Dec
04

Click here to download the INE VIRL topology and initial configs

After long anticipation, Cisco’s Virtual Internet Routing Lab (VIRL) is now publicly available. VIRL is a network design and simulation environment that includes a GNS3-like frontend GUI to visually build network topologies, and an OpenStack based backend which includes IOSv, IOS XRv, NX-OSv, & CSR1000v software images that run on the built-in hypervisor. In this post I’m going to outline how you can use VIRL to prepare for the CCIE Routing & Switching Version 5.0 Lab Exam in conjunction with INE’s CCIE RSv5 Advanced Technologies Labs.

The first step of course is to get a copy of VIRL. VIRL is currently available for purchase from virl.cisco.com in two forms, a “Personal Edition” for a $200 annual license, and an “Academic Version” for an $80 annual license. Functionally these two versions are the same. Next is to install VIRL on a hypervisor of your choosing, such as VMWare ESXi, Fusion, or Player. Make sure to follow the installation guides in the VIRL documentation, because the install is not a very straightforward process. When installing it on VMWare Player I ran into a problem with the NTPd not syncing, which resulted in the license key not being able to register. In my case I had to edit the /etc/ntp.conf file manually to specify a new NTP server, which isn’t listed as a step in the current install guide. If you run into problems during install check the VIRL support community, as it’s likely that someone has already run into your particular install issue, and a workaround may be listed there.

Once VIRL and VM Maestro (the GUI frontend) is up and running, the next step is to build your topology. For the INE CCIE RSv5 Advanced Technology Labs, this topology will be 10 IOS or IOS XE instances that are connected to a single vSwitch. All you need to do to build this is to add the 10 IOS instances, and then connect them all to a single "Multipoint Connection". Logical network segments will then later be built based on the initial configurations that you load on the routers for a specific lab. The end result of the topology should look something like this:

You may also want to add some basic customization to the topology file and the VM Maestro interface. I set the hostnames of the devices to R1 – R10 by clicking on the router icon, then setting the "Name" under the Properties tab.

Next under the File > Preferences > Terminal > Cisco Terminal you can set the options to use your own terminal software instead of the built in one. In my case I set the "Title format" variable to "%s", which makes it show just the hostname in the SecureCRT tab, and set the "Telnet command" to "C:\Program Files\VanDyke Software\SecureCRT\SecureCRT.exe /T /N %t /TELNET %h %p", which makes it spawn a SecureCRT tabbed window when I want to open the CLI to the routers. Your options of course may vary depending on your terminal software and its install location.

Next, click the "Launch Simulation" button on the topology to start the routers. Assuming everything is correct with your install, and you have enough CPU & memory resources, the instances should boot and show the "ACTIVE" state, similar to what you see below:

If you right click on the device name you’ll see the option to telnet to the console port. Note that the port number changes every time you restart the simulation, so I found it easier just to launch the telnet sessions from here instead of creating manual sessions under the SecureCRT database.

You should now be able to connect to the consoles of the routers and see them boot, such as you see below:

R1 con0 is now available

Press RETURN to get started.

**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS *
* education. IOSv is provided as-is and is not supported by Cisco's *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any *
* purposes is expressly prohibited except as otherwise authorized by *
* Cisco in writing. *
**************************************************************************
R1>
R1>enable
R1#show version
Cisco IOS Software, IOSv Software (VIOS-ADVENTERPRISEK9-M), Experimental Version 15.4(20141119:013030) [jsfeng-V154_3_M 107]
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Tue 18-Nov-14 20:30 by jsfeng

ROM: Bootstrap program is IOSv

R1 uptime is 46 minutes
System returned to ROM by reload
System image file is "flash0:/vios-adventerprisek9-m"
Last reload reason: Unknown reason

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco IOSv (revision 1.0) with with 484729K/37888K bytes of memory.
Processor board ID 9B2DD0A36JBLXZY7SLJTF
2 Gigabit Ethernet interfaces
DRAM configuration is 72 bits wide with parity disabled.
256K bytes of non-volatile configuration memory.
2097152K bytes of ATA System CompactFlash 0 (Read/Write)
0K bytes of ATA CompactFlash 1 (Read/Write)
0K bytes of ATA CompactFlash 2 (Read/Write)
1008K bytes of ATA CompactFlash 3 (Read/Write)

Configuration register is 0x0

R1#

With this basic topology you should have the 10 IOSv instances connected on their Gig0/1 interface to the same segment. The Gig0/0 interface is used for scripting inside the VIRL application, and can be shutdown for our purposes. The end result after the images boot should be something similar to this:

R1#show cdp neighbor
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID Local Intrfce Holdtme Capability Platform Port ID
R9.openstacklocal
Gig 0/1 177 R B IOSv Gig 0/1
R8.openstacklocal
Gig 0/1 167 R B IOSv Gig 0/1
R3.openstacklocal
Gig 0/1 155 R B IOSv Gig 0/1
R2.openstacklocal
Gig 0/1 177 R B IOSv Gig 0/1
R7.openstacklocal
Gig 0/1 156 R B IOSv Gig 0/1
R6.openstacklocal
Gig 0/1 146 R B IOSv Gig 0/1
R5.openstacklocal
Gig 0/1 129 R B IOSv Gig 0/1
R4.openstacklocal
Gig 0/1 153 R B IOSv Gig 0/1
R10.openstacklocal
Gig 0/1 146 R B IOSv Gig 0/1

Total cdp entries displayed : 9

Next you can load your initial configs for the lab you want to work on, and you’re up and running! I’ve taken the liberty of converting the CSR1000v formatted initial configs for our Advanced Technologies Labs to the IOSv format, as the two platforms use different interface numbering. Click here to download these initial configs as well as the .virl topology file that I created.

For further discussions on this see the IEOC thread Building INE's RSv5 topology on VIRL.

Apr
19

Below are the steps needed to get the CSR1000v working in VMware Fusion on a Mac. Before we look at the steps here is the hardware and software I used:

CSR1000v

CSR1000v

Basically you need a quad core machine with a hypervisor (VMware, Virtual Box, KVM, etc). I just used VMware Fusion as it's a commonly used hypervisor. Additionally I used two USB NICs to map to the GigabitEthernet1 and GigabitEthernet2 interfaces inside the CSR1000v. You could use any NICs or even subinterfaces if you are using Linux (Mac OS does support VLANs but I personally have not tried it with VMware Fusion). The GigabitEthernet0 is the management interface that is associated with the "Mgmt-intf" VRF so I didn't want to use it for the internal and internet facing interfaces.

Download the CSR1000v OVA (Open Virtualization Archive) file here if you haven't already done so. Note that you will need to use your Cisco CCO login to download.

Once the file has been downloaded, start the installation by finding the .ova file and double-clicking it. It will then open the VMWare Fusion window below:


VMware is now importing the machine:

Now that the machine has been imported you can start it.


Hit enter on the virtual console from the GRUB menu:

The CSR1000v will generate a lot of log messages as it goes through the first bootup process.

The CSR1000v will reboot after this next screen:

Now the CSR1000v is up and running.

We need to map the GigabitEthernet interfaces from the CSR1000v to the USB NICs.

We can verify the CSR1000v's interfaces with VMware. A good way is to check the MAC addresses as VMware will show you the MAC address of each NIC in the settings.

It's now ready to apply your configuration. Last night I used it as my home router (50Mbps down and 20Mbps up) and here was the performance numbers after I activated the 50Mbps throughput demo license/span>

CSR1000v(config)#platform hardware throughput level ?
10000 throughput in kbps
25000 throughput in kbps
50000 throughput in kbps

CSR1000v(config)#platform hardware throughput level

Here is the very basic configuration that I used in the CSR1000v to provide internet access:

CSR1000v#sho run
Building configuration...

Current configuration : 1816 bytes
!
! Last configuration change at 04:06:59 UTC Fri Apr 19 2013
!
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
no platform punt-keepalive disable-kernel-core
platform console virtual
platform hardware throughput level 50000
!
hostname CSR1000v
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 4 wnIsLyS.p9pNIRVWPyb98mg0322nrnyQVqPabl7clC1
!
no aaa new-model
!
!
!
!
!

no ip domain lookup
ip dhcp excluded-address 10.0.1.200 10.0.1.254
ip dhcp excluded-address 10.0.1.1 10.0.1.99
!
ip dhcp pool INSIDE
network 10.0.1.0 255.255.255.0
default-router 10.0.1.254
dns-server 8.8.8.8
!
!
!
!
!
!
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
license accept end user agreement
spanning-tree extend system-id
!
!
redundancy
mode none
!
!
!
!
!
!
ip tftp source-interface GigabitEthernet0
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface GigabitEthernet1
ip address 10.0.1.254 255.255.255.0
ip nat inside
negotiation auto
!
interface GigabitEthernet2
ip address dhcp
ip nat outside
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address dhcp
negotiation auto
!
ip nat inside source list ACL_NAT interface GigabitEthernet2 overload
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip access-list standard ACL_NAT
permit 10.0.1.0 0.0.0.255
ip access-list standard ACL_TELNET
permit 10.0.1.0 0.0.0.255
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
access-class ACL_TELNET in
privilege level 15
password 7 XXXXXXXX
login
!
!
end

CSR1000v#

Note that you may find it easier to configure the G0 interface within VMware as "host only" so that it'll provide an IP address to the CSR1000v's management interface via DHCP. This way all you need to do is enable telnet access under the VTYs and not have to work on the VMware virtual console as there are limitations with cut/paste along with scroll back.

Apr
16

Once you have ESXi 5.1 up and running download the CSR1000v OVA (Open Virtualization Archive) file here. Note that you will need to use your Cisco CCO login to download. Once the download is complete you need to open your vSphere Client and connect to your ESXi server. Once connected select the Deploy OVF Template option from the file menu.

CSR1000v Installation

Select the source of the OVA file you downloaded from your local machine.

The next screen should be simular to the one below after the source has been selected.

The next screen will display the name for the virtual machine. You can change this if you would like.

Now you need to select the datastore:

Next you will be offered the select the disk format. The default option of Thick Provision Lazy Zeroed is fine but for better performance you can select Thick Provision Eager Zeroed. To read more on the options go here.

The next screen will ask you for the mappings for the three Gigabit Ethernet interfaces that are defined in the OVF file. Just select the default here for now and we'll come back to them after our machine is installed as we need to make a couple other changes anyways that can't be done here.

The next screen will be a summary screen so just click finish and then VMWare will start importing the OVA file.

It may take a few minutes to import depending on the connection speed between your vSphere client and the ESXi server.

Once your machine uploaded you can then edit the settings.

Two things we want to do here. First is that we want to alter the Network Adapter settings if needed and add a serial port so that we can use the virtual serial on the CSR1000v. This functionality (network based serial port) requires the Enterprise version of ESXi 5.1. I would recommend that you use the demo version which gives you 59 days unless you have to reinstall the demo ;-)

From here click "Add.." and then select Serial Port and click "Next"

Select "Connect via Network"

Now here is where you want to select "Server" and then enter the IP address of the ESXi server along with the TCP port you want to assign to this machine. Also check "Connect at power on".

After this click finish and we're ready to start up the CSR1000v. Once booted you should see the GRUB menu. Select CSR 1000V Serial Console and hit enter.

You will need to alter the default security settings for the ESXi server to allow TCP port 2005 or whatever port you selected to allow you to telnet to the CSR1000v's serial port. To alter the security settings go to the ESXi's configuration and then select "Security Profile"

From here click on the Firewall Properties link on the right. It will open a window like below:

Here you will need to allow TCP port 2005 or if you are in a lab environment just select "VM serial port connected over network" which will open up all TCP high ports. Now telnet to the IP address of the ESXi machine and port number you entered for the serial port and you should see the router booting.

ccie2210$ telnet 10.4.101.168 2005
Trying 10.4.101.168...
Connected to 10.4.101.168.
Escape character is '^]'.
%IOSXEBOOT-4-BOOT_CDROM: (rp/0): Expanding super package on /bootflash
%IOSXEBOOT-4-BOOT_CDROM: (rp/0): Creating /boot/grub/menu.lst
%IOSXEBOOT-4-BOOT_CDROM: (rp/0): CD-ROM Installation finished
%IOSXEBOOT-4-BOOT_CDROM: (rp/0): Ejecting CD-ROM tray
%IOSXEBOOT-4-BOOT_CDROM: (rp/0): Rebooting from HD

GNU GRUB version 0.97 (638K lower / 3143552K upper memory)

-------------------------------------------------------------------
0: CSR1000v - packages.conf
1: CSR1000v - GOLDEN IMAGE
-------------------------------------------------------------------

Use the ^ and v keys to select which entry is highlighted.
Press enter to boot the selected OS, or 'c' for a command-line.

Entry 0 will be booted automatically in 1 seconds.
Booting 'CSR1000v - packages.conf'

root (hd0,0)
Filesystem type is ext2fs, partition type 0x83
kernel /packages.conf rw quiet root=/dev/ram console= max_loop=64 HARDWARE=virt
ual SR_BOOT=bootflash:packages.conf
Calculating SHA-1 hash...done
SHA-1 hash:
calculated 6f85a7c5:ebd0151a:b5ada94a:f7a7be4b:d7de713f
expected 6f85a7c5:ebd0151a:b5ada94a:f7a7be4b:d7de713f
package header rev 1 structure detected
Calculating SHA-1 hash...done
SHA-1 hash:
calculated d4ab3a48:ae55f382:4237a12a:7be2c99b:d8f1f594
expected d4ab3a48:ae55f382:4237a12a:7be2c99b:d8f1f594
Package type:0x7531, flags:0x0
[Linux-bzImage, setup=0x2e00, size=0x32e4620]
[isord @ 0x7e0f6000, 0x1ef9800 bytes]

%IOSXEBOOT-4-WATCHDOG_DISABLED: (rp/0): Hardware watchdog timer disabled: watchdog device not found
%IOSXEBOOT-4-EUSB_PROVISIONING: (rp/0): Unsupported low capacity eUSB detected in VXE board

Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706

Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.3(2)S0a, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Sat 30-Mar-13 19:08 by mcpre

Cisco IOS-XE software, Copyright (c) 2005-2013 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0. For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.

% failed to initialize nvram

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco CSR1000V (VXE) processor with 1141424K/6147K bytes of memory.
Processor board ID 940WXLZ2LL4
2 Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
7774207K bytes of virtual hard disk at bootflash:.

SETUP: new interface GigabitEthernet2 placed in "shutdown" state
SETUP: new interface GigabitEthernet0 placed in "shutdown" state

Press RETURN to get started!

*Apr 16 03:17:58.679: %IOSXE_RP_NV-3-NV_ACCESS_FAIL: Initial read of NVRAM contents failed
*Apr 16 03:17:59.305: %VXE_THROUGHPUT-6-LEVEL: Throughput level has been set to 2500 kbps
*Apr 16 03:18:02.785: %IFMGR-7-NO_IFINDEX_FILE: Unable to open nvram:/ifIndex-table No such file or directory
*Apr 16 03:18:04.449: DSENSOR: protocol cdp is registered with sensor
*Apr 16 03:18:04.470: %SPANTREE-5-EXTENDED_SYSID: Extended SysId enabled for type vlan
*Apr 16 03:18:04.911: %LINK-3-UPDOWN: Interface Lsmpi0, changed state to up
*Apr 16 03:18:04.912: %LINK-3-UPDOWN: Interface EOBC0, changed state to up
*Apr 16 03:18:04.912: %LINEPROTO-5-UPDOWN: Line protocol on Interface VoIP-Null0, changed state to up
*Apr 16 03:18:04.912: %LINEPROTO-5-UPDOWN: Line protocol on Interface LI-Null0, changed state to up
*Apr 16 03:18:05.356: %IOSXE_MGMTVRF-6-CREATE_SUCCESS_INFO: Management vrf Mgmt-intf created with ID 1, ipv4 table-id 0x1, ipv6 table-id 0x1E000001
*Apr 16 03:18:05.406: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to down
*Apr 16 03:18:05.410: %LINK-3-UPDOWN: Interface LIIN0, changed state to up
*Apr 16 03:18:05.455: %DYNCMD-7-CMDSET_LOADED: The Dynamic Command set has been loaded from the Shell Manager
*Apr 16 03:18:05.871: %LINK-3-UPDOWN: Interface GigabitEthernet1, changed state to down
*Apr 16 03:18:05.880: %LINK-3-UPDOWN: Interface GigabitEthernet2, changed state to down
*Apr 16 03:17:58.400: %IOSXE-5-PLATFORM: R0/0: xinetd[19698]: xinetd Version 2.3.14 started with no options compiled in.
*Apr 16 03:17:58.400: %IOSXE-5-PLATFORM: R0/0: xinetd[19698]: Started working: 1 available service
*Apr 16 03:17:58.434: %IOSXE-5-PLATFORM: R0/0: xinetd[19709]: xinetd Version 2.3.14 started with no options compiled in.
*Apr 16 03:17:58.434: %IOSXE-5-PLATFORM: R0/0: xinetd[19709]: Started working: 3 available services
*Apr 16 03:17:59.634: %CMRP-5-PRERELEASE_HARDWARE: R0/0: cmand: F0 is pre-release hardware
*Apr 16 03:18:00.823: %CMLIB-6-THROUGHPUT_VALUE: R0/0: cmand: Throughput license found, throughput set to 2500 kbps
*Apr 16 03:18:03.063: %CPPHA-7-START: F0: cpp_ha: CPP 0 preparing image /tmp/sw/fp/0/0/fp/mount/usr/cpp/bin/qfp-ucode-csr
*Apr 16 03:18:03.179: %CPPHA-7-START: F0: cpp_ha: CPP 0 startup init image /tmp/sw/fp/0/0/fp/mount/usr/cpp/bin/qfp-ucode-csr
*Apr 16 03:18:06.407: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to down
*Apr 16 03:18:06.409: %LINEPROTO-5-UPDOWN: Line protocol on Interface LIIN0, changed state to up
*Apr 16 03:18:06.872: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1, changed state to down
*Apr 16 03:18:06.881: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2, changed state to down
*Apr 16 03:18:07.325: %DYNCMD-7-PKGINT_INSTALLED: The command package 'platform_trace' has been succesfully installed
*Apr 16 03:18:25.342: AUTOINSTALL: GigabitEthernet1 is assigned 10.4.101.228
*Apr 16 03:18:41.567: %LINK-5-CHANGED: Interface GigabitEthernet0, changed state to administratively down
*Apr 16 03:18:41.782: %LINK-5-CHANGED: Interface GigabitEthernet2, changed state to administratively down
*Apr 16 03:18:43.361: %IOSXE_OIR-6-INSCARD: Card (rp) inserted in slot R1
*Apr 16 03:18:43.361: %IOSXE_OIR-6-INSCARD: Card (fp) inserted in slot F0
*Apr 16 03:18:43.361: %IOSXE_OIR-6-ONLINECARD: Card (fp) online in slot F0
*Apr 16 03:18:43.423: %SYS-5-RESTART: System restarted --
Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.3(2)S0a, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Sat 30-Mar-13 19:08 by mcpre
*Apr 16 03:18:43.501: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
*Apr 16 03:18:43.501: %CRYPTO-6-GDOI_ON_OFF: GDOI is OFF
*Apr 16 03:18:43.540: %LINK-3-UPDOWN: Interface GigabitEthernet1, changed state to up
*Apr 16 03:18:44.541: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1, changed state to up
%Error opening tftp://255.255.255.255/network-confg (Timed out)
%Error opening tftp://255.255.255.255/cisconet.cfg (Timed out)
%Error opening tftp://255.255.255.255/router-confg (Timed out)
%Error opening tftp://255.255.255.255/ciscortr.cfg (Timed out)
%Error opening tftp://255.255.255.255/network-confg (Timed out)
%Error opening tftp://255.255.255.255/cisconet.cfg (Timed out)
%Error opening tftp://255.255.255.255/router-confg (Timed out)
%Error opening tftp://255.255.255.255/ciscortr.cfg (Timed out)
Router>

At this point I haven't activated the license so the router is limited to 2.5Mbps throughput. To activate the demo license use the platform hardware throughput level command in global configuration mode.

Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#platform hardware throughput level ?
10000 throughput in kbps
25000 throughput in kbps
50000 throughput in kbps

Router(config)#platform hardware throughput level 50000
Feature Name:prem_eval

PLEASE READ THE FOLLOWING TERMS CAREFULLY. INSTALLING THE LICENSE OR
LICENSE KEY PROVIDED FOR ANY CISCO PRODUCT FEATURE OR USING SUCH
PRODUCT FEATURE CONSTITUTES YOUR FULL ACCEPTANCE OF THE FOLLOWING
TERMS. YOU MUST NOT PROCEED FURTHER IF YOU ARE NOT WILLING TO BE BOUND
BY ALL THE TERMS SET FORTH HEREIN.

Use of this product feature requires an additional license from Cisco,
together with an additional payment. You may use this product feature
on an evaluation basis, without payment to Cisco, for 60 days. Your use
of the product, including during the 60 day evaluation period, is
subject to the Cisco end user license agreement
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html
If you use the product feature beyond the 60 day evaluation period, you
must submit the appropriate payment to Cisco for the license. After the
60 day evaluation period, your use of the product feature will be
governed solely by the Cisco end user license agreement (link above),
together with any supplements relating to such product feature. The
above applies even if the evaluation license is not automatically
terminated and you do not receive any notice of the expiration of the
evaluation period. It is your responsibility to determine when the
evaluation period is complete and you are required to make payment to
Cisco for your use of the product feature beyond the evaluation period.

Your acceptance of this agreement for the software features on one
product shall be deemed your acceptance with respect to all such
software on all Cisco products you purchase which includes the same
software. (The foregoing notwithstanding, you must purchase a license
for each software feature you use past the 60 days evaluation period,
so that if you enable a software feature on 1000 devices, you must
purchase 1000 licenses for use past the 60 day evaluation period.)

Activation of the software command line interface will be evidence of
your acceptance of this agreement.

ACCEPT? (yes/[no]): yes

*Apr 16 04:30:21.271: %LICENSE-6-EULA_ACCEPTED: EULA for feature prem_eval 1.0 has been accepted. UDI=CSR1000V:940WXLZ2LL4; StoreIndex=0:Built-In License Storage
Router(config)#
*Apr 16 04:30:23.939: %VXE_THROUGHPUT-6-LEVEL: Throughput level has been set to 50000 kbps
Router(config)#

This technically isn't needed if you are going to use it in a lab environment. At this point your router is ready to go.

Router(config)#do sho run
Building configuration...

Current configuration : 1047 bytes
!
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
platform console serial
platform hardware throughput level 50000
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
spanning-tree extend system-id
!
!
redundancy
mode none
!
!
!
!
!
!
ip tftp source-interface GigabitEthernet0
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet1
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
end

Router(config)#

Now that my router is ready to go I'll clone it because a single router isn't much to learn on. Ideally if you are going to reuse this machine in the future you wait to activate the license after the device is cloned. To clone the machine go to the server configuration tab and then select the datastore where you installed the CSR1000v onto and then right click on it. From there select "Browse Datastore..."

From here go under the directory for the CSR1000v and copy the contents of the directory. From there click on the root of the datastore and then select the folder icon to add a new directory.

Enter the directory name and then paste the contents into the new directory. After it has been pasted in, right click on the "Cisco CSR1000v Cloud Services Router.vmx" file and select "Add to Inventory". Change the default name if you would like and select the "Resource Pool" and finally finish.

You should now see the second CSR1000v in your ESXi server's inventory. From there we'll edit the settings to change the TCP port number for the virtual serial port and apply any VLANs from the ESXi to the CSR1000v's Gigabit Ethernet interfaces.

You are now ready to start up the second router. Note that after you start it VMware will ask you if you copied the virtual machine or moved it. Select "I copied it" and then click ok. Your router will now boot up.

ccie2210$ telnet 10.4.101.168 2006
Trying 10.4.101.168...
Connected to 10.4.101.168.
Escape character is '^]'.
Entry 0 will be booted automatically in 1 seconds.
Booting 'CSR1000v - packages.conf'

root (hd0,0)
Filesystem type is ext2fs, partition type 0x83
kernel /packages.conf rw quiet root=/dev/ram console= max_loop=64 HARDWARE=virt
ual SR_BOOT=bootflash:packages.conf
Calculating SHA-1 hash...done
SHA-1 hash:
calculated 6f85a7c5:ebd0151a:b5ada94a:f7a7be4b:d7de713f
expected 6f85a7c5:ebd0151a:b5ada94a:f7a7be4b:d7de713f
package header rev 1 structure detected
Calculating SHA-1 hash...done

The router will now be booting up and ready to go.

Use the same procedure outlined above to create as many routers as you like. You will of course want to create VLANs within the ESXi server to allow communication between the routers. For an overview of how to manage the ESXi's networking configuration go here.

Tomorrow I'll post another installation guide on how to install the CSR1000v in VMware Workstation and use it as a production router providing internet access.

Lastly if anyone would like to try out a few of these send me an email and I'll get you access.

Apr
15

The Cloud Services Router, CSR1000v, which was first announced at Cisco Live in San Diego last year is now available for download. For those who have never heard of the CSR1000v, in a nutshell it's an IOS XE image running in a virtualized environment (VMWare support now, Citrix XEN, Amazon, Windows Hypervisor and OpenStack in the near future). The CSR1000v is designed as a virtual router (think Quagga but IOS from Cisco) that resides on the hypervisor server as a client instance and provides any services a normal ASR1000 would provide between the other hypervisor's client instances (Linux servers, Windows servers, etc) and the network infrastructure. This could be something as simple as basic routing or NAT all the way up to advanced technologies like MPLS VPNs or LISP. Basically anything that a real ASR1000 could provide you can do in the CSR1000v with a small exception. This early release only supports 50Mbps throughput due to licensing restrictions. This being the case the specifications from Cisco shows the CSR1000v being capable of pushing 1.17Gpbs max and 438Mbps throughput with an IMIX traffic flow. With the 50Mbps limit it means the CSR1000v at this stage would be deployed more for proof-of-concept as opposed to real production. At this time the throughput is limited by the licensing but I'm sure there are plans to allow for higher throughput licensing in the near future.

If you're interested in a presentation from Cisco covering the CSR1000v you can view the Cisco Live session from London: Cisco’s Cloud Services Router (CSR 1000V): Extending the Enterprise Network to the Cloud (2013 London) Note that you will need to create an account if you don't already have an account to view the session.

Personally I've been testing out the CSR1000v over this past week and to say the least I'm really impressed at not only the product itself but the possibilites for the CSR1000v. The version available for download is IOS XE 3.9.0aS aka IOS Version 15.3(2)S which means basically any feature you want or need is in this release.

IOS-XE1#show version
Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.3(2)S0a, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Sat 30-Mar-13 19:08 by mcpre

IOS XE Version: 03.09.00a.S

Cisco IOS-XE software, Copyright (c) 2005-2013 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0. For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.

ROM: IOS-XE ROMMON

IOS-XE1 uptime is 4 days, 24 minutes
Uptime for this control processor is 4 days, 25 minutes
System returned to ROM by reload
System image file is "bootflash:csr1000v-packages-adventerprisek9.03.09.00a.S.153-2.S"
Last reload reason:

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco CSR1000V (VXE) processor with 1141428K/6147K bytes of memory.
Processor board ID 926O40RARZR
2 Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
7774207K bytes of virtual hard disk at bootflash:.

Configuration register is 0x2102

IOS-XE1#
IOS-XE1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
IOS-XE1(config)#router ?
bgp Border Gateway Protocol (BGP)
eigrp Enhanced Interior Gateway Routing Protocol (EIGRP)
isis ISO IS-IS
iso-igrp IGRP for OSI networks
lisp Locator/ID Separation Protocol
mobile Mobile routes
odr On Demand stub Routes
ospf Open Shortest Path First (OSPF)
ospfv3 OSPFv3
rip Routing Information Protocol (RIP)

IOS-XE1(config)#router bgp 1
IOS-XE1(config-router)#address-family ?
ipv4 Address family
ipv6 Address family
l2vpn Address family
nsap Address family
rtfilter Address family
vpnv4 Address family
vpnv6 Address family

IOS-XE1(config-router)#exit
IOS-XE1(config)#ipv6 unicast-routing
IOS-XE1(config)#router ospfv3 1
IOS-XE1(config-router)#address-family ?
ipv4 Address family
ipv6 Address family

IOS-XE1(config-router)#address-family ipv4
IOS-XE1(config-router-af)#?
Router Address Family configuration commands:
area OSPF area parameters
auto-cost Calculate OSPF interface cost according to bandwidth
bfd BFD configuration commands
compatible Compatibility list
default Set a command to its defaults
default-information Control distribution of default information
default-metric Set metric of redistributed routes
discard-route Enable or disable discard-route installation
distance Define an administrative distance
distribute-list Filter networks in routing updates
event-log Event Logging
exit-address-family Exit from Address Family configuration mode
graceful-restart Graceful-restart options
help Description of the interactive help system
interface-id Source of the interface ID
limit Limit a specific OSPF feature
log-adjacency-changes Log changes in adjacency state
max-lsa Maximum number of non self-generated LSAs to accept
max-metric Set maximum metric
maximum-paths Forward packets over multiple paths
no Negate a command or set its defaults
nsr Enable non-stop routing
passive-interface Suppress routing updates on an interface
prefix-suppression Enable prefix suppression
queue-depth Hello/Router process queue depth
redistribute Redistribute information from another routing protocol
router-id router-id for this OSPF process
shutdown Shutdown the router process
snmp Modify snmp parameters
summary-prefix Configure IP address summaries
timers Adjust routing timers

IOS-XE1(config-router-af)#

I've tested a lot of features (LISP, BGP, NAT, etc) over this past week and haven't stumbled across any issues related to the CSR1000v itself. The only issues I've ran into related to not giving the VM the required 4GB of RAM and it would complain when I started enabling features. The CSR1000v doesn't use much CPU but it does require 4GB of RAM per instance. I've had over 30 CSR1000v instances running on my ESXi 5.1 development server without a problem.

So what does this mean for people preparing for a Cisco certification or just looking to learn networking? I hate to use buzzwords but this really is a game changer. The CSR1000v is like "crack" for a networking addict. You want to learn a technology or a feature then the CSR1000v is really the only way to go if you don't have or want to setup real hardware. I have access to tons of real hardware and I would never consider giving it up for GNS3 or IOU but I would for the CSR1000v. The image is very stable and fast plus has everything you could need. Want to learn LISP? Want to learn OTV? Want to learn MPLS VPNs? What to learn VPLS? Want to learn OSPFv3 for IPv4? The CSR1000v is the way to go.

I'll post a detailed instruction tomorrow on how to install and get it up and running based upon my experience running it in VMWare ESXi and on VMWare Workstation but here are a couple quick notes for those who can't wait. VMWare ESXi Enterprise version has a built in console server which will allow to you via the virtual serial console over the VMWare console.

Brians-MacBook-Pro-3:~ ccie2210$ telnet 10.4.210.100 2004
Trying 10.4.210.100...
Connected to 10.4.210.100.
Escape character is '^]'.

IOS-XE4#
IOS-XE4#show version | in LINUX
Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.3(2)S0a, RELEASE SOFTWARE (fc1)
IOS-XE4#

This is really nice to have. If you don't want to fork out the crazy money for the Enterprise licensing from VMWare then you could run the demo for 60 days and then reinstall or you could create a "management" interface in each instance and use it for telnet access. The CSR1000v allows you to create as many interfaces on the router as the host machine will support so creating one dedicated to management isn't a problem.

IOS-XE4#show platform software vnic-if interface-mapping
-------------------------------------------------------------------
Interface Name Short Name vNIC Name Mac Addr
-------------------------------------------------------------------
GigabitEthernet0 Gi0 eth0 (vmxnet3) 000c.2965.dc56
GigabitEthernet2 Gi2 eth2 (vmxnet3) 000c.2965.dc6a
GigabitEthernet1 Gi1 eth1 (vmxnet3) 000c.2965.dc60
-------------------------------------------------------------------

IOS-XE4#
IOS-XE4#show run int g0
Building configuration...

Current configuration : 113 bytes
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address 10.1.1.4 255.255.255.0
negotiation auto
end

IOS-XE4#

Lastly when you install the CSR1000v it comes with a 60 day license for 50Mbps throughput. After that expires it drops to 2.5Mbps which is still fine if you are using it in a test environment or for learning.

IOS-XE4#show platform hardware throughput level
The current throughput level is 50000 kb/s
IOS-XE4#

As I said earlier, tomorrow I'll post a detailed instructions on how to setup a lab using the CSR1000v along with how I'm using the CSR1000v as my home router ;-)

Subscribe to INE Blog Updates

New Blog Posts!