ModernCyber Blog

Testing DNAC IS-IS Underlay with Cisco Modeling Labs

Written by Chad Mitchell | Nov 23, 2022 5:00:00 AM

A resilient and predictable core network is the underpinning of any successful network architecture. When deploying networks it is nice to have an easy way to test and validate the configurations and ensure that the network behaves the way you designed it when it's simply under normal operating conditions or in the case of failure.

A resilient testbed

For years, at the beginning of my career, testing, and validation required the physical network equipment that you were planning to implement or install at a customer location. Large data center, lots of power, a mess of cables, and maybe a bruised forehead later you could see how your configurations would work when finally installed. I can't tell you the number of times I went through this process. Staging equipment before delivery to the customer minimized outage windows and the amount of time needed on-site to get the network in operation. With the advances in virtualization, it has changed the game for me on preparing configurations such as this through the use of Cisco Modeling Labs software.

Cisco Modeling Labs


Cisco Modeling Labs (CML) started out being called Virtual Internet Routing Labs or VIRL. The application allows users to create and connect multiple networking devices in a virtual form factor. This network can be contained in the host system or can even be bridged onto existing networks as needed. It can be run very easily on multiple platforms and does not require the massive amounts of CPU and Memory that other Cisco IOS emulations are known to need.

By default, CML comes with numerous platform images and a good mix of Linux-based platforms as well. The current list of images and versions can be found here.

General information and datasheets can be found here.

The IS-IS Lab

It had been a few years since I had touched Intermediate System to Intermediate System (IS-IS) routing so I needed to do a little brush-up and verification for an upcoming project where IS-IS Cisco's recommended underlay routing protocol for larger software-defined networks with DNA Center. I wanted to simulate the full dedicated node architecture with full redundancy to make sure that failover and updates would work as expected. I also wanted to test some of the BGP configurations to again brush up on the configurations while not fully identical to how Cisco DNA Center deploys it.

To do this I was going to need to simulate at least 10 routers and switches with some hosts or loopbacks to use for testing reachability. With my power bill already being too high to add 10 more physical devices running at all times I decided to use CML to simulate the network.

I started dragging CSR1000v routers, IOSvL2 switches, and Alpine VM hosts into the Workbench and ended up with this network resembling a Pokemon that I hereby dubbed "Netachu".


From there I was able to start configuring and testing my IS-IS and BGP configurations to resemble, as closely as possible, my planned deployment for the SDA architecture.

A little IS-IS here,

interface GigabitEthernet1/0
no switchport
dampening
ip address 10.11.1.34 255.255.255.252
ip pim sparse-mode
ip router isis
load-interval 30
negotiation auto
bfd interval 100 min_rx 100 multiplier 3
no bfd echo
isis network point-to-point
!
interface GigabitEthernet1/1
no switchport
dampening
ip address 10.11.1.46 255.255.255.252
ip pim sparse-mode
ip router isis
load-interval 30
negotiation auto
bfd interval 100 min_rx 100 multiplier 3
no bfd echo
isis network point-to-point
!
router isis
net 49.0004.0004.0004.0001.00
domain-password cisco123
metric-style wide
log-adjacency-changes
bfd all-interfaces

And a little BGP there,

router bgp 65010
bgp router-id 1.1.1.1
bgp log-neighbor-changes
neighbor 10.11.1.2 remote-as 65001
neighbor 10.11.1.6 remote-as 65001
neighbor 10.11.1.57 remote-as 65010
!
address-family ipv4
network 1.1.1.1 mask 255.255.255.255
neighbor 10.11.1.2 activate
neighbor 10.11.1.6 activate
neighbor 10.11.1.57 activate
neighbor 10.11.1.57 next-hop-self
exit-address-family

And I ended up with a fully functional testbed and simulation where I could break the network in all kinds of different ways without breaking the bank on my power bill. Adding that the CML virtual machine was only consuming 15 GHz of CPU and 37 GB of memory to run all these nodes.

I am using the CML Personal edition on a Cisco UCS appliance and can run up to 20 instances at once with that license, but I have also used it on a laptop for smaller labs. There are other licensing options available for group work and more instances to simulate to your heart's content.

Closing thoughts

No matter if you are just starting out in IT or a seasoned professional I believe that getting your hands on the technology is a critical part of learning. Using that time to understand how the systems work, learn new technology, or brush up and clean out the cobwebs on solutions you have touched in the past are all use cases where I have used CML/VIRL in the past and will continue to use it. It was a key part of my CCIE studies as well.

For more information see the Cisco Modeling Labs main page.

For the IS-IS Lab shown above you can get the YAML export on our public GitHub site here.

ModernCyber’s Services

If you are looking for help with automation or deployment services using a proven methodology with consistent results let us know. We are actively working on multiple projects where infrastructure as code is used and an invaluable asset to getting success with your missions.

Schedule some time to speak with one of our cybersecurity experts.