Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring VNFs on NFX250 NextGen Devices

The NFX250 NextGen devices enable you to instantiate and manage virtualized network functions (VNFs) from the Junos Control Plane (JCP). The JCP supports the creation and management of third-party VNFs.

Load a VNF Image

To configure a VNF, you must log in to the JCP:

To load a VNF image on the device from a remote location, you can either use the file-copy command or copy the image from a USB by using the usb-pass-through command.

Note:

You must save the VNF image in the /var/public directory.

For example:

Alternatively, you can load a VNF image by using the NETCONF command, file-put.

To copy a VNF image from a USB, see Supporting File Transfer from USB on NFX Series Devices.

Prepare the Bootstrap Configuration

You can bootstrap a VNF using an attached config drive that contains a bootstrap-config ISO file. For an example of creating an ISO file, see the procedure in Creating a vSRX Bootstrap ISO Image. The procedure might differ based on the operating system (for example, Linux, Ubuntu) that you use to create the ISO file.

The config drive is a virtual drive, which can be a CD-ROM, USB drive or Disk drive associated to a VNF with the configuration data. Configuration data can be files or folders, which are bundled in the ISO file that makes a virtual CD-ROM, USB drive, or Disk drive.

A bootstrap configuration file must contain an initial configuration that allows the VNF to be accessible from an external controller, and accepts SSH, HTTP, or HTTPS connections from an external controller for further runtime configurations.

By attaching a config drive, you can pass the networking configurations such as the IP address, subnet mask, and gateway to the VNFs through a CLI. After receiving the configuration inputs, the device generates a bootstrap-config ISO file, and attaches the file to the VNF as a CD-ROM, USB drive, or Disk drive.

For more information about configuring and attaching a config drive, see (Optional) Attach a Config Drive to the VNF.

Note:
  • The system saves the bootstrap-config ISO file in the /var/public folder. The file is saved only if the available space in the folder is more than double the total size of the contents in the file. If the available space in the folder is not sufficient, an error message is displayed when you commit the configuration.

  • When you reboot the system, the system generates a new bootstrap-config ISO file and replaces the existing ISO file with the new ISO file on the VNF.

  • The config drive is a read-only drive. Based on the VNF, you can specify the config drive as a read-only CD-ROM drive, USB drive, or a Disk drive.

The config drive supports the following data for VNFs:

  • Static content as files—The device accepts one or more file paths through a CLI, converts these files to an ISO image, and attaches it to the VNF. The config drive supports multiple static files in a VNF configuration.

  • Jinja2 template and parameters—Jinja2 parameters consist of key-value pairs. The key is specified in the template and the value replaces the key when the template is rendered. The system adds the rendered output file to the ISO image, and attaches it to the VNF. The maximum number of parameters for a template is 256 key-value pairs. The config drive supports multiple templates and its parameters in a VNF configuration.

    Note:

    The config drive supports only Jinja2 templates.

  • Directory—The device accepts the specific directory contents, converts the folder structure in the given folder to an ISO image, and attaches it to the VNF. The config drive accepts only one folder. That folder becomes the root directory in the ISO image, and all the subsequent folders and files are added to the ISO image.

Note:
  • You can add multiple source templates and source files in a VNF configuration.

  • To add multiple source templates and one source folder in a VNF configuration, the target template file must be inside the source folder.

  • You can add only one source folder in a VNF configuration.

  • If two VNFs share the same set of files, separate bootstrap-config ISO files are generated for each VNF. Deleting one VNF will not affect the other VNF.

Allocate CPUs for a VNF

Table 1 lists the CPUs available for VNF usage for the NFX250 models.

Table 1: CPUs Available for VNF Usage

Model

CPUs Available for VNF Usage

Throughput Mode

Hybrid Mode

Compute Mode

Custom Mode

Flex Mode

Perf Mode

NFX250-S1

0

4

8

8

8

NFX250-S1E

0

4

8

8

8

NFX250-S2

0

4

8

8

8

Note:

The resource allocations for flex and perf custom modes are based on the templates provided in the default Junos configuration.

Note:

When you change the performance mode of the device, it is recommended to check the availability of the CPUs for VNFs.

To check the CPU availability and its status:

Note:

vjunos0 is a system VNF, you cannot modify the CPU allocation for the vjunos0.

To specify the number of virtual CPUs that are required for a VNF:

  1. Specify the number of CPUs required for the VNF:
  2. Connect a virtual CPU to a physical CPU:
  3. Commit the configuration:

The physical CPU number can be either a number or a number range. By default, a VNF is allocated one virtual CPU that is not connected to any physical CPU.

Note:

You cannot change the CPU configuration of a VNF while the VNF is running. You must restart the VNF for the changes to take effect.

Starting in Junos OS Release 22.1 R1, you can pin the emulator to specific physical CPUs by using the following command:

You cannot use CPU 0 or offline CPUs for emulator pinning. If you do not pin the emulator to a specific physical CPU, QEMU automatically pins it to a virtual CPU. Changes to emulator pinning take effect immediately on a running VNF.

To enable hardware virtualization or hardware acceleration for VNF CPUs:

Allocate Memory for a VNF

By default, a certain amount of memory is allocated for VNFs. Table 2 lists the possible memory availability for VNF usage for the NFX250 models.

Table 2: Memory Availability for VNF Usage

Model

Total Memory Available

Hugepages Availability for VNF Usage in Compute, Hybrid, and Throughput Modes

Hugepages Availability for VNF Usage in Custom Mode

Flex Mode

Perf Mode

NFX250-LS1

16 GB

6 1G hugepages

9 1G hugepages

9 1G hugepages

NFX250-S1 and NFX250-S1E

16 GB

6 1G hugepages

9 1G hugepages

9 1G hugepages

NFX250-S2

32 GB

22 1G hugepages

24 1G hugepages

24 1G hugepages

Note:

The resource allocations for flex and perf custom modes are based on the templates provided in the default Junos configuration.

To check the available memory:

Note:

vjunos0 is a system VNF, you cannot modify the memory allocation for the vjunos0.

To specify the maximum primary memory that the VNF can use:

Note:

You cannot change the memory configuration of a VNF while the VNF is running. You must restart the VNF for the changes to take effect.

(Optional) Attach a Config Drive to the VNF

To attach a config drive to a VNF:

  1. Launch the VNF:

    For example:

  2. Specify the number of CPUs required for the VNF:

    For example:

  3. Pin virtual CPUs to physical CPUs:

    For example:

  4. Enable hardware virtualization for the VNF CPUs:

    For example:

  5. Specify the maximum primary memory that the VNF can use:

    For example:

  6. Allocate hugepages:

    For example:

  7. Disable autostart of the VNF when the VNF configuration is committed:

    For example:

  8. Specify the source file to add in the config drive:

    For example:

  9. Specify the template file to add in the config drive:
    Note:

    A template file can be of any format and keys are written inside the double {}. This feature replaces keys with values provided in the CLI to create a file and attach as storage media to the VNF. Its use depends upon the VNF. For more information about how to create a template, refer to jinja2 template guidelines.

    For example:

    Following is a sample template:

  10. Specify the maximum memory of the source template:

    For example:

  11. Allocate pages for the source template:

    For example:

  12. Specify the target file that contains the generated file from the source template:

    For example:

  13. Specify the device name, device type, and device label to add in the config drive:

    For example:

    The target device-type is optional. If you do not specify, it takes the device type as cd-rom.

    The target device-label is optional. If you do not specify, it takes the device label as config-data.

  14. Commit the configuration:

To verify whether the config drive is attached to the VNF, see the VNF Disk Information section in the show system visibility vnf command output message.

For example:

Configure Interfaces and VLANs for a VNF

You can configure a VNF interface, map a VNF interface to a virtual function, and attach the interface to a physical NIC port, a management interface, or VLANs, assign a VLAN ID to it, and enable trust mode on it.

Prior to Junos OS Releases 21.3R1, 21.2R2, 21.2R1, 21.1R2, and 20.4R3, the step to configure an SR-IOV VNF interface and to assign a VLAN ID is as follows:

Starting from Junos OS Releases 21.3R1, 21.2R2, 21.2R1, 21.1R2, and 20.4R3, the steps to configure an SR-IOV VNF interface, to assign a VLAN ID, and to enable trust mode are as follows:

To map a VNF interface to a virtual function:

To attach a VNF interface to a physical NIC port by using the SR-IOV virtual function and assign a VLAN ID:

vlan-id is the VLAN ID of the port and is an optional value.

To enable trust mode:

Note:
  • Trust mode is supported on NFX Series devices from Junos OS Releases 21.3R1, 21.2R2, 21.2R1, 21.1R2, and 20.4R3.

  • If you enable trust mode on VNF SR-IOV interface, then the VNF interface goes into promiscuous mode.

To attach a VNF interface to a VLAN:

  • Create a VLAN:

  • Attach a VNF interface to a VLAN:

A VNF interface can be mapped to one or more physical interface .You can enable this functionality by configuring the virtual port peer (VPP) feature. You can configure mappings between an OVS interface of a VNF to one or more front panel interfaces. The VNF interface becomes inactive if all of the mapped physical interfaces are inactive. The VNF interface becomes active even if at least one of the mapped physical interface is active.

Note:
  • The mapped physical interface does not become inactive if a VNF interface is inactive.

  • Before upgrading a software image that does not support trust mode to an image that supports trust mode, it is recommended to delete all VNF interface to virtual-function mappings from the configuration.

  • Before downgrading a software image that supports trust mode to an image that does not support trust mode, it is necessary to delete all VNF interface to virtual-function mappings from the configuration. Else, the device goes into Amnesiac state after the downgrade.

The interface to the VNF is an OVS port and this mapping is defined in the configuration. If the mapping rules can view multiple physical ports before triggering the action, configuring the VPP feature allows you to manage multiple, redundant physical links.

You can configure a mapping between VNF virtual interfaces and JCP physical interfaces (ge-0/0/x and xe-0/0/x). One virtual interface can be mapped to one or more physical interfaces. There is no limit on the number of physical interfaces to which a VNF virtual interface can be mapped to. You can map a VNF virtual interface to all the physical interfaces or you can map multiple VNF interfaces to a single physical interface.

To configure VPP:

For example:

To view mapping of the peer interfaces, run the show system visibility vnf vnf-name command.

Note:
  • The interfaces attached to a VNF are persistent across VNF restarts.

  • If the VNF supports hot-plugging, you can attach the interfaces while the VNF is running. Otherwise, you must add the interfaces, and then restart the VNF.

  • You cannot change the mapping of a VNF interface while the VNF is running.

Note:

You can prevent the VNF interface from sending or receiving traffic by using the deny-forwarding CLI option.

If the deny-forwarding option is enabled on an interface that is a part of cross-connect, then the cross-connect status goes down and drops all traffic.

To specify the target PCI address for a VNF interface:

You can use the target PCI address to rename or reorganize interfaces within the VNF.

For example, a Linux-based VNF can use udev rules within the VNF to name the interface based on the PCI address.

Note:
  • The target PCI address string should be in the following format:

    0000:00:<slot:>:0, which are the values for domain:bus:slot:function. The value for slot should be different for each VNF interface. The values for domain, bus, and function should be zero.

  • You cannot change the target PCI address of VNF interface while the VNF is running.

To delete a VNF interface:

Note:
  • To delete a VNF interface, you must stop the VNF, delete the interface, and then restart the VNF.

  • After attaching or detaching a virtual function, you must restart the VNF for the changes to take effect.

  • eth0 and eth1 are reserved for the default VNF interfaces that are connected to the internal network and the out-of-band management network. Therefore, the configurable VNF interface names start from eth2.

  • Within a VNF, the interface names can be different, based on guest OS naming conventions. VNF interfaces that are configured in the JCP might not appear in the same order within the VNF.

  • You must use the target PCI addresses to map to the VNF interfaces that are configured in the JCP and you must name them accordingly.

Configure Storage Devices for VNFs

An NFX250 (NG) device supports the following storage options for VNFs:

  • CD-ROM

  • Disk

  • USB

To add a virtual CD or to update the source file of a virtual CD:

You can specify a valid device name in the format hdx, sdx, or vdx—for example, hdb, sdc, vdb, and so on.

To add a virtual USB storage device:

To attach an additional hard disk:

To delete a virtual CD, USB storage device, or hard disk from the VNF:

Note:
  • After attaching or detaching a CD from a VNF, you must restart the device for the changes to take effect. The CD detach operation fails if the device is in use within the VNF.

  • A VNF supports one virtual CD, one virtual USB storage device, and multiple virtual hard disks.

  • You can update the source file in a CD or USB storage device while the VNF is running.

  • You must save the source file in the /var/public directory, and the file must have read and write permission for all users.

Instantiate a VNF

You can instantiate a VNF by configuring the VNF name, and by specifying the path of an image.

While instantiating a VNF with an image, two VNF interfaces are added by default. These interfaces are required for management and for the internal network.

Note:

Only QCOW2, IMG, and RAW image types are supported.

To instantiate a VNF by using an image:

Note:

When you configure VNFs, do not use VNF names in the format vnfn—for example, vnf1, vnf2, and so on. Configurations that contain such names fail to commit.

(Optional) To specify a UUID for the VNF:

uuid is an optional parameter. We recommend that you allow the system to allocate a UUID for the VNF.

Note:

You cannot change the image configuration for a VNF after saving and committing the configuration. To change the image for a VNF, you must delete the VNF and create a VNF again.

Quick CLI Configuration

Verify the VNF Instantiation

To verify that the VNF is instantiated successfully:

The output in the Liveliness field of a VNF indicates whether the IP address of the VNF is reachable over the internal management network. The default IP address of the liveliness bridge is 192.0.2.1/24. Note that this IP address is internal to the device and is used for VNF management.

Virtual Route Reflector on NFX250 NextGen Overview

The virtual route reflector (vRR) feature allows you to implement the route reflector capability in a virtualized environment. Starting in Junos OS Release 21.4R2, you can implement the vRR feature on an NFX250 NextGen device. You can configure the vRR VNF in compute or hybrid mode. However, we recommend that you configure the vRR VNF in flex mode as you can allocate maximum resources to the VNF in flex mode. This topic describes how to configure the vRR VNF in flex mode.

For more information about vRR, refer Virtual Route Reflector (vRR) Documentation.

How to Configure a vRR VNF on an NFX250 NextGen Device

Starting in Junos OS Release 21.4R2, you can configure a vRR as a VNF on an NFX250 NextGen device. Before you configure the vRR VNF:

  • Delete all third-party VNFs deployed on the device.

  • Verify that there are no hugepages configured on the device. If hugepages are configured, then delete them.

  • Allocate minimum resources to the Layer 2 data plane and OVS. This ensures that maximum resources are allocated to the vRR VNF.

To configure a vRR VNF:

  1. Change the mode to flex mode. The default mode is throughput. We recommend deploying the vRR VNF in flex mode on NFX250 NextGen devices.

    Note that auto-complete might not include flex mode (compute, hybrid, and throughput modes are available with auto-complete). You might have to manually type in the flex keyword.

    When prompted, enter yes to reboot the device.

    After the device reboots, issue the show vmhost mode command to verify that the device is in flex mode.

  2. Configure hugepages for memory requirements. For example, the following configuration configures 24GB hugepages, which can be used for a vRR VNF:
    Note:

    You must reboot the system after configuring hugepages to pre-allocate hugepages during bootup.

  3. Copy the vRR VNF image to the /var/public folder.
  4. Define the vRR VNF. For example:
  5. Specify the number of virtual CPUs required for the vRR VNF. It is recommended that at least two virtual CPUs are assigned to a vRR VNF. For example:
  6. Connect a virtual CPU to a physical CPU. You can use the show vmhost mode command to identify the CPUs that you want to use. For example:
  7. Configure the VNF interfaces as trunk ports and add them to the LAN-side VLAN. For example:
  8. Specify the memory allocation for the vRR VNF. For example:
  9. Configure hugepages for memory requirements. For example:
  10. Commit the configuration to activate the vRR VNF.

    After you commit the configuration, VNF takes some time to boot.

  11. Verify that the VNF is up. For example:

    You can use the request virtual-network-functions console VRR-1 command to access the vRR VNF console. You can also ssh to the vRR VNF using the request virtual-network-functions ssh VRR-1 command after configuring vRR Junos for ssh connectivity.