Building a Juniper vSRX 3.0¶
Juniper vSRX 3.0 is supported by the netlab libvirt package command. To build a vSRX 3.0 box:
Create an empty directory on a Ubuntu machine with libvirt and Vagrant.
Download vSRX 3.0 disk image (.qcow2 file) into that directory
Execute netlab libvirt package vsrx virtual-disk-file-name and follow the instructions
The netlab libvirt package vsrx command has been tested on Ubuntu 20.04 LTS and 22.04 LTS and might not work on other Linux distros.
On Ubuntu 22.04 LTS,
libvirt-qemuuser needs read and execute access to the VM disk file. It’s easiest if you create Vagrant boxes in a subdirectory of the
Preparing the Box Configuration¶
Initial device configuration is copied from an ISO image created by the installation process. You’ll have to save it and shut down the VM. netlab libvirt config vsrx command displays the build recipe (based on the recipe published by Brad Searle):
Creating initial configuration for Juniper vSRX =============================================== Initial configuration for the vSRX device is prepared in a bootstrap ISO image. After the system boots and displays the 'login' prompt: * Login with username 'vagrant' and password 'Vagrant' * Verify that the VM got a management IP address with 'show interfaces terse | match fxp' * Shut down the VM with 'request system power-off' (confirm with 'yes') NOTE: the management traffic is isolated in a dedicated management VRF (mgmt_junos).
Notes on Using vSRX Box¶
The netlab Vagrant template for vSRX uses default_prefix libvirt parameter to set the domain (VM) name and uses the VM name to set libvirt vCPU quota.
The template has been tested with Vagrant version 2.2.14. Some earlier versions of Vagrant generated VM names using a slightly different algorithm (the underscore between default_prefix and VM name was added automatically) and might thus generate an unexpected VM name. To fix that problem remove parts of vsrx-domain.j2 template:
Remove domain.default_prefix parameter (default value should generate the expected VM name) or
Remove the whole CPU-limiting logic (trading CPU cycles for simplicity)