vSRX
Highlighted
vSRX

vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

‎06-18-2019 10:39 AM

hey all, 

 

I''m having trouble with the basic ESXI setup for the vSRX. 

 

The best I can tell this is just like the vMX, where Nic 1 is the external interface, 2 and 3 are "internal management", and network adapter 4 is "ge-0/0/0" and etc. 

 

Is this incorrect? I've tried all the nic adapter versions and still, same problem. 

21 REPLIES 21
Highlighted
vSRX

Re: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

‎06-18-2019 10:45 AM

Have you ensured that your VM has 2 vCPUs and 4GB RAM? If you run it on ESXi 6.5 you will need a vSRX based on 18.4R1 or newer. Usually the vFPC doesn't boot when it's lacking a vCPU or memory.

 

requirements are listed here: https://www.juniper.net/documentation/en_US/vsrx/topics/reference/general/security-vsrx-vmware-syste...

 

The port-group connected to fxp0 needs to be in promiscious mode to work. That's possibly the reason why ping isn't working.


--
Best regards,

Jonas Hauge Klingenberg
Juniper Ambassador & Technology Architect, SEC DATACOM A/S (Denmark)
Highlighted
vSRX

Re: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

‎06-18-2019 10:48 AM

Hi there,

 

Here is the techpub that explains the interface mapping in detail for vSRXs:

 

https://www.juniper.net/documentation/en_US/vsrx/topics/reference/general/security-vsrx-interface-na...

 

Also here is the deployment guide for vSRX on VMware (ESXi) for your reference: https://www.juniper.net/documentation/en_US/vsrx/information-products/pathway-pages/security-vsrx-vm...

 

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!

 

Regards,

HS

Highlighted
vSRX

Re: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

‎06-18-2019 10:48 AM

Yep.

 

I have allocated 12 cpus and 20gb of ram. 

 

On our vMX's, we have to run in lite-mode because we have older hosts, do you think it could be the same problem? 

Highlighted
vSRX

Re: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

‎06-18-2019 11:07 AM

Which version of vSRX and is it vSRX 2.0 or 3.0 ? 12 vCPUs doesn't match any supported scheme.


--
Best regards,

Jonas Hauge Klingenberg
Juniper Ambassador & Technology Architect, SEC DATACOM A/S (Denmark)
Highlighted
vSRX

Re: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

‎06-18-2019 11:14 AM

Also, could you run the following command on vSRX cli to confirm if the vFPC is online:

 

> show chassis fpc pic-status

 

Regards,

HS

Highlighted
vSRX

Re: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

‎06-18-2019 11:19 AM

There is no lite-mode configuration available on vSRX just like vMX has.
I understand that you already ensure the requirements are fullfilled. Are you not able to boot up the vSRX at all? or vSRX is booting but you don't see the interface listed.
vSRX2.0 onwards the recommendation is to use VMXNET3 or SRIOV, please ensure the Network Adapter is VMXNET3.
Please check if the FPC is online or offline, if the vSRX does not have valid license even in that case FPC 0 will be offline and interface will not be listed.

Highlighted
vSRX

Re: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

‎06-18-2019 11:32 AM

Result of CLI

 

 

admin@vSRX-RTR1> show chassis fpc pic-status 

Slot 0   Present      FPC      

 

HOw do I tell version?

 

I just changed it to 9 vCPUs and same problem. 

 

Promiscuous mode did change the fxpo com problem. 

Highlighted
vSRX

Re: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

‎06-18-2019 11:33 AM

Ahhhh, that would be the problem then! 

 

I cant' seem to fine the trial license generator? 

 

Can you link it?

Highlighted
vSRX

Re: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

‎06-18-2019 12:14 PM

Hi RoutingFrames,

 

When a vSRX is spun up, it comes with a 30 day/60 day license by default and probably you might not be able to extend this trial license. 

 

If you would like to continue to use the same instance, then you would probably have to obtain a license for it. However if you are still evaluating, then the best way to go about it is to deploy a new vSRX which will start the 30/60 day trial.

 

Here are the links regarding licenses:

 

https://www.juniper.net/documentation/en_US/release-independent/licensing/topics/topic-map/vsrx-lice...

 

https://www.juniper.net/us/en/dm/free-vsrx-trial/

 

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!

 

Regards,

HS

 

Highlighted
vSRX

Re: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

‎06-18-2019 12:22 PM

Okay,

 

that's what I figured, but I see no reason why my GE's are not coming up. 

 

They are using XNet3, they have allocated resources. 

 

 

Highlighted
vSRX

Re: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

‎06-18-2019 12:27 PM

Per the output you shared earlier:

 

admin@vSRX-RTR1> show chassis fpc pic-status 

Slot 0   Present      FPC  <<<<

 

When the FPC is not online, the 'ge' interfaces will not be initialized and hence they will not come up. This happens if there is no active license on the device and trial license has expired.

 

Run the 'show system license' command to check the license status.

 

Regards,

HS

 

Highlighted
vSRX

Re: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

[ Edited ]
‎06-18-2019 12:30 PM

Correct,

 

this machine was spun up today, so I have 59 days left lol

 

 

admin@MLB-vSRX-RTR1> show system license 

License usage: 

                                 Licenses     Licenses    Licenses    Expiry

  Feature name                       used    installed      needed 

  logical-system                        1            3           0    permanent

  Virtual Appliance                     1            1           0    59 days

  remote-access-ipsec-vpn-client        0            2           0    permanent

 

Licenses installed: 

  License identifier: E420588955

  License version: 4

  Software Serial Number: 20150625

  Customer ID: vSRX-JuniperEval

  Features:

    Virtual Appliance - Virtual Appliance

      count-down, Original validity: 60 days

Highlighted
vSRX

Re: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

‎06-18-2019 12:40 PM

Perfect, that rules out the license issue. Smiley Happy 

 

Could you please share the 'show version' output please and also if this is vSRX 2.0 or 3.0? 

 

Regards,

HS

Highlighted
vSRX

Re: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

‎06-18-2019 12:43 PM

It's Version 2, on 19.1R1.6

 

Hostname: MLB-vSRX-RTR1

JUNOS OS Kernel 64-bit  [20190305.df99236_builder_stable_11]

JUNOS OS libs [20190305.df99236_builder_stable_11]

JUNOS OS runtime [20190305.df99236_builder_stable_11]

JUNOS OS time zone information [20190305.df99236_builder_stable_11]

JUNOS OS libs compat32 [20190305.df99236_builder_stable_11]

JUNOS OS 32-bit compatibility [20190305.df99236_builder_stable_11]

JUNOS py extensions [20190321.051058_builder_junos_191_r1]

JUNOS py base [20190321.051058_builder_junos_191_r1]

JUNOS OS vmguest [20190305.df99236_builder_stable_11]

JUNOS OS crypto [20190305.df99236_builder_stable_11]

JUNOS network stack and utilities [20190321.051058_builder_junos_191_r1]

JUNOS libs [20190321.051058_builder_junos_191_r1]

JUNOS libs compat32 [20190321.051058_builder_junos_191_r1]

JUNOS runtime [20190321.051058_builder_junos_191_r1]

JUNOS na telemetry [19.1R1.6]

JUNOS Web Management Platform Package [20190321.051058_builder_junos_191_r1]

JUNOS srx libs compat32 [20190321.051058_builder_junos_191_r1]

JUNOS srx runtime [20190321.051058_builder_junos_191_r1]

JUNOS srx platform support [20190321.051058_builder_junos_191_r1]

JUNOS common platform support [20190321.051058_builder_junos_191_r1]

JUNOS srxtvp runtime [20190321.051058_builder_junos_191_r1]

JUNOS pppoe [20190321.051058_builder_junos_191_r1]

JUNOS Openconfig [19.1R1.6]

JUNOS mtx network modules [20190321.051058_builder_junos_191_r1]

JUNOS modules [20190321.051058_builder_junos_191_r1]

JUNOS srxtvp modules [20190321.051058_builder_junos_191_r1]

JUNOS srxtvp libs [20190321.051058_builder_junos_191_r1]

JUNOS srx libs [20190321.051058_builder_junos_191_r1]

JUNOS srx Data Plane Crypto Support [20190321.051058_builder_junos_191_r1]

JUNOS daemons [20190321.051058_builder_junos_191_r1]

JUNOS srx daemons [20190321.051058_builder_junos_191_r1]

JUNOS SRX TVP AppQos Daemon [20190321.051058_builder_junos_191_r1]

JUNOS High End AppQos Daemon [20190321.051058_builder_junos_191_r1]

JUNOS Extension Toolkit [20190321.051058_builder_junos_191_r1]

JUNOS Phone-home [20190321.051058_builder_junos_191_r1]

JUNOS J-Insight [20190321.051058_builder_junos_191_r1]

JUNOS Online Documentation [20190321.051058_builder_junos_191_r1]

JUNOS jail runtime [20190305.df99236_builder_stable_11]

JUNOS FIPS mode utilities [20190321.051058_builder_junos_191_r1]

Highlighted
vSRX

Re: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

[ Edited ]
‎06-18-2019 12:54 PM

Thanks for sharing this output, I will check a few things and get back to you on this. 

 

Have a few more questions for you:

 

1) Which version of ESXi are you on?

2) If you prefer running vSRXs above 18.4, then I would recommend deploying vSRX 3.0 as it has better RE boot time, etc. Could you try to spining up vSRX3.0 to see if that makes a difference?

Document for reference: https://www.juniper.net/documentation/en_US/vsrx/topics/reference/general/security-vsrx-vmware-syste...

3) Also, if you haven't rebooted the vSRX after changing vCPU value, could you try rebooting it from cli and share the results?

 

Regards,

HS

Highlighted
vSRX

Re: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

‎06-18-2019 01:09 PM

Hey, 

 

I'll try that now! 

 

We are on 6.5 and yes, I have tried reboots after each change. 

 

I'll make another post when I have that spun up.

 

Thank you! 

Highlighted
vSRX

Re: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

‎06-18-2019 01:33 PM

Sounds good! Smiley Happy

 

Upon doing some checks, vSRX 2.0 on Junos 19.1R1.6 on ESXi running 6.5 seems to be supported. However 9vCPUs and 16GB RAM corresponds to vSRX-Large flavor which I am aware works fine on KVM hypervisor. However I am not sure if thats supported on ESXi hypervisor.

 

When you get a chance, could you try powering off this vSRX2.0 instance and change it use 5vCPUs, 8 GB RAM, 16GB disk space (vSRX-Medium flavor) and power it back on to check if that helps resolve this issue?

 

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!

 

Regards,

HS

Highlighted
vSRX

Re: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

‎06-18-2019 01:40 PM

Using vSRX 3.0 has solved the problem! 

 

 

Highlighted
vSRX

Re: vSRX has not ge-0/0/x interfaces and I cannot ping the fxp0 management interface

‎06-18-2019 01:49 PM

Glad to hear that!

 

If you have some time, please try the above recommendation for vSRX2.0 to see if downgrading it to vSRX-M flavor helps to initialize the FPC and interfaces as expected.

 

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!

 

Regards,

HS