SRX

last person joined: 3 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  vSRX boot stuck on OpenStack (without Contrail)

    Posted 03-09-2017 17:52

    Hi,

     

    I am trying to run vSRX 15.1X49-D70.3/D60.7 on OpenStack (Newton) environment and the boot process seems to get stuck after the FreeBSD copyright messages. Does anyone have a clue at what's causing this? 
    Also, if someone knows a version that's working with their environment, I would like to know as well.

     

    I can't ping nor ssh to any of the assigned IPs and the RE's boot process seems to loop every 10 or so minutes so it's definetely not working. I've tried changing number of vCPUs, memory and number of NICs but all unsuccessful. Only thing I can think of right now is try changing the NIC driver to e1000 from virtio.

     

    I am using KVM-based hypervisors (Ubuntu 16.04) and they do have nested vmx and  apicv disabled.

    The following are the output of the glance image and nova flavor/show:

     

    $ glance image-show 59034a4b-f06a-4d03-889e-f9983110891a
+------------------+--------------------------------------+
| Property         | Value                                |
+------------------+--------------------------------------+
| checksum         | 7b11babaef0b775f36281ec1d16f1708     |
| container_format | bare                                 |
| created_at       | 2017-03-10T00:20:10Z                 |
| disk_format      | qcow2                                |
| hw_cdrom_bus     | ide                                  |
| hw_disk_bus      | ide                                  |
| hw_vif_model     | virtio                               |
| id               | 59034a4b-f06a-4d03-889e-f9983110891a |
| min_disk         | 0                                    |
| min_ram          | 0                                    |
| name             | juniper-vsrx-15.1X49-D70.3           |
| owner            | bd11a7db31d84ec18ba65febca43dfb1     |
| protected        | False                                |
| size             | 3115450368                           |
| status           | active                               |
| tags             | []                                   |
| updated_at       | 2017-03-10T00:20:18Z                 |
| virtual_size     | None                                 |
| visibility       | private                              |
+------------------+--------------------------------------+

$ nova flavor-show medium
+----------------------------+--------------------------------------+
| Property                   | Value                                |
+----------------------------+--------------------------------------+
| OS-FLV-DISABLED:disabled   | False                                |
| OS-FLV-EXT-DATA:ephemeral  | 0                                    |
| disk                       | 40                                   |
| extra_specs                | {}                                   |
| id                         | 7a1cf8dc-6c12-49a4-9683-3d7ccd13b9e3 |
| name                       | medium                               |
| os-flavor-access:is_public | True                                 |
| ram                        | 4096                                 |
| rxtx_factor                | 1.0                                  |
| swap                       |                                      |
| vcpus                      | 2                                    |
+----------------------------+--------------------------------------+

    $ nova show 82b1e75d-f398-431a-a223-a3d78a16a162
    +--------------------------------------+-------------------------------------------------------------------+
    | Property | Value |
    +--------------------------------------+-------------------------------------------------------------------+
    | OS-DCF:diskConfig | AUTO |
    | OS-EXT-AZ:availability_zone | <<STRIPPED>> |
    | OS-EXT-SRV-ATTR:host | <<STRIPPED>> |
    | OS-EXT-SRV-ATTR:hostname | <<STRIPPED>> |
    | OS-EXT-SRV-ATTR:hypervisor_hostname | <<STRIPPED>> |
    | OS-EXT-SRV-ATTR:instance_name | instance-00000056 |
    | OS-EXT-SRV-ATTR:kernel_id | |
    | OS-EXT-SRV-ATTR:launch_index | 0 |
    | OS-EXT-SRV-ATTR:ramdisk_id | |
    | OS-EXT-SRV-ATTR:reservation_id | r-p25wuqno |
    | OS-EXT-SRV-ATTR:root_device_name | /dev/hda |
    | OS-EXT-SRV-ATTR:user_data | - |
    | OS-EXT-STS:power_state | 1 |
    | OS-EXT-STS:task_state | - |
    | OS-EXT-STS:vm_state | active |
    | OS-SRV-USG:launched_at | 2017-03-10T01:26:21.000000 |
    | OS-SRV-USG:terminated_at | - |
    | NET-1 network | 1.1.1.1 |
    | NET-2 network | 2.2.2.2 |
    | NET-3 network | 3.3.3.3 |
    | NET-4 network | 4.4.4.4 |
    | accessIPv4 | |
    | accessIPv6 | |
    | config_drive | |
    | created | 2017-03-10T01:25:59Z |
    | description | <<STRIPPED>> |
    | flavor | large (a44afc4c-470d-4a35-80a5-6303a4461ff7) |
    | hostId | 074d0d229123e7b7ec8b7cea0984402c948782951fb462508d10c2b7 |
    | host_status | UP |
    | id | 82b1e75d-f398-431a-a223-a3d78a16a162 |
    | image | juniper-vsrx-15.1X49-D60.7 (21787574-7e49-4ebb-b1eb-4419d318eec3) |
    | key_name | <<STRIPPED>> |
    | locked | False |
    | metadata | {} |
    | name | <<STRIPPED>> |
    | os-extended-volumes:volumes_attached | [] |
    | progress | 0 |
    | security_groups | default |
    | status | ACTIVE |
    | tags | [] |
    | tenant_id | bd11a7db31d84ec18ba65febca43dfb1 |
    | updated | 2017-03-10T01:26:21Z |
    | user_id | 55c447998afa421f90ef9a7019ad2a60 |
    +--------------------------------------+-------------------------------------------------------------------+

     (Network addresses are changed to something random, in the real output, they are correct addresses such as 192.168.0.1 and 10.0.0.1)

     

    Also, here's a screenshot of the stuck screen:

    vsrx.png

     

    Thanks



  • 2.  RE: vSRX boot stuck on OpenStack (without Contrail)
    Best Answer

     
    Posted 03-10-2017 00:07

    Hello,

     

    What is the host kernel version you have?

    Also is the PML flag is set on the host kernel?

     

    Regards,

     

    Rushi



  • 3.  RE: vSRX boot stuck on OpenStack (without Contrail)

    Posted 03-10-2017 14:49

     Hi Rushi,

     

    Thanks for your hints, got it working by setting PML disabled.
    It seems like vSRX doesn't work when PML is enabled.

     

    Just in case, the environment is Ubuntu 16.04.2 LTS (xenial) with kernel 4.4.0-66-generic.

    Here are some command outputs:

    # lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 16.04.2 LTS
Release:	16.04
Codename:	xenial

# uname -r
4.4.0-66-generic

# cat /proc/cpuinfo |grep "model name" |uniq
model name	: Intel(R) Xeon(R) CPU E3-1230 v5 @ 3.40GHz

# cat /sys/module/kvm_intel/parameters/pml 
N

# cat /sys/module/kvm_intel/parameters/nested
Y

    I had to put pml=0 in the kvm_intel option and reboot to make it working:

    # cat /etc/modprobe.d/qemu-system-x86.conf 
options kvm_intel nested=1 pml=0


  • 4.  RE: vSRX boot stuck on OpenStack (without Contrail)

     
    Posted 03-13-2017 00:28

    Hello,

     

    I think this issue is more related to Host Kernel where PML flag does not allow VM to boot.

     

    http://www.spinics.net/lists/kvm/msg135703.html

     

    I am not sure about this but it looks like the host Kernel issue is fixed in 4.4.19.

     

    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.19

     

    Regards,

     

    Rushi



  • 5.  RE: vSRX boot stuck on OpenStack (without Contrail)

    Posted 06-16-2017 11:44

    This solve the issue in my enviroment 

    # cat /etc/modprobe.d/qemu-system-x86.conf 
options kvm_intel nested=1 pml=0

     Thank you.