5 Replies Latest reply: Nov 28, 2016 11:45 PM by Jan Pieter RSS

    Juniper vSRX in VIRL

    Jan Pieter

      Hi there,

       

      Since a few days i dived into Juniper, its always good to learn other brand equipment. So after searching on google i found  this topic on how to add Juniper vSRX to virl (https://networkinferno.net/integrating-vsrx-into-virl). I was able to successfully add Juniper vsrx-12.1X46-D10.2-domestic into virl. But something wierd is happening, i have two srx routers connected to eachother, configured the interfaces connecting eachother with a /30 subnet and allowed ping on the interfaces.

       

      Below setup i am using:

      juniper.JPG

       

      Configuration on cr1-juniper:

          ge-0/0/1 {

              unit 0 {

                  family inet {

                      address 10.10.10.1/30;

       

      zones {

              security-zone trust {

                  tcp-rst;

                  interfaces {

                      ge-0/0/0.0 {

                          host-inbound-traffic {

                              system-services {

                                  http;

                                  https;

                                  ssh;

                                  telnet;

                                  dhcp;

                              }

                          }

                      }

                      ge-0/0/1.0 {

                          host-inbound-traffic {

                              system-services {

                                  ping;

       

      Configuration on cr2-juniper:

       

          ge-0/0/1 {

              unit 0 {

                  family inet {

                      address 10.10.10.2/30;

       

      zones {

              security-zone trust {

                  tcp-rst;

                  interfaces {

                      ge-0/0/0.0 {

                          host-inbound-traffic {

                              system-services {

                                  http;

                                  https;

                                  ssh;

                                  telnet;

                                  dhcp;

                              }

                          }

                      }

                      ge-0/0/1.0 {

                          host-inbound-traffic {

                              system-services {

                                  ping;



      I am able to ping from cr1 to cr2 and vice versa. But i do not see traffic on ge-0/0/1 with monitor traffic command eventhoug i get an reply back.

       

      cr1-juniper:

      jpdeboer@cr1-juniper# run ping 10.10.10.2    

      PING 10.10.10.2 (10.10.10.2): 56 data bytes

      64 bytes from 10.10.10.2: icmp_seq=0 ttl=64 time=6.965 ms

      64 bytes from 10.10.10.2: icmp_seq=1 ttl=64 time=3.533 ms

      64 bytes from 10.10.10.2: icmp_seq=2 ttl=64 time=5.677 ms

      64 bytes from 10.10.10.2: icmp_seq=3 ttl=64 time=3.421 ms

       

      cr2-juniper:

      jpdeboer@cr2-juniper# run monitor traffic interface ge-0/0/1  

      verbose output suppressed, use <detail> or <extensive> for full protocol decode

      Address resolution is ON. Use <no-resolve> to avoid any reverse lookup delay.

      Address resolution timeout is 4s.

      Listening on ge-0/0/1, capture size 96 bytes

       

       

      ^C

      0 packets received by filter

      0 packets dropped by kernel

       

      However, i do see statistics increasing on ge-0/0/1 interface with command monitor interface ge-0/0/1

       

      cr2-juniper:

      cr2-juniper                       Seconds: 82                  Time: 14:49:32

                                                                Delay: 6/0/10

      Interface: ge-0/0/1, Enabled, Link is Up

      Encapsulation: Ethernet, Speed: 1000mbps

      Traffic statistics:                                           Current delta

        Input bytes:                    145735 (672 bps)                   [5903]

        Output bytes:                   118983 (672 bps)                   [5796]

        Input packets:                    1476 (1 pps)                       [71]

        Output packets:                   1385 (1 pps)                       [69]

      Error statistics:

        Input errors:                        0                                [0]

        Input drops:                         0                                [0]

        Input framing errors:                0                                [0]

        Policed discards:                    0                                [0]

        L3 incompletes:                      0                                [0]

        L2 channel errors:                   0                                [0]

        L2 mismatch timeouts:                0  Carrier transiti              [0]

       

      Because of this I am also unable to establish a OSPF relationship between the 2 juniper devices. I do see hello packets being send between the 2 routers, but non of them are repleing. I also tried to establish an OSPF relationship between one juniper router and a cisco router, i can see with a packet capture that the cisco router is receiving hello packet from juniper router, cisco router also replies but reply is not seen on the juniper router. I did try to add OSPF protocol to the security-zone, but was not able to choos OSPF, so i gues thats not needed..

       

      Did i do something wrong with creating the juniper image in virl, or does it go wrong within the virl kernel ? Does any one else have juniper devices in Virl and are able to establish a OSPF relation ?

       

      Hope someone can help me with this.

       

      Br,

       

      JP

        • 1. Re: Juniper vSRX in VIRL
          E. Rivera

          U need to have vSRX use em* interfaces.  Use the following:

           

          {

          "dynamic-subtypes": [

           

          {

          "plugin_name": "Juniper vMX",

          "hw_disk_bus": "ide",

          "plugin_base": "generic",

          "interface_first": 1,

          "interface_pattern": "em{0}",

          "hw_vcpus": 4,

          "baseline_flavor": "",

          "plugin_desc": "Juniper vMX",

          "gui_visible": true,

          "config_file": "/config/juniper.conf.gz",

          "gui_icon": "router",

          "hw_ram": 3072,

          "interface_management": "em0",

          "config_disk_type": "cdrom",

          "cli_serial": 3,

          "hw_vm_extra": "",

          "interface_range": 10,

          "baseline_image": ""

          }

          ]

          }

          • 2. Re: Juniper vSRX in VIRL
            Jan Pieter

            Hi

             

            Thanks allot for the response, i will try this when i am back home. Will let you know if it worked.

            • 3. Re: Juniper vSRX in VIRL
              Jan Pieter

              Hi,

               

              It took a little longer to test because of being abroad for work.

               

              I tested it, but still the same issue. I modified the interface naming to em0 plus tried using Virtual interface model E1000 / Virtio, but with both i had the same issue. Also when i changed to em0, i still saw ge-0/0/x at the command line.

               

              Also, there is a standard vsrx subtype already in uwmmanagement web interface, this one is created by cisco and that one is using ge-0/0/x interface naming.

               

              Could it be an juniper img issue ?

              • 4. Re: Juniper vSRX in VIRL
                E. Rivera

                Jan,

                 

                I provided u with the info on how to setup vMX not vSRX.  For vSRX i just used the existing template.  I'm using 12.1x47-D10.4.  OSPF works, bgp, etc.

                 

                Name of plugin

                vSRX

                Description of plugin

                Juniper vSRX router

                Name of management interface

                ge-0/0/0

                Names of dummy interfaces

                Pattern for data interface names

                ge-0/0/{0}

                First data interface number

                1

                Max count of data interfaces

                8

                Number of interfaces per LC

                0

                Number of serial interfaces

                2

                Protocol for network CLI

                none

                Make VNC access available

                True

                Name of icon for GUI

                router

                Show subtype on GUI palette

                False

                Configuration disk type

                disk

                ISO 9660 level in cdrom disk

                2

                Name of file for config drive

                /juniper.conf

                Virtual interface model

                e1000

                Main disk bus model

                virtio

                RAM (MB) allocated per node

                1024

                Number of CPUs allocated per node

                2

                Extra comma-separated image properties

                hw_cdrom_bus=virtio

                Require HW acceleration in kvm

                True

                Name of default image

                Use subtype

                Name of default flavor/template

                Use subtype

                LXC supports overlay filesystem

                False

                Arguments for LXC template; Docker run CMD

                Deprecate subtype in favor of other

                None

                • 5. Re: Juniper vSRX in VIRL
                  Jan Pieter

                  Hi,

                   

                  Yeah Topic was for vFRX, thats why i though u used vMX settings te get it working. But for me its not working, i have 2 type of images but both are not working correctly. I think its something with the image, let me see if i can change the image settings.

                   

                  Thanks for the help so far, if you have any suggesetions would be great