Goodbye firstdigest.com, welcome ipnet.xyz

I hope you’ve noticed that when you access firstdigest.com (or a link associated with this domain) you’re getting redirected to ipnet.xyz. No, I didn’t got my blog hacked.
I’ve decided to go ahead with another domain for this blog.

If you ever had to curiosity to read the About page (yes, it needs badly an update), you’ve seen that around 2007 when I bought firstdigest.com, the plan was to use it for a kind of review blog (travel, food, social life, etc.) FirstDigest (inspired by Reader’s Digest name) seemed like a good name and to be fully honest was the only one free and for an acceptable fee.
Remember this was pre-ICANN-era generic top-level domains and there were limited readable names for .com or .net.

That project went well (please feel the sarcasm). It was mostly because I had no idea what to write about and no time to do proper research. Instead I was more drawn to write about topics that I deal with everyday in my network engineer life.

Since I had the domain already, I said why not to use it. The name never fit the topics on this blog, but I’ve made the best of it. And here is 10 years later, I’ve decided to change it. I was thinking for a long time to adapt the domain name to the topics of this blog, but I never took the time to do it.

The difference between 2007 and now is that you have other possibilities due to the surge of new TLDs. However, premium is premium and names like net [dot] something is still expensive. This is why I’ve came with IP Networks (ipnet). Looking at various TLDs, the .xyz seems to be good one. If it was good enough for Alphabet (aka. Google), it sure does the thing for me. Still, it may have some people raise an eyebrow wondering, holy cow what is .xyz, but at least the domain name match the topics of this blog.

Due to the large number of links pointing back to firstdigest.com and because most of my visitors are coming via a link posted somewhere, I’m keeping this domain alive with a 301 Permanent Redirect to ipnet.xyz. I think I’ll get some impact from search engines like Google, but eh, I’m not that keen on statistics. Is not like I’m making a living out of this blog :)

Now to get back and write something which is actually interesting for the tech savvy ones out there.

INE’s CCIE R&S v5 topology for EVE-NG using CSR1000v

In my previous blog post I’ve adapted the INE’s CCIE Routing and Switching topology to be used with EVE-NG using IOSv (or vIOS) L3 images for routers and L2 images for switches.

Following the promise in that blog post, I’ve adapted the same topology using Cisco CSR1000v images for routers and IOSv L2 images for switches. There isn’t much to say about this topology since mostly is matching the original INE’s one for routers (including the configuration files) and the major difference is the utilization of virtual switches.

Since we’re using virtual switches, the configuration files for switches are still different. I’ve adapted these ones to match the interface names of IOSv-L2:

Real Switches – vIOS-L2

Fa0/1  - Gi0/0 - SW1 only connection to bridge

Fa0/19 - Gi0/2
Fa0/20 - Gi0/3
Fa0/21 - Gi1/0
Fa0/22 - Gi1/1
Fa0/23 - Gi1/2
Fa0/24 - Gi1/3

For convenience, the switches topology looks like this in EVE-NG:

CCIE R&S V5 Switches

For routers, the interfaces stays the same since we’re using CSR1000v images.

Here is how the network topology looks like. No surprise here, just added for convenience:

INE CCIE R&S v5 topology with csr1000v

If you don’t have the CSR1000v image added to your installation of EVE-NG, please download it (Cisco.com is a good starting point) and add it following these How-to:
HowTo add Cisco Cloud Service Router (CSR1000V NG) Denali and Everest
or
HowTo add Cisco Cloud Service Router (CSR1000V) – for pre Denali or Everest images.

If you’re curious I’m using csr1000v-universalk9.03.12.03.S.154-2.S3-std image when testing for this lab.

Before sharing the download links, a word of advice.

It may be that CSR1000v images are more stable and support all features when compared with IOSv-L3, however this comes with a cost in term of resources. Each node has by default 3GB RAM assigned and I wouldn’t recommend trying to decrease it.

Once the nodes boot up, the actual used RAM will be less, but still you need more resources to use CSR1000v.
My recommendation for 10 routers using CSR1000v images would be at least 16GB RAM assigned to the EVE-NG virtual machine. The same if you’re using EVE-NG on a bare metal machine.

Last but not least, somebody asked me when I’m going to provide the same topology with 20 routers.
No need. You can extend the default topology with as many devices as you want. The modified configuration files for labs with 20 routers are already modified and present in the archive you download. Just add the missing R11 until R20 devices.

If you encounter errors that are critical, please let me know and I’ll try to correct them.

Download files:
EVE-NG-INE-CCIEv5-Topology-CSR1000v.zip
INE-CCIEv5-RS-Initial-Configuration-for-EVE-NG-CSR1000v.zip

Happy labbing and let me know if you find these materials useful!

INE’s CCIE R&S v5 topology for EVE-NG

The last days I was working on adapting INE‘s lab topology, most specific the CCIE Routing and Switching v5 one, to be used in EVE-NG.

In my opinion, INE offers some of the best training materials for Cisco and Juniper certifications. Along certification training you can find in their All Access Pass Subscription valuable learning materials for Network Automation, Security and Traffic Analysis (like Wireshark).
By the way I’m not affiliated with nor this post is the result of some sponsorship from INE. I just wanted to have the possibility to use their materials on using the entire topology, including the Switches, in EVE-NG.

I’ve picked Cisco‘s vIOS L3 and L2 images to support the topology in EVE-NG. You can argue that vIOS is a bit unstable and lacks some features, that CSR1000v images are better when combined with real Cisco switches and so on. Yes yes, all these are quite right, but I’m not here to debate about the best way to create a topology, rather a simple and sustainable one which works even for low end devices with less resources (CPU, RAM). Is no secret that vIOS will use less resources than CSR1000v images.

It brings me great happiness to let you know that I’ve succeeded in adapting not only the topology (not that hard honestly), but also the initial configuration files. The challenge lies in the fact that vIOS L2 images are build to support Ethernet ports in group of four, resulting in a slight different naming convention.

If you’ll check INE’s CCIE R&S v5 topology, the Cisco switches are using the Port from 19 to 24 to interconnect. On switch SW1, Port 1 is used to bridge the switching part to the routing one. You cannot replicate this exact port configuration scheme using vIOS L2 images.

I was forced to come with an alternative scheme, to map the original interface to the virtual ones and to adapt the configuration files.

This is what I came with:

INE CCIE R&S v5 switches

The interface mapping is as follows:

Real Switches – vIOS-L2

Fa0/1  - Gi0/0 - SW1 only connection to bridge

Fa0/19 - Gi0/2
Fa0/20 - Gi0/3
Fa0/21 - Gi1/0
Fa0/22 - Gi1/1
Fa0/23 - Gi1/2
Fa0/24 - Gi1/3

For the Routers is easy, since the interfaces are almost the same:

CSR1000v – vIOS-L3

Gi1 - Gi0/1

Here is how the network topology looks like:
INE CCIR R&S v5 Topology

We have 10 Routers using vIOS-L3 and 4 Switches using vIOS-L2. The connections between routers and switches are facilitated by the Net bridge.
10 routers should be sufficient for most of the labs. However if you need more, just add nodes and connect them to the Net bridge using the Gi0/1 interface.

As said previously, the configuration files have been adapted to match the interfaces listed above. I’ve tried my best not to have any errors, I also did some testing, everything looks to be fine. Most probably you’ll notice some errors at the copy / paste, but these are just cosmetic and related mostly to some proprietary CSR1000v commands or management interface which is not needed in EVE-NG. If you encounter errors that are critical, please let me know and I’ll try to correct them.

If somebody from INE’s team reads this post (that would be something :)) and consider inappropriate to share the modified initial configuration files, please let me know and I’ll take them down. They are derived from the public available ones on the CCIE R&S v5 Topology Diagrams & Initial Configurations page and do not contain any workbook information or somehow else related to INE’s training materials.

Download files:
INE-CCIEv5-RS-Topology-for-EVE-NG.zip
INE-CCIEv5-RS-Initial-Configuration-for-EVE-NG.zip

Happy labbing and let me know if you find these materials useful!

Ubuntu image for EVE-NG – Python for network engineers

Lately I’ve started working more and more with EVE-NG to test various network scenarios, automation and in general to try and learn something everyday.

If you’re familiar with EVE-NG, you know where to find various Linux images which you can download and install . Very helpful indeed, however all of them are coming without any pre-installed tools which I need for network oriented tests. I need Python, IPerf, Ansible, various Python libraries for network automation, etc.
Basically every time when I setup a new lab in EVE-NG, I need to make sure that the Linux image has a connection to Internet to download all these tools. Doable, but too much time consuming.

Lately EVE-NG has the Pro version, where you have Docker images which support some of the tools for a network engineer needs to test automation. If you already have EVE-NG Pro, then maybe this is a bit redundant. However if you’re still using the Community version, it may sounds interesting.

I’ve developed the Ubuntu (18.04) image using the same tools that you can find in my Docker image (Ubuntu 16:04 Pfne):
* If you’re not sure what I’m talking about, please read my previous post.

  • Openssl
  • Net-tools (ifconfig..)
  • IPutils (ping, arping, traceroute…)
  • IProute
  • IPerf
  • TCPDump
  • NMAP
  • Python 2
  • Python 3
  • Paramiko (python ssh support)
  • Netmiko (python ssh support)
  • Ansible (automation)
  • Pyntc
  • NAPALM

The image is hosted on my Firstdigest Project at Sourceforge.
If you are in a hurry, download directly using this link: Ubuntu 18.04 Pfne for EVE-NG.

For convenience here are the steps, but if you run into trouble be sure to check the EVE-NG Documentation.

  • Download the image
  • Using favorite SFTP Client (WinSCP, FileZilla) connect to your EVE-NG and upload the image to the location: /opt/unetlab/addons/qemu/
  • Connect via SSH to your EVE-NG machine and go to location:
cd /opt/unetlab/addons/qemu/
  • Unzip your uploaded image file.
tar xzvf linux-ubuntu-server-18.04-pfne.tar.gz
  • Remove the archived image file (be sure to have a copy somewhere to avoid you have to download it again)
rm -f linux-ubuntu-server-18.04-pfne.tar.gz
  • Fix permissions
/opt/unetlab/wrappers/unl_wrapper -a fixpermissions

The image comes with the following predefined username and password (security was not the point here):

User: root
Password: root
User: pfne
Password: pfne

With this image you have everything ready for your tests. You want to test QoS? Just design a network and two (client / server pair) machine using this image and push some packets with IPerf. Or maybe you want to test some automation. Here you have it, just start playing with.

Btw, I assume you have the EVE-NG installed. If not and you’re into learning topics, I’ll advise you to install this great application. You can start with Community version which is free (and honestly has enough features for most of the self-teaching engineers out there) and if you feel like go with the Pro version.

Let me know if you find it useful. In case of problems, please comment and I’ll try to help in my spare time.

Docker image – Python for network engineers

Lately I’m looking more and more into Python, with respect to automation implementations useful for network engineers. In the learning process I’ve used different materials, like the excellent video trainings Python Programming for Network Engineers from David Bombal which are available free on Youtube.

This training in particular relies on a Ubuntu Docker image in order to support Python learning following interaction with Cisco devices in GNS3. Everything is great, just that the image doesn’t contain all necessary tools (like Paramiko, Netmiko, Ansible…). As you can guess, whenever you close / open the Project in GNS3, all the installed packages installed in the Ubuntu Docker image are gone.

Since we’re talking automation, I got bored to install the necessary tools everytime I wanted to start a new project or I had to close GNS3 for some reason. I’ve tried to find a Docker image that suits my needs, but I couldn’t (please point me to one if you know it).

So, I’ve build a Docker image, based on Ubuntu 16.04, which contains the necessary tools to start learning Python programming oriented for network engineers:

  • Openssl
  • Net-tools (ifconfig..)
  • IPutils (ping, arping, traceroute…)
  • IProute
  • IPerf
  • TCPDump
  • NMAP
  • Python 2
  • Python 3
  • Paramiko (python ssh support)
  • Netmiko (python ssh support)
  • Ansible (automation)
  • Pyntc
  • NAPALM

The above list can be extended, but I would like to keep it to the minimum necessary (I want to keep the image size at decent level).

If you’re interested, please find the image at: https://hub.docker.com/r/yotis/ubuntu1604-pfne/, or you can download it:

$ docker pull yotis/ubuntu1604-pfne

I’ve tested the image for couple of days and it works fine. However if something doesn’t work as expected, please let me know and I’ll try to fix it.

For those using GNS3 is possible to import the image above directly into GNS3 using the PFNE Appliance.