vmx Getting Started Guide for Microsoft Azure Release 17.4 Modified: 2018-01-31
Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. and/or its affiliates in the United States and other countries. All other trademarks may be property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. vmx Getting Started Guide for Microsoft Azure 17.4 Copyright 2018 Juniper Networks, Inc. All rights reserved. The information in this document is current as of the date on the title page. YEAR 2000 NOTICE Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036. END USER LICENSE AGREEMENT The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networks software. Use of such software is subject to the terms and conditions of the End User License Agreement ( EULA ) posted at http://www.juniper.net/support/eula/. By downloading, installing or using such software, you agree to the terms and conditions of that EULA. ii
Table of Contents About the Documentation............................................ vii Documentation and Release Notes................................. vii Documentation Conventions...................................... vii Documentation Feedback......................................... ix Requesting Technical Support...................................... x Self-Help Online Tools and Resources............................ x Opening a Case with JTAC...................................... x Chapter 1 Overview......................................................... 13 vmx and Microsoft Azure Overview..................................... 13 Benefits and Uses of vmx Routers.................................. 13 vmx Limitations on Microsoft Azure................................. 13 vmx with Microsoft Azure......................................... 13 System Requirements for vmx on Microsoft Azure......................... 14 Chapter 2 Installing vmx from the Azure Portal................................. 15 Before You Deploy vmx from the Azure Portal............................ 15 Setting Up Your Azure Subscription..................................... 16 Creating a Resource Group........................................ 16 Creating a Storage Account........................................ 17 Creating a Virtual Network........................................ 18 Creating Additional Subnets...................................... 20 Deploying the vmx Image from Azure Marketplace......................... 21 Deploying the vmx Image......................................... 22 Verifying Deployment of vmx to Microsoft Azure...................... 25 Adding Network Interfaces........................................ 26 Logging In to a vmx VM........................................... 27 Initially Configuring vmx.......................................... 28 Chapter 3 Installing vmx from the Azure CLI................................... 29 Before You Deploy vmx Using the Azure CLI.............................. 29 Deploying vmx from the Azure CLI..................................... 30 Using the Microsoft Azure CLI...................................... 31 Installing the Azure CLI........................................ 31 Launching Azure Cloud Shell................................... 33 Using the vmx Deployment Tools.................................. 33 Modifying vmx Configuration Parameters for Deployment.............. 36 Changing the Azure Configuration Parameters.................... 36 Adding NICs to the Configuration............................... 37 Deploying the vmx Using the Shell Script............................ 38 Verifying Deployment of vmx to Microsoft Azure...................... 39 iii
Getting Started Guide for Microsoft Azure Logging In to a vmx Instance...................................... 39 Initially Configuring vmx.......................................... 40 Deleting vmx Using the Azure CLI................................... 41 Chapter 4 Configuring vmx Chassis-Level Features............................. 43 Configuring the Number of Active Ports on vmx.......................... 43 Naming the Interfaces............................................... 43 Configuring the Media MTU........................................... 44 Enabling Performance Mode or Lite Mode............................... 44 Tuning Performance Mode........................................... 45 Managing vmx Licenses............................................. 46 Adding a License................................................ 46 Deleting a License............................................... 47 Chapter 5 Class of Service for vmx........................................... 49 CoS on vmx Overview............................................... 49 CoS Features and Limitations on vmx.................................. 50 Configuring Hierarchical CoS on vmx................................... 52 Enabling Flexible Queuing........................................ 52 Mapping Forwarding Classes to Queues on vmx...................... 52 Configuring Traffic Control Profiles for vmx........................... 52 Configuring Schedulers on vmx.................................... 52 Example: Configuring Hierarchical CoS on vmx........................... 53 Configuring Four-Level Hierarchical Scheduling on vmx.................... 57 Packet Loss Priority and Drop Profiles on vmx............................ 58 Limitations.................................................... 59 Managing Congestion Using Drop Profiles and Packet Loss Priorities on vmx... 59 Configuring Drop Profiles......................................... 60 Configuring Schedulers with Drop Profiles........................... 60 iv
List of Tables About the Documentation.......................................... vii Table 1: Notice Icons................................................. viii Table 2: Text and Syntax Conventions................................... viii Chapter 1 Overview......................................................... 13 Table 3: System Requirements for vmx - Standard_F8 VM.................. 14 v
Getting Started Guide for Microsoft Azure vi
About the Documentation Documentation and Release Notes Documentation and Release Notes on page vii Documentation Conventions on page vii Documentation Feedback on page ix Requesting Technical Support on page x Documentation Conventions To obtain the most current version of all Juniper Networks technical documentation, see the product documentation page on the Juniper Networks website at http://www.juniper.net/techpubs/. If the information in the latest release notes differs from the information in the documentation, follow the product Release Notes. Juniper Networks Books publishes books by Juniper Networks engineers and subject matter experts. These books go beyond the technical documentation to explore the nuances of network architecture, deployment, and administration. The current list can be viewed at http://www.juniper.net/books. Table 1 on page viii defines notice icons used in this guide. vii
Getting Started Guide for Microsoft Azure Table 1: Notice Icons Icon Meaning Description Informational note Indicates important features or instructions. Caution Indicates a situation that might result in loss of data or hardware damage. Warning Alerts you to the risk of personal injury or death. Laser warning Alerts you to the risk of personal injury from a laser. Tip Indicates helpful information. Best practice Alerts you to a recommended use or implementation. Table 2: Text and Syntax Conventions Table 2 on page viii defines the text and syntax conventions used in this guide. Convention Description Examples Bold text like this Represents text that you type. To enter configuration mode, type the configure command: user@host> configure Fixed-width text like this Represents output that appears on the terminal screen. user@host> show chassis alarms No alarms currently active Italic text like this Introduces or emphasizes important new terms. Identifies guide names. Identifies RFC and Internet draft titles. A policy term is a named structure that defines match conditions and actions. Junos OS CLI User Guide RFC 1997, BGP Communities Attribute Italic text like this Represents variables (options for which you substitute a value) in commands or configuration statements. Configure the machine s domain name: root@# set system domain-name domain-name viii
About the Documentation Table 2: Text and Syntax Conventions (continued) Convention Description Examples Text like this Represents names of configuration statements, commands, files, and directories; configuration hierarchy levels; or labels on routing platform components. To configure a stub area, include the stub statement at the [edit protocols ospf area area-id] hierarchy level. The console port is labeled CONSOLE. < > (angle brackets) Encloses optional keywords or variables. stub <default-metric metric>; (pipe symbol) Indicates a choice between the mutually exclusive keywords or variables on either side of the symbol. The set of choices is often enclosed in parentheses for clarity. broadcast multicast (string1 string2 string3) # (pound sign) Indicates a comment specified on the same line as the configuration statement to which it applies. rsvp { # Required for dynamic MPLS only [ ] (square brackets) Encloses a variable for which you can substitute one or more values. community name members [ community-ids ] Indention and braces ( { } ) ; (semicolon) Identifies a level in the configuration hierarchy. Identifies a leaf statement at a configuration hierarchy level. routing-options { static { route default { nexthop address; retain; } } } GUI Conventions Bold text like this Represents graphical user interface (GUI) items you click or select. In the Logical Interfaces box, select All Interfaces. To cancel the configuration, click Cancel. > (bold right angle bracket) Separates levels in a hierarchy of menu selections. In the configuration editor hierarchy, select Protocols>Ospf. Documentation Feedback We encourage you to provide feedback, comments, and suggestions so that we can improve the documentation. You can provide feedback by using either of the following methods: Online feedback rating system On any page of the Juniper Networks TechLibrary site at http://www.juniper.net/techpubs/index.html, simply click the stars to rate the content, and use the pop-up form to provide us with information about your experience. Alternately, you can use the online feedback form at http://www.juniper.net/techpubs/feedback/. ix
Getting Started Guide for Microsoft Azure E-mail Send your comments to techpubs-comments@juniper.net. Include the document or topic name, URL or page number, and software version (if applicable). Requesting Technical Support Technical product support is available through the Juniper Networks Technical Assistance Center (JTAC). If you are a customer with an active J-Care or Partner Support Service support contract, or are covered under warranty, and need post-sales technical support, you can access our tools and resources online or open a case with JTAC. JTAC policies For a complete understanding of our JTAC procedures and policies, review the JTAC User Guide located at http://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf. Product warranties For product warranty information, visit http://www.juniper.net/support/warranty/. JTAC hours of operation The JTAC centers have resources available 24 hours a day, 7 days a week, 365 days a year. Self-Help Online Tools and Resources For quick and easy problem resolution, Juniper Networks has designed an online self-service portal called the Customer Support Center (CSC) that provides you with the following features: Find CSC offerings: http://www.juniper.net/customers/support/ Search for known bugs: https://prsearch.juniper.net/ Find product documentation: http://www.juniper.net/documentation/ Find solutions and answer questions using our Knowledge Base: http://kb.juniper.net/ Download the latest versions of software and review release notes: http://www.juniper.net/customers/csc/software/ Search technical bulletins for relevant hardware and software notifications: http://kb.juniper.net/infocenter/ Join and participate in the Juniper Networks Community Forum: http://www.juniper.net/company/communities/ Open a case online in the CSC Case Management tool: http://www.juniper.net/cm/ To verify service entitlement by product serial number, use our Serial Number Entitlement (SNE) Tool: https://entitlementsearch.juniper.net/entitlementsearch/ Opening a Case with JTAC You can open a case with JTAC on the Web or by telephone. Use the Case Management tool in the CSC at http://www.juniper.net/cm/. Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico). x
About the Documentation For international or direct-dial options in countries without toll-free numbers, see http://www.juniper.net/support/requesting-support.html. xi
Getting Started Guide for Microsoft Azure xii
CHAPTER 1 Overview vmx and Microsoft Azure Overview vmx and Microsoft Azure Overview on page 13 System Requirements for vmx on Microsoft Azure on page 14 The vmx router is a virtual version of the MX Series 3D Universal Edge Router. Like the MX Series router, the vmx router runs the Junos operating system (Junos OS) and supports Junos OS packet handling and forwarding modeled after the Trio chipset. Configuration and management of vmx routers are the same as for physical MX Series routers. Benefits and Uses of vmx Routers You can use the vmx router to: Quickly introduce new services More easily deliver customized and personalized services to customers Scale operations to push IP services closer to customers or to manage network growth when growth forecasts are low or uncertain Quickly expand service offerings into new sites vmx Limitations on Microsoft Azure vmx does not support these features on Microsoft Azure: Layer 2 features, and any features or protocols dependent on Layer 2 features Attachment or detachment of interfaces while a vmx instance is running VLAN tagging Jumbo frames (MTU greater than 1500) vmx with Microsoft Azure Microsoft Azure is Microsoft's application platform for the public cloud. It is an open, flexible, enterprise-grade cloud computing platform for building, deploying, and managing applications and services through a global network of Microsoft-managed data centers. You place your virtual machines (VMs) onto Azure virtual networks, where the distributed 13
Getting Started Guide for Microsoft Azure and virtual networks in Azure help ensure that your private network traffic is logically isolated from traffic on other Azure virtual networks. You can add vmx as an application instance within an Azure virtual network. You can deploy the vmx VM in Azure using the following deployment methods: Azure Marketplace You can select the vmx VM image and define the deployment settings and dependencies based on your specific networking requirements. Azure CLI You can customize the vmx VM deployment settings and dependencies based on your network requirements in Microsoft Azure Cloud. To help automate and simplify the deployment of the vmx VM in the Microsoft Azure virtual network, Juniper Networks provides script and configuration files. NOTE: In Microsoft Azure, you can host servers and services on the cloud as a pay-as-you-go (PAYG) or bring-your-own-license (BYOL) service. PAYG images do not require Juniper Networks licenses. System Requirements for vmx on Microsoft Azure Microsoft Azure supports a wide variety of sizes and options for deployed Azure virtual machines (VMs). For vmx, you can choose Standard_F8 size. The F-series VMs are based on the 2.4 GHz Intel Xeon E5-2673 v3 processor (Haswell). Table 3 on page 14 outlines the recommended system requirements for a vmx instance, Standard_F8 size VM. Table 3: System Requirements for vmx - Standard_F8 VM Component Specification Size Standard_F8 CPU cores 8 Memory 16 GB Maximum number of data disks 32 Maximum temporary storage throughput: IOPS / Read MBps / Write MBps 24,000 / 375 / 187 Maximum data disks / throughput: IOPS 32 / 32x500 Maximum number of NICs / network bandwidth (Mbps) 8 / 6,000 14
CHAPTER 2 Installing vmx from the Azure Portal Before You Deploy vmx from the Azure Portal on page 15 Setting Up Your Azure Subscription on page 16 Deploying the vmx Image from Azure Marketplace on page 21 Before You Deploy vmx from the Azure Portal You can deploy vmx in your virtual network directly from the Azure portal. This method provides a browser-based user interface for creating and configuring virtual machines and all related resources. You can deploy the vmx in your Azure virtual network by selecting the vmx image from Azure Marketplace and customizing the vmx VM deployment settings and dependencies based on your network requirements in Microsoft Azure Cloud. Before you begin deploying the vmx from the Azure Marketplace: Obtain an account for and a subscription to Microsoft Azure (see Microsoft Azure). Use your Microsoft account username and password to log into the Microsoft Azure portal. Purchase a vmx license or request an evaluation license. Licenses can be procured from the Juniper Networks License Management System (LMS). For information about the evaluation license for vmx, see https://www.juniper.net/us/en/dm/free-vmx-trial/. NOTE: In Microsoft Azure, you can host servers and services on the cloud as a pay-as-you-go (PAYG) or bring-your-own-license (BYOL) service. PAYG images do not require Juniper Networks licenses. Ensure that your Azure subscription includes the following for your VM: Resource group, as described in Creating a Resource Group on page 16. Storage account, as described in Creating a Storage Account on page 17. Virtual network, as described in Creating a Virtual Network on page 18. 15
Getting Started Guide for Microsoft Azure Related Documentation Setting Up Your Azure Subscription on page 16 Deploying the vmx Image from Azure Marketplace on page 21 System Requirements for vmx on Microsoft Azure on page 14 vmx and Microsoft Azure Overview on page 13 Setting Up Your Azure Subscription Ensure that your Azure subscription includes the following items for your VM: Resource group Storage account Virtual network If you do not have these items in your subscription, perform the appropriate task to create them. Creating a Resource Group on page 16 Creating a Storage Account on page 17 Creating a Virtual Network on page 18 Creating Additional Subnets on page 20 Creating a Resource Group A resource group contains the resources required to successfully deploy a VM in Azure. It is a container that holds related resources for an Azure solution. In Azure, you logically group related resources such as storage accounts, virtual networks, and virtual machines (VMs) to deploy, manage, and maintain them as a single entity. If you do not have an existing resource group in your subscription, then follow the steps outlined in this procedure. To create a resource group in Azure: 1. Log in to the Microsoft Azure portal using your Microsoft account username and password. The Dashboard appears in the Azure portal. You see a unified dashboard for all your assets in Azure. Verify that the dashboard includes all subscriptions to which you currently have access, and all resource groups and associated resources. 2. Click Resource groups from the menu of services to access the Resource Groups blade. You will see all the resource groups in your subscription listed in the blade. 3. Click Add (+) to create a new resource group. The Create Resource Group blade appears. 16
Chapter 2: Installing vmx from the Azure Portal 4. Provide the following information for the new resource group. Parameter Description Resource Group Name Enter a unique name for your new resource group. A resource group name can include alphanumeric characters, periods (.), underscores (_), hyphens (-), and parenthesis (), but the name cannot end with a period. Subscription Select your Microsoft Azure subscription. Resource Group Location Select the location of the Microsoft Azure data center from which you intend to deploy the VM. Specify a location where the majority of your resources will reside. Typically, select the location that is closest to your physical location. 5. Click Create. The resource group might take a few seconds to create. Once it is created, you see the resource group on the Azure portal dashboard. Creating a Storage Account An Azure storage account provides a unique namespace to store and access your Azure storage data objects. All objects in a storage account are billed together as a group. By default, the data in your account is available only to the account owner. If you do not have an existing storage account in your subscription, follow the steps outlined in this procedure. To create a storage account in Azure: 1. Log in to the Microsoft Azure portal using your Microsoft account username and password. The Dashboard appears in the Azure portal. You see a unified dashboard for all your assets in Azure. Verify that the dashboard includes all subscriptions to which you currently have access, and all resource groups and associated resources. 2. Click Storage Accounts from the menu of services to access the Storage Accounts blade. 3. Click Add (+) to create a new storage account. The Create Storage Account blade appears. 4. Provide the following information for the new storage account. Parameter Description Name Enter a unique name for your new storage account. A storage account name can contain only lowercase letters and numbers, and must be between 3 and 24 characters. Deployment Model Select Resource Manager as the deployment model. 17
Getting Started Guide for Microsoft Azure Parameter Description Account Kind Select the type of storage account: General purpose or Blob storage. The default is General purpose. If General Purpose was selected, then specify the performance tier: Standard or Premium. The default is Standard. If Blob storage was selected, then specify the access tier: Hot or Cool. The default is Hot. Performance Select the type of performance: Standard or Premium. The default is Standard. Replication Select the replication option for the storage account: Locally redundant storage (LRS), Geo-redundant storage (GRS), Read-access geo-redundant storage (RA-GRS), or Zone-redundant storage (ZRS). The default is RA-GRS. Secure Transfer Required Enable or disable this option to enhance the security of your storage account by allowing requests to the storage account by HTTPS only. The default is Disabled. Subscription Select your Microsoft Azure subscription. Resource Group Select your existing resource group (see Creating a Resource Group on page 16). Location Select the Azure data center geographic region in which you are deploying the vmx VM. Typically, select the location that is closest to your physical location. F-Series VMs are available in certain regions. See Azure Products by Region for geographic availability. NOTE: The locations for the storage account and resource group must match. 5. Click Create. The storage account might take a few seconds to create. Once it is created, you see the storage account on the Azure portal dashboard. Creating a Virtual Network The Azure Virtual Network service enables you to securely connect Azure resources to each other with virtual networks. A virtual network is a representation of your own network in the cloud. It is a logical isolation of the Azure cloud dedicated to your subscription. You can also connect virtual networks to your on-premises network. If you do not have an existing Azure virtual network, follow the steps outlined in this procedure. 18
Chapter 2: Installing vmx from the Azure Portal To create an Azure virtual network: 1. Log in to the Microsoft Azure portal using your Microsoft account user name and password. The Dashboard appears in the Azure portal. You will see a unified dashboard for all your assets in Azure. Verify that the dashboard includes all subscriptions to which you currently have access, and all resource groups and associated resources. 2. Click Virtual Networks from the menu of services to access the Virtual Networks blade. 3. Click Add (+) to create a new virtual network. The Create Virtual Network blade appears. 4. Provide the following information for the new virtual network. Parameter Description Name Enter a unique name for your new virtual network. The virtual network name must begin with a letter or number, end with a letter, number, or underscore, and the name may contain only letters, numbers, underscore, periods, or hyphens. Address Space Enter the virtual network s address range in CIDR notation. By default, the address range is 10.0.0.0/24. Use a /16 address space; for example, 20.0.0.0/16. NOTE: Ensure that the address space does not overlap with an existing network. Subscription Select your Microsoft Azure subscription. Resource Group Select your existing resource group (see Creating a Resource Group on page 16). Location Select the Azure data center geographic region in which you are deploying the vmx VM. Typically, select the location that is closest to your physical location. F-Series VMs are available in certain regions. See Azure Products by Region for geographic availability. NOTE: The locations for the storage account and resource group must match. Subnet name Enter a unique name for the subnet of the Azure virtual network. The subnet name must begin with a letter or number, end with a letter, number, or underscore, and the name may contain only letters, numbers, underscore, periods, or hyphens. 19
Getting Started Guide for Microsoft Azure Parameter Description Subnet Address Range Enter a network subnet address range in CIDR notation. It must be contained by the address space of the virtual network, as defined in the Address Space field. Subnet address ranges cannot overlap one another. By default, the address range is 10.0.0.0/24. The subnet is a range of IP addresses in your virtual network to isolate VMs. Public subnets have access to the Internet gateway, but private subnets do not. NOTE: The address range of a subnet that is already in use cannot be edited. A vmx VM requires at least one public subnet and one or more private subnets for each individual instance group. The management interface (fxp0) uses a public subnet and the revenue (data) interfaces can use either public or private subnets. The private subnets, connected to the other vmx interfaces, ensure that all traffic between applications on the private subnets and the Internet must pass through the vmx instance. NOTE: In the Azure portal, you can define only a single subnet for the public subnet used by the management interface (fxp0) when you create a virtual network. You must create at least one subnet for a WAN port. To add a subnet, click Virtual networks in the Azure dashboard and then open the existing virtual network to modify it. See Creating Additional Subnets on page 20. 5. Click Create. The virtual network might take a few seconds to create. Once it is created, you will see the virtual network on the Azure portal dashboard. Creating Additional Subnets Azure resources are deployed into virtual network subnets. When you create the virtual network, the public subnet for the management interface (fxp0) is created. You must create at least one subnet for a WAN port. If you do not have an existing Azure virtual network, see Creating a Virtual Network on page 18. To create a subnet: 1. Log in to the Microsoft Azure portal using your Microsoft account user name and password. The Dashboard appears in the Azure portal. You will see a unified dashboard for all your assets in Azure. Verify that the dashboard includes all subscriptions to which you currently have access, and all resource groups and associated resources. 2. Click Virtual Networks from the menu of services to access the Virtual Networks blade. Select the virtual network to which you want to add a subnet. 20
Chapter 2: Installing vmx from the Azure Portal 3. Click Subnets on the Virtual Networks blade. 4. Click (+Subnet) to create a new subnet. The Create Subnet blade appears. 5. Provide the following information for the new subnet. Parameter Description Name Enter a unique name for the subnet of the Azure virtual network. The subnet name must begin with a letter or number, end with a letter, number, or underscore, and the name may contain only letters, numbers, underscore, periods, or hyphens. Address Range Enter a network subnet address range in CIDR notation. It must be contained by the address space of the virtual network, as defined in the Address Space field. Subnet address ranges cannot overlap one another. By default, the address range is 10.0.0.0/24. The subnet is a range of IP addresses in your virtual network to isolate VMs. Public subnets have access to the Internet gateway, but private subnets do not. NOTE: The address range of a subnet that is already in use cannot be edited. Network Security Group (Optional) Select None. The network security group is a set of firewall rules that control traffic to and from the VM. You can apply a network security group to each network interface (NIC) in the VM. Route Table (Optional) Select None. The route table controls network traffic to other networks. 6. Click OK. Once it is created, you will see the subnet on the Azure portal dashboard. NOTE: You must create a network interface for each subnet that you create (see Adding Network Interfaces on page 26). You can add network interfaces after you have deployed the vmx VM, but you must add them immediately after you have verified deployment of vmx to Microsoft Azure. Deploying the vmx Image from Azure Marketplace You can deploy vmx in your Azure virtual network by selecting the vmx image from Azure Marketplace and customizing the vmx VM deployment settings and dependencies based on your network requirements in Microsoft Azure Cloud. NOTE: Be sure you have an account for and a subscription to Microsoft Azure before deploying vmx to Azure (see Microsoft Azure). 21
Getting Started Guide for Microsoft Azure Use the following procedures to deploy and configure a vmx VM into an Azure virtual network from the Azure portal. Deploying the vmx Image on page 22 Verifying Deployment of vmx to Microsoft Azure on page 25 Adding Network Interfaces on page 26 Logging In to a vmx VM on page 27 Initially Configuring vmx on page 28 Deploying the vmx Image To deploy and configure a vmx VM into an Azure virtual network using the vmx image from Azure Marketplace: 1. Log in to the Microsoft Azure portal using your Microsoft account user name and password. The Dashboard appears in the Azure portal. You will see a unified dashboard for all your assets in Azure. Verify that the dashboard includes all subscriptions to which you currently have access, and all resource groups and associated resources. 2. Click Marketplace from the dashboard to access the Azure Marketplace, and then click Compute (or click New > Compute). Enter vmx to search for the available Juniper Networks vmx VM images in the Azure Marketplace. 3. Select the vmx VM image from the list and then click Create to initiate the vmx VM deployment process. Note that Bring Your Own License is enabled for the vmx VM deployment, and that Resource Manager is automatically selected as the deployment model. 4. From the Create Virtual Machine blade, select 1 Basics and configure the following parameters. Parameter Description Name Specify a name for your vmx VM. Your vmx VM name cannot contain non-ascii or special characters. VM Disk Type Specify the disk type to use for the vmx VM: SSD or HDD. The default is SSD. Select HDD. User name Enter a username to access the vmx VM. The username cannot contain uppercase characters, special characters, or start with a $ or - character. Authentication type Select the required method of authentication to access the vmx VM. Select SSH public key as type of authentication and then enter (and confirm) your SSH public key. SSH public key Enter the SSH public key used to access the vmx VM. 22
Chapter 2: Installing vmx from the Azure Portal Parameter Description Subscription Select your Microsoft Azure subscription. Resource Group Select your existing resource group. Location Select the Azure data center geographic region in which you are deploying the vmx VM. Typically, select the location that is closest to your physical location. F-Series VMs are available in certain regions. See Azure Products by Region for geographic availability. NOTE: The locations for the storage account and resource group must match. Click OK. 5. From the Create Virtual Machine blade, select 2 Size, select F8 Standard as the vmx VM size. Click Select. F8 Standard is used for a vmx VM deployment. See System Requirements for vmx on Microsoft Azure on page 14 for the recommended system requirements for a vmx instance in Microsoft Azure. 6. From the Create Virtual Machine blade, select 3 Settings, and configure the following parameters to define the storage, networking, and monitoring settings for the vmx VM. Click OK when completed. Parameter Description Storage Used Managed Disks Specify whether you want Azure to automatically manage the availability of disks to provide data redundancy and fault tolerance without you creating and managing a storage account. Click No. Storage Account If you need to change the storage account for the vmx VM, click the right arrow to access the Choose Storage Account blade. Select an existing storage account for the vmx VM, or click Create new (+) to create a new one. Network Virtual Network If you need to change the virtual network for the vmx VM, click the right arrow to access the Choose Virtual Network blade. Select an existing virtual network for the vmx VM, or click Create new (+) to create a new one. 23
Getting Started Guide for Microsoft Azure Parameter Description Subnet Enter a subnet, which is a range of IP addresses in your virtual network to isolate VMs. Public subnets have access to the Internet gateway, but private subnets do not. A vmx VM requires at least one public subnet and one or more private subnets for each individual instance group. The management interface (fxp0) uses a public subnet and the revenue (data) interfaces can use either public or private subnets. The private subnets, connected to the other vmx interfaces, ensure that all traffic between applications on the private subnets and the Internet must pass through the vmx instance. A vmx VM requires two public subnets and one or more private subnets for each individual instance group. The public subnets consist of one for the management interface (fxp0) and another for the two revenue (data) interfaces. The private subnets, connected to other vmx interfaces, ensure that all traffic between applications on the private subnets and the Internet must pass through the vmx instance. To modify the subset for the virtual network, click the right arrow to access the Create Subnet blade. Configure the following parameters: Subnet name A unique name for the subnet in the Azure virtual network. Subnet address range The subnet s address range in CIDR notation. It must be contained by the address space of the virtual network. Subnet address ranges cannot overlap one another. By default, the address range is 10.0.0.0/24. NOTE: The address range of a subnet that is already in use cannot be edited. Public IP address Specify the public IP address that allows communication to the vmx VM from outside the Azure virtual network. To modify the public IP address for the vmx VM, click the right arrow to access the Choose Public IP Address blade. Select a public IP address in your Azure subscription and location, or click Create new (+) to create a new one. Configure the following parameters: Name A unique name for the public IP address. Assignment There are two methods in which an IP address is allocated to a public IP resource: dynamic or static. By default, public IP addresses are dynamic, where an IP address is not allocated at the time of its creation. Instead, the public IP address is allocated when you start (or create) the resource. The IP address associated to them may change when the vmx VM is deleted. To guarantee that the vmx VM always uses the same public IP address, we recommend you assign a static public IP address. Network security group Select None. The network security group is a set of firewall rules that control traffic to and from the VM. You can apply a network security group to each network interface (NIC) in the VM. Extensions Extensions No extensions are used for the vmx VM. High Availability 24
Chapter 2: Installing vmx from the Azure Portal Parameter Description Availability Set Confiigure two or more VMs in an availability set to provide redundancy to an application. NOTE: Availability Set should be set to None for the vmx VM. Availablilty Set is not used for the vmx VM in Azure. Monitoring Boot Diagnostics Enables or disables the capturing of serial console output and screenshots of the VM running on the host to help diagnose start-up issues. The default is Enabled. Guest OS Diagnostics Enables or disables the ability to obtain metrics every minute for the VM. Choices are: Disabled or Enabled. The default is Disabled. Diagnostics Storage Account Click the right arrow to view the details of the diagnostics storage account. Automatically fills in with the name of the diagnostics storage account from which you can analyze a set of metrics with your own tools. 7. From the Create Virtual Machine blade, select 4 Summary, and review the configuration settings. If you are satisfied with the configuration settings, click OK. 8. From the Create Virtual Machine blade, select 5 Buy to review the offer details and the terms of use. If you are satisfied with the offer details and terms of use, click Purchase. You return to the Azure portal dashboard, and the dashboard displays the deployment status of the vmx VM. Verifying Deployment of vmx to Microsoft Azure After the vmx VM is created, the Azure portal dashboard lists the new vmx VM under Resource Groups. The corresponding cloud service and storage account also are created and listed. Both the vmx VM and the cloud service are started automatically and their status is listed as Running. To verify the deployment of the vmx instance to Microsoft Azure: 1. To view the vmx resource group and its resources after deployment is completed, from the right-hand menu, click Resource groups to access the Resource Groups page. 2. To view details of the vmx VM associated with the resource group, click the name of the vmx VM. Observe that the status is Running. NOTE: You can stop, start, restart, and delete a vmx VM from the Virtual Machine page in the Microsoft Azure portal. 25
Getting Started Guide for Microsoft Azure Adding Network Interfaces Azure resources are deployed into virtual network subnets. When you create the virtual network, the public subnet for the management interface (fxp0) is created. You must create at least one subnet for a WAN port (see Creating Additional Subnets on page 20). If you create a subnet, it must have a network interface (NIC) attached to it. You can attach network interfaces after you have deployed the VM. To add a network interface to a subnet: 1. Log in to the Microsoft Azure portal using your Microsoft account user name and password. The Dashboard appears in the Azure portal. You will see a unified dashboard for all your assets in Azure. Verify that the dashboard includes all subscriptions to which you currently have access, and all resource groups and associated resources. 2. Click Resource groups to access the Resource Groups blade. Select the vmx VM to which you want to add a network interface and click Stop VM. 3. Click Networking from the menu of services to access the Networking blade. Click Attach Network Interface. 4. Click Create Network Interface. Provide the following information for the network interface. Parameter Description Name Enter a unique name for the network interface. Virtual Network Select your virtual network. Subnet Enter the subnet to which you are attaching the network interface. Private IP Address Assignment Select Dynamic. Private IP Address Enter an address in the subnet address range. Network Security Group Select None. The network security group is a set of firewall rules that control traffic to and from the VM. You can apply a network security group to each network interface (NIC) in the VM. Resource Group Select your existing resource group (see Creating a Resource Group on page 16). 26
Chapter 2: Installing vmx from the Azure Portal Parameter Description Location Select the Azure data center geographic region in which you are deploying the vmx VM. Typically, select the location that is closest to your physical location. F-Series VMs are available in certain regions. See Azure Products by Region for geographic availability. NOTE: The locations for the storage account and resource group must match. 5. Click Create. 6. Click OK to attach the network interface to the VM. 7. Click Overview in the left pane and click Start VM to restart the VM. Logging In to a vmx VM After vmx deployment is completed, the vmx VM is automatically powered on and launched. At this point you can use an SSH client to log in to the vmx VM. NOTE: In Microsoft Azure, you can host servers and services on the cloud as a pay-as-you-go (PAYG) or bring-your-own-license (BYOL) service. PAYG images do not require Juniper Networks licenses. To log in to the vmx VM: 1. From the Azure portal, click Resource groups from the menu of services on the dashboard, and then select the vmx VM. Locate the public IP address of the vmx VM from the Settings blade. 2. Use an SSH client to log in to a vmx VM. 3. At the prompt, enter the following login credentials: NOTE: The vmx instance is automatically configured for SSH public and private key authentication. To log in, use the login credentials that were defined during the vmx VM configuration (see Deploying the vmx Image on page 22). After initially logging in to the vmx, you can configure password-based authentication. # ssh username@vm-ip-address The authenticity of host x.x.x.x (x.x.x.x)... ECDSA key fingerprint is SHA256:XXXXXXXXXXXXXXXXXXXXXXX. 27
Getting Started Guide for Microsoft Azure Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added x.x.x.x (ECDSA) to the list of known hosts. username@vm-ip-address 4. Configure the basic settings for the vmx VM (see Initially Configuring vmx on page 28). Initially Configuring vmx At a minimum, you must perform these initial Junos OS configuration tasks after logging in to vmx: 1. Start the CLI. root# cli 2. Enter configuration mode. root# configure 3. Configure the WAN interfaces with the same private IP address associated with the network interface. root# set interfaces interface-name unit 0 family inet address address For example: root# set interfaces ge-0/0/0 unit 0 family inet address 10.0.0.10/24 4. Commit the configuration. root# commit Related Documentation Before You Deploy vmx from the Azure Portal on page 15 Setting Up Your Azure Subscription on page 16 28
CHAPTER 3 Installing vmx from the Azure CLI Before You Deploy vmx Using the Azure CLI on page 29 Deploying vmx from the Azure CLI on page 30 Before You Deploy vmx Using the Azure CLI To help automate and simplify the deployment of vmx in the Microsoft Azure virtual network, Juniper Networks provides a script and a configuration file. The configuration file includes parameters that enable you to customize your vmx VM deployment, such as login username and network interfaces (NICs). The azure_cloud.sh shell script automates the deployment of the vmx virtual machine (VM) and virtual networks respectively, using the parameters in the azure.config configuration file. The azure_cloud.sh shell script creates network interfaces, virtual networks, virtual subnets, and the VM. Before you begin deploying vmx from the Azure CLI: Obtain an account for and a subscription to Microsoft Azure (see Microsoft Azure). From the Azure portal, you must first manually deploy the vmx image (only once) by using the vmx Services Gateway (BYOL) SKU to accept the EULA terms. This is a requirement before you can deploy the vmx image from the Azure CLI. By default, the Azure portal deployment tool uses the vmx Services Gateway (BYOL) SKU as the source image. Use your Microsoft account username and password to log into the Microsoft Azure portal. NOTE: You will encounter a MarketplacePurchaseEligibilityFailed error if do not first accept the EULA terms for the vmx image in the Azure portal before attempting to deploy the vmx image from the Azure CLI. You can also accept the EULA terms using Azure PowerShell (see Azure MarketPlace Ordering for information about the PowerShell commands). Install Azure command line interface (Azure CLI) 2.0 and enable Azure Resource Management (ARM) mode (see Install the Azure CLI 2.0). If you do not install the Azure CLI, you can use the Azure Cloud Shell. 29
Getting Started Guide for Microsoft Azure NOTE: The vmx for Azure deployment shell scripts are written in shell and Azure CLI version 2.0 commands and do not support Azure CLI version 1.0. Deployment of vmx to Microsoft Azure does not support the use of the Azure CLI from Microsoft Windows because the shell scripts that are used as part of the deployment procedure can be run only from the Linux or Mac OS CLI. Purchase a vmx license or request an evaluation license. Licenses can be procured from the Juniper Networks License Management System (LMS). For information about the evaluation license for vmx, see https://www.juniper.net/us/en/dm/free-vmx-trial/. NOTE: In Microsoft Azure, you can host servers and services on the cloud as a pay-as-you-go (PAYG) or bring-your-own-license (BYOL) service. PAYG images do not require Juniper Networks licenses. Related Documentation Deploying vmx from the Azure CLI on page 30 System Requirements for vmx on Microsoft Azure on page 14 vmx and Microsoft Azure Overview on page 13 Deploying vmx from the Azure CLI Use the following procedure to deploy and configure vmx in a Microsoft Azure virtual network from the Azure CLI. In this procedure, you use the Azure CLI running in Azure Resource Manager (ARM) mode. NOTE: Be sure you have an account for and a subscription to Microsoft Azure before deploying the vmx to Azure (see Microsoft Azure). 30
Chapter 3: Installing vmx from the Azure CLI NOTE: You must first manually deploy the vmx image from the Azure portal (only once) by using the vmx Services Gateway (BYOL) SKU to accept the EULA terms. This is a requirement before you can deploy the vmx image from the Azure CLI. Use your Microsoft account username and password to log into the Microsoft Azure portal. You will encounter a MarketplacePurchaseEligibilityFailed error if do not first accept the EULA terms for the vmx image in the Azure portal before attempting to deploy the vmx image from the Azure CLI. You can also accept the EULA terms using Azure PowerShell (see Azure MarketPlace Ordering for information about the PowerShell commands). Using the Microsoft Azure CLI on page 31 Using the vmx Deployment Tools on page 33 Modifying vmx Configuration Parameters for Deployment on page 36 Deploying the vmx Using the Shell Script on page 38 Verifying Deployment of vmx to Microsoft Azure on page 39 Logging In to a vmx Instance on page 39 Initially Configuring vmx on page 40 Deleting vmx Using the Azure CLI on page 41 Using the Microsoft Azure CLI To run the Azure CLI 2.0 script provided, you can install Azure CLI 2.0 on your server or run the script directly from the Azure Cloud Shell in the Azure portal. Perform one of the following tasks for your chosen method: Installing the Azure CLI on page 31 Launching Azure Cloud Shell on page 33 Installing the Azure CLI To install and log in to the Azure CLI : 31
Getting Started Guide for Microsoft Azure 1. Install the Microsoft Azure CLI 2.0 as outlined in Install the Azure CLI 2.0. You have several options to install the Azure CLI package for either the Linux or Mac OS; be sure to select the correct installation package. NOTE: The vmx for Azure deployment shell scripts are written in shell and Azure CLI version 2.0 commands and do not support Azure CLI version 1.0. Deployment of vmx to Microsoft Azure does not support the use of the Azure CLI from Microsoft Windows because the shell scripts that are used as part of the deployment procedure can be run only from the Linux or Mac OS CLI. 2. Log into the Azure CLI. az login 3. At the prompt. copy the code that appears in the command output. Executing command login To sign in, use a web browser to open the page http://aka.ms/devicelogin. Enter the codexxxxxxxxx to authenticate 4. Open a Web browser to https://aka.ms/devicelogin, enter the code, and then click Continue. Enter your Microsoft Azure username and password credentials. When the process completes, the command shell completes the login process. Added subscription Microsoft Azure Enterprise To sign in, use a web browser to open the page http://aka.ms/deviceloginlogin command OK NOTE: If you have multiple Azure subscriptions, connecting to Azure grants access to all subscriptions associated with your credentials. One subscription is selected as the default, and used by the Azure CLI when performing operations. You can view the subscriptions, including the current default subscription, using the az account list -o table command. 5. Ensure that the Azure CLI is in Azure Resource Manager (ARM) mode. az configure -d mode=arm NOTE: When the Azure CLI is initially installed, the CLI is in ARM mode. 6. Ensure that you have created a resource group under your Azure subscription. Use the az group list command to view the resource groups. To create a resource group: 32