Hello,
I’m currently in the process of setting up a near identical network to our own in GNS3 for testing purposes. Has anyone here tried this before to any success? We need to buy the Cisco IOSv image to continue with the sim so I figured I would inquire here first before diving in.
All info is appreciated,
I did this at my current company with also using VM Palo Alto.
Greeting of testing out a plan to make sure its insane.
The key it keeping its all up todate down to the firmware version (I know its not possible for some because virtual)
The things this wont find are hardware related faults or issues.
This also depends on your scale. If you have lots of routers, you would end up with lots of compute to run the VM instances. If you get the compute (which is cheap comparing to actual network hardware), you would need a "cloud orchestration” tool and a a system to connections from host to host like some form of overlay networking.
GNS3 would do a good job, but for something with a bit more orchestration APIs. There is this:
https://networkop.co.uk/post/2019-01-k8s-vrnetlab/
And the nice people who even show up to NANOG every once in a while:
There are a few other tools that people built on their own if you scrub GitHub. I even felt into that trap and exploring VRnetlab.
But numerous things were achieved. Yes, you would miss out on all the hardware bugs, hardware adaption layer issues and maybe a scale issue or two, but with enough instances, route generators and maybe even some application (some of these things can even forward traffic), you could discover 90% of things that can go wrong.
And you get the flexibility of downloading evaluation images of all kinds of things, so maybe you can avoid spending any money.
Yan
The alternative or complementary approach is something like batfish[1], for validation vs. emulation.
GNS3 can do a heck of a lot, and the price is definitely right.
I have used it extensively for initial fleshing out of designs or ideas, protocol nerding, automation interaction testing, etc. There certainly other tools out there, but being able to visually draw a topology out, connect the dots, and have an environment to test in about 10 minutes is very nice. There is an API you can hook into to do some of that for you if you are so inclined, but that would depend on your use case and resources. For how I’ve used it, never been required.
Some of the VMs from vendors can be pretty CPU and/or RAM intensive, so I’ve had the best experience running them all on a dedicated server, not locally. Again, use case dependent. For code testing I would always run the test set on hardware as well for likely obvious reasons.
If you really get into the weeds with it you can do quite a lot.
Totally agree with Tom here. It’s going to work really well for most things. But if you’re testing code for bugs you NEED to do it on the same hardware you have in your environment in an actual lab.
I’ve used GNS3 some years ago for a lot of simulation and testing. But, I’m blown away at how much more I like EVE-NG (emulated virtual environment next-gen)
I use the community free version… lots of vendor OS support… of which, I’ve actually work with the following….
XRv
IOS virtual
vMX
vSRX
vQFX
…check your in-box for a screen shot of my current environment.
-Aaron
EVE-NG is also really good. Just an FYI, GNS3 went through a major refresh about 18 months ago or so and it’s so much better now. Either way, you can’t go wrong with GNS3 or EVE-NG.
I use the server version of GNS and I love it. I just need to VPN into my DC and use my client to connect to GNS.
I heard good stuff about Cisco Virl. It’s like an ESX for network devices.
Thanks Mike for the info on GNS3…. My info is old, I’ll have to take a look at the recent GNS3 sometime soon…
-Aaron
I’ve been using network simulation well before GNS3 was around using dynamips - and even when GNS3 came along it was still not good -since it just couldn’t handle the scale (~40nodes) (not on my compute resources at that time anyways).
And similarly nowadays in the era of proper HW simulation through VMs (though I miss the idle-pc), I really like virsh/libvirt along with OVS as it allows me to programmatically generate the VM files (xmls, images, etc…) and define the topology in OVS (talking hundreds of links) which would be otherwise really tedious to draw by hand.
Also spinning up a big virtual lab from scratch takes several hours (of pure compute time) so it’s better to have some meshing in between the nodes and just spin up arbitrary L1 topologies on demand rather than spinning up the VMs every time one needs to load a different topology.
Said that I haven’t played with GNS3, EVE-NG, VIRL,… recently so I don’t know if any of these would allow me to create these massive “spreadsheets” for programmatic generation of labs.
Best approach is to have at least two virtual environments
closely resembling production environment -this is where designers and Ops people can test day to day operational changes etc…
environment where architects can test strategic/evolution changes to the network infrastructure, new concepts and big migration/integration projects, etc…
What is it good for:
Testing design concepts
-this is one of the biggest advantages of virtual testing
Physical labs as we all know cost a small fortune and you can simulate just a small cross-sections of your overall topology at a time -but in virtual lab depending on your computing resources and depending on what you need to test you can either simulate very large sections or complete network (at lower resolution) or smaller sections with very high resolution or combination of both.
This allows you to really see what happens to your traffic patterns and assess the impact of your design changes from small to large scales.
What is it not good for:
A) Scale testing
i.e. how many bgp/bfd/vrrp/etc… sessions how many routes/VRFs/etc… - you need the actual HW resources to carry out these tests
B) Performance testing
How much pps I can drive through NPU with these features (QOS,filters,etc…) what are the failover times, (fast reroute, fabric fail,RE fail, etc…) -again you need the actual HW that will be used in production to measure these
But as you can see A) and B) can easily be tested with a single DUT (or some small topology around it) using actual HW plugged in a loop with IXIA/Spirent testers.
adam
Snake topology does conserve IXIA/Spirent ports but will not allow you
to test everything. I see no practical way of just having bunch of
IXIA/Spirent ports to verify behaviour under various types of
congestion. Unfortunately the 'bunch' is getting rather large, since
even the smallest atom of a modern networking chip may contain dozens
of 100GE ports.
Said that I haven’t played with GNS3, EVE-NG, VIRL,… recently so I don’t know if any of these would allow me to create these massive “spreadsheets” for programmatic generation of labs.
GNS3 you can, they have a fairly well documented JSON based API that you can use to script up all the things, connections, and visual layout as well.
I’ve only played with it on a rudimentary level, but it seems to work just fine.
From: Saku Ytti <saku@ytti.fi>
Sent: Thursday, October 17, 2019 3:41 PM> But as you can see A) and B) can easily be tested with a single DUT (or some
small topology around it) using actual HW plugged in a loop with IXIA/Spirent
testers.Snake topology does conserve IXIA/Spirent ports but will not allow you to
test everything. I see no practical way of just having bunch of IXIA/Spirent
ports to verify behaviour under various types of congestion. Unfortunately
the 'bunch' is getting rather large, since even the smallest atom of a modern
networking chip may contain dozens of 100GE ports.
More IXIA/Spirent ports is your answer we use the "dumb" IXIA cards for NPU/PFE and fabric fairness testing as those are much cheaper.
adam