Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Deploy vMX from Azure CLI

The deployment script and sample configuration file in this section simplifies the deployment of vMX in the Microsoft Azure virtual network. The configuration file includes parameters that enable you to customize your vMX VM deployment, such as login username and network interfaces (NICs).


We recommend that you deploy your vMX VMs using the Azure CLI method described in this section, instead of using the Azure Portal to deploy the vMX manually.

Before You Deploy vMX Using the Azure CLI

Before you begin deploying vMX from the Azure CLI:

  • Obtain an account for and a subscription to Microsoft Azure. See Microsoft Azure.

  • Use your Microsoft account username and password to log into the Microsoft Azure portal. The Azure Portal will be used later in this section to verify the deployment of the vMX using the Azure CLI method.

  • Install the latest version of Azure command line interface (Azure CLI). See Install the Azure CLI).

  • Purchase a vMX license or request an evaluation license. Licenses can be procured from the Juniper Networks License Management System (LMS).

    For information about the evaluation license for vMX, see


    In Microsoft Azure, you can host servers and services on the cloud as a pay-as-you-go (PAYG) or bring-your-own-license (BYOL) service. PAYG images do not require Juniper Networks licenses.

  • You must first run the following Azure CLI command to accept the End User License Agreement (EULA) terms for the specific BYOL or PAYG vMX image that you want to deploy. Otherwise, you will encounter a MarketplacePurchaseEligibilityFailed error in the VM creation stage of the deployment script discussed later in this section.

    You only have to run the following CLI command once for the PAYG or BYOL image type you want to deploy.

  • The vMX for Azure deployment scripts are written in shell and in the latest version of Azure CLI commands. Pre-2.x versions of Azure CLI is not supported.

  • Deployment of vMX to Microsoft Azure does not support the use of the Azure CLI from Microsoft Windows because the shell scripts that are used as part of the deployment procedure can be run only from the Linux or Mac OS CLI.

Deploying vMX from the Azure CLI

Use the following procedure to deploy and configure vMX in a Microsoft Azure virtual network from the Azure CLI.

Using the Microsoft Azure CLI

To run the Azure CLI script provided, you can install Azure CLI on your server.

Perform one of the following tasks for your chosen method:

Installing the Azure CLI

To install and log in to the Azure CLI :

  1. Install the latest version of Azure CLI. See Install the Azure CLI for more details. You have several options to install the Azure CLI package for either the Linux or Mac OS; be sure to select the correct installation package
  2. Log into the Azure CLI.
  3. At the prompt. copy the code that appears in the command output.
  4. Open a Web browser to, enter the code, and then click Continue. Enter your Microsoft Azure username and password. When the process completes, the command shell completes the login process.

    If you have multiple Azure subscriptions, connecting to Azure grants access to all subscriptions associated with your credentials. One subscription is selected as the default, and used by the Azure CLI when performing operations. You can view the subscriptions, including the current default subscription, using the az account list -o table command.

Using the vMX Deployment Tools

Juniper Networks provides a set of script and configuration files. These tools are intended to help simplify the deployment of vMX to Azure when using the Azure CLI.

  • azure.config configuration file

  • shell script automates the deployment of the vMX virtual machine (VM) and virtual networks respectively, using the parameters in the azure.config configuration file. The shell script creates network interfaces, virtual networks, virtual subnets, and the VM.

To copy the and azure.config files:

  1. Open a text editor on the server where you installed the Azure CLI.
  2. Cut and paste the contents of the file in the editor and save the file.

    See azure.config file and file.


    Open this document in HTML format and use the Copy button to copy the code to clipboard in a single button-click.

After you have saved the files, you can modify the azure.config file for your configuration and run the script.

azure.config file file

Modifying vMX Configuration Parameters for Deployment

To deploy vMX, you might need to modify the configuration parameters by performing these tasks:

Changing the Azure Configuration Parameters

In the azure.config file, set these parameters:

  • account=”account subscription id—This is the Microsoft Azure account subscription ID.

  • grpname="group-name"—Resource group name. Enter your existing resource group. A resource group name can include alphanumeric characters, periods (.), underscores (_), hyphens (-), and parenthesis (), but the name cannot end with a period.

  • location="region"—Resource group location. Select the location of the Microsoft Azure data center from which you intend to deploy the VM. Specify a location where the majority of your resources will reside. Typically, select the location that is closest to your physical location.

  • vmname="vm-name"—vMX VM name. The VM name cannot contain non-ASCII or special characters.

  • admin="admin-username"—Name of user logging into the VM using SSH. The username cannot contain uppercase characters or special characters, and cannot start with a dollar sign ($) or hyphen (-).

  • vmximagename="image-name"—Name of the vMX image.

  • number_of_nics=number-of-interfaces—Number of interfaces, including VFP (eth0), VCP (fxp0) and any WAN ports (WAN ports appear as ge-x/x/x on the vMX). This number must be between 3 and 8.

  • addressprefix="address-prefix"—Address space. Enter the virtual network’s address range in CIDR notation. By default, the address range is


    Ensure that the address space does not overlap with an existing network

  • PrivateIpAddress="ip-address"—Private IP address for VFP (eth0) management port. It must be contained by the address space of the virtual network, as defined in the addressprefix parameter.

  • PrivateIpAddress2="ip-address"—Private IP address for VCP (fxp0) management port. It must be contained by the address space of the virtual network, as defined in the addressprefix parameter.

  • subnet_prefixes=(subnet-prefix0 subnet-prefix1 subnet-prefix2 subnet-prefix3 )—Array of subnet address ranges for each subnet under the virtual network. Enter each network subnet address range in CIDR notation. It must be contained by the address space of the virtual network, as defined in the addressprefix parameter. Subnet address ranges cannot overlap one another.

    The subnet is a range of IP addresses in your virtual network to isolate VMs. Public subnets have access to the Internet gateway, but private subnets do not.

    Enter as many subnets in the array as the number of interfaces. Each NIC will have a corresponding subnet defined in this array. For example, if number_of_nics is 4, there will be four entries in the subnet_prefixes array.

    A vMX VM requires two public subnets and one or more public or private subnets for each individual instance group. The management interfaces for the VFP (eth0) and VCP (fxp0) use a public subnet and the revenue (data) interfaces can use either public or private subnets. The private subnets, connected to the other vMX interfaces, ensure that all traffic between applications on the private subnets and the Internet must pass through the vMX instance.

    For example, a virtual network with four subnets for the four NICs that will be created has this setting: subnet_prefixes=(

For example, the azure.config file might resemble the following:

You can get the vMX image details by using the following command:

az vm image list --all --publisher juniper-networks

Adding NICs to the Configuration

  • The Standard_F8 CPU type supports a total of 8 ports. Each vMX requires two management ports on Azure leaving a maximum of 6 WAN ports.

    The vMX instance contains two separate virtual machines (VMs), one for the virtual forwarding plane VMX FPC (VFP) and one for the virtual control plane (VCP)

    • VFP has a dedicated management port (eth0) mapped to the <vm-name>-vfp-nic of the vMX.

    • VCP has a dedicated management port (fxp0) mapped to the <vm-name>-vcp-nic of the vMX.

  • The public IP address configured in Resource groups > vMX resource group > vmname-vcp-nic. vMX name is the IP address to use for connecting to the VMX RE (VCP) FPC using SSH.

To change the number of network interfaces (NICs):

  1. In the azure.config file, specify the correct number of NICs for the number_of_nics parameter. The first NIC acts as the management port for the VCP, the second NIC acts as the management port for the VCP/RE (fxp0) and the other NICs are assigned to WAN ports (corresponding to ge-0/0/0, ge-0/0/1, and so on). This number must be between 3 and 8.

    For example, the following parameter sets the number of NICs to 4 and creates eth0 (VFP), fxp0 (VCP), ge-0/0/0, and ge-0/0/1 interfaces.

  2. In the azure.config file, make sure you add the corresponding subnets for the NICs in the subnet_prefixes parameter.

    For example, the following parameter adds four subnets with these address ranges for the interfaces.

Deploying the vMX Using the Shell Script

The shell script deploys the vMX virtual machine (VM) in a resource group that is based on your Azure Cloud geographic location.

To deploy vMX to the Azure virtual network, run the script to create the virtual network subnets, NICs, and VM. The parameters defined in the azure.config configuration file are used to deploy the vMX.

For example, if the azure.config file contains the following parameters:

Running the script generates the following output.

Verifying Deployment of vMX to Microsoft Azure

To verify the deployment of the vMX instance to Microsoft Azure:

  1. Open a Web browser to and login to the Microsoft Azure portal using your login credentials. The Dashboard view appears in the Azure portal. You will see a unified dashboard for all your assets in Azure. Verify that the Dashboard includes all subscriptions to which you currently have access, and all resource groups and associated resources.
  2. To view the vMX resource group and its resources after deployment is completed, from the right- hand menu, click Resource groups to access the Resource Groups page as shown in Figure 1.
    Figure 1: Resource Groups PageResource Groups Page
  3. To view details of the vMX VM associated with the resource group, click the name of the vMX. Details are displayed as shown in Figure 2.
    Figure 2: vMX VM DetailsvMX VM Details
  4. To see a summary view of the VMs in your subscription, including the newly deployed vMX, click the Virtual Machines icon in the left pane. On the Virtual machines page, check the vMX VM status after deployment is completed. Observe that the status is Running.

    You can stop, start, restart, and delete a VM from the Virtual machines page in the Microsoft Azure portal.

Logging In to a vMX Instance

After vMX deployment is completed, the vMX instance is automatically powered on and launched. At this point, you can use an SSH client to log in to the vMX instance.


It can take 15 minutes or more for the vMX to finish deploying and be ready for login via SSH.

To log in to the vMX VM:

  1. From the Azure portal, click Resource groups from the menu of services on the dashboard, and then select the vcp-public-ip resource. Locate the public IP address on that page.

    You can also use the following Azure CLI command to determine the public IP address of the VCP (RE):

    az network public-ip show --name $vmname-vcp-public-ip -g $grpname --query "{address: ipAddress}

    where grpname is the resource group name and vmname is the name of the VM.

    This returns the public IP for the VCP (RE):

  2. Use an SSH client to log in to a vMX instance.
  3. At the prompt, enter the following login credentials:

    The vMX instance is automatically configured for username and SSH public and private key authentication. To log in, use the login username credentials that were defined for the admin parameter in the VM configuration file (see Deploying vMX from the Azure CLI). After initially logging to the vMX, you can configure password-based authentication.

  4. Configure the basic settings for the vMX VM (see Initial Configuration for vMX).

Initial Configuration for vMX

At a minimum, you must perform these initial Junos OS configuration tasks after logging in to vMX:

  1. Start the CLI.
  2. Enter configuration mode.
  3. Configure the WAN interfaces with the same private IP address associated with the network interface.

    For example:

  4. Configure the MTU value 1400 for WAN interfaces.

    The default MTU for Azure VMs is 1500 bytes. However, the Azure Virtual Network stack will attempt to fragment a packet at 1400 bytes. TCP/IP performance tuning for Azure VMs .

  5. Commit the configuration.