I''m having trouble with the basic ESXI setup for the vSRX.
The best I can tell this is just like the vMX, where Nic 1 is the external interface, 2 and 3 are "internal management", and network adapter 4 is "ge-0/0/0" and etc.
Is this incorrect? I've tried all the nic adapter versions and still, same problem.
Have you ensured that your VM has 2 vCPUs and 4GB RAM? If you run it on ESXi 6.5 you will need a vSRX based on 18.4R1 or newer. Usually the vFPC doesn't boot when it's lacking a vCPU or memory.
requirements are listed here: https://www.juniper.net/documentation/en_US/vsrx/topics/reference/general/security-vsrx-vmware-system-requirement.html
The port-group connected to fxp0 needs to be in promiscious mode to work. That's possibly the reason why ping isn't working.
I have allocated 12 cpus and 20gb of ram.
On our vMX's, we have to run in lite-mode because we have older hosts, do you think it could be the same problem?
Which version of vSRX and is it vSRX 2.0 or 3.0 ? 12 vCPUs doesn't match any supported scheme.
There is no lite-mode configuration available on vSRX just like vMX has.I understand that you already ensure the requirements are fullfilled. Are you not able to boot up the vSRX at all? or vSRX is booting but you don't see the interface listed.vSRX2.0 onwards the recommendation is to use VMXNET3 or SRIOV, please ensure the Network Adapter is VMXNET3.Please check if the FPC is online or offline, if the vSRX does not have valid license even in that case FPC 0 will be offline and interface will not be listed.
Ahhhh, that would be the problem then!
I cant' seem to fine the trial license generator?
Can you link it?
When a vSRX is spun up, it comes with a 30 day/60 day license by default and probably you might not be able to extend this trial license.
If you would like to continue to use the same instance, then you would probably have to obtain a license for it. However if you are still evaluating, then the best way to go about it is to deploy a new vSRX which will start the 30/60 day trial.
Here are the links regarding licenses:
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!
that's what I figured, but I see no reason why my GE's are not coming up.
They are using XNet3, they have allocated resources.
Per the output you shared earlier:
admin@vSRX-RTR1> show chassis fpc pic-status
Slot 0 Present FPC <<<<
When the FPC is not online, the 'ge' interfaces will not be initialized and hence they will not come up. This happens if there is no active license on the device and trial license has expired.
Run the 'show system license' command to check the license status.
this machine was spun up today, so I have 59 days left lol
admin@MLB-vSRX-RTR1> show system license
Licenses Licenses Licenses Expiry
Feature name used installed needed
logical-system 1 3 0 permanent
Virtual Appliance 1 1 0 59 days
remote-access-ipsec-vpn-client 0 2 0 permanent
License identifier: E420588955
License version: 4
Software Serial Number: 20150625
Customer ID: vSRX-JuniperEval
Virtual Appliance - Virtual Appliance
count-down, Original validity: 60 days
Perfect, that rules out the license issue. 🙂
Could you please share the 'show version' output please and also if this is vSRX 2.0 or 3.0?
It's Version 2, on 19.1R1.6
JUNOS OS Kernel 64-bit [20190305.df99236_builder_stable_11]
JUNOS OS libs [20190305.df99236_builder_stable_11]
JUNOS OS runtime [20190305.df99236_builder_stable_11]
JUNOS OS time zone information [20190305.df99236_builder_stable_11]
JUNOS OS libs compat32 [20190305.df99236_builder_stable_11]
JUNOS OS 32-bit compatibility [20190305.df99236_builder_stable_11]
JUNOS py extensions [20190321.051058_builder_junos_191_r1]
JUNOS py base [20190321.051058_builder_junos_191_r1]
JUNOS OS vmguest [20190305.df99236_builder_stable_11]
JUNOS OS crypto [20190305.df99236_builder_stable_11]
JUNOS network stack and utilities [20190321.051058_builder_junos_191_r1]
JUNOS libs [20190321.051058_builder_junos_191_r1]
JUNOS libs compat32 [20190321.051058_builder_junos_191_r1]
JUNOS runtime [20190321.051058_builder_junos_191_r1]
JUNOS na telemetry [19.1R1.6]
JUNOS Web Management Platform Package [20190321.051058_builder_junos_191_r1]
JUNOS srx libs compat32 [20190321.051058_builder_junos_191_r1]
JUNOS srx runtime [20190321.051058_builder_junos_191_r1]
JUNOS srx platform support [20190321.051058_builder_junos_191_r1]
JUNOS common platform support [20190321.051058_builder_junos_191_r1]
JUNOS srxtvp runtime [20190321.051058_builder_junos_191_r1]
JUNOS pppoe [20190321.051058_builder_junos_191_r1]
JUNOS Openconfig [19.1R1.6]
JUNOS mtx network modules [20190321.051058_builder_junos_191_r1]
JUNOS modules [20190321.051058_builder_junos_191_r1]
JUNOS srxtvp modules [20190321.051058_builder_junos_191_r1]
JUNOS srxtvp libs [20190321.051058_builder_junos_191_r1]
JUNOS srx libs [20190321.051058_builder_junos_191_r1]
JUNOS srx Data Plane Crypto Support [20190321.051058_builder_junos_191_r1]
JUNOS daemons [20190321.051058_builder_junos_191_r1]
JUNOS srx daemons [20190321.051058_builder_junos_191_r1]
JUNOS SRX TVP AppQos Daemon [20190321.051058_builder_junos_191_r1]
JUNOS High End AppQos Daemon [20190321.051058_builder_junos_191_r1]
JUNOS Extension Toolkit [20190321.051058_builder_junos_191_r1]
JUNOS Phone-home [20190321.051058_builder_junos_191_r1]
JUNOS J-Insight [20190321.051058_builder_junos_191_r1]
JUNOS Online Documentation [20190321.051058_builder_junos_191_r1]
JUNOS jail runtime [20190305.df99236_builder_stable_11]
JUNOS FIPS mode utilities [20190321.051058_builder_junos_191_r1]
Thanks for sharing this output, I will check a few things and get back to you on this.
Have a few more questions for you:
1) Which version of ESXi are you on?
2) If you prefer running vSRXs above 18.4, then I would recommend deploying vSRX 3.0 as it has better RE boot time, etc. Could you try to spining up vSRX3.0 to see if that makes a difference?
Document for reference: https://www.juniper.net/documentation/en_US/vsrx/topics/reference/general/security-vsrx-vmware-system-requirement.html#vSRXFlavors
3) Also, if you haven't rebooted the vSRX after changing vCPU value, could you try rebooting it from cli and share the results?
I'll try that now!
We are on 6.5 and yes, I have tried reboots after each change.
I'll make another post when I have that spun up.
Sounds good! 🙂
Upon doing some checks, vSRX 2.0 on Junos 19.1R1.6 on ESXi running 6.5 seems to be supported. However 9vCPUs and 16GB RAM corresponds to vSRX-Large flavor which I am aware works fine on KVM hypervisor. However I am not sure if thats supported on ESXi hypervisor.
When you get a chance, could you try powering off this vSRX2.0 instance and change it use 5vCPUs, 8 GB RAM, 16GB disk space (vSRX-Medium flavor) and power it back on to check if that helps resolve this issue?
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Using vSRX 3.0 has solved the problem!
Glad to hear that!
If you have some time, please try the above recommendation for vSRX2.0 to see if downgrading it to vSRX-M flavor helps to initialize the FPC and interfaces as expected.
Just thought of checking to see if downgrading vSRX 2.0 to vSRX-M flavor on ESXi brough the FPC/interfaces online?
Here is the techpub that explains the interface mapping in detail for vSRXs:
Also here is the deployment guide for vSRX on VMware (ESXi) for your reference: https://www.juniper.net/documentation/en_US/vsrx/information-products/pathway-pages/security-vsrx-vmware-guide-pwp.html
Also, could you run the following command on vSRX cli to confirm if the vFPC is online:
> show chassis fpc pic-status
Result of CLI
Slot 0 Present FPC
HOw do I tell version?
I just changed it to 9 vCPUs and same problem.
Promiscuous mode did change the fxpo com problem.