Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Understand vSRX with KVM

This section presents an overview of vSRX on KVM.

vSRX on KVM

The Linux kernel uses the kernel-based virtual machine (KVM) as a virtualization infrastructure. KVM is open source software that you can use to create multiple virtual machines (VMs) and to install security and networking appliances.

The basic components of KVM include:

  • A loadable kernel module included in the Linux kernel that provides the basic virtualization infrastructure

  • A processor-specific module

When loaded into the Linux kernel, the KVM software acts as a hypervisor. KVM supports multitenancy and allows you to run multiple vSRX VMs on the host OS. KVM manages and shares the system resources between the host OS and the multiple vSRX VMs.

Note:

vSRX requires you to enable hardware-based virtualization on a host OS that contains an Intel Virtualization Technology (VT) capable processor.

Figure 1 illustrates the basic structure of a vSRX VM on an Ubuntu server.

Figure 1: vSRX VM on UbuntuvSRX VM on Ubuntu

vSRX Scale Up Performance

Table 1 shows the vSRX scale up performance when deployed on KVM, based on the number of vCPUs and vRAM applied to a vSRX VM along with the Junos OS release in which a particular vSRX software specification was introduced.

Table 1: vSRX Scale Up Performance

vCPUs

vRAM

NICs

Release Introduced

2 vCPUs

4 GB

  • Virtio

  • SR-IOV (Intel 82599, X520/540)

Junos OS Release 15.1X49-D15 and Junos OS Release 17.3R1

5 vCPUs

8 GB

  • Virtio

  • SR-IOV (Intel 82599, X520/540)

Junos OS Release 15.1X49-D70 and Junos OS Release 17.3R1

5 vCPUs

8 GB

  • SR-IOV (Intel X710/XL710)

Junos OS Release 15.1X49-D90 and Junos OS Release 17.3R1

You can scale the performance and capacity of a vSRX instance by increasing the number of vCPUs and the amount of vRAM allocated to the vSRX. The multi-core vSRX automatically selects the appropriate vCPUs and vRAM values at boot time, as well as the number of Receive Side Scaling (RSS) queues in the NIC. If the vCPU and vRAM settings allocated to a vSRX VM do not match what is currently available, the vSRX scales down to the closest supported value for the instance. For example, if a vSRX VM has 3 vCPUs and 8 GB of vRAM, vSRX boots to the smaller vCPU size, which requires a minimum of 2 vCPUs. You can scale up a vSRX instance to a higher number of vCPUs and amount of vRAM, but you cannot scale down an existing vSRX instance to a smaller setting.

Note:

The number of RSS queues typically matches with the number of data plane vCPUs of a vSRX instance. For example, a vSRX with 4 data plane vCPUs should have 4 RSS queues.

vSRX Session Capacity Increase

vSRX solution is optimized to increase the session numbers by increasing the memory.

With the ability to increase the session numbers by increasing the memory, you can enable vSRX to:

  • Provide highly scalable, flexible and high-performance security at strategic locations in the mobile network.

  • Deliver the performance that service providers require to scale and protect their networks.

Run the show security flow session summary | grep maximum command to view the maximum number of sessions.

Starting in Junos OS Release 18.4R1, the number of flow sessions supported on a vSRX instance is increased based on the vRAM size used.

Starting in Junos OS Release 19.2R1, the number of flow sessions supported on a vSRX 3.0 instance is increased based on the vRAM size used.

Note:

Maximum of 28M sessions are supported on vSRX 3.0. You can deploy vSRX 3.0 with more than 64G memory, but the maximum flow sessions can still be only 28M.

Table 2 lists the flow session capacity.

Table 2: vSRX and vSRX 3.0 Flow Session Capacity Details

vCPUs

Memory

Flow Session Capacity

2

4 GB

0.5 M

2

6 GB

1 M

2/5

8 GB

2 M

2/5

10 GB

2 M

2/5

12 GB

2.5 M

2/5

14 GB

3 M

2/5/9

16 GB

4 M

2/5/9

20 GB

6 M

2/5/9

24 GB

8 M

2/5/9

28 GB

10 M

2/5/9/17

32 GB

12 M

2/5/9/17

40 GB

16 M

2/5/9/17

48 GB

20 M

2/5/9/17

56 GB

24 M

2/5/9/17

64 GB

28 M

Release History Table
Release
Description
19.2R1
Starting in Junos OS Release 19.2R1, the number of flow sessions supported on a vSRX 3.0 instance is increased based on the vRAM size used.
18.4R1
Starting in Junos OS Release 18.4R1, the number of flow sessions supported on a vSRX instance is increased based on the vRAM size used.