Running Palo Alto emulator on EVE (UNL, Virtualbox, MAC OS)

I tried to run Palo Alto on EVE (EVE suggests its user use VMware, I have to use VirtualBox because I don’t have a VMware license).

Then I found I can’t start the Palo Alto Firewall and trying to find the root cause.

1st, I go through EVE logs 1st. System -> System logs -> unl_wrapper.txt

WX20180125-131739@2x

Jan 25 05:18:13 INFO: starting /opt/unetlab/wrappers/qemu_wrapper -T 0 -D 3 -t "PaloAlto" -F /opt/qemu/bin/qemu-system-x86_64 -d 0 -- -nographic -device e1000,netdev=net0,mac=50:00:00:03:00:00 -netdev tap,id=net0,ifname=vunl0_3_0,script=no -device e1000,netdev=net1,mac=50:00:00:03:00:01 -netdev tap,id=net1,ifname=vunl0_3_1,script=no -device e1000,netdev=net2,mac=50:00:00:03:00:02 -netdev tap,id=net2,ifname=vunl0_3_2,script=no -device e1000,netdev=net3,mac=50:00:00:03:00:03 -netdev tap,id=net3,ifname=vunl0_3_3,script=no -smp 2 -m 4096 -name PaloAlto -uuid 934e653f-accd-4ce0-a243-369f853b4add -drive file=virtioa.qcow2,if=virtio,bus=0,unit=0,cache=none -machine type=pc-1.0,accel=kvm -nographic -rtc base=utc > /opt/unetlab/tmp/0/a0fab94b-9b39-4226-884b-894ff4942d65/3/wrapper.txt 2>&1 &
Jan 25 05:18:13 INFO: CWD is /opt/unetlab/tmp/0/a0fab94b-9b39-4226-884b-894ff4942d65/3
Jan 25 05:18:13 ERROR: QEMU Arch is not set (80015).

  1. Start Palo Alto manually

From the log, you can find the qemu command, so I copied it and run it from the console and got the error

Could not access KVM kernel module

I followed the link about KVM kernel module and find the CPU doesn’t support KVM.

also found VirtualBox Ticket #4032.

  1. make it work

depends on #2, edit Palo Alto VM and remove ‘,accel=kvm’ option:

WX20180125-131739@2x

it works.

Advertisements

Linux tc-how to work on different IPs


#!/bin/bash

interface=eth0
ip1=192.168.1.1
ip2=172.16.1.1
delay1=100ms
delay2=200ms

tc qdisc add dev $interface root handle 1: prio
tc qdisc add dev $interface parent 1:1 netem delay $delay1 10ms 25%
tc filter add dev $interface parent 1: protocol ip prio 1 u32 match ip dst $ip1 flowid 1:1
tc qdisc add dev $interface parent 1:2 netem delay $delay2 10ms 25%
tc filter add dev $interface parent 1: protocol ip prio 2 u32 match ip dst $ip2 flowid 1:2

Linux session number/timeout setting

在Cisco设备中可以通过:

line vty 0 number

配置设备CLI(Telnet/SSH)登陆的session数

line vty下通过

exectimeout minutes seconds

配置设备session的超时时间。

本文介绍在Linux中如何实现以上机制(1、2通过SUSE/CentOS 内核2.6.32:验证通过)。
1. Linux Telnet session数限制
 使用文本编辑器配置xinetd.conf文件:

vi /etc/xinetd.conf

修改instances参数完成配置

defaults
{
        instances               = 60     //修改此数字
        log_type                = SYSLOG authpriv
        log_on_success          = HOST PID
        log_on_failure          = HOST
        cps                     = 25 30
}
修改完成后,通过

service xinetd restart

/etc/init.d/xinetd restart

重启 xinetd服务使配置生效。

2. Linux Telnet Session timeout机制实现
借鉴 http://thedaneshproject.com/posts/how-to-set-default-session-timeout-in-linux/ 的内容,应该是通过shell的timeout机制(TMOUT参数)间接用来实现Telnet的timeout
修改系统默认timeout,使用文本编辑器编辑配置文件: /etc/bashrc [注:有文档说是etc/.bashrc,但在我使用的两台server中没有找到.bashrc文件]
针对用户修改timeout,使得文本编辑器编辑配置文件:  ~/.bashrc

vi /etc/bashrc

在配置文件末尾添加:

TMOUT=300 //数字为timeout时间,单位为秒

readonly TMOUT

export TMOUT

也可以使用echo语句代替文本编辑器实现,通过在shell中执行:

echo “TMOUT=300” >> /etc/bashrc
echo “readonly TMOUT” >> /etc/bashrc
echo “export TMOUT” >> /etc/bashrc

再次登陆设备,timeout机制生效
3. Linux SSH server/Client timeout机制
暂时没有实现此功能,有兴趣的请参考:http://www.cyberciti.biz/faq/linux-unix-login-bash-shell-force-time-outs/

Fix Dynagen/dynamips error : netio_desc_create_udp: unable to connect to

OS CentOS 6.5 x86_64 installed on vmware
         Dynamips 0.2.10
There is an error when loading a .net file with 100 devices named test.net by Dynagen.0.11.0:
netio_desc_create_udp: unable to connect to
I searched on Internet about this error msg, most of posts shared a method: specified udp port of dynamips instance in .net file. But it doesn’t works for me.

As I found a Dynagen description in GNS3 website:
however Dynagen is still updated and developed for GNS3, this means you can download GNS3 sources, find Dynagen and start it. 
I downloaded GNS3 source code and found Dynagen in package for it should be the latest version.
The Dynagen version in GNS3 is 0.13.1, newer than official : 0.11.0 ; and test.net can be loaded successfully by it:
chmod +x dynagen.py
./dynagen.py test.net

The error : netio_desc_create_udp: unable to connect to has been fixed.