[j-nsp] vSRX on KVM
Maxwell Cole
mcole.mailinglists at gmail.com
Mon Sep 28 13:45:22 EDT 2015
Hello,
How are you passing in the interfaces? A bridge or PCI-Passthrough?
From my testing with the vSRX it won’t recognize any ge- interfaces unless you pass at least 3 interfaces in. This is true on both KVM and ESXi, which makes me think that they silently (Or at least quietly) abort adding interfaces unless it has the required minimum of 3. I have also noticed that it helps to pass in all 3 interfaces in the same “model” type regardless of the source driver or interface. Also note that after you start up the VM it can take 2-3 minutes after the control plane becomes accessible before the ge- interfaces get added.
Here is the relevant config I have working. I’ve had the most success passing them in as e1000. The first network “default” is just a simple 1g bridge interface and the other two are Intel SR-IVO passthrough networks. I was able to get it up and running just by creating a bridge and adding them to it via [<source bridge=‘vrbriX’>].
<interface type='network'>
<mac address='‘[snip]'/>
<source network='default'/>
<model type='e1000'/>
</interface>
<interface type='network'>
<mac address='‘[snip]'/>
<source network='pnetwork'/>
<model type='e1000'/>
</interface>
<interface type='network'>
<mac address=‘[snip]/>
<source network='pnetwork2'/>
<model type='e1000'/>
</interface>
#virsh net-dumpxml pnetwork
<network>
<name>pnetwork</name>
<uuid>[snip]</uuid>
<forward mode='hostdev' managed='yes'>
<pf dev='enp2s0f1'/>
<address type='pci' domain='0x0000' bus='0x03' slot='0x10' function='0x1'/>
<address type='pci' domain='0x0000' bus='0x03' slot='0x10' function='0x3'/>
<address type='pci' domain='0x0000' bus='0x03' slot='0x10' function='0x5'/>
<address type='pci' domain='0x0000' bus='0x03' slot='0x10' function='0x7'/>
<address type='pci' domain='0x0000' bus='0x03' slot='0x11' function='0x1'/>
<address type='pci' domain='0x0000' bus='0x03' slot='0x11' function='0x3'/>
<address type='pci' domain='0x0000' bus='0x03' slot='0x11' function='0x5'/>
<address type='pci' domain='0x0000' bus='0x03' slot='0x11' function='0x7'/>
<address type='pci' domain='0x0000' bus='0x03' slot='0x12' function='0x1'/>
<address type='pci' domain='0x0000' bus='0x03' slot='0x12' function='0x3'/>
<address type='pci' domain='0x0000' bus='0x03' slot='0x12' function='0x5'/>
<address type='pci' domain='0x0000' bus='0x03' slot='0x12' function='0x7'/>
<address type='pci' domain='0x0000' bus='0x03' slot='0x13' function='0x1'/>
<address type='pci' domain='0x0000' bus='0x03' slot='0x13' function='0x3'/>
<address type='pci' domain='0x0000' bus='0x03' slot='0x13' function='0x5'/>
<address type='pci' domain='0x0000' bus='0x03' slot='0x13' function='0x7'/>
</forward>
</network>
Hope that helps,
Cheers,
> On Sep 28, 2015, at 12:51 PM, Yuriy B. Borysov <yokodzun at yokodzun.kiev.ua> wrote:
>
> Hello!
>
> Does someone use vSRX on the KVM in lab or in production?
>
> Could you show example of XML config from working instance?
>
> I'm trying to install according to this manual:
>
> https://www.juniper.net/techpubs/en_US/vsrx15.1x49/topics/task/multi-task/security-vsrx-with-kvm-installing.html
>
> but the system does not see any ge-* interface.
>
> Thanks!
>
>
> --
> WBR, Yuriy B. Borysov
> YOKO-UANIC | YOKO-RIPE
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list