[j-nsp] vSRX on KVM

2015-09-28 Thread Yuriy B. Borysov 
Hello!

Does someone use vSRX on the KVM in lab or in production?

Could you show example of XML config from working instance?

I'm trying to install according to this manual:

https://www.juniper.net/techpubs/en_US/vsrx15.1x49/topics/task/multi-task/security-vsrx-with-kvm-installing.html

but the system does not see any ge-* interface.

Thanks!


-- 
WBR, Yuriy B. Borysov
YOKO-UANIC | YOKO-RIPE  
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] vSRX on KVM

2015-09-28 Thread Maxwell Cole 
Hello,

How are you passing in the interfaces? A bridge or PCI-Passthrough? 

From my testing with the vSRX it won’t recognize any ge- interfaces unless you 
pass at least 3 interfaces in. This is true on both KVM and ESXi, which makes 
me think that they silently (Or at least quietly) abort adding interfaces 
unless it has the required minimum of 3. I have also noticed that it helps to 
pass in all 3 interfaces in the same “model” type regardless of the source 
driver or interface. Also note that after you start up the VM it can take 2-3 
minutes after the control plane becomes accessible before the ge- interfaces 
get added. 

Here is the relevant config I have working. I’ve had the most success passing 
them in as e1000. The first network “default” is just a simple 1g bridge 
interface and the other two are Intel SR-IVO passthrough networks. I was able 
to get it up and running just by creating a bridge and adding them to it via 
[].


   
  
  
  


  
  
  


  
  
  


#virsh net-dumpxml pnetwork

  pnetwork
  [snip]
  

















  


Hope that helps,

Cheers,

> On Sep 28, 2015, at 12:51 PM, Yuriy B. Borysov  
> wrote:
> 
> Hello!
> 
> Does someone use vSRX on the KVM in lab or in production?
> 
> Could you show example of XML config from working instance?
> 
> I'm trying to install according to this manual:
> 
> https://www.juniper.net/techpubs/en_US/vsrx15.1x49/topics/task/multi-task/security-vsrx-with-kvm-installing.html
> 
> but the system does not see any ge-* interface.
> 
> Thanks!
> 
> 
> -- 
> WBR, Yuriy B. Borysov
> YOKO-UANIC | YOKO-RIPE
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp