Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[vSRX] How to pin an emulator to CPU cores that are different from cores used by vSRX

1

0

Article ID: KB35763 KB Last Updated: 05 May 2020Version: 1.0
Summary:

There are a few requirements for deploying vSRX on a compute node, which is in kernel mode, in order to achieve optimal performance. One requirement is that vSRX should use dedicated CPU resources that are not shared by the QEMU emulator.

This article describes how to check the CPU cores that are pinning on the vSRX process and how to move emulator processes to use different CPU cores to avoid performance issues.

 

Symptoms:

Users may observe occasional traffic loss when traffic goes through the vSRX firewall. Packet captures via tcpdump -i <tap_id> reveal that some packets that are showing on the TAP interface ingressing the vSRX instance are not egressing the vSRX TAP interface.

 

Cause:

When the CPU allocation for vSRX instance is checked, it is seen to use two CPUs, 8 and 36, as highlighted below. In our example, vSRX has the KVM ID #6 in the virsh list command.

Note: You can find <vcpupin vcpu='0' cpuset='8'/> <vcpupin vcpu='1' cpuset='36'/> in the virsh dumpxml output.

The emulator is also pinned to the same set of CPU cores, that is 8 and 36, as shown in the virsh dumpxml output as follows:

$ virsh dumpxml 6|grep vcpu 

<nova:vcpus>2</nova:vcpus>
  <vcpu placement='static'>2</vcpu>
  <cputune>
    <vcpupin vcpu='0' cpuset='8'/>
    <vcpupin vcpu='1' cpuset='36'/>
    <emulatorpin cpuset='8,36'/>
  </cputune>
  <cpu mode='host-model'>
      <cell id='0' cpus='0-1' memory='4194304' unit='KiB'/>
  </cpu>‚Äč

 

Solution:

To reduce the impact on VM performance, allocate different cores for vSRX and the emulator.

In our example, vSRX is using 8 and 36. Here we can manually set the emulator CPU pinning via the virsh command to avoid 8 and 36 being used by the emulator.

Let's say that we want the emulator to use 2, 26 CPU cores. In this case, we need to run the following command:

# virsh emulatorpin 6 2,26

The above command will change the emulatorpin to 2 and 26.

To verify, use:

# virsh emulatorpin 6
emulator: CPU Affinity
----------------------------------
       *: 2,26
To double-check the vSRX CPU pinning with a virsh ID of 6 and determine whether it still uses CPU cores 8 and 36, use the following:
# virsh vcpupin  6
VCPU: CPU Affinity
----------------------------------
   0: 8
   1: 36

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search