Author Archives: sr71rocks

Cisco VIRL – New Feature Release v1.0.0

Cisco just released yesterday (November 26) an updated version of VIRL (Virtual Internet Routing Lab), version 1.0.0….and let me tell you, it has some great enhancements! You now have the ability to modify parameters on a link…you can configure latency, packet loss and jitter. AND they have increased the node count to 20 (up from 15). This is WAY cool stuff! First though, you need to upgrade to the new version, which I just did.

NOTE:  This post is just a high-level overview of a VIRL installation, so you can get a taste of what it takes to install it. Please reference the noted links below to get the full instructions when you are ready to install VIRL. A great place to start is the Cisco VIRL homepage.

STEP ONE:  Download the new VIRL version. Normally you have to wait for an email which has the download links and grab the image within 3 days (after which the links expires). But Cisco has finally setup a “self-service” download process which allows current VIRL users to download updated images whenever you want. (See this Cisco VIRL announcement for lots more details.) From your current running VIRL install, you can open up a terminal window to grab the new image…since I’m running VIRL on a bare-metal installation, the commands were…

Self-service download of new VIRL image

Self-service download of new VIRL image

STEP TWO:  Installation. Unfortunately, you cannot do an in-place upgrade…you must do a fresh install. Go to the VIRL installation documentation and pick your method (for me, it’s ISO to Bare-Metal), and follow the directions. It will take time, so be patient and follow each step carefully.

STEP THREE:  Troubleshoot issues.  Hopefully your installation will just work. However, in my case, I had an issue…the “linux-bridge-agent” was not up and running…

Bare metal issue: linux-bridge-agent not running

Bare metal issue: linux-bridge-agent not running (no smiley face!)

It took a lot of time to figure this one out, but I found a posting that addressed this issue. It has to do with running VIRL on a bare-metal server that does not have the minimum required 5 physical interfaces. You can setup dummy interfaces to handle this, which I had done, but there were some additional steps needed to fix some bugs…here is the link if you have the same issue.

So, now things are working properly…

All four agents are running!

All four agents are running!

And all services are running!

And all services are running!

Time to install the license key and make contact with Cisco’s salt servers…

Successful contact with SALT servers

Successful contact with SALT servers

At this time, the VIRL installation is up and running properly. Now it’s time to install the frontend to VIRL, called VM Maestro, so you can create and run network simulations. Just follow the instructions, and this is a very quick step. When logging into VM Maestro for the first time, make sure and enter the IP address as well as the password…only then will the client make the proper connections and the web services go “green”…

With the proper server IP, username and password...everything goes green!

With the proper server IP, username and password…everything goes green!

Now that everything is up and running, I configured a simple 4 node router simulation…and added 100 ms of latency between node San Francisco and Los Angeles, like so…

Adding latency to a link

Adding latency to a link

Before I failed any of the links, the ping results from San Francisco to New York were…

Normal latency between San Francisco and Los Angels

Normal latency between San Francisco and Los Angels

After I failed a couple of links, which forced the traffic through Los Angeles to reach New York, ping results showed the higher latency…

Ping results with high latency

Ping results with high latency

This is VERY cool…and there is much more to this new version…I have only just touched the surface of all the new features. Cisco has done a great job of putting a fully functional network simulator into our hands….let’s make great use of it, and let’s give Cisco our thanks!! They deserve it!!

New Versions of NMAP and Wireshark

If you have not already heard, new versions of NMAP and Wireshark have been released recently. These are my favorite open source programs, and to be honest, pretty much my favorite programs period. They are both maintained and managed by a dedicated team of people, and the quality of the software shows. Plus, the main authors (Gerald Combs for Wireshark, and Fyodor for NMAP) are both class acts…

NMAP is THE tool for running forensics on your network…to find the weaknesses before the bad guys do. It has MANY parts, which all work together in a very seamless manner, and should be in every network engineers tool kit. If you are not using it, stop what you are doing and get it now!! (Enough said!!) New version is 7.00.

Same thing about Wireshark. I’ve said it before and I’ll say it again…if you don’t have a network analyzer, then you’re not really a full and complete network engineer. Get it and learn it. There are plenty of resources on the Internet, for free, to help you get started (Google is your friend), and if you want to pay a little bit of money, Laura Chappell has a great website devoted to Wireshark training.

I just downloaded the updated Wireshark today (version 2.0.0), and I have to say the default screen is spartan, to say the least. Not sure if this is temporary in this initial v2 build, but either way, it does not look like it’s predessor. Note how clean (and empty) the startup screen is…

Initial Wireshark startup screen

Initial Wireshark startup screen

Here is some info from Gerald about this new version. I’m looking forward to learning what it has to offer!

Riverbed Interface Configuration via Command Line Interface (CLI)

Yes, it’s been a while since I did much of any postings, but I’ve been both very busy at work and out of state on vacation. Things are starting to calm down a bit now, so back to some network related postings…

I worked late last night upgrading a batch of out-dated Cisco 3750 switches (first generation), installing a stack of new 3650 switches. I have to admit, these switches are nice! But like most all of Cisco’s stuff, they don’t play well with other vendors products in terms of interface auto-negotiation. The existing switches were all 10/100 interfaces, and we had a Riverbed device installed between the switches and router, so all of the related interfaces were manually configured for 100 Mb, full duplex.

Since the new switches were all gig, and the router was too, I reconfigured them for auto/auto for both speed and duplex.  But I needed to configured the Riverbed device too.  (When I first brought everything online, the Cisco devices came up 100/half….not good at all.)

Since the GUI interface on the Riverbed does not handle interface configurations very well, I connected to the device via SSH and configured the interfaces using the command line…which as we all know is the best way to do anything!! As you can see, interface wan0_0 is configured for 100/full…

Command showing current settings for wan0_0 interface

Command showing current settings for wan0_0 interface

To change the configuration is easy…here are some of the options…

Interface configuration options

Interface configuration options

And here I changed both wan0_0 and lan0_0 interfaces for auto/auto operation…

Setting interfaces to auto/auto

Setting interfaces to auto/auto

It was that simple. I then unplugged both cables to my router and switch, reconnected them, and all interfaces came up 1000Mb (gig) and full duplex.

Working with Riverbed on the command line is rather easy, and you will find many of the commands are similar to Cisco.

Beautiful Visit to Upstate New York

Sorry for the lack of posts lately…been too busy at work, and now my wife and I are in upstate New York visiting my daughter and her family….AND getting some good bonding time with my new granddaughter Evelyn. She is just way too cute….

Holding my new granddaughter!!

Holding my new granddaughter!!

I’ll get back to my postings in another week or so, once I get back from vacation.

Amazon Suggested Items…You’re Kidding Me, Right?

I’m sure you’ve noticed when buying stuff on Amazon that they will provide “suggestions” of related items commonly purchased…just to help you out…right? Ha! Yeah…right. Well I was recently purchasing an item on Amazon and this was their recommended “Frequently Purchased Together” list of products…

Makes sense to me...

Makes sense to me…

So according to Amazon, they must have a lot of customers that need to purchase ear plugs, gift cards, and a Fire HD 7…all at the same time. Yeah…right…and I have some real good land I want to sell you in the north east part of Florida. I guess I can’t blame Amazon for trying, but really…can’t your complex (and powerful) computer algorithms do a better job than this?

In case you are wondering…I didn’t bite.

Saturday Snapshot – 95% Accurate Sign

When I was up in Nevada earlier this week, I stayed at a Best Western Hotel…it wasn’t the fanciest hotel around, but it was nice and clean, with a very polite staff. What was interesting was finding my room after I checked in. I was assigned room #220…I walked up the stairs and found this sign…

Sign showing room locations

Sign showing room locations

Easy enough…turn to the right. Well…I thought it was easy…except my room was no where to be found in that direction. I thought I had misread the sign, but no…I didn’t. So if it’s not right, how about I turn to the left…and there was my room several doors down. The sign should have read…

202-222  <<<<<<< (turn to the left)
224-230  >>>>>>> (turn to the right)

I’m still trying to figure out how you can make a sign that is so wrong…seems so easy to me. And wouldn’t you think that someone would double check that?

So the “slightly kinked” version of myself is thinking this:  After I checked in and was heading up to room #220, the desk employee called all the staff and said “Quick…come down to the front desk…I just assigned room #220 to some middle-aged geezer…this should be great!!” They all gathered around the security monitor and watched me wander down the wrong direction before finding the correct room. And they must have busted a gut laughing! You see…I’m guessing this is what you do for fun when you live in the middle of nowhere. And to be honest, I’m OK with giving them a laugh!

DHCP Scope Configuration – Oops

So for the last couple of days, I’ve been in Nevada at one of our remote sites. (On a side note, the “middle of nowhere” pretty much describes all of Nevada!!) I was setting up a wireless bridge to connect separate parts of a large aggregate plant…it was a very busy few days. We kept running into problems, which took up a lot of time to resolve, but eventually we got things working. As I was testing the new subnet hanging off the bridge, I noticed that DHCP was not working…hmmm, very strange. I’ve configured DHCP many times over the years, and it just works. Time to troubleshoot…

First test was easy…I configured a static IP on my laptop and everything worked great. Next I drove over to the other end which housed the main switch and router, and plugged into a port configured for the new VLAN….and no DHCP. Say what? Hmmm…I must have made a mistake on my configuration…but the DHCP pool looks good…

Config for the DHCP pool

Config for the DHCP pool

And the subinterface configuration looks good too…

Sub-interface config looks good too

Sub-interface config looks good too

Very interesting…the only thing left was the DCHP excluded-address config, but that’s so easy, I know that’s not the problem.  But I checked it out anyways…

DHCP excluded-address config....oops

DHCP excluded-address config….oops

Say what?? How could I have messed that up? But I have to say, the configuration was doing exactly what I asked it to do…basically not handing out any IP’s!! So after a quick edit, everything was working properly…

The proper excluded-address configuration

The proper excluded-address configuration

So remember, most of the time, it will be the simple things that get you.

Saturday Snapshot – Welcome Evelyn Grace

There are certain events in life that leave a lasting impression…a moment in time that you will never forget. For me…it’s the day I got married, the birth of my two children, the death of my first wife, and the day I married my second wife. Most of these events are joyous, yet some are painful. Today’s event however, is a day of immense joy…my daughter Andrea and her husband Cory had their first child…my granddaughter Evelyn Grace. And like so many years ago when Andrea was born, I am once again smitten by a little girl…

My granddaughter Evelyn Grace

My granddaughter Evelyn Grace

Cisco VWIC3-1MFT-T1/E1 Controller PRI Issue

Hats off to Dan, my co-worker….he’s been chasing a PRI issue at one of our new sites. He has a Cisco 2951 router with a VWIC3-1MFT-T1/E1 card installed, and when the PRI circuit is un-plugged and plugged back in, the circuit refuses to come up. However, if you reboot the router, the circuit will come up. (Rebooting the router is not a good fix, just in case you are wondering.)

As part of his troubleshooting, he replaced the VWIC3 card with a VWIC2 card and it works just fine…no issues. After working with Cisco TAC, he found out he was hitting a known bug with this VWIC3 card and IOS software (15.3(3)M6). At least the fix was easy…he simply had to add the command “hwic_t1e1 equalize” under the controller T1 interface…like this…

Adding in the hidden controller T1 command

Adding in the hidden controller T1 command

What’s interesting is it’s a hidden command…if you list the available commands under controller T1 0/0/0, you won’t see this command…

A hidden command...interesting!

A hidden command…interesting!

And I just bet there are a bunch more hidden commands that we don’t know about!!