This time I explain how to add NAT device in EVE-NG virtual lab. In latter section I also explain the steps to add Windows virtual client and connect it to AOS-CX switch so I can test AOS-CX’s edge functionalities such like AAA, Local User Role.
Adding dual-armed linux device for NAT
First we add a linux node and configure it as a NAT box. You do not need to install it from scratch because EVE-NG team is kind enough to provide with various kind of pre-packaged linux images for download here. Let’s download a minimal ‘tinycore’ image which is just 81MB in size.
Once downloaded copy it to EVE-NG host and extract it on /opt/unetlab/addons/qemu
folder.
cd /opt/unetlab/addons/qemu
tar zxvf <path>/linux-tinycore-6.4.tar.gz
Then you can add the node by right clicking the blank area >> Node >> selecting ‘Linux’
Select ‘linux-tinycore-6.4’ image and give a comprehensible name. Change ‘Ethernets’ to 2 because it needs to be dual-armed for doing NAT.
Build a topology as below by connecting the nodes. The cloud node can be added by selecting ‘Network’ with type ‘Cloud1’. (Which means bridge to eth1 or second vNIC on EVE-NG)
Start the NAT box and connect to VNC console. The DHCP client is enabled on eth0 by default and you can confirm that it has valid IP. Check the connectivity to the internet.
Seems OK. Click ‘Control Panel’ at the bottom then ‘Network’.
Enter the network parameter for eth1 and click Apply. Please make sure that Gateway is blank.
Let’s configure the linux as NAT box.
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Configure AOS-CX switch
Next I would add AOS-CX and configure it. If you have previously added one, you may need to do erase startup-config
to reset the configuration to default. Here are the config snippet.
interface vlan 1
ip address 10.1.1.1/24
ip route 0.0.0.0/0 10.1.1.254
interface 1/1/1
no routing
no shutdown
vlan access 1
Let’s check the connectivity with ping.
ArubaCX-1# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 100(128) bytes of data.
76 bytes from 8.8.8.8: icmp_seq=1 ttl=47 (truncated)
76 bytes from 8.8.8.8: icmp_seq=2 ttl=47 (truncated)
76 bytes from 8.8.8.8: icmp_seq=3 ttl=47 (truncated)
76 bytes from 8.8.8.8: icmp_seq=4 ttl=47 (truncated)
76 bytes from 8.8.8.8: icmp_seq=5 ttl=47 (truncated)
--- 8.8.8.8 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4005ms
rtt min/avg/max/mdev = 5.304/6.069/6.977/0.601 ms
It seems NAT is working!
Add Windows virtual client
Let’s add a Microsoft Windows 10 virtual client to test edge functionality of AOS-CX. The steps are explained here.
Create a subfolder in /opt/unetlab/addons/qemu
for the virtual client and copy a Windows 10 installer iso image into it. Rename the image to cdrom.iso
. The folder name must start with ‘win-
‘ or EVE-NG won’t recognize it as windows image.
cd /opt/unetlab/addons/qemu/
mkdir win-10-business-2020Apr
cd win-10-business-2020Apr
mv <path>/en_windows_10_business_editions_version_2004_x64_dvd_d06ef8c5.iso cdrom.iso
Create a virtual disk for the windows client. Here I specified 30GB but you may want to create larger one if you intend to install more applications. If you do so you should need to extend the EVE-NG’s virtual hard disk by following the steps described here because the amount of default virtual HDD is only 50GB.
/opt/qemu/bin/qemu-img create -f qcow2 virtioa.qcow2 30G
It should look like this:
root@eve-ng-3:/opt/unetlab/addons/qemu/win-10-business-2020Apr# /opt/qemu/bin/qemu-img create -f qcow2 virtioa.qcow2 30G
Formatting 'virtioa.qcow2', fmt=qcow2 size=32212254720 encryption=off cluster_size=65536 lazy_refcounts=off refcount_bits=16
root@eve-ng-3:/opt/unetlab/addons/qemu/win-10-business-2020Apr# ls -l
total 5389488
-rwxr--r-- 1 root root 5518630912 May 18 15:14 cdrom.iso
-rw-r--r-- 1 root root 197120 May 18 15:27 virtioa.qcow2
Now you can start Windows virtual client. Let’s add a node and start it to initiate windows installer. The EVE-NG website advises us to set qemu version to 2.2.0 for windows VM, but it seems it’s no longer the case and you can use the latest one (4.1.0) as far as I tested. Add -rtc base=localtime
option in the QEMU custom options box otherwise the clock in the VM always incorrectly sync to UTC even though you set the timezone properly.
Connect the node to the cloud so the windows VM can access to the Internet to download necessary tools and applications.
Start the node and proceed with the windows installer.
In the disk selection screen, the installer can’t detect the virtual disk. Don’t worry, you can install the driver by clicking ‘Load driver’ >> Browse >> select B:\storage\2003R2\amd64 >> OK >> Next
There you go! Then click New >> Apply >> Next
Installer is copying files, be patient…
Once installation is complete, you can install your favorite browsers/tools/applications. Also apply any customizations as you like.
You may notice Windows key is not working on the VNC viewer. Turning on ‘Scroll Lock’ should make it work.
After all done, you should commit the change to the template virtual disk with below steps. If you do not commit the change, the windows installer will run every time you create another windows node.
- shutdown the Windows gracefully. i.e. from windows GUI, not EVE-NG menu
- ‘cd’ to the instance folder, which is
/opt/unetlab/tmp/<POD number>/<Lab UUID>/<Node ID>
- run
/opt/qemu/bin/qemu-img commit virtioa.qcow2
- remove the
cdrom.iso
in the template folder
Node ID is displayed when you right click on the node.
POD number is displayed by clicking ‘Status’ in the left sidebar.
Lab UUID will be displayed by clicking ‘Lab details’ in the left sidebar.
cd /opt/unetlab/tmp/0/81ba81b4-3a7e-4f92-bdbc-47fb7459a6e8/5/
/opt/qemu/bin/qemu-img commit virtioa.qcow2
rm /opt/unetlab/addons/qemu/win-10-business-2020Apr/cdrom.iso
Now you can add any number of windows virtual clients as the amount of host memory allows. They will start with your favorite tools, apps, customization already installed.
Configure AOS-CX for client access
Let’s configure DHCP server and client VLAN on AOS-CX for client access. Build the topology as shown below.
Here is the config stub for ArubaCX-1 switch.
vlan 2
interface vlan 2
ip address 10.1.2.1/24
interface 1/1/2
no shutdown
no routing
vlan access 2
dhcp-server vrf default
pool vlan2-pool
range 10.1.2.100 10.1.2.199 prefix-len 24
default-router 10.1.2.1
dns-server 8.8.8.8
lease 01:00:00
exit
authoritative
enable
Then we need to add a static route in the NAT box. Otherwise the return traffic won’t reach the client on VLAN 2.
sudo route add -net 10.1.2.0 netmask 255.255.255.0 gw 10.1.1.1
Turn on Win10PC and see if it can get DHCP IP from AOS-CX switch and go out to the Internet.
Looks good. Let’s make the change on the NAT box permanent by adding the 2 commands to /opt/bootlocal.sh
echo "sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE" >> /opt/bootlocal.sh
echo "sudo route add -net 10.1.2.0 netmask 255.255.255.0 gw 10.1.1.1" >> /opt/bootlocal.sh
That’s pretty much it.