Cisco ViRL – a first taste!

I was playing around with the onePK VM yesterday when I noticed something a little interesting, well, OK, it was all interesting, but something really stood out:

Cisco VIRL network topology

When you launch the nodes it looks like it uses a file with a .virl extension!

So it looks like onePk shares some of its code with ViRL (or to call it by its official name, CML). We can dig a little deeper into the virl file and have a little poke about, I havn’t seen much about it I last wrote about it, so it’ll be nice to get a little taster if what is to come.

From an ssh connection (if you have given the onePK vm an IP on your network you can do “sudo apt-get install openssh-server”) and then simply cd through to /usr/share/vmcloud/data/examples/3node/ and do “vi 3node.virl”.

.virl files

What we are presented with is a bunch of XML, and if you have read anything about ViRL/CML then you’ll know that it uses XML to share configuration data.

The first line gives us a little insight that there is a schema for CML, and specifically for the vmmaestro GUI interface (the last line):

<?xml version=”1.0″ encoding=”UTF-8″ standalone=”yes”?> <topology xmlns=”http://www.cisco.com/VIRL” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance” schemaVersion=”0.3″ xsi:schemaLocation=”http://www.cisco.com/VIRL http://cide.cisco.com/vmmaestro/schema/virl.xsd”>

Next we have the node information, one for each of our routers, but I am only showing one example here:

<node name=”router1″ type=”SIMPLE” subtype=”vios” location=”188,263″ vmImage=”/usr/share/vmcloud/data/images/vios.ova”>
<extensions>
<entry key=”bootstrap configuration” type=”String”>/usr/share/vmcloud/data/examples/3node/router1.con</entry>
<entry key=”import files” type=”String”>/home/cisco/vmcloud-example-networks/3node/router1.p12</entry>
</extensions>
<interface name=”GigabitEthernet0/0″/>
<interface name=”GigabitEthernet0/1″/>
<interface name=”GigabitEthernet0/2″/>
<interface name=”GigabitEthernet0/3″/>
</node>

Interestingly because the IOSv routers used in onePK come in an ova format if might be possible to run these as standalone VirtualBox routers, or even bring them into GNS3. I might have a play with that later on!. Don’t try and cat the .p12 file, it’s not humanly readable.

Each router has a bootstrap configuration, in the form of a .con file, so we’ll look at those in a moment.

We then have another node, which looks to be our management communication – to allow is access to the routers:

<node name=”vmc_lan_1″ type=”SEGMENT” location=”374,520″/>
<node name=”eth1″ type=”ASSET” location=”671,235″>
<interface name=”none0″/>
<interface name=”none1″/>
</node>

Lastly we have our physical connection information, followed by the closing topology brackets:

<node name=”lan_ex” type=”SEGMENT” location=”722,161″/>
<connection src=”/topology/node[1]/interface[1]” dst=”/topology/node[2]/interface[1]”/>
<connection src=”/topology/node[1]/interface[2]” dst=”/topology/node[3]/interface[1]”/>
<connection src=”/topology/node[1]/interface[3]” dst=”/topology/node[4]”/>
<connection src=”/topology/node[2]/interface[2]” dst=”/topology/node[4]”/>
<connection src=”/topology/node[3]/interface[2]” dst=”/topology/node[4]”/>
<connection src=”/topology/node[3]/interface[3]” dst=”/topology/node[6]”/>
<connection src=”/topology/node[5]/interface[1]” dst=”/topology/node[6]”/>
<connection src=”/topology/node[1]/interface[4]” dst=”/topology/node[6]”/>
<connection src=”/topology/node[2]/interface[3]” dst=”/topology/node[5]/interface[2]”/>
</topology>

So we should be able to see that node 1 connects to nodes 2 and 3 through its first and second interfaces – GigabitEthernet0/0 and GigabitEthernet0/1 respectively, and from the router, that certainly seems to be the case:

Connectivity through virl configuration

Reachability is also good:

Pinging routers in onePK

 

.con files

Looking at the router1.con file it is pretty standard Cisco configuration, I have removed extra exclamation marks though to make it a bit shorter:

cisco@onepk:/usr/share/vmcloud/data/examples/3node$ cat router1.con
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
ip cef
no ipv6 cef
ipv6 multicast rpf use-bgp
!
multilink bundle-name authenticated
!
username CISCOUSERNAME privilege 15 password 0 CISCOPASSWORD
!
redundancy
!
interface GigabitEthernet0/0
 ip address 10.10.20.110 255.255.255.0
 duplex auto
 speed auto
 no shutdown
!
interface GigabitEthernet0/1
 ip address 10.10.30.110 255.255.255.0
 no shutdown
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 ip address 10.10.10.110 255.255.255.0
 no shutdown
 duplex auto
 speed auto
!
interface GigabitEthernet0/3
 ip address dhcp
 no shutdown
 duplex auto
 speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
control-plane
!
banner exec ^C
************************************************************************
*vIOS - Cisco Systems Confidential                                     *
*                                                                      *
*This software is provided as is without warranty for internal         *
*development and testing purposes only under the terms of the Cisco    *
*onePK Software Development Kit License Agreement. Under no            *
*circumstances may this software be used for production purposes or    *
*deployed in a production environment.                                 *
*                                                                      *
*By using the software, you agree to abide by the terms and conditions *
*of the Cisco onePK Software Development Kit License Agreement as well *
*as the terms and conditions of the Cisco End User License Agreement at*
*http://www.cisco.com/go/eula                                          *
*                                                                      *
*Unauthorized use or distribution of this software is expressly        *
*Prohibited.                                                           *
************************************************************************
^C
banner incoming ^C
************************************************************************
*vIOS - Cisco Systems Confidential                                     *
*                                                                      *
*This software is provided as is without warranty for internal         *
*development and testing purposes only under the terms of the Cisco    *
*onePK Software Development Kit License Agreement. Under no            *
*circumstances may this software be used for production purposes or    *
*deployed in a production environment.                                 *
*                                                                      *
*By using the software, you agree to abide by the terms and conditions *
*of the Cisco onePK Software Development Kit License Agreement as well *
*as the terms and conditions of the Cisco End User License Agreement at*
*http://www.cisco.com/go/eula                                          *
*                                                                      *
*Unauthorized use or distribution of this software is expressly        *
*Prohibited.                                                           *
************************************************************************
^C
banner login ^C
************************************************************************
*vIOS - Cisco Systems Confidential                                     *
*                                                                      *
*This software is provided as is without warranty for internal         *
*development and testing purposes only under the terms of the Cisco    *
*onePK Software Development Kit License Agreement. Under no            *
*circumstances may this software be used for production purposes or    *
*deployed in a production environment.                                 *
*                                                                      *
*By using the software, you agree to abide by the terms and conditions *
*of the Cisco onePK Software Development Kit License Agreement as well *
*as the terms and conditions of the Cisco End User License Agreement at*
*http://www.cisco.com/go/eula                                          *
*                                                                      *
*Unauthorized use or distribution of this software is expressly        *
*Prohibited.                                                           *
************************************************************************
^C
!
line con 0
line aux 0
line vty 0 4
 transport input all
!
onep
 transport type tls localcert demoTP disable-remotecert-validation
 start
!
! IOS PKI will fail to import the tftp file if we attempt this before
! the config has been fully applied. So if we just do:
!   crypto pki import demoTP pkcs12 [location] [etc...]
! We would see something similar to this in the boot log:
!   *Nov 29 19:27:32.415: CRYPTO_PKI: Copying pkcs12 from flash1://bootstrap_admin.con
!   *Nov 29 19:27:32.492: %PKI-6-PKCS12IMPORT_FAIL: PKCS #12 Import Failed.
! Therefore we use a short delay before loading the pkcs12 file:
!
event manager applet load_identity
 event timer countdown name Delay time 20
 action 0.0 cli command "enable"
 action 1.0 cli command "config terminal"
 action 2.0 cli command "file prompt quiet"
 action 3.0 cli command "crypto pki import demoTP pkcs12 flash2://router1.p12 password NOTsecure"
 action 4.0 syslog msg "Loaded bootstrap identity certificate"
!
end

Pretty cool stuff really, and it looks like when CML is finally released configuration will not be too hard, even without the fancy GUI! I am rather liking this onePK!

4 Comments

  1. vishi May 6, 2014
  2. Stuart Fordham May 6, 2014
  3. Nathan Sowatskey May 8, 2014
  4. Stuart Fordham May 8, 2014