Saturday, July 19, 2014

IOU Forbidden Fruit

Those who try to study networking technologies sooner or later want to test what they have learned through implementations. 

Let's assume that you are a user of big C products, then you will have bunch of choices:
  • Experiment by testing solutions on the production network. This is the shortest way to get fired. DO NOT DO THAT!
  • Get yourself a lab (on ebay there are tons of stuff), but when you power up 12 devices at home, the noise they generate may complicate your family life. After first electricity bill you can require a medical care as well.
  • Use Packet Tracer software which a lot of students use to get their CCNA certificate. However, this is the simulator and not an emulator of the actual operating system. As such it will have inevitable shortcomings (it does not have all the features of real OS).
  • GNS3, which consists of dynamips supervisor allowing to run actual operating system such as IOS, JunOS, ASA operating system. This is my favorite emulator as it brings me as close to the real router as it gets. One downside of GNS3 is the fact that switch can only be emulated by using a router with virtual NM-16ESW module. It does not support all the features a regular switch implements and syntax is a little bit different too.
  • IOU which stands for IOS on UNIX, with alleged implementation of the same software running on Linux operating system. The major difference between this and GNS3 is that IOU is supposed to be very light on your computer compared to resource greedy GNS3.
I wanted to find out more about the last one, so I went ahead and spent some time on digging information up on the NET. What follows are a few findings which I have decided to compile in one post to give you an overall picture of what it is.

This article is only for educational purpose.
The IOU software is owned by Cisco and only authorized people can use it.
You have been warned!

As for the basic information about the IOU, I have found the article published by Jeremy L. Gaddis from http://evilrouters.net. That was my starting point of a search for more information. The article can be found here. The 'Legal Warning' mentioned in Jeremy's post applies here as well. 

Cisco uses this software offering virtual labs for CCNA/CCNP/CCIE candidates for a relatively affordable price. Anyone who doesn't have access to lab and is interested in getting certificate should consider purchasing their virtual lab products.

Okay, let's get to the point of this post. I understand, that there are few files involved in IOU installation:
  • L3 Image: router emulator (operating system image)
  • L2 Image: switch emulator (operating system image)
  • Linux Wrapper: this script allows to run multiple instances of routers and switches
  • IOU Licence: text file named 'iourc' containing C1sc0 licence allowing to use the product
  • NETMAP File: a text file describing how routers and switches are interconnected.
After few weeks of collecting bits and pieces of information here is what I have found. 

Linux Operating System Library Fix

NOTE
In new Ubuntu/Mint distributions the necessary library cannot be installed via repository.
You need to download and install it manually using the following command:

$ sudo dpkg -i libssl0.9.8

Library can be downloaded at:

If you use older distributions you can install the library using apt-get command as shown below:

$ sudo apt-get install libssl0.9.8

Then, create a symbolic link (first find where the library is installed):

$ sudo find / -name libcrypto.so.0.9.8


The result should point the directory where the lib was installed:
/lib/i386-linux-gnu/libcrypto.so.0.9.8

Create a symlink accordingly (folder where the lib was found):
$ sudo ln -s /lib/i386-linux-gnu/libcrypto.so.0.9.8 /lib/i386-linux-gnu/libcrypto.so.4
(The above ln command is one line)

Cisco Licence to Run the Software

Of, course I can't help you with obtaining licence or images!

The licence is a text file named 'iourc', that must be placed in the folder where the lab will be used. For instance:

$ mkdir ~/lab
$ copy iourc ~/lab

L3 Image, L2 Image and Wrapper Software

Then, I understand the images should be placed in the same folder (where L3-image and L2-mage are actual files):

$ cp L3-image ~/lab
$ cp L2-image ~/lab
$ cp linux-wrapper ~/lab
$ cd ~/lab

Start Router

The topology, according to the sources on the Internet, is a text file called NET. One can assume that IOU image will use this file to connect virtual routers and switches together. However, creating such topology requires understanding of IOU image will reference particular interfaces.

For example, R1 can have one module with four Ethernet interfaces and one with four Serial interfaces. Let's assume that Ethernet will be the first module with interfaces numbered eth0/0, eth0/1, eth0/2, and eth0/3. The serial will be the second module with interfaces numbered ser1/0, ser1/1, ser1/2, and ser1/3. In order to start R1 with these, the wrapper would use this command (both wrapper and L2/L3 images must be executable files: 

chmod +x L3-image L2-image wrapper):

$ cd ~/lab
$ ./wrapper -m L3-image -p 2001 -- -e1  -s1 1

Explanation:

./wrapper: executes wrapper with options that follow
- m: image-name
- p: port number for telnet access (here port 2001)
--: (double dash) passes the arguments to IOU image
- e1: router will have the first module with four ethernet ports
- s1: router will have the second module populated with four serial interfaces
1: ID of IOS instance 

NET Map Topology Example

So, if I am correct it is possible to create a simple topology file looking like this:


Pic. 1 - Example of Topology.



Assuming that:

R1 has ID=1, port 2001
R2 has ID=2, port 2002
SW1 has ID=3, port 2003  
SW3 has ID=4, port 2004

Then, the NETMAP file content would have to be:

# SW1 to SW2 Connections
3:0/1 4:0/1
3:0/2 4:0/2

# SW1 to R1 Connection
3:0/0 1:0/0

# R1 to R2 Ethernet Connection
1:0/1 2:0/1

# R1 to R2 Serial Connection
1:1/0 2:1/0

Starting Topology

Script starting the above topology could be the file placed in the same ~/lab folder and be named: enable.sh.

#!/bin/bash
#
# Script Starting Example Topology

########### ROUTERS ###########
#R1
~/lab/wrapper -m ~/lab/L3-image -p 2001 -- -e1 -s 1 1 &
sleep 1s

#R2
~/lab/wrapper -m ~/lab/L3-image -p 2002 -- -e1 -s 1 2 &
sleep 1s

########### SWITCHES ###########
#SW1
~/lab/wrapper -m ~/lab/L2-image -p 2003 -- -e1 -s0 3 &
sleep 1s

#SW2
~/lab/wrapper -m ~/lab/L2-image -p 2004 -- -e1 -s0 4 &

sleep 1s

Activating routers would be a simple command:

$ cd ~/lab
$ ./start.sh

Accessing Devices in IOU

Accessing script could be placed in the same folder ~/lab, and be named: telnet.sh. It's content could use gnome-terminal to access all devices in one window with tabs (that's what I use for GNS3 in my linux).

#!/bin/sh
gnome-terminal \
--tab-with-profile=Router -t R1 -e 'telnet localhost 2001' \
--tab-with-profile=Router -t R2 -e 'telnet localhost 2002' \
--tab-with-profile=Router -t SW1 -e 'telnet localhost 2003' \
--tab-with-profile=Router -t SW2 -e 'telnet localhost 2004' \

NOTE
For some reason the new Linux distro's gnome-terminal does not allow tabs. You can install mate-terminal instead:

$ sudo apt-get install mate-terminal

Then in the startup script, change the first line that reads
gnome-terminal\ 
into 
mate-terminal \

That should do it.

Accessing the lab would be easy by this command:

$ cd ~/lab
$ ./telnet.sh

Shutting Down the Lab

That could be the third script named: shutdown.sh, looking like this:

#!/bin/sh
ps -ef | grep [w]rapper | awk '{ print $2 }' | xargs kill

exit 0




Cisco Is Easy - Main

  Cisco Basics (CCNA level)  Lessons: Watch Video Tutorials on Youtube 01 - Connecting to Cisco Console Port with MINICOM 02 - Navigatin...