**JUNOS router emulation in GNS3**
Comments
-
CCIEWANNABE Banned Posts: 465I doubt the Juniper software is FREE. Same for the Cisco IOS and PIX/ASA Images.
If someone can't follow step by step instructions and is relying on someone else creating a simple All-In-One software solution for them, they probably don't have much of a future in any advanced IT position.
C'mon Mike, i think you know what i meant;] of course the JUNOS you will have to get yourself through valid terms.
About the second comment, like some have metioned, I don't have free days to just sit around trying to figure out how to get multiple programs running, I've got IPv6, Multicast, BGP, IGP's, MPLS VPN's, Redistribution and other advanced CCIE R&S topics to study.
The developers still have some work to do to incorporate it smoothly into GNS3, as anyone can see. That's what they like to do and that's what keeps them going. For myself, I like Cisco/Juniper routers and configuring/troubleshooting advanced protocols on them, thats what I do. I'm a Network Analyst, not Systems Analyst :] There is a HUGE difference and anyone who says different is only kidding themselves. So let them do their thing, and I'll do my thing. When they can get this smoothed out, and i know they will, i guarantee I'll be off to the races with Juniper again :] -
compein Member Posts: 3 ■□□□□□□□□□Um, if you aren't an uber geek, what the hell are you doing trying to emulate a cli router os?
I know I'm really late to the discussion (I just joined today), but that's just an unbeatable argument! -
WebWideJosh Member Posts: 10 ■□□□□□□□□□I thought about building out an Olive a couple of years ago, but once I looked into it I was put off by the hardware requirements and time required messing around to get it working. Similarly with dynamips I put it off as I always had real hardware at my disposal. I think I will have a go at the GNS thing this weekend.
I was put off by the lack of OS availability. -
networker050184 Mod Posts: 11,962 ModMan, I've been trying to get one of these bad boys running today and its definitely no fun. Setting up dynamips is a walk in the park compared to this.An expert is a man who has made all the mistakes which can be made.
-
stuh84 Member Posts: 503networker050184 wrote: »Man, I've been trying to get one of these bad boys running today and its definitely no fun. Setting up dynamips is a walk in the park compared to this.
Once you have one setup as a base image, its quite easy to replicate them and change as needed. The GNS3/Qemu tutorials are good for that.Work In Progress: CCIE R&S Written
CCIE Progress - Hours reading - 15, hours labbing - 1 -
ccie15672 Member Posts: 92 ■■■□□□□□□□wow. You people kill me.
I have set up olive in VMWare, VirtualBox, and QEMU... The easiest for me was VirtualBox.
Its not that hard. the hardware requirements aren't that great. I have 4 olives on one server in my basement... I'm sure I could add several more.
Also, lets just be honest, you can download a VM image for olive with multicast working from torrent. I'm not condoning illegal activity, but seriously if you really wanted to you could download a working current version of JUNOS pretty quickly ready to boot in VMware.. no effort necessary.
Neither IOS or JUNOS is freely available. You need a CCO account or a Juniper website account to get the OSs.Derick Winkworth
CCIE #15672 (R&S, SP), JNCIE-M #721
Chasing: CCIE Sec, CCSA (Checkpoint) -
QHalo Member Posts: 1,488I toyed with setting up an Olive in VMware. It wasn't easy to do but I followed the Joost guide and as long as you follow it to the tee it works just fine. Once you get the first one setup Joost even goes through how to create the template VM to spawn others. It's really not that hard if you know how to follow directions and have a little common sense.
-
ccie15672 Member Posts: 92 ■■■□□□□□□□Actually, having said that I've done all three.. I would say that Virtualbox is by far superior to VMware for the purpose of having Olives.
The performance is better and you can use 8.1r4 without any multicast or VLAN issues, and its relatively easy to use. Just use named pipes for the serial ports...
With VMware, unless you want to load the multicast patch everytime, you have to use 9.0 or above, which can tax your server. Also you only have e1000 NICs which means no multiple VLANs per interface. (The e1000s show up as emX interfaces).Derick Winkworth
CCIE #15672 (R&S, SP), JNCIE-M #721
Chasing: CCIE Sec, CCSA (Checkpoint) -
MrPaul Member Posts: 5 ■□□□□□□□□□I've got 2 Olives running in Virtualbox 4 but I don't think multicast is working. The 2 olives are connected via a private network and I can ping across it.
Do I have to run 8.1r4 to get past the multicast issues? I'm running 9.3r3.8 with plans to move to the 10.x extended service release that's due any day now. -
JDMurray Admin Posts: 13,101 AdminGNS3 v0.8.2 was just released. Anyone have JunOS images running in it yet? There doesn't seem to be any specific support for it in the GUI other than a JunOS router icon. I don't see any specific documentation for JunOS images either. Do you need VirtualBox installed or can you just use QEMU with JunOS? *grumble grumble*
-
ccnxjr Member Posts: 304 ■■■□□□□□□□Finally got two olives up and running in GNS3.
Haven't put it through it's paces but at least they can ping each other and the configuration saves with the project.
Will post more extensively on it after I've had a celebratory coffee and completed an honest day's work.
Initially got it up and running with VirtualBox and after some more reading/tinkering built out a qemu image using FreeBSD 4.11 and JunOS 8.5R1.14.
The VirtualBox olive was pretty straight forward compared to the qemu image, which was a bit tricky, at least for me .
Finally got two olives up and running in GNS3.
Haven't put it through it's paces but at least they can ping each other and the configuration saves with the project.
Will post more extensively on it after I've had a celebratory coffee and completed an honest day's work.
Initially got it up and running with VirtualBox and after some more reading/tinkering built out a qemu image using FreeBSD 4.11 and JunOS 8.5R1.14.
The VirtualBox olive was pretty straight forward compared to the qemu image, which was a bit tricky, at least for me .
Editing, because i'd hate to reply to my own reply...(if that makes sense? )
Some of the key things that helped is the new release of GNS3, works right out of the box, no configuring really required.
This article helped A LOT
http://forum.gns3.net/topic3015.html
as well as the original "how to" for this
http://blog.gns3.net/2009/10/olive-juniper/
Yes you will be using the command line , a LOT
Those are pretty thorough, so I'll just point out a few things that I got hung up on while trying to get this going:
-Configure the Olive before integrating it into GNS3, do this from within the Qemu folder
(wherever it's stored/installed at)
--Use Qemu from a command line to start building your FreeBSD base image:
1) qemu-img.exe create junos-binary.img -f qcow2 8G
2) qemu -m 256 -hda junos-binary.img -cdrom 4.11-RELEASE-i386-miniinst.iso
--Once you've sourced your JunOS files, pack them in an ISO, then you can pass that ISO to the guest machine as what's in the CDROM drive.
1) qemu -m 256 -hda junos-binary.img -cdrom junos.iso
--You will then mount the ISO file from within the FreeBSD virtual machine
#mount /cdrom
#cp /cdrom/jinstall-10.1R1.8-domestic-olive.tgz /var/tmp/
.....follow instructions on unpacking and repacking... (your replacing a file in the archive)
I skipped this entire block from the http://blog.gns3.net/2009/10/olive-juniper/ article and it works.
md5 -q jinstall-8.5R1.14-domestic-signed.tgz > jinstall-8.5R1.14-domestic-signed.tgz.md5 openssh sha1 jinstall-8.5R1.14-domestic-signed.tgz > jinstall-8.5R1.14-domestic-signed.tgz.sha1
--Install JunOS
#pkg_add -f /var/tmp/juniper.tgz
So, now you have an Olive in Qemu image
Time to bring it into GNS3!
Assuming you already have GNS3 installed ....
Fire it and go to:
Edit > Preferences > Qemu
Under the Qemu tab
-Click on "Test settings", make sure your good to go
Now:
Edit > Preferences > Qemu >
Under the JunOS tab
-You'll want to edit the following options :
1) Identifier name: Olive-01
2) Location of the binary image
3) RAM (at least 256, more is better right? )
4) Qemu Options : " -serial telnet:127.0.0.1:1001,server,nowait,nodelay "(no quotations)
Then SAVE!
* Couple things to note, you will be using a telnet terminal initially as opposed to a serial terminal.
The Qemu option above basically redirects the virtual machine's serial connections to a telnet one.
There are other ways of doing it, but this one makes sense and works for me.
** Also you will have to login as root, and then type the command "cli" to start the JunOS shell
*** It would help all around if you read those two articles, compare notes. Maybe print them out and just go over them.
The mechanical actions involved and install time should only take 15-20 minutes, what takes the bulk of the time is just understanding what your doing and how to recover if you slip up on a command.
Now you can drag and drop your Juniper routers into your topology.
I'm down for some hand-holding or troubleshooting for the next couple weeks if anyone else has issues getting this up and running, just shoot me a pm. -
wes allen Member Posts: 540 ■■■■■□□□□□So, after being somewhat uninspired by looking into CCNA, I think I am going to start the Juniper path instead. Is this last post current on the best way to get some "hands on" with JunOS? I don't currently have space or $ for hardware, though that might change.
-
ccnxjr Member Posts: 304 ■■■□□□□□□□It's current, but don't expect to spin up an Olive without some reading.
You'll be first installing a FreeBSD vm, with very SPECIFIC partitioning requirements.
Then modifying an installation of JunOS.
The two links provide sufficient detail, I just tried to add a few of my own notes based on my experience. -
wes allen Member Posts: 540 ■■■■■□□□□□Coolness, so set aside a half a day and pack some snacks and plenty of caffeine kinda thing? Or, maybe would dropping $50/100 or Junosphere be enough to get through the first couple Juniper certs? Looking at JNCIA, JNCIS - ENT and Sec.
-
ccnxjr Member Posts: 304 ■■■□□□□□□□Set aside half a day, snacks, a 2 liter bottle of cola, queue up some good tunes.
Junosphere is worth it, somethings you won't be able to emulate, such as the switching platform.
Something about emulating the environment helps you understand the platform better.
I can't vouch for if it will be enough cert wise, I'm still tinkering with my home lab :P
Messing with IPTables rules, rsyslog , that kinda thing
(yep went from GNS3 under Windows XP to straight up CentOS+kvm )
[root@localhost ~]# virsh list --all
Id Name State
1 centos-02 running
2 centos-01 running
3 centos-06 running
4 Olive-04 running
5 Olive-05 running
6 Olive-06 running
7 Olive-07 running
[root@localhost ~]# vmstat
procs
memory
---swap--
io---- --system--
cpu
r b swpd free buff cache si so bi bo in cs us sy id wa st
2 0 8 1365676 38036 48312 0 0 1 0 7 8 4 9 87 0 0
[root@localhost ~]# free
total used free shared buffers cached
Mem: 3913212 2548156 1365056 0 38044 48312
-/+ buffers/cache: 2461800 1451412
Swap: 6143992 8 6143984
[root@localhost ~]# lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 4
On-line CPU(s) list: 0-3
Thread(s) per core: 1
Core(s) per socket: 4
CPU socket(s): 1
NUMA node(s): 1
Vendor ID: GenuineIntel
CPU family: 6
Model: 15
Stepping: 11
CPU MHz: 2666.716
BogoMIPS: 5333.43
Virtualization: VT-x
L1d cache: 32K
L1i cache: 32K
L2 cache: 4096K
NUMA node0 CPU(s): 0-3
[root@localhost ~]#
-
rohn Registered Users Posts: 2 ■□□□□□□□□□I have tried each and every step mentioned by ccnxjr but whenever I start the router in gns3 , I get stuck to "BTX loader 1.00 BTX version is 1.02" . Please note I am not using it in VMware Any guidelines would be highly appreciated
-
ccnxjr Member Posts: 304 ■■■□□□□□□□I may have neglected to mention that JunOS is generally installed on systems without a GUI.
As such, you need to connect to this device via a console app!
Once you've seen that "BTX loader 1.00 BTX version is 1.02" message, right click on the router Juniper router that you've started and click on "Console"
You should then see the boot messages scroll by (see attached)
One possible hiccup (may or may not be mentioned in one of the links supplied) could be your windows firewall.
-
rockestar007 Registered Users Posts: 2 ■□□□□□□□□□Not able to ping from SRX to Router and viceversa
SRX config : -
## Last commit: 2015-01-10 13:30:37 UTC by cisco
version 12.1X47-D10.4;
system {
host-name SRXJUNOS;
root-authentication {
encrypted-password "$1$eBXFxSc4$dGOThXeoVIrLIV1X9djBr/"; ## SECRET-DATA
}
login {
user cisco {
uid 2000;
class super-user;
authentication {
encrypted-password "$1$dysVgYL6$DUuf0ZWYOzOcGB2EGAx2y1"; ## SECRET-DATA
}
}
}
services {
ssh;
web-management {
http {
interface ge-0/0/0.0;
}
}
}
syslog {
user * {
any emergency;
}
file messages {
any any;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 192.168.1.2/30;
}
}
}
ge-0/0/1 {
unit 0 {
family inet {
address 10.0.0.2/30;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 192.168.1.1;
route 10.0.0.0/24 next-hop 10.0.0.1;
}
}
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
queue-size 2000; ## Warning: 'queue-size' is deprecated
timeout 20;
}
land;
}
}
}
policies {
from-zone trust to-zone trust {
policy default-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone trust to-zone untrust {
policy default-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone untrust to-zone trust {
policy default-deny {
match {
source-address any;
destination-address any;
application any;
}
then {
deny;
}
}
}
}
zones {
security-zone trust {
tcp-rst;
host-inbound-traffic {
system-services {
all;
}
}
interfaces {
ge-0/0/0.0;
ge-0/0/1.0;
}
}
security-zone untrust {
screen untrust-screen;
}
}
}
cisco@SRXJUNOS>
ROUTER Config : -
Building configuration...
Current configuration : 1369 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
ip ssh version 1
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.252
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
!
interface Serial1/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.1.2
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end
R1#$
Router connected to SRX ge-0/0/0 interface. Inetween them is layer 2 switch