Cisco IOU for V5 Lab Preparation

So with my post i would try to have a better understanding about the benefits of using the IOU for the preparation of the new lab.

And i would like to ask help out there if any of you guys is already familiar with this tool...

First of all because i've decided to go for the V5 track and the environment will be all virtual as it seems to be.

I've already red some internet docs that talk about the use of the IOU and there is even a web gui designed for it so i don't think it would be particularly hard to set up a home lab. Also the impact on the hardware seems to be less with a big improvement over the performance and the topology size you can run.

What seems to be unclear is the IOS that could be emulated on it; 

Since on the new lab we will have IOS15.3T that it is ISR, i'm not sure IOU can emulate this software as well unless some of you will confirm to me the contrary because i know that IOU run his special images. I never tested a 15.3T image but if i can emulate his features with a 15.0 over a 7200 in dynamips i suppose it would be much more suitable to continue use the GNS3 infrastructure for study.

Any opinion about this topic would be really appreciated. 

Comments

  • Since on the new lab we will have IOS15.3T that it is ISR, i'm not sure IOU can emulate this software as well unless some of you will confirm to me the contrary because i know that IOU run his special images. I never tested a 15.3T image but if i can emulate his features with a 15.0 over a 7200 in dynamips i suppose it would be much more suitable to continue use the GNS3 infrastructure for study.

    Yes, the new version of CCIE R&S will be tested on simulator, not in the real hardware unlike current blueprint configuration section. Since the current version does also have IOU for the troubleshooting section, I found it to be slower than the real hardwares. Otherwise, there is no impact of using IOU if the software used into it does support all the features required by the new version blueprint. 

    As I told earlier, you don't need to worry about the software version if it does support all the features of version 5. It will be helpful for you to build the lab as required without need of paying for the hardware.

    Good luck!

  • Hi Hari thank you for the answer.

    From the official Cisco update that i've found in the blog section i found a relieving answer:


    Candidates who want to prepare using hardware based labs can use the following equipment and Cisco IOS Software Release: 

    • Cisco ISR2900 Series routers running IOS version15.3 T Universal Software release

    • Catalyst 3560X Series switches running IOS version 15.0SE Universal (IPServices) Software release

    Any other hardware platform that can run equivalent Cisco IOS Software version 15 may be used as well.

     

     

  • What I would do is just invest on a good server (dual quad xeons or better with 32+ GB RAM). Then just drop your favorite hypervisor on it and create instances of the latest version of the csr1000v (currently at 3.11). Each instance running the new code only needs 2GB (compared to 4GB with the early 3.9 release) and a single vcore. 

    IOS-XE 3.11 maps to 15.3 

     

     

     

  • Thank you Plucena,

     

    i've appreciated your advise. For the server is not a problem, by the way unfortunatelly i have no Xe IOS to test. What i found useful is only 15.1-4M IOS that seems quite close to the requirements although is not the exact match with the IOS suggested.

     

  • plucena is referring to spinning up a few csr1000v instances whicj runs IOS-XE 3.11 which maps to 15.3 code.  You can download that image from Cisco.  Each instance takes 2GB (I actually think it's 2.5 but either way).  If you have a server with a good amount of memory you can run a few csr1000v instances to play with.

  • I understand what he wanted to mean and it's a good idea but those images are not free downloadable. So was that what i was explaining before. I will try anyway to see if some colleague already has it. Eventually the software can run on both the emulators? (IOU / GNS3)

     

  • Each instance takes 2GB (I actually think it's 2.5 but either way).

    By default it comes pre-configured with 2.5 GB, but you can lower it to 2GB. I have not tested anything lower than this. I have had several instances running on 2GB (a mix of 3.10 and 3.11) and have had no issues with them. Of course, if your server supports 2.5GB per instance and allows you to scale to the total amount of VMs that you need then that will work smoother. 

    This thing supports a very wide range of  features...for me this is a winner =)

     

  • Ok let me understand how you set it up..... so you run it over a virtual machine right? but with GNS3 or IOU? Can you suggest me any kind of doc about that setup? Thanks

  • Its not GNS3, its not IOU...its the CSR1000v! =) This is Cisco's new Cloud Services Router (CSR). It is a VM (you dont run it ontop of a VM...it IS a VM). 

    Check this link:

    http://blog.ine.com/2013/04/18/installing-the-cloud-services-router-csr1000v-in-vmware-fusion/

     

     

     

     

  • oh nice.  Didn't think of trying to lower the memory setting. 

     

    csr1000v runs on a hypervisor (esx, virtualbox, vmware workstation/fusion, etc) just like a normal vm.  This doesn't involve GNS3 or IOU at all.  There's a way to tie the two together though...in other words, you can have your csr1000v "device" speak to devices you may have running in GNS3.  I haven't done it but here's a link to what INE has already gone through:

    http://blog.ine.com/tag/csr1000v/

    Brian M just did an Intro to DMVPN for CCIE R/S v5 candidates and was using a few csr1000v instances.

    I'd like to get more testing done with it but just don't have a machine with enough memory to spin up a few instances.

  • Dan, Plucena ...thanks for the clarifications. It's cool stuff indeed. When you talk about few instances what you mean translated into numbers?  5, 10, 15 ? Because i could raise up probably my machine to 32GB or something close to that. Also i have some external hardware to interconnect to it (switches/routers).  

    Dan, personally i believe that it wouldnt be a good idea to tie together a GNS3 topology and CSR1000V instances as you could risk to overcharge your system as hell unless you were talkin about 2 separate servers. 

     

     

  • It all comes down to memory.  I'm referring to an instance as being a router.  For how many you want to have running depends on your topology.  The more memory on ther server, the more routers you can have running.

  • I even run VPLS on CSR 1000v 3.11 without any problem (ESX 5.5). To be sucessfull you just need to create at least 3 vswitches(without any nic) and put CE1-PE1 in vswitch1, P-PE routers in vswitch2 and, CE2-PE2 routers in vswitch3. Ofcourse, PE routers will have one interface in vswitch2 and one in vsiwtch1 and vswitch3. You can use trunk (VLAN 4095) an off them. This trunks will be separated becase each vswitch is not connected to another <-- for that you configure MPLS L2VPn right ?:)

    One trick must be configured in vswitch 1 and 3, enable FORGED TRANSMIT AND PROMISCOUS MODE, otherwise data plane will not work between CEs

    Happy labbing

     

     

  • One trick must be configured in vswitch 1 and 3, enable FORGED TRANSMIT AND PROMISCOUS MODE, otherwise data plane will not work between CEs

    I've tried running VPLS several times on all versions besides 3.11. Every time the control plane would be fine, but as soon as I would push packets in the data plane, all routers would crash! They would start spitting a bunch of error messages and would reboot. 

    Did this happen to you as well any of the times you tried it?

  • Yes i had this issue, but resolved. You need separate vswitches for CE-PE, PE-P connectivty. I mean if you have 5 routers

    R1 CE, R2 PE, R3 P, R4 PE, R5 CE

    you need to put VMXNET3 Adapter1 of R1 in vswitch1

    you need to put VMXNET3 Adapter1 of R2 n vswitch1

    you need to put VMXNET3 Adapter2 of R2 in vswitch2

    you need to put VMXNET3 Adapter2 of R3 in vswitch2

    you need to put VMXNET3 Adapter2 of R4 in vswitch2

    you need to put VMXNET3 Adapter1 of R4 in vswitch3

    you need to put VMXNET3 Adapter1 ofr R5 in vswitch3

    Using 3 vswitches you separate them completly and can use MPLS or whatever you want to bridge between vswitch3 and vswitch1.

    Then you need enable Promiscous mode and Forged Transmit in vswitch 1 and vswitch 3.After that data plane should work

  • Is there a reason as to why you are using 1 switch for R2/R3/R4? If I was following you correctly, I would have thought that the link between R2-R3 would go in 1 vSwitch, and the link between R3-R4 would go in a separate one. 

    Anyway, I'll give this a try. Thanks!   

  • Hi

    The reason to use R2 R3 R4 interface in vswitch 1 and 3 because of connection to R1 and R5 which are in vswitch 1 and vswitch 3.

    So topology loooks like this

     

    Vswitch1(R1-adapter1, R2 adapter1) - > vswitch2(R2 adapter2, R3 adapter2, R4 adapter2) -> vswitch3(R4 adapter1, R5 adapter1)

    Hope that it works for you, if you want I can present via teamviewer

  • Is it working now for you?

  • Is it working now for you?

    Have not tested it yet. Will let you know as soon as I do =)...actually, I'll give it a whirl right now. 

     

  • It's working =)

     

    CG-CSR1000v-01#show bridge-domain 200 

    Bridge-domain 200 (3 ports in all)

    State: UP                    Mac learning: Enabled

    Aging-Timer: 300 second(s)

        BDI200  (up)

        GigabitEthernet1 service instance 200

        vfi L2 neighbor 2.2.2.2 200

       MAC address    Policy  Tag       Age  Pseudoport

       001E.495E.0CBF to_bdi  static    0    BDI200

       FFFF.FFFF.FFFF flood   static    0    OLIST_PTR:0xeb0bfc50

       001E.BDAC.F0BF forward dynamic   24   L2.100101b

     

     

    CG-CSR1000v-01#show l2vpn vfi 

    Legend: RT=Route-target, S=Split-horizon, Y=Yes, N=No

     

    VFI name: L2, state: up, type: multipoint, signaling: LDP

      VPN ID: 101

      Bridge-Domain 200 attachment circuits:

      Pseudo-port interface: pseudowire100011

      Interface          Peer Address     VC ID        S

      pseudowire100012   2.2.2.2          200          Y

     

     

    CG-CSR1000v-01#show mpls l2transport vc 200 

     

    Local intf     Local circuit              Dest address    VC ID      Status

    -------------  -------------------------- --------------- ---------- ----------

    VFI L2         vfi                        2.2.2.2         200        UP   

     

     

    Thanks for the tip with the multiple switches on the hypervisor =)

  • Good :) i hope you also change settings in vswitch 1 nad 3 to promiscus mode ACCEPT and forgedt transmit to allow data plane to work

  • Good :) i hope you also change settings in vswitch 1 nad 3 to promiscus mode ACCEPT and forgedt transmit to allow data plane to work

    Yeah that bit me...

    I made sure to change it in the PE---P---PE switch, but I forgot to change it on both CE-PE switches. My data-plane was not working at all! I even tried getting connectivity between CE and BDI interface on the local PE but nothing. I even tried to do a simple xconnect to rule out anything wrong with the VPLS config, but still no traffic passing.

    I realised that I had not changed the config on the CE switches. A quick change fixed it right up. 

    Another thing that I realized is that this new 3.11 code is actually 15.4.1S. The release notes show that this release supports the new E-VPN feature. Must test out

  • Good :) i hope you also change settings in vswitch 1 nad 3 to promiscus mode ACCEPT and forgedt transmit to allow data plane to work

    Yeah that bit me...

    I made sure to change it in the PE---P---PE switch, but I forgot to change it on both CE-PE switches. My data-plane was not working at all! I even tried getting connectivity between CE and BDI interface on the local PE but nothing. I even tried to do a simple xconnect to rule out anything wrong with the VPLS config, but still no traffic passing.

    I realised that I had not changed the config on the CE switches. A quick change fixed it right up. 

    Another thing that I realized is that this new 3.11 code is actually 15.4.1S. The release notes show that this release supports the new E-VPN feature. Must test out

  • Hi,

    I'm also labbing VPLS with CSR1kV routers and have created the vswitches to isolate PE-CE interfaces. I'm not able to make the data plane work though.

     

    Here's my setup:

    R1 (PE1) <-> R4 (CE1) vswitch1
    R2 (PE2) <-> R5 (CE2) vswitch2
    R3 (PE3) <-> R6 (CE3) vswitch3
    R1, R2, R3 vswitch4

    all switches have been set to accept promiscuous and forged transmits and all vlans as my goal is to take whatever vlan tag from CE over the VPLS in just one VFI.

    Here's my config:

    !R1 (PE1):

    l2vpn vfi context PE1-VPLS-AU 

     vpn id 100

     member 2.2.2.2 encapsulation mpls

     member 3.3.3.3 encapsulation mpls

    bridge-domain 100 

     member GigabitEthernet2 service-instance 100

     member vfi PE1-VPLS-AU

    interface GigabitEthernet1

     ip address 10.0.123.1 255.255.255.0

     negotiation auto

     mpls ip

    interface GigabitEthernet2

     no ip address

     negotiation auto

     service instance 100 ethernet

      encapsulation dot1q 100

     !

    mpls ldp router-id Loopback1 force

     

    !R2 (PE2):

    l2vpn vfi context PE2-VPLS-AU 

     vpn id 100

     member 1.1.1.1 encapsulation mpls

     member 3.3.3.3 encapsulation mpls

    bridge-domain 100 

     member GigabitEthernet2 service-instance 100

     member vfi PE2-VPLS-AU

    interface GigabitEthernet1

     ip address 10.0.123.2 255.255.255.0

     negotiation auto

     mpls ip

    interface GigabitEthernet2

     no ip address

     negotiation auto

     service instance 100 ethernet

      encapsulation dot1q 100

     !

    mpls ldp router-id Loopback1 force

     

    ! R3 (PE3):

    l2vpn vfi context PE3-VPLS-AU 

     vpn id 100

     member 1.1.1.1 encapsulation mpls

     member 2.2.2.2 encapsulation mpls

    bridge-domain 100 

     member GigabitEthernet2 service-instance 100

     member vfi PE3-VPLS-AU

    interface GigabitEthernet1

     ip address 10.0.123.3 255.255.255.0

     negotiation auto

     mpls ip

    interface GigabitEthernet2

     no ip address

     negotiation auto

     service instance 100 ethernet

      encapsulation dot1q 100

     !

    mpls ldp router-id Loopback1 force

     

    !R4 (CE1)

    interface GigabitEthernet1

     no ip address

     negotiation auto

    interface GigabitEthernet1.10

     encapsulation dot1Q 10

     ip address 10.10.10.4 255.255.255.0

     

     

    !R5 (CE2)

    interface GigabitEthernet1

     no ip address

     negotiation auto

    interface GigabitEthernet1.10

     encapsulation dot1Q 10

     ip address 10.10.10.5 255.255.255.0

     

    !R6 (CE3):

    interface GigabitEthernet1

     no ip address

     negotiation auto

    interface GigabitEthernet1.10

     encapsulation dot1Q 10

     ip address 10.10.10.6 255.255.255.0

     

     

    I'm not able to ping between CEs

     

    Any help is greatly appreciated. Thanks.

     

    /JZ

  • I fixed it... Made a topo in my encapsulations...

Sign In or Register to comment.