Iwan Hoogendoorn

Hi,

Based on the Cisco CCIE Worldwide Statistics website and the website of  Antonio Soares’ stats page I created some cool charts.

Here you go and have fun!

Last 5 years

2006

2007

2008

2009

2010

Hi,

As I was telling you in my previous blog article Cisco Pagent is a set of tools…
Well what kind of tools and what can you do with these tools exactly?

Sit back and prepare yourself for some nice intel.

Pagent Tools

Traffic Generation, Count and Capture

• TGN—create and send packets
• PKTS—capture, fast-count, and display packets
• Template Compiler—language for defining packet formats
• Pagent Classic—create, send, capture, fast-count and display packets

IOS-Based Scripting

• SRE (Stimulus Response Engine)—respond to an event
• Router-Based Tcl—Tcl interpreter in privileged exec mode

Verified Traffic

• RVT/CVT (Router Verified Traffic/Control Verified Traffic)—generates and verifies traffic on a simulated network
• IVT/TCP and IVT/UDP—IOS Classic-based load-generation tools
• NQR (Network Quality Reporter)—A simple IOS-based tool that measures end-to-end network delay, jitter, packet drop, and out-of-sequence packets

Session Emulators

• TCP Session Emulator—generates TCP traffic
• HTTP Session Emulator—generates HTTP traffic
• FTP Session Emulator—generates FTP traffic

Large Network Emulators

• LNE-BGP, LNE-IGRP, LNE-EIGRP, LNE-OSPF, LNE-ISIS, LNE-RIP, LNE-LDP
• emulate routers that advertise large router networks

Modify Traffic

• PMOD (Passthru MODify)—allows a Pagent router to be inserted into a test network
• CSYN (Clock Synch)—assists the Network Time Protocol (NTP) to synchronize clocks between two or more Pagent routers

Client Emulators

• ICE (IGMP Client Emulator)—emulates the behavior of a multicast client (receiver) in a multicast network
• DHCP Client Emulator—emulates DHCP client devices and each client gets an IP address allocated by the DHCP server Related Tool—NVT

NVT (Network Verification Tool)

• web browser-based GUI interface to the Pagent tools

Traffic Generation, Count and Capture

Traffic Generation, Count and CaptureTGN—Used to define and send packets on any combination of supported interfaces on arouter. The program has predefined templates to support the definition of specific packettypes. Packet lengths and the data in any header field can be set to constant, random orincrementing values. Packet definitions can be imported from the PKTS program capturebuffer.

PKTS—Used to capture and display incoming and/or outgoing packets from anycombination of interfaces on a router. It can fast-count packets, that is, it can count anddiscard packets at higher rates than IOS counters can support. PKTS supports the creationof filters that allow selective counting, capture or display.
Template Compiler—Provides a convenient, high-level language for defining packetformats. It adds new definitions to the Pagent tools TGN and PKTS at run time and allows
TGN traffic streams and PKTS filters to be defined using the new formats. It allows thedefinitions of multiple display methods that can be used to decode and display packets.

Pagent Classic—Pagent Classic is the original Cisco router and IOS based network traffictransmission and validation tool. It runs on any Cisco router and allows the user to defineand transmit virtually any packet in hex (including corrupted packets) on any interfacesupported by the hosting platform. It also allows the capture and hex display of packets onany interface. Its functionality has been superseded by the TGN and PKTS programs.

IOS-Based Scripting

SRE (Stimulus Response Engine)—An IOS-based scripting language for networking
applications. SRE scripts can be used to receive, manipulate, modify, and send packets, to
test and simulate protocol stacks.

Router-Based Tcl—Use of the TCL language allows you to develop scripts that will run
autonomously on the router, to define new router commands command options, run
automated tests, or define Pagent packet response procedures.

Verified Traffic

RVT/CVT (Router Verified Traffic/Control Verified Traffic)—Router Verified Traffic
(RVT) and Control Verified Traffic (CVT) are used together to test bridges and routers.
CVT can automatically create numerous traffic streams between many Pagent router
interfaces, for many different LAN media and network protocols. RVT can create modest
levels of verified traffic where every packet sent through the test network is validated for
correct sequence, data integrity, and length. RVT can also create fast-unverified traffic.

IVT/TCP and IVT/UDP—IOS Classic-based load generation tools. The TCP and UDP
tools generate traffic between one or more routers using the socket interface provided by
IOS. Traffic is specified in terms of one or more data streams between specific network
addresses, or endpoints. By default, the primary endpoint of each data stream sends
messages and the secondary endpoint echoes the messages back to the primary.

NQR (Network Quality Reporter)—NQR is an IOS-based program in the Pagent test tool
set, introduced in Pagent 3.7. It is a simple tool that measures end-to-end network delay,
jitter, packet drop, and out-of-sequence packets. Packets are sent from an NQR router into a
network, which is configured to route the packets back into one of the interfaces of the
NQR router. NQR processes the returned packets and calculates the necessary statistics.

Session Emulators

TCP Session Emulator—Generates TCP traffic. The tool provides configurable features
that enable a user to emulate various TCP application dialogs between a TCP client and a
TCP server. It emulates multiple hosts establishing thousands of TCP connections. All these
TCP sessions are short-lived, which is very typical for web or email traffic.

HTTP Session Emulator—Generates HTTP traffic. It emulates multiple HTTP clients
establishing HTTP connections to a HTTP server. It generates all kinds of HTTP traffic,
including all kinds of HTTP requests and HTTP responses.

FTP Session Emulator—FTPSE is a TCP application for transferring files. The FTPSE
Client Emulator generates real FTP traffic and emulates FTP client sessions which must talk
to a real FTP server. Currently FTPSE only supports the client side in passive mode

Large Network Emulators

LNE-BGP, LNE-IGRP, LNE-EIGRP, LNE-OSPF, LNE-ISIS, LNE-RIP,
LNE-LDP—LNE is comprised of seven programs to support six routing protocols. LNE is
used to emulate routers that advertise large router networks. It can emulate hundreds of
routers to emulate multiple peers to a router under test. To stress the router under test, LNE
can flap entire LNE routers, routes advertised by the LNE routers or route attributes.

PMOD—PMOD allows a Pagent router to be inserted into a test network so test traffic
passes through the router and then allows the traffic packets to be modified. Depending on
PMOD filters and configurations, the tool can selectively drop, alter, delay or timestamp
packets. It also allows test packets to act as triggers and can recalculate test packet IP, TCP
and UDP checksums.

CSYN—CSYN assists the Network Time Protocol (NTP) to synchronize clocks between
two or more Pagent routers by confirming how closely the routers are synchronized. CSYN
causes multiple Pagent routers to display their time simultaneously so you can determine
how closely their clocks are set.

Client Emulators

ICE (IGMP Client Emulator)—ICE is used to emulate the behavior of a multicast client
(receiver) in a multicast network. The multicast clients utilize Internet Group Management
Protocol (IGMP) to interact with the router on the same subnet. TGN or IVT/UDP is used to
inject multicast traffic with different multicast group addresses.

DCE (DHCP Client Emulator)—DCE emulates DHCP client devices and each client gets
an IP address allocated by the DHCP server. It keeps track of IP address lease time and
responds upon lease expiration. It also provides all DHCP packet statistics as well as the
client’s DHCP state..

NVT

NVT is a web-based application with a graphical user interface front end to the Pagent
tools. It’s a network verification tool, used in a laboratory environment, to test:

• new hardware and network designs
• new software features
• upgrades

before deployment into the production network.

NVT emulates a busy network environment by:

• generating multiprotocol traffic
• verified data traffic
• routing protocol updates

NVT includes a set of pre-defined configurable fields, (i.e., standardized templates), in which you can create your own test scenarios:

• each template (as task) represents an individual test case
• profiles are a collection of tasks, and other profiles, grouped together to be
• executed serially or in parallel
• profiles are used to organize test scenarios

NVT monitors test performance by querying the network devices. Types of tasks include
a traffic generator, a traffic analyzer, session emulator, and routing protocol emulators, as
well as device queries.

Hi,

Today I am going to tell you guys something about 2 tools that was developed by Cisco (or at least developed for Cisco)

Before I am telling anything about these tools I need to say cannot provide any of these tools and I will not provide any information on how you can get these tools.

The first tool is called IOU.
The second tool (that exist of a set of around 16 tools) is called Pagent.

IOU which basically means “IOS on Unix” is a tool that can simulate multiple router instances.

Pagent is based on the Cisco IOS (Internetwork Operating System), and developed within Cisco. The test tools are included in special IOS Pagent images.

IOU
IOS on Unix is a fully working version of IOS that runs as a user mode UNIX (Solaris) process. IOU is build as a native Solaris image and runs just like any other program on Solaris. IOU supports all platform independent protocols and features. It is possible to connect multiple copies of IOU trough the network to form some kind of virtual network.
This way you can build a bigger network using multiple Sun Ultrasparc machines.
There is also a version that runs on OSX (Mac) but I don’t know much about this version. It’s probably the same as the Solaris version but especially for Mac.
What is also nice to know is that there are IOU images available with the Pagent software build in.
Nowdays there is a programs like Dynamips, Dynagen and GNS3 doing the same IOU is doing.
Cisco employees (engineers) are using IOU to test complex designs and features in order to support large customers.

Pagent
The primary function of the Pagent tool set is to provide cost effective test tools to the Cisco community. This tool is NOT available for the public and requires a serial number based on the hardware serial number. There are some cracked versions available out there on torrent websites but this will not be the scope of this blog.

Since the tools are based on production hardware and the IOS operating system, the tools are not able to test the datalink level. They cannot affect frame checksums, preambles, inter frame gap times, or inject hardware failures.
There are limitations to the rates that Pagent tools can transmit and receive packets. Due to the processing power of the main CPU, not all IOS based devices are able to transmit packets at full media rates.

The Pagent programs are best used for testing layer 3 protocols and above. That is, emulating routing
protocols, multicast, TCP sessions, HTTP sessions. Pagent images have a security scheme to prevent illegal distribution outside Cisco. When an router is loaded with a Pagent image for the first time, it presents a machine Id that must be converted to a license key. Once the license key is entered in the router, it is saved in the configuration so it is not required on subsequent downloads.

Pagent tools
• TGN (Traffic Generator) is used to define and send packets on any combination of supported
interfaces on a router. The program has predefined templates to support the definition of specific
packet types. Packet lengths and the data in any header field can be set to constant, incrementing
or random values. Packet definitions can be imported from the PKTS program capture buffer.
• PKTS (Packet Count and Capture) can capture and display incoming and/or outgoing packets from
any combination of interfaces on a router. It can fast-count packets, that is, it can count and discard
packets at higher rates than IOS counters can support. PKTS supports the creation of filters that
allow selective counting, capture or display
• Template Compiler provides a convenient high-level language for defining packet formats. It adds
new packet definitions to the Pagent tool set (TGN and PKTS) at run time and allows TGN traffic
streams and PKTS filters to be defined using the new formats. It allows the definition of multiple
display methods that can be used to decode and display packets.
• Router Verified Traffic (RVT) and Control Verified Traffic (CVT) are used together to test bridges
and routers. CVT can automatically create numerous traffic streams between many Pagent router
interfaces, for many different LAN media and network protocols. RVT can create modest levels of
verified traffic where every packet sent through the test network is validated for correct sequence,
data integrity, and length. RVT can also create fast-unverified traffic.
• PMOD (Passthru Modify) allows a Pagent router to be inserted into a test network so test traffic
passes through the router and then allows the traffic packets to be modified. Depending on PMOD
filters and configurations, the tool can selectively drop, alter, delay or timestamp packets. It also
allows test packets to act as triggers and can recalculate test packet IP, TCP and UDP checksums.
• TCP Session Emulator (TCPSE) is a tool for generating TCP traffic. The tool provides configurable
features that enable a user to emulate various TCP application dialogs between a TCP client and a TCP server. It emulates multiple hosts establishing thousands of TCP connections. All these TCP sessions are short-lived, which is very typical for web or email traffic.
• HTTP Session Emulator (HTTPSE) is a tool for generating HTTP traffic. It emulates multiple
HTTP clients establishing HTTP connections to a HTTP server. It generates all kinds of HTTP
traffic, including all kinds of HTTP requests and HTTP responses.
• FTP Session Emulator (FTPSE) is a TCP application for transferring files. The FTPSE Client
Emulator generates real FTP traffic and emulates FTP client sessions, which must talk to a real
FTP server. Currently FTPSE only supports the client side in passive mode.
• Large Network Emulators (LNE) is comprised of six programs to support six routing protocols:
BGP, OSPF, ISIS, EIGPR, IGRP and RIP. LNE is used to emulate routers that advertise large router
networks. It can emulate hundreds of routers to emulate multiple peers to a router under test. To
stress the router under test, LNE can flap entire LNE routers, routes advertised by the LNE routers
or route attributes.
• NQR) is , a tool to measure end-to-end network delay, jitter, packet drop, and out-of-sequence packets.

Next time I am going to go deeper into the pagent tools and I am going to give examples how LNE, TGEN, PKTS and much more is working.

Hi,

I proudly present the first cheatsheet that I made.

you can find it on the cheatsheet page.

Have fun and if you have any requests, remarks or questions just send me a mail.

Iwan Hoogendoorn

Hi,

Today I managed to get CME working on a GNS3/Dynamips router.
The steps that I followed:

- Create a new GNS3 Project
- Get the IOS version “c3725-adventerprisek9_ivs-mz.124-15.T6.bin”
- Get the CME files “cme-full-4.3.0.0.tar”
- Create a new 3700 router
- Edit the properties and change the PCMCI disk0 space to 99MB

- Create a cloud with a breakout to your real network with the Ethernet NIO interface

- When that is done connect 1 of the router interfaces to the NIO Cloud interface

- Start the Router
- Assign an IP address to the routers interface (the one that is connected to the NIO/LAN breakout interface) and if neccesary also put in a default gateway.
- Set up an TFTP server where you will put the “cme-full-4.3.0.0.tar” file on
- Make sure you can ping the TFTP server from the router (so that the TFTP server is accesable from the router)
- Do a “erase flash:” on the router
- Do a “format flash:” on the router in order to create a DOS filesystem
- Issue the follwing command

- From this moment on all files will be extractes into the routers flash.
- Before you can start you need to issue the following commands on the router

When this is done you can access the CME trough the browser with http:///telephony-service.html

Iwan Hoogendoorn

Hi,

I updated this blog with an extra page … If you wantto see how I am controlling most of the stuff at home with my iPhone you need to read the HSTouch iPhone interface page.

It contains a movie where I demonstrate this interface .

Have fun reading and watching!

Iwan Hoogendoorn

Hi,

Somewhere in 2007 I written an article on native IPv6 GRE Tunneling between 2 x Cisco 877’s.

This small test project was done together with my old manager Willem Eradus.

We both had an SixXS account with both our own IPv6 subnet. What the goal was is to connect the internal IPv6 LAN range of Willem and me together and create a so called native IPv6 tunnel.

In the article the following start summery is giving:

“The goal of this project is to set up a IPV6 GRE TUNNEL between 2 sites.
The sites used in this project are from Iwan (Rotterdam‐The Netherlands) & Willem (De Kwakel‐The Netherlands)
The end result will be that Willem can reach Iwan’s IPV6 internal network and Iwan Willem’s internal
IPV6 network”

The article can be found here –> IPV6-GRE-TUNNEL (41)

Have fun reading it!

Iwan Hoogendoorn

Hi,

There are plenty of blog posts on how to configure your Cisco ASA in a way so that your iPhone can set up an VPN connection to it.

I personally prefer THIS blog article.

In the earlier days I was able to store my password within the iPhone for my VPN connection towards my ASA, but sinds the 3.0 software came out it is always asking me for a password. When I try to store the password the password field is just greyed out and there is no option on the iPhone to unloch this.

Well I found the solution today! You need to configure this in the device that is your VPN server! In my case this will be the ASA 5505.

Within the remote access group policy attributes page  “group-policy iphone attributes” you need to put in the option “password-storage enable”

When this is done you save the config on the ASA and connect to the VPN once with your iPhone. After you connected once and typed in the password manually and you disconnected again you will be able to enter a password in the settings page of the iPhone IPSEC Client. When done you can simply click on “Save”.

It appears that earlier that earlier versions of the VPN client on iPhone OS builds prior to 3.0 did not enforce this.

I have to say this could not be safe to do this in terms of security … If you leave your iPhone unattended and there are people when know how these things word they can theoretically hack into your private network. I set up my iPhone that it asks for a security code after it went to standby. This way nobody can enter the VPN client without knowing this security code

Iwan Hoogendoorn

Hi,

I just updated the IRTrans (LAN-to-IR) page.

This is the 1 of the projects that kept me busy for a while but eventually I can now control all of my Infrared devices (TV, DVD, Xbox etc.) trough my computer.

Have fun with reading!

Iwan Hoogendoorn

Hi,

I just updated the Harrison RF-Curtain Rails page.

This page explains how I can control my curtains (open/close/stop) trough my computer.

Have fun reading this!

Iwan Hoogendoorn