Archivi tag: gns3

GNS3 – OFM App and ODL

So far… so good! I’m approaching the end of the course. Still 22% to go but, it’s fine! The problem I’m facing now is getting Cisco OFM app running.
My testbed is:
– virtualbox VM running mininet, bridged to laptop’s ethernet adapter;
– virtualbox VM running Ubuntu 20.04 with lots of ODL versions installed and bridged to laptop’s ethernet adapter.

David Bombal instructions and my revision:
1- install a fresh linux system and perform updates and upgrades;
2- install ODL prerequisites as described in my previous article;
2.1 – you should have ODL 0.8.4 up and running;
2.2 – you should be able to connect to ODL web interface
http://<ip>:8181/index.html
2.3 check you have following features: odl-restconf-all odl-openflowplugin-all
odl-l2switch-all odl-mdsal-all odl-yangtools-common
2.4 install odl-dlux-core and all odl-dluxapps
3 – get a coffee!
4 – git clone http://github.com/CiscoDevNet/OpenDaylight-OpenFlow-App.git
4.1 – sed -i ‘s/localhost/<ip_host>/g’ ./OpenDaylight-Openflow-App/ofm/src/common/config/env.module.js
4.2 apt install npm
4.3 npm install grunt@1.2.0 –save-dev
4.4 apt install node-grunt-cli
5 enter directory OpenDaylight-OpenFlow-App:
cd OpenDaylight-OpenFlow-App
grunt
At this point:
Running "connect:def" (connect) task
Waiting forever...
Started connect web server on http://localhost:9000

Now.. let’s create a topology on mininet:
sudo mn –controller=remote,ip=192.168.188.223 –topo=linear,2

OpenDayLight is up and Running!
OFM is up and running and connected to OpenDayLight controller.
OFM flow management

Please notice that OFM plays the role of an APPLICATION, which connects to an ODL controller and manages the flows on the switches. If you have some time, you’ll be able to get have it working even on GNS3 “real” topology!

GNS3 – RYU and FlowManager

I need a way to show students (easily, not too much code) what an SDN and why is it so cool. So, while attending to David Bombal course, I’m trying to find a good teaching solution.
In my previous posts, I described my efforts to installa ODL and HPE VAN SDN, but I stille missed an easy interface to interact with flows. The solution to this problem, came with RYU, and old (but, let my say… gold) SDN project written in python and from “Flowmanager” a ptyhon RYU app.

Installing RYU is quite easy, provided you follow the instruction given on its github repo.
More information are available on this site.
The only issue I found is with the “eventlet” python module, which was upgraded to correct a potential DOS problem. This has removed a wsgi.ALREADY_HANDLED function, and results in ryu-manager not running. The solution is to install the old version:
pip install eventlet==0.30.0
Invoking ryu-manager with
sudo ryu-manager --wsapi-port 8081 --verbose
results in the program starting up and being ready to accept connections from the switches.
Installing “FlowManager” is even easier, as you just have to clone a github repo. In order to bind FlowManager with RYU is
sudo ryu-manager –observe-links ~/flowmanager/flowmanager.py
Once the software starts, we can access the app via the browser, by pointing to http://<ip>:8080/home/index.html

Test topology on GNS3

To do some testing, I connected the well known GNS3 topology, and the result is amazing!

Basic RYU installation and OpenvSwitch integration

Please notice that running ryu-manager without any application, will result in the OpenvSwitch behave as a dumb piece o virtual metal: no frames will be forwarded, as no flows are entered in the switch flow table. Let me say that there is a HUGE difference between the HPE VAN SDN (which will flood the switch flows) and the RYU, which will remain “silent”. Invoking:
sudo ryu-manager ryu.app.simple_switch_13 ~/flowmanager/flowmanager.py --observe-links
will result in the ry-manager starting up and loading TWO apps: the simple switch (with OpenFlow 13 support) and the FlowManager. Once the switch connects to the controller, flows are sent to the table and routers are able to ping. Let’s check this.

Flows on the OpenvSwitch with the RYU simple_switch_13 app running
Flows as seen from the FlowManager web Interface.
Topology showing all routers, after he switch has sensed all the nodes.


GNS3 – OpenDayLight and HPE VAN SDN

After some further efforts from my previous post, I finally manged to get some data from ODL controller. I feel little frustrated in having so many issues but I keep on trying!

Reference Topology as per GNS3 course exercise.

Using Yang-UI I managed to get some information from the OpenvSwitch in the topology. Please notice how many information is it possible to acquire and a small section dealing with “tables” and “flows”.

Querying the node
Flow Information

Now, let’s go further! In the David Bombal videos, an HPE VNA SDN application is shown. By doing some Google search, it is still possibile to download the appliance for free testing. Please notice it’s a pretty old piece of software, so do expect some troubles in the way it works. Finding the product n HPE site can be boring, frustrating and time wasting, so please use this link!

Download site for HPE VAN SDN Controller.

The virtualbox appliance works like a charm. It will be ready to work in a few minutes, but you’ll have to use Firefox to access the 8443 port of the controller, due to Chrome security paranoid behaviour. After loggin in the controller, you’ll be able to register your devices on the controller and see the topology.

The OpenvSwitch in GNS3 – Data Path
GNS3 OpenvSwitch port description.

Unfortunately there is no way to have a copy of “Northbound Networks” “Flow Maker Deluxe” app, which is extensively used by David Bombal in his videos. In a forum I found an interesting post, stating that the FlowManager App has similar functions when used on RYU environment. I’ll test it. My goal is still to have a controller+app working, to show students what the potential of SDN is.

GNS3 – OpenDayLight (edited)

During my effort to finish the lectures of the GNS3 academy, I came to a point in which a demonstration is given of an SDN network. The GNS3 topology is fair simple, as it involves only two routers, an OpenVSwitch and a cloud connection.

Basic Topology for SDN tests

Inspite of its simplicity, there are some issues with this exercise, nevertheless it was useful to try and test OpenDayLight installation. The lecture is based on a github repository: CiscoDevNet OpenDayLight-OpenFlow-App. In this repo, there are some instruction to setup a OpenDayLight (ODL) controller, which will be interfaced with Mininet and the Cisco APP. More info about the latter can be found here. The point is that the application is really old and no longer maintained as there is an update version called “Cisco Open SDN Controller“. Unfortunately, even this product is EOL, even if it is possibile to download the software, provided you have a “service contract” with Cisco. Files are called “osc-vbox-1-2-1.zip” and “osc-vmware-1-2-1.zip. The coolest point IMHO is this sentence: “There is no replacement available for the Cisco Open SDN Controller 1.x at this time.”

There is some “light” at the end of the tunnel, and the source is “SDN-Openflow-Controller-VMs”, a sourceforge project you can reach via this link. The issue with this work is the complete LACK of documentation. Username and password are not provided to login to the VM, so I had to perform a password recovery to change username to user and password to asdf. Up to now, this approach is completely unusefull.

Was it a total waste of time? No, I managed to install ODL on a Ubuntu VM (20.04 LTS) by using this cool tutorial.

Interfaccia ODL funzionante.

2021 05 12 Edit
I do not resign very easy, when I have to face some issues. So I want the controller to have an interface! I tried these steps:
– OpenDayLight 14.0 -> git clone of the dlux repo. Build the software ( freaky hard for me), and try to integrate with ODL. No success: I don’t know how to tell ODL a new feature is there. I sent an email to a contributor.
OpenDayLight 0.8.4 -> downloaded ODL package from this site (the main site is not always clear). The dlux feature is still there, so just enable it and have fun. How to enable it:
sudo -E karaf
(wait)
opendaylight-user@root>feature:install features-dlux features-deluxapps
The issue I faced is about the port 6633 not being opened by the ODL controller, until
opendaylight-user@root>feature:install odl-l2switch-all

After all the efforts, and having spent two days coding and eating my nails, I can proudly show some screenshots.

OpenVSwitch in GNS3 topo is able to ping the controller, running on VirtualBox
The switch shows up in the ODL dlux interface.

Some useful links:
https://john.soban.ski/how-to-install-opendaylight-as-a-service-on-ubuntu.html
https://john.soban.ski/install-opendaylight-ubuntu-lts-fast.html

Cool resource aggregator:
https://github.com/sdnds-tw/awesome-sdn

GNS3 – Surprise!

Lascia una risposta

I keep on following David Bombal lectures, to finish GNS3 course. Still a lot to do, even if the counter says I’ve completed 64% of the course. So far so good!
Now I came to a point where a practical example of a SDN is given. The lecture block is called “GNS3, Docker, Open v Switch, SDN, OpenDayLight and OpenFlow”. Davidi is demonstrating how it is possible to program a flow on a Open v Switch, by using two VM: one of them hosts OpenDayLight, while the other a Cisco SDN app, based on Mininet.

Well, it’s quite difficult for me to understand what’s going on in this lecture. So I decided to search for a better explanation and I hit to the “Free SDN and OpenFlow Introduction” course. It’s hosts on GNS3 academy resources and covers some interesting topics, like SDN, Mininet, OpenFlow and TE (Traffic Engineering) using a script.

Let’s pause the main course for a while and let’s jump to this new and (short) course.

GNS3 – Network Automation

Lascia una risposta

So you want to add a new Network Automation Docker to your GNS3 topology. Well you need a little bit of action, before you can let it run. The first action is to let it access internet, so configure it to obtain an IP address from DHCP.

As soon the docker starts, it will show an error, stating that:
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-cztq6_ve/cryptography/
I managed to solve the problem in this way:
update-alternatives --install /usr/bin/python python /usr/bin/python3.8 1
update-alternatives --install /usr/bin/python python /usr/bin/python2.7 0
Which results in:
root@NetworkAutomation-1:~# update-alternatives –config python
There are 2 choices for the alternative python (providing /usr/bin/python).
Selection Path Priority Status
0 /usr/bin/python3.8 1 auto mode
1 /usr/bin/python2.7 0 manual mode
2 /usr/bin/python3.8 1 manual mode
Press to keep the current choice[*], or type selection number: 2
So now, when you invoke the python command, version 3.8 is called.
root@NetworkAutomation-1:~# python
Python 3.8.8 (default, Feb 20 2021, 21:09:14)
[GCC 7.5.0] on linux
Type "help", "copyright", "credits" or "license" for more information
Now it’s time to upgrade pip:
python -m pip install -U pip
(...)
Successfully installed pip-21.0.1
If you try NOW to install cryptography, it’ll succeed:
pip install cryptography
(...)
Installing collected packages: pycparser, cffi, cryptography
Successfully installed cffi-1.14.5 cryptography-3.4.6 pycparser-2.20ALl the

Configuration will be permanent on the docker, so next reboot, you will not loose all the efforts done until now. This is a time consuming procedure, so try to reuse the same container as longer as possibile, GNS3 will scale very well, so you can keep on adding external hardware to the topology. The only pity is that you have to use nano.

GNS3 – Netmiko Scripts Encryption

Lascia una risposta

Python is one of the cornerstones of the GNS3 academy certification process. Netmiko is a very useful library to enable a quick and clean interface to Paramiko ssh libraries. Netmiko enables users to remotely access a network device to send commands and retrive information.
As a part of the Netmiko learning process, some examples are made which make use of the simplecrypt library.
Test environment follows.

Reference topology for current article.

To install the library on docker:
apt-get update
apt-get install python3.8-dev
pip3 uninstall PyCrypto
pip3 install -U pycryptodome

Code is executed on the NetworkAutomation docker container, which is a Linux environment, able to connect to internet via the NAT cloud interface. Executing the code “as is”, results in an error “AttributeError: module ‘time’ has no attribute ‘clock’ “. Issue is caused by the removal of time.clock() function, due to its platform-dependent behaviour (as stated here ). PyCrypto has been replaced by PyCryptodome but code portability may be affected. As stated on PyCryptoDome site some relevant funcionts were removed, due to their intrinsic security issues. Among them: encrypt and decrypt.
As a consequence, code has to be slightly revised to work properly. A very good source of information is the Nitratine blog, which deals with encryption on this page. Thanks to the Nitratine’s contents, I managed to rewrite the examples.
encrypt_test.py encrypts a credentials file, saving locally a copy of the key.
decrypt_test.py decrypts credentials file, thus allowing for their use in the Netmiko code.
Encrypt_code
Decrypt_code

Please notice, code is working with python3.8, default version for NetworkAutomation appliance in GNS3.

GNS3 – Start

Lascia una risposta

GNS3 is a powerful network simulator, which I first met some years ago. I wanted to simulate a topology with some routers and server but I never managed to. 2021, thanks to pandemic, age and need to stay up-to-date, I’ve started a course to get GNS3 certification. It’s the only method I have to get motivated in learning how doeas GNS3 work and how to get the most from it.
I decided to enrol to the GNS3 academy (very cheap) and to follow all the lecture by Mr. David Bomball, which is a star on youtube. So far, lectures are really good, teaching materials are well done and every topic is well explained.

I noticed that some contents need to be slightly revised as are a little “old”. The main course was developed on 2017 and 4 years are really too much time for a technology course. So I decided to add some posts (not necessary in a chronological order) to share my solution for the issues I encountered while studying. Please remember that I’m NOT a programmer, so the code can be ugly or not efficient. Feel free to write your own after I give you some inspiration.

All the posts dealing with GNS3 will have the tag GNS3-ACAD, so you can search for them in my blog. Feel free to send me an email if you want to share some ideas or simply comment the post.

GNS3 wow!!!

Primi passi con GNS3. Oggi volevo provare multilink ppp in ambiente CISCO ma Packet Tracer non supporta questa feature. Pertanto mi sono deciso a caricare qualche immagine su GNS3 ed a fare l’esercizio su questa piattaforma.

GNS3 – multilink PPP

Fantastico!!! Le prestazioni sono dignitose (non siamo ai livelli di eNSP ma, perfettamente usabile). Avere a disposizione una immagine reale di un router è un passo avanti notevole per lo studio: il simulatore è spesso “castrato” ed i comandi non sono sempre tutti a disposizione.
Pertanto ben venuto GNS3!
PS: mi sono fatto prendere la mano, ho configurato anche EIGRP ed un tunnel GRE!

GNS3 – che sofferenza!

Da un paio di giorni sto impazzendo per cercare di fare funzionare GNS3 sul mio calcolatore. GNS3 è una piattaforma estremamente potente di simulazione di reti di tipo multivendor.
Si basa su un eseguibile che viene eseguito sul sistema operativo del calcolatore e su una macchina virtuale sulla quale sono eseguite le immagini dei nodi di rete (usando diversi stili di virtualizzazione: dynamips, quemu, virtualbox etc..).

La prima installazione che ho provato ad eseguire è basata su VmWare player, software scaricabile liberamente dal sito di vmware. Dopo una infinità (numerabile) di tentativi ho desistito. Il problema sembra essere dato dalle API VIX, che sono necessarie a GNS3 per interagire con VmWare. Ho trovato diversi articoli in rete e su reddit che sembrano affrontare il problema ma non sono riuscito a risolvere il problema. Ottengo sempre questo errore:

Per questo ho desistito ed ho installato VmWare Workstation (anche di questo software è possibile scaricare un trial libero). Il vantaggio di questo approccio è che non richiede le VIX API, anzi debbono essere accuratamente disinstallate. Provato con Workstation, sono riuscito a fare funzionare tutto al primo colpo: ho caricato le immagini (persino quella Mikrotik, usando questo tutorial).
Attualmente nella TODO – LIST:
– fare una simulazione single-vendor e multi-vendor;
– cercare di importare VRP (sistema operativo dei dispositivi Huawei);
Stay tuned for more happy days!