Configuring VNFs on NFX250 NextGen Devices
The NFX250 NextGen devices enable you to instantiate and manage virtualized network functions (VNFs) from the Junos Control Plane (JCP). The JCP supports the creation and management of third-party VNFs.
Load a VNF Image
To configure a VNF, you must log in to the JCP:
user@host:~ # cliuser@host> To load a VNF image on the device from a remote location, use
the file-copy command.
You must save the VNF image in the /var/public directory.
user@host> file copy source-address /var/public For example:
user@host> file copy scp://192.0.2.0//tftpboot/centos.img
/var/public Alternatively, you can load a VNF image by using the NETCONF command, file-put.
Prepare the Bootstrap Configuration
You can bootstrap a VNF using an attached config drive that contains a bootstrap-config ISO file. For an example of creating an ISO file, see the procedure in Creating a vSRX Bootstrap ISO Image. The procedure might differ based on the operating system (for example, Linux, Ubuntu) that you use to create the ISO file.
The config drive is a virtual drive, which can be a CD-ROM, USB drive or Disk drive associated to a VNF with the configuration data. Configuration data can be files or folders, which are bundled in the ISO file that makes a virtual CD-ROM, USB drive, or Disk drive.
A bootstrap configuration file must contain an initial configuration that allows the VNF to be accessible from an external controller, and accepts SSH, HTTP, or HTTPS connections from an external controller for further runtime configurations.
By attaching a config drive, you can pass the networking configurations such as the IP address, subnet mask, and gateway to the VNFs through a CLI. After receiving the configuration inputs, the device generates a bootstrap-config ISO file, and attaches the file to the VNF as a CD-ROM, USB drive, or Disk drive.
For more information about configuring and attaching a config drive, see (Optional) Attach a Config Drive to the VNF .
The system saves the bootstrap-config ISO file in the
/var/publicfolder. The file is saved only if the available space in the folder is more than double the total size of the contents in the file. If the available space in the folder is not sufficient, an error message is displayed when you commit the configuration.When you reboot the system, the system generates a new bootstrap-config ISO file and replaces the existing ISO file with the new ISO file on the VNF.
The config drive is a read-only drive. Based on the VNF, you can specify the config drive as a read-only CD-ROM drive, USB drive, or a Disk drive.
The config drive supports the following data for VNFs:
Static content as files—The device accepts one or more file paths through a CLI, converts these files to an ISO image, and attaches it to the VNF. The config drive supports multiple static files in a VNF configuration.
Jinja2 template and parameters—Jinja2 parameters consist of key-value pairs. The key is specified in the template and the value replaces the key when the template is rendered. The system adds the rendered output file to the ISO image, and attaches it to the VNF. The maximum number of parameters for a template is 256 key-value pairs. The config drive supports multiple templates and its parameters in a VNF configuration.
Note The config drive supports only Jinja2 templates.
Directory—The device accepts the specific directory contents, converts the folder structure in the given folder to an ISO image, and attaches it to the VNF. The config drive accepts only one folder. That folder becomes the root directory in the ISO image, and all the subsequent folders and files are added to the ISO image.
You can add multiple source templates and source files in a VNF configuration.
To add multiple source templates and one source folder in a VNF configuration, the target template file must be inside the source folder.
You can add only one source folder in a VNF configuration.
If two VNFs share the same set of files, separate bootstrap-config ISO files are generated for each VNF. Deleting one VNF will not affect the other VNF.
Allocate CPUs for a VNF
Table 1 lists the CPUs available for VNF usage for the NFX250 models.
Table 1: CPUs Available for VNF Usage (Junos OS 19.1R1 Release)
Model | CPUs Available for VNF Usage | ||
|---|---|---|---|
Throughput Mode | Hybrid Mode | Compute Mode | |
NFX250-S1 | 0 | 4 | 8 |
NFX250-S2 | 0 | 4 | 8 |
NFX250-S1E | 0 | 4 | 8 |
When you change the performance mode of the device, it is recommended to check the availability of the CPUs for VNFs.
To check the CPU availability and its status:
user@host> show system visibility cpuCPU Statistics (Time in sec) ------------------------------------------------------------------------------- CPU Id User Time System Time Idle Time Nice Time IOWait Time Intr. Service Time ------ --------- ----------- --------- --------- ----------- ------------------ 0 7762 1475 60539 0 84 0 1 191 511 70218 0 10 0 2 102 32 70841 0 12 0 3 0 0 70999 0 0 0 4 0 0 70999 0 0 0 5 0 0 70999 0 0 0 6 70949 0 50 0 0 0 7 9005 532 59602 0 0 0 8 23 7 70966 0 0 0 9 21 7 70969 0 0 0 10 20 6 70969 0 0 0 11 18 6 70970 0 0 0 CPU Usages ---------------- CPU Id CPU Usage ------ --------- 0 17.899999999999999 1 0.0 2 0.0 3 0.0 4 0.0 5 0.0 6 100.0 7 15.199999999999999 8 0.0 9 0.0 10 0.0 11 0.0 CPU Pinning Information ------------------------------------ Virtual Machine vCPU CPU --------------------------- ---- --- vjunos0 0 0 System Component CPUs ------------------------------- -------- ovs-vswitchd 0, 6
vjunos0 is a system VNF, you cannot modify the CPU allocation for the vjunos0.
To specify the number of virtual CPUs that are required for a VNF:
- Specify the number of CPUs required for the VNF:
user@host# set virtual-network-functions vnf-name virtual-cpu count number - Connect a virtual CPU to a physical CPU:
user@host# set virtual-network-functions vnf-name virtual-cpu vcpu-number physical-cpu pcpu-number - Commit the configuration:
user@host# commit
The physical CPU number can be either a number or a number range. By default, a VNF is allocated one virtual CPU that is not connected to any physical CPU.
You cannot change the CPU configuration of a VNF while the VNF is running. You must restart the VNF for the changes to take effect.
To enable hardware virtualization or hardware acceleration for VNF CPUs:
user@host# set virtual-network-functions vnf-name virtual-cpu features hardware-virtualizationAllocate Memory for a VNF
By default, a certain amount of memory is allocated for VNFs. Table 2 lists the possible memory availability for VNF usage for the NFX250 models.
Table 2: Memory Availability for VNF Usage
Model | Memory Availability for VNF Usage (Junos OS 19.1R1 Release) |
|---|---|
NFX250-S1 | 6 GB |
NFX250-S1E | 6 GB |
NFX250-S2 | 22 GB |
To check the available memory:
user@host> show system visibility memoryMemory Information ------------------ Virtual Memory: --------------- Total (KiB): 15914364 Used (KiB): 13179424 Available (KiB): 3087076 Free (KiB): 2734940 Percent Used : 80.6 Huge Pages: ------------ Total 1GiB Huge Pages: 7 Free 1GiB Huge Pages: 5 Configured 1GiB Huge Pages: 5 Total 2MiB Huge Pages: 1376 Free 2MiB Huge Pages: 1 Configured 2MiB Huge Pages: 0 Hugepages Usage: ---------------------------------------------------------------------------------------------------------- Name Type Used 1G Hugepages Used 2M Hugepages --------------------------------- ---------------------------------- ------------------ ------------------ srxpfe other process 1 1375 ovs-vswitchd other process 2 0
vjunos0 is a system VNF, you cannot modify the memory allocation for the vjunos0.
To specify the maximum primary memory that the VNF can use:
user@host# set virtual-network-functions vnf-name memory size sizeYou cannot change the memory configuration of a VNF while the VNF is running. You must restart the VNF for the changes to take effect.
(Optional) Attach a Config Drive to the VNF
To attach a config drive to a VNF:
- Launch the VNF:
user@host# set virtual-network-functions vnf-name image image-file-pathuser@host# set virtual-network-functions vsrx2 image image-type image-typeFor example:
user@host# set virtual-network-functions vsrx2 image /var/public/media-vsrx-vmdisk-15.1X49-D78.4.qcow2.1user@host# set virtual-network-functions vsrx2 image image-type qcow2 - Specify the number of CPUs required for the VNF:
user@host# set virtual-network-functions vnf-name virtual-cpu count numberFor example:
user@host# set virtual-network-functions vsrx2 virtual-cpu count 2 - Pin virtual CPUs to physical CPUs:
user@host# set virtual-network-functions vnf-name virtual-cpu vcpu-number physical-cpu pcpu-numberFor example:
user@host# set virtual-network-functions vsrx2 virtual-cpu 0 physical-cpu 4user@host# set virtual-network-functions vsrx2 virtual-cpu 1 physical-cpu 5 - Enable hardware virtualization for the VNF CPUs:
user@host# set virtual-network-functions vnf-name virtual-cpu features hardware-virtualizationFor example:
user@host# set virtual-network-functions vsrx2 virtual-cpu features hardware-virtualization - Specify the maximum primary memory that the VNF can use:
user@host# set virtual-network-functions vnf-name memory size memory-sizeFor example:
user@host# set virtual-network-functions vsrx2 memory size 4194304 - Allocate hugepages:
user@host# set virtual-network-functions vnf-name memory features hugepages page-size page-sizeFor example:
user@host# set virtual-network-functions vsrx2 memory features hugepages page-size 1024 - Disable autostart of the VNF when the VNF configuration
is committed:
user@host# set virtual-network-functions vnf-name no-autostartFor example:
user@host# set virtual-network-functions vsrx2 no-autostart - Specify the source file to add in the config drive:
user@host# set virtual-network-functions vnf-name config-data source file source-file-pathuser@host# set virtual-network-functions vnf-name config-data source file source-file-pathFor example:
user@host# set virtual-network-functions vsrx2 config-data source file /var/public/source_file1user@host# set virtual-network-functions vrsx2 config-data source file /var/public/source_file2 - Specify the template file to add in the config drive:
Note A template file can be of any format and keys are written inside the double {}. This feature replaces keys with values provided in the CLI to create a file and attach as storage media to the VNF. Its use depends upon the VNF. For more information about how to create a template, refer to jinja2 template guidelines.
user@host# set virtual-network-functions vnf-name config-data source template template_name file file-pathuser@host# set virtual-network-functions vnf-name config-data source template template_name parameters image_path image-pathuser@host# set virtual-network-functions vnf-name config-data source template template_name parameters image_type image-typeFor example:
user@host# set virtual-network-functions vsrx2 config-data source template template_sample file /var/public/template_sampleuser@host# set virtual-network-functions vsrx2 config-data source template template_sample parameters image_path /var/tmp/disk_image.qcow2user@host# set virtual-network-functions vsrx2 config-data source template template_sample parameters image_type qcow2Following is a sample template:
user@host# cat /var/public/template_sampleImage { {{image_path}}; Image-type {{image_type}}; } memory { size {{mem_size}}; features { hugepages { page-size {{page_size}}; } } } - Specify the maximum memory of the source template:
user@host# set virtual-network-functions vnf-name config-data source template template_name parameters mem-size memory-sizeFor example:
user@host# set virtual-network-functions vsrx2 config-data source template template_sample parameters mem-size 4096 - Allocate pages for the source template:
user@host# set virtual-network-functions vnf-name config-data source template template_name parameters page-size page-sizeFor example:
user@host# set virtual-network-functions vsrx2 config-data source template template_sample parameters page-size 1024 - Specify the target file that contains the generated file
from the source template:
user@host# set virtual-network-functions vnf-name config-data source template template_name target target-file-pathFor example:
user@host# set virtual-network-functions vsrx2 config-data source template template_sample target /var/public/template_output - Specify the device name, device type, and device label
to add in the config drive:
user@host# set virtual-network-functions vnf-name config-data target device-name device-nameuser@host# set virtual-network-functions vnf-name config-data target device-type device-typeuser@host# set virtual-network-functions vnf-name config-data target device-label device-labelFor example:
user@host# set virtual-network-functions vsrx2 config-data target device-name hdauser@host# set virtual-network-functions vsrx2 config-data target device-type cdromuser@host# set virtual-network-functions vsrx2 config-data target device-label template_labelThe target device-type is optional. If you do not specify, it takes the device type as cd-rom.
The target device-label is optional. If you do not specify, it takes the device label as config-data.
- Commit the configuration:
user@host# commit
To verify whether the config drive is attached to the VNF, see the VNF Disk Information section in the show system visibility vnf command output message.
For example:
user@host> show system visibility vnf vsrx2VNF Memory Usage -------------------------------------------------------------------------------------------------------------------- Name Maximum Memory (KiB) Used Memory (KiB) Used 1G Hugepages Used 2M Hugepages -------------------------------------- --------------------- ------------------ ------------------ ----------------- vsrx2 4194304 4194304 4 0 VNF CPU Statistics (Time in ms) ----------------------------------------------------------------------------- Name CPU Time System Time User Time -------------------------------------- ------------ ------------ ------------ vsrx2 3288 1510 770 VNF MAC Addresses ----------------------------------------------------------- VNF MAC ----------------------------------------- ----------------- vsrx2_ethdef0 9C:CC:83:BD:8C:42 vsrx2_ethdef1 9C:CC:83:BD:8C:43 VNF Internal IP Addresses --------------------------------------------------------- VNF IP ----------------------------------------- --------------- vsrx2 192.0.2.100 VNF Interfaces -------------------------------------------------------------------------------------------------------- VNF Interface Type Source Model MAC IPv4-address -------------------- --------- --------- ------------ ---------- ----------------- --------------------- vsrx2 vnet4 network default virtio 9c:cc:83:bd:8c:42 -- vsrx2 vnet5 bridge eth0br virtio 9c:cc:83:bd:8c:43 -- VNF Disk Information --------------------------------------------------------------------------------------------------------- VNF Disk File ----------------------------- ----------- --------------------------------------------------------------- vsrx2 vda /var/public/media-vsrx-vmdisk-15.1X49-D78.4.qcow2.1 vsrx2 hda /var/public/vnf_config_data_vsrx2 VNF Disk Usage ------------------------------------------------------------------------------ VNF Disk Read Req Read Bytes Write Req Write Bytes -------------------- --------- ---------- ------------ ---------- ------------ vsrx2 vda 14125 109740032 0 0 vsrx2 hda 0 0 0 0 VNF Port Statistics ---------------------------------------------------------------------------------------------------------------------------- VNF Port Rcvd Bytes Rcvd Packets Rcvd Error Rcvd Drop Trxd Bytes Trxd Packets Trxd Error Trxd Drop -------------------- --------- ------------ ------------ ---------- --------- ------------ ------------ ---------- --------- vsrx2 vnet4 52 1 0 0 0 0 0 0 vsrx2 vnet5 60 1 0 0 0 0 0 0 VNF Media Information ---------------------------------------------------------------------------------------------------------------- VNF Media Disk File ----------------------------- ----- ------------ --------------------------------------------------------------- vsrx2 CDROM hda /var/public/vnf_config_data_vsrx2
Configure Interfaces and VLANs for a VNF
You can configure a VNF interface and attach the interface to a physical NIC port, a management interface, or VLANs.
To attach a VNF interface to a physical NIC port by using the SR-IOV virtual function:
user@host# set virtual-network-functions vnf-name interfaces interface-name mapping physical-interface-name virtual-function
[vlan-id vlan-id]vlan-id is the VLAN ID of the port and is an optional value.
To attach a VNF interface to a VLAN:
Create a VLAN:
user@host# set vmhost vlan vlan-nameAttach a VNF interface to a VLAN:
user@host# set virtual-network-functions vnf-name interfaces interface-name mapping vlan members list-of-vlans [mode trunk|access]
The interfaces attached to a VNF are persistent across VNF restarts.
If the VNF supports hot-plugging, you can attach the interfaces while the VNF is running. Otherwise, you must add the interfaces, and then restart the VNF.
You cannot change the mapping of a VNF interface while the VNF is running.
Starting in Junos OS Release 19.2R1, changes to the default MAC flooding behavior of the VNF interfaces improve the performance of multicast traffic. If a VNF interface is not attached to a VLAN, drop flow is not configured. The interface functions as a trunk port that can receive and forward the VLAN traffic. If the destination MAC address is known, the interface forwards the traffic to the destined port. If the MAC address is unknown, or if it is broadcast or multicast traffic, the interface forwards the traffic to all the ports in the same VLAN and to the ports that do not have a VLAN assigned.
In earlier releases, if a VNF interface is not attached to a VLAN, drop flow is configured and the VNF interface drops the outgoing traffic.
You can prevent the VNF interface from sending or receiving traffic by using the deny-forwarding CLI option.
If you use an interface with deny-forwarding enabled to configure cross-connect, the interface receives only the cross-connect traffic and drops all other traffic.
set virtual-network-options vnf-name interface interface-name forwarding-options
deny-forwardingTo specify the target PCI address for a VNF interface:
user@host# set virtual-network-functions vnf-name interfaces interface-name pci-address target-pci-addressYou can use the target PCI address to rename or reorganize interfaces within the VNF.
For example, a Linux-based VNF can use udev rules within the VNF to name the interface based on the PCI address.
The target PCI address string should be in the following format:
0000:00:<slot:>:0, which are the values for domain:bus:slot:function. The value for slot should be different for each VNF interface. The values for domain, bus, and function should be zero.
You cannot change the target PCI address of VNF interface while the VNF is running.
To delete a VNF interface:
user@host# delete virtual-network-functions vnf-name interfaces interface-nameuser@host# commitTo delete a VNF interface, you must stop the VNF, delete the interface, and then restart the VNF.
After attaching or detaching a virtual function, you must restart the VNF for the changes to take effect.
eth0 and eth1 are reserved for the default VNF interfaces that are connected to the internal network and the out-of-band management network. Therefore, the configurable VNF interface names start from eth2.
Within a VNF, the interface names can be different, based on guest OS naming conventions. VNF interfaces that are configured in the JCP might not appear in the same order within the VNF.
You must use the target PCI addresses to map to the VNF interfaces that are configured in the JCP and you must name them accordingly.
Starting in Junos OS Release 19.2R1, you can manually disable the VNF interfaces (eth0 through eth9) on the OVS or custom bridge by issuing the following command:
user@host# set virtual-network-functions vnf-name interfaces interface-name link disableNote If a link in a cross-connect configuration is down, then the cross-connect will also be down.
You cannot manually disable the VF interfaces on the VNF.
The eth0 and eth1 interfaces, which function as management interfaces, can be disabled only if the no-default-interfaces option is configured.
To identify a disabled link, issue the following command:
user@host> show vmhost network nfv-back-planeFor example, the following output shows that the eth2 link on the centos VNF is disabled. Note that the output is truncated to provide only the details relevant to the disabled link.
Network Name : ovs-sys-br Interface : centos_eth2 Type : virtual ethernet, Link type : Full-Duplex, MAC : fe:b6:c2:cc:66:a0 MTU : [], Link State :down, Admin State : down Native Vlan ID : None, Vlan mode : Access, Vlan Members : None IPV4 : None, Netmask : None IPV6 : None, IPV6 netmask : None Rx-packets : 0 Rx-drops : 0 Rx-errors : 0 Tx-packets : 348 Tx-drops : 42948 Tx-errors : 0
Configure Storage Devices for VNFs
An NFX250 (NG) device supports the following storage options for VNFs:
CD-ROM
Disk
USB
To add a virtual CD or to update the source file of a virtual CD:
user@host# set virtual-network-functions vnf-name storage device-name type
cdrom source file file-nameYou can specify a valid device name in the format hdx, sdx, or vdx—for example, hdb, sdc, vdb, and so on.
To add a virtual USB storage device:
user@host# set virtual-network-functions vnf-name storage device-name type
usb source file file-nameTo attach an additional hard disk:
user@host# set virtual-network-functions vnf-name storage device-name type
disk [bus-type virtio | ide] [file-type raw | qcow2] source file file-nameTo delete a virtual CD, USB storage device, or hard disk from the VNF:
user@host# delete virtual-network-functions vnf-name storage device-nameAfter attaching or detaching a CD from a VNF, you must restart the device for the changes to take effect. The CD detach operation fails if the device is in use within the VNF.
A VNF supports one virtual CD, one virtual USB storage device, and multiple virtual hard disks.
You can update the source file in a CD or USB storage device while the VNF is running.
You must save the source file in the
/var/publicdirectory, and the file must have read and write permission for all users.
Instantiate a VNF
You can instantiate a VNF by configuring the VNF name, and by specifying the path of an image.
While instantiating a VNF with an image, two VNF interfaces are added by default. These interfaces are required for management and for the internal network.
Only QCOW2, IMG, and RAW image types are supported.
To instantiate a VNF by using an image:
user@host# set virtual-network-functions vnf-name image file-pathuser@host# set virtual-network-functions vnf-name image image-type image-typeuser@host# commitWhen you configure VNFs, do not use VNF names in the format vnfn—for example, vnf1, vnf2, and so on. Configurations that contain such names fail to commit.
(Optional) To specify a UUID for the VNF:
user@host# set virtual-network-functions vnf-name [uuid vnf-uuid]uuid is an optional parameter. We recommend that you allow the system to allocate a UUID for the VNF.
You cannot change the image configuration for a VNF after saving and committing the configuration. To change the image for a VNF, you must delete the VNF and create a VNF again.
Verify the VNF Instantiation
To verify that the VNF is instantiated successfully:
user@host> show virtual-network-functions ID Name State Liveliness -------------------------------------------------------------------------------- 1 vjunos0 Running alive 2 centos1 Running alive 3 centos2 Running alive
The output in the Liveliness field of a VNF indicates whether the IP address of the VNF is reachable over the internal management network. The default IP address of the liveliness bridge is 192.0.2.1/24. Note that this IP address is internal to the device and is used for VNF management.