Hello my friend,
I hope you have begun the new year very good and is back to work, study, researches or just enjoying the life. I have spent some time over new year holidays (and after them as well) to rebuild by lab and now Iβd like to share with you my notices.
1 2 3 4 5 | No part of this blogpost could be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical or photocopying, recording, or otherwise, for commercial purposes without the prior permission of the author. |
Brief description
In the very first article about connectivity Nokia (Alcatel-Lucent) VSR with Cisco IOS XRv I have shown some modification, which needs to be done in Linux with bridge and network interface configurations in order routers can reach each other. But I havenβt shown you the full picture how to establish the lab from the very beginning. And thatβs actually what this article is about.
What we are going to test?
We will build the lab with CentOS 7 Linux, Nokia (Alactel-Lucent) VSRs and Cisco IOS XRv from scratches with the installation of all the related modules and their configuration.
Software version
The most important is the software version of the Linux host:
- CentOS 7
I have downloaded the latest version from the official website.
For the rest, we use the following versions of Nokia (Alcatel-Lucent) and Cisco routers:
- Nokia (Alcatel-Lucent) SR OS 14.0.R4
- Nokia (Alcatel-Lucent) SR OS 15.0.R4
- Cisco IOS XRv 6.1.2
What needs to be done
The following list of activities shows what we need to do in order to get working lab. Later Iβll show in details what exactly you need to type:
- Create VM
- Install CentOS7
- Update yum, install epel-repository and telnet
- Install and configure FTP server
- Install and configure KVM
- Create appropriate network connections
- Create appropriate VMs
- Install and configure Ansible
- Install vconfig:
- Install and configure ncclient (optional)
Letβs go step by step now.
All information provided can be used on βas isβ basis, meaning your HW (server, PC, laptop) and even installed CentOS might have deviations. So, keep calm and troubleshoot then.
#1. Create VM
In general, the create process of VM is quite straightforward: you allocate as much resources as you can (or as you like). In order to have 2 VSRs running you need to allocate at least 4 GB RAM and 2CPU. There are two important points that you must take into account.
The first one is that you need to create 3 virtual NICs and assign them to the proper media. Typically, I use the first NIC for internet connectivity, thatβs why itβs connected to NAT, whereas the rest two are connected according to my topology two vnet3 and vmnet4:
The second one is that we need to enable virtualization of CPU:
As soon as both these points are fulfilled, you start with installation of CentOS itself.
#2. Install CentOS7
I advise you to configure your NIC that is connected to NAT in order to provide Internet connectivity. This will help to configure proper time based on NTP just right now and for future itβs necessary as weβll need to download a lot of packages from Internet.
In terms of installation package I have chosen βServer with GUIβ, but I havenβt chosen any package to be installed:
I always chose GUI, because then I can surf in internet directly from VM when I need it without necessity to switch between host and VM. Also it eases process of copying files between VM and host, because quite often feature βshared foldersβ in VMWare player doesnβt work.
One important point: I have created a user called βaaaβ with administrative rights and all the further configuration (and ansible plabooks) are done based on the assumption that we have β/home/aaa/β as a working folder, where it its related.
At my laptop it takes 5-10 minutes to install CentOS in VM, so you can take a coffee, tea, bear or whatever you prefer in this time of day. Just take your time J
#3. Update yum, install epel-repository and telnet
After installation is done you boot for the first time and ready to work. From what I have seen, CentOS performs update of the yum automatically on the first boot. It also takes some time, so I chose in menu restart with option βfinalize installation and rebootβ. I assume, if you havenβt configured connectivity to internet initially, you will need to perform this step manually after you do it:
|
$ sudo yum update |
Iβd recommend to issue this command in any case, just to avoid unpleasant surprises in future, if something havenβt been updated.
Then we install epel repository. A lot of useful programs (i.e. Ansible) is reachable through it, so do it. Also telnet isnβt installed by default, what is necessary to connect to Nokia (Alcatel-Lucent) VSRs on console port:
|
$ sudo yum install -y epel-release |
β-yβ is added in order to avoid manually confirming installation of each and every package.
After each package is installed, you will get notification
|
Complete successfully! |
If you donβt get it for whatever reason, troubleshoot what is wrong.
#4. Install and configure FTP server
I use FTP server to store license files for Nokia (Alcatel-Lucent) VSRs. Also you could save it locally to the disk of each VSR, but I find FTP much more convenient. So, letβs install it:
|
$ sudo yum install -y vsftpd ftp |
When itβs installed, we need to configure it in such a way that local Linux accounts are allowed to be used to access FTP server, whereas no anonymous are allowed:
|
$ sudo vim /etc/vsftpd/vsftpd.conf |
In my case I have changed value of βanonymous_enableβ to βNOβ, uncommented βchroot_local_userβ and added two last strings.
We have already started speaking about accounts. So, you can choose to use your user or create new one for VPN. I have decided the new latest option:
|
$ sudo useradd -d ‘/var/ftp/nokia’ -s /sbin/nologin nokia |
I have configured very easy password βnokianokiaβ for this user.
After the folder is created we need to put files with Nokia (Alcatel-Lucent) SR OS license there:
|
$ sudo copy /home/aaa/temp/sros14.lic /var/ftp/nokia/sros14.lic |
As we do all the actions using βsudoβ, the owner of the files is put as root. In order VSR can use this license, we need to change the owner and rights to this license file, so that itβs associated with βnokia” user. Here we go:
|
$ sudo chown -R nokia nokia ‘/var/ftp/nokia’ |
The configuration of the FTP server in our CentOS Linux server is almost done, so we need just to make sure FTP starts automatically during boot and launch it. There are some difference in syntax from CentOS 6 to CentOS 7, so you need to pay attention. The last thing is also to allow FTP service in firewall, which is enabled by default in our Linux:
|
$ sudo systemctl enable vsftpd |
FTP configuration is done and we move to the next point.
#5. Install and configure KVM
Probably this is the quickest and the easiest chapter of the preparation of our lab. We tell CentOS 7 to install using yum all packages related to KVM/QEMU:
|
sudo yum install -y qemu-kvm qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer |
There should be definitely a lot of possibilities to fine tune something in this packages, but I havenβt changed anything and left default parameters
#6. Create appropriate network connections
This step will be always βsetupβ specific and you need to check your local setup. You remember, we have created 3 network connections. They names start with βensβ and then comes the number. I have tried to install CentOS 7 twice and both times I got different βensβ numbers. So first of all we check their names and associated MAC addresses:
|
$ ifconfig | grep “ens\|ether” |
Then we properly tune configuration files of the interfaces and create corresponding bridges. For bridge 1 we have the following configuration:
|
$ cd /etc/sysconfig/network-scripts/ |
You remember, the first interface (ens33) has an IP address and used to connect our VM to internet.
For bridge 2 we deploy almost the same configuration, just changes IP, MAC and bridge ID:
|
$ sudo vim ifcfg-br2 IPV4_FAILURE_FATAL=yes |
We also create one bridge that wonβt have any physical interfrace attached in roder to provide out of band (OOB) communication for Nokia (Alcatel-Lucent) VSR routers through interface on CPM (BOF configuration):
|
$ sudo vim ifcfg-br0 |
After you have made all the necessary configuration changes, restart network services in order to bring them in use and go to next point:
|
$ sudo systemctl restart network |
#7. Create appropriate VMs
When we have done all the previous steps, like FTP, KVM and network connections, we define VM I will show you the most important parts of it. First of all, we go to the folder, where all KVM VMs should be located and create new VM:
|
$ cd /var/lib/libvirt/images/ |
You must do βsudoβ here, as the folder belongs to root.
In product configuration you can see the link to the FTP server/folder we have created in sub chapter 4. In order to login there, we have used created account and password. On the network side we map the first interface to bridge βbr0β, because the first interface is the interface located on CPM, so itβs OOB. The rest of the interfaces we map to two bridges, so we can later play with network/access ports.
Also you see the name of the VM file (qcow2), so you need to put it to the same directory and make sure its name correct. I have changed the name from the standard one to make it readable and to distinguish between different VMs.
Now, when we have definied all the parameters in XML file of the VM, we create it:
|
$ sudo virsh define vsr14-r1.xml |
In the same manner we create the second VM, just changes the name. IP, MAC, source file (you can duplicate initial one) and tcp port for console.
#8. Install and configure Ansible
If you have done previous tasks, the installation of the Ansible will be straightforward:
|
$ sudo yum install -y ansible |
I have don installation just the last Friday, and I got the following version of Ansible:
|
$ ansible –version |
In config file I uncomment two strings, so that we Ansible works properly with Nokia (Alcatel-Lucent) VSR routers and Cisco IOS XRv routers:
|
$ sudo vim /etc/ansible/ansible.cfg |
After that, as I have done in the previous article (link), when I have create automation for launching my lab, we check the Ansible host file and βordinaryβ linux host file:
|
$ sudo vim /etc/ansible/hosts |
The last action in this sub chapter is to unpack those playbooks to your home directory and update localhost.yml from folder βnodesβ with proper names of your network interfaces: change eth2 to ensXX.
#9. Install vconfig:
The last point in the main program is to install the package that helps us to create VLANs and sub interfaces:
|
$ sudo yum install -y vconfig |
#10. Install and configure ncclient (optional)
I have put this module as optional, because I havenβt it used before, but this module will be used in the later articles, because itβs used by Ansible to utilize NETCONF interface to routers. The installation is done in the following way:
|
$ sudo yum -y install python-pip |
Verification of installation
Once we are done, we have created the following lab:
On management host we have all our services up and running (FTP, Ansible, KVM, etc). SR1 and SR2 are KVM VM and will be started on this host, wheres XR3 and XR4, which are Cisco IOS XRv routers, are VMWare VMs and are connected through external interfaces “ens34” and “ens35” to the proper Linux bridges
If you have done everything correct, your lab will start working:
|
/home/aaa/ansible |
I have reduced the output of the playbookβs execution, because itβs really huge. Important is that VMs are created and sub interfaces with bridges as well.
Just when the KVM VMs are created, we can connect to it:
|
$ telnet 0.0.0.0 2511 |
If FTP server and XML of the router is configured properly, the VSR will be able to obtain license:
|
A:vRR# show bof |
Thatβs it. Our lab is ready:
The updated version of Ansible-playbooks is here: ansibl7.tar
Lessons learned
I have to rebuild Ansible playbooks, because in the version 2.4 (https://docs.ansible.com/ansible/2.4/porting_guide_2.4.html) and 2.3 (http://docs.ansible.com/ansible/latest/porting_guide_2.3.html) there are some changes in the modules. Refer to official documentation (http://docs.ansible.com/ansible/latest/modules_by_category.html).
Conclusion
Now I have updated lab with new Ansible, Python and other instruments, which is necessary to continue our journey into networking world. One of the reasons for updating CentOS was the problem with installation of OVS (link), which is interesting for me to play with. If I have positive experinse with it, Iβll wright some articles about it and Iβll replace my brctl with it. Take and good bye!
P.S.
If you have further questions or you need help with your networks, Iβm happy to assist you, just send me message.
Support us
BR,
Anton Karneliuk
Just wonder. Instead of setting up all the routers images, bridge, software, vPC on Linux manually and from scratch, how about using network emulation software such as GNS3 and EVE-NG. They can simplify all these pumping things and let users focus just on router configuration.
regards
Derek
Hi Derek,
for sure you can, but I don’t use any simulators. Here is why:
If like simulators, just used them.
BR,
Anton
Hi Anton,
I would like to thank you for all the work you are doing on this website.
As a network engineer you are a source of inspiration for me !
About the simulators (GNS3 for exemple), are you really sure that they are more resource-intensive than your lab (Nested VMs on VMware Workstation) ?
BR,
Marco
Hi Marco,
Thanks for the kind feedback. I haven’t used GNS3 for roughly 5 years, so I don’t know it development stage now. As I’m working a lot not only with network images themselves, but also heavily pushing automation and other stuff, for me it’s necessary to understand and be able to modify/control all components, what is quite easy in Linux, that’s why I’m using VM with it.
Maybe GNS is good enogh in terms of resource’s usage and control it provides you, I don’t know. I just know that there is no magic and in GNS3 you will have to start VM Box with Nokia VSR what results in the same memory/CPU usage π
BR,
Anton
Hi Anton ,
Very nice post , have similar things on mind.
Can you share the hardware details of the node on which you did this lab .
Hi,
Actually, I’m using just a laptop with 8GB RAM, core I5 with 4 cores and win 10 onboard. That’s it.
BR,
Anton
Hi,
Is this installing Centos 7 as a guest OS on top of Windows OS?
So you’re doing Windows as a host > Centos 7 as a guest (using vmware)
Then you’re doing Centos 7 as a host > Nokia/Cisco as a guest (using KVM).
Can you please confirm this is correct?
If I want to use Centos 7 as my base operating system, and given that I only have one NIC. How do you recommend I should take care of creating virtual interfaces so build the topology?
Thank you.
Hi Karl,
yes, you are right. I have Windows with CentOS 7 running as guest VM (using VMware Player or Oracle Virtual Box it doesn’t matter). Inside CentOS7 you can run any VM within KVM as explained here: https://goo.gl/Rb6q4r
If you want to run CentOS as you host without Windows, it’s fully OK. Basically, you don’t need any external connections for your VMs. So you need just to configure one port on your NIC to access the internet from your host OS and that’s it.
BR,
Anton
Thanks Anton. I’d like you to help me with this small hiccup.
I managed to install Centos and KVM on top of it. I also managed to launch SROS but the problem is there are limited number of commands (i.e. I can’t install cards, configure, or do a lot of things). The hostname isn’t changed based on the “configured” name in the XML file however I can Console to it. It feels like as if KVM isn’t executing all the parameters within the XML file. Is there a way to troubleshoot it?
A:vSIM#
admin bof enable-vsd-config environment
file password
A:vSIM#
This is a snippet of my XML file:
SR1
50b87199-3f58-4eb3-8a48-2ad9ebf955ce
4
2
TIMOS:chassis=SR-c4 slot=A card=cfm-c4-xp mda/1=m5-1gb-sfp-b mda/3=m5-1gb-sfp-b address=172.20.24.65/24@active static-route=192.168.43.2/32@172.20.24.1 license-file=ftp://user:password@10.0.0.20/home/karl/Documents/Nokia-VSR-VM-14.0.R14/Licenses/SR_OS_VSR-SIM_license_1.txt
hvm
/usr/libexec/qemu-kvm
<model type='virtio'/
Hi Anton,
Please make a video on this article how to build lab.
Regards,
Arif Mohammad
Hi Arif,
Actually, there are not too much things to film. You just need install CentOS and then run https://github.com/akarneliuk/centos_lab_setup/blob/master/initial_setup_kvm.sh script.
Cheers,
Anton
Hi Anton, Please correct me if I’m wrong. Centos VM only have one interface to internet right (NAT) and 2 custom interface vmnet3 and vmnet4. In step #6. Create appropriate network connections… how come got 3 interfaces ens33,34,35? I bit confuse how to map interfaces created over VM centos and this ens interfaces? Please clarify further. Thank you
Hi Anton, appreciate if you can show how to create xml file for xrv. I only have iosxrvk9demo.qcow2 image…please assist and advise. Thank you
Hello Jay,
You can read the details here: https://karneliuk.com/2018/09/cheat-sheet-for-automated-creation-of-networking-lab-in-kvm-on-linux-arista-cisco-cumulus-nokia/
Also you can attend our training, where we cover even more information: https://training.karneliuk.com
Best regards,
Anton
Hi Anton… I create new Centos7 VM host(virtualbox)and installed KVM and create guest VM. I just maintain default network(virbr0/NAT) and to access externally the guest vm i create new bridge br0 and mapping to to interface enp0s3. (for your info, VM host able to access internet and can be accessed ssh in my lan via br0)..When i boot guest VM, it can get ip from my router dhcp and both host and guest vm can ping each other…….what puzzle me is that vm guest not able to ping router gw and not able to access internet. I have tried disable my host vm firewall but still the same. Please advise any. Thank you
Hello Dzjay,
do you have ip_forward enabled under sysctl config?
Cheers,
Anton