Add a Virtio Virtual Interface to a vSRX Virtual Firewall VM with KVM
You can add additional virtio virtual interfaces to an existing vSRX Virtual Firewall VM with KVM.
To add additional virtio virtual interfaces to a vSRX Virtual Firewall
VM using virt-manager:
DPDK places a limit of 64 MAC addresses on the Virtio NIC type. When deploying a protocol that generates an additional MAC address, for example VRRP, you must ensure that no more than 64 sub-interfaces are configured per Virtio NIC to avoid traffic loss.
To add additional virtio virtual interfaces to a vSRX Virtual Firewall VM using virsh:
-
Use the
virsh attach-interfacecommand on the host OS with the mandatory options listed in Table 1.Note:See the official
virshdocumentation for a complete description of available options.Table 1: virsh attach-interface Options Command Option
Description
--domain name
Specify the name of the guest VM.
--type
Specify the host OS connection type as
bridgeornetwork.--source interface
Specify the physical or logical interface on the host OS to associate with this vNIC.
--target vnic
Specify the name for the new vNIC.
--model
Specify the vNIC model.
The following example creates a new virtio vNIC from the host OS virbr0 bridge.
user@host# virsh attach-interface --domain vsrxVM --type bridge --source virbr0 --target vsrx-mgmt --model virtio
Interface attached successfully
user@host# virsh dumpxml vsrxVM
<output omitted> <interface type='bridge'> <mac address='00:00:5e:00:53:e8'/> <source bridge='virbr0'/> <target dev='vsrx-mgmt'/> <model type='virtio'/> <alias name='net1'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x08' function='0x0'/> </interface> -
From the vSRX Virtual Firewall console, reboot the vSRX Virtual Firewall instance.
vsrx# request system reboot.vSRX Virtual Firewall reboots both Junos OS and the vSRX Virtual Firewall guest VM.