Over the last several months, I’ve been building a lab full of virtual machines related to networking. I am using 2 independent ESXi hosts running vSphere 5.5 running on Haswell motherboards with 32GB of RAM, 256GB local SSDs, and a Synology DS1813+ for big, slow remote storage I access with NFS. You can read about my lab server build here.
You might be wondering why I’m bothering with ESXi. Why not just run VMs on VirtualBox on my laptop? The answer is convenience. I’d rather run a couple of servers that let me build complex topologies whenever I like without having to worry about whether or not my laptop has enough resources, fight with NAT, and so on. Plus, I can get at my lab through VPN when I travel , so it’s not as if I’m cut off from experimentation just because I’m on the road. Cost and noise of running external lab gear might be a consideration for some. In my case, I built very quiet servers that aren’t that much of a power drain. Yes, they cost me something – electricity isn’t free. But it isn’t so bad that I’ve seen a huge increase in my electric bills. Bottom line – it’s worth it to me. I’m quite happy using dedicated lab servers.
Now that I’ve had some time with the lab, what VMs am I actually running?
Cisco Cloud Services Router 1000V
The Cisco CSR 1000V runs natively on ESXi, and is available for free download with a CCO account. The VM boots like any Cisco router does, and runs IOS XE. There is a (somewhat annoying) evaluation licensing process to go through to unlock all the features and gain 50Mbps of throughput, but there is no cost for this. My 60-day eval period hasn’t quite run out, but my understanding is that the CSR will run just fine, only with a nag message getting logged and a throughput limitation of 2.5Mbps. For lab work, that’s no problem at all.
CPU: 1 vCPU
HP Virtual Services Router 1000
I found out about the HP VSR 1000 at HP Discover in Barcelona 2014. This router runs Comware, a CLI that HP is using on more and more of their hardware. This router is full-featured, and can be downloaded for free. Note that Comware is what the big iron H3C gear runs. This is a serious OS. This is not whatever the ProCurve gear runs (ProView, I think?)
There was no licensing process. You do have to register with HP’s site to complete the download, however.
CPU: 1 vCPU
F5 BIG-IP VE Lab
I’ve written about the F5 BIG-IP VE Lab Edition before. This appliance costs (last I checked) about $100. You can run most of the F5 BIG-IP modules with this lab edition. Not free, that’s true. But for short money, you get a full-featured application delivery controller.
CPU: 2 vCPU
Observium is handy for SNMP monitoring of your lab, your home network, or your all-grown-up production network. I installed Observium from a Turnkey Linux image, making it very easy to install. While it’s certainly possible to install Observium on a Linux build of your choosing, I find it convenient to build from the VM image. I’ve been using it do bandwidth monitoring of my gear at home.
CPU: 1 vCPU
Juniper “Olive” Router
An Olive is an image of a Juniper router you run as a VM. As far as I know, Olives are not officially supported by Juniper, but there are plentiful guides you can search explaining how to build them. If you follow this blog, you know I’ve been doing a lot of work with Juniper gear over the last 18 months. Building a lab was essential to make the leap from IOS to Junos. I had a pricey Junosphere subscription that helped early on, but then the budget got a little tighter, and I went to Olives on ESXi instead.
My strategy with the Olive was finding a torrent of an OVA that worked in VirtualBox, then converting it from VirtualBox into an OVA that would work in ESXi. That conversion process was a little painful (Google it), but now that it’s done, I can spin up as many Olives as I like. I run 4 most of the time to mock up routing scenarios, test code, do interoperability checks with non-Junos OSes, and so on.
CPU: 1 vCPU
SDNHub.org All-in-one SDN App Development Starter VM
I found this SDN VM just the other day. It comes with several open source SDN controllers like Ryu, FloodLight, and OpenDaylight as well as virtual switches and tools such as Mininet, Open vSwitch, and Wireshark. The VM is a tool you can use to work through SDNHub.org’s tutorials. For example, I spent some time today looking at Wireshark captures of OpenFlow traffic sent from Ryu.
Getting this VM working the way I wanted it took a little time. The OVA did not work on ESXi – would not import. As with the Olive, I ended up doing a conversion process, starting with an export of the VM from VirtualBox. Googling some other articles got me to a point where I could get this VM running in ESXi. Then I needed to get remote desktop working, which took simply installing the Vino server, accessed with any VNC client. But then, the new Vino builds require strong encryption that no VNC client I could find for OS X supported, so I ended up disabling the strong encryption feature in the Vino config (after more Googling). Finally, I’m able to VNC to the VM, which lets me use Wireshark. SSH takes care of the rest.
CPU: 2 vCPU
ThousandEyes recently announced a free lite version of their remote monitoring software. You get the full version for a couple of weeks, after which the installation goes into lite mode. The OVA installs onto ESXi with no issues. The OVA is just an agent. You register the agent with your ThousandEyes account using a code, it connects to the cloud, and you manage it from the ThousandEyes cloud application. Once the code is put in, you don’t do anything with the OVA itself, unless you need to manually adjust the network settings. I use it to monitor what’s going on outside of the lab at various points on the Internet.
CPU: 1 vCPU
Arista provides a free virtual version of their EOS that runs on ESXi (login required). The installation process is involved, but well documented on Arista’s blog. If you’re unfamiliar with EOS, it’s essentially a switch operating system that runs on Linux, but Arista also has made it manageable and configurable in many ways outside of the traditional CLI. vEOS is worth checking out. There is no license fee or functionality limitation that I can tell.
CPU: 1 vCPU
Juniper Firefly Perimeter (vSRX)
Juniper’s Firefly Perimeter is their virtual SRX firewall. If you’ve not worked with the SRX platform, it’s a zone-based firewall — stick interfaces into zones and then create policies that allow traffic to flow between zones. The vSRX is a full router as well, with BGP and OSPF among other capabilities. With Olives and vSRXes, I can build a rough replication of some of what I run in production. I just build lots of Ethernet sub-interfaces using VLAN tagging. Works great.
The vSRX eval is supposedly for 60 days, but in reality I’m not sure what happens when 60 days is past. I’m sure that I’m past that period of time, but nothing has happened to disable the functionality of the vSRX that I can tell.
CPU: 2 vCPU
Cisco Virtual Internet Routing Lab
Cisco VIRL was recently released to the public with much hoopla. VIRL is not free; there is an annual subscription cost of $199 for most folks. Students and teachers get it for only $80 a year. This is a big VM that runs as its own hypervisor layered on top of the ESXi hypervisor. The point of VIRL is to let you mock up several different Cisco devices into a complex network topology. In a general sense, VIRL is like GNS3, but VIRL has more complexity, pieces, and parts.
Installing the VIRL VM on ESXi was a bit painful. I blogged some notes about it here. When the VM is installed and working, there isn’t much you need to do with it directly – it’s just a server. You’ll do your interaction with VIRL from the VM Maestro client that lets you build network topologies and model the labs.
CPU: 4 vCPU