Monday, June 23, 2014

Lab Hard, with a Vengeance (VPLS in GNS3!!)

So I'm finally getting back into lab mode, and getting excited out R/S technologies again. After realizing that the requirements for Cisco's CSR1000v (Cloud Services Router) has been dramatically decreased I wanted to get one into virtualbox and throw it in the mix with GNS3. The results thus far have been phenomenal. Hence what this post is about, something I've wanted to get working in a home lab for some time now is VPLS. For those of you not familiar with VPLS, I'm speaking of virtual private lan services. With a 7200 in GNS3 we've been able to create point-to-point pseudowires for some time now. A pseudowire completely hides the MPLS provider network from clients and gives the illusion that both CEs are directly connected by a very long cable. This works because we're encapsulating frames received on the PE and associating them with a virtual circuit that gets label switched between two PE routers. Very cool stuff...

However, what if you had a situation where the client wanted this layer 2 style of WAN... but they had multiple sites. Even worse they wanted a full mesh! Enter VPLS, giving us the ability to almost carve out a small switch inside the MPLS cloud. This is something that GNS3 has been lacking for sometime, because no GNS3 emulated router can host a multipoint pseudowire. Until now! Well... technically it's not GNS3 doing the heavy lifting, it's the CSR1000v. So I made a video about this setup, of course, before trying this in your own lab a couple key notes about the CSR1000v:

- IOS XE 3.10+ is your best bet because of the lowered requirements
- IOS XE 3.10+ requires 2.5GB of RAM, but it can run on a single vCPU (this is vastly improved from the 3.9 release)
- In order to test out the more advance features, after booting up your CSR1000v go into global configuration and enter "license boot level premium", other wise you can't enable MPLS. After setting the boot level to premium and accepting the EULA for eval licensing, wr mem and reload.
- Lastly, unless you want to do all your configs within virtualbox via CSR's virtual console, install CSR with a Serial Console (from the GRUB menu on first boot) and connect via a named pipe. I'm using SOCAT in OS X to redirect the named pipe to /dev/ttys001. Your mileage may vary.


  1. Wonderful, Jon.
    Please write more articles like this.

    1. Sorry I never replied to this. Any suggestions? I just did a sweet one about BGP signaled VPLS in GNS3.

  2. This is a bit of an older post - but curious did you ever try multipoint VPN with CSR1000v. Hub/spoke seems to work pretty easily but I'm having some trouble figuring out how to do mesh. The VFI/VPN defines my neighbors. However, on the CE facing interface I should be able to use the xconnect command to then call the VFI (at least that's how it's done on other versions of IOS) however on the CSR when I go the CE facing interface I can only call a specific neighbor with the xconnect command. So as far as I can tell point to multipoint or hub/spoke is as good as it gets. For what it's worth I'm running 3.17, on esxi.

    1. I did do full mesh with CSR1KV, check out this post.