Category Archives: Cisco

GNS3 and Gentoo – fixing QEMU networking

I was hoping to have time to further familiarize myself with IPv6 this weekend –  but workplace emergencies, sleep, and a technical glitch slowed me down. Here’s the story of the technical glitch.

GNS3 - this thing rocks.

GNS3/dynamips can handle emulation of a number of routers, and I was happy to see that it can emulate host PCs as well. Unfortunately networking in GNS3  is done via UDP tunnels – something that requires a Qemu patch to implement.

For some reason QEMU won't really start if it's networked.

In Gentoo, simply building GNS3 from the Sunrise Overlay doesn’t provide sufficient support for this requirement. Emulated routers (and I’m assuming switches) work fine when networked together. Emulated host machines work fine when NOT connected to anything. But once you network things together you’ll discover that your Qemu host won’t start.

Here’s why – when you start a Qemu host, this is essentially what GNS3 runs:

/usr/bin/qemu -name QEMU1 -m 256 /mnt/virtualmachines/dynips/IPv6-tc/working/QEMU1/FLASH -hdb /mnt/virtualmachines/dynamips/IPv6-tc/working/QEMU1/SWAP -enable-kvm -net nic,vlan=0,macaddr=00:aa:00:8f:e4:00,model=rtl8139 -net udp,vlan=0,sport=20000,dport=10006,daddr=127.0.0.1 -net nic,vlan=1,macaddr=00:00:ab:fa:72:01,model=rtl8139 -serial telnet:127.0.0.1:3000,server,nowait -no-acpi -vnc :0

GNS3 attempts to use the -net udp option, something not offered in the default QEMU-KVM distribution. With no Gentoo USE flags to add the patch in either 0.13.0 or 0.14.50, I decided to simply upgrade to 0.14.50 and see if it was part of the default build:

# kvm –version
QEMU emulator version 0.14.50 (qemu-kvm-devel), Copyright (c) 2003-2008 Fabrice Bellard
# kvm –help | grep “net udp”
#

Nope, it’s not. So the next step is to remove app-emulation/qemu-kvm from your system and build it by hand.

First, remove kvm and download the source from kernel.org:

# emerge -C app-emulation/qemu-kvm

# cd /usr/src/

# wget http://mirrors.kernel.org/gentoo/distfiles/qemu-kvm-0.13.0.tar.gz

Unpack and patch it, using the patch provided by the gns-3 team .

# tar zxvpf qemu-kvm-0.13.0.tar.gz

# cd qemu-kvm-0.13.0/

Testing the patch, I ran into a handful of issues:

# patch –dry-run -p1 < /mnt/nas/downloads/qemu-0.13.0-
mcast-udp.patch
patching file Makefile.objs
Hunk #1 FAILED at 25.
1 out of 1 hunk FAILED — saving rejects to file Makefile.objs.rej
patching file block/raw-win32.c
Hunk #1 FAILED at 93.
Hunk #2 FAILED at 347.
2 out of 2 hunks FAILED — saving rejects to file block/raw-win32.c.rej
patching file hw/e1000.c
Hunk #1 FAILED at 567.
1 out of 1 hunk FAILED — saving rejects to file hw/e1000.c.rej
patching file net/udp.c
patching file net/udp.h
patching file net.c
Hunk #1 FAILED at 30.
Hunk #2 FAILED at 1075.
2 out of 2 hunks FAILED — saving rejects to file net.c.rej
patching file net.h
Hunk #1 FAILED at 33.
1 out of 1 hunk FAILED — saving rejects to file net.h.rej
patching file qemu-options.hx
Hunk #1 FAILED at 996.
1 out of 1 hunk FAILED — saving rejects to file qemu-options.hx.rej

A quick modification and we’ve got a new patch file. This one applies nicely:

# patch –dry-run -p1 < /mnt/nas/downloads/gentoo-qemu-0.13.0.gns3.patch
patching file Makefile.objs
patching file QMP/qmp-commands.txt
patching file block/raw-win32.c
patching file config-all-devices.mak
patching file config-host.h
patching file config-host.h-timestamp
patching file config-host.ld
patching file config-host.mak
patching file hw/e1000.c
patching file libdis/config.mak
patching file libdis-user/config.mak
patching file libhw32/config.mak
patching file libhw64/config.mak
patching file net/udp.c
patching file net/udp.h
patching file net.c
patching file net.h
patching file qemu-doc.html
patching file qemu-img-cmds.texi
patching file qemu-img.1
patching file qemu-monitor.texi
patching file qemu-nbd.8
patching file qemu-options.hx
patching file qemu-options.texi
patching file qemu-tech.html
patching file qemu.1
patching file roms/seabios/config.mak
patching file roms/vgabios/config.mak
patching file x86_64-softmmu/config-devices.mak
patching file x86_64-softmmu/config-devices.mak.old
patching file x86_64-softmmu/config-target.mak
vonnegut qemu-kvm-0.13.0 #

So let’s apply it for real and then configure, build, and install our new Qemu:

# patch -p1 < /mnt/nas/downloads/gentoo-qemu-0.13.0.gns3.patch

# ./configure –prefix=/usr –target-list=i386-softmmu –enable-sdl

# make && make install

A quick check to ensure UDP tunneling is compiled in:

# /usr/bin/qemu –version
QEMU emulator version 0.13.0 (qemu-kvm-0.13.0), Copyright (c) 2003-2008 Fabrice Bellard
# /usr/bin/qemu –help | grep “net udp”
-net udp[,vlan=n]sport=sport,dport=dport,daddr=host
#

And voila – now not only does my host machine start when networked into my layout, it also has connectivity:

Yes, it finally works.

Next up – continue lab work with IPv6, and begin studying for my CCNP.

Fun with Hotlink Spam

I get a lot of hotlink spam to this site, and normally I don’t particularly care. But when Mercado Libre (an online sales forum similar to E-bay) started using the pictures of one of the switches from my CCNA lab for a posting – I decided I’d try my hand as a sales person.

They could have at least resized the image – but here’s a snippet of what the posting looked like (note: since modern browsers cache imagery, you’ll likely have to hold down the shift button and hit refresh when looking at that post):

The actual switch is below the o-scope.

A few quick rewrite rules to tamper with that HTTP Referrer:

RewriteEngine on

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} ^.*articulo\.mercadolibre\.com\.ec.*$
RewriteRule \.(gif|jpg|jpeg|png)$ hotlinkers/computer-thermite.jpg [L]

And voila –

The perfect computer for arsonists.

I hope I get a commission off the huge volume of sales this generates.

The New Voice LAN

I’ve been meaning to look at the voice capabilities of the 1750’s I’d purchased while studying for my CCNA

(In previous posts I misspoke and claimed they were 1751’s, they are in -fact 1750’s).  The Cisco 1750’s have a slot for Voice Interface Cards, something I’ve not worked with – and something that influenced my purchase of the routers.

PVDM module goes in the top empty slot, DIMM in the right empty slot

I quickly realized I’d need a Digital Signal Processor (PVDM) card (~$90 on ebay) in addition to the VICs – AND I didn’t have enough memory OR flash to run an appropriate IOS image. The Flash upgrade to 32M was appx $30.00, with memory running about the same. Things started to quickly add up.

Right side is where the replaceable Flash goes

Which made me look at the Cisco 2621 also sitting on my work-bench.  Research quickly revealed I was looking at a much more affordable path.  I got a pretty good deal on an NM-2V with 2 FXO cards (ebay – about $115.00 – with the added bonus that the seller lives in my same city, so I saved on shipping and we met in an Aldi’s parking lot):

The NM-2V supports two VIC cards… the FXO (Foreign eXhange Office ~= PSTN origination/termination) and FXS (Foreign eXchange Service ~= provices dialtone service)  cards generally run about $50.00 on ebay, with the NM-2V averaging around $14-$45. So all in all, I paid at or below the average price for the entire package, and it all arrives at the same time. (There are other types of cards as well, but FXO and FXS are the only types I’m concerned with)

My first task is to get enough memory installed in my 2621 to support an IOS image with VOIP and ADSL capabilities. I’d searched around for some time before finding a site that I really like – www.parts-quick.com. They provide full specs on each router, the  max and min memory capabilities, flash upgrades, etc.. and the prices aren’t bad either.

The Glowing Bones of a Cisco 2621

My overall goal is to have one device that handles everything related to the telephone line: DSL termination/bridging, PSTN gateway, and dialtone server – a device I’m affectionately calling “beigebox0″. This will allow me to replace my Zyxel DSL bridge and Linksys PAP-2T, plus actually hook the PBX  into the PSTN. My current layout (an Asterisk box + Linksys PAP-2T)  has only SIP origination/termination, leaving an unused POTS line coming into my house. The new setup will still utilize the Asterisk PBX for voicemail and dialplan processing (as well as long distance over SIP, and an IAX2 trunk to Telephreak) , but use the Cisco 2621 for local call termination (calls in my native ratecenter).

The New Voice Lan (We don't need no stinkin' Visio)

Routing (and PPPoE) will still be handled by the Quagga router.  The Quagga also has a Courier V.32 Voice modem connected to it for troubleshooting dialup POPs, wardialing the 900 or so phone numbers my company owns (for auditing purposes),  and adding a backup connection in the event the DSL line goes dead (of course if dialtone is gone also, I’m out of luck). The modem _could_ be moved over to the 2621’s AUX port, but as all routing occurs at the Quagga, this layout makes more sense.

The link between the 2621 and the PBX could have been done a number of different ways. In the end, I opted to treat the 2621 as being on the WAN side of things, and I am using its management IP for that SIP endpoint. This gives me the ability to filter traffic between the PBX and the “beigebox” at the router. Directly connecting the 2621 to the PBX would reduce hop-count, however also add another location where firewall rules need to be managed and monitored aggressively.

Calls made from the home phone hit the 2621 via the FXS port, and are SIP-ed over the FastEthernet interface through the router and to the PBX.  If the call is long-distance it heads  BACK out the router to my SIP provider, with local calls heading back to the 2621 for connection to the PSTN. All call routing (local and long distance) is determined at the PBX. (The one exception being 911, which is immediately bridged at beigebox0)

Basic flow of an outbound call

Incoming calls from the PSTN (via the FXO voice-port)  will soon be  sent to the PBX for handling – which will initially sends the call back to beigebox0 to ring the home phone (via the FXS port), and following a number of rings sent to voicemail on the PBX.

So far, the layout has functioned perfectly. Next up – finish inbound handling of calls on the PBX (voicemail, etc)

Cisco 2621 config snippet:

hostname beigebox0

voice rtp send-recv
!
voice service voip
sip
bind all source-interface FastEthernet0/0

voice-port 1/0/0
description POTS line
ring number 10
!
voice-port 1/0/1
!
voice-port 1/1/0
description HomePhone
timeouts call-disconnect 10
!
voice-port 1/1/1
description ModemLine
timeouts call-disconnect 10
!

!
!
dial-peer voice 100 pots
description Dialing 411
destination-pattern ^411$
port 1/0/0
!
dial-peer voice 101 pots
description Dialing 911
destination-pattern ^911$
port 1/0/0
!
dial-peer voice 102 voip
description TelePhreak
destination-pattern ^666$
session protocol sipv2
session target sip-server
session transport udp
dtmf-relay rtp-nte
codec g711ulaw
no vad
!
dial-peer voice 200 pots
description PBXManualCallRouting
destination-pattern ^70001…….$
port 1/0/0
forward-digits 7
!

dial-peer voice 300 voip
description PBXConnector
destination-pattern .T
session protocol sipv2
session target sip-server
session transport udp
dtmf-relay rtp-nte
codec g711ulaw
no vad
!
sip-ua
calling-info pstn-to-sip from name set beigebox
calling-info pstn-to-sip from number set 70001
sip-server ipv4:<PBX IP>:5060
!
!
telephony-service

Asterisk sip.conf config snippet:

[beigebox]
type=friend
host=<2621 Management IP>
nat=no
qualify=no
insecure=invite
canreinvite=no
context=beigebox