Two weeks ago I’ve described the first way how it’s possible to build Lab for CCIE (and not only) preparation. Today I’m going to finish this story and provide you the second option, which is much better.
Pure Cisco instances
The NFV solution is more resource intensive than IOU-WEB, though it’s more feature rich. There are different approaches to use it, but I will provide the one that I’m using myself. The main idea of this approach is to use VMs with Cisco routers without any GUI. Actually all other approaches use some kind of Middleware, like VIRL or UNL. Frankly, I don’t see any necessity to do it, as it’s really waste of resources. At the end of the day you will configure everything in CLI of routers during your preparation, so the only real useful option is the topology overview. Well, I use always a piece of paper and a pencil, which eliminates the necessity to change the active tab between CLI and topology during configuration.
There are three main images, which you’d like to use during preparation for CCIE Routing and Switching, Service Provider or Security:
Cisco CSR 1000v. is IOS XE in VM with full available features (including fast reroute for IGPs), which requires at least 2,5Gb (better – 3Gb) RAM per instance. It really uses such amount so you have to allocate it in order not to get a Pandora box. The last means that you can try to allocate fewer resources, but you’ll find that some features sporadically don’t work. This image is used in all CCIE tracks (RS, SP, Security and so on). You can download version from the cisco web-site. Trial is 90 days but it isn’t enforceable, so it’s up to you how it can be used.
Cisco IOS XRv is IOS XRv in VM with almost all available features. Unfortunately there are some limitations regarding features that don’t work (more information about this is here: https://goo.gl/mtG0XX). Nevertheless it’s the only available tools that you can widely use yourself on your laptop. Personally I use it a lot in order to study IOS XR. Usually you can allocate 2 Gb RAM for it and it will be OK. At the laptop with 8 Gb RAM I was able to launch 4x Cisco IOS XRv. So, for CCIE SP study I’d say that it the essential to use this image.
But in certain cases you can meet the situations that some features don’t work or you even can get the trace backs. The over guidelines again are to stop VM, increase the allocated RAM and start this VM again. In very many cases it helps
Cisco ASAv is fully virtual ASA which can be used for CCIE Security preparation. Actually ASA is the main security device, which performs functions of firewall, VPN head-end and IPS/IDS. The detailed requirements for the resources you will find in the documentation, but the most important parameter that is memory utilization can be as low as 1 Gb RAM.
For sure there are a lot of other Cisco VMs, which can be used in the certain cases. For example Cisco ACS VM must be used in CCIE Security preparation as many tasks regarding hardening the devices or providing remote access demands the central RADIUS / TACACS server.
In the separate article we’ll discuss all available Cisco VMs and their licensing. Follow up to be updated.
How to create the lab
If you are lucky enough to have an access to the bare metal server, which can be used entirely for lab, then you should install ESXi. It provides all necessary options for you and it’s officially free of charge.
- Prices for used servers are low
- Fully functional Cisco devices (IOS/IOS XE, IOS XR, ASA OS)
- Possibility to build very big lab (multiply 3Gb RAM per number of instances)
- Not easy to access if you are outside the home
Unfortunately I don’t have such access, so I have to use just my laptop. Comparing to the server it has less computing resources and, for sure, it doesn’t provide the possibility to install a middle ware. On the other hand you can take your laptop with you in any place and to study there, including plane or train, where is little to no access to the Internet. So I’m going to describe you the way of making very powerful lab just from your laptop.
- Always with you
- Fully functional Cisco devices (IOS/IOS XE, IOS XR, ASA OS)
- Low amount of instances simultaneously
- Necessity to buy powerful laptop if you don’t have one
Transform your laptop in a network
First of all you need to install some tool to work with VMs. I’m using Oracle Virtual Box as it fits all my needs regarding its functionality and it’s officially free. So you need to download it from the official website (https://www.virtualbox.org/) and install it.
The second step is to obtain Cisco images. Some of them can be downloaded from the Cisco website. For example, here you can download Cisco CSR1000v (https://software.cisco.com/download/release.html?mdfid=284364978&softwareid=282046477&release=3.11.2S&rellifecycle=ED). I’ve found that version 3.11S is possible to download without restrictions, whereas newer versions demand you to have a valid service contract.
With IOS XR it’s a little bit complex now, as I haven’t managed to download it just right now. But sometimes it’s possible to download Cisco IOS XRv from cisco.com, mainly during the new release. Otherwise you can try google and I think, you’ll find what you are looking for.
Cisco ASAv can be downloaded here (https://software.cisco.com/download/release.html?mdfid=286119613&flowid=50242&softwareid=280775065&release=9.2.4.SMP&relind=AVAILABLE&rellifecycle=&reltype=latest). At the time of writing there are no restrictions to download.
The third step is import of the downloaded images into Oracle VirtualBox. There are three options here.
Import if you have .ova
The first and the easiest option is used when you have downloaded the image in “.ova” format. You just import then ready virtual appliance and that’s it.
The very important is the page with the settings. The amount of interfaces directly influences the performance of the virtual device and necessary resources from your laptop. For lab the performance usually isn’t a question, so you can decrease the amount of interfaces two one or two. Also don’t forget to reinitialize MAC addresses on the interface. For the first instance it isn’t a problem, but you are likely to have more than one instance, so you will clone then VM. If you don’t reinitialize MAC addresses, you will have problems with the connectivity between your devices.
Push the import, and you are almost ready. Almost means that you have to configure two more things. That’s why you must go to the VM settings again.
Then go the “Network” tab to configure physical parameter of the network. If you want devices just to communicate to each other, assign their network interfaces to the “internal network”. This is the most suitable option for the lab, so I use it. Also change the adapter type to the paravirtualized.
If you want them to have access to the external world, you can configure NAT or bridging.
The next crucial step is to configure console access to the device. Go to “Serial ports” and press “Enable Serial Port”. The appropriate port mode is “host pipe”, as you can then connect to virtual device directly through any terminal client. Let’s call our pipe “\\.\pipe\asav1”.
Let’s launch our device and check how it works. You need run the VM
You see it’s running
In order to access CLI you should open your terminal client (I use Putty), chose console port and enter your pipe name.
It takes some time for device to boot, depending on OS type, and provided resources. And that’s it.
Create if you have .iso, .vmdk or .vdi
If you don’t have ova file, you have to create a virtual appliance either from virtual disk (like .vdi or .vmdk) or from cd image (.iso format). So you just configure unknown x64 OS, allocate some RAM and that’s it
In case if of virtual disk, you chose it on the third step of the VM creation.
In case of .iso, you need to do a bit more complex exercise. In “System” settings you change boot order and set “CD” as the first one.
Then you should add the .iso image to the CD drive at the “Storage” tab.
Don’t forget to create Serial port and attach network interfaces to the necessary network.
For CSR1000v you have to create two serial ports. The second is useless for you, but it must be created in order you can configure CSR100v through the first one.
Your lab environment is ready and you can start you way to the top of network knowledge (like CCIE) for example.
The choice of the lab depends on your current needs. For large scale labs it’s easier to use IOU-WEB, when for digging deep in some features as well as for studing IOS XR / ASA OS pure VM approach is better. So the mix of the solution is the most appropriate