Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for EX Series Switches

 

These release notes accompany Junos OS Release 17.3R3 for the EX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

New and Changed Features

This section describes the new features and enhancements to existing features in the Junos OS main release and the maintenance releases for EX Series.

Note

The following EX Series switches are supported in Junos OS Release 17.3R3: EX4300, EX4600, and EX9200.

Note

In Junos OS Release 17.3R3, J-Web is supported on the EX4300 and EX4600 switches in both standalone and Virtual Chassis setup.

The J-Web distribution model being used provides two packages:

  • Platform package—Installed as part of Junos OS; provides basic functionalities of J-Web.

  • Application package—Optionally installable package; provides complete functionalities of J-Web.

For details about the J-Web distribution model, see Release Notes: J-Web Application Package Release 17.3A1 for EX4300 and EX4600 Switches.

Release 17.3R3 New and Changed Features

Restoration Procedures and Failure Handling

  • Device recovery mode introduced in Junos OS with upgraded FreeBSD (EX Series)—Starting in Junos OS Release 17.3R3, for devices running Junos OS with upgraded FreeBSD, there is an automatic device recovery mode that goes into action should the system go into amnesiac mode provided you have saved a rescue configuration on the device. This process enables the system to automatically reboot with the saved rescue configuration. The system displays a banner "Device is in recovery mode” in the CLI in both operational and configuration modes. Previously, there was no automatic process to recover from amnesiac mode. A user with load and commit permission had to log in using the console and fix the issue in the configuration before the system would reboot.

    [See Saving a Rescue Configuration File.]

Release 17.3R2 New and Changed Features

There are no new features or enhancements to existing features for EX Series in Junos OS Release 17.3R2.

Release 17.3R1 New and Changed Features

Authentication, Authorization, and Accounting (AAA) (RADIUS)

  • Access control and authentication (EX4600 switches)—Starting with Junos OS Release 17.3R1, EX4600 switches support controlling access to your network using 802.1X authentication and MAC RADIUS authentication.

    • 802.1X authentication provides port-based network access control (PNAC) as defined in the IEEE 802.1X standard. QFX5100 switches support 802.1X features including guest VLAN, private VLAN, server fail fallback, dynamic changes to a user session, RADIUS accounting, and configuration of port-filtering attributes on the RADIUS server using VSAs. You configure 802.1X authentication at the [edit protocols dot1x] hierarchy level.

    • MAC RADIUS authentication is used to authentice end devices independently of whether they are enabled for 802.1X authentication. You can permit end devices that are not 802.1X-enabled to access the LAN by configuring MAC RADIUS authentication on the switch interfaces to which the end devices are connected. You configure MAC RADIUS authentication at the [edit protocols dot1x authenticator interface interface-name mac-radius] hierarchy level.

  • IPv6 for RADIUS AAA (EX4300 and EX9200)—Starting in Junos OS Release 17.3R1, EX4300 and EX9200 switches support IPv6 for user authentication, authorization, and accounting (AAA) using RADIUS servers, in addition to the existing IPv4 support. You can specify which source address Junos OS uses to contact an external RADIUS server. To configure an IPv6 source address for RADIUS authentication, include the source-address statement at the [edit system radius-server server-address] hierarchy level. To configure an IPv6 source address for RADIUS accounting, include the source-address statement at the [edit system accounting destination radius server server-address] hierarchy level.

    Note

    If an IPv6 RADIUS server is configured without any source-address, default ::0 is considered to be the source address.

    [See source-address.]

  • Port bounce with CoA requests and framed-IPv6-address RADIUS attribute for AAA (EX4300 and EX9200)—Starting in Junos OS Release 17.3R1, the port bounce feature is supported on EX4300 and EX9200 switches. Change of Authorization (CoA) requests are RADIUS messages sent from the authentication, authorization, and accounting (AAA) server to the switch. They are typically used to dynamically change the VLAN for the host based on device profiling. End devices such as printers do not have a mechanism to detect the VLAN change, so they do not renew the lease for their DHCP address in the new VLAN. The port bounce feature is used to force the end device to initiate DHCP re-negotiation by causing a link flap on the authenticated port. There is no configuration required to enable the port bounce feature. Framed-IPv6-Address is an additional RADIUS attribute to support clients with an IPv6 address. The attribute is included in the Access-Request message sent from the client to the AAA server.

    [See Understanding RADIUS-Initiated Changes to an Authorized User Session and Understanding 802.1X and RADIUS Accounting on Switches.]

EVPNs

  • EVPN type-5 route support (EX9200)—Starting with Junos OS Release 17.3R1, you can configure type-5 routing in an Ethernet VPN (EVPN) environment. Type-5 routing, which advertises IP prefixes through EVPN, is used when the Layer 2 domain does not exist at the remote data centers or metro network peering points.

    On EX9200 switches, two models are supported:

    • Pure type-5 route without an overlay next hop and type-2 route (MPLS encapsulation only)

    • Type-5 route with a gateway IRB interface as an overlay next hop and type-2 route (MPLS and VXLAN encapsulation)

    To enable pure type-5 routing, include the ip-prefix-routes advertise direct-nexthop statement at the [edit routing-instances routing-instance-name protocols evpn] hierarchy level. To enable type-5 routing with a gateway IRB interface, include the ip-prefix-routes advertise gateway-address statement at the [edit routing-instances routing-instance-name protocols evpn] hierarchy level. Specify a gateway IRB interface by including the gateway-interface irb-interface-name statement at the [edit routing-instances routing-instance-name protocols evpn ip-prefix-routes] hierarchy level.

    [See ip-prefix-routes.]

  • IPv6 support over IRB interfaces for EVPN (EX9200 switches)—Starting in Junos OS Release 17.3R1, the Ethernet VPN (EVPN) integrated routing and bridging (IRB) solution supports IPv6 and the Neighborhood Discovery Protocol (NDP). NDP is used by IPv6 nodes on the same link to discover each other's presence, determine each other's Link Layer addresses, find routers, and maintain reachability information about the paths to active neighbors. IPv6 addresses over IRB for EVPN is supported for unique VLAN EVPN instances and for virtual switches with protocol EVPN instances.

    [See EVPN with IRB Solution Overview.]

  • EVPN multihoming with ESI per logical interface (EX9200)—In releases before Junos OS Release 17.3R1, for EX9200 switches, you can configure an Ethernet segment identifier (ESI) only on a physical or aggregated Ethernet interface. In an EVPN-MPLS topology where a customer edge (CE) device is multihomed in active-standby or active-active mode to multiple provider edge (PE) devices, if a physical or aggregated Ethernet interface on an EX9200 switch is considered a non-designated forwarder (DF), the logical interfaces configured on the physical or aggregated Ethernet interface cannot be used for other services. Starting with Junos OS Release 17.3R1 for EX9200 switches, you can now configure an ESI on a logical interface. As a result, even if a logical interface is a non-DF, other logical interfaces on the same physical or aggregated Ethernet interface can still be used for other services.

    [See Example: Configuring an ESI on a Logical Interface for EVPN Multihoming.]

  • Layer 3 VXLAN gateway in EVPN-VXLAN topology with a two-layer IP fabric (EX9200)—Starting with Junos OS Release 17.3R1, EX9200 switches can function as a Layer 3 VXLAN gateway, or spine device, in an EVPN-VXLAN topology with a two-layer IP fabric. In this role, the EX9200 switch uses integrated routing and bridging (IRB) interfaces to route traffic between hosts in different virtual networks (VNs) created by the Contrail virtualization software. When physical (bare-metal) servers in one VN need to communicate with other physical servers or virtual machines (VMs) in another VN, you can also configure an IRB interface as a default Layer 3 gateway that handles the inter-VN traffic for physical servers. In an EVPN-VXLAN topology where a provider edge (PE) device such as a Layer 2 VXLAN gateway or a Contrail vRouter is multihomed in active-active mode to two Layer 3 VXLAN gateways, you can configure redundant default gateways on the Layer 3 VXLAN gateways.

    [See Understanding EVPN with VXLAN Data Plane Encapsulation.]

Layer 2 Features

  • IRB in PVLAN (EX4600)—Starting with Junos OS Release 17.3R1, you can configure an IRB interface in a private VLAN (PVLAN) so that devices in the community and isolated VLANs can communicate with each other and with devices outside the PVLAN at Layer 3 without requiring you to install a router.

    [See Example: Configuring a Private VLAN Spanning Multiple Switches with an IRB Interface.]

  • PVLAN and Q-in-Q configurations co-exist on a physical interface (EX4600)—Starting with Junos OS Release 17.3R1, a private VLAN (PVLAN) configuration and a Q-in-Q tunneling configuration can co-exist on the same Ethernet port. Q-in-Q requires a service provider configuration method, and PVLAN requires an enterprise configuration method. To enable both configurations to exist on the same physical interface, you must configure flexible Ethernet services to support dual methods of configuring logical interfaces.

    [See Understanding Flexible Ethernet Services Encapsulation on Switches.]

  • L2PT support for tunneling additional protocols (EX9200)—Starting with Junos OS Release 17.3R1, you can configure Layer 2 protocol tunneling (L2PT) for the following new protocols on EX9200 switches: E-LMI, GVRP, IEEE 802.1X, IEEE802.3AH, LACP, LLDP, MMRP, MVRP, and UDLD.

    [See Layer 2 Protocol Tunneling.]

  • L2PT support for tunneling additional protocols (EX4300)—Starting with Junos OS Release 17.3R1, you can configure Layer 2 protocol tunneling (L2PT) for the following new protocols on EX4300 switches: E-LMI, IEEE 802.1X, MMRP, and UDLD.

    [See Layer 2 Protocol Tunneling.]

Layer 3 Features

  • Port-based LAN broadcast traffic forwarding (port helpers) for multiple destination servers (EX9200)—Starting in Junos OS Release 17.3R1, you can configure port helpers on EX9200 switches with multiple destination servers for a given port. Port helpers listen on configured UDP ports for incoming LAN broadcast traffic, and forward those packets to configured destination servers as unicast traffic. Configure port helpers to listen on a port and forward the traffic to a specified server using the forwarding-options helpers port port-number configuration statement with one of the following options:

    • Global—Specify only server server-ip-address to listen on any interface for the configured port.

    • VLAN-specific—Specify interface irb-interface-name server server-ip-address to listen only on a specified IRB interface.

    • Interface-specific—Specify interface l3-interface-name server server-ip-address to listen only on a specified Layer 3 interface.

    [See Configuring Port-based LAN Broadcast Packet Forwarding.]

Management

  • Support for the Junos Telemetry Interface (EX9200 switches)—Starting with Junos OS Release 17.3R1, the Junos Telemetry Interface is supported on EX9200 switches. Both UDP and gRPC streaming of statistics are supported. Junos Telemetry Interface enables you to provision sensors to export telemetry data for various network elements without involving polling. The following sensors are supported on EX9200 switches:

    • Aggregated Ethernet interfaces configured with the Link Aggregation Control Protocol (gRPC streaming only)

    • Ethernet interfaces enabled with the Link Layer Discovery Protocol (gRPC streaming only)

    • RSVP interface events (gRPC streaming only)

    • BGP peers (gRPC streaming only)

    • Memory utilization for routing protocol tasks (gRPC streaming only)

    • LSP events and properties (gRPC streaming only)

    • LSP statistics (UDP and gRPC streaming)

    • Network Discovery Protocol table state (gRPC streaming only)

    • Address Resolution Protocol table state (gRPC streaming only)

    • IPFIX inline flow sampling (UDP streaming only)

    • Queue depth statistics for ingress and egress queue traffic (UDP streaming only)

    • Logical interfaces (UDP and gRPC streaming)

    • Firewall filter statistics (UDP and gRPC streaming)

    • Optical interfaces (UDP and gRPC streaming)

    • Network processing unit (NPU) memory (UDP and gRPC streaming)

    • NPU memory utilization (UDP and gRPC streaming)

    • CPU memory (UDP and gRPC streaming)

    • Fabric statistics (UDP streaming only)

    • Physical interfaces (UDP and gRPC streaming)

    • Chassis components (gRPC streaming only)

    To provision sensors to stream data through UDP, all parameters are configured at the [edit services analytics] hierarchy level. To provision sensors to stream data through gRPC, use the telemetrySubscribe RPC to specify telemetry parameters for a specified list of OpenConfig command paths. Because EX9200 switches run a version Junos OS with an upgraded FreeBSD kernel, you must download the Junos Network Agent software package, which provides the interfaces to manage gRPC subscriptions. Streaming telemetry data through gRPC also requires you to download the OpenConfig for Junos OS module and YANG models.

    [See Overview of the Junos Telemetry Interface.]

  • Support for the Junos Telemetry Interface (EX4600 switches)—Starting with Junos OS Release 17.3R1, you can provision sensors through the Junos Telemetry Interface to export telemetry data for various network elements without involving polling on EX4600 switches. Only gRPC streaming of statistics is supported on EX4600 switches. UDP streaming is not supported.

    The following sensors are supported:

    • BGP peers

    • RSVP interface events

    • Memory utilization for routing protocol tasks

    • Label-switched-path events and properties

    • Ethernet interfaces enabled with the Link Layer Discovery Protocol

    To provision sensors to stream data through gRPC, use the telemetrySubscribe RPC to specify telemetry parameters for a specified list of OpenConfig commands paths. You must download the Junos Network Agent software package, which provides the interfaces to manage gRPC subscriptions. Streaming telemetry data through gRPC also requires you to download the OpenConfig for Junos OS module and YANG models.

    [See Overview of the Junos Telemetry Interface.]

  • Support for Two-Way Active Measurement Protocol (TWAMP) (EX4300 Switches)—Starting in Junos OS Release 17.3R1, you can measure network performance between any two devices that support the TWAMP protocol. You can use the TWAMP-Control protocol to set up performance measurement sessions and the TWAMP-Test protocol to send and receive performance measurement probes.

    You can configure TWAMP to start or stop all of the sessions for all of the TWAMP clients, or start or stop a session for a specific TWAMP client. When you start all the test session configured for a particular TWAMP client, the control-client initiates all requested testing with a Start-Sessions message, and the server sends an acknowledgment. If the control connection is not active between the server and the client, the control connection is also established and the test connections are started later. If the control-client name is not specified, all the configured test sessions are commenced.

    When you stop the test session, the control connection is closed only after the Stop-sessions message is sent from the TWAMP client to the TWAMP server. If the control-client name is not specified, all the configured test sessions are closed.

Multiprotocol Label Switching (MPLS)

  •  Support for resource RSVP (EX9200)—Starting in Junos OS Release 17.3R1, the EX9200 switch supports RSVP. RSVP is a signaling protocol that reserves resources, such as for IP unicast and multicast flows, and requests QoS parameters for applications. The protocol was extended with MPLS RSVP-TE to enable RSVP to set up label-switched paths (LSPs) that can be used for traffic engineering in MPLS networks. RSVP is automatically enabled on interfaces on which MPLS-TE is configured. You can enable up to 200 RSVP-TE sessions in the EX9200 advanced feature license (AFL).

    [See RSVP Overview .]

Operation, Administration, and Maintenance

  • Junos OS OpenConfig to support operational models for VLANs (EX Series)—Starting with Junos OS Release 17.3R1, Junos OS supports an OpenConfig YANG model for VLANs via the addition of openconfig-vlan.yang, revision 1.0.2. This provides a unified view for the network agent to retrieve an operational state from Junos OS processes (daemons) for VLANs.

Services Applications

  • Support for enhancing the current inline JFlow scale limits for certain line cards (EX9200-6QS, EX9200-12QS, and EX9200-40XS)—Starting in Junos OS Release 17.3R1, the ipv4-flow-table-size and the ipv6-flow-table-size allow up to 256 flow-table-size to support 64M flows at the [edit chassis fpc slot-number inline-services flow-table-size] hierarchy level. The existing limit on flow-export-rate under inline-jflow for each family in the sampling instance is increased to 3200 from 400.

Changes in Behavior and Syntax

This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands from Junos OS Release 17.3R3 for the EX Series.

General Routing

  • Support for deletion of static routes when the BFD session goes down (EX Series)—Starting with Junos OS Release 17.3R1, the default behavior of the static route at the [edit routing-options static static-route bfd-admin-down] hierarchy level is active. So, the static routes are deleted when the BFD receives a session down message. [See Enabling BFD on Qualified Next Hops in Static Routes for Route Selection.]

  • Enhancement to the show interfaces mc-ae extensive command—You can now view additional LACP information about the LACP partner system ID when you run the show interfaces mc-ae extensive command. The output now displays the following two additional fields:

    • Local Partner System ID-LACP partner system ID as seen by the local node.

    • Peer Partner System ID-LACP partner system ID as seen by the MC-AE peer node.

    Previously, the show interfaces mc-ae extensive command did not display these additional fields.

    [See show interfaces mc-ae..]

Management

  • Changes to custom YANG RPC syntax (EX Series)—Starting in Junos OS Release 17.3, custom YANG RPCs have the following changes in syntax:

    • The junos:action-execute statement is a substatement to junos:command. In earlier releases, the action-execute and command statements are placed at the same level, and the command statement is optional.

    • The CLI formatting for a custom RPC is defined within the junos-odl:format statement, which takes an identifier as an argument. In earlier releases, the CLI formatting is defined using a container that includes the junos-odl:cli-format statement with no identifier.

    • The junos-odl:style statement defines the formatting for different styles within the statement. In earlier releases, the CLI formatting for different styles is defined using a container that includes the junos-odl:cli-format and junos-odl:style statements.

Multicast

  • Support for per-source multicast traffic forwarding with IGMPv3 (EX4300)—Starting in Junos OS Release 17.3R3, EX4300 switches forward multicast traffic on a per-source basis according to received IGMPv3 INCLUDE and EXCLUDE reports. In releases prior to this release, EX4300 switches process IGMPv3 reports, but instead of source-specific multicast (SSM) forwarding, they consolidate IGMPv3 INCLUDE and EXCLUDE mode reports for a group into one route for all sources sending to the group. As a result, with the prior behavior, receivers might get traffic from sources they didn’t specify.

    [See IGMP Snooping Overview.]

Network Management and Monitoring

  • Enhancement to about-to-expire logic for license expiry syslog messages (EX Series)—Starting in Junos OS Release 17.3R1, the logic for multiple capacity type licenses and when their expiry raises alarms was changed. Before, the behavior had alarms and syslog messages for expiring licenses raised based on the highest validity, which would mislead users in the case of a license expiring earlier than the highest validity license. The new behavior has the about-to-expire logic based on the first expiring license.

  • Change to default log level setting (EX Series)—Starting in Junos OS Release 17.3R2, changes were made in default logging levels:

    Before the change:

    • SNMP_TRAP_LINK_UP was LOG_INFO for both the physical (IFD) and logical (IFL) interfaces.

    • SNMP_TRAP_LINK_DOWN was LOG_WARNING for both the physical (IFD) and logical (IFL) interfaces.

    After the change:

    • IFD LinkUp -> LOG_NOTICE (changed because although this is an important message, it occurs very frequently)

    • IFL LinkUp -> LOG_INFO (no change)

    • IFD and IFL LinkDown -> LOG_WARNING (no change)

    [See the MIB Explorer.]

  • Changes to SNMP syslog messages changed (EX Series)—Starting in Junos OS Release 17.3R1, two misleading SNMP syslog messages have been rewritten to accurately describe the event:

    • OLD --AgentX master agent failed to respond to ping. Attempting to re-register

      NEW –- AgentX master agent failed to respond to ping, triggering cleanup!

    • OLD –- NET-SNMP version %s AgentX subagent connected

      NEW --- NET-SNMP version %s AgentX subagent Open-Sent!

    [See the MIB Explorer.]

  • New context-oid option for trap-options configuration statement distinguishes between traps coming from a non-default routing instance and non-default logical system (EX Series)—Starting in Junos OS Release 17.3R3, the context-oid option for the trap-options statement allows you to handle prefixes such as <routing-instance name>@<trap-group> or <logical-system name>/<routing-instance name>@<trap-group> as an additional variable binding.

    [See trap-options.]

  • Reconfigure SNMPv3 configuration after upgrade (EX4600)—Starting in Junos OS Release 17.3R1, you might need to reconfigure SNMPv3 after upgrading from an earlier release. This is necessary only if you are using SNMPv3 and if the engine ID is based on the MAC address because the engine ID has changed. Previously, customers had to reconfigure SNMPv3 after every reboot. This problem was fixed. If you upgrade, you must still reconfigure SNMPv3, but only once. If you have already reconfigured SNMPv3 in an earlier release, then you do not need to reconfigure SNMPv3 again. To reconfigure SNMP v3, use the delete snmp v3 command, commit, and then reconfigure SNMPv3 parameters.

    [See Configuring the Local Engine ID.]

Routing Protocols

  • Change in the default behavior of the advertise-from-main-vpn-tables configuration statement—BGP now advertises EVPN routes from the main bgp.evpn.0 table. You can no longer configure BGP to advertise the EVPN routes from the routing instance table. In earlier Junos OS Releases, BGP advertised EVPN routes from the routing instance table by default.

    [See advertise-from-main-vpn-tables.]

Services Applications

  • Changes to the show services rpm history-results command (EX Series)—Starting in Junos OS Release 17.3R2, you must include the owner owner and test name options when using the show services rpm history-results command.

    [See show services rpm history-results.]

VLAN Infrastructure

  • LAG interface flaps while adding/removing a VLAN—From Junos OS Release 17.3 or later, the LAG interface flaps while adding or removing a VLAN. The flapping happens when a low speed SFP is plugged into a relatively high speed port. To avoid flapping, configure the port speed to match the speed of the SFP.

Known Behavior

This section lists known behavior, system maximums, and limitations in hardware and software in Junos OS Release 17.3R3 for the EX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Authentication, Authorization, and Accounting (AAA) (RADIUS)

  • On EX4300 switches, when 802.1X single-supplicant authentication is initiated, multiple "EAP Request Id Frame Sent" packets might be sent. PR1163966

Platform and Infrastructure

  • On EX4600 switches, the amount of time that it takes for Zero Touch Provisioning to complete might be lengthy because TFTP might take a long time to fetch required data. PR980530

Known Issues

This section lists the known issues in hardware and software in Junos OS Release 17.3R3 for the EX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

General Routing

  • EX9200 is not qualified to support DAC types. PR1369662

High Availability (HA) and Resiliency

  • vmcore on backup Routing Engine though not critical could impact NSR functionality. This can be hit in particular scenarios like: - Back to back GRES with specific configuration. - Commit and rollback the configuration Impact: This will not impact the production Routing Engine since core is on backup. Also, the issue is seen very rarely. Hence, this should not impact the production. PR1269383

Layer 2 Features

  • The eswd process might crash after doing a Routing Engine switchover in an EX Series Virtual Chassis scenario. The crash happens due to a disordered processing of VLAN/vmember by eswd and L2PT modules. As the order of processing does not remain the same every time, the crash is random across switchovers. PR1275468

Platform and Infrastructure

  • On EX4600 and QFX5100 switches, the amount of time that it takes for Zero Touch Provisioning to complete might be lengthy because TFTP might take a long time to fetch required data. PR980530

  • On EX4300, EX4600, and QFX5100 switches, if a remote analyzer has an output IP address that is reachable through a route learned by BGP, the analyzer might be in a DOWN state. PR1007963

  • On chassis based line cards, the FI: Protect: Parity error for CP freepool SRAM SRAM parity error might be seen. It's harmless and can be ignored. PR1079726

  • On an EX4300 or a QFX5100 Virtual Chassis, when you perform an NSSU, there might be more than five seconds of traffic loss for multicast traffic. PR1125155

  • On EX4300 switches, when 802.1X single-supplicant authentication is initiated, multiple "EAP Request Id Frame Sent" packets might be sent. PR1163966

  • On an EX9200-12QS line card, interfaces with the default speed of 10-Gigabit Ethernet are not brought down even when the remote end of a connection is misconfigured as 40-Gigabit Ethernet. PR1175918

  • On an EX9200-40XS line card, if you toggle the MACsec encryption option multiple times, encryption and protected MACsec statistics might be updated incorrectly. As a workaround, restart the line card. PR1185659

  • On an EX9200 switch with MC-LAG, when the enhanced-convergence statement is enabled, and when the kernel sends a next hop message to the Packet Forwarding Engine, the full Layer 2 header is not sent and a packet might be generated with an invalid source MAC address for some VLANs. PR1223662

  • On an EX Series switch chassis, if Dynamic Host Configuration Protocol (DHCP) relay or DHCP server is configured along with bpdu-block, a memory allocation issue may be seen. That can lead to a memory exhaustion issue for the DHCP process. PR1259918

  • A flexible VLAN-tagged interface allows both primary and secondary VLAN configuration on different logical units of the same interface, but might not work as expected. PR1267160

  • On EX4300 10G links, preexisting MACsec sessions might not come up after the following events: Process (pfex, dot1x) restart or system restart Link flaps. PR1294526

  • MPC5 inline keepalive PPP echo requests not transmitted when anchor point is lt-x/2/x or lt-x/3/x in pseudowire deployment. PR1345727

  • There are multiple failures when a events like node reboots, ICL flaps and ICCP flaps happens even with enhanced convergence configured there will be no guarantee that sub-second convergence will be achieved.PR1371493

  • Scale of 150 VRRP was not tested before, there are no issues observed for 100 VRRP groups. At the higher scale, there are no drops but traffic gets flooded for group beyond 100. PR1371520

Virtual Chassis

  • When the linecard role FPC is removed and rejoined to the Virtual Chassis immediately, the LAG interface on the master or backup would not be reprogrammed in the rejoined FPC. PR1255302

Resolved Issues

This section lists the issues fixed in the Junos OS main release and the maintenance releases for EX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 17.3R3

EVPN

  • The traffic might get dropped as the core is down. PR1343515

High Availability (HA) and Resiliency

  • When igmp-snooping and bpdu-block-on-edge are enabled, IP protocol multicast traffic sourced by the kernel such OSPF, VRRP gets dropped in the Packet Forwarding Engine level. PR1301773

Infrastructure

  • PFC feature might not work on an EX4600. PR1322439

  • ifinfo core files can be generated on EX4600 Virtual Chassis. PR1324326

Interfaces and Chassis

  • Identical IP addresses can be configured on different logical interfaces from different physical interfaces in the same routing instance (including master routing instance). PR1221993

  • On an EX4300 Virtual Chassis, an LACP flap is observed after rebooting the master FPC with PDT configurations. PR1301338

  • The interface might not work properly after the FPC restarts. PR1329896

  • The MAC address assigned to an aggregated Ethernet member interface is not the same as that of its parent aggregated Ethernet interface upon master node removal. PR1333734

  • On an EX4600 MC-LAG after reboot of VRRP master and backup black holes traffic to downstream switches. PR1345316

MPLS

  • On EX4600 switches, unified ISSU is not supported with an MPLS configuration. PR1264786

Platform and Infrastructure

  • After access rejected the dot1x process might crash due to a memory leak. PR1160059

  • The interface-range command cannot be used to set speed and autonegotiation properties for a group of interfaces. PR1258851

  • The mismatch of VLAN ID between an logical interface and VLAN configuration might result in traffic blackhole. PR1259310

  • EX : Interface does not come up after unplugged/plugged the 1G SFP. PR1261468

  • MACsec session cannot be recovered after physically flapping one link of an aggregated Ethernet. PR1283314

  • Doing load replace terminal and attempting to replace the interface stanza might terminate the current CLI session and leave user session hanging. PR1293587

  • An eswd core file might be observed if apply-groups is configured under interface-range. PR1300709

  • Multicast receiver connected to EX4300 might not be able to get the multicast streaming. PR1308269

  • Autonegotiation is not working as expected between EX4300 and SRX5800. PR1311458

  • JDISwitchingReg : Traffic loss is observed while performing NSSU. PR1311977

  • IGMP snooping might not learn multicast router interface dynamically. PR1312128

  • PEM alarms and L2C failures are observed on MX240/MX480/MX960/EX92/SRX5K devices. PR1312336

  • The interface with 1G SFP might go down if no-auto-negotiation is configured. PR1315668

  • IGMPv3 on an EX4300 does not have the correct outgoing interfaces in the Packet Forwarding Engine that are listed in the kernel. PR1317141

  • The vmcore might be seen and the device might reboot after the ICL is changed from an aggregated Ethernet to a physical interface. PR1318929

  • High latency might be observed between the master Routing Engine and other FPC. PR1319795

  • Multicast traffic might not be forwarded to one of the receivers. PR1323499

  • MAC learning issue and new VLANs creation failure might happen for some VLANs on EX4300 platform. PR1325816

  • EX Series switches do not send RADIUS request after modifying the interface-range configuration. PR1326442

  • An l2cpd process might generate a core file. PR1325917

  • The major alarm about Fan & PSU Airflow direction mismatch might be seen by removing management cable. PR1327561

  • Traffic going through aggregated Ethernet interface might be dropped if mastership changes. PR1327578

  • CoS is wrongly applied on Packet Forwarding Engine leading to egress traffic drop. PR1329141

  • [EX4300] When exhausting TCAM table filter is still programmed. PR1330148

  • The rpd process generated a core file on thenew backup Routing Engine at task_quit,task_terminate_timer_callback,task_timer_dispatch,task_scheduler after disabling NSR+GRES. PR1330750

  • The interface on which the VSTP is disabled by CLI might stay in the "Discarding" state after device rebooting. PR1333684

  • STP BPDUs are not sent out on another active child when an anchor FPC has no active child. PR1333872

  • MQSS errors and alarms might happen when an interface goes down. PR1334928

  • An EX4300 will not generate L2ALD storm control action logs if the interface has a redundant trunk group (RTG) configuration. PR1335256

  • IGMP packets are forwarded out of the RTG backup interface. PR1335733

  • L2cpd memory leak appears on EX platforms with VoIP configured. PR1337347

  • MAC source address filter with the accept-source-mac statement does not work if MAC move limit is configured. PR1341520

  • MSTP might not work normally after permitting a commit. PR1342900

  • The filter might not be programmed in Packet Forwarding Engine even though TCAM entries are available. PR1345296

  • Statistics daemon pfed might generate a core file on an upgrade between certain releases. PR1346925

  • After EX9200 FPC becomes Online, other FPC CPU may go 100% usage and have traffic loss near 30sec. PR1346949

  • The VLAN translation feature does not work for the control plane traffic. PR1348094

  • EX4600 detects a Latency-over-Threshold event with a wrong value. PR1348749

  • Traffic drop might happen if LLC packets are sent with DSAP and SSAP as 0x88 and 0x8e. PR1348618

  • Firewall filter with then syslog option is unable to send syslog files to the syslog server running Junos OS Release 16.1R5 or Release 16.1R6 on an EX4300 Virtual Chassis. PR1351548

  • A high usage chassis alarm in "/var" does not clear from the EX4300 Virtual Chassis when a file is copied from fpc1 (master) to fpc0 (backup). PR1354007

  • The ports using SFP-T transceiver might be still up after system halt. PR1354857

  • The FPC would crash due to the memory leak caused by the VTEP traffic. PR1356279

  • MPCs might restart during ISSU. PR1359282

Routing Protocols

  • An mcsnoopd core file is observed at __raise,abort,__task_quit__,task_quit,task_terminate_timer_callback,task_timer_dispatch,task_scheduler_internal (enable_slip_detector=true, no_exit=true) at ../../../../../../src/junos/lib/libjtask/base/task_scheduler.c:275 . PR1305239

  • OSPF routes cannot be installed to the routing table until the lsa-refresh timer expires. PR1316348

  • BGP peer is not established after Routing Engine switchover when graceful-restart and BFD enabled. PR1324475

  • The igmp-snooping command might be enabled unexpectedly. PR1327048

Resolved Issues: 17.3R2

Authentication, Authorization, and Accounting (AAA) (RADIUS)

  • MacSec Issue show security macsec statistics command does not show expected results.PR1283544

  • The Link Layer Discovery Protocol-Media Endpoint Discovery (LLDP-MED) cannot forward correct Packet Ordering Engine class. PR1296547

  • An l2ald crash occurs with no apparent trigger. PR1302344

  • The CLI command show snmp mib walk used for jnxMIMstMstiPortState does not display anything in Junos OS Release 17.1R2 on the EX4600 platform. PR1305281

  • Traffic loss is observed while performing NSSU.PR1311977

  • Dhcp-security binding table might not get updated. PR1312670

  • A memory leak is seen for dot1xd. PR1313578

  • The dot1x process might stop authenticating if continuous dot1x clients reauthentication requests can't get processed PR1300050

  • EX series switches do not send radius request after modifying the interface-range configuration. PR1326442

  • QFX5100/EX4600/ACX5k : Major Alarm 'Fan & PSU Airflow direction mismatch' by removing management cable. PR1327561

Class of Service (CoS)

  • On EX4300, EX4600, or QFX5100, traffic might be dropped when there is more than one forwarding class under "forwarding-class-sets". PR1255077

EVPNs

  • Split Horizon Label is not allocated after switching configuration of ESI from 'single-active' to 'all-active' PR1307056

Infrastructure

  • On EX Series switches, the file system might get corrupted multiple times during an image upgrade or commit operation. As a result, the image might fail to upgrade because the EX Series switches bypass the file system corruption check when file system is corrupted. PR1317250

  • On EX4600, priority-based flow control (PFC) frames might not work. PR1322439

Interfaces and Chassis

  • In a Virtual Chassis setup with aggregated Ethernet interfaces and multiple protocols configured in the system, intermittently we see LACP flap when the master is rebooted. Workaround is to toggle the interfaces where LACP is flapping. PR1301338

  • The interface might not work properly after FPC restarts. PR1329896

Layer 2 Features

  • Feature swap-swap might not work as expected in a Q-in-Q scenario. PR1297772

MPLS

  • QFX5100: ISSU is not supported with MPLS configuration. PR1264786

Platform and Infrastructure

  • On EX4300 Virtual Chassis, a 10-Gigabit Ethernet VCP might not get a neighbor after a system reboot. PR1261363

  • CPU utilization for pfex_junos usage might go high if DHCP relay packets are coming continually. PR1276995

  • Traffic loss might be observed for about 10 seconds if master member FPC reboots PR1283702

  • On EX4300 switches, filter-based forwarding (FBF) might not work properly after deactivating or activating. This occurs because stale entries cannot be freed in ternary content addressable memory (TCAM); it leads to insufficient space in TCAM to process filters. PR1293581

  • On an EX4300 switch, packets larger than 1452 bytes will be dropped after generic routing encapsulation (GRE), because the "Fragmentation of payload" and "GRE Path MTU discovery" are not supported on an EX4300 Series switch. PR1293787

  • On EX4300 some functions of IPv6 Router Advertisement Guard do not work. PR1294260

  • ERROR: /dev/da0s1a is not a JUNOS snapshot is seen during system startup. PR1297888

  • On EX4300 switches, when unknown unicast ICMP packets are received by an interface, packets are routed, so TTL is decremented. PR1302070

  • On EX4300 Virtual Chassis, the FRU PSU removal and insertion traps are not generated for master or backup FPCs. PR1302729

  • There is an inconsistent IEEE P-bit marking in the 802.1Q header for OSPF packets. PR1306750

  • Traceroute not working in EX9200 device for routing-instances running on 17.1R3 Junos version. PR1310615

  • IGMP snooping might not learn the multicast router interface dynamically. PR1312128

  • On EX4300VC, l2cpd core file might be seen, if the interface is disabled under VSTP and enabled under RSTP PR1317908

  • High latency might be observed between the master Routing Engine and another Flexible PIC Concentrator (FPC). PR1319795

  • On EX4300VC, VSTP BPDUs are not getting processed and root-bridge convergence fails for certain vlans PR1320719

  • Multicast traffic might not get forwarded to one of the receivers. PR1323499

  • A Layer 2 Control Protocol process (l2cpd) might generate a core file. PR1325917

Routing Protocols

  • JDI-RCT:M/Mx:Observed mcsnoopd core @ __raise,abort,__task_quit__,task_quit,task_terminate_timer_callback,task_timer_dispatch,task_scheduler_internal (enable_slip_detector=true, no_exit=true) at ../../../../../../src/junos/lib/libjtask/base/task_scheduler.c:275 .PR1305239

Virtual Chassis

  • On EX4300 FRU removal/insertion trap not generated for non-master (backup/line card) FPCs. PR1293820

Resolved Issues: 17.3R1

Authentication, Authorization, and Accounting (AAA) (RADIUS)

  • VLAN association is not being updated in the Ethernet switching table when the device is configured in single supplicant mode. PR1283880

Infrastructure

  • EX4300 aggregated interface is down while interface member VLAN is PVLAN and LACP is enabled. PR1264268

Interfaces and Chassis

  • Junos: EX Series PFE and MX MPC7E/8E/9E PFE crash when fetching interface stats with extended-statistics enabled (CVE-2017-10611); Refer to https://kb.juniper.net/JSA10814 for more information. PR1247026

Layer 2 Features

  • All the XML duplications and unformatted output are addressed. For Example, histogram was just declared as a element inside pfkey container, with this change a new container is defined for histogram. PR1271648

Platform and Infrastructure

  • Layer 3 protocol packets are not being sent out from the switch. PR1226976

Documentation Updates

This section lists the errata and changes in Junos OS Release 17.3R3 for the EX Series switches documentation.

Traffic Management User Guide for EX4600 Switches

  • Consolidation of the Traffic Management User Guide for QFX Series and EX4600 Switches (EX4600)—Starting in Junos OS Release 17.3R1, the following three traffic management guides are consolidated into one user guide:

    • Traffic Management User Guide for QFX Series

    • Traffic Management User Guide for QFX 10000 Series

    • Traffic Management User Guide for EX4600 Switches

    [See Traffic Management User Guide for QFX Series and EX4600 Switches.]

  • Support for deletion of static routes when the BFD session goes down (QFX Series)—Starting with Junos OS Release 17.3R1, the default behavior of the static route at the [edit routing-options static static-route bfd-admin-down] hierarchy level is active. So, the static routes are deleted when the BFD receives a session down message. [See Enabling BFD on Qualified Next Hops in Static Routes for Route Selection.]

Migration, Upgrade, and Downgrade Instructions

This section contains the upgrade and downgrade support policy for Junos OS for the EX Series. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network. For information about software installation and upgrade, see the Installation and Upgrade Guide.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release, even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 14.1, 14.2, 15.1 and 16.1 are EEOL releases. You can upgrade from Junos OS Release 14.1 to Release 15.1 or even from Junos OS Release 14.1 to Release 16.1. However, you cannot upgrade directly from a non-EEOL release that is more than three releases ahead or behind.

To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information on EEOL releases and to review a list of EEOL releases, see https://support.juniper.net/support/eol/software/junos/

Product Compatibility

Hardware Compatibility

To obtain information about the components that are supported on the devices, and the special compatibility guidelines with the release, see the Hardware Guide for the product.

To determine the features supported on EX Series switches in this release, use the Juniper Networks Feature Explorer, a Web-based application that helps you to explore and compare Junos OS feature information to find the right software release and hardware platform for your network. Find Feature Explorer at https://pathfinder.juniper.net/feature-explorer/.

Hardware Compatibility Tool

For a hardware compatibility matrix for optical interfaces and transceivers supported across all platforms, see the Hardware Compatibility tool.