Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[NFX] Spin vSRX on NFX via Junos Device Manager (JDM) CLI

0

0

Article ID: KB31866 KB Last Updated: 30 Sep 2020Version: 3.0
Summary:

This article discusses the commands required to spin vSRX and the resulting VNF descriptor/XML file. The same concepts can be applied to spin any other VNF on NFX with enhanced orchestration enabled. Enhanced orchestration is enabled by default, starting from Junos OS 15.1X53-D45.

Symptoms:

 

 

  • ovs-sys-br is the default Open vSwitch (OVS) on NFX. You do not have to create it. VLAN is created on the ovs-sys-br

  • virbr0 and eth0br are default Linux bridges available on NFX. You do not have to configure them. By default, when you spin a VNF via JDM, the first and second NIC of the VNF will be added to virbr0 and eth0br respectively.

JDM VNF Interface Mapping with vSRX Interface
JDM VNF Interface vSRX Interface Connected Bridge
eth0 fxp0 virbr0
eth1 ge-0/0/0 eth0br
eth2 ge-0/0/1 ovs-sys-br/custom OVS/SR-IOV VF
Solution:
  1. Configuration to create VLANs on the default ovs-sys-br

    set host-os vlans v1 vlan-id 1
    set host-os vlans v7 vlan-id 7
  2. Configuration to create custom OVS bridge. Use this custom OVS bridge to glue between VSRX/VNFs.

    set host-os vlans custom-ovs vlan-id none
  3. Configuration to spin VSRX:

    set virtual-network-functions vSRX-7 image /var/third-party/images/media-vsrx-vmdisk-15.1X49-D80.4.qcow2
    set virtual-network-functions vSRX-7 virtual-cpu 0 physical-cpu 4 <-- vCPU pinning
    set virtual-network-functions vSRX-7 virtual-cpu 1 physical-cpu 11
    set virtual-network-functions vSRX-7 virtual-cpu count 2
    set virtual-network-functions vSRX-7 virtual-cpu features hardware-virtualization
    set virtual-network-functions vSRX-7 interfaces eth2 mapping vlan members v7 <-- Configurable interface name starts from eth2
    set virtual-network-functions vSRX-7 interfaces eth3 mapping vlan members custom-ovs <-- Attaching vnic to custom OVS bridge
    set virtual-network-functions vSRX-7 interfaces eth4 mapping vlan members v1
    set virtual-network-functions vSRX-7 interfaces eth5 mapping hsxe0 virtual-function <-- SR-IOV assignment
    set virtual-network-functions vSRX-7 interfaces eth6 mapping hsxe1 virtual-function
    set virtual-network-functions vSRX-7 memory size 4194304
    set virtual-network-functions vSRX-7 memory features hugepages

    Below is the XML template of the generated VNF, that was created via the JDM CLI.

    virsh dumpxml vSRX-7
    ---------------------
    <domain type='kvm' id='5' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'>
      <name>vSRX-7</name>
      <uuid>0fbb2d52-c4ae-44c1-bf35-8955c0c19735</uuid>
      <memory unit='KiB'>4194304</memory>
      <currentMemory unit='KiB'>4194304</currentMemory>
      <memoryBacking>
        <hugepages>  <-- Command 'set virtual-network-functions vSRX-7 memory features hugepages' enables description about huge pages
        <page size='1048576' unit='KiB'/>
        </hugepages>
        <locked/>
      </memoryBacking>
      <vcpu placement='static' current='2'>4</vcpu>
      <cputune>
        <vcpupin vcpu='0' cpuset='4'/> <-- vCPU pinning
        <vcpupin vcpu='1' cpuset='11'/>
        <emulatorpin cpuset='0-5,7-11'/>
      </cputune>
      <resource>
        <partition>/machine</partition>
      </resource>
      <os>
        <type arch='x86_64' machine='pc-i440fx-1.7'>hvm</type>
        <boot dev='hd'/>
      </os>
      <features>
        <acpi/>
        <apic/>
        <pae/>
      </features> <-- Details under <features> tag get added with command 'set virtual-network-functions vSRX-7 virtual-cpu features hardware-virtualization'
      <cpu mode='host-model'>
        <model fallback='allow'/>
        <feature policy='require' name='vmx'/>
      </cpu>
      <clock offset='utc'/>
      <on_poweroff>destroy</on_poweroff>
      <on_reboot>restart</on_reboot>
      <on_crash>restart</on_crash>
      <devices>
        <emulator>/usr/bin/kvm</emulator>
        <disk type='file' device='disk'>
          <driver name='qemu' type='qcow2' cache='none'/>
          <source file='/var/third-party/images/media-vsrx-vmdisk-15.1X49-D80.4.qcow2'/>
          <backingStore/>
          <target dev='vda' bus='virtio'/>
          <alias name='virtio-disk0'/>
          <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
        </disk>
        <controller type='usb' index='0'>
          <alias name='usb'/>
          <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
        </controller>
        <controller type='pci' index='0' model='pci-root'>
          <alias name='pci.0'/>
        </controller>
        <interface type='network'>
          <mac address='ec:13:db:db:21:4e'/>
          <source network='default' bridge='virbr0'/>
          <target dev='vnet3'/>
          <model type='virtio'/>
          <alias name='net0'/>
          <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
        </interface>
        <interface type='bridge'>
          <mac address='ec:13:db:db:21:4f'/>
          <source bridge='eth0br'/>
          <target dev='vnet5'/>
          <model type='virtio'/>
          <driver name='qemu'/>
          <alias name='net1'/>
          <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
        </interface>
        <interface type='vhostuser'>
          <mac address='ec:13:db:db:21:53'/>
          <source type='unix' path='/var/run/openvswitch/vSRX-7_eth2' mode='client'/>
          <guest dev='eth2'/>
          <model type='virtio'/>
          <alias name='net2'/>
          <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
        </interface>
        <interface type='vhostuser'>
          <mac address='ec:13:db:db:21:50'/>
          <source type='unix' path='/var/run/openvswitch/vSRX-7_eth3' mode='client'/>
          <guest dev='eth3'/>
          <model type='virtio'/>
          <alias name='net3'/>
          <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
        </interface>
        <interface type='vhostuser'>
          <mac address='ec:13:db:db:21:51'/>
          <source type='unix' path='/var/run/openvswitch/vSRX-7_eth4' mode='client'/>
          <guest dev='eth4'/>
          <model type='virtio'/>
          <alias name='net4'/>
          <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
        </interface>
        <interface type='hostdev' managed='yes'>
          <mac address='ec:13:db:db:21:56'/>
          <driver name='kvm'/>
          <source>
            <address type='pci' domain='0x0000' bus='0x03' slot='0x10' function='0x0'/>
          </source>
          <alias name='hostdev0'/>
          <address type='pci' domain='0x0000' bus='0x00' slot='0x08' function='0x0'/>
        </interface>
        <interface type='hostdev' managed='yes'>
          <mac address='ec:13:db:db:21:57'/>
          <driver name='kvm'/>
          <source>
            <address type='pci' domain='0x0000' bus='0x03' slot='0x10' function='0x5'/> <-- SR-IOV VF
          </source>
          <alias name='hostdev1'/>
          <address type='pci' domain='0x0000' bus='0x00' slot='0x09' function='0x0'/>
        </interface>
        <serial type='pty'>
          <source path='/dev/pts/0'/>
          <target port='0'/>
          <alias name='serial0'/>
        </serial>
        <console type='pty' tty='/dev/pts/0'>
          <source path='/dev/pts/0'/>
          <target type='serial' port='0'/>
          <alias name='serial0'/>
        </console>
        <memballoon model='none'>
          <alias name='balloon0'/>
        </memballoon>
      </devices>
      <qemu:commandline> <-- This line and below is added due to command 'set virtual-network-functions vSRX-7 memory features hugepages'
        <qemu:arg value='-object'/>
        <qemu:arg value='memory-backend-file,id=mem,size=4096M,mem-path=/dev/huge1G,share=on'/>
        <qemu:arg value='-numa'/>
        <qemu:arg value='node,memdev=mem'/>
        <qemu:arg value='-mem-prealloc'/>
      </qemu:commandline>
    </domain>
Modification History:

2020-09-26: Article verified for accuracy. Article is valid and accurate.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search