Sunday, August 19, 2018

EVE-NG in the Cloud

I've been running EVE-NG ( locally as a VM on an old PC I use as an ESXi server for about 6 months. It works great and I've really been loving it lately.

In preparing for CCIE Lab exam I've needed to build and run very large topologies. The amount of resources you need will very greatly based on the virtual images you require. I have found the Cisco IOL images to use the fewest resources and run the most reliably. If your working towards Data Center, Service Provider or other exam tracks you'll likely need more than Cisco IOL and will need to run IOS-XRv, Nexus images, CSR1000v's or others which will consume many more resources.

The topologies I'm working from are the Foundation Labs, Troubleshooting and Full-Scale labs from INE's CCIE v5 Routing and Switching workbook. These labs vary from 14 virtual devices to 24 virtual devices. Specifically the version I'm working with uses the IOSv images which consumes many resources during boot and while running compared to Cisco IOL images.

The resources I have at home in my old PC I'm using as an ESXi server is limited and I needed more resources available to run the larger topologies. This brought me to seeking a way to run EVE-NG on scalable and expandable resources.

All initial credit goes to Arwin Reprakash from, documenting the process and sharing.

If you have a Gmail account you can activate Google Cloud for your account and get $300 FREE, from Google to spend on their resources.

You might be asking yourself: "How much will $300 get me?"

The cost varies based on the resources you consume.

If you're running IOL images you can get away with one of the lower tiers and leave your VM on for 24 hours/day for nearly a YEAR without paying a dime!!!

If you need to consume more resources obviously it will decrease your free $300 at a faster rate. 8vCPU's and 30GB memory you can run for 24 hours/day for about 40 days straight.

Juts for comparison I took a quick glance at what other vendors offer, here's a cost breakdown:

FULL DISCLOSURE: I have not vetted or tested all of these solutions, I'm listing them based on price comparison only. They each offer different solutions. Choose which ever is best for you!

Google Cloud: FREE $300 


  • 1vCPU 3.75GB Memory = ~$26/Month (About 11 Months of continuous running)
  • 4vCPU 4 GB Memory = ~$78/Month (About 3.8 Months of continuous running)
  • 8vCPU 30 GB Memory = ~$195/Month (About 1.5 Months of continuous running) (Bare-Metal) NOT FREE

t1.small.x86: ($0.07/hr) [730 hours = $51.10] (

  • 8 GB of DDR3 RAM
  • 80 GB of SSD
  • 4 Physical Cores @ 2.4 GHz (1 × Atom C2550)

c1.small.x86 ($0.40/hr) [730 hours = $292.00] (

  • 32 GB of DDR3 ECC RAM
  • 120 GB of SSD (2 × 120 GB in RAID 1)
  • 4 Physical Cores @ 3.5 GHz (1 × E3-1240 v5)

m2.xlarge.x86 ($2.00/hr) [730 hours = $1460.00] (

  • 384 GB of DDR4 ECC RAM
  • 120 GB of Redundant SSD (2 × 120 GB in RAID 1)
  • 3.8 TB of NVMe Flash
  • 28 Physical Cores @ 2.2 GHz (2 x Xeon Gold 5120)

Cloud My Lab: Free Trial


Create the nested virtualization supported image based on Ubuntu 16.04 LTS

gcloud compute images create nested-virt-ubuntu --source-image-project=ubuntu-os-cloud --source-image-family=ubuntu-1604-lts --licenses=""

Edit sshd_config to allow "root" user to login

nano /etc/ssh/sshd_config

PermitRootLogin yes

PasswordAuthentication yes

Change interface name to "eth0"

nano /etc/udev/rules.d/70-persistent-net.rules


shutdown -r now

Download the gpg.key, install the new repository, install eve-ng


apt-key add

apt update

add-apt-repository "deb [arch=amd64] xenial main"

apt update

apt-get install eve-ng

apt-get install eve-ng

Remove the 4.15 Kernel, use only 4.9 eve-ng Kernel

cd /boot/

mkdir ./old/

mv *4.15* ./old/

Edit grub

sed -i -e  's/GRUB_CMDLINE_LINUX_DEFAULT=.*/GRUB_CMDLINE_LINUX_DEFAULT="net.ifnames=0 noquiet"/' /etc/default/grub


Create a new non-root user:

sudo adduser showipintbri

sudo usermod -a -G sudo shoipintbri

Disable root from sshing

nano /etc/ssh/sshd_config

PermitRootLogin no

Thursday, August 2, 2018

Everything You Need to Know About OSPF

"Everything you'll ever need to know about OSPF" is a bold statement but is goes back to "Mastering the Foundations" something I've been saying for the past 25 days. If you can master these OSPF foundations the rest is icing on the cake.

PRO-TIP: Don't treat this as a long list of items to memorize but rather a checklist of topics to lab up.

Default Behavior

  • Won't start unless OSPF can determine a router-id
  • Router-id determined:
    1. Configured router-id
    2. Highest loopback IP address
    3. Highest interface IP address
  • Every router within an area must have the same OSPF database
  • Filtering/Summaries happen at the ABR
  • Default Priority = 1, highest priority becomes the DR (where applicable)
    • A Priority of "0" means router will NOT participate in DR/BDR elections.

OSPF Network Types


  • Default for Ethernet interfaces
  • Elects DR/BDR
  • Uses Multicast
  • Allows more than 2 routers on a link
  • Timers: Hello - 10, Dead  - 40


  • Elects a DR/BDR
  • Uses Unicast (neighbor statements)
  • Allows more the 2 routers on a link
  • Timers: Hello - 30, Dead - 120


  • Default for Serial and Tunnel interfaces
  • Does NOT elect DR/BDR
  • Uses Multicast
  • Only 2 routers allowed on a link
  • Timers: Hello - 10, Dead - 40


  • Does NOT elect DR/BDR
  • Uses Multicast
  • Allows more than 2 routers on a link
  • Installs /32 host routes per neighbor
  • Timers: Hello - 30, Dead - 120

Point-to-MultiPoint Non-Broadcast

  • Does NOT elect DR/BDR
  • Uses Unicast (neighbor statements)
  • Allows more than 2 routers on a link
  • Installs /32 host routes per neighbor
  • Timers: Hello - 30, Dead - 120


  • Default for Loopback interfaces
  • When included in OSPF, uses a /32
    • To advertise with mask other-than /32, manually set network type to "point-to-point"

LSA Types

LSA Type-1: Router LSA's

  • Originated from each router
  • Flooded within an area
  • Tells the area about all the links participating in OSPF and are associated with that area

LSA Type-2: Network LSA's

  • Originated by the DR
  • Only DR can originate Type-2 LSA's (If there is no DR their aren't any Type-2's)
  • This LSA tells all the routers in an area about all the routers on a shared medium like Ethernet

LSA Type-3: Summary LSA's

  • Originated by an ABR
  • Carry the destination network prefixes from one area into another
From nonbackbone > backbone
  • Connected Routes
  • Intra-Area Routes
From backbone > nonbackbone
  • Connected Routes
  • Intra-Area Routes
  • Inter-Area Routes

LSA Type-4: ASBR-Summary LSA's

  • Originated by an ABR
  • Tells all the other areas about the ASBR
  • Tells all the other areas "to get to this Router-ID(ASBR) go through Me(ABR)!"

LSA Type-5: External LSA's

  • Originated by an ASBR
  • Flooded through out the OSPF domain, except into stubby areas
  • Contains the Network prefix and subnet-mask for the external network

LSA Type-7: NSSA External LSA's

  • Originated by ASBR
  • Exist only in a Not-So-Stubby Area (NSSA)
  • Are NOT flooded outside the area they were originated

Area Types

Backbone Area

  • Area 0
  • Act's as the HUB for all other areas
  • Accepts all LSA Types

Normal Area

  • All non-stub areas
  • Allows LSA's Type: 1, 2, 3, 4, 5 & External Default

Stub Area

  • Allows LSA Types: 1, 2, 3 & Summary Default Route ( No External Type-5's )

Totally Stubby Area

  • Allows LSA Types: 1, 2 & Summary Default Route

Not-So-Stubby Area (NSSA)

  • Allows LSA Types: 1, 2, 3, 7 ( No External Type-5's )
  • NSSA's allow redistributing into an area but still maintain it's 'stub area' properties (not allowing External Type-5's)
  • Redistributed routes are converted to Type-7 LSA's and advertised throughout the area by the ASBR
  • The ABR converts Type-7 LSA's into Type-5's before advertising them into the backbone area.
  • LSA Type-7's are only flooded within the area they originate

Totally Not-So-Stubby Area (NSSA)

  • Allows LSA Types: 1, 2, 7 & Summary Default Route ( No External Type-5's )
  • NO LSA Type-3's

Route Types

  • O = Intra-area Route
  • O IA = Inter-area Route (Generated by Type-3 LSA's)
  • E1 = External Metric Type-1 (Generated by Type-5 LSA's)
  • E2 = External Metric Type-2 (Generated by Type-5 LSA's)
  • N1 = NSSA Metric Type-1
  • N2 = NSSA Metric Type-2