You are on page 1of 24

11/25/2015

CiscoVIRLInstallationonVMWareESXi

Knowledge Base

Services

About Us

Login

Cisco VIRL Installation on VMWare ESXi


In this session, well focus onCisco VIRL Installation on
VMWare ESXi. Most information applies if you are installing
on a VMWare fusion, workstation and player. For those who
are familiar with Dynamips, Dynagen and GNS3, VIRL is
Ciscos Virtual Internet Routing Lab that is intended for
personal use. VIRL has virtually the same functionality as
Ciscos commercial product called Cisco Modeling Lab. The
major difference between VIRL and the commercial version
of Modeling Lab is that, VIRL is community supported and
supports up to 30 nodes. On the other hand, you may
purchase SMARTnet and Cisco TAC support on the Modeling
Lab, and it does not have any node number limit as long as
your license and hardware supports. Of course cost difference
is substantial, Cisco Modeling Lab costs tens of thousands
dollars depending on the license you obtain, versus VIRL only
costs about $200 at the time of writing.
Cisco VIRL has increased the node limit from 15 to 20 for free
in November 2015. Existing users will see this change
automatically after the VIRL server checks in the SALT server.
You can also get a 30 node license with additional cost. It is a
great new for CCIE lab candidates to be able to emulate the
entire lab on VIRL. The overall licensing and cost structure is
as following:
Personal 20 node license: $199.99/year
Personal 30 node license: $299.99/year
Academic 20 node license: $79.99/year
If you already have your VIRL setup and looking to use the
simulation lab on the go, check out my how to access VIRL
behind a firewall, using your favorite Telnet or SSH client.
The major differences I see between VIRL and

http://www.speaknetworks.com/ciscovirlinstallationonvmwareesxi/

Your cart is empty.

Categories

Network
Simulation (7)

Security (1)

WAN Routing (1)

Wireless (2)

Popular Recent

Cisco
VIRL
External
Connectivity
July 27th, 2015

Cisco Wireless
1/24

11/25/2015

CiscoVIRLInstallationonVMWareESXi

The major differences I see between VIRL and


GNS3/Dynamips are router platforms and latest IOS code
support. You may read the details about GN3 vs. Cisco VIRL in
my later session. At the time of this session is written, I am
running on VIRL version 0.10.14.20.
Here are a few benefits VIRL provides:
Design, configure and production staging using
authentic version of Ciscos network operating systems.
IOSv: IOSv is an implementation of Cisco IOS routers. It
supports up to 15 Gigabit Ethernet Interfaces.
IOSvL2: OSvL2 is an implementation of Cisco IOS Layer2 switches such as Cat2950 and Cat2960. It supports up
to 16 Gigabit Ethernet interface (one reserved for
management purposes).
IOS-XRv: A virtual version of IOS-XR, used on high-end
carrier-grade routers such as the CRS series, 12000
series, and ASR9000 series.
NX-OSv: A virtual version of NX-OS for Ciscos Nexusseries Ethernet switches and MDS-series Fibre Channel
storage area network switches. NX-OS is designed to
support high performance, high reliability server access
switches used in the data center.
CSR1000v: A virtual version of software running on
Cisco Cloud Services Routers such as CSR 1000v. Its an
IOS XE image running in a virtualized environment
(VMWare support now, Citrix XEN, Amazon, Windows
Hypervisor and OpenStack). The CSR1000v is designed
as a virtual router that resides on the hypervisor server
as a client instance and provides any services a normal
router.
ASAv Firewall: A virtual version of Cisco Adaptive
Security Appliance (ASA). It supports the 9.x code train
that running on the Next Generation ASA-X.

Controller
Configuration
July 31st, 2015

Cisco
Universal
Wireless AP
Provisioning
and Priming
August 4th, 2015

Tags
Access Point
ASA

ACL

ASA 5500

ASA 5500-X

BGP

cisco
Conditional Routing
Dynamips
Failover

GNS3

import and export


IP SLA

LWAP

NAT

topology

VIRL

WAN

Wireless

WLC

VMWare Host ESXi Preparation


Subscribe and never

You may find the complete list of system requirements on

http://www.speaknetworks.com/ciscovirlinstallationonvmwareesxi/

2/24

11/25/2015

CiscoVIRLInstallationonVMWareESXi

You may find the complete list of system requirements on


VIRL official website. Here is a short list.

miss a post!

YourEmail

ESXi 5.1 / 5.5 using the vSphere Client: ESXi 5.1U2


(Build 1483097) or ESXi 5.5U1 (Build 1623387)
VMware Fusion Pro v5.02 or later (including v6.x or
v7.x)
VMware Workstation v8.04 or later (including v9.x and
10.x)
VMware Player v5.02 or later*** (including v6.x)

Subscribe

This session is based onVMWare ESXi 5.5.0


Dell PowerEdge R720
CPU: Intel Xeon E5-2650L-V2, 20 vCPUs x 1.699GHz
Memory: 128GB
Please note: ESXi host MUST have Intel CPU with VT-X / EPT
support. AMD processors are NOT supported.
Step1: Purchase and download the VIRL OVA
You can purchase a copy of VIRL license on VIRL.cisco.com.
Youll need to login with your Cisco.com account and make
the purchase. Youll receive an email with the instruction
how to download the image and the license key. The OVA
image is about 3.6GB. An MD5 hash sum for each package is
provided along with the download link and on the download
website. To avoid deploying corrupted file, make sure to
verify that the hash sum of the downloaded OVA matches the
source.
On a Mac OS X use the command md5 filename
On Linux use the command md5sum filename
On Windows PC, you may download the free MS File
Checksum Integrity Verifier tool. Microsoft File
Checksum Integrity Verifier.
Step2: Create Flat, Flat1, SNAT, and INT Port-Groups on
the ESXi Host.
Connect to your ESXi host machine using vSphere Client.
Navigate to Configuration > Networking and click on
Properties.
http://www.speaknetworks.com/ciscovirlinstallationonvmwareesxi/

3/24

11/25/2015

CiscoVIRLInstallationonVMWareESXi

Here youll see your existing Port Groups (in my case 14


VLAN, 15 VLAN, 16 VLAN and Management Network). We
need to create Flat, Flat1, SNAT and INT.

Click on Add on the left lower corner. Name the network


label Flat. You may leave the VLAN ID None (0) as
untagged for now. I will explain later in this session when
you may want to change it to a different VLAN ID. Go through
the wizard and the Port Group Flat is now created.

http://www.speaknetworks.com/ciscovirlinstallationonvmwareesxi/

4/24

11/25/2015

CiscoVIRLInstallationonVMWareESXi

Select the newly created Flat Port Group and go to Security


tab. Check the Promiscuous Mode box and make it Accept.
Verify MAC Address Change and Forged Transmit is also
Accept.
Promiscuous Mode: An interface in a port group which
allows use of promiscuous mode can see all network traffic
traversing the virtual switch.
By enabling these security options, it provides greater
flexibility accessing the management console of the
simulated network nodes, as well as enabling the possibility
of communicating with external physical networks.

Repeat the same process and create Flat1, SNAT and INT.
Step 3: Deploy the VIRL OVA
What is an OVA: An OVA file is an Open Virtualization Archive
http://www.speaknetworks.com/ciscovirlinstallationonvmwareesxi/
that contains a compressed, installable version of a virtual

5/24

11/25/2015

CiscoVIRLInstallationonVMWareESXi

that contains a compressed, installable version of a virtual


machine.
Select the VM host that youd like to install VIRL in vSphere
Client. Select File Deploy OVF Template from the menu.
Locate your downloaded .ova image and go through the
wizard. The wizard is self-explanatory. You only need to pay
attention to the followingSelect the target datastore that contains at least 50GB of free
disk space.
Confirm Thick Provisioned Lazy Zeroed for the disk format.
The VM Network in the OVA should be mapped to one of
your VM Port Groups. In my case it was VLAN 16, an existing
port group in my environment, where all my physical and
virtual development servers reside. Click OK and start
importing. Wait until it is complete.

VIRL official documentation recommends minimum of 2


vCPUs and 4GB of memory to run. I found simulations fail
frequently with ASAv and NS-OS with only 4GB of RAM. I
recommend 6xvCPUs and 16GB of RAM if your system admin
allows. 8GB of RAM will run most of the simulation with 4-6
note count.
To make the system resource adjustment, select the virtual
machine deployed (usually named Virl-version.xx) and click
on Edit Virtual Machine Settings.

http://www.speaknetworks.com/ciscovirlinstallationonvmwareesxi/

6/24

11/25/2015

CiscoVIRLInstallationonVMWareESXi

on Edit Virtual Machine Settings.

Enable Reserve all guest memory (All locked). Memory


reservations are necessary to ensure node stability in
simulations running on heavily loaded vSphere hosts.
Start the VM.
Step 4: Connect to the VIRL VM and assign a management IP
Note: I do not recommend using DHCP address since it may
change over time when the lease expires. We will assign a
static IP to VIRL.
Before an IP address is assigned, we can only reach the host
by going through VMWare Console. Right click on VIRL VM
and select Open Console and login.
Username: virl
Password: VIRL

http://www.speaknetworks.com/ciscovirlinstallationonvmwareesxi/

7/24

11/25/2015

CiscoVIRLInstallationonVMWareESXi

Issue this command to edit network interface configuration.


sudovi/etc/network/interfaces
Here we only update eth0s configuration to work in your
environment. (in my case it is 192.168.16.80)
autoeth0
ifaceeth0inetstatic
address192.168.16.80
netmask255.255.255.0
gateway192.168.16.1
dnsnameservers192.168.16.438.8.4.4
Save the file and exit (:qw). Reboot the system (sudo reboot
now). And now the VIRL is running on the static IP you
assigned. (192.168.16.80)

http://www.speaknetworks.com/ciscovirlinstallationonvmwareesxi/

8/24

11/25/2015

CiscoVIRLInstallationonVMWareESXi

After VIRL is rebooted, you should be able to SSH to the IP


assigned.
Step 5: Enable KVM Acceleration (important!)
SSH to the VIRL VM and issue the following command:
virl@virl:~$sudokvmok
INFO:YourCPUdoesnotsupportKVMextensions
KVMaccelerationcanNOTbeused
If it shows output as above, your system is not VT-x/EPT
ready or isnt configured to handle KVM accelerations yet.
Note: You do need to have KVM acceleration enabled before
proceed to the next step. Otherwise system will not perform
properly. Why?
VIRL is a VM and also a host. What this means is that the VM
you deployed on your workstation or ESXi server will in turn
deploy virtual machines within itself. This is called nested
virtualization. For this to function properly we need to be
able to pass the CPU flags from the host to the VIRL virtual
machine. In essence tricking the VM to thinking it has direct
access to the CPU.
What is VT-x? Intel VT (Virtualization Technology) is the

http://www.speaknetworks.com/ciscovirlinstallationonvmwareesxi/

9/24

11/25/2015

CiscoVIRLInstallationonVMWareESXi

What is VT-x? Intel VT (Virtualization Technology) is the


companys hardware assistance for processors running
virtualization platforms. Intel VT includes a series of
extensions for hardware virtualization. The Intel VT-x
extensions are probably the best recognized extensions,
adding migration, priority and memory handling capabilities
to a wide range of Intel processors.
First you want to make sure your system supports KVM
extensions. To see what model of CPU you have and what
flags are reported, run these commands:
lscpu|egrep'Arch|OnLine|Vend|Virt'
egrepwo'vmx|ept|svm|npt|ssse3'/proc/cpuinfo|sort|uniq

If you dont see VT-x support in the command output, please


make sure your CPU model supports VT-x. You can check the
specs on Intel or AMD websites. If your CPU does support VTx, there are couple of more places to check.
BIOS Settings: Some manufactures do not have Virtualization
Technology enabled in BIOS by default. Make sure it is
enabled in your BIOS. Here are couple of examples.

http://www.speaknetworks.com/ciscovirlinstallationonvmwareesxi/

10/24

11/25/2015

CiscoVIRLInstallationonVMWareESXi

If all above have been verified and setup correctly, you need
to make sure VIRL itself is configured to use VT-x.
Check in the VM directory in datastore, there should be a file
named VIRL-version.vmx. Download and open the file
using a text editor.

Look for this two lines:


virtualhw.version = 9
It should say 9 or 10. If it doesnt, close down VMware
Workstation, change the line to read 9 or add the entire line
if it doesnt exist (it should be there). While youre at it, you
could also check for the presence of
vhv.enable="TRUE"
Make sure it says TRUE.

http://www.speaknetworks.com/ciscovirlinstallationonvmwareesxi/

11/24

11/25/2015

CiscoVIRLInstallationonVMWareESXi

Make sure it says TRUE.

Save the file and restart VIRL VM. SSH back in and do the
following verification.
virl@virl:~$sudolsmod|grepkvm
virl@virl:~$cat/proc/cpuinfo|sednre'/^flags/s/^.*(vmx).*$/\1/p'

virl@virl:~$ sudo kvm-ok


INFO:/dev/kvmexists
KVMaccelerationcanbeused
Step 6: Configure NTP
SSH to the VIRL VM.
Make sure NTP is configured and the system is able to synch
time.

http://www.speaknetworks.com/ciscovirlinstallationonvmwareesxi/

12/24

11/25/2015

CiscoVIRLInstallationonVMWareESXi

time.
Very the NTP service configuration file.
sudovi/etc/ntp.conf
You should find the following NTP servers defined at the
bottom of the file. If not, add them.
server0.ubuntu.pool.ntp.org
server1.ubuntu.pool.ntp.org
server2.ubuntu.pool.ntp.org
server3.ubuntu.pool.ntp.org
Restart NTP service.
sudoservicentpstop
sudontpdgq
sudoservicentpstart
Use the NTP query command to ensure that NTP peering is
established.
sudontpqp
It may take several minutes for the NTP daemon to establish
peers. You may need to reenter the NTP Query command
multiple times over the period of several minutes before a
peer is indicated. You should see something like this when
NTP peers are established.

Note: You do need to have NTP peering established before


proceed to the next step. Otherwise system will not perform
properly.
Step 7: License Activation
http://www.speaknetworks.com/ciscovirlinstallationonvmwareesxi/

13/24

Step 7: License Activation

11/25/2015

CiscoVIRLInstallationonVMWareESXi

Access the VIRL web GUI by going to the IP address we


configured for VIRL. In my case it is http://192.168.16.80/
Click on User Workspace Management. The username is
uwmadmin, the password is password by default.

Select Salt Status and click on Reset Keys and ID. Cisco
Salt Stack is Ciscos online license validation system. Youll
need to provide the Salt-ID, Salt-Domain, and RSA key
associated with your license in order to activate.
Copy and paste the file name of the license key file (not
including .pem) provided with your purchase as the Salt ID
and Domain. For example AB12CD35.virl.info. You may
specify a SALT server that near you.
us-virl-salt.cisco.com (US)
eu-virl-salt.cisco.com (Europe)
Delete the existing contents of the Minion private RSA key
field. Open the license key file in a text-editor. Select all and
copy the entire contents of the license key file. Click on
Reset to save.
VIRL must have internet access and be able to call home to
the Cisco SaltStack servers every 7 days to validate the
license.

http://www.speaknetworks.com/ciscovirlinstallationonvmwareesxi/

14/24

11/25/2015

CiscoVIRLInstallationonVMWareESXi

Step 8: Verification
SSH to the VIRL VM.
Display the status of the OpenStack Neutron agents. Verify
that for each Neutron agent is alive column shows :-).
There should be a minimum of four Neutron agents present.
virl@virl:~$neutronagentlist
linux-bridge-agent
Metadata agent
DHCP agent
L3 agent
virl@virl:~$sudovirl_health_status|greplistening
http://www.speaknetworks.com/ciscovirlinstallationonvmwareesxi/

15/24

11/25/2015

CiscoVIRLInstallationonVMWareESXi

You may restart VIRL related services if you did not see the
results expected.
virl@virl:~$sudoservicevirlstdrestart
virl@virl:~$sudoservicevirluwmrestart

To verify the license configuration:


virl@virl:~$sudovirl_health_status|grepA4ehostideproduct

http://www.speaknetworks.com/ciscovirlinstallationonvmwareesxi/

16/24

11/25/2015

CiscoVIRLInstallationonVMWareESXi

Step 9: Connect to VIRL server using VM Maestro


VM Maestro is the client-side application that is used to build
topologies, generate configurations and visualizations, and
manage simulations that execute on the VIRL host or virtual
machine. Think it is the VIRL version of GNS3 GUI front end.
VM Maestro is packaged with VIRL and is available for
installation on Windows, OS X, and Linux platforms. To
download the installer, go to VIRLs IP in URL
http://192.168.16.80/ and click on VM Maestro Clients. It
actually redirects to http://192.168.16.80/download/

Assuming that youre running 64-bit Windows, Java tends to


run in 32-bit mode by default for most people. You need to
install the 32-bit VM Maestro to work. Or you could install a
64-bit version of Java.The following combinations should
work:
32-bit Windows + 32-bit Java + 32-bit VM Maestro
64-bit Windows + 64-bit Java + 64-bit VM Maestro
64-bit Windows + 32-bit Java + 32-bit VM Maestro
If you have multiple versions of Java installed, and VM

http://www.speaknetworks.com/ciscovirlinstallationonvmwareesxi/

17/24

11/25/2015

CiscoVIRLInstallationonVMWareESXi

If you have multiple versions of Java installed, and VM


Maestro is picking up the wrong one, you need to:
Make sure that the right version of Java is on your PATH so
that java -version at the command prompt shows the right
Java installation. Edit the vmmaestro.ini file to point to the
right Java installation.
To edit the vmmaestro.ini file, youd just add a couple of lines
between the -clean and the -vmargs line, adjusting the path
to your Java installation, as appropriate.
-clean
-vm
C:\Program Files\Java\jre7\bin\javaw.exe
-vmargs
When you first launch VM Maestro, youll be prompted to
enter the VIRL servers address. Enter the IP address
192.168.16.80 in this example. The default username is
guest and password is also guest. You are now connected
to the VIRL backend using VM Maestro.

The very first thing I would recommend you to update the


node subtypes in File Preferences Node Subtypes. Click
Fetch from Server to receive the latest subtypes. As you can
see from before and after, you now got a lot more node types
to lab with.
http://www.speaknetworks.com/ciscovirlinstallationonvmwareesxi/

18/24

11/25/2015

CiscoVIRLInstallationonVMWareESXi

After import, youll see a lot more device types you may use
to simulate networks.

By now your VIRL and VM Maestro have been installed and


your lab environment is fully functional. In my next session,
youll learn how to access the lab behind a firewall remotely,
using your own Telnet/SSH terminal, as well as setting up a
simple lab.
Updated Aug 2015: From the most recent update, Cisco VIRL
team announced that they are going to release a major
version update. They may also increase the node count limit
(currently 15) in the near future.

http://www.speaknetworks.com/ciscovirlinstallationonvmwareesxi/

19/24

11/25/2015

CiscoVIRLInstallationonVMWareESXi

(currently 15) in the near future.


Id love to hear from you!
If you have any questions regarding the content, feedback or
suggestions for future topics, please leave a comment below.
Get notified when the article is updated
YourEmail

Subscribe

Signuptodayand
receivefreeupdates
EnterYourEmail
straightinyourinbox.
SUBSCRIBEFORFREE We'lluseyouremailto
sendyouawesome
newsletters,nothing
else!
EnterYourName

Print

PDF

About LatestPosts

Jack Wang
Jack Wang, CCIE #32450, is a principle network
consultant and founder at Speak Network Solutions.
He has been designing and implementing enterprise
and large scale service provider networks as well as
teaching and blogging about advanced technologies.
His current focus includes data centers, cloud
integration, IPv6 deployment, WAN architectures and
design. Jack holds B.S. in Engineering and M.S. in
Computer Science.

By Jack Wang | July 14th, 2015 | Network Simulation | 5 Comments

http://www.speaknetworks.com/ciscovirlinstallationonvmwareesxi/

20/24

11/25/2015

CiscoVIRLInstallationonVMWareESXi

Share This Story, Choose Your

Platform!

Related Posts

Working With VIRL Topology

Save Configurations on VIRL

Cisco VIRL Upgrade

File Export and Import

August 14th, 2015 | 1

August 11th, 2015

September 6th, 2015 | 0

Comment

Comments

Comments

5 Comments
cheap ray bans October 1, 2015 at 9:55 pm - Reply

Saved as a favorite, like your web site!

Balaji Mohanakrishnan November 7, 2015 at 8:38 pm - Reply

Very Nice Article Jack!!!


I am thinking about purchasing a Dell Poweredge
R710 2U from eBay, The Specs seems to match the
requirements for running virl.
Specifications
2x Intel Xeon 2.93ghz 8mb Cache 6.4 GT/s Quad
Core CPUs X5570
(http://ark.intel.com/products/37111/Intel-XeonProcessor-X5570-8M-Cache-2_93-GHz-6_40-GTsIntel-QPI)
6x 4gb DDR3 Memory

http://www.speaknetworks.com/ciscovirlinstallationonvmwareesxi/

21/24

11/25/2015

CiscoVIRLInstallationonVMWareESXi

6x 4gb DDR3 Memory


2x 146gb 15k SAS 3.5 Hard Drives
4x Blanks Included (will not hold drives)
No Optical Drive Included
Perc 6i Controller with Battery
4x Onboard Gigabit Ethernet
iDrac6 Express (No Dedicated NIC)
2x 570w Power Supplies
Before I purchase this device, I would like to know
your Opinion about this Server.
Thanks in Advance
Balaji

Jack Wang November 7, 2015 at 9:32 pm - Reply

Hi Balaji,
Thanks for leaving a comment on my blog.
From the specs of the server, Im sure it will
do the job just fine. A few things to considerAre you going to run VMWare ESXi on the
server and share the host with other VMs?
VIRL does not require a lot of HDD spaces. If
you are not going to fully populate all the
HDD bays I recommend you getting a 1U
server instead. The PowerEdge R310 is a great
option. It holds up to 32GB RAMs and comes
with 4 hot-swappable HDD bays.
Remember that VIRL demands more memory
than CPU. If you want server with faster CPU I
recommend R320. But in the end of the day
you are more likely running into memory
limitation than CPU. I have a Dell R310 with
two 500GB SAS 15k HDDs, RAID 1 (mirrored),
two 2.5Ghz quad core CUPs and 24GB of
memory. It costed me about $350 on ebay.
By all means, if you are planning this server
for number of other VMs and they are CPU and
disk intensive, and you need a lot of disk
space or storage, you should get the 2U server
instead. I hope it helps. Keep me posted on
your server / VIRL lab build. Im doing the

http://www.speaknetworks.com/ciscovirlinstallationonvmwareesxi/

22/24

11/25/2015

CiscoVIRLInstallationonVMWareESXi

your server / VIRL lab build. Im doing the


same thing on a R310 and will update my bog
with my findings.

Kandra Ramotar November 7, 2015 at 8:40 pm - Reply

Thanks.

Balaji Mohanakrishnan November 7, 2015 at 11:07 pm - Reply

Thanks Very Much for you very Valuable Input Jack!


Based Upon Your Suggestion, I would like to go for
a Dell R310 than a R710 Since I have no intentions
of Sharing the VMs. I will keep you posted as I make
any progress setting up the Lab.
Thanks
Balaji

Leave A Comment
Name(required)

Email(required)

Website

Comment...

POST COMMENT

Notify me of followup comments via e-mail.

http://www.speaknetworks.com/ciscovirlinstallationonvmwareesxi/

23/24

11/25/2015

CiscoVIRLInstallationonVMWareESXi

SOLUTIONS

SERVICES

COMPANY

GET IN TOUCH

Best Practice +
YOU
Network High
Availability
Network Security
Remote
Connectivity
Cloud Computing

Infrastructure
Design
Analysis &
Assessment
Deployment
Assistance
Elite Support
Plans
CCIE Review

About Us
Contact Us
Resources
Knowledge Base
Legal

4653 Carmel
Mountain Rd.
Suite 308-207 San
Diego, CA 92130
Phone:
858.771.6622

Speak Network Solutions @ 2015 All Rights Reserved | Privacy Policy

http://www.speaknetworks.com/ciscovirlinstallationonvmwareesxi/

24/24

You might also like