Juniper vMX – Virtual MS-MPC

NOTE: I originally published this page in 2018; instructions may now be out of date.

One of the new features for the vMX introduced in 17.4R1 is the virtual MS-MPC (known as the vMS-MPC). This allows you to run services such as NAT and stateful firewall on a virtual MX router. To use the vMS-MPC there are strict hardware requirements which ARE enforced, if you do not assign enough vCPU/RAM resources to the vMX you will not be able to start it with the vMS-MPC configured. The use cases document for Juniper contains some more information about this as well as the exact hardware requirements (the document linked is for the vMX 17.4 release).

The control plane must have at least 1 vCPU with 1GB of RAM and the forwarding plane must have at least 18 vCPU’s with 24GB of RAM. If the vMX has more than 2 NIC’s, every additional NIC requires an extra 4 vCPU’s to be assigned to the forwarding plane (so a vMX with 4 NIC’s requires at least 26 vCPU’s).

To enable the vMS-MPC, edit vmx.conf and add the following under the FORWARDNG_PLANE section of the configuration:

  	pic-name    : service-pic-2g

In my case, the configuration file looks like this for the vPFE:

#vPFE VM parameters
FORWARDING_PLANE:
    memory-mb   : 65536
    vcpus       : 32
    console_port: 8602
    device-type : sriov

	  pic-name    : service-pic-2g

    interfaces  :
      - type      : static
        ipaddr    : 172.25.0.3
        macaddr   : "0A:00:DD:C3:FD:10"

After making the change you will need to reboot the vMX device. Once it is booted you can monitor the messages log file to ensure it starts up and to check for errors (they will be logged from fpc0).

WARNING—>The actual Number of CPU is less than the type-1 requirement

If you see this message after making the change to add the vMS-MPC you will need to assign more vCPU’s to the forwarding plane. The error in the messages log file looks like this:

Mar 16 04:22:20   fpc0 LOGIN: : Detected Junos Device type SRIOV
Mar 16 04:22:20   fpc0 LOGIN: : WARNING--->The actual Number of CPU is less than the type-1 requirement
Mar 16 04:22:20   fpc0 LOGIN: : CPUs Available(18), Required(22), RIOT(20), MSPMAND(0)
Mar 16 04:22:20   fpc0 LOGIN: : Number of CPUs available : 18
Mar 16 04:22:20   fpc0 LOGIN: : Number of Ucode workers  : 0
Mar 16 04:22:20   fpc0 LOGIN: : Number of PORTs to service : 4, loopbacks: 0

You cannot over-commit the number of CPU’s, the host must have enough logical processors to handle this (eg. if the host has 24 logical CPU’s you cannot assign more than 20 logical CPU’s total to the vFP and vCP).

Leave a Reply

Your email address will not be published.