Managing Third-Party Applications
Using Intercept Libraries
Junos OS Evolved can run third-party applications because it runs on native Linux. There are some differences between the way Linux displays requested network topology information such as interface and route data and the way Junos OS displays this information. The CLI is designed to overcome these differences. But typically, third-party applications running on native Linux obtain this information directly from the native Linux sources using shell commands.
Junos OS Evolved uses an intercept mechanism that redirects shell requests for
network topology information to a space where the information can be obtained from
Junos OS. This intercept mechanism is accomplished through intercept libraries,
libsi.so
and
libnli.so
,
that you preload. After you preload the intercept library, certain types of requests
are intercepted and show Junos OS information.
The intercept libraries are optional; they are needed only if the application requires the APIs mentioned in Table 1:
API |
Description |
---|---|
Packet IO and Linux socket APIs |
Ability to send and receive packets over management and/or data interfaces. Standard libc, such as send, receive, listen. |
Ability to use rtnetlink to query networking state like interfaces, routes. |
|
Ability to configure network devices. |
|
Ability to query kernel data structures using standard interfaces provided by Linux kernel. |
|
Junos APIs |
Ability to access Juniper North Bound APIs - NetConf/JET/Telemetry. |
For more information on Juniper Northbound APIs, see the following:
Junos OS Evolved Release 20.1R1 supports the following features:
-
Use the
set system netlink-async-mode
configuration to enable NETLINK_ROUTE asynchronous notifications. This feature is disabled by default. Useshow nsld mode
to show the current netlink asynchronous mode. -
SIOCETHTOOL
ioctl, which can be used by other applications. -
Multipath next-hop route information through netlink route attributes.
Example of a Preloaded Linux Command
An example how the preload directive works follows using the command
ifconfig
, which displays interfaces.
If you preload the ifconfig
command with the intercept library,
Junos OS interface information is returned. Notice that the intercept library
only translates logical interfaces. In this example, because there are logical
interfaces only on lo0 and re0:mgmt-0.0, the output displays only these two
interfaces for the preloaded ifconfig
command.
[vrf:none] user@host_RE0:~# LD_PRELOAD=libnli.so ifconfig lo0_0 Link encap:Ethernet HWaddr 00:00:00:00:00:00 inet addr:128.102.224.244 Mask:255.255.255.255 inet6 addr: abcd::128:102:224:244/128 Scope:Global inet6 addr: fe80::5668:a6f0:6e:b79/128 Scope:Link UP LOOPBACK RUNNING MTU:65535 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) mgmt-0-00-0000 Link encap:Ethernet HWaddr 56:68:a6:6e:0b:79 inet addr:10.102.224.244 Bcast:10.102.239.255 Mask:255.255.240.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1103938 errors:0 dropped:0 overruns:0 frame:0 TX packets:1905 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:85166899 (81.2 MiB) TX bytes:243066 (237.3 KiB)
You can get the same results by running jbash, which is a shell provided with
Junos OS Evolved that preloads libnli.so
and
libsi.so
by default.
Only use jbash to get the network state information. Don’t use jbash as your default shell.
If you issue the command without preloading it with the intercept library, the output shown is from Linux. Notice that the following output is longer than that from Junos OS. Linux does not make the distinction between physical interfaces and logical interfaces that the Junos CLI does.
[vrf:none] user@host_RE0:~# ifconfig -a eth0 Link encap:Ethernet HWaddr 56:68:a6:6e:0b:79 UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:1608443 errors:44 dropped:0 overruns:0 frame:44 TX packets:2652 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:150837081 (143.8 MiB) TX bytes:341675 (333.6 KiB) eth1 Link encap:Ethernet HWaddr 56:68:a6:6e:0b:7e UP BROADCAST RUNNING PROMISC MULTICAST MTU:9600 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:5 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:418 (418.0 B) eth2 Link encap:Ethernet HWaddr 56:68:a6:6e:0b:83 UP BROADCAST RUNNING PROMISC MULTICAST MTU:9600 Metric:1 RX packets:907046 errors:0 dropped:0 overruns:0 frame:0 TX packets:926156 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:70342248 (67.0 MiB) TX bytes:119965968 (114.4 MiB) eth3 Link encap:Ethernet HWaddr 56:68:a6:6e:0b:8d BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) eth4 Link encap:Ethernet HWaddr 56:68:a6:6e:0b:9d UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:1607983 errors:44 dropped:0 overruns:0 frame:44 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:150335380 (143.3 MiB) TX bytes:0 (0.0 B) ingvrf Link encap:Ethernet HWaddr 12:6e:39:d6:5a:64 UP RUNNING NOARP MASTER MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) iri Link encap:Ethernet HWaddr 4e:a2:93:c0:ac:67 inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP RUNNING NOARP MASTER MTU:65536 Metric:1 RX packets:2199380 errors:0 dropped:0 overruns:0 frame:0 TX packets:2216726 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:674308465 (643.0 MiB) TX bytes:735412009 (701.3 MiB) jtd0 Link encap:Ethernet HWaddr 06:50:4e:19:c6:c5 inet6 addr: fe80::450:4eff:fe19:c6c5/64 Scope:Link UP BROADCAST RUNNING NOARP MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:3 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:0 (0.0 B) TX bytes:210 (210.0 B) jtdrop Link encap:Ethernet HWaddr ba:d0:d0:72:7e:eb inet6 addr: fe80::b8d0:d0ff:fe72:7eeb/64 Scope:Link UP BROADCAST RUNNING NOARP MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:3 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:0 (0.0 B) TX bytes:210 (210.0 B) jtdv0 Link encap:Ethernet HWaddr 56:2a:0c:39:f1:5d inet6 addr: fe80::542a:cff:fe39:f15d/64 Scope:Link UP BROADCAST RUNNING NOARP MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:4 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:0 (0.0 B) TX bytes:280 (280.0 B) jtdv50 Link encap:Ethernet HWaddr 56:5e:67:d6:e2:d2 inet6 addr: fe80::545e:67ff:fed6:e2d2/64 Scope:Link UP BROADCAST RUNNING NOARP MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:4 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:0 (0.0 B) TX bytes:280 (280.0 B) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:32 errors:0 dropped:0 overruns:0 frame:0 TX packets:32 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:2144 (2.0 KiB) TX bytes:2144 (2.0 KiB) mgmt_junos Link encap:Ethernet HWaddr 6a:75:4b:20:d0:4e inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP RUNNING NOARP MASTER MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) sit0 Link encap:UNSPEC HWaddr 00-00-00-00-30-30-30-00-00-00-00-00-00-00-00-00 NOARP MTU:1480 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) tunl0 Link encap:IPIP Tunnel HWaddr NOARP MTU:1480 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) vcb Link encap:Ethernet HWaddr 56:68:a6:6e:0b:83 inet addr:176.1.1.1 Bcast:0.0.0.0 Mask:255.255.255.252 UP BROADCAST RUNNING PROMISC MULTICAST MTU:9600 Metric:1 RX packets:907043 errors:0 dropped:0 overruns:0 frame:0 TX packets:924347 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:57643466 (54.9 MiB) TX bytes:118743890 (113.2 MiB) vfb Link encap:Ethernet HWaddr 56:68:a6:6e:0b:7e UP BROADCAST RUNNING PROMISC MULTICAST MTU:9600 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) vib Link encap:Ethernet HWaddr 3e:fb:67:87:16:1a inet addr:128.0.0.4 Bcast:0.0.0.0 Mask:255.0.0.0 inet6 addr: fe80::3cfb:67ff:fe87:161a/64 Scope:Link UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:74 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:3420 (3.3 KiB) vmb0 Link encap:Ethernet HWaddr 56:68:a6:6e:0b:79 inet addr:10.102.224.244 Bcast:0.0.0.0 Mask:255.255.240.0 UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:1602504 errors:0 dropped:0 overruns:0 frame:0 TX packets:2645 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:124666750 (118.8 MiB) TX bytes:340201 (332.2 KiB) vmb1 Link encap:Ethernet HWaddr 56:68:a6:6e:0b:9d UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:1602784 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:124008554 (118.2 MiB) TX bytes:0 (0.0 B) vrf0 Link encap:Ethernet HWaddr ca:12:9e:40:a8:01 inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP RUNNING NOARP MASTER MTU:65536 Metric:1 RX packets:124413 errors:0 dropped:0 overruns:0 frame:0 TX packets:2597 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:19087613 (18.2 MiB) TX bytes:338185 (330.2 KiB) vrf50 Link encap:Ethernet HWaddr 06:de:d7:3d:18:be UP RUNNING NOARP MASTER MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interface Name Translation
One limiting factor to using this intercept mechanism is that Linux interface
naming is incompatible with the Junos OS interface naming. Linux supports
15-byte interface names (15 + null-character); network interface names that
exceed this limit are truncated in outputs. Junos OS logical interface names
could be longer than 15 bytes, for example,
et-0/0/10:2.32767
.
To work around this difference, Junos OS Evolved uses a translation rule (see
Table 2) to
render logical interface names in a Linux-compliant format. The translation
renders a format such as
name-fpcSlot/picSlot/port:channelId.subUnit
to
nn-ffpttccssss
. Using interface names translated
according to this rule, third-party applications can effectively fetch the
topology information from Junos OS.
Only translation of logical interface names is supported, and translation of both channelized and nonchannelized logical interface names is supported.
Value |
Description |
Allotted Space (in bytes) |
Range |
---|---|---|---|
nn |
mapped name bytes |
2 |
|
ff |
fpc in hex |
2 |
0-255 |
p |
pic in hex |
1 |
0-15 |
tt |
port number in hex |
2 |
0-255 |
cc |
channel in hex; use “xx” if not present |
2 |
0-255 |
ssss |
subunit in hex |
4 |
0-65535 |
Except for management interfaces, if the logical
interface name does not have a hyphen (-) in it, the dot
(.) in the name is changed to an underscore (_), for
example: |
|||
For management interfaces, |
See Table 3 for examples of Junos logical interface names and their Linux-compliant forms.
Junos Logical Interface Name |
Translated Linux-Compliant Interface Name |
---|---|
et-1/2/3.4 |
et-01203xx0004 |
ge-1/2/3.32 |
ge-01203xx0020 |
et-1/15/3.4 |
et-01f03xx0004 |
et-1/2/255:6.7 |
et-012ff060007 |
et-1/2/4:5.32767 |
et-01204057fff |
re0:mgmt-1.2 |
mgmt-0-01-0002 |
ae0.1 |
ae0_1 |
irb0.11 |
irb0_11 |
When accessing Junos OS states by preloading libnli.so
, the
interface name in the output is shown as a translated Linux-compliant
interface name. You must also use the translated Linux-compliant interface
name when using it as an argument in a command. The translated
et-01000000000
interface name is used as an argument in
the following example:
[vrf:none] user@host_RE0:~# LD_PRELOAD=libnli.so ifconfig et-01000000000 et-01000000000 Link encap:Ethernet HWaddr 5c:31:b0:35:01:ff inet addr:20.20.20.24 Bcast:20.20.20.255 Mask:255.255.255.0 inet6 addr: 2000:200:20::2/64 Scope:Global inet6 addr: fe80::5e31:b0ff:fe35:1ff/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1514 Metric:1 RX packets:312 errors:0 dropped:0 overruns:0 frame:0 TX packets:156 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:31004 (30.2 KiB) TX bytes:21346 (20.8 KiB)
Caveats for the Intercept Feature
This intercept feature supports read-only requests. Any write request returns an error.
Representation of certain Junos network state may not be mappable to Linux
equivalents. In these cases, the data is either be omitted or re-mapped to a
comparable Linux model. For example, Junos OS Evolved supports a rich suite of
nexthop types such as composite
or unilist
that do not have comparable implementations in native Linux.
Third-party applications that are linked statically cannot be intercepted and, therefore, are not supported by this feature.
Removing Third-Party Applications
There are several methods for removing third-party applications. The method you should use is based on how you installed the application.
-
If a third-party application was installed with the
request system software add
command, then you can remove the same application by using therequest system software delete
command.user@host> request system software delete ima-test Removing version 'ima-test'. Software ... done. Data ... done. Version 'ima-test' removed successfully.
-
The first step in removing these applications is to unlink the key with the
request security system-keystore unlink key
command.user@host> request security system-keystore unlink key
Next, remove any binaries that you installed for the application with the
rm -f /path/to/binary1 /path/to/binary2
shell command.user@host:~# rm -f /path/to/binary1 /path/to/binary2
-
If a third-party application was installed through a Docker container, then use the following Docker command to remove the container:
docker rm container-name