2020.10.24 – Juniper vMX 20.2 installation in EVE-PRO

Very useful: https://www.eve-ng.net/index.php/documentation/howtos/howto-add-juniper-vmx-16-x-17-x/

This guide is based on version:

  • EVE images name, vCPUs and vRAM
    • vmxvcp-limited-20.2R1.10-domestic-VCP, 1 vCPU, 2 Gb vRAM
    • vmxvfp-limited-20.2R1.10-domestic-VFP, 3 vCPUs, 4 Gb vRAM
  • Downloaded Filename
    • vmx-bundle-20.2R1.10.tar
  • Version
    • Junos: 20.2R1.10

The Juniper vMX images are based on dual nodes setup, where Routing Engine (VCP) is connected to Forwarding Plane (VFP) and act like single node. All cli configurations will be done on the VCP, but porting and connections will be on VFP.

Step 1. Create temporary working directory for image:

root@eve-ng:/opt/unetlab/addons/qemu# mkdir vMX

Step 2. Upload the downloaded images to the EVE using for example FileZilla (or WinSCP). 

root@eve-ng:/opt/unetlab/addons/qemu/vMX# ls
vmx-bundle-20.2R1.10.tar

Step 3. Uncompress images:

root@eve-ng:/opt/unetlab/addons/qemu/vMX# tar xvf vmx-bundle-20.2R1.10.tar

root@eve-ng:/opt/unetlab/addons/qemu/vMX# cd vmx-limited/images/

root@eve-ng:/opt/unetlab/addons/qemu/vMX2/vmx/images# ls
junos-vmx-x86-64-20.2R1.10.qcow2  metadata-usb-fpc4.img  metadata-usb-re1.img
junos-vmx-x86-64-20.2R1.10.tgz    metadata-usb-fpc5.img  metadata-usb-service-pic-10g.img
metadata-usb-fpc0.img                     metadata-usb-fpc6.img  metadata-usb-service-pic-2g.img
metadata-usb-fpc1.img                     metadata-usb-fpc7.img  metadata-usb-service-pic-4g.img
metadata-usb-fpc10.img                    metadata-usb-fpc8.img  vFPC-20200213.img
metadata-usb-fpc11.img                    metadata-usb-fpc9.img  vmxhdd.img
metadata-usb-fpc2.img                     metadata-usb-re.img
metadata-usb-fpc3.img                     metadata-usb-re0.img

Step 4. Create VCP image folder:

root@eve-ng:/opt/unetlab/addons/qemu/vMX/vmx/images# mkdir /opt/unetlab/addons/qemu/vmxvcp-20.2R1.10-domestic-VCP

Step 5. Copy images to VCP image folder:

 Step 5.1. virtioa.qcow2

root@eve-ng:/opt/unetlab/addons/qemu/vMX/vmx/images# cp junos-vmx-x86-64-20.2R1.10.qcow2 /opt/unetlab/addons/qemu/vmxvcp-limited-20.2R1.10-domestic-VCP/virtioa.qcow2

 Step 5.2. virtiob.qcow2

root@eve-ng:/opt/unetlab/addons/qemu/vMX/vmx/images# cp vmxhdd.img /opt/unetlab/addons/qemu/vmxvcp-20.2R1.10-domestic-VCP/virtiob.qcow2

 Step 5.3. virtioc.qcow2

root@eve-ng:/opt/unetlab/addons/qemu/vMX/vmx/images# cp metadata-usb-re.img /opt/unetlab/addons/qemu/vmxvcp-20.2R1.10-domestic-VCP/virtioc.qcow2

Check all

root@eve-ng:/opt/unetlab/addons/qemu/vMX/vmx/images# ls /opt/unetlab/addons/qemu/vmxvcp-20.2R1.10-domestic-VCP
virtioa.qcow2  virtiob.qcow2  virtioc.qcow2

Step 6. Create VFP image folder:

root@eve-ng:/opt/unetlab/addons/qemu# mkdir /opt/unetlab/addons/qemu/vmxvfp-20.2R1.10-domestic-VFP

Step 7. Copy images to VFP image folder:

 Step 7.1. virtioa.qcow2

root@eve-ng:/opt/unetlab/addons/qemu/vMX/vmx/images# cp vFPC-20200819.img /opt/unetlab/addons/qemu/vmxvfp-20.2R1.10-domestic-VFP/virtioa.qcow2

Step 8. Fix permissions:

root@eve-ng:/opt/unetlab/addons/qemu# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions


Apr 24 15:05:36 Apr 24 15:05:36 Online Check state: Valid

Add VCP and VFP nodes on the topology and connect them with int interfaces. int interface is communication port between VCP and VFP. This setup will be one vMX node (set of 2). Use VFP to connect your lab element to the ports.

Topology testing:

2020.05.13 – Install Juniper vMX into ESXi 6.7.0

Software for this installation:

  • MacBook PRO with 16GB hardware of RAM 
  • VMware Fusion 11.5.1
  • VMware vSphere Hypervisor (a.k.a. ESXi 6.7.0 ISO) Installed and configure with 4 CPUs and 8 GB RAM.

Reference tutorial: https://www.juniper.net/documentation/en_US/vmx/topics/topic-map/vmx-installing-on-vmware.html

Tony helped me a lot. He is the one that also publish a lot of useful article in his blog GRASPINGTECH

Maximum Minimum Hardware Requirements for VMware

A. Number of cores

  • Note: Performance mode is the default mode and the minimum value is based on one port.
    • For lite mode: Minimum of 4
      • 1 for VCP
      • 3 for VFP
    • Note: If you want to use lite mode when you are running with more than 3 vCPUs for the VFP, you must explicitly configure lite mode.

B. Memory

  • Note: Performance mode is the default mode.
    • For lite mode: Minimum of 3 GB
      • 1 GB for VCP
      • 2 GB for VFP

C. Storage

  • Local or NAS
  • Each vMX instance requires 44 GB of disk storage
  • Minimum storage requirements:
    • 40 GB for VCP
    • 4 GB for VFP

vMX Package Contents

  • Software image file for VCP: ova/vcp_20.1R1.11.ova
  • Software image file for VFP: ova/vfpc_20.1R1.11.ova

Configuration

Step 1. Download the vMX software package for VMware: vmx-bundle-esxi-20.1R1.11.tar

  • From the vMX page 
  • Uncompress the package in a location accessible in MacBook Pro

Step 2. Launch the VMware ESXi server, esxi00.silvique.ro, and log in to the server with your credentials.

Step 3. If using Dropbox make sure the files needed are totally active

  • Right – click on the ova folder inside vm-esxi/ova
  • Click Smart Sync > Local

Step 4. Setting Up the Network

In VMware ESXi, to set up the different networks for management (br-ext), internal connection of the VMs (br-int), and WAN ports for data:

  • Enter VMware ESXi using Firefox

4.1. Virtual Switch Configuration

  • Click Networking > Virtual Switch > Add Standard virtual switch
  • 1. Configure vSwitch Name: vmnic1
    • MTU 1500
    • Uplink 1: vmnic1
    • Security Accept to all:
      • Promiscuous mode: Accept
      • Mac address changes: Accept
      • Forged transmits: Accept
  • 2. Configure vSwitch Name: vmnic2
    • MTU 1500
    • Uplink 1: vmnic2
    • Security Accept to all:
      • Promiscuous mode: Accept
      • Mac address changes: Accept
      • Forged transmits: Accept
  • 3. Configure vSwitch Name: Internal.vMX
    • MTU 1500
    • Uplink 1: delete
    • Security Accept to all:
      • Promiscuous mode: Accept
      • Mac address changes: Accept
      • Forged transmits: Accept

4.2. Port groups Configuration

  • Click Networking > Port groups > Add Standard port group
  • 1. Configure Name: br-ext.vMX
    • VLAN ID: 0
    • Virtual Switch: vmnic1
    • Security Accept to all:
      • Promiscuous mode: Accept
      • Mac address changes: Accept
      • Forged transmits: Accept
  • 2. Configure Name: br-int.vMX
    • VLAN ID: 0
    • Virtual Switch: Internal.vMX
    • Security Accept to all:
      • Promiscuous mode: Accept
      • Mac address changes: Accept
      • Forged transmits: Accept
  • 3. Configure Name: p2p1-ge.vMX
    • VLAN ID: 0
    • Virtual Switch: vmnic2
    • Security Accept to all:
      • Promiscuous mode: Accept
      • Mac address changes: Accept
      • Forged transmits: Accept
  • 4. Configure Name: p2p2-ge.vMX
    • VLAN ID: 0
    • Virtual Switch: vmnic2
    • Security Accept to all:
      • Promiscuous mode: Accept
      • Mac address changes: Accept
      • Forged transmits: Accept

4.3. Note: I made a discovery opening vMX in SSH using ssh root@172.25.11.3 command

murgescusilvia@Murgescus-MacBook-Pro ~ % ssh root@172.25.11.3
Password:
Last login: Fri May 15 00:30:49 2020
--- JUNOS 20.1R1.11 Kernel 64-bit  JNPR-11.0-20200219.fb120e7_buil
root@vMX:~ # cli
root@vMX> show interfaces terse | match ge- 
ge-0/0/0                up    up
ge-0/0/0.16386          up    up  
ge-0/0/1                up    up
ge-0/0/1.16386          up    up  
ge-0/0/2                up    down
ge-0/0/2.16386          up    down
ge-0/0/3                up    down
ge-0/0/3.16386          up    down
ge-0/0/4                up    down
ge-0/0/4.16386          up    down
ge-0/0/5                up    down
ge-0/0/5.16386          up    down
ge-0/0/6                up    down
ge-0/0/6.16386          up    down
ge-0/0/7                up    down
ge-0/0/7.16386          up    down
ge-0/0/8                up    down
ge-0/0/8.16386          up    down
ge-0/0/9                up    down
ge-0/0/9.16386          up    down

Only ge-0/0/0 and ge-0/0/1 are up up. All other networks are up down. You have to create other Port group networks to put more in up up. For example, the total number o network creation in VM is p2p3-ge.vMX to maximum p2p8-ge.vMX

root@vMX> show interfaces terse | match ge-    
ge-0/0/0                up    up
ge-0/0/0.16386          up    up  
ge-0/0/1                up    up
ge-0/0/1.16386          up    up  
ge-0/0/2                up    up
ge-0/0/2.16386          up    up  
ge-0/0/3                up    up
ge-0/0/3.16386          up    up  
ge-0/0/4                up    up
ge-0/0/4.16386          up    up  
ge-0/0/5                up    up
ge-0/0/5.16386          up    up  
ge-0/0/6                up    up
ge-0/0/6.16386          up    up  
ge-0/0/7                up    up
ge-0/0/7.16386          up    up  
ge-0/0/8                up    down
ge-0/0/8.16386          up    down
ge-0/0/9                up    down
ge-0/0/9.16386          up    down

! At the moment I do not know how to make all ge interfaces, including ge-0/0/8 and ge-0/0/9, up up. I will search a solution when I will needed.

Step 5. Deploying the VCP VM

To deploy the VCP VM using .ova files:

  • Enter VMware ESXi using Firefox
  • Click Virtual Machine > Create/ Register VM
  • Select create type: click Deploy a virtual Machine for an OVF to OVA file and Next
  • Select OVF and VMDK files:
    • Name: vMX-vVCP_20.1R1.1
    • File: vcp_20.1R1.11.ova
    • Click Next
  • Select storage: ESXi00.datastore1 and Next
  • Untag Power on automatically end Next
  • Click Finish

Step 6. Deploying the FPC VM

To deploy the FPC VM using .ova files:

  • Enter VMware ESXi using Firefox
  • Click Virtual Machine > Create/ Register VM
  • Select create type: click Deploy a virtual Machine for an OVF to OVA file and Next
  • Select OVF and VMDK files:
    • Name: vMX-vFPC_20.1R1.1
    • File: vfpc_20.1R1.11.ova
    • Click Next
  • Select storage: ESXi00.datastore1 and Next
  • Untag Power on automatically end Next
  • Click Finish

After you have deployed the vVCP and vFPC VMs, you can modify the amount of memory, the number of vCPUs, and the number of WAN (here vmnic2) ports.

Step 7. Settings for the vVCP VM

  • CPU: 1
  • Memory: 1024 MB
  • Network Adapter 1: br-ext.vMX
    • Adapter Type: E1000
  • Network Adapter 2: br-int.vMX
    • Adapter Type: E1000

Step 8. Settings for the vFPC VM

  • CPU: 3
  • Memory: 2048 MB
  • Network Adapter 1: p2p1-ge.vMX
    • Adapter Type: VMXNET 3
  • Network Adapter 2: p2p2-ge.vMX
    • Adapter Type: VMXNET 3
  • Network Adapter 3: br-ext.vMX
    • Adapter Type: E1000
  • Network Adapter 4: br-int.vMX
    • Adapter Type: E1000

Not mandatory but you can add more networks:

  • Network Adapter 5: p2p3-ge.vMX
    • Adapter Type: VMXNET 3
  • Network Adapter 6: p2p4-ge.vMX
    • Adapter Type: VMXNET 3
  • Network Adapter 7: p2p5-ge.vMX
    • Adapter Type: VMXNET 3
  • Network Adapter 8: p2p6-ge.vMX
    • Adapter Type: VMXNET 3
  • Network Adapter 9: p2p7-ge.vMX
    • Adapter Type: VMXNET 3
  • Network Adapter 10: p2p8-ge.vMX
    • Adapter Type: VMXNET 3

Step 9. Launching vMX on VMware

Now you are ready to launching vMX on VMware. The firs basic configuration is the following:

[edit]
root@silvia# show 
## Last changed: 2020-01-17 04:53:09 UTC
version 20.1R1.11;
system {
    host-name vMX;
    root-authentication {
        encrypted-password "your_passord"; ## SECRET-DATA
    }
    login {
        class c1only {
            logical-system C1;
            permissions all;
        }
        class c2only {
            logical-system C2;
            permissions all;
        }
        class c3only {
            logical-system C3;
            permissions all;
        }
        class c4only {
            logical-system C4;
            permissions all;
        }
        class r1only {
            logical-system R1;
            permissions all;
        }
        class r2only {
            logical-system R2;
            permissions all;
        }
        class r3only {
            logical-system R3;
            permissions all;
        }
        class r4only {
            logical-system R4;
            permissions all;
        }
        class r5only {
            logical-system R5;
            permissions all;
        }
        class r6only {
            logical-system R6;
            permissions all;
        }
        class r7only {
            logical-system R7;
            permissions all;
        }
        user class01 {
            uid 2001;
            class c1only;
            authentication {
                encrypted-password "your_passord"; ## SECRET-DATA
            }                           
        }
        user class02 {
            uid 2002;
            class c2only;
            authentication {
                encrypted-password "your_passord"; ## SECRET-DATA
            }
        }
        user class03 {
            uid 2003;
            class c3only;
            authentication {
                encrypted-password "your_passord"; ## SECRET-DATA
            }
        }
        user class04 {
            uid 2004;
            class c4only;
            authentication {
                encrypted-password "your_passord"; ## SECRET-DATA
            }
        }
        user junos01 {
            uid 2023;
            class r1only;
            authentication {
                encrypted-password "your_passord"; ## SECRET-DATA
            }
        }
        user junos02 {
            uid 2024;
            class r2only;
            authentication {
                encrypted-password "your_passord"; ## SECRET-DATA
            }
        }
        user junos03 {
            uid 2223;
            class r3only;
            authentication {
                encrypted-password "your_passord"; ## SECRET-DATA
            }
        }
        user junos04 {
            uid 2224;
            class r4only;
            authentication {
                encrypted-password "your_passord"; ## SECRET-DATA
            }
        }
        user junos05 {
            uid 2225;
            class r5only;               
            authentication {
                encrypted-password "your_passord"; ## SECRET-DATA
            }
        }
        user junos06 {
            uid 2226;
            class r6only;
            authentication {
                encrypted-password "your_passord"; ## SECRET-DATA
            }
        }
        user junos07 {
            uid 2227;
            class r7only;
            authentication {
                encrypted-password "your_passord"; ## SECRET-DATA
            }
        }


        user vMX {
            full-name "Silvia Murgescu";
            uid 2000;
            class super-user;
            authentication {
                encrypted-password "your_passord"; ## SECRET-DATA
            }
        }
    }
    services {
        ssh {
            root-login allow;
            protocol-version v2;
        }
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
    processes {
        dhcp-service {
            traceoptions {
                file dhcp_logfile size 10m;
                level all;
                flag all;
            }
        }
    }
}
logical-systems {
    C1;
    C2;
    C3;
    C4;                                 
    R1;
    R2;
    R3;
    R4;
    R5;
    R6;
    R7;
    Source;
    Receiver;
}
chassis {
    fpc 0 {
        pic 0 {
            tunnel-services {
                bandwidth 10g;
            }
            interface-type ge;
            number-of-ports 8;
        }
        lite-mode;
    }
    network-services enhanced-ip;
}
interfaces {
    ge-0/0/0 {
        vlan-tagging;
    }
    ge-0/0/1 {
        vlan-tagging;
    }
    ge-0/0/2 {
        vlan-tagging;
    }
    ge-0/0/3 {
        vlan-tagging;
    }
    ge-0/0/4 {
        vlan-tagging;
    }
    ge-0/0/5 {
        vlan-tagging;
    }
    ge-0/0/6 {
        vlan-tagging;
    }
    ge-0/0/7 {
        vlan-tagging;
    }
    fxp0 {
        unit 0 {
            description For_SSH_Connection;
            family inet {
                address 172.25.11.3/24;
            }
        }
    }                                   
}

Note: The 172.25.11.1 IP or 172.25.11.2 IP not working to open/run vMX in MacBook Pro Terminal application. I have tried and works if configure IP 172.25.11.3/24.

To copy and paste a config from a text file. Use the CTRL-D or ^D option to exit the terminal mode and return to the firewall prompt. 

[edit]
root@vMX# load replace terminal
-> Copy and Paste here

CTRL-D

[edit] 
root@SRX# commit

NOTE: If interfaces connectivity and communication is needed, into Port Groups include VLAN ID 6095.

Below is an example: two logical-systems with 2 difference interfaces, ge-0/0/1.12 and ge-0/0/5.12 and the ping command for testing works

2020.03.27 – Enterprise- & Service Provider-Style Bridging on a sigle Juniper vMX

Introduction

I am doing the lab from a blog that it was recommended by a person into LinkedIn internal Messaging communication. I do here!

Equipment and installations I used for this project::

  • MacBook Pro  (15-inch, 2016) with macOS Catalina version 10.15.3
  • VMware Fusion PRO Version 11.5.3
  • VMware ESXi 6.7
  • Juniper vMX 18.1R3.3 for ESXi

The starting point that inspire me is here: https://networkingpills.wordpress.com/2017/10/31/enterprise-service-provider-style-bridging-on-juniper-mx/

Read more

2020.03.25 – Configuring Layer 2 Switching on Juniper vMX

Nore: For vMX is available family bridge but not family ethernet-swithing. And I need very very very much to configuring using family ethernet-swithing.

Now I am preparing for a Juniper lab based on Switching configuration.

I have tried to install and use Juniper vQFX which is a Juniper Virtual Switch. I this moment it can be read into my blog that I can not make it work. If I will find a solution I will upgrade the article about vQFX.

Read more

2020.03.24 – Juniper vMX Inside VMware ESXi Support Maximum 10 Virtual NICs

Information from internet: https://forums.juniper.net/t5/vMX/vMX-max-interface/td-p/293775

ESXi has the limitation of 10 Virtual NICs per VM, which limits the number of revenue interface to 8. (1 is used for management and 1 is used for vfp-vcp inter-connection)

https://www.vmware.com/pdf/vsphere5/r55/vsphere-55-configuration-maximums.pdf, Page 2: Virtual NICs per virtual machine 10

I try to add more but it seems this is maximum, 8 interfaces. Other 2 are for internal communications. One is connected between RE and PFE and an other is for technical communication of engineers devices.

Read more

Interprovider L3VPN Option C on a vMX

Implementation Description

In this article, I will build an Interprovider L3VPN Option C setup on a single vMX. Each individual router will be configured as a logical router. The vMX router has a back-to-back connection between ge-0/0/0 and ge-0/0/1 ports. For each different link, a different VLAN number will be configured to separate the traffic generated based on router ID number.

Note: This option is the most scalable solution comparing with option A and option B.

Continue reading

Interprovider L3VPN Option B on a vMX

Implementation Description

In this article, I will build an Interprovider L3VPN Option B setup on a single vMX. Each individual router will be configured as a logical router. The vMX router has a back-to-back connection between ge-0/0/0 and ge-0/0/1 ports. For each different link, a different VLAN number will be configured to separate the traffic generated based on router ID number.

Network Diagram

Continue reading

Interprovider L3VPN Option A on a vMX

Implementation Description

In this article, I will build an Interprovider L3VPN Option A setup on a single vMX. Each individual router will be configured as a logical router. The vMX router has a back-to-back connection between ge-0/0/0 and ge-0/0/1 ports. For each different link, a different VLAN number will be configured to separate the traffic generated based on router ID number.

Network Diagram

Continue reading

Carrier-of-Carriers with Internet Service Provider as the Customer on a vMX

Implementation description

In this article, I will build a Carrier-of-Carriers with Internet Service Provider as the customer setup on a single vMX. Each individual router will be configured as a logical router. The vMX router has a back-to-back connection between ge-0/0/0 and ge-0/0/1 ports. For each different link, a different VLAN number will be configured to separate the traffic generated based on router ID number.

Network Diagram

Continue reading