How to integrate F5 BIG-IP VE with GNS3

I would like to start by saying Merry Christmas and Happy Holidays season to all. In between spending time with my family, decorating the Christmas three and opening presents, I did find some time to play around with my hobby and testing something in the lab.

Lately I wanted to get a feeling how F5 BIG-IP works, you know, just to get familiar with its interfaces, rules and being capable of setting up a basic LTM or APM. Far from me the idea of becoming an expert on the first touch, but it’s nice to discover new technologies.

Beside getting the F5 BIG-IP VE (Virtual Edition), running up VMware (ESXi, Player, Fusion or Workstation) and starting the virtual machine I also wanted to emulate some kind of real environment to test. So, I did build the below topology in GNS3:

F5 BIG-IP Simple setup

Some explanation:

  • Client WIN7 is a VM in VirtualBox and integrated in GNS3
  • WWW Servers are VMs in VirtualBox and integrated in GNS3
  • WIN2008 AD DC is a VM in VirtualBox and integrated in GNS3
  • Routers are emulated in GNS3
  • F5 BIG-IP VE is a VM in VMware Workstation and integrated as a Cloud in GNS3

GNS3 is version 1.2.1 which works perfect. Why VirtualBox and VMware Workstation? Usually I have no problem to have my VMs in VirtualBox, but I could not successfully import the F5 BIG-IP VE OVA image in VirtualBox. I had to download a trial version of VMware Workstation to install the OVA image.

If you want to know more about this F5 product, Ethan Banks has a great article about the BIG-IP VE. Please note that Ethan’s article is about getting a lab license for BIG-IP VE. I just went for the trial version. You can download the OVA image and get the license here:
https://www.f5.com/trial/secure/big-ip-ltm-virtual-edition.php

Download the BIG-IP VE OVA image, get a trial license (valid for 90 days) and install it in VMware Workstation. It may work with other VMware products, but in this article I’m using only VMware Workstation.

The part that gave me some headache was the how to have a successfully network communication between VMware Workstation and GNS3.

Before GNS3 1.2.1, when I had to use a “cloud” to integrate VirtualBox VMs in GNS3, I was configuring a TAP interface and use Bridge mode for the VM NIC to the TAP interface. Then on the GNS3 Cloud, I was adding the TAP as a Generic Ethernet NIO on the NIO Ethernet. If you want to refresh more deeply the above information please read my article about How to integrate GNS3 with VirtualBox.

Unfortunately, in VMware Workstation, I cannot just bridge a VMnet interface to a TAP and use that specific VMnet in a VM. I just could not make it work.

To cut it short, here are the steps that I had to follow to have this working. I assume that you have VMware Workstation installed already. Another detail is that I’m using Ubuntu 14.04 to test the entire scenario.

1. Add two VMnet interfaces in VMware Workstation Virtual Network Editor

Use the image below to have an idea what I mean.

Virtual Network Editor

2. Configure the BIG-IP VE NIC as follow in VMware Workstation

I assume that you have the BIG-IP VE OVA imported in VMware Workstation

BIG-IP VE NIC

I had 4 NICs originally, but I only need three:

  • VMnet0 is bridge to my real LAN interface so I can manage the F5 BIG-IP VE over Web / CLI interfaces
  • VMnet11 – one “internal” interface facing LAN (server side)
  • VMnet22 – one “external” interface facing WAN (client side)

3. Configure two tap interfaces for F5 BIG-IP VE to be used in GNS3

11 – internal, 22 – external

sudo tunctl -u user -t tap11
sudo tunctl -u user -t tap22

*user = the non-root user which you use on Ubuntu host.

If you are having problems to find tunctl command please do the following:

sudo apt-get install uml-utilities bridge-utils

Bring the interfaces up

sudo ifconfig tap11 up
sudo ifconfig tap22 up

4. Remove the IP addresses on both TAP and VMnet interfaces

sudo ifconfig tap11 0.0.0.0 promisc up
sudo ifconfig tap22 0.0.0.0 promisc up
sudo ifconfig vmnet11 0.0.0.0 promisc up
sudo ifconfig vmnet22 0.0.0.0 promisc up

5. Bridge the TAP and the VMnet interfaces

sudo brctl addbr br11
sudo brctl addif br11 tap11
sudo brctl addif br11 vmnet11
sudo brctl addbr br22
sudo brctl addif br22 tap22
sudo brctl addif br22 vmnet22

Bring the bridge interfaces up

sudo ifconfig br11 up
sudo ifconfig br22 up

5. Add the F5 BIG-IP VE to GNS3

If with GNS3 1.2.1 you can add the VirtualBox VMs directly, for the VMware Workstation (Player, Fusion, etc…) VMs you still need to you the Cloud part.

My GNS3 for F5 topology looks like this:

F5 topology in GNS3

And the GNS3 Cloud (representing the F5 BIG-IP VE) settings are the following:

F5 GNS3 Cloud settings

6. Connect the GNS3 Cloud interfaces to R1 and R2

Like shown in the image above, connect the TAP interface of the Cloud to the peer routers.

I’m running all applications (GNS3, VMware Workstation, VirtualBox) as non-root user. If you’re doing the same an error may occur in GNS3. Something like:

Server error [-3200] from x.x.x.x:8000: R1: unable to create TAP NIO

If this is the case, please run the following command on Ubuntu host:

sudo setcap cap_net_admin,cap_net_raw=ep /usr/local/bin/dynamips

This will help you setup the environment to test F5 BIG-IP VE in a lab environment totally virtualized. I’m not going to cover here how to configure the F5 BIG-IP VE. Maybe in one of my next articles.

If you encounter problems, please let me know in Comments.

Cisco makes its Nexus 1000v virtual switch less virtual

Cisco Nexus 1000vCisco Systems is making its virtual switch, the Nexus 1000v, a little less virtual.

The Nexus 1000v virtual switch replaces the vSwitch embedded in VMware hypervisor software and aims to give network administrators more control and visibility into the switching that takes place between virtual machines on a virtual host server. To date, however, the Nexus 1000v has existed as a virtual machine — a turn-off for network administrators who are accustomed to being able to see and touch their physical network devices.

“I think a lot of network administrators were leery about having [Nexus 1000v] as a virtual appliance because it’s something that’s beyond their control,” said Eric Siebert, senior system administrator with restaurant chain Boston Market and a TechTarget contributor. “Traditionally, the virtual administrators have control over [any virtual machines on a host server].… I think the Nexus 1010 gives them the option to have that type of control in a physical chassis.”

Read more on TechTarget.com…

How to integrate GNS3 with VirtualBox

The best method to test a solution that you want to implement is to real see how it’s performing with some real traffic. GNS3 or Dynamips are very good at emulating a network topology  but unfortunately they cannot assure you with the tools capable to test the environment you just create.

In one of my old posts I showed how to integrate Virtual PC with GNS3, but the problem is that with Virtual PC you can just test basic stuff. For example, you cannot simulate VoIP traffic with Virtual PC in case that you want to test some QoS marking and classification.

Here comes into play VirtualBox, a powerful x86 and AMD64/Intel64 virtualization product for enterprise as well as home use. Not only is VirtualBox an extremely feature rich, high performance product for enterprise customers, it is also the only professional solution that is freely available as Open Source Software under the terms of the GNU General Public License (GPL).

The integration on GNS3 with VirtualBox is not a hard thing to do, but you just have to be carefully in step implementation as if you skip one the solution will not work. For this solution I used Linux as host platform, so the steps works perfect under Ubuntu OS, but I’m sure that with some basic knowledge you can do it in Windows or MacOS.
Before we begin let’s summarize what you need:

Linux platform
VirtualBox installed
GNS3 installed

I assume that all 3 components are installed and working properly.  Next follow the steps below:

1. Bring up 2 or more (depending how many virtual OS you want to connect)  TAP interfaces on your Linux platform. I will go with 2 interfaces:
VirtualBox + GNS3 Step1

2. Configure the network interfaces of the Virtual OS in VirtualBox. I have 2 interfaces / Virtual OS. One interface is bounded to my physical network card (eth0) and I use this to connect to Internet in case that I need to download something, updates and so on… The second interface I use to connect to GNS3 virtual environment. Other settings of Virtual OS can be configured as you wish:
VirtualBox + GNS3 Step 2

3. Power on your Virtual OS Machines. In this moment if you didn’t bring the TAP interface up (Step 1), VirtualBox will issue an error and will refuse to start the Virtual Machines:
VirtualBox + GNS3 Step 3

4. Start GNS3 and build a network topology like the one in example below. You don’t have to follow exactly the same topology, but this is a good start to see that you are handling well the integration between Virtual Box and GNS3. In the example below and in regard to my Virtual Machine the Ubuntu-c = Uclient cloud and Ubuntu-s = Userver:
VirtualBox + GNS3 Step 4
5. Connect the routers R1 and R2 one to each other and to the Userver and Uclient clouds. On the routers the interface connection to cloud will be a (Fast)Ethernet and the clouds network interfaces have to be bounded to the TAP interfaces created on Step 1. Check in the images below how to do this:
VirtualBox + GNS3 Step 5

VirtualBox + GNS3 Step 5

In the end it should look something like this:
VirtualBox  + GNS3 Step 5
Now you should have an integration between GNS3 and VirtualBox. Please take into consideration the following advices before complaining that it’s not working:

– For end to end connectivity, you need to have a converged network. This means that you need to implement some kind of dynamic or static routing on your routers in order to have the end peers capable of reachability
-If you followed exactly my tutorial, and in Step 2 you configured 2 network interfaces per Virtual Machine, then you need to take care of the local IP routing. Usually in LAN network (with DHCP) the Virtual Machine interface bounded to the physical network interface will receive an IP address and also a default gateway. As an example, you can imagine that if you do no a have a static route on Userver pointing to R1 interface to reach Uclient, then all the packet will be forwarded to default gateway resulting in a issue in communication in virtual environment.
-Finally, take care when you configure the Clouds in GNS3 when assigning the TAP interfaces not to have a mismatch between Cloud – TAP interface – Router interface.