VIRL has been out for a while and many are already using it for Cisco studies. One area of interest, for me at least, is using VIRL for security topics. In this post I’ll start to frame up how I’ve been using VIRL in my training as well as personal studies and how it integrates into the existing lab network that I use. The diagram below gives an example of the type of topology that one might get started with. It’s not all VIRL, but the core of it is.
The High Level
The following image depicts a simple security network.
In this diagram there are four devices that VIRL is handling. The IOSv, Ubuntu Server, and Unmanaged Switch are all part of the VIRL install. With a little effort the ASAv can also be run inside of VIRL. To date the ASAv is not officially supported but the next release should include it as well as L2 capability.
Digging deeper into the topology, the entire topology with the exception of my Mac is running on a single ESXi server.
The network cloud is a L2 connection using the VIRL network Flat which maps to VLAN 40 in the ESXi sever which is trunked to the physical network.
The connection from the unmanaged switch to the ISE1.3 VM is also a connection to a L2 network, in this case Flat-1. The VIRL topology isn’t as pretty but you can see below how it’s laid out in VMMaestro.
The ISE install has been covered in other locations so I won’t rehash that. Its a basic OVA deployment with ISE 1.3. The ASAv did take a bit of haggling. The best resource for its configuration is found in the Cisco webinar found on youtube, and embedded below.
Personally for me I’ll be integrating other products into the VIRL lab, such as Solarwinds NPM, F5 Load Balancers, and I’m going to take a run at some SDN integration if I can wrap my head around it. The point is with the VIRL platform the possibilities are increasing as far as what you can do. I think we’re currently at the second update to VIRL with a third expected this month including L2 and ASAv native in VIRL. I’ll be using VIRL for demonstrations in my video training as well as a few other new training offerings that should publish soon.
If you’re interested in more VIRL posts please leave a comment and let me know. Cisco has a really good dev-net form for VIRL but it doesn’t seem to be focused on using VIRL for certification studies. There are tons of sites out there using GNS3 in their tutorials, which makes sense since it’s a much more mature product. Alas, VIRL is likely the way I’ll go from here on out.