The Juniper vSRX uses nested virtualization to run. The host OS is Wind River Linux, assuming you are running this on ESXi you can see the host OS if you push Alt + F2 to access a separate terminal. For troubleshooting or if you are interested in further information about how the vSRX runs you can log in to the host OS to have a poke around (eg. you may want to review the logs in /var/log of the host if you are having issues). I can’t find a password to access the terminal of the host directly (all of the ones I could find after looking around did not work) but there is a private key for the root user on the vSRX which allows you to login without authentication.
Steps
Use these steps to access the host OS:
- Log into the vSRX as the root user. You can also login with a different user and “su” to root if needed, but you will need to access the CLI again. You don’t have to login to the vSRX with SSH, it can be done from the console if needed but it is easier to do this via SSH.
- SSH to the host IP in the
__juniper_private1__routing instance:
ssh root@129.16.0.16 routing-instance __juniper_private1__
NOTE: The IP 129.16.0.16 is used when the vSRX is in a cluster. If the vSRX is standalone use 128.0.1.6 instead
- You should now be logged in as root to the host OS.
As an example, this is what my session looked like:
me@jumpoff ~ $ ssh root@vsrx
Warning: Permanently added 'vsrx,xxxx:xxxx::8' (ECDSA) to the list of known hosts.
Last login: Wed Jan 2 13:33:50 2019 from xxxx:xxxx:xxxx:xxxx::190
--- JUNOS 18.2R1.9 Kernel 64-bit JNPR-11.0-20180614.6c3f819_buil
root@vsrx:~ #
root@vsrx:~ # cli
{primary:node0}
root@vsrx> ssh root@129.16.0.16 routing-instance __juniper_private1__
The authenticity of host '129.16.0.16 (129.16.0.16)' can't be established.
ECDSA key fingerprint is SHA256:AXLC0dyaZpmVmoBAc+05/5ijVMr/1TojkfPwG6HGBG8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '129.16.0.16' (ECDSA) to the list of known hosts.
root@vsrx-node:~#Interesting Things
CPU Allocation
You can view the amount of CPU’s that have been allocated to the PFE:
root@vsrx-node:~# ps aux | grep pf[e] root 3403 801 0.6 14463800 301236 ? SLl 2018 260815:00 /usr/sbin/srxpfe -C 9
In this case there are 9 CPU’s allocated to the PFE (it is the VSRX-L edition in this case).
Edition Selection
You can see how the vMX will select the edition that runs. The edition controls various performance related parameters such as number of CPU’s allocated to the PFE and the maximum number of sessions. If the vSRX edition is set to VSRX-S for example you will not be able to use more than 2 CPU’s (eg. if you allocate 20 vCPU’s to the VM it will never use the additional 10 vCPU’s).
The function get_platform_type_n_flavor in the file /etc/init.d/rc.junosapp controls which edition of the vSRX will be used. The number of CPU’s available, the amount of RAM available and the types of NIC’s (with number of queues supported) is used to decide which edition will be used.