Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Requirements for vSRX on Google Cloud Platform

Google Compute Engine Instance Types

To create a vSRX instance, you need to choose a machine type. The machine type specifies a particular collection of virtualized hardware resources available to a VM instance, including the memory size, vCPU count, and maximum disk capacity.

Google Compute Engine allows you to use predefined machine or instances types or customized machine or instance types based on your needs. Table 1 below shows the predefined machine types available in Google Compute Engine.

Table 1: Google Compute Engine Instance Types

Machine Name

Description

vCPUs

Memory (GB)

vSRX 3.0 Instance

Maximum number of Persistent Disks

Maximum total Persistent Disk Size (TB)

RSS Type

n1-standard-2

Standard machine type with 2 vCPUs and 7.5 GB of memory

2

7.50

VSRX-2CPU-7G memory

16

64

HWRSS

n1-standard-4

Standard machine type with 4 vCPUs and 15 GB of memory

4

15

VSRX-4CPU-15G memory

16

64

SWRSS

n1-standard-8

Standard machine type with 8 vCPUs and 30 GB of memory

8

30

VSRX-8CPU-30G memory

16

64

SWRSS

n1-standard-16

Standard machine type with 16 vCPUs and 60 GB of memory

16

60

VSRX-16CPU-60G memory

16

64

SWRSS

A single Google Compute Engine instance supports up to eight network interfaces. If you want to configure eight interfaces, choose n1-standard-8 or a larger machine type. After choosing the machine type, define the networking attributes and SSH Keys for the VM. For more information on network interfaces, see Creating instances with multiple network interfaces.

vSRX Support for Google Cloud

Starting in Junos OS Release 19.2R1, vSRX with 1 Junos Control Plane (JCP) vCPU, 1 data plane vCPU, and 4 GB of vRAM is supported.

vSRX Specifications for GCP

This topic provides details about hardware and software requirements for deploying vSRX with Google.

Minimum System Requirements for Google Cloud Platform

Table 2 lists the minimum system requirements and the Junos OS release in which a particular software specification was introduced for vSRX instances to be deployed on GCP.

Table 2: Minimum System Requirements for vSRX on GCP

Component

Specification

Release Introduced

Memory

4 GB

Junos OS Release 19.2R1

Disk space

19-GB IDE drive

Junos OS Release 19.2R1

vCPUs

1 Junos Control Plane (JCP) vCPU and 1 data plane vCPU

Junos OS Release 19.2R1

vNICs

2-8 vNICs

  • Virtio

  • SR-IOV is not supported by GCP.

Junos OS Release 19.2R1

Software feature license

For more information, see Flex Software Subscription Model and Juniper Flex Program Support for Juniper Products.

NA

Software packaging

Google Compute Engine has specific requirements for the bootable image that is imported to Google cloud space. For more information, see https://cloud.google.com/compute/docs/ images/import-existing-image#create_ image_file.

For initial deployment, the .img file is used and for software upgrade, the .tgz image is used.

NA

Interface Mapping for vSRX on Google Cloud

Each network adapter defined for a vSRX is mapped to a specific interface, depending on whether the vSRX instance is a standalone VM or one of a cluster pair for high availability. The interface names and mappings in vSRX are shown in Table 3.

Note the following:

  • In standalone mode:

    • fxp0 is the out-of-band management interface.

    • ge-0/0/0 is the first traffic (revenue) interface.

Table 3 shows the interface names and mappings for a standalone vSRX on Google cloud.

Table 3: Interface Names for a Standalone vSRX on GCP

Network

Adapter

Interface Name in Junos OS for vSRX

1

fxp0

2

ge-0/0/0

3

ge-0/0/1

4

ge-0/0/2

5

ge-0/0/3

6

ge-0/0/4

7

ge-0/0/5

8

ge-0/0/6

vSRX Default Settings on GCP

vSRX requires the following basic configuration settings:

  • Interfaces must be assigned IP addresses.

  • Interfaces must be bound to zones.

  • Policies must be configured between zones to permit or deny traffic.

Table 4 lists the factory-default settings for security policies on the vSRX instance.

Table 4: Factory-Default Settings for Security Policies

Source Zone

Destination Zone

Policy Action

trust

untrust

permit

trust

trust

permit

untrust

trust

deny