Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Installing vMX in an AWS VPC

This procedure requires you to have an AWS account. Sign in to your AWS account to perform these tasks to install vMX in an AWS VPC.

Creating an SSH Key Pair

An SSH key pair is required to remotely access a vMX instance in AWS. You can create a new key pair in the EC2 Management Console or import a key pair created by another tool.

To create an SSH key pair:

  1. In the AWS Management Console, click EC2 under Compute to display the EC2 Management Console.
  2. In the left navigation pane, click Key Pairs. Verify that the region name shown in the toolbar is the same as the region where you created the VPC.
  3. Click Create Key Pair, specify a key pair name, and click Create.
  4. Download the private key, where the filename is based on the key pair name you specified (key-pair-name.pem), and save it to a secure location.
  5. To use an SSH client on a Mac or Linux computer to connect to the vMX instance, use the following command to set the permissions of the private key file so that only you can read it:

    chmod 400 key-pair-name.pem

Creating a VPC

Note:

You do not have to create a VPC. You can use an existing VPC that is in the same region as your EC2 instance.

To create a VPC, you configure private IP addresses for the network and private IP addresses for the subnet in the VPC, attach an Internet gateway to the VPC, and configure a route table to connect the subnet to the Internet gateway.

To configure the VPC on AWS:

  1. In the AWS Management Console, click VPC under Networking to display the VPC Management Console.
  2. In the left navigation pane, click Your VPCs to list configured VPCs. A default VPC that is automatically created is listed.
  3. Click Create VPC, specify a name and CIDR block of private IP addresses for a new VPC, and click Yes, Create.
  4. In the left navigation pane, click Subnets to list configured subnets.
  5. Click Create Subnet, specify a name for the subnet, select the VPC, specify the subnet CIDR block within the VPC CIDR, and click Yes, Create.

    One subnet is created for the management port (fxp0) and a subnet is created for each WAN port on the vMX. These values must be customized depending on your deployment scenario.

  6. In the left navigation pane, click Internet Gateways to list configured gateways. The Internet gateway routes traffic between the VPC and the Internet. The gateway is required for communications outside of the AWS network.
  7. Click Create Internet Gateway, specify a name for the gateway, and click Yes, Create.
  8. Select the gateway, click Attach to VPC, select the VPC from the drop-down list to associate the gateway with the VPC, and click Yes, Attach.
  9. In the left navigation pane, click Route Tables to list configured route tables. Select the route table associated with the VPC.
  10. Select the Routes tab in the bottom section and click Edit to add a default route pointing to the Internet gateway. Specify 0.0.0.0/0 as the destination, select the Internet gateway as the target, and click Save.

Creating Network Interfaces

Note:

Make sure the VPC and EC2 instance are in the same region.

To configure the EC2 instance on AWS:

  1. In the AWS Management Console, click EC2 under Compute to display the EC2 Management Console.
  2. In the left navigation pane, click Network Interfaces to list configured network interfaces.
  3. Click Create Network Interface, specify a description (used as the Name field), select a subnet, provide an IP address (optional), select a security group to be associated with the network interface, and click Yes, Create.

    Create one network interface for the management port and one network interface for each WAN port. Copy the description into the Name field for ease of use.

    Note:

    You can only associate two interfaces when creating the EC2 instance using the Web interface. You must have at least one WAN interface.

  4. For each network interface associated with a WAN port, disable the source and destination check.

    Select the network interface, click Actions, click Change Source/Dest. Check, select Disabled, and click Save.

    Note:

    You must disable the source and destination check for each network interface associated with a WAN port.

  5. For each network interface connected to vMX, create Elastic IP addresses for external access from the Internet.

    In the left navigation pane, click Elastic IPs, and click Allocate New Address. Select the Elastic IP address, click Actions > Associate Address, select the network interface in the Associate Address dialog box, and click Associate.

Creating the vMX Instance

You can create following types of instances on AWS:

  • m4.4xlarge

  • C4.2xlarge

  • C5.2xlarge and C5.4xlarge (from Junos OS Release 19.4R1 onwards)

To configure the vMX instance on AWS:

  1. In the AWS Management Console, click EC2 under Compute to display the EC2 Management Console.
  2. In the left navigation pane, click AMIs to list available AMIs.
  3. Select the vMX AMI and click Launch.
  4. Choose the instance type and click Next: Configure Instance Details.
  5. Configure the instance.
    1. Select the VPC for the Network field, select the management subnet in the Subnet field, and enable Auto-assign Public IP.
    2. In the Network Interfaces section, select the management interface for the eth0 device as the network interface. Click Add Device to add the eth1 device and select the WAN interface as the network interface.

      You can configure the instances for the WAN interfaces later.

    3. (Optional, starting with Junos OS Release 17.2R1) In the User data section on the Configure Instance Details page, select As File and attach the user-data file. The selected file is used for the initial launch of the instance. See Using cloud-init on AWS to Initialize vMX Instances for information about how to create the user-data file.
      Note:

      The Junos OS configuration that is passed as user data is only imported at initial launch. If the instance is stopped and restarted, the user-data file is not imported again.

    4. Click Next: Add Storage.
  6. You do not need to change any values. Click Next: Tag Instance.
  7. Specify the vMX instance name as the value for the Name key and then click Next: Configure Security Group.
  8. Configure the security group with a rule to allow all required protocol traffic to reach the instance. You can create a new security group or select an existing security group.
  9. Click Review and Launch to review the instance settings, and click Launch.
  10. Select the SSH key pair you created, select the acknowledgment check box, and click Launch Instance.
  11. In the left navigation pane, click Instances to list the instances.
    Note:

    The initial boot after installation might take up to 25 minutes. Subsequent boot times might take several minutes.

Attaching Network Interfaces for WAN Ports

To attach the network interfaces for WAN ports on AWS:

  1. In the AWS Management Console, click EC2 under Compute to display the EC2 Management Console.
  2. In the left navigation pane, click Instances to list available instances.
  3. Select the vMX instance, click Actions, select Networking > Attach Network Interfaces, and select the network interface to be attached.

    For each network interface associated with a WAN port, repeat this step to attach to the vMX instance.

  4. To use the attached interfaces, restart the vMX instance.

See Also