Latest Packet Lab Videos

No videos found

Ads by Google

Archive for February, 2010

The War On Dynamips…Not So Much

It looks like the war on Dynamips is over before it even began.  Ivan Pepelnjak at the excellent Cisco IOS Hints and Tricks blog sets the record straight:

Let’s start with the sad fact: Dynamips’ lifeline was cut years ago when Cisco introduced the ISR routers. To run IOS on a completely different mix of hardware, Dynamips has to emulate the router’s hardware, from CPU to every single I/O device. That was “easy” (OK, doable) when Cisco used off-the-shelf components from commodity manufacturers (Motorola, AMD) who publish the detailed specs of their hardware. That tradition was broken in the ISR routers which use I/O chipsets from another manufacturer that gives you data sheets (and in-depth specs) only after signing an NDA agreement (believe me, I’ve tried and got nowhere). That’s why Dynamips supports only the 2600/3600-series and not 2800/3800-series.

The high-end routing products introduced after the 7200 series (and all switches) use customs ASICs. Obviously these are not documented outside of Cisco and thus one cannot emulate them without thorough reverse engineering.

With all these limitations in mind, it should surprise no one that you can run IOS release 15.0 in Dynamips only if you use the 7200 images (the IOS support for the x600-series routers was stopped with the release 12.4(15)T). And here comes the fatal bug in the story: IOS licensing was introduced on the ISR-G2 platforms. It is not used (yet) on the high-end boxes and will probably never be used on the 7200 platform. It should be obvious to anyone that this change in IOS deployment model has nothing to do with Dynamips (but then the story would immediately lose all its appeal).

As I stated in my previous post, I have not played with IOS version 15 yet.  I did see that there was IOS version 15 code for the 7200.  The lack of code for 3600, 3700, and 2600 just happened to be due to the end of life limitations of those platforms.  As Ivan stated, you can run Cisco IOS version 15 in Dynamips…you just need to use a 7200.

Of further interest to Dynamips devotees is that a comment that seems to have been authored by the creator of Dynamips, Christophe Fillot:

Indeed, Dynamips cannot emulate any of the platforms which run “universal images” with IOS licensing, so considering Cisco did this intentionnally is a bit strange (in my mind, this is completely unrelated, they just wanted the customers pay for the features they use). 
As you noticed, the 15.0 release just runs fine on Dynamips with a 7200 platform. 
 
If Cisco really wanted to break the emulation, that would be very easy to do (emulation can be detected because of inaccurate timing in the virtual machine, incomplete CPU and I/O device emulation, …), no need to look for a complicated method. 
 
Being the author, I obviously knew from the beginning that the program would have a limited lifetime, due to the platforms going EOL/EOS. I guess one day the 7200 will be declared EOL too. Like Stretch, I would really like that Cisco provides a full featured image running on a PC but limited in performance, or that stops working after 4 or 8 hours, for example (that’s what Xilinx, a FPGA vendor, does for evaluation purposes). Some Cisco engineers told me that technically it wouldn’t be a problem to do this, the problem is that Cisco then must have teams for the program maintenance.

Cisco At War With Dynamips?

I’ll be the first to admit that I haven’t touched IOS version 15 yet.  We aren’t utilizing it at work (outside of a small lab) and I haven’t played with it at home.  Recently I found out that Cisco has added some licensing features to the new version 15 IOS software.

I took at look at IOS version 15.0.1M1 today and there are TWENTY-FIVE different versions of this IOS available.  This includes the normal hodge-podge of IOS versions like IP Base, Advanced Services, etc.  It also included some like “AISK9-AISK9 FEAT SET FACTORY UPG FOR BUNDLES”.   I was able to download an Advanced Services IOS image for a 3845 with no problem.

The rumor that I’ve been hearing is that you will only be able to download IOS images (v15 and up) for devices that you have a Cisco contract for.  This jived with what I saw with my CCO account.  I saw IOS versions for equipment that we use, but none for devices like the 3700 and 3600 series.  This could simply be due to v15 not being available for these devices though.

One other feature of the IOS 15 images is that they require a registration key when installed on a device.  Again, I’ve not played with this version of IOS, so I cannot verify this.

So what the hell does this have to do with anything?  Well, it seems that these new restrictions may make it difficult/impossible to run IOS version 15 on Dynamips emulated routers:

With the release of IOS 15, users will need to punch a registration key into every machine running it to verify the software license. Cisco licenses its IOS feature sets at the time of purchase and when users purchase upgrade licenses at a later date. But students and professionals who have sought to experiment and practice at home — but didn’t want to pay thousands of dollars to do so — had found a loophole years ago.

As long as you had a Cisco Connection Online (CCO) account, or knew someone who would share one, you could update any router with any feature set without Cisco’s checking the license, according to users. Those same IOS software images could be used in a free and powerful Cisco IOS emulator, such as Dynamips, to give users the same experience as working on an actual Cisco router.

Using IOS images on emulated routers has always been a hazy prospect at best.  Technically, you are not allowed to run IOS images on anything except actual Cisco hardware.  Dynamips emulates Cisco routers, but does not include an IOS version.  This meant that Dynamips users had to procure the IOS software elsewhere and deal with any possible resulting legal issues.  This is why you won’t find IOS images on my site, and I will not provide you with images.

I completely understand Cisco’s desire to tighten their IOS licensing, although this article does bring up a good point:

In the enterprise space, he added, requiring a license key on every router “drastically changes the status quo” for Cisco’s biggest customers, such as large enterprises and telecom operators with thousands of routers to manage.

“Carriers have hundreds of thousands of devices, of which hundreds are under repair, replacement and upgrades at any point in time,” Ferro said. “These repairs now need licensing and re-licensing to be added to workflow. This is going to radically change the way we look at [network operations].”

Although Cisco provides software, Cisco License Manager, to transfer licenses between routers, most large enterprises are probably unaware of the changes, nor are they likely to be planning that process, Ferro said.

As it stands right now, IOS version 15 is not being used in any certification paths.  The Routing and Switching CCIE is still using version 12.4.  I don’t think that Cisco deliberately made licensing changes in order to stop the use of Dynamips.  Still, this may become an issue in the future when IOS version 15 is used more.  For right now, the effect is minimal.  Hopefully Cisco can remedy the situation for certification candidates by:

1) Creating an “academic license” version of IOS.  This is mentioned in the article.  It would have many of the features of the full IOS version, but be crippled in some way (throughput was mentioned).  This may not be something Cisco goes with for the simple fact that there doesn’t seem to be a piece of software that cannot be “un-crippled” by diligent hackers.  Of course, their registration number could be easily hacked as well.

2) Cisco currently has an in-house router emulator called IOU (IOS on Unix).  This software is used in the new Cisco Routing and Switching CCIE exam for the Troubleshooting portion.  If Cisco were to release this software (hell, they could charge for it) then they could control the IOS version that would run on it and likely kill Dynamips altogether.

For now, there’s not much to worry about.  12.4 has more than enough features for aspiring network engineers to play around with.

If you are a Facebook user, you may want to join the “Save Dynamips” Facebook group.

15.0.1M1

Currently Reading
CCNA Security Official Exam Certification Guide  (Exam 640-553)
274 / 672 Pages
CCNA Security Official Exam Certification Guide (Exam 640-553)
Ads By Google