Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for the QFX Series

 

These release notes accompany Junos OS Release 17.1R3 for the QFX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os .

New and Changed Features

This section describes the new features and enhancements to existing features in the Junos OS main release and the maintenance releases for QFX Series.

Note

The following QFX Series platforms are supported in Release 17.1R3: QFX5100, QFX10002, QFX10008, and QFX10016.

Release 17.1R3 New and Changed Features

MPLS

  • Order-aware abstract hops for MPLS LSPs (QFX Series)—Junos OS Release 17.1 introduces abstract hops, which are user-defined router clusters or groups that can be sequenced and used for setting up a label-switched path (LSP), similar to real-hop constraints.

    The router groups are created using constituent lists that include constituent attributes, which are a logical combination of the existing traffic engineering constraints, such as administrative groups, extended administrative groups, and Shared Risk Link Groups (SRLGs). Ordering among the router groups that satisfy the specified constituent attributes is achieved by using operational qualifiers in the abstract-hop definition.

    A path can use a combination of real and abstract hops as constraints. To configure abstract hops, you need to create constituent lists with traffic engineering attributes, include the lists in the abstract-hop definition, and define path constraints that use the abstract hops.

    [See Abstract Hops For MPLS LSPs Overview and Example: Configuring Abstract Hops for MPLS LSPs.]

Restoration Procedures Failure

  • Device recovery mode introduced in Junos OS with upgraded FreeBSD (QFX Series)—Starting in Junos OS Release 17.1R3, for devices running Junos OS with upgraded FreeBSD, provided you have saved a rescue configuration on the device, there is an automatic device recovery mode that goes into action should the system go into amnesiac mode.The new process is for the system to automatically retry to boot with the saved rescue configuration. In this circumstance, the system displays the banner Device is in recovery mode in the CLI (in both the operational and configuration modes). Previously, there was no automatic process to recover from amnesiac mode. A user with load and commit permission had to log in using the console and fix the issue in the configuration before the system would reboot.

    [See Saving a Rescue Configuration File.]

Release 17.1R2 New and Changed Features

  • There are no new features or enhancements to existing features for QFX Series in Junos OS Release 17.1R2.

Release 17.1R1 New and Changed Features

Hardware

  • QFX10008 switch—Starting with Junos OS Release 17.1R1, the Juniper Networks QFX10000 line of Ethernet switches provides cloud builders and data center operators scalable solutions for both core and spine data center deployments. The QFX10008 switch is an 8-slot, 13 U chassis that supports up to eight line cards. This switch was previously supported in an “X” release of Junos OS.

    [See QFX10008 Switch Hardware Guide.]

  • QFX10016 switch—Starting with Junos OS Release 17.1R1, the Juniper Networks QFX10016 modular data center spine and core Ethernet switch provides cloud and data center operators with high-level scale and throughput. The largest of the QFX10000 line of switches, the QFX10016 can provide 96 Tbps of throughput and 32 Bpps of forwarding capacity in a 21 rack unit (21 U) chassis. The QFX10016 has 16 slots for line cards that allow for a smooth transition from 10-Gigabit Ethernet and 40-Gigabit Ethernet networks to 100-Gigabit Ethernet high-performance networks. This switch was previously supported in an “X” release of Junos OS.

    [See QFX10016 Switch Hardware Guide.]

  • QFX10000-60S-6Q line card (QFX10008 and QFX10016 switches)—Starting with Junos OS Release 17.1R1, the QFX10000-60S-6Q line card provides 60 SFP+ ports and six flexible configuration ports for 100Gbps and 40Gbps. Note that as of Release 17.1R1, the SFP+ ports do not support 1-Gbps.





    Of the six flexible configuration ports, two ports have QSFP28 sockets that support either 100-Gbps or 40-Gbps speeds. The remaining four ports have QSFP+ sockets that can be configured as either a native 40-Gbps port or four 10-Gbps ports using a breakout cable. With breakout cables, the line card supports a maximum of 84 logical 10-GbE ports.

    [See QFX10000-60S-6Q Line Card.]

Class of Service (CoS)

  • Support for class-of-service-based forwarding (QFX 10000 Series)—CoS-based forwarding (CBF) enables the control of next-hop selection based on a packet's class-of-service field. Starting with Junos OS Release 17.1R1, QFX 10000 Series switches support CBF. You can implement CBF by creating a next-hop-map at the [edit class-of-service forwarding-policy] hierarchy level and then applying the next-hop-map to a policy-statement at the [edit policy-options] hierarchy level. CBF can only be configured on a device with eight or fewer forwarding classes plus a default forwarding class.

    [See Forwarding Policy Options Overview.]

  • Support for data center bridging quantized congestion notification (QFX 10000 Series)—Starting with Junos OS Release 17.1R1, QFX 10000 Series switches support data center bridging quantized congestion notification, which is a congestion management mechanism that sends a congestion notification message through the network to the ultimate source of the congestion, stopping congestion at its source.

    [See Understanding DCB Features and Requirements].

  • New show interfaces command for virtual output queues (QFX 10000 Series)—Starting with Junos OS Release 17.1R1, QFX 10008 Series switches support the show interfaces voq interface-name command, which enables you to view statistics for virtual output queues.

    [See show interfaces voq.]

  • Support for data center bridging standards (QFX 10000 Series)—Starting with Junos OS Release 17.1R1, QFX 10008 Series switches support three data center bridging standards:

    • Priority-based flow control (PFC) allows you to select traffic flows within a link and pause them, so that the output queues associated with the flows do not overflow and drop packets.

    • Enhanced transmission selection (ETS), also called CoS hierarchical port scheduling, is a two-tier process that provides better port bandwidth utilization and greater flexibility to allocate resources to queues (forwarding classes) and to groups of queues (forwarding class sets).

    • Explicit congestion notification (ECN) enables end-to-end congestion notification between two endpoints on TCP/IP based networks.

    [See Understanding DCB Features and Requirements.]

  • Support for data center bridging standards (QFX 5100 Series)—Starting with Junos OS Release 17.1R1, class of service (CoS) features can be configured on OVSDB-managed VXLAN interfaces on QFX5100 switches. An OVSDB-managed VXLAN interface uses an OVSDB controller to create and manage the VXLAN interfaces and tunnels.

    [See Understanding CoS on OVSDB-Managed VXLAN Interfaces.]

Dynamic Host Configuration Protocol

  • Virtual-router aware DHCP server/DHCP relay agent (QFX10008 )—Starting with Junos OS Release 17.1R1, QFX10000 switches can be configured to act as a DHCP server or DHCP relay agent for IPv4 and IPv6. If you have virtual router instances on the switch, the DHCP implementation can work with them. This feature was previously supported in an “X” release of Junos OS.

    [See DHCP and BOOTP Relay Overview.]

High Availability (HA) and Resilency

  • Support for high availability features (QFX10000 switches)—Starting with Junos OS Release 17.1R1, the following features are supported:

    • Graceful Routing Engine switchover (GRES)—Enables a switch with redundant Routing Engines to continue forwarding packets, even if one Routing Engine fails.

      To configure GRES, include the graceful-switchover statement at the [edit chassis redundancy] hierarchy level and the synchronize statement at the [edit system commit] hierarchy level.

    • Nonstop active routing (NSR)—Uses the same infrastructure as GRES to preserve interface and kernel information. NSR also saves routing protocol information by running the routing protocol process (rpd) on the backup Routing Engine.

      To configure NSR, include the nonstop-routing statement at the [edit routing-options] hierarchy level.

    • Nonstop bridging (NSB)—Uses the same infrastructure as GRES to preserve interface and kernel information. NSB also saves Layer 2 Control Protocol (L2CP) information by running the Layer 2 Control Protocol process (l2cpd) on the backup Routing Engine.

      To configure NSB, include the nonstop-bridging statement at the [edit protocols layer2-control] hierarchy level.

    These features were previously supported in an “X” release of Junos OS.

Infrastructure

  • Support for Secure Boot (QFX10008 and QFX10016 switches)—Starting with Junos OS Release 17.1R1, a significant system security enhancement, Secure Boot, has been introduced. The Secure Boot implementation is based on the UEFI 2.4 standard. The BIOS has been hardened and serves as a core root of trust. The BIOS updates, the bootloader, and the kernel are cryptographically protected. No action is required to implement Secure Boot.

    This feature was previously supported in an “X” release of Junos OS.

Interfaces and Chassis

  • LACP hold-up timer configuration and initialization delay timer support on LAG interfaces (QFX10000 switches)—Starting with Junos OS Release 17.1R1, you can configure a Link Aggregation Control Protocol (LACP) hold-up timer value for link aggregation group (LAG) interfaces. You configure the hold-up timer to prevent excessive flapping of a child (member) link of a LAG interface due to transport layer issues. With transport layer issues, it is possible for a link to be physically up and still cause LACP state-machine flapping. LACP state-machine flapping can adversely affect traffic on the LAG interface. LACP monitors the PDUs received on the child link for the configured time value, but does not allow the member link to transition from the expired or defaulted state to current state. This configuration prevents excessive flapping of the member link. To configure the LACP hold-up timer for LAG interfaces, use the hold-time up timer-value statement at the [edit interfaces ae interface-name aggregated-ether-options lacp] hierarchy level.

    You can configure an initialization delay timer value on link aggregation group (LAG) interfaces. When a standby multichassis aggregated Ethernet (MC-AE) interface reboots to come up in active-active MC-AE mode, the Link Aggregation Control Protocol(LACP) protocol comes up faster than the Layer 3 protocols. As soon as LACP comes up, the interface is UP and starts receiving traffic from the neighboring interfaces. In absence of the routing information, the traffic received on the interface is dropped, causing traffic loss. The initialization delay timer, when configured, delays the MC-AE node from coming UP for a specified amount of time. This gives the Layer 3 protocols time to converge on the interface and prevent traffic loss. To configure the initialization delay timer on an MC-AE interface, use the init-delay-timer statement at the [edit interfaces ae interface-name aggregated-ether-options mc-ae] hierarchy level.

    These features were previously supported in an “X” release of Junos OS.

    [See Configuring LACP Hold-UP Timer to Prevent Link Flapping on LAG Interfaces and mc-ae.]

  • Support for 10-Gigabit Ethernet on QFX10000-30C line card (QFX10008 and QFX10016)—Starting with Junos OS Release 17.1R1, QFX10008 and QFX10016 switches support 10-Gigabit Ethernet interfaces in addition to 40-Gigabit Ethernet and 100-Gigabit Ethernet interfaces on the QFX10000-30C line card.

    When a particular provider edge (PE) is working in mode A to support 10-Gigabit Ethernet, ports 6, 7, 16, 17, 26 , and 27 at the PE0 to PE5 level are non-operational. However, once the PE goes into mode A, these ports can operate at 10-Gigabit Ethernet, 40-Gigabit Ethernet, and 100-Gigabit Ethernet as well.

    Depending on the optics that are plugged in, the interface works in 40-Gigabit Ethernet or 100-Gigabit Ethernet speed. For 10-Gigabit Ethernet, you must configure the port using the channelization command. Because there is no port-groups option for the 100-Gigabit Ethernet line card, you must use individual port channelization commands.

    In 30C line card, by default FPC comes up in Mode D. when you channelize first port in any PE, whole FPC restarts and corresponding PE comes up in Mode A. Further channelization in that PE does not restart the FPC. But if you channelize some other ports in other PE, then the whole FPC restarts again. If you undo the channelization of all ports in any PE, then FPC gets restarted and corresponding PE comes up in Mode D which is the default mode. [See QFX10000-30C Line Card.]

    Note

    If any mode changes (A to D or D to A) occur at the PE, you must perform a cold reboot on the Packet Forwarding Engine.

  • Support for multichassis link aggregation groups (MC-LAG) (QFX10000 switches)—Starting with Junos OS Release 17.1R1, you can use MC-LAG to enable a client device to form a logical LAG interface using two switches. MC-LAG provides redundancy and load balancing between the two switches, multihoming support, and a loop-free Layer 2 network without Running STP.

    On one end of an MC-LAG is an MC-LAG client that has one or more physical links in a LAG. This client does not need to detect the MC-LAG. On the other side of the MC-LAG are two MC-LAG switches. Each of these switches has one or more physical links connected to a single client. The switches coordinate with each other to ensure that data traffic is forwarded properly.

    This feature was previously supported in an “X” release of Junos OS.

    [See Multichassis Link Aggregation Features, Terms, and Best Practices.]

  • Support for link aggregation (QFX10000 switches)—Starting with Junos OS Release 17.1R1, you can use multiple network cables and ports in parallel to increase link speed and redundancy.

    This feature was previously supported in an “X” release of Junos OS.

    [See Understanding Aggregated Ethernet Interfaces and LACP.]

  • LAG local minimum links per Virtual Chassis or VCF member (QFX5100 switches)—Starting with Junos OS Release 17.1R1, you can use the local minimum links feature to help avoid traffic loss due to asymmetric bandwidth on link aggregation group (LAG) forwarding paths through a Virtual Chassis or Virtual Chassis Fabric (VCF) member switch when one or more LAG member links local to that chassis have failed.

    When this feature is enabled, if a user-configured percentage of local LAG member links has failed on a chassis, all remaining local LAG member links on the chassis are forced down, and LAG traffic is redistributed only through LAG member links on other chassis.

    To enable local minimum links for an aggregated Ethernet interface (aex), set the local-minimum-links-threshold configuration statement with a threshold value that represents the percentage of local member links that must be up on a chassis for any local LAG member links on that chassis to continue to be active in the aggregated Ethernet bundle. Otherwise, all remaining LAG member links on that chassis are also forced down. The feature responds dynamically to bring local LAG member links up or down if you change the configured threshold, or when the status or configuration of LAG member links changes. Note that forced-down links also influence the minimum links count for the LAG as a whole, which can bring down the LAG, so enable this feature only in configurations where LAG traffic is carefully monitored and controlled.

    This feature was previously supported in an “X” release of Junos OS.

    [See Understanding Local Minimum Links.]

  • Support for Micro BFD over child links of AE or LAG bundle (cross-functional Packet Forwarding Engine/kernel/rpd) (QFX10000 switches)—Starting with Junos OS Release 17.1R1, this feature provides a Layer 3 BFD liveness detection mechanism for child links of the Ethernet LAG interface. In scenarios in which you do not have a point-to-point link, and a Layer 1 device fails at one end of the link, Micro BFD detects failures faster than traditional LACP. Micro BFD sessions are independent of each other despite having a single client that manages the LAG interface. Micro BFD is not supported on pure Layer 2 interfaces.

    To enable failure detection for aggregated Ethernet interfaces, include the bfd-liveness-detection statement at the [edit interfaces aex aggregated-ether-options bfd-liveness-detection] hierarchy level.

    This feature was previously supported in an “X” release of Junos OS.

    [See Understanding Independent Micro BFD Sessions for LAG.]

  • PVLAN and Q-in-Q on the same interface (QFX5100 Switches) —Starting with Junos OS Release 17.1R1, you can configure a private VLAN and Q-in-Q tunneling on the same Ethernet port. To configure both PVLAN and Q-in-Q on the same physical interface, you must configure flexible Ethernet services to support dual methods of configuring logical interfaces. Q-in-Q requires a service provider configuration method, and PVLAN requires an enterprise configuration method.

    This feature was previously supported in an “X” release of Junos OS.

    [See Understanding Flexible Ethernet Services Encapsulation on Switches.]

  • Support for configuration synchronization for MC-LAG (QFX10000 switches)—Starting with Junos OS Release 17.1R1, Multichassis Link Aggregation group (MC-LAG) configuration synchronization enables you to easily propagate, synchronize, and commit configurations from one MC-LAG peer to another. You can log into any one of the MC-LAG peers to manage both MC-LAG peers, thus having a single point of management. You can also use configuration groups to simplify the configuration process. You can create one configuration group for the local MC-LAG peer, one for the remote MC-LAG peer, and one for the global configuration, which is essentially a configuration that is common to both MC-LAG peers.

    In addition, you can create conditional groups to specify when a configuration is synchronized with another MC-LAG peer. You can enable the peers-synchronize statement at the [edit system commit] hierarchy to synchronize the configurations and commits across the MC-LAG peers by default. NETCONF over SSH provides a secure connection between the MC-LAG peers, and Secure Copy Protocol (SCP) copies the configurations securely between them.

    This feature was previously supported in an “X” release of Junos OS.

    [See Understanding MC-LAG Configuration Synchronization.]

  • Support for configuration consistency check for MC-LAG (QFX10000 switches)—Starting with Junos OS Release 17.1R1, Multichassis Link Aggregation group (MC-LAG) configuration consistency check alerts you of both severe and moderate configuration inconsistencies across MC-LAG peers. The configuration consistency check feature checks MC-LAG configuration parameters, such as chassis ID, session establishment time, and so on, on each peer and notifies you of any errors, so you can fix the inconsistencies. Configuration inconsistencies are categorized as severe or moderate. If there is a severe inconsistency, the MC-LAG interface is prevented from coming up. Once you have corrected the inconsistency, the system will bring up the interface. If there is a moderate inconsistency, you are notified of the error and can then fix the inconsistency. After you fix any inconsistency, you must commit the changes to take effect.

    This feature was previously supported in an “X” release of Junos OS.

    [See Understanding Multichassis Link Aggregation Group Configuration Consistency Check.]

  • Configuration support to improve MC-LAG Layer 2 and Layer 3 convergence (QFX10000 switches)—Starting with Junos OS Release 17.1R1, you can configure multichassis link aggregation (MC-LAG) interfaces to improve Layer 2 and Layer 3 convergence time when a multichassis aggregated Ethernet link goes down or comes up in a bridge domain. To use this feature, ensure that the Inter-Chassis Link (ICL) is configured on an aggregated Ethernet interface. For Layer 2 convergence, configure the enhanced-convergence statement at the [edit interfaces aex aggregated-ether-options mc-ae] hierarchy level. For Layer 3 convergence, configure the enhanced-convergence statement on an integrated routing and bridging (IRB) interface at the [edit interfaces irb unit unit-number] hierarchy level.

    This feature was previously supported in an “X” release of Junos OS.

    [See enhanced-convergence.]

  • Channelizing 40-Gigabit Ethernet QSFP+ ports (QFX10008 switch)—This feature enables you to channelize four 10-Gigabit Ethernet interfaces from the 40-Gigabit Ethernet QSFP+ interfaces. Channelization is supported on fiber break-out cable using standard structured cabling techniques.

    Note

    This feature is not supported on the QFX10000-30C line card.

    By default, the 40-Gigabit Ethernet QSFP+ interfaces are named et-fpc/pic/port. The resulting 10-Gigabit Ethernet interfaces appear in the following format: xe-fpc/pic/port:channel, where channel can be a value of 0 through 3. To channelize a 40-Gigabit Ethernet QSFP+ interface into four 10-Gigabit Ethernet interfaces, include the 10g statement at the [edit chassis fpc fpc-slot pic pic-slot ( port port-number | port-range port-range-low port-range-high) channel-speed] hierarchy level. To revert the 10-Gigabit Ethernet channels to a full 40-Gigabit Ethernet interface, remove the 10g statement from the same hierarchy level.

    There are 100-Gigabit Ethernet ports that work either as 100-Gigabit Ethernet or as 40-Gigabit Ethernet but are recognized as 40-Gigabit Ethernet by default. You cannot channelize the 100-Gigabit Ethernet ports when they are operating as 100-Gigabit Ethernet interfaces. The 40-Gigabit Ethernet ports can operate independently or be channelized into four 10-Gigabit Ethernet ports as part of a port range. Ports cannot be channelized individually. Only the first and fourth port in each 6XQSFP cage is available to channelize as part of a port range. In a port range, the ports are bundled with the next two consecutive ports. For example, if you want to channelize ports 0 through 2, you channelize port 0 only. If you try to channelize a port that is not supported, you receive an error message when you commit the configuration. Auto-channelization is not supported on any ports.

    When a 40-Gigabit Ethernet transceiver is inserted into a 100-Gigabit Ethernet port, the port recognizes the 40-Gigabit Ethernet port speed. When a 100-Gigabit Ethernet transceiver is inserted into the port and enabled in the CLI, the port recognizes the 100-Gigabit Ethernet speed and disables two adjacent 40-Gigabit Ethernet ports.

    This feature was previously supported in an “X” release of Junos OS.

    [See Channelizing Interfaces.]

IP Tunneling

  • Generic Routing Encapsulation support (QFX10008 and QFX10016 switches)—Starting with Junos OS Release 17.1R1, you can configure GRE tunnels. GRE provides a private, secure path for transporting packets through a public network by encapsulating (or tunneling) the packets. GRE tunneling is accomplished through tunnel endpoints that encapsulate or de-encapsulate traffic. To configure a GRE tunnel interface, include the gre-fpc/pic/port set of statements at the [edit interfaces] hierarchy level.

    This feature was previously supported only on the QFX10002 switch.

    [See Configuring Generic Routing Encapsulation Tunneling.]

IPv4

  • IPv4 address conservation method for hosting providers (QFX10000 switches)—Starting with Junos OS Release 17.1R1, you can configure a static route on an IRB interface with or without pinning to a specific underlying interface, thereby conserving the usage of IP address space.

    Configure the interface on the router with an address from the reserved IPv4 prefix for shared address space (RFC 6598) and by using static routes pointed at the interface. IANA has recorded the allocation of an IPv4 /10 for use as shared address space. The shared address space address range is 100.64.0.0/10.

    This way, the interface in the router is allocated an IP address from the shared address space, so it is not consuming publicly routable address space, and connectivity is handled with static routes on an interface. The interface in the server is configured with a publicly routable address, but the router interfaces are not. Network and broadcast addresses are consumed out of the shared address space rather than the publicly routable address space.

    [See IPv4 Address Conservation Method for Hosting Providers.]

Layer 2 Features

  • Support for Layer 2 Features (QFX10000 switches)—Starting with Junos OS Release 17.1R1, the following features are supported:

    • VLAN support—Enables you to divide one physical broadcast domain into multiple virtual domains.

    • LLDP—Enables a switch to advertise its identity and capabilities on a LAN, as well as receive information about other network devices.

    • Q-in-Q tunneling support—Allows service providers on Ethernet access networks to extend a Layer 2 Ethernet connection between two customer sites. Using Q-in-Q tunneling, providers can also segregate or bundle customer traffic into fewer VLANs or different VLANs by adding another layer of 802.1Q tags. Q-in-Q tunneling is useful when customers have overlapping VLAN IDs, because the customer’s 802.1Q (dot1Q) VLAN tags are prepended by the service VLAN (S-VLAN) tag.

    • Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), Multiple Spanning Tree Protocol (MSTP),and VLAN Spanning Tree Protocol (VSTP )—Provide Layer 2 loop prevention.

    These features were previously supported in an “X” release of Junos OS.

    [See Overview of Layer 2 Networking.]

  • NNI and UNI on same interface (QFX5100 switches)—Starting with Junos OS Release 17.1R1, this feature allows you to configure the same interface as a network-to-network interface (NNI) and a user-network interface (UNI) when you use Q-in-Q tunneling. This feature was previously supported in an “X” release of Junos OS.

    [See Understanding Q-in-Q Tunneling.]

  • Q-in-Q tunneling support (QFX10008 and QFX10016 switches)—Starting with Junos OS Release 17.1R1, this feature allows service providers on Ethernet access networks to extend a Layer 2 Ethernet connection between two customer sites. Using Q-in-Q tunneling, providers can also segregate or bundle customer traffic into fewer VLANs or different VLANs by adding another layer of 802.1Q tags. Q-in-Q tunneling is useful when customers have overlapping VLAN IDs, because the customer’s 802.1Q (dot1Q) VLAN tags are prepended by the service VLAN (S-VLAN) tag. This feature was previously supported in an “X” release of Junos OS.

    [See Understanding Q-in-Q Tunneling.]

  • Support for IRB interfaces on Q-in-Q VLANs (QFX5100 switches and QFX5100 Virtual Chassis)—Starting with Junos OS Release 17.1R1, integrated routing and bridging (IRB) interfaces are supported on Q-in-Q VLANs—you can configure the IRB interface on the same interface as one used by an S-VLAN, and you can use the same VLAN ID for both the VLAN used by the IRB interface and for the VLAN used as an S-VLAN. This feature was previously supported in an “X” release of Junos OS.

    [See Understanding Q-in-Q Tunneling.]

  • Dual VLAN tag translation (QFX5100 switches and QFX5100 Virtual Chassis)—Starting with Junos OS Release 17.1R1, you can use the dual VLAN tag translation (also known as dual VLAN tag rewrite) feature to deploy switches in service-provider domains, allowing dual-tagged, single-tagged, and untagged VLAN packets to come into or exit from the switch. Operations added for dual VLAN tag translation are swap-push, swap-swap, and pop-push. This feature was previously supported in an “X” release of Junos OS.

    [See Understanding Q-in-Q Tunneling.]

Layer 3 Features

  • Support for Layer 3 unicast features (QFX10000 switches)—Starting with Junos OS Release 17.1R1, the following layer 3 features for unicast IPv4 and IPv6 traffic are supported on QFX10000 switches:

    • Neighbor Discovery Protocol (IPv6 only)

    • Virtual Routers

    • OSPF

    • IS-IS

    • BGP

    • VRRP

    This feature set was previously supported in an “X” release of Junos OS.

    [See IPv6 Neighbor Discovery Overview.]

Management

  • Support for adding non-native YANG modules to the Junos OS schema (QFX Series)—Starting in Junos OS Release 17.1R1, you can load custom YANG models on devices running Junos OS to add data models that are not natively supported by Junos OS but can be supported by translation. Doing this enables you to extend the configuration hierarchies and operational commands with data models that are customized for your operations. The ability to add data models to a device is also beneficial when you want to create device-agnostic and vendor-neutral data models that enable the same configuration or RPC to be used on different devices from one or more vendors. You can load custom YANG modules by using the request system yang add operational command.

    [See Understanding the Management of Non-Native YANG Modules on Devices Running Junos OS.]

Multicast

  • Layer 2 and layer 3 multicast support (QFX10000 switches)—Starting with Junos OS Release 17.1R1, IGMP, including versions 1, 2, and 3, IGMP snooping, PIM-SM and PIM-SSM are supported. You can also configure IGMP, IGMP snooping and PIM in virtual-router instances. MSDP is also supported. Configure IGMP at the [edit protocols igmp] hierarchy level. Configure IGMP snooping at [edit protocols igmp-snooping] hierarchy level. Configure PIM at the [edit protocols pim] hierarchy level. Configure MSDP at the [edit protocols msdp] hierarchy level.

    This feature set was previously supported in an “X” release of Junos OS.

    [See Multicast Overview.]

MPLS

  • Path Computation Element Protocol (QFX10000 switch)—Starting in Junos OS Release 17.1R1, QFX10000 switch supports the Path Computation Element Protocol (PCEP). A Path Computation Element (PCE) is an entity (component, application, or network node) that is capable of computing a network path or route based on a network graph and applying computational constraints. A Path Computation Client (PCC) is any client application requesting a path computation to be performed by a PCE. PCEP enables communications between a PCC and a PCE, or between two PCEs (defined in RFC 5440).

    [See PCEP Overview.]

  • Static label-switched path with resolve next hop (QFX5100 switches)—Starting in Junos OS Release 17.1R1, you can configure a static label-switched path (LSP) to be resolved to a next hop that is not directly connected. This feature provides simplicity and scalability to your configuration, because you are no longer required to configure multiple, directly connected next hops if you have multiple links.

    This feature was previously supported in an “X” release of Junos OS.

    [See MPLS Stitching for Virtual Machine Connection.]

  • MPLS support (QFX5100 switches)—Starting in Junos OS Release 17.1R1, MPLS is supported on the QFX10008 and QFX10016 switches. MPLS provides both label edge router (LER) and label switch router (LSR) and provides the following capabilities:

    • Support for both MPLS major protocols, LDP and RSVP

    • IS-IS interior gateway protocol (IGP) traffic engineering

    • Class of service (CoS)

    • Object access method, including ping, traceroute, and Bidirectional Forwarding Detection (BFD).

    • Fast reroute (FRR), a component of MPLS local protection (both one-to-one local protection and many-to-one local protection are supported).

    • Loop-free alternate (LFA)

    • SixPE devices

    • Layer 3 VPNs for both IPv4 and IPv6

    • LDP tunneling over RSVP

    This feature was previously supported in an “X” release of Junos OS.

    [See MPLS Overview for Switches.]

  • Support for IRB interfaces over MPLS (QFX5100 switches)—Starting in Junos OS Release 17.1R1, you can configure integrated routing and bridging (IRB) interfaces over an MPLS network. An IRB is a logical Layer 3 VLAN interface used to route traffic between VLANs. An IRB interface functions as a logical switch on which you can configure a Layer 3 logical interface for each VLAN. The switch relies on its Layer 3 capabilities to provide this basic routing between VLANs.

    This feature was previously supported in an “X” release of Junos OS.

    [See Example: Configuring IRB Interfaces on QFX5100 Switches over an MPLS Core Network.]

  • Support for MPLS automatic bandwidth allocation and dynamic label switched path (LSP) count sizing (QFX10000 switches)—Starting with Junos OS Release 17.1R1, automatic bandwidth allocation allows an MPLS tunnel to automatically adjust its bandwidth allocation based on the volume of traffic flowing through the tunnel. You can configure an LSP with minimal bandwidth, and rely on this feature to dynamically adjust the bandwidth allocation based on current traffic patterns. Dynamic LSP count sizing provides an ingress router with the capability of acquiring as much network bandwidth as possible by creating parallel LSPs dynamically. The bandwidth adjustments do not interrupt traffic flow through the tunnel.

    This feature was previously supported in an “X” release of Junos OS.

    [See Configuring Automatic Bandwidth Allocation for LSPs.]

  • Support for MPLS filters (QFX10000 switches)—Starting in Junos OS Release 17.1R1, you can configure firewall filters to filter MPLS traffic. To use an MPLS firewall filter, you must first configure the filter and then apply it to an interface that you have configured for forwarding MPLS traffic. You can also configure a policer for the MPLS filter to police (that is, rate-limit) the traffic on the interface to which the filter is attached.

    This feature was previously supported in an “X” release of Junos OS.

    [See Configuring MPLS Firewall Filters and Policers.]

  • BGP link state distribution (QFX Series and QFX10000)—Starting with Junos OS Release 17.1R1, you can deploy a mechanism to distribute topology information across multiple areas and autonomous systems (ASs) by extending the BGP protocols to carry link state information. Previously, this information was acquired using an IGP. Using BGP provides a policy-controlled and scalable means of distributing the multi-area and multi-AS topology information. This information is used for computing paths for MPLS LSPs spanning multiple domains, such as inter-area TE LSP. This information also enables external path computing entities.

    [See Link-State Distribution Using BGP Overview.]

  • Ethernet-over-MPLS L2 circuit (QFX10000 switches)—Starting in Junos OS Release 17.1R1, you can configure a Layer 2 circuit to create a point-to-point Layer 2 connection using MPLS on the service provider's network. Ethernet-over-MPLS allows sending Layer 2 (L2) Ethernet frames transparently over MPLS. Ethernet-over-MPLS uses a tunneling mechanism for Ethernet traffic through an MPLS-enabled Layer 3 core. It encapsulates Ethernet protocol data units (PDUs) inside MPLS packets and forwards the packets, using label stacking, across the MPLS network. To enable a Layer 2 circuit, include the l2circuitstatement at the [edit protocols mpls labeled-switched-path lsp-name] hierarchy level.

    This feature was previously supported in an “X” release of Junos OS.

    [See Understanding Ethernet-over-MPLS (L2 Circuit).]

Network Management and Monitoring

  • Support for hrProcessorTable object (QFX Series)—Starting in Junos OS Release 17.1R1, support is provided for the hrProcessorTable object (object id: 1.3.6.1.2.1.25.3.3) described in the RFC2790, Host Resources MIB. The hrProcessorTable object provides the load statistics information per CPU for multi-core devices.

    [See SNMP MIB Explorer.]

  • IEEE 802.3ah (QFX10002, QFX10008, QFX10016)—QFX Series switches support the IEEE 802.3ah standard for the Operation, Administration, and Maintenance (OAM) of Ethernet in networks. The standard defines OAM link fault management (LFM). You can configure IEEE 802.3ah OAM LFM on point-to-point Ethernet links that are connected either directly or through Ethernet repeaters. Ethernet OAM provides the tools that network management software and network managers can use to determine how a network of Ethernet links is functioning.

  • Port mirroring support (QFX10008 and QFX10016 switches)—Starting with Junos OS Release 17.1R1, port mirroring copies packets entering or exiting a port or entering a VLAN and sends the copies to a local interface for local monitoring. You can use port mirroring to send traffic to applications that analyze traffic for purposes such as monitoring compliance, enforcing policies, detecting intrusions, monitoring and predicting traffic patterns, correlating events, and so on. This feature was previously supported in an “X” release of Junos OS.

    [See Understanding Port Mirroring.]

  • sFlow technology support (QFX10008/QFX10016 switches)—Starting in Junos OS Release 17.1R1, the QFX10008 and QFX10016 switches support monitoring technology for high-speed switched or routed networks. You can configure sFlow technology to monitor traffic continuously at wire speed on all interfaces simultaneously. sFlow technology also collects samples of network packets, providing you with visibility into network traffic information. You configure sFlow monitoring at the [edit protocols sflow]hierarchy level. sFlow operational commands include show sflow and clear sflow collector statistics.

    This feature was previously supported in an “X” release of Junos OS.

    [See Understanding How to Use sFlow Technology for Network Monitoring on a Switch.]

Port Security

  • Support for MAC limiting and MAC move limiting on OVSDB-managed interfaces (QFX5100 switches)—Starting in Junos OS Release 17.1R1, you can you can configure MAC limiting and MAC move limiting on interfaces managed by a Contrail controller through the Open vSwitch Database (OVSDB) management protocol. MAC limiting protects against flooding of the Ethernet switching table. MAC move limiting detects MAC movement and MAC spoofing on access interfaces.

    This feature was previously supported in an “X” release of Junos OS.

    [See Understanding MAC Limiting and MAC Move Limiting for Port Security.]

Routing Policy and Firewall Filters

  • IPv4 filter-based GRE tunneling (QFX10000 switches)—Starting in Junos OS Release 17.1R1, QFX10000 switches support filter-based generic routing encapsulation (GRE) tunneling across IPv4 networks. GRE tunneling is performed by tunnel endpoints that encapsulate or de-encapsulate traffic. With filter-based GRE tunneling, you can use a firewall filter to de-encapsulate traffic over an Ipv4 network. For example, you can terminate many tunnels from multiple source IP addresses with one firewall term. This provides significant benefits in terms of scalability, performance, and flexibility because you don't need to create a tunnel interface to perform the de-encapsulation.

    [See Configuring a Firewall Filter to De-Encapsulate GRE Traffic on a QFX5100, QFX10000, or OCX Switch.]

Routing Protocols

  • Support for BGP flow routes for traffic filtering (QFX10000 switches)—Starting with Junos OS Release 17.1R1, you can propagate flow routes as part of BGP through flow-specification network-layer reachability information (NLRI) messages. Flow routes provide traffic filtering and rate-limiting capabilities much like firewall filters. Propagating flow routes as part of BGP enables you to propagate filters against denial-of-service (DOS) attacks dynamically across autonomous systems. Include the flow route name set of statements at the [edit routing-options] hierarchy level.

    [See Example: Enabling BGP to Carry Flow-Specification Routes.]

  • Support for advertising multiple paths in BGP (QFX5100 switches and QFX10000 switches)—Starting with Junos OS Release 17.1R1, you can configure BGP to advertise multiple paths to the same destination, instead of advertising only the active path. The potential benefits of advertising multiple paths for BGP include fault tolerance, load balancing, and maintenance. Include the add-path set of statements at the [edit protocols bgp group group-name family family-type] hierarchy level.

    [See add-path.]

  • Enhancement to ECMP next-hop groups (QFX5100 switches)—Starting with Junos OS Release 17.1R1, equal-cost multipath (ECMP) next hops are allocated dynamically. A dynamic, rather than fixed, allocation of ECMP next hops, or paths, effectively increases the number of ECMP groups available for route resolution. For example, if the maximum number of ECMP next hops is set to 16, a dynamic allocation means that as many 1,000 ECMP groups are supported. To configure the maximum limit for ECMP next hops, include the maximum-ecmp next-hops statement at the [edit chassis] hierarchy level.

    This feature was previously introduced in an "X" release of Junos OS.

    [See Configuring ECMP Next Hops for RSVP and LDP LSPs for Load Balancing.]

  • Support for BGP Monitoring Protocol (BMP) Version 3 (QFX10000 switches)—Starting with Junos OS Release 17.1R1, you can configure BMP, which sends BGP route information from the switch to a monitoring application, or station, on a separate device. To deploy BMP in your network, you need to configure BMP on each switch and at least one BMP monitoring station. Only version 3 is supported. To configure BMP, include the bmp set of statements at the [edit routing-options] hierarchy level. To configure a BMP monitoring station, include the station-address ip-address and the station-port number statements at the [edit routing-options bmp] hierarchy level.

    This feature was previously introduced in an "X" release of Junos OS.

    [See Configuring BGP Monitoring Protocol Version 3.]

Security

  • Firewall filter support (QFX10008/QFX10016 switches)—Starting in Junos OS Release 17.1R1, you can define firewall filters on the switch that defines whether to accept or discard packets. You can use firewall filters on interfaces, VLANs, routed VLAN interfaces (RVIs), link aggregation groups (LAGs), and loopback interfaces.

    This feature was previously supported in an “X” release of Junos OS.

    [See Overview of Firewall Filters.]

  • Policing support (QFX10008/QFX10016 switches)—Starting in Junos OS Release 17.1R1, you can use policing to apply limits to traffic flow and to set consequences for packets that exceed those limits. A switch polices traffic by limiting the input or output transmission rate of a class of traffic according to user-defined criteria. Policing (or rate-limiting) traffic allows you to control the maximum rate of traffic sent or received on an interface and to provide multiple priority levels or classes of service.

    This feature was previously supported in an “X” release of Junos OS.

    [See Overview of Policers.]

  • Support for policers on OVSDB-managed interfaces (QFX5100 switches)—Starting in Junos OS Release 17.1R1, you can configure two-rate three-color markers (policers) on interfaces managed by a Contrail controller through the Open vSwitch Database (OVSDB) management protocol.

    This feature was previously supported in an “X” release of Junos OS.

    [See Understanding Policers on OVSDB-Managed Interfaces.]

  • Support for firewall filters on OVSDB-managed interfaces (QFX5100 switches)—Starting in Junos OS Release 17.1R1, you can configure firewall filters on interfaces managed by a Contrail controller through the Open vSwitch Database (OVSDB) management protocol. Firewall filters enable you to control packets transiting a device to a network destination as well as packets destined for and sent by a device.

    This feature was previously supported in an “X” release of Junos OS.

    [See Understanding Firewall Filters on OVSDB-Managed Interface.]

Software Defined Networking

  • Support for EVPN-VXLAN (QFX5100 and QFX10000 switches)—Traditionally, data centers use Layer 2 technologies such as STP and multi-chassis link aggregation groups (MC-LAGs) for compute and storage connectivity. As the design of data centers shifts to scale-out, service-oriented multi-tenant networks, a new data center architecture emerges that allows decoupling of an underlay network from the tenant overlay network with VXLAN. Starting with Junos OS Release 17.1R1, you can use a Layer 3 IP-based underlay coupled with an EVPN-VXLAN overlay to deploy larger networks than those possible with traditional Layer 2 Ethernet-based architectures. With an EVPN-VXLAN overlay, endpoints (servers or virtual machines) can be placed anywhere in the network and remain connected to the same logical Layer 2 network.

    This feature was previously supported in an “X” release of Junos OS.

    [See EVPN with VXLAN Data Plane Encapsulation.]

  • Support for LACP in EVPN active-active multihoming (QFX10000 switches)—Starting with Junos OS Release 17.1R1, an extra level of redundancy can be achieved in an Ethernet VPN (EVPN) active-active multihoming network by configuring the Link Aggregation Control Protocol (LACP) on both the endpoints of the link between the multihomed customer edge (CE) and provider edge (PE) devices. The link aggregation group (LAG) interface of the multihomed CE-PE link can either be in the active or in the standby state. The interface state is monitored and operated by LACP to ensure fast convergence on isolation of a multihomed PE device from the core. When there is a core failure, a traffic black hole can occur at the isolated PE device. With the support for LACP on the CE-PE link, at the time of core isolation, the CE-facing interface of the multihomed PE device is set to the standby state, thereby blocking data traffic transmission from and toward the multihomed CE device. After the core recovers from the failure, the interface state is switched back from standby to active.

    To configure LACP in EVPN active-active multihoming network:

    • On the multihomed CE device include the lacp active statement at the [edit interfaces aex aggregated-ether-options] hierarchy.

    • On the multihomed PE device include the lacp active statement at the [edit interfaces aex aggregated-ether-options] hierarchy, and include the service-id number statement at the [edit switch-options] hierarchy.

    [See Understanding LACP for EVPN Active-Active Multihoming.]

  • OVSDB schema updates (QFX5100, QFX5100VC)—Starting with Junos OS Release 17.1R1, the Open vSwitch Database (OVSDB) schema (for physical devices) implemented on QFX5100 switches is version 1.3.0. In addition, this schema now supports the multicast MACs local table.

    This feature was previously supported in an “X” release of Junos OS.

    [See OVSDB Schema for Physical Devices.]

  • Class-of-service support for OVSDB-managed VXLAN interfaces (QFX5100 switches)—Starting with Junos OS Release 17.1R1, class-of-service (CoS) features can be configured on OVSDB-managed VXLAN interfaces on QFX5100 switches. An OVSDB-managed VXLAN interface uses an OVSDB controller to create and manage the VXLAN interfaces and tunnel. T

    his feature was previously supported in an “X” release of Junos OS.

    [See Understanding CoS on OVSDB-Managed VXLAN Interfaces.]

  • Support for ping and traceroute with VXLANs (QFX5100 switches)—Starting with Junos OS Release 17.1R1, you can use ping and traceroute to troubleshoot the physical underlay that supports a VXLAN overlay.

    This feature was previously supported in an “X” release of Junos OS.

    [See Understanding Overlay ping and traceroute Packet Support.]

  • PIM NSR support for VXLAN (QFX5100 Virtual Chassis)—Starting in Junos OS Release 17.1R1, the QFX5100 Virtual Chassis supports Protocol Independent Multicast (PIM) nonstop active routing (NSR) for Virtual Extensible LANs (VXLANs).

    The Layer 2 address learning daemon (l2ald) passes VXLAN parameters (VXLAN multicast group addresses and the source interface for a VXLAN tunnel vtep-source-interface to the routing protocol process on the master Routing Engine. The routing protocol process forms PIM joins with the multicast routes through the pseudo-VXLAN interface based on these configuration details.

    Because the l2ald daemon does not run on the backup Routing Engine, the configured parameters are not available to the routing protocol process in the backup Routing Engine when NSR is enabled. The PIM NSR mirroring mechanism provides the VXLAN configuration details to the backup Routing Engine, which enables creation of the required states. The routing protocol process matches the multicast routes on the backup Routing Engine with PIM states, which maintains the multicast routes in the Forwarding state.

    [See PIM NSR Support for VXLAN Overview.]

Software Installation and Upgrade

  • Support for FreeBSD 10 kernel for Junos OS (QFX10000 switches)—Starting with Junos OS Release 17.1R1, FreeBSD is the underlying OS that enables SMP for Junos OS, rather than the FreeBSD 6.1 version that is used is some older Juniper Networks devices. If you compare the switch to devices that run the older kernel, you will notice that some system commands display different output and a few other commands are deprecated.

    This feature was previously supported in an “X” release of Junos OS.

    [See Understanding Junos OS with Upgraded FreeBSD.]

System Management

  • Support for Precision Time Protocol (PTP) transparent clock (QFX10000 switches)—Starting with Junos OS Release 17.1R1, PTP synchronizes clocks throughout a packet-switched network. With a transparent clock, the PTP packets are updated with residence time as the packets pass through the switch. There is no master/slave designation. End-to-end transparent clocks are supported. With an end-to-end transparent clock, only the residence time is included. The residence time can be sent in a one-step process, which means that the timestamps are sent in one packet. In a two-step process, estimated timestamps are sent in one packet, and additional packets contain updated timestamps. In addition, User UDP over IPv4 and IPv6, and unicast and multicast transparent clock are supported.

    You can configure the transparent clock at the [edit protocols ptp] hierarchy.

    This feature was previously supported in an “X” release of Junos OS.

    [See Understanding Transparent Clocks in Precision Time Protocol.]

  • Support for reporting FATAL and MAJOR FAULT information (QFX10000 switches)—Starting in Junos OS Release 17.1R1, FATAL and MAJOR errors are reported in the output of the show chassis fpc errors command.

    This feature was previously supported in an “X” release of Junos OS.

VPNs

  • Support for carrier-of-carriers Layer 3 VPNs (QFX10000 switches)—Staring in Junos OS 17.1R1, this feature is supported for customers who want to provide VPN service. Layer 3 VPNs based on BGP MPLS are used by service providers to provide VPN services to end-user customers, enabling these customers to use the MPLS backbone network to connect their multiple sites seamlessly. Include the labeled-unicast statement in the configuration for the IBGP session to the carrier-of-carriers customer’s CE device and include the family-inet-vpn statement in the configuration for the IBGP session to the carrier-of-carriers PE device on the other side of the network.

    [See Configuring Carrier-of-Carriers VPNs for Customers That Provide VPN Service.]

  • IPv6 Layer 3 VPNs (QFX5100 and QFX10000 switches)—You can now configure switch interfaces in a Layer 3 VPN to carry IPv6 traffic. This feature, commonly referred to as 6VPE, allows for the transport of IPv6 traffic across an MPLS-enabled IPv4 backbone to provide VPN service for IPv6 customers.

    This feature was previously supported in an “X” release of Junos OS.

    [See Example: Tunneling IPv6 Traffic over MPLS IPv4 Networks.]

Changes in Behavior and Syntax

This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands from Junos OS Release 17.1R3 for the QFX Series.

Class of Service

  • When you configure the transmit-rate statement, you must also configure the guaranteed-rate statement under traffic-control-profiles. If you commit the configuration of the transmit-rate statement without configuring guaranteed-rate, a warning message is displayed and the default scheduler map is applied.

General Routing

  • Support for deletion of static routes when the BFD session goes down (QFX Series)—Starting with Junos OS Release 17.1R3, the default behavior of the static route at the [edit routing-options static static-route bfd-admin-down] hierarchy level is active. So, the static routes are deleted when the BFD receives a session down message.

MPLS

  • Representation for OSPF designated router node—Up until version -10 of the Internet Engineering Task Force (IETF) BGP-LS draft, the OSPF designated router node representation was ambiguous. One could represent designated router nodes as 'AdvertisingRouterId-InterfaceIpAddress' or 'InterfaceIpAddress-1'. Junos OS used to follow the 'InterfaceIpAddress-1' format. Starting with version -11 of the IETF BGP-LS draft, the representation for OSPF designated router node must be 'AdvertisingRouterId-InterfaceIpaddress'. Junos OS now follows the latest format.

Network Management and Monitoring

  • SNMP syslog messages changed (QFX Series)—Starting in Junos OS Release 17.1R1, two misleading SNMP syslog messages have been rewritten to accurately describe the event:

    • OLD—AgentX master agent failed to respond to ping. Attempting to re-register

    • NEW—AgentX master agent failed to respond to ping, triggering cleanup!

    • OLD—NET-SNMP version %s AgentX subagent connected

    • NEW—NET-SNMP version %s AgentX subagent Open-Sent!

    [See the MIB Explorer.]

  • Cloud Analytics Engine disabled in Junos OS by default (QFX Series)—Starting in Junos OS Release 17.1R1 and later, Cloud Analytics Engine network analytics probe processing is disabled by default in Junos OS. Probe processing is enabled automatically when you configure any supported Cloud Analytics Engine configuration statement in the [edit system services cloud-analytics] configuration statement hierarchy. In Junos OS Release 16.1R3 and earlier, Cloud Analytics Engine Junos OS functionality is enabled by default, and no configuration steps are required for the Junos OS to process and respond to probes.

    [See Configuring Cloud Analytics Engine on Devices.]

  • Update to SNMP support of apply-path statement (QFX Series)—In Junos OS Release 17.1R2, SNMP implementation for the apply-path configuration statement supports only two lists:

    • apply-path "policy-options prefix-list <list-name> <*>"

      This configuration has been supported from day 1.

    • apply-path "access radius-server <*>"

      This configuration is supported as of this release.

  • Juniper MIBs Loading Errors Fixed (QFX Series)—In Junos OS Release 17.1R1, duplicated entries and errors while loading MIBs on ManageEngine MIB browser are fixed for the following MIB files:

    • jnx-gen-set.mib

    • jnx-ifotn.mib

    • jnx-optics.mib

    [See MIB Explorer.]

  • Change in default log level setting (QFX Series)—In Junos OS Release, 17.1R3, the following changes were made in default logging levels:

    Before this change:

    • SNMP_TRAP_LINK_UP was LOG_INFO for both the physical (IFD) and logical (IFL) interfaces.

    • SNMP_TRAP_LINK_DOWN was LOG_WARNING for both the physical (IFD) and logical (IFL) interfaces.

    After this change:

    • IFD LinkUp -> LOG_NOTICE (since this is an important message but less frequent)

    • IFL LinkUp -> LOG_INFO (no change)

    • IFD and IFL LinkDown -> LOG_WARNING (no change)

    See the MIB Explorer.

  • New context-oid option for trap-options configuration statement to distinguish the traps that come from a nondefault routing instance and a nondefault logical system (QFX Series)—In Junos OS Release 17.1, a new option, context-oid, for the trap-options statement enables you to handle prefixes such as <routing-instance name>@<trap-group> or <logical-system name>/<routing-instance name>@<trap-group> as an additional varbind.

    [See trap-options.]

  • Need to reconfigure SNMPv3 configuration after upgrade (QFX Series)—In Junos OS Release 17.1R2, you might need to reconfigure SNMPv3 after upgrading from an earlier release to this release. This is necessary only if you are using SNMPv3 and if the engine ID is based on the MAC address because the engine ID is changed. In releases before Junos OS Release 17.1R3, you have to reconfigure SNMPv3 every time after a reboot. This problem is fixed. If you upgrade, you must still reconfigure the SNMPv3, but only once—if you have already reconfigured SNMPv3 in an earlier release, you do not need to reconfigure SNMPv3 again. To reconfigure the SNMPv3, use the delete snmp v3 command, commit, and then reconfigure SNMPv3 parameters. Platforms affected are QFX5100, QFX10000, QFX10008, and QFX10016.

    [See Configuring the Local Engine ID.]

Security

  • Syslog or log action on firewall drops packets (QFX5000 switches)—Starting in 17.1R3, if you configure a syslog or log action on an ingress firewall filter, control packets and ICMP packets sent to the Routing Engine might be dropped.

Services Applications

  • Device discovery with device-initiated connection (QFX Series)—Starting in Junos OS Release 17.1R1 and later, when you configure statements and options under the [system services ssh] hierarchy and commit the configuration, make sure that the system reaches a stable state before you commit any outbound-ssh configurations.

    You use the device discovery feature in the Devices workspace to add devices to Junos Space Network Management Platform. By default, Junos Space manages devices by initiating and maintaining a connection to the device.

    [See Device Discovery Overview.]

Software Defined Networking

  • On QFX10000 switches running Junos OS Release 17.1R3 or later, the local preference setting for an Ethernet VPN (EVPN) pure type-5 route is inherited by IP routes that are derived from the EVPN type-5 route. Further, when selecting an IP route for incoming traffic, the QFX10000 switches consider the local preference of the route. A benefit of the QFX10000 switches including local preference in their route selection criteria is that you can set up a policy to manipulate the local preference, thereby controlling which route the switch selects.

Software Installation and Upgrade

  • In-service software upgrade (QFX5100 switches)—Unified ISSU is not supported from earlier Junos OS releases to Junos OS Release 17.1R1.

System Management

  • Peers option not supported in batch configuration mode— Starting in Junos OS Release 17.1R1, the peers option at the [edit system commit] hierarchy level is not supported in batch configuration mode.

User Interface and Configuration

  • Integers in configuration data in JSON format are displayed without quotation marks (QFX Series)—Starting in Junos OS Release 17.1R1, integers in Junos OS configuration data emitted in JavaScript Object Notation (JSON) format are not enclosed in quotation marks. Prior to Junos OS Release 17.1R1, integers in JSON configuration data were treated as strings and enclosed in quotation marks.

  • Changes to the show system schema module juniper-command output directory (QFX Series)—Starting in Junos OS Release 17.1, when you issue the show system schema module juniper-command operational command in the Junos OS CLI, the device places the generated output files in the current working directory, which defaults to the user’s home directory. Prior to Junos OS Release 17.1, the generated output files are placed in the /var/tmp directory.

Virtual Chassis

  • Adaptive load balancing (ALB) feature (Virtual Chassis Fabric)—Starting in Junos OS Release 17.1R3, the adaptive load balancing (ALB) feature for Virtual Chassis Fabric (VCF) is being deprecated to avoid potential VCF instability. The fabric-load-balance configuration statement in the [edit forwarding-options enhanced-hash-key] hierarchy is no longer available to enable and configure ALB in a VCF. When upgrading a VCF to a Junos OS release where ALB is deprecated, if the configuration has ALB enabled, you should delete the fabric-load-balance configuration statement before initiating the upgrade.

    See Understanding Traffic Flow Through a Virtual Chassis Fabric and fabric-load-balance.

VPNs

  • Enhancements to output for show route and show evpn ip-prefix-database commands—The show route command now displays a Multipath field for EVPN pure type-5 routes. This field shows the path selected by the routing protocol process. For the show evpn ip-prefix-database extensive command, the IP Route Status field is now displayed in the Remote Advertisements section. Previously, this field was displayed in the Prefix section. Also, the inactive/active field for each advertisement has been removed.

Known Behavior

This section lists known behavior, system maximums, and limitations in hardware and software in Junos OS Release 17.1R3 for the QFX Series.

For the most complete and latest information about known Junos OS problems, use the Juniper Networks online Junos Problem Report Search application.

EVPN

  • A PE device running EVPN IRB with an IGP configured during VRF associated with the EVPN instance is unable to establish an IGP adjacency with a CE device attached to a remote PE device. The IGP instance running in the VRF on the PE device might be able to discover the IGP instance running on the remote CE device through broadcast or multicast traffic, but will be unable to send unicast traffic directly to the remote CE device. PR977945

  • On QFX10000 switches configured as type-5 route peers, when only peer 1 advertises routes, that peer might not install the decapsulated next-hop (NH) route. As a result, type-5 encapsulated traffic sent by peer 2 is dropped until peer 2 advertises any type-5 route. As a workaround, configure a static route pointing to discard on peer 2 and advertise that route as a type-5 route to peer 1. PR1191092

  • When you activate and deactivate route target per bridge domain in EVPN, the rpd process might crash, resulting in traffic loss. PR1244956

General Routing

  • On QFX5100 switches, Zero Touch Provisioning might take some time to complete because TFTP might take a long time to fetch required data. PR980530

  • On a QFX10002 switch, insert a small form-factor pluggable (SFP) transceiver on the management interface (em1). After a system reboot, if you replace the SFP transceiver with a copper SFP transceiver, the management interface might not work properly with speed 10m/100m. PR1075097

  • On QFX Series switches, nonstop software upgrade (NSSU) cannot be used to upgrade from a Junos OS Release 14.1X53 image to a Junos OS Release 15.1 or later image. PR1087893

  • On a fully loaded QFX10008 chassis, line cards might take as long as 15 minutes to become operational after startup. PR1124967

  • On a QFX5100 Virtual Chassis, when you perform an NSSU, there might be more than 5 seconds of traffic loss for multicast traffic. PR1125155

  • With a multihop BFD, traffic loss of around 5 to 10 seconds is observed when the intermediate interface is shut down. After 5 to 10 seconds, traffic recovers and no action is needed. PR1150695

  • On disabling and reenabling a 1-Gigabit Ethernet port on a 60-port 10-Gigabit Ethernet line card in both QFX10008 and QFX100016 systems, pechip_cmerror_set_error:3113: Level: Major, cmerror_code: 0x21060e (id=1550), recover_err: 0 (counter: 0), fh_msg: 0x0 messages are logged. No functionality impact is observed. PR1238269

  • When software is upgraded to Junos OS Release 17.1R1 from a earlier release of Junos OS on QFX5100, the host platform is upgraded. As a result, unified ISSU from earlier releases to Junos OS Release 17.1R1 on these platforms is not supported. PR1257220

High Availability and Resiliency

  • Unified ISSU incompatibility with VPLS dynamic profiles (QFX Series)—Using unified ISSU to upgrade from an earlier Junos OS Release to Junos OS Release 17.1R1 does not work if VPLS dynamic profiles are configured and enhanced subscriber management is not configured.

    [See ISSU System Requirements.]

  • During a nonstop software upgrade (NSSU) on a QFX5100 Virtual Chassis, a traffic loop or loss might occur if the Junos OS Release that you are upgrading from and the Junos OS Release that you are upgrading to use different internal message formats. PR1123764

Layer 2 Features

  • On QFX5100 Virtual Chassis interfaces on which flexible VLAN tagging is enabled, STP, RSTP, MSTP, and VSTP protocols are not supported. PR1075230

MPLS

  • On QFX5100switches with Layer 2 circuit configured on the PE switches, enabling VLAN bridge encapsulation on a CE device interface drops packets if flexible Ethernet services and VLAN CCC encapsulation are configured on the same logical interface. You can configure only one encapsulation type, either set interfaces xe-0/0/18 encapsulation flexible-ethernet-services or set interfaces xe-0/0/18 encapsulation vlan-ccc. PR1329451

Routing Protocols

  • During a GRES on QFX10000 switches, some IPv6 groups might experience momentary traffic loss. This issue occurs when a IPv6 traffic is running with multiple paths to the source, and the join-load-balance statement for PIM is also configured. PR1208583

Known Issues

This section lists the known issues in hardware and software for the QFX Series switches in Junos OS Release 17.1R3.

EVPN

  • On QFX10000 switches, when you upgrade to Junos OS Release 15.1X53-D60 from Release 15.1X53-D33, traffic over route type-5 on the tunnel ingress node might drop if you have the forwarding-table no-indirect-next-hop statements configured at the [edit routing-options] hierarchy level. As a workaround, delete the configuration routing-options forwarding-table no-indirect-next-hop before you perform an upgrade. This configuration is not needed when route type-5 is configured. PR1187482

  • On QFX10000 switches configured as type-5 route peers, when only peer 1 advertises routes, that peer might not install the decapsulated next-hop (NH) route. As a result, type-5 encapsulated traffic sent by peer 2 is dropped until peer 2 advertises any type-5 route. As a workaround, configure a static route pointing to discard on peer 2 and advertise that route as a type-5 route to peer 1. PR1191092

  • Error message JPRDS_DLT_ALPHA KHT shows as failed, but the entries in the hardware are programmed correctly. This might cause confusion between a working and a nonworking condition. PR1258933

  • In an EVPN-VXLAN scenario, a previously learned MAC address from a remote Ethernet segment Identifier (ESI) cannot be changed to local even if it is connected directly. The MAC address of the host might remain as learned from ESI instead of the local interface until the MAC address is aged out. PR1303202

  • The rpd generates unreproducible core file with scaling EVPN-VXLAN configuration on QFX10000 platforms because of the memory depletion on the EVPN MAC route entries queue for L2ALD. L2ALD closed the IPC connection that caused rpd-cumulated EVPN MAC route entries in the queue and ends up running out of memory. PR1339979

General Routing

  • On QFX10002 switches, the request system snapshot command does not work. PR1048182

  • On a QFX10002 switch, when a new interface is added to an existing link aggregation group (LAG) interface, which acts as an input analyzer interface, the traffic sent to the added interface might not be mirrored. PR1057527

  • While using SSH to log in to a VNF the error message Unrecognized command is seen. This error has no impact on the functionality. PR1108785

  • After sending leave and rejoin in a few seconds, L3 multicast traffic does not converge up to 100 percent and a few traffic drops are seen continuously. This behavior is seen when scaling beyond 2000 VLANs or 2000 IRBs with VLAN replication in the system. PR1135045

  • L3 multicast traffic does not converge to 100 percent and a few continuous drops are observed after bringing an interface down and back up again or while an FPC comes online after FPC restart. This behavior is seen when scaling beyond 2000 VLANs or 2000 IRBs with VLAN replication configured. PR1161485

  • When per-packet load balancing is removed or deleted, the next-hop index might change. PR1198092

  • On QFX10002 platforms, some random ports, using 100-gigabit Lumentum optics, might not come up after a reboot. This is a timing issue because of failures during optics read on some ports. As a workaround, when you encounter this issue, remove and reinsert the optics, which might bring up the ports. PR1227029

  • On QFX10008 switches, the IPv6 packets/bytes counter shows higher values than the total packets/bytes of the interface if LAG child members belong to the same PE device. As a workaround, if you monitor IPv6 statistics over the LAG, choose LAG child members across PE devices. PR1232388

  • On QFX10000 line switches, sFlow monitoring technology output might display a negative number of samples after a long run. As a workaround, issue the clear sflow collector command to show or reset the count. PR1244080

  • QFX10000 platforms do not support a discontiguous mask within source-address or destination-address of a firewall filter. When the user commits a firewall filter with a discontiguous mask prefix (for example, x.x.x.x/255.255.0.240 ) on QFX10000 platforms, the commit is successful but the filter does not take effect (the firewall compilation returns an error because discontiguous IP address mask is not supported and the filter is not programmed in hardware). PR1267498

  • In QFX Seriesdevices, if the em0 interface is unplugged, Management Ethernet Links Down Alarms flap is observed. PR1271325

  • Every load override and rollback operation increases the refcount by 1 and after it reaches the maximum value of it (65,535), the mgd crash will be observed and the session will get killed. When mgd crashes, the active lock might remain, preventing any further commits. PR1313158

  • The management process (mgd) might panic after modifying aggregated Ethernet interface members under the "ethernet-switching vlan" stanza. After mgd panic, your remote session is terminated as a result. PR1325736

  • On QFX5100 platforms with sFlow enabled, when deleting/deactivating the sFlow interface, all other interfaces might go down and fxpc generates a core file. PR1356868

  • When an MC-LAG is configured with force-up enabled on MC-LAG nodes, the LACP admin key should not match the key of the access or CE device. PR1362346

  • On QFX10002, QFX10008, and QFX10016 platforms, the IPv6 traffic might be dropped if the IPv6 over IPv4 Generic Routing Encapsulation (GRE) tunnel is configured because when an interface family (IFF) member is removed on the logical interface, the property of the logical interface to learn MAC gets set to NULL which causes ARP failure. PR1385723

  • MPLS configuration changes and topology changes might result in the tunnel initiator clear messages in the syslog. PR1396014

  • In an aggregated interfaces and Spanning Tree Protocol (STP) scenario, the STP does not work when the aggregated interfaces number is "ae1000" or above in QFX5000 and "ae480" or above in other QFX Series platforms. Such interfaces will remain in incorrect STP discarding state and might not forward packets. PR1403338

MPLS

  • Statistics of transit traffic does not increment LSP statistics signaled by RSVP-TE. PR1362936

  • In an MPLS scenario, label-switched path (LSP) "statistic" and "auto-bandwidth" functionality might not take effect with single-hop LSPs on QFX10000 platform. PR1390445

Network Management and Monitoring

  • The default syslog level is LOG_NOTICE in the default configuration. SNMP_TRAP_LINK_UP for the physical interface (IFD) was logged as LOG_INFO from day 1. To help debug physical link UP issues, SNMP_TRAP_LINK_UP events will be logged by default. PR1287244

Platform and Infrastructure

  • In configurations with IRB interfaces, during times of interface deletion (for example, FPC reboot), the Packet Forwarding Engine might log errors stating nh_ucast_change:291Referenced l2ifl not found. This condition should be transient, with the system reconverging on the expected state. PR1054798

  • On all Junos OS based platforms, the Junos CLI file copy command uses /var/home/<user> as temporary staging directory for a non-root user, and uses /var/tmp for the root user. When a user issues the CLI command file copy user@x.x.x.x:/dir/ /var/tmp/ to copy a file to the box, and if the file the user is trying to transfer is larger than the temporary staging directory size, the copy might fail. PR1195599

  • When chassis control restart is done with the CoS rewrite rule configured on aggregated Ethernet interface, the Platform failed to bind rewrite messages might be seen in syslog. Issue is specific to aggregated Ethernet interfaces. It is a timing issue that might occur when a logical interface deletion is delayed because of the high scale and when logical interfaces come up again after restart they have different indixes. PR1315437

Routing Protocols

  • On QFX10000 switches, during a Routing Engine switchover, BGP on the IRB interface might flap when the IRB interface and the underlying Layer 2 logical interface (IFL) are configured with different MTU values. PR1187169

  • On QFX10000 line switches, traffic drop is seen with IS-IS version 6 traffic during convergence in either of the following two scenarios: 1. While bringing up the ports after bringing them down. 2. While FPC comes online after doing an FPC restart. This behavior is seen while flapping one of the IS-IS version 6 sessions. PR1190180

  • On QFX5100 and QFX10000 switches, traffic drop might occur in MC-LAG configurations. This occurs when an interchassis link (ICL) interface and then the MC-LAG interface are brought up. The traffic drop occur because the ARP next-hop update is not recognized on the Packet Forwarding Engine. To recover the traffic path over the MC-LAG interfaces, issue the clear arp command. As a workaround to avoid the issue, enable ICL interfaces and MC-LAG interfaces at the same time. PR1236201

  • On QFX10000 line platforms, during route next-hop churn or earliest deadline first (EDF) job priority changes, memory corruption might occur, leading to processing issues and constant packet drop. PR1243724

  • With multicast traffic enabled, multicast counters statistics creation/deletion fails and the following errors might occur during LAG member enable/disable on QFX51xx devices. The messages do not indicate the traffic impact. However, the multicast statistics will not work when these messages are seen. Feb 15 07:28:49 switch fpc0 brcm_ipmc_get_multicast_stats:3947 brcm_ipmc_stat_get failure Feb 15 07:28:49 switch fpc0 brcm_rt_stats:1906 brcm_ipmc_get_multicast_stats failure err=-7. PR1392470

  • Autonegotiation errors and flush operation failed errors are seen after power cycle of the device. These error messages do not have any functionality impact. LOG: Err] ifd 153; Ether autonegotiation error (1000) and ch_vchassis_ipc_flush_pipe: flush operation failed for pipe 155333280. PR1394866

  • The error message BRCM_NH-,brcm_nh_bdvlan_ucast_uninstall(),128:l3 nh 6594 uninstall failed is seen in hardware with mini-PDT-base configurations. There is no functionality impact because of this error message. PR1407175

Resolved Issues

This section lists the issues fixed in the Junos OS main release and the maintenance releases.

For the most complete and latest information about known Junos OS defects, use the Juniper online Junos Problem Report Search application.

Resolved Issues: 17.1R3

Class of Service (CoS)

  • On QFX5100, traffic might get dropped when there is more than one forwarding class under forwarding-class-sets. PR1255077

  • Storm control might not be programmed correctly in the Packet Forwarding Engine if it is applied with a port-speed configuration in a single commit. PR1255562

  • The transmit rate applied with forwarding-class-set does not work properly. PR1277497

  • Firewall filter cannot filter packets with DstIP as 224/4 and DST MAC = QFX_intf_mac on loopback interface using a single match condition for source address 224.0.0.0/4. PR1354377

EVPN

  • The expr_nh_fwd_create_arp_ndp_egress_descr(),1237:nh 131650 type Compst, failed to create L2 description failure log message is seen, but there is no impact on traffic or performance. PR1221831

  • The error message JPRDS_DLT_ALPHA KHT shows as failed, but the entries in hardware are programmed correctly. PR1258933

  • The fxpc and kernel crash might be observed after adding MTU configuration on QFX5000 Virtual Chassis platform. PR1283966

  • VXLAN license might be invalid if license QFX-ADV-FEATURE-LIC is installed. PR1288916

  • The dynamic routing protocols might not work correctly over the IRB interface in an EVPN-VXLAN scenario with ECMP. PR1301521

  • VXLAN traffic loss is observed after deleting and adding VLANs. PR1318045

  • The remote ARP entry might be incorrect in an EVPN and VXLAN Layer 3 gateway scenario with multihoming mode. PR1326691

  • The MAC movement between remote VTEP and local VTEP might cause traffic to transmit incorrectly in an EVPN-VXLAN scenario. PR1335431

  • In a redundant Layer 3 gateways Ethernet Virtual Private Network (EVPN)/Extensible Local Area Network (VXLAN) scenario on QFX10000 Series switches, when an IP address move occurs (the same IP address, but the media access control is changed), the ARP entry might be deleted from one Layer 3 gateway device, which might cause a few packets to be lost. PR1336185

  • The rpd process generates an unreproducible core file with scaling EVPN-VXLAN configuration on QFX10000 platform because of the memory depletion on EVPN MAC route entries queue for l2ald . l2ald closes the IPC connection that caused the rpd-cumulated EVPN MAC route entries in the queue and ends up running out of memory. PR1339979

  • On QFX5000 and QFX10000 platforms in an EVPN-VXLAN scenario, the VXLAN proxy ARP/NDP suppression might result in incorrect learning of Virtual gateway MAC addresses. PR1367610

Forwarding and Sampling

  • Unexpected messages might be seen in logs. PR1270686

General Routing

  • The 40-Gigabit Ethernet connection between two QFX5100-24Qs might not come up sometimes. PR1178799

  • A major alarm Host 0 CPU Temperature Hot is observed. PR1241744

  • An FPC major alarm might be seen with the following error messages DLU: ilp memory cache error and DLU: ilp prot1 detected_imem_even error. PR1251154

  • MACsec session fails with dot1x generating a core file. PR1251508

  • In QFX5100, the following multicast statistics counter-related following error messages are observed after LAG interface disable/enable: brcm_rt_ip_mc_ipmc_deinstall:, brcm_ipmc_route_counter_delete, brcm_ipmc_stat_get, brcm_ipmc_get_multicast_stats. PR1255497

  • On QFX Series, license keys entered through the configuration system license keys can be lost (not effective anymore) after certain events/changes. PR1259460

  • SFP-T equipped port does not link up properly at booting up when the port has the speed 100m and link-mode full-duplex setting. PR1262752

  • Random interfaces do not come up after a line card is rebooted. PR1262839

  • QFX100002 generated an L2ALD core file for an unknown reason at: l2ald_mac_process_update_fwd_entry_mask, l2ald_mclag_update_change_for_learn_mask, logging, vlogging, vlogging_event. PR1264432

  • In Junos OS environment, after execution of <rpc> get-configuration-compare-”rollback” rollback-"0”, the management daemon (MGD) might restart unexpectedly. The MGD restart also causes connections through ssh or console to drop. PR1271024

  • The jdhcpd process might crash and DHCP does not work if scaling prefixes are configured under the policy-options prefix-list hierarchy. PR1272646

  • The 40-Gigabit Ethernet interface might flap between QFX5100 and other products. PR1273861

  • When static link protection mode is configured with backup state as down, the primary port is going to down state instead of the secondary port remains up. PR1276156

  • On QFX Series platforms where MC-LAG with IPv6 is supported, the l2ald memory might leak for every IPv6 neighbor discovery (ND) message it receives from a peer MC-LAG and it does not free the memory allocated, causing l2ald memory exhaustion and an l2ald process crash. PR1277203

  • Multicast listener discovery (MLD) messages are seen continuously on QFX5100 when the management ports are connected through a network. PR1277618

  • MAC pause frames might increase when SXE interfaces are erroneously configured. PR1281123

  • In a MACsec scenario, the show security macsec statistics command does not show expected results. PR1283544

  • In 802.1X (dot1x) single-supplicant mode, after username and password are configured on interfaces and dot1x supplicants are started, the users are authenticated with the Radius_DataVlan VLAN, but the Ethernet-switching table is not updated for one of the interfaces. PR1283880

  • After upgrading the QFX5100 to Junos OS Release 16.1 or later releases from Junos OS Release 15.1, a commit warning /boot/ffp.cookie+ might be seen. PR1283917

  • On QFX5100 switches, an aggregated Ethernet interface might flap upon commit if an explicit speed is configured on an aggregated Ethernet member interface. PR1284495

  • BFD sessions might flap when BFD is configured over IRB interfaces. PR1284743

  • Analytics JSON data format is reporting an incorrect value for 'rxbps' counter. PR1285434

  • The 1-Gigabit copper module interface shows Link-mode: Half-duplex on QFX10000 line platforms. PR1286709

  • OVSDB and Openflow have some limitations on QFX10002, QFX10008, and QFX10016 switches running Junos OS Releases 17.1R1, 17.1R2, and 17.2R1. PR1288227

  • Storm-control flags are not set after a Routing Engine switchover. PR1290246

  • On QFX10000 line switches, the input and output rates for 10-Gigabit, 40-Gigabit, or 100-Gigabit Ethernet interfaces are not 0 if the interface is down. PR1291412

  • On QFX5100, an incorrect alarm type might be displayed. PR1291622

  • Traffic might not be received on a 1-Gigabit Ethernet interface if autonegotiation is disabled and speed or duplex is configured on both the QFX Series switch and the peer host. PR1292275

  • On QFX5100 switches with EVPN-VXLAN deployed, broadcast and multicast traffic might not be sent to other switches through VTEP interfaces. PR1293163

  • On QFX5100, the fxpc process generates a core file. PR1294033

  • High heap memory utilization might be seen if multiple SFP-T optics are inserted or set interface <> link-mode full-duplex is enabled. PR1294208

  • For ULC-60S-6Q LC on QFX10008, the port becomes unusable after inserting a third-party SFP-T optic. PR1294394

  • The received ARP reply packet whose destination MAC address is the same as the MAC address of the IRB interface might be flooded on the VLAN. PR1294530

  • The 40-Gigabit Ethernet interface might not come up if a specific vendor's DAC cable is used. PR1296011

  • Network analytics process might be incorrect instantiated leading to traffic statistics not being transmitted. When this occurs the 'Sent' value for show analytics collector displays as zero and show analytics traffic-statistics will be empty: root@host> show analytics collector Address Port Transport Stream format State Sent 10.10.10.72 50020 udp json n/a 0 10.10.10.167 50020 udp json n/a 0 root@host> show analytics traffic-statistics CLI issued at 2018-03-26 22:15:56.411671. PR1297535

  • On QFX Series platforms with ZTP environment, the DHCP clients are not getting an IP address with /31 subnet in server configuration. PR1298234

  • Disabled 10-Gigabit Ethernet interfaces might stay up on QFX10000 line switches. PR1300775

  • In QFX10008 and QFX10016, a commit error is seen when mixed speeds are configured. PR1301923

  • The rpd might crash when toggling the vrf-propagate-ttl and no-vrf-propagate-ttl configuration statements. PR1302504

  • The sFlow records are missing “extendedType ROUTER" fields as well as an outbound interface for traffic that is using BGP multipath. PR1303236

  • When MPLS LSP self-ping is enabled (self-ping is enabled by default), the kernel might panic with an error message Fatal trap 12: page fault while in kernel mode. PR1303798

  • Platforms running 32-bit Junos OS might generate an rpd core file when traceoptions are enabled. PR1305440

  • QFX5100 crashes and the fxcp process generates a core file. PR1306768

  • Some error messages can be observed on EVPN-VXLAN setup. PR1307014

  • Run time pps statistics value might show zero for a subinterface of aggregated Ethernet interface. PR1309485

  • Traffic loss might be seen if sending traffic through the 40-Gigabit Ethernet interface. PR1309613

  • The FPC memory might be exhausted with SHEAF leak messages seen in the syslog. PR1311949

  • A traffic loss is observed while performing NSSU. PR1311977

  • On QFX Series standalone switches or their Virtual Chassis with dot1x configured, there will be memory leaks for PNACAUTH in dot1xd. Once the memory block of PNACAUTH used by dot1xd grows to its maximum size, the switch might not process the client’s authentication further and results in dot1x clients reauthenticating constantly. The dot1xd process always runs irrespective of configuration, and as part of its initialization it tries connection with authd. If authd is not running, then there is a memory leak in dot1xd. PR1313578

  • Transit traffic over GRE tunnel might hit the CPU and trigger a DDoS violation on the Layer 3 next hop. PR1315773

  • Packet Forwarding Engine might crash after changing analyzer configuration if output includes LAG interface. PR1316245

  • On an Layer 2 next-generation switch platform (QFX5100 and QFX10000), l2cpd might generate core files repeatedly if an interface is connected to a VoIP product with LLDP and LLDP-MED enabled. PR1317114

  • Packets such as TDLS without IP header are looped between the virtual gateway. PR1318382

  • The packet might be dropped between 4-60 seconds when the master Routing Engine is rebooted in a Virtual Chassis. PR1319146

  • Chassis MIB SNMP OIDs for VC-B member chassis are not available after MX Series Virtual Chassis unified ISSU. PR1320370

  • FPCs go offline because of the error CHASSISD_IPC_CONNECTION_DROPPED: Dropped IPC connection for FPC. PR1321198

  • The openflow session cannot be established correctly with controller and interfaces options configured on QFX5100 switches. PR1323273

  • VLAN or VLAN bridge might not be added or deleted if there is an IFBD hardware token limit exhaustion. PR1325217

  • Deleting one VXLAN might cause traffic loop on another VXLAN in a multihoming EVPN-VXLAN scenario with service provider style interface. PR1327978

  • After IP address move, ARP table information is not in synchronization between the two spines. PR1330663

  • The rpd process generates a core file on the new backup Routing Engine at task_quit, task_terminate_timer_callback, task_timer_dispatch, and task_scheduler after disabling NSR and GRES. PR1330750

  • The analyzer status might show as down when port mirroring is configured to mirror packets from an aggregated Ethernet member. PR1338564

  • DDoS counters for OSPF might not increase. PR1339364

  • l2ald process generates a core file at ../../../../../../src/junos/usr.sbin/l2ald/l2ald_vxlan_evpn.c:1603 when moving host between two multihop interfaces. PR1339543

  • In ovsdb vxlan network QFX5100 broadcast Layer 2 traffic gets forwarded to the same receiving ports. PR1342637

  • FXPC process might generate a core file when removing VXLAN configuration. PR1345231

  • On any platform that does not clear out /mfs when installing a new software release such as EX Series or QFXSeries platform, when upgrading from certain releases to Junos Os Release 18.1R1 the statistics of the pfed process might generate a core file. The issue does not impact the service. PR1346925

  • From Junos OS Releases 14.1X53-D46, 15.1R7, 16.1R6, 17.1R3, 17.2R3, 17.2X75-D90, 17.3R2, 17.4R1, 18.1R1, 18 .1X75-D10, 18.2X75-D5, and later releases, QFX5100-48T 10G interface might be autonegotiated at 100-MB speed instead of 10 Gbps after peer device reboot. PR1347144

  • The pfed process consumes 80-90 percent CPU when running subscriber management on PPC-based routers and switches. PR1351203

  • On QFX5000 switches, the Packet Forwarding Engine might drop the ARP reply packets after changing the interface MAC address. PR1353241

  • A major error PE Error code: 0x2104be is observed. PR1354582

  • Commit error is observed if the device is downgraded from Junos OS Releases 18.2 or 18.3 to Junos OS Release 17.3R3. On loading the new image, certain stale symlinks from previous image contents need to be removed, which impacts mgd. In this case, the .slax script symlinks from /var/db/sripts/translation are not getting removed, which causes issues in the initial commit by mgd. The issue is only seen when the previous image was having translation scripts (as part of Junos image) and the new image does not have these translation scripts. PR1355542

  • When rpd reads next hops from the kernel on restart, for INH -> FWD NH{List NH} -> {Chain NH} scenario, the rpd should not create an old-style list next hop for the forwarding next hop. PR1360354

  • On QFX5100VC, the VME interface might be unreachable after link flap of em0 on the master FPC. PR1362437

  • Even if no-auto-negotiation is not configured autonegotiation is off default if gigether-options autonegotiation is mismatched between the link and its partner, the 1-Gigabit Ethernet interface might stop working. PR1362977

  • On QFX5100 Virtual Chassis/Virtual Chassis Fabric, while doing a unified ISSU from Junos OS Releases 15.1R7 to 16.1R7, the LAG interface might flap. This might result in traffic loss of more than 5 seconds depending on how fast the LAG interface recovers. PR1365316

  • On QFX10000 platforms, the Junos OS boot menu cannot appear because Ctrl+c does not give the menu during the boot process. Root password recovery option might not available. PR1365740

  • The l2cpd process might crash if MVRP is configured and RSTP is enabled with the statement interface all. PR1365937

  • On QFX5000 switches in a Virtual Chassis/Virtual Chassis Fabric scenario, the chassisd might crash after issuing the CLI show chassis hardware. This might result in VCP down and traffic drop. PR1366746

  • On QFX5000 switches, when an IS-IS packet is received with DMAC as 09:00:2b:00:00:05 (ISO 9542, all Intermediate System Network Entities Address) and jumbo frame with EtherType as 0x8870 (non-standard, used by Cisco), the packet will be dropped, resulting in failure in the adjacency. PR1368913

  • On QFX5000 Series platforms, performing optics insertion/removal on a port might result in the Packet Forwarding Engine manager CPU spike and eventually microcode failure. PR1372041

  • When VRRP is enabled on an interface, when the interface is disabled and then enabled, the IPv6 routed packet might be transmitted over VRRP virtual IP address. The IPv6 routed packet VRRP state is in the non-master state. When this happens, the peer interface might return to normal later than this interface. At this time, the packets sent out through this interface might be dropped. PR1372163

  • On QFX Series platforms, if RTG redundant trunking group (RTG) is enabled with a large-scale the MAC address, the MAC refresh frame might not be sent out from the new primary link after RTG failover by deactivating the former primary link on the peer side. PR1372999

  • On the QFX5100 platform, the auto-negotiation interface might go down if the peer device supports only 10-MB or 100-MB autonegotiation. PR1377298

  • Debug logs are printed as error logs in /var/log/ messages. The debug log message, expr_nh_flabel_check_overwrite: Caller nh_id params is classified as an error log when it should be LOG_INFO. PR1377447

  • On QFX10000 platforms, the L3VPN traffic might be dropped if one core-facing interface goes down in an L3VPN multipath scenario. PR1380783

  • On QFX5000 platforms, the Packet Forwarding Engine might show DISCARD next-hop for overlay-bgp-lo0-ip. PR1380795

  • In an Open vSwitch Database (OVSDB) environment with solid-state drive (SSD) installed on the backup Routing Engine side, the master Routing Engine copies /var/db/ovsdatabase to the backup Routing Engine in a very short interval (for example, every 10 seconds), and the backup Routing Engine might write the whole OVSDB file to the SSD card frequently. Therefore, the SSD lifetime might be shortend because of the exceeded amount of read/write. Because of this issue, SSD card failure might be observed. PR1381888

  • QFX Series switches might not be able to establish a complete LACP session ("collecting/distributing") depending on the configuration of the QFX Series interface. If an interface has native-vlan-id configured and that same native-vlan-id VLAN is in vlan members list and the VLAN is VxLAN enabled, then QFX Series switches stop processing received LACP PDUs. PR1382209

  • Because of an API introduced in Junos OS Release 18.1R3, a kernel might generate a core file when a configuration change is done. This results from invalid pointer access by the API. PR1384750

  • When DDoS configurations for Virtual Chassis are initialized, DDOS_POL_FLAGS_ASIC is not set. PR1387508

  • The sdk-vmmd might consistently write to the memory. PR1393044

  • 10G copper link flapping might happen during TISSU operation of QFX5100-48T switches. PR1393628

  • The show chassis fpc command displays an incorrect amount of available memory on a QFX10000's FPCs. PR1394978

  • If GRES/NSR is enabled on a QFX5100 (single Routing Engine), DHCP subscribers are failing to bind. PR1396470

  • Persistent MAC entries are cleared after system reboot. PR1400507

  • A single Packet Forwarding Engine could be disabled on FPC with multiple Packet Forwarding Engines in error/wedge condition. PR1400716

  • PEM alarm for backup FPC will be remained on master FPC though backup FPC is detached from VC. PR1412429

High Availability (HA) and Resiliency

Infrastructure

  • The show interface command is not returning any values and sometimes it gets completely stuck. PR1250328

  • When system ports console log-out-on-disconnect is enabled, system reboot or switchover can result in processes remaining in the wait state and failure of the syslog feature. PR1253544

  • VMcore generates a core file because of mbuf leak. PR1261996

  • The QFX5100 switch might be sending a packet with an incorrect destination MAC address in an MPLS PHP scenario. PR1334929

Interfaces and Chassis

  • Deactivation followed by activation of both aggregated Ethernet and MC-AE interfaces blocks the flow of multicast traffic. PR1257586

  • Multicast data packets are looping in MC-LAG. PR1281646

  • ARP reply drops in MC-LAG scenario. PR1282349

  • Upgrading might encounter commit failure if redundancy-group-id-list is not configured under ICCP. PR1311009

  • On QFX5000 platform, if the ICL link is configured on a single interface (such as GE-0/0/0, without LAG) and one member of MC-LAG is down, and both MC-LAG peers are rebooted, packets might drop on the ICL of the MC-LAG peer where MC-LAG is up. PR1345316

  • CVLANs range of 16 might not pass traffic in a Q-in-Q scenario. PR1345994

  • On QFX5000 switches, MC-LAG peer might not send ARP request to the host. PR1360216

  • When l2cpd deamon is restarted, parse_remove_ifl_from_routing_inst() ERROR : No route inst on et-0/0/16.16386, errors are seen. PR1373927

Layer 2 Ethernet Services

  • The jdhcpd process generates a core file after making DHCP configuration changes. PR1324800

  • If BOOTP-support is not enabled at the global level, bootstrap protocol (BOOTP) packets might be dropped while receiving them on an interface because there is a defect that the device only checks BOOTP-support at the global level. PR1373807

Layer 2 Features

  • Action-shutdown in storm-control does not bring the physical interface down. PR1240845

  • Interface with vlan-tagging and family ethernet-switching configuration does not work on QFX10000 platforms. PR1261915

  • Device transmits packets that exceed the interface MTU. PR1306724

  • The bpdu-block-on-edge command does not work correctly when fast-tune is enabled. PR1307440

  • ARP entry might be learned on STP blocking ports. PR1324245

  • The DHCP discover packets might be looped in MC-LAG and DHCP-relay scenario. PR1325425

  • Interface with flexible-vlan-tagging and family ethernet-switching does not work on QFX10000. PR1337311

  • On random initialization of QFX5100 the programming of the storm control profile is missed within hardware on random interfaces. This is not visible over the CLI and the configuration still shows as intact. This happens as a result of interface speed not getting properly detected within the hardware. PR1354889

  • On QFX5100, if native-vlan-id is configured for the aggregated Ethernet interfaces, after having a reboot, LACP packets might be dropped. PR1361054

  • On QFX5000 switches, IPv6 traffic over VxLAN tunnel does not hash. This might result in some unexpected issue in an ECMP scenario. PR1368258

  • When native-vlan-id is configured for the aggregated Ethernet LACP session to the multihomed server goes down if you have irb.0 configured. This causes incorrect parameters to be pushed to Packet Forwarding Engine causing LACP PDUs to not egress correctly. PR1369424

  • On QFX5000/EX4600 platforms, if changing an interface from Virtual Extensible Local Area Network (VXLAN) to a member of an aggregated Ethernet (AE) interface, the Dynamic Host Configuration Protocol (DHCP) relay would not work and the DHCP client would not get IP addresses normally. PR1377521

  • On EX4300, EX4600, and QFX Series switches (except for QFX10000). In a VLAN service provider style scenario (for example, flexible-vlan-tagged under the [interfaces] hierarchy), after the egress interface or logical interface is disabled/deactivated/deleted. The switch might continue forwarding Layer 2 traffic on the interface. PR1379258

  • If an aggregated Ethernet interface is configured with LACP, "flexible-vlan-tagging" and "native-vlan-id", then after deleting the "native-vlan-id option", the LACP state will be detached state. PR1385409

  • On QFX Series switches except for QFX10000, in a Virtual Chassis and RTG scenario, if the redundant trunk group (RTG) interface flaps on the Virtual Chassis master, RTG MAC refresh packets are sent out from all the ports that belong to the same VLAN. The MAC refresh packets are used to refresh MAC entries on the peer Layer 2 device connected to the RTG ports. PR1389695

  • A deadlock situation between pfeman thread and Broadcom's linkscan thread causes watchdog trigger and results in generating a dcpfe core file. The issue is seen during the port initialization stage. PR1398251

MPLS

  • In QFX5100, a unified ISSU is not supported with MPLS configuration. PR1264786

  • DHCP clients cannot get IP addresses over BGP-L3VPN. PR1303442

  • LSP stop transferring or passing traffic after MPLS route is changed. PR1309058

  • The rpd might crash on backup Routing Engine because of the memory exhaustion. PR1328974

  • The hot standby for l2circuit does not work on QFX5100. PR1329720

  • In an RSVP scenario, the label-switched path (LSP) might remain UP even if no path is acceptable, because of the constrained shortest path first (CSPF) failure. There are two scenarios which might result in CSPF failure.

    Scenario 1 with MBB: Optimization timer fires during make-before-break (MBB).

    Scenario 2 without MBB: A link/IGP flap causes CSPF, but it depends on timing. PR1365653

  • On all QFX5000 platforms, if the P/PE router is configured with no-decrement-ttl, the rpd sends the NO_PROPAGATE_TTL flag even for the tunnel transit case. PR1366804

Network Management and Monitoring

  • The mib2d syslog messages MIB2D_RTSLIB_READ_FAILURE: rtslib_iflm_snmp_pointchange might be seen while removing and restoring configuration. PR1279488

Platform and Infrastructure

  • Dropping the TCP RST packet incorrectly on the Packet Forwarding Engine might cause traffic drop. PR1269202

  • In a Virtual Chassis scenario, when the master member FPC reboots and the interface on which the ARP is learned goes down along with the master FPC, traffic loss might be observed for about 10 seconds. At that time, the ARP entry cannot be learned from the remaining FPC. PR1283702

  • The dexp process might crash after committing set system commit delta-export. PR1284788

  • OSPFv3 authentication using IPsec SA does not work if you are using IPsec to authenticate OSPFv3 neighbors on some QFX Series platforms. PR1301428

  • The Virtual Chassis Fabric (VCF) switch is not sending the common technology (Tri speed) with 10Base-T or 100Base-T when negotiating with series devices. Instead it is sending only 1000 negotiation because the QFX Series switch is the master in the Virtual Chassis Fabric. . PR1311458

  • Directories and files under /var/db/scripts, lose execution permission or directory 'jet' is missing under /var/db/scripts, causing error: Invalid directory: No such file or directory error during commit. PR1328570

  • When a Junos OS image is shipped with translation scripts downgrading to another image, stale symlinks of translation scripts at the time of mgd initialization lead to the device going into amnesiac state. PR1341650

  • Traffic drops occur on the Packet Forwarding Engine as "invalid L2 token" when protocol changes from VPLS to EVPN. PR1368802

  • On QFX Series switches except for QFX10000, pass-through traffic might be dropped while using multiple routes with indirect next hop and load balancing. PR1376057

  • On Virtual Chassis based on QFX5100 switches, the IRB interface associated with aggregated Ethernet interfaces whose member interfaces are only from the master chassis might not turn down when the master chassis is rebooted or halted. PR1381272

Routing Policy and Firewall Filters

  • The rpd might crash if vrf-target auto is configured under the routing instance. PR1301721

Routing Protocols

  • The fxpc process might crash and restart when the fxpc process tries to access already-freed-up memory. PR1271825

  • IPv6 packets depending on IPv6 link-local might be lost on channelized interfaces on QFX5100. PR1283065

  • Message dc-pfe: list_destroy() is printed on commit. PR1286209

  • GRE tunnel traffic does not switch over to the alternate path if the primary path to the tunnel destination changes. PR1287249

  • FBF with next-ip/next-ip6/next-interface is not working. PR1289642

  • In a data center environment with EVPN-VXLAN and proxy MAC plus IP advertisement enabled on a Layer 3 gateway, the state for some MACs might be lost during MAC moves. PR1291118

  • IPv6 multicast traffic drop occurs in a PIM SSM scenario. PR1292519

  • The mcsnoopd process generates a core file at __raise,abort,__task_quit__,task_quit,task_terminate_timer_callback,task_timer_dispatch,task_scheduler_internal (enable_slip_detector=true, no_exit=true) at ../../../../../../src/junos/lib/libjtask/base/task_scheduler.c:275. PR1305239

  • When routes are leaked between routing instances it might be possible for a route to become invalid (reject route) but for this update to not propagate to all routing instances. This issue will eventually lead to the routing table in the Packet Forwarding Engine to become full, which will prevent additional valid routes from being properly installed. PR1307009

  • Packet drop is seen while programming for GRE traffic. PR1308438

  • Some of the IPv4 multicast routes in the Packet Forwarding Engine might fail to install and update. PR1320723

  • The IS-IS Layer 2 hello packets are dropped when they come from a Brocade device. PR1325436

  • The loopbacked IRB interface is not accessible to the remote network. PR1333019

  • QFX Series loopback firewall filter is not able to catch packets with a Martian source address. PR1343511

  • On QFX5100 platforms, if a firewall filter term's action has policer configurations and if the Packet Forwarding Engine command show filter hw <index> and show_terms_brcm is issued, policer errors are observed. ERROR (dfw): Unable to create policer ERROR (dfw): brcm_dfw_handle_plcr_cntr_action ()returned error ERROR (dfw): Setting brcm action failed!. This issue occurs because the following vty show command is issued: show filter hw <index> show_terms_brcm. Note that this is an internal Packet Forwarding Engine verification command. Each time the command is executed, a firewall entry in hardware is deleted and this in turn is causing the DFW error logs. PR1336137

  • On QFX5000 Series switches, a high rate of Ethernet pause frames or an ARP packet storm received on the management interface (fxp0) might cause egress interface congestion, resulting in routing protocol packet drops, such as BGP, leading to peering flaps. Refer to https://kb.juniper.net/JSA10888 for more information. PR1343597

  • On QFX5000 platforms, firewall filter configuration cannot perform packet matching on any IPv6 extension headers. This issue might allow IPv6 packets that should have been blocked to be forwarded. IPv4 packet filtering is unaffected by this vulnerability. See https://kb.juniper.net/JSA10905 for details. PR1346052

  • On QFX5100 platforms, the device might get into an improper state in which it is unable to correct parity errors in the Packet Forwarding Engine memory. Traffic might silently drop and get discarded for specific destination IPs. PR1364657

  • On QFX5100 switches, when the switch-options no-arp-trap statement is configured, the unicast ARP packets that are not destined to the switch-routed interfaces might cause traffic to be transmitted incorrectly or traffic failure because of ARP resolutions failure. PR1369903

  • On QFX Series switches except for QFX10000, if host-destined packets (that is, the destination address belongs to the device) come from the interface with ingress filter of log/syslog action (for example, filter <> term <> then log/syslog), such packets might not be dropped and then reach the Routing Engine unexpectedly. PR1379718

  • If a QFX5100 device has a host route with equal-cost multipath (ECMP) next hops and receives a better path with a single next hop then the next hop in hardware will not be changed. PR1387713

  • The rpd process might generate a core file when L2VPN is used. PR1398685

Virtual Chassis

  • In a QFX Series Virtual Chassis after first Routing Engine switchover with NSR enabled scenario, BGP adjacency flapped because 20 seconds of traffic loss is observed. Subsequent switchovers work fine. PR1225829

Resolved Issues: 17.1R2

EVPN

  • Route Target per bridge domain for EVPN is not supported. PR1244956

  • On QFX10000/QFX5100 Series with VXLAN/EVPN configured, when multiple IP addresses are configured for VTEP source interface, traffic might be dropped on spines. PR1248773

Hardware

  • QFX10008: After the reboot of 30X100G line card and 36X40G line card with traffic running, a large amount of framing errors are observed. PR1223330

  • QFX10008 and QFX10016: 60x10G ULC 1G mode is not supported in Junos OS Release 17.1R1. PR1239091

  • SFP-T in QFX5100-48S-6Q does not work at 100M full duplex in Junos OS Releases 14.1X53-D35 and later (it works in Junos OS Release 14.1X53-D30). PR1250453

High Availability (HA) and Resiliency

  • ISSU to 17.1R1 from earlier releases is not supported on QFX5100 and EX4600. PR1255878

Interfaces and Chassis

  • Backup links are not carrying traffic when the primary link is disabled on an aggregated interface. PR1208614

  • The traffic might not be transmitted correctly after a logical interface is deleted from one VLAN and added to another VLAN on EX9200, EX4300, QFX Series switches. PR1228526

  • Removal or insertion of a transceiver for a port in a LAG, which is part of scaled VLAN members may cause protocol flap. PR1229547

  • FPC reloads unexpectedly during port speed change from 100G to 40G default. PR1256267

Layer 2 Features

  • Incorrect statistics might be shown for an AE interface after rebooting a device or clearing interface statistics. PR1228042

  • If RTG and VSTP are configured on the same VLAN, communication doesn't work over RTG interfaces. PR1230750

  • DHCP offer packets (with MPLS header) are getting dropped on ingress of QFX10000 switches; DHCP relay running on VRF. PR1243936

  • QFX10000: IPv6 double tag frame does not pass through QFX10000 switches if a service provider style configuration is used. PR1254492

  • S-Link macs are not moving across MC-LAG chassis on QFX10000 switches. PR1260316

  • The BUM traffic from ESI peer might be transmitted to CE interface after deleting and adding VLAN in a VXLAN/EVPN multihoming scenario. PR1260533

  • QFX5100 does not transfer BPDU packets even though xSTP is disabled. PR1262847

MPLS

  • LSP traffic loss occurs after changing chained-composite-next-hop configuration. PR1243088

Network Management and Monitoring

  • IPv6 packets/bytes counter show higher value than the total packets/bytes of the interface if the LAG child members belong to the same PE device. PR1232388

  • SNMP trap messages about FRU power off might be seen even though the power supply is working fine. PR1233537

  • When the MAC age timer is longer than the ARP age timer, after the ARP timer ages out both MAC and MAC+IP get advertised by all ESI peers regardless of who learns locally. PR1238718

  • Users may loose the sFlow configuration when they upgrade to Junos OS Release 17.1R1 from Junos OS Release 15.1X53-D6x. Also, when they downgrade to Junos OS Release 15.1X53-D6x from Junos OS Release 17.1R1, the downgrade may fail. PR1240804

  • sFlow may show a negative count for a number of samples after a long run. PR1244080

Platform and Infrastructure

  • Protocol flapping and an RE-FPC TCP connection drop are seen on Virtual Chassis setups during image copy using SCP. PR1213286

  • QFX10002: show chassis fpc shows the wrong number of slots. PR1219853

  • High latency/jitter might be seen while trying to ping the IP address of a switch. PR1221053

  • The rpd process might crash and restart when a MAC address is learned from a given PE on a different ESI. PR1247338

  • On QFX5100, show interface incorrectly displays an interface as Link-mode: Auto Speed: Auto even though the interface is configured for, and up at, 100M/Full. PR1260986

  • QFX5100 VCF: Removing force-up causes return-traffic to be dropped by leaf (to spine). PR1264650

  • Description for 40G-AOC cable in show chassis hardware shows UNKNOWN. PR1269018

Routing Protocols

  • RA packet might not be sent when igmp-snooping is configured for VLAN. PR1238906

  • Layer 3 interface (inet family) is not supported as upstream port in multicast route leaking. PR1250430

  • QFX10008 and QFX10016: While flapping random LAG interfaces with 448 LAG scale, you can see other LAG interfaces getting flapped. PR1250741

  • After running restart routing in the master RE, the PIM join states of VXLAN multicast groups in the backup RE are not in sync with the master RE. PR1255480

  • VCF doesn't forward BUM traffic after fabric-tree-root is configured. PR1257984

  • VRRP with MD5 authentication and OSPF3 packets with IPsec do not go the proper host path queue and can cause flapping. PR1258501

  • On a QFX5100 switch, TCP packets with destination IPv6 as link-local address and destination port 179 are dropped in the Packet Forwarding Engine. PR1267565

  • IPv4 traffic drops when changing the member interface of the LAG. PR1270011

Software Installation and Upgrade

  • After upgrading a QFX10000 switch from Junos OS Release 15.1X53-D62 to Junos OS Release 17.1R1, the vrf-target export target: community-name configuration statement might be missing from the [protocols evpn vni-options vni] hierarchy level. To work around this issue, you must add the missing configuration statement back to the [protocols evpn vni-options vni] hierarchy level. PR1243105

Resolved Issues: 17.1R1

High Availability (HA) and Resiliency

  • The AE interface might be down after NSSU is done on QFX5100 or EX4600 switches. PR1227522

  • QFX5100 : When network analytics feature is configured, TISSU might fail and cause the generation of fxpc core file. PR1234945

  • ISSU to Junos OS Release 17.1R1 from earlier releases is not supported on QFX5100 and EX4600. PR1255878

Interfaces and Chassis

  • Users may see the error message expr_cos_rw_nh_qix_get @ 150: Unable to get chip num for ill:994 on mc-ae status-control active node upon sending an ARP request. These messages are for information only and have no functional impact on the operation of QFX10008/QFX10016. PR1228080

  • CDP packets looping with MC-LAG on QFX10000 switches. PR1237227

Layer 2 Features

  • Unable to assign VLAN to an interface after error message IFBD hw token couldn't be allocated for is output. PR1216464

  • Incorrect statistics might be shown for an AE interface after rebooting device or clearing interface statistics. PR1228042

  • The fxpc process can generate a core file on QFX5100. PR1231071

  • MAC learning is very slow when clearing MAC addresses in cases of scale MAC learning (128k). PR1240114

  • DHCP offer packets (with MPLS header) are getting dropped on ingress of QFX10000, DHCP relay is running on VRF. PR1243936

MPLS

  • The fxpc crash observed on the switches. PR1168150

  • VC/VCF-l2ckt: FXPC core is seen when deactivating core interface on MPLS l2ckt configuration using IRB interface. PR1242203

Network Management and Monitoring

  • In some cases under heavy logging SD logger messages which report critical events such as daemon restarts are not seen on the aggregator.PR1239667

Platform and Infrastructure

  • Protocol flapping and RE-FPC TCP connection drop seen on VC setups during image copy using scp. PR1213286

  • A high latency/jitter might be seen while trying to ping the IP address of a switch. PR1221053

  • On QFX10000 switches, there is a 4-second delay seen in 40g ports to come up QSFP+-40G-LR4. PR1219336

  • A pfed core file is observed after deleting apply-groups from the configuration. PR1223847

  • The alarm message Management Ethernet Link Down might be seen on QFX Series switches. PR1228577

  • On QFX10002 switches, when a USB device is inserted into the switch, field-replaceable unit (FRU) insertion messages such as RE0 & ?CAMGETPASSTHRU ioctl failed cam_lookup_pass: Inappropriate ioctl for device? may be displayed. These FRU insertion messages do not affect service and stop after the USB device is removed. PR1233037

  • SNMP trap messages about FRU power off might be seen even though the power supply is working fine. PR1233537

  • The show interface interface media command shows the media type for the SFP-T to be fiber. PR1240681

  • The rpd process might crash and restart when a MAC address is learned from a given PE on a different ESI. PR1247338

  • Network ports are not detected on a QFX10002 switch after a reboot. PR1247753

  • On QFX10000 switches, internal comments can be seen in the configuration file after loading the factory default. PR1248434

  • Traffic is dropped on spines in some VXLAN/EVPN scenarios. PR1248773

  • SFP-T in QFX5100-48S-6Q does not work at 100M full duplex in Junos OS Releases 14.1X53-D35 and later (it works in Junos OS Release 14.1X53-D30). PR1250453

Routing Protocols

  • EBGP packets with ttl=1 and non-EBGP packets with ttl=1 go to the same queue. PR1227314

  • The action "reset" is not working for FPC resiliency (fault handling). PR1233075

  • FPC restarts with a dcpfe core. PR1236046

  • Hops through GRE tunnel endpoints are seen in traceroute. PR1236343

  • Packet drop is seen when routing process is restarted, even when graceful restart is configured. PR1239186

  • Kernel crashes in the chassis after FPC reset. PR1242362

  • GARP reply packets are not updating the ARP table. PR1246988

  • Layer 3 interface (inet family) is not supported as upstream port in multicast route leaking. PR1250430

Virtual Chassis

  • VCF not communicating properly with backup spine. PR1141965

Documentation Updates

There are no documentation errata or changes for the QFX Series switches in Junos OS Release 17.1R3.

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network.

Upgrading Software on QFX Series Switches

When upgrading or downgrading Junos OS, always use the jinstall package. Use other packages (such as the jbundle package) only when so instructed by a Juniper Networks support representative. For information about the contents of the jinstall package and details of the installation process, see the Installation and Upgrade Guide and Junos OS Basics in the QFX Series documentation.

If you are not familiar with the download and installation process, follow these steps:

  1. In a browser, go to https://support.juniper.net/support/downloads/ /junos.html.

    The Junos Platforms Download Software page appears.

  2. In the QFX Series section of the Junos Platforms Download Software page, select the QFX Series platform for which you want to download the software.
  3. Select 17.1 in the Release pull-down list to the right of the Software tab on the Download Software page.
  4. In the Install Package section of the Software tab, select the QFX Series Install Package for the 17.1 release.

    An Alert box appears.

  5. In the Alert box, click the link to the PSN document for details about the software, and click the link to download it.

    A login screen appears.

  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.
  7. Download the software to a local host.
  8. Copy the software to the device or to your internal software distribution site.
  9. Install the new jinstall package on the device.Note

    We recommend that you upgrade all software packages out of band using the console, because in-band connections are lost during the upgrade process.

    Customers in the United States and Canada use the following command:

    user@host> request system software add source/jinstall-host-qfx-5-17.1R3.n-signed.tgz reboot

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the switch.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname (available only for Canada and U.S. version)

    Adding the reboot command reboots the switch after the upgrade is installed. When the reboot is complete, the switch displays the login prompt. The loading process can take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note

After you install a Junos OS Release 17.1 jinstall package, you can issue the request system software rollback command to return to the previously installed software.

Installing the Software on QFX10002 Switches

Note

If you are upgrading from a version of software that does not have the FreeBSD 10 kernel (15.1X53-D30, for example), you will need to upgrade from Junos OS Release 15.1X53-D30 to Junos OS Release 15.1X53-D32. After you have installed Junos OS Release 15.1X53-D32, you can upgrade to Junos OS Release 15.1X53-D60 or Junos OS Release 17.1R3.

Note

On the switch, use the force-host option to force-install the latest version of the Host OS. However, by default, if the Host OS version is different from the one that is already installed on the switch, the latest version is installed without using the force-host option.

If the installation package resides locally on the switch, execute the request system software add <pathname><source> reboot command.

For example:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-17.1R3.n-secure-signed.tgz reboot

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> reboot command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-17.1R3.n-secure-signed.tgz reboot

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Upgrading Software from Junos OS Release 15.1X53-D3X to Junos OS Release 15.1X53-D60, 15.1X53-D61.7, 15.1X53-D62, and 15.1X53-D63 on QFX10008 and QFX10016 Switches

Note

Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://support.juniper.net/support/.

The switch contains two Routing Engines, so you will need to install the software on each Routing Engine (re0 and re1).

If the installation package resides locally on the switch, execute the request system software add <pathname><source> command.

To install the software on re0:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re0

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re0 command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re0

To install the software on re1:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re1

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re1 command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re1

Reboot both Routing Engines.

For example:

user@switch> request system reboot both-routing-engines

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Installing the Software on QFX10008 and QFX10016 Switches

Because the switch has two Routing Engines, perform a Junos OS installation on each Routing Engine separately to avoid disrupting network operation.

Note

Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://support.juniper.net/support/.

Warning

If graceful Routing Engine switchover (GRES), nonstop bridging (NSB), or nonstop active routing (NSR) is enabled when you initiate a software installation, the software does not install properly. Make sure you issue the CLI delete chassis redundancy command when prompted. If GRES is enabled, it will be removed with the redundancy command. By default, NSR is disabled. If NSR is enabled, remove the nonstop-routing statement from the [edit routing-options] hierarchy level to disable it.

  1. Log in to the master Routing Engine’s console.

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  2. From the command line, enter configuration mode:

    user@switch> configure
  3. Disable Routing Engine redundancy:

    user@switch# delete chassis redundancy
  4. Disable nonstop-bridging:

    user@switch# delete protocols layer2-control nonstop-bridging
  5. Save the configuration change on both Routing Engines:

    user@switch# commit synchronize
  6. Exit the CLI configuration mode:

    user@switch# exit

    After the switch has been prepared, you first install the new Junos OS release on the backup Routing Engine, while keeping the currently running software version on the master Routing Engine. This enables the master Routing Engine to continue operations, minimizing disruption to your network.

    After making sure that the new software version is running correctly on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the software version on the other Routing Engine.

  7. Log in to the console port on the other Routing Engine (currently the backup).

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  8. Install the new software package using the request system software add command:

    user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-17.2R1.n-secure-signed.tgz

    For more information about the request system software add command, see the CLI Explorer.

  9. Reboot the switch to start the new software using the request system reboot command:

    user@switch> request system reboot
    Note

    You must reboot the switch to load the new installation of Junos OS on the switch.

    To abort the installation, do not reboot your switch. Instead, finish the installation and then issue the request system software delete <package-name> command. This is your last chance to stop the installation.

    All the software is loaded when you reboot the switch. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.

    While the software is being upgraded, the Routing Engine on which you are performing the installation is not sending traffic.

  10. Log in and issue the show version command to verify the version of the software installed.

    user@switch> show version

    Once the software is installed on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the master Routing Engine software.

  11. Log in to the master Routing Engine console port.

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  12. Transfer routing control to the backup Routing Engine:

    user@switch> request chassis routing-engine master switch

    For more information about the request chassis routing-engine master command, see the CLI Explorer.

  13. Verify that the backup Routing Engine (slot 1) is the master Routing Engine:

    user@switch> show chassis routing-engine
  14. Install the new software package using the request system software add command:

    user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-17.2R1.n-secure-signed.tgz

    For more information about the request system software add command, see the CLI Explorer.

  15. Reboot the Routing Engine using the request system reboot command:

    user@switch> request system reboot
    Note

    You must reboot to load the new installation of Junos OS on the switch.

    To abort the installation, do not reboot your system. Instead, finish the installation and then issue the request system software delete jinstall <package-name> command. This is your last chance to stop the installation.

    The software is loaded when you reboot the system. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.

    While the software is being upgraded, the Routing Engine on which you are performing the installation does not send traffic.

  16. Log in and issue the show version command to verify the version of the software installed.

  17. Transfer routing control back to the master Routing Engine:

    user@switch> request chassis routing-engine master switch

    For more information about the request chassis routing-engine master command, see the CLI Explorer.

  18. Verify that the master Routing Engine (slot 0) is indeed the master Routing Engine:

    user@switch> show chassis routing-engine

Performing a Unified ISSU

You can use unified ISSU to upgrade the software running on the switch with minimal traffic disruption during the upgrade.

Note

Unified ISSU is supported in Junos OS Release 13.2X51-D15 and later.

Perform the following tasks:

Preparing the Switch for Software Installation

Before you begin software installation using unified ISSU:

  • Ensure that nonstop active routing (NSR), nonstop bridging (NSB), and graceful Routing Engine switchover (GRES) are enabled. NSB and GRES enable NSB-supported Layer 2 protocols to synchronize protocol information between the master and backup Routing Engines.

    To verify that nonstop active routing is enabled:

    Note

    If nonstop active routing is enabled, then graceful Routing Engine switchover is enabled.

    If nonstop active routing is not enabled (Stateful Replication is Disabled), see Configuring Nonstop Active Routing on Switches for information about how to enable it.

  • Enable nonstop bridging (NSB). See Configuring Nonstop Bridging on Switches (CLI Procedure) for information on how to enable it.

Upgrading the Software Using Unified ISSU

This procedure describes how to upgrade the software running on a standalone switch.

To upgrade the switch using unified ISSU:

  1. Download the software package by following the procedure in the Downloading Software Files with a Browser section in Installing Software Packages on QFX Series Devices.

  2. Copy the software package or packages to the switch. We recommend that you copy the file to the /var/tmp directory.

  3. Log in to the console connection. Using a console connection allows you to monitor the progress of the upgrade.

  4. Start the ISSU:

    • On the switch, enter:

      where package-name.tgz is, for example, sourcejinstall-host-qfx-5-17.1R3.7-signed.tgz.

    Note

    During the upgrade, you cannot access the Junos OS CLI.

    The switch displays status messages similar to the following messages as the upgrade executes:

    Note

    A unified ISSU might stop, instead of abort, if the FPC is at the warm boot stage. Also, any links that go down and up will not be detected during a warm boot of the Packet Forwarding Engine (PFE).

    Note

    If the unified ISSU process stops, you can look at the log files to diagnose the problem. The log files are located at /var/log/vjunos-log.tgz.

  5. Log in after the reboot of the switch completes. To verify that the software has been upgraded, enter the following command:

  6. Ensure that the resilient dual-root partitions feature operates correctly, by copying the new Junos OS image into the alternate root partitions of all of the switches:

    Resilient dual-root partitions allow the switch to boot transparently from the alternate root partition if the system fails to boot from the primary root partition.

Product Compatibility

Hardware Compatibility

To obtain information about the components that are supported on the devices, and the special compatibility guidelines with the release, see the Hardware Guide for the product.

To determine the features supported on QFX Series switches in this release, use the Juniper Networks Feature Explorer, a Web-based application that helps you to explore and compare Junos OS feature information to find the right software release and hardware platform for your network. Find Feature Explorer at https://apps.juniper.net/feature-explorer/.

Hardware Compatibility Tool

For a hardware compatibility matrix for optical interfaces and transceivers supported across all platforms, see the Hardware Compatibility tool.