Upgrade a Multi-core vSRX Virtual Firewall
Starting in Junos OS Release 15.1X49-D70 and Junos OS Release 17.3R1,
you can use virt-manager to scale the performance and capacity
of a vSRX Virtual Firewall instance by increasing the number of vCPUs or the amount
of vRAM allocated to the vSRX Virtual Firewall. See Requirements for vSRX on KVM for the
software requirement specifications for a vSRX Virtual Firewall VM.
See your host OS documentation
for complete details on the virt-manager package
You cannot scale down the number of vCPUs or decrease the amount of vRAM for an existing vSRX Virtual Firewall VM.
Configure the Queue Value for vSRX Virtual Firewall VM with KVM
Before you plan to scale up vSRX Virtual Firewall performance, modify the vSRX Virtual Firewall VM XML file to configure network multi-queuing as a means to support an increased number of dataplane vCPUs for the vSRX Virtual Firewall VM. This setting updates the libvirt driver to enable multi-queue virtio-net so that network performance can scale as the number of dataplane vCPUs increases. Multi-queue virtio is an approach that enables the processing of packet sending and receiving to be scaled to the number of available virtual CPUs (vCPUs) of a guest, through the use of multiple queues.
The configuration of multi-queue virtio-net, however, can only be performed in the XML file. OpenStack does not support multi-queue.
To update the queue, at the <driver name='vhost' queues='x'/> line in the vSRX Virtual Firewall VM XML file, match the number of queues with number
of dataplane vCPUs you plan to configure for the vSRX Virtual Firewall VM. The default
is 4 dataplane vCPUs, but you can scale that number to 4, 8, or 16
vCPUs.
The following XML file example configures 8 queues for a vSRX Virtual Firewall VM with 8 dataplane vCPUs:
<output omitted>
<interface type='network'>
<source network='net2'/>
<model type='virtio'/>
<driver name='vhost' queues='8'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
</interface>
Shutdown the vSRX Virtual Firewall Instance with virt-manager
In situations where you want to edit and modify the vSRX Virtual Firewall VM XML file, you need to completely shut down vSRX Virtual Firewall and the associated VM.
To gracefully shutdown the vSRX Virtual Firewall instance with virt-manager:
Do not use Force Reset or Force Off on any active VM as it may create file corruptions.
Upgrade vSRX Virtual Firewall with virt-manager
You must shut down the vSRX Virtual Firewall VM before you can update vCPU or vRAM values for the VM.
You can upgrade and launch vSRX Virtual Firewall with the KVM virt-manager GUI package.
To scale up a vSRX Virtual Firewall VM with virt-manager to
a higher number of vCPUs or to an increased amount of vRAM:
- On your host OS, type virt-manager. The Virtual Machine Manager appears. See Figure 1.Note:
You must have admin rights on the host OS to use
virt-manager.Figure 1: virt-manager
vSRX Virtual Firewall scales down to the closest supported value if the vCPU or vRAM settings do not match what is currently available.
Change History Table
Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.
virt-manager to scale the performance and capacity
of a vSRX Virtual Firewall instance by increasing the number of vCPUs or the amount
of vRAM allocated to the vSRX Virtual Firewall