Building INE's RSv5 topology on CSR1000v

Use this thread for discussion on building INE's CCIE RSv5 topology using the Cloud Services Router 1000v (CSR1000v).

Details of INE's RSv5 topology can be found here.

Details on CSR1000v can be found here.

Check the CSR1000v Data Sheets for specific platform requirements.

This thread is a continuation of the original RSv5 build thread that can be found here.

PLEASE DO NOT POST REQUESTS FOR IOS IMAGES, IT IS ILLEGAL TO PROVIDE YOU WITH THEM UNLESS YOU ALREADY HAVE A VALID CISCO SERVICE CONTRACT.

«13456713

Comments

  • Hey Brian - in an earlier post you mentioned a quick way to replace configs:

     config replace tftp://10.0.0.100/config/r1.txt (Or whatever the file is).

    I've not used this cmd before so just tried it (from a csr1000v to a windows server running ftp):

    R1#config replace ftp://uname:[email protected]/r1.txt
    This will apply all necessary additions and deletions
    to replace the current running configuration with the
    contents of the specified configuration file, which is
    assumed to be a complete configuration, not a partial
    configuration. Enter Y if you are sure you want to proceed. ? [no]: Y
    Loading r1.txt !
    [OK - 895/4096 bytes]

    Loading r1.txt !
    [OK - 895/4096 bytes]


    %The input file is not a valid config file.

     

    Is there something stupid that I'm missing?  (the .txt files are from your zip).

  • just an update to this. 

    I copied the current running config from R1 to the ftp server and tried to config replace using it

    R1#configure replace ftp://uname:pwd155.1.5.100/running-config
    This will apply all necessary additions and deletions
    to replace the current running configuration with the
    contents of the specified configuration file, which is
    assumed to be a complete configuration, not a partial
    configuration. Enter Y if you are sure you want to proceed. ? [no]: y
    Loading running-config !
    [OK - 2262/4096 bytes]

    Loading running-config !
    [OK - 2262/4096 bytes]

    Total number of passes: 0
    Rollback Done

     

    It worked.   Which kind of makes me think that there is something "config replace" doesnt like with the zip .txt files?

  • This is one of two problems.  It’s either that the file is in DOS format and the router wants it in Unix format (not sure exactly what the encoding difference is called), or the configs file is missing the proper header or trailer.

     

    To see exactly what’s missing copy your current running configs to tftp, and then open the file in a text editor.  Take out as much as you can from the middle but leave the header that has the IOS version name, and the trailer that has the “! end”.  Then try to config replace back from TFTP to the router.

     

    Once you find out exactly what’s missing from my text files I can bulk edit them all to fix the problem in one fell swoop to save you guys some time.

     

    Brian McGahan, 4 x CCIE #8593 (R&S/SP/SC/DC), CCDE #2013::13

    [email protected]

     

    Internetwork Expert, Inc.

    http://www.INE.com

     

    From: [email protected] [mailto:[email protected]] On Behalf Of ukwill
    Sent: Friday, May 23, 2014 12:22 PM
    To: Brian McGahan
    Subject: Re: [hardware] Building INE's RSv5 topology on CSR1000v

     

    Hey Brian - in an earlier post you mentioned a quick way to replace configs:

     config replace tftp://10.0.0.100/config/r1.txt (Or whatever the file is).

    I've not used this cmd before so just tried it (from a csr1000v to a windows server running ftp):

    R1#config replace ftp://uname:[email protected]/r1.txt
    This will apply all necessary additions and deletions
    to replace the current running configuration with the
    contents of the specified configuration file, which is
    assumed to be a complete configuration, not a partial
    configuration. Enter Y if you are sure you want to proceed. ? [no]: Y
    Loading r1.txt !
    [OK - 895/4096 bytes]

    Loading r1.txt !
    [OK - 895/4096 bytes]


    %The input file is not a valid config file.

     

    Is there something stupid that I'm missing?  (the .txt files are from your zip).




    INE - The Industry Leader in CCIE Preparation
    http://www.INE.com

  • I found the problem but I don't yet know how to fix it, as my perl-fu is not that great.  Each text file needs to following prepended to it:

    "!

    version 15.4

    !"

    and the following appended to it:

    "!

    end

    "

    The problem is I don't know how to match START OF FILE (SOF) and END OF FILE (EOF) with a regex in order to insert the strings.  Anyone have suggestions on how to do this?

  • Thanks for the swift response Brian - my racks off for the evening now but I'll pick this up again tomorrow.    In the meantime, if anyone comes up with a quick solution for bulk edits, even better.

  • I have my scripting guys working on it.  I'll post the fix soon.

  • This should fix it.  Let me know if it works and I'll post this as the new public archive on the members site: https://www.dropbox.com/s/3ugu2ke5ojw9zhc/ine.ccie.rsv5.workbook.initial.configs.tftp.redo.zip

  • Cool - that's done the job (output from test below) - thanks.    A couple of things I noted:

    If you already have interfaces configured, the config/replace process only appears to remove the config - it doesnt replace (see output below) (I just copy/pasted the interface config once I had run the process, but I imagine this wouldnt be so nice if you had dozens of racks!) - it appears that this happens because the process removes/replaces the vlan encap on the interfaces(?)

    also, you might want to add "platform console serial" into the default csr1000v specific configs - if you don't the config/replace will remove it, meaning that you will not be able to console in (after a reload) until you go into the esx vm console and re-add it.

    R2#config replace ftp://uname:[email protected]/r2.txt
    This will apply all necessary additions and deletions
    to replace the current running configuration with the
    contents of the specified configuration file, which is
    assumed to be a complete configuration, not a partial
    configuration. Enter Y if you are sure you want to proceed. ? [no]: y
    Loading r2.txt !
    [OK - 783/4096 bytes]

    Loading r2.txt !
    [OK - 783/4096 bytes]

    Overwriting with a file sized 50% or less than running config's. Proceed? [no]:
    Rollback:Acquired Configuration lock.y
    % IP addresses 169.254.100.2 and FE80::20C:29FF:FE62:8192 will be removed from GigabitEthernet1.100 due to removal of VLAN encapsulation.
    % IP addresses 155.1.23.2 and FE80::20C:29FF:FE62:8192 will be removed from GigabitEthernet1.23 due to removal of VLAN encapsulation.
    A system RELOAD is required before templating state change
    A system RELOAD is required before templating state change
    % IP addresses 169.254.100.2 and FE80::20C:29FF:FE62:8192 will be removed from GigabitEthernet1.100 due to removal of VLAN encapsulation.
    % IP addresses 155.1.23.2 and FE80::20C:29FF:FE62:8192 will be removed from GigabitEthernet1.23 due to removal of VLAN encapsulation.
    A system RELOAD is required before templating state change
    A system RELOAD is required before templating state change
    % IP addresses 169.254.100.2 and FE80::20C:29FF:FE62:8192 will be removed from GigabitEthernet1.100 due to removal of VLAN encapsulation.
    % IP addresses 155.1.23.2 and FE80::20C:29FF:FE62:8192 will be removed from GigabitEthernet1.23 due to removal of VLAN encapsulation.
    A system RELOAD is required before templating state change
    The rollback configlet from the last pass is listed below:
    ********
    !List of Rollback Commands:
    default ip http secure-server
    default ip http server
    no ip forward-protocol nd
    interface GigabitEthernet3
     no negotiation auto
    interface GigabitEthernet2
     no negotiation auto
    interface GigabitEthernet1.100
     no encapsulation dot1Q 100
    interface GigabitEthernet1.23
     no encapsulation dot1Q 23
    interface GigabitEthernet1
     no negotiation auto
    redundancy
     no mode none
    no redundancy
    no spanning-tree extend system-id
    no license udi pid CSR1000V sn 90AVTA5EM16
    no multilink bundle-name authenticated
     --More--
    %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
    %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = csr1000v Next reboot level = limited and License = No valid license found
    %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down
    %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1, changed state to down
     --More--
    %LINK-3-UPDOWN: Interface GigabitEthernet1, changed state to up
    %LINK-3-UPDOWN: Interface GigabitEthernet2, changed state to up
    %LINK-3-UPDOWN: Interface GigabitEthernet3, changed state to up
    %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1, changed state to up
    %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2, changed state to up
     --More--
    %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet3, changed state to up
    no subscriber templating
    no boot-end-marker

    no boot-start-marker

    no platform console virtual
    default platform punt-keepalive disable-kernel-core
    enable
    configure terminal
    ip routing
    interface GigabitEthernet1
     no shutdown
    interface GigabitEthernet1.23
     encapsulation dot1q 23
    interface GigabitEthernet1.100
     encapsulation dot1q 100
    line con 0
     no login
    end
    ********


    Rollback aborted after 5 passes
    The following commands are failed to apply to the IOS image.
    ********
    no mode none
    no redundancy
    no spanning-tree extend system-id
    enable
    configure terminal
    ********


    <snip of interfaces after config/replace - showing no ip addressing>

    R2#
    interface GigabitEthernet1
     no ip address
     no negotiation auto
     cdp enable
    !
    interface GigabitEthernet1.23
     encapsulation dot1Q 23
    !
    interface GigabitEthernet1.100
     encapsulation dot1Q 100
    !
    interface GigabitEthernet2
     no ip address
     no negotiation auto

  • DennisDDennisD ✭✭

    also, you might want to add "platform console serial" into the default csr1000v specific configs - if you don't the config/replace will remove it, meaning that you will not be able to console in (after a reload) until you go into the esx vm console and re-add it.

    Adding that would be a problem for me as I do not use serial console.

  •  

    Yes - should be added with a caveat.  If people have followed INEs "how-to" guide to set the CSRs up then they will be using serial console via esx, and so config/replace will affect them.

  • Try doing config replace to blank.cfg and then doing just a normal copy tftp run instead then.

     

    Brian McGahan, 4 x CCIE #8593 (R&S/SP/SC/DC), CCDE #2013::13
    [email protected]
     
    Internetwork Expert, Inc.
    http://www.INE.com

     

    From: [email protected] [mailto:[email protected]] On Behalf Of ukwill
    Sent: Saturday, May 24, 2014 9:58 AM
    To: Brian McGahan
    Subject: Re: [hardware] RE: Building INE's RSv5 topology on CSR1000v

     

     

    Yes - should be added with a caveat.  If people have followed INEs "how-to" guide to set the CSRs up then they will be using serial console via esx, and so config/replace will affect them.




    INE - The Industry Leader in CCIE Preparation
    http://www.INE.com

  • Hi,

    I just wanted to ask a quick question about CSR1000v and oversubscription. Yesterday Brian mentioned that it coud be possible to run a higher number of CSR instances than it comes out of amount of RAM installed.

    I only have 32 GB of RAM in my ESXi box and I can run 12 instances without a problem (2.5 GB x 12 < 32 GB).

    Anybody tried running oversubscribed CSRs on a ESXi baremetal box? How many instances would it be possible to run with 32 GB of RAM?

  • I'm using hp dl360 g7 with 28gb running esxi i was able to run 12 csr v1000 without any issues.

     

  • Do you have free CPU still? Just keep booting more instances and see what happens. Still give them 2.5GB RAM and it'll just swap the ram to disk. 

    Brian McGahan, 4 x CCIE #8593 (R&S/SP/SC/DC), CCDE #2013::13
    [email protected]
     
    Internetwork Expert, Inc.
    http://www.INE.com

    On May 25, 2014, at 10:11 AM, "martino" <[email protected]> wrote:

    Hi,

    I just wanted to ask a quick question about CSR1000v and oversubscription. Yesterday Brian mentioned that it coud be possible to run a higher number of CSR instances than it comes out of amount of RAM installed.

    I only have 32 GB of RAM in my ESXi box and I can run 12 instances without a problem (2.5 GB x 12 < 32 GB).

    Anybody tried running oversubscribed CSRs on a ESXi baremetal box? How many instances would it be possible to run with 32 GB of RAM?




    INE - The Industry Leader in CCIE Preparation


    http://www.INE.com



  • What exactly is the advantage of copying the configs tp/from TFTP?

    I guess the only benefit is keeping the configs off the CSR themselves?

    In my case I just copy from the running config to the flash with a suitable name, i.e.

    dmvpn.cfg on each CSR
    or
    ipsecvpn.cfg, initialbgp.cfg - you get the idea.

    Any thoughts?

  • Hi Brian,

    Since the setup would run many of the same appliance, do you think that we can leverage vmware Transparent Page Sharing which is basically deduplication for memory by disabling Large Page on the guest VM ?

    Large Pages can be disabled on the ESXi Host under Advanced Settings -> Mem -> Mem.AllocGuestLargePage and change it to 0

    keep in mind that this shouldn't be used if performance is key but in a lab environmment that should be ok.

    Thanks

    Adel

     

     

  • That I don't know, but it sounds like an interesting proposition. Try it out and see what happens. 

    Brian McGahan, 4 x CCIE #8593 (R&S/SP/SC/DC), CCDE #2013::13
    [email protected]
     
    Internetwork Expert, Inc.
    http://www.INE.com

    On May 25, 2014, at 2:20 PM, "adelm" <[email protected]> wrote:

    Hi Brian,

    Since the setup would run many of the same appliance, do you think that we can leverage vmware Transparent Page Sharing which is basically deduplication for memory by disabling Large Page on the guest VM ?

    Large Pages can be disabled on the ESXi Host under Advanced Settings -> Mem -> Mem.AllocGuestLargePage and change it to 0

    keep in mind that this shouldn't be used if performance is key but in a lab environmment that should be ok.

    Thanks

    Adel

     

     




    INE - The Industry Leader in CCIE Preparation


    http://www.INE.com



  • @Brian

    Yeah, I do have some free CPU, will try to boot more instances and see what happens.

    In the meantime I tried what Adel suggested and memory usage dropped from ~30 GB to ~16 GB (running 10 instances of CSRs and 2x Linux VMs). I'm not sure how this will affect performance/stability, but I'm just about to start labbing so I'll find out :)

  • Hi Brian,

    Since the first thread on physical lab was closed I'm asking here - some is more general questions.

    1. The CSR1000v uses IOS XE; how much different is that from the IOS 15.x in the lab?

    2. Is it possible to do full scale labs without the switches? I know that I wont be able to do the L2 tasks, but will it possible to solve all L3 tasks.

    3. There is a lot more initial configurations for the v5 workbook, than with the v4. Is it going to remain like this, or will they be merged? 

    - Ronni

  • could CSR 1000v work on GNS3 ??

  • @Brian

    Yeah, I do have some free CPU, will try to boot more instances and see what happens.

    In the meantime I tried what Adel suggested and memory usage dropped from ~30 GB to ~16 GB (running 10 instances of CSRs and 2x Linux VMs). I'm not sure how this will affect performance/stability, but I'm just about to start labbing so I'll find out :)

    Wow, that is quite some saving. I'll try this too and see how I get on!  Should be able to get 20 instances fairly easy with 32GB RAM and help minimize disk swapping. In the meantime I ordered a 480GB SSD for my ESX Server to run all my VM's on... /grin

    EDIT:


    So I've tried this and started up 20 CSR instances. "Active for" value in ESX = 6.5GB. Shared common = 1.5GB (So some memory is being shared) though granted for reads 55GB :D and consumed for = 27GB. I'm running 2 other VM's too. Seems to make an improvement on memory consumption, I'm only swapping 600MB.

  • i have every thing running great on the ESXi i have 20 routers :)  but i have few quistions maybe someone can help me with:

     

     

    1. is there an easy way to load the initial confing for the v5 config when i'm working on the workbook. because i can't copy and past to the vm console.
    2. i also have hardware 3x2811 and 3x1841 which i can access useing the access server (2511) and port forwarding. but how do i access the CSR remotely other then using the VM console. most of the time i go to a coffee shop to study i dont want to go through the vsphere client.
    thank you all for sharing.

     

  • DennisDDennisD ✭✭

    Setup network access via SSH or telnet on a high port.  I use SSH. 

     

    ip vrf MGMT

     rd 22:22

    !

    username JohnSmith privilege 15 secret 5 XXXX

    !

    ip ssh port 5122 rotary 22

    ip ssh version 2

    !

    interface GigabitEthernet1

     no ip address

     shutdown

     negotiation auto

    !

    interface GigabitEthernet2

     no ip address

     shutdown

     negotiation auto

    !

    interface GigabitEthernet3

     description !!---DO-NOT-MODIFY---!!

     ip vrf forwarding MGMT

     ip address 192.168.XXX.101 255.255.255.0

     negotiation auto

    !

    ip route vrf MGMT 0.0.0.0 0.0.0.0 192.168.XXX.1

    !

    line con 0

     stopbits 1

    line vty 0 4

     login

    line vty 5 9

     exec-timeout 0 0

     privilege level 15

     login local

     rotary 22

     autocommand  terminal monitor

     autocommand-options nohangup

     transport input ssh

  • shahidshahid ✭✭

    @Malsaie

    Look at the following post for console access on esxi

    http://ieoc.com/forums/p/29291/240929.aspx#240929

    Shahid Najee-ullah

    On May 26, 2014 9:42 AM, "Malsaie" <[email protected]> wrote:

    i have every thing running great on the ESXi i have 20 routers :)  but i have few quistions maybe someone can help me with:

     

    1. is there an easy way to load the initial confing for the v5 config when i'm working on the workbook. because i can't copy and past to the vm console.
    2. i also have hardware 3x2811 and 3x1841 which i can access useing the access server (2511) and port forwarding. but how do i access the CSR remotle other then using the VM console. most of the time i go to a coffee shop to study i dont want to go through the vsphere clint.
    thank you all for sharing.




    INE - The Industry Leader in CCIE Preparation



    http://www.INE.com



  • This should fix it.  Let me know if it works and I'll post this as the new public archive on the members site: https://www.dropbox.com/s/3ugu2ke5ojw9zhc/ine.ccie.rsv5.workbook.initial.configs.tftp.redo.zip

     

    Brian,

    I am looking to get the initial configs that you corrected for CSR1000v.  Your Dropbox link is dead, perhaps I am blind but where is the public archive?

  •  

    1. is there an easy way to load the initial confing for the v5 config when i'm working on the workbook. because i can't copy and past to the vm console.

     

     

    I use SecureCRT and the method that Brian used in the INE Intro video on Sat: -

    1. Take a blank router (or wr erase one)
    2. copy running-config flash:blank.cfg
    3. drag and drop the relevant config to the SecureCRT window, then ASCII mode to paste in a new config
    4. copy running-config mynewconfig.cfg

    So if ever I want to revert to a blank config: -

    5. config replace flash:blank.cfg

    Takes a few seconds - I've loaded up a few configs now. With the "Send commands to all routers" - I can load up any lab in a few keystrokes. Much, much easier than the physical v4 lab I had bothered to build. Anyone after some 2600's? :D

  • IOS XE 3.9 is IOS 15.4S.  XE just means that the IOS process (IOSd) runs in a virtualization layer as opposed to directly on the bare metal box.  As far as I understand it, all platforms are moving to XE in the future, as IOS is now considered legacy.  For example newer boxes like Catalyst 3850 run XE, and I believe the next generation branch routers (ISR G3) will also be XE based.

     

    Within the scope of the lab though, it doesn’t really matter if you run regular IOS or IOS XE, as long as you have a new enough code train with the correct licenses.  So far there’s not a single feature I’ve tested on the CSR1000v that isn’t supported in the core, and more importantly that doesn’t work.

     

    As far as the full scale labs you technically don’t need the L2 switches.  You could just take the initial configs we’ll be using for the switches and then change the interface numbering to make it a CSR.  You lose the layer 2 specific features, layer 3 is really where the important stuff is.

     

    Brian McGahan, 4 x CCIE #8593 (R&S/SP/SC/DC), CCDE #2013::13

    [email protected]

     

    Internetwork Expert, Inc.

    http://www.INE.com

     

    From: [email protected] [mailto:[email protected]] On Behalf Of rofe
    Sent: Monday, May 26, 2014 2:22 AM
    To: Brian McGahan
    Subject: Re: [hardware] Building INE's RSv5 topology on CSR1000v

     

    Hi Brian,

    Since the first thread on physical lab was closed I'm asking here.

    1. The CSR1000v uses IOS XE; how much different is that from the IOS 15.x in the lab?

    2. Is it possible to do full scale labs without the switches? I know that I wont be able to do the L2 tasks, but will it possible to solve all L3 tasks.

     

    - Ronni




    INE - The Industry Leader in CCIE Preparation
    http://www.INE.com

  • Yes but I wouldn’t recommend to do it this way. If you’re short on physical server resources then just run the IOS or IOU/IOL images in GNS3.

     

    Brian McGahan, 4 x CCIE #8593 (R&S/SP/SC/DC), CCDE #2013::13

    [email protected]

     

    Internetwork Expert, Inc.

    http://www.INE.com

     

    From: [email protected] [mailto:[email protected]] On Behalf Of oudmaster
    Sent: Monday, May 26, 2014 4:26 AM
    To: Brian McGahan
    Subject: Re: [hardware] Building INE's RSv5 topology on CSR1000v

     

    could CSR 1000v work on GNS3 ??




    INE - The Industry Leader in CCIE Preparation
    http://www.INE.com

  • Oh yeah. Using my old Console-to-usb adapters I was able to connect my Hardware switch consoles to the USB ports of my ESX server. I then installed a USB controller and the USB ports to the Wireshark VM Im running and installed serv2net as described here.

    http://mellowd.co.uk/ccie/?tag=ser2net

     

    This VM also has a second interface connected to my local LAN so I am good to go! Can now pull up all devices in SecureCRT from anywhere!!

  • Hello Brian.

    My question not about CSR100v, but it's close to it.

    What about vIOS, from OnePK project. Could we use it instead CSR1000v? It's need only 512 Mb RAM, and as I know support all need functions.

    I tried boot it under ESXi, but get some problem with software compability.

    P.S. If you interested I could post here my experience with vIOS.

Sign In or Register to comment.