2017.11.14 – Cisco IOS XRv on VMWare Fusion

Posted on by

In this article, I will show how I’ve installed my first IOS XRv router using print screens and step by step procedure. At the end, I’ve added also a problem I’ve encountered after installation. Let’s get started …

Software

  • MacOS Sierra 10.12.6
  • VMWare Fusion 8.5.7 non-pro
  • Cisco Virtual XR router package iosxrv-k9-demo-5.1.3.vmdk

Installation

Step 1. Download the package iosxrv-k9-demo-5.1.3.vmdk from Cisco website.

Step 2. Open VMWare Fusion application, Add > New… and chose to Create a custom virtual machine option. 

Step 3. Select Other > Other for Operating System.

Step 4. Chose to Use an existing disk > Chose virtual disk… and browse to find the iosxrv-k9-demo-5.1.3.vmdk package downloaded in step 1.

Step 5. Click Continue and get the Finish summary of the installation.

Step 6. Edit virtual machine:

  • 1 processor core
  • 3Gb Memory
  • Check box for Enable VT

Step 7. Remove sound card and CD/DVD drive.

Step 8. By default, the VM will have a single Network adapter that will be used as serial. Next, we will have to add, for example, 3 more network adapters.

Step 9. In VMware Fusion to add the network interfaces and the serial ports for XRv you must manually edit the .vmx file before starting it.

  • You must create at least one serial port, and up to four are supported. (The first acts as IOS XR console port, and the others provide ksh consoles.).
  • You can create up to 128 (depending on hypervisor’s capabilities) network interfaces.

Click on Option+right-mouse click on VM > Open Config file in editor and add the highlighted lines.

ethernet0.virtualDEV = "e1000"
ethernet1.virtualDEV = "e1000"
ethernet2.virtualDEV = "e1000"
ethernet3.virtualDEV = "e1000"
serial0.present = "TRUE"
serial0.fileType = "network"
serial0.fileName = "telnet://127.0.0.1:9001"
serial0.startConnected = "TRUE"
serial0.yieldOnMsrRead = "TRUE"

Step 10. Turn on the VM. The display will block like in the screen below and it will not change. You can minimize the window.

Step 11. Open the Terminal and > telnet 127.0.0.1 9001. You will have to set a username and secret password.

Step 12. Check the interfaces.

Step 13. Enjoy!

Problem

After configuring an interface and ssh, when trying to connect from MacBook Sierra to IOS XRv using ssh I get an error
Last login: Tue Nov 14 13:09:01 on ttys001

Murgescus-MacBook-Pro:~ silvia$ ssh 172.16.226.11

Unable to negotiate with 172.16.226.11 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
Configuration into IOS XRv seems correct
RP/0/0/CPU0:ios#show run 
Mon Nov 13 20:26:32.482 UTC
Building configuration...
!! IOS XR Configuration 5.1.3
!! Last configuration change at Mon Nov 13 20:15:45 2017 by silvia
!
telnet vrf default ipv4 server max-servers 10
interface MgmtEth0/0/CPU0/0
ipv4 address 172.16.226.11 255.255.255.0
!
interface GigabitEthernet0/0/0/0
shutdown
!
interface GigabitEthernet0/0/0/1
shutdown
!
interface GigabitEthernet0/0/0/2
shutdown
!
ssh server vrf default
end

RP/0/0/CPU0:ios#sh ipv4 int brief
Mon Nov 13 20:28:00.566 UTC

Interface IP-Address Status Protocol
MgmtEth0/0/CPU0/0 172.16.226.11 Up Up 
GigabitEthernet0/0/0/0 unassigned Shutdown Down 
GigabitEthernet0/0/0/1 unassigned Shutdown Down 
GigabitEthernet0/0/0/2 unassigned Shutdown Down

RP/0/0/CPU0:ios#
 Google Search to find the REASON

MacOS Sierra is rejecting that cipher type because it is very weak (reference: Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice). However, this does not necessarily apply only to MacOS, but to any running OS with the latest OpenSSH v7. SHA1 is weak, so support for it has been removed from the newest version of macOS. Because of the latest OpenSSH version, some older (legacy) encryption algorithm has been removed from the default.

My Solution

As my game&play is a lab environment, I will use telnet to connect to the IOS XRv VM.