EVE-NG and Juniper Devices – Pimping your KVM

Have you ever noticed that your vSRX, vMX and vQFX run on insane CPU percentage?
Well yes, you might think because on DPDK Hosts (I wrote about that earlier), the v-Devices run in “Poll-Mode”. But that doesn’t mean, you can’t try to “improve” this behavior.

CAUTION: I tried this myself and have not seen any issues so far – however, this does not guarantee fatal possible side-effects, that I’m unaware of or that do not affect my Labs. If you mess with your EVE, you are on your own so try it and if it works fine, if not you should probably change it back or wait for the official release from the EVE-NG Team if this turns out to be working and they feel the need to implement this. I only tried this with “Pure-Juniper” Labs so far.

In my Test-Setup (1 vMX and 2 vQFX) my CPU went from 35% to below 16% (EVE on ESX).
I think Bare (which I will try next) will show the same if not more drops in the CPU usage.

Update 02.09.2019 – Yes. Bare was even more crazy, allowing me to run 40vQFX at the same time at roughly 70% CPU usage!!!! Insane :O

Also, there was no need to reboot the host.

Test-Setup
After the config-knob

Here’s what I changed:

and

Let me know in the comments or on Twitter if this also worked for you and if you see any side effects please also let me know.

Heres some background in case you wonder, what this does:
https://www.kernel.org/doc/Documentation/virtual/kvm/halt-polling.txt
The interesting Part for me was the Notes at the end:

Sounds like the v-Devices, right? 😉

10 thoughts on “EVE-NG and Juniper Devices – Pimping your KVM

  1. E.V.

    Hi Christian.

    I’ve been looking to get into Juniper and saw your blog. I had a question about setting up Juniper images in EVE. Are you also installing licenses on the vMx images, or will you have limited functionality to do basic testing without the needs of licenses? I see there are evaluation 60-day licenses, so I was just wondering if it was necessary to keep getting these licenses every 60-days to run the images or not.

    Thank you!

    Reply
    1. christianscholz Post author

      Hi E.V.

      this depends actually what I want to try.
      For most of the scenarios I need the 60-day advanced Test License.
      After 60 days, you can always “wipe” your vMX, giving you another 60 days (just re-paste your config and license and you’re done).

      BR
      Chris

      Reply
      1. E.V.

        Thank you so much Christian! That’s great to know you can just re-use the license by wiping out the image and re-installing a new one.

        Reply
  2. networkjitter

    Hi Christian,

    Thanks for the great post. I configured this too in my lab (EVE on ESXi) and saw significant reduction in CPU utilization. Since posting this, have you noticed any side effects from the change? Also I’m curious to know what version of vQFX you’re running in your lab and what resource (vCPU, memory) allocations you’re using. I’m currently running 18.4R1 and EVE defaults to the following which seems generous IMO.

    vQFX RE: 2 vCPU, 2G RAM
    vQFX PFE: 2 vCPU, 4G RAM

    Cheers!

    Reply
  3. James

    Hi Christian

    I just tried this (10 VMX (Junos 14, single image version)… On my server this setup (all sitting at amnesiac) was idle at 14%.. After the changes, it’s idle at 19% 😀

    Maybe those older ones don’t use DPDK?

    Reply
    1. christianscholz Post author

      Hi James,

      thats odd 😀
      I never saw that behavior, but I also don’t use 14 anymore because of all the EVPN Improvements in 18.x

      Reply
  4. sam yang

    Hi Christine,
    Nice to meet you over here. Can I ask you a question about vMX (v14) and (v15) over EVE-NG? Thank you in advanced.
    Unable to use telnet to open vMX on EVE-NG. The implementation steps as follows:

    1. Download the following two imgs and saved at /opt/unetlab/addons/qemu/;

    root@eve-ng:/opt/unetlab/addons/qemu# ls -lrt | grep jinstall
    -rw-r–r– 1 root root 992411648 Jun 30 2016 jinstall-vmx-15.1F6.9-domestic.img
    -rw-r–r– 1 root root 648740864 Jan 19 01:30 jinstall-vmx-14.1R8.6-domestic.img
    root@eve-ng:/opt/unetlab/addons/qemu#

    2. create vmx14 and vmx15 directory

    root@eve-ng:/opt/unetlab/addons/qemu# mkdir vmx14
    root@eve-ng:/opt/unetlab/addons/qemu# mkdir vmx15
    root@eve-ng:/opt/unetlab/addons/qemu#

    3. convert the img to qcow2:

    root@eve-ng:/opt/unetlab/addons/qemu# qemu-img convert -f raw -O qcow2 jinstall-vmx-14.1R8.6-domestic.img vmx14/hda.qcow2

    root@eve-ng:/opt/unetlab/addons/qemu# qemu-img convert -f raw -O qcow2 jinstall-vmx-15.1F6.9-domestic.img vmx15/hda.qcow2
    root@eve-ng:/opt/unetlab/addons/qemu# chmod -R 777 vmx14/
    root@eve-ng:/opt/unetlab/addons/qemu# chmod -R 777 vmx15/

    root@eve-ng:/opt/unetlab/addons/qemu# ls -lrt vmx14/
    total 633864
    -rwxrwxrwx 1 root root 649134080 Jan 19 12:03 hda.qcow2
    root@eve-ng:/opt/unetlab/addons/qemu# ls -lrt vmx15/
    total 969480
    -rwxrwxrwx 1 root root 992804864 Jan 19 12:03 hda.qcow2
    root@eve-ng:/opt/unetlab/addons/qemu#

    4. Fix permission

    root@eve-ng:/opt/unetlab/addons/qemu# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

    5. go to http portal of eve-ng, and setup the vmx router

    2 vcpu, 4G RAM for each vMX are configured.

    6 start the vmx01 and vmx02 in EVE-NG, however the telnet session looks green but nothing is displayed from either SecureCRT, or Putty.

    My question:

    1. what setup is wrong? like qemu? junos image? steps?

    2. why the telnet over secureCRT or Putty does not show any content? but the telnet session shows green other than red?

    3. I have tested eve-ng in bare metal server and in VMware workstation, both do not work. why?

    4. vMX VCP and VFP seperated VMs over EVE-NG work very well, but only vmx v14 and v15 cannot be opened by telnet session.

    Reply
    1. christianscholz Post author

      Hi Sam,

      1. what setup is wrong? like qemu? junos image? steps?
      –> Steps are correct. I looked at the 14 and 15 images on my EVE and they both seem to run fine.
      What EVE are you currently using?

      2. why the telnet over secureCRT or Putty does not show any content? but the telnet session shows green other than red?
      –> It’s showing content here – where did you get the images from?

      3. I have tested eve-ng in bare metal server and in VMware workstation, both do not work. why?
      –> Hard to tell from remote. Could be a lot of issues

      4. vMX VCP and VFP seperated VMs over EVE-NG work very well, but only vmx v14 and v15 cannot be opened by telnet session.
      –> That’s because the architecture was different back in the 14.x and 15.x days of the vMX. Juniper later (16.x and onward) split the vMX into a vCP and a vFP. Any Specific reason, why you use the old Versions? Just curious 🙂

      BR
      Christian

      Reply
      1. Sam

        1. eve-ng version:
        root@eve-ng:~# dpkg -l eve-ng
        Desired=Unknown/Install/Remove/Purge/Hold
        | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
        |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
        ||/ Name Version Architecture Description
        +++-=========================================-=========================-=========================-=======================================================================================
        ii eve-ng 2.0.3-102 amd64 A new generation software for networking labs.
        root@eve-ng:~#

        2. it is 60 days trial image from Juniper website. we are Juniper customer

        4. because vcp+ vfp are heavy to spend lot vcpu/ram resoure, I’d like a lighter vMX and support most MX feature, so vMX-15 or -14 are preferred in these locations.

        Do you think the qemu needs any customized setup? or just default setup?

        Reply
  5. sam yang

    Hi Chris,

    I installed vMX v14 and v15 over EVE-NG, but there is no any content displayed while I run telnet session from Putty or SecureCRT by emulating console login.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Captcha * Time limit is exhausted. Please reload CAPTCHA.