交流群： 思科 CCNP 交流群：69721386Here’s an example topology for Cisco IOU to help you get started:In this example, SF is an IOU instance running on host “solaris”. IOUlive is also running on this host, bridging SF’s Ethernet0/0 interface to my physical network (and to the world).SJ1, SJ2, and SJ3 are IOU instances running on host “helium”.The Ethernet1/0 interface on SF is connected to Ethernet0/1 on SJ1 are connected, even though they are on separate physical hosts.The Ethernet0/0 interfaces on SJ1, SJ2, and SJ3 are connected, sharing a common network segment.Last, SJ2 and SJ3 are connected via their Serial1/0 interfaces.Hopefully, this should be good enough to demonstrate the various options for connecting IOU instances.The NETMAP file交流群： 思科 CCNP 交流群：69721386When connecting IOU instances across physical hosts, the hosts should share a common NETMAP file. If it isn’t possible to use NFS, you’ll need to duplicate the file on each host. I’m not running NFS at home, so I’ve simply copied the file over to both hosts.The IOU instance IDs are assigned as follows:• SF : 100 • SF : 199 (IOUlive) • SJ1 : 151 • SJ2 : 152 • SJ3 : 153Here’s what my NETMAP file looks like:100:0@solaris 199:0@solaris100:1@solaris 151:16@helium151:0@helium 152:0@helium 153:0@helium152:1@helium 153:1@heliumConnect SF to the real worldI’ll start by firing up the SF router on solaris:$ ./unix-js-m 100 ./unix-js-IOS On Unix - Cisco Systems confidential, internal use onlyPort 0 is connected to:199:0@solarisPort 16 is connected to:151:16@helium交流群： 思科 CCNP 交流群：69721386...output snipped...Next, I’ll startup IOUlive so that SF is connected to my physical network:$ ./ioulive /dev/hme0 199Port 0 is connected to:100:0@solaris/dev/hme0 is the NIC on solaris that is connected to my network.I’ll bring up the Ethernet0/0 interface on SF:SF# conf tEnter configuration commands, one per line. End with CNTL/Z.SF(config)# interface ethernet 0/0SF(config-if)# ip address 203.0.113.2 255.255.255.0SF(config-if)# no shutdownVerify I can ping my (physical) router:SF(config-if)# do ping 203.0.113.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 203.0.113.1, timeout is 2 seconds:.!!!!交流群： 思科 CCNP 交流群：69721386Success rate is 80 percent (4/5), round-trip min/avg/max = 20/33/40 msSo SF, an IOU instance, has connectivity with my physical router at home, a Cisco 1811. Just for good measure, let’s add a default route and see if we can ping hosts on the Internet:SF(config-if)# exitSF(config)# ip route 0.0.0.0 0.0.0.0 203.0.113.1 203.0.113.1SF(config)# do ping 4.2.2.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 40/50/72 msLooks like we’re all set!Bring up SJ1Now let’s bring up the SJ1 IOU instance on helium:$ ./i86bi_linux-ipbase-ms -e 1 -s 0 151 ./i86bi_linux-ipbase-***************************************************************IOS On Unix - Cisco Systems confidential, internal use onlyUnder no circumstances is this software to be provided to anynon Cisco staff or customers. To do so is likely to resultin disciplinary action. Please refer to the IOU Usage policy at交流群： 思科 CCNP 交流群：69721386 for more information.***************************************************************Port 0/0 is connected to:152:0@helium153:0@heliumPort 0/1 is connected to:100:1@solaris...output snipped...Connect SJ1 to SFNow that SJ1 is up, let’s get it connected to the SF router:SF(config)# int e1/0SF(config-if)# ip addr 10.0.0.1 255.255.255.0 10.0.0.1SF(config-if)# no shutdownSJ1# conf tEnter configuration commands, one per line. End with CNTL/Z.SJ1(config)# int e0/1SJ1(config-if)# ip address 10.0.0.2 255.255.255.0SJ1(config-if)# no shutdown交流群： 思科 CCNP 交流群：69721386Note that SF is running on the physical host “solaris”, a Solaris 8/SPARC box, and SJ1 is running on the physical host “helium”, an Ubuntu 10.04/x86 box.Let’s verify we have connectivity:SJ1(config-if)# do ping 10.0.0.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:.!!!!Success rate is 80 percent (4/5), round-trip min/avg/max = 20/28/40 msNow we’ll bring up the Ethernet0/0 interface on SJ1 that shares a segment with SJ2 and SJ3:SJ1(config-if)# int e0/0SJ1(config-if)# ip addr 10.123.123.1 255.255.255.0 10.123.123.1SJ1(config-if)# no shutdownBring up SJ2Let’s bring up the SJ2 instance:$ ./i86bi_linux-ipbase-ms -e 1 -s 1 152 ./i86bi_linux-ipbase-***************************************************************IOS On Unix - Cisco Systems confidential, internal use onlyUnder no circumstances is this software to be provided to anynon Cisco staff or customers. To do so is likely to result交流群： 思科 CCNP 交流群：69721386in disciplinary action. Please refer to the IOU Usage policy at for more information.***************************************************************Port 0/0 is connected to:151:0@helium153:0@heliumPort 1/0 is connected to:153:1@helium...output snipped...Let’s configure the Ethernet0/0 and Serial1/0 interfaces:SJ2# conf tEnter configuration commands, one per line. End with CNTL/Z.SJ2(config)# interface ethernet 0/0SJ2(config-if)# ip address 10.123.123.2 255.255.255.0SJ2(config-if)# no shutdownSJ2(config-if)# interface serial 1/0SJ2(config-if)# ip address 10.10.23.2 255.255.255.0 255.255.255.0SJ2(config-if)# no shutdownVerify we can ping SJ1′s Ethernet0/0 interface:交流群： 思科 CCNP 交流群：69721386SJ2(config-if)# do ping 10.123.123.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.123.123.1, timeout is 2 seconds.!!!!Success rate is 80 percent (4/5), round-trip min/avg/max = 4/6/8 msBring up SJ3Now we’ll bring up the SJ3 router:$ ./i86bi_linux-ipbase-ms -e 1 -s 1 153 ./i86bi_linux-ipbase-***************************************************************IOS On Unix - Cisco Systems confidential, internal use onlyUnder no circumstances is this software to be provided to anynon Cisco staff or customers. To do so is likely to resultin disciplinary action. Please refer to the IOU Usage policy at for more information.***************************************************************Port 0/0 is connected to:151:0@helium152:0@heliumPort 1/0 is connected to:交流群： 思科 CCNP 交流群：69721386152:1@helium...output snipped...Configure Ethernet0/0 and Serial1/0:SJ3# conf tEnter configuration commands, one per line. End with CNTL/Z.SJ3(config)# interface ethernet 0/0SJ3(config-if)# ip address 10.123.123.3 255.255.255.0SJ3(config-if)# no shutdownSJ3(config-if)# interface serial 1/0SJ3(config-if)# ip address 10.10.23.3 255.255.255.0 255.255.255.0SJ3(config-if)# no shutdownVerify we can ping SJ1 and SJ2′s Ethernet0/0 interfaces:SJ3(config-if)# do ping 10.123.123.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.123.123.1, timeout is 2 seconds:.!!!!Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 msSJ3(config-if)# do ping 10.123.123.2交流群： 思科 CCNP 交流群：69721386Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.123.123.2, timeout is 2 seconds:.!!!!Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/4 msVerify we can ping SJ2 over the Serial1/0 interface:SJ3(config-if)# do ping 10.10.23.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.10.23.2, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/12 msGreat, full connectivity so far! Let’s enable OSPF on SF and SJ1:SF(config-if)# router ospf 42SF(config-router)# network 10.0.0.1 0.0.0.0 area 0SJ1(config-if)# router ospf 42SJ1(config-router)# network 10.0.0.2 0.0.0.0 area 0SJ1(config-router)# network 10.123.123.1 0.0.0.0 area 0Make sure the OSPF adjacency between SF and SJ1 came up:交流群： 思科 CCNP 交流群：69721386SF(config-router)# do sh ip ospf neighNeighbor IDPriStateDead TimeAddressInterface10.123.123.11FULL/BDR00:00:3610.0.0.2Ethernet1/0Let’s look at the routing table on SF:SF(config-router)# do sh ip route | begin GatewayGateway of last resort is 203.0.113.1 to network 0.0.0.0C203.0.113.0/24 is directly connected, Ethernet0/010.0.0.0/24 is subnetted, 2 subnetsO10.123.123.0 [110/20] via 10.0.0.2, 00:00:50, Ethernet1/0C10.0.0.0 is directly connected, Ethernet1/0S*0.0.0.0/0 [1/0] via 203.0.113.1Inject default route into OSPFSince SF has a route to the world, let’s inject a default route there into OSPF:SF(config-router)# default-information originate default-Make sure it shows up on SJ1:SJ1(config-router)# do sh ip route | begin GatewayGateway of last resort is 10.0.0.1 to network 0.0.0.0交流群： 思科 CCNP 交流群：69721386O*E2 0.0.0.0/0 [110/1] via 10.0.0.1, 00:00:44, Ethernet0/110.0.0.0/8 is variably subnetted, 4 subnets, 2 masksC10.0.0.0/24 is directly connected, Ethernet0/1L10.0.0.2/32 is directly connected, Ethernet0/1C10.123.123.0/24 is directly connected, Ethernet0/0L10.123.123.1/32 is directly connected, Ethernet0/0Configure default route on SJ2 and SJ3On SJ2 and SJ3, let’s configure a default route towards SJ1:SJ2(config-if)# ip route 0.0.0.0 0.0.0.0 10.123.123.1SJ3(config-if)# ip route 0.0.0.0 0.0.0.0 10.123.123.1 routeMake sure SF can talk to SJ2 and SJ3:SF(config-router)# do ping 10.123.123.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.123.123.2, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 28/44/60 msSF(config-router)# do ping 10.123.123.3交流群： 思科 CCNP 交流群：69721386Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.123.123.3, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 28/52/88 msConfigure NAT on SFNow that we have full connectivity, let’s configure NAT on the SF router so that SJ1, SJ2, and SJ3 can talk to the outside world:SF(config-router)# interface ethernet 0/0SF(config-if)# ip nat outsideSF(config-if)# interface ethernet 1/0SF(config-if)# ip nat insideWe’ll need an ACL matching the source addresses to match, of course:SF(config-if)# ip access-list standard NAT access-SF(config-std-nacl)# permit 10.0.0.0 0.0.0.255SF(config-std-nacl)# permit 10.123.123.0 0.0.0.255SF(config-std-nacl)# permit 10.10.23.0 0.0.0.255Last, we’ll use “ip nat …” to tell SF how to work its magic:SF(config-std-nacl)# ip nat inside source list NAT int e0/0 overload intVerify connectivity交流群： 思科 CCNP 交流群：69721386At this point, all routers should have connectivity to the outside world. Let’s verify from SJ2 and SJ3 by pinging a couple of well-known public DNS servers:SJ2(config)# do ping 4.2.2.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 28/55/128 msSJ3(config)# do ping 8.8.8.8Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 80/100/120 msLooks like everything is working properly.Verify Internet connectivityLast, just for good measure, let’s connect to the web server this site runs on and issue a request:SJ3(config)# do telnet 206.125.175.18 80Trying 206.125.175.18, 80 ... OpenHEAD / HTTP/1.0交流群： 思科 CCNP 交流群：69721386HTTP/1.0 200 OKDate: Sat, 22 Jan 2011 22:52:01 GMTServer: Apache/2.2.17 (FreeBSD) mod_ssl/2.2.17 OpenSSL/0.9.8nX-Pingback: /xmlrpc.phpLink: <http://wp.me/nzh6>; rel=shortlinkConnection: closeContent-Type: text/html; charset=UTF-8[Connection to 206.125.175.18 closed by foreign host]SummaryThis post demonstrated a number of concepts that should be useful for those wanting to use IOU.First, we showed how the routers connect “physically”.Second, we showed how to construct a working NETMAP file to match our topology.Third, we started up our IOU instances and connect them across hosts and to the outside world.Fourth, we configured our routers (even configuring OSPF).Last, we showed how to verify we had connectivity with the outside world.交流群： 思科 CCNP 交流群：69721386I hope this post was helpful. I welcome your feedback in the comments section below!。