It has always been a dream of Cisco guys to run Cisco IOS on a computer instead of real Cisco hardware. Unfortunately, it is almost impossible to emulate Cisco devices using ASICs due to lack of their public specifications. It had changed when Cisco IOS images known as IOU leaked from Cisco. They are basically IOS images compiled either for x86 Linux or Sparc Unix platform. Uncontrollably shared over the Internet, they are widely used in many home labs by Cisco students.
For those individuals not familiar with IOU, the IOU FAQ is available here. To connect IOU to the real network a perl script - iou2net.pl was written by "einval" and can be found here.
The goal of this tutorial is to build Cisco like switch based on IOU that can be used in GNS3 lab. The switch is built on Linux Core that is installed on Qemu virtual machine. Linux Core is occupied with Cisco IOU image and with the script iou2net.pl that connects IOU to other GNS3 devices. In general, the script bridges Core Linux interfaces with Cisco IOU interfaces. Therefore it creates connection between IOU interfaces bridged to particular Core interfaces and between network devices connected to Core Linux interfaces.
They are also my own two scripts loaded in Linux Core. They help to create NETMAP file and to start IOU after boot of Core.
Note I decided to use Linux Core because it is incredibly small size and with minimal hardware requirements. Linux Core installation on Qemu virtual machine is not shown in the tutorial but you can find it here.
For those of you not willing to build Linux Core from scratch, here is my Core Qemu image.
1. Start Core Qemu image
/usr/local/bin/qemu-system-i386 -m 512 ./linux-microcore-4.0.2-ioul2.img -serial telnet:0.0.0.0:3000,server,nowait --enable-kvm
telnet localhost 3000
2. Install necessary extensions
tce-load -w -i libpcap libpcap-dev perl5 tunctl perl_Net_Pcap ipv6-3.0.3-tinycore.tcz openssh.tcz bridge-utils
3. Load ipv6, 8021q module and make additional Core configuration
echo "modprobe ipv6" >> /opt/bootlocal.sh
echo "modprobe 8021q" >> /opt/bootlocal.sh
sudo modprobe 8021q
sudo modprobe ipv6
Forwarding between interfaces is disabled by default, so we are going to change it.
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
echo "net.ipv6.conf.all.forwarding = 1" >> /etc/sysctl.conf
exit
echo "/etc/sysctl.conf" >> /opt/.filetool.lst
echo "sysctl -p /etc/sysctl.conf" >> /opt/bootlocal.sh
Pair hostname with IP address of loopback interface.
echo "127.0.0.1 box" >> /etc/hosts
echo "/etc/hosts" >> /opt/.filetool.lst
Save files in listed in /opt/.filetool.lst
/usr/bin/filetool.sh -b
exit
4. Load IOUl2, iou2net.pl, wrapper and iourc to Core Linux
Default hostname for Core is box. The license file - iourc should be configured for that hostname and must contain a valid license key obtained from Cisco.
Create /mnt/sda1/IOU/ directory. This directory will remain IOU image and configuration files untouched after restart.
sudo mkdir /mnt/sda1/IOU/
Copy following files to Core.
scp -rv brezular@10.0.2.2:/home/brezular/i86bi_linuxl2* /mnt/sda1/IOU/
scp -rv brezular@10.0.2.2:/home/brezular/wrapper /mnt/sda1/IOU/
scp -rv brezular@10.0.2.2:/home/brezular/iourc /mnt/sda1/IOU/
scp -rv brezular@10.0.2.2:/home/brezular/iou2net.pl /mnt/sda1/IOU/
exit
Assign privilegies to iou2net.pl.
sudo chmod +x /mnt/sda1/IOU/iou2net.pl
5. Create a symbolic link and NETMAP file
To run IOU it needs library libcrypto.so.4. For this purpose, pointing libcrypto.so.4 to libcrypto.so.0.9.8 is necessary.
sudo ln -s /usr/local/lib/libcrypto.so.0.9.8 /usr/lib/libcrypto.so.4
echo "/usr/lib/libcrypto.so.4" >> /opt/.filetool.lst
/usr/bin/filetool.sh -b
6. Create a perl script netmap.pl that creates IOU topology file - NETMAP file
A script "netmap.pl" creates a new NETMAP file every time the script is started. If the NETMAP file exists, unique local ID for IOU instance is read from original NETMAP. If the NETMAP file does not exists local ID is generated. An unique pseudo ID is always generated for each instance of iou2net.pl. A number of running iou2net.pl instances matches a number of Linux Core Ethernet interfaces.
Note : Local ID and pseudo IDs are generated in the range of 1 to 1023. All these IDs for GNS3 topology must be unique numbers otherwise a problem with duplicate MAC could occurs. The number of available Ethernet interfaces of Core image can be changed with parameter Edit-> Preferences-> Qemu-> Qemu Host, in GNS3 settings.
Note : Maximum number of allowed interfaces depends on particular Qemu version.
Assign privilegies to netmap.pl.
sudo chmod +x /mnt/sda1/IOU/netmap.pl
Put a script to /opt/bootlocal.sh and save it.
echo "/mnt/sda1/IOU/netmap.pl" >> /opt/bootlocal.sh
/usr/bin/filetool.sh -b
Explanation
If Core is started with one Ethernet interfaces, the NETMAP might be generated as following.
The local IOU instance with ID 10 is running on Core with hostname box. This instance is connected with its interface Ethernet0/0 to pseudo IOU instance with ID 20 and pseudo interface 0/0. Pseudo IOU instance is handled by the script iou2net.pl running on the same Core with hostname box.
The number of lines in NETMAP file matches the number of Ethernet interfaces found in /sys/class/net/ directory. For example, if there were eight ethernet interfaces presented in Core the NETMAP file would have eight lines.
The summary table shows matching IOU interfaces with corresponding Core interfaces. In this case, Core is occupied with twelve Ethernet interfaces.
IOU - Linux Core
Eth 0/0 - eth0
Eth 0/1 - eth1
Eth 0/2 - eth2
Eth 0/3 - eth3
Eth 1/0 - eth4
Eth 1/1 - eth5
Eth 1/2 - eth6
Eth 1/3 - eth7
Eth 2/0 - eth8
Eth 2/1 - eth9
Eth 2/2 - eth10
Eth 2/3 - eth11
7. IOU startup script
The script /mnt/sda1/IOU/iou_start.sh is responsible for these jobs:
Assign privilegies to iou_start.sh.
sudo chmod +x /mnt/sda1/IOU/iou_start.sh
Put a script to /opt/bootlocal.sh and save it.
echo "/mnt/sda1/IOU/iou_start.sh" >> /opt/bootlocal.sh
/usr/bin/filetool.sh -b
8. After install steps - fixing root's UID for iou2net.pl and cleaning Core Linux
Iou2net.pl must be started with root's privilegies otherwise an error message "pcap: can't open device" appears. Line 202 of io2net.pl says that an enviroment variable SUDO_UID is assigned to variable $uid. As SUDO_UID always has value 1001 (that is UID of user tc) io2net.pl is never started with root's privilegies. In this case an error message "Can't connect to IOU socket" appears and the script is halted.
To fix it, edit io2net.pl and change line 202 starting with $uid = $ENV ; to $uid = 0 ;
a) Remove .ssh/known_hosts
rm /root/.ssh/known_hosts
rm /home/tc/.ssh/known_hosts
b) Delete commands' history
rm /root/.ash_history
rm /home/tc/.ash_history
/usr/bin/filetool.sh -b
9. Login to IOU instance
telnet localhost 6000
10. Known issues:
a) Undesired random matching Local ID by pseudo ID
Local ID is generated in range of 1 - 1023. Pseudo IDs are generated in range of 1 - 999. Possibly a problem with mismatched IDs could occur if pseudo ID matches Local ID. In this case, restarts Qemu image as the Pseudo IDs are newly generated after restart of Core Linux.
c) Show command displays only first 24 lines of configuration file when IOU is used with wrapper
This issue is only when certain terminal emulator is used (e.g. kde konsole). Putty is known to work. Workaround is command " terminal lenghth 0 " which displays configuration at once. This is valid for a current terminal session only. If you wish to keep setting permanent, configure command length 0 under line-console and line-vty in global configuration mode.
End.