Olive

From JuniperClue

This page contains undocumented or unsupported information. Use caution and common sense, as the information herein may pose a greater risk of triggering bugs, voiding warranties, or damaging equipment than other material on this site. See our disclaimer for more information.

The Olive

What is an Olive?

The Olive (Olea europaea) is a species of small tree in the family Oleaceae, native to coastal areas of the eastern Mediterranean region. The natural wild Olive is a small tree or shrub to 8 m tall with rather straggling growth and thorny branches. The leaves are opposite, oblong pointed, 4-10 cm long and 1-3 cm broad, dark greyish-green above and, in the young state, hoary beneath with whitish scales. The small white flowers, with four-cleft calyx and corolla, two stamens and bifid stigma, are borne generally on the last year's wood, in racemes springing from the axils of the leaves. The fruit in the wild plant is small drupe 1-2 cm long, and the fleshy pericarp, which gives the cultivated olive its economic value, is comparatively thin.

No really, what is it?

Olive is also the codename name given to JUNOS software running on an PC rather than a Juniper router. A common misconception is that Olive is some sort of "special software", but it is actually ordinary JUNOS software running on a PC of similar specifications to a Routing Engine, with no forwarding hardware (or PFE) attached. If you took a Routing Engine out of a Juniper router and booted it in a blade server chassis, it would effectively be an Olive.

Juniper originally developed Olive functionality as a software development platform, before its hardware product was fully implemented. It is not intended as a "router simulator", and has never been a supported product, or intended for use by the general public in any way. At one point it was used by Juniper internally for lab work, but has largely been phased out of this role with the availability of low-end hardware based platforms such as the M5.

The most common use of the Olive platform is for creative and unix-competent hackers to learn the JUNOS CLI on a low-cost platform. It is capable of forwarding a small amount of traffic, but does not support many of the features found on real Juniper routers. Essentially the forwarding on an Olive is the same as routing traffic via your fxp0 or em0 management interface on a real Routing Engine.

Ok so why all the secrecy?

Juniper's official position is that Olive does not exist. Considering that Olive is an unsupported and unsupportable platform using "free" (aka illegally licensed) software, this is not an unreasonable official position. Olive is essentially a hackers platform, with absolutely no support of any kind, and it is not suitable for any type of commercial use. If you are in any doubt, or if you are not able to figure it out, you should invest in a low-cost platform such as J-Series instead.

It is also important to remember that Olive exists because Juniper allows it to exist, and is a testament to the mutual respect between the extremely knowledgeable developer and user bases. If the Olive platform became widely abused, Juniper could easily add additional software checks to prevent it from working. Please do not abuse this feature by doing stupid things like contacting JTAC for support on an Olive, or selling illegal copies of the software as "router simulators". This type of activity is likely to have serious legal consequences and/or provoke a justified response from Juniper, so just don't do it.

Installation instructions

Beware: There Are No Olives!

"True" Olive : Hardware requirements

You need a generic PC with at least one Intel EtherExpress Pro/100B network card, an IDE hard disk and at least 128MB memory. JunOS 5.x and 6.x install fine on a Pentium. JunOS 7.x seems to require a Pentium II and a minimum 196MB to install (All together now...Somebody please give me some more memory! - aborting the memoryhungry installation means you'll have to start the FreeBSD install all over again). Following installation though, will run fine with just 48MB.

Network Cards

You must have the right network cards!

It's crucially important to have the right network cards. You can't just use any old one. You can use the Intel support website to identify their adapters.

Network cards that do work:

• Intel EtherExpress Pro/100 and Pro/100B (82558 / 82558B chipset)
• Intel EtherExpress Pro/100+ Management Adapter (82559 chipset)
• Intel Pro/1000MT Desktop Gigabit Adapter
• Intel Pro/1000MT Dual Port Server Adapter (FW82546EB chipset)
• Intel ICH3 Onboard Controller (82801CAM)
• Compaq NC3120 (82258 chipset)
• Compaq NC3121 (82558B chipset)
• Matrox QS-NIC Quad FE NIC (8255x chipset)

JunOS 4.x had support for DEC 21x40 network cards so you could install it under VMware.

Network cards that don't work:

• Intel 82557 chipset based cards (detected as fxp interfaces, but link won't come up)
• 3Com 905B-TX

Tip: If you get an error similar to "fxp0: Multicast addr command failed", and find your network cards don't actually pass traffic, try enabling "PCI Bus Mastering" in the BIOS. Some machines have this disabled by default.

Virtual Olive : JEMU

Why JEMU ? Because we use Qemu to emulate JUNOS and the emulation of the PIX (which use Qemu too) is called PEMU --> JEMU ;-)

VMware

Allthough some people say you can't, you actually can run JunOS on VMware:

• Create a new virtual machine
• Edit your *.vmx file and add ethernet0.virtualDev = "e1000". With this line, VMware will emulate an Intel network card, and FreeBSD/JunOS will detect it as em interface.
• Go to your VM settings -> hardware and add a serial port
• Install it as usual.

/* Unfortunately Multicast doesn't work with the virtual Intel driver of VMware. So it is not possible to use neatly protocols like OSPF, IS-IS, ...

• /

rwayan has written a patch for Olive in VMWare. http://www.netemu.cn/bbs/thread-7417-1-1.html if you don't know the detail learn chinese please...

0. ungrade your olive into JunOS 8.5 R1.14

1. download the attachment in http://www.netemu.cn/bbs/thread-7417-1-1.html

2. put it into olive's /boot/modules

3. boot Olive with single mode

  input <space> than input 'boot -s' at bootloader

4. load the patch

  input 'kldload syscall' or 'kldload ./syscall.ko' in single mode shell where you put the patch

5. back to multiuser mode

  input "Ctrl+D" in shell

6. login and active the patch

  input 'sysctl dev.em.0.fix_em_multicast=1' after login
  if you have more network card active them all
  'sysctl dev.em.1.fix_em_multicast=1' 
  'sysctl dev.em.2.fix_em_multicast=1' 
  .....

7. Play with it.

if you confuse to do above, now you can download a virtual machine(running in Vmware）from http://www.one-tom.com/bbs/viewtopic.php?f=87&t=5002

that no need any install and you can get 2 installed olive.

ospf tesed

isis tested

rip tested

P.S.

The patch is upgraded with Logical Router support.

Qemu

What is working :

Procedure of installation :

• Download last version of Qemu for Windows (~VMWare) on this site : [1]

• Download OpenVPN to create TAP interface : [2]

• Download FreeBSD 4.4 mini : [3]

• Download a version of JUNOS < 7.4
• Download modify version of qemu (version with the good Intel driver : i82559er) = JQEMU : [4] (it's necessary to subscribe to the forum to download the file). Take the second one.

Installation of Qemu :

Unzip official package of Qemu and copy in this directory the JQEMU executable (jqemu.exe).

Creation of the Olive :

Use the tool : "qemu-img.exe" to create an image.

qemu-img.exe create olive.img 2G

jqemu.exe -L . -m 256 -hda olive.img -cdrom FreeBSD4.4-mini.iso -boot d -localtime

Install FreeBSD and JUNOS like it is explain below.

Official source tree of QEMU

Since previous entries in other wikis, qemu's main tree has all of the support on the ethernet adapter side, multicast side, etc, to work natively out of the box.

As of 0.9.1, Stefan's multicast code has a check which i'm still decoding to solve properly that exits nic_receive before multicast frames make it to the CPU. I'm no developer, but this simple workaround will enable native qemu without any patch files, shady chinese translated forums, or modifications of jemu code.

Obtain the qemu source from the project website. The file hw/eepro100.c as of 0.9.1 has this line in the function nic_receive, comment the 'return' out.

       int mcast_idx = compute_mcast_idx(buf);
       if (!(s->mult[mcast_idx >> 3] & (1 << (mcast_idx & 7)))) {
               //Commented out by JP Senior (sartan) Wed June 23 2008, this needs to be fixed
           //return;
       }
       rfd_status |= 0x0002;

there is a 'return'.

Comment this out, compile, and multicast will work properly. Stefan from this qemu-devel mailing list entry is already working on the fix, http://www.mail-archive.com/qemu-devel@nongnu.org/msg11306.html

To run this, simply run qemu normally:

sudo ./qemu-system-x86_64 -hda /opt/kvm/JunOS/olive.img -cdrom /home/storage/apps/bsd/4.4-mini.iso -net nic,vlan=0,model=i82551 -net tap,vlan=0,ifname=tap0,script=no -serial telnet::1001,server,nowait -localtime -m 196 -L /usr/share/qemu

--Sartan 21:05, 23 June 2008 (UTC)

Creation of the TAP interface :

Install OpenVPN. During the installation install only "TAP-Win32 Virtual Ethernet Adapter" and "Add Shortcuts to Start Menu". To create an interface click on the menu : "Add a new TAP-Win32 virtual ethernet adapter". Rename the TAP interface on this way : "tap1", "tap2", ...

Note: Some operating systems will strip multicast traffic from tap interfaces and bridges

From http://www.linuxfoundation.org/en/Net:Bridge#No_traffic_gets_trough_.28except_ARP_and_STP.29 No traffic gets trough (except ARP and STP)

Your kernel might have ethernet filtering (ebtables, bridge-nf, arptables) enabled, and traffic gets filtered. The easiest way to disable this is to go to /proc/sys/net/bridge. Check if the bridge-nf-* entries in there are set to 1; in that case, set them to zero and try again.

# cd /proc/sys/net/bridge
# ls
bridge-nf-call-arptables  bridge-nf-call-iptables
bridge-nf-call-ip6tables  bridge-nf-filter-vlan-tagged
# for f in bridge-nf-*; do echo 0 > $f; done

--Sartan 21:05, 23 June 2008 (UTC)

Use of JEMU :

Example with 2 interfaces:

jqemu.exe -L . -m 48 -hda Olive.img -serial telnet::1001,server -localtime 
-net nic,vlan=0,macaddr=00:aa:00:00:01:01,model=i82559er -net tap,vlan=0,ifname=tap1 
-net nic,vlan=0,macaddr=00:aa:00:00:01:02,model=i82559er -net tap,vlan=0,ifname=tap2

JEMU will start when you do a telnet : "telnet 127.0.0.1 1001"

To install JEMU on Linux, there is some interesting information here : http://www.internetworkpro.org/wiki/Using_QEMU_with_Olive_to_emulate_Juniper_Routers.

Installation instructions

You need a copy of the jinstall tgz package for the version you want to install. It's often rumoured that the Olive jinstall is a "special" jinstall file, but no, it's the same jinstall as you'd load on your M&T series routers. Obviously, installing this somewhere else than in a Juniper router you have a support contract for is not allowed.

Install FreeBSD 4.x on it according to the instructions below.

Partition layout

ad0a    /
ad0b    swap
ad0e    /config
ad0f    /var

After installation

rm /dev/wd0c ; ln -s /dev/ad0c /dev/wd0c
mkdir /var/etc
touch /var/etc/master.passwd; touch /var/etc/inetd.conf; touch /var/etc/group
pkg_add jinstall-xxx.tgz
reboot

Configure from console (serial line) as a normal Juniper. Once your IP is up and running, you can manage the router remotely using telnet or SSH.

Dual Booting JunOS and FreeBSD

Create at least two separate partitions, or use two separate hard drives. The first partition should be labeled with the layout above -- this will be the JunOS installation target. The second partition can be laid out however you wish and will be the installation target for FreeBSD. Install a fresh installation of FreeBSD on both partitions. After this is complete, boot the instance of FreeBSD that is on the second partition. Keep the FreeBSD install CD handy, as you'll need it again later.

Edit /etc/fstab and add the following entries to allow you to access the JunOS partitions from the FreeBSD instance:

/dev/ad0s1a             /JunOS          ufs     rw              2       2
/dev/ad0s1e             /JunOS/config   ufs     rw              2       2
/dev/ad0s1f             /JunOS/var      ufs     rw              2       2

Compile or install the GNU GRUB boot manager. Install the GRUB stage-1 and stage-2 boot loader images int /JunOS/boot/grub. Install the below snippet (edit as needed) as menu.list in /JunOS/boot/grub. This instace has JunOS installed on the first hard drive, and FreeBSD on the second.

# Boot automatically after 10 secs.
timeout 10
# By default, boot the first entry.
default 0
# Fallback to the second entry.
fallback 1
# JUNOS ( bootloader )
title JunOS
root (hd0,0,a)
kernel /boot/loader
# FREEBSD
title FreeBSD
root (hd1,0,a)
kernel /boot/loader

Install grub to the main boot sector.

# grub
grub> find /boot/grub/stage2
grub> root (hd0,0,a)
grub> setup (hd0)

Once Grub has successfully installed, ensure you can boot from both instances. Save the contents of /JunOS/boot/grub in a tar file for later.

tar cvzpf /root/Grub-backup.tar.gz /JunOS/boot/grub

Install the GNU GRUB boot manager from source or the ports collection. Install the jinstall package as above, and allow the Olive instance to fully boot. Once this is working, re-insert the FreeBSD install CD. As the FreeBSD install CD is loading the FreeBSD kernel, hit the spacebar repeatedly to bring up the boot loader from the CD. You should be at the OK prompt at this point. Enter lsdev to find the disk and partition that still has FreeBSD on it. Enter

set currdev=[boot disk and partition] 

to boot back into your FreeBSD install. From the root directory, untar your Grub backup, and then go through the Grub install process again. At this point you should have a dual booting Olive/FreeBSD machine.

Issues with JunOS post release 7.4

Versions of JunOS newer than 7.4 will fail using the above method with an "ELF binary type "0" not known" error. This is due to a binary in the distribution called checkpic which will not run and will cause the pkg_add to bomb out. In order to allow newer versions to install you can replace the checkpic binary with /usr/bin/true. checkpic is located in the pkgtools.tgz archive inside the jinstall archive. If you untar the jinstall archive, do the the same to the pkgtools archive and replace the file then tar them all back up again you will be able to complete the installation following the steps above with your modified jinstall package.

Another alternative is to install JunOS 7.4 or prior on your olive and then upgrade to a post release 7.4 installation from the CLI using request system software add <package name>.

Tested and working

• Versions:
  • 5.1R4.3 (install)
  • 5.2R1.4 (install)
  • 5.2R3.4 (as upgraded from 5.2R1.4)
  • 5.4R1.3 (install)
  • 7.2R1.7 (install)
  • 7.2R2.4 (install)
  • 7.2R3.3 (install)
  • 7.3R2.9 (upgraded)
  • 7.6R1.9 (install)
  • 8.0R1.9 (install)
  • 8.1R1.5 (install)
  • 8.4R1.13 (upgraded)
  • 8.5R1.13 (upgraded/install)
  • 8.5R1.14 (upgraded)
  • 8.5R2.10 (upgraded)
  • 9.0R1.10 (upgraded from 8.5R2.10) Note: The 9.0 JunOS kernel hangs on VMWare
• IPv6
• Telnet, FTP, SSH
• Syslog
• NTP
• RIP
• OSPF (on fxp0.0 too)
• IS-IS
• BGP
• MP-BGP
• MPLS L3-VPN (seems to require "vrf-table-label" configured to actually pass traffic)
• IGMP (v1, v2, v3)
• DVMRP
• PIM (Dense, Sparse, Sparse-Dense)
• PIM RPs (Static, Auto-RP, Bootstrap)
• PIM Encapsulator (and Decapsulator) - i.e. no Tunnel Services PIC required
• MSDP
• SAP
• SNMP
• GRE tunnels
• GRE tunnels with MTU requiring fragmentation and reassembly
• VLAN tagging (fxp0 interfaces support unit 0 only though...)
• Routing between tunnels
• Routing between VLANs
• Routing through fxp0
• Firewall filters
• Filter Based Forwarding
• Multiple fxp interfaces (tested with up to 4 single, 4 dual and a quad etherexpress pro 100 -- note you need a pci bridge and as many ethernet controllers as there are ports; if you have 2 ports but only one controlling chip they won't work)
• em (intel pro 1000) interfaces (tested with up to 6 e1000 on 7.5. 7.2R2.4 works as well, but only for one NIC I found so far, described as "Intel Pro/1000MT Desktop Gigabit Adapter")

Tested and apparently not working

• Policer Filters (fxp interfaces don't measure realtime traffic rates)
• Modifying MTU (missing commands)
• MTU larger than 1500 on fxp0 (including any additional headers like 802.1q, MPLS etc.).

Rumours say that reason for this is that The Vendor's fxp0 driver is from the time of first-generation eepro cards which had issues with oversized frames, and there has been no need for an update.

• VLANs on em0
• Multiple VLANs on em interfaces (only unit 0 supported)
• "show chassis" commands. Returns error: "Unrecognized command"
• Aggregated Ethernet (missing commands)
• Traffic sampling on fxp interfaces (Doesn't generate any errors, simply doesn't work)
• Port mirroring (requires traffic to transit a PFE).

When issuing "set forwarding-options sampling output interface fxp0", returns: "error: interface: 'fxp0': Must be a monitoring or service interface"

• MPLS L2 VPN and L2 Circuits (Draft Kompella and Draft Martini) - cannot set the required physical encapsulation type on an fxp interface (e.g. "set interfaces fxp0 encapsulation vlan-ccc" command missing)
• Class of Service (CoS) configuration on fxp interfaces.

Adding any configuration under the "class-of-service interfaces" stanza for fxp interfaces gives the error:

COSD_PARSE_ERROR: [edit class-of-service interfaces fxp0]

interfaces fxp0

Cannot configure class-of-service on interface fxp0.