Olive Introduction for TOI

15,080 views

Published on

Master your JUNOS skill without buying a Juniper router ~

Published in: Technology, Spiritual
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
15,080
On SlideShare
0
From Embeds
0
Number of Embeds
12,880
Actions
Shares
0
Downloads
0
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

Olive Introduction for TOI

  1. 1. JUNOS Simulator Olive introductionJohnson LiuStaff Engineer
  2. 2. What is Olive ? Olive is also the codename name given to JUNOS software running on an PC rather than a Juniper router. If you took a Routing Engine out of a Juniper router and booted it in a blade server chassis, it would effectively be an Olive. Juniper originally developed Olive functionality as a software development platform, before its hardware product was fully implemented. At one point it was used by Juniper internally for lab work, but has largely been phased out of this role with the availability of low-end hardware based platforms such as the M5.
  3. 3. What is Logical Router? Logical router (LR) is a feature that segment a physical router to be configured and operate as multiple independent routers within a platform You can partition a single physical router into multiple logical devices that perform independent routing tasks. Because logical routers perform a subset of the tasks once handled by the physical router, logical routers offer an effective way to maximize the use of a single router.
  4. 4. Olive Hardware Config in VMWARE em1 em2 em0 vmnet8 172.16.20.2/24 Olive VM vmnet1 (Management) em3 em4
  5. 5. How to USE ? – Console in VMWARELogin: labPassword: lab123
  6. 6. How to USE ? – Telnet / SSH 172.16.20.2Login: labPassword: lab123
  7. 7. Check interface in oliveAt first, let’s see what interface we have, in baseline.conf I had pre-configured fourinterface for use(except the em0 for management purpose):[edit]lab# run show interfaces terseInterface Admin Link Proto Local Remoteem0 up upem0.0 up up inet 172.16.20.2/24em1 up upem2 up upem3 up upem4 up up
  8. 8. Setup 1st Logical routerNow, I decide to setup a logical router(called WR) which will use the interfaceem1.10 and loopback0.1 :[edit]lab# set logical-systems WR interfaces em1 unit 10 vlan-id 10lab# set logical-systems WR interfaces em1 unit 10 family inet address 10.10.10.1/24lab# set logical-systems WR interfaces lo0.1 family inet address 1.1.1.1/32Lab# commitlab# show logical-systems WRinterfaces { em1 { unit 10 { vlan-id 10; family inet { address 10.10.10.1/24; } } } lo0 { unit 1 { family inet { address 1.1.1.1/32; } } }}
  9. 9. Setup 2nd Logical routerThen, I setup a logical router(called VPN) which will use the interface em2.10 andloopback0.2 :[edit]lab# set logical-systems VPN interfaces em2 unit 10 vlan-id 10lab# set logical-systems VPN interfaces em2 unit 10 family inet address 10.10.10.2/24lab# set logical-systems VPN interfaces lo0.2 family inet address 2.2.2.2/32Lab# commitlab# show logical-systems VPNinterfaces { em2 { unit 10 { vlan-id 10; family inet { address 10.10.10.2/24; } } } lo0 { unit 2 { family inet { address 2.2.2.2/32; } } }}
  10. 10. TEST Logical routers’ connectionNOW, test the logical router WAN interface reachability:[edit]lab# run ping logical-system WR 10.10.10.2PING 10.10.10.2 (10.10.10.2): 56 data bytes64 bytes from 10.10.10.2: icmp_seq=0 ttl=64 time=1.026 ms64 bytes from 10.10.10.2: icmp_seq=1 ttl=64 time=0.355 ms64 bytes from 10.10.10.2: icmp_seq=2 ttl=64 time=0.313 ms64 bytes from 10.10.10.2: icmp_seq=3 ttl=64 time=0.298 ms^C--- 10.10.10.2 ping statistics ---4 packets transmitted, 4 packets received, 0% packet lossround-trip min/avg/max/stddev = 0.298/0.498/1.026/0.306 mslab# run show route logical-system WRinet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both1.1.1.1/32 *[Direct/0] 00:06:08 > via lo0.110.10.10.0/24 *[Direct/0] 00:06:08 > via em1.1010.10.10.1/32 *[Local/0] 00:06:08 Local via em1.10
  11. 11. Enable OSPFLet’s try to enable OSPF Area 0 between logical routers WR & VPN, you can havetwo ways to config:[edit]/* == Under logical-systems hierarchy can save your time to type the commandlab# edit logical-systems WR[edit logical-systems WR]lab# set protocols ospf area 0 interface em1.10lab# set protocols ospf area 0 interface lo0.1 passive/* == You can type single command to complete if you want[edit]lab# set logical-systems VPN protocols ospf area 0 interface em2.10lab# set logical-systems VPN protocols ospf area 0 interface lo0.2lab# commit[edit]lab# run show ospf neighbor logical-system WRAddress Interface State ID Pri Dead10.10.10.2 em1.10 Full 2.2.2.2 128 34[edit]lab# run show ospf neighbor logical-system VPNAddress Interface State ID Pri Dead10.10.10.1 em2.10 Full 1.1.1.1 128 38
  12. 12. Enable BGPLet’s try to enable BGP in logical router WR:[edit]lab# edit logical-systems WRlab# set routing-options autonomous-system 65001lab# set protocols bgp group IBGP type internallab# set protocols bgp group IBGP neighbor 2.2.2.2 peer-as 65001lab# set protocols bgp group IBGP neighbor 2.2.2.2 local-address 1.1.1.1[edit logical-systems WR]lab# top edit logical-systems VPNlab# set routing-options autonomous-system 65001lab# set protocols bgp group IBGP type internallab# set protocols bgp group IBGP neighbor 1.1.1.1 peer-as 65001lab# set protocols bgp group IBGP neighbor 1.1.1.1 local-address 2.2.2.2lab# commit[edit]lab# run show bgp summary logical-system WRGroups: 1 Peers: 1 Down peers: 0Table Tot Paths Act Paths Suppressed History Damp State Pendinginet.0 0 0 0 0 0 0Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...2.2.2.2 65001 5 5 0 0 1:13 0/0/0/0 0/0/0/0[edit]lab# run show bgp summary logical-system VPNGroups: 1 Peers: 1 Down peers: 0Table Tot Paths Act Paths Suppressed History Damp State Pendinginet.0 0 0 0 0 0 0Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...1.1.1.1 65001 4 5 0 0 1:11 0/0/0/0 0/0/0/0
  13. 13. Virtualization makes things like realYou can setup different accounts related to different logical routers:EX: When you login as ‘user1’ you can only config logical router ‘WR’ only; whenyou login as ‘user2’ you can only config logical router ‘VPN’.Step 1:Configure system login classlab# set system login class WR_CLASS logical-system WR permissions alllab# set system login class VPN_CLASS logical-system VPN permissions allStep 2:Configure system login userlab# set system login user user1 class WR_CLASS authentication plain-text-passwordNew password:Retype new password:lab# set system login user user2 class VPN_CLASS authentication plain-text-passwordNew password:Retype new password:
  14. 14. Virtualization make things like realLet’s try login as user1, then you will see the hostname means you are controllingthe logical router ‘WR’… the disadvantage is you cannot control other logicalrouters. However it will be useful when there are many people configuring multiplelogical routers at the same time.login: user1Password:--- JUNOS 11.2R2.4 built 2011-09-01 07:22:29 UTCuser1:WR> configureEntering configuration mode[edit]user1:WR# showinterfaces { em1 { … } lo0 { … }}protocols { bgp { … } ospf { … }}…
  15. 15. Logical Router Design for DEMO WR em1 V10 VPN em2 em0 V11 vmnet8 172.16.20.2/24 vmnet1 (Management) CS1 em3 V12 CS2 em4PS: You don’t need to use so many interface, in fact, you can just use two interface with vlan-tagging then assign each vlan to each router directly connection.EX: WR em1.1  VPN em2.1, WR em1.2  CS1 em2.2, CS1 em1.3  CS2 em2.3,VPN em1.4  CS1 em2.4, … etc.
  16. 16. Logical Router Design for EBB DEMO WR em1 VPN em2 em0 V21 vmnet8 172.16.20.2/24 vmnet1 (Management) CS1 em3 V20 V22 CS2 em4
  17. 17. Logical Router EBB Logical Topology iBGP AS65001 OSPF em1.10 Area0 em2.10 WR VPN 10.10.10/24 (1.1.1.1/32) (2.2.2.2/32) 1.0.0.0/8 2.0.0.0/8 em1.11 em1.12 em2.21 Em2.22 (Secondary) 22.22.22/24 11.11.11/24 (Primary) eBGP eBGP em3.11 em3.21 em4.12 em4.22 CS1 CS2 (3.3.3.3/32) 20.20.20/24 (4.4.4.4/32) 3.0.0.0/8 4.0.0.0/8 em3.20 em4.20 OSPF Area0 AS36421 iBGP
  18. 18. How to apply the pre-config (1/2) ?[edit]lab# run file list/* == olive basic config for interface and management IP access ==*/baseline.conf/* == pre-config for EBB topology ==*/LR_WR_VPN_CS1_CS2.confLR_WR_VPN_CS1_CS2_OSPF.confLR_WR_VPN_CS1_CS2_BGP.conf/* == pre-config for R1-R2 (Single AS iBGP) topology ==*/LR_R1R2.confLR_R1R2_OSPF.confLR_R1R2_iBGP.confLR_R1R2_iBGP_LocalAccount.conf/* == pre-config for R1-R2, R3-R4 (Multi-AS eBGP) topology ==*/LR_R1R2R3R4.confLR_R1R2R3R4_OSPF.confLR_R1R2R3R4_LDP.confLR_R1R2R3R4_iBGP_eBGP.confLR_R1R2R3R4_iBGP_eBGP_LocalAccount.conf
  19. 19. Lab Time9/24/2012 Confidential | Copyright 2012 Trend Micro Inc. 23

×