Kyle Brandt

Introduction:
GNS3 is a graphical network simulator that is integrated with the Cisco router emulator Dynamips.  In this tutorial I will explain how to connect your Linux host to an emulated 7200 series router, then that router to another 7200 router, and finally that second router will be connected to a Linux VM running in VMware Server.  In this lab environment we will also configure access control lists ( ACLs ), Network Address Translation ( NAT ), and a site-to-site Internet Security Protocol Virtual Private Network ( IPsec VPN ) tunnel between the two routers in Part 2.

Pre-Requists:
• VMware Server
• A Cisco 7200 router firmware image ( You will have to get this on your own, I don’t want to step on Cisco’s copyright )
• This tutorial assumes the Linux host and the virtual machine are running Ubuntu 8.10

Getting Started:
1. Install GNS3: sudo apt-get install gns3 dynamips
2. Start GNS3 and follow the setup wizard, you will want to load the 7200 .bin files
3. Install VMware server: You will need to patch it see here ( http://ubuntu-tutorials.com/2008/11/01/vmware-server-107-on-ubuntu-810-intrepid-2627-7-generic/ ) before installing.  Make sure to allow host-only networking ( You can chose to install all the different networking options ).
4. Create a Ubuntu 8.10 VM with host only networking in VMware server.

Setting up our layout in GNS3:
1. Start gns3 as root: gksudo gns3
2. Create two Cisco 7200 by dragging the icon over from the left.
3. Right click each router, click on the slots tab, and change slot0 to C7200-IO-2FE and slot1 to PA-2FETX ( this will give each router 4 Fast Ethernet interfaces ).
4. Right click each router and change the host names to lab1 and lab2.

GNS3 Network Diagram

Basic configuration for each router:
1. Right click lab1 and chose start.
2. Right click lab1 and chose console.
3. You should see ‘Self Decompressing the Image’, we are now in the emulated IOS terminal connection.

a. Chose yes for ‘initial configuration dialog’.
b. Chose yes for ‘basic management setup’.
c. Call the router lab1.
d. Enter passwords when asked.
e. chose no to SNMP management.
f. Chose FastEthernet0/0 for ‘management network from the above interface summary’.
g. Chose Use the 100 Base-TX (RJ-45) connection.
h. Select no for full duplex.
i. Chose yes to Configure IP on that interface.
j. For the interface IP, chose a s /24 subnet that is not being used in your network or by VMWare ( run ifconfig on your host machine and look at what the vmnet interfaces are to see what VMWare is using ). For my example it is going to be 192.168.1.1
k. Accept the 255.255.255.0 subnet mask.
l.  Press 2 to save.
m. Then go into enable mode by typing ‘enable‘ and then type ‘copy run start‘.
n. Save your work so far in GNS3 by choosing ‘Save as’ and also extract all your configurations by pressing the yellow arrow.

4. Repeat steps 1-3 above for the lab2 router but for step j:

i. Start your VMware Linux VM that was set up with host only networking.
ii. Look at what IP you have  been given, for my example it is was 192.168.21.128
iii. Configure the F0/0 on this router to match that network, in my case it would be 192.168.21.1 with a subnet mask of 255.255.255.0

Getting the Routers to talk to each Other:
1. On lab1:

a. Open up the console for lab1.
b. Run the following commands in the lab1 console:
enable
conf t
int F1/0
ip address 12.12.12.1 255.255.255.252
< ctrl-z >
copy run start

2. On Lab2:

a. Do the same as above but with: ip address 12.12.12.2 255.255.255.252

3. In GNS3 click the icon that looks like an Ethernet cable, chose fast ethernet and connect f1/0 of lab1 to f1/0 of lab2 by clicking on a router and then clicking the other router. Expand the ‘Topology Summary’ for each router so you can verify that the correct interfaces are connected to each other. Do verify that you got the interfaces specified, I found this to be a bit buggy to get the interfaces I wanted.
4. Log into the console of each router and ping the other to make sure the connection is working.

Connect your Host Machine to the Virtual Network:
1. In GNS3 Create a cloud by dragging it from the left.
2. Right click the cloud and chose configure.
3. Click on the NIO TAP tab, type in ‘tap0′ to the field and click ‘Add’ and then ‘Apply’.
4. From your Linux host open up a terminal:

a. Install the utilities that let you create tap interfaces: sudo apt-get install uml-utilities
b. Become Root: sudo su -
c. Load the tun module: modprobe tun
d. Create the tunnel interface: tunctl
c. Give the tap interface an IP that matches your network for lab1’s f0/0, i.e. : ifconfig tap0 192.168.1.100 netmask 255.255.255.0 up
d. If using iptables you may need to add some rules like: iptables -I INPUT 1 -i tap0 -j ACCEPT

5. In GNS3 click the Ethernet icon and select fast ethernet.  Then click Lab1 first and the cloud and select the tap0 interface.
6. Verify you can reach the IP of Lab1’s FastEthernet 0/0 ip by pinging it from you Linux Host.

Connect your Virtual Machine to the Virtual Network:
1. In GNS3 create a cloud by dragging it from the left.
2. Right click the cloud and chose configure.
3. Click on the NIO ETHERNET tab and then ‘Linux Ethernet NIO’, select the vmnet interface that corresponds to the host only networking and click ‘Add’ and then ‘Apply’.  In my example it is vmnet1.
4. In a terminal on your Linux host note the IP of the vmnet interface of the previous step and then remove the ip by entering: sudo ifconfig vmnet1 0.0.0.0 #if vmnet1 was the interface from step 3. The IP is removed because that is the IP we gave the FastEthernet interface on Lab2.
5. In GNS3 connect the cloud to the cloud by clicking the Ethernet icon, selecting fast ethernet, clicking lab2, and then selecting the nio_linux_eth:vmnet1 interface of the cloud.
6. Verify that you can reach the IP of Lab2’s FastEthernet 0/0 by pinging it from the Linux VM.
7. To be able to reach the VM from the Linux host throught the virtual network add the following route to the Linux host: sudo route add -net 192.168.21.0 netmask 255.255.255.0 gw 192.168.1.1

Conclusion:
You should now have a basic network with two routers that you can practice with.  In the second article we will configure NAT, IPsec, and ACLs on the routers.  Please do comment on any confusing steps in this tutorial, I wrote it after doing this myself and not as I did it, so something might be missing.

Reference:
http://www.blindhog.net/tutorials/linux-loopback-tap0.htm
Lab1 Router Configuration
Lab2 Router Configuration

I recently picked up a 40 inch 1080p TV on Black Friday for my media computer (standard Ubuntu Intrepid Ibex install). Since this machine is a $450 dollar Dell Vostro (Intel Core 2 Duo E4500 CPU) it isn’t the fastest machine out there, but I have still been able to get generally smooth playback of H.264 1080p video.

Vocabulary
My understanding of the relevant codec vocabulary is as follows (Please comment on any inaccuracies). You get can get a lot of detail from this thread.

• H.264 is the format of the encoded video.
• x264 is a common encoder for creating H.264 video.
• ffmpeg an open source decoder of H.264 video. It is the packaged standard in Linux for vlc and MPlayer.
• CoreAVC is a commercial decoder that is built for windows, but can be used in Linux.
• mkv (Mastroka) is a container that packages the video, audio, subtitles, etc. into one file. There is often H.264 in these files, but .mkv does not always mean H.264 or even HD.

Abstract
To successfully get good playback of 1080p H.264 video I had to purchase the CoreAVC codec, use the coreavc-for-linux project and wine to enable CoreAVC in Linux, and then recompile MPlayer with support for CoreAVC.

CoreAVC
The reason CoreAVC performs so much better than ffmpeg on my system is because CoreAVC is multi-threaded. This means that on a dual core system both CPU cores will be used to decode the video, instead of just one. If you run top and press ‘1′ you can see the utilization of each core, you will probably just see 1 core being utilized when you play video. The other core will probably show some usage, but it will be another process using it.

Since decoding H.264 is very resource intensive, multi-threading really helps. Currently there is no GPU (video card based) decoding for Linux except for a very beta NVidia driver.

CoreAVC costs a very reasonable 15 dollars, so it is definitely worth supporting the development of it.

CoreAVC For Linux
CoreAVC for Linux allows you to use the windows CoreAVC codec with Linux. The wiki on the project page will guide you through the installation. You must first run the CoreAVC install using wine (‘apt-get install wine‘ if you don’t have it already). Then follow the steps in registering the codec. Lastly, you will need to apply a patch to MPlayer and then compile it from source. Alternativly, you can get pre-built binaries (.deb ) from here of MPlayer and coreavc-for linux, but you will still need to install and register CoreAVC.

Mplayer

Mplayer is a very flexible player with a great depth of configuration. After applying the patch as instructed to in the CoreAVC wiki I configured it to install into /opt/mplayer before compiling (with ‘./configure PREFIX=/opt/mplayer‘) so I would have both the Ubuntu packed MPlayer and my own compiled version. I then run my version by typing the absolute path to it ( /opt/mplayer/bin/mplayer ).

I also had to update my x264 libraries for the latest subversion snapshot of MPlayer to compile successfully in Ubuntu Inrepid Ibex:

sudo apt-get install git-core
git clone git://git.videolan.org/x264.git
cd x264
make
sudo make install


The one problem I am still trying to resolve with MPlayer is to stop screen tearing. Screen tearing is when part of the image is no longer vertically aligned with the rest of the image for a brief moment. It is most noticeable in shots when the camera is panning. It is caused by the refresh rate of the monitor not being synced with the refresh rate of the video. There is only one way to fix this that I have found in Linux and that is to enable VSync to Blank and use the OpenGL output buffer. (sync to vblank can be enabled with the driconf package). Unfortunetly, for me when I select OpenGL with MPlayer the screen flickers. To try OpenGL pass ‘-vo gl’ to MPlayer.

The MPlayer options I use are: ‘-vc coreserve -cache 20000 -fs’. ‘-vc coresevre’ selects CoreAVC,the cache switch creates a cache of 20MB that will help if other applications are accessing the disk, and finally ‘-fs’ makes the playback fullscreen. I also increase the disk io and the cpu priority of MPlayer and dshowserver to max with the following commands:

ps aux | grep mplayer #Note the PID of the process (second column)
ps aux | grep dshow #Again, note the PID
#The following for both PIDs:
renice -1 -p$PID
ionice -c 1 -p$PID

Conclusion
With this setup I get much better 1080p HD playback than I did with the default Ubuntu Intrepid Ibex setup. I only occasionally get a hickup in playback but only in the most demanding scenes (lots of water) from something like BBC’s Planet Earth.

Update: I do not recommend the following the method. It left me with a partial install (which fortunately I have seem to recovered from). Also when trying to install a restricted driver, I had to delete the cdrom source from apt. This was because the restricted drivers GUI would hang when trying to mount the cdrom.

Since I have several computers with Ubuntu that I wanted to upgrade the most efficient way for me to do this was to upgrade using the cdrom. In order to do this you must use the alternate install cd. If you scroll to the bottom of the previous link you can grab the alternate cd from one of the mirrors.

When I did the following upgrade process it was from Hardy Heron to Intrepid Ibex. The following instructions are at your own risk, upgrades can often lead to bad situations.

1. Get the alternate install cd (see above).
2. Mount the .iso image or burn it and put it in the cdrom drive: To mount the iso image, first create the /mnt/iso directory with mkdir /mnt/iso and then: sudo mount ubuntu-8.10-alternate-i386.iso /mnt/iso/ -t iso9660 -o ro,loop=/dev/loop0
3. ssh into your remote machine you wish to upgrade: ssh remote-machine
4. (Optional, but highly recommended): Start a screen session so if you get disconnected it won’t interrupt the upgrade (read how to use screen here): screen
5. Within the screen session, start a text-based cdrom upgrade with the following command: sudo /mnt/iso/cdromupgrade –frontend=DistUpgradeViewText
6. The upgrade will periodically ask you yes/no questions throughout the upgrade, so it is not unattended. If you really wanted it to you could try using the yes command and a pipe to force yes to all, but I wouldn’t recommend it and am not sure if it would work:-) One odd thing is if you type ‘d’ for details it opens the information in the program ‘less’, so if you chose this just press ‘q’ to quit after you are done reading the information.

I was lucky enough to be loaned a couple of CISCO 1720 routers by my office today. Connecting to them was pretty straight forward.

What you will need:

1. A roll-over cable (aka Cisco Console Cable). These are usually RJ-45 on the router side and serial on the PC side.

2. If your computer doesn’t have a serial port (like mine) you can get a 9-pin D-sub serial to USB cable. I got the Gigaware cable from RadioShack for thirty dollars.

Get Connected:

The following worked for me with Hardy Heron installed on my MSI Wind.

1. Connect all the cables: USB — > Serial –> Crossover –> Console Port
2. Download and install Minicom: sudo apt-get install minicom
3. Make sure that the USB to serial cable is recognized. lsusb should list something like Bus 001 Device 002: ID 05ad:0fba Y.C. Cable U.S.A., Inc.
4. Type ls /dev/tty* to make sure /dev/ttyUSB0 or something similar is listed.

Update: In my search to reset the password to the router, I needed to send a break to the console. I was finally able to do this using GNU screen. Screen is easier than minicom, all you need to do is type screen /dev/ttyUSB0 instead of the remaining steps five through eight. I was then able to send my break using [meta-command]-B or [meta-command]-b (Not sure which it was).

5. Start minicom with minicom and hit CTRL-A and then O to open the options. (All commands in minicom start with CTRL-A, like GNU Screen).
6. Enter A to change the serial device setting to /dev/ttyUSB0 or whatever you found in step 4.
7. Select “Save setup as dfl”
8. Hit CTRL-A X to exit and then restart minicom, the port should be displayed as /dev/ttyUSB0
9. When it restarted all I had to do was hit enter to get the prompt of my CISCO 1720