Andrea, the guy behind the great IOU-WEB, has released Unetlab (Unified Networking Lab). It's still in beta at the moment, but I thought I would have a look.
Even though I have not finished my CCIE R&S yet, I am looking towards the Service Provider CCIE, which I plan to do straight after the R&S. With the SP track (as it stands at the moment), you need to get your hands on the XRv. This will run, happily, on ESXi, and can be connected to IOU, or even into GNS3 (using VirtualBox). I had started to play around with this, but it's not exactly the easiest thing in the world. So I was very pleased when Unetlab came out, as everything can be within one environment.
So I decided to get my hands dirty and have a go.
I am using an ESXi server, with 32GB ram, but it'll run in VMWare player, workstation, Fusion, and VirtualBox as well.
Once I had downloaded it (its about 300Mb give or take), and imported it into ESXi, I followed the Unetlab install guide. It's a simple process, and you are guided through it. It's well worth doing an update as well to get the home page displayed below.
The interface is sparse (at the moment, remember this is a beta), but has everything that I need at the moment.
My first step was to import the IOU images. The caveat here is that you need to generate the IOU license, I won't go into details, but it's easy to google how to do this. The only gotcha I came across was that the images must have a .bin extension - so make sure that you add this first.
Following the install doc I copied the files, using FileZilla, to /opt/unetlab/addons/iol/bin, and fixed the permissions using the command "/opt/unetlab/wrappers/unl_wrapper -a fixpermissions". Then I went back into the gui and created my first lab.
From the Actions menu, I create a new lab, and call it IOL test
From the Actions menu, I then create a network:
Then I add a Node, also from the Actions menu:
I add 2 nodes, and from the drop down select an IOL image (that I have already uploaded through FileZilla):
My two nodes appear on the screen:
I then right click on a node, and select "Interfaces", and point R1 to use the network I just created:
My first node is added to the network
I then repeat on R2, and my two nodes are connected:
From the Actions menu I then select "Open this Lab", and now I can start my two routers:
Give them a few minutes to fire up, assign an IP address, and all works well:
So far memory usage is pretty good (remember that this is on a 4GB VirtualBox VM):
Let's add the XRv image.
This is slightly more complex, but again the documentation for importing XRv into Unetlab explains every step.
Now I can add multiple XRv routers, and connect them to the IOU images.
I am going to edit my original lab, so we need to go to the Actions menu, and select "Edit this lab":
Connect to interfaces to our network
Going back to the Actions menu, select Open this lab, and start the router. Here I did see an error, but after a few attempts, it did start:
Memory usage has now pretty much hit the ceiling, as the XRv takes quite a chunk (3GB), but nonetheless, it serves to prove that the system works. Adding more memory is clearly required here if you want to run a decent sized topology with a range of devices.
It takes a long time for the XRv to fire up, again this is down to the memory I have available, it worked much better on my ESXi server, but it does work:
It's a little untidy at the moment, so let's do a bit of reconfiguration:
We'll add a new network, and set the XRv to use this, as well as moving the E0/1 interface of both the IOL routers to use this:
Now the topology looks much cleaner!
Still, let's clean it up even more, and add another network, and reconfigure it a bit:
Much cleaner!
CDP looks a bit funky, and pings don't work, but then I think I just need to play around with it a bit. It's only my first real go at playing with this, so there are bound to be teething troubles!
With this in mind, I shut everything down, and fired them all up again. Now things look much better:
RP/0/0/CPU0:XRv-1(config)#interface Gi0/0/0/0
RP/0/0/CPU0:XRv-1(config-if)#ipv4 address 10.1.1.1 255.255.255.0
RP/0/0/CPU0:XRv-1(config-if)#cdp
RP/0/0/CPU0:XRv-1(config-if)#no shut
RP/0/0/CPU0:XRv-1(config-if)#int gi 0/0/0/1
RP/0/0/CPU0:XRv-1(config-if)#ipv4 address 10.1.2.1 255.255.255.0
RP/0/0/CPU0:XRv-1(config-if)#cdp
RP/0/0/CPU0:XRv-1(config-if)#no shut
RP/0/0/CPU0:XRv-1(config-if)#exit
RP/0/0/CPU0:XRv-1(config)#cdp
RP/0/0/CPU0:XRv-1(config)#commit
RP/0/0/CPU0:XRv-1(config)#exit
RP/0/0/CPU0:XRv-1#sh ip int bri
Wed Feb 18 13:18:20.485 UTC
Interface IP-Address Status Protocol
MgmtEth0/0/CPU0/0 unassigned Shutdown Down
GigabitEthernet0/0/0/0 10.1.1.1 Up Up
GigabitEthernet0/0/0/1 10.1.2.1 Up Up
GigabitEthernet0/0/0/2 unassigned Shutdown Down
RP/0/0/CPU0:XRv-1#ping 10.1.1.2
Wed Feb 18 13:18:26.475 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/61/279 ms
RP/0/0/CPU0:XRv-1#ping 10.1.2.2
Wed Feb 18 13:18:32.994 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/9/29 ms
RP/0/0/CPU0:XRv-1#sh cdp neigh
Wed Feb 18 13:22:11.959 UTC
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
R1 Gi0/0/0/0 163 R Linux Uni Et0/1
R2 Gi0/0/0/1 138 R Linux Uni Et0/1
RP/0/0/CPU0:XRv-1#
R2#sh ip int bri | e unas
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 192.168.1.2 YES NVRAM up up
Ethernet0/1 10.1.2.2 YES NVRAM up up
R2#ping 10.1.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/7/14 ms
R2#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
R2#
R1#sh ip int bri | e unas
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 192.168.1.1 YES NVRAM up up
Ethernet0/1 10.1.1.2 YES NVRAM up up
R1#ping 192.168.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/6 ms
R1#ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 7/8/10 ms
R1#
There we have it, two IOL routers, one XRv router, all communicating happily, all contained within one environment.
Where Unetlab is superb, is that everything is within the same environment. There is no mucking about with creating multiple networks in VMWare. To be honest, some will probably find that easy, but I like to have it all contained, like Unetlab does.
Running two XRv routers did cause the default memory to top out, so I shut down the VM, and increased the memory to 20GB. Now I can run loads of routers, and the memory usage (as reported on the "Home" page remains within reasonable levels. Please note though that I am showing screenshots from a VirtualBox install, with a lower amount of memory.
So what's next?
The vendor support in Unetlab is very wide-ranging. I havn't tried all of them, but will add some dynamips images, CSR1000v and the vIOS images this week.
At the moment the supported images are:
- Aruba ClearPass
- Alcatel 7750 SR
- Arista vEOS
- CheckPoint Security Gateway VE
- Cisco ASA (porting)
- Cisco ASAv
- Cisco CSR 1000V
- Cisco IPS (porting)
- Cisco IOS 1710 (dynamips, ethernet only)
- Cisco IOS 3725 (dynamips, ethernet only)
- Cisco IOS 7206VXR (dynamips, ethernet only)
- Cisco IOL (for Cisco internal use only)
- Cisco Titanium (for VIRL customers only)
- Cisco vIOS (for VIRL customers only)
- Cisco vIOS L2 (for VIRL customers only)
- Cisco XRv
- F5 BIG-IP LTM VE
- Fortinet FortiGate (new)
- HP VSR1000
- Juniper Olive (porting)
- Juniper vSRX
- Palo Alto VM-100 Firewall
- VyOS
The scope of Unetlab is immense. Clearly this will work well for when I do the SP track, as the IOL and XRv images are supported, and work nicely.
This also gives scope for the Security track as well. It will "natively" run the ASAs and the IPS, and you can connect clouds to run things like an Active Directory server, WSA (Web Security Appliance), ACS (Access Control Server), WLC (Wireless Lan Controller), ISE, and all the rest (there is a LOT of components in the Security track). I would probably need to invest in a second ESXi server in order to run all of the above, but then for the sum of £200, it's a worthwhile investment.
Unetlab is superb, already, and it is still very early days. While the interface can be a little slow to update (such as moving objects around, but then this is less of a concern than the amazing functionality that it offers), Andrea has excelled himself again, he deserves a big thanks for all his hard work and dedication to the community. It's just a shame that he hasn't done a kickstarter, like GNS3 did as I am sure that people would support him. I'd certainly give him some money!
41 comments
commentsI like it but it's not ready for labbing yet. I'm using right now CSR1000v with ESXi 64G of RAM, it's working perfectly for INE CCIEv5.
Replyhow r u bro
Replysome questions about the UNL
1- the UNL is not have an IPS or ASA or any router after the installation, so what's the way to add any equipments on UNL?
2- how i can add the IOS for any thing on UNL? and can i change the IOS any time?
I have posted a how-to to get ASAs working, not tried IPS yet. So check out how to do ASAs.
ReplyIt's not an all-in-one. Andrea (very sensibly) won't want to get Cisco angry by adding their software. The assumption is that you have already got a copy you can use. Similarly I won't post links to any for the same reason. Google is the way to go here!
Define IOS... There are many flavours of IOS, such as the Dynamips images used in GNS3, the linux images used in IOL/IOU and so on. Its just a matter of copying them to the right place and running a couple of commands. Andrea's guides are very good, so it's just a matter of following them.
Dear Stuart Fordham;
ReplyWhat are the ideal PC and VM Configs for running this UNL seamlessly?
Regards.
Hi Stuart,
ReplyStil struggling to get XRv working.
I am getting the following error while telnetting the XRv, please advise:
KVM: injection failed, MSI lost (Operation not permitted)
That looks like a Qemu bug: https://bugs.launchpad.net/qemu/+bug/1186984
ReplyTry doing an apt-get update and seeing if the latest version works.
How much memory have you given to the XRv?
ReplyHello
ReplyI have this error Failed to start node (12).
any ideas?
thanks
Have you got an image loaded for the node? Have you got enough memory/CPU? Have you checked the logs?
ReplyHello,
ReplyIm using Junos Olive and Cisco routers, but the issue I see is when I connect more then 2 devices to the same network I get that error.
where can i check the logs?
thanks.
This are the logs
ReplyERROR: Cannot add interface to bridge (80030).
can't add vunl0_2_0 to bridge vnet0_1: Operation not supported
ERROR: Cannot add interface to bridge (80030).
ERROR: Failed to start node (12).
root@unl01:/opt/unetlab/data/Logs#
can any one help me with calculating idle PC for me of dynamips image for 7200 router, referred unetlab website steps but unable to calculate best idle pc for my system.
ReplyI donot get why my directly connected link do not ping
ReplyGoing to need more information than that to help - what devices/versions are you running?
ReplyTrial and error - try one, then on the UNetLab VM console, use the "top" command to see how the CPU usage is doing. Then try a different idle value and the top command again...
ReplyIt's trying to start and stops after 3 sec when I click start all nodes and can't connect with telnet, connection refused error. There is no any error in log
ReplyWhat are you trying to run, Dynamips, IOU?
ReplyIOL. Am trying to run c7200 router and c3745 switch
ReplyThose arnt IOL, those are dynamips. Are the files in the dynamips folder, or IOL folder?
ReplyBut they are bin. I have put it to iol folder
ReplyNo they dont. Have you tried reading the documentation: http://www.unetlab.com/2014/11/adding-dynamips-images/
ReplyThanks a lot Stuart, i used wrong images, finally i have started a router
ReplyHi Stuart - I am struggling to get Palo Alto VM-100 image working. After uploading the image to unetlab i am unable to access firewall through the management interface. I raised this question in unetlab forum but didn't get any response. Any guidance is appreciated. I am using VMWare Fusion and using the latest unetlab version.
ReplyHi Stuart - I am struggling to install the Palo Alto VM-100 image on unetlab. After installation i am unable to access the PA VM-100 through the management interface. I am using VMWARE Fusion and latest unetlab. Any help is highly appreciated.
ReplyWhat steps are you doing to get it into UNL? I have not tried it myself, but show me what you are doing, and I'll try it out.
ReplyHi Stuart -
ReplyThanks for the reply. Here is configurations i have.
1. Unetlab is running as a Guest OS in VMWare Fusion
2. As per the instructions given in Unetlab website i converted the Palo Alto VM-100 image from .ova to .qcow2 format
3. After conversion i uploaded them to /opt/unetlab/addons/qemu/paloalto- 6.1.0 and fixed the permissions.
4. I created a new Palo Alto firewall node and selected the qcow2 image. I am able to start the firewall and access the firewall through telnet - http://IP Address of Unetlab:32775
5. I changed the management IP address of the Palo alto firewall to the same range as my host and guest operating system but the management interface is unreachable.
Please let me know and thanks for the help.
Rgds,
Venkat
Ok, so the nodes you run in UNL, wont be accessible unless you have a pnet/cloud interface. It's not the same as running a VM. try running a Windows host in UNL, and connecting the two together with a switch - think of it as an isolated environment...
ReplyHi Stuart - Sorry for my ignorance. Can you tell me how i can setup a pnet/cloud interface? Is there any reference available to load a windows host in UNL?
ReplyHi Stuart - I just found an article that explains how to setup a cloud interface. Let me try this and i will update you.
ReplyHi Stuart - I followed the instructions to create cloud interface and it is working like a charm. Thanks for the enlighting me.
ReplyHi. When I try start my topology, apparently my IOU router started, but few seconds later, it turns off. I can find any log, with the exception of "sudo: unable to resolve host (none)" in /opt/unetlab/data/Logs# more unl_wrapper.txt. Maybe, do you know why it's happening this?
ReplyYou have created an iourc file?
ReplyHello Stuart, when u said about create an iourc file, you mean that create a .txt file and write down in there the license that we created by phyton3 ???
ReplyIt's not got a .txt extension - its just called iourc it should just have two lines in it, one of which is the code. Just google "generate iourc license" and look at the github link
ReplyIt's supposed I generate the license, firstly I uploaded both IOS and CiscoIOUKeyGen.py to /opt/unetlab/addons/iol/bin and the iourc with the license but when I want to play from gui.. suddenly stop and I dont know why... I check the unl_wrapper.txt but I cant see what is the exact issue.. I was figuring out about that but I just saw that this problem is related with the license...
ReplyHow can I know this???
Pls help
whats in the iourc file?
ReplyI get the "Failed to start node (12)" after i attach the routers to the network. Anyone had similar issues ? I am using VMWS 10 and Dynamips 3725 images. These start fine when they are not attached to the network.
ReplyI have same problem ("Failed to start node (12)") in VMWare Workstation. I can't start any node.
Replyhave you got the iourc file?
ReplyHi Venkat,
ReplyCould you please share the article that you referred?
I was able to create a mgmt cloud, but not sure what IP is allocated to my router instance. Should there be console access to these router instances?
Hello, can anyone help me configure a Mgmt port (of a 7750 vSR) and attribute an ip address to it so that i can link it to another host interface.
ReplyThanks in advance