Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

It is currently Tue Dec 07, 2021 5:46 am

Message body:
Enter your message here, it may contain no more than 60000 characters. 

:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek:
Font size:
Font colour
BBCode is ON
[img] is ON
[flash] is OFF
[url] is ON
Smilies are ON
Disable BBCode
Disable smilies
Do not automatically parse URLs
Confirmation code
Confirmation code:
In an effort to prevent automatic submissions, we require that you enter both of the words displayed into the text field underneath.

Topic review - Juniper - Junos 11.4R8 based Olive
Author Message
Post subject: Re: Juniper - Junos 11.4R8 based Olive  |  Post Posted: Tue Jun 18, 2013 5:36 am
Features working:
BGP FlowSpec routes distribution:
P1@CORE_Q1> show route table inetflow.0

inetflow.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both,*,proto=1/term:1           
                   *[BGP/170] 1d 10:03:30, localpref 100, from
                      AS path: 65411 I
                   *[BGP/170] 1d 09:53:37, localpref 100, from
                      AS path: 65411 I

Features NOT working:
BGP FlowSpec actions - no action is taken on firewall filters (ACLs) created by flowspec rules:
P1@CORE_Q1> show firewall

Filter: __flowspec_default_inet__                             
Name                                                Bytes              Packets
*,                                              0                    0,*,proto=1                                      0                    0

Firewall filters - you can configure them, but they block all traffic. This is because Juniper products (MX/SRX) apply filters as close as possible to the interface (on the interface cards - IOC depending on platforms) so Olive doesn't have these.
Post subject: Juniper - Junos 11.4R8 based Olive  |  Post Posted: Mon Jun 17, 2013 7:48 am
This is a step by step guide to create a Junos 11.4R8.4 based Olive box for testing purposes.

1st Step: Install FreeBSD 7.0 32bit
Create a VM (Custom, Other, FreeBSD 32bit). Select the hardware resources, I used 1 GB of RAM, LSI SAS adapter, 6GB IDE drive and it worked for me.

Junos 11.4 is based on FreeBSD7, so add FreeBSD7 i386 iso as CD (connect at power on) and boot the machine.

When installing FreeBSD7, create a single slice from the whole disk (Pressing "A"), select the slice and make it bootable (very important) by pressing "S".

Press ESC, select "Standard Boot" and next create the labesl.

This is a very important step because FreeBSD 7.0 creates labels a b d e (e for /var) and Junos requires label "f" for /var, so manually create the labels in following order and size (worked for me):
ad0s1a / 1024M
ad0s1b SWAP 512M
ad0s1d /test 2M
ad0s1e /config 20M
ad0s1f /var <REST OF SLICE>  --> very important to have labelformat

Press "Q", confirm what needs to be confirmed and then select "Minimal" installation and CD/DVD as source.

Now, FreeBSD 7.0 should be installed. What needs to be done is to:
- set the IP address and default route (to copy the junos image)
- set root password
- enable ssh root login
- enable sshd and start it
(how to do the above is not in this article)

Copy the jinstall-11.4R8.4-domestic-signed.tgz file to /var/tmp (using winscp for example) and then there are 3 decompressions and 3 compressions.

Step 2: Prepare Olive 11.4R8.4 olive.

Decompress the signed Junos image
# pwd
# ls
jinstall-11.4R8.4-domestic-signed.tgz   vi.recover
# mkdir jinst
# cd jinst
# tar zxvf ../jinstall-11.4R8.4-domestic-signed.tgz
x jinstall-11.4R8.4-domestic.tgz
x jinstall-11.4R8.4-domestic.tgz.md5
x jinstall-11.4R8.4-domestic.tgz.sha1
x jinstall-11.4R8.4-domestic.tgz.sig
x issu-indb.tgz
x certs.pem

Remove checksum files
# rm -rf jinstall-11.4R8.4-domestic.tgz.*

Edit the "+INSTALL" (outer one) file as below:

# ls `pwd`/ji*
# vi ./+INSTALL
2130     re_name='Olive'
-3175     pkg_add $PKG_FORCE $inner || fail=1
+3175     pkg_add $PKG_FORCE /var/tmp/jinst/jinstall-11.4R8.4-domestic.tgz || fail=1

Going further, we decompress the /var/tmp/jinst/jinstall-11.4R8.4-domestic.tgz file and edit inner "+INSTALL" and "+REQUIRE" files.
# mkdir domestic
# cd domestic/
# tar zxvf ../jinstall-11.4R8.4-domestic.tgz
x bootstrap-install-11.4R8.4.tar
x jbundle-11.4R8.4-domestic.tgz
x pkgtools.tgz

The Junos script runs "disklabel" command on /dev/ad0s1a. But on FreeBSD7.0 this gives an error, leaving the "rootdev_size" variable being empty and the check for root device space will fail and also these scripts check the RE sysctl which doesn't exist.
# vi ./+INSTALL
   2130     re_name='Olive'                                                                            <-- REPLACE re_name
   3330     rootdev_size=`disklabel ${rootdev%a} | sed -n '/sectors.unit:/s,.*:,,p'`
   3331     rootdev_size="9999999"                                                                <-- ADD THIS LINE
   3332     if [ ${rootdev_size:-0} -lt $rootdev_minsz ]; then
   3333         warn
   3334         warn "This installation will not succeed."
   3335         warn "The boot device is less than ${rootdev_min}M."
   3336         warn "A hardware upgrade is required."
   3337         warn
   3338         exit 1

# vi ./+REQUIRE
   2130     re_name='Olive'                                                                           <-- REPLACE re_name
   3329     rootdev_minsz=`expr \( $rootdev_min \* 90 / 100 \) \* 2048`
   3330     rootdev_size=`disklabel ${rootdev%a} | sed -n '/sectors.unit:/s,.*:,,p'`
   3331     rootdev_size="9999999"                                                               <-- ADD THIS LINE
   3332     if [ ${rootdev_size:-0} -lt $rootdev_minsz ]; then
   3333         warn
   3334         warn "This installation will not succeed."
   3335         warn "The boot device is less than ${rootdev_min}M."
   3336         warn "A hardware upgrade is required."
   3337         warn
   3338         exit 1

Now that we have 2nd compression done, there is one more tweak: replace "checkpic" Junos binary with "true" FreeBSD binary.
# mkdir pkgtools
# cd pkgtools
# tar zxvf ../pkgtools.tgz
x pkg/manifest
x pkg/manifest.certs
x pkg/manifest.sha1
x pkg/manifest.sig
x bin/checkpic
# cp /usr/bin/true bin/checkpic

Step 3: Cleaning up and re-creating the packages:
# tar cvzf ../pkgtools.tgz *
a bin
a bin/checkpic
a pkg
a pkg/manifest
a pkg/manifest.certs
a pkg/manifest.sha1
a pkg/manifest.sig
# cd ..
# rm -rf pkgtools
# tar cvzf ../jinstall-11.4R8.4-domestic.tgz *
a bootstrap-install-11.4R8.4.tar
a jbundle-11.4R8.4-domestic.tgz
a pkgtools.tgz
# cd ..
# rm -rf domestic/
# tar cvzf ../jinstall-11.4R8.4-domestic-signed.tgz *
a certs.pem
a issu-indb.tgz
a jinstall-11.4R8.4-domestic.tgz

Step 4: Installing Junos Olive 11.4R8
# cd ..
# pkg_add -v jinstall-11.4R8.4-domestic-signed.tgz
Requested space: 1685415672 bytes, free space: 3441154048 bytes in /var/tmp/instmp.wOH0Ks
Running pre-install for jinstall-11.4R8.4-domestic-signed..
extract: Package name is jinstall-11.4R8.4-domestic-signed
extract: CWD to .
Running post-install for jinstall-11.4R8.4-domestic-signed..
Adding jinstall...
sysctl: unknown oid 'hw.product.model'
sysctl: unknown oid ''
sysctl: unknown oid ''
sysctl: unknown oid ''

WARNING:     This package will load JUNOS 11.4R8.4 software.
WARNING:     It will save JUNOS configuration files, and SSH keys
WARNING:     (if configured), but erase all other files and information
WARNING:     stored on this machine.  It will attempt to preserve dumps
WARNING:     and log files, but this can not be guaranteed.  This is the
WARNING:     pre-installation stage and all the software is loaded when
WARNING:     you reboot the system.

Saving the config files ...
Installing the bootstrap installer ...

WARNING:     'request system reboot' command when software installation is
WARNING:     complete. To abort the installation, do not reboot your system,
WARNING:     instead use the 'request system software delete jinstall'
WARNING:     command as soon as this operation completes.

Attempting to record package into /var/db/pkg/jinstall-11.4R8.4-domestic-signed..
Package jinstall-11.4R8.4-domestic-signed registered in /var/db/pkg/jinstall-11.4R8.4-domestic-signed

Now there is the final step. Making sure we can login into new Junos Olive box on the video console, otherwise, it's useless in most cases:
# chmod +w /boot/loader.conf
# vi /boot/loader.conf
console="vidconsole"                     <-- ADD THIS LINE AT THE END

Now reboot the box. Some installation messages will appear on the console and a new reboot will take place. After the 2nd reboot, Junos is installed.
The prompt on your console until Junos boots up is:
Loading /boot/loader
BTX loader 1.00 BTX version is 1.02

and when it booted, the login prompt appears.

And that's it:
root@'s password:
--- JUNOS 11.4R8.4 built 2013-05-23 05:31:29 UTC
root@% cli
root> show version
Model: olive
JUNOS Base OS boot [11.4R8.4]
JUNOS Base OS Software Suite [11.4R8.4]
JUNOS Kernel Software Suite [11.4R8.4]
JUNOS Crypto Software Suite [11.4R8.4]
JUNOS Packet Forwarding Engine Support (M/T Common) [11.4R8.4]
JUNOS Packet Forwarding Engine Support (M20/M40) [11.4R8.4]
JUNOS Online Documentation [11.4R8.4]
JUNOS Voice Services Container package [11.4R8.4]
JUNOS Border Gateway Function package [11.4R8.4]
JUNOS Services AACL Container package [11.4R8.4]
JUNOS Services LL-PDF Container package [11.4R8.4]
JUNOS Services PTSP Container package [11.4R8.4]
JUNOS Services Stateful Firewall [11.4R8.4]
JUNOS Services NAT [11.4R8.4]
JUNOS Services Application Level Gateways [11.4R8.4]
JUNOS Services Captive Portal and Content Delivery Container package [11.4R8.4]
JUNOS Services RPM [11.4R8.4]
JUNOS Services HTTP Content Management package [11.4R8.4]
JUNOS AppId Services [11.4R8.4]
JUNOS IDP Services [11.4R8.4]
JUNOS Services Crypto [11.4R8.4]
JUNOS Services SSL [11.4R8.4]
JUNOS Services IPSec [11.4R8.4]
JUNOS Runtime Software Suite [11.4R8.4]
JUNOS Routing Software Suite [11.4R8.4]
Jump to:  
cronNews News Site map Site map SitemapIndex SitemapIndex RSS Feed RSS Feed Channel list Channel list

Delete all board cookies | The team | All times are UTC - 5 hours [ DST ]