vSRX のライセンス切れ

vSRX の評価ライセンスが切れたらどうなるのか。

vSRX(3.0) では評価ライセンスが入っており、初回起動時から 30 日間利用可能です。

root> show system license detail    
                                 Licensed     Licensed    Licensed     Licensed
                                  Feature      Feature     Feature      Feature
  Feature name                       used    installed      needed    available    Expiry
  Virtual Appliance                     1            1           0            0    2024-02-27 15:00:10 UTC
  remote-access-ipsec-vpn-client        0            2           0            2    permanent
  remote-access-juniper-std             0            2           0            2    permanent
  VCPU Scale                            2            2           0            0    2024-02-27 15:00:10 UTC

Licenses installed: 
  License identifier: E20210617001
  License version: 4
  Order Type: trial
  Software Serial Number: 061520210001
  Customer ID: vSRX-JuniperEval
  Features:
    Virtual Appliance - Virtual Appliance
      date-based, 2023-12-29 15:00:10 UTC - 2024-02-27 15:00:10 UTC
    VCPU Scale       - VCPU number scale
      Capacity: 1                       
      date-based, 2023-12-29 15:00:10 UTC - 2024-02-27 15:00:10 UTC
  License identifier: E20210617002
  License version: 4
  Order Type: trial
  Software Serial Number: 061520210002
  Customer ID: vSRX-JuniperEval
  Features:
    VCPU Scale       - VCPU number scale
      Capacity: 1
      date-based, 2023-12-29 15:00:10 UTC - 2024-02-27 15:00:10 UTC
Licensing Mode: Agile Licensing Standalone
Licensing Persona: JUNOS LKG

試したバージョン

root@vSRX4> show version                     
Hostname: vSRX4
Model: vSRX
Junos: 23.1R1.8
JUNOS OS Kernel 64-bit XEN [20230307.3e7c4b6_builder_stable_12_231]

放置していた vSRX をひさびさに起動したところ、以下のようなメッセージが繰り返し出ておりました。

root@vSRX4# Virtual Appliance License is not installed

log には以下のようなメッセージが出ていました。
ここではだいたい 9分、1分の間隔ですが、そうでない場合もありだいたい10分ごとに出ているようです。

Dec 29 14:11:23  vSRX1 chassisd[21704]: CHASSISD_VIRT_APP_LICENSE_ERROR: (ERROR) Virtual Appliance License is not installed
Dec 29 14:11:23  vSRX1 chassisd[21704]: CHASSISD_VCPU_SCALE_LICENSE_ERROR: (WARNING) VCPU Scale License is not installed
Dec 29 14:12:30  vSRX1 chassisd[21704]: CHASSISD_VIRT_APP_LICENSE_ERROR: (ERROR) Virtual Appliance License is not installed
Dec 29 14:12:30  vSRX1 chassisd[21704]: CHASSISD_VCPU_SCALE_LICENSE_ERROR: (WARNING) VCPU Scale License is not installed
Dec 29 14:21:23  vSRX1 chassisd[21704]: CHASSISD_VIRT_APP_LICENSE_ERROR: (ERROR) Virtual Appliance License is not installed
Dec 29 14:21:23  vSRX1 chassisd[21704]: CHASSISD_VCPU_SCALE_LICENSE_ERROR: (WARNING) VCPU Scale License is not installed
Dec 29 14:21:23  vSRX1 kernel: Virtual Appliance License is not installed
Dec 29 14:22:40  vSRX1 chassisd[21704]: CHASSISD_VIRT_APP_LICENSE_ERROR: (ERROR) Virtual Appliance License is not installed
Dec 29 14:22:40  vSRX1 chassisd[21704]: CHASSISD_VCPU_SCALE_LICENSE_ERROR: (WARNING) VCPU Scale License is not installed
Dec 29 14:31:23  vSRX1 chassisd[21704]: CHASSISD_VIRT_APP_LICENSE_ERROR: (ERROR) Virtual Appliance License is not installed
Dec 29 14:31:23  vSRX1 chassisd[21704]: CHASSISD_VCPU_SCALE_LICENSE_ERROR: (WARNING) VCPU Scale License is not installed
Dec 29 14:32:50  vSRX1 chassisd[21704]: CHASSISD_VIRT_APP_LICENSE_ERROR: (ERROR) Virtual Appliance License is not installed
Dec 29 14:32:50  vSRX1 chassisd[21704]: CHASSISD_VCPU_SCALE_LICENSE_ERROR: (WARNING) VCPU Scale License is not installed

ライセンスの状態は Expiry が invalid になるようです。
評価ライセンスは消した記憶がないですが、表示されないので期限になると自動で消えると思われます。

root@vSRX4> show system license detail 
                                 Licensed     Licensed    Licensed     Licensed
                                  Feature      Feature     Feature      Feature
  Feature name                       used    installed      needed    available    Expiry
  Virtual Appliance                     1            0           1            0    invalid
  remote-access-ipsec-vpn-client        0            2           0            2    permanent
  remote-access-juniper-std             0            2           0            2    permanent
  VCPU Scale                            2            0           2            0    invalid

肝心のトラフィックですが、インターフェースが認識されなくなるため、fxp0 以外は使用できなくなります。 (ge-0/0/0などが出てこない)


root@vSRX4> show interfaces terse 
Interface               Admin Link Proto    Local                 Remote
dsc                     up    up
fti0                    up    up
fxp0                    up    up
fxp0.0                  up    up  
gre                     up    up
ipip                    up    up
irb                     up    up
lo0                     up    up
lo0.16384               up    up   inet     127.0.0.1           --> 0/0
lo0.16385               up    up   inet     10.0.0.1            --> 0/0
                                            10.0.0.16           --> 0/0
                                            128.0.0.1           --> 0/0
                                            128.0.0.4           --> 0/0
                                            128.0.1.16          --> 0/0
lo0.32768               up    up  
lsi                     up    up
mtun                    up    up
pimd                    up    up
pime                    up    up
pp0                     up    up
ppd0                    up    up
ppe0                    up    up
st0                     up    up        
tap                     up    up
vlan                    up    down

古いバージョン (vSRX2.0) の KB ですが、FPC が disable になると記載があるため、これによって物理インターフェースが認識されなくなったと考えられます。

This is an expected behavior for vSRX in the initial releases prior to 15.1X49-D20 where chassis daemon pushed the FPC (Flexible Physical Interface Card Controller ) to an offline state once the virtual appliance core license is expired.

This leads SRX PFE (packet forwarding engine) and physical interface to disappear [since the FPC is down]. Thus, none of the physical interfaces on vSRX can send or receive traffic.
[vSRX] Pass through traffic drops after expiration of virtual appliance core license on vSRX 15.1X49-D15 (juniper.net)

root@vSRX4> show chassis fpc pic-status    
Slot 0   Offline      FPC

ライセンスは余裕をもって更新しましょう。

Cookie	期間	説明
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.