If you happened to read my Deep End blog earlier this week, you know I'm currently in a bind with a large WAN project. Cisco's ASA shortage has been threatening to leave me high and dry, with the very real potential of live circuits in three major metropolitan areas going live with no hardware to plug into them. The immediate fallback plan is to use pfSense running on workstation-class systems to at least test the circuits. The problem is that there's little time to get this project done, and a shortage of Cisco ASAs means there will be virtually no time to stage and test the hardware before I hop on several planes.
Out of desperation, I explored the current state of Cisco IOS emulation software -- specifically open source tools. I found that GNS3 has come a long, long way since the last time I used it. In fact, it's become a simply fantastic tool for network administrators of any stripe or skill level.
[ So many problems, so little time -- Cisco back orders, the Terry Childs verdict, McAfee's blunder, American telecom, an imperfect iPad, and tsunamis and falling crates. They're all in Paul Venezia's The Deep End blog. ]
GNS3 stands for Graphical Network Simulator, version 3. It's a Python application that runs on Windows, Mac OS X, and Linux, providing a drag-and-drop GUI for sketching out network architectures. It functions as a design and interconnect environment, leveraging Dynamips and QEMU for the actual hardware emulation.
The upshot is that within a few minutes of installation, I was building out my planned WAN architecture with Cisco routers and ASA firewalls, connecting them in the GUI as you would a standard network diagram in Visio or OmniGraffle. Better still, each of the routers and firewalls could be booted in emulation, configured, tweaked, and tested, and the configuration pulled off for use in production. It has proven to be invaluable in this time of Cisco supply woes.
Bring your own Cisco IOS
Note that GNS3 provides an emulation framework only. You have to supply your own IOS images to use any of the Cisco emulation tools. (Some Juniper devices are supported as well.) In the case of the Cisco ASA firewalls, a significant amount of manual labor is required to peel apart ASA images for use in Qemu. This part isn't for the faint of heart, but in reality is not difficult, and it's documented in a variety of sites discussing GNS3 and Qemu (for instance, see "How to emulate Cisco ASA").
Another caveat is that you're on your own. Since GNS3 and QEMU aren't exactly supported by Cisco, there's no vendor hand-holding. Versions of ASA code over 8.1 aren't functional at the moment, but ASA version 8.02 appears to function just fine.
For Cisco routers, it's much simpler. Select a router model, point GNS3 at the IOS image, and up it comes. It boots in a matter of seconds too.