Here’s my current list of no cost, minimal headache, easily obtainable networking images that work in a virtual lab environment such as EVE-NG or GNS3. My goal is to clearly document what these images are and how to obtain them, as this data is less obvious than I’d like.
I missed some. Probably a bunch. Let me know on the Packet Pushers Slack channel or Twitter DM, and I’ll do additional posts or update this list over time. Make sure your recommendations are for images which are freely available from the vendor for lab use with no licensing requirements or other strings attached. Use those same channels if you just want to tell me I’m wrong about whatever you come across in this post that’s…you know…wrong. I’m all about fixing the wrong stuff.
The list is vendor-neutral, sorted alphabetically. I have no personal allegiance to any of these operating systems. I’ve worked with both EOS and NX-OS in production environments. JUNOS, too, although I don’t have a Juniper virtual device on this list currently. I haven’t worked with Cumulus in production, although it’s been a passive interest for a while now.
Remember–configuration is the boring part. Select a NOS that has the networking function you’re trying to learn from whichever vendor. Don’t get hung up too much on the interface. The possible exception to this is if you’re working on a vendor-specific certification instead of learning core networking.
Arista vEOS/cEOS
What is it?
vEOS is a virtualized version of Arista’s EOS network operating system that runs on various hypervisors. cEOS is a containerized version. EOS is what Arista hardware runs.
How do I obtain the image?
- Create an Arista account & log in via https://www.arista.com/en/login.
- Support > Software Download, currently https://www.arista.com/en/support/software-download.
- I do not manage any Arista hardware at the moment, so the only software images available to me are the vEOS and cEOS images for lab use in the yellow folders near the bottom of the page. Perfect.
What are the default credentials?
Arista vEOS default credentials are admin with no password.
Where is the documentation?
The most current Arista EOS System Configuration Guide aka User Guide is here.
What can I do with the image?
As of EOS version 4.25.2F, features interesting to networking lab enthusiasts include STP, LLDP, MLAG, IPv4, IPv6, OSPFv2, OSPFv3, IS-IS, BGP, BFD, IGMP, PIM, MSDP, AVB, VXLAN, EVPN, MPLS and segment routing. This is not a comprehensive list.
EOS also offers several automation-friendly interfaces/APIs, including NETCONF, RESTCONF, and JSON RPC.
Arista also offers an Ansible Collection For Arista Validated Designs. This site also lists some AVD gotchas related to working with vEOS, because hey, virtual data plane. Hattip to Carl Buchmann for sharing these AVD resources.
Arista-vEOS#show version vEOS Hardware version: Serial number: Hardware MAC address: 5000.00d0.a518 System MAC address: 5000.00d0.a518 Software image version: 4.25.2F Architecture: x86_64 Internal build version: 4.25.2F-20711308.4252F Internal build ID: b4cde231-5ba5-41e3-b93f-6be316e86b5a Uptime: 0 weeks, 0 days, 23 hours and 45 minutes Total memory: 2006880 kB Free memory: 910720 kB Arista-vEOS(config)#? aaa Authentication, Authorization and Accounting address Global address locking config commands agent Configure agent settings alias Add a command alias application Configure application arp ARP config commands banner Configure system banners boot System boot configuration class-map Configure Class Map clock Configure the system clock container-manager Configure Container Manager cvx Configure controller services daemon Configure a new daemon process dcbx Configure DCBX dhcp DHCP configuration dns Domain Name System configuration dot1x IEEE 802.1X port authentication dynamic Configure dynamic prefix-list email Configure email client enable Enable-privilege related configuration end Leave config mode environment Configure environment parameters errdisable Configure error disable functionality etba Ebra Test Bridge configuration commands event-handler Event-handler config commands event-monitor Enable event-monitor agent flow Global flow configuration commands group Configure Group hardware Configure hardware-specific parameters hostname Configure the system hostname interface Interface Configuration ip Global IP configuration commands ipv6 Configuration for IPv6 lacp Set Link Aggregation Control Protocol (LACP) parameters line Line system settings link Configure link state tracking information lldp Set Link Layer Discovery Protocol (LLDP) parameters load-balance Load balancing configuration load-interval Specify global interval for load calculation on interfaces logging Configure logging mac Global MAC configuration commands maintenance Configure Maintenance mode parameters management Configure management services match-list Configure a match list to filter data mcs Configure Media Control Service mlag MLAG configuration mld Multicast Listener Discovery commands mls MLS global commands monitor Monitor configuration commands mpls Global MPLS configuration commands nexthop-group Specify nexthop group name ntp Configure NTP openflow OpenFlow configuration patch Configure pseudowire patch peer-filter peer-filter performance-monitoring Set performance-monitoring parameters platform Configure platform-specific debug parameters policy-map Configure Policy Map port-channel Configure port-channel parameters power Configure power supplies priority-flow-control Configure PFC prompt Configure the CLI prompt ptp Precision Time Protocol qos Configure QoS parameters radius-server Modify RADIUS parameters redundancy Configure supervisor redundancy role Role route-map route-map router Routing protocol commands schedule Configure a CLI command to be run periodically service Configure service parameters sflow sFlow configuration snmp-server Modify SNMP engine parameters spanning-tree Spanning tree protocol storm-control Configure storm-control switch Configure switching behavior switchport Set switching mode characteristics system Change system-wide configuration tacacs-server Modify TACACS+ parameters tcpdump Monitor packets with tcpdump terminal Configure terminal parameters trace Configure trace settings traceroute Traceroute command track Configure a tracked object traffic-policies Configure traffic policies transceiver configure transceiver settings tunnel-ribs Tunnel RIBs configuration username Set up a user account virtual-cable Configure virtual cable parameters vlan VLAN commands vmtracer Configure VmTracer session vrf Configure VRFs vrrp Virtual Router Redundancy Protocol (VRRP) vxlan Configure global VXLAN parameters ---------------------------------------- default Set a command to its defaults exit Leave Configure mode no Disable the command that follows Arista-vEOS(config)#router ? bfd Bidirectional Forwarding Detection bgp Border Gateway Protocol general Protocol independent routing configuration igmp IGMP related status and configuration isis Intermediate System - Intermediate System (IS-IS) kernel Routes installed by kernel l2-vpn l2-vpn configuration msdp MSDP protocol commands multicast Multicast routing commands ospf OSPF protocol ospfv3 OSPF Version 3 pim Protocol Independent Multicast (PIM) rip Routing Information Protocol traffic-engineering Traffic-engineering global config Arista-vEOS(config)#mpls ? fec FEC configuration icmp MPLS ICMP configuration ip Enable MPLS IP routing globally label Specify label range allocations ldp LDP configuration next-hop MPLS next-hop configuration oam MPLS Operations, Administration, and Management configuration ping MPLS Ping and Traceroute configuration rsvp RSVP configuration static Static MPLS configuration commands tunnel Tunnel configuration commands Arista-vEOS(config)#
How do I install the image in my lab?
Cisco Nexus 9000v Switch
What is it?
The Cisco Nexus 9000v switch is a virtualized version of the NX-OS network operating system that runs on Nexus 9300 and 9500 switches. This is a heavy image. I find that it takes several minutes to boot and makes my chassis fan kick up on a system running a 2020 i9 with 10 cores. When I shut the image back down, my neighbor’s lights recover from the brownout.
Hattip to Ivan Pepelnjak for pointing this image out to me.
How do I obtain the image?
- Fire up https://www.cisco.com. Click through the person icon in the upper right and do the needful to create an account and login.
- Support & Learn > Support & Training > Downloads > All Downloads, or go directly to https://software.cisco.com/download/home.
- In Select a Product, search for Nexus 9000v. You should get back a single result of Nexus 9000v Switch.
- Once you click through, you’ll get back a list of 9000v images, none of which require a support contract to download. The images span various NX-OS families in the 7, 9, and 10 trains. I don’t have a recommendation on which ones to get. Why choose? Get them all in the flavor that works with your hypervisor.
What are the default credentials?
Nexus 9000v default credentials are admin with a password you set during initial configuration at the CLI when prompted.
Where is the documentation?
Cisco Nexus 9000 Configuration Guides (and there are many) are here. Note that there are docs on the list specifically for the 9000v, useful if you wish to know the limitations of the virtual image you’re hacking around on.
What can I do with the image?
There is a large list of features that can be enabled or disabled at the NXOS CLI. Here’s output from an instance of Nexus 9000v 10.1(1).
9000v(config)# show version Cisco Nexus Operating System (NX-OS) Software TAC support: http://www.cisco.com/tac Documents: http://www.cisco.com/en/US/products/ps9372/tsd_products_support_serie s_home.html Copyright (c) 2002-2021, Cisco Systems, Inc. All rights reserved. The copyrights to certain works contained herein are owned by other third parties and are used and distributed under license. Some parts of this software are covered under the GNU Public License. A copy of the license is available at http://www.gnu.org/licenses/gpl.html. Nexus 9000v is a demo version of the Nexus Operating System Software BIOS: version NXOS: version 10.1(1) BIOS compile time: NXOS image file is: bootflash:///nxos.10.1.1.bin NXOS compile time: 2/14/2021 15:00:00 [02/15/2021 01:41:40] Hardware cisco Nexus9000 C9300v Chassis with 8155008 kB of memory. Processor Board ID 9IFMH4B4FDQ Device name: switch bootflash: 4287040 kB Kernel uptime is 0 day(s), 0 hour(s), 22 minute(s), 55 second(s) Last reset Reason: Unknown System version: Service: plugin Core Plugin, Ethernet Plugin Active Package(s): 9000v(config)# feature ? analytics Enable/Disable Analytics!!! bash-shell Enable/Disable bash-shell bfd Bfd bgp Enable/Disable Border Gateway Protocol (BGP) container-tracker Enable/Disable NXOS Container Tracker dhcp Enable/Disable DHCP Manager dot1x Enable/Disable dot1x eigrp Enable/Disable Enhanced Interior Gateway Routing Protocol (EIGRP) epbr Enable/Disable Enhanced Policy Based Routing (EPBR) evb Enable/Disable Edge Virtual Bridge (EVB) evmed Enable/Disable Generic event detectors fabric Enable/Disable Fabric Services grpc Enable/Disable grpc Services hsrp Enable/Disable Hot Standby Router Protocol (HSRP) imp Enable/Disable IMP interface-vlan Enable/Disable interface vlan isis Enable/Disable IS-IS Unicast Routing Protocol (IS-IS) itd Enable/Disable ITD lacp Enable/Disable LACP ldap Enable/Disable ldap license License related commands lldp Enable/Disable LLDP mpls Enable/Disable MPLS Services msdp Enable/Disable Multicast Source Discovery Protocol (MSDP) nat Enable/Disable NAT nbm Enable/Disable Non Blocking Multicast (NBM) feature netconf Enable/Disable netconf Services netflow Enable/Disable NetFlow ngmvpn Enable/Disable EVPN/MVPN features ngoam Enable/Disable ngoam ntp Enable/Disable NTP nv Enable/Disable VxLAN nxapi Enable/Disable nxapi nxsdk Enable/Disable nxsdk Services ofm Enable/Disable OFM openflow Enable/Disable OpenFlow agent ospf Enable/Disable Open Shortest Path First Protocol (OSPF) ospfv3 Enable/Disable Open Shortest Path First Version 3 Protocol (OSPFv3) password Credential(s) for the user(s)/device(s) pbr Enable/Disable Policy Based Routing(PBR) pim Enable/Disable Protocol Independent Multicast (PIM) pim6 Enable/Disable Protocol Independent Multicast (PIM) for IPv6 pnp Enable/Disable PNP port-security Enable/Disable port-security private-vlan Enable/Disable private-vlan ptp Enable/Disable PTP restconf Enable/Disable restconf Services rip Enable/Disable Routing Information Protocol (RIP) scheduler Enable/Disable scheduler scp-server Enable/Disable SCP server sflow Enable/Disable sFlow agent sftp-server Enable/Disable SFTP server signature-verification Enable image signature verification sla Enable/Disable SLA srv6 Enable/Disable SRv6 ssh Enable/Disable ssh tacacs+ Enable/Disable tacacs+ telemetry Enable/Disable Telemetry telnet Enable/Disable telnet tunnel Enable/Disable Tunnel Manager tunnel-encryption Enable/Disable Tunnel Encryptiontunnel-encryption udld Enable/Disable UDLD vn-segment-vlan-based Enable/Disable VLAN based VN segment vpc Enable/Disable VPC (Virtual Port Channel) vrrp Enable/Disable Virtual Router Redundancy Protocol (VRRP) vrrpv3 Enable/Disable Virtual Router Redundancy Protocol (VRRP) version 3 vtp Enable/Disable VTP
How do I install the image in my lab?
Cumulus Networks (NVIDIA) Cumulus VX
What is it?
NVidia maintains the Linux distribution Cumulus Linux, a network operating system that runs on selected whitebox networking hardware. Cumulus VX is the virtualized version of Cumulus Linux. Use Cumulus VX to explore Linux networking from the Cumulus perspective without having to buy a hardware network switch compatible with Cumulus Linux.
This image boots quietly. I didn’t notice anything on the screen for a few minutes until the login prompt finally appeared. If you’re used to Linux distros where a bunch of things fly by as the system comes up, just be patient with Cumulus VX as it boots.
How do I obtain the image?
- Head over to https://cumulusnetworks.com/products/cumulus-vx/.
- Register an account.
- Download the artifact appropriate to your hypervisor.
What are the default credentials?
For Cumulus VX 4.1 and earlier, default credentials are cumulus / CumulusLinux! – you are not prompted to change the default password.
For Cumulus VX 4.2 and later, default credentials are cumulus / cumulus – when you log in for the first time, you are prompted to change the default password.
Where is the documentation?
Cumulus VX Getting Started Guide
What can I do with the image?
Cumulus Linux isn’t as full-featured as network operating systems like EOS or NX-OS. I think you’ll find that Cumulus Linux matches many common use cases, though. Here’s a listing of many of the major topics covered in the Cumulus Linux 4.3 documentation.
Cumulus Linux 4.3 User Guide
What's New
Quick Start Guide
Installation Management
System Configuration
Layer 1 and Switch Ports
Interface Configuration and Management
Buffer and Queue Management
DHCP
802.1X Interfaces
Prescriptive Topology Manager - PTM
Port Security
Layer 2
Link Layer Discovery Protocol
Ethernet Bridging - VLANs
Spanning Tree and Rapid Spanning Tree - STP
Storm Control
Bonding - Link Aggregation
Multi-Chassis Link Aggregation - MLAG
LACP Bypass
Virtual Router Redundancy - VRR and VRRP
IGMP and MLD Snooping
Network Virtualization
Ethernet Virtual Private Network - EVPN
Virtualization Integrations
VXLAN Active-active Mode
VXLAN Routing
Bridge Layer 2 Protocol Tunneling
Static VXLAN Tunnels
VXLAN Scale
VXLAN Tunnel DSCP Operations
Hybrid Cloud Connectivity with QinQ and VXLANs
Layer 3
Routing
FRRouting
Border Gateway Protocol - BGP
Open Shortest Path First - OSPF
VRFs
Protocol Independent Multicast - PIM
GRE Tunneling
Network Address Translation - NAT
Bidirectional Forwarding Detection - BFD
Address Resolution Protocol - ARP
Monitoring and Troubleshooting
Network Solutions
cumulus@cumulus:mgmt:~$ net show version
NCLU_VERSION=1.0-cl4.3.0u4
DISTRIB_ID="Cumulus Linux"
DISTRIB_RELEASE=4.3.0
DISTRIB_DESCRIPTION="Cumulus Linux 4.3.0"
cumulus@cumulus:mgmt:~$
And here’s a truncated (as indicated by the …) list of things you can see via “net show”. Gives you a different sense of what features are available to you in Cumulus Linux 4.3.
cumulus@cumulus:mgmt:~$ net show
ERROR: Command not found.
net show
^ Invalid value here.
The following commands contain keyword(s) 'show'
net show (dhcp-snoop|dhcp-snoop6) table [json]
net show bfd [detail] [json]
net show bgp ...
net show bridge ...
net show clag ...
net show commit (history||last)
net show configuration ...
net show counters [json]
net show debugs
net show dot1x ...
net show evpn ...
net show hostname [json]
net show igmp ...
net show interface ...
net show ip ...
net show ipv6 ...
net show lldp [] [json]
net show mpls ...
net show mroute ...
net show msdp ...
net show neighbor [] [ipv4|ipv6||] [json]
net show ospf ...
net show ospf6 ...
net show package version [] [json]
net show pbr ...
net show pim ...
net show port-mirror session (<0-7>|all) [json]
net show port-security [] [json]
net show ptp
net show roce config [json]
net show rollback ...
net show route ...
net show route-map []
net show snmp-server status [json]
net show system ...
net show time ...
net show version [json]
net show vrf ...
net show vrrp [<1-255>] [json]
net system maintenance show status
cumulus@cumulus:mgmt:~$
How do I install the image in my lab?
Final Thoughts
No Juniper in the list, Ethan? Really?
I was planning to include Juniper vSRX3 in this list, as the image is downloadable without a support contract. However, after reading through the licensing related documentation, I’ve opted out. There is no “hey, this is a free image for your lab” sort of option that I could detect. Juniper wants you to install a 60 day eval license…which is available for free. I’m just not interested in fussing with licensing without a good reason. That good reason might be you’re working on a Juniper certification, in which case…hey, go nuts. I get it.
Another Juniper option is the vQFX, which is exactly intended to be an evaluation and lab sort of tool from what I can tell. However, I tried to download the PFE and RE images required, and I could not get the access with my Juniper user account. The “ha ha ha NO” page I was getting said I’d have to request the access through a special process. I remember trying this some months back and not having much luck, although I have forgotten the details of why it didn’t work out. Maybe I didn’t want the headache of making a phone call or opening a ticket and so didn’t even try. That sounds like me.
In any case, the idea here is to have friction-free access to images for lab purposes. If the vendor is making me jump through hoops beyond simply building a portal account, I don’t want to play along. That said, I know some folks at Juniper. I’m sure I can get this problem solved. But what I’m trying to do for this post is reflect the experience anyone can have, and not lean into the fact that I know some people.
Arista & nVidia Cumulus the most friction-free experiences.
Arista and nVidia Cumulus made it easy to get the images. Create an account. Get the images. Here’s documentation to get you going. They grasp that network engineers trying to figure things out don’t want to get sucked into a sales funnel, deal with licensing, or otherwise have to fuss. They want to be free to figure out what they need to figure out without interference. Will that result in sales for vendors? You bet.
As I poked around vEOS specifically, I’m surprised at just how many features are there. Especially catching my interest is segment routing and EVPN. Neither of those are especially new technologies, and there are plenty of use cases…which would be why they appear in the EOS feature set, I suppose. 😉 Still, nice to just have them there. If you were to dig around the Cisco network operating system family, what features are available in which product family and at which licensing level gets a bit difficult to track.
Cisco could do better.
The NX-OS 9000v switch images aren’t really what I want from Cisco. NX-OS is fine. It’s powerful. The download experience was exactly what I was looking for. But it’s heavy and a bit…specific. I really want IOS. IOS-XE. Even IOS-XR is nice to have lab access to, as XR is what I think of as the most grown-up Cisco network operating system.
Yes, I am a Cisco CML subscriber, and have used the images supplied with that subscription at length. That satisfies most of what I am asking for in the previous paragraph. However, access to CML and the image library is $200 per year, a hardship for many folks. In addition, Cisco has not refreshed these images in the 3+ years I’ve had a subscription, I don’t believe. (I could be wrong here.) The images work well enough, and the CPU and memory footprint is small for the vIOS L2 and L3 images at least. I have few complaints with them. But the expense paired with that increasingly stale smell means I don’t want to put the CML image library on this list.
Lab GUIs are getting tiring.
I have used GNS3 for a long time, going back to I suppose 2010 or even earlier. I don’t honestly remember when I migrated from learning on actual hardware to virtual labs using GNS3. But of late, I’ve struggled madly with GNS3 stability on OS X. The fat client loses contact with the lab VM and I never know what state the lab will be in when I manage to get back into it. Lately, upgrading to the latest GNS3 client and VM versions have made the problems worse and not better. I blame Apple, as Catalina and now Big Sur have been headaches. Apple keeps changing stuff (major stuff) under the hood, and the dev community struggles to keep up. I feel that.
Even so, I’ve lost a few hours of GNS3 work due mostly to client crashes. I had a stable GNS3 on OS X setup for a while, but I’ve also had to keep upgrading Big Sur to solve other problems, which seemed to break GNS3 again. (Thanks, Apple.) Seeking stability, I have been using EVE-NG for the last couple of weeks. I fire up the VM on Fusion, and it just runs. The client is HTTP via a browser to the VM, and not a fat client. Everything happens server side, I believe. Thus far, I’m able to run the EVE-NG VM with a live lab for days with no memory leaks or other strangeness, and the experience is fine. In some ways, EVE-NG is not as polished as GNS3, and in other ways it’s a superior experience. But for the moment, I’m getting things done in EVE-NG on OS X. Good enough.
Long term, I’ve been wanting to get away from UI lab managers altogether, since all they are good for is firing up a VM for you and giving you an easy way to do plumbing between the VMs. There’s a bit more to it, admittedly. Still, we’re mostly talking about glorified KVM management for those qcow2 images that are mostly what I use lately. What I really want is Ansible or other automation tooling to stand up the environment for me, do some plumbing, and slap some IPs and maybe port descriptions on links. I just haven’t gotten to figuring out how to do that, although I discovered today that maybe I don’t have to. Ivan Pepelnjak told me about his Network Simulation Tools project that looks like it does exactly what I want. I just need to do the work to figure it out.
This post has gone on long enough. Happy labbing, fellow networkers.