu 11.10 / Windows 7
- bash, tmux, ssh
- Option 1 - regular
- Server: Linux
- Server: Windows
- Client: Linux
- Client: Windows - Option 2 - unix way
- Option 3 - unix way / part 2
- PS1 - baseconfig.txt
- PS2 - tmux
Option 1 - regular
How it works.
The server is running dynamips in hypervisor mode. On the client (workstation with GNS3), the management of local hypervisors is disabled and the remote ones are registered.
Server: Linux
$ sudo apt-get install dynamips
$ cd /tmp
$ dynamips -H 7220
Cisco Router Simulation Platform (version 0.2.8-RC2-amd64)
Copyright (c) 2005-2007 Christophe Fillot.
Build date: Jan 18 2011 19:25:29
Hypervisor TCP control server started (port 7220).
If you see a similar message about starting the server, everything works.
Before launching the hypervisor, you need to go to the "working" directory, because in the process, he creates a lot of temporary files. In this case, they do not interest us, so we will work in the tmp folder.
You can leave the server and go to another terminal or stop the hypervisor.
^CHypervisor: closing control sockets.
Hypervisor: closing remote client connections.
Shutdown in progress...
Shutdown completed.
For convenience, I advise you to use tmux .
Also, when using a firewall, do not forget to make exceptions to the incoming port of the hypervisor (in this case, TCP 7220) and console connections (configured in GNS3).
The hypervisor is ready, it remains to prepare the images of iOS.
Download the image from cisco.com or, in the absence of a subscription, from a known torrent tracker.
We do not forget to speed up the unpacking of images, for this we download the “ Cisco image unpacker 0.1 source code ” from the GNS3 website
$ mkdir ~/IOS
$ cd ~/IOS
$ mv ~/Downloads/Unpack-0.1_src.tar.bz2 ./
$ mv ~/Downloads/c2600-ipbasek9-mz.124-17.bin ./
$ tar -xjf Unpack-0.1_src.tar.bz2
$ rm Unpack-0.1_src.tar.bz2
$ python ./Unpack/unpack.py --format=IOS c2600-ipbasek9-mz.124-17.bin
warning [c2600-ipbasek9-mz.124-17.bin]: 17812 extra bytes at beginning or within zipfile
(attempting to process anyway)
IOS binary image successfully unpacked in c2600-ipbasek9-mz.124-17.bin.unpacked
Server: Windows
As they say, knowledgeable people - dynamips under win works stably worse, but proceed to install.
Downloading " GNS3 v0.8.2 BETA all-in-one ".
After installation, open the folder with GNS3 and dynamips and find the .bat file to start the hypervisor.
You can take a shortcut to a convenient place, for example on the desktop, because will have to run it often.
Next, in the editor, edit the port from the standard 7200 to 7220:
rem Launch a local copy of dynamips
set dynamips=%CD%\dynamips.exe
cd %TEMP%
start /belownormal /B /wait"Dynamips""%dynamips%" -H 7220
pause
After launch, the console window should look like this.
All other actions are not very different from those under Linux (see above):
- open ports in the firewall;
- download iOS images;
- unpack the image, unpacker .
Client: Linux
Ubuntu can install GNS3 through packages
$ sudo apt-get install gns3
But there is a rather old version (0.7.4), so download the source code. You don't have to compile because it is written in python. To satisfy all dependencies, we first install GNS3 from the package, then download the latest version from the repository.
$ sudo apt-get install gns3
$ sudo apt-get install mercurial
$ cd ~/IOS/
$ hg clone http://code.gns3.net/gns3-devel
$ cd gns3-devel
$ ./gns3.pyw
Edit-> Preferences check the local dynamic settings.
Do not forget to click "Test Settings"
Edit-> IOS images and hypervisors
In the HOST field, enter the ip address of our server with dynamips, PORT - the port selected for manual launch of dynamips.
Now in the tab IOS images add the image.
IMPORTANT. The path to the "Image file" and "Base config" are indicated on the server. For the user from which dynamips is running, these files must be readable.
Locally such files may not exist.
Remove the item “Use the hypervisor manager” and select the server you need.
Then save. In the list of images, we see that the call will go not to the local hypervisor, but to that on server 172.16.1.1.
Further, as usual, we create a topology and work.
Client: Windows
From here, download and install " GNS3 v0.8.2 BETA all-in-one " - compiled the latest version of GNS3.
All settings correspond to the client under Linux.
Option 2 - unix way
There are two
minuses to the regular solution: - the need to manually log in to a remote server to start the hypervisor;
- the open channel of the control connection with the hyper-visitor and consoles.
When you start the device with the key "-H 7220", dynamips opens a listening socket on all available addresses:
$ sudo netstat --numeric --listening --program | grep dynamips
tcp 0 0 0.0.0.0:7220 0.0.0.0:* LISTEN 12756/dynamips
No authorization and encryption is provided, and when the paranoia mode is on, this is not exposed to the Internet. There is no opportunity to hang the hypervisor on a specific ip, for example 127.0.0.1, and in any case the port must be closed with a firewall.
At first glance, you need to use a VPN, which is beyond the scope of this article.
Also, when working locally, the manager of the hyper-detectors, under certain circumstances, runs several copies of dynamips on different ports.
Solution option - we configure GNS3 to work with local dynamips, but we create a layer that opens a remote connection via ssh to the server, automatically starts the hypervisor there and forwards ports on top of its encrypted connection. In fact, it will be one script, run with different keys - for the control connection and for the remote console.
Let's get started!
NOTE. For correct operation, authentication in SSH using the keys || edit the script.
NOTE. The GNS3 version should be above 0.8.2 beta2 (for example, from the repository), because it has a bug in which the control script cannot correctly extinguish the remote dynamips.
Edit-> Preferences in the settings of the local dynamips and instead of its binary we write the path to our script
/home/%username%/IOS/rdyn.shWe also change the console connection string
gnome-terminal -t %d -e '/home/%username%/rdyn.sh -R %p' >/dev/null 2>&1 &Do not forget to set the full path to the file in the command and replace the variables in the script.
#!/usr/bin/env bash
HOST=host.tld
#HOST=2001:470::1
PORT=4444
USER=username
#######################################
WRKDIR='/tmp'
DYNAMIPS='/usr/bin/dynamips'
RCMD=$1
RPORT=$2
SSHOPT="-a -T -q -x -o ExitOnForwardFailure=yes -o TCPKeepAlive=yes -o BatchMode=yes -o ControlPersist=10 -o ControlPath=/tmp/rdyn.%h.%p.%r -p $PORT$USER@$HOST "
TELNETCMD="ssh -N -f -L 127.0.0.1:$2:127.0.0.1:$2$SSHOPT"########################################trap quit INT TERM HUP KILL
function quit {
if [ $RCMD = '-H' ] ; then
ssh $SSHOPT"pkill -f \"$DYNAMIPS -H $RPORT\"" &
else
pkill -f "$TELNETCMD"fiexit
}
########################################if [ "$1" = '' ] ; thenecho'Error: script expects some commands.'exitfi
ssh -M -f $SSHOPTexit > /dev/null 2>&1
if [ "$1" = '--help' ] ; then
ssh $SSHOPT"$DYNAMIPS --help"elseif [ "$1" = '-H' ] ; then
ssh -L 127.0.0.1:$2:127.0.0.1:$2$SSHOPT"cd $WRKDIR ; $DYNAMIPS -H $2" 2> /dev/null &
while : ; dowait;
sleep 1;
doneelse$TELNETCMD > /dev/null 2>&1
telnet 127.0.0.1 $2
pkill -f "$TELNETCMD"readfifiPrinciple of operation:
- an attempt to start the master connection to the server (automatically completing by idle timeout);
in the course of work, quite a lot of dynamips-over-ssh and telnet-over-ssh sessions are created and multiplexing, in this case, significantly speeds up the work.
- the creation of a trap for the correct stopping of a remote dynamips;
- launch a hypervisor or telnet connection.
Option 3 - unix way / part 2
Forwarding X11 GUI applications.
Pros: it works, and everything is out of the box.
Cons: slowly. A satisfactory result is only within the LAN at low latency and high speeds.
$ ssh -X -C username@host.tld gns3-C enables compression
-X activates X11 session forwarding / don't forget to enable 'X11 Forwarding yes' in sshd_config /
But if you use X11 Forwording, we are in fact deprived of the opportunity to load .net files and view saved configurations locally.
For users of heavy shells can take advantage of built-in functions. For example, Nautilus can add sftp links to bookmarks.
A more versatile option is possible in conjunction fuse + ssh = sshfs.
This topic has already been discussed in Habré, so there will be only an idea.
Create in the home directory the main folder for working with GNS and the auxiliary script.
$ sshfs username@host.tld:/home/%username%/CISCO ~/CISCO
$ cat << ENDL > ~/CISCO/rgns3
ssh -X -C username@host.tld gns3 \$1
ENDL
$ chmod +x ~/CISCO/rgns3
Work model:
- Download, for example, laboratory. Assume ROUTE: EIGRP .
- Mount sshfs.
- Unpack the archive in ~ / CISCO
- Launch
$ ~/CISCO/rgns3 ~/CISCO/EIGRP/topology.netPS1
baseconfig.txt
!
hostname %h
no ip domain-lookup
line con 0
exec-timeout 0 0
logging synchronous
privilege level 15
service timestamps debug datetime msec
line vty 0 15
no login
exec-timeout 0 0
logging synchronous
privilege level 15
This is not a combat configuration and has security problems, but is convenient for training.
PS2
Configure tmux to work with dynamips consoles.
In tmux, I create a separate session for consoles, and from GNS3 I only add a connection to an existing one.
$ cat gconsole.sh
unset TMUX;
tmux new-session -d -s GNS3 >/dev/null 2>&1
gnome-terminal -e '/usr/bin/tmux attach-session -t GNS3'GNS3 Edit-> Preferences "Terminal command"
unset TMUX; tmux new-window -t GNS3 -n '%d''telnet %h %p ; cat' >/dev/null 2>&1 &unset TMUX; tmux new-window -t GNS3 -n '%d''/home/%username%/IOS/rdyn.sh -R %p' >/dev/null 2>&1 &