Skip to main content

Router Interactive Installation

This process assumes you have already created a bootable device using a USB. Instructions for downloading and creating a bootable device are available in Downloading an SSR ISO and Creating a Bootable USB.

The steps in this section describe the interactive conductor installation from the packaged-based ISO. The section Initialize the Conductor describes using the Initializer to configure the system as a Conductor after installing from the Interactive ISO.

note

The Conductor installation must be completed before installing a Session Smart Router or routers using the ISO. The same ISO is used for both installations.

To install a router after installing and configuring the Conductor, use the SSR Installation. The Router Installation Using OTP procedure can be used for whitebox and air-gap, conductor-managed network installations.

Prerequisites

  • Ensure that the platform you are installing on meets the SSR hardware requirements.
  • Verify that the boot priority of the USB drive is properly listed in the system BIOS.
  • Local console connectivity to the device/VM.

Choose the Installation Type

After imaging the ISO onto removable media, insert it into the target device and power it on.

Upon boot, the following screen is displayed. The default selection is booting to the serial console (115200 baud). You must manually choose the installation process suited for your environment.

To install using the Interactive Installation, use the arrow keys to select either Install 128T Routing Software Serial Console or Install 128T Routing Software VGA Console. As noted earlier, this guide describes the installation process using the Interactive Installation, specifically using the VGA console.

VGA Boot with Interactive Install

note

Because not all hardware has video support, booting to the serial console 115200 baud is the default, and is automatically selected after 30 seconds. When using the serial console, the terminal size is 80x25 - anything smaller may result in abnormal navigation behavior.

Selecting the wrong type of console (Serial or VGA) may result in garbled characters being displayed. If allowed to continue it will result in an incorrect installation. If the wrong console is selected, reboot the target system and select the correct line for the target hardware.

Install via Serial Console

Use this option when running on hardware with no video chipset. It uses /dev/ttyS0 115200 baud as the serial console for interacting with the installer.

Serial Install Selection

For serial console issues please refer to Serial Console Troubleshooting.

Install via VGA Console

Use this option when running on hardware that has onboard graphics chipsets. This installs SSR software using the GUI installer.

The procedure that follows here is the Interactive Install on the VGA Console.

SSR Installation

After the Linux installation completes, the SSR software installation begins. Note that this may take several minutes to complete (approximately 20 minutes). After the installation has completed, the following screen is displayed:

Installation Complete

Select <Yes> to shut down the system. Remove the bootable media, then power the system up to complete the installation process.

Initial Boot and NMTUI

When the system boots from the Install 128T Routing Software... Interactive Installation work flow, the system asks whether to configure initial Linux Networking before the SSR Initializer is started.

128T NetManager TUI Start

Selecting Yes launches the NMTUI application to perform an initial network interface setup.

128T NetManager TUI Option

Initialize the SSR Node

The SSR Initializer tunes your operating system, prepares the platform to run the SSR software, and creates the bootstrapping files necessary to load the software. The Initializer is launched on first boot.

  1. On the SSR Initializer wizard screen, use the space bar to select the Router role for the SSR node and press the Enter key to select OK.

SSR Role

  1. For SSR routers, you will be prompted for the IP address(es) of the conductor. If you have a conductor, enter the administrative IP address and the node will retrieve the configuration from the conductor. If you have only one conductor (i.e., a standalone conductor), leave the field labeled 2nd Conductor Address blank. If you have no conductors, choose Skip.
  2. When asked What kind of Router/Conductor node is this?, select from the following options:

Identify the Node

  • Standalone: This router has no highly available peer, and is not currently planned for high availability.

  • 1st HA Node: This router is the first node of a high availability pair. You will be prompted to provide the local IP address for this node. The 2nd HA node will contact this node at the address provided to synchronize state. Note: The 1st Node IP address must be reachable by the 2nd HA Node.

  • 2nd HA Node: This router is the second node of a high availability pair, where the first node has been initialized. You will be prompted to provide the 1st Node IP address for this 2nd node that will be used to synchronize state. Note: The 2nd Node IP address must be reachable by the 1st HA Node.

  1. Enter the following system properties on the Node Info screen:

Node Information

  • Node Name: The name of the system within your SSR Router or Conductor, for example, boston_router. By default this field uses the Linux system's hostname.
note

Both routers and conductors can consist of one node (for standalone systems) or two nodes (for highly available systems). :::

  • Router/Conductor Name: The name of the router system as a whole. When referring to a running SSR software instance, it is identifiable by the full name of nodeName.routerName; e.g., boston_router-node1.router. The full system name is reflected in the PCLI prompt as discussed in the Document Conventions section of this document.
  1. On the Password Setup screen, create a password for the SSR Admin user. The administrator password must be at least 8 characters long, contain at least 1 uppercase letter, at least 1 lowercase letter, at least 1 number, cannot contain the username in any form, and cannot repeat characters more than 3 times. This operation is only performed on the standalone or first node in the HA peer.
note

Resetting a password requires entering the old password. If a password is lost or forgotten and the account is inaccessible, the account cannot be recovered. Please keep password records accessible and secure.

Password Setup

  1. Press the Enter key to select OK. The Initializer performs a hardware compatibility check. The compatibility check may fail due to warnings or failure notices, which are displayed in the output script. If no failures are present, you can choose to continue with the installation even if multiple warnings exist. For information on why a specific test may have failed or generated a warning, contact Juniper Technical Support.

  2. When prompted, select Yes to start the SSR.

Initializer Complete

note

A system reboot is required.

Verify the Installation

After installing the SSR Software it is important to verify that the installation was completed successfully.

To Verify the SSR Installation:

  1. Launch a command prompt window.

  2. Execute the command:

sudo systemctl status 128T
  1. When the service is listed as Active, log into the system as Admin using the system default password. By logging into the system, you have verified the installation.

  2. Close the command prompt window.

  3. Use a web browser to navigate to the IP address of the SSR GUI. For example; https://192.168.1.25

  4. Log in to the SSR GUI using the admin name and password you created earlier.

FIPS Enforcement Mode

FIPS Enforcement is available for version 6.0 and later. FIPS mode can be enabled manually during the installation. In cases where the flag was not or cannot be set during installation, a FIPS RPM is available for download from the SSR repos, and can be installed.

important

If you require strict FIPS compliance, the fips=1 kernel option must be added to the kernel command line during system installation to ensure that key generation is done with FIPS approved algorithms and continuous monitoring tests in place.

If FIPS enablement is done retrospectively via RPM installation, the already created accounts could be using non-FIPS compliant cyphers.

Use the following procedure to enable FIPS enforcement.

  1. Use up/down keys to highlight the desired install mode.

Bios Install

  1. Press TAB to edit the configuration.

  2. Add fips=1 to the end of the vmlinuz parameters.

FIPS Parameter

  1. Press Enter to start the install.