Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Upgrade a Multi-core vSRX Virtual Firewall

Starting in Junos OS Release 15.1X49-D70 and Junos OS Release 17.3R1, you can use virt-manager to scale the performance and capacity of a vSRX Virtual Firewall instance by increasing the number of vCPUs or the amount of vRAM allocated to the vSRX Virtual Firewall. See Requirements for vSRX on KVM for the software requirement specifications for a vSRX Virtual Firewall VM.

See your host OS documentation for complete details on the virt-manager package

Note:

You cannot scale down the number of vCPUs or decrease the amount of vRAM for an existing vSRX Virtual Firewall VM.

Configure the Queue Value for vSRX Virtual Firewall VM with KVM

Before you plan to scale up vSRX Virtual Firewall performance, modify the vSRX Virtual Firewall VM XML file to configure network multi-queuing as a means to support an increased number of dataplane vCPUs for the vSRX Virtual Firewall VM. This setting updates the libvirt driver to enable multi-queue virtio-net so that network performance can scale as the number of dataplane vCPUs increases. Multi-queue virtio is an approach that enables the processing of packet sending and receiving to be scaled to the number of available virtual CPUs (vCPUs) of a guest, through the use of multiple queues.

The configuration of multi-queue virtio-net, however, can only be performed in the XML file. OpenStack does not support multi-queue.

To update the queue, at the <driver name='vhost' queues='x'/> line in the vSRX Virtual Firewall VM XML file, match the number of queues with number of dataplane vCPUs you plan to configure for the vSRX Virtual Firewall VM. The default is 4 dataplane vCPUs, but you can scale that number to 4, 8, or 16 vCPUs.

The following XML file example configures 8 queues for a vSRX Virtual Firewall VM with 8 dataplane vCPUs:

Shutdown the vSRX Virtual Firewall Instance with virt-manager

In situations where you want to edit and modify the vSRX Virtual Firewall VM XML file, you need to completely shut down vSRX Virtual Firewall and the associated VM.

To gracefully shutdown the vSRX Virtual Firewall instance with virt-manager:

  1. Launch virt-manager.
  2. Check the vSRX Virtual Firewall instance you want to power off.
  3. Select Open to open a console window to the vSRX Virtual Firewall instance.
  4. From the vSRX Virtual Firewall console, reboot the vSRX Virtual Firewall instance.

    vsrx# request system power-off.

  5. From virt-manager, select Shut Down to completely shutdown the VM so you can edit the XML file.
Note:

Do not use Force Reset or Force Off on any active VM as it may create file corruptions.

Upgrade vSRX Virtual Firewall with virt-manager

You must shut down the vSRX Virtual Firewall VM before you can update vCPU or vRAM values for the VM.

You can upgrade and launch vSRX Virtual Firewall with the KVM virt-manager GUI package.

To scale up a vSRX Virtual Firewall VM with virt-manager to a higher number of vCPUs or to an increased amount of vRAM:

  1. On your host OS, type virt-manager. The Virtual Machine Manager appears. See Figure 1.
    Note:

    You must have admin rights on the host OS to use virt-manager.

    Figure 1: virt-managervirt-manager
  2. Select Open to open the powered down vSRX Virtual Firewall VM and select Edit Hardware Details to open the virtual machine details window.
  3. Select Processor and set the number of vCPUs. Click Apply.
  4. Select Memory and set the vRAM to the desired size. Click Apply.
  5. Click Power On. The VM manager launches the vSRX Virtual Firewall VM with the new vCPU and vRAM settings.
Note:

vSRX Virtual Firewall scales down to the closest supported value if the vCPU or vRAM settings do not match what is currently available.

Release History Table
Release
Description
15.1X49-D70
Starting in Junos OS Release 15.1X49-D70 and Junos OS Release 17.3R1, you can use virt-manager to scale the performance and capacity of a vSRX Virtual Firewall instance by increasing the number of vCPUs or the amount of vRAM allocated to the vSRX Virtual Firewall