Cisco Hypervisor on EC2

The idea is to make Cisco router images available in the cloud in order to run complex topologies in the GNS3 simulator that would otherwise be too demanding for the local PC. The local PC will host GNS3 and a hypervisor with a few routers. An EC2 running dynamips will be set up as a remote hypervisor and will host a few additional routers.

Install GNS3/dynamips on EC2 instance.

ubuntu@ip-172-31-28-108:~$ sudo apt-get update
ubuntu@ip-172-31-28-108:~$ sudo add-apt-repository ppa:gns3/ppa
ubuntu@ip-172-31-28-108:~$ sudo apt-get update
ubuntu@ip-172-31-28-108:~$ sudo apt-get install dynamips gns3

The Cisco image is stored in an S3 bucket. The bucket will be mounted in EC2 using S3FS.

Install software for S3FS

ubuntu@ip-172-31-28-108:~$ sudo apt-get install fuse
ubuntu@ip-172-31-28-108:~$ sudo apt-get install build-essential gcc libfuse-dev fuse-util
root@ip-172-31-28-108:~# apt-get install openssl
root@ip-172-31-28-108:~# apt-get install pkg-config
root@ip-172-31-28-108:~# cd /usr/local/src
root@ip-172-31-28-108:/usr/local/src# wget http://downloads.sourceforge.net/project/fuse/fuse-2.X/2.9.3/fuse-2.9.3.tar.gz
root@ip-172-31-28-108:/usr/local/src# tar xvzf fuse-2.9.3.tar.gz
root@ip-172-31-28-108:/usr/local/src# cd fuse-2.9.3/
root@ip-172-31-28-108:/usr/local/src/fuse-2.9.3# ./configure --prefix=/usr
root@ip-172-31-28-108:/usr/local/src/fuse-2.9.3# make
root@ip-172-31-28-108:/usr/local/src/fuse-2.9.3# make install
root@ip-172-31-28-108:/usr/local/src# wget https://s3fs.googlecode.com/files/s3fs-1.74.tar.gz
--2014-12-17 15:33:27-- https://s3fs.googlecode.com/files/s3fs-1.74.tar.gz
root@ip-172-31-28-108:/usr/local/src# tar xvzf s3fs-1.74.tar.gz
root@ip-172-31-28-108:/usr/local/src# cd s3fs-1.74/
root@ip-172-31-28-108:/usr/local/src/s3fs-1.74# ./configure --prefix=/usr
root@ip-172-31-28-108:/usr/local/src/s3fs-1.74# make
root@ip-172-31-28-108:/usr/local/src/s3fs-1.74# make install

Create mount point for S3 bucket

ubuntu@ip-172-31-28-108:/$ sudo mkdir /mnt/mys3bucket

Create password file for s3 user

ubuntu@ip-172-31-28-108:/mnt$ sudo cat /etc/passwd-s3fs
ldk-cisco:access-key:secret-key

Mount the S3 bucket.

root@ip-172-31-28-108:/usr/local/src/s3fs-1.74# s3fs ldk-cisco /mnt/mys3bucket/
root@ip-172-31-28-108:/usr/local/src/s3fs-1.74# df -h
root@ip-172-31-28-108:/usr/local/src/s3fs-1.74# ldconfig
root@ip-172-31-28-108:/usr/local/src/s3fs-1.74# cd /mnt/mys3bucket/
root@ip-172-31-28-108:/mnt/mys3bucket# ls -al
total 5
drwxr-xr-x 1 root root 0 Jan 1 1970 .
drwxr-xr-x 3 root root 4096 Dec 17 15:18 ..
---------- 1 root root 89510044 Dec 16 16:54 c7200-spservicesk9-mz.150-1.M.image

Update security group on EC2 console to allow hypervisor traffic.

gns3-ec2-3

Or do the same thing using EC2 API tools for each port range

C:\Documents and Settings\LDK>ec2-authorize dynamips -p 7200 -s 0.0.0.0/0
GROUP                   dynamips
PERMISSION              dynamips        ALLOWS  tcp     7200    7200    FROM
CIDR    0.0.0.0/0       ingress

The local and remote hypervisors are behind different NATs, so if we use the local interface address when defining the hypervisors in GNS3 we’ll run into problems when they try to communicate with each other. On the other hand if we try to bind the local hypervisor to the dynamic DNS hostname we run into a problem as this will resolve to the WAN address of the router and not the local PC. Therefore some DNS jiggery pokery is required.

Install DNS server on local PC

apt-get install dnsmasq

Add local PC to list of nameservers.

root@laptop2-bblab:/home/bblab/Downloads# cat /etc/resolv.conf 
# Generated by NetworkManager
nameserver 127.0.0.1
nameserver 192.168.11.254

Resolve dynamic DNS address to local PC.

root@laptop2-bblab:/home/bblab/Downloads# cat /etc/hosts
127.0.0.1    localhost
192.168.11.109    xxxxxxx.no-ip.org

Restart DNS server.

/etc/init.d/dnsmasq restart

Check DNS lookup

root@laptop2-bblab:/home/bblab/Downloads# dig xxxxxxxx.no-ip.org

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> xxxxxxxx.no-ip.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3646
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;xxxxxxxx.no-ip.org.        IN    A

;; ANSWER SECTION:
xxxxxxxx.no-ip.org.    0    IN    A    192.168.11.109

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Jan 16 11:56:37 2015
;; MSG SIZE  rcvd: 52

Port forwarding on the local router

#Dynamips hypervisor
iptables -A PREROUTING  -t nat -i ${IFNAME} -p tcp --dport 7200  --jump DNAT --to 192.168.11.109:7200
iptables -A FORWARD -i ${IFNAME} -p tcp -d 192.168.11.109 --dport 7200 --jump ACCEPT
#Dynamips UDP
iptables -A PREROUTING  -t nat -i ${IFNAME} -p tcp --dport 10000:10099  --jump DNAT --to 192.168.11.109:10000:10099
iptables -A FORWARD -i ${IFNAME} -p tcp -d 192.168.11.109 --dport 10000:10099 --jump ACCEPT
#Dynamips console
iptables -A PREROUTING  -t nat -i ${IFNAME} -p tcp --dport 2001:2009  --jump DNAT --to 192.168.11.109:2001:2009
iptables -A FORWARD -i ${IFNAME} -p tcp -d 192.168.11.109 --dport 2001:2009 --jump ACCEPT

Configure local and remote hypervisors on GNS3

Screenshot from 2015-01-16 12:08:46

Configure IOS images on GNS3

Screenshot from 2015-01-16 12:30:43

Test topology
Screenshot from 2015-01-16 12:33:18

Ping between local and remote routers

Screenshot from 2015-01-16 13:31:34

Advertisements