The alternative or complementary approach is something like batfish[1], for validation vs. emulation. -- Hugo Slabbert | email, xmpp/jabber: hugo@slabnet.com pgp key: B178313E | also on Signal [1] https://www.batfish.org/ On Wed 2019-Oct-16 12:19:31 -0400, Yan Filyurin <yanf787@gmail.com> wrote:

This also depends on your scale. If you have lots of routers, you would end up with lots of compute to run the VM instances. If you get the compute (which is cheap comparing to actual network hardware), you would need a "cloud orchestration” tool and a a system to connections from host to host like some form of overlay networking.

GNS3 would do a good job, but for something with a bit more orchestration APIs. There is this:

https://networkop.co.uk/post/2019-01-k8s-vrnetlab/ <https://networkop.co.uk/post/2019-01-k8s-vrnetlab/>

And the nice people who even show up to NANOG every once in a while:

https://www.tesuto.com/ <https://www.tesuto.com/>

There are a few other tools that people built on their own if you scrub GitHub. I even felt into that trap and exploring VRnetlab.

But numerous things were achieved. Yes, you would miss out on all the hardware bugs, hardware adaption layer issues and maybe a scale issue or two, but with enough instances, route generators and maybe even some application (some of these things can even forward traffic), you could discover 90% of things that can go wrong.

And you get the flexibility of downloading evaluation images of all kinds of things, so maybe you can avoid spending any money.

Yan

...

On Oct 16, 2019, at 12:03 PM, Jason Kuehl <jason.w.kuehl@gmail.com> wrote:

I did this at my current company with also using VM Palo Alto.

Greeting of testing out a plan to make sure its insane.

The key it keeping its all up todate down to the firmware version (I know its not possible for some because virtual)

The things this wont find are hardware related faults or issues.

On Wed, Oct 16, 2019 at 11:52 AM Ryland Kremeier <rkremeier@barryelectric.com <mailto:rkremeier@barryelectric.com>> wrote: Hello,

I’m currently in the process of setting up a near identical network to our own in GNS3 for testing purposes. Has anyone here tried this before to any success? We need to buy the Cisco IOSv image to continue with the sim so I figured I would inquire here first before diving in.

All info is appreciated,

--

Ryland Kremeier

-- Sincerely,

Jason W Kuehl Cell 920-419-8983 jason.w.kuehl@gmail.com <mailto:jason.w.kuehl@gmail.com>

Totally agree with Tom here. It's going to work really well for most things. But if you're testing code for bugs you NEED to do it on the same hardware you have in your environment in an actual lab. - Mike Bolitho On Wed, Oct 16, 2019 at 9:56 AM Tom Beecher <beecher@beecher.cc> wrote:

GNS3 can do a heck of a lot, and the price is definitely right.

I have used it extensively for initial fleshing out of designs or ideas, protocol nerding, automation interaction testing, etc. There certainly other tools out there, but being able to visually draw a topology out, connect the dots, and have an environment to test in about 10 minutes is very nice. There is an API you can hook into to do some of that for you if you are so inclined, but that would depend on your use case and resources. For how I've used it, never been required.

Some of the VMs from vendors can be pretty CPU and/or RAM intensive, so I've had the best experience running them all on a dedicated server, not locally. Again, use case dependent. For code testing I would always run the test set on hardware as well for likely obvious reasons.

If you really get into the weeds with it you can do quite a lot.

On Wed, Oct 16, 2019 at 11:52 AM Ryland Kremeier < rkremeier@barryelectric.com> wrote:

...

Hello,

I’m currently in the process of setting up a near identical network to our own in GNS3 for testing purposes. Has anyone here tried this before to any success? We need to buy the Cisco IOSv image to continue with the sim so I figured I would inquire here first before diving in.

All info is appreciated,

--

Ryland Kremeier

Oh, forgot the links… http://www.eve-ng.net/ http://www.eve-ng.net/documentation/howto-s From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Aaron Gould Sent: Wednesday, October 16, 2019 1:14 PM To: 'Mike Bolitho'; 'Tom Beecher'; 'Ryland Kremeier' Cc: nanog@nanog.org Subject: RE: Viability of GNS3 network simulation for testing features/configurations. I’ve used GNS3 some years ago for a lot of simulation and testing. But, I’m blown away at how much more I like EVE-NG (emulated virtual environment next-gen) I use the community free version… lots of vendor OS support… of which, I’ve actually work with the following…. - XRv - IOS virtual - vMX - vSRX - vQFX …check your in-box for a screen shot of my current environment. -Aaron From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Mike Bolitho Sent: Wednesday, October 16, 2019 12:02 PM To: Tom Beecher Cc: <nanog@nanog.org> Subject: Re: Viability of GNS3 network simulation for testing features/configurations. Totally agree with Tom here. It's going to work really well for most things. But if you're testing code for bugs you NEED to do it on the same hardware you have in your environment in an actual lab. - Mike Bolitho On Wed, Oct 16, 2019 at 9:56 AM Tom Beecher <beecher@beecher.cc> wrote: GNS3 can do a heck of a lot, and the price is definitely right. I have used it extensively for initial fleshing out of designs or ideas, protocol nerding, automation interaction testing, etc. There certainly other tools out there, but being able to visually draw a topology out, connect the dots, and have an environment to test in about 10 minutes is very nice. There is an API you can hook into to do some of that for you if you are so inclined, but that would depend on your use case and resources. For how I've used it, never been required. Some of the VMs from vendors can be pretty CPU and/or RAM intensive, so I've had the best experience running them all on a dedicated server, not locally. Again, use case dependent. For code testing I would always run the test set on hardware as well for likely obvious reasons. If you really get into the weeds with it you can do quite a lot. On Wed, Oct 16, 2019 at 11:52 AM Ryland Kremeier <rkremeier@barryelectric.com> wrote: Hello, I’m currently in the process of setting up a near identical network to our own in GNS3 for testing purposes. Has anyone here tried this before to any success? We need to buy the Cisco IOSv image to continue with the sim so I figured I would inquire here first before diving in. All info is appreciated, -- Ryland Kremeier

I use the server version of GNS and I love it. I just need to VPN into my DC and use my client to connect to GNS. On Wed, Oct 16, 2019 at 2:22 PM Mike Bolitho <mikebolitho@gmail.com> wrote:

EVE-NG is also really good. Just an FYI, GNS3 went through a major refresh about 18 months ago or so and it's so much better now. Either way, you can't go wrong with GNS3 or EVE-NG.

- Mike Bolitho

On Wed, Oct 16, 2019 at 11:18 AM Aaron Gould <aaron1@gvtc.com> wrote:

...

Oh, forgot the links…

http://www.eve-ng.net/

http://www.eve-ng.net/documentation/howto-s

*From:* NANOG [mailto:nanog-bounces@nanog.org] *On Behalf Of *Aaron Gould *Sent:* Wednesday, October 16, 2019 1:14 PM *To:* 'Mike Bolitho'; 'Tom Beecher'; 'Ryland Kremeier' *Cc:* nanog@nanog.org *Subject:* RE: Viability of GNS3 network simulation for testing features/configurations.

I’ve used GNS3 some years ago for a lot of simulation and testing. But, I’m blown away at how much more I like EVE-NG (emulated virtual environment next-gen)

I use the community free version… lots of vendor OS support… of which, I’ve actually work with the following….

- XRv

- IOS virtual

- vMX

- vSRX

- vQFX

…check your in-box for a screen shot of my current environment.

-Aaron

*From:* NANOG [mailto:nanog-bounces@nanog.org] *On Behalf Of *Mike Bolitho *Sent:* Wednesday, October 16, 2019 12:02 PM *To:* Tom Beecher *Cc:* <nanog@nanog.org> *Subject:* Re: Viability of GNS3 network simulation for testing features/configurations.

Totally agree with Tom here. It's going to work really well for most things. But if you're testing code for bugs you NEED to do it on the same hardware you have in your environment in an actual lab.

- Mike Bolitho

On Wed, Oct 16, 2019 at 9:56 AM Tom Beecher <beecher@beecher.cc> wrote:

GNS3 can do a heck of a lot, and the price is definitely right.

I have used it extensively for initial fleshing out of designs or ideas, protocol nerding, automation interaction testing, etc. There certainly other tools out there, but being able to visually draw a topology out, connect the dots, and have an environment to test in about 10 minutes is very nice. There is an API you can hook into to do some of that for you if you are so inclined, but that would depend on your use case and resources. For how I've used it, never been required.

Some of the VMs from vendors can be pretty CPU and/or RAM intensive, so I've had the best experience running them all on a dedicated server, not locally. Again, use case dependent. For code testing I would always run the test set on hardware as well for likely obvious reasons.

If you really get into the weeds with it you can do quite a lot.

On Wed, Oct 16, 2019 at 11:52 AM Ryland Kremeier < rkremeier@barryelectric.com> wrote:

Hello,

I’m currently in the process of setting up a near identical network to our own in GNS3 for testing purposes. Has anyone here tried this before to any success? We need to buy the Cisco IOSv image to continue with the sim so I figured I would inquire here first before diving in.

All info is appreciated,

--

Ryland Kremeier

-- Sincerely, Jason W Kuehl Cell 920-419-8983 jason.w.kuehl@gmail.com

Thanks Mike for the info on GNS3…. My info is old, I’ll have to take a look at the recent GNS3 sometime soon… -Aaron From: Mike Bolitho [mailto:mikebolitho@gmail.com] Sent: Wednesday, October 16, 2019 1:22 PM To: Aaron Gould Cc: Tom Beecher; Ryland Kremeier; nanog@nanog.org Subject: Re: Viability of GNS3 network simulation for testing features/configurations. EVE-NG is also really good. Just an FYI, GNS3 went through a major refresh about 18 months ago or so and it's so much better now. Either way, you can't go wrong with GNS3 or EVE-NG. - Mike Bolitho On Wed, Oct 16, 2019 at 11:18 AM Aaron Gould <aaron1@gvtc.com> wrote: Oh, forgot the links… http://www.eve-ng.net/ http://www.eve-ng.net/documentation/howto-s From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Aaron Gould Sent: Wednesday, October 16, 2019 1:14 PM To: 'Mike Bolitho'; 'Tom Beecher'; 'Ryland Kremeier' Cc: nanog@nanog.org Subject: RE: Viability of GNS3 network simulation for testing features/configurations. I’ve used GNS3 some years ago for a lot of simulation and testing. But, I’m blown away at how much more I like EVE-NG (emulated virtual environment next-gen) I use the community free version… lots of vendor OS support… of which, I’ve actually work with the following…. - XRv - IOS virtual - vMX - vSRX - vQFX …check your in-box for a screen shot of my current environment. -Aaron From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Mike Bolitho Sent: Wednesday, October 16, 2019 12:02 PM To: Tom Beecher Cc: <nanog@nanog.org> Subject: Re: Viability of GNS3 network simulation for testing features/configurations. Totally agree with Tom here. It's going to work really well for most things. But if you're testing code for bugs you NEED to do it on the same hardware you have in your environment in an actual lab. - Mike Bolitho On Wed, Oct 16, 2019 at 9:56 AM Tom Beecher <beecher@beecher.cc> wrote: GNS3 can do a heck of a lot, and the price is definitely right. I have used it extensively for initial fleshing out of designs or ideas, protocol nerding, automation interaction testing, etc. There certainly other tools out there, but being able to visually draw a topology out, connect the dots, and have an environment to test in about 10 minutes is very nice. There is an API you can hook into to do some of that for you if you are so inclined, but that would depend on your use case and resources. For how I've used it, never been required. Some of the VMs from vendors can be pretty CPU and/or RAM intensive, so I've had the best experience running them all on a dedicated server, not locally. Again, use case dependent. For code testing I would always run the test set on hardware as well for likely obvious reasons. If you really get into the weeds with it you can do quite a lot. On Wed, Oct 16, 2019 at 11:52 AM Ryland Kremeier <rkremeier@barryelectric.com> wrote: Hello, I’m currently in the process of setting up a near identical network to our own in GNS3 for testing purposes. Has anyone here tried this before to any success? We need to buy the Cisco IOSv image to continue with the sim so I figured I would inquire here first before diving in. All info is appreciated, -- Ryland Kremeier

On Thu, 17 Oct 2019 at 15:15, <adamv0025@netconsultings.com> wrote:

But as you can see A) and B) can easily be tested with a single DUT (or some small topology around it) using actual HW plugged in a loop with IXIA/Spirent testers.

Snake topology does conserve IXIA/Spirent ports but will not allow you to test everything. I see no practical way of just having bunch of IXIA/Spirent ports to verify behaviour under various types of congestion. Unfortunately the 'bunch' is getting rather large, since even the smallest atom of a modern networking chip may contain dozens of 100GE ports. -- ++ytti

Said that I haven’t played with GNS3, EVE-NG, VIRL,… recently so I don’t know if any of these would allow me to create these massive “spreadsheets” for programmatic generation of labs.

GNS3 you can, they have a fairly well documented JSON based API that you can use to script up all the things, connections, and visual layout as well. I've only played with it on a rudimentary level, but it seems to work just fine. On Thu, Oct 17, 2019 at 8:14 AM <adamv0025@netconsultings.com> wrote:

I’ve been using network simulation well before GNS3 was around using dynamips - and even when GNS3 came along it was still not good -since it just couldn’t handle the scale (~40nodes) (not on my compute resources at that time anyways).

And similarly nowadays in the era of proper HW simulation through VMs (though I miss the idle-pc), I really like virsh/libvirt along with OVS as it allows me to programmatically generate the VM files (xmls, images, etc..) and define the topology in OVS (talking hundreds of links) which would be otherwise really tedious to draw by hand.

Also spinning up a big virtual lab from scratch takes several hours (of pure compute time) so it’s better to have some meshing in between the nodes and just spin up arbitrary L1 topologies on demand rather than spinning up the VMs every time one needs to load a different topology.

Said that I haven’t played with GNS3, EVE-NG, VIRL,… recently so I don’t know if any of these would allow me to create these massive “spreadsheets” for programmatic generation of labs.

Best approach is to have at least two virtual environments

1) closely resembling production environment -this is where designers and Ops people can test day to day operational changes etc..

2) environment where architects can test strategic/evolution changes to the network infrastructure, new concepts and big migration/integration projects, etc…

What is it good for:

Testing design concepts

-this is one of the biggest advantages of virtual testing

Physical labs as we all know cost a small fortune and you can simulate just a small cross-sections of your overall topology at a time -but in virtual lab depending on your computing resources and depending on what you need to test you can either simulate very large sections or complete network (at lower resolution) or smaller sections with very high resolution or combination of both.

This allows you to really see what happens to your traffic patterns and assess the impact of your design changes from small to large scales.

What is it not good for:

A) Scale testing

i.e. how many bgp/bfd/vrrp/etc.. sessions how many routes/VRFs/etc… - you need the actual HW resources to carry out these tests

B) Performance testing

How much pps I can drive through NPU with these features (QOS,filters,etc…) what are the failover times, (fast reroute, fabric fail,RE fail, etc…) -again you need the actual HW that will be used in production to measure these

But as you can see A) and B) can easily be tested with a single DUT (or some small topology around it) using actual HW plugged in a loop with IXIA/Spirent testers.

adam

*From:* NANOG <nanog-bounces@nanog.org> *On Behalf Of *Ryland Kremeier *Sent:* Wednesday, October 16, 2019 4:31 PM *To:* <nanog@nanog.org> <nanog@nanog.org> *Subject:* Viability of GNS3 network simulation for testing features/configurations.

Hello,

I’m currently in the process of setting up a near identical network to our own in GNS3 for testing purposes. Has anyone here tried this before to any success? We need to buy the Cisco IOSv image to continue with the sim so I figured I would inquire here first before diving in.

All info is appreciated,

--

Ryland Kremeier