I’ve been working on virtualizing a cisco router on the cloud so that I can tunnel vpn traffic from one network to the other. The initial goal was to get a virtual Cisco router working on the cloud.
To get this going, I have the Cisco IOS 12.4 and was planning on running it off of GNS3, which is a front-end UI to Dynamips. I have most of my servers with Rackspace, but for this project, I was working with a server on the Amazon EC2. Below is a snapshot of what I was trying to accomplish.
Cisco Router on a Virtualized Environment
For this to work, you’d have to bridge the ethernet interface of the Cisco router to the ethernet interface of the Windows machine. GNS3 will help you in creating a TAP interface (similar to Linux) to get this going.
With Amazon, you get a public dns address for your machine, however, they install a private address on your server instance. I tried to remove it and only have the instance use the public address, which resulted in a disconnect. So, I started from scratch and kept the private and public address in tact. The way Amazon handles this is by natting your public address to the private address.
Having both virtualized private addresses hold hands as they pass on vpn traffic to the cloud didn’t seem to work. After using Dynamips on a Unix environment (Mac), I’ve gotten comfortable with text configuration. At the time, GNS3 wasn’t ported for Mac. To my luck, I figured I can replicate the same setup on a Fedora and ditch the GUI.
Setting up Dynamips on Fedora was a breeze and loading up configurations was just as simple. However, the virtualized router had intermittent failures and was unreliable. Dynamips would start up the Hypervisor on port 7200. If loading the IOS failed (and it did off and on), I would restart Hypervisor on an alternate port and it just seemed to not want to work from there. Going back to the default port seemed to be the main requirement. I ensured that all processes using the default port were killed, but just kept coming across binding issues, which would get fixed with a reboot.
In the end, I found that virtualizing a corporate router, which essentially is an OS, running on emulated hardware, on top of another OS which is already virtualized on another OS… just didn’t make sense. The fight isn’t over. I’ll be switching gears and working with Vyatta.