SRX

 View Only
last person joined: 22 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  vSRX on AWS: Missing IP address on fxp0.0

    Posted 07-07-2024 11:22
    Edited by Juniper Community Admin 07-08-2024 09:07
    I launched a vSRX instance on AWS and had AWS assign a public IP address.
     
    The vSRX boots and I can access it using the debug console.
     
    However, I cannot access it over the management interface fxp0.0. The following command hangs:
     
    ssh -i ~/.ssh/xxx.pem root@x.x.x.x
     
    (Where x.x.x.x is the public IP address that AWS assigned.)
     
    The fxp0.0 interface in the vSRX did not get the AWS any IP address (neither a configured address nor DHCP enabled):
     
    root> show interfaces fxp0 
    Physical interface: fxp0, Enabled, Physical link is Up
      Interface index: 65, SNMP ifIndex: 1
      Type: Ethernet, Link-level type: Ethernet, MTU: 1514, Speed: 10Gbps
      Device flags   : Present Running
      Interface flags: SNMP-Traps
      Link type      : Full-Duplex
      Current address: 0a:ff:f9:a5:ae:1d, Hardware address: 0a:ff:f9:a5:ae:1d
      Last flapped   : 2024-07-07 14:12:17 UTC (00:18:13 ago)
        Input packets : 0
        Output packets: 0
     
      Logical interface fxp0.0 (Index 4) (SNMP ifIndex 13)
        Flags: Up SNMP-Traps 0x4000000 Encapsulation: ENET2
        Input packets : 383
        Output packets: 0
     
    root> show configuration interfaces 
    fxp0 {
        unit 0;
    }
     
    The first time the vSRX booted, I noticed the following error message in the debug console (this message did not appear after a reboot):
     
    Traceback (most recent call last):
      File "/usr/sbin/cloudagent-ctl", line 196, in <module>
        init_config_files()
      File "/usr/sbin/cloudagent-ctl", line 106, in init_config_files
        copyfile('/etc/cloudagent/aws/cloudagent.conf.json', cloudagent_conf)
      File "/volume/build/junos/22.4/release/22.4R3.25/src/external/psf2/python3/dist/Lib/shutil.py", line 120, in copyfile
    FileNotFoundError: [Errno 2] No such file or directory: '/etc/cloudagent/aws/cloudagent.conf.json'
     
    =>       3  37761019  nvd0  GPT  (20G) [CORRUPT]
    nvd0 recovered
    is_gcp: false
    vSRX early init finished
    grep: /var/etc/jlaunchd.inc: No such file or directory
    grep: /var/etc/jlaunchd.inc: No such file or directory

    EDIT1:

    I found that I had to go into the debug console and manually enable DHCP on interface fxp0.0 ("set interfaces fxp0 unit 0 family inet dhcp") get the vSRX to be ping-reachable. It seems to me that if this is indeed required, then DHCP should be enabled in the default configuration.



  • 2.  RE: vSRX on AWS: Missing IP address on fxp0.0

    Posted 07-07-2024 15:41

    Furthermore, I found that even after I manually configured interface fxp0.0 to be a DHCP client (which allowed me to ping fxp0.0) I still could not SSH into the vSRX using "ssh -i xxxx root@x.x.x.x".

    I found that I had to manually add a user as follows:

    [edit system]
    +   login {
    +       user xxx {
    +           full-name "Xxx Xxx";
    +           uid 2000;
    +           class super-user;
    +           authentication {
    +               encrypted-password "xxx"; ## SECRET-DATA
    +           }
    +       }
    +   }
    +   authentication-order password;

    After doing so I could SSH into the system as the new user using password authentication using "ssh xxx@x.x.x.x"

    The documentation seems to imply that I should be able to SSH into a newly launched vSRX as root using the private key that was assigned/created by AWS when the instance was launched. This doesn't seem to work.



    ------------------------------
    Bruno Rijsman
    ------------------------------



  • 3.  RE: vSRX on AWS: Missing IP address on fxp0.0
    Best Answer

    Posted 07-08-2024 11:29

    I discovered the solution for my problem:

    When I created the keypair for the vSRX AWS instance I set the keypair type to ED25519.

    This does not work - when you reboot the vSRX instance, it fails to generate the initial configuration.

    After the reboot, you will see the following error messages in /var/log/cloud-debug.log:

    Configuring cloud-init
    Got ssh pub key from metadata server.
    not found juniper_user_data.conf, copy default
    /var/host/juniper_user_data.conf:14:(125) authorized-key-rsa: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN9U1dYjjEGSAZVFEKAGXB05JitQz7x5Ja23hBmIgLbT vsrx-vir
    AAIN9U1dYjjEGSAZVFEKAGXB05JitQz7x5Ja23hBmIgLbT vsrx-virginia'
      [edit groups aws-default system login user ec2-user authentication ssh-rsa]
        'ssh-rsa ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN9U1dYjjEGSAZVFEKAGXB05JitQz7x5Ja23hBmIgLbT vsrx-virginia;'
          authorized-key-rsa: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN9U1dYjjEGSAZVFEKAGXB05JitQz7x5Ja23hBmIgLbT vsrx-virginia': Must follow SSHv2 or SSHv1 RSA key format
    warning: statement must contain additional statements
    mgd: commit complete
    

    The solution is to set the keypair type to RSA (which is the default value).



    ------------------------------
    Bruno Rijsman
    ------------------------------