Interested in Setting Up a Juniper Lab

spiderjericho · September 2012

I recently got the JNCIA CBT Nuggets. The instructor recommends a J2330, J2350 and EX2200. But each is in the $800+ range, which would mean a lab that costs $2,400 - $3,000.

Would buying the SRX100H (or

be a better alternative, especially if I plan on moving up the enterprise track? Security would be something maybe later on. But my career goals is to one day have a CCIE R&S and have familiarity with JUNOS from a routing/switching perspective, obtaining the JNCIA, JNCIS-ENT, JNCIP-ENT, JNCIE-ENT. Is there a lab topology to utilize like say Cisco (like for Associate and Professional with three routers and switches, four switches, 6-10 routers for expert).

I tried asking in the SRX thread and didn't get a response.

Sett · September 2012

Olive is the way to go. Check the threads in the forum how to build VM running Junos or even a whole appliance. You might throw some EXs' or SRXs' for the switching part, but it's not really a must for the JNCIA/JNCIS tracks.

spiderjericho · September 2012

I thought about that; however, I have a physical lab of:

3845 ISR
3825 ISR
2801 ISR
2621XM

4X 3560
3750

And will probably expand it by a few more Cisco routers. I know I could use GNS3 with switches, but I like to get physical hands on. But I'll defi Italy revisit the Olive via VM using Google Fu when I'm fully awoken.

Aldur · September 2012

I'd recommend going for the srx100b, you can do most things routing and security wise there. Then some ex2200s would be helpful to get your hands dirty in the switching side of things.

Keep in mind that there's always junosphere, but I understand that it's nice to have real gear locally.

spiderjericho · September 2012

What's the cost for JUNOSPHERE? Is it readily available? The
last I heard it had to be obtained through an approved Juniper training or education provider.

Aldur · September 2012

Junosphere is readily available and time in Junosphere can be purchased with a credit card. So any normal person who has a credit card can get Junosphere time.

Check out the below link for pricing and purchasing with a credit card.

https://learningportal.juniper.net/juniper/user_activity_info.aspx?id=5898

NetworkVeteran · September 2012

Aldur wrote: »

Junosphere is readily available and time in Junosphere can be purchased with a credit card. So any normal person who has a credit card can get Junosphere time.

For anyone who has used Junosphere, roughly how many machine hours did you end up using for various certifications? For an entry-level certification I could see $50 (240 machine hours / 3 devices = 80 machine hours per device) being plenty if JNCIA is anything like CCNA. I'm more curious about the expenditures for the intermediate level certifications.

(The CCNP/CCIP requirements sometimes suggest 10+ devices.)

Aldur · September 2012

Yes, I could see a topology getting larger than 10 devices. You could always slice up some of the VMs into virtual routers to get a larger topology. That or order more VMs.

spiderjericho · September 2012

Yeah, I like Network Veteran's question. And initially, this sounds cheaper for JNCIA. Aldur, have you or anyone you know used this for a certification? IF the cost to go to the professional level is cheaper than buying one EX switch or SRX then that's great.

Aldur · September 2012

I know there are quite a few people who use it for certification studies, however, I don't know them personally. But just looking at the numbers of what I've spent over the years to acquire my certs, it's very eye opening.

To obtain my two JNCIEs, and hopefully a third one (my JNCIE-SEC attempt is currently being graded) I've spent probably between 10k and 12k on gear. And this has strictly been on the J series routers and then the SRX series devices that I bought out of pocket. I didn't have to buy any expensive EX series switches. Also, I've bought a rack, cables, and not to mention the increased power bill. If I was able to take that money and put it into something like Junosphere, I would have been miles ahead.

For instance, let's take the low number that I figured, 10k. At 50 bucks a day that would buy you about 200 days of Junosphere at 10 VMs a day. And, if it were me, I'd want to take full advantage of those days, since they come in 24 hr reservations, and put in at least 10 hrs when ever I had a reserved day (Actually I'd probably get in 12 to 14 hrs, but 10 hrs is probably more feasible for most people). So I'd be looking at doing this on a day that I didn't have to work, or something like that. Then, doing the math, (10 * 200), equals out to be 2,000 hrs of lab time, more if you are willing to put in longer study sessions. And I can guarantee that I haven't put in anything close to 2,000 hrs of lab time in for my studies.

So, the math makes sense in that I would have saved a lot of money if something like Junosphere was available for me.

It is important to keep in mind that some features are not currently available in Junosphere, but should be available soon. Most, if not all, routing features are available, some security features, and the switch features are coming soon. Most of it all of the features should be there by next year, if not sooner. My group is pushing this big time, since training and developing training material would be tons cheaper, and much more flexible in a virtualized world.

mapletune · September 2012

Great thread, very interesting! =D

teren · September 2012

+1 for Junosphere, I used it quite a bit on the ENT for routing and currently using it for SP. I have a number of SRX100/210's that I used to use quite a bit but just found Junosphere much easier to whip up different scenarios. With that said, physical hardware is always nice to have but maybe a nice compromise between the two might be ideal, as long as that's economically feasible.

spiderjericho · September 2012

Teren, you used it for ENT expert? Isn't there switching in that track? Is there some kind of recommendation or guidance to the number of devices necessary for each exam? Like JNCIA, ENT associate, ENT professional, etc?

varyes · September 2012

Teren - do you have any Junosphere topologies for JNCIE-SP practice to share? I builded few topologies to load into Junosphere, but it takes time. Hoping if someone had from Reynolds books or other practice lab. Thanks!

teren · September 2012

Sorry for the slow reply here, been busy working on SP - Yes there's a decent amount of non-switching material in the ENT track if you look through the blueprint, so Junosphere is fantastic for those topics. If you utilize virtual-routers inside of Junosphere, you can obviously cut the number of devices down but just makes things a little bit harder to keep track off. I usually practiced with 6-9 vms. The other thing that's nice with Junosphere is getting more efficient & fast which is incredibly important of course.

teren · September 2012

varyes wrote: »

Teren - do you have any Junosphere topologies for JNCIE-SP practice to share? I builded few topologies to load into Junosphere, but it takes time. Hoping if someone had from Reynolds books or other practice lab. Thanks!

Have you tried the topology wizard in Junosphere? Should make it quite a bit easier than building the files by hand. Let me know if you don't have any luck with that.

varyes · September 2012

Thanks. Haven't tried topology wizard yet. Is this a new future? Thanks!

teren · September 2012

Came out a little while ago, I've just dabbled with it a little bit so can't speak too much to it but seems like a step in the right direction

Aldur · October 2012

I also played with the topology wizard a bit. In the past I've just always made my own topology files and that worked great. But I have to say that I'm really impressed with the topology wizard. I used it to create a topology and it literally took me less than a minute to create and everything was ready to go. Much quicker and easier than doing it yourself, even if you understand how to create all topology file manually.

f0rgiv3n · October 2012

I used just one SRX240 for my JNCIA-Junos and JNCIS-Sec and never ran into anything I couldn't do!

wes allen · January 2013

Started working with Junosphere today - it is pretty cool for sure. It took a couple days to get everything set up account wise, but spinning up a couple routers to start labbing was pretty easy. The SRX images "cost" 2 VM day credits, so keep that in mind for the Sec tracks. Going to try to do the JNCIA-Junos in the next week or two.

effekted · January 2013

I am looking into studying for the JNCIA over CCNA since we don't use any Cisco routers/switches in my environment. We use J series routers and SSG firewalls, and we have 2 J2320's that are currently laying around from a site that was shutdown. Can I use these to do majority labbing aside from the switching pieces or am I better off making an Olive?

Aldur · January 2013

Real routers are always better than olives. It's been a while since I dove into olives, but from what I remember, when I was able to get my hands on real routers for labbing and ditched the olives, it was a beautiful day. With J2320's, you can do most things routing and firewalling, and some things switching. Which should be considerable more than you can do with olives.

JDMurray · January 2013

Are there instruction for getting a physical or VM olive to run with JunOS 11 or 12? All I can find is instructions for (the very old) JunOS 8 on a IP330. If I could discover what release of FreeBSD JunOS 11 or 12 is running on I'd try putting together a JunOS 11 VM olive myself.

ccnxjr · February 2013

This is certainly not for the faint of heart

I'd like to create a document with more detail, screen shots etc, however that will take some time, maybe in the future.

First, create a Qemu image like so :

qemu-img create -f qcow2 olive-12a.img 8G

Download FreeBSD 7.4 install ISO and store it in the same directory as your image.
For this example I'm using :
FreeBSD-7.4-RELEASE-i386-dvd1.iso

Now boot and install FreeBSD 7.4 using this command:

qemu -m 1024 -hda olive-12a.img -cdrom FreeBSD-7.4-RELEASE-i386-dvd1.iso -boot d -localtime

Once the install splash screen shows up install FreeBSD 7.4 and partition as described here (I will cover the JunOS install!):
Installing Olive 12.1R1.9 under Qemu « Brezular's Technical Blog

Or a Standard install
At the boot partition screen, allocate the entire disc.
Use the Standard boot loader.
At the boot label editor create the following
1024 M File System ----> mount point /
1024 M Swap
16 M File System ----> mount point /dummy
1024 M File System ----> mount point /config
everything else File System ----> mount point /var

Select User type distribution, and install as little as possible

K

Now that you have a FreeBSD 7.4 qemu image download your JunOS image, in this case
Download software for the MX960 platform:

Install Package
M-series, MX high end series & T-series Install Package
MD5 SHA1 12.1R1.9 tgz 447,625,224 28 Mar 2012

The file should be named
jinstall-12.1R1.9-domestic-signed.tgz

I've then stuck this image into an ISO called junos_12-1.iso, which is how I'll pass this along to the qemu image like so :

qemu -m 1024 -net nic,model=e1000 -hda olive-12a.img -cdrom junos_12-1.iso -net user

K, now log in to your FreeBSD 7.4 machine and let's get to work

#First, mount the CDROM with your JunOS image

mount /cdrom

#let's navigate to /var/tmp

cd /var/tmp

#now let's create a directory to work in

mkdir junos

#get there

cd junos

#extract our install media into our working directory
#I've packed the install media into an ISO and passed this along to qemu
#or you can unpack it from wherever/however you've decieded to store the junos image

tar zxvf /cdrom/jinstall-12.1R1.9-domestic-signed.tgz

#The contents are :
+CONTENTS
+COMMENT
+DESC
+INSTALL
jinstall-12.1R1.9-domestic.tgz
jinstall-12.1R1.9-domestic.tgz.md5
jinstall-12.1R1.9-domestic.tgz.sha1
jinstall-12.1R1.9-domestic.tgz.sig
issu-indb.tgz
certs.pem

#However the only one we're interested in is :
#jinstall-12.1R1.9-domestic.tgz

#Let's create a working directory for this package

mkdir jinstall

#get there

cd jinstall

#Now let's extract the install package in here to start working on it

tar zxvf ../jinstall-12.1R1.9-domestic.tgz

#the contents should look like

+CONTENTS
+COMMENT
+DESC
+INSTALL
+DEINSTALL
+REQUIRE
bootstrap-install-12.1R1.9.tar
jbundle-12.1R1.9-domestic.tgz
pkgtools.tgz

#We'll be modifying these two files:
+REQUIRE
+INSTALL

#In both files comment out
re_name=`/sbin/sysctl -n hw.re.name 2>/dev/null`

#and under that line insert:
re_name="olive"

#once modified create a pkgtools directory:

mkdir pkgtools

#now enter the directory

cd pkgtools

#extract pkgtools.tgz like this

tar zxvf ../pkgtools.tgz

#the contents are :
pkg/manifest
pkg/manifest.certs
pkg/manifest.sha1
pkg/manifest.sig
bin/checkpic

#We'll need to replace bin/checkpic with /usr/bin/true
#you can do it like this :

#first enter /bin

cd /bin

#now replace "checkpic" with "true"

cp /usr/bin/true ./checkpic

#let's pack it all up again
#navigate to the next higher level directory from /bin

cd ..

#Your working directory should have the following contents
pkg
bin

#tar it back up

tar zcvf  ../pkgtools.tgz  *

#let's go back up the directory with the jinstall-12.1R1.9-domestic.tgz

cd ..

# our directory contents should look liks this:
+CONTENTS
+COMMENT
+DESC
+INSTALL
+DEINSTALL
+REQUIRE
bootstrap-install-12.1R1.9.tar
jbundle-12.1R1.9-domestic.tgz
pkgtools
pkgtools.tgz

#Remove the working directory we created for pkgtools
#I'd advise against tabbing this sequence out in case you accidentally delete the .tgz archive instead of the directory

rm -rf pkgtools

#tar this stuff up into our Olive installation package

tar zcvf ../junos-olive-12_1.tgz *

#now lest navigate to the directory that we place our olive install package in

cd ..

#Optionally remove the jinstall working directory
#I'd advise against tabbing this sequence out in case you accidentally delete the .tgz archive instead of the directory

rm -rf jinstall

#Install our Olive

pkg_add -f junos-olive-12_1.tgz

*see below

This should install our Olive, sit back, chillax and wait for further instructions such as :

WARNING:     A REBOOT IS REQUIRED TO LOAD THIS SOFTWARE CORRECTLY. Use the
WARNING:     'request system reboot' command when software installation is
WARNING:     complete. To abort the installation, do not reboot your system,
WARNING:     instead use the 'request system software delete jinstall'
WARNING:     command as soon as this operation completes.

Reboot and watch a CBT Nuggets vid or something , it will take some time for the rest to complete, JunOS is gonna do its thing and reboot a couple times.
You'll know when it's done when you see the following line and command prompt:

--- JUNOS 12.1R1.9 built 2012-03-24 12:52:33 UTC




[email protected]%

Type "cli" to enter the "user mode" environment

[email protected]% cli

You'll be ready to start tinkering once you see this prompt

root>

*this is below

If you were following along you may have noticed we did not re-pack the contents of jinstall-12.1R1.9-domestic-signed.tgz
Right now we're in /var/tmp/junos directory with a bunch of other stuff laying around.
There are many a blog and tales for why I opted for this route as opposed to others.
For the time being you may refer to discussions here :
Installing Olive 10.4R1 under VMware | packetmischief.ca

Aldur · February 2013

Wow, ccnxjr, you are the man, that's some seriously good info on creating an olive. This post just officially deserved a sticky!

ajmatson · April 2013

ccnxjr, thank you for your time on that. This really helped me out getting not only multiple olives up in GNS3, saving me money on having to buy hardware but also I was able to get them running JWeb

Kudos to you sir.

Interested in Setting Up a Juniper Lab

Comments