Date created: Sunday, January 28, 2018 6:27:58 PM. Last modified: Monday, March 15, 2021 10:39:07 AM
Logical Systems on vMX
The below configuration deploys Juniper vMX 17.3R1 on Ubuntu 16.04 LTS, configures the below topology using four logical systems on the vMX, and then each logical system can then be connected to directly using SSH:
For the logical systems inter-connectivity, instead of using tunnel interfaces, they are using the vMX "hardware" interfaces ge-0/0/[0-7]. These are being externally bridged which is the virtual equivalent of patching loopback cables between ports on the same physical MX router. The ports ge-0/0/[0-7] on the vMX machine are being mapped into the same Linux bridge thought (not sure why this is happening, different bridges were configured for each point-to-point Ethernet link in the diagram?!) so VLANs are used to separate the broadcast domains.
vmx.conf:
##############################################################
#
# vmx.conf
# Config file for vmx on the hypervisor.
# Uses YAML syntax.
# Leave a space after ":" to specify the parameter value.
#
##############################################################
---
#Configuration on the host side - management interface, VM images etc.
HOST:
identifier : vmx1 # Maximum 6 characters
host-management-interface : eth0
routing-engine-image : "/home/bensley/VMs/vMX-17.3R1/vmx/images/junos-vmx-x86-64-17.3R1.10.qcow2"
routing-engine-hdd : "/home/bensley/VMs/vMX-17.3R1/vmx/images/vmxhdd.img"
forwarding-engine-image : "/home/bensley/VMs/vMX-17.3R1/vmx/images/vFPC-20170810.img"
---
#External bridge configuration
BRIDGES:
- type : external
name : br-ext2 # Max 10 characters
---
#vRE VM parameters
CONTROL_PLANE:
vcpus : 1
memory-mb : 2048
console_port: 8601
interfaces :
- type : static
ipaddr : 10.102.144.94
macaddr : "0A:00:DD:C0:DE:0E"
---
#vPFE VM parameters
FORWARDING_PLANE:
memory-mb : 2048
vcpus : 3
console_port: 8602
device-type : virtio
interfaces :
- type : static
ipaddr : 10.102.144.98
macaddr : "0A:00:DD:C0:DE:10"
---
#Interfaces
JUNOS_DEVICES:
- interface : ge-0/0/0
mac-address : "02:06:0A:0E:FF:F0"
description : "ge-0/0/0 interface (ls1)"
- interface : ge-0/0/1
mac-address : "02:06:0A:0E:FF:F1"
description : "ge-0/0/0 interface (ls2)"
- interface : ge-0/0/2
mac-address : "02:06:0A:0E:FF:F2"
description : "ge-0/0/0 interface (ls2)"
- interface : ge-0/0/3
mac-address : "02:06:0A:0E:FF:F3"
description : "ge-0/0/0 interface (ls3)"
- interface : ge-0/0/4
mac-address : "02:06:0A:0E:FF:F4"
description : "ge-0/0/0 interface (ls2)"
- interface : ge-0/0/5
mac-address : "02:06:0A:0E:FF:F5"
description : "ge-0/0/0 interface (ls3)"
- interface : ge-0/0/6
mac-address : "02:06:0A:0E:FF:F6"
description : "ge-0/0/0 interface (ls3)"
- interface : ge-0/0/7
mac-address : "02:06:0A:0E:FF:F7"
description : "ge-0/0/0 interface (ls4)"
vmx-junosdev.conf:
##############################################################
#
# vmx-junos-dev.conf
# - Config file for junos device bindings.
# - Uses YAML syntax.
# - Leave a space after ":" to specify the parameter value.
# - For physical NIC, set the 'type' as 'host_dev'
# - For junos devices, set the 'type' as 'junos_dev' and
# set the mandatory parameter 'vm-name' to the name of
# the vPFE where the device exists
# - For bridge devices, set the 'type' as 'bridge_dev'
#
##############################################################
interfaces :
- link_name : bridge_vmx_ls_1-2_1
endpoint_1 :
- type : junos_dev
vm_name : vmx1
dev_name : ge-0/0/0
endpoint_2 :
- type : bridge_dev
dev_name : bridge_ls_12
- link_name : bridge_vmx_ls_1-2_2
endpoint_1 :
- type : junos_dev
vm_name : vmx1
dev_name : ge-0/0/1
endpoint_2 :
- type : bridge_dev
dev_name : bridge_ls_12
- link_name : bridge_vmx_ls_2-3_1_1
endpoint_1 :
- type : junos_dev
vm_name : vmx1
dev_name : ge-0/0/2
endpoint_2 :
- type : bridge_dev
dev_name : bridge_ls_23_1
- link_name : bridge_vmx_ls_2-3_1_2
endpoint_1 :
- type : junos_dev
vm_name : vmx1
dev_name : ge-0/0/3
endpoint_2 :
- type : bridge_dev
dev_name : bridge_ls_23_1
- link_name : bridge_vmx_ls_2-3_2_1
endpoint_1 :
- type : junos_dev
vm_name : vmx1
dev_name : ge-0/0/4
endpoint_2 :
- type : bridge_dev
dev_name : bridge_ls_23_2
- link_name : bridge_vmx_ls_2-3_2_2
endpoint_1 :
- type : junos_dev
vm_name : vmx1
dev_name : ge-0/0/5
endpoint_2 :
- type : bridge_dev
dev_name : bridge_ls_23_2
- link_name : bridge_vmx_ls_3-4_1
endpoint_1 :
- type : junos_dev
vm_name : vmx1
dev_name : ge-0/0/6
endpoint_2 :
- type : bridge_dev
dev_name : bridge_ls_34
- link_name : bridge_vmx_ls_3-4_2
endpoint_1 :
- type : junos_dev
vm_name : vmx1
dev_name : ge-0/0/7
endpoint_2 :
- type : bridge_dev
dev_name : bridge_ls_34
Install the pre-reqs, create a dummy Ethernet interface to SSH to the vMX VCP on, install the vMX and then start it:
sudo apt-get install bridge-utils qemu-kvm libvirt-bin python python-netifaces vnc4server libyaml-dev python-yaml numactl libparted0-dev libpciaccess-dev libnuma-dev libyajl-dev libxml2-dev libglib2.0-dev libnl-3-dev python-pip python-dev libxml2-dev libxslt1-dev telnet sudo ip link add eth0 type dummy sudo ip link set up dev eth0 sudo ip a a 192.168.100.2/24 dev eth0 sudo ./vmx.sh --install sudo ./vmx.sh --start # Might give the following error: ls: cannot access '/HugePage_vPFE/libvirt': No such file or directory # Just run "sudo ./vmx.sh --start" again and it will work. # Connect to the vMX VCP console port using (default login is "root" with no password): sudo ./vmx.sh --console vcp vmx1
After starting the vMX this is the bridge-to-interface mapping:
bensley@ubuntu-laptop:~/VMs/vMX-17.3R1/vmx$ sudo ./vmx.sh --start
...
==================================================
VMX Status Verification Completed.
==================================================
==================================================
Thank you for using VMX
==================================================
bensley@ubuntu-laptop:~/VMs/vMX-17.3R1/vmx$ brctl show
bridge name bridge id STP enabled interfaces
br-ext2 8000.9a76afdc342d yes eth0
vcp-ext-vmx1
vfp-ext-vmx1
br-int-vmx1 8000.525400ac6320 yes br-int-vmx1-nic
vcp-int-vmx1
vfp-int-vmx1
virbr0 8000.fe060a0efff0 yes ge-0.0.0-vmx1
ge-0.0.1-vmx1
ge-0.0.2-vmx1
ge-0.0.3-vmx1
ge-0.0.4-vmx1
ge-0.0.5-vmx1
ge-0.0.6-vmx1
ge-0.0.7-vmx1
"show configuration":
version 17.3R1.10;
system {
root-authentication {
encrypted-password "$6$TQXJezuS$aSMhrRAC3NItnswb3bODakKaCXlA5WlY6D.HfjUctoqcTjhAmBPBTEEiiFST7wSeKomFOgbb8qX8e8.63gDWv1"; # "Juniper"
}
login {
class ls1 {
logical-system LS1;
permissions all;
}
class ls2 {
logical-system LS2;
permissions all;
}
class ls3 {
logical-system LS3;
permissions all;
}
class ls4 {
logical-system LS4;
permissions all;
}
user ls1 {
uid 2000;
class ls1;
authentication {
encrypted-password "$6$sgJwG7X2$C29KUjnppQl4sSABv8WLm95nAjC2yop5fOlfK0gkLIq0C4KHXodYDhwl1x5LTvEoIi3KTaOrawjKv.qP8mF.m1"; # "Juniper"
}
}
user ls2 {
uid 2001;
class ls2;
authentication {
encrypted-password "$6$qIEB8mbF$m8pwl8fhBjmdvJKXrSeg/0MBTR2q4bcv8mMynmJ0UD3PAowyiftEZpMnXoId48l7shBXxoRx/4h49VZroWvgi."; # "Juniper"
}
}
user ls3 {
uid 2002;
class ls3;
authentication {
encrypted-password "$6$kTr9zJfr$qshNQwHFeZ6W664/DiOm1KIg8BtpOKOg5lIDUyA6gnwXHCgGvWHGK9HN65sQsQdWjuZYl0Q5Co.c5TGop53dI0"; # "Juniper"
}
}
user ls4 {
uid 2003;
class ls4;
authentication {
encrypted-password "$6$RTAGFQTe$9.IOEHJTjXI2.FxUO9gdAAuUZGWBTGiPCdC32hATkfkxEezZ85WM2Qe6GrU8urf1cMzEiIwWZoNrKdDcirgXp1"; #"Juniper"
}
}
}
services {
ssh;
}
}
logical-systems {
LS1 {
interfaces {
ge-0/0/0 {
unit 1 {
vlan-id 1;
family inet {
address 10.0.12.0/31;
}
family inet6 {
address abcd:10:12::1/64;
}
}
}
lo0 {
unit 1 {
family inet {
address 1.0.0.1/32;
}
family inet6 {
address ::ffff:1:0:0:1/128;
}
}
}
}
LS2 {
interfaces {
ge-0/0/1 {
unit 1 {
vlan-id 1;
family inet {
address 10.0.12.1/31;
}
family inet6 {
address abcd:10:12::2/64;
}
}
}
ge-0/0/2 {
unit 2 {
vlan-id 2;
family inet {
address 10.0.23.0/31;
}
family inet6 {
address abcd:10:23::1/64;
}
}
}
ge-0/0/4 {
unit 4 {
vlan-id 4;
family inet {
address 10.0.23.2/31;
}
family inet6 {
address abcd:10:23:2::1/64;
}
}
}
lo0 {
unit 2 {
family inet {
address 1.0.0.2/32;
}
family inet6 {
address ::ffff:1:0:0:2/128;
}
}
}
}
LS3 {
interfaces {
ge-0/0/3 {
unit 2 {
vlan-id 2;
family inet {
address 10.0.23.1/31;
}
family inet6 {
address abcd:10:23::2/64;
}
}
}
ge-0/0/5 {
unit 4 {
vlan-id 4;
family inet {
address 10.0.23.3/31;
}
family inet6 {
address abcd:10:23:2::2/64;
}
}
}
ge-0/0/6 {
unit 6 {
vlan-id 6;
family inet {
address 10.0.34.0/31;
}
family inet6 {
address abcd:10:34::1/64;
}
}
}
lo0 {
unit 3 {
family inet {
address 1.0.0.3/32;
}
family inet6 {
address ::ffff:1:0:0:3/128;
}
}
}
}
LS4 {
interfaces {
ge-0/0/7 {
unit 6 {
vlan-id 6;
family inet {
address 10.0.34.1/31;
}
family inet6 {
address abcd:10:34::2/64;
}
}
}
lo0 {
unit 4 {
family inet {
address 1.0.0.4/32;
}
family inet6 {
address ::ffff:1:0:0:4/128;
}
}
}
}
}
}
chassis {
network-services enhanced-ip;
}
interfaces {
ge-0/0/0 {
flexible-vlan-tagging;
}
ge-0/0/1 {
flexible-vlan-tagging;
}
ge-0/0/2 {
flexible-vlan-tagging;
}
ge-0/0/3 {
flexible-vlan-tagging;
}
ge-0/0/4 {
flexible-vlan-tagging;
}
ge-0/0/5 {
flexible-vlan-tagging;
}
ge-0/0/6 {
flexible-vlan-tagging;
}
ge-0/0/7 {
flexible-vlan-tagging;
}
em1 {
unit 0 {
family inet;
}
}
fxp0 {
unit 0 {
family inet {
address 192.168.100.3/24;
}
}
}
}
"show configuration | display set":
set version 17.3R1.10 set system root-authentication encrypted-password "$6$TQXJezuS$aSMhrRAC3NItnswb3bODakKaCXlA5WlY6D.HfjUctoqcTjhAmBPBTEEiiFST7wSeKomFOgbb8qX8e8.63gDWv1" # "Juniper" set system login class ls1 logical-system LS1 set system login class ls1 permissions all set system login class ls2 logical-system LS2 set system login class ls2 permissions all set system login class ls3 logical-system LS3 set system login class ls3 permissions all set system login class ls4 logical-system LS4 set system login class ls4 permissions all set system login user ls1 uid 2000 set system login user ls1 class ls1 set system login user ls1 authentication encrypted-password "$6$sgJwG7X2$C29KUjnppQl4sSABv8WLm95nAjC2yop5fOlfK0gkLIq0C4KHXodYDhwl1x5LTvEoIi3KTaOrawjKv.qP8mF.m1" # "Juniper" set system login user ls2 uid 2001 set system login user ls2 class ls2 set system login user ls2 authentication encrypted-password "$6$qIEB8mbF$m8pwl8fhBjmdvJKXrSeg/0MBTR2q4bcv8mMynmJ0UD3PAowyiftEZpMnXoId48l7shBXxoRx/4h49VZroWvgi." # "Juniper" set system login user ls3 uid 2002 set system login user ls3 class ls3 set system login user ls3 authentication encrypted-password "$6$kTr9zJfr$qshNQwHFeZ6W664/DiOm1KIg8BtpOKOg5lIDUyA6gnwXHCgGvWHGK9HN65sQsQdWjuZYl0Q5Co.c5TGop53dI0" # "Juniper" set system login user ls4 uid 2003 set system login user ls4 class ls4 set system login user ls4 authentication encrypted-password "$6$RTAGFQTe$9.IOEHJTjXI2.FxUO9gdAAuUZGWBTGiPCdC32hATkfkxEezZ85WM2Qe6GrU8urf1cMzEiIwWZoNrKdDcirgXp1" # "Juniper" set system services ssh set system syslog user * any emergency set system syslog file messages any notice set system syslog file messages authorization info set system syslog file interactive-commands interactive-commands any set logical-systems LS1 interfaces ge-0/0/0 unit 1 vlan-id 1 set logical-systems LS1 interfaces ge-0/0/0 unit 1 family inet address 10.0.12.0/31 set logical-systems LS1 interfaces ge-0/0/0 unit 1 family inet6 address abcd:10:12::1/64 set logical-systems LS1 interfaces lo0 unit 1 family inet address 1.0.0.1/32 set logical-systems LS1 interfaces lo0 unit 1 family inet6 address ::ffff:1:0:0:1/128 set logical-systems LS2 interfaces ge-0/0/1 unit 1 vlan-id 1 set logical-systems LS2 interfaces ge-0/0/1 unit 1 family inet address 10.0.12.1/31 set logical-systems LS2 interfaces ge-0/0/1 unit 1 family inet6 address abcd:10:12::2/64 set logical-systems LS2 interfaces ge-0/0/2 unit 2 vlan-id 2 set logical-systems LS2 interfaces ge-0/0/2 unit 2 family inet address 10.0.23.0/31 set logical-systems LS2 interfaces ge-0/0/2 unit 2 family inet6 address abcd:10:23::1/64 set logical-systems LS2 interfaces ge-0/0/4 unit 4 vlan-id 4 set logical-systems LS2 interfaces ge-0/0/4 unit 4 family inet address 10.0.23.2/31 set logical-systems LS2 interfaces ge-0/0/4 unit 4 family inet6 address abcd:10:23:2::1/64 set logical-systems LS2 interfaces lo0 unit 2 family inet address 1.0.0.2/32 set logical-systems LS2 interfaces lo0 unit 2 family inet6 address ::ffff:1:0:0:2/128 set logical-systems LS3 interfaces ge-0/0/3 unit 2 vlan-id 2 set logical-systems LS3 interfaces ge-0/0/3 unit 2 family inet address 10.0.23.1/31 set logical-systems LS3 interfaces ge-0/0/3 unit 2 family inet6 address abcd:10:23::2/64 set logical-systems LS3 interfaces ge-0/0/5 unit 4 vlan-id 4 set logical-systems LS3 interfaces ge-0/0/5 unit 4 family inet address 10.0.23.3/31 set logical-systems LS3 interfaces ge-0/0/5 unit 4 family inet6 address abcd:10:23:2::2/64 set logical-systems LS3 interfaces ge-0/0/6 unit 6 vlan-id 6 set logical-systems LS3 interfaces ge-0/0/6 unit 6 family inet address 10.0.34.0/31 set logical-systems LS3 interfaces ge-0/0/6 unit 6 family inet6 address abcd:10:34::1/64 set logical-systems LS3 interfaces lo0 unit 3 family inet address 1.0.0.3/32 set logical-systems LS3 interfaces lo0 unit 3 family inet6 address ::ffff:1:0:0:3/128 set logical-systems LS4 interfaces ge-0/0/7 unit 6 vlan-id 6 set logical-systems LS4 interfaces ge-0/0/7 unit 6 family inet address 10.0.34.1/31 set logical-systems LS4 interfaces ge-0/0/7 unit 6 family inet6 address abcd:10:34::2/64 set logical-systems LS4 interfaces lo0 unit 4 family inet address 1.0.0.4/32 set logical-systems LS4 interfaces lo0 unit 4 family inet6 address ::ffff:1:0:0:4/128 set chassis network-services enhanced-ip set interfaces ge-0/0/0 flexible-vlan-tagging set interfaces ge-0/0/1 flexible-vlan-tagging set interfaces ge-0/0/2 flexible-vlan-tagging set interfaces ge-0/0/3 flexible-vlan-tagging set interfaces ge-0/0/4 flexible-vlan-tagging set interfaces ge-0/0/5 flexible-vlan-tagging set interfaces ge-0/0/6 flexible-vlan-tagging set interfaces ge-0/0/7 flexible-vlan-tagging set interfaces em1 unit 0 family inet set interfaces fxp0 unit 0 family inet address 192.168.100.3/24
Each logical system on the vMX can be accessed using SSH. "ssh ls1@192.168.100.3" connects directly to the logical system "LS1", "ssh ls2@192.168.100.3" connects directly to logical system "LS2" and so on.
Previous page: -vMX Notes-
Next page: Nested vMX