Truth be told I dont really know. What I am going to be doing with it is pretty much mostly some lab stuff and get working with VRF's a bit
There is a known limitation with virtio backend driver uses interrupt mode to receive packets and vSRX uses DPDK -
https://dpdk.readthedocs.io/en/stable/nics/virtio.html which in turn creates a bottleneck in to the guest VM. It is more ideal to use something like SR-IOV instead and remove as many buffer layers as possible with PCI passthrough
One easier way too is to use DPDK OVS. I know ovirt supports OVS in later versions more natively so I just didnt go after it and I dont know if there is any difference between just regular OVS and DPDK OVS. I dont have a huge requirement of insane throughput, just need to get packets from amazon back to my lab and support overlapping subnets
This exercise was somewhat of a POC for me to see if it can be done. A lot of Junipers documentation does not take in to account such things as ovirt or proxmox or any linux overlay to hypervisors like it does for vmware / vcenter which is no fault of their own. They assume flat KVM host (or 2 if clustered) whereas stuff like ovirt can introduce variables (eg: no MAC spoofing)