Network emulator. Unetlab is a great replacement for GNS3 and Cisco Packet Tracer! Virtual network equipment

Huawei eNSP is an official and free simulator from Huawei. Supports switches and routers, functionality – L2, L3, basic MPLS, BNG(BRAS). Description (archive), download link (archive). It is of interest to those who want to familiarize themselves with configuring Huawei equipment, developers of monitoring and management systems (SNMP supported) and for studying network protocols and technologies in general. It is possible to connect device interfaces with the “external” world in order to interface it with real or other virtual or host systems.

GNS3 is probably the most popular tool for creating virtual laboratory benches. Initially it was a graphical shell over dynamips (an emulator of Cisco soft routers of the previous generation - c7200, c2800, c3725, etc.), but currently has many backends for running virtual devices (except dynamips) - qemu, kvm, virtualbox, due to What, besides launching outdated Cisco soft routers, can do a lot of other things (what qemu, kvm and virtualbox can do). More details can be found on the official website (archive). Virtual device images are not included in the distribution, and there are legal issues regarding the use of Cisco and Juniper Olive images. Can make interconnect with outside world.

IOU-WEB– graphical interface over IOU (Cisco IOS on Unix). The device images are Cisco internal, but leaked online. Designed for training and preparation for exams, there are L2 and L3 images of devices.

Cisco Learning Labs– commercial lease laboratory work s to prepare for the CCNA, CCNP, MPLS exams. The solution is built on the basis of IOU. Description (archive)

Cisco Packet Tracer– Software for simulating a network with Cisco equipment. Available (free) for downloading to students and graduates of the Cisco Networking Academy. Contains great amount errors, severely limited in functionality, it is better to never use it.

Junosphere Lab– commercial rental of Juniper devices in the “cloud”, intended for training and network simulation. ()

Virtual network equipment

Cisco

– CSR1000V Cloud Router is a functional analogue of Cisco ASR1K equipment. It is a commercial product but has a trial period of 60 days. L3 functionality, MPLS(), ISG(BRAS), basic L2 functionality is supported - switching between subinterfaces, rewrite/push/pop dot1Q tags, vxlan(multicast mode) in release 3.12S. The prices are not very humane (for example, a license for full functionality (premium) at 10 Mbit/s for 3 years (L-CSR-10M-PRM-3Y=) costs $1800 under the GPL), but for that you can organize your own completely legal laboratory with all the functionality of ASR1K.
– ASA1000V Cloud Firewall, ASAVM, other ASA images. Since Cisco ASA is initially a regular x86 server, we have long ago learned how to virtualize this equipment; there are howtos for using it in GNS3
– Nexus 1000V – a virtual switch for vmware vsphere instead of the simple vmware vSwitch. The installation process is not at all trivial, but there are detailed howtos on how to do it
– Cisco Titanium – Cisco Nexus7k emulator. Cisco internal only, but images leaked online
– IOS XRv – there is a free (demo) image, fully functional, except for the performance limitation of 2Mbit/s. Enough for stands. Capable of L3 and MPLS. Everything related to L2 does not work (in the case of VPLS and VPWS, signaling works, but traffic is not switched). IOS-XR has very different syntax from IOS/IOS-XE. . The commercial version of XRv is positioned as a route reflector
– Previous generation soft routers (see above about gns3 and dynamips)
– L2 and L3 images of IOU (see above about IOU-WEB)

Huawei

– Routervisio is an internal product of Huawei, an NE40E emulator. There are distributions on the network, but I couldn’t get them to run.
– Virtual switches and eNSP routers (see above)

Juniper

– Juniper Firefly Perimeter (vSRX) – currently capable of L3, MPLS (including VPLS), standard firewall functionality (SRX). From L2 only a regular pseudowire can (switching between the local interface and pseudowires). Switching between local interfaces is not supported
– Juniper Olive is an internal product of Juniper, but is available online. Capable of L3, MPLS(L3VPN), tunnels, basic L4 functionality. It works quite slowly (especially commit). It is preferable to use vSRX instead of Olive
– Juniper VMX (virtual MX) – an internal Juniper product, not available online

Other

– Mikrotik x86 – x86 version of cheap (compared to Cisco) routers that are popular in the SOHO segment. Has a controversial reputation, but lives off low prices with very solid functionality
– various linux based distributions designed for routing and switching (

3 Today there are three Cisco equipment emulators: VIRL, GNS3 and UNetLab. Let's go over their functionality to compare their advantages and disadvantages.

Original article: Comparison of UNetLab with VIRL and GNS3

Legality

GNS3 and UNetLab require you to obtain Cisco IOS yourself. This gray scheme may violate Cisco IOS terms of use, which keeps some users away from GNS3 or UNetLab. For its part, Cisco VIRL is licensed to use Cisco IOS and already comes with some IOS images inside. Let's give VIRL one flag.

Serial interface support

The first thing that stands out is the support for Serial interfaces. VIRL does not support Serial interfaces, but it may be an option in future releases. GNS3 and UNetLab have support for Serial interfaces. Therefore, GNS3 and UNetLab each receive one flag.

Support for additional Cisco equipment.

VIRL only supports IOS-XR, IOS XE, NX-OS, and classic IOS (vIOS-L2 and vIOS-L3) from Cisco. It is also possible to upload an ASAv image to VIRL.
GNS3 supports classic IOS (Dynamips), and through integration with QEMU it is possible to use Cisco VIRL images, Cisco ASAv, XRv.

However, for GNS under Windows, various troubles await you, for example, by running the vIOS-L2/L3 image (GNS already has ready-made template for it), you will be surprised to find that if in the settings you specify the number of interfaces more than 8, then the image will not start.
In addition, QEMU under Windows is limited to 2Gb RAM. This leads to problems running images such as Cisco XRv and Cisco CSR1000v. For example CSR1000v requires 3G RAM. You can try to set it less, but all interfaces will be in the DOWN state. The number of links in QEMU GNS is also limited to 16, i.e. this is the maximum number of connections to one QEMU device. More information can be found on the UNL developers website in the section Differences between current UNetLab and GNS3 1.3.3

Cisco IOL/IOU images also require a separate virtual machine to run.

In turn, UNetLab supports the most wide range both Cisco equipment and equipment from other vendors. You can run Cisco IOL images, images from VIRL (vIOS-L2 and vIOS-L3), Cisco ASA Firewall, Cisco IPS, XRv and CSR1000v images, dynamips images from GNS, Cisco vWLC and vWSA images,

Here we will give the flag to UNetLab

Support for other vendors.

There are several vendors whose equipment can be integrated into the GNS3 environment. But GNS3 does not advertise integration with anyone, although having an interface for interacting with QEMU, it is theoretically possible to implement Nested Virtualization and run images provided by vendors for working under VmWare. In practice, you may encounter difficulties or significant limitations in integrating this or that equipment into GNS3. For example, the Arista EOS switch in GNS3 for Windows is limited to only 8 interfaces, although the image itself supports 25.

However, when compared with UNetLab, the latter has the widest official support - Juniper, Extreme, Fortinet, HP, Checkpoint, Palo Alto, Arista, Alcatel, Citrix, MS Windows.

VIRL also does not advertise integrations with anyone, although this may be possible, for example support for Arista vEOS, Fortinet FortiGate, Juniper, Palo Alto, Windows. .

Out-of-band management (OOB Access)

Both VIRL and GNS3 and UNetLab support OOB access to the CLI. However, in UNetLab, you do not necessarily need to be on the same PC that is running the VM. You can run VM UNetLab on one PC or on ESXi, and your favorite Putty or SecureCRT terminal on any remote client - from home, from a hotel - from anywhere. Everyone gets the checkbox.

Preload configurations.

This is something that GNS3 cannot do. This is what VIRL, a function of AutoNetKit, can do. UNetLab can do this partially, only for IOL and Dynamips images. That's why VIRL earns its flag.

Multi-user functionality (Multi User).

Starting with version UNetLab 0.9.54, multi-user functionality has appeared. On the same VM, authorized users can create their own stands independently, as well as collaborate on a common stand shared by multiple users at the same time. In this case, users launch nodes of a common stand also independently of each other. This mode is ideal for training.

Such functionality is not supported in either GNS3 or Cisco VIRL. UNetLab takes the flag for itself

Price

Cisco VIRL costs almost $200 for the Personal Edition. Subscription is annual. But even after purchasing a license, you are still limited to 15 Cisco devices. By the way, it should be noted that images from other vendors can be launched without restrictions. GNS3 and UNetLab are free products. You can make a voluntary donation for product development if you wish. In addition, by making a donation to UNetLab you will also receive full support for installing and using the product from the developers, access to the most latest versions and priority development of feature requests. But nevertheless, only GNS3 and UNetLab receive a flag.

Conclusion:

In conclusion, I would like to draw attention to some features of UnetLab compared to GNS:

The GUI in UNetLab is provided via a Web interface, while in GNS you need to install the client
The GUI in UNetLab supports adding your own topology images with active links to running devices. In GNS there is practically no such support (except for the background between the background and device images - but it looks very clumsy).
UNetLab has no RAM memory limit for QEMU. In GNS Windows you are limited to 2Gb
In UNetLab there is no limit on the number of links between devices. In GNS3 you are limited to 16 links in QEMU
In UNetLab, all devices run within one VM. In GNS3 you need a separate VM to run IOL images
Several users can work in VM UNetLab simultaneously. GNS3 is strictly a single-user system.

Let's summarize: In terms of ease of use, functionality, and hardware support, the victory today goes to UNetLab.

Dynamips is a software emulator of the hardware of Cisco routers. The project has been developed since 2005 as a Cisco 7200 emulator on a regular computer.
Subsequently, support for other platforms appeared. Now (2008) the list is as follows: Cisco 3600 series (3620, 3640 and 3660), 3700 series (3725, 3745) and 2600 series (2610 each, 2650XM, 2691).
Let's look deeper and try to understand how it works and what can be done with it.

Dynamips is good when you need to:

quickly check the router configuration for its direct application on a real piece of hardware;
get a laboratory bench with little cost, but powerful enough for training or demonstration;
try out the benefits and capabilities of the Cisco IOS operating system without having to purchase the router itself.

The first thought that may come to mind at this point is: can’t a Cisco emulator replace the router itself? To some extent, yes, but only under very light load. The author of the project himself indicates that the performance of a real router is approximately 100 times higher (the performance of Dynamips is about 1 kilopacket per second, while even the most early model NPE-100 gives 100 kilopackets/sec).
In addition to the hardware of Cisco routers, it is possible to emulate network devices, such as:

bridge (using which you can connect an emulated router to a real network or another virtual router);
Ethernet switch;
ATM switch;
ATM bridge (Ethernet ATM);
Frame-Relay switch.

A great feature of Dynamips is that it can run in hypervisor mode. That is, at the same time it is possible to launch not just one virtual Cisco, but an entire network with all the capabilities of dynamips: switches, routers, bridges.. Thus, it becomes possible to run labs without real equipment. Or demonstration stands. And of almost any complexity. In this case, the hypervisor is controlled over a TCP/IP network, and dynampis itself is launched something like this:

dynamips-H 7200

where 7200 is the port for communication with the hypervisor.

It should be noted, that running by default, the emulator heavily loads the computer. Even 100%. To reduce the load, the "Idle PC" option has been created. With its help, you can reduce the load on the processor and, thus, run a second, third, or more Cisco emulators simultaneously without significant processor load. The IdlePC value is specific to each IOS image. The required value is selected experimentally. Directly with Dynamips this is done as follows: after loading the router, preferably with an empty configuration after the Press RETURN to get started! You need to press “Ctrl-] + i” after 5 seconds. CPU usage statistics will begin to be collected. After this process (about 10 seconds) several values will be output, of which the potentially best ones will be marked. You may have to try several values before the CPU load drops from 100% to about 5% (varies on different computers).

Dynamips is a single executable file. Moreover, there are options for Linux, Mac OS and Windows. But when launched, it takes many arguments to set special emulation parameters. You can read more about the arguments on the project page xgu.ru.

However, you often need to quickly deploy a virtual network, and using (learning, typing) dynamips with all the necessary arguments for launch is problematic, given the need to create a configuration file that describes the virtual network. Here is an example of such a file:

IF:E0:udp:10000:127.0.0.1:10001
IF:E1:udp:10002:127.0.0.1:10003
IF:E2:gen_eth:eth0

DOT1Q:E0:1
ACCESS:E1:4
DOT1Q:E2:1

And this is just a config that describes a simple switch. And if there is a need to emulate Frame Relay or ATM trunks?... In general, you can complete the picture yourself and try to plan all your necessary actions to emulate a Cisco network using only bare dynamips.

So, to make the work easier, several tools have been created to make it easier to create configuration files and launch dynamips with the required parameters. By the way, they are also more friendly in terms of interface.

Dynagen (project website dynagen.org). Uses CLI-like (command line interface) to control dynamips, which runs in hypervisor mode. It is still necessary to create a configuration file of the INI type and dynagen will manage dynamips via the network (see launching the hypervisor). This suggests that the hypervisor itself can be run on a remote computer. An example of such a config:

image = \Program Files\Dynamips\images\c7200-jk9o3s-mz.124-7a.image
# On Linux/Unix use forward slashes:
#image = /opt/7200-images/c7200-jk9o3s-mz.124-7a.image
npe = npe-400
ram = 160

[]
s1/0 = F1 1

[]
s1/0 = F1 2

[]
s1/0 = F1 3

[]
1:102 = 2:201
1:103 = 3:301
2:203 = 3:302

You can calculate the Idle PC value and reduce the CPU load in dynamips using the idlepc command. List of commands - ? .
Dynagen and dynamips can be downloaded.

Xenomips and Xentaur. These projects went even further.
Xenomips combines Cisco emulation and Xen virtualization. Thus, the list of dynamips virtual devices is extended by Xen capabilities. And on one physical computer as a host system, you can create a laboratory bench from virtual cisco routers, switches, Ethernet bridges, Frame Relay and ATM trunks, Cisco PIX firewalls (using the Pemu parallel project), Linux, FreeBSD, Windows servers and workstations , MacOS and so on.
The goal of the Xentaur project is to develop tools and methods for quickly building virtual networks and studying their operation. Networks can be not only purely virtual, but also mixed: along with virtual nodes, regular computers and network devices can work in them.
You can read more about these projects on the project website xgu.ru: Xenomips, Xentaur.

Thus, to emulate Cisco networks, we need to choose for what purposes we need it. For many cases GNS3 is sufficient. If you need to create major project and consider (or demonstrate) the relationships between virtual servers, workstations and network devices, then Xenomips is worth a look.

Have fun learning!

P.S. Sometimes you just have to ask yourself this question. All tools described are licensed under the GPL and/or are free and free to download. However, not the IOS image itself. So the question of where to download Cisco IOS remains open. This software is distributed commercially by Cisco. However, if you set a goal, then you can download iOS for educational purposes - you can find it easily. ;-)

Hi all.

At one time I had to deal with Cisco. Not for long, but still. Everything related to Cisco is now mega popular. At one time I was involved in the opening of a local Cisco Academy at a local university. A year ago I attended the "" course. But we don’t always have access to the equipment itself, especially while studying. Emulators come to the rescue. There are also ones for Cisco. I started with Boson NetSim, and almost all students are now using Cisco Packet Tracer. But nevertheless, the set of simulators is not limited to these two types.

Some time ago, in our “Networks for the Little Ones” series, we switched to the GNS3 emulator, which better suited our needs than Cisco Packet Tracer.

But what alternatives do we even have? Alexander aka Sinister, who does not yet have an account on Habré, will tell you about them.

There are quite a large number of simulators and emulators for equipment Cisco Systems. In this short review I will try to show all the existing tools that solve this problem. The information will be useful to those who study network technologies, prepare to take Cisco exams, assemble racks for troubleshooting, or research security issues.

A little terminology.

Simulators- they imitate a certain set of commands, it is built in and if you go beyond the limits, you will immediately receive an error message. A classic example is Cisco Packet Tracer.

Emulators on the contrary, they allow you to play (performing byte translation) images (firmware) of real devices, often without visible restrictions. As an example - GNS3/Dynamips.

Let's look at Cisco Packet Tracer first.

1. Cisco Packet Tracer

This simulator is available for both Windows and Linux and is free for Cisco Networking Academy students.

In version 6, such things appeared as:

iOS 15
HWIC-2T and HWIC-8A modules
3 new devices (Cisco 1941, Cisco 2901, Cisco 2911)
HSRP support
IPv6 in the settings of end devices (desktops).

The feeling is that the new release was timed to coincide with the update of the CCNA exam to version 2.0.

Its advantages are the user-friendliness and consistency of the interface. In addition, it is convenient to check the operation of various network services, such as DHCP/DNS/HTTP/SMTP/POP3 and NTP.

And one of the most interesting features is the ability to switch to simulation mode and see the movement of packets with time dilation.

It reminded me of that same Matrix.

Almost everything that goes beyond the scope of CCNA cannot be assembled on it. For example, EEM is completely absent.
Also, sometimes various glitches can appear, which can only be cured by restarting the program. The STP protocol is especially famous for this.

What do we end up with?

A good tool for those who have just begun their acquaintance with Cisco equipment.

The next one is GNS3, which is a GUI (in Qt) for the dynamips emulator.

A free project, available for Linux, Windows and Mac OS X. The GNS project website is www.gns3.net. But most of its functions designed to improve performance work only under Linux (ghost IOS, which works when using many identical firmware), the 64-bit version is also only for Linux. Current version of GNS on this moment- 0.8.5. This is an emulator that works with real iOS firmware. In order to use it, you must have the firmware. Let's say you bought a Cisco router, you can remove them from it. You can connect VirtualBox or VMware Workstation virtual machines to it and create enough complex circuits, if you wish, you can go further and release it into the real network. In addition, Dynamips can emulate both old Cisco PIX and the well-known Cisco ASA, even version 8.4.

But with all this there are a lot of shortcomings.

The number of platforms is strictly limited: only those chassis that are provided by the dynamips developers can be launched. It is possible to run iOS 15 version only on the 7200 platform. It is impossible to fully use Catalyst switches, this is due to the fact that they use a large number of specific integrated circuits, which are therefore extremely difficult to emulate. All that remains is to use network modules (NM) for routers. Using large quantity devices are guaranteed to experience performance degradation.

What do we have in the bottom line?

A tool in which you can create quite complex topologies and prepare for CCNP level exams, with some reservations.

3. Boson NetSim

A few words about the Boson NetSim simulator, which was recently updated to version 9.

Available only for Windows, the price ranges from $179 for CCNA and up to $349 for CCNP.

It is a kind of collection of laboratory works, grouped by exam topics.

As you can see from the screenshots, the interface consists of several sections: a description of the task, a network map, and on the left side there is a list of all labs. After finishing the work, you can check the result and find out if everything was done. It is possible to create your own topologies, with some restrictions.

Main features of Boson NetSim:

Supports 42 routers, 6 switches and 3 other devices
Simulates network traffic using virtual packet technology
Provides two different browsing styles: Telnet mode or console mode
Supports up to 200 devices on one topology
Allows you to create your own laboratories
Includes labs that support SDM simulation
Includes non-Cisco devices such as TFTP Server, TACACS+ and Packet Generator (that's probably the same 3 other devices)

It has the same disadvantages as Packet Tracer.

For those who do not mind a certain amount, and at the same time do not want to understand and create their own topologies, but just want to practice before the exam, this will be very useful.

Official website - www.boson.com/netsim-cisco-network-simulator.

4. Cisco CSR

Now let's look at the fairly recent Cisco CSR.

The virtual Cisco Cloud Service Router 1000V appeared relatively recently.

It is available on the official Cisco website.

To download this emulator, you just need to register on the site. For free. No contract with Cisco is required. This is really an event, since previously Cisco fought emulators in every possible way and recommended only renting equipment. You can download, for example, an OVA file, which is a virtual machine, apparently RedHat or its derivatives. Each time the virtual machine starts, it loads an iso image, inside of which you can find CSR1000V.BIN, which is the actual firmware. Well, Linux acts as a wrapper, that is, a call converter. Some requirements that are indicated on the site are DRAM 4096 MB Flash 8192 MB. With today's capacity, this should not cause problems. CSR can be used in GNS3 topologies or in conjunction with a Nexus virtual switch.

The CSR1000v is designed as a virtual router (much like Quagga, but IOS from Cisco), which runs on the hypervisor as a client instance and provides the services of a regular ASR1000 router. This could be something as simple as basic routing or NAT, all the way to things like VPN MPLS or LISP. As a result, we have an almost full-fledged provider Cisco ASR 1000. The operating speed is quite good, it works in real time.

Not without its shortcomings. You can only use a trial license for free, which lasts only 60 days. In addition, in this mode throughput limited to 10, 25 or 50 Mbps. After the end of such a license, the speed will drop to 2.5 Mbps. The cost of a 1-year license will cost approximately $1000.

5. Cisco Nexus Titanium

Titanium is an emulator of the Cisco Nexus switch operating system, also called NX-OS. Nexus are positioned as switches for data centers.

This emulator was created directly by Cisco for internal use.

The Titanium 5.1.(2) image, compiled on the basis of VMware some time ago, became publicly available. And after some time, the Cisco Nexus 1000V appeared, which can be legally purchased separately or as part of the vSphere Enterprise Plus edition of Vmware. You can watch it on the website - www.vmware.com/ru/products/cisco-nexus-1000V/

Perfect for anyone preparing to take the Data Center track. It has some peculiarity - after switching on, the boot process begins (as in the case of CSR, we will also see Linux) and stops. It seems like everything is frozen, but that's not the case. Connection to this emulator is made through named pipes.

A named pipe is one of the methods of interprocess communication. They exist both in Unix-like systems and in Windows. To connect, just open putty, for example, select the serial connection type and specify \\.\pipe\vmwaredebug.

Using GNS3 and QEMU (a lightweight OS emulator that comes bundled with GNS3 for Windows), you can assemble topologies that will involve Nexus switches. And again, you can release this virtual switch into the real network.

6. Cisco IOU

And finally, the famous Cisco IOU (Cisco IOS on UNIX) is proprietary software that is not officially distributed at all.

It is believed that Cisco can track and identify who is using the IOU.

When launched, an HTTP POST request is attempted to the xml.cisco.com server. The data that is sent includes hostname, login, IOU version, etc.

It is known that Cisco TAC uses IOU. The emulator is very popular among those preparing to take the CCIE. Initially it worked only under Solaris, but over time it was ported to Linux. It consists of two parts - l2iou and l3iou; from the name you can guess that the first emulates the data link layer and switches, and the second emulates the network layer and routers.

The author of the web interface is Andrea Dainese. His website: www.routereflector.com/cisco/cisco-iou-web-interface/. The site itself does not contain IOU or any firmware; moreover, the author states that the web interface was created for people who have the right to use IOU.

And some final conclusions.

As it turned out, at the moment there is a fairly wide range of emulators and simulators of Cisco equipment. This allows you to almost fully prepare for exams of various tracks (classic R/S, Service Provider and even Data Center). With some effort, you can collect and test a wide variety of topologies, conduct vulnerability research, and, if necessary, release emulated equipment onto a real network.