Virtualizing JunOS on VMware

Tuesday, May 10, 2011 at 11:27AM
Carlos Perez

Many times when working with a client network or working on our own we have the need to test, document and validate certain networks configurations in a test environment. Sadly not many have the money to have one so as to test different scenarios so as to gage the impact that this changes might have on the production network. For a majority of configuration when it comes to system settings and routing a virtualized environment can be of great help, sadly anything ASIC or HW Specific configurations. On this blog post I will cover how to virtualize JunOS operating system to aide with testing and validating. I did this for a friend who needed to migrate the configuration of several of his Juniper Routers to a newer version of the OS and Hardware and also asked me for recommendations for hardening the routers. I do have to say I really like JunOS specially since it is a full FreeBSD subsystem underneath to wish a user has access to.

Requirements

 

Software required to install JunOS on VMware:

• Download FreeBSD 4.11 mini ISO from FreeBSD ftp site Link
• M Series Router jinstall Domestic Signed tgz file, Export version does not provide SSH.
• Jweb tgz file for the version of JunOS being install

NOTE: Do not ask for Juniper images I will ignore those messages. You need a valid contract to obtain them.

Settings for Workstation 7.x

• On VMware Workstation:
• Create a New Virtual Machine.
• Select on the image the FreeBSD ISO image.
• Ensure that FreeBSD is selected as the operating system type.
• Make sure HDD is 4GB or higher and of type IDE for version 9.x and 10.x for version 11.x use 6GB or higher.
• For memory set initially 512MB for 9.x and after installation of jweb it can be changed to 256MB, for 10.x and 11.x set initial value to 1024MB and after install 512MB.
• After creation of VM and before installation open VMX file and sure that the SCSI devises presence settings be set to FALSE: scsi0.present = "FALSE"
  

Settings for VMWare ESX 4.x

On VMWare ESX and ESXi :

• Create a New Virtual Machine with Operating System Other -> FreeBSD 32-bits
• Make sure HDD is 4GB or higher and of type IDE for version 9.x and 10.x for version 11.x use 6GB or higher.
• "Select the Edit Virtual Machine Settings Before Completion" Check Box.
• Change the SCSI Controller to LSI Logic SAS
• For memory set initially 512MB for 9.x and after installation of jweb it can be changed to 256MB, for 10.x and 11.x set initial value to 1024MB and after install 512MB.
• Set in the CD Rom the FreeBSD 4.11 ISO and make sure that it is Connected before saving.

FreeBSD Installation

• Skip the kernel configuration and choose the standard installation.
• When prompted to use fdisk select OK.
• When you get to partitioning, allocate first the whole disk to BSD.
• Press c then OK for the other prompts and finish by selecting q.
• Select BootMrg as the boot manager.
• Create the disk slices as shown in the table below:

Slice	Name	Size
ad0s1a	/	2000M
ad0s1b	Swap	1024M
ad0s1e	/config	64M
ad0s1f	/var	Remaining Space

• / has to be a reasonable size or else you'll run out of space on /mnt.
• Choose 'Minimal' installation type and skip installing ports.
• After the base is installed it will ask you if you want to configure Ethernet settings, select yes and use DHCP to configure your NIC (em0), Write down the IP given by DHCP and set a Hostname for the server. This allow us to scp the jinstall file after reboot.
• Except for the DHCP on interface em0, choose "no" for everything else (IPv6. Linux compatibility, NFS, FTP, Inetd, TimeZone etc..)
• When asked to create a user create one called junos, set a password for it and add it to the group wheel. Ensure to put a password for the root account.
• After the installer completes it will reboot. Make sure that you have disconnected the CD so as to make sure the VM will not boot in to the CD again.
• scp to /var/tmp on the VM the jinstall file only, do not copy the jweb file yet since during installation the file system will be formatted and changed.

 $ scp jinstall-<version>-domestic-signed.tgz junos@<ip>:/var/tmp

• Once the file is there yo will SSH in to the server and use the su command to gain root privileges:

  $ su -

JunOS 9.6R1

Unpack the different parts of the installer and remove hash files used to validate the installer:

# cd /var/tmp/
# mkdir jinst
# cd jinst
# tar xvzf ../jinstall-9.6R1.13-domestic-signed.tgz
# rm *.md5 *.sha1 *.sig
# mkdir domestic
# cd domestic/
# tar xvzf ../jinstall-9.6R1.13-domestic.tgz
# mkdir pkgtools
# cd pkgtools
# ls
# tar xvzf ../pkgtools.tgz
 

Make sure that check for hardware always return true by replacing the checkpic command:

# cp /usr/bin/true bin/checkpic

Repackage the installer:

# tar cvzf ../pkgtools.tgz *
# cd ..
# rm -rf pkgtools
# tar cvzf ../jinstall-9.6R1.13-domestic.tgz *
# cd ..
# rm -rf domestic/
# cd jinst
# tar cvzf ../jinstall-9.6R1.13-domestic-signed.tgz *
# cd ..
# rm -rf jinst/

Install the package using pkg_add:

# pkg_add jinstall-9.6R1.13-domestic-signed.tgz
Adding jinstall...
sysctl: unknown oid 'hw.product.model'
sysctl: unknown oid 'hw.re.model'
sysctl: unknown oid 'hw.re.model'
sysctl: unknown oid 'hw.re.model'
WARNING:     This package will load JUNOS 9.6R1.13 software.
WARNING:     It will save JUNOS configuration files, and SSH keys
WARNING:     (if configured), but erase all other files and information
WARNING:     stored on this machine.  It will attempt to preserve dumps
WARNING:     and log files, but this can not be guaranteed.  This is the
WARNING:     pre-installation stage and all the software is loaded when
WARNING:     you reboot the system.
Saving the config files ...
Installing the bootstrap installer ...
WARNING:     A REBOOT IS REQUIRED TO LOAD THIS SOFTWARE CORRECTLY. Use the
WARNING:     'request system reboot' command when software installation is
WARNING:     complete. To abort the installation, do not reboot your system,
WARNING:     instead use the 'request system software delete jinstall'
WARNING:     command as soon as this operation completes.

DO NOT REBOOT, Ensure you can interact with JunOS on the VM Console:

# chmod +w /boot/loader.conf
# vi /boot/loader.conf

Add this line to the file:

console="vidconsole"

Reboot the device by entering the reboot command, the installation process will take several minutes and the router will reboot twice.

 

JunOS 10.4R1 and JunOS 11.1R1

This process is the same for 10.x and 11.x. Unpack the different parts of the installer and remove hash files used to validate the installer:

# cd /var/tmp/
# mkdir jinst
# cd jinst
# tar xvzf ../jinstall-9.6R1.13-domestic-signed.tgz
# rm *.md5 *.sha1 *.sig

Open in vi the +INSTALL file

# vi ./+INSTALL

Modify the variable re_name in the check_arch_compatibility() function as shown bellow, inside vi you can do a :/check_arch<enter> to go directly to it.

check_arch_compatibility()
{
    #re_name=`/sbin/sysctl -n hw.re.name 2>/dev/null`
    re_name='olive'
    if [ -z "$re_name" ]; then
        Error "hw.re.name sysctl not supported."
    fi

Continue unpacking the next level of the package:

# mkdir domestic
# cd domestic/
# tar xvzf ../jinstall-10.4R1.9-domestic.tgz

Open with vi +INSTALL and +REQUIRE and modify the variable re_name in the check_arch_compatibility() as done before. Unpack the pkgtools.tgz file and make the checkpic file always return true:

# mkdir pkgtools
# cd pkgtools
# tar xvzf ../pkgtools.tgz 
# cp /usr/bin/true bin/checkpic 

Repackage the installer:

# tar cvzf ../pkgtools.tgz *
# cd ..
# rm -rf pkgtools
# tar cvzf ../jinstall-10.4R1.9-domestic.tgz *
# cd ..
# rm -rf domestic
# tar cvzf ../jinstall-10.4R1.9-domestic-signed.tgz *
# cd ..
# rm -rf jinst

Install the package:

 # pkg_add jinstall-10.4R1.9-domestic-signed.tgz 
 Adding jinstall...
 sysctl: unknown oid 'hw.product.model'
 sysctl: unknown oid 'hw.re.model'
 sysctl: unknown oid 'hw.re.model'
 sysctl: unknown oid 'hw.re.model'
 WARNING:     This package will load JUNOS 10.4R1.9 software.
 WARNING:     It will save JUNOS configuration files, and SSH keys
 WARNING:     (if configured), but erase all other files and information
 WARNING:     stored on this machine.  It will attempt to preserve dumps
 WARNING:     and log files, but this can not be guaranteed.  This is the
 WARNING:     pre-installation stage and all the software is loaded when
 WARNING:     you reboot the system.
 Saving the config files ...
 Installing the bootstrap installer ...
 WARNING:     A REBOOT IS REQUIRED TO LOAD THIS SOFTWARE CORRECTLY. Use the
 WARNING:     'request system reboot' command when software installation is
 WARNING:     complete. To abort the installation, do not reboot your system,
 WARNING:     instead use the 'request system software delete jinstall'
 WARNING:     command as soon as this operation completes.

Ensure you can interact with JunOS on the VM Console, there is no need for this step with version 10.4 but recommended in case there is a change in any other 10.x package:

# chmod +w /boot/loader.conf
# vi /boot/loader.conf

Add this line to the file:

console="vidconsole"

Reboot the device by entering the reboot command, the installation process will take several minutes and the router will reboot twice.

Initial Configuration

On the console at login enter root and enter on the password prompt. Enter cli to enter in to command line interface of JunOS and enter:

% cli
> configure

Set the hostname for the router:

# set system host-name <router name>

Set the root password:

# set system root-authentication plain-text-password <enter>

Create a secondary admin user to use for SSH:

# set system login user <username> class super-user
# set system login user <username> authentication plain-text-password <enter>

Set an IP Address on the interface em0 so as to connect to the router:

# set interfaces em0 unit 0 family inet address <ip/mask>

Enable and set the SSH Version of the protocol to use to version 2:

# set system services ssh protocol-version v2

Enable Telnet:

# set system services telnet

Enable FTPD:

# set system services ftp

Set the default gateway:

# set routing-options static route 0.0.0.0/0 next-hop <Default Gateway IP>

Set the DNS Server to use:

# set system name-server <name server IP>

Save the configuration:

# commit

To get full list of software installed and version without paging:

> show version | no-more

To get full configuration:

> show configuration | no-more 

To get full configuration in XML format:

> show configuration | no-more | display xml

Install the Web Interface

Copy to the router the jweb file using scp and the secondary admin account created above:

> show configuration | no-more | display xml

SSH in to the router and run:

> request system software add /var/tmp/jweb-<version>-signed.tgz

After installer finishes execute a reboot of the router

> request system reboot 
Reboot the system ? [yes,no] (no) yes

It will take a while for the router to reboot since it is setting up the files for the web interface. Once the router is back up connect to it, enter configuration mode and enable the the web management system on the interface you configured:

# set system services web-management http interface em0.0
# commit

Article originally appeared on Security and Networking (http://darkoperator.squarespace.com/).