vSRX

Expand all | Collapse all

vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

  • 1.  vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

    Posted 06-18-2019 10:40

    hey all, 

     

    I''m having trouble with the basic ESXI setup for the vSRX. 

     

    The best I can tell this is just like the vMX, where Nic 1 is the external interface, 2 and 3 are "internal management", and network adapter 4 is "ge-0/0/0" and etc. 

     

    Is this incorrect? I've tried all the nic adapter versions and still, same problem. 



  • 2.  RE: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

     
    Posted 06-18-2019 10:46

    Have you ensured that your VM has 2 vCPUs and 4GB RAM? If you run it on ESXi 6.5 you will need a vSRX based on 18.4R1 or newer. Usually the vFPC doesn't boot when it's lacking a vCPU or memory.

     

    requirements are listed here: https://www.juniper.net/documentation/en_US/vsrx/topics/reference/general/security-vsrx-vmware-system-requirement.html

     

    The port-group connected to fxp0 needs to be in promiscious mode to work. That's possibly the reason why ping isn't working.



  • 3.  RE: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

    Posted 06-18-2019 10:49

    Yep.

     

    I have allocated 12 cpus and 20gb of ram. 

     

    On our vMX's, we have to run in lite-mode because we have older hosts, do you think it could be the same problem? 



  • 4.  RE: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

     
    Posted 06-18-2019 11:07

    Which version of vSRX and is it vSRX 2.0 or 3.0 ? 12 vCPUs doesn't match any supported scheme.



  • 5.  RE: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

    Posted 06-18-2019 11:20

    There is no lite-mode configuration available on vSRX just like vMX has.
    I understand that you already ensure the requirements are fullfilled. Are you not able to boot up the vSRX at all? or vSRX is booting but you don't see the interface listed.
    vSRX2.0 onwards the recommendation is to use VMXNET3 or SRIOV, please ensure the Network Adapter is VMXNET3.
    Please check if the FPC is online or offline, if the vSRX does not have valid license even in that case FPC 0 will be offline and interface will not be listed.



  • 6.  RE: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

    Posted 06-18-2019 11:34

    Ahhhh, that would be the problem then! 

     

    I cant' seem to fine the trial license generator? 

     

    Can you link it?



  • 7.  RE: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

    Posted 06-18-2019 12:14

    Hi RoutingFrames,

     

    When a vSRX is spun up, it comes with a 30 day/60 day license by default and probably you might not be able to extend this trial license. 

     

    If you would like to continue to use the same instance, then you would probably have to obtain a license for it. However if you are still evaluating, then the best way to go about it is to deploy a new vSRX which will start the 30/60 day trial.

     

    Here are the links regarding licenses:

     

    https://www.juniper.net/documentation/en_US/release-independent/licensing/topics/topic-map/vsrx-licensing.html#VSRXEvaluationLicense-796D0E53

     

    https://www.juniper.net/us/en/dm/free-vsrx-trial/

     

    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!

     

    Regards,

    HS

     



  • 8.  RE: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

    Posted 06-18-2019 12:23

    Okay,

     

    that's what I figured, but I see no reason why my GE's are not coming up. 

     

    They are using XNet3, they have allocated resources. 

     

     



  • 9.  RE: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

    Posted 06-18-2019 12:27

    Per the output you shared earlier:

     

    admin@vSRX-RTR1> show chassis fpc pic-status 

    Slot 0   Present      FPC  <<<<

     

    When the FPC is not online, the 'ge' interfaces will not be initialized and hence they will not come up. This happens if there is no active license on the device and trial license has expired.

     

    Run the 'show system license' command to check the license status.

     

    Regards,

    HS

     



  • 10.  RE: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

    Posted 06-18-2019 12:30

    Correct,

     

    this machine was spun up today, so I have 59 days left lol

     

     

    admin@MLB-vSRX-RTR1> show system license 

    License usage: 

                                     Licenses     Licenses    Licenses    Expiry

      Feature name                       used    installed      needed 

      logical-system                        1            3           0    permanent

      Virtual Appliance                     1            1           0    59 days

      remote-access-ipsec-vpn-client        0            2           0    permanent

     

    Licenses installed: 

      License identifier: E420588955

      License version: 4

      Software Serial Number: 20150625

      Customer ID: vSRX-JuniperEval

      Features:

        Virtual Appliance - Virtual Appliance

          count-down, Original validity: 60 days



  • 11.  RE: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

    Posted 06-18-2019 12:40

    Perfect, that rules out the license issue. 🙂 

     

    Could you please share the 'show version' output please and also if this is vSRX 2.0 or 3.0? 

     

    Regards,

    HS



  • 12.  RE: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

    Posted 06-18-2019 12:43

    It's Version 2, on 19.1R1.6

     

    Hostname: MLB-vSRX-RTR1

    JUNOS OS Kernel 64-bit  [20190305.df99236_builder_stable_11]

    JUNOS OS libs [20190305.df99236_builder_stable_11]

    JUNOS OS runtime [20190305.df99236_builder_stable_11]

    JUNOS OS time zone information [20190305.df99236_builder_stable_11]

    JUNOS OS libs compat32 [20190305.df99236_builder_stable_11]

    JUNOS OS 32-bit compatibility [20190305.df99236_builder_stable_11]

    JUNOS py extensions [20190321.051058_builder_junos_191_r1]

    JUNOS py base [20190321.051058_builder_junos_191_r1]

    JUNOS OS vmguest [20190305.df99236_builder_stable_11]

    JUNOS OS crypto [20190305.df99236_builder_stable_11]

    JUNOS network stack and utilities [20190321.051058_builder_junos_191_r1]

    JUNOS libs [20190321.051058_builder_junos_191_r1]

    JUNOS libs compat32 [20190321.051058_builder_junos_191_r1]

    JUNOS runtime [20190321.051058_builder_junos_191_r1]

    JUNOS na telemetry [19.1R1.6]

    JUNOS Web Management Platform Package [20190321.051058_builder_junos_191_r1]

    JUNOS srx libs compat32 [20190321.051058_builder_junos_191_r1]

    JUNOS srx runtime [20190321.051058_builder_junos_191_r1]

    JUNOS srx platform support [20190321.051058_builder_junos_191_r1]

    JUNOS common platform support [20190321.051058_builder_junos_191_r1]

    JUNOS srxtvp runtime [20190321.051058_builder_junos_191_r1]

    JUNOS pppoe [20190321.051058_builder_junos_191_r1]

    JUNOS Openconfig [19.1R1.6]

    JUNOS mtx network modules [20190321.051058_builder_junos_191_r1]

    JUNOS modules [20190321.051058_builder_junos_191_r1]

    JUNOS srxtvp modules [20190321.051058_builder_junos_191_r1]

    JUNOS srxtvp libs [20190321.051058_builder_junos_191_r1]

    JUNOS srx libs [20190321.051058_builder_junos_191_r1]

    JUNOS srx Data Plane Crypto Support [20190321.051058_builder_junos_191_r1]

    JUNOS daemons [20190321.051058_builder_junos_191_r1]

    JUNOS srx daemons [20190321.051058_builder_junos_191_r1]

    JUNOS SRX TVP AppQos Daemon [20190321.051058_builder_junos_191_r1]

    JUNOS High End AppQos Daemon [20190321.051058_builder_junos_191_r1]

    JUNOS Extension Toolkit [20190321.051058_builder_junos_191_r1]

    JUNOS Phone-home [20190321.051058_builder_junos_191_r1]

    JUNOS J-Insight [20190321.051058_builder_junos_191_r1]

    JUNOS Online Documentation [20190321.051058_builder_junos_191_r1]

    JUNOS jail runtime [20190305.df99236_builder_stable_11]

    JUNOS FIPS mode utilities [20190321.051058_builder_junos_191_r1]



  • 13.  RE: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

    Posted 06-18-2019 12:55

    Thanks for sharing this output, I will check a few things and get back to you on this. 

     

    Have a few more questions for you:

     

    1) Which version of ESXi are you on?

    2) If you prefer running vSRXs above 18.4, then I would recommend deploying vSRX 3.0 as it has better RE boot time, etc. Could you try to spining up vSRX3.0 to see if that makes a difference?

    Document for reference: https://www.juniper.net/documentation/en_US/vsrx/topics/reference/general/security-vsrx-vmware-system-requirement.html#vSRXFlavors

    3) Also, if you haven't rebooted the vSRX after changing vCPU value, could you try rebooting it from cli and share the results?

     

    Regards,

    HS



  • 14.  RE: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

    Posted 06-18-2019 13:09

    Hey, 

     

    I'll try that now! 

     

    We are on 6.5 and yes, I have tried reboots after each change. 

     

    I'll make another post when I have that spun up.

     

    Thank you! 



  • 15.  RE: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

    Posted 06-18-2019 13:33

    Sounds good! 🙂

     

    Upon doing some checks, vSRX 2.0 on Junos 19.1R1.6 on ESXi running 6.5 seems to be supported. However 9vCPUs and 16GB RAM corresponds to vSRX-Large flavor which I am aware works fine on KVM hypervisor. However I am not sure if thats supported on ESXi hypervisor.

     

    When you get a chance, could you try powering off this vSRX2.0 instance and change it use 5vCPUs, 8 GB RAM, 16GB disk space (vSRX-Medium flavor) and power it back on to check if that helps resolve this issue?

     

    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!

     

    Regards,

    HS



  • 16.  RE: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

    Posted 06-18-2019 13:41

    Using vSRX 3.0 has solved the problem! 

     

     



  • 17.  RE: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

    Posted 06-18-2019 13:50

    Glad to hear that!

     

    If you have some time, please try the above recommendation for vSRX2.0 to see if downgrading it to vSRX-M flavor helps to initialize the FPC and interfaces as expected.

     

    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!

     

    Regards,

    HS



  • 18.  RE: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

    Posted 06-19-2019 07:38

    Hi RoutingFrames,

     

    Just thought of checking to see if downgrading vSRX 2.0 to vSRX-M flavor on ESXi brough the FPC/interfaces online?

     

    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!

     

    Regards,

    HS



  • 19.  RE: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

    Posted 06-24-2019 07:14

    Hi RoutingFrames,

     

    Just thought of checking to see if downgrading vSRX 2.0 to vSRX-M flavor on ESXi brough the FPC/interfaces online?

     

    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!

     

    Regards,

    HS



  • 20.  RE: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

    Posted 06-18-2019 10:49

    Hi there,

     

    Here is the techpub that explains the interface mapping in detail for vSRXs:

     

    https://www.juniper.net/documentation/en_US/vsrx/topics/reference/general/security-vsrx-interface-names.html

     

    Also here is the deployment guide for vSRX on VMware (ESXi) for your reference: https://www.juniper.net/documentation/en_US/vsrx/information-products/pathway-pages/security-vsrx-vmware-guide-pwp.html

     

    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!

     

    Regards,

    HS



  • 21.  RE: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

    Posted 06-18-2019 11:15

    Also, could you run the following command on vSRX cli to confirm if the vFPC is online:

     

    > show chassis fpc pic-status

     

    Regards,

    HS



  • 22.  RE: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

    Posted 06-18-2019 11:33

    Result of CLI

     

     

    admin@vSRX-RTR1> show chassis fpc pic-status 

    Slot 0   Present      FPC      

     

    HOw do I tell version?

     

    I just changed it to 9 vCPUs and same problem. 

     

    Promiscuous mode did change the fxpo com problem.