Some time ago, I needed to simulate a heterogeneous network, with a Cisco router connected to another Huawei router.
It wasn’t easy because IOS is not publicly available and the Huawei simulator, eNSP, is discontinued and only works on VirtualBox 5.
To make this simulation, a CPU that supports VM nesting (Second-Level Address Translation - SLAT) is required.
Simulation VM
Create a Windows 7-based VM, with 4GB of RAM, 2 vCPUS and 4 network interfaces.It may be possible to lower RAM for 2GB, but this has not been tested; 1GB has been tested and is insufficient.
In order for the ARP protocol of the simulated routers to not complain that there are duplicate IPs in different MACs, it’s necessary to do MAC Spoofing on purpose, placing in the MAC configuration of each VirtualBox interface the MAC of the simulated router interface that it will represent.
First the MAC is left in the standard setting, and then after we raise the simulated routers we take note of the MAC of each router’s interface, switch off the VM, and introduces this MAC in the corresponding VirtualBox interface configuration before bringing back the VM.
Cisco’s simulated router can change its MACs to duplicate the default VirtualBox MACs, so this step is optional for the Cisco’s interfaces; the same is supposed to be possible in the Huawei router, but although it is described in the manual, the simulation of the AR2220 can not change its MACs, so this step is required for the simulated Huawei router to work.
The final settings are:
Virtual Interface 1
- Internal Network: WAN
- Promiscuous: Allow All
Virtual Interface 2
- Internal Network: LAN
- Promiscuous: Allow All
Virtual Interface 3
- Internal Network: WAN
- Always with the same MAC as the corresponding external interface of the Huawei router
- Promiscuous: Allow All
Virtual Interface 4
- Internal Network: LAN
- Always with the same MAC as the corresponding external interface of the Huawei router
- Promiscuous: Allow All
Guest’s network configuration
Control Panel, Network Connections
Virtual Interface 1’s “real” interface
(confirm, for example, by disconnecting the virtual network cable)
Name: C-Outside or Cisco-EXT
IP: 10.5.222.4
Netmask: 255.255.0.0
Gateway: –
Virtual Interface 2’s “real” interface
Name: C-Inside or Cisco-INT
IP: 10.10.0.58
Netmask: 255.255.255.248
Gateway: –
Virtual Interface 3’s “real” interface
Name: H-Outside or Huawei-EXT
IP: 10.5.222.6
Netmask: 255.255.0.0
Gateway: –
Virtual Interface 4’s “real” interface
Name: H-Inside or Huawei-INT
IP: 10.10.0.59
Netmask: 255.255.255.248
Gateway: –
Software to install
- VirtualBox 5.2.x and its Extension Pack
- Winpcap 4.1.3
- Wireshark-win64 3.2.5
- eNSP V100R002C00B510 Setup
- GNS3 2.2.x or higher (don’t install GNS3 VM)
Finish the simulation VM’s configuration
Save all projects, close all programs, turn off the VM (Shutdown)
On the VM’s Network properties, change each virtual interface’s MAC address to the same MAC of the router port that will connect to it
Boot the VM up again, open the projects and configure the routers.
GNS3 setup for Cisco 7200 Router Simulation
Create a template for the Cisco 7200
Click on the first option of the bar on the left, Browse Routers
+ New template
Install appliance from server
Next
Pick Routers > Cisco 7200 / Dynamips
Install
Install on this computer
Next
Allow custom files
On the warning *Do you want to proceed? Yes
Choose the .image file (which is Missing) and click on the Import button below it.
Choose the c7200-adventerprisek9-mz.152-4.S3.bin file that has the checksum 79ffe4050b2cac60d51af8b953bb02b7. I do not know how I found this file, surely it fell from the back of a truck and I certainly have no permission to use it (nor do you). The official Cisco IOS images for academic use are included in the (paid) membership for VIRL - Cisco Modeling Labs
Open
This is not the correct file
Yes
It turns to Ready to Install
Alternatively, click on Create a new version and create version 152-4.S3
Select the original version or newly created version, and
Next
Do you want to install?
Yes
Create a new topology for the Cisco router
Create a new project.
Drag a Cisco 7200 router from the template we created.
Right-click, Configure
We need to add extra network interfaces to the router by inserting interface boards:
Tab Slots
Slot 1: PA-GE
Slot 2: PA-GE
OK
Click on the left bar’s pane (Browse End Devices).
Drag two Clouds to the topology and give them appropriate names
Click on the cable on the left bar (Add links) - the cursor switches to a +
Click the router, select a port
Click on one of the Clouds, and choose the Windows' network interface that will be used for this port
Do the same with the other Cloud.
Right-click on the router, Start to boot it up.
Right-click on the router, Console to open the serial console
Click on Enter (RETURN), and the simulated router boots already on privileged mode (#)
Make a note of the MACs of the router interfaces you want to connect to the outside of the topology, because we need to put these MACs in the respective VirtualBox 6 virtual interfaces:
|
|
GigabitEthernet1/0 is administratively down, line protocol is down Hardware is 82543, address is ca01.0438.001c (bia **ca01.0438.001c**)
Simulated Huawei router
eNSP setup for simulated Huawei AR2220 router
Unlike the Cisco simulation, the use of eNSP images is free (especially because it is a Linux that simulates the actual software and not a copy of the real software in itself as it is the case of IOS images).
Create a new topology for the Huawei router
Click the New Topo button
Drag an AR2220 router
Drag two Clouds and name them
Right-click on a cloud, Settings
On the Outside cloud, right-click, Settings
Port Building
Binding info: UDP
Port type: Ethernet
Add
Binding info: select interface 3
Port type: Ethernet
Add
Port Map Setting
Port type: Ethernet
Local Port: 1
Remote Port: 2
Two-way Channel
Add
Close the window
On the Inside cloud, right-click, Settings
Port Building
Binding info: UDP
Port type: Ethernet
Add
Binding info: select interface 4
Port type: Ethernet
Add
Port Map Setting
Port type: Ethernet
Local Port: 1
Remote Port: 2
Two-way Channel
Add
Close the window.
Click on the connections (lightning icon), select Auto or Copper
Connect the router to each of the clouds (as in Packet Tracer - click, choose Port, click on the destination, choose port)
Esc to leave the connection mode (pointer goes back to normal)
Right-click on the router, Start (boots the router up)
Right-click on the router, CLI (opens the serial console)
Make a note of the MACs of the router interfaces that were connected to the clouds.
<Huawei> display int g0/0/0
[…] IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is **00e0-fc29-614c** […]
Huawei initial setup
Open the AR2220’s CLI
May 16 2021 07:43:40-08:00 Huawei %%01IFPDT/4/IF_STATE(l)[0]:Interface GigabitEthernet0/0/0 has turned into UP state. May 16 2021 07:43:40-08:00 Huawei %%01IFPDT/4/IF_STATE(l)[1]:Interface GigabitEthernet0/0/1 has turned into UP state.
Display the base config:
<Huawei> display current
[V200R003C00] # snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00 # portal local-server load portalpage.zip # drop illegal-mac alarm # set cpu-usage threshold 80 restore 75 # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type http # firewall zone Local priority 15 # interface GigabitEthernet0/0/0 # interface GigabitEthernet0/0/1 # interface GigabitEthernet0/0/2 # interface NULL0 # user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return
Set the clock to not be on the Beijing timezone:
<Huawei> clock timezone GMT add 0
<Huawei> clock daylight-saving-time GMT repeating 01:00 last Sun Mar 01:00 last sun Oct 01:00
<Huawei> display clock
2021-05-16 01:21:21 DST
Sunday
Time Zone(GMT) : UTC+00:00
Daylight saving time :
Name : GMT
Repeat mode : repeat
Start year : 2000
End year : 2099
Start time : last Sunday March 01:00:00
End time : last Sunday October 01:00:00
Saving time : 01:00:00
<Huawei> system-view
Enter system view, return user view with Ctrl+Z.
[Huawei] display version
Huawei Versatile Routing Platform Software VRP (R) software, Version 5.130 (AR2200 V200R003C00) Copyright (C) 2011-2012 HUAWEI TECH CO., LTD Huawei AR2220 Router uptime is 0 week, 0 day, 1 hour, 55 minutes BKP 0 version information: 1. PCB Version : AR01BAK2A VER.NC 2. If Supporting PoE : No 3. Board Type : AR2220 4. MPU Slot Quantity : 1 5. LPU Slot Quantity : 6 MPU 0(Master) : uptime is 0 week, 0 day, 1 hour, 55 minutes MPU version information : 1. PCB Version : AR01SRU2A VER.A 2. MAB Version : 0 3. Board Type : AR2220 4. BootROM Version : 0
[Huawei] sysname RSFE
[RSFE]
Simulated routers' redundancy test
Three pings were started on a client in the LAN (internal) network
If you’re using a Linux system, use the -O option (uppercase “o”) to show all the ping timeout messages like on Windows
- One ping to 1.1.1.1
- One ping to Cisco’s internal IP, (10.10.0.60, in this case)
- One ping to Huawei’s internal address, (10.10.0.61, in this case)
In the normal situation, with Cisco as the designated router, we have access to the WAN
Shutting down Cisco’s internal interface, the ping to 10.10.0.60 stops, but we can still access the WAN.
I do not know the source of the ICMP duplicate responses, but:
- with the Huawei as backup the pings to 10.10.0.61 return duplicates
- with Huawei as Master the pings to 10.10.0.61 return normally, but the pings to 1.1.1.1 return duplicates.
Good luck!
I hope this hairy hack can help anyone who needs to set up a mixed system even if you are prevented from having access to physical hardware, or serves as an enabler for other, more advanced, topologies.