How to run Juniper vMX in UNetLab

featured1

Juniper offers its brilliant MX routers for virtual environments – namely vMX. And we cant name ourselves engineers if we wouldn’t try to run one in the Unetlab. Running vMX in the unetlab is a simple task, yet I see many complaints about vMX not working. With this being said I invite you to a journey called “running vMX in Unetlab. Painless edition”.

How to get vMX?

Why is this way painless? Mainly because we will run vMX 14.1R1  which has a  *.vdi  image out there in the Internet. I bet you will find your way to this image.

If you will go straight to the Junipers software download page for vMX product you will be offered  14.1R5 release which comes without single disk image and not so easy to install (see this great post here to get the details). I wont tell you how to run   14.1R5 in the Unetlab, because (1) I havn’t tried it yet and (2) you cant play with this release without a licence.

How to install vMX image?

Okay, you got  vMX.vdi image of Juniper vMX, now it’s time to convert this image to qcow2 file type since this is the preferred image type for qemu hypervisor. Do the following:

  1. convert vdi image to the qcow2
    You should have hda.qcow2  image now. Use exactly this name –  hda.qcow2  – as an output of the convert process, it is a mandatory naming scheme for Unetlab.
  2. Create a folder named vmx-14.1.R1 under the  /opt/unetlab/addons/qemu/ . Mind the folder name, you must keep vmx- at the beginning of the folder name, you can place whatever you want after the hyphen sign.
  3. Move hda.qcow2 to the   /opt/unetlab/addons/qemu/  and run permission-fixer script:
  4. Place Juniper node (with default settings) on a topology and start the node!

Using vMX

Making commit work

First boot is hell of a slow. I heard folks have been waiting for 5 minutes on a desktop till vMX login prompt appears. Dont panic if it takes much time for a first time.

When you see welcome prompt:

use login root hit Enter and it will let you in, no password needed. The box comes with a factory defaults settings, so prior to making any configuration changes you must to provide root password for commit  to work. If you do not do this, you will end up like that:

So, type cli after you logged in with root, prompt will change from root@% to  root> meaning you now in the cli. Then change to configuration context and set root password:

How to change vMX qemu options?

Unetlab stores configuration templates for every appliance in its arsenal. These configuration templates tells qemu or dynamips how to run specific images. All the templates stored at  /opt/unetlab/html/templates/ so if you ever want to make some changes (or if something is not working well) to some parameters for a specific image – do your dirty work there.

I changed that vmx.php a bit:

Rumors are that default qemu options are as good as mine, yet I prefer my string with -enable-kvm  and without -machine type=pc-1.0,accel=kvm  opts.

Testing connectivity

Time to add two nodes and test the basic L3 connectivity. As I said, when adding vMX node you can stick to the defaults, or add more CPU if you have them.

vMX interfaces. em vs ge

When you will add bridge network and try to connect vMX interface to it, you will see that first two interfaces are locked down (marked “Do not use”). Do not use them =) I have third interfaces interconnected  and Unetlab pictured their names as em2/ge-0/0/0 . This is because vMX is running in a linux virtual machine and got its interfaces appropriately named. You can use  em#  interfaces, yet I suggest you to configure ge-x/x/x interfaces instead. To do so you have to set mac address for every  ge-x/x/x interface according to its em  counterpart. Lets see how to do that:

Do not forget to delete em  interfaces from your configuration if you decided to go with ge-x/x/x interfaces instead.

Here is a basic interfaces configuration and test procedure via ping (with em interfaces in use):

Bingo.

 

Known Issues & final thoughts

I havnt had a lot of time to play with vMX, still I noticed some problems I’d like to share:

  1. When I started nodes simultaneously (by clicking start all nodes) I often ended up with vMX bootlooped. So for a workaround I run the nodes one by one.
  2. If you telnet to a node right after you clicked “Start the node” you could find yourself in a boostrap prompt. So I waited 10 seconds after hit “Run” button till trying to telnet to the device to avoid bootstrap menu.
  3. Actually vMX can be equipped with up to 10 GE interfaces. So you can specify 12 interfaces when adding a node and use ifaces from 2 to 12 for interconnection.
  4. vMX version 14.1R5.4 works very unstable. The only stable version I tried was Junos: 14.1R1.10
  5. When you configure interface address wait a minute or two to actually see the routes in RIB ( show route). It takes some time to program PFE with these entries.

I don’t know if this release has any limitation regarding some hardcore features like QoS or Multicasts (I heard nothing on that), but routing, MPLS and services work just fine. If you are aware of some limitations, please let us know in the comments.

Have fun with Junos, now without the necessity to book JunoSphere.

Roman Dodin

Network engineer at Nokia
Eagerness to learn multiplied by passion to share.
You can reach me at LinkedIn

You Might Also Like

  • http://google.com scorpio

    Hi Buddy, can you run netscreen ssg on unetlab? I cant find any document on unetlab website

    • http://hellt.ru/ Roman Dodin

      Hi, never tried, but if you have qcow2 image I could try

  • Andrey Glazkov

    Hi. What about L2VPN and RSVP?
    I’ve tried, but it doesn’t work.

    root@Juniper_1# set interfaces ge-0/0/0.0 family ccc
    root@Juniper_1# commit
    [edit interfaces ge-0/0/0 unit 0]
    ‘family’
    family ccc not valid on this interface.
    error: configuration check-out failed

    root@Juniper_1# run show rsvp neighbor
    RSVP neighbor: 0 learned
    [edit]
    root@Juniper_1# run show rsvp interface
    RSVP interface: 1 active
    Active Subscr- Static Available Reserved Highwater
    Interface State resv iption BW BW BW mark
    ge-0/0/0.0 Up 0 100% 1000Mbps 1000Mbps 0bps 0bps

    • http://hellt.ru/ Roman Dodin

      Hi. Havnt tried L2VPN with Juniper yet, but the non-constrained RSVP worked well for me, see this post http://noshut.ru/2015/11/basic-l3vpn-bgpmpls-vpn-or-vprn-configuration-alcatel-lucent-juniper/

      • Andrey Glazkov

        Thx for you response. Rly i was wrong.
        I forgot to activate traffic-engineering under the OSPF protocol
        stanza. And CSPF computation failed.
        Unlike OSPF, ISIS supports traffic-engineering and creation of a traffic-engineering database by default.

        • Dilip varma

          Not able to login into the router… connection refused… All the installation is done as per specified on the portal..

          Getting error for xrv // vSRX // vMX …. please help…

  • kiki&sharona

    Hi , I had a problem running PIM with OSPF, so i had to enable tcpdump in background to get it work,

    >start shell
    %tcpdump -i emX >> /var/tmp/ospf.txt &

    To kill process, just go back to shell
    >start shell
    %jobs
    %kill %

    i.e :

    kill %1

    FYI : don’t do “kill 1″ , otherwise will kill init process , just add percentage sign”%”

    will consume some space in vMX, but 6GBs is enough for vMX.

    • http://hellt.ru/ Roman Dodin

      Thanks for sharing. Though, havnt tried PIM yet.

      • kiki&sharona

        Sure, as well, have tried with VLC between 2 endpoints and seems to have issues, while trying to stream traffic , I start losing connectivity with the vMX, if I stop it and came back,

        I still don’t know how to use bridging/switching on the vMX so I used a cisco 3725 as L2/L3 switch so I can tag the traffic going to the vMX,

        here are the follow :

        Host(vlan10)—access—cisco3725 -trunk—-vlan-tagging-vMX(L3 interface)

        Hope this helps!

        Thanks
        kiki

        • kiki&sharona

          Do anyone know how to use bridging? I tried to install it in a Ubuntu box but got a lot issues, anyone have experienced that issue?

          Thank you,
          -Kiki

  • No Damn Cat

    Great tutorial! Is it possible to have more than 4 forwarding interfaces with Unetlab/Qemu? When i run the image directly with vmware workstation I can have more than 4 em interfaces, but it seems that unetlab is limited to 4 – em2-em6 (ge-0/0/0 – ge-0/0/3).

    • http://hellt.ru/ Roman Dodin

      Glad you worked this out.

  • Onatchi

    ” If you want to configure ge-x/x/x interfaces, you should explicitly configure mac address for every ge interface in use and excludeem interfaces if you configured them earlier.”

    Yes I want to use ge-x/x/x interfaces, please let how how can I set/where can I set mac for ge-x/x/x interfaces.

    • http://hellt.ru/ Roman Dodin
    • Nandha Kumar S

      Can you please explain this a bit more? My iBGP session are not coming up.
      Router A
      ge-0/0/0 {
      mac 50:00:00:01:00:02;
      unit 0 {
      description to-B;
      family inet;
      }
      }
      em2 {
      unit 0 {
      family inet {
      address 10.10.10.1/30;
      }
      }
      }

      Router B
      ge-0/0/0 {
      mac 50:00:00:02:00:02;
      unit 0 {
      description to-A;
      family inet;
      }
      }
      em2 {
      unit 0 {
      family inet {
      address 10.10.10.2/30;
      }
      }
      }

      I am able to ping 10.10.10.2 from Router A, but iBGP or LDP sessions are not established.
      Please help clarify what needs to be done.

  • http://achyarnurandi.tumblr.com/ A. Achyar Nur

    Hi Buddy, When I download the vMX from juniper web. I not found the vdi format. Let me know when I can get it?

    • http://scubyx.blogspot.com Roni Silveray

      try with torrent :D

      • http://achyarnurandi.net Achyar Nur Andi

        Of course I did.. LOL. Thank You So much

  • http://scubyx.blogspot.com Roni Silveray

    Hii..i try to run vMX in UNL, with following all the step, when i start the node, it says vMX started, but the icon under node is still in square for pause state.
    i open satus menu in other tab, and no qemu node is running, did i miss something?
    my UNL is in VMware player 2GB ram, my host bios virtualitation is enabled, using intel i5.
    anybody have the same issue, i have try to add more RAM in UNL VM but nothing happend, i’ll try any of your advice guys.

  • http://achyarnurandi.net Achyar Nur Andi

    Hi, should I set mac ge-* with em*? Because when I check the ge-0/0/0 has different MAC with em2

    root@LAB-PE-2-MX# run show interfaces ge-0/0/0 | match Current

    Current address: 00:05:86:71:83:00, Hardware address: 00:05:86:71:83:00

    [edit interfaces]

    root@LAB-PE-2-MX# run show interfaces em2 | match Current

    Current address: 50:01:00:02:00:02, Hardware address: 50:01:00:02:00:02

  • Nandha Kumar S

    why you have suggested as to delete “em#” ? and given show interfaces which show em# inet address. !! Please help me..many thanks

  • Pasquale

    Hi everyone,
    I have two VMX link with the vlan 20 but not ping each other.
    is a known problem of qemu with vlan or something wrong?

    Configure:

    interfaces {
    em2 {
    VLAN tagging;
    unit 20 {
    vlan-id 20;
    family inet {
    address 2.2.2.2/30;
    }
    }
    }

  • Mihai

    VMX Phase2 (2xVMs) works for me like this in case anyone is interested (I might make a tutorial later on) as there’s no article about it:
    – Version: 15.1F6.9
    – vmxvcp.php
    $p[‘qemu_options’] = ‘-machine type=pc-i440fx-trusty,accel=kvm,usb=off -serial mon:stdio -nographic -cpu Opteron_G4,+perfctr_core,+osvw,+cr8legacy,+extapic,+fxsr_opt,+mmxext,+hypervisor,+osxsave,+x2apic,+vme -smbios type=0,vendor=Juniper -smbios type=1,manufacturer=VMX,product=VM-vcp_vmx1-161-re-0,version=0.1.0 -hdb vmxhdd.qcow2 -hdc metadata.qcow2 -realtime mlock=off -no-user-config -nodefaults -rtc base=utc -no-shutdown -boot strict=on -device virtio-balloon-pci,id=balloon0’;
    (the CPU part can be removed I think..I just reproduced the parameters detected inside a normal Ubuntu by the vmx-bundle script)

    – vmxvfp.php
    $p[‘qemu_options’] = ‘-machine type=pc-i440fx-trusty,accel=kvm,usb=off,mem-merge=off -serial mon:stdio -nographic -nodefaults -no-user-config -cpu Opteron_G4,+perfctr_core,+osvw,+cr8legacy,+extapic,+fxsr_opt,+mmxext,+hypervisor,+osxsave,+x2apic,+vme -hdb metadata.qcow2 -mem-prealloc -realtime mlock=off -rtc base=utc -no-shutdown -boot strict=on -device virtio-balloon-pci,id=balloon0 -msg timestamp=on’;
    ?>

    The Product type was left with 16 as I was playing with 16 before..it can be changed with 15 :)

    Without the -nodefaults and the machine type, the boot loader was hanging for me because of a stupid bug ACPI/Kernel version/KVM/etc.
    This was documented on a FreeBSD mailing list and I guess just replacing the EVE-NG embedded kernel with a modern / actual version of the latest kernel would eliminate this issue permanently.

    As this VMX version needs 2 VMs (control plane and forwarding plane) do not forget with the Connect Tool to make a link between the INT Interface of both (also test with brctl show that Unetlab/EVE-NG really made the link between them..sometimes it “forgets”).
    For checking:
    – mouse over the capture option in the UNL/EVE-NG diagram..note the vunlx_y_z name of the Int interface
    – then in the Linux console “brctl show” and see if you have an interface listed on the left that contains on the right the 2 x INT interfaces you identified before

  • oaw

    HI Everyone,
    Its a really good article and it helped me a lot to setup my Unetlab for vMX
    But I am still having some issues

    root@RC# run show configuration | display set
    set version 14.1R1.10
    set system host-name RC
    set system root-authentication encrypted-password “***********”
    set system syslog user * any emergency
    set system syslog file messages any notice
    set system syslog file messages authorization info
    set system syslog file interactive-commands interactive-commands any
    set interfaces ge-0/0/0 mac 50:00:00:07:00:02
    set interfaces ge-0/0/0 unit 0 description “To RB”
    set interfaces ge-0/0/0 unit 0 family inet address 10.1.1.1/30
    set interfaces ge-0/0/0 unit 0 family iso
    set interfaces lo0 unit 0 family inet address 1.1.1.1/32
    set interfaces lo0 unit 0 family iso address 49.0001.0010.0100.1001.00
    set protocols isis interface ge-0/0/0.0
    set protocols isis interface lo0.0 passive

    [edit]
    root@RC# run show interfaces ge-0/0/0
    error: device ge-0/0/0 not found

    • Michail Litvak

      Just add a ‘vm_local_rpio=”1”’ to /boot/loader.conf and reload the node

      • Joe Hlasnik

        That line didn’t seem to work for me on 14.1R5 it just made the CPU go crazy.