Junos
Junos

How to increase memory allocation to vjunos0 in NFX

‎08-15-2019 11:17 AM

I'm playing around with a NFX250-S2 with 19.2 (nextgen release).  This release rolled a lot of security functions into the virtual junos instance and disabled access to the core linux system.

 

On a fresh install the default vjunos0 is allocated 2GB of ram with the rest for VM's.  I'm trying to figure out if there's a way to increase the memory allocation to vjunos0 itself.

 

I've tried "set virtual-network-functions vjunos0 memory size <allocation>" but on a commit check I get a weird error claiming it can't find the jdm.conf in /var/tmp and that something underlying in the hypervisor is empty.

 

With the 19.2 release you can't ssh into the hypervisor anymore, so I can't mess with the configs themselves.  The system has 32GB of RAM, and I'm worried that a few IPSec tunnels/ngfw features enabled with 2GB of RAM that I'll see literal tears and smoke coming from the machine.

 

Thanks!

2 REPLIES 2
Junos

Re: How to increase memory allocation to vjunos0 in NFX

‎08-19-2019 11:18 PM

Hi,

 

Que :- I'm trying to figure out if there's a way to increase the memory allocation to vjunos0 itself.

Juniper:- No, this cannot be changed.

 

Que:- With the 19.2 release you can't ssh into the hypervisor anymore, so I can't mess with the configs themselves. The system has 32GB of RAM, and I'm worried that a few IPSec tunnels/ngfw features enabled with 2GB of RAM that I'll see literal tears and smoke coming from the machine.

 

Juniper:- Well, tears and smoke wont come out, I assure you.

Further, How do you think to deploy the Ipsec tunnels/ngfw ??

Since the "tunnels/ngfw" job would be done by a VNF which will take the resources apart from vJunos0.(i.e. from the 32-2 = ~30)

 

Regards,
Rahul
Junos

Re: How to increase memory allocation to vjunos0 in NFX

‎08-21-2019 12:46 PM

Thanks for the response.

 

On RAM, that makes sense, I've been looking at firewalls in a VNF.

 

Regarding IPSec.  On the pre-19 version there was an IPSec-nm container.  You could ssh into it directly and configure the tunnels there.  They were running straight on the hypervisor I think.

 

Now it appears you configure the tunnels in the vjunos0 instance.  Hence my inquiry as to whether the vjunos instance was powerful enough to handle the interfaces on the box.  As a container it seemed like it had access to full system resources, but boxed into vjunos0 it's locked down.

 

The platform is incredible, it's a shame there is so little documentation.  A few getting started tutorials and that's it.

 

We're giving TNSR a trial on the box, it can supposedly firewall 10Gbps full duplex per core, so putting the 10GbE interfaces to use seems feasible.  Also experimenting with some OpenBSD VM's as well as Linux.

 

In many ways this is a dream box, a lot of network interfaces, acceleration, and VM support.  Seems like you can also toss in a few more ram sticks if you're so inclined, it ships with 2x16GB.  Would be easy to jump to 64GB.