Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Enable Nested Virtualization

We recommend that you enable nested virtualization on your host OS or OpenStack compute node. Nested virtualization is enabled by default on Ubuntu but is disabled by default on CentOS.

Use the following command to determine if nested virtualization is enabled on your host OS. The result should be Y.

hostOS# cat /sys/module/kvm_intel/parameters/nested

hostOS# Y

Note:

APIC virtualization (APICv) does not work well with nested VMs such as those used with KVM. On Intel CPUs that support APICv (typically v2 models, for example E5 v2 and E7 v2), you must disable APICv on the host server before deploying vSRX Virtual Firewall.

To enable nested virtualization on the host OS:

  1. Depending on your host operating system, perform the following:
    • On CentOS, open the /etc/modprobe.d/dist.conf file in your default editor.

    • On Ubuntu, open the /etc/modprobe.d/qemu-system-x86.conf file in your default editor.

  2. Add the following line to the file:
  3. Save the file and reboot the host OS.
  4. (Optional) After the reboot, verify that nested virtualization is enabled.

  5. On Intel CPUs that support APICv ( for example, E5 v2 and E7 v2), disable APICv on the host OS.

  6. Optionally, verify that APICv is now disabled.