this tutorial is about `how to create and use Cisco virtual image (onePK) with GNS3`.
FIRST READ TUTORIAL, AFTER DO (you can create it in AiO image too, than you can port to "native" os).
GNS3 with QEMU works in Windows too, but .simpleCA certificates you SHOULD generate on unix machine (easiest way).
I never use onePK in Windows.
What is a gns3?
GNS 3 is Graphical Network Simulator.
That tools is usually use to learn something new from network world.
Why I should use GNS3 instead vmware?
From my view, I really hate double virtualization with AllInOne. My computer is very slow for larger topologies such 3node.
GNS3 uses for 3rd part virtualization QEMU/KVM. With QEMU/KVM is possible virtualize Cisco onePK image.
With GNS3 is easier create topology than edit some XMLs... Vmware in AiO uses qemu.
What I need?
My tutorial is based on ubuntu 12.04 LTS, desktop version. And some packages (read more).
Copy directory /home/cisco/.simpleCA and read more for next steps
1) Install GNS3, qemu, kvm, tftp server
#gns3 sudo apt-get install gns3 -y #qemu and kvm sudo apt-get install qemu-kvm qemu-utils -y #tftp sudo apt-get install tftp-hpa
NOTE: KVM is special support for QEMU, but you can use qemu without KVM. If you want use KVM in qemu, your CPU MUST supports that instruction (vmx or svm).
egrep -c '(vmx|svm)' /proc/cpuinfo
If return 1, than is OK -- your CPU has KVM support.
2) Extract image from vios.ov
If you read /home/cisco/vmcloud-example-networks/3node/3node.virl you probably saw this line
<node name="router1" type="SIMPLE" subtype="vios" location="188,263" vmImage="/usr/share/vmcloud/data/images/vios.ova">
vmImage is location where is image for virtual router.
Qemu don't know handle direct with 'ova' file. We must untar vios.ova to get direct access into virtual image.
ova images are only abstraction on another virtualization format. That abstraction is compressed with tar compression algorithm,
and includes control sum file: .mf, setting file: *.ovf, and virtual format -- in this case *.vmdk.
cd /usr/share/vmcloud/data/images && sudo tar -xf vios.ova
After this process, we copy *.vmdk into GNS3 image directory.
3) Copy image *.vmdk to gns3 images directory -- optional (dont' forget change permissions)
sudo cp vios-adventerprisek9-m.vmdk /home/cisco/GNS3/Images/
change permissions cisco is a user and group name try command `id`
cd /home/cisco/GNS3/Images sudo chgrp cisco vios-adventerprisek9-m.vmdk sudo chown cisco vios-adventerprisek9-m.vmdk
4) Configuration of GNS3
Turn on GNS3
on righ tab (General Settings)
set path and configuration
create virtual image in GNS3
click on Qemu Guest
NOTE: if your CPU supports KVM use it and try other options (Monitor mode...), YOU MUST use NIC model'e1000' and nographic option in this case. How many RAM I need? 384 MB (3node.virl). MAXIMUM NUMBER OF NIC (in my case is 8)
#And this is my little topology
Ok, we have topology, but How Can I connect to controller/application - outside of the our little world?
One simple solution is create tap interface (linux). On windows create ms loopback# Adding your own PC to GNS3 with MS Loopback - YouTube , but in newest GNS3 you can do it in GNS3 (menu, tool->loopback manager) reboot and if you want use loopback in cloud "device" you must run gns3 as administrator.
We need tap interface, create tap interface and assign it to user cisco (in my case is user cisco, use command `id`)
sudo tunctl -u cisco -t tap0
asssign IP address to tap
sudo ifconfig tap0 inet 192.168.20.1/24 promisc up
#connect from GNS3 to tap interface
If you want access to Internet (outside network) create new cloud -> NIO GENERIC use ethX.
Another method exists for access to the Internet and local interface, use brctl to create bridge between tap and ethX interface.
If you use only ethX in cloud, that is not possible connect to local interface, but you can access to the Internet(outside network)
Ok, we have access to local machine.
Generate new certification for access to our router via TLS (onePK)
./.simpleCA/createNEp12.sh -cn Router -ip 192.168.20.2 -out Router.p12 -pass cisco1
192.168.20.2 is IP address of router
Probably you must change TFTP_ADDRESS, change it to 0.0.0.0
sudo service tftpd-hpa restart
copy certificate into TFTP_DIRECTORY, in my case /tftpboot
sudo cp Router.p12 /tftpboot/
en conf t crypto pki import demoTP pkcs12 tftp://192.168.20.1/Router.p12 password cisco1
#192.168.20.1 is IP of TUN interface, password cisco1 is same as in process of generation new certification.
Enable onepk on router side (onepk 1.2.0)
en conf t onep transport type tls localcert demoTP disable-remotecert-validation
create user on router
username jozko password jozkovce username jozko privilege 15
connect to router from application
INFO:onep:VTYTutorial:Connecting to Network Element...
INFO:onep:BaseTutorial:We have a NetworkElement :
NetworkElement [ 192.168.20.2 ]
INFO:onep:BaseTutorial:Successful connection to NetworkElement -