Creating a virtual cisco router (VMWare ESX + GNS3 + Linux)
Trying to do more with less is definitely one aim that virtualising helps you achieve. There are quite a bit of guides on how to use GNS3 to build a virtual cisco lab. There are also very good guides that explain how to bridge your physical LAN to the virtual cisco lab. A really good guide to do this is here:
I wanted to take this one step further. Often time during testing you’d need something like:
I’ve already touched on this in one of my previous blog posts, but when using that solution I sometimes run into ARP and routing problems that while surmountable, weren’t the most intuitive problems to solve. TAP interfaces and vmware ESX server gave a much more stable and easy solution.
In this article, we basically run the virtual cisco router in a GNS environment hosted on a linux machine. I went with a standard linux distribution (ubuntu) for one major reason, which is that linux supports more than one interface bridge, whereas in windows XP for example, you can only define a single interface bridge. Since the virtual cisco router has 2 interfaces in the above diagram, we need 2 interface bridges.
(side note, the above is only one permutation of possible networks, you can define different network topologies limited only on how many physical interfaces the ESX server has)
So the first step is defining all the nodes we’ll need in the above. As a virtual client (the virtual PC in my diagram above) I chose to use windows XP, and so provisioned a VM with that OS. Next, I provisioned a VM using ubuntu and 2 NIC cards.
Depending on how many interface your virtual cisco will use, you will need to define as many NIC cards on the host. For example, if you want to add a virtual DMZ to the cisco, you will need 2 NICs defined.
Next, we go on to define the virtual network in ESX. In vSphere, click on the ESX server > configuration tab > networking.
You should already have at least one virtual switch (vSwitch0 in the screenshot above), which is already bound to a physical adapter (vmnic0 in the screenshot above). You will need to define another virtual switch, from the “add networking” option, and take care not to bind this to any physical adapter.
On the linux machine we just provisioned, edit the virtual machine settings to bind one NIC to the first virtual switch, and the second NIC to the other switch:
In the above screenshot, Network adapter one is going into the switch which has a physical interface bound to it, so this will represent the link between the cisco and the physical network. The 2nd network adapter represents the link between the virtual cisco and the virtual client (windows XP).
Make sure to edit the VM settings of the virtual client to connect to the correct switch. you should end up with something like:
Notice how “Minty”, my linux machine, is connected to both the switches, while the XP VM is connected only to one switch.
IMPORTANT: edit the properties of both the switches and ensure that “promiscuous mode” is set to “accept”, else nothing will work
Finally, the GNS3 configuration. Boot up the linux VM, and get GNS3 running as per normal. Use apt-get to install both the “uml-utils” and the “bridge-utils” packages. Run the following commands as root:
# create two tap interfaces, one for each cisco interface
tunctl -t tap0
tunctl -t tap1
# restart all interfaces in promiscuous mode, with no IP address
ifconfig eth0 down
ifconfig eth1 down
ifconfig tap0 0.0.0.0 promisc up
ifconfig eth0 0.0.0.0 promisc up
ifconfig tap1 0.0.0.0 promisc up
ifconfig eth1 0.0.0.0 promisc up
#create two bridges and add one physical interface, and one TAP interface to each
brctl addbr br0
brctl addif br0 tap0
brctl addif br0 eth0
brctl addbr br1
brctl addif br1 tap1
brctl addif br1 eth1
#ensure correct routing to physical network
route del default gw 192.168.54.254
route add default gw 192.168.54.254 br0
Apologies for the ip addressing, the below screenshot should clarify what is what. Configure GNS3 appropriately. Refer to the link http://www.blindhog.net/linux-bridging-for-gns3-lan-communications/ for more details. I followed a very similar procedure but I just added another TAP interface. One note, I ran GNS3 as root to be able to bind to my TAP interfaces
I have something similar to (WAN is my physical network):
setup the cisco router as you would normally, and the XP / virtual client as you would normally, and you should be good to go 🙂