Lab Network Infrastructure

As well as working on the “Automation Lab Project” I’ve been busy documenting the LAB infrastructure I’ve built up at home. When I start to study, I’ll be using GNS3 and Juniper Olive VMs to learn with, and also have access to the Physical Juniper Router.

When I was studying for CCNP, I did a similar thing where I connected up real kit to GNS3 using a breakout switch and it worked quite well. What I didn’t do very well is keep track of my configurations and any changes I made. This time round I wanted to try again and ensure that I document what I do.

As an added extra I wanted to keep track of my LAB configurations so I looked into building a Raspberry Pi with RANCiD, a tool that backups network configurations and you can also run diffs against the changes made. I found a really good YouTube video here from a lecture at SAINTCon 2015 and just followed the steps.

Watching the video I found out about a really good Raspberry Pi OS called DietPi. Installing software for it is fairly easy, and there is a really good backup system. As I’m still getting to grips with Administrating Linux it’s been really handy being able to backup/restore quickly, when trying out new things. Below is a screenshot of the front end to RANCiD on the Pi.

Static route added
GIT – Web Front End on Raspberry Pi

The tutorial uses a newer version of Rancid that I’m used to and opts for GIT instead of CVS to diff the configurations. Since I’ve been learning a little bit more about how GIT works, I’ve found out from a Dev friend that you can push your GIT to multiple remote repositories using GIT remotes. So using a bash script and cron job, I’m able to PUSH the configurations up to a remote GIT site as well as keeping a copy locally and on USB (via dietpi-backup).

Testing the LAB

So far, I’ve been testing small topologies in GNS3 with the Cisco IOS routers in GNS3 and it’s working well. Out of the 8 Cisco devices you can see below, they all backed up correctly.

The Raspberry PI on the physical network can access the GNS3 lab and can back up the configurations. What may complicate the Juniper SRX lab configs will be ensuring that the LAB can get to the 192.168.1.0/24 network so that they can all backup – we’ll see.

I wrote up some notes during the Raspberry Pi installation as it was a bit hit as miss at times – so I’ll write up a post in the future.

GNS3 Test Topology – RANCiD

Study for the JNCIS-SEC

As I prepare for the JCNIS-SEC exam I’m hoping to be able to use this LAB infrastructure as a way to keep track of configurations when I’m using GNS3, and also keep practicing. I’ve got the Juniper book Juniper SRX Series to read through and Juniper Security, to accompany it.

The RANCiD backups might be a little bit overkill at this point but it should help with learning the structure of configurations. I’m pretty sure a lot of my time is going to be understanding NAT and Firewall Polices over the next few months and at some point I need to review my MPLS knowledge so it should help with amount of router configs.

LAB Diagram and Photos

LAB Infrastructure
LAB Infrastructure
Juniper SRX210HE and Cisco c2960
Raspberry Pi 2 running DietPi, USB backup storage and RANCiD
Coredy USB 3.0 Hub with 100/1000 Network Card

Exam Update

As my JCNIS-SEC exam is coming up this year, preparations are being made to ensure my exam is a successful one. My copy of Juniper SRX Series by Brad Woodberg arrived last week and I’m awaiting my copy of Junos Security, due to arrive shortly.

SRX210HE

Late last year I bought myself some SRX hardware, a SRX210HE. There are a few versions of the SRX210, and when I was choosing some hardware on ebay I wanted to make sure I chose a high memory version.

SRX210 Services Gateway Models
SRX210 Services Gateway Models

My physical Juniper Lab is going OK. I had a few snags when setting up the physical SRX2010, more of a learning experience than anything else. I managed to lock myself out of the device, and was unable to reset to factory default configuration. Why? Because I wiped over the rescue configuration – d’oh. Then, getting back via user recovery mode wouldn’t work and the root account was blocked, what I believe is single user recovery mode.

I ended up trawling the Juniper Forums and then having to flash the device. To be honest it was pretty fun, even if I did think I’d turned my SRX into a £180 brick! I’ve prepared a post detailing the steps taken, it’s in draft and will be up in good time.

“Automation Lab” Project

Automation Lab Project

This time last year, I knew nothing about GIT, GITHub, BitBucket, Ansible or Vagrant and my Linux foo skills were a bit low on the ground. Now, after spending a bit more time reading/testing and practicing with some “on the job skills” every day, I know a little bit more than I did.

Generally I use GNS3 to create Labs and use a combination of VMs/Cisco IOS images/Real kit to lab things up. With my JNCIS-SEC exam coming up, I want to create some Labs using a combination of Real Kit and some Juniper Olive Images.

Problems faced when I created labs in the past:

  • Accommodating kit at home is costly to run and takes up a lot of room!
2015 CCNP Rack
My 2015 CCNP Rack
  • Storing my configurations/projects can become a pain (Several GNS3 Projects scattered)
  • Sometimes I’ll make changes to configurations, close down then forget what I’ve changed
  • Creating similar configurations for 10 routers etc can be a real drag (I don’t want to pay for Cisco VIRL yet) and there doesn’t seem to be a VIRL equivilent for Juniper
  • Building a Linux VM (DNS Services, Endpoints, Web Servers) for use in the lab involves downloading the ISO and installing everything

What goals do I want to achieve here:

  • Solve a few of the “problems” mentioned above using DevOps tools and general network tools
  • Create a GIT repository for Network Scripts
  • Build a Vagrant Box containing the DevOps tools
  • Get to grips with Netmiko and Python to perform tasks on a network
  • Build up a framework to create network templates using Jinja2 template language
  • Explore the features of using Ansible to orchestrate changes to a router (Juniper or Cisco)
  • Have a method of saving configurations and viewing any changes that have been made (Diffs)

What is the project exactly?

At the moment It’s just a set of goals that I want to achieve, to help me become a better network engineer and aid myself with getting my JNCIS-SEC exam. I’ve already started putting some work into a BitBucket private repo that has been going on for the past 6 months and once that’s in better shape I’ll get it released.