This article explains the difference between vSRX and vSRX 3.0, which are both models of virtual SRX now available.

 

Junos release 18.4R1 has introduced a new model of virtual SRX (referred to as "vSRX 3.0"), which will be available in addition to the existing virtual SRX model (referred to as "vSRX"), which has been available since Junos 15.1X49-D15 release.

The vSRX 3.0 has a new architecture, which has benefits for operating in virtual environments. Some enhancements are a faster boot time, smaller install image size and better agility due to no nested routing-engine VM being used anymore.

However, the original vSRX model will still be available as long as not all features which are available on vSRX have been ported to vSRX 3.0 yet.

With respect to the security features, the both virtual SRX models are in feature parity. However, some platform related features may not be in parity yet.

The below table specifies differences and similarities in features between vSRX and vSRX 3.0, so that you can decide when to best use which type of virtual SRX, based on your needs and environment.

 

Platform feature differences overview between vSRX and vSRX 3.0

	vSRX	vSRX 3.0
Resources supported
2 vCPU / 4 GB RAM	yes	yes
5 vCPU / 8 GB RAM	yes	yes
9 vCPU / 16 GB RAM	yes	yes (*2)
17 vCPU / 32 GB RAM	yes	yes (*2)
Flexible flow session capacity scaling by adding additional vRAM	yes	yes (*3)
Multi-core scaling support (Software RSS)	no	yes (*4)
Reserve additional vCPU cores for the RE	yes	yes
VMXNET3	yes	yes
Virtio (virtio-net, vhost-net)	yes	yes
SR-IOV over Intel 82599 series	yes	yes
SR-IOV over Intel X710/XL710 series	yes	yes
SR-IOV over Mellanox ConnectX-3 and ConnectX-4	yes	no
PCI passthrough (Intel XL710)	yes/no (*9)	no
Hypervisors supported
VMware ESXi 5.5, 6.0, 6.5	yes	yes
VMware ESXi 6.7	no	yes (*4)
KVM on Ubuntu 16.04, Centos 7.1, Redhat 7.2	yes	yes
Hyper-V	yes	yes (*2)
Nutanix	no	yes (*2)
Contrail Networking 3.x	yes	yes
Contrail Networking 5.x	no	yes (*4)
AWS	yes	yes (*9)
Azure	yes	yes (*9)
Google Cloud Platform (GCP)	no	yes (*4)
Other features
Cloud-init	yes	yes
Powermode IPSec	yes	yes(*6)
AWS ELB and ENA using C5 instances	no	yes (*1)
Chassis Cluster	yes	yes
GTP TEID based session distribution using Software RSS	no	yes (*4)
On-Device Antivirus Scan Engine (Avira)	no	yes (*5)
LLDP	yes	no
Junos Telemetry Interface	yes (*7)	yes (*7)
Requirements
Requires Hardware Acceleration / VMX CPU flag enabled in the hypervisor	yes	no
Disk space	16 GB	18 GB

Notes:

1. Supported in Junos 18.4R1 and higher
2. Supported in Junos 19.1R1 and higher
3. Supported in Junos 19.2R1 and higher
4. Supported in Junos 19.3R1 and higher
5. Supported in Junos 19.4R1 and higher
6. Supported in Junos 20.1R1 and higher
7. Supported in Junos 20.3R1 and higher
8. vSRX model available on AWS is vSRX 3.0 from Junos 18.3 onwards (before vSRX 3.0 was generally available, it was already available on AWS).
9. vSRX model available on Azure is vSRX 3.0 from Junos 19.1 onwards
10. PCI passthrough is only supported on Junos 15.1X49 releases, only with Intel XL710 NIC and KVM hypervisor.

Please see the vSRX Documentation page to find Release-Notes and more details on the vSRX features.


Frequently asked questions:


- Which vSRX model should I use?

See the above table which features are supported by each model of vSRX. When the features which you require are available on vSRX 3.0, it would be recommended to select vSRX 3.0.

- Can I upgrade directly between vSRX and vSRX 3.0?

It is not possible to directly upgrade or downgrade between vSRX and vSRX 3.0 models. Instead, deploy a new VM. The same Junos configuration and license-keys can be used.

- Where can I download vSRX and vSRX 3.0?

On the Juniper Support site, the Download section has separate download pages for the products vSRX and vSRX 3.0

- How can I see from the Junos image file name if it is for vSRX or vSRX 3.0?

The software images of vSRX and vSRX 3.0 have a different naming convention, so that they can be easily distinguished. The vSRX 3.0 images contain 'vsrx3' in the file name.
For example the 19.1R1 image file names for vSRX and vSRX 3.0 are shown here:

vSRX images:
junos-vsrx-x86-64-18.4R1.8.tgz
junos-media-vsrx-x86-64-vmdisk-19.1R1.6.ide.ova
junos-media-vsrx-x86-64-vmdisk-19.1R1.6.scsi.ova
junos-media-vsrx-x86-64-vmdisk-19.1R1.6.qcow2
junos-media-vsrx-x86-64-vmdisk-19.1R1.6.hyperv.vhd

vSRX 3.0 images:
junos-install-vsrx3-x86-64-19.1R1.6.tgz
junos-vsrx3-x86-64-19.1R1.6.ide.ova
junos-vsrx3-x86-64-19.1R1.6.scsi.ova
junos-vsrx3-x86-64-19.1R1.6.qcow2
junos-vsrx3-x86-64-19.1R1.6.vhd

- How can I tell if I'm logged into a vSRX or vSRX 3.0?

From the CLI it is not easily visible if you are logged on to a vSRX or vSRX 3.0. However there are some differences which can be observed for the output of CLI commands show version,  show chassis hardware and show chassis fpc.

vSRX:

root@vSRX> show version
Hostname: vSRX
Model: vsrx       <<<<<<< (SRX lower case)
...

root@vSRX> show chassis hardware
Hardware inventory:
Item             Version  Part number  Serial number     Description
Chassis                                xxxxxxxxxxxx      VSRX
CB 0
Routing Engine 0          BUILTIN      BUILTIN           VSRX-S
FPC 0            REV 07   611-049549   RL3714040884      FPC
  PIC 0                   BUILTIN      BUILTIN           VSRX DPDK GE

root@vSRX> show chassis fpc
                     Temp  CPU Utilization (%)   CPU Utilization (%)  Memory    Utilization (%)
Slot State            (C)  Total  Interrupt      1min   5min   15min  DRAM (MB) Heap     Buffer
  0  Online           Absent   7          0        6      6      6      0        40         45  

vSRX 3.0:

root@vSRX3> show version
Hostname: vSRX3
Model: vSRX       <<<<<<< (SRX upper case)
...

root@vSRX3> show chassis hardware
Hardware inventory:
Item             Version  Part number  Serial number     Description
Chassis                                xxxxxxxxxxx      VSRX
Midplane
System IO
Routing Engine                                           VSRX-S
FPC 0                                                    FPC
  PIC 0                                                  VSRX DPDK GE
Power Supply 0

root@vSRX3> show chassis fpc
                     Temp  CPU Utilization (%)   CPU Utilization (%)  Memory    Utilization (%)
Slot State            (C)  Total  Interrupt      1min   5min   15min  DRAM (MB) Heap     Buffer
  0  Online          -------------------- CPU less FPC --------------------



 

2018-12-28 - first posting
2019-02-08 - added "Flexible flow session capacity scaling by adding additional vRAM" indication.
2019-04-03 - updated feature support table with the Junos 19.1R1 introduced features.
2019-06-24 - updated feature support table with the Junos 19.2R1 introduced features.
2019-12-16 - updated feature support table with the Junos 19.3R1 introduced features.
2020-03-10 - updated feature support table with a Junos 19.4R1 introduced feature.
2020-06-09 - updated feature support table with a Junos 20.1R1 introduced feature.
2020-06-30 - added LLDP protocol support
2020-10-26 - updated the ability to reserve RE CPU cores for vSRX 3.0 ( can be done by 'set security forwarding-options resource-manager cpu re [1..3]'); removed incorrect statement on vMotion support; added line for PCI Passthrough support.