Juniper vSRX Cluster on oVirt/RHEV
Hi All - Recently did this and thought it would be worth documenting. I couldnt find any solid information on vsrx with kvm outside of flat KVM. This outlines some of the things I hit along the way and how to fix. This is my one small way of giving back to such an incredible open source tool https://ckozler.net/vsrx-cluster-on-ovirtrhev/
On Wed, Mar 21, 2018 at 10:37 PM, Charles Kozler <ckozleriii@gmail.com> wrote:
Hi All -
Recently did this and thought it would be worth documenting. I couldnt find any solid information on vsrx with kvm outside of flat KVM. This outlines some of the things I hit along the way and how to fix. This is my one small way of giving back to such an incredible open source tool
Thanks for sharing! Why didn't you just upload the qcow2 disk via the UI/API though? There's quite a bit of manual work that I hope is not needed? Y.
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
This is a multi-part message in MIME format. --------------060907040604080301040209 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit On 22-3-2018 10:17, Yaniv Kaul wrote:
On Wed, Mar 21, 2018 at 10:37 PM, Charles Kozler <ckozleriii@gmail.com <mailto:ckozleriii@gmail.com>> wrote:
Hi All -
Recently did this and thought it would be worth documenting. I couldnt find any solid information on vsrx with kvm outside of flat KVM. This outlines some of the things I hit along the way and how to fix. This is my one small way of giving back to such an incredible open source tool
https://ckozler.net/vsrx-cluster-on-ovirtrhev/ <https://ckozler.net/vsrx-cluster-on-ovirtrhev/>
Thanks for sharing! Why didn't you just upload the qcow2 disk via the UI/API though? There's quite a bit of manual work that I hope is not needed?
@Work we're using Juniper too and oud of curiosity I downloaded the qcow2 image and used the UI to upload it and add it to a VM. It just works :-) oVirt++ Joop --------------060907040604080301040209 Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: 7bit <html> <head> <meta content="text/html; charset=windows-1252" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <div class="moz-cite-prefix">On 22-3-2018 10:17, Yaniv Kaul wrote:<br> </div> <blockquote cite="mid:CAJgorsa81pTExbTodj3VcKg2ha5cSFLPbS-KVNWSV7ndwhi5xQ@mail.gmail.com" type="cite"> <div dir="ltr"><br> <div class="gmail_extra"><br> <div class="gmail_quote">On Wed, Mar 21, 2018 at 10:37 PM, Charles Kozler <span dir="ltr"><<a moz-do-not-send="true" href="mailto:ckozleriii@gmail.com" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:ckozleriii@gmail.com">ckozleriii@gmail.com</a></a>></span> wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <div dir="ltr">Hi All - <div><br> </div> <div>Recently did this and thought it would be worth documenting. I couldnt find any solid information on vsrx with kvm outside of flat KVM. This outlines some of the things I hit along the way and how to fix. This is my one small way of giving back to such an incredible open source tool</div> <div><br> </div> <div><a moz-do-not-send="true" href="https://ckozler.net/vsrx-cluster-on-ovirtrhev/" target="_blank">https://ckozler.net/vsrx-<wbr>cluster-on-ovirtrhev/</a></div> </div> </blockquote> <div><br> </div> <div>Thanks for sharing!</div> <div>Why didn't you just upload the qcow2 disk via the UI/API though?</div> <div>There's quite a bit of manual work that I hope is not needed?</div> <br> </div> </div> </div> </blockquote> @Work we're using Juniper too and oud of curiosity I downloaded the qcow2 image and used the UI to upload it and add it to a VM. It just works :-) oVirt++<br> <br> Joop<br> <br> </body> </html> --------------060907040604080301040209--
I hit a lot of errors when I tried to upload through the web UI. I tried both remote URI and local file and both failed for me. I cant remember exactly what they were but I recall its where I spent a lot of time initially. I think it had something to do with the ovirt-imageio function...something around that I couldnt get working right. Also, doing the way I did it allowed me to quickly restart if I needed to by creating an alias around dd command. I had to restart a bunch so it was useful. I did this all on 4.0.1.1-1.el7.centos On Fri, Mar 23, 2018 at 3:58 AM, Joop <jvdwege@xs4all.nl> wrote:
On 22-3-2018 10:17, Yaniv Kaul wrote:
On Wed, Mar 21, 2018 at 10:37 PM, Charles Kozler < <ckozleriii@gmail.com> ckozleriii@gmail.com> wrote:
Hi All -
Recently did this and thought it would be worth documenting. I couldnt find any solid information on vsrx with kvm outside of flat KVM. This outlines some of the things I hit along the way and how to fix. This is my one small way of giving back to such an incredible open source tool
Thanks for sharing! Why didn't you just upload the qcow2 disk via the UI/API though? There's quite a bit of manual work that I hope is not needed?
@Work we're using Juniper too and oud of curiosity I downloaded the qcow2 image and used the UI to upload it and add it to a VM. It just works :-) oVirt++
Joop
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Out of curiosity how much traffic can it handle running in these Virtual Machines on the top of reasonable hardware ? Fernando 2018-03-23 4:58 GMT-03:00 Joop <jvdwege@xs4all.nl>:
On 22-3-2018 10:17, Yaniv Kaul wrote:
On Wed, Mar 21, 2018 at 10:37 PM, Charles Kozler < <ckozleriii@gmail.com> ckozleriii@gmail.com> wrote:
Hi All -
Recently did this and thought it would be worth documenting. I couldnt find any solid information on vsrx with kvm outside of flat KVM. This outlines some of the things I hit along the way and how to fix. This is my one small way of giving back to such an incredible open source tool
Thanks for sharing! Why didn't you just upload the qcow2 disk via the UI/API though? There's quite a bit of manual work that I hope is not needed?
@Work we're using Juniper too and oud of curiosity I downloaded the qcow2 image and used the UI to upload it and add it to a VM. It just works :-) oVirt++
Joop
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Truth be told I dont really know. What I am going to be doing with it is pretty much mostly some lab stuff and get working with VRF's a bit There is a known limitation with virtio backend driver uses interrupt mode to receive packets and vSRX uses DPDK - https://dpdk.readthedocs.io/en/stable/nics/virtio.html which in turn creates a bottleneck in to the guest VM. It is more ideal to use something like SR-IOV instead and remove as many buffer layers as possible with PCI passthrough One easier way too is to use DPDK OVS. I know ovirt supports OVS in later versions more natively so I just didnt go after it and I dont know if there is any difference between just regular OVS and DPDK OVS. I dont have a huge requirement of insane throughput, just need to get packets from amazon back to my lab and support overlapping subnets This exercise was somewhat of a POC for me to see if it can be done. A lot of Junipers documentation does not take in to account such things as ovirt or proxmox or any linux overlay to hypervisors like it does for vmware / vcenter which is no fault of their own. They assume flat KVM host (or 2 if clustered) whereas stuff like ovirt can introduce variables (eg: no MAC spoofing) On Fri, Mar 23, 2018 at 3:27 PM, FERNANDO FREDIANI < fernando.frediani@upx.com> wrote:
Out of curiosity how much traffic can it handle running in these Virtual Machines on the top of reasonable hardware ?
Fernando
2018-03-23 4:58 GMT-03:00 Joop <jvdwege@xs4all.nl>:
On 22-3-2018 10:17, Yaniv Kaul wrote:
On Wed, Mar 21, 2018 at 10:37 PM, Charles Kozler < <ckozleriii@gmail.com> ckozleriii@gmail.com> wrote:
Hi All -
Recently did this and thought it would be worth documenting. I couldnt find any solid information on vsrx with kvm outside of flat KVM. This outlines some of the things I hit along the way and how to fix. This is my one small way of giving back to such an incredible open source tool
Thanks for sharing! Why didn't you just upload the qcow2 disk via the UI/API though? There's quite a bit of manual work that I hope is not needed?
@Work we're using Juniper too and oud of curiosity I downloaded the qcow2 image and used the UI to upload it and add it to a VM. It just works :-) oVirt++
Joop
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Indeed, there is this problem wiht the virtio driver which creates this , sometimes huge bottleneck for machines tat do a fair amount of traffic. Other than using DPDK OVS I would love to heard an alternative or a fix for it. Currently being hit by this issue with no solution. As you mention for a lab is fine but would be lovely to have a pretty redundant scenario like this in production. Fernando 2018-03-23 21:04 GMT-03:00 Charles Kozler <ckozleriii@gmail.com>:
Truth be told I dont really know. What I am going to be doing with it is pretty much mostly some lab stuff and get working with VRF's a bit
There is a known limitation with virtio backend driver uses interrupt mode to receive packets and vSRX uses DPDK - https://dpdk.readthedocs.io/ en/stable/nics/virtio.html which in turn creates a bottleneck in to the guest VM. It is more ideal to use something like SR-IOV instead and remove as many buffer layers as possible with PCI passthrough
One easier way too is to use DPDK OVS. I know ovirt supports OVS in later versions more natively so I just didnt go after it and I dont know if there is any difference between just regular OVS and DPDK OVS. I dont have a huge requirement of insane throughput, just need to get packets from amazon back to my lab and support overlapping subnets
This exercise was somewhat of a POC for me to see if it can be done. A lot of Junipers documentation does not take in to account such things as ovirt or proxmox or any linux overlay to hypervisors like it does for vmware / vcenter which is no fault of their own. They assume flat KVM host (or 2 if clustered) whereas stuff like ovirt can introduce variables (eg: no MAC spoofing)
On Fri, Mar 23, 2018 at 3:27 PM, FERNANDO FREDIANI < fernando.frediani@upx.com> wrote:
Out of curiosity how much traffic can it handle running in these Virtual Machines on the top of reasonable hardware ?
Fernando
2018-03-23 4:58 GMT-03:00 Joop <jvdwege@xs4all.nl>:
On 22-3-2018 10:17, Yaniv Kaul wrote:
On Wed, Mar 21, 2018 at 10:37 PM, Charles Kozler < <ckozleriii@gmail.com>ckozleriii@gmail.com> wrote:
Hi All -
Recently did this and thought it would be worth documenting. I couldnt find any solid information on vsrx with kvm outside of flat KVM. This outlines some of the things I hit along the way and how to fix. This is my one small way of giving back to such an incredible open source tool
Thanks for sharing! Why didn't you just upload the qcow2 disk via the UI/API though? There's quite a bit of manual work that I hope is not needed?
@Work we're using Juniper too and oud of curiosity I downloaded the qcow2 image and used the UI to upload it and add it to a VM. It just works :-) oVirt++
Joop
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
participants (4)
-
Charles Kozler -
FERNANDO FREDIANI -
Joop -
Yaniv Kaul