The Junosphere Experience, Part Two – Using Junosphere

In the previous article, I described the steps I went through to get access to Junosphere. It wasn’t smooth, but it worked. In this post, I’ll take a look at the actual experience of using Junosphere.

Please, allow me a moment to get this off my chest first. I promise there will be no more rants after this, cross my heart and hope to die. Don’t read the following box for an impartial and objective review that follows, but I have to write it.

The Only Rant
If there is something more unnerving than the inoperational service, it’s the support of the company that sold you the service that is not aware how the service works, how to escalate and assist you. I won’t even go into knowing how to spell the name of it.

It becomes downright offensive when the service is time-based and you’re told that there are no engineers to take the case now because it’s too late. It has now been more than 14 hours since my first Junosphere 24-hour session started, didn’t work and I opened the case. There was no follow-up.

I understand that this product is a very low priority for company used to making millions in sales and not $50, but why bother in the first place then? If the service is offered, called v2.0, fully supported, I expect that any outage during an active, timed session, is treated as a top priority. After all, I paid for the exact amount I was asked to. I didn’t set the price.

That’s it, rant’s done.

The second thing I have to say outright is this: Junosphere is not Olive. Since that was my primary fear, I now rest assured that using Junosphere would be much better and more fulfilling experience than Olive. Let’s dive in!


At this point, I need to introduce some Junosphere terminology, which I haven’t seen explained elsewhere. It is essential to understand these terms to effectively use the service.

Once your order has been processed, you received the codes and registered them to your CSC account, you are provisioned with a bank of virtual machines. This bank has a serial number, which you will need to get support from JTAC.

Using the virtual machines in the bank, you create one or more sandboxes of a certain capacity. These sandboxes contain virtual machines from the bank. Interestingly, virtual machines can be VJX routers running Junos, hosts running CentOS and some other things. Once you create a sandbox, you can schedule a reservation with the assigned capacity.

In some of the documentation examples, I’ve seen Spirent VMs being mentioned, which means we could possibly try and generate some real traffic in the sandbox. I have not tried this personally.

Reservations are active sandbox sessions. When scheduling a reservation, you can choose how many VMs from a sandbox you wish to activate and when. The duration of the reservation is fixed to 24 hours from the start time of the reservation.

Fixed Timeslots
24-hour reservation is quite possibly the biggest limitation with the service. Very often, engineers, designers and architects need quick access for proof-of-concept for only couple of hours. Very rarely are 24 contiguous hours used for hands-on work.

To make Junosphere even more popular and successful, I believe Juniper should consider making reservations in more meaningful time-slots, like 2, 4 or 8 hours. That way, a service would become an absolute hit. As it is right now, I was very reluctant to actually start a reservation, knowing I would be wasting at least ¾ of the allocated time.

The username and password to access Junosphere is used only to provision banks, sandboxes and other users. If you wish to have multiple users have the access to the pre-provisioned sandbox, you can create multiple users and passwords to provide them with access to your Junosphere. This is an unexpected and a very welcome twist. It does make using Junosphere a bit more complex, but not by much.

Libraries and Topologies
The meat of the service is a topology. Topologies are the virtual networks using a capacity from a sandbox. You can use entire sandbox, or just couple of VMs. Topology definitions are specified in file sets, which can be uploaded to Junosphere, or saved from your active topologies. Different topologies are organized in libraries, which can be global, per-sandbox, or per-user. All a bit too complicated to explain, but once you see it it works (if you ever used a computer with folders before, that is). I will explain topology file sets in a separate post later.

Active Topology
Active topology is the actual running topology in a sandbox. Using web-based SSL VPN connector, you can access any active VMs using tools like telnet, SSH, etc.

Junosphere Web UI

The main Junosphere user interface is accessible through the following link: Once there, you are presented with a simple login screen.

Username and password are provided in the confirmation e-mail Juniper sends you once your bank has been provisioned and your Junosphere account registered. After the log-in, you will be presented with couple of click-through EULA screens and then the main interface shows up. It’s fairly intuitive to understand, once the various terminology issues have been cleared up. All in all, it took me only a few hours to get going with my first topology.

Here is a sample snapshot of a Library with two topologies I defined and a context-menu for controlling one of them.

Clicking on “Start Topology” will initiate a process that powers up virtual machines in your topology. This will take several minutes and you can track the progress by opening a rollbar menu called “Active Topology”. You will also be able to see any error messages in the Details tabs. Keep an eye on this, since error messages could be from a wrongly defined topology file!

Connecting to Your Topology

Once your topology is up and running, it’s very easy to connect to it. Here’s a snapshot of the active topology.

On the picture above, all you have to do is click on “Join”. Doing that will open a popup window, which in turn will start a Java applet to establish SSL VPN to your active topology.

These are a few useful requirements your workstation must meet to use the topology:

  • Java must be installed and operational. It works on OSX Lion with the latest updates as of February 11, 2012.
  • Junosphere seems to be using self-signed certificates, make sure they are accepted and trusted by your Java.
  • Browser must be configured to allow popup windows from the main Web UI.

Once the VPN connection is established successfully, the only thing you will see is a java application “Network Connect”. It’s a useful thing to see, since you can tell if your connection got interrupted for whatever reason.

At this point, you can access your topology, using either predefined credentials, or the ones you configured for your topology. Accessing your routers can be done either through their management interface, or by telnetting to the emulated console port. I prefer the console port access, but you are free to use whatever. IP addressing is nicely provided in the active topology rollbar menu, in the “Virtual Machines” tab.

Once you’re on the router, it’s business as usual Junos :-).

markom@R1> show chassis hardware detail
Hardware inventory:
Item             Version  Part number  Serial number     Description
Chassis                                JN111863EADB      VJX1000
System IO       
Routing Engine                                           VJX1000
  ad0    1953 MB  QEMU HARDDISK        QM00001           Hard Disk
FPC 0           
  PIC 0         
Power Supply 0  

I had to chuckle a little bit at the QEMU bit. It looks like it is Olive on steroids. Of course, a major difference being that unlike home-built Olives, these routers do have an actual software PFE. Fun all around!

She is not 100% certain I’ve lost my mind, but I’m sure it’s slowly but surely dawning on her.

  1. Thanks, Marko for this informative post. I am exploring Junosphare now. Some questions,

    You said you can telnet to the virtual machines. Is this through JavaApplet or a regular telnet tool on my machine. Acutally, I am interested to know: do those machine provide public IPs (or domain names) for access from the internet? Like the Amazon EC2 does? Thanks,

    • As far as I know, there is no outside access without the VPN connection. You could always open a case with Juniper to ask them directly. It would be an interesting thing to learn for sure! :-)

    • As Marko said, you use Juniper’s SSL VPN to connect to your lab.

      You also have the option of purchasing a connector license which allows the ability to connect your Junosphere lab to the outside world.

      • Ah yes, that’s true, I forgot about that. If I’m not much mistaken, it’s also done through a breakout VPN connection through a VM on your host machine, but there is that possibility. Then again, it’s just a pre-configured VPN VM.

        • I’m honestly not 100% sure how it works. I do know though that in one of their initial big trials, a certain large SP was doing real-world BGP peerings over the Internet.

          BTW, apparently a new dashboard was released last week. I haven’t seen it yet, though.

        • Thanks, guys, very helpful. I think buying connector will be good choice to me, because I am going to write code that is sitting on development machine, and talk to the tab.

Leave a Comment

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>