vqfx10k on kvm/qmu

a_qvfx10k_setup_with_qemu.md

install vQFX10k on KVM/QEMU for Testing or QA

This vQFX Platform is supposed to be used with vagrant and ships with a few nice fabrics that spin up on the go. But there's a few problems with that - which may not be instantly obvious if you plan on using it for testing or QA in your NetOps department:

1. This Vagrant configuration relies and only supports virtualization via Virtualbox
   • so far no plans have been announced to switch from Virtualbox to another out of the box solution, so you'll have to hack this up a bit. libvirt, kvm/qemu makes this relatively simple, but you have to get familiar with their tools (again).
2. vQFX comes in two "VMs": a Routing Engine (RE) and a Packet Forwarding Engine (PFE)
   • this is due to the way the hardware is actually set-up and working on a real bare metal switch or router (same story for vMX). ASICs are supplied in the form of shim kernel modules that make it possible to unit-test more advanced features or do functional testing before deploying on real (ideally lab hardware).

The following shell input describes what I did to get my vQFX QCOW2 Images up and running with QEMU (if you have downloaded other images this may not work. VMDK might, others may not). You might want to further extend the virtual network virsh help network. Or, like myself, integrate with Docker and GitLab Runner proccesses to automate CI/CD Pipelines for linting, testing, QA on virtualized "hw" and deployment to your real datacenter fabric. Various testing tools have been around. I found the ansible-lint and ansible-runner image to be helpful, as well as the SAST-IaC and Secret-Detection CI templates provided by GitLab. Juniper has an account worth checking out on Dockerhub, if you're into that. juniper/pyez-ansible and juniper/jsnapy may be of help to you testing your infrastructure or ansible code quality. Tools like PyEZ or Batfish enable in-depth network simulation and testing. You might want to take a look at this article, if you're here for continous delivery in NetOps/NOC environments: https://www.linkedin.com/pulse/using-gitlab-runners-network-pipelines-jorge-romero/

Here goes lots of input (at your own risk — PLEASE have mercy & don't let a junior handle the entire setup unsupervised):

qemu-img convert -f qcow2 vqfx-20.2R1.10-re-qemu.qcow2 -O raw vqfx-20.2R1.10-re-qemu.raw
qemu-img convert -f qcow2 vqfx-20.2R1-2019010209-pfe-qemu.qcow -O raw vqfx-20.2R1-2019010209-pfe-qemu.raw

virsh net-define /etc/libvirt/qemu/networks/dataplane.xml
virsh net-start dataplane
virsh net-autostart dataplane
# files attached to this gist

virsh net-define /etc/libvirt/qemu/networks/qfx-int.xml
virsh net-start qfx-int
virsh net-autostart qfx-int
# filed attached to this gist

virt-install \
    --name re-qfx10k-xxx \
    --memory 1024 \
    --vcpus=1 \
    --import \
    --disk /home/admaz/vqfx-20.2R1.10-re-qemu.raw,bus=ide,format=raw \
    --network network=default,portgroup=mgmt,model=e1000 \
    --network bridge=virbr2,model=e1000 \
    --network network=default,portgroup=mgmt,model=e1000 \
    --network bridge=virbr1,model=e1000 \
    --graphics none
	
virt-install \
    --name pfe-qfx10k-xxx \
    --memory 2048 \
    --vcpus=1 \
    --import \
    --disk "/home/admaz/vqfx10k-pfe-20160609-2.raw",bus=ide,format=raw,size=2 \
    --network network=default,portgroup=mgmt,model=e1000 \
    --network bridge=virbr2,model=e1000 \
    --graphics none 
    
virsh autostart re-qfx10k-xxx
virsh autostart pfe-qfx10k-xxx
    
virsh --connect qemu:///system start re-qfx10k-xxx


# [OPTIONAL] if you want to be able to connect from a docker container to your KVM/qemu VM:
docker network create --driver=macvlan --subnet=192.168.0.0/16 -o parent=virbr1 virt2docker

Leave me questions. You can reach me at [email protected].

dataplane.xml

<network>
  <name>dataplane</name>
  <uuid>07d328a9-4288-4ac2-0000-262b17065dd8</uuid>
  <forward mode='nat'/>
  <bridge name='virbr1' stp='on' delay='0'/>
  <mac address='52:54:00:32:00:00'/>
  <ip address='192.168.130.1' netmask='255.255.255.0'>
    <dhcp>
      <range start='192.168.130.2' end='192.168.130.254'/>
    </dhcp>
  </ip>
</network>

qfx-int.xml

<network>
  <name>qfx-int</name>
  <uuid>07d328a9-4200-4ac2-0000-262b17065cc8</uuid>
  <forward mode='nat'/>
  <bridge name='virbr2' stp='on' delay='0'/>
  <mac address='52:54:00:00:00:ff'/>
  <ip address='192.168.131.1' netmask='255.255.255.0'>
    <dhcp>
      <range start='192.168.131.2' end='192.168.131.254'/>
    </dhcp>
  </ip>

virsh # console --domain re-qfx10k-xxx
Connected to domain 're-qfx10k-xxx'
Escape character is ^] (Ctrl + ])
Rebooting...
Loading /boot/loader
Consoles: serial port
BIOS drive C: is disk0
BIOS 639kB/1047424kB available memory

FreeBSD/i386 bootstrap loader, Revision 1.2
(builder@qnc-jre-emake1t, Thu Dec 19 03:50:25  2019)
Can't open /boot/init.4th.
Loading /boot/defaults/loader.conf
/kernel text=0xcf62b8 data=0x879f4+0x11a155c syms=[0x4+0xc44b0+0x4+0x130837]
/boot/modules/virtio.ko text=0x20cc data=0x204 syms=[0x4+0x7a0+0x4+0x900]
/boot/modules/virtio_pci.ko text=0x2d8c data=0x1fc+0x8 syms=[0x4+0x8a0+0x4+0xaa3]
/boot/modules/virtio_blk.ko text=0x28ac data=0x1ec+0xc syms=[0x4+0x890+0x4+0x906]
/boot/modules/if_vtnet.ko text=0x604c data=0x354+0x10 syms=[0x4+0xcf0+0x4+0xde5]
/boot/modules/virtio_console.ko text=0x35a0 data=0x188+0xc syms=[0x4+0x8c0+0x4+0x955]


Hit [Enter] to boot immediately, or space bar for command prompt.
Booting [/kernel]...
/
Simulating VIRTUAL ELIT!!

vQFX_serial_number: xxx
Serial Number: xxx
Product Name: vQFX-TVP PC (i440FX + PIIX, 1996)
Version: 1.0i440fx-5.2
Board Version: 1GDB: debug ports: sio
GDB: current port: sio
KDB: debugger backends: ddb gdb kdm
KDB: current backend: ddb
Copyright (c) 1996-2019, Juniper Networks, Inc.

...

root@vqfx-re:RE:1% cli
{master:1}
root@vqfx-re>
{master:1}
root@vqfx-re> show configuration | compare rollback 2
[edit interfaces em0 unit 0 family inet]
-       dhcp;
[edit interfaces em0 unit 0 family inet]
+       address 198.18.10.10/24 {
+           preferred;
+       }

{master:1}
root@vqfx-re>