Requirements for vSRX on Oracle Cloud Infrastructure
This topic provides the requirements for deploying vSRX instances on Oracle Cloud Infrastructure (OCI).
Minimum System Requirements for OCI
Table 1 lists the minimum system requirements for vSRX instances to be deployed on OCI.
Component |
Specification and Details |
---|---|
Memory |
4 GB |
Disk space |
16 GB |
Oracle pre-defined VM shapes that vSRX support are listed below. If you need any other VM shapes, then please contact your Juniper sales representive.
Shape | OCPU | Memory (GB) | Local Disk (TB) | Network Bandwidth | Max VNICs Total: Linux |
---|---|---|---|---|---|
VM.Standard2.4 | 4 | 60 | Block Storage only | 4.1 Gbps | 4 |
VM.Standard2.8 | 8 | 120 | Block Storage only | 8.2 Gbps | 8 |
Interface Mapping for vSRX on OCI: The first network interface is used for the out-of-band management (fxp0) for vSRX.
We recommend putting revenue interfaces in routing instances as a best practice to avoid asymmetric traffic/routing, because fxp0 is part of the default (inet.0) table by default. With fxp0 as part of the default routing table, there might be two default routes needed: one for the fxp0 interface for external management access, and the other for the revenue interfaces for traffic access. Putting the revenue interfaces in a separate routing instance avoids this situation of two default routes in a single routing instance.
Ensure that interfaces belonging to the same security zone are in the same routing instance. See KB Article - Interface must be in the same routing instance as the other interfaces in the zone.
vSRX Default Settings with OCI
Do not use the load
factory-default
command on a vSRX OCI
instance. The factory-default configuration
removes the OCI preconfiguration. If you must
revert to factory default, ensure that you
manually reconfigure preconfiguration statements
before you commit the configuration; otherwise,
you will lose access to the vSRX instance. See
Configure vSRX Using the CLI for
preconfiguration details.
Best Practices for Deploying vSRX
Refer the following best practices for deploying vSRX:
Disable the source/destination check for all vSRX interfaces.
Limit public key access permissions to 400 for key pairs.
Ensure that there are no contradictions between OCI security groups and your vSRX configuration.