Juniper vMX on GNS3

Juniper Network has several products tha can be run on virtualization (hypervisor), such as KVM and ESXi. Those products include vMX (router), vSRX (firewall / security), vQFX (switch), and so on. The virtual Juniper products ease us to deploy it on lab or simulator, even on the production environment, which is run on the hypervisor.

The goal of the tutorial is to provide detailed instructions for deployment of Juniper vMX into GNS3. We will use Qemu hypervisor to run vMX. Now, let us say few words about differences between single and dual node vMX images.

Simply put, single node vMX images include both a virtual control-plane (vCP), and a virtual forwarding-plane (vFP) in a single image. Therefore, only one image is attached to vMX instance.  On the other hand, a vMX instances that use dual node images consists of two VMs - vCP and vFP.

The vMX image prior 14.1R5 contains a local Packet Forwarding Engine which is already activated (e.g. 14.1.R1.10) or can be activated (with 14.1R4) on Routing Engine itself. Using this local PFE, we avoid running an another virtual machine for resource-consumed PFE. Single node vMX images are therefore easy to deploy and are useful for testing features that are also available in legacy vMXs. They require only one vCPU and 1024 MB of RAM; so they also save machine resources.

The Juniper vMX 14.1R5 and later are images that are are based on dual nodes setup. Routing Engine (VCP) and Forwarding Plane (VFP) are running separately on two VMs that are connected but they act like a single node. All cli configurations are done on the VCP, but porting and connections will be on VFP.

1. Single Node vMX Images

So far I have tested the following vMX single VM images:

• jinstall-vmx-14.1R4.10-domestic.img [717MB]
• jinstall-vmx-14.1R4.8-domestic.img [678MB]

1.1 vMX 14.1R1.10

Navigate to Edit-> Preferences-> Qemu VMs and click New button. Enter the name for Qemu VM and allocate 1024MB for RAM. Change the NIC type to from the default Intel Gigabit Ethernet (e1000) to virtio-net-pci and configure 12 network interfaces. Based on my experience, it is important to change the NIC type otherwise FPC is not presented. The Figure 1 shows the configured settings.

Figure 1 - GNS3 Settings for vMX 14.1R1.10

The Flexible PIC Concentrator (FPC) is presented and it contains 10x 1GB interfaces (Figure 2).

Figure 2 - vMX 14.1R1.10 with FPC and 10 PICs

For the network settings, we have assigned it 12 adapters. Here is the reason (Figure 3):

Eth0 = the management interface (fxp0)
Eth1 = internal interface (unusable to us)
Eth2 = ge-0/0/0
Eth3 = ge-0/0/1
Eth4 = ge-0/0/2
…
Eth11 = ge-0/0/9

Figure 3 - Gigabit Ethernet Interfaces Presented on vMX 14.1R1.10

1.2 vMX 14.1R4.8

Since 14.1R4, Juniper vMX will try to connect to a remote PFE, which means a different virtual machine as PFE. To change this default behaviour and use local PFE, we need to add a new line vm_local_rpio="1" to /boot/loader.conf and save the file. The change need reboot to take effect.

Enter the command below right after the boot of vMX before entering the cli command:

root% echo 'vm_local_rpio="1"' >> /boot/loader.conf

Note: Again, we need to choose virtio-net-pci for NIC type, otherwise FPC keeps being offline and the interfaces ge-0/0/* do not appear. As for other GNS3 settings, a single vCPU and 1024MB RAM is fine for our vMX 14.1R4.8 instance.

Figure 4 - FPC PIC Status and Gigabit Interfaces

2. Dual Node vMX Images

As already mentioned, since vMX 14.1R5, vMX has been divided into two VMs; the virtual control-plane (vCP), and the virtual forwarding-plane (vFP). Therefore, we must create two QEMU VMs in Gns3 and connect them together.

We have the vMX image vmx-bundle-21.2R1.10.tgz [1010MB] whic is KVM vMX version. First, we need to unpack the tarball. The directory vmx is created.

$ tar zxvf vmx-bundle-21.2R1.10.tgz

The directory vmx is created and it contains the following directories (Figure 5):

Figure 5 - Content of File vmx-bundle-21.2R1.10.tgz

Enter the directory "images" inside the vmx directory and delete any files that are not marked in red (Figure 6). We do not need them to run vMX in GNS3.

Figure 6 - Content of Directory vMX/images

Note: Juniper changes the filenames of the vFP .img and the vmx .qcow2 file, with the different versions.

2.1 vMX-vCP VM

Now, let's create the vCP virtual Qemu machine. Navigate to Edit-> Preferences-> Qemu VMs and click New button. Enter the name for Qemu VM vMX-vCP, allocate 2048 MB RAM for VM and select the "telnet" option. Click New Image option and select the disk - junos-vmx-x86-64-21.2R1.10.qcow2. Qemu VM vXM-vCP has been created and now we need to add other disks and configure network settings.

Click the Edit button and navigate to HDD tab. Add another disk in the order they are depicted on the Figure 7 and change the disk interface to ide.

Figure 7 - Adding Additional Disk to vCP VM

Navigate to the Network Tab. The vMX-vCP VM only needs two NICs. One to connect to an out-of-band management switch, and the other to connect to the vMX-vFP VM as our internal interface.

We will rename the first port to "fxp0" as that is what the mgmt port is called, and then use em{port1} so that the second interface is called "em1". This is the name of the internal interface. We can leave all the NIC set as Intel GigE interfaces (Figure 8).

Figure 8 - vMX-vCP Network Settings

Click finish button, and here are what our final settings for the vCP VM looks like (Figure 9):

Figure 9 - vMX-vCP GNS3 Settings

2.2 vMX-vFP VM

vMX-vCP is ready, now we are going to create vFP. Navigate to Edit-> Preferences-> Qemu VMs and click New button. Enter the name for Qemu VM vMX-vFP. Allocate 4096 MB RAM for VM and select the "telnet" option. Click New Image option and select the disk - vFP-20210520.img.

Click the Edit button and navigate to "General Settings" tab. Change the number of vCPU from 1 to 3 (Figure 10). You can also select the category "Routers", so your VM will be available under the Routers symbol on the left panel of your desktop.

Figure 10 - GNS3 Settings of vMX-vFP

Now, switch to the Network tab. Assign 12 interfaces to vMX-vFP. Set the the first port name to “ext”, as it will be be connected to the OOB mgmt switch. Change the name format to Eth{port1}, since Eth1 will be part of our internal interface, and we will connect it to "em1" of the vCP VM. Do not forget to change the interface type to "virtio-net-pci" (Figure 11).

Figure 11 - Network Settings of vMX-vFP VM

Click finish button, and here are what our final settings for the vFP VM looks like (Figure 12):

Figure 12 - vMX-vFP GNS3 Settings

3. vMX Interconnect

The vMX interconnection is shown on the Figure 13. The first Ethernet interface on the vCP is connected to the first Ethernet interface on the vFP through an out-of-band management switch. Of course, the vMX will continue to function whether the management interfaces are connected or not. The second interface on vCP is directly connected to the second interface on the vFP.

Figure 13 - Juniper vMX Qemu Interconnect

And that is it for vCP connections; we will connect other network devices to the PIC ports on the vFP. More precisely, these are the ports from ge-0/0/0 to ge-0/0/9.

Let's check if the vFP is online and Gigabit Ethernet interfaces are presented (Figure 15).

Figute 14 - vFP PICs Status

vMX is trying to perform auto image upgrade using DHCP. To get rid of the messages shown on the Figure 15, enter the command:

root> configure
root# delete chassis auto-image-upgrade
root# commit

Figure 15 - Auto Image Upgrade

Note: To connect to vFP, enter the command below from vCP (Figure 16):

> start shell pfe network fpc0

Figure 16 - Checking vFP Version

4. Configuration and Testing

Network topology is shown on the Figure 17. We have add two Core Linux nodes that are connected to the third (ge-0/0/0) and fourth (ge-0/0/1) ports on the vFP.

Figure 17 - Network Topology

4.1 vMX

Configuration is done on vCP.

root# set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.254/24
root# set interfaces ge-0/0/1 unit 0 family inet address 192.168.2.254/24
root# commit

4.2 Linux Core

Core 1:

$ echo "ifconfig eth0 192.168.1.1 netmask 255.255.255.0" >> /opt/bootlocal.sh
$ echo "route add default gw 192.168.1.254" >> /opt/bootlocal.sh
$ /usr/bin/filetool.sh -b
$ sudo /opt/bootlocal.sh

Do the appropriate network configuration for Core 2.

4.3 Connectivity Test

Ping from Client-1 to Client-2 (Figure 18):

Figure 18 - Checking Network Connection between Clients

End.