Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for the QFX Series

 

These release notes accompany Junos OS Release 15.1R7 for the QFX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

New and Changed Features

This section describes the new features and enhancements to existing features in Junos OS Release 15.1 for the QFX Series.

Note

The following QFX Series platforms are supported in Release 15.1R7: QFX3500, QFX3600, and QFX5100.

Management

  • Support for YANG features including configuration hierarchy must statement constraints published in YANG, and a module that defines Junos OS YANG extensions (QFX Series)—Starting with Junos OS Release 15.1R3, the Juniper Networks configuration YANG module includes configuration constraints published using either the YANG must statement or the Junos OS YANG extension junos:must. Constraints that cannot be mapped directly to the YANG must statement, which include expressions containing special keywords or symbols such as all, any, unique, $, __, and wildcard characters, are published using junos:must.

    The junos-extension module contains definitions for Junos OS YANG extensions, including the must and must-message keywords. The junos-extension module is bound to the namespace URI http://yang.juniper.net/yang/1.1/je and uses the prefix junos. You can download Juniper Networks YANG modules from the Juniper Networks website, or you can generate the modules by using the show system schema operational mode command on your local device.

    [See Using Juniper Networks YANG Modules.]

  • Support for enforcing RFC-compliant behavior in NETCONF sessions (QFX Series)—Starting with Junos OS Release 15.1R3, you can require that the NETCONF server enforce certain behaviors during the NETCONF session by configuring the rfc-compliant statement at the [edit system services netconf] hierarchy level. If you configure the rfc-compliant statement, the NETCONF server explicitly declares the NETCONF namespace in its replies and qualifies all NETCONF tags with the nc prefix. Also, <get> and <get-config> operations that return no configuration data do not include an empty <configuration> element in RPC replies.

    [See Configuring RFC-Compliant NETCONF Sessions.]

Network Management and Monitoring

  • Monitor Virtual Chassis ports (VCPs) with SNMP (QFX3500, QFX3600)—Starting with Junos OS Release 15.1R3, you can configure the switch to monitor VCPs with SNMP. To enable SNMP monitoring of VCPs in a Virtual Chassis or Virtual Chassis Fabric (VCF), use the set virtual-chassis vcp-snmp-statistics CLI command.

Spanning-Tree Protocols

  • Global configuration of spanning-tree protocols (QFX Series)—Starting with Junos OS Release 15.1R13, global configuration of the spanning-tree protocols RSTP, MSTP, and VSTP is supported on QFX Series switches with Enhanced Layer 2 Software (ELS) configuration style.

    In earlier releases, the ELS software supported configuration of spanning-tree protocols on individual interfaces or on a range of interfaces. It did not support configuration of spanning-tree protocols on all interfaces or disabling spanning-tree protocols on specific interfaces.

    Starting with this release, CLI changes in the ELS software provide the options of configuring spanning-tree protocols on all interfaces, disabling the configuration for individual interfaces, and configuring VSTP on all VLANs or on a VLAN group.

    [See Configuring RSTP (CLI Procedure), Configuring MSTP, and Configuring VLAN Spanning-Tree Protocol.]

User Interface and Configuration

  • Support for replacing patterns in configuration data within NETCONF and Junos OS XML protocol sessions (QFX Series)—Starting with Junos OS Release 15.1R3, you can replace variables and identifiers in the candidate configuration when performing a <load-configuration> operation in a Junos OS XML protocol or NETCONF session. The replace-pattern attribute specifies the pattern to replace, the with attribute specifies the replacement pattern, and the optional upto attribute indicates the number of occurrences to replace. The scope of the replacement is determined by the placement of the attributes in the configuration data. The functionality of the attribute is identical to that of the replace pattern configuration mode command in the Junos OS CLI.

Changes in Behavior and Syntax

This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands from Junos OS Release 15.1R7 for the QFX Series.

Interfaces and Chassis

  • Configuring unified forwarding table profiles (EX4600 Virtual Chassis, QFX5100 Virtual Chassis, and QFX Series Virtual Chassis Fabric)—Starting in Junos OS Release 15.1R5, Packet Forwarding Engines on switches in a Virtual Chassis or Virtual Chassis Fabric (VCF) do not automatically restart upon configuring and committing a unified forwarding table profile change using the set chassis forwarding-options statement. Instead, a message is displayed at the CLI prompt and logged to the switch’s system log, prompting you to reboot the Virtual Chassis or VCF for the change to take effect. This change avoids Virtual Chassis or VCF instability that might occur with these switches if the profile update propagates to member switches and otherwise causes multiple Packet Forwarding Engines to automatically restart at the same time. This behavior change does not apply to other switch types or to EX4600 and QFX5100 switches not in a Virtual Chassis or VCF; in those cases, the switch continues to restart automatically when a unified forwarding table profile change is committed.

    We recommend that you plan to make profile changes in a Virtual Chassis or VCF comprised of these switches only when you can perform a Virtual Chassis or VCF system reboot shortly after committing the configuration update, to avoid instability if one or more member switches restart unexpectedly with the new configuration (while the remaining members are still running the old configuration).

    [See Configuring the Unified Routing Table and forwarding-options (chassis).]

  • New vc-path command display for Virtual Chassis Fabric (VCF)—Starting in Junos OS Release 15.1R5, the output from the show virtual-chassis vc-path command displays additional fields when showing the forwarding path from a source interface to a destination interface in a Virtual Chassis Fabric (VCF), including details of multiple possible next hops. The vc-path command display for a forwarding path in a Virtual Chassis remains unchanged.

    [See show virtual-chassis vc-path.]

Routing Protocols

  • Support for RFC 6996, RFC 7300, and Internet draft draft-ietf-idr-as0-06 (QFX Series)—Starting with Junos OS Release 15.1, RFC 6996, Autonomous System (AS) Reservation for Private Use, RFC 7300, Reservation of Last Autonomous System (AS) Numbers, and Internet draft draft-ietf-as0-06 are supported.

    RFC 7300, Reservation of Last Autonomous System (AS) Numbers, and the Internet draft draft-ieft-idr-as0-06 restrict the use of 2-byte AS number 65535, 4-byte AS number 4294967295UL, and AS number 0 in a configuration. When you use these restricted AS numbers, the commit operation fails.

Virtual Chassis and Virtual Chassis Fabric (VCF)

  • Adaptive load balancing (ALB) feature (Virtual Chassis Fabric)—Starting in Junos OS Release 15.1R7, the adaptive load balancing (ALB) feature for Virtual Chassis Fabric (VCF) is being deprecated to avoid potential VCF instability. The fabric-load-balance configuration statement in the [edit forwarding-options enhanced-hash-key] hierarchy is no longer available to enable and configure ALB in a VCF. When upgrading a VCF to a Junos OS release where ALB is deprecated, if the configuration has ALB enabled, you must delete the fabric-load-balance configuration item before initiating the upgrade.

    See Understanding Traffic Flow Through a Virtual Chassis Fabric and fabric-load-balance.

Known Behavior

This section lists known behavior, system maximums, and limitations in hardware and software in Junos OS Release 15.1R7 for the QFX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

High Availability (HA) and Resiliency

  • On QFX5100 switches, Fibre Channel over Ethernet (FCoE) traffic might be dropped for up to 4 seconds during an in-service software upgrade (ISSU) when FCoE Initialization Protocol (FIP) snooping is enabled. PR981306

  • On EX4600 and QFX5100 switches, the Link Aggregation Control Protocol (LACP) in either slow mode or fast mode might go down and then come back up, causing a timeout and a service outage during an in-service software upgrade (ISSU) or a nonstop software upgrade (NSSU). In addition, after the master Routing Engine is rebooted, the switches might experience intermittent traffic loss on non-LAG interfaces, and redundant trunk group (RTG) convergence times might be long. PR1031338

Interfaces and Chassis

  • On an EX4300 or a QFX5100 switch, a MAC address that is specified as part of a MAC-based VLAN is authenticated on an interface (for example, on xe-1/1/1), on which 802.1X authentication in multiple supplicant mode is configured. However, the same MAC address might not be authenticated on another interface, for example, xe-2/1/1, if the MAC address moves to interface xe-2/1/1 from interface xe-1/1/1. PR1007589

  • On an MC-LAG, if an ARP for a host is learned on the MC-LAG interface and the host changes its MAC address without sending a gratuitous ARP, traffic loss might occur. PR1009591

  • On QFX5100 switches, if you configure MC-LAG, IRB mac sync, and LACP force up, the number of packets received (rx) might be twice the amount sent (tx) from the customer edge to the core. PR1015655

  • On a QFX5100 switch, you might be unable to commit the configuration if you modify the subnet of an IP address on an IRB interface by using the replace pattern command. PR1119713

  • On QFX5100 Virtual Chassis, generic routing encapsulation (GRE) counters might not increment with a firewall filter and PIM configured. PR1124170

  • On a QFX5100 or EX4600 switch, high ICMP delays are experienced when pinging directly connected integrated routing and bridging (IRB) interfaces. This is caused by a hardware limitation. Transit traffic is not affected. PR1164135

  • On QFX5100 switches, Layer 2 control frames with a destination MAC address of 01:80:c2:00:00:02 and an ethertype of 8809 might be dropped at the egress PE router Layer 2 VPN. PR1182124

Layer 2 Features

  • On a mixed-mode Virtual Chassis Fabric (VCF) with interface-mac-limit configured, if you remove the complete mac-limit configuration, the mac-limit behavior might remain. As a workaround, try rebooting the device. PR1044460

  • On ELS (Enhanced Layer 2 Software) platforms (including EX4300, EX4600, EX9200, QFX3500, QFX3600, and QFX5100 switches), if Q-in-Q tunneling is enabled, if you configure an RTG (redundant trunk group) on a Q-in-Q interface, the RTG configuration cannot be applied; there is a commit check error. PR1134126

  • On QFX5100 switches with a CoS classifier configured on an AE interface, if you add or delete a subinterface, traffic loss of approximately 10 packets might occur while you are committing the changes. PR1162963

  • On a QFX5100 switch, with a fully meshed MC-LAG topology configured, sometimes there is more traffic loss when the ICL interface goes down and then back up compared with when you have Junos OS Release 14.1X53-D35 software installed. The root cause has been identified, and this issue does not affect MC-LAG functionality. PR1209322

Multicast Protocols

  • When an IGMP leave is sent from a host to a QFX5100 switch, one packet per multicast group is dropped during route programming. PR995331

Multiprotocol Label Switching (MPLS)

  • On a QFX5100 switch, if an MPLS link is in hot standby mode and a pseudowire switchover is triggered by the event "remote site local interface signaled down," traffic flowing through the pseudowire might drop. PR1027755

Platform and Infrastructure

  • Traffic convergence delay time for link protection, node-link protection, and fast reroute is more than 50ms for the QFX5100-48T switch. PR1026957

Routing Policy

  • On the QFX Series, in a BGP equal-cost multipath (ECMP) scenario, if the import policy uses the policy action next-hop peer-address to set the route's protocol next-hop, BGP multipath might use more ECMP groups than necessary. If the ECMP entries exceed the maximum supported by the hardware, traffic loss might occur. As a workaround, use the policy action next-hop ip-address instead of the action next-hop peer-address.

Routing Protocols

  • On a QFX Series Virtual Chassis, if you delete a member of a LAG associated with an IRB interface, the counter for the filter applied to the IRB interface might reset. PR898171

  • On EX4300, EX4600, and QFX Series switches, a Bidirectional Forwarding Detection (BFD) session might not come up when BFD version 0 is configured. As a workaround, deactivate or delete the version configuration. PR1076052

Software-Defined Networks (SDN)

  • On QFX5100 switches, if more than 1K virtual extensible LAN network identifiers (VNIs) are created by Open vSwitch Database (OVSDB), the VTEP gateway daemon (vgd) might generate a core file. PR1075189

Software Installation and Upgrade

  • On EX4600, QFX3500, and QFX5100 switches, the amount of time that it takes for Zero Touch Provisioning to complete might be lengthy because TFTP might take a long time to fetch required data. PR980530

  • On EX Series or QFX Series Virtual Chassis or Virtual Chassis Fabric (VCF), nonstop software upgrade (NSSU) cannot be used to upgrade from a Junos OS Release 14.1X53 image to a Junos OS Release 15.1 or later image. PR1087893

Spanning-Tree Protocols

  • On QFX5100 Virtual Chassis interfaces on which the flexible-vlan-tagging statement is specified, STP, RSTP, MSTP, and VSTP are not supported. PR1075230

Virtual Chassis and Virtual Chassis Fabric (VCF)

  • In a mixed Virtual Chassis or Virtual Chassis Fabric (VCF), the show pfe filter hw summary command is not supported for an EX4300 member of the Virtual Chassis or VCF. PR1019377

  • On a QFX5100, QFX3600, QFX3500, or EX4300 switch, if you remove a transceiver from an interface and then reinsert it in the interface within 30 seconds after you have issued the set virtual-chassis vc-port set command to convert the interface into a Virtual Chassis port (VCP), the VCP is not created. PR1029829

  • On a QFX5100 Virtual Chassis, frequent MAC move events can put the system into an inconsistent state, which results in a Packet Forwarding Engine manager (FXPC) process crash with a core file generated. PR1086108

  • On QFX3500 and QFX3600 Virtual Chassis, any change in channelization causes the Packet Forwarding Engine to restart. If you apply channelization across various member switches in the Virtual Chassis, connectivity might be lost temporarily. PR1105371

  • In a mixed mode Virtual Chassis with QFX3500 switches, if multicast packets are sent to the Routing Engine at a high rate, the Virtual Chassis might become unresponsive. PR1117133

VPNs

  • On a QFX5100 switch that has performed a pseudowire switchover, traffic might drop for 10 seconds immediately after the switchover. PR1049606

Known Issues

This section lists the known issues in hardware and software in Junos OS Release 15.1R7 for the QFX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

EVPN

  • In a VXLAN scenario, the Packet Forwarding Engine manager daemon (fxpc) and the kernel might crash after you add an MTU configuration on a QFX5100 Virtual Chassis. PR1283966

Infrastructure

  • When the configuration statement set system ports console log-out-on-disconnect is enabled, the Junos OS eventd process (daemon) blocks the console-open(). However, during this stage with the Syslog console configured (always logs on console), any logging continues even if the console session is ended. When the console logging continues to be in the waiting status, the eventd syslog rotation freezes and some processes directly involved in logging in to the system also go into the wait status, causing undesirable behavior. PR1253544

Interfaces and Chassis

  • On QFX5100 switches, with a MAC address and an ARP entry inside an interface block, an error message might be displayed that says an IRB interface and an aggregated Ethernet logical interface do not belong to the same routing instance, even though they do belong to the same routing instance. PR1239191

MPLS

  • On QFX5100 switches, analyzer is not supported on interfaces with family circuit cross-connect (CCC), which includes encapsulation Ethernet-CCC and encapsulation VLAN-CCC. PR1041780

Routing Protocols

  • On a QFX Series Virtual Chassis, when you explicitly configure an IPv6 firewall filter that discards OSPFv3 packets, the ingress filter might not discard the OSPFv3 packets. PR897786

  • On QFX5100, when resilient hashing is enabled on ECMP paths, flows on other paths should not be rehashed when one path goes down. But for host routes (/32 routes), rehashing might happen in some cases. PR1137998

Security

  • On EX4300, EX4600, and QFX5100 switches, when a VLAN is mirrored, the mirrored packets may contain 38 additional bytes. The IP address in this packet is randomly generated and may appear as one of many existing, valid IP addresses on the Internet. It may appear as ERSPAN as well, which is a proprietary non-Juniper protocol. These addresses and packet types can be ignored. They may appear as alerts in certain IDP / IDS's and in packet analyzer applications, which you can ignore. PR1170589

Spanning Tree Protocols

  • On QFX5100 Virtual Chassis interfaces on which the flexible-vlan-tagging statement is specified, STP, RSTP, MSTP, and VSTP are not supported. PR1075230

Virtual Chassis and Virtual Chassis Fabric

  • On a Virtual Chassis Fabric, Virtual Chassis ports (VCPs) internal traffic looping causing traffic loss might be seen for known multicast traffic with TTL=1. PR1042270

  • A VCF might not communicate properly with the backup spine when it has the configuration parameter forwarding-options enhanced-hash-key fabric-load-balance flowlet configured while upgrading. PR1141965

Resolved Issues

This section lists the issues fixed in the Junos OS main release and the maintenance releases.

For the most complete and latest information about known Junos OS defects, use the Juniper online Junos Problem Report Search application.

Resolved Issues: Release 15.1R7

EVPN

  • On QFX5100 switches with EVPN-VXLAN deployed, the VLAN flood index might not be programmed correctly on the Packet Forwarding Engine. As a result, ARP requests to the virtual gateway are dropped, and traffic forwarding is affected. PR1293163

  • Removing the force-up configuration statement on an active link can cause programming issues on the QFX5100. Traffic returning from the destination is not forwarded on an egress interface of the QFX5100. PR1264650

Forwarding and Sampling

  • The following error message is displayed in the system log: SNMP_EVLIB_FAILURE: PFED ran out of transfer credits with PFE.Failed to get stats. ifl index:. PR1270686

Interfaces and Chassis

  • You might be unable to commit your configuration if you modify the subnet of an IP address on an IRB interface by using the replace pattern command. PR1119713

  • On QFX3500, QFX3600, and QFX5100 switches with an MC-LAG configuration, if ARPs are resolved across VRF instances by route leaking, traffic might be dropped in scaling ARP entries. PR1241297

  • On QFX5100 Virtual Chassis, IGMP general query packets are sent back on the received interface, breaking the unicast connectivity. PR1262723

  • The output of show interface might incorrectly show interfaces as Link-mode: Auto and Speed: Auto even though a speed and duplex setting is manually configured on the interface. This issue is cosmetic in nature as the interface is indeed operating at the manually configured speed and duplex setting. PR1260986

  • Due to some register values at PHY for tuning the cable is not optimal, the interface might experience continuous flapping. PR1273861

  • Multicast Listener Discovery (MLD) messages are seen continuously on a QFX5100 if the management ports are connected through a network. The QFX5100 causes these messages because the eth0 interface generates MLD query packets every 125 seconds. On the QFX5100, there is bridging between the em0 and eth0 interfaces. The MLD packet is generated from the em0 interface with the chassis MAC address (eth0 uses the chassis MAC address). PR1277618

  • On a QFX5100-48T switch with an AE interface configured, if there is a speed setting of 1 gigabit on an AE member xe- interface, AE link might flap every time the configuration is changed, regardless of which configuration is changed. PR1284495

  • On QFX5100 switches, the 40-gigabit interface might not come up if a specific vendor-supplied direct attach copper (DAC) cable is used. PR1296011

  • On two QFX5100 switches with a connecting LAG, traffic might be forwarded over LACP-enabled aggregated Ethernet member interfaces that are detached from the aggregated Ethernet bundle as a result of deactivation of the ether-options hierarchy on the physical ports of both switches followed by its reactivation on only one of the switches. PR1302103

  • On QFX5100, QFX3500, and QFX3600 platforms, traffic loss might occur if traffic is sent through the 40-gigabit interface that is connected with peers through DWDM, and the CRC errors of the interface might also keep on increasing after the interface on the QFX side flaps. PR1309613

  • On QFX5100 platforms, transit traffic over GRE tunnels might hit the CPU and trigger a DDoS violation on L3NHOP if a specific route for the GRE tunnel destination IP is deleted. PR1315773

  • On QFX Series platforms, all the Internet Control Message Protocol (ICMP) requests that are sending to the integrated routing and bridging (IRB) interface might be dropped for 4–60 seconds if an IRB interface is configured as a gateway in a failover scenario for Virtual Chassis. PR1319146

  • The interfaces with SFP-T transceivers are detected by RSTP as LAN interface type instead of point to point. PR1341640

Layer 2 Features

  • On QFX3500, QFX3600, and QFX5100 switches, if RTG and xSTP are configured on the same VLAN, RTG interfaces might go to a blocked state and packets cannot be forwarded as expected over the RTG interfaces. PR1230750

  • On QFX5100 switches, if the reject action is configured on the last term of a filter and the filter is applied on the lo0 (loopback) interface, then a MAC address learning flap might occur when IGMP/DHCP packets are received. PR1245210

  • On QFX5100 switches, if you configure a Layer 3 interface with vlan-tags outer 0x9100.xx, then packets are dropped on this interface. PR1267178

  • On QFX5100 platforms, ARP entries might be learned on STP blocking ports if GARP reply packets or broadcast ARP reply packets are received on spanning-tree blocking ports. As a result, traffic loss might be seen. PR1324245

  • On Enhanced Layer 2 Software (ELS) platforms, a VLAN or VLAN bridge might not be added or deleted if there is an IFBD HW token limit exhaustion. PR1325217

MPLS

  • If you change the routing-options forwarding-table chained-composite-next-hop configuration while there are active MPLS LSPs, an LSP traffic loss might occur afterwards. PR1243088

  • On QFX5100 switches, unified ISSU is not supported with MPLS configuration. PR1264786

  • On QFX3500, QFX3600, and QFX5100 switches with Dynamic Host Configuration Protocol (DHCP) relay configured under Border Gateway Protocol (BGP)-Layer 3 Virtual Private Network (VPN), DHCP clients connected to the switch cannot get IP addresses over BGP-L3VPN. PR1303442

  • When there is an error during creation of the RSVP Path state (in the PSB data structure), the data structure itself is freed but some associated memory is not freed. This is causing a memory leak. It is unlikely that this error condition would happen on an NSR master Routing Engine (or when no NSR is configured). But on the NSR backup Routing Engine, there are more likely to be conditions that cause the path state creation to fail, thus exposing the memory leak in the error-handling code. PR1328974

Multicast Protocols

  • On QFX5100 switches, the following error messages might be displayed with a multicast configuration or multicast traffic. The messages do not indicate traffic impact; however, multicast statistics might not work due to these messages: Feb 15 07:28:49 switch fpc0 brcm_ipmc_get_multicast_stats:3947 brcm_ipmc_stat_get failure Feb 15 07:28:49 switch fpc0 brcm_rt_stats:1906 brcm_ipmc_get_multicast_stats failure err=-7 . PR1255497

Network Management and Monitoring

  • On QFX3500, QFX3600, or QFX5100 with SNMP enabled, if an interface connected to a VoIP product has the Link Layer Discovery Protocol (LLDP) and LLDP-MED enabled, l2cpd might generate core files repeatedly. PR1317114

Platform and Infrastructure

  • In rare cases, the Packet Forwarding Engine might drop the TCP RST (reset) packet from the Routing Engine side while doing GRES or flapping an interface, and traffic might be dropped. PR1269202

  • On a QFX5100 switch, if a fan module is removed, a major alarm is raised instead of a minor alarm. PR1291622

Routing Policy and Firewall Filters

  • On QFX Series switches, issuing a show policy command for a policy that has a parameter of load-balance consistent-hash might cause the rpd to crash. PR1200997

  • On all platforms running under Junos OS with vrf-target auto configured under [edit routing-instances], the rpd might crash after an unrelated configuration change. PR1301721

Routing Protocols

  • QFX5100 switches might not send router advertisement packets to clients when igmp-snooping is configured on a user VLAN, and the end clients connected to the devices might lose IPv6 connectivity. PR1238906

  • On QFX Series platforms in an MC-LAG (active-active) environment, on a VRRP backup chassis, when you add a new VRRP group or reconfigure a VRRP group for a logical interface, the Layer 3 forwarded traffic might be dropped on the VRRP backup chassis due to loss of the VRRP virtual address. PR1255978

  • In a VCF scenario that includes an EX4300 switch, if fabric-tree-root is configured, then the broadcast, unknown, and multicast (BUM) traffic might not be forwarded. PR1257984

  • On QFX3500, QFX3600, and QFX5100 switches, BGP packets with an IPv6 link local address as a destination address are not punted to the CPU, so the BGP session is not established. PR1267565

  • On QFX5100 switches, when you are adding or deleting routes on a system with a large number of routes, in rare cases, the fxpc process might access an already freed-up memory space, causing the fxpc process to crash and restart with a core file generated. PR1271825

  • On QFX5100-24Q and QFX5100-48S, if IPv6 link local packets are from a member other than the first member of a channelized interface (for example, xe-0/1/2:1, xe-0/1/2:2, or xe-0/1/2:3), IPv6 packets are dropped. PR1283065

  • If the number of Ref count entries used by a firewall filter applied on a loopback interface is more than 255, log message dc-pfe: list_destroy(): non-empty list (1) is displayed after the firewall filter configuration is committed. PR1286209

Security

  • If a MAC move limit is configured to drop traffic, QFX Series switches might forward traffic instead of dropping traffic when the MAC move limit is exceeded. PR1105372

  • If a Media Access Control Security (MACsec) session flaps, dot1x might crash and generate a core file, and then the MACsec session is not established. PR1251508

  • On standalone QFX5100 switches or on QFX5100 Virtual Chassis or Virtual Chassis Fabric (VCF), Media Access Control Security (MACsec) licenses might not be added. PR1269667

  • If storm control is enabled with the shutdown action on QFX3500, QFX3600, or QFX5100, the interface with DN and SCTL flags lose the SCTL flag and remain permanently down after GRES. PR1290246

Software-Defined Networks (SDN)

  • On QFX5100 switches, if OpenFlow is configured with interfaces and controller options, then the OpenFlow session might flap constantly. PR1323273

Resolved Issues: Release 15.1R6

High Availability (HA) and Resiliency

  • On QFX5100 and EX4600 switches, during a nonstop software upgrade (NSSU), if an aggregated Ethernet (AE) interface is configured with multiple subinterfaces across multiple Flexible PIC Concentrators (FPCs), the AE interface might go down. PR1227522

  • On a QFX5100 switch, you cannot perform an in-service software upgrade from Junos OS Release 14.1X53-D30 to Junos OS Release 14.1X53-D40. As a workaround, during a maintenance window, download the new software version, perform a regular software upgrade, and reboot the switch. PR1229272

Interfaces and Chassis

  • On QFX5100 Virtual Chassis, DHCPv6 binding might fail if the server and the client are in different virtual routing and forwarding (VRF) instances. PR1167693

  • Output from show chassis environment says fan tray testing/absent in QFX3500 Virtual Chassis with EX4300. PR1200638

  • The backup link in the aggregated link is not forwarding the traffic when the primary link goes down in the following configuration with Junos OS Release 15.1R4: root# show interfaces ge-0/0/10 ether-options { 802.3ad { ae0; primary; } } {master:0}[edit] root# show interfaces ge-0/0/19 ether-options { 802.3ad { ae0; backup; } }. PR1208614

  • On QFX Series switches, LLDP does not work on management and internal Ethernet (em) interfaces. PR1224832

  • On QFX Series switches, in rare cases, the Link Up / Down notification from the Packet Forwarding Engine (PFE) to the Routing Engine might need a bit of time, so the PFE-side interface and remote device interface show Admin Up and Link Up, but the CLI might show the interface in Admin Down and Link Down. When this issue happens, it might last about 30 seconds. PR1227947

  • A QFX5100-48S or QFX5100-96S might incorrectly list the media type of an SFP-T copper module as “fiber” in the output of show interface. PR1240681

Layer 2 Features

  • On QFX5100 switches, if you configure an aggregated Ethernet (AE) interface in a VLAN associated with a VNI, the AE interface might stop forwarding traffic. Also, even after you delete the VXLAN configuration, the problem persists. PR1213701

  • On QFX5100 switches, an fxpc process might generate a core file. PR1231071

  • MAC learning will be very slow when clearing MAC addresses in cases of scale MAC learning (128k). PR1240114

Multiprotocol Label Switching (MPLS)

  • Ping over LSP shows different behavior in regards to HLIM. PR1179518

  • On EX Series and QFX Series switches, if you change a Layer 2 circuit configuration from Ethernet CCC encapsulation to VLAN CCC encapsulation, traffic losses might occur at the pseudowire tunnel initiation point. PR1222888

Network Management and Monitoring

  • Despite the EX4300 switch or QFX5100 switch being configured with the network analytics feature, the analytics process might not run. As a result, the network analytics feature might be unable to collect traffic, queue statistics, and generate reports. PR1165768, PR1184720

  • The Digital Optical Monitoring (DOM) MIB jnxDomCurrentTable for 1G SFP interfaces does not return any value. PR1218134

Port Security

  • On QFX3500, DHCP binding might not work when untrusted ARP inspection is enabled in the snooping device. PR1229399

Routing Policy and Firewall Filters

  • On QFX5100 switches, firewall filters that contain policers might not process packets correctly if TCAM entries are programmed over multiple slices of TCAM memory space. Firewall filter terms are programmed as TCAM entries in the TCAM memory table. The auto-expansion function over multiple slices might fail with policers being attached to firewall filter terms. PR1232926

Routing Protocols

  • In a QFX5100 Virtual Chassis or Virtual Chassis Fabric (VCF), if the master Routing Engine crashes when nonstop active routing (NSR) is configured and the [edit system] switchover-on-routing-crash statement is set, the Virtual Chassis or VCF fails to perform the switchover to the backup Routing Engine. The switchover-on-routing-crash statement helps to prevent loss of traffic during a Routing Engine switchover when NSR is enabled by switching immediately over to the backup Routing Engine. PR1220811

  • On EX4600 and QFX Series switches with unicast-in-lpm configured, EBGP packets with ttl=1 and non-EBGP packets with ttl=1, whether destined for the device or even transit traffic, both go to the same queue. This might result in dropping of valid EBGP packets, resulting in EBGP flap. PR1227314

  • On QFX5100 switches running Junos OS Release 14.1X53-D30.3, when you apply an IPv6 firewall filter, the system might crash with a PFE panic. PR1234729

  • On a QFX5100 switch, Gratuitous Address Resolution Protocol (GARP) reply packets are not updating the Address Resolution Protocol (ARP) table. GARP request packets, however, are updating the ARP table as expected. PR1246988

  • On QFX5100 switches, multicast route leaking does not support a Layer 3 interface (IPv4) as an upstream port. As a workaround, use an integrated routing and bridging (IRB) interface. PR1250430

Software-Defined Networking (SDN)

  • On QFX5100 switches, OVSDB traffic might be dropped after Layer 2 learning is restarted. PR1177012

Resolved Issues: Release 15.1R5

Class of Service (CoS)

  • In an ETS configuration, if transmit-rate is configured at queue-level, the guaranteed rate should be configured at the TCP level. If not, a syslog message is logged about configuration failure. The configuration is not pushed to the kernel/PFE. On a QFX5100 Virtual Chassis, when a member joins, since the configuration check is already done on the master, the configuration is sent to members. Because the guaranteed rate is configured as 0, the logic to calculate the transmit-rate fails. PR1195498

Firewall Filters

  • On QFX5100 switches, the DSCP action modifier of a family inet firewall filter does not properly modify or mark the DSCP bits on packets matching the firewall filter. PR1205072

  • On QFX5100 switches, port-range-optimize (both source and destination) might fail to be programmed into the hardware for an inet output filter. PR1211576

Infrastructure

  • On QFX5100 and EX4600 switches, in a rare timing condition, if there was already a request to gather some info from the QSFP and remove it at the same time, the Packet Forwarding Engine manager (fxpc) might crash. PR1151295

  • On an EX4300 switch in a VCF, if a Layer 3 AE interface is looped back with a Layer 2 port in the same VLAN, then traffic with the same destination MAC to the AE interface is dropped (for example, the ping address of the AE interface). PR1157283

  • On QFX5100-48T, when issuing show interface extensive or show interface media, the Local resolution: section of the Autonegotiation information section indicates that flow control is enabled for both tx and rx even though flow control has been explicitly configured as disabled and the disabled state is indicated in the top portion of the output. PR1168511

  • On QFX5100 switches, packet loss and framing errors might be observed on QSFP+40GE-LX4 transceiver. PR1177499

  • On EX4300, EX4600, QFX3500, QFX3600, and QFX5100 switches with vlan-rewrite configured on an AE interface, a VLAN rewrite might fail and result in traffic loss. PR1186821

  • On QFX5100 switches that are running with VXLAN Open vSwitch Database (OVSDB), the Packet Forwarding Engine manager (fxpc) might crash and generate a core file because of heap memory exhaustion on the kernel. This is a specific issue with OVSDB and does not affect multicast VXLAN. PR1187299

  • After you add or remove a PEM on a QFX5100 switch, the show chassis environment pem command does not display the correct Current(A) and Power(A) usage. PR1204850

  • If a QFX5100 switch or VCF is configured with IGMP snooping without any PIM-related configuration, a mcsnoopd memory leak might occur when the device receives PIM hello packets that need to be forwarded further. When PIM hello packets are arriving on the device, 12 bytes are allocated for every PIM hello packet, causing an increase in the memory consumed by the mcsnoopd process. PR1209773

MPLS

  • On QFX5100 switches or a QFX3500 or QFX3600 Virtual Chassis, IP packet frames of 1500 bytes might drop when family mpls is configured on a logical interface. PR1199919

  • On QFX5100 switches with MPLS and LDP enabled, for packets with incoming labels that must perform a penultimate hop popping (PHP) operation on the QFX5100 switch, occasionally the packets are not processed and are dropped. PR1190437

Platform and Infrastructure

  • The Packet Forwarding Engine manager daemon (fxpc) might crash on an QFX5100 switch if multiple processes attempt to access the Ethernet-switching table/database at the same time. PR1146937

  • On EX4600 or QFX5100 switches or Virtual Chassis or Virtual Chassis Fabric (VCF), when you reconfigure or modify the Unified Forwarding Table (UFT) profile, the device automatically restarts (for the UFT configuration to take effect). When this happens in a Virtual Chassis or Virtual Chassis Fabric (VCF) environment, the Virtual Chassis or VCF might become unstable and fail to recover, and the Virtual Chassis or VCF (all member devices) must be rebooted to reestablish stable operation. To avoid this situation, configure the UFT profile when you initially set up the device. After the fix, for standalone switches and Virtual Chassis with a single member, it works as before. For a Virtual Chassis or VCF with more than one member, the member does not restart, and the system generates a syslog message that tells you to restart the system manually when you change the UFT configuration. PR1152102

  • On QFX3500 or QFX5100 switches, when parity errors occur on interfaces, they might affect the memory management unit (MMU) memories. MMU counters can be corrupted, the interface buffers might be stuck, and there might be interface flaps and traffic loss on the affected ports. As a workaround (restoration only), reboot the system. PR1169700

  • In a QFX5100 Virtual Chassis, if the master is halted or rebooted with some limited MAC persistence timer set, then in a specific sequence the IRB MAC does not get programmed correctly in the BCM. PR1188092

  • On QFX3500, QFX3600, QFX5100, and EX4600 switches, if a routing loop is created, the TTL of the packet does not reduce to 0 and the packet is not dropped. PR1196354

  • On QFX3500, QFX3600, QFX5100, and EX4600 switches, if you disable an IRB interface, reboot the switch, and then reenable the IRB interface, the IRB interface might not be reachable. PR1196380

  • On a Virtual Chassis Fabric, you might see an error such as MMU ERR Type: 1B error, Addr: 0x001052cf, module: 42, which indicates that there was an ECC error in the PFE MMU counter memory. ECC errors are corrected by the hardware without software intervention and are corrected only when a packet hits that memory. Reading an ECC-errored entry always generates an interrupt; however, the error will only be corrected when the packet hits the memory. Because this is a counter memory, the counter thread reads this memory continuously, and hence you see continuous error messages. PR11968162

  • On QFX5100 switches, Rx power low warning set messages might be logged continuously for channelization ports that are in the DOWN state with snmpwalk running in the background. PR1204988

  • There are basically three arguments—periodic, diagnostic, and tx—for the lcdd_cmd -f 0 -d chassism -c command, and this top-level command requires different numbers of arguments. If any one of the arguments is missing when the command is executed on a QFX3500 or QFX3600 switch, chassisd might crash. PR1206328

  • On QFX5100 and EX4600 switches, in rare cases, the fxpc process might crash and restart with a core file generated upon LPM route install failure. After the switch restarts, services are restored. PR1212685

Routing Protocols

  • On QFX5100 switches, the routing protocol process (rpd) fails to respond to any new CLI routing commands (for example, show mpls lsp terse). The rpd is forking a child process while processing a show command. When the subprocess tries to exit, it attempts to close the management socket being used by the show command. This failure might cause the rpd subprocess to crash and generate a core file. It also removes the rpd pid file, which prevents the rpd from processing any new CLI commands even though the original rpd process continues to run normally. PR1111526

Spanning-Tree Protocols

  • On QFX5100 and EX4600 switches, in a scenario where MSTP, RSTP, orVSTP is configured to prevent a Layer 2 network loop, xSTP convergence might fail on an interface that is configured with flexible-vlan-tagging and encapsulation of extended-vlan-bridge. PR1179167

Virtual Chassis

  • On a non-mixed QFX5100 Virtual Chassis Fabric (VCF) or Virtual Chassis, LACP might flap when the switch in the master Routing Engine role is rebooted using the CLI or because of a power cycle. This issue is not experienced after a Routing Engine switchover. As a workaround, configure a slow LACP timeout. PR1034377

  • On a VCF platform, the memory usage limitation for the vccpd process is 131 MB in memory. Any VCP port flapping will cause a small memory leak (256 KB~1 MB) in the VCF. If the memory usage reached is 131 MB, then the vccpd will crash and create a core file and then restart. In the meantime, a member of the VCF will disconnect from VCF; this will have a service impact until the vccpd comes up again. PR1158798

Resolved Issues: Release 15.1R4

Class of Service (CoS)

  • On QFX5100 and EX4600 switches, ICMP, SSH, and ARP traffic generated by the switch might be forwarded to queue 7 (network-control); the default behavior is that the traffic would be forwarded to queue 0 (best-effort). PR1178188

Interfaces and Chassis

  • On a QFX5100 Virtual Chassis, if you configure an aggregated Ethernet interface as an OVSDB interface with multiple subinterfaces that are configured under different VXLAN domains, removal of the last but one AE subinterface might reset VXLAN settings on the physical port that are part of the AE interface, resulting in packet drops. PR1150467

  • On QFX Series and EX Series switches, if you configure VRRP with an MC-LAG between the master and backup switches, both VRRP members of IRB interfaces might stay in the master state after a software upgrade. PR1157075

  • On QFX5100 switches, if a trunk interface is a VXLAN port, tagged frames matching the native VLAN ID might be sent out with the native VLAN tagged. PR1164850

  • If a QFX5100 Virtual Chassis is created with a QFX5100-48S in the routing-engine role and a QFX5100-48T in the linecard role, ports of the QFX5100-48T might be shown as having media type Fiber. PR1166810

  • On QFX5100 switches, if you enable aggregated Ethernet links by deleting the disable command, LACP core files might be generated. PR1173562

Layer 2 Features

  • On a QFX5100 switch, if you delete a VLAN and create a new VLAN with a different VLAN ID but use the same VNI, and you commit those changes within a single commit, a MAC learning failure might occur on the newly created VLAN. These system logging messages might be displayed:

    • fpc0 BRCM-VIRTUAL,brcm_vxlan_hw_add(),263:Failed to Program vxlan bd(22) token(0xf) status(-8)

    • fpc0 BRCM-VIRTUAL,brcm_virtual_bd_add(),626:Cannot create Virtual-BD for bd(22)

    • fpc0 BRCM-VIRTUAL,brcm_virtual_port_add(),101:Port(ge-0/1/2) add came before bd(22) add

    • fpc0 LBCM-L2,pfe_bcm_l2_addr_delete_by_vlan(),52:delete L2 entries associated with bd 21(65535) failed(-4)

    PR1161574

  • On QFX5100 and EX4600 switches, every time a MAC address is learned, some messages might be output to syslog and be repeated frequently. The logged messages have no impact on service traffic. PR1171523

Platform and Infrastructure

  • On QFX Series mixed Virtual Chassis Fabric (VCF), software rollback with the force option (request system software rollback force) might not work. PR1028666

  • In a Virtual Chassis Fabric (VCF) with three or four spine devices, the spine devices operating in the linecard role cannot assume the Routing Engine role, including in cases where the master or backup Routing Engine fails. PR1115323

  • In a Virtual Chassis or a Virtual Chassis Fabric (VCF), issuing the clear arp command might not clear ARP entries. PR1159447

  • If DHCP packets with MPLS tags are sent to the CPU on a QFX5100 node acting as a PHP node, the logical interfaces index on the packet notification might not be set correctly, and the DHCP packets might be dropped. PR1164675

  • On a QFX5100 switch with an integrated routing and bridging (IRB) interface configured as a Layer 3 interface and with two hosts (Host A and Host B) connected to the switch, if you deactivate the IP address on Host A and then configure the same IP address on Host B, the outgoing interface of the IP address might not be changed in the ARP table. PR1166400

  • Some interfaces might be down after you disable and then reenable autonegotiation on QFX5100-48T interfaces that are connected to QFX3500 SFP-T interfaces. As a workaround, restart the Packet Forwarding Engine. PR1168581

Routing Policy and Firewall Filters

  • On QFX5100 switches, starting with Junos OS Release 15.1R3, forwarding-class mcast configurations are not supported in port-based firewall filters. PR1088313

Routing Protocols

  • On QFX Series switches, when a neighbor device sends a flood of Link Layer Discovery Protocol (LLDP) traffic bigger than 1000 pps to the QFX Series switch, Link Aggregation Control Protocol (LACP) flaps might be seen on unrelated interfaces. PR1058565

  • On QFX5100 and EX4600 switches, if you use the Network Configuration Protocol (NETCONF) to add or delete firewall filters on an integrated bridging and routing (IRB) interface, the Packet Forwarding Engine Manager (fxpc) might generate a core file. PR1155692

  • On QFX5100 and EX4600 switches, when a limit traffic filter is configured with TTL=1 packets accepted on the loopback interface, the host-bound unicast packets with TTL=1 (for example, OSPF packets) might be dropped. PR1161936

  • On a QFX3500 switch, if you configure one interface with PIM and the interface sends hello packets, and then you change its PIM hello-interval from non-zero to 0, the interface sends hello packets continuously. PR1166236

  • On QFX5100 switches, if you apply a firewall filter on the loopback interface with the match condition for packets with TTL 0/1 and with policer set as the action, the term does not catch the packets. PR1166936

Security

  • On QFX Series switches, up to four port-mirroring analyzers can be configured, which can have up to four ingresses and egresses total for all input stanzas. If the count of ingresses plus egresses is greater than four, the analyzers do not work properly. PR1168528

Software-Defined Networks (SDN)

  • On QFX5100 switches, the openflowd process might generate a core file. PR1142563

Virtual Chassis and Virtual Chassis Fabric (VCF)

  • On QFX5100 Virtual Chassis, if you insert some SFP or SFP+ optics in a port, that port might go down and might not read any other optics. As a workaround, reboot the chassis. PR1144190

  • On QFX5100 Virtual Chassis, Virtual Chassis ports (VCPs) might not be auto-configured if the ports are connected while other ports are being converted. PR1159242

  • On an EX4600 Virtual Chassis or a QFX Series Virtual Chassis or Virtual Chassis Fabric (VCF), if you convert the Virtual Chassis port (VCP) to a network port by issuing the request virtual-chassis vc-port delete command, broadcast and multicast traffic might be dropped due to the port remaining programmed as a VCP in the hardware. PR1159461

Resolved Issues: Release 15.1R3

Note

Some resolved issues at Release 15.1R3 apply to both QFX Series and EX Series switches. Those shared issues are listed in this section.

Authentication and Access Control

  • On EX4300, EX4600, EX9200, and QFX5100 switches configured for 802.1X authentication, if the VLAN assigned to an access port is changed, then the supplicants authenticated are disconnected and the users are not able to authenticate anymore. PR1148486

Bridging and Learning

  • On EX4300 and QFX Series switches with PVLAN configured, if secondary VLANs (isolated VLANs or community VLANs) are configured with vlan-name, after binding or unbinding the isolated or community VLANs in the primary VLAN, packet loss might occur between existing VLANs. PR1144667

Class of Service (CoS)

  • On QFX Series switches with Data Center Bridging and Capability Exchange (DCBX) enabled, when you are configuring a guaranteed minimum rate of transmission for a CoS traffic control profile, the Layer 2 Control Protocol daemon (l2cpd) might crash during the initial LACP setup. PR1143216

  • On EX4600 and QFX5100 switches, when the Virtual Router Redundancy Protocol (VRRP) priority is modified to change the VRRP mastership after cosd restart (or device restart), packets might be dropped on interfaces that have both inet and inet6 families enabled. PR1105963

  • On QFX5100 and EX4600 switches, if you channelize a 40-Gigabit Ethernet QSFP+ interface into four 10-Gigabit Ethernet ports and try to apply the CoS configuration to one of the specific channels, multicast traffic might get dropped. PR1108103

  • On QFX5100 and EX4600 switches, if an interface that is enabled for flow control is connected to an EX Series switch (except EX9200), even low-rate traffic (host-bound traffic) received might cause a MAC pause frame to be sent from the interface to the peer device, and other transmitting traffic from the interfaces might be affected (for example, LACP flapping might occur). PR1113937

Dynamic Host Control Protocol

  • On QFX5100 switches that are configured with the include-option-82 nak option so that Dynamic Host Configuration Protocol (DHCP) servers include option 82 information in NAK messages, two copies of option-82 might be appended to DHCP ACK packets. PR1064969

  • On EX9200 and QFX5100 switches, when DHCP relay is configured with the DHCP server and DHCP client in separate routing instances, unicast DHCP reply packets, for example, DHCPACK in response to a lease renewal request, might be dropped. PR1079980

  • On an EX Series or QFX Series switch configured as a DHCP client, the length of the DHCP vendor ID is always 60 in DHCP discover packets when the vendor class ID is configured, although the actual vendor-id name is less than 60. As per RFC 2132, the code for this option ("Vendor class identifier") is 60, and its minimum length is 1. PR1123111

Firewall Filters

  • On EX4600 and QFX Series switches, if filter-based forwarding (FBF) is configured on an IRB interface that is also enabled for Virtual Router Redundancy Protocol (VRRP), when the host uses the VIP address as the gateway, the switch does not forward packets from that host to the destination routing instance through FBF. This is expected behavior based on the implementation of family inet filters. As a workaround, configure the hosts to use the physical IP address of the IRB interface rather than the VRRP VIP address as the gateway. PR1025312

  • On QFX5100 switches with DHCP relay enabled, if there is a firewall filter with the term "then log" configured, DHCP clients might fail to get IP addresses from a DHCP server. This occurs because the DHCP-relay traffic on the switch drops as the result of rate-limiting. PR1041513

  • On EX4600 and QFX Series switches, you might not be able to commit the configuration when the arp-type match condition is configured in a firewall filter. PR1084579

  • On QFX5100 switches, in the absence of any match condition in filters used for filter-based forwarding (FBF) that are applied to IPv4 traffic, IPv6 traffic coming in on the same interface might get filtered as well. PR1145667

High Availability (HA) and Resiliency

  • On QFX5100 switches with a minimum interval for a Bidirectional Forwarding Detection (BFD) session configured to less than a second, the pre-ISSU check might be successful and continue to implement the ISSU, causing the BFD session to flap. The expected behavior is that the pre-ISSU check for the BFD session fails and ISSU is aborted. PR1132797

Infrastructure

  • On QFX3500, QFX3600, and QFX5100 switches, when family ethernet-switching is configured on an interface that is also configured with encapsulation extended-vlan-bridge , then transit packets (for example, IP, ping, or Q-in-Q packets) might be dropped on this interface. PR1078076

  • On a QFX3500 switch with nonstop active routing (NSR) enabled, deleting a routing-instance or logical-system configuration might cause a soft assert of the rpd process. If NSR is not enabled, after you delete a routing-instance or logical-system configuration, executing the restart routing command might trigger this issue, too. This issue has no functional impact. PR1102767

  • On a Virtual Chassis formed with QFX3500 and QFX3600 switches, CPU consumption might be high if a greater than usual amount of host traffic goes to a VRRP backup node. PR1124038

Interfaces and Chassis

  • On QFX5100 switches, the maximum number of LAGs is now 1000. PR1082043

  • On a QFX5100 Virtual Chassis, the MAC address is not learned on an aggregated Ethernet (AE) interface configured as a VXLAN Layer 2 port and with the interface mode configured as access. The issue is observed only with AE interfaces that span multiple Virtual Chassis members and when the member node is rebooted or power cycled. PR1112790

  • On QFX5100 switches, if an mc-ae member link is deleted and then re-added on an MC-LAG node, there could be a traffic loss of about 2 seconds. PR1146206

  • On QFX5100 switches, a child member might drop the incoming Link Aggregation Control Protocol (LACP) frames when this child member is moved from an access-mode VXLAN LAG interface to a trunk-mode VXLAN LAG interface. PR1153042

  • On QFX5100 and EX4600 switches, the Gigabit Ethernet (ge) interface might stop forwarding traffic when you hot-swap a transceiver from SFP-SX to SFP-T. PR1144485

Layer 2 Features

  • On QFX5100 and EX4600 switches running under Junos OS Release 14.1X53-D10 or later, when DHCPv6 solicitation packets go through the device with Q-in-Q configured, the packets might be dropped by peers because the S-tag has not been added. PR1103793

  • On EX4300, EX4600, and QFX Series switches, if a trunk port is deleted and then reconfigured as an access port in the same commit, the Layer 2 address learning daemon (l2ald) might generate a core file. PR1105255

  • On EX4600 and QFX5100 switches, the VLAN Spanning Tree Protocol (VSTP) bridge protocol data units (BPDUs) might be reinjected to the Packet Forwarding Engine and not be sent out of an interface when the interface has been added to the VSTP configuration and is configured with flexible-vlan-tagging. PR1117540

  • On QFX5100 switches, if you configure a PVLAN inter-switch link on an existing working trunk port, normal VLAN traffic might break. PR1118728

  • On EX4300, EX4600, and QFX Series switches, traffic received on the backup redundant trunk group (RTG) link might get forwarded to other interfaces following an RTG link failover. PR1119654

  • If you reboot one FPC in a two-member Virtual Chassis, the traffic might not exit from the FPC after the FPC comes back online and rejoins the Virtual Chassis, and local registers might be incorrectly cleared if the port number is the same on both the master and backup. PR1124162

  • On a QFX5100 Virtual Chassis, traffic might not pass the inter-member when the firewall filter is applied to the ingress interface using the interface vlan option. PR1138714

  • On QFX5100 and EX4600 switches, after you delete one logical interface from one VLAN that is configured with multiple logical interfaces, the MAC address for other logical interfaces might not be learned again. PR1149396

MPLS

  • On QFX5100 switches, a ping from the customer edge (CE) to the provider edge (PE) (last-hop router [LHR]) lo0 interface does not go through with explicit-null (RSVP). PR1145437

Multicast

  • On EX4600 and QFX Series switches, IGMP snooping might not be enabled after you reboot the switch. You might see the same issue after you run a nonstop software upgrade (NSSU) on the switch. PR1082453

Platform and Infrastructure

  • Setting link speed to 100 Mbps does not work in the following situations:

    • When network interfaces are used on an EX4600

    • When an EX4600-EM-8F expansion module is installed in a QFX5100-24Q switch or EX4600 switch

    PR1032557

  • On EX Series and QFX Series switches, issuing the show interfaces extensive command or polling SNMP OID ifOutDiscards provides a drop count of zero. PR1071379

  • On QFX5100 switches, the wrong source IP address is being used when the switch initiates traffic and em0 is configured with a 192.168.1.x/16 subnet and after the switch has been upgraded with the force-host option. PR1071517

  • On EX4600 and QFX Series switches, MAC addresses on one VLAN might be installed in the hardware but be missing from the Ethernet-switching table if the following steps were taken and if A + B >= 4096:

    1. Configured vlan-id-list for a VLAN range "A" with a commit.

    2. Deleted the VLAN range "A" and re-added the VLAN range "B" in the same commit.

    PR1074919

  • On QFX3500 switches, if you remove 1-Gigabit Ethernet SFP transceivers from ports 0-5/42-47 and then insert 10-Gigabit Ethernet SFP+ transceivers in the same ports, the 10GE SFP+ transceivers might not be detected. PR1085634

  • On QFX5100 switches, adding or removing virtual routing and forwarding (VRF) instances that have many logical interfaces in the link aggregation group (LAG) might cause Link Aggregation Control Protocol (LACP) flapping. PR1087615

  • On EX4600 and QFX5100 switches, when Spanning Tree Protocol (STP) is enabled on an S-VLAN, that S-VLAN's STP bridge data protocol unit (BPDU) packets might be dropped by the S-VLAN interface if the S-VLAN interface is an aggregated Ethernet (AE) interface. PR1089331

  • On EX4600 and QFX5100 switches, when flow control is configured on an interface, and pause frames are sent to this interface, the interface might go down. PR1098055

  • On QFX Series switches, removing or inserting one QSFP might cause the pfe process to crash. PR1098385

  • On EX4600 and QFX5100 switches with Q-in-Q, if the native VLAN is configured on a Q-in-Q interface connected to a customer edge (CE), the packets going out with the native VLAN ID (customer-VLAN) are still tagged. PR1105247

  • On a QFX Series Virtual Chassis Fabric (VCF) or Virtual Chassis with graceful Routing Engine switchover (GRES) enabled, the backup Routing Engine might continuously reboot after you configure forward-and-send-to-re or forward-only under the [edit interface interface-name unit unit-number family inet targeted-broadcast] hierarchy. PR1106151

  • On a QFX5100 VCF in auto-provisioned mode, when adding a new leaf device to the VCF, you should zeroize the device and reboot by using the request system zeroize command if the new leaf device has been configured with any command. The issue (interface still up) might be observed at the time of the reboot until the Packet Forwarding Engine reinitializes the interfaces. PR1106194

  • On EX4300 and QFX Series switches, the analytics daemon (analyticsd) runs on devices even if there is no analytics configuration, which might cause system instability because of the high number of files opened by analyticd. PR1111613

  • On QFX5100 Virtual Chassis, multiple PFEMAN disconnects and reconnects between the master and backup within a short period of time can cause the backup to generate core files. PR1123379

  • On EX4300, EX4600, EX9200, and QFX Series switches, the lldp-med-bypass feature does not work. PR1124537

  • On QFX3500 and QFX5100 switches, if you commit an et inet interface with an MPLS configuration and the no-redirects statement, the operation might cause no protocol ARP for the specific logical interface in the Packet Forwarding Engine, and traffic is not sent out. PR1138310

  • On QFX Series and EX4600 switches, if an aggregated Ethernet (AE) interface is used as an ECMP next hop (load balance), traffic is not hashed evenly to all member interfaces correctly. PR1141571

  • On EX4200, EX4300, EX4550, EX4600, and QFX5100 switches with Media Access Control Security (MACsec) enabled on an AE subinterface, MACsec might not work because the MACsec Key Agreement (MKA) session is not established with a peer after flexible-vlan-tagging is configured on the AE interface. PR1133528

  • On QFX5100 switches, if you delete an autonegotiate configuration on a 10-gigabit interface (xe), the interface goes down as expected because the autonegotiate setting is not matching with that on the peer interface. However, the interface might come up after the reboot even though autonegotiate is still disabled. PR1144718

  • On EX Series and QFX Series switches, if interface-mac-limit is configured on an interface range, the commit might fail. PR1154699

Routing Protocols

  • On a standalone QFX Series switch, if you configure a nested firewall filter and then attempt to commit the configuration, the firewall compiler process (dfwc) might crash and generate a core file, leading to commit failure. PR1094428

  • On a QFX VCF, if the switch works as part of a target subnet, while receiving the targeted broadcast traffic, the packets might be forwarded to the destination with the switch's MAC address as the destination MAC address, where it should be converted into a Layer 2 broadcast frame with destination MAC address FFFF.FFFF.FFFF. PR1114717

  • On QFX5100 switches, you might see the soc_mem_read: invalid index -1 for memory EGR_L3_INTF log message. You can ignore the message; there is no functional impact on the switch. PR1126035

Software-Defined Networks (SDN)

  • In an OpenFlow scenario with QFX5100 or EX9200 as the virtual switch, the openflowd process might crash after you issue the show openflow statistics tables command. PR1131697

Spanning-Tree Protocols

  • On QFX5100 switches, when an STP configuration is initially applied to an interface and the interface is down at that moment, executing show or clear spanning-tree statistic interface might cause the Layer 2 control protocol process (l2cpd) to crash. PR1152396

Storage and Fibre Channel

  • On EX4500 and QFX Series switches with Data Center Bridging Capability Exchange (DCBX) enabled, when the DCBX neighbor is up and then receives a normal Link Layer Discovery Protocol (LLDP) packet (without DCBX TLVs) on the same port as the DCBX packets, the device might ignore the DCBX packets, causing session timeouts and a reset of the priority-based flow control (PFC) settings. PR1095265

Virtual Chassis and Virtual Chassis Fabric (VCF)

  • On a Virtual Chassis Fabric (VCF), a small amount of Layer 3 unicast packet loss (for example, 0.2 - 0.3 sec) might be seen when a leaf node that is not in the traffic path is rebooted. PR976080

  • On a QFX Series Virtual Chassis Fabric (VCF), rebooting a leaf node might change the size of the VCF, resulting in a flood loop of the unicast or multicast traffic. To fix the issue, use the new configuration statement fabric-tree-root. PR1093988

Documentation Updates

There are no errata or changes in Junos OS Release 15.1R7 for the QFX Series switches documentation.

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network.

Upgrading Software on QFX3500, QFX3600, and QFX5100 Standalone Switches

When upgrading or downgrading Junos OS, always use the jinstall package. Use other packages (such as the jbundle package) only when so instructed by a Juniper Networks support representative. For information about the contents of the jinstall package and details of the installation process, see the Junos OS Installation and Upgrade Guide and Junos OS Basics in the QFX Series documentation.

If you are not familiar with the download and installation process, follow these steps:

  1. In a browser, go to https://www.juniper.net/support/downloads/junos.html .

    The Junos Platforms Download Software page appears.

  2. In the QFX Series section of the Junos Platforms Download Software page, select the QFX Series platform for which you want to download the software.
  3. Select 15.1 in the Release pull-down list to the right of the Software tab on the Download Software page.
  4. In the Install Package section of the Software tab, select the QFX Series Install Package for the 15.1 release.

    An Alert box appears.

  5. In the Alert box, click the link to the PSN document for details about the software, and click the link to download it.

    A login screen appears.

  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.
  7. Download the software to a local host.
  8. Copy the software to the device or to your internal software distribution site.
  9. Install the new jinstall package on the device.Note

    We recommend that you upgrade all software packages out of band using the console, because in-band connections are lost during the upgrade process.

    Customers in the United States and Canada use the following command:

    user@host> request system software add source/jinstall-qfx-5-15.1-R3-domestic-signed.tgz reboot

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the switch.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname (available only for Canada and U.S. version)

    Adding the reboot command reboots the switch after the upgrade is installed. When the reboot is complete, the switch displays the login prompt. The loading process can take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note

After you install a Junos OS Release 15.1 jinstall package, you can issue the request system software rollback command to return to the previously installed software.

Performing an In-Service Software Upgrade (ISSU) on the QFX5100 Switch

You can use ISSU to upgrade the software running on the switch with minimal traffic disruption during the upgrade.

Note

ISSU is supported in Junos OS Release 13.2X51-D15 and later.

Before you begin software installation using ISSU:

  • Ensure that nonstop active routing (NSR), nonstop bridging (NSB), and graceful Routing Engine switchover (GRES) are enabled. NSB and GRES enable NSB-supported Layer 2 protocols to synchronize protocol information between the master and backup Routing Engines.

    To verify that nonstop active routing is enabled:

    Note

    If nonstop active routing is enabled, then graceful Routing Engine switchover is enabled.

    If nonstop active routing is not enabled (Stateful Replication is Disabled), see Configuring Nonstop Active Routing on Switches for information about how to enable it.

  • Enable nonstop bridging (NSB). See Configuring Nonstop Bridging on Switches (CLI Procedure) for information on how to enable it.

  • (Optional) Back up the system software—Junos OS, the active configuration, and log files—on the switch to an external storage device with the command.

To upgrade the switch using ISSU:

  1. Download the software package by following the procedure in the Downloading Software Files with a Browser section in Installing Software Packages on QFX Series Devices.

  2. Copy the software package or packages to the switch. We recommend that you copy the file to the /var/tmp directory.

  3. Log in to the console connection. Using a console connection allows you to monitor the progress of the upgrade.

  4. Start the ISSU:

    • On the switch, enter:

      where package-name.tgz is, for example, jinstall-132_x51_vjunos.domestic.tgz.

    Note

    During the upgrade, you cannot access the Junos OS CLI.

    The switch displays status messages similar to the following messages as the upgrade executes:

    Note

    An ISSU might stop, instead of abort, if the FPC is at the warm boot stage. Also, any links that go down and up will not be detected during a warm boot of the Packet Forwarding Engine (PFE).

    Note

    If the ISSU process stops, you can look at the log files to diagnose the problem. The log files are located at /var/log/vjunos-log.tgz.

  5. Log in after the reboot of the switch completes. To verify that the software has been upgraded, enter the following command:

  6. To ensure that the resilient dual-root partitions feature operates correctly, copy the new Junos OS image into the alternate root partitions of all of the switches:

    Resilient dual-root partitions allow the switch to boot transparently from the alternate root partition if the system fails to boot from the primary root partition.

Product Compatibility

Hardware Compatibility

To obtain information about the components that are supported on the devices and the special compatibility guidelines with the release, see the Hardware Guide for the product.

To determine the features supported on QFX Series switches in this release, use the Juniper Networks Feature Explorer, a Web-based application that helps you to explore and compare Junos OS feature information to find the right software release and hardware platform for your network. Find Feature Explorer at: https://pathfinder.juniper.net/feature-explorer/