How to run EVE-NG in the Cloud

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] [Music] hi everybody i'm tony at show IP interface brief and today i'm gonna show you how to run even G on Google's cloud platform I want to start off by doing a full disclosure this is not something that I discovered or am the first to do by any means in fact all of the research to pull this off is owed to the IT Hitman blog post which I'm going to share over here on the screen I followed the these steps pretty closely the reason I wanted to make this video is to go ahead and document the process as well as there were a couple of steps that weren't very clear and I wanted to make sure we had an opportunity to share that with everybody else because I had to go and ask for help in some other communities and people weren't able to volunteer some help to help me solve these problems also this is a very detailed blog post it's really great it has a lot of screenshots follow step by step but even with that it was rather intimidating not being familiar with Google clouds platform so I want to go ahead and document the process here in video to show you how you can get it up and running in about less than an hour let's start off by going to cloud google.com if you haven't already signed up for Google's cloud platform there's gonna be a sign up button down here at the bottom or sign up at the top if you have a gmail account or you already have a Google cloud if you have a gmail account you haven't signed up for Google cloud yet if you sign up you get 300 free dollars to of Google's money to spend you have to put in your billing information that's how they get you to activate your account you have to put in your billing information but you get three hundred three dollars that you get to burn through first and you might be asking yourself how far will $300 get me well once we get into the demo here I'll show you just how far three hundred dollars will get you I'm already logged in with my account and I already have activated my free trial so I'm gonna go straight to go to console now if you haven't done anything with Google clouds platform before you'll be brought to this welcome screen this is going to give you some tutorials some how-to is to get some basic stuff done I've been through this a couple of times so I'm just going to dive right in the first thing I want you to do is to select a project we're going to create a new project you're probably thinking what is a project a project is just a name that you can group resources together to attach to billing resources those resources could be storage resources compute resources network resources that all get put into a project that you can tie to Billings so let's go over here to new project and we just have to fill in a couple of bits of information we have to give it a name and we can ignore the organization for now since this is a personal project I'm going to call it even G I'm going to click create if your project isn't selected click the drop-down select your project and click open you can access the home console screen for your project by clicking the navigation 3 bars to the upper left and clicking home this is not unlike any other html5 dashboard where you're presented with a number of tiles that you can customize we want to click on our activate cloud shell which is going to open it a little terminal at the bottom of the screen here is where we're going to use a command from the IT hitman blog which is going to allow us to create a custom image we're gonna be using in a boon to base image and we're going to build it custom to allow for nested virtualization even G in order to run requires nested virtualization and so we're gonna build an image that allows that here I have the command copy to my clipboard and I'll put it in the show notes below I'll ctrl V to paste it in this command can be broken up into a couple of sections we're invoking g-cloud the compute resources images which is a sub context under compute and we want to create an image named nested vert Ubuntu we're using the Ubuntu OS cloud as a source the image family is 1604 LTS which is the image that even G is built on and then here's the license value enable VM X which turns on nested virtualization for our image once we hit enter this is going to take about 2 or 3 minutes to execute great your image is created when you see the ready status below in the table now we can close this access console and begin to build a build our VM instance in the upper left hand corner click the three bars to open the navigation menu we're going to go down to compute engine and VM instances this is where we can actually begin to build the VM and start defining some of the properties if you haven't created any VMs you'll be brought to this wizard where you can create import or Taitt or take the quick start we're going to create before we just next next next our way through this screen I want to talk about each field here so you can understand exactly what you're doing and what options you have available to you we're gonna start by giving our VM a name so I'm gonna call it even G the next option you have to choose is your region I've done this a couple of times under a couple of different accounts and what I found was originally I did it in the u.s. East for their Northern Virginia in the Ashburn data center and what I found there was is I was locked into a premium tier for the for the networking and I couldn't change that down to the standard tier so what's the difference between the standard tier and the premium tier there's going to be a little help a little bit later but it charges you a little bit more for the premium tier one and and then again for the different zones as well what I found was is once you create a VM in a region you can't move it from one region to another you can't migrate it seamlessly so what you actually have to do is shut down your VM export all the data and then import it into a new region so what I did is actually just knock it down and build a new one in the proper region so South Carolina for me is the closest to my area you want to choose a region which is closest to you typically something closest to you is going to give you the better performance lower latency and better performance South Carolina for me is the cheapest one because it gives me the standard tier options Zone B is fine I'm going to leave that alone next is our machine type here is where we get to choose the resources dedicated to our VM by default it gives us a normal value of 1v CPU and almost 4 gigabytes of memory this is gonna run you about $24 a month almost $25 a month that's based on 730 hours of uptime 730 hours of up time is just over 30 days it's not quite 31 days this s this projected cost increases as your resources increase so there's a couple of suggested pairings here for example 8 vc 8 V CPUs and 30 gigabytes of memory is gonna cost you a whopping 194 dollars a month almost $200 a month if you keep this running for 730 hours now if you have just activated your Google cloud platform account from your existing gmail account you get 303 dollars to spend you can absolutely run this all month long and stay within the margins of your free 300 dollars what's even better is is if you don't keep this running all the time you only pay for the time that your VM is running so you don't actually pay for the downtime there's a couple of small charges when you're down for static IPS and persistent storage and stuff like that but the bulk of your fees come from your uptime so my plan is is to give myself some decent resources to run the topologies that I want to run and shut the VM down when I'm done so I can stretch out that $300 for as much as I can now if you're studying for like CCIE data center or CCIE service provider where you need to run iOS X R or XR v images or you're running to run the CSR 1,000 bees and a whole bunch of them or you want to run a nexus and you want to run a whole bunch of them this is a great option for you you can stretch your resources not infinitely but far beyond what most of us have in our homes and this allows you to do it on Google's dime so for the labs that I'm going to be working on I'm gonna do I'm gonna customize so I'm not gonna choose one of the predefined ones I'm gonna click the blue customize button which is going to give us a couple of sliders where we get to slide the CPU and slide the memory over to what we want so I think to achieve what I want to do I actually want to go back to the basic view drop to a lower tier and then customize so I'm going to be building a topology that uses 24 instances of the iOS V image the iOS V image doesn't consume a lot of memory during startup or when it's running but it does consume a lot of CPU during startup so I'm gonna give myself four CPUs and four gigs of RAM for our cpu platform I'm gonna choose sky Laker better leave our GPUs alone so this is at this rate it's gonna cost me $77 per month if I leave it running for a full month what do I what I intend on using this for is for building large topologies only for small topologies where I'm trying to study a specific technology or a specific small scope topology I'm still gonna build those locally it's just gonna be a little bit easier for me to do it but for these for this environment that I'm building specifically what I want to use it for is building the large topologies with 24 devices on them and where I can spend 8 hours on a lab so after the 8 hours is done I can shut this VM down and it's not gonna cost me $77 per month it might cost me a dollar for the day or it might cost me three dollars for the day maybe going down to the next section we're going to skip container because we're not using a container we are going to change the boot disk this is going to be the the base image the one that we created in the previous step let's click custom images at the top and select the radio button next to nested Verta bun 2 is the image we created at the bottom below we're gonna do standard persistent disk and this is Ubuntu 1604 LTS with even G on top it doesn't need a lot of disk space for what I'm using but if you are going to be building larger topologies with the larger Nexus or X RVs or any of the things that require an amp make sure you giving yourself ample disk space for the topologies and the images you want to host on it for what I'm going to do 25 or 30 gigs ought to be enough for identity and API access we're gonna leave it as default for our firewall we're gonna allow HTTP in to our VM and that's because the even G login page and dashboard is an HTTP let's click the blue link below it for manage security dissing it working in sole tenancy so we can get to the networking details click the networking link and the small pencil so we can edit the settings your VM is going to maintain to to Nick's here on the Google cloud platform one's gonna be internal and one's gonna be your public IP your external IP I'm gonna leave everything default here but I wanted to point this out the ephemeral IP for your external interface if you're using the IT Hitman's blog it's gonna suggest a static IP and I'm gonna suggest a static IP - as well if you're using secure CRT or multi-tab putty or super putty where you actually want to build a connection profile for all of the ports and the devices necessary for a topology that you build so that your VM is in the cloud and it is always reachable at the same IP for myself for my needs I don't need a static IP one other thing I want to point out is when you do reserve a static IP and I'm gonna show you how to do that in just a moment if you don't have your VM running or you don't have that static IP attached to your VM you have to pay for it hourly now I believe it's cents on the hour but still it's gonna cost you hourly so Google cloud platform is a for-profit operation so they are going to try and give you services that customers need but they expect customers to pay for them so I just want you to be aware of that so if you get a static IP address and you think you can just reserve a bunch of static IP zatt willy nilly it is gonna cost you a little bit at a time another thing to point out was here was what I was mentioning about the regions one of the very first things we chose I put mine in the South Carolina region and that allows me to change to the standard network service tier in the US East for in Northern Virginia the Ashburn data center premium is the only available Network service tier that's fine I think here we can get some more information on exactly what that is but my rudimentary comparison is premium allows for greater high availability greater fit failover anycast IPS a lot more richer features to support high availability we're standard is going to give you standard availability sort of best effort for my labs what I'm looking for best effort is going to be good enough I'm gonna leave my external IP as ephemeral but I do want to walk through the process of reserving an IP in case you want to do that so go to create IP address you can give it a name even G and again you get to choose whether you want premium or standard and then you click reserve and it will reserve an ipv4 address for you and that's the IP that your VM will be reachable I'm going to kick click kick click cancel and leave mine set as ephemeral I'm going to click done as we're done messing with the network interfaces and at the bottom we're going to go ahead and click create now if we filled out all of their all of our options correctly it'll go ahead and create the VM instance and it will start it it's gonna bring you back to the VM instance dashboard where you're going to see a list of all of your VMs in this case we only built the ones we're only going to see one VM it's going to show us whether it's been started or stopped and what the IP addresses are and allow us to SSH directly into it from the web here's our VM we named it even G it's in the zone us 1b our internal IP which we're not really going to need but the external IP is how it will become reachable here's how you get to the operations of this VM so you can start stop reset delete from here I also have this tied to my phone and on my phone I have the Google cloud platform app that allows me to check my resources in my VM instances and you can see here that I have my VM and it is stopped I can click it and open it and I have zero utilization if I hit the three dots I can go ahead and start a VM so it's pretty cool because actually on the first night that I'd built this initially I left it running and it was the first time I built it so I built it with 8 V CPUs and static IP addresses and 60 gig hard drive and gave it a ton of RAM I didn't really know what I was gonna need and I left it running all night and I just picked up my phone that was on the nightstand I got the Google cloud app it linked to your account right away I found the VM I click stop and it was shut down so it's really cool so if you want to get a lab started you might be able to start this from the car on your way home and be ready for a lab once you get home and into the into your office so here we're going to use the SSH we're going to SSH into the VM setup route do a couple of operations from here and then we'll do a reboot this is going to open a html5 browser window that allows us to SSH directly into the VM this is where we'll actually set up reach abilities so then we can use secure CRT or multi-tap putty or whatever terminal you're choosing I'm going to be using regular putty to be able to SSH into this VM the first thing we want to do is assume route and set a password we want to allow route to login via SSH we're gonna set up this VM using the user root but at the end I'm gonna finish off by creating a new user and disabling root login via SSH and allowing only sudo privileges we're gonna open sshd you come down here to permit root login yes and we want to allow password authentication now if you're going for a highly secured VM you probably want to use authorized keys but for us we're just going to do a basic user usually even password authentication which will get us in we've edited the sshd config now we need to restart so let's do service sshd restart I'm gonna come back here so I can grab our static guy or excuse me our public IP I'm going to open up putty and we should be able to SSH in using the user root now to finish our installation excellent so now we're able to reach our VM via a public IP address logged in as the user route from a local putty session on our desktop before we begin the Eve ng installation even G expects the very first NIC to be named eath zero let's check what our interface name is it's called ENS four let's go ahead and and name that eat zero so for that as route we're gonna edit Etsy you dev rules d70 persistent go all the way over to the right and replace ENS four with e zero and now we need to do a a reboot now we're logged back into the machine let's check our interface and now it is called e zero so now we can kind of begin our even G installation and for that I'm actually going to come over here and reference the even G cookbook I've found a anyway to get everything that I need right out of the cookbook this is on page 44 the even G cookbook which is available from their website this kind of goes through the process and procedures of installing even G on various platforms as well as sort of a step by step guide and screenshots for installation operation and maintenance I've used this cookbook a lot anytime that I had a question about something I was always pointed exactly to where it was discussed in the cookbook and for for a lot of operation and administrative things I haven't had to use this for installation before moving to the cloud because I just downloaded the VM from their website and run it in ESXi but this also includes really detailed instructions for installation if you guys are a DIY or you want to do it from scratch so I'm going to go ahead and grab this script which is coming from their website and install the install even G Pro and I'm just going to download that locally I want to open that up so if this is the installation script I just kind of want to read what it's doing it's going to modify sshd to allow permit route login we've already done that currently and then it's going to go ahead and get the g PG key from their website so I'm gonna grab this then it's doing an app get update it's at it's piping that - apt key ad then it's doing an apt get update then it's do an apt-get install software properties come in then it's adding a repository apt update install docker engine install even G Pro it's a whole bunch of stuff in here so let's start with the the top thing we're not going to do all of these things let's start with the top so first thing I want to do is I want to download this key straight from their website verify a habit there next I want to do I'm logged in as root so I'm going to do a apt key ad and the file name which is eczema the key has been added so now let's open up that installation script again and see what our next step is apt-get update and then we're going to add a repository so apt-get update and let's add the repository and let's do apt-get update again and I can see here at the bottom it brought in our new repository for even G this is great okay so what we need to do is we actually need to run apt-get install even G and we're going to need to run this a couple of times and during installation it's going to ask you for a couple of input values for setting up my sequel and a couple of other things so make sure you stay attentive this is going to take about five minutes total I'll probably time-lapse this you okay our first round is done let's press up arrow run it again to pick up the rest of the things okay looks like that process is complete I'm gonna up error one more time to make sure everything is installed the way it should be zero package is left excellent now I'm actually going to log out as route and log back in we have to complete this blue wizard which is going to set up even G in the background and a couple of administrative items once we complete this blue wizard it's going to kick us out of our SSH session and we'll need to come back in I'm just next next next to my way through this our session has been terminated now we should be able to pull up our IP address from the Google cloud platform dashboard and pull up an HTTP session for our even G now this is my first time logging in so I'll use the default credentials one of the things I want to point out here you'll notice we have the KSM status is off this was an apart this was a problem that I saw that was a gap in the IT hit man's blog post which is if we are SSH into let me reestablish our SSH session except the new key root if I check what kernel we're using we're using the Google cloud platform kernel which is 4.15 even G needs the custom kernel I actually don't know if it's a custom kernel or just an older one but it needs for nine so I haven't found a clean way to do this and in in the IT hit man's blog it does ask you to modify grub but it doesn't take care of this step so what we're actually going to do is CD over to slash boot do an LS and you can see all of our files here I'm going to make a directory called old just to keep these and I'm going to move anything that says fourteen five into a grub this should leave behind only the files that had 4/9 so if we want to check what got moved into old just to verify they should be everything that has 415 okay now back to the cookbook and also the IT hit man's blog if I scroll up in the cookbook just a little bit on the previous page 43 for example there is a line in here which is doing a search and replace so I'll paste that in there's a carriage return in here so I'm gonna hit enter this command will error out and then I'll up arrow and execute it again actually before we do why don't I show what that's doing Etsy default grub that is changing this line right here and replacing it with no quiet and in net dot if names equals zero so it will keep the e zero interface namings so now if I nano up again this value now you can see it's changes say net if names equals zero and no quiet okay now that we've done that we need to do update grub it's going to use our for nine kernel and I'm gonna restart we're gonna give that a minute to boot again and then we'll try to access our web dashboard once we get this fully installed and operational then we'll create our new user and we'll disabled route from being able to SSH in remember this is designed to be a lab VM it is it has a public IP address now and it can be reachable from anywhere in the world which means it likely will be receiving some attack traffic probably from all over the world so we want to try and limit our surface area as best we can this is not the greatest because we have to open many additional ports to allow incoming connections but if you chose to use only the web console you would only need to have your HTTP ports open which helps to greatly reduce your attack surface for what I'm gonna do I'm going to continue to use putty which means I'm gonna need to open those telnet ports that are going to expose those routing devices let's try to visit our web page now we got an even G login admin is sir username looks like we logged right in let's come over to system and status and here we are green now right so now we're ready to move over a iOS V image and actually build a test topology so I'm going to restart our SSH session as root and I'm going to bring over my local even G VM that I run locally so if I LS I have a couple of image here for V iOS and again I'm going to do this just sort of as a test so I would just want to move these a couple images over into the same folder so if I'm in the qemu folder here and i LS lah I don't have anything let's create this guy so now I'm gonna rsync this file into this folder over here actually I'm going to just going to our sink it into the home folder home folder of route and move it over and this is going to be burped and we're going to do route at our IP address remove the HTTP and then we want to do colon until de for home and to our credentials for route excellent so let's do move so now we move that folder into our current directory I want to get back CD into a rappers do UNL UNL rapper Tech a fix permissions let's minimize both of these consoles and we should be able to build our very first topology let's add a new lab we're going to call it test let's add an object node and we only have one image to play with it's gonna be our cisco VI OS I'm gonna add three we're gonna prefix them by R for R 1 R 2 R 3 I like to use a CPU limit it's supposed to help from maxing out the CPU and start slowing down cycles I still see some CPUs maxed out from time to time I so I don't know 100% the value that it has but I turn it on from habit click Save three routers now let's add a network so I'm just going to put a little hub in there connect these I'm going to come over to more actions and start all nodes and I want to bring up the status so we can kind of see how this fares so this is quite typical whenever I run avi OS or iOS V images even when starting them three at a time I tend to max out the CPU you can see memory doesn't get taxed very very much but CPU does and it'll run this way it'll run at a hundred percent for maybe a minute minute or two especially on first boot now my experience has been if you're starting iOS V or any images rather and you have a startup config it'll go down to a low utilization very quickly but during boot up from its initial boot until it does the image verification it typically maxes out now the more CPUs I think you're going to give you give your VM the more CPUs that it that are available to compute for booting up all these routers the recommendation is still to if you have a large topology with many devices to boot them in groups groups of maybe three or four at a time boot it let them boot up then group another three or four at a time in another three or four to another three or four now what you can do is you can add a startup delay to groups of them so you can just hit the button that says start all devices and it'll actually delay groups so you don't actually have to manually start one group at a time so you have that available to you as well so it looks like now we're at about twenty one and thirteen percent we're kind of bouncing around the 20s and teens which tells me that these images are probably idling now so if I want to console into it typically I would click here and this is going to bomb out now actually what I want to do if I can I'm gonna let this bomb out all the way to kind of prove a point the reason this is bombing out is we never went into the Google cloud platform firewall rules till allow in the ports necessary to allow putty to connect back which again which is kinda what I mentioned earlier about the attack surface we need to open up a whole bunch of ports to allow putty in for me I'm just gonna open them sort of wide open because I don't know how many devices I'm gonna have at any one time but what I want to do is actually if I can log out and log back in to the html5 console because right now we're allowing HTTP in so I want to know if I can control the entire lab through essentially html5 only great here's the same lab that we just built and they are started already so if I click on one of them I typically don't use the html5 console at all I stick with putty because that's what I'm going to be facing and when I sit from my CCIE lab so I want the experience so this is great so I'm only allowing SSH and port 80 into the VM and I'm going to be able to looks like console into each of these devices through html5 which is really cool I really think the even G team has really done a great job in in creating this product the accessibility for the devices and kind of kind of do building exactly to what network engineers needs are so again this was one router this is router number two this is great like I said I don't typically use the html5 console so I'm really happy to see this one of the I want to point out a log message here just in case anyone is going to be using even G for the very first time with iOS the images or V iOS however you want to say it typically I have found that the routers on the initial boot again if they don't have the startup configs in them already until you get this log message which is the platform signature verified your router tends to run a little laggy I don't know if that's the the right adjective it seems to always sort of be I'm have some delay in its operation but after you get that log message typically it's pretty responsive just like you would expect so what I want to do is I'm actually going to log out of this html5 console come back in as native but before I do I want to allow the ports in that we need so for that go back to your Google cloud platform click the navigation menu in the top left scroll down to V PC Network hover until you get the sub menu and go to firewall rules the firewall here's our the firewall rules here are pretty basic there's a couple initial ones to allow for HTTP and inbound ICMP inbound RDP and SSH that seems to be the default template they apply to any new VM instance so for our name I'm gonna call it allow telnet network default priority 1000 this is going to bump us to the top the direction of traffic is going to be ingress we want to apply this ACL to allow traffic to ingress into our VM we want to allow the traffic for the source IPS we kind of want to allow any IP we want to be able to hit this from anywhere so my IP address here at home or an IP at work or or anywhere that I might be at a coffee shop or a library I want to make sure I'm able to hit it from anywhere so I want to accept all inbound my piece now for ports and protocols I don't want to allow all instead I want to allow only specified ports so that's going to be TCP now for Eve ng Community Edition the ports that it starts with are 32 768 except it actually starts with 768 plus the ID of a device so it's gonna be 769 and I'll just bump that up to 32 869 a hundred ports I'll probably never put a hundred devices on there but we'll do 100 ports I'll go ahead and hit create I forgot my specified targets I'm going to say all instances in the network so it's going to apply this to all VMs in the network and it has applied our role in the ingress direction applied to all VMs from anywhere to these ports and it's allowed and it was a priority a thousand which makes it sit right on top of our list let's go back to Eve ng login again with is the native console which means when we click on a device it should bring up putty for us if I click on our one hit carriage return a couple of times and I have a router yay good so now we have reach ability between two devices just basic but just proves that this is working so how I'm gonna leverage this is I'm working towards my CCIE routing and switching and I've been working through the ine workbook I've been doing all of that locally here but in the back of the workbook are some really large labs I've been doing the foundation labs here locally which are 14 devices 10 routers 4 switches the section after that our troubleshooting labs which are 24 devices and because they're using the iOS v images I didn't have enough resources here at my home to be able to support that so I wanted another method I googled around I found the IT hit man's blog which was a great resource for me to be able to pull this off I was a little intimidated by it at first but I'm very happy that I went through it and executed one of the problems that I have what had was the VM not using the eve ng kernel the 4.9 kernel without that the VMS would not boot I could excuse me not the VMS the images would not boot so we needed to go ahead and remove the other kernel so it wouldn't boot from it and reboot and it found the 4:9 and then that worked like a charm so here we are that wraps it up thank you everyone see ya [Music] [Music]

Info

Channel: Tony E

Views: 22,846

Rating: undefined out of 5

Keywords: EVE-NG, google cloud, ccie, showipintbri

Id: HDHsMgCs0XU

Channel Id: undefined

Length: 50min 14sec (3014 seconds)

Published: Sun Aug 19 2018