Ostinato Traffic Generator Voice and Data Traffic Policy and ACL Packets Capturing EVE-NG Pro Lab Guide

Download as pdf or txt
Download as pdf or txt
You are on page 1of 21
At a glance
Powered by AI
The document describes configuring a lab network using Ostinato to generate different traffic types and verify policies using ACLs.

IP addressing is configured on the host stations and Ostinato traffic generator according to the initial configurations preloaded in the lab.

Ostinato is used to generate CS3, EF, ICMP, HTTP and DNS traffic between nodes in the lab network.

Ostinato Traffic Generator

Voice and Data traffic policy and ACL


packets capturing
EVE-NG Pro Lab guide

_____________________________________________
Author Uldis Dzerkals
EVE-NG Pro, 2021
Ostinato Lab
EVE-PRO, 2021
__________________________________________________________________________________

Contents
I. Lab nodes ........................................................................................................................................ 3
II. Lab Task .......................................................................................................................................... 3
III. Solution ....................................................................................................................................... 4
1. Configure IP addressing .............................................................................................................. 4
2. Configure switching .................................................................................................................... 4
3. Configure OSPF AS 1 Area 0. ....................................................................................................... 6
5. Configure Data Access List .......................................................................................................... 7
6. Obtain Source and Destination MAC addresses ......................................................................... 7
7. Configure Ostinato CS3 stream ................................................................................................... 7
8. Configure Ostinato EF stream ................................................................................................... 10
9. Configure Ostinato ICMP stream .............................................................................................. 12
10. Configure Ostinato WWW stream ........................................................................................ 14
11. Configure Ostinato DNS stream ............................................................................................ 16
IV. Verification ............................................................................................................................... 18
1. Run Ostinato streams................................................................................................................ 18
2. Policy and ACL Verification ....................................................................................................... 19
3. Verification with Wireshark ...................................................................................................... 20

__________________________________________________________________________________
Created by Uldis Dzerkals, EVE-NG Ltd, 2021 2
Ostinato Lab
EVE-PRO, 2021
__________________________________________________________________________________

Preface: Using Ostinato traffic generator, you will be able generate various traffic streams and
specific packets for your lab test network. Single Ostinato device can send flows in your lab from any
source to any destination. In this concept lab we will send traffic from PC1 to servers across the lab
and will capture specific traffic.

I. Lab nodes
1. Image versions used in lab.

• Routers: i86bi_LinuxL3-AdvEnterpriseK9-M2_157_3_May_2018
• Switches: i86bi_linux_l2-adventerprisek9-ms.SSA.high_iron_20190423.bin
• Ostinato EVE Docker
• Host stations: EVE Docker GUI-Server

2. Initial configurations

Hosts and Ostinato Traffic Generator IP configurations are preloaded in the lab. (Startup
configuration).

NOTE: before start the lab, make sure your all nodes has set proper IOL L3 image. Use side bar More
Options/Wipe all nodes.

II. Lab Task


✓ Configure QoS Voice traffic policy for DCSP CS3 – bandwidth 33% and EF – bandwidth 5%
traffic.
✓ Configure Access list to capture, DNS, WWW and ICMP packets from PC1 to WWW server.
✓ Generate stream packets using Ostinato traffic generator.

__________________________________________________________________________________
Created by Uldis Dzerkals, EVE-NG Ltd, 2021 3
Ostinato Lab
EVE-PRO, 2021
__________________________________________________________________________________

III. Solution
1. Configure IP addressing
Objective: Configure IP addresses on all routers as illustrated in the network topology.
R1
interface Ethernet0/0
ip address 192.168.101.254 255.255.255.0
no shut

interface Serial1/0
ip address 10.0.0.1 255.255.255.252
no shut

interface Serial1/1
ip address 10.0.0.5 255.255.255.252
no shut

R2
interface Ethernet0/0
no ip address
no shut

interface Ethernet0/0.102
encapsulation dot1Q 102
ip address 192.168.102.254 255.255.255.0

interface Ethernet0/0.104
encapsulation dot1Q 104
ip address 192.168.104.254 255.255.255.0

interface Serial1/0
ip address 10.0.0.2 255.255.255.252

R3
interface Ethernet0/0
ip address 192.168.103.254 255.255.255.0

interface Serial1/0
ip address 10.0.0.6 255.255.255.252

2. Configure switching
Objective: Configure switches’ VLANs and ports as below

SW1
hostname SW1

vtp mode transparent

__________________________________________________________________________________
Created by Uldis Dzerkals, EVE-NG Ltd, 2021 4
Ostinato Lab
EVE-PRO, 2021
__________________________________________________________________________________

vlan 101
name Ostinato

interface Ethernet0/0
switchport access vlan 101
switchport mode access

interface Ethernet0/1
switchport access vlan 101
switchport mode access
no shut

SW2
hostname SW2

vtp mode transparent

vlan 102
name WWW_Server

vlan 104
name RTP

interface Ethernet0/0
switchport trunk encapsulation dot1q
switchport mode trunk

interface Ethernet0/1
switchport access vlan 102
switchport mode access

interface Ethernet0/2
switchport access vlan 104
switchport mode access

SW3
hostname SW3

vtp mode transparent

vlan 103
name LAN103

interface Ethernet0/0
switchport access vlan 103
switchport mode access

interface Ethernet0/1
switchport access vlan 103
switchport mode access

__________________________________________________________________________________
Created by Uldis Dzerkals, EVE-NG Ltd, 2021 5
Ostinato Lab
EVE-PRO, 2021
__________________________________________________________________________________

interface Ethernet0/2
switchport access vlan 103
switchport mode access

3. Configure OSPF AS 1 Area 0.


Objective: Configure OSPF routing in AS 1 Area 0
R1
router ospf 1
network 10.0.0.0 0.0.0.3 area 0
network 10.0.0.4 0.0.0.3 area 0
network 192.168.101.0 0.0.0.255 area 0

R2
router ospf 1
network 10.0.0.0 0.0.0.3 area 0
network 192.168.102.0 0.0.0.255 area 0
network 192.168.104.0 0.0.0.255 area 0

R3
router ospf 1
network 10.0.0.4 0.0.0.3 area 0
network 192.168.103.0 0.0.0.255 area 0

4. Configure Voice QoS Policy


Objective: Configure Class map “signal” to capture DSCP cs3 packets. Configure Class map “rtp” to
capture DSCP ef packets. Configure and apply service policy for rtp class map as 33% of bandwidth
and 5% for class signal. Apply policy map on R1 S1/0 interface outbound direction.

R1
class-map match-any signal
match ip dscp cs3
class-map match-any rtp
match ip dscp ef

policy-map VoIP
class rtp
bandwidth percent 33
class signal
bandwidth percent 5
class class-default
fair-queue

interface Serial1/0
service-policy output VoIP

__________________________________________________________________________________
Created by Uldis Dzerkals, EVE-NG Ltd, 2021 6
Ostinato Lab
EVE-PRO, 2021
__________________________________________________________________________________

5. Configure Data Access List


Objective: Configure and apply Access list to permit www and domain traffic from network
192.168.103.0/24 to WWW server host 192.168.102.10. Configure deny ICMP traffic from network
192.168.103.0/24 to WWW server host 192.168.102.1. Permit any other traffic. Access group must
be applied to the R2 S1/0 interface inbound direction.

R2
ip access-list extended ostinato
permit tcp host 192.168.103.100 host 192.168.102.100 eq www
deny icmp 192.168.103.0 0.0.0.255 host 192.168.102.100
permit udp host 192.168.103.100 host 192.168.102.100 eq domain
permit ip any any

interface Serial1/0
ip access-group ostinato in

6. Obtain Source and Destination MAC addresses

6.1. Obtain Ostinato source MAC address. Open Ostinato host rdp console, select eth0 interface,
click on Tab “Devices” and select Radio button “Information”. Please note this MAC address for
further use. It is our lab Source MAC address: 50:0A:00:06:00:00

6.2. Obtain R1 router destination MAC address. Open R1 cli:


R1#show interface e0/0
Ethernet0/0 is up, line protocol is up
Hardware is AmdP2, address is aabb.cc00.0200 (bia aabb.cc00.0200)
Internet address is 192.168.101.254/24
MTU 1500 bytes, BW 10000 Kbit/sec, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)

Please note this MAC address for further use. It is our lab Destination MAC address:
AA:BB:CC:00:02:00

7. Configure Ostinato CS3 stream

Objective: Configure Ostinato DSCP CS3 stream from PC1 to RTP server
7.1. Open Ostinato rdp console, select eth0 interface, tab “Streams”. Right click on Streams area,
select “New Stream”.

__________________________________________________________________________________
Created by Uldis Dzerkals, EVE-NG Ltd, 2021 7
Ostinato Lab
EVE-PRO, 2021
__________________________________________________________________________________

7.2. Tab: Protocol Selection. Name: CS3-Stream. Select L2- Ethernet II, Select L3-IPv4, Select L4 TCP

7.3. Continue Tab “Protocol Data”. Media Access Protocol. Select mode: fixed for source and
destination MAC. Enter your source and destination MAC addresses.

__________________________________________________________________________________
Created by Uldis Dzerkals, EVE-NG Ltd, 2021 8
Ostinato Lab
EVE-PRO, 2021
__________________________________________________________________________________

7.4. Expand option “Internet Protocol ver 4”. Select DSCP cs3, and as source IP put PC1 IP:
192.168.10.3.100. As destination IP put RTP Server IP: 192.168.104.100.

7.5. Continue to Tab “Stream Control”. Make sure if stream will send 10 packets, and after stream is
completed, it will go to next stream. Confirm stream creation with OK

__________________________________________________________________________________
Created by Uldis Dzerkals, EVE-NG Ltd, 2021 9
Ostinato Lab
EVE-PRO, 2021
__________________________________________________________________________________

7.6. Confirm Stream with Apply

8. Configure Ostinato EF stream

Objective: Configure Ostinato DSCP EF stream from PC1 to RTP server


8.1. Right click on previously created CS3-Stream, select “Duplicate Stream”.

Count: 1, Click OK

Right click on Duplicated stream, select “Edit”

8.2. Tab: Protocol Selection. Name: EF-Stream. Select L2- Ethernet II, Select L3-IPv4, Select L4 UDP

__________________________________________________________________________________
Created by Uldis Dzerkals, EVE-NG Ltd, 2021 10
Ostinato Lab
EVE-PRO, 2021
__________________________________________________________________________________

8.3. Tab “Protocol Data” Expand option “Internet Protocol ver 4”. Select DSCP ef, and as source IP
put PC1 IP: 192.168.10.3.100. As destination IP put RTP Server IP: 192.168.104.100.

__________________________________________________________________________________
Created by Uldis Dzerkals, EVE-NG Ltd, 2021 11
Ostinato Lab
EVE-PRO, 2021
__________________________________________________________________________________

8.4. Continue to Tab “Stream Control”. Make sure if stream will send 10 packets, and after stream is
completed, it will go to next stream. Confirm stream creation with OK

8.5. Confirm Stream with Apply

9. Configure Ostinato ICMP stream

Objective: Configure Ostinato ICMP stream from PC1 to WWW server


9.1. Right click on previously created EF-Stream, select “Duplicate Stream”.

Count: 1, Click OK

Right click on Duplicated stream, select “Edit”

9.2. Tab: Protocol Selection. Name: ICMP-Stream. Select L2- Ethernet II, Select L3-IPv4, Select L4
ICMP

__________________________________________________________________________________
Created by Uldis Dzerkals, EVE-NG Ltd, 2021 12
Ostinato Lab
EVE-PRO, 2021
__________________________________________________________________________________

9.3. Tab “Protocol Data” Expand option “Internet Protocol ver 4”. Select DSCP cs0, and as source IP
put PC1 IP: 192.168.10.3.100. As destination IP put WWW Server IP: 192.168.102.100.

__________________________________________________________________________________
Created by Uldis Dzerkals, EVE-NG Ltd, 2021 13
Ostinato Lab
EVE-PRO, 2021
__________________________________________________________________________________

9.4. Continue to Tab “Stream Control”. Make sure if stream will send 10 packets, and after stream is
completed, it will go to next stream. Confirm stream creation with OK

9.5. Confirm Stream with Apply

10. Configure Ostinato WWW stream

Objective: Configure Ostinato WWW stream from PC1 to WWW server


10.1. Right click on previously created ICMP-Stream, select “Duplicate Stream”.

Count: 1, Click OK

Right click on Duplicated stream, select “Edit”

10.2. Tab: Protocol Selection. Name: WWW-Stream. Select L2- Ethernet II, Select L3-IPv4, Select L4
TCP

__________________________________________________________________________________
Created by Uldis Dzerkals, EVE-NG Ltd, 2021 14
Ostinato Lab
EVE-PRO, 2021
__________________________________________________________________________________

10.3. Tab “Protocol Data” Expand option “Transmission Control Protocol”. Select Override
destination port, Value: 80

__________________________________________________________________________________
Created by Uldis Dzerkals, EVE-NG Ltd, 2021 15
Ostinato Lab
EVE-PRO, 2021
__________________________________________________________________________________

10.4. Continue to Tab “Stream Control”. Make sure if stream will send 10 packets, and after stream
is completed, it will go to next stream. Confirm stream creation with OK

10.5. Confirm Stream with Apply

11. Configure Ostinato DNS stream

Objective: Configure Ostinato DNS stream from PC1 to WWW server


11.1. Right click on previously created WWW-Stream, select “Duplicate Stream”.

Count: 1, Click OK

Right click on Duplicated stream, select “Edit”

11.2. Tab: Protocol Selection. Name: DNS-Stream. Select L2- Ethernet II, Select L3-IPv4, Select L4
UDP

__________________________________________________________________________________
Created by Uldis Dzerkals, EVE-NG Ltd, 2021 16
Ostinato Lab
EVE-PRO, 2021
__________________________________________________________________________________

11.3. Tab “Protocol Data” Expand option “Transmission Control Protocol”. Select Override
destination port, Value: 53

11.4. Continue to Tab “Stream Control”. Make sure if stream will send 10 packets, and after stream
is completed, it will stop stream. Confirm stream creation with OK

__________________________________________________________________________________
Created by Uldis Dzerkals, EVE-NG Ltd, 2021 17
Ostinato Lab
EVE-PRO, 2021
__________________________________________________________________________________

11.5. Confirm Stream with Apply

IV. Verification
1. Run Ostinato streams
1.1. Navigate to Ostinato Port Statistics, select port 0-0 and click to Clear Selecetd Port Stats.

__________________________________________________________________________________
Created by Uldis Dzerkals, EVE-NG Ltd, 2021 18
Ostinato Lab
EVE-PRO, 2021
__________________________________________________________________________________

1.2. Navigate to Stream area and press “Run” After some time you will notice that 50 frames
were sent to yor topology.

2. Policy and ACL Verification


Navigate to R1 and R2 to check captured packets.

R1
R1#show policy-map interface serial 1/0
Serial1/0

Service-policy output: VoIP

Class-map: rtp (match-any)


10 packets, 500 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: ip dscp ef (46)
10 packets, 500 bytes
5 minute rate 0 bps
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 10/500
bandwidth 33% (509 kbps)

Class-map: signal (match-any)


10 packets, 500 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: ip dscp cs3 (24)
10 packets, 500 bytes
5 minute rate 0 bps
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 10/500
bandwidth 5% (77 kbps)

__________________________________________________________________________________
Created by Uldis Dzerkals, EVE-NG Ltd, 2021 19
Ostinato Lab
EVE-PRO, 2021
__________________________________________________________________________________

Class-map: class-default (match-any)


252 packets, 19288 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: any
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops/flowdrops) 0/0/0/0
(pkts output/bytes output) 252/19288
Fair-queue: per-flow queue limit 16 packets
R1#

R2
R2#sh access-lists
Extended IP access list ostinato
10 permit tcp host 192.168.103.100 host 192.168.102.100 eq www (10
matches)
20 deny icmp 192.168.103.0 0.0.0.255 host 192.168.102.100 (10 matches)
30 permit udp host 192.168.103.100 host 192.168.102.100 eq domain (10
matches)
40 permit ip any any (127 matches)
R2#

3. Verification with Wireshark


3.1. Navigate to topology, right click on R2 router, Select Capture/Interface S1/0. Select Cisco
HDLC.
3.2. Run Ostinato Streams again.

You will notice that packets contain our configured DSCP or Ports

__________________________________________________________________________________
Created by Uldis Dzerkals, EVE-NG Ltd, 2021 20
Ostinato Lab
EVE-PRO, 2021
__________________________________________________________________________________

__________________________________________________________________________________
Created by Uldis Dzerkals, EVE-NG Ltd, 2021 21

You might also like