This article explains the difference between vSRX and vSRX 3.0, which are both models of virtual SRX now available.
Junos release 18.4R1 has introduced a new model of virtual SRX (referred to as "vSRX 3.0"), which will be available in addition to the existing virtual SRX model (referred to as "vSRX"), which has been available since Junos 15.1X49-D15 release.
The vSRX 3.0 has a new architecture, which has benefits for operating in virtual environments. Some enhancements are a faster boot time, smaller install image size and better agility due to no nested routing-engine VM being used anymore.
However, the original vSRX model will still be available as long as not all features which are available on vSRX have been ported to vSRX 3.0 yet.
With respect to the security features, the both virtual SRX models are in feature parity. However, some platform related features may not be in parity yet.
The below table specifies differences and similarities in features between vSRX and vSRX 3.0, so that you can decide when to best use which type of virtual SRX, based on your needs and environment.
Platform feature differences overview between vSRX and vSRX 3.0
| |
vSRX |
vSRX 3.0 |
| Resources supported |
|
|
| 2 vCPU / 4 GB RAM |
yes |
yes |
| 5 vCPU / 8 GB RAM |
yes |
yes |
| 9 vCPU / 16 GB RAM |
yes |
yes (*2) |
| 17 vCPU / 32 GB RAM |
yes |
yes (*2) |
| Flexible flow session capacity scaling by adding additional vRAM |
yes |
yes (*3) |
| Add one additional vCPU to give the nested RE two vCPU's |
yes |
N/A |
| VMXNET3 |
yes |
yes |
| Virtio (virtio-net, vhost-net) |
yes |
yes |
| SR-IOV over Intel 82599 series |
yes |
yes |
| SR-IOV over Intel X710/XL710 series |
yes |
yes |
| SR-IOV over Mellanox ConnectX-3 and ConnectX-4 |
yes |
no |
| |
|
|
| Hypervisors supported |
|
|
| VMware 5.5, 6.0, 6.5 |
yes |
yes |
| KVM on Ubuntu 16.04, Centos 7.1, Redhat 7.2 |
yes |
yes |
| Hyper-V |
yes |
yes (*2) |
| AWS |
yes |
yes (*4) |
| Azure |
yes |
yes (*5) |
| Nutanix |
no |
yes (*2) |
| |
|
|
| Other features |
|
|
| Cloud-init |
yes |
yes |
| Powermode IPSec |
yes |
no |
| vMotion / live migration |
no |
yes |
| AWS ELB and ENA using C5 instances |
no |
yes (*1) |
| Chassis Cluster |
yes |
yes |
| |
|
|
| Requirements |
|
|
| Requires Hardware Acceleration / VMX CPU flag enabled in the hypervisor |
yes |
no |
| Disk space |
16 GB |
18 GB |
Notes:
- Supported in Junos 18.4R1 and higher
- Supported in Junos 19.1R1 and higher
- Supported in Junos 19.2R1 and higher
- vSRX model available on AWS is vSRX 3.0 from Junos 18.3 onwards (before vSRX 3.0 was generally available, it was already available on AWS).
- vSRX model available on Azure is vSRX 3.0 from Junos 19.1 onwards
Frequently asked questions:
- Which vSRX model should I use?
See the above table which features are supported by each model of vSRX. When the features which you require are available on vSRX 3.0, it would be recommended to select vSRX 3.0.
- Can I upgrade directly between vSRX and vSRX 3.0?
It is not possible to directly upgrade or downgrade between vSRX and vSRX 3.0 models. Instead, deploy a new VM. The same Junos configuration and license-keys can be used.
- Where can I download vSRX and vSRX 3.0?
On the Juniper Support site, the
Download section has separate download pages for the products vSRX and vSRX 3.0
- How can I see from the Junos image file name if it is for vSRX or vSRX 3.0?
The software images of vSRX and vSRX 3.0 have a different naming convention, so that they can be easily distinguished. The vSRX 3.0 images contain 'vsrx3' in the file name.
For example the 19.1R1 image file names for vSRX and vSRX 3.0 are shown here:
vSRX images:
junos-
vsrx-x86-64-18.4R1.8.tgz
junos-media-
vsrx-x86-64-vmdisk-19.1R1.6.ide.ova
junos-media-
vsrx-x86-64-vmdisk-19.1R1.6.scsi.ova
junos-media-
vsrx-x86-64-vmdisk-19.1R1.6.qcow2
junos-media-
vsrx-x86-64-vmdisk-19.1R1.6.hyperv.vhd
vSRX 3.0 images:
junos-install-
vsrx3-x86-64-19.1R1.6.tgz
junos-
vsrx3-x86-64-19.1R1.6.ide.ova
junos-
vsrx3-x86-64-19.1R1.6.scsi.ova
junos-
vsrx3-x86-64-19.1R1.6.qcow2
junos-
vsrx3-x86-64-19.1R1.6.vhd
- How can I tell if I'm logged into a vSRX or vSRX 3.0?
From the CLI it is not easily visible if you are logged on to a vSRX or vSRX 3.0. However there are some differences which can be observed for the output of CLI commands
show version,
show chassis hardware and
show chassis fpc.
vSRX:
root@vSRX> show version
Hostname: vSRX
Model: vsrx <<<<<<< (SRX lower case)
...
root@vSRX> show chassis hardware
Hardware inventory:
Item Version Part number Serial number Description
Chassis xxxxxxxxxxxx VSRX
CB 0
Routing Engine 0 BUILTIN BUILTIN VSRX-S
FPC 0 REV 07 611-049549 RL3714040884 FPC
PIC 0 BUILTIN BUILTIN VSRX DPDK GE
root@vSRX> show chassis fpc
Temp CPU Utilization (%) CPU Utilization (%) Memory Utilization (%)
Slot State (C) Total Interrupt 1min 5min 15min DRAM (MB) Heap Buffer
0 Online Absent 7 0 6 6 6 0 40 45
vSRX 3.0:
root@vSRX3> show version
Hostname: vSRX3
Model: vSRX <<<<<<< (SRX upper case)
...
root@vSRX3> show chassis hardware
Hardware inventory:
Item Version Part number Serial number Description
Chassis xxxxxxxxxxx VSRX
Midplane
System IO
Routing Engine VSRX-S
FPC 0 FPC
PIC 0 VSRX DPDK GE
Power Supply 0
root@vSRX3> show chassis fpc
Temp CPU Utilization (%) CPU Utilization (%) Memory Utilization (%)
Slot State (C) Total Interrupt 1min 5min 15min DRAM (MB) Heap Buffer
0 Online -------------------- CPU less FPC --------------------
[KB33572] Show Article Properties
[KB33572] Hide Article Properties
