Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

New and Changed Features for QFX5110 and QFX5200 Switches

 

This section describes the new features and enhancements to existing features in Junos OS Release 15.1X53 for QFX5110 and QFX5200 switches. There are no new features or enhancements to existing features for QFX5110 and QFX5200 switches in Release 15.1X53-D237.

New Features in Release 15.1X53-D234

Interfaces and Chassis

  • Support for 100Mpbs Speed on Copper SFP (QFX5110)—In Junos OS Release 15.1X53-D234, 100Mbps speed is supported on Copper SFP in QFX5110 switches. In the earlier releases, 100Mbps speed was not supported.

    [See speed (Ethernet).]

New Features in Release 15.1X53-D230

DHCP

  • Support for defining a custom string (QFX5110 and QFX5200 switches)—Starting with Junos OS Release 15.1X53-D230, you can define a custom string for DHCP relay. The new feature of defining a custom string is similar to the existing feature of use-interface-description where you send the logical interface or physical interface description on DHCP option-82, but in this case, you have the flexibility of defining a value independent of the interface description and make use of that value as deemed. The configuration has to be done in two places, one where you define the string and one where you enable it.

    Definition of the string can be done in three places:

    • #custom string per interface in a group - Where the value is defined only for that interface. [edit forwarding-options dhcp-relay group v4 interface irb.100 overrides]

      set user-defined-option-82 string

    • #custom string per group - Where the value is defined per group

      [edit forwarding-options dhcp-relay group v4 overrides]

      set user-defined-option-82 string

    • #custom string for global - Defined globally

      [edit forwarding-options dhcp-relay overrides]

      set user-defined-option-82 string

    Enable the option:

    • #Enabling the custom string to go out on circuit-id option82

      [edit forwarding-options dhcp-relay group v4 relay-option-82 circuit-id]

      set user-defined

Interfaces and Chassis

  • Auto-channelization of interfaces (QFX5200 switch)—Starting in Junos OS Release 15.1X53-D230, you can use the auto-channelization feature to divide and channelize data automatically by detecting the cable type. The mode and number of channels are decided based on the channel link status. On QFX5200, auto-channelization supports three modes of operation with unique port settings:

    • When 4x10G split cables are connected, the 40G port auto-channelizes to four 10G channels.

    • When 2x50G split cables are connected, the 100G port auto-channelizes to two 50G channels.

    • When 4x25G split cables are connected, the 100G port auto-channelizes to four 25G channels.

  • CL74 FEC support for 25-gigabit and 50-gigabit channel speeds (QFX5200 switches)—Starting with Junos OS Release 15.1X53-D230, you can disable or reenable clause 74 (CL74)—as well as CL91—forwarding error correction (FEC) support on QFX5200 switches. FEC CL91 is supported for the 100-gigabit port speed and FEC CL74 is supported for both 25-gigabit and 50-gigabit port speeds. FEC CL91 is enabled by default for the 100-gigabit port speed; when the ports are channelized either in 4x25-gigabit or 2x50-gigabit, FEC CL74 is enabled.

    • To disable the FEC mode:

    • To reenable the FEC mode:

      or

    • To check FEC status:

      The output for the show command will list FEC statistics for a particular interface-name, including the FEC corrected errors count, the FEC uncorrected errors count, and the type of FEC that was disabled or enabled.

New Features in Release 15.1X53-D210

Hardware

  • QFX5110-48S switch—The QFX5110 line of switches is Juniper Network’s versatile fixed-configuration solution for hybrid cloud deployments. The model QFX5110-48S is a 10-Gigabit Ethernet enhanced small form-factor pluggable plus (SFP+) switch with 48 SFP+ ports and four 100-Gbps quad small form-factor pluggable solution (QSFP28) ports. Each SFP+ port (0 through 47) can operate as a native 10-gigabit port or a 1-gigabit port when 1-gigabit optics are inserted. Each QSFP28 port (port numbers 48 through 51) can operate as a native 100-Gigabit Ethernet port, a native 40-Gigabit Ethernet port, or as four independent 10-gigabit ports when using breakout cables. The four QSFP28 ports can be used as either access ports or as uplinks. The QFX5110-48S provides full duplex throughput of 960 Gbps. The QFX5110-48S has a 1 U form factor and comes standard with redundant fans and redundant power supplies. The switch can be ordered with either ports-to-FRUs or FRUs-to-ports airflow and with AC or DC power supplies.

Class of Service (CoS)

  • Class-of-service support (QFX5110 switches)—Starting with Junos OS Release 15.1X53-D210, class-of-service (CoS) support on QFX5110 switches is the same as on QFX5100 switches, providing all of the same configuration capabilities and functionality. QFX5110 switches provide a slight increase in buffer memory, which can be seen in the output of show commands.

    [See show class-of-service shared-buffer.]

Infrastructure

  • Secure Boot (QFX5110 switches)—Starting with Junos OS Release 15.1X53-D210, a significant system security enhancement, Secure Boot, has been introduced. The Secure Boot implementation is based on the UEFI 2.4 standard. The BIOS has been hardened and serves as a core root of trust. The BIOS updates, the bootloader, and the kernel are cryptographically protected. No action is required to implement Secure Boot.

  • Integrated software feature licenses (QFX5110 switches)—Starting with Junos OS Release 15.1X53-D210, the standard QFX Series premium feature license for Border Gateway Protocol (BGP), Intermediate System-to-Intermediate System (IS-IS), and Virtual Extensible Local Area Network (VXLAN), and Open vSwitch Database (OVSDB) software license and the standard QFX Series advanced feature license for Border Gateway Protocol (BGP), Intermediate System-to-Intermediate System (IS-IS), Multiprotocol Label Switching (MPLS), and Virtual Extensible Local Area Network (VXLAN), and Open vSwitch Database (OVSDB) license are supported.

    [See Software Features That Require Licenses on the QFX Series.]

Interfaces and Chassis

  • Channelizing 40-Gigabit Ethernet QSFP+ ports (QFX5110 switches)—Starting with Junos OS Release 15.1X53-D210 on the QFX5110-48S switch, there are four ports labeled 48 through 51, which support QFSP28 ports. The QSFP28 ports support 100-Gigabit Ethernet interfaces and 40-Gigabit Ethernet interfaces. You can channelize the 40-Gigabit Ethernet interfaces into four independent 10-Gigabit Ethernet interfaces by using breakout cables.

    [See Channelizing Interfaces on QFX5110-48S Switches.]

  • Multichassis link aggregation group (MC-LAG) (QFX5110 switches)—Starting with Junos OS Release 15.1X53-D210, MC-LAG enables a client device to form a logical LAG interface using two QFX5110 switches. MC-LAG provides redundancy and load balancing between the two QFX5110 switches, multihoming support, and a loop-free Layer 2 network without running STP.

    On one end of an MC-LAG is an MC-LAG client that has one or more physical links in a LAG. This client does not need to detect the MC-LAG. On the other side of the MC-LAG are two MC-LAG QFX5110 switches. Each of these QFX5110 switches has one or more physical links connected to a single client. The QFX5110 switches coordinate with each other to ensure that data traffic is forwarded properly.

    To configure an MC-LAG, include the following statements:

    • mc-ae statement at the [edit interfaces interface-name aggregated-ether-options] hierarchy level

    • iccp statement at the [edit protocols] hierarchy level

    • multi-chassis statement at the [edit] hierarchy level

    [See Multichassis Link Aggregation Features, Terms, and Best Practices.]

  • IRB in PVLAN (QFX5110 switches)—Starting with Junos OS Release 15.1X53-D210, you can configure an integrated routing and bridging (IRB) interface in a private VLAN (PVLAN) so that devices within community VLANs and isolated VLANs can communicate with each other and with devices outside the PVLAN at Layer 3 without requiring you to install a router.

    [See Example: Configuring a Private VLAN Spanning Multiple Switches with an IRB Interface.]

  • Link aggregation (QFX5110 switches)—Starting with Junos OS Release 15.1X53-D210, link aggregation enables you to use multiple network cables and ports in parallel, which increases link speed and redundancy.

    [See Understanding Aggregated Ethernet Interfaces and LACP.]

    Resilient hashing (QFX5110 switches)—Starting with Junos OS Release 15.1X53-D210, resilient hashing is supported by link aggregation groups (LAGs) and equal-cost multipath (ECMP) sets.

    A LAG combines Ethernet interfaces (members) to form a logical point-to-point link that increases bandwidth, provides reliability, and allows load balancing. Resilient hashing enhances LAGs by minimizing destination remapping when a new member is added to or deleted from the LAG.

    Resilient hashing works in conjunction with the default static hashing algorithm. It distributes traffic across all members of a LAG by tracking the flow’s LAG member utilization. When a flow is affected by a LAG member change, the Packet Forwarding Engine rebalances the flow by reprogramming the flow set table. Destination paths are remapped when new members are added to or existing members are deleted from a LAG.

    [See Understanding the Algorithm Used to Hash LAG Bundle and Egress Next-Hop ECMP Traffic.]

  • Generic routing encapsulation (GRE) support (QFX5110 switches)—Starting with Junos OS Release 15.1X53-D210, you can use GRE tunneling services on QFX5110 switches to encapsulate any network layer protocol over an IP network. Acting as a tunnel source router, the switch encapsulates a payload packet that is to be transported through a tunnel to a destination network. The switch first adds a GRE header and then adds an outer IP header that is used to route the packet. When it receives the packet, the switch that is performing the role of a tunnel remote router extracts the tunneled packet and forwards the packet to the destination network. GRE tunnels can be used to connect noncontiguous networks and to provide options for networks that contain protocols with limited hop counts.

IPv6

Layer 2 Features

    • VLAN support (QFX5110 switches)—Starting with Junos OS Release 15.1X53-D210, VLANs enable you to divide one physical broadcast domain into multiple virtual domains.

    • Link Layer Discovery Protocol (LLDP) support (QFX5110 switches)—Starting with Junos OS Release 15.1X53-D210, LLDP enables a switch to advertise its identity and capabilities on a LAN, as well as receive information about other network devices.

      [See LLDP Overview.]

    • Q-in-Q tunneling support (QFX5110 switches)—Starting with Junos OS Release 15.1X53-D210, QFX5110 switches support Q-in-Q tunneling, which enables service providers on Ethernet access networks to extend a Layer 2 Ethernet connection between two customer sites. Using Q-in-Q tunneling, providers can also segregate or bundle customer traffic into fewer VLANs or different VLANs by adding another layer of 802.1Q tags. Q-in-Q tunneling is useful when customers have overlapping VLAN IDs, because the customer’s 802.1Q (dot1Q) VLAN tags are prepended by the service VLAN (S-VLAN) tag.

      [See Understanding Q-in-Q Tunneling.]

    • Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), Multiple Spanning Tree Protocol (MSTP), and VLAN Spanning Tree Protocol (VSTP) support (QFX5110 switches)—Starting with Junos OS Release 15.1X53-D210, these protocols enable a switch to advertise its identity and capabilities on a LAN and receive information about other network devices.

      [See Overview of Spanning-Tree Protocols.]

Layer 3 Features

  • Support to disable hierarchical ECMP (QFX5200 switches)–Starting with Junos OS Release 15.1X53-D210, you can disable hierarchical equal-cost multipath (ECMP) groups for LDP forwarding equivalence classes (FECs) at system start time. Hierarchical ECMP is enabled by default. Disabling this feature effectively increases the number of ECMP groups. To disable hierarchical ECMP, include the no-hierarchical-ecmp statement at the [edit forwarding-options] hierarchical level. Disabling hierarchical ECMP causes the Packet Forwarding Engine to restart. To reenable hierarchical ECMP, issue the following command: delete forwarding-options no-hierarchical-ecmp.

    [See no-hierarchical-ecmp.]

MPLS

  • MPLS support (QFX5110)—Starting with Junos OS Release 15.X53-D210, the QFX5110 switch supports MPLS. MPLS is a method for engineering traffic patterns by assigning short labels to network packets that describe how to forward the packets through the network. MPLS is independent of routing tables or any routing protocol and can be used for unicast packets. The MPLS framework supports traffic engineering and the creation of VPNs. Traffic is engineered (controlled) primarily by the use of signaling protocols to establish label-switched paths (LSPs). VPN support includes Layer 2 and Layer 3 VPNs and Layer 2 circuits.

    [See MPLS Overview for QFX Series and EX4600 Switches.]

  • Equal-cost multipath routing on MPLS label-switching routers (QFX5110)—Starting with Junos OS Release 15.1X53-D210, the QFX5110 switch supports equal-cost multipath (ECMP) routing on MPLS label-switching routers (LSRs). ECMP is a Layer 3 mechanism for load balancing traffic to a destination over multiple equal-cost next-hops. When a link goes down, ECMP uses fast reroute protection to shift packet forwarding to use operational links, thereby decreasing packet loss.

    [See Understanding ECMP Flow-Based Forwarding.]

Multicast

  • Layer 3 multicast support (QFX5110 switches)—Starting with Junos OS Release 15.1X53-D210, IGMP— including versions 1, 2, and 3—IGMP snooping, PIM SM, and PIM SSM are supported. You can also configure IGMP, IGMP snooping, and PIM in virtual-router instances. MSDP is also supported. Configure IGMP at the [edit protocols igmp] hierarchy level. Configure IGMP snooping at the [edit protocols igmp-snooping] hierarchy level. Configure PIM at the [edit protocols pim] hierarchy level. Configure MSDP at the [edit protocols msdp] hierarchy level.

    [See Multicast Overview.]

Network Management and Monitoring

  • Port mirroring (QFX5110 switches)—Starting with Junos OS Release 15.1X53-D210, you can use port mirroring on QFX5110 switches to copy packets entering or exiting a port or entering a VLAN and send the copies to a local interface for local monitoring or to a VLAN for remote monitoring. Use port mirroring to send traffic to applications that analyze traffic for purposes such as monitoring compliance, enforcing policies, detecting intrusions, monitoring and predicting traffic patterns, correlating events, and so on.

    [See Understanding Port Mirroring.]

  • sFlow support (QFX5110)—Starting with Junos OS Release 15.1X53-D210, the QFX5110 switch supports sFlow. This feature provides monitoring technology for high-speed switched or routed networks. You can configure sFlow technology to monitor traffic continuously at wire speed on all interfaces simultaneously. sFlow technology also collects samples of network packets, providing you with visibility into network traffic information. You configure sFlow monitoring at the [edit protocols sflow] hierarchy level. sFlow operational commands include show flow and clear sflow collector statistics.

    [See Understanding How to Use sFlow Technology for Network Monitoring on a Switch.]

Port Security

  • Access security support (QFX5110)—Starting with Junos OS Release 15.1X53-D210, the following access security features are supported on QFX5110 switches:

    • DHCP snooping—DHCP snooping allows the switch to monitor and control DHCP messages received from untrusted devices connected to the switch. When DHCP snooping is enabled, the system snoops the DHCP messages to view DHCP lease information, which it uses to build and maintain a database of valid IP-address-to-MAC-address (IP-MAC) bindings called the DHCP snooping database. Clients on untrusted ports are allowed access to the network only if they are validated against the database.

    • DHCPv6 snooping—DHCP snooping for DHCPv6.

    • DHCP option 82—You can use DHCP option 82, also known as the DHCP relay agent information option, to help protect the switch against attacks such as spoofing (forging) of IP addresses and MAC addresses, and DHCP IP address starvation. Option 82 provides information about the network location of a DHCP client, and the DHCP server uses this information to implement IP addresses or other parameters for the client.

    • DHCPv6 option 37—Option 37 is the DHCPv6 equivalent of the remote ID suboption of DHCP option 82. It is used to insert information about the network location of the remote host into DHCPv6 packets.

    • Dynamic ARP inspection (DAI)—DAI inspects Address Resolution Protocol (ARP) packets on the LAN and uses the information in the DHCP snooping database on the switch to validate ARP packets and to protect against ARP spoofing (also known as ARP poisoning or ARP cache poisoning). ARP requests and replies are compared against entries in the DHCP snooping database, and filtering decisions are made on the basis of those comparisons.

    • IP source guard—IP source guard prevents IP address spoofing by examining each packet sent from a host attached to an untrusted access interface on the switch. The IP address, MAC address, VLAN, and interface associated with the host are checked against entries stored in the DHCP snooping database. If the packet header does not match a valid entry in the DHCP snooping database, the packet is discarded.

    • IPv6 source guard—IP source guard for IPv6.

    • IPv6 router advertisement (RA) guard—IPv6 RA guard is a mitigation technique based on ICMPv6 Router Advertisement (RA) messagesfor attack vectors. RA guard is used to validate RA messages on the basis of whether they meet certain criteria, which are configured on the switch using policies. RA guard inspects RA messages and compares the information contained in the message attributes to the configured policy. Depending on the policy, RA guard either drops or forwards the RA messages that match the conditions.

    • IPv6 neighbor discovery (ND) inspection—IPv6 ND inspection mitigates attacks based on the Neighbor Discovery Protocol by inspecting neighbor discovery messages and verifying them against the DHCPv6 snooping table.

    • MAC limiting—You can configure MAC limiting on an interface or a VLAN, and specify the action to take on the next packet the interface or the VLAN receives after the limit is reached.

    • MAC move limiting—You can configure MAC move limiting to track MAC address movements on the switch, so that if a MAC address changes more than the configured number of times within one second, the changes to MAC addresses are dropped, logged, or ignored, or the interface is shut down.

    • Persistent MAC learning—Persistent MAC addresses (also called sticky MAC addresses) help restrict access to an access port by identifying the MAC addresses of workstations that are allowed access to a given port. Secure access to these workstations is retained even if the switch is restarted.

    [See Understanding Port Security Features to Protect the Access Ports on Your Device Against the Loss of Information and Productivity.]

Routing Protocols

  • Support for advertising multiple paths in BGP (QFX5110 switches)—Starting with Junos OS Release 15.1X53-D210, you can configure BGP to advertise multiple paths to the same destination, instead of advertising only the active path. The potential benefits of advertising multiple paths for BGP include fault tolerance, load balancing, and maintenance. Include the add-path set of statements at the [edit protocols bgp group group-name family family-type] hierarchy level.

    [See add-path.]

  • Support for 64 next-hop gateways for ECMP (QFX5110 switches)—Starting with Junos OS Release 15.1X53-D210, you can configure as many as 64 equal-cost-multipath (ECMP) next hops for RSVP and LDP LSPs. The following Layer 3 protocols are supported as ECMP gateways for both IPv4 and IPv6: OSPF, ISIS, EBGP, and IBGP (resolving over IGP routes). Include the maximum-ecmp next-hops statement at the [edit chassis] hierarchy level.

    [See Configuring ECMP Next Hops for RSVP and LDP LSPs for Load Balancing.]

Security

  • Firewall filters (QFX5110)—Starting with Junos OS Release 15.1X53-D210, the QFX5110 switch supports firewall filters. You can configure firewall filters on the switch to provide rules that define whether to accept or discard packets. You can use firewall filters on interfaces, VLANs, routed VLAN interfaces (RVIs), LAGs, and loopback interfaces.

    [See Overview of Firewall Filters.]

  • Policers (QFX5110)—Starting with Junos OS Release 15.1X53-D210, the QFX5110 switch supports policers. A switch polices (or rate-limits) traffic by limiting the input or output transmission rate of a class of traffic according to user-defined criteria. Policing traffic allows you to control the maximum rate of traffic sent or received on an interface and to provide multiple priority levels or classes of service. You use policers to apply limits to traffic flow and set consequences for packets that exceed these limits—usually applying a higher loss priority—so that if packets encounter downstream congestion, they can be discarded first. Policers apply only to unicast packets. You configure policer actions at the [edit firewall] hierarchy level.

    [See Overview of Policers.]

  • Storm control (QFX5110)—Starting with Junos OS Release 15.1X53-D210, the QFX5110 switch supports storm control. You can enable storm control on the switch to monitor traffic levels and take a specified action when a specified traffic level—called the storm control level—is exceeded, preventing packets from proliferating and degrading service. You can configure the switch to drop broadcast and unknown unicast packets, shut down interfaces, or temporarily disable interfaces when a traffic storm occurs.

    [See Understanding Storm Control.]

Software-Defined Networking (SDN)

  • Layer 2 VXLAN gateway (QFX5110 and QFX5200 switches)—Starting with Junos OS Release 15.1X53-D210, you can implement a QFX5110 or a QFX5200 switch as a Virtual Extensible LAN (VXLAN) gateway. VXLAN is an overlay technology that allows you to stretch Layer 2 connections over an intervening Layer 3 network by encapsulating (tunneling) Ethernet frames in a VXLAN packet that includes IP addresses. You can use VXLAN tunnels to enable migration of virtual machines (VMs) between servers that exist in separate Layer 2 domains by tunneling the traffic through Layer 3 networks. This functionality allows you to dynamically allocate resources within or between data centers without being constrained by Layer 2 boundaries or being forced to create large or geographically stretched Layer 2 domains. Using VXLANs to connect Layer 2 domains over a Layer 3 network means that you do not need to use the Spanning Tree Protocol (STP) to converge the topology (so no links are blocked) but can use more robust routing protocols in the Layer 3 network instead.

    [See Understanding VXLANs.]

  • EVPN control plane and VXLAN data plane support (QFX5110 and QFX5200 switches)—By using a Layer 3 IP-based underlay network coupled with an Ethernet VPN-Virtual Extensible LAN (EVPN-VXLAN) overlay network, you can deploy larger networks than those possible with traditional Layer 2 Ethernet-based architectures. With overlay networks, endpoints (bare-metal servers [BMSes] or virtual machines [VMs]) can be placed anywhere in the network and can remain connected to the same logical Layer 2 network, enabling the virtual topology to be decoupled from the physical topology.

    The physical underlay network over which EVPN-VXLAN is commonly deployed is a two-layer IP fabric, which includes spine and leaf devices. The spine devices provide connectivity between the leaf devices, and the leaf devices function as Layer 2 VXLAN gateways and provide connectivity to the attached endpoints. Starting with Junos OS Release 15.1X53-D210, you can deploy QFX5110 and QFX5200 switches as leaf nodes in the EVPN-VXLAN overlay network.

    [See Understanding EVPN with VXLAN Data Encapsulation.]

  • OVSDB support with Contrail (QFX5110 and QFX5200 switches)—Starting with Junos OS Release 15.1X53-D210, the Open vSwitch Database (OVSDB) management protocol provides a means through which a Contrail controller can communicate with QFX5110 and QFX5200 switches to provision them as Layer 2 VXLAN gateways. In an environment in which Contrail Release 2.22 or later is deployed, a Contrail controller and these switches can exchange control and statistical information, thereby enabling virtual machine (VM) traffic from entities in a virtualized network to be forwarded to entities in a physical network and the reverse.

    [See Understanding the OVSDB Protocol Running on Juniper Networks Devices.]

System Management

  • Zero Touch Provisioning (QFX5110 switches)—Starting with Junos OS Release 15.1X53-D210, Zero Touch Provisioning allows you to provision new Juniper Networks switches in your network automatically without manual intervention. When you physically connect a switch to the network and boot it with a default configuration, the switch attempts to upgrade the Junos OS software image automatically and autoinstall a configuration file from the network. The switch uses information that you configure on a Dynamic Host Configuration Protocol (DHCP) server to locate the necessary software image and configuration files on the network. If you do not configure the DHCP server to provide this information, the switch boots with the preinstalled software and default configuration. The Zero Touch Provisioning process either upgrades or downgrades the Junos OS version.

    [See Understanding Zero Touch Provisioning.]

New Features in Release 15.1X53-D30

Hardware

  • QFX5200-32C switch—The Juniper Networks QFX5200 line of fixed-configuration access switches is designed for cloud builders and data centers deploying next-generation IP fabric networks. The QFX5200-32C is a highly flexible, 32-port, fixed-configuration switch that can be configured for 10/25/40/50/100-Gigabit Ethernet speeds. The QFX5200-32C provides 100-Gbps spine and leaf connectivity in Layer 3 fabrics for cloud and web services.

    The QFX5200-32C is a compact, 1 U standalone switch that provides a throughput of up to 3.2 Tbps, very low latency, and a rich set of Layer 3 features. The Routing Engine and control plane are driven by the 1.8 GHz quad-core Intel CPU with 16 GB of memory and two 32 GB solid-state drives (SSDs) for storage.

  • Support for 100-Gigabit optical transceivers (QFX5200 switch)—Provides support for:

    • JNP-QSFP 100G-SR4—QSFP28 module 100GBASE-SR4, 100-Gigabit Ethernet pluggable; 850 nm for up to 150 m transmission on multi-mode fiber (MMF) cable.

    • JNP-QSFP-100G-LR4—QSFP28 module 100GBASE-LR4, 100-Gigabit Ethernet pluggable; 1310 nm for up to 10 km single-mode fiber-optic (SMF) cable.

  • Support for 40-Gigabit optical transceivers (QFX5200 switch)—Provides support for:

    • QFX-QSFP-40G-SR4—QSFP+ module 40GBASE-SR4, 40-Gigabit Ethernet optics; 100 m transmission on OM3, MMF cable and 150 m transmission on OM4, MMF cable

    • QFX-QSFP-40G-ESR4—Juniper Networks proprietary 4X10G-IR parallel single mode QSFP+ module, 40-Gigabit Ethernet- optics; 300m transmission on OM3, MMF cable or 400 M transmission on OM4 cable

    • JNP-QSFP-4X10GE-IR—QSFP+ parallel single mode module 40-Gigabit Ethernet pluggable; 1.4 km transmission on SMF cable

    • JNP-QSFP-40GE-IR4—Juniper Networks proprietary 40GBASE-IR4, 40Gigabit Ethernet pluggable; 2 km transmission on SMF cable.

    • JNP-QSFP-40G-LR4—QSFP+ module 40GBASE-LR4, 40-Gigabit Ethernet pluggable; 10 km transmission on SMF cable

    • JNP-QSFP-40G-LX4—QSFP+ module 40GBASE-LX4, 40-Gigabit Ethernet pluggable;2 km transmission on SMF cable, 100 m transmission on OM3, MMF cable, or 150 m transmission on OM4, MMF cable

  • Support for 1-Gigabit optical transceivers on the SFP management port (QFX5200 switch)—Provides support for:

    • QFX-SFP-1GE-SX—SFP module 1000BASE-SX Gigabit Ethernet; 220 m transmission on FDDI, MMF cable, 275 m transmission on OM1, MMF cable, or 550 m transmission on OM2 cable

    • QFX-SFP-1GE-T—SFP module 1000BASE-T Gigabit Ethernet; 100m transmission on Category 5 cable

  • Support for QSFP+ direct attach copper (DAC) cables (QFX5200 switch)—Provides support for:

    • EX-QSFP-40GE-DAC-CM—QSFP+ DAC assembly; 0.5 m, passive

    • QFX-QSFP-DAC-1M—QSFP+ DAC assembly, 1 M, passive

    • QFX-QSFP-DAC-3M—QSFP+ DAC assembly, 3 M, passive

    • QFX-QSFP-DAC-5M—QSFP+ DAC assembly, 5 M, passive

    • QFX-QSFP-DAC-7MA—QSFP+ DAC assembly, 7 M, active

    • QFX-QSFP-DAC-10MA—QSFP+ DAC assembly; 10 M, active

Infrastructure and Chassis

  • Disaggregated Junos OS (QFX5200 switch)—Starting with the QFX5200 switch, the software has been disaggregated from the hardware. With disaggregated Junos OS, you can now purchase the Junos Base Services (JBS) license to use basic Junos OS functions, the Junos Advanced Services (JAS) license to use Border Gateway Protocol (BGP), Intermediate System-to-Intermediate System (IS-IS), and Virtual Extensible Local Area Network (VXLAN), and the Junos Premium Services (JPS) license to use features supported in the JAS license and the MPLS feature set. The disaggregated Junos OS feature licenses are available on a perpetual basis.

    Note

    You must purchase the JBS license to use basic functions, but you do not need to install the license key in Junos OS Release 15.1X53-D30. JBS basic functions work with this release without installing the license key. However, you will need to install the license key in a future release of Junos OS to be determined, so make sure to retain the authorization code you received from the License Management System to generate a license key for the JBS license.

Interfaces and Chassis

  • Channelizing 100-Gigabit Ethernet QSFP28 interfaces (QFX5200 switch)—This feature enables you to channelize the 100-Gigabit Ethernet interfaces to two independent 50-Gigabit Ethernet or to four independent 25-Gigabit Ethernet interfaces. The default 100-Gigabit Ethernet interfaces can also be configured as 40-Gigabit Ethernet interfaces, and in this configuration can either operate as dedicated 40-Gigabit Ethernet interfaces or can be channelized to four independent 10-Gigabit Ethernet interfaces using breakout cables.

    There are a total of 32 physical ports on the QFX5200 switch. Any port can be used as either 100-Gigabit Ethernet or 40-Gigabit Ethernet interfaces. You choose the speed by plugging in the appropriate transceiver. They can also be channelized to 50G, 25G or 10G.

    By default, the 100-Gigabit Ethernet and 40-Gigabit Ethernet interfaces appear in the et-fpc/pic/port format. When the 100-Gigabit Ethernet interfaces are channelized as 50-Gigabit Ethernet and 25-Gigabit Ethernet interfaces, the interface names appear in the et-fpc/pic/port:channel format. When the 40-Gigabit Ethernet interfaces are channelized as 10-Gigabit Ethernet interfaces, the interface names appear in the xe-fpc/pic/port:channel format, where channel can be a value of 0 through 3. To channelize the ports, manually configure the port speed using the set chassis fpc slot-number port port-number channel-speed speed command, where the speed can be set to 10G, 25G, or 50G. The ports do not support autochannelization.

    Note

    If a 100G transceiver is connected to the switch, channelize the port only to 25G or 50G. If a 40G transceiver is connected, channelize the port only to 10G. Note that there is no commit check for these options.

  • Link aggregation (QFX5200 switch)—Link aggregation enables you to use multiple network cables and ports in parallel to increase link speed and redundancy.

  • Multichassis link aggregation group (MC-LAG) (QFX5200 switch)—MC-LAG enables a client device to form a logical LAG interface using two QFX5200 switches. MC-LAG provides redundancy and load balancing between the two QFX5200 switches, multihoming support, and a loop-free Layer 2 network without running STP.

    On one end of an MC-LAG is an MC-LAG client that has one or more physical links in a LAG. This client does not need to detect the MC-LAG. On the other side of the MC-LAG are two MC-LAG QFX5200 switches. Each of these QFX5200 switches has one or more physical links connected to a single client. The QFX5200 switches coordinate with each other to ensure that data traffic is forwarded properly.

    To configure an MC-LAG, include the following statements:

    • mc-ae statement at the [edit interfaces interface-name aggregated-ether-options] hierarchy level

    • iccp statement at the [edit protocols] hierarchy level

    • multi-chassis statement at the [edit] hierarchy level

  • Resilient hashing support for link aggregation groups and equal cost multipath routes (QFX5200 switch)—Resilient hashing is supported by link aggregation groups (LAGs) and equal cost multipath (ECMP) sets.

    A LAG combines Ethernet interfaces (members) to form a logical point-to-point link that increases bandwidth, provides reliability, and allows load balancing. Resilient hashing enhances LAGs by minimizing destination remapping when a new member is added to or deleted from the LAG.

    Resilient hashing works in conjunction with the default static hashing algorithm. It distributes traffic across all members of a LAG by tracking the flow’s LAG member utilization. When a flow is affected by a LAG member change, the Packet Forwarding Engine (PFE) rebalances the flow by reprogramming the flow set table. Destination paths are remapped when a new member is added to or existing members are deleted from a LAG.

    Resilient hashing applies only to unicast traffic and supports a maximum of 1024 LAGs, with each group having a maximum of 256 members.

    An ECMP group for a route contains multiple next-hop equal cost addresses for the same destination in the routing table. (Routes of equal cost have the same preference and metric values.)

    Junos OS uses a hash algorithm to choose one of the next-hop addresses in the ECMP group to install in the forwarding table. Flows to the destination are rebalanced using resilient hashing.

    Resilient hashing enhances ECMPs by minimizing destination remapping when a new member is added to or deleted from the ECMP group.

  • Ability to create link aggregation groups with interfaces operating at different speeds (QFX5200 switch)—You can add 10-, 25-, 40-, 50-, and 100-Gigabit Ethernet interfaces into the same link aggregation group (LAG).

  • Support for Layer 3 logical interfaces (QFX5200 switch)—A Layer 3 logical interface is a logical division of a physical interface or an aggregated Ethernet interface that operates at the network level and that can receive and forward IEEE 802.1Q VLAN tags. You can use these interfaces to route traffic between multiple VLANs along a single trunk line that connects a QFX5200 switch to a Layer 2 switch. Only one physical connection is required between the switches.

  • Generic routing encapsulation (GRE) support (QFX5200 switch)—You can use GRE tunneling services to encapsulate any network layer protocol over an IP network. Acting as a tunnel source router, the switch encapsulates a payload packet that is to be transported through a tunnel to a destination network. The switch first adds a GRE header and then adds an outer IP header that is used to route the packet. When it receives the packet, a switch performing the role of a tunnel remote router extracts the tunneled packet and forwards the packet to the destination network. GRE tunnels can be used to connect noncontiguous networks and to provide options for networks that contain protocols with limited hop counts.

Layer 2 Features

  • VLAN support (QFX5200 switch)—VLANs enable you to divide one physical broadcast domain into multiple virtual domains.

  • Link Layer Discovery Protocol (LLDP) support (QFX5200 switch)—LLDP enables a switch to advertise its identity and capabilities on a LAN, as well as receive information about other network devices.

  • Q-in-Q tunneling support (QFX5200 switch)—This feature allows service providers on Ethernet access networks to extend a Layer 2 Ethernet connection between two customer sites. Using Q-in-Q tunneling, providers can also segregate or bundle customer traffic into fewer VLANs or different VLANs by adding another layer of 802.1Q tags. Q-in-Q tunneling is useful when customers have overlapping VLAN IDs, because the customer’s 802.1Q (dot1Q) VLAN tags are prepended by the service VLAN (S-VLAN) tag.

  • Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), Multiple Spanning Tree Protocol (MSTP), and VLAN Spanning Tree Protocol (VSTP) support (QFX5200 switch)—These protocols enable a switch to advertise its identity and capabilities on a LAN and receive information about other network devices.

Layer 3 Features

  • BGP support (QFX5200 switch)—BGP is an exterior gateway protocol (EGP) for routing traffic between autonomous systems (ASs). You can configure BGP at the [edit protocols bgp] hierarchy level.

  • OSPF support (QFX5200 switch)—The IPv4 OSPF protocol is an interior gateway protocol (IGP) for routing traffic within an autonomous system (AS). QFX5200 switches support OSPFv1 and OSPFv2. You can configure OSPF at the [edit protocols ospf] hierarchy level.

  • Bidirectional Forwarding Detection (BFD) support for static routes and the BGP, IS-IS, OSPF, PIM, and RIP protocols (QFX5200 switch)—BFD uses control packets and shorter detection time limits to rapidly detect failures in a network. Hello packets are sent at a specified, regular interval by routing devices. A neighbor failure is detected when a routing device stops receiving a reply after a specified interval.

    On a QFX5200 switch, you can configure BFD for static routes and for the BGP, IS-IS, OSPF, PIM, and RIP protocols.

  • IS-IS support (QFX5200 switch)—The IS-IS protocol is an IGP for routing traffic within an AS.

  • Virtual Router Redundancy Protocol (VRRP) support (QFX5200 switch)—VRRP enables you to provide alternative gateways for end hosts that are configured with static default routes. You can implement VRRP to provide a highly available default path to a gateway without needing to configure dynamic routing or router discovery protocols on end hosts.

  • Hierarchical ECMP (QFX5200 switch)—Hierarchical ECMP resolves route prefixes to two-level ECMP automatically, allowing better load-balancing of traffic. Hierarchical ECMP is enabled by default.

MPLS

  • MPLS support (QFX5200 switch)—MPLS provides both label edge router (LER) and label switch router (LSR) and provides the following capabilities:

    • Support for both MPLS major protocols, LDP and RSVP

    • IS-IS interior gateway protocol (IGP) traffic engineering

    • Class of service (CoS)

    • Object access method, including ping, traceroute, and Bidirectional Forwarding Detection (BFD)

    • Fast reroute (FRR), a component of MPLS local protection

      Both one-to-one local protection and many-to-one local protection are supported.

    • Loop free alternate (LFA) FRR

    • 6PE devices

    • Layer 3 VPNs for IPv4

    • LDP tunneling over RSVP

    • L2 Circuit (draft Martini) support

    • L3VPN Carrier-Over-Carrier (CoC)

    • ECMP on LSR

    • RSVP auto bandwidth

  • Equal cost multipath (ECMP) groups on label-switching router (LSR) devices for MPLS (QFX5200 switch)—When a link goes down, ECMP uses fast reroute protection to shift packet forwarding to use operational links, thereby decreasing packet loss.

Multicast Protocols

  • Internet Group Management Protocol (IGMP) support (QFX5200 switch)—IGMP manages the membership of hosts and routers in multicast groups. IP hosts use IGMP to report their multicast group memberships to any immediately neighboring multicast routers. Multicast routers use IGMP to learn, for each of their attached physical networks, which groups have members.

  • IGMP snooping support (QFX5200 switch)—IGMP snooping regulates multicast traffic in a switched network. With IGMP snooping enabled, a LAN switch monitors the IGMP transmissions between a host (a network device) and a multicast router, keeping track of the multicast groups and associated member interfaces. The switch uses that information to make intelligent multicast-forwarding decisions and forward traffic to the intended destination interfaces.

  • Protocol Independent Multicast (PIM) sparse mode support (QFX5200 switch)—PIM sparse mode enables efficient routing to multicast groups with receivers that are sparsely spread over multiple networks. To configure PIM sparse mode, include the pim statement at the [edit protocols] hierarchy level.

  • PIM source-specific multicast (PIM SSM) support (QFX5200 switch)—PIM SSM uses a subset of PIM sparse mode and IGMPv3 to enable a client to receive multicast traffic directly from the source. PIM-SSM uses the PIM sparse-mode functionality to create a shortest-path tree (SPT) between the client and the source, but builds the SPT without the help of a rendezvous point.

  • Multicast Source Discovery Protocol (MSDP) support (QFX5200 switch)—MSDP enables you to connect multiple domains to one another. MSDP typically runs on the same routing device as a PIM sparse mode rendezvous point. Each MSDP routing device establishes adjacencies with internal and external MSDP peers, similar to how BGP peering works. These peers inform each other about active sources within the domain. When they detect active sources, the peers send PIM sparse mode explicit join messages to the active source. To configure MSDP, include the msdp statement at the [edit protocols] hierarchy level and specify groups of local addresses and MSDP peer addresses.

  • Rendezvous point (RP) support (QFX5200 switch)—This feature supports multiple rendezvous points using anycast addresses (RPs sharing a single routable IP address) in either a PIM or MSDP-enabled network. To configure anycast RP, include the anycast-pim statement at the [edit protocols pim rp local family inet] hierarchy level.

  • IGMP querier support (QFX5200 switch)—This feature enables multicast traffic to be forwarded between connected switches in pure Layer 2 networks. If you enable IGMP snooping in a Layer 2 network without a multicast router, the IGMP snooping reports are not forwarded between connected switches. This means that if hosts connected to different switches in the network join the same multicast group, and traffic for that group arrives on one of the switches, the traffic is not forwarded to the other switches that have hosts that should receive the traffic. If you enable IGMP querying for a VLAN, multicast traffic is forwarded between switches that participate in the VLAN if they are connected to hosts that are members of the relevant multicast group.

Network Management and Monitoring

  • Cloud Analytics Engine network device support (QFX5200 switch)—Cloud Analytics Engine network device support on QFX5200 switches provides flow path data analysis functions to help improve application performance and availability on the network. Cloud Analytics Engine includes components that enable network data collection, analysis, and correlation, helping you better understand the behavior of workloads and applications across the physical and virtual infrastructure.

  • SNMP support (QFX5200 switch)—SNMP includes versions 1, 2, and 3 for monitoring system activity.

  • System logging (syslog) support (QFX5200 switch)—Syslog enables you to log system messages into a local directory on the switch or to a syslog server.

  • sFlow technology support (QFX5200 switch)—This feature provides monitoring technology for high-speed switched or routed networks. You can configure sFlow technology to monitor traffic continuously at wire speed on all interfaces simultaneously. sFlow technology also collects samples of network packets, providing you with visibility into network traffic information. You configure sFlow monitoring at the [edit protocols sflow] hierarchy level. sFlow operational commands include show sflow and clear sflow collector statistics.

  • Port mirroring support (QFX5200 switch)—Port mirroring copies packets entering or exiting a port or entering a VLAN and sends the copies to a local interface for local monitoring. You can use port mirroring to send traffic to applications that analyze traffic for purposes such as monitoring compliance, enforcing policies, detecting intrusions, monitoring and predicting traffic patterns, correlating events, and so on.

Security

  • Firewall filter support (QFX5200 switch)—You can provide rules that define whether to accept or discard packets. You can use firewall filters on interfaces, VLANs, routed VLAN interfaces (RVIs), link aggregation groups (LAGs), and loopback interfaces.

  • Policing support (QFX5200 switch)—You can use policing to apply limits to traffic flow and to set consequences for packets that exceed those limits.

  • Storm control support (QFX5200 switch)—You can enable the switch to monitor traffic levels and take a specified action when a specified traffic level—called the storm control level—is exceeded, preventing packets from proliferating and degrading service. You can configure a switch to drop broadcast and unknown unicast packets, shut down interfaces, or temporarily disable interfaces when a traffic storm occurs.

Software Installation and Upgrade

  • Support for FreeBSD 10 kernel for Junos OS (QFX5200 switches)—On QFX5200 switches, FreeBSD 10 is the underlying OS that enables SMP for Junos OS, rather than the FreeBSD 6.1 that is used in some older Juniper Networks devices. If you compare the QFX5200 to devices that run the older kernel, you will notice that some system commands display different output and a few others are deprecated.

Storage

  • FIP snooping and Data Center Bridging Capability Exchange (DCBX) protocol (QFX5200 switch)—QFX5200 supports both FIP snooping and DCBX. FIP snooping filters prevent an FCoE device from gaining unauthorized access to a Fibre Channel (FC) storage device or to another FCoE device. DCBX discovers the data center bridging (DCB) capabilities of connected peers. DCBX advertises the capabilities of applications on interfaces by exchanging application protocol information through application time-length-values (TLVs).

  • CEE (QFX5200 switch)—CEE is an enhanced single interconnect Ethernet technology developed to converge a variety of applications in data centers. CEE's primary focus is to consolidate the number of cables and adapters connected to servers. You can use data center bridging features on QFX5200 CEE-enabled switches to transport converged Ethernet and FC traffic while providing the class-of-service (CoS) characteristics and other characteristics FC requires for transmitting storage traffic. Only port schedulers are supported; ETS is not supported.

System Management

  • Login authentication using RADIUS and TACACS+ (QFX5200 switch)—You can use RADIUS and TACACS+ authentication to validate users who attempt to access the switch.

  • System utilization alarms support (QFX5200 switch)—This feature provides system alarms to alert you of high disk usage in the /var partition on the switch. You can display these alarm messages by issuing the show system alarms operational mode command if the /var partition usage is higher than 75 percent. A usage level between 76 and 90 percent indicates high usage and raises a minor alarm condition, whereas a usage level over 90 percent indicates that the partition is full and raises a major alarm condition.

Traffic Management

  • Class of service (CoS) (QFX5200 switch)—When a packet traverses a switch, the switch provides the appropriate level of service to the packet using either default class-of-service(CoS) settings or CoS settings that you configure. On ingress ports, the switch classifies packets into appropriate forwarding classes and assigns a loss priority to the packets. On egress ports, the switch applies packet scheduling and any rewrite rules to re-mark packets.

  • Class-of-service (CoS) rewrite rules and classifier support (QFX5200 switch)—You can use rewrite rules to set the value of the CoS bits within a packet header, so you can alter the CoS settings of incoming packets. Packet classification maps incoming packets to a particular class-of-service (CoS) servicing level. You can use classifiers to map packets to a forwarding class and a loss priority and to assign packets to output queues based on the forwarding class.

  • Port scheduling with queue shaping support (QFX5200 switch)—You can manage excess traffic and avoid congestion on a network interface where traffic might exceed the maximum port bandwidth. You can manage parameters such as transmit rate, shaping rate, and priority on each queue.

  • Priority-based flow control support (QFX5200 switch)—This feature provides you with PFC (standard IEEE 802.1Qbb) capability, a link-level flow control mechanism that you can use to pause traffic selectively according to its class. You must use PFC for Fibre Channel over Ethernet (FCoE) traffic.

  • Ethernet PAUSE autonegotiation support (QFX5200 switch)—You can configure symmetric flow control. To configure PAUSE, include the flow-control statement at the [edit interfaces interface-name ether-options] hierarchy level.