VIRL Networking Overview

Before we start with our labs, it is beneficial to understand how the networking works inside a VIRL server. The VIRL server itself is a KVM-enabled hypervisor, where all the simulated nodes run within. If you were running VIRL on a VMware hypervisor as a VM guest, all of a sudden you have created a two-level deep virtual environment. It is called “Nested Virtualization”.

Here is the overall topology of how VIRL, LXC and the simulation work together. Note each node would have their management interface connected to the LXC. The management interface does not participate in data-plane traffic. It is designed for management only. From a user’s perspective, we can login either through the management interface or directly over the IP of data network port. The same theory applies to how you access a physical network device. For example, you can choose to manage a Cisco ASA over its management interface or one of its data interfaces.

The diagram above represents a “Private” lab. It can be either a Private Project or a Private Simulation. A private network uses LXC, while a “Shared flat network” does not use a LXC.

Private Simulation
• Private Simulation has its own LXC. LXC has connectivity to only those nodes running within a single simulation.
• The LXC cannot see and therefore cannot access the nodes in any other simulations, even those running as part of the same project.

Private Project
• Private Project shares a LXC, even though there are multiple simulations going on in the same Project.
• The LXC cannot see and therefore cannot access the nodes in any other project.
As you can see the LXC is not only used as a convenient jump-box, it is also used to create a barrier to segregate multiple simulations or projects in a shared lab environment.

Shared FLAT Network
• A shared flat network eliminates the needs of a LXC.
• The management interfaces of the nodes in a simulation are placed directly on the FLAT (172.16.1.0/24) network.
• Nodes have visibility to all other nodes in simulations, regardless project or user.
• VIRL will have direct access to all simulated nodes via its ETH1 on the FLAT network.
To change the type of a simulation, click on the blank area of a network topology (without selecting any node) and go to “Properties > Topology”. Here you can choose the type from a pull-down menu.

Illustrated below is a Shared FLAT Network. Since we’re going to use the FLAT subnet for data-plane connectivity we will have to use one of the “private” methods for management. A FLAT network cannot be used for both management and data-plane connectivity at the same time.

It is recommended to review the fundamental concepts and knowledge about VIRL before moving on to the labs. The VIRL BOOK covers in-depth knowledge and prepares you for this workbook.
http://www.virlbook.com