Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for the QFX Series

 

These release notes accompany Junos OS Release 17.2R3 for the QFX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

New and Changed Features

This section describes the new features and enhancements to existing features in the Junos OS main release and the maintenance releases for QFX Series.

Note

The following QFX Series platforms are supported in Release 17.2R3: QFX5100, QFX5110, QFX5200, QFX10002, QFX10008, and QFX10016.

Release 17.2R3 New and Changed Features

Restoration Procedure Failure

  • Device recovery mode introduced in Junos OS with upgraded FreeBSD (QFX Series)—In Junos OS Release 17.2R3, for devices running Junos OS with upgraded FreeBSD, provided you have saved a rescue configuration on the device, there is an automatic device recovery mode that goes into action should the system go into amnesiac mode.The new process is for the system to automatically retry to boot with the saved rescue configuration. In this circumstance, the system displays a banner "Device is in recovery mode” in the CLI (in both the operational and configuration modes). Previously, there was no automatic process to recover from amnesiac mode. A user with load and commit permission had to log in using the console and fix the issue in the configuration before the system would reboot.

    [See Saving a Rescue Configuration File.]

Release 17.2R2 New and Changed Features

  • There are no new features or enhancements to existing features for QFX Series in Junos OS Release 17.2R2.

Release 17.2R1 New and Changed Features

Hardware

  • QFX5110-32Q–The QFX5110 line of switches is Juniper Network’s versatile fixed-configuration solution for hybrid cloud deployments. The model QFX5110-32Q is a flexible configuration switch allowing either 32 ports of 40-Gigabit Ethernet quad small form-factor pluggable plus (QSFP+) or 20 ports of QSFP+ and 4 ports of high-density 100-Gigabit Ethernet quad small form-factor pluggable solution (QSFP28). Each QSFP+ port can operate as a native 40-Gigabit Ethernet port, or as four independent 10-Gigabit ports when using breakout cables. The four QSFP28 ports are available either as access ports or as uplinks. The QFX5110-32Q provides full duplex throughput of 960 Gbps. The QFX5110-32Q has a 1 U form factor and comes standard with redundant fans and redundant power supplies. The switch can be ordered with either ports-to-FRUs or FRUs-to-ports airflow. The model is available with either AC or DC power supplies.

  • QFX10000-60S-6Q Line Card (QFX10008 and QFX10016 switches)–Starting with Junos OS Release 17.2R1, QFX10000-60S-6Q line cards support 1 Gbps speeds on the 10 Gigabit Ethernet SFP+ ports.

    [See QFX10000-60S-6Q Line Card.]

  • QFX10K-12C-DWDM Coherent Line Card (QFX10008 and QFX10016 switches)—Starting with Junos OS Release 17.2R1, QFX10008 and QFX10016 modular switch chassis support the QFX10K-12C-DWDM Coherent Line Card. The QFX10K-12C-DWDM Coherent Line Card provides up to 1.2 Tbps packet forwarding for cloud providers, service providers, and enterprises that need coherent dense wavelength-division multiplexing (DWDM) with MACsec security features. The six-port line card, with built-in optics, supports flexible rate modulation at 100 Gbps, 150 Gbps, and 200 Gbps speeds. A maximum of four QFX10K-12C-DWDM Coherent Line Cards are supported in either the QFX10008 switch chassis or the QFX10016 switch chassis.

    [See QFX10K-12C-DWDM Coherent Line Card.]

Authentication, Authorization, and Accounting (AAA) (RADIUS)

  • Access control and authentication (QFX5100 switches)—Starting in Junos OS Release 17.2R1, QFX5100 switches support controlling access to your network using 802.1X authentication and MAC RADIUS authentication. 802.1X authentication provides port-based network access control (PNAC) as defined in the IEEE 802.1X standard. QFX5100 switches support 802.1X features including guest VLAN, private VLAN, server fail fallback, dynamic changes to a user session, RADIUS accounting, and configuration of port-filtering attributes on the RADIUS server using vendor-specific attributes (VSAs). MAC RADIUS authentication is used to authenticate end devices independently of whether they are enabled for 802.1X authentication. You can permit end devices that are not 802.1X-enabled to access the LAN by configuring MAC RADIUS authentication on the switch interfaces to which the end devices are connected. You configure access control and authentication features at the the [edit protocols dot1x] hierarchy level. This feature was previously supported in an “X” release of Junos OS.

    [See Understanding Authentication on Switches.]

Class of Service (CoS)

  • Support for class of service on QFX5200 switches—Starting in Junos OS Release 17.2R1, the QFX5200 supports class-of-service (CoS). When a packet traverses a switch, the switch provides the appropriate level of service to the packet using either default CoS settings or CoS settings that you configure. On ingress ports, the switch classifies packets into appropriate forwarding classes and assigns a loss priority to the packets. On egress ports, the switch applies packet scheduling and any rewrite rules to re-mark packets.

    [See Traffic Management User Guide for the QFX Series.]

  • Support for FIP snooping and DCBX on QFX5200 switches—Starting in Junos OS Release 17.2R1, the QFX5200 supports both FIP snooping and DCBX. FIP snooping filters prevent an FCoE device from gaining unauthorized access to a Fibre Channel (FC) storage device or to another FCoE device. Data Center Bridging Capability Exchange Protocol (DCBX) discovers the data center bridging (DCB) capabilities of connected peers. DCBX advertises the capabilities of applications on interfaces by exchanging application protocol information through application type, length, and values (TLVs).

    [See Traffic Management User Guide for the QFX Series.]

Dynamic Host Configuration Protocol (DHCP)

  • User-defined interface description for DHCP relay (QFX5100, QFX5110, and QFX5200 switches)--Starting in Junos OS Release 17.2R1, you can define an interface description to be included in DHCP relay option 82 that is independent of the textual interface description configured at the [edit interfaces interface-name] hierarchy level.

    [See user-defined.]

EVPNs

  • Support for IGMP snooping for EVPN-VXLAN in a multihomed environment (QFX10000 switches)—Starting in Junos OS Release 17.2R1, QFX10000 switches support IGMP snooping with Ethernet EVPN (EVPN) . This feature is useful in an EVPN-VXLAN environment with significant multicast traffic. IGMP snooping enables PE devices to send multicast traffic to CE devices only as needed. To configure IGMP snooping, Include the igmp-snooping (all | vlan-number) set of statements at the [edit protocols] hierarchy level. You must also include the proxy statement in the IGMP snooping configuration. All multihomed interfaces must have the same configuration. The following new operational commands are also supported: show evpn igmp snooping database extensive, show igmp snooping evpn database, show igmp snooping evpn membership, and show evpn multicast-snooping next-hops.

    [See Overview of IGMP Snooping in an EVPN-VXLAN Environment.]

  • Tunneling Q-in-Q traffic through an EVPN-VXLAN overlay network (QFX5100 switches)—Starting in Junos OS Release 17.2R1, QFX5100 switches that function as Layer 2 VXLAN tunnel endpoints (VTEPs) can tunnel single- and double-tagged Q-in-Q packets through an Ethernet VPN-Virtual Extensible LAN (EVPN-VXLAN) overlay network. In addition to tunneling Q-in-Q packets, the ingress and egress VTEPs can perform the following Q-in-Q actions:

    • Delete, or pop, an outer service provider VLAN (S-VLAN) tag from an incoming packet.

    • Add, or push, an outer S-VLAN tag onto an outgoing packet.

    • Map a configured range of customer VLAN (C-VLAN) IDs to an S-VLAN.

      Note

      The QFX5100 switch does not support the pop and push actions with a configured range of VLANs.

    The ingress and egress VTEPs support the tunneling of Q-in-Q packets and the Q-in-Q actions in the context of specific traffic patterns.

    To enable the tunneling of the Q-in-Q packets on the VTEPs, you must configure a flexible VLAN tagging interface, which can transmit 802.1Q VLAN single- and double-tagged packets, on ingress and egress VTEPs. It is also important to configure the interface to retain the inner C-VLAN tag while a packet is tunneled.

    [See Examples: Configuring QFX5100 Switches to Tunnel Q-in-Q Traffic Through an EVPN-VXLAN Overlay Network.]

  • EVPN-VXLAN support of Virtual Chassis and Virtual Chassis Fabric (QFX5100, QFX5100 Virtual Chassis, and Virtual Chassis Fabric)—Ethernet VPN (EVPN) supports multihoming active-active mode, which enables a host to be connected to two leaf devices through a Layer 2 link aggregation group (LAG) interface. In previous Junos OS releases, the two leaf devices had to be QFX5100 standalone switches. Starting in Junos OS Release 17.2R1, the two leaf devices can be QFX5100 standalone switches, QFX5100 switches configured as a Virtual Chassis (VC), QFX5100 switches configured as a Virtual Chassis Fabric (VCF), or a mix of these options.

    This feature was previously introduced in an "X" release of Junos OS.

    [See EVPN-VXLAN Support of Virtual Chassis and Virtual Chassis Fabric.]

  • EVPN pure type-5 route support (QFX10000 switches)—Starting in Junos OS Release 17.2R1, you can configure pure type-5 routing in an Ethernet VPN (EVPN) Virtual Extensible LAN (VXLAN) environment. Pure type-5 routing is used when the Layer 2 domain does not exist at the remote data centers. A pure type-5 route advertises the summary IP prefix and includes a BGP extended community called a router MAC, which is used to carry the MAC address of the sending switch and to provide next hop reachability for the prefix. This router MAC extended community provides next-hop reachability without requiring an overlay next hop or supporting type-2 route. To configure pure type-5 routing, include the ip-prefix-routes advertise direct-nexthop statement at the [edit routing-instances routing-instance-name protocols evpn] hierarchy level. Pure type-5 routing was previously introduced in Junos OS Release 15.1x53-D60.

    [See ip-prefix-routes.]

Infrastructure

  • Secure Boot (QFX5110 switches)—Starting in Junos OS Release 17.2R1, a significant system security enhancement, Secure Boot, has been introduced. The Secure Boot implementation is based on the UEFI 2.4 standard. The BIOS has been hardened and serves as a core root of trust. The BIOS updates, the bootloader, and the kernel are cryptographically protected. No action is required to implement Secure Boot.

    This feature was previously supported in an "X" release of Junos OS.

Interfaces and Chassis

  • Resilient hashing support for link aggregation groups and equal cost multipath routes (QFX5110 and QFX5200 switches)—Starting with Junos OS Release 17.2R1, resilient hashing is now supported by link aggregation groups (LAGs) and equal cost multipath (ECMP) sets.

    Resilient hashing enhances LAGs by minimizing destination remapping when a new member is added to or deleted from the LAG.

    Resilient hashing works in conjunction with the default static hashing algorithm. It distributes traffic across all members of a LAG by tracking the flow's LAG member utilization. When a flow is affected by a LAG member change, the packet forwarding engine (PFE) rebalances the flow by reprogramming the flow set table. Destination paths are remapped when a new member is added to or existing members are deleted from a LAG.

    This feature was previously supported in an "X" release of Junos OS.

    [See Understanding the Use of Resilient Hashing to Minimize Flow Remapping in Trunk/ECMP Groups.]

  • Multichassis link aggregation groups (MC-LAG) (QFX5110 and QFX5200 switches)—Starting in Junos OS Release 17.2R1, MC-LAG enables a client device to form a logical LAG interface using two switches. MC-LAG provides redundancy and load balancing between the two switches, multihoming support, and a loop-free Layer 2 network without running STP.

    On one end of an MC-LAG is an MC-LAG client that has one or more physical links in a LAG. This client does not need to detect the MC-LAG. On the other side of the MC-LAG are two switches. Each of these switches has one or more physical links connected to a single client. The switches coordinate with each other to ensure that data traffic is forwarded properly.

    This feature was previously supported in an "X" release of Junos OS.

    [See Multichassis Link Aggregation Features, Terms, and Best Practices.]

  • Channelizing 100-Gigabit Ethernet QSFP28 interfaces (QFX5200 switches)—This feature enables you to channelize the 100-Gigabit Ethernet interfaces to two independent 50-Gigabit Ethernet or to four independent 25-Gigabit Ethernet interfaces. The default 100-Gigabit Ethernet interfaces can also be configured as 40-Gigabit Ethernet interfaces, and in this configuration can either operate as dedicated 40-Gigabit Ethernet interfaces or can be channelized to four independent 10-Gigabit Ethernet interfaces using breakout cables.

    To channelize the ports, manually configure the port speed using the set chassis fpc slot-number port port-number channel-speed speed command, where the speed can be set to 10G, 25G, or 50G. The ports do not support autochannelization.

    Note

    If a 100G transceiver is connected to the switch, channelize the port only to 25G or 50G. If a 40G transceiver is connected, channelize the port only to 10G. Note that there is no commit check for these options.

    This feature was previously supported in an "X" release of Junos OS.

    [See Channelizing Interfaces on QFX5200 Switches.]

  • IRB interface in a PVLAN (QFX5110 switches)—Starting with Junos OS Release 17.2R1, you can configure an integrated routing and bridging (IRB) interface in a private VLAN (PVLAN) on QFX5110 switches so that devices within community VLANs and isolated VLANs can communicate with each other and with devices outside the PVLAN at Layer 3 without requiring you to install a router. This feature was previously supported in an "X" release of Junos OS.

    [See Example: Configuring a Private VLAN Spanning Multiple Switches with an IRB Interface.]

IPv4

  • Generic routing encapsulation (GRE) support (QFX5110 switches)—Starting in Junos OS Release 17.2R1, you can use GRE tunneling services on QFX5110 switches to encapsulate any network layer protocol over an IP network. Acting as a tunnel source router, the switch encapsulates a payload packet that is to be transported through a tunnel to a destination network. The switch first adds a GRE header and then adds an outer IP header that is used to route the packet. When it receives the packet, a switch performing the role of a tunnel remote router extracts the tunneled packet and forwards the packet to the destination network. GRE tunnels can be used to connect noncontiguous networks and to provide options for networks that contain protocols with limited hop counts.

IPv6

  • IPv6 feature support (QFX5110 and QFX5200 switches)—Starting in Junos OS Release 17.2R1, you can configure the Neighbor Discovery Protocol, the Virtual Router Redundancy Protocol (VRRP) for IPv6, and Protocol Independent Multicast (PIM) for IPv6. You can also configure BGP and IS-IS for IPv6 as well as OSPFv3. Additionally, unicast IPv6 is supported for virtual router instances. DHCPv6 is also supported. IPv6 feature support for QFX5110 and QFX5200 switches was previously introduced in "X" releases of Junos OS.

    [See Example: Configuring IPv6 Interfaces and Enabling Neighbor Discovery and Verifying and Managing DHCPv6 Local Server Configuration.]

Layer 2 Features

  • Layer 2 features (QFX5110 and QFX5200 switches)—Starting in Junos OS Release 17.2R1, the following features are supported:

    • VLAN support—Enables you to divide one physical broadcast domain into multiple virtual domains.

    • LLDP—Enables a switch to advertise its identity and capabilities on a LAN as well as receive information about other network devices.

    • Q-in-Q tunneling support—Allows service providers on Ethernet access networks to extend a Layer 2 Ethernet connection between two customer sites. Using Q-in-Q tunneling, providers can also segregate or bundle customer traffic into fewer VLANs or different VLANs by adding another layer of 802.1Q tags. Q-in-Q tunneling is useful when customers have overlapping VLAN IDs, because the customer’s 802.1Q (dot1Q) VLAN tags are prepended by the service VLAN (S-VLAN) tag.

    • Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), Multiple Spanning Tree Protocol (MSTP),and VLAN Spanning Tree Protocol (VSTP ) support – Provides Layer 2 loop prevention.

    These features were previously supported in an "X" release of Junos OS.

  • Q-in-Q tunneling support (QFX5200 switches)—Starting in Junos OS Release 17.2R1, QFX5200 switches support Q-in-Q tunneling, which enables service providers on Ethernet access networks to extend a Layer 2 Ethernet connection between two customer sites. Using Q-in-Q tunneling, providers can also segregate or bundle customer traffic into fewer VLANs or different VLANs by adding another layer of 802.1Q tags. Q-in-Q tunneling is useful when customers have overlapping VLAN IDs, because the customer’s 802.1Q (dot1Q) VLAN tags are prepended by the service VLAN (S-VLAN) tag. This feature was previously supported in an "X" release of Junos OS.

    [See Understanding Q-in-Q Tunneling.]

Layer 3 Features

  • Support for hierarchical ECMP groups (QFX5200 switches)—Starting in Junos OS Release 17.2R1, hierarchical equal-cost multipath (ECMP) groups are enabled by default at system start. Hierarchical ECMP provides for two-level route resolution automatically through the Packet Forwarding Engine. Two-level route resolution through ECMP groups enhances load balancing of traffic. This feature was previously introduced in Junos OS Release 15.1X53-D30.

    [See Overview of Hierarchical ECMP Groups.]

  • Support for 64 next-hop gateways for ECMP (QFX5110 switches)—Starting in Junos OS Release 17.2R1, you can configure as many as 64 equal-cost-multipath (ECMP) next hops for RSVP and LDP LSPs or external BGP peers. The following Layer 3 protocols are supported as ECMP gateways for both IPv4 and IPv6 traffic: OSPF, ISIS, EBGP, and IBGP (resolving over IGP routes). Include the maximum-ecmp next-hops statement at the [edit chassis] hierarchy level. This feature was previously introduced on QFX5110 switches in Junos OS Release 15.1X53-D210.

    [See maximum-ecmp]

  • Support to disable hierarchical ECMP (QFX5200 switches)—Starting with Junos OS Release 17.2R1, you can disable hierarchical equal-cost multipath (ECMP) groups at system start time. Hierarchical ECMP is enabled by default. Disabling this feature effectively increases the number of ECMP groups. Include the no-hierarchical-ecmp statement at the [edit forwarding-options] hierarchical level. Disabling hierarchical ECMP causes the Packet Forwarding Engine to restart. To reenable hierarchical ECMP, issue the following command: delete forwarding-options no-hierarchical-ecmp. This feature was previously introduced in Junos OS Release 15.1X53-D210.

    [See no-hierarchical-ecmp.]

Management

  • Support for device family and release in Junos OS YANG modules (QFX Series)—Starting in Junos OS Release 17.2, Junos OS YANG modules are specific to a device family, and each module’s namespace includes the module name, device family, and Junos OS release string. Furthermore, each juniper-command module uses its own unique module name as the module’s prefix. Device families include junos, junos-es, junos-ex, and junos-qfx.

    [See Understanding Junos OS YANG Modules.]

  • Support for the Junos Telemetry Interface (QFX10000 switches)—Starting with Junos OS Release 17.2R1, the Junos Telemetry Interface is supported on QFX10000 switches. Both UDP and gRPC streaming of statistics are supported. Junos Telemetry Interface enables you to provision sensors to export telemetry data for various network elements without involving polling.

    The following sensors are supported on QFX10000 switches:

    • Logical interfaces (UDP and gRPC streaming)

    • Physical interfaces (UDP and gRPC streaming)

    • Firewall filters, including traffc-class counters (UDP and gRPC streaming)

    • LSP statistics (UDP and gRPC streaming)

    • LSP events and properties (gRPC streaming)

    • Optical interfaces (UDP and gRPC streaming)

    • Network processing unit (NPU) memory (UDP and gRPC streaming)

    • NPU memory utilization (UDP and gRPC streaming)

    • CPU memory (UDP and gRPC streaming)

    • Chassis components (gRPC streaming only)

    • RSVP interface events (gRPC streaming only)

    • BGP peers (gRPC streaming only)

    • Memory utilization for routing protocol tasks (gRPC streaming only)

    • Aggregated Ethernet interfaces configured with the Link Aggregation Control Protocol (gRPC streaming only)

    • Ethernet interfaces enabled configured with the Link Layer Discovery Protocol (gRPC streaming only)

    • Network Discovery Protocol table state (gRPC streaming only)

    • Address Resolution Protocol table state (gRPC streaming only)

    To provision sensors to stream data through UDP, all parameters are configured at the [edit services analytics] hierarchy level. To provision sensors to stream data through gRPC, use the telemetrySubscribe RPC to specify telemetry parameters for a specified list of OpenConfig command paths. Because QFX10000 switches run a version Junos OS with an upgraded FreeBSD kernel, you must download the Junos Network Agent software package, which provides the interfaces to manage gRPC subscriptions. Streaming telemetry data through gRPC also requires you to download the OpenConfig for Junos OS module and YANG models.

    The LSP events and properties sensor is supported in Junos OS Release 17.2R1 for the first time. You can export statistics for ingress point-to-point LSPs, point-to-multipoint LSPs, bypass LSPs, and dynamically created LSPs. To export data through gRPC, use the /mpls/lsps/ or /mpls/signal-protocols/ set of OpenConfig subscription paths.

    [See Overview of the Junos Telemetry Interface.]

  • Support for the Junos Telemetry Interface (QFX5200 switches)—Starting with Junos OS Release 17.2R1, you can provision sensors through the Junos Telemetry Interface to export telemetry data for various network elements without involving polling. On QFX5200 switches, only gRPC streaming of statistics is supported. UDP streaming is not supported.

    The following sensors are supported:

    • Chassis components

    • Aggregated Ethernet interfaces configured with the Link Aggregation Control Protocol

    • Ethernet interfaces enabled configured with the Link Layer Discovery Protocol

    • BGP peers

    • RSVP interface events

    • Memory utilization for routing protocol tasks

    • Address Resolution Protocol table state

    • Network Discovery Protocol table state

    To provision sensors to stream data through gRPC, use the telemetrySubscribe RPC to specify telemetry parameters for a specified list of OpenConfig commands paths. You must download the Junos Network Agent software package, which provides the interfaces to manage gRPC subscriptions. Streaming telemetry data through gRPC also requires you to download the OpenConfig for Junos OS module and YANG models.

    [See Understanding OpenConfig and gRPC on Junos Telemetry Interface.]

MPLS

  • TE++ dynamic bandwidth management using container LSPs (QFX5100)—Starting with Junos OS Release 17.2R1, a new type of label-switched path (LSP), called a container LSP, is introduced to enable load balancing across multiple point-to-point member LSPs between the same ingress and egress routers. Each member LSP takes a different path to the same destination and can be routed along a different interior gateway protocol (IGP) cost path. Based on the configuration and aggregate traffic, a container LSP provides support for dynamic bandwidth management by enabling the ingress router to dynamically add and remove member LSPs through a process called LSP splitting and LSP merging, respectively. Member LSPs can also be re-optimized with different bandwidth values in a make-before-break way. The feature was previous supported in a "X" release of Junos OS.

    [See Dynamic Bandwidth Management Using Container LSP Overview.]

  • Entropy labels for LSPs (QFX10000 switches)—Starting with Junos OS Release 17.2R1, you can configure entropy labels for label-switched paths (LSPs). An entropy label is a special load-balancing label that 0 enhances the ability of the switch to load-balance traffic across equal-cost multipath (ECMP) paths or link aggregation groups (LAGs). The entropy label allows the switch to efficiently load-balance traffic using just the label stack rather than deep packet inspection (DPI). To configure entropy labels, include the entropy-label statement at the [edit protocols mpls labeled-switched-path labeled-switched-path-name] hierarchy level.

    [See Understanding Entropy Label for BGP Labeled Unicast LSPs and Automatic Bandwidth Allocation for LSPs.]

  • Support for a label stack for BGP label unicast for MPLS advertisements (QFX10000 switches)—Starting with Junos OS 17.2R1, QFX10000 switches implement RFC 3701, which supports a stack of labels in BGP label unicast for both IPv4 and IPv6 traffic. Previously, only one label per prefix was supported in the BGP unicast label. You can now specify to include of up to five labels per prefix in the BGP labeled unicast updates. This feature enables the use of the BGP label unicast stack to program a stack of labels to control packet forwarding in a network configured with hierarchical MPLS label-switched paths. To configure as many as five labels to advertise through MPLS, include the maximum-labels number statement at the [edit interfaces interface-name unit logical-unit-number family mpls] hierarchy level. The show route receive-protocol bgp neighbor-address detail and show route advertising-protocol neighbor-address detail operational commands are enhanced to display multiple labels for one prefix in the Labels field.

    [See Configuring the Maximum Number of MPLS Labels.]

  • MPLS support (QFX5110 and QFX5200 switches)—Starting in Junos OS Release 17.2R1, MPLS is supported on the QFX5110 and QFX5200 switches. MPLS supports both label edge routers (LER) and label switch routers (LSR) and provides the following capabilities:

    • Support for both MPLS major protocols, LDP and RSVP

    • IS-IS interior gateway protocol (IGP) traffic engineering

    • Class of service (CoS)

    • Object access method, including ping, traceroute, and Bidirectional Forwarding Detection (BFD)

    • Fast reroute (FRR) support, a component of MPLS local protection for both one-to-one and many-to-one local protection.

    • Loop-free alternate (LFA)

    • 6PE devices

    • Layer 3 VPNs for both IPv4 and IPv6

    • LDP tunneling over RSVP

    This feature was previously supported in an “X” release of Junos OS.

    [See MPLS Overview for Switches.]

  • Support for equal cost multipath (ECMP) routing on label-switching routers (QFX5110 and QFX5200 switches)—Starting in Junos OS Release 17.2R1, you can configure ECMP on MPLS label-switched routers (LSRs). ECMP is a layer 3 mechanism for load–balancing traffic to a destination over multiple equal-cost next hops. When a link goes down, ECMP uses fast reroute protection to shift packet forwarding to use operational links, thereby decreasing packet loss. This feature was previously supported in an "X" release of Junos OS.

    [See Configuring ECMP Next Hops for RSVP and LDP LSPs for Load Balancing.]

  • Ethernet over MPLS (Layer 2 circuit) support (QFX5100 Virtual Chassis and Virtual Chassis Fabric)—Starting in Junos OS Release 17.2R1, a QFX5100 Virtual Chassis or Virtual Chassis Fabric (VCF) supports Ethernet over MPLS (Layer 2 circuit). The Virtual Chassis or VCF can act as a provider edge switch on which you configure MPLS and LDP for the interfaces that will carry the Layer 2 circuit traffic. The Layer 2 circuit can be port-based (pseudo-wire) or VLAN-based. These features were previously supported for a QFX5100 Virtual Chassis or VCF in an “X” release of Junos OS.

    [See Understanding Ethernet-over-MPLS (L2 Circuit) and Configuring Ethernet over MPLS (L2 Circuit).]

Multicast

  • Layer 3 multicast support (QFX5110 and QFX5200 switches)—Starting in Junos OS Release 17.2R1, IGMP, including versions 1,2, and 3, IGMP snooping, PIM sparse mode, and PIM source-specific multicast are supported. You can also configure IGMP, IGMP snooping, and PIM in virtual router instances. Multicast Source Discovery Protocol (MSDP) is also supported. Configure IGMP at the [edit protocols igmp] hierarchy level. Configure IGMP snooping at the [edit protocols igmp-snooping] hierarchy level. Configure PIM at the [edit protocols pim] hierarchy level. Configure MSDP at the [edit protocols msdp] hierarchy level. Layer 3 multicast support was previously introduced in "X" releases of Junos OS.

    [See Multicast Overview.]

  • Support for static multicast route leaking for VRF and virtual-router instances (QFX5100 and EX4300 switches)—Starting in Junos OS Release 17.2R1, you can configure your switch to share IPv4 multicast routes among different virtual routing and forwarding (VRF) instances or different virtual-router instances. On EX4300 switches, multicast route leaking is supported only when the switch functions as a line card in a Virtual Chassis, not as a standalone switch. Only multicast static routes with a destination-prefix length of /32 are supported for multicast route leaking. Only Internet Group Management Protocol version 3 is supported. To configure multicast route leaking for VRF or virtual-router instances , include the next-table routing-instance-name.inet.0 statement at the [edit routing-instances routing-instance-name routing-options static route destination-prefix/32] hierarchy level. For routing–instance-name, include the name of a VRF or virtual-router instance. This feature was previously introduced in Junos OS Release 14.X53-D40.

    [See Understanding Multicast Route Leaking for VRF and Virtual-Router Instances.]

Network Management and Monitoring

  • sFlow enhancements (QFX10008 and QFX10016 switches)—Starting in Junos OS Release 17.2R1, sFlow IPv4 and IPv6 packets support extended router information, including the IP address of the next-hop router, the outgoing VLAN ID, the source IP address prefix length, and the destination IP address prefix length. This information is collected only if BGP is configured on the switch.

    In addition, a configuration statement was introduced that allows the sFlow sampling rate to stay within the maximum sampling rate of 1 out of 64,000 packets. Packet-based sampling is implemented in the hardware, so all of the interfaces can be monitored with very little overhead. However, if traffic levels are unusually high, the hardware generates more samples than it can handle. The extra samples are dropped by the software rate-limiting algorithm and can cause inaccurate results. You can include the disable-sw-rate-limiter statement at the [edit protocols sFlow] hierarchy to disable the software, allowing the hardware sampling rate to stay within the maximum sampling rate for sFlow.

    [See Understanding How to Use sFlow Technology for Network Monitoring on a Switch.]

  • sFlow technology support (QFX5110 and QFX5200 switches)—Starting in Junos OS Release 17.2R1, the QFX5110 and QFX5200 switches support sFlow technology. sFlow technology is a monitoring technology for high-speed switched or routed networks. sFlow monitoring randomly samples network packets and sends the samples to a monitoring station called a collector. You can configure sFlow monitoring on the switch to continuously monitor traffic at wire speed on all interfaces simultaneously. sFlow monitoring also collects samples of network packets, providing you with visibility into network traffic information. You configure sFlow monitoring at the [edit protocols sflow] hierarchy level. sFlow operational commands include show sflow and clear sflow collector statistics. This feature was previously supported in an "X" release of Junos OS

    [See Understanding How to Use sFlow Technology for Network Monitoring on a Switch.]

  • Port mirroring (QFX5110 and QFX5200 switches)—Starting in Junos OS Release 17.2R1, you can use port mirroring on QFX5110 and QFX5200 switches to copy packets entering or exiting a port or entering a VLAN and send the copies to a local interface for local monitoring or to a VLAN for remote monitoring. Use port mirroring to send traffic to applications that analyze traffic for purposes such as monitoring compliance, enforcing policies, detecting intrusions, monitoring and predicting traffic patterns, correlating events, and so on. This feature was previously supported in an "X" release of Junos OS.

    [See Understanding Port Mirroring.]

  • SNMP support for monitoring tunnel statistics (QFX Series)—Starting in Junos OS Release 17.2R1 , SNMP MIB jnxTunnelStat supports monitoring of tunnel statistics for IPv4 over IPv6 tunnels. This is a new enterprise-specific MIB, Tunnel Stats MIB, that currently displays three counters: tunnel count in rpd, tunnel count in Kernel, and tunnel count in the Packet Forwarding Engine. This MIB can be extended to support other tunnel statistics. The MIB is defined in jnx-tunnel-stats.txt. This MIB is attached to jnxMibs.

    [See SNMP MIB Explorer.]

Port Security

  • Media Access Control Security (MACsec) support (QFX10008 and QFX10016 switches)—Starting in Junos OS Release 17.2R1, MACsec is supported on all six interfaces of the QFX10K-12C-DWDM line card when it is installed in a QFX10008 or QFX10016 switch. MACsec is an 802.1AE IEEE industry-standard security technology that provides secure communication for all traffic on point-to-point Ethernet links. MACsec is capable of identifying and preventing most security threats, and can be used in combination with other security protocols to provide end-to-end network security. MACsec can be enabled only on domestic versions of Junos OS software.

    [See Understanding Media Access Control Security (MACsec)]

  • Access security support (QFX5110 switches)—Starting in Junos OS Release 17.2R1, the following access security features are supported on QFX5110 switches:

    • DHCP snooping—DHCP snooping allows the switch to monitor and control DHCP messages received from untrusted devices connected to the switch. When DHCP snooping is enabled, the system snoops the DHCP messages to view DHCP lease information, which it uses to build and maintain a database of valid IP-address-to-MAC-address (IP-MAC) bindings called the DHCP snooping database. Clients on untrusted ports are only allowed to access the network if they can be validated against the database.

    • DHCPv6 snooping—DHCP snooping for DHCPv6.

    • DHCP option 82—You can use DHCP option 82, also known as the DHCP relay agent information option, to help protect the switch against attacks such as spoofing (forging) of IP addresses and MAC addresses, and DHCP IP address starvation. Option 82 provides information about the network location of a DHCP client, and the DHCP server uses this information to implement IP addresses or other parameters for the client.

    • DHCPv6 option 37—Option 37 is the DHCPv6 equivalent of the remote ID suboption of DHCP option 82. It is used to insert information about the network location of the remote host into DHCPv6 packets.

    • Dynamic ARP inspection (DAI)—DAI inspects Address Resolution Protocol (ARP) packets on the LAN and uses the information in the DHCP snooping database on the switch to validate ARP packets and to protect against ARP spoofing (also known as ARP poisoning or ARP cache poisoning). ARP requests and replies are compared against entries in the DHCP snooping database, and filtering decisions are made based on the results of those comparisons.

    • IPv6 neighbor discovery (ND) inspection—IPv6 ND inspection mitigates attacks based on the Neighbor Discovery Protocol by inspecting neighbor discovery messages and verifying them against the DHCPv6 snooping table.

    • MAC limiting—You can configure a MAC limit per interface and per VLAN, and set an action to take on the next packet the interface or VLAN receives after the limit is reached.

    • MAC move limiting—You can configure MAC move limiting to track MAC address movements on the switch, so that if a MAC address changes more than the configured number of times within one second, the changes to MAC addresses are dropped, logged, or ignored, or the interface is shut down.

    • Persistent MAC learning—Persistent (also called sticky) MAC addresses help restrict access to an access port by identifying the MAC addresses of workstations that are allowed access to a given port. Secure access to these workstations is retained even if the switch is restarted.

    [See Understanding Port Security Features to Protect the Access Ports on Your Device Against the Loss of Information and Productivity.]

Routing Protocols

  • Support for BGP Monitoring Protocol (BMP) Version 3 (QFX5110 and QFX5200 switches)—Starting with Junos OS Release 17.2R1, you can configure BMP, which sends BGP route information from the switch to a monitoring application, or station, on a separate device. To deploy BMP in your network, you need to configure BMP on each switch and at least one BMP monitoring station. Only version 3 is supported. To configure BMP, include the bmp set of statements at the [edit routing-options] hierarchy level. To configure a BMP monitoring station, include the station-address ip-address and the station-port number statements at the [edit routing-options bmp] hierarchy level.

    [See Configuring BGP Monitoring Protocol Version 3.]

  • Support for segment routing for IS-IS (QFX5100 switches and QFX10000 switches)—Starting with Junos OS Release 17.2R1, you can advertise MPLS labels through IS-IS to support segment routing. IS-IS advertises a set of segments, which enables an ingress device to steer a packet through a specific set of nodes and links in the network without relying on the intermediate nodes in the network to determine the path to take. Two types of segments are supported: node and adjacency. A node segment represents a shortest-path link to a node. An adjacency segment represents a specific adjacency to a node. To enable segment routing, include the source-packet-routing statement at the [edit protocols isis] hierarchy level. By default, segment routing is enabled on all IS-IS levels. To disable advertising of the adjacency segment for a specified interface, include the no-advertise-adjacency-segment statement. You can also specify an interval for maintaining adjacency segments by including the adjacency-segment hold-time milliseconds statement.

    To enable node segments, include the node-segment statement at the [edit protocols isis source-packet-routing] hierarchy level. You have two options for advertising a range of indices for IPv4 or IPv6 addresses. Use the index-range statement to specify a dynamic label range managed by MPLS. To specify a specific block of indices, also known as a segment routing global block, include the start-label <number> index-range <number> statements at the [edit protocols isis source-packet-routing srgb] hierarchy level. This configuration enables MPLS to reserve the specified label range.

    Segment routing in IS-IS also supports provisioning prefix segment indices (SIDs) and anycast SIDs for both IPv4 and IPv6 prefixes. These SIDs are provisioned through a routing policy for each prefix. Include the then prefix-segment index number statement at the [edit policy options policy-statement policy-name] hierarchy level. You can also enable IPG shortcuts for prefix segment routes. Include the shortcuts statement at the [edit protocols isis traffic-engineering family (inet-mpls | inet6-mpls)] hierarchy level.

    [See source-packet-routing.]

  • Support for segment routing for OSPF (QFX5100 switches and QFX10000 switches)—Starting with Junos OS Release 17.2R1, you can advertise MPLS labels through OSPF to support segment routing. Only IPv4 is supported. OSPFv3 is not supported. OSPF advertises a set of segments, which enables an ingress device to steer a packet through a specific set of nodes and links in the network without relying on the intermediate nodes in the network to determine the path to take. Two types of segments are supported: node and adjacency. A node segment represents a shortest-path link to a node. An adjacency segment represents a specific adjacency to a node. To enable segment routing, include the source-packet-routing statement at the [edit protocols ospf] hierarchy level. By default, segment routing is enabled for all OSPF areas. To disable for a specific area, include theno-source-packet-routing statement at the [edit protocols ospf area area-id] hierarchy level. To enable node segments, include the node-segment statement. You can specify a range for IPv4 addresses to advertise, which MPLS manages dynamically. To disable advertising of the adjacency segment for a specified interface, include the no-advertise-adjacency-segment statement.

    [See source-packet-routing.]

  • Support for unique AS path count (QFX Series)—Starting with Junos OS Release 17.2R1, you can configure a routing policy to determine the number of unique autonomous systems (ASs) present in the AS path. The unique AS path count helps determine whether a given AS is present in the AS path multiple times, typically as prepended ASs. In earlier Junos releases it was not possible to implement this counting behavior using the as-path regular expression policy. This feature permits the user to configure a policy based on the number of AS hops between the route originator and receiver. This feature ignores ASs in the as-path that are confederation ASs, such as confed_seq and confed_set.

    To configure AS path count, include the as-path-unique-count count (equal | orhigher | orlower) configuration statement at the [edit policy-options policy-statement policy_name from] hierarchy level.

Security

  • Support for filter-based decapsulation over an IP-IP interface (QFX10000 switches)—Starting in Junos OS Release 17.2R1, you can use a firewall filter over an IP-IP interface to de-encapsulate traffic on the switch, without the need to create any tunnel interfaces. IP-in-IP packets are special IP tunneling packets with no GRE header. With this feature, you can define a filter with filtering terms to classify packets based on packet fields such as destination IP address and protocol type. This provides significant benefits in terms of scalability, performance, and flexibility.

    [See Configuring a Firewall Filter to De-Encapsulate IP-in-IP Traffic.]

  • Policing support (QFX5110 and QFX5200 switches)—Starting in Junos OS Release 17.2R1, you can use policing (or rate-limiting) to apply limits to traffic flow and to set consequences for packets that exceed those limits. The device polices traffic by limiting the input or output transmission rate of a class of traffic according to user-defined criteria. Policing traffic allows you to control the maximum rate of traffic sent or received on an interface and to provide multiple priority levels or classes of service. This feature was previously supported in an “X” release of Junos OS.

    [See Overview of Policers.]

  • Storm control support (QFX5110 and QFX5200 switches)—Starting in Junos OS Release 17.2R1, you can monitor traffic levels and take a specified action when a defined traffic level (called the storm control level) is exceeded, preventing packets from proliferating and degrading service. You can configure the switch to drop broadcast and unknown unicast packets, shut down interfaces, or temporarily disable interfaces when a traffic storm occurs. This feature was previously supported in an “X” release of Junos OS.

    [See Understanding Storm Control.]

  • Firewall filters support (QFX5110 and QFX5200 switches)—Starting in Junos OS Release 17.2R1, you can provide rules that define whether to accept or discard packets. You can use firewall filters on interfaces, VLANs, routed VLAN interfaces (RVIs), link aggregation groups (LAGs), and loopback interfaces. This feature was previously supported in an “X” release of Junos OS.

    [See Overview of Firewall Filters.]

  • Generic routing encapsulation (GRE) support (QFX5100 and QFX5200 switches)—You can use GRE tunneling services to encapsulate any network layer protocol over an IP network. Acting as a tunnel source router, the switch encapsulates a payload packet that is to be transported through a tunnel to a destination network. The switch first adds a GRE header and then adds an outer IP header that is used to route the packet. When it receives the packet, a switch performing the role of a tunnel remote router extracts the tunneled packet and forwards the packet to the destination network. GRE tunnels can be used to connect noncontiguous networks and to provide options for networks that contain protocols with limited hop counts. This feature was previously supported in an “X” release of Junos OS.

    [See Configuring a Firewall Filter to De-Encapsulate GRE Trafficl.]

Services Applications

  • Support for IPFIX templates for flow aggregation (QFX10002 switches)—Starting with Junos OS Release 17.2R1, you can define a flow record template for unicast IPv4 and IPv6 traffic in IP Flow Information Export (IPFIX) format. Templates are transmitted to the collector periodically. To define an IPFIX template, include the version-ipfix template template-name set of statements at the [edit services flow-monitoring] hierarchy level.

    You must also perform the following configuration:

    • Sampling instance at the [edit forwarding-options] hierarchy level.

    • Associate the sampling instance with the FPC at the [edit chassis] hierarchy level and with a template configured at the [edit services flow-monitoring] hierarchy level.

    • Firewall filter for the family of traffic to be sampled at the [edit firewall] hierarchy level.

    [See Configuring Flow Aggregation to Use IPFIX Flow Templates.]

Software Defined Networking (SDN)

  • OVSDB-VXLAN support with Contrail (QFX5110 and QFX5200 switches)—Starting with Junos OS Release 17.2R1, the Open vSwitch Database (OVSDB) management protocol provides a means through which a Contrail controller can communicate with QFX5110 and QFX5200 switches to provision them as Layer 2 VXLAN gateways. In an environment in which Contrail Release 2.22 or later is deployed, a Contrail controller and these switches can exchange control and statistical information, thereby enabling virtual machine (VM) traffic from entities in a virtualized network to be forwarded to entities in a physical network and vice versa.

    This feature was previously supported in an “X” release of Junos OS.

    [See Understanding the OVSDB Protocol Running on Juniper Networks Devices.]

  • Layer 2 VXLAN gateway (QFX5110 and QFX5200 switches)—Starting in Junos OS Release 17.2R1, you can implement a QFX5110 or QFX5200 switch as a Layer 2 Virtual Extensible LAN (VXLAN) gateway. VXLAN is an overlay technology that allows you to stretch Layer 2 connections over an intervening Layer 3 network by encapsulating (tunneling) Ethernet frames in a VXLAN packet that includes IP addresses. You can use VXLAN tunnels to enable migration of virtual machines (VMs) between servers that exist in separate Layer 2 domains by tunneling the traffic through Layer 3 networks. This functionality allows you to dynamically allocate resources within or between data centers without being constrained by Layer 2 boundaries or being forced to create large or geographically stretched Layer 2 domains. Using VXLANs to connect Layer 2 domains over a Layer 3 network means that you do not need to use the Spanning Tree Protocol (STP) to converge the topology (so no links are blocked) but can use more robust routing protocols in the Layer 3 network instead.

    This feature was previously supported in an “X” release of Junos OS.

    [See Understanding VXLANs.]

  • BFD in a VMware NSX environment with OVSDB and VXLAN (QFX5100 switches, QFX5100 Virtual Chassis)

    Within a Virtual Extensible LAN (VXLAN) managed by the Open vSwitch Database (OVSDB) protocol, by default, Layer 2 broadcast, unknown unicast, and multicast (BUM) traffic is replicated and forwarded by one or more software virtual tunnel endpoints (VTEPs) or service nodes in the same VXLAN. (The software VTEPs and service nodes are collectively referred to as replicators.)

    Starting in Junos OS Release 17.2R1, a Juniper Networks switch or Virtual Chassis that functions as a hardware VTEP in a VMware NSX environment uses the Bidirectional Forwarding Detection (BFD) protocol to prevent the forwarding of BUM packets to a non-functional replicator.

    By exchanging BFD control messages with replicators at regular intervals, the hardware VTEP can monitor the replicators to ensure that they are functioning and reachable.

Software Installation and Upgrade

  • Support for FreeBSD 10 kernel for Junos OS (QFX5200 and QFX5110 switches)—Starting with Junos OS Release 17.2R1, FreeBSD 10 is the underlying OS for Junos OS instead of FreeBSD 6.1. This feature includes a simplified package naming system that drops the domestic and world-wide naming convention. Because installation restructures the file system, logs and configurations are lost unless precautions are taken. Now there are Junos OS and OAM volumes, that provide the ability to boot from the OAM volume upon failures. Some system commands display different output and a few others are deprecated.

    This feature was previously supported in an "X" release of Junos OS.

    [See Understanding Junos OS with Upgraded FreeBSD.]

Software Licensing

  • Integrated software feature licenses (QFX5110 and QFX5200 switches)—Starting with Junos OS Release 17.2R1, the standard QFX Series premium feature license for BGP, Intermediate System-to-Intermediate System (IS-IS), and Virtual Extensible Local Area Network (VXLAN), and Open vSwitch Database (OVSDB) software license and the standard QFX Series advanced feature license for BGP, Intermediate System-to-Intermediate System (IS-IS), MPLS, and Virtual Extensible Local Area Network (VXLAN), and Open vSwitch Database (OVSDB) license are supported.

    This feature was previously supported in an “X” release of Junos OS.

    [See Software Features That Require Licenses on the QFX Series.]

System Management

  • Support for Precision Time Protocol (PTP) transparent clock (QFX5100 and QFX5110 switches)—Starting in Junos OS Release 17.2R1, PTP synchronizes clocks throughout a packet-switched network. With a transparent clock, the PTP packets are updated with residence time as the packets pass through the switch. There is no master/slave designation. End-to-end transparent clocks are supported. With an end-to-end transparent clock, only the residence time is included. The residence time can be sent in a one-step process, which means that the timestamps are sent in one packet. In a two-step process, estimated timestamps are sent in one packet, and additional packets contain updated timestamps. In addition, User UDP over IPv4 and IPv6 and unicast and multicast transparent clock are supported.

    You can configure the transparent clock at the [edit protocols ptp] hierarchy.

    [See Understanding Transparent Clocks in Precision Time Protocol.]

  • Zero Touch Provisioning (QFX5100, QFX5110, and QFX5200 switches)—Starting with Junos OS Release 17.2R1, Zero Touch Provisioning allows you to provision new Juniper Networks switches in your network automatically without manual intervention. When you physically connect a switch to the network and boot it with a default configuration, it attempts to upgrade the Junos OS software automatically and autoinstall a configuration file from the network. The switch uses information that you configure on a Dynamic Host Configuration Protocol (DHCP) server to locate the necessary software image and configuration files on the network. If you do not configure the DHCP server to provide this information, the switch boots with the preinstalled software and default configuration. The Zero Touch Provisioning process either upgrades or downgrades the Junos OS version.

    This feature was previously supported in an "X" release of Junos OS.

    [See Understanding Zero Touch Provisioning.]

VLAN Infrastructure

  • Double VLAN tags on Layer 3 subinterfaces (QFX10000 switches)—Starting in Junos OS Release 17.2R1, you can configure double VLAN tags on Layer 3 subinterfaces (also called “Layer 3 logical interfaces) on QFX10000 switches. Layer 3 double-tagged logical interfaces support inet, inet6, and mpls families.

    Support for double-tagging VLANs on Layer 3 logical interfaces includes:

    • Configuration of an IPv4, an IPv6, or an mpls family on the logical interface

    • Configuration over an aggregated Ethernet interface

    • Configuration of multiple logical interfaces on a single physical interface

    [See Configuring Double-Tagged VLANs on Layer 3 Logical Interfaces.]

Changes in Behavior and Syntax

This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands from Junos OS Release 17.2R3 for the QFX Series.

Class of Service (CoS)

  • The following CoS options are hidden under the Traffic control profiles for QFX10002 and QFX10008 products:

    > delay-buffer-rate

    > excess-rate

    > excess-rate-high

    > excess-rate-low

    > excess-rate-medium-high

    > excess-rate-medium-low

    The shaping-rate option is hidden on QFX10008 but not on QFX10002, as shaping rate configurations are used in the QFX10002 satellite solution setup. PR1261988

  • When you configure the transmit-rate, you must also configure the guaranteed-rate under traffic-control-profiles. If you commit a transmit-rate configuration without having configured guaranteed-rate, a warning message is displayed and the default scheduler map is applied.

General Routing

  • Support for deletion of static routes when the BFD session goes down (QFX Series)—Starting with Junos OS 17.2R2, the default behavior of the static route at the [edit routing-options static static-route bfd-admin-down] hierarchy level is active. So, the static routes are deleted when the BFD receives a session down message.

EVPNs

  • On QFX10000 switches running Junos OS Release 17.2R3 or later, the local preference setting for an Ethernet VPN (EVPN) pure type-5 route is inherited by IP routes that are derived from the EVPN type-5 route. Further, when selecting an IP route for incoming traffic, the QFX10000 switches consider the local preference of the route. A benefit of the QFX10000 switches including the local preference in their route selection criteria is that you can set up a policy to manipulate the local preference, thereby controlling which route the switch selects.

Interfaces and Chassis

  • Changes to the show interface interface-name command (QFX10002)—Two additional CLI fields, FEC Corrected Errors Rate and FEC Uncorrected Errors Rate are added to the show interface interface-name command. For example:

    user@router> show interfaces et-0/0/35

Network Management and Monitoring

  • SNMP syslog messages changed (QFX Series)—In Junos OS Release 17.2R1, two misleading SNMP syslog messages have been rewritten to accurately describe the event:

    • Old message: AgentX master agent failed to respond to ping. Attempting to re-register

      New message: AgentX master agent failed to respond to ping, triggering cleanup!

    • Old message: NET-SNMP version %s AgentX subagent connected

      New message: NET-SNMP version %s AgentX subagent Open-Sent!

    [See the MIB Explorer.]

  • Update to SNMP support of apply-path statement (QFX Series)—In Junos OS Release 17.2R1, SNMP implementation of the apply-path configuration statement supports only two lists:

    • apply-path "policy-options prefix-list <list-name> <*>"

      This configuration has been supported from the first release.

    • apply-path "access radius-server <*>"

      This configuration is supported as of this release.

  • Change in default log-level setting (QFX Series)—In Junos OS Release 17.2R3, the following changes are made to the default logging levels:

    Before this release:

    • SNMP_TRAP_LINK_UP was LOG_INFO for both the physical (IFD) and logical (IFL) interfaces.

    • SNMP_TRAP_LINK_DOWN was LOG_WARNING for both the physical (IFD) and logical (IFL) interfaces.

    From this release onward:

    • IFD LinkUp -> LOG_NOTICE (as this is an important message but less frequent)

    • IFL LinkUp -> LOG_INFO (no change)

    • IFD and IFL LinkDown -> LOG_WARNING (no change)

    See the MIB Explorer.

  • Need to reconfigure SNMPv3 configuration after upgrade (QFX Series)—In Junos OS Release 17.2R2, you might need to reconfigure SNMPv3 after upgrading from an earlier release to this release. This is necessary only if you are using SNMPv3 and if the engine ID is based on the MAC address because the engine ID is changed. In releases before Junos OS Release 17.2R1, you need to reconfigure SNMPv3 every time after a reboot. This problem is now fixed. If you upgrade, you must still reconfigure SNMPv3, but only once—if you have already reconfigured SNMPv3 in an earlier release, you do not need to reconfigure SNMPv3 again. To reconfigure SNMP v3, use the delete snmp v3 command, commit, and then reconfigure SNMPv3 parameters. Platforms affected are QFX5100, QFX10002, QFX10008, and QFX10016.

    [See Configuring the Local Engine ID.]

Management

  • Junos OS YANG module namespace and prefix changes (QFX Series)—Starting in Junos OS Release 17.2, Junos OS YANG modules are specific to a device family, and each module’s namespace includes the module name, device family, and Junos OS release string. Furthermore, each juniper-command module uses its own unique module name as the module’s prefix. In earlier releases, Junos OS YANG modules used only a unique identifier to differentiate the namespace for each module, and the prefix for all juniper-command modules was jrpc.

    Device families include junos, junos-es, junos-ex, and junos-qfx. The Junos OS YANG extension modules, junos-extension and junos-extension-odl, use the junos device family identifier in the namespace, but the modules are common to all device families.

    [See Understanding Junos OS YANG Modules.]

  • Changes to the rfc-compliant configuration statement (QFX Series)—Starting in Junos OS Release 17.2, Junos OS YANG modules are specific to a device family, and each module’s namespace includes the module name, device family, and Junos OS release string. If you configure the rfc-compliant statement at the [edit system services netconf] hierarchy level and request configuration data in a NETCONF session on a device running Junos OS Release 17.2R1 or later, the NETCONF server sets the default namespace for the <configuration> element in the RPC reply to the same namespace as in the corresponding YANG model.

    [See Configuring RFC-Compliant NETCONF Sessions and rfc-compliant.]

  • Enhancement to the Junos Telemetry Interface (QFX10000 and QFX5200 switches)—Starting in Junos OS Release 17.2R1, the values displayed in the oper-status key-value field of data streamed through gRPC for the physical interfaces sensor have changed.

    The following values are now displayed to indicate the operational status of an interface:

    • operational status up—UP

    • operational status down—DOWN

    • operational status unknown—UNKNOWN

  • Enhancement to NPU memory sensors for Junos Telemetry Interface (QFX10000 switches)—Starting with Junos OS Release 17.2R1, the path used to subscribe to telemetry data for network processing unit (NPU) memory and NPU memory utilization through gRPC has changed. The new path is /components/component[name="FPC<fpc-id>:NPU<npu-id>"]/

    [See Guidelines for gRPC Sensors.]

Routing Protocols

  • Syslog error message RPD_ISIS_PREFIX_SID_CNFLCT to resolve conflicting prefix segment advertisement (QFX Series)—Starting in Junos OS Release 17.2R2, the RPD_ISIS_PREFIX_SID_CNFLCT syslog error message is emitted only when the prefix segment advertisement from the remote node is conflicting with an advertisement from the self node. This conflict happens because the same prefix segment index is assigned on different IP addresses or different prefix segment indexes are assigned to the same IP address. To rectify this conflict identify the remote node in the network originating the conflicting prefix segment advertisement and change the prefix segment index on the local node or on the remote node.

    [See Example: Configuring Anycast and Prefix Segments in SPRING for ISIS].

Virtual Chassis

  • Adaptive load balancing (ALB) feature (Virtual Chassis Fabric)—Starting in Junos OS Release 17.2R2, the adaptive load balancing (ALB) feature for Virtual Chassis Fabric (VCF) is being deprecated to avoid potential VCF instability. The fabric-load-balance configuration statement in the [edit forwarding-options enhanced-hash-key] hierarchy is no longer available to enable and configure ALB in a VCF. When upgrading a VCF to a Junos OS release where ALB is deprecated, if the configuration has ALB enabled, you should delete the fabric-load-balance configuration item before initiating the upgrade.

    [See Understanding Traffic Flow Through a Virtual Chassis Fabric and fabric-load-balance.]

Known Behavior

This section lists known behavior, system maximums, and limitations in hardware and software in Junos OS Release 17.2R3 for the QFX Series.

For the most complete and latest information about known Junos OS problems, use the Juniper Networks online Junos Problem Report Search application.

EVPNs

  • A PE device running EVPN IRB with an IGP configured in a VRF associated with the EVPN instance will be unable to establish an IGP adjacency with a CE device attached to a remote PE. The IGP instance running in the VRF on the PE may be able to discover the IGP instance running on the remote CE through broadcast or multicast traffic, but will be unable to send unicast traffic directly to the remote CE. Workaround: Run IGP sessions between aPE and locally attached CEs. Use L3VPN to distribute the IGP-learned routes between PEs across the core. PR977945

General Routing

  • On EX4600 and QFX5100 switches, the amount of time that it takes for Zero Touch Provisioning to complete might be lengthy because TFTP might take a long time to fetch the required data. PR980530

  • On EX Series or QFX Series switches, nonstop software upgrade (NSSU) cannot be used to upgrade from Junos OS Release 14.1X53 to Junos OS Release 15.1 or later. PR1087893

  • On an QFX5100 Virtual Chassis, when you perform an NSSU, there might be more than five seconds of traffic loss for multicast traffic. PR1125155

  • With multihop BFD, traffic loss of around 5 to 10 seconds is observed when an intermediate interface is brought down. After 5 to 10 seconds, the traffic recovers and no action is needed. PR1150695

  • For a LAG interface, the Packet Forwarding Engine populates only the bundle statistics and not the child's logical interface statistics. A value of zero (0) is always returned for logical interface statistics. A limitation in the hardware does not allow the correct statistics to be returned. PR1250870

  • On QFX5200 switches, if the port speed is changed from 25 Gbps to 100 Gbps, or if there are repeated changes in the port speed settings, then the link might remain down. This is SDK limitation and has been addressed in SDK versions 6.5.8 and later. PR1250891

  • On QFX10000 switches, a part of the fabric management cell-drop error detection and correction feature is not supported as part of Junos OS Release 17.1. PR1252448

  • On the QFX10K-12C-DWDM coherent line card, when an interface is configured In 8QAM mode, pull out of fiber on the second "OT" interface in the same AC400 module brings both the "OT" interfaces down. This does not affect any functionality. PR1258539

  • When fiber is pulled out of the OT interface and plugged back in, the Et interfaces go up and after 5 seconds the OT interface show as up. But actually both OT and ET are up at the same time. Only reporting of OT up is delayed by a maximum of 5 seconds. This does not affect the functionality. PR1258551

  • Currently, a maximum of 64 LAG members under a single aggregated Ethernet bundle is supported for the QFX Series. PR1259515

  • On QFX10008 and QFX10016 with the QFX10K-12C-DWDM line card installed, protocols (such as BFD and BGP) running over aggregated Ethernet interfaces might flap when the aggregated Ethernet member link is disabled. PR1289703

  • ERPS convergence takes time after a GRES and thus, traffic loss is observed for a brief period. PR1290161

High Availability (HA) and Resiliency

  • On QFX5100 switches, residual and baseline statistics loss from unified ISSU—Using unified ISSU to upgrade to Junos OS Release 17.2R1 or later will result in a loss of residual and baseline statistics for interfaces, interface set specific statistics, and BBE subscriber service statistics because of an update to the statistics database.

    [See Unified ISSU System Requirements.]

  • During an NSSU on an EX4300 Virtual Chassis, a traffic loop or loss might occur if the Junos OS software version that you are upgrading and the Junos OS software version that you are upgrading to use different internal message formats. PR1123764

MPLS

  • On QFX5100, QFX5110, QFX5200 switches with Layer 2 circuit configured on the PE switches, enabling VLAN bridge encapsulation on a CE interface drops packets if flexible Ethernet services and VLAN CCC encapsulation are configured on the same logical interface. You can configure only one encapsulation type on a particular logical interface, for example, use either set interfaces xe-0/0/18 encapsulation flexible-ethernet-services or set interfaces xe-0/0/18 encapsulation vlan-ccc. PR1329451

Layer 2 Features

  • On QFX5100 Virtual Chassis interfaces on which flexible VLAN tagging has been enabled, STP, RSTP, MSTP, and VSTP protocols are not supported. PR1075230

  • After you delete and re-add 1000 LAG interfaces, trafic drops might be seen for some time even though all LAG interfaces comes up. PR1289546

Routing Protocols

  • During a graceful Routing Engine switchover (GRES) on QFX10000 switches, some IPv6 groups might experience momentary traffic loss. This issue occurs when IPv6 traffic is running with multiple paths to the source, and the join-load-balance statement for PIM is also configured. PR1208583

  • On QFX10000 switches, the outbound firewall filter on aggregated Ethernet to block micro-BFD packets (destination port 6784) does not work. In this case, the micro-BFD sessions continue to stay up although, the inbound firewall filter to block micro-BFD packets works fine. PR1248504

Virtual Chassis

  • If a QFX5100 switch running Junos OS Release 17.2R1 or later is in the same Virtual Chassis or Virtual Chassis Fabric (VCF) as a Juniper Networks device that does not support Virtual Extensible LAN (VXLAN) for example, an EX4300 switch, then the Junos OS CLI of the EX4300 switch supersedes the Junos OS CLI of the QFX5100. As a result, the vxlan configuration statement at the [edit vlans vlan-name] hierarchy level does not appear. PR1176054

Known Issues

This section lists the known issues in hardware and software for the QFX Series switches in Junos OS Release 17.2R3.

General Routing

  • While SSH is used to log in to a VNF, the following error message appears Unrecognized command is seen. This error has no impact on the functionality. PR1108785

  • After sending leave and rejoin, in a few seconds Layer 3 multicast traffic might not converge up to 100 percent and a certain amount of traffic drops might be seen continuously. This behavior is observed when you scale beyond 2000 VLANs or 2000 IRBs with VLAN replication in the system. PR1135045

  • While scaling beyond 2000 VLANs or 2000 IRBs, Layer 3 multicast traffic does not converge to 100 percentage and continuous drops are observed after the downstream interface is brought down or brought up or while an FPC comes online after a FPC restart. PR1161485

  • When per-packet load balancing is removed or deleted, the next-hop index might change. PR1198092

  • An ICCP session is maintained by multihop BFD (non-distributed mode). The time interval for BFD keepalive messages is similar to that in the GRES configuration (for example, keepAlive = 8 seconds). PR1230576

  • On QFX10008 switches, the IPv6 packets or bytes counter shows higher values than the total packets or bytes of the interface if LAG child members belong to the same PE device. As a workaround, if you monitor IPv6 statistics over the LAG, choose LAG child members across all PE devices. PR1232388

  • On a QFX5110-48S switch, a Gigabit Ethernet interface goes down and comes back up once on a peer as part of a reboot. PR1237572

  • When displaying the unified forwarding table on QFX5200-VC, only the local member's table details are displayed. PR1243758

  • On the QFX10000 line of switches, sFlow monitoring technology output might display a negative number of samples after a long run. As a workaround, issue the clear sflow collector command to show or reset the count. PR1244080

  • On the QFX10000-12C-DWDM coherent line card, link flapping is sometimes experienced when MACsec is enabled on the Ethernet interfaces. PR1253703

  • The 50-Gigabit Ethernet(channelized from 100-Gigabit Ethernet) interfaces might not come up between QFX5200 switches running Junos OS Releases 17.2 and 15.1X53-D210.7 until the FEC is disabled on QFX5200 switches running Junos OS Release 17.2. PR1258524

  • The management process (daemon) might crash if the OpenConfig package is installed immediately or within minutes of Network Agent package installation. This is a transient issue and does not impact any functionality. There is no action needed from your side in response to the crash. As a workaround, install OpenConfig before installing Network Agent. PR1265815

  • For QFX10000 switches that do not support a discontiguous mask within the source address or the destination address of a firewall filter, when you commit a firewall filter with such a discontiguous mask prefix (for example, x.x.x.x/255.255.0.240), the commit is successful but the filter does not take effect (the firewall compilation returns an error because a discontiguous IP address mask is not supported and the filter is not programmed in hardware). PR1267498

  • On disabling interfaces with MPLS or LSP configuration, the PathErr message is not being received on link failure under show mpls container-lsp name. PR1275392

  • After the analytic configurations are committed and traffic is started, the analytic statistics might not work properly and might result in a core file being generated. PR1277030

  • The mgd process might panic after you modify the aggregated Ethernet interface members under the ethernet-switching vlan configuration statement. As a result of the panic, the remote session might be terminated. PR1325736

  • The QFX5200 and QFX10002 devices that have been shipped with Junos OS Releases 15.1X53-D21, 15.1X53-D30, 15.1X53-D31, 15.1X53-D32, 15.1X53-D33 and 15.1X53-D60 or have been upgraded to these releases using the .bin or .iso images might contain an unintended additional Open Network Install Environment (ONIE) partition. PR1335713

  • On QFX10000 switches, the syslog error messages might be seen after you configure multiple interfaces that include LAG Interfaces under the protocol sFlow. Example of error messages: Mar 13 12:04:24 host1 fpc0 expr_dfw_asic_action_update_sflow_sample_id:2578 dfw inst lookup failed IFD_EGRESS_IMPL_FILTER Mar 13 12:04:24 host1 fpc0 Sflow prds_sflow_add_sample_in_hw(442): Sample class (60): Implicit-filter binding set error Mar 13 12:04:24 host1 fpc0 Sflow prds_sflow_handle_int_event(927): Error(1000) while enabling sflow in hw for intf 560PR1346493

  • On QFX10000 switches in a DDoS scenario, incorrect DDoS counter values and syslog messages might be seen after a specific protocol statistics is manually cleared. PR1351212

  • On QFX5110, the FEC value for 100-gigabit optics is not being displayed when the expected behavior is for the FEC to be shown as NONE. On QFX10002-72Q , the FEC for 40-gigabit optics is being displayed as NONE when expected behavior is for the FEC not to be displayed. On QFX10008, the FEC for 40-gigabit optics is being displayed as NONE when the expected behavior is for the FEC not to be displayed. PR1360948

  • When MC-LAG is configured with Force-Up enabled on MC-LAG nodes, the value of the LACP admin key must not match with that of the access or customer-edge device. PR1362346

  • On QFX5000 switches, the tagged traffic is not passed through the untagged interface in the EVPN-VXLAN scenario if the ethernet-bridge configuration statement is configured. PR1366336

EVPN

  • In a EVPN-VXLAN scenario, a previously learned MAC address from a remote Ethernet segment Identifier (ESI) cannot be changed to local even if it is connected directly. The MAC address of the host might remain as learned from the ESI instead from the local interface until the MAC address is aged out. PR1303202

Interfaces and Chassis

  • On QFX5100 switches, with MAC and ARP configurations inside an interface address configuration, an error message that says an IRB interface and an aggregated Ethernet logical interface do not belong to the same routing instance might be displayed, even though they do belong to the same routing instance. PR1239191

Layer 2 Features

  • After deleting and re-adding 1000 LAG interfaces, the traffic drop is experienced for some time even though all LAG interfaces come up. PR1289546

Network Management and Monitoring

  • The default syslog level is LOG_NOTICE in the default configuration. The SNMP_TRAP_LINK_UP for the physical interface (IFD) was logged as LOG_INFO from day one. To help debug physical link up issues, SNMP_TRAP_LINK_UP events will be logged by default. PR1287244

Platform and Infrastructure

  • On all devices running Junos OS, the file copy command uses /var/home/<user> as a temporary staging directory for a non-root user, and uses /var/tmp for a root user. When you issue the file copy user@x.x.x.x:/dir/ /var/tmp/ to copy a file to the device, and if the file you are trying to transfer is larger than the size of the temporary staging directory, then the copy operation fails. PR1195599

  • Every load override and rollback operation increases the refcount by 1, and after it reaches the maximum value of 65,535, an mgd crash might be observed and the session might be terminated. When mgd crashes, the active lock might remain up, preventing any further commits. PR1313158

Routing Protocols

  • On the QFX10000 line of switches, traffic drop is seen with IS-IS version 6 traffic during convergence in either of the following two scenarios: 1) While bringing up the ports after bringing them down. 2. While the FPC comes online after an FPC restart. This behavior is seen when one of the IS-IS version 6 session flaps. PR1190180

  • On EX4300, EX4600, QFX5100, or QFX10000 switches, traffic drops might occur in MC-LAG configurations. This occurs when an interchassis data link (ICL) interface and then the MC-LAG interface are brought up. The traffic drop occurs because the ARP next-hop update is not recognized on the Packet Forwarding Engine. To recover the traffic path over the MC-LAG interfaces, issue the clear arp command. To avoid the issue, enable ICL interfaces and MC-LAG interfaces at the same time. PR1236201

Resolved Issues

This section lists the issues fixed in the Junos OS main release and the maintenance releases.

For the most complete and latest information about known Junos OS defects, use the Juniper online Junos Problem Report Search application.

Resolved Issues: 17.2R3

General Routing

  • On QFX5110 switches, dcpfe might generate core files after the applied lo0 FF term is changed in scaled conditions. PR1241733

  • The LAG interface input bytes counter continuously decrements when no packets come in. PR1266062

  • When the backup state configured for the static link protection mode is down, the primary port goes to the down state instead of the secondary port, and the secondary port remains in the up state. PR1276156

  • The show security macsec statistics command does not show the expected results. PR1283544

  • After upgrading the QFX5100 or the EX4600 switch to Junos OS Release 16.1 or later from Junos OS Release 15.1, the commit warning /boot/ffp.cookie+ might be seen. PR1283917

  • On QFX5100 switches, an aggregated Ethernet interface might flap upon commit if an explicit speed is configured on an aggregated Ethernet member interface. PR1284495

  • The BFD sessions might flap if BFD is configured over IRB interfaces. PR1284743

  • OVSDB and OpenFlow have some limitations on QFX5110, QFX5200, QFX10002, QFX10008, and QFX10016 switches running Junos OS Releases 17.1R1, 17.1R2, and 17.2R1. PR1288227

  • Protocols might flap when you disable the aggregated Ethernet member link. PR1289703

  • The storm-control flags are not set after a Routing Engine switchover. PR1290246

  • On QFX-5100, the fxpc process generates a core file. PR1294033

  • The 1-Gigabit Ethernet port on QFX10008 becomes unusable after inserting a third-party SFP-T optic. PR1294394

  • The received ARP reply packet, whose destination MAC address is the same as the MAC address of the IRB interface, might be flooded on the VLAN. PR1294530

  • The 40-Gigabit Ethernet interface might not come up if a specific vendor's DAC cable is used. PR1296011

  • The DHCP client is not working on the replacement build release. PR1296774

  • On QFX Series platforms, the connectivity of IPv4 might be lost if the logical interface (IFL) gl2d-property (eth) bit is set to 0. PR1297594

  • On QFX Series platforms with ZTP environment, the DHCP clients are not getting an IP address if the DHCP pool with the /31 subnet is configured. PR1298234

  • The dcpfe process might crash and restart on MC-LAG active and standby nodes when there is an ARP or NDP next-hop change. PR1299112

  • The disabled 10-Gigabit Ethernet interfaces might stay up on the QFX10000 line of switches. PR1300775

  • On QFX10008 or QFX10016 switches, a commit error is seen when mixed speed is configured. PR1301923

  • The rpd might crash when the vrf-propagate-ttl and no-vrf-propagate-ttl configuration statements are toggled. PR1302504

  • The sFlow records are missing the extendedType ROUTER fields as well as an outbound interface for traffic that is using the BGP multipath. PR1303236

  • If MPLS LSP self-ping is enabled (self-ping is enabled by default), the kernel might panic, and display an error message: Fatal trap 12: page fault while in kernel mode. PR1303798

  • Switches running 32-bit Junos OS might generate an rpd core file when traceoptions are enabled. PR1305440

  • Digital optical monitoring statistics cannot be received through the CLI in Junos OS Release 15.1X53 through Release 17.x. PR1305506

  • On QFX5200 switches, the new apply group is not being applied to the Virtual Chassis after a reboot. PR1305520

  • The QFX5100 switch crashes and the fxcp process generates an core file. PR1306768

  • Some error messages can be observed in a EVPN-VXLAN setup. PR1307014

  • The QSFP+4x10G-IR channelized interface is down between QFX5200 and PTX5000. PR1307400

  • The QFX5200 switch does not send out any frames. PR1308443

  • The runtime PPS statistics value might show zero for a subinterface of an aggregated Ethernet interface. PR1309485

  • Traffic loss might be seen if you send traffic through the 40-Gigabit Ethernet interface. PR1309613

  • Some log messages are seen on the QFX5110 platform when plugging in an SFP-SX. PR1311279

  • One of the aggregated Ethernet members does not send out sFlow sample packets. PR1311559

  • The FPC memory might be exhausted with Sheaf leak messages seen in the syslog. PR1311949

  • Traffic loss is observed while performing NSSU. PR1311977

  • A memory leak is seen for the dot1xd process. PR1313578

  • The AOC link between QFX5200 and its peer might stay down after the QFX5200 switch reboots. PR1314323

  • Certain IGMP join packets cannot be processed correctly at a high rate. PR1314382

  • Transit traffic over a GRE tunnel might hit the CPU and trigger a DDoS violation on the Layer 3 next hop. PR1315773

  • The Packet Forwarding Engine might crash after changing analyzer configuration, if the output includes a LAG interface. PR1316245

  • On an Layer 2 next-generation switch platform (EX4300/EX4600/EX9200/QFX5100/QFX10000), l2cpd might generate core files repeatedly if an interface is connected to a VoIP product with LLDP and LLDP-MED is enabled. PR1317114

  • After zeroizing, the QFX5100 switch treats the 40-gigabit AOC uplink as 4x10-gigabit breakout with auto-channelization enabled. PR1317872

  • Packets such as TDLS without the IP header are looped between virtual gateways. PR1318382

  • The optic interface transmits power even after it has been administratively shut down. PR1318997

  • Packets might be dropped for 4-60 seconds when the master Routing Engine is rebooted in a Virtual Chassis. PR1319146

  • The chassis MIB SNMP OIDs for VC-B member chassis are not available after MX Series Virtual Chassis undergoes unified ISSU. PR1320370

  • The FPCs go offline in some situations. PR1321198

  • The OpenFlow session cannot be established correctly with controller and interfaces options configured on QFX5100 switches. PR1323273

  • Update the new firmware versions for jfirmware package issues of 100G-PSM4 and 100G-AOC line cards. PR1323321

  • The VLAN or VLAN bridge might not be added or deleted if there is an IFBD HW token limit exhaustion. PR1325217

  • ARP request packets might not be flooded on QFX5110. PR1326022

  • Poor performance when clearing scaled DHCP relay bindings PR1326922

  • The major alarm Fan & PSU Airflow direction mismatch might be seen after the management cable is removed. PR1327561

  • In an multihoming EVPN-VXLAN scenario with Service Provider style interface, deleting one VXLAN might cause traffic to loop on another VXLAN . PR1327978

  • On QFX5100 series platforms, in some cases, CoS (class of Service) configuration is not properly applied in the Packet Forwarding Engine, leading to unexpected egress traffic drop on some interfaces.PR1329141

  • The etherStatsCRCAlignErrors counters might disappear in the SNMP tree. PR1329713

  • After a commit, members of the Virtual Chassis or VCF are split and some members might get disconnected.. PR1330132

  • After an IP move, the ARP table information is not in synchronization between the two spines. PR1330663

  • The rpd generates core files on the new backup Routing Engine at task_quit,task_terminate_timer_callback,task_timer_dispatch,task_scheduler after NSR and GRES are disabled. PR1330750

  • On QFX10002 switches, the out of HMC range and HMC READ failed error messages seen. PR1332251

  • The DHCPv6 SOLICIT message is dropped. PR1334680

  • The SNMP jnxBoxDescr OID returns different values when upgrading to Junos OS Release 17.2. PR1337798

  • The analyzer status might show as down when port mirroring is configured to mirror packets from an aggregated Ethernet member. PR1338564

  • The DDoS counters for OSPF might not increment. PR1339364

  • The l2ald generates core files at ../../../../../../src/junos/usr.sbin/l2ald/l2ald_vxlan_evpn.c:1603, when the host is moved between two multihomed interfaces. PR1339543

  • On QFX10000 switches, broadcast frames might be modified with the ethertype 0x8850. PR1343575

  • The fxpc process might generate a core file when you are removing the VXLAN configuration. PR1345231

  • The statistics process pfed might generate core files during an upgrade between certain releases. PR1346925

  • The QFX5100-48T 10-Gigabit Ethernet interface might be autonegotiated at 100 Mbps speed instead of 10 Gbps. PR1347144

  • On QFX5110-48S-4C switches , part numbers and serial numbers are not displayed for any of the 10-Gigabit optics/DAC connected. PR1347634

  • The 40-Gigabit Ethernet port on a QFX5100 has an interoperability issue with some other vendors. PR1349664

  • The pfed process might consume high CPU if subscriber or interface statistics are used at a large scale. PR1351203

  • The GTP traffic might not be hashed correctly for the aggregated Ethernet interface. PR1351518

  • On QFX5000 switches, ARP learning might fail after the interface MAC address is changed. PR1353241

  • The SFP-LX10 on QFX5110 might fail to connect with another device because it is not being able to negotiate the port speed. PR1353677

  • The major alarms might be seen when a QFX10000 switch is booting up. PR1354582

  • A commit error is observed if the device is downgraded from Junos OS Release 18.2 or Release 18.3 to Junos OS Release 17.3R3. PR1355542

  • On QFX5110 platforms, the transceiver needs to be reinserted after autonegotiation is enabled or disabled. PR1355746

  • Unable to create QFX5200 Virtual Chassis with 100-gigabit DACs. PR1360721

  • The VME interface might be unreachable after link flap of em0 on the master FPC. PR1362437

  • Traffic might not be forwarded when the member link of the aggregated Etherenet is added or deleted. PR1362653

  • The 1-Gigabit Ethernet interface might stop working when auto-negotiation is disabled by default. PR1362977

  • Traffic loss is observed when ISSU is performed with aggregated Ethernet interfaces configured with LACP. PR1365316

  • On QFX5110, QFX5200, and QFX10000 switches, the root password recovery process does not work. PR1365740

  • The chassisd might crash after the show chassis hardware CLI command is issued. PR1366746

  • On QFX Series switches, IS-IS adjacency with a Cisco device might go down. PR1368913

  • In certain routing topologies with sFlow configured, sampled packets might be duplicated and sFlow records are not sent to the collector. PR1370464

  • MAC refresh packets might not be sent out from the new primary link after an RTG failover. PR1372999

  • BOOTP packets might be dropped if BOOTP-support is not enabled at the global level. PR1373807

  • On QFX5100-48F-6Q, the Packet Forwarding Engine might display DISCARD next-hop for overlay-bgp-lo0-ip in a leave-spine topology. PR1380795

  • The master Virtual Chassis is copying /var/db/ovsdatabase to the backup every 10 seconds that causes a high write IO and shortens the SSD lifetime in an Open vSwitch Database (OVSDB) environment. PR1381888

  • The Packet Forwarding Engine might crash if the GRE destination IP address is resolved over another GRE tunnel. PR1382727

Class of Service (CoS)

  • For some of the frame sizes throughput is not 100 percent. PR1256671

  • Unable to filter packets with destination IP address as 224/4 and DST MAC = QFX_intf_mac on the loopback interface using a single match condition for source address 224.0.0.0/4. PR1354377

EVPN

  • Next-hop installation error messages are seen on the QFX10000 line of switches. PR1258930

  • The dynamic routing protocols might not work correctly over the IRB interface in an EVPN-VXLAN scenario with ECMP. PR1301521

  • The EVPN proxy ARP cannot work properly if system arp passive-learning is configured. PR1312672

  • A VXLAN traffic loss is observed after deleting and adding the VLANs.PR1318045

  • The remote ARP entry might cause an error in an EVPN-VXLAN Layer 3 gateway scenario with multihoming mode. PR1326691

  • The MAC movement between a remote VTEP and a local VTEP might cause traffic to be transmitted incorrectly in an EVPN-VXLAN scenario. PR1335431

  • The ARP entry might be deleted in a redundant Layer 3 gateway EVPN-VXLAN scenario after a IP address move happens. PR1336185

  • Configuring encapsulate-inner-vlan on the partial VXLANs might cause a traffic impact. PR1337953

High Availability (HA) and Resiliency

  • When igmp-snooping and bpdu-block-on-edge are enabled, the IP protocol multicast traffic sourced by the kernel, such OSPF and VRRP traffic, gets dropped at the Packet Forwarding Engine level. PR1301773

Interfaces and Chassis

  • Multicast data packets are looping in an MC-LAG scenario. PR1281646

  • There is an ARP reply drop in an MC-LAG scenario. PR1282349

  • Upgrading might encounter commit failure if redundancy-group-id-list is not configured under ICCP. PR1311009

  • Packets might be dropped on an ICL of MC-LAG peer where MC-LAG is up. PR1345316

  • If the CVLAN’s range is 16, then traffic might not pass through the 16 VLANs in a Q-in-Q scenario. PR1345994

  • The MC-LAG peer does not send the ARP request to the host. PR1360216

Layer 2 Features

  • The QFX10000 line of switches transmit packets that exceed the interface MTU. PR1306724

  • The bpdu-block-on-edge configuration does not work correctly when fast-tune is enabled PR1307440

  • On the QFX10000 line of switches, the NLB heartbeat packets might be dropped. PR1322183

  • The ARP entry might be learned on STP blocking ports. PR1324245

  • MAC learning might fail for the device on extended port of a satellite device after MAC move occurs in a Junos Fusion scenario. PR1324579

  • The DHCP Discover packets might be looped in an MC-LAG and DHCP-Relay scenario. PR1325425

  • On QFX5100, with multiple logical units configured on an interface, input-vlan-map POP does not remove the outer VLAN tag when Q-in-Q and VXLAN are involved. PR1331722

  • The operation of pushing a VLAN tag does not work for VXLAN local switching tunneled Q-in-Q traffic. PR1332346

  • The flexible-vlan-tagging and family ethernet-switching interface configurations do not work on QFX10000. PR1337311

  • Broadcast frames might be modified with the ethertype 0x8850. PR1343575

  • On random initialization of a QFX5100, the programming of storm control profile is missed within hardware on random interfaces. PR1354889

  • When native-vlan-id is configured, LACP packets are dropped after a reboot. PR1361054

  • Hashing does not work for the IPv6 packet encapsulated in a VXLAN scenario. PR1368258

  • When native-vlan-id is configured for aggregated Ethernet interfaces, the LACP session to multihomed server goes down. PR1369424

  • The DHCP discover packets might be dropped if VXLAN is configured. PR1377521

Layer 2 Ethernet Services

  • The jdhcpd process generates core files after DHCP configuration changes are made. PR1324800

Multiprotocol Label Switching (MPLS)

  • On QFX5100, unified ISSU is not supported with MPLS configuration. PR1264786

  • The DHCP clients cannot get IP addresses over a BGP Layer 3 VPN. PR1303442

  • The LSP stops transferring or passing traffic after an MPLS route is changed. PR1309058

  • The MPLS forwarding might not happen properly for some LSPs. PR1319379

  • The rpd might crash on the backup Routing Engine because of memory exhaustion. PR1328974

  • The hot standby for Layer 2 circuit does not work on QFX5100. PR1329720

  • The LSP might remain up even if no path is acceptable because of the CSPF failure. PR1365653

  • The NO-PROPAGATE-TTL flag acts on an MPLS swap operation. PR1366804

Platform and Infrastructure

  • Traffic loss might be observed for about 10 seconds if the master member FPC reboots. PR1283702

  • The dexp process might crash after the set system commit delta-export command is committed. PR1284788

  • An l2ald crash is seen while changing the configuration. PR1294075

  • The OSPFv3 authentication using IPsec SA does not work if you are using IPsec to authenticate OSPFv3 neighbors on some QFX Series platforms. PR1301428

  • The directories and files under /var/db/scripts lose execution permission or the jet directory is missing under /var/db/scripts, causing the error: Invalid directory: No such file or directory error during the commit. PR1328570

  • Traffic is silently discarded with indirect next hop and load balancing. PR1376057

Routing Policy and Firewall Filters

  • The rpd might crash if vrf-target auto is configured under routing-instance. PR1301721

Routing Protocols

  • On the QFX10000 line of switches, filter-based forwarding (FBF) with the next-ip, next-ip6, and next-interface configurations is not working. PR1289642

  • In a data center environment with EVPN-VXLAN and proxy MAC plus IP advertisement enabled on a Layer 3 gateway, the state for some MACs might be lost during MAC moves. PR1291118

  • The IPv6 multicast traffic drop occurs in a PIM SSM scenario. PR1292519

  • The dcpfe process might crash after a period of idle time on QFX10000 switches. PR1294055

  • The mcsnoopd generates a core file at __raise,abort,__task_quit__,task_quit,task_terminate_timer_callback,task_timer_dispatch,task_scheduler_internal (enable_slip_detector=true, no_exit=true) at ../../../../../../src/junos/lib/libjtask/base/task_scheduler.c:275. PR1305239

  • On QFX5100 switches, the Packet Forwarding Engine is unable to delete the next-hop HW token for reject route, leading the brcm_nh_l3_hw_install (-6 Table full) error. PR1307009

  • Packet drop is seen when programming for GRE traffic. PR1308438

  • Some of the IPv4 multicast routes in the Packet Forwarding Engine might fail to install and update. PR1320723

  • IS-IS Layer 2 hello packets are dropped when they come from a Brocade device. PR1325436

  • The looped back IRB interface is not accessible to the remote network. PR1333019

  • Loopback filter does not work on QFX5100 and DFW errors are seen in the logs. PR1336137

  • On QFX5100 switches, parity errors in the Layer 3 IPv4 table in the Packet Forwarding Engine memory might cause traffic to be discarded silently. PR1364657

Software Installation and Upgrade

  • Commit might fail in single-user mode. PR1368986

Resolved Issues: 17.2R2

Class of Service (CoS)

  • On QFX5100, EX4300, or EX4600, traffic might be dropped when there is more than one forwarding class under the [forwarding-class-sets] hierarchy. PR1255077

  • Storm control might not be programmed correctly in the Packet Forwarding Engine if it is applied with a port-speed configuration in a single commit. PR1255562

Dynamic Host Configuration Protocol (DHCP)

  • DHCP reply packets are not relayed by the DHCP relay when there is a GRE tunnel. PR1198982

EVPNs

  • Route target per bridge domain for EVPN is not supported. PR1244956

General Routing

  • QFX100002 and QFX5110 generated an L2ALD core file for an unknown reason at: l2ald_mac_process_update_fwd_entry_mask , l2ald_mclag_update_change_for_learn_mask , logging , vlogging , vlogging_event. PR1264432

  • The jdhcpd process might crash and DHCP does not work if scaling prefixes are configured under the [policy-options prefix-list *] hierarchy. PR1272646

  • The l2ald memory might leak for every IPv6 ND message it receives from peer MC-LAG and it is not freeing the memory allocated. PR1277203

  • Multicast Listener Discovery (MLD) messages are seen continuously on QFX switches if the management ports are connected through a network. PR1277618

  • Analytics json data format reporting incorrect value for 'rxbps' counter. PR1285434

  • OVSDB and Openflow are caveated for QFX 5110, 5200, 10002, 10008, 10016 platforms in Junos OS Release 17.1R1, 17.1R2, and 17.2R1. PR1288227

  • DCPFE might crash and restart on MC-LAG active and standby node when ARP/NDP next-hop change. PR1299112

Hardware

  • ULC-60S-6Q LC on QFX10008: the port becomes unusable after inserting non Juniper SFP-T optic. PR1294394

Infrastructure

  • On QFX10000 switches, match "pps"} O/P is not returning any values and sometimes it is completely stuck. PR1250328

  • Disabled 10G interfaces might stay up on QFX10000 switches. PR1300775

Interfaces and Chassis

  • The traffic might be dropped in some rare conditions. PR1241297

  • FPC Major Alarm might be seen with error messages "DLU: ilp memory cache error" & "DLU: ilp prot1 detected_imem_even error". PR1251154

  • QFX5110: MC-LAG VRRP: Multicast traffic is not forwarded to MC-ae interface after deactivating and reactivating that interface. PR1257586

  • Interfaces do not come up randomly after a line card rebooted. PR1262839

  • Description for 40G-AOC cable in show chassis hardware shows UNKNOWN. PR1269018

  • The 40G interface might flap between QFX5100 and other product. PR1273861

  • QFX10000: Observed ot- link flap whenever an optics tca alarm is raised, but there is no loss of service and no traffic loss observed. PR1279351

  • MAC pause frames might increase when SXE interfaces are erroneously configured. PR1281123

  • Traffic might not be received on a 1G interface if autonegotiation is disabled and speed/duplex is configured on QFX and peer end. PR1292275

  • High heap memory utilization might be seen if multiple SFP-T optics are inserted or set interface <> link-mode full-duplex is enabled. PR1294208

Junos Fusion Provider Edge

  • In a dual access device scenario, when you disable a cascade port, the extended port physical interfaces are marked as being down. PR1232924

Junos Fusion Satellite Software

  • Native VLAN on an aggregated Ethernet interface terminated on multiple satellite devices. PR1305698

Layer 2 Features

  • Action-shutdown in storm-control does not bring physical interface down. PR1240845

  • Packets are getting dropped if outer TPID is set with 0x9100. PR1267178

Multiprotocol Label Switching (MPLS)

  • Resolving static LSPs next hops. PR1259238

  • QFX5110 MPLS: dcpfe core noticed during the MPLS ingress and egress scale tests. PR1263201

Platform and Infrastructure

  • Dropping the TCP RST packet incorrectly on PFE might cause traffic drop. PR1269202

Routing Protocols

  • After running restart routing in the master Routing Engine, the PIM join states of VXLAN multicast groups in the backup Routing Engine are not in sync with the master Routing Engine. PR1255480

  • BGP session failed to establish over IPv6 link-local address. PR1267565

  • IPv4 traffic drops when changing the member interface of the LAG. PR1270011

  • The fxpc process might crash and restart when the fxpc process tries to access already freed up memory. PR1271825

  • GRE tunnel traffic doesn't switch over to the alternate path if the primary path to tunnel destination changes. PR1287249

  • UDP traffic with destination port 520 and 521 is discarded on QFX5110 switches after a Junos OS upgrade. PR1287271

Software Installation and Upgrade

  • When upgrading from 15.1X53-D62 to 17.1R1 or 17.2R1, protocols evpn vni-options vni vrf-target configuration is missing and customer needs to add the missing configuration. PR1243105

Virtual Chassis

  • When you add a QFX5100 switch to the VCF, the following error message is seen: ?ch__map_alarm_id alarm ignored: object 0x7e reason?. PR1234780

  • VCF - NSSU : the next member/group begin to reboot before the previous one ready caused service down PR1272240

VLAN Infrastructure

  • VLAN association is not being updated in the Ethernet switching table when the device is configured in single supplicant mode. PR1283880

Resolved Issues: 17.2R1

General Routing

  • DHCP Reply packets are not relayed by the DHCP Relay when there is a GRE tunnel. PR1198982

  • On QFX10008 and QFX10016-60x10G ULC 1G mode is not supported in Junos OS Release 17.1R1. PR1239091

  • sFlow might show a negative count for a number of samples after a long run. PR1244080

  • On QFX5100, show interface incorrectly displays an interface as 'Link-mode: Auto Speed: Auto' even though the interface is configured for, and up at, 100M/Full. PR1260986

  • On QFX5200, the error log ifd ifd-number; does not exist might appear during an SNMP query and the SNMP query might be delayed. PR1263794

  • QFX5100 VCF: Removing force-up causes return-traffic to be dropped by leaf (to spine). PR1264650

  • Description for 40G-AOC cable in show chassis hardware shows UNKNOWN. PR1269018

Layer 2 Features

  • If RTG and VSTP are configured on the same VLAN, communication doesn't work over RTG interfaces. PR1230750

  • On QFX10000 Series switches, in a multichassis link aggregation (MC-LAG) scenario, single-homed link (S-Link) MAC might not be learned before the MAC timeout on remote MC-LAG peer. PR1260316

  • Flexible tagged LAG interface might go down when configuring native VLAN. PR1262529

  • The QFX5100, QFX5110, and QFX5200 switches do not transfer BPDU packets though xSTP is disabled. PR1262847

Routing Protocols

  • VCF does not forward BUM after fabric-tree-root is configured. PR1257984

  • IPv4 traffic drops when changing the member interface of the LAG. PR1270011

Documentation Updates

There are no documentation errata or changes for the QFX Series switches in Junos OS Release 17.2R3.

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network.

Upgrading Software on QFX Series Switches

When upgrading or downgrading Junos OS, always use the jinstall package. Use other packages (such as the jbundle package) only when so instructed by a Juniper Networks support representative. For information about the contents of the jinstall package and details of the installation process, see the Junos OS Installation and Upgrade Guide and Junos OS Basics in the QFX Series documentation.

If you are not familiar with the download and installation process, follow these steps:

  1. In a browser, go to https://www.juniper.net/support/downloads/junos.html

    The Junos Platforms Download Software page appears.

  2. In the QFX Series section of the Junos Platforms Download Software page, select the QFX Series platform for which you want to download the software.
  3. Select 17.2 in the Release pull-down list to the right of the Software tab on the Download Software page.
  4. In the Install Package section of the Software tab, select the QFX Series Install Package for the 17.2 release.

    An Alert box appears.

  5. In the Alert box, click the link to the PSN document for details about the software, and click the link to download it.

    A login screen appears.

  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.
  7. Download the software to a local host.
  8. Copy the software to the device or to your internal software distribution site.
  9. Install the new jinstall package on the device.Note

    We recommend that you upgrade all software packages out of band using the console, because in-band connections are lost during the upgrade process.

    Customers in the United States and Canada use the following command:

    user@host> request system software add source/jinstall-host-qfx-5-17.2R3.n-signed.tgz reboot

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the switch.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname (available only for Canada and U.S. version)

    Adding the reboot command reboots the switch after the upgrade is installed. When the reboot is complete, the switch displays the login prompt. The loading process can take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note

After you install a Junos OS Release 17.2 jinstall package, you can issue the request system software rollback command to return to the previously installed software.

Installing the Software on QFX10002 Switches

Note

If you are upgrading from a version of software that does not have the FreeBSD 10 kernel (15.1X53-D30, for example), you will need to upgrade from Junos OS Release 15.1X53-D30 to Junos OS Release 15.1X53-D43. After you have installed Junos OS Release 15.1X53-D32, you can upgrade to Junos OS Release 15.1X53-D43 or Junos OS Release 17.2R1.

Note

On the switch, use the force-host option to force-install the latest version of the Host OS. However, by default, if the Host OS version is not compatible from the one that is already installed on the switch, the latest version is installed without using the force-host option.

If the installation package resides locally on the switch, execute the request system software add <pathname><source> reboot command.

For example:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-17.2R3.n-secure-signed.tgz reboot

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> reboot command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-17.2R3.n-secure-signed.tgz reboot

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Upgrading Software from Junos OS Release 15.1X53-D3X to Junos OS Release 15.1X53-D60, 15.1X53-D61.7, 15.1X53-D62, and 15.1X53-D63 on QFX10008 and QFX10016 Switches

Note

Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://www.juniper.net/support.

The switch contains two Routing Engines, so you will need to install the software on each Routing Engine (re0 and re1).

If the installation package resides locally on the switch, execute the request system software add <pathname><source> command.

To install the software on re0:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re0

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re0 command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re0

To install the software on re1:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re1

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re1 command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re1

Reboot both Routing Engines.

For example:

user@switch> request system reboot both-routing-engines

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Installing the Software on QFX10008 and QFX10016 Switches

Because the switch has two Routing Engines, perform a Junos OS installation on each Routing Engine separately to avoid disrupting network operation.

Note

Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://www.juniper.net/support.

Warning

If graceful Routing Engine switchover (GRES), nonstop bridging (NSB), or nonstop active routing (NSR) is enabled when you initiate a software installation, the software does not install properly. Make sure you issue the CLI delete chassis redundancy command when prompted. If GRES is enabled, it will be removed with the redundancy command. By default, NSR is disabled. If NSR is enabled, remove the nonstop-routing statement from the [edit routing-options] hierarchy level to disable it.

  1. Log in to the master Routing Engine’s console.

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  2. From the command line, enter configuration mode:

    user@switch> configure
  3. Disable Routing Engine redundancy:

    user@switch# delete chassis redundancy
  4. Disable nonstop-bridging:

    user@switch# delete protocols layer2-control nonstop-bridging
  5. Save the configuration change on both Routing Engines:

    user@switch# commit synchronize
  6. Exit the CLI configuration mode:

    user@switch# exit

    After the switch has been prepared, you first install the new Junos OS release on the backup Routing Engine, while keeping the currently running software version on the master Routing Engine. This enables the master Routing Engine to continue operations, minimizing disruption to your network.

    After making sure that the new software version is running correctly on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the software version on the other Routing Engine.

  7. Log in to the console port on the other Routing Engine (currently the backup).

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  8. Install the new software package using the request system software add command:

    user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-17.2R3.n-secure-signed.tgz

    For more information about the request system software add command, see the CLI Explorer.

  9. Reboot the switch to start the new software using the request system reboot command:

    user@switch> request system reboot
    Note

    You must reboot the switch to load the new installation of Junos OS on the switch.

    To abort the installation, do not reboot your switch. Instead, finish the installation and then issue the request system software delete <package-name> command. This is your last chance to stop the installation.

    All the software is loaded when you reboot the switch. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.

    While the software is being upgraded, the Routing Engine on which you are performing the installation is not sending traffic.

  10. Log in and issue the show version command to verify the version of the software installed.

    user@switch> show version

    Once the software is installed on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the master Routing Engine software.

  11. Log in to the master Routing Engine console port.

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  12. Transfer routing control to the backup Routing Engine:

    user@switch> request chassis routing-engine master switch

    For more information about the request chassis routing-engine master command, see the CLI Explorer.

  13. Verify that the backup Routing Engine (slot 1) is the master Routing Engine:

    user@switch> show chassis routing-engine
  14. Install the new software package using the request system software add command:

    user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-17.2R3.n-secure-signed.tgz

    For more information about the request system software add command, see the CLI Explorer.

  15. Reboot the Routing Engine using the request system reboot command:

    user@switch> request system reboot
    Note

    You must reboot to load the new installation of Junos OS on the switch.

    To abort the installation, do not reboot your system. Instead, finish the installation and then issue the request system software delete jinstall <package-name> command. This is your last chance to stop the installation.

    The software is loaded when you reboot the system. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.

    While the software is being upgraded, the Routing Engine on which you are performing the installation does not send traffic.

  16. Log in and issue the show version command to verify the version of the software installed.

  17. Transfer routing control back to the master Routing Engine:

    user@switch> request chassis routing-engine master switch

    For more information about the request chassis routing-engine master command, see the CLI Explorer.

  18. Verify that the master Routing Engine (slot 0) is indeed the master Routing Engine:

    user@switch> show chassis routing-engine

Performing a Unified ISSU

You can use unified ISSU to upgrade the software running on the switch with minimal traffic disruption during the upgrade.

Note

Unified ISSU is supported in Junos OS Release 13.2X51-D15 and later.

Perform the following tasks:

Preparing the Switch for Software Installation

Before you begin software installation using unified ISSU:

  • Ensure that nonstop active routing (NSR), nonstop bridging (NSB), and graceful Routing Engine switchover (GRES) are enabled. NSB and GRES enable NSB-supported Layer 2 protocols to synchronize protocol information between the master and backup Routing Engines.

    To verify that nonstop active routing is enabled:

    Note

    If nonstop active routing is enabled, then graceful Routing Engine switchover is enabled.

    If nonstop active routing is not enabled (Stateful Replication is Disabled), see Configuring Nonstop Active Routing on Switches for information about how to enable it.

  • Enable nonstop bridging (NSB). See Configuring Nonstop Bridging on Switches (CLI Procedure) for information on how to enable it.

Upgrading the Software Using Unified ISSU

This procedure describes how to upgrade the software running on a standalone switch.

To upgrade the switch using unified ISSU:

  1. Download the software package by following the procedure in the Downloading Software Files with a Browser section in Installing Software Packages on QFX Series Devices.

  2. Copy the software package or packages to the switch. We recommend that you copy the file to the /var/tmp directory.

  3. Log in to the console connection. Using a console connection allows you to monitor the progress of the upgrade.

  4. Start the ISSU:

    • On the switch, enter:

      where package-name.tgz is, for example, jinstall-132_x51_vjunos.domestic.tgz.

    Note

    During the upgrade, you cannot access the Junos OS CLI.

    The switch displays status messages similar to the following messages as the upgrade executes:

    Note

    A unified ISSU might stop, instead of abort, if the FPC is at the warm boot stage. Also, any links that go down and up will not be detected during a warm boot of the Packet Forwarding Engine (PFE).

    Note

    If the unified ISSU process stops, you can look at the log files to diagnose the problem. The log files are located at /var/log/vjunos-log.tgz.

  5. Log in after the reboot of the switch completes. To verify that the software has been upgraded, enter the following command:

  6. Ensure that the resilient dual-root partitions feature operates correctly by copying the new Junos OS image into the alternate root partitions of all of the switches:

    Resilient dual-root partitions allow the switch to boot transparently from the alternate root partition if the system fails to boot from the primary root partition.

Product Compatibility

Hardware Compatibility

To obtain information about the components that are supported on the devices, and the special compatibility guidelines with the release, see the Hardware Guide for the product.

To determine the features supported on QFX Series switches in this release, use the Juniper Networks Feature Explorer, a Web-based application that helps you to explore and compare Junos OS feature information to find the right software release and hardware platform for your network. Find Feature Explorer at https://pathfinder.juniper.net/feature-explorer/.

Hardware Compatibility Tool

For a hardware compatibility matrix for optical interfaces and transceivers supported across all platforms, see the Hardware Compatibility tool.