Sunday, March 09, 2008

Olive for JNCIE

After my first post about Olive, many people sent me email asking how to use it to set up the lab so they can study JNCIE. I need to explain in here that I haven't started the JNCIE journey yet. I have not even read any JNCIS or JNCIP books. I have been busy working on several migration projects in few different countries at a time and some of them have CRS (yes boys, CRS boxes are coming more and more to South East Asian countries!). So I thought I should focus on the first picture in my targets before I move to the next one.

But I remember when I met Olive the first time and played with it for a while, I told myself there should be several different ways in using this emulator to make me able to practice for JNCIE lab. So I'm sharing those here, and if you are in the middle of the journey, please provide your feedback whether all features required in lab can be tested with my ways.

This topology drawing is taken from JNCIE study guide.


As you can see, there are 7 core routers in the middle, 4 routers for external AS, and 1 router called Data Center. Most of the links are point-to-point. Knowing this fact, I believe we just need 1 ethernet interface (2 if you want OOB) for each router and we should be able to use logical interface with dot1q trunk and VLAN tagging to distinguish one point-to-point link with the others. So it will look like as the next drawing taken from the same book:


There won't be serial interfaces, and I don't think it will make any difference in the lab since we don't run Non Broadcast Multiple Access over serial such as frame-relay. I'm not sure if PPP features are part of the lab but in Cisco I can run PPP over Ethernet (PPPoE) and I can test the dial-on-demand or PPP authentication feature with it. So using a single dot1q trunk interface for each router and mark the same VLAN number on both routers that need the point-to-point connection should provide us the same output with one physical interface per router for each point-to-point link.

So here are the alternatives for setting up JNCIE Olive lab. I like to use the numbering similar with the options in MPLS inter-AS. And just like in inter-AS, option 3 below is the most interesting :))

JNCIE Lab Option 1: 1 PC for 1 router, multiple NICs
I have a friend who has passed JNCIE with this way. So he bought many used and obsolete PCs, it's old Pentium and but good enough to run FreeBSD with JunOS. Since it was cheap for him to purchase multiple NIC cards, he followed the topology by using direct ethernet point-to-point link even he must provide 6 ethernet ports for some of the PCs. He said all features required in the lab work when running JunOS directly on FreeBSD (no vmware or qemu). So this option is the most straight-fotward and proven to work (he passed, right?) and it doesn't require a switch since each PC will connect directly to each other (except for R1,R2 and P1 in the drawing above that can be connected using cheap hub).

JNCIE Lab Option 2: 1 PC for 1 router, 1 NIC
Similar with option 1 but using only 1 NIC for each PC. As I mentioned above, we should be able to use only a single NIC for each PC by make it as dot1q trunk and put the same VLAN ID on the logical interface for two routers that need to talk to each other. So we need to connect all the routers to a switch. You may want to use Cisco switch since Juniper has not shipped their switch yet heheh

JNCIE Lab Option 3a: 1 PC with Qemu, multiple instances
In this world, people always try to find the better way, and cheaper way, to achieve the goal. So why bother to buy multiple PCs if we can run JunOS using qemu with virtual Tap interfaces? So the idea is to run multiple Olive with qemu, and assign one Tap interface to each instance. Then we need to make sure all the interfaces are connected to one virtual switch, in Windows it's called Network Bridge.

So after we create multiple Tap interfaces in Windows using Step 2 in my previous post, we need to put all of them into the bridge in Windows Networking Setup. Just right click the interface and select "Add to Bridge" you should see it will be moved under Network Bridge.


Then when we start qemu, or jqemu, assign the interface into a single VLAN ID. The idea is to have all interfaces in a single VLAN, then later on the separation between each point-to-point link is done in JunOS logical interface configuration with dot1q and unique VLAN ID per link.

Note: I found out that I'm not able to launch multiple qemu instances in Windows if I try to execute it from a single folder. So what I did I create multiple folders and launch Olive from each.

Example, Olive instance 1 is launched with this option:

C:\qemu> jqemu.exe -L . -m 64 -hda Olive.img -serial telnet::1001,server -kernel-kqemu -localtime -net nic,vlan=1,macaddr=00:aa:00:00:01:01,model=i82559er -net tap,vlan=1,ifname=Tap1

Then the 2nd instance is launched from another folder with the next Tap interface but same VLAN option as previous:

C:\qemu2> jqemu.exe -L . -m 64 -hda Olive.img -serial telnet::1002,server -kernel-kqemu -localtime -net nic,vlan=1,macaddr=00:aa:00:00:02:02,model=i82559er -net tap,vlan=1,ifname=Tap2

Two Qemu windows will pop up and obviously we need another 2 DOS prompts to telnet to localhost port 1001 and 1002 to access our Olives. Once we login to Olive, both will have interface fxp0 and let's say we configure 10.1.1.0/30 for both interfaces without logical interface first, just to test the connection:

[edit]
root# edit interfaces fxp0 unit 0 family inet address 10.1.1.1/30

After we commit the changes we should be able to ping each other:

[edit]
root# run ping 10.1.1.2

PING 10.1.1.2 (10.1.1.2): 56 data bytes
64 bytes from 10.1.1.2: icmp_seq=0 ttl=64 time=1.937 ms
64 bytes from 10.1.1.2: icmp_seq=1 ttl=64 time=0.843 ms

This means the bridging between 2 Tap interfaces in Windows networking is working. Now we can create logical interface (unit) and assign different VLAN ID. We must enable vlan-tagging (dot1q) first then let's create VLAN 20 with 20.1.1.0/30 and VLAN 30 with 30.1.1.0/30. Remove the previously configured unit 0 logical interface since it's not tagged.

[edit]
root# delete interfaces fxp0 unit 0

[edit]
root# set interfaces fxp0 vlan-tagging

[edit]
root# set interfaces fxp0 unit 20 vlan-id 20 family inet address 20.1.1.1/30

[edit]
root# set interfaces fxp0 unit 30 vlan-id 30 family inet address 30.1.1.1/30

[edit]
root# run show configuration interfaces
fxp0 {
vlan-tagging;
unit 20 {
vlan-id 20;
family inet {
address 20.1.1.1/30;
}
}
unit 30 {
vlan-id 30;
family inet {
address 30.1.1.1/30;
}
}
}

Once we commit the changes, we should be able to ping both network address. So those are our 2 point-to-point links between 2 routers. Now, let's run OSPF routing area 0 between VLAN 20.

[edit]
root# set protocols ospf area 0.0.0.0 interface fxp0.20 interface-type p2p

root# run show ospf interface
Interface State Area DR ID BDR ID Nbrs
fxp0.20 PtToPt 0.0.0.0 0.0.0.0 0.0.0.0 1

root# run show ospf neighbor
Address Interface State ID Pri Dead
20.1.1.2 fxp0.20 Full 20.1.1.2 128 32

Let's create loopback interface with 100.1.1.1/32 on the first router and 100.1.1.2/32 on the second router and advertise this into OSPF area 0 for testing.

[edit]
root# set interfaces lo0 unit 0 family inet address 100.1.1.1/32

[edit]
root# set protocols ospf area 0.0.0.0 interface lo0 passive

After commit, we should be able to see this route is learned as intra-area:

[edit]
root# run show ospf route
Prefix Path Route NH Metric NextHop Nexthop
Type Type Type Interface addr/label
100.1.1.2 Intra Router IP 1 fxp0.20 20.1.1.2
20.1.1.0/30 Intra Network IP 1 fxp0.20
100.1.1.1/32 Intra Network IP 0 lo0.0
100.1.1.2/32 Intra Network IP 1 fxp0.20 20.1.1.2

We can even try to move the loopback interface to different area just to verify the OSPF:

[edit]
root@Jrocks# delete protocols ospf area 0 interface lo0.0

[edit]
root@Jrocks# set protocols ospf area 1 interface lo0.0 passive

You can see now the peer router loopback address is learned as inter-area:

root# run show ospf route
Prefix Path Route NH Metric NextHop Nexthop
Type Type Type Interface addr/label
100.1.1.2 Intra Area BR IP 1 fxp0.20 20.1.1.2
20.1.1.0/30 Intra Network IP 1 fxp0.20
100.1.1.1/32 Intra Network IP 0 lo0.0
100.1.1.2/32 Inter Network IP 1 fxp0.20 20.1.1.2

Now let's put the interface of VLAN 30 into OSPF area 1

[edit]
root# set protocols ospf area 1 interface fxp0.30 interface-type p2p

As you can see now we have established 2 OSPF neighbors:

[edit]
root# run show ospf neighbor
Address Interface State ID Pri Dead
20.1.1.2 fxp0.20 Full 100.1.1.2 128 34
30.1.1.2 fxp0.30 Full 100.1.1.2 128 31

And if you check the routing table, obviously the 100.1.1.2/32 now is learned as intra-area route again:

root# run show ospf route
Prefix Path Route NH Metric NextHop Nexthop
Type Type Type Interface addr/label
100.1.1.2 Intra Area BR IP 1 fxp0.30 30.1.1.2
20.1.1.0/30 Intra Network IP 1 fxp0.20
30.1.1.0/30 Intra Network IP 1 fxp0.30
100.1.1.1/32 Intra Network IP 0 lo0.0
100.1.1.2/32 Intra Network IP 1 fxp0.30 30.1.1.2

Note: Some people sent me email saying they can't run multicast with qemu. I haven't tested PIM or other multicast protocols but when I changed the OSPF type in VLAN 30 to broadcast, by not using the point-to-point interface type option, I can form neighborship:

[edit]
root# run show ospf neighbor detail
Address Interface State ID Pri Dead
20.1.1.2 fxp0.20 Full 100.1.1.2 128 34
Area 0.0.0.0, opt 0x42, DR 0.0.0.0, BDR 0.0.0.0
Up 00:19:23, adjacent 00:19:23
30.1.1.2 fxp0.30 Full 100.1.1.2 128 39
Area 0.0.0.1, opt 0x42, DR 30.1.1.2, BDR 30.1.1.1
Up 00:01:25, adjacent 00:00:42

[edit]
root# run show ospf interface detail
Interface State Area DR ID BDR ID Nbrs
fxp0.20 PtToPt 0.0.0.0 0.0.0.0 0.0.0.0 1
Type: P2P, Address: 20.1.1.1, Mask: 255.255.255.252, MTU: 1496, Cost: 1
Adj count: 1
Hello: 10, Dead: 40, ReXmit: 5, Not Stub
Auth type: None
fxp0.30 BDR 0.0.0.1 100.1.1.2 100.1.1.1 1
Type: LAN, Address: 30.1.1.1, Mask: 255.255.255.252, MTU: 1496, Cost: 1
DR addr: 30.1.1.2, BDR addr: 30.1.1.1, Adj count: 1, Priority: 128
Hello: 10, Dead: 40, ReXmit: 5, Not Stub
Auth type: None

I tried to configure RIP as well and it works too. So I guess multicast-based protocol should work, but please let me know if you find it otherwise.


JNCIE Lab Option 3b: 1 PC with Qemu, single instances
So you think making multiple folders is not good enough for you? You don't like the previous option since you must allocate memory for each instance? Alright, here is another option that I got from my Chinese friend who's been helping me setting this up: Running only a single Qemu instance but with logical router feature inside JunOS. And each logical router will take one fxp interface, or one Tap interface if you see it from Windows point of view.

So when we start Olive, assign multiple TAP interfaces into this instance. Each logical router will take one fxp interface.

C:\qemu>jqemu.exe -L . -m 192 -hda Olive.img -serial telnet::1001,server -kernel-kqemu -localtime -net nic,vlan=1,macaddr=00:aa:00:00:01:01,model=i82559er -net tap,vlan=1,ifname=Tap1 -net nic,vlan=1,macaddr=00:aa:00:00:02:02,model=i82559er -net tap,vlan=1,ifname=Tap2

Once we are inside Olive, create logical router R1 and R2, then enable vlan-tagging on both fxp0 and fxp1 interfaces.

[edit]
root# set logical-routers R1

[edit]
root# set logical-routers R2

[edit]
root# set interfaces fxp0 vlan-tagging

[edit]
root# set interfaces fxp1 vlan-tagging

Assign IP address and VLAN ID just like how we did in Option 3a, but this time we have to specify the logical router name. Logical-router R1 will use fxp0 while logical-router R2 will use fxp1:

[edit]
root# set logical-router R1 interfaces fxp0 unit 20 vlan-id 20 family inet address 20.1.1.1/30

[edit]
root# set logical-router R1 interfaces fxp0 unit 30 vlan-id 30 family inet address 30.1.1.1/30

[edit]
root# set logical-router R2 interfaces fxp1 unit 20 vlan-id 20 family inet address 20.1.1.2/30

[edit]
root# set logical-router R2 interfaces fxp1 unit 30 vlan-id 30 family inet address 30.1.1.2/30

[edit]
root# run show configuration logical-routers R1
interfaces {
fxp0 {
unit 20 {
vlan-id 20;
family inet {
address 20.1.1.1/30;
}
}
unit 30 {
vlan-id 30;
family inet {
address 30.1.1.1/30;
}
}
}
}

[edit]
root# run show configuration logical-routers R2
interfaces {
fxp1 {
unit 20 {
vlan-id 20;
family inet {
address 20.1.1.2/30;
}
}
unit 30 {
vlan-id 30;
family inet {
address 30.1.1.2/30;
}
}
}
}

When we want to run ping test, specify the logical router name as the source of the ping packet:

[edit]
root# run ping logical-router R1 20.1.1.2
PING 20.1.1.2 (20.1.1.2): 56 data bytes
64 bytes from 20.1.1.2: icmp_seq=0 ttl=64 time=3.010 ms
64 bytes from 20.1.1.2: icmp_seq=1 ttl=64 time=0.453 ms

Configure OSPF Area 0 for VLAN 20:

[edit]
root# set logical-routers R1 interfaces lo0.0 family inet address 100.1.1.1/32

[edit]
root# set logical-routers R2 interfaces lo0.1 family inet address 100.1.1.2/32

[edit]
root# set logical-routers R1 protocols ospf area 0 interface fxp0.20

[edit]
root# set logical-routers R2 protocols ospf area 0 interface fxp1.20

Check the OSPF status and routes:

[edit]
root# run show ospf neighbor logical-router R1
Address Interface State ID Pri Dead
20.1.1.2 fxp0.20 Full 100.1.1.2 128 37

[edit]
root# run show ospf route logical-router R1
Prefix Path Route NH Metric NextHop Nexthop
Type Type Type Interface addr/label
100.1.1.2 Intra Router IP 1 fxp0.20 20.1.1.2
20.1.1.0/30 Intra Network IP 1 fxp0.20
100.1.1.2/32 Intra Network IP 1 fxp0.20 20.1.1.2

Ping R2 loopback address from R1:

root# run ping logical-router R1 100.1.1.2
PING 100.1.1.2 (100.1.1.2): 56 data bytes
64 bytes from 100.1.1.2: icmp_seq=0 ttl=64 time=0.725 ms
64 bytes from 100.1.1.2: icmp_seq=1 ttl=64 time=0.467 ms

Just for fun, put the other logical interface into OSPF Area 1:

[edit]
root# set logical-routers R1 protocols ospf area 1 interface fxp0.30 interface-type p2p

[edit]
root# set logical-routers R2 protocols ospf area 1 interface fxp1.30 interface-type p2p

[edit]
root# run show ospf neighbor logical-router R1 detail
Address Interface State ID Pri Dead
20.1.1.2 fxp0.20 Full 100.1.1.2 128 35
Area 0.0.0.0, opt 0x42, DR 20.1.1.1, BDR 20.1.1.2
Up 00:01:54, adjacent 00:01:54
30.1.1.2 fxp0.30 Full 100.1.1.2 128 35
Area 0.0.0.1, opt 0x42, DR 0.0.0.0, BDR 0.0.0.0
Up 00:00:05, adjacent 00:00:05

[edit]
root# run show ospf interface logical-router R1 detail
Interface State Area DR ID BDR ID Nbrs
fxp0.20 DR 0.0.0.0 100.1.1.1 100.1.1.2 1
Type: LAN, Address: 20.1.1.1, Mask: 255.255.255.252, MTU: 1496, Cost: 1
DR addr: 20.1.1.1, BDR addr: 20.1.1.2, Adj count: 1, Priority: 128
Hello: 10, Dead: 40, ReXmit: 5, Not Stub
Auth type: None
fxp0.30 PtToPt 0.0.0.1 0.0.0.0 0.0.0.0 1
Type: P2P, Address: 30.1.1.1, Mask: 255.255.255.252, MTU: 1496, Cost: 1
Adj count: 1
Hello: 10, Dead: 40, ReXmit: 5, Not Stub
Auth type: None

As you can see, the way to configure Option 3b with logical router is the same with Option 3a except now for all configuration or show command we must specify the logical router name as well.


JNCIE Lab Option 3c: Combination
Option 3c is just combination of all previous options. Use your imagination! The following might give you some idea:

- 1 PC running Olive, without qemu, with multiple NICs to connect to a switch. Then run logical routers and assign 1 NIC to each logical router, and just as Option 3b enable dot1q and use logical interfaces on each logical router.

- 2 PCs or more running Olive, with multiple qemu instances and multiple NICs on each PC to connect to a switch. Then each qemu can take 1 NIC, use dot1q with logical interfaces but no logical router is required. This might be a good case if you have few PCs and each has multiple NICs and able to run only several qemu instances.

- 2 PCs or more running Olive with single qemu instance on each PC, and with single NIC on each PC to connect to a switch. Then in Olive on each PC create logical routers to share that single NIC. To make it easy make sure logical routers in the same Olive are not required to talk to each other, so only to another logical routers in different PC. Obviously that NIC must be configured as dot1q and each logical router will use logical interfaces.

To make it even more granular, we can combine real NICs with TAP interfaces! So if we have 2 PCs or more with single NIC on each PC, 1 PC can run multiple qemu instances, and within 1 PC they communicate each other using TAP interfaces but those qemu instances can connect to another qemu in different PC using real NIC.

And one more thing, actually we can setup point-to-point connection between 2 qemu instances, or between 2 logical routers within 1 Olive/qemu using socket or UDP port! So for UDP, for example, we need to specify the source and destination port in -net option when we define the interface:

C:\qemu> jqemu.exe -L . -m 192 -hda Olive.img -serial telnet::1001,server -kernel-kqemu -localtime -net nic,vlan=1,macaddr=00:aa:00:00:01:01,model=i82559er -net udp,vlan=1,sport=10001,dport=10002,daddr=127.0.0.1 -net nic,vlan=1,macaddr=00:aa:00:00:02:02,model=i82559er -net udp,vlan=1,sport=10002,dport=10001,daddr=127.0.0.1

Sky is the limit!


As I mentioned in the beginning, I haven't started the journey yet so I don't know if all features in the lab can be tested with Olive, especially the option to use qemu multiple instances or qemu single instance with logical routers. So appreciate if you have already tried those options to provide your feedback. Thanks.

Now it's time to go back to IOS XR ;)

17 comments:

Mario said...

Very well done. You are legend!!!

Anonymous said...

Hi,

I don't know how it looks like under VMware/Qemu/other_emu, but when olive runs on its own machine (couple fxps) there is no way to run l2vpn.
Please correct me if i'm wrong.

Have a nice day

G.

RiSing SuN said...

Hey man!!!! u r awesome!!! i were trying to figure out how to run multiple instances...and you showed it as it is an open book. Very clear..very desccrptive...highly recomended for any one who wants to master juniper!!!

Stefan said...

Hmmm.... now why is a guy who works for Cisco preparing for his JNCIE? :)

Robert said...

Thank you!!! I trully appreciate all the hard work you've done to put this together. I finally implemented my JLab using tap interfaces and multiple qemu instances.

As a note, I first tried using sockets to connect the routers to each other. I wouldn't recommend that solution because is unstable. Sometimes works, sometimes doesn't. Also, depends way too much on which one you set up as a listener and which one connects.

udp doesn't seem available in the version of jqemu I'm using in my Windows machine, unless I'm missing something.

Anonymous said...

Hello
first of all i would like to bring many thanks to Himawan!

As i tried to use '-net udp' option it does'nt work on Windows XP, it gives error - "Unknown network device: udp"

And can anyone explain how to interconnect some computers with single NIC and many qemu instances?
i should add to bridge NIC & tap's?

Anonymous said...

I suspect it is possible to run the l2vpn stuff. the command that is referenced as not being available is called incorrectly and is available in qemu. In reference to cluepon the command is 'set interfaces fxp0 encapsulation vlan-ccc" command missing' The actual syntax that is working is 'set interfaces fxp0 unit 0 encapsulation vlan-ccc" This is present and working.

Thanks

MLN

Anonymous said...

1. is-is doesn't work in Olive(jqemu)
2. can't change the MTU on the interface (no command).

and there are many commands that doesn't exist in Olive..

Anonymous said...

Hi

Can anyone tell me, how to create multiple connectivity from One router, Like R1-R2-R3-R1 . I have tried but it is not working. Please let me know....

-Minu

hakim said...

Thanks a lot for the tutorial!

I've tried to run 2 Olive with 2 Tap/fxp interfaces each but Olive couldn't ping each other. When I run 2 Olive with single Tap/fxp interface each, I could ping the other end.

Does anyone know how can I ping each other when they have 2 or more tap/fxp interfaces?

Donn Lee said...

One qemu instance with 2 taps is not working for me. If the taps are in the same bridge "group", jqemu stops suddenly without any error message after a few seconds into the boot-up. If the taps are NOT in any bridge group (just plain taps), the boot-up goes further but eventually crashes. I'm using XP, openvpn 2.0.9, and the jqemu mentioned here.

Donn Lee said...

Oh I should also add my jqemu cmd:

C:\qemu>jqemu.exe -L . -m 256 -hda hd-olive1.img -serial telnet::1001,server -l
ocaltime -net nic,vlan=1,macaddr=00:aa:00:00:01:01,model=i82559er -net tap,vlan=1,ifname=tap1 -net nic,vlan=1,macaddr=00:aa:00:00:02:02,model=i82559er -net tap,vlan=1,ifname=tap2

davedamilan said...

Thanks Pak Himawan, you made a very clear information for me as a beginner who just started learn Junos using Qemu!
i've been looking around inside google searching result,but i can say your tutorial is the best matched with what i need to know. thanks again!

Anonymous said...

Hi,

Jqemu complains that "udp" is unknown network device.

Any advice appreciate.

Other than that everything is working, thank you very much for the great tutorial.

Br,
Alaerte
alaertevidali@gmail.com

niese said...

great article you have here..

Utku said...

perfect!
this is what I've been searching for. great article. now I'm running two QEMU olives, VLAN tagging is working.
thanks for writing.
Utku.

Anonymous said...

Hi Himawan,


How to add another FXP interface at one olive only. I already tried but it failed.