Menu Close

How to easily add Open vSwitch to GNS3

Open vSwitch (OVS) is a multilayer (MLS) virtual switch licensed under the open-source Apache 2.0 license which is widely used in the field of virtual networking. With this open-source MLS switch, we can easily extend GNS3 switching capabilities. We can add this switch to GNS3 very quickly using a GNS3 OVS appliance. No base Linux system VM is required, no ISO images.

In this post I’m going to describe how to add and run OVS MLS inside of the GNS3 (local or remote).

Using tcpdump for SIP diagnostics

TCPdump is a powerful command-line packet analyzer, which may be used for a SIP message sniffing/analyzing. TCPdump is preinstalled on many linux distributions, or may be installed directly from debian repository:

apt-get install tcpdump

TCPdump allows write sniff to a file or display it realtime. Its usage for SIP message analysis may look like:

Juniper vSRX as a router

The Juniper vSRX firewall can be operated and configured as a router. The reasons may be various, the use in GNS3 may include that vSRX has a smaller memory footprint or non-separated data and control plane. So. to do this, you must :

set system host-name ABC
set system root-authentication plain-text-password PASSWORD

And then change the packet processing mode from flow-based to packet-based:

Statefull NAT64 – simple configuration example on Cisco routers

The example shows a simplified configuration of a Statefull NAT64 demo, without DNS64. I instruct the stateful NAT64 router (CSR-1 – CSR100v) to translate IPv6 packets into IPv4 packets (and vice versa) using algorithmic mapping (defined by RFC 6052) of IPv4 addresses of IPv4 routers to and from IPv6 addresses by using manually defined IPv6 prefix 2001:db8::/96). In a similar manner, the IPv6 addresses of IPv6 routes are translated to and from IPv4 addresses.

Topology

R1/R2 run 7200 IOS image., R1 is pure IPv4 router, on the other site, R2 is IPv6 only.

VLC – SAP problem – the playlist is empty

Our ISP provider (SANET) offers an IPTV service, where the list of TV/radio programs is offered using SAP multicast at IPv4 address of 233.10.47.10. However, my PC (with Win 10 OS installed) stopped receiving the SAP announcements, and the playlist was just empty. All works fine but once it stopped. Even better, it works for some of my colleagues, but not for others

My PC runs dual-stack, i.e. my network works with IPv4/IPv6. My PC has several network adapters as I’m running some virtualization software.

Configruration L2TP over IPsec

Configuration of L2TP over IPsec tunnel connection with Cisco router as a server and MikroTik router as a client.

Configuration of Cisco server

(config)#int loopback 0 
(config-if)#ip address 192.168.1.1 255.255.255.255
(config-if)#exit
(config)#ip local pool l2tp-pool 192.168.1.5 192.168.1.10
(config)#vpdn enable
(config)#vpdn-group l2tp-group
(config-vpdn)#accept-dialin
(config-vpdn-acc-in)#protocol l2tp
(config-vpdn-acc-in)#virtual-template 1
(config-vpdn-acc-in)#exit
(config-vpdn)#no l2tp tunnel authentication
(config-vpdn)#exit
(config)#interface virtual-template 1
(config-if)#ip unnumbered loopback 0
(config-if)#peer default ip address pool l2tp-pool
(config-if)#ppp authentication ms-chap-v2
(config-if)#exit
(config)#crypto isakmp policy 1
(config-isakmp)#encryption aes 256
(config-isakmp)#hash sha512
(config-isakmp)#authentication pre-share
(config-isakmp)#group 2
(config-isakmp)#lifetime 3600
(config-isakmp)#exit
(config)#crypto isakmp key PRESHARED_KEY address 0.0.0.0 !or peer address 
(config)#crypto ipsec transform-set l2tp-ipsec-transport-esp esp-aes 256 esp-sha512-hmac
(cfg-crypto-trans)#mode transport
(cfg-crypto-trans)#exit
(config)#crypto dynamic-map my-dynamic-map 1
(config-crypto-map)#set nat demux
(config-crypto-map)#set transform-set l2tp-ipsec-transport-esp
(config-crypto-map)#exit
(config)#crypto map my-static-map 1  ipsec-isakmp dynamic my-dynamic-map
(config)#interface fastEthernet 4 ! Your WAN interface
(config-if)#crypto map my-static-map
(config-if)#exit

Now we are able to connect to this router with L2TP/IPsec tunnel.