思科IOU模拟器搭建路由器拓扑使用教程
时间:2011-01-23 来源:evilrouters 作者:evilroutersHere’s an example topology for Cisco IOU to help you get started:
In this example, SF is an IOU instance running on host “solaris”. IOUlive is also running on this host, bridging SF’s Ethernet0/0 interface to my physical network (and to the world).
SJ1, SJ2, and SJ3 are IOU instances running on host “helium”.
The Ethernet1/0 interface on SF is connected to Ethernet0/1 on SJ1 are connected, even though they are on separate physical hosts.
The Ethernet0/0 interfaces on SJ1, SJ2, and SJ3 are connected, sharing a common network segment.
Last, SJ2 and SJ3 are connected via their Serial1/0 interfaces.
Hopefully, this should be good enough to demonstrate the various options for connecting IOU instances.
The NETMAP file
When connecting IOU instances across physical hosts, the hosts should share a common NETMAP file. If it isn’t possible to use NFS, you’ll need to duplicate the file on each host. I’m not running NFS at home, so I’ve simply copied the file over to both hosts.
The IOU instance IDs are assigned as follows:
- SF : 100
- SF : 199 (IOUlive)
- SJ1 : 151
- SJ2 : 152
- SJ3 : 153
Here’s what my NETMAP file looks like:
100:0@solaris 199:0@solaris 100:1@solaris 151:16@helium 151:0@helium 152:0@helium 153:0@helium 152:1@helium 153:1@helium
Connect SF to the real world
I’ll start by firing up the SF router on solaris:
$ ./unix-js-m 100
IOS On Unix - Cisco Systems confidential, internal use only
Port 0 is connected to:
199:0@solaris
Port 16 is connected to:
151:16@helium
...output snipped...
Next, I’ll startup IOUlive so that SF is connected to my physical network:
$ ./ioulive /dev/hme0 199
Port 0 is connected to:
100:0@solaris
/dev/hme0 is the NIC on solaris that is connected to my network.
I’ll bring up the Ethernet0/0 interface on SF:
SF# conf t Enter configuration commands, one per line. End with CNTL/Z. SF(config)# interface ethernet 0/0 SF(config-if)# ip address 203.0.113.2 255.255.255.0 SF(config-if)# no shutdown
Verify I can ping my (physical) router:
SF(config-if)# do ping 203.0.113.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 203.0.113.1, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 20/33/40 ms
So SF, an IOU instance, has connectivity with my physical router at home, a Cisco 1811. Just for good measure, let’s add a default route and see if we can ping hosts on the Internet:
SF(config-if)# exit SF(config)# ip route 0.0.0.0 0.0.0.0 203.0.113.1 SF(config)# do ping 4.2.2.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 40/50/72 ms
Looks like we’re all set!
Bring up SJ1
Now let’s bring up the SJ1 IOU instance on helium:
$ ./i86bi_linux-ipbase-ms -e 1 -s 0 151
***************************************************************
IOS On Unix - Cisco Systems confidential, internal use only
Under no circumstances is this software to be provided to any
non Cisco staff or customers. To do so is likely to result
in disciplinary action. Please refer to the IOU Usage policy at
wwwin-iou.cisco.com for more information.
***************************************************************
Port 0/0 is connected to:
152:0@helium
153:0@helium
Port 0/1 is connected to:
100:1@solaris
...output snipped...
Connect SJ1 to SF
Now that SJ1 is up, let’s get it connected to the SF router:
SF(config)# int e1/0 SF(config-if)# ip addr 10.0.0.1 255.255.255.0 SF(config-if)# no shutdown
SJ1# conf t Enter configuration commands, one per line. End with CNTL/Z. SJ1(config)# int e0/1 SJ1(config-if)# ip address 10.0.0.2 255.255.255.0 SJ1(config-if)# no shutdown
Note that SF is running on the physical host “solaris”, a Solaris 8/SPARC box, and SJ1 is running on the physical host “helium”, an Ubuntu 10.04/x86 box.
Let’s verify we have connectivity:
SJ1(config-if)# do ping 10.0.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 20/28/40 ms
Now we’ll bring up the Ethernet0/0 interface on SJ1 that shares a segment with SJ2 and SJ3:
SJ1(config-if)# int e0/0 SJ1(config-if)# ip addr 10.123.123.1 255.255.255.0 SJ1(config-if)# no shutdown
Bring up SJ2
Let’s bring up the SJ2 instance:
$ ./i86bi_linux-ipbase-ms -e 1 -s 1 152
***************************************************************
IOS On Unix - Cisco Systems confidential, internal use only
Under no circumstances is this software to be provided to any
non Cisco staff or customers. To do so is likely to result
in disciplinary action. Please refer to the IOU Usage policy at
wwwin-iou.cisco.com for more information.
***************************************************************
Port 0/0 is connected to:
151:0@helium
153:0@helium
Port 1/0 is connected to:
153:1@helium
...output snipped...
Let’s configure the Ethernet0/0 and Serial1/0 interfaces:
SJ2# conf t Enter configuration commands, one per line. End with CNTL/Z. SJ2(config)# interface ethernet 0/0 SJ2(config-if)# ip address 10.123.123.2 255.255.255.0 SJ2(config-if)# no shutdown SJ2(config-if)# interface serial 1/0 SJ2(config-if)# ip address 10.10.23.2 255.255.255.0 SJ2(config-if)# no shutdown
Verify we can ping SJ1′s Ethernet0/0 interface:
SJ2(config-if)# do ping 10.123.123.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.123.123.1, timeout is 2 seconds .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 4/6/8 ms
Bring up SJ3
Now we’ll bring up the SJ3 router:
$ ./i86bi_linux-ipbase-ms -e 1 -s 1 153
***************************************************************
IOS On Unix - Cisco Systems confidential, internal use only
Under no circumstances is this software to be provided to any
non Cisco staff or customers. To do so is likely to result
in disciplinary action. Please refer to the IOU Usage policy at
wwwin-iou.cisco.com for more information.
***************************************************************
Port 0/0 is connected to:
151:0@helium
152:0@helium
Port 1/0 is connected to:
152:1@helium
...output snipped...
Configure Ethernet0/0 and Serial1/0:
SJ3# conf t Enter configuration commands, one per line. End with CNTL/Z. SJ3(config)# interface ethernet 0/0 SJ3(config-if)# ip address 10.123.123.3 255.255.255.0 SJ3(config-if)# no shutdown SJ3(config-if)# interface serial 1/0 SJ3(config-if)# ip address 10.10.23.3 255.255.255.0 SJ3(config-if)# no shutdown
Verify we can ping SJ1 and SJ2′s Ethernet0/0 interfaces:
SJ3(config-if)# do ping 10.123.123.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.123.123.1, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms SJ3(config-if)# do ping 10.123.123.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.123.123.2, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/4 ms
Verify we can ping SJ2 over the Serial1/0 interface:
SJ3(config-if)# do ping 10.10.23.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.23.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/12 ms
Great, full connectivity so far! Let’s enable OSPF on SF and SJ1:
SF(config-if)# router ospf 42 SF(config-router)# network 10.0.0.1 0.0.0.0 area 0
SJ1(config-if)# router ospf 42 SJ1(config-router)# network 10.0.0.2 0.0.0.0 area 0 SJ1(config-router)# network 10.123.123.1 0.0.0.0 area 0
Make sure the OSPF adjacency between SF and SJ1 came up:
SF(config-router)# do sh ip ospf neigh Neighbor ID Pri State Dead Time Address Interface 10.123.123.1 1 FULL/BDR 00:00:36 10.0.0.2 Ethernet1/0
Let’s look at the routing table on SF:
SF(config-router)# do sh ip route | begin Gateway
Gateway of last resort is 203.0.113.1 to network 0.0.0.0
C 203.0.113.0/24 is directly connected, Ethernet0/0
10.0.0.0/24 is subnetted, 2 subnets
O 10.123.123.0 [110/20] via 10.0.0.2, 00:00:50, Ethernet1/0
C 10.0.0.0 is directly connected, Ethernet1/0
S* 0.0.0.0/0 [1/0] via 203.0.113.1
Inject default route into OSPF
Since SF has a route to the world, let’s inject a default route there into OSPF:
SF(config-router)# default-information originate
Make sure it shows up on SJ1:
SJ1(config-router)# do sh ip route | begin Gateway
Gateway of last resort is 10.0.0.1 to network 0.0.0.0
O*E2 0.0.0.0/0 [110/1] via 10.0.0.1, 00:00:44, Ethernet0/1
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.0.0.0/24 is directly connected, Ethernet0/1
L 10.0.0.2/32 is directly connected, Ethernet0/1
C 10.123.123.0/24 is directly connected, Ethernet0/0
L 10.123.123.1/32 is directly connected, Ethernet0/0
Configure default route on SJ2 and SJ3
On SJ2 and SJ3, let’s configure a default route towards SJ1:
SJ2(config-if)# ip route 0.0.0.0 0.0.0.0 10.123.123.1
SJ3(config-if)# ip route 0.0.0.0 0.0.0.0 10.123.123.1
Make sure SF can talk to SJ2 and SJ3:
SF(config-router)# do ping 10.123.123.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.123.123.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/44/60 ms SF(config-router)# do ping 10.123.123.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.123.123.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/52/88 ms
Configure NAT on SF
Now that we have full connectivity, let’s configure NAT on the SF router so that SJ1, SJ2, and SJ3 can talk to the outside world:
SF(config-router)# interface ethernet 0/0 SF(config-if)# ip nat outside SF(config-if)# interface ethernet 1/0 SF(config-if)# ip nat inside
We’ll need an ACL matching the source addresses to match, of course:
SF(config-if)# ip access-list standard NAT SF(config-std-nacl)# permit 10.0.0.0 0.0.0.255 SF(config-std-nacl)# permit 10.123.123.0 0.0.0.255 SF(config-std-nacl)# permit 10.10.23.0 0.0.0.255
Last, we’ll use “ip nat …” to tell SF how to work its magic:
SF(config-std-nacl)# ip nat inside source list NAT int e0/0 overload
Verify connectivity
At this point, all routers should have connectivity to the outside world. Let’s verify from SJ2 and SJ3 by pinging a couple of well-known public DNS servers:
SJ2(config)# do ping 4.2.2.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/55/128 ms
SJ3(config)# do ping 8.8.8.8 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 80/100/120 ms
Looks like everything is working properly.
Verify Internet connectivity
Last, just for good measure, let’s connect to the web server this site runs on and issue a request:
SJ3(config)# do telnet 206.125.175.18 80 Trying 206.125.175.18, 80 ... Open HEAD / HTTP/1.0 HTTP/1.0 200 OK Date: Sat, 22 Jan 2011 22:52:01 GMT Server: Apache/2.2.17 (FreeBSD) mod_ssl/2.2.17 OpenSSL/0.9.8n X-Pingback: http://evilrouters.net/xmlrpc.php Link: <http://wp.me/nzh6>; rel=shortlink Connection: close Content-Type: text/html; charset=UTF-8 [Connection to 206.125.175.18 closed by foreign host]
Summary
This post demonstrated a number of concepts that should be useful for those wanting to use IOU.
First, we showed how the routers connect “physically”.
Second, we showed how to construct a working NETMAP file to match our topology.
Third, we started up our IOU instances and connect them across hosts and to the outside world.
Fourth, we configured our routers (even configuring OSPF).
Last, we showed how to verify we had connectivity with the outside world.
I hope this post was helpful. I welcome your feedback in the comments section below!
