Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for the QFX Series

 

These release notes accompany Junos OS Release 17.3R3 for the QFX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

New and Changed Features

This section describes the new features and enhancements to existing features in the Junos OS main release and the maintenance releases for QFX Series.

Note

The following QFX Series platforms are supported in Release 17.3R3: QFX5100, QFX5110, QFX5200, QFX10002, QFX10008, and QFX10016.

Release 17.3R3 New and Changed Features

EVPNs

  • IPv4 inter-VLAN multicast forwarding modes for EVPN (QFX10000 switches)—Starting with Junos OS Release 17.3R3, QFX10000 switches can forward IPv4 multicast traffic between VLANs in EVPN-VXLAN networks with these IP fabric architectures:

    • Two-layer IP fabric in which QFX10000 switches function as Layer 3 gateways, and QFX5100 or QFX5200 switches function as Layer 2 gateways. From their central location in the IP fabric, the QFX10000 switches on which IRB interfaces are configured can route multicast traffic from one VLAN to another. This mode of multicast forwarding is known as centrally-routed mode.

    • One-layer IP fabric in which QFX10000 switches function as both Layer 2 and Layer 3 gateways. From their location at the edge of the IP fabric, the QFX10000 switches on which IRB interfaces are configured can route multicast traffic from one VLAN to another. This mode of multicast forwarding is known as edge-routed mode.

    To configure the multicast forwarding mode, you can specify the irb configuration statement with the local-remote option (centrally-routed mode) or the local-only option (edge-routed mode) in the [edit forwarding-options multicast-replication evpn] hierarchy level.

    Note

    We do not recommend specifying the local-remote option on some QFX10000 switches and the local-only option on the other QFX10000 switches in either of the IP fabric architectures. Doing so might cause the QFX10000 switches to forward the inter-VLAN multicast traffic inconsistently.

Routing Policy and Firewall Filters

  • Support for packet load balancing based on GTP-TEID hashing (QFX10002, QFX10008, and QFX10016 switches)—Starting in Junos OS Release 17.3R3-S1, you can configure load balancing of IPv4 or IPv6 packets by using GPRS Tunneling Protocol-tunnel endpoint identifier (GTP-TEID) field hash calculations. The GTP-TEID hashing is added to the Layer 2 and Layer 3 field hashing that you have already configured. To enable this feature, configure the gtp-tunnel-endpoint-identifier statement at the [edit forwarding-options enhanced-hash-key family inet] or the [edit forwarding-options enhanced-hash-key family inet6] hierarchy Level. GTP versions 1 and 2 are supported; they support only user data. You must use UDP port number 2152 for both GTP versions.

Release 17.3R2 New and Changed Features

EVPNs

  • EVPN-VXLAN with MPLS as transport layer (QFX10000 line switches)—Starting with Junos OS Release 17.3R2, Ethernet VPN-Virtual Extensible LANs (EVPN-VXLANs) are supported with MPLS as the transport layer.

    At present, QFX 10000 switches provide Layer 2 and Layer 3 VXLAN gateway functions for bare-metal server (BMS) or Virtual Machines (VMs) connected to it by means of a switch network or top-of-rack through an IRB interface. It also supports inter-DC connectivity via Type-5. The current transport layer support is IP. The feature adds MPLS as a transport for Layer 2 VXLANs with EVPN type-5 gateway functionality only. Layer 3 IRB VXLAN gateways will continue to use IP as the transport layer, even if MPLS is configured.

IP Tunneling

  • IPv6 GRE tunneling support (QFX10002, QFX10008, and QFX10016)—Starting with Junos OS Release 17.3R2, Junos OS support IPv6 Generic routing encapsulation (GRE) tunnels in QFX10000 line switches..

Multicast

  • Support for next-generation multicast VPN (QFX10002, QFX10008, and QFX10016)—Starting in Junos OS Release 17.3R2, QFX10002, QFX10008, and QFX10016 switches support Multiprotocol BGP (MBGP) next-generation multicast VPNs with the following provider tunnel types:

    • Ingress replication provider tunnels

    • RSVP-Traffic Engineering (RSVP-TE) point-to-multipoint (P2MP) provider tunnels

    • Multipoint LDP P2MP provider tunnels

Virtual Chassis

  • Virtual Chassis support (QFX5200 switches)—Starting in Junos OS Release 17.3R2, QFX5200-32C switches can be interconnected into a Virtual Chassis as one logical device managed as a single chassis. A QFX5200 Virtual Chassis can contain up to 3 members that must be QFX5200-32C switches, with no mixed mode support. Any non-channelized 40-Gbps QSFP+ ports can be configured as Virtual Chassis ports (VCPs) to interconnect member switches. As of Junos OS Release 17.3R2-S4, 100-Gbps QSFP28 ports can also be configured as Virtual Chassis ports (VCPs).

    Configuration and operation are the same as for other QFX Series Virtual Chassis.

    [See Understanding QFX Series Virtual Chassis.]

Release 17.3R1 New and Changed Features

Class of Service (CoS)

  • Enhanced Transmission Selection (ETS) support (QFX10000 line switches)—Beginning with Junos OS Release 17.3R1, ETS is supported on QFX10000 Series devices, compliant with IEEE 802.1Qaz/D0.1. ETS support enables the definition of multiple priority groups at each egress port of the device. Priority queues are combined into priority groups, enabling the application of similar congestion control capabilities to all queues within a group.

    [See Understanding CoS Hierarchical Port Scheduling (ETS).]

EVPNs

  • Support of Layer 3 connectivity in an EVPN-VXLAN topology (QFX5110)—Starting with Junos OS Release 17.3R1, you can deploy a QFX5110 switch as a Layer 3 Virtual Extensible LAN (VXLAN) gateway in an EVPN-VXLAN topology with a two-layer IP fabric or an IP fabric that is collapsed to one layer. In this role, the QFX5110 switch provides Layer 3 connectivity between physical (bare-metal) servers and virtual machines (VMs) within a data center. On QFX5110 switches, you can configure integrated routing and bridging (IRB) interfaces that route packets between VLANs. While creating an IRB interface, you can configure the interface as a default Layer 3 gateway, which physical servers in one VLAN use to communicate with physical servers or VMs in another VLAN.

    [See Example: Configuring a QFX5110 Switch as a Layer 3 VXLAN Gateway in an EVPN-VXLAN Topology with a Two-Layer IP Fabric and Example: Configuring a QFX5110 Switch as Layer 2 and 3 VXLAN Gateways in an EVPN-VXLAN Topology with a Collapsed IP Fabric.]

  • Support for multiple routing instances of type Virtual Switch and EVPN, VLAN-based service on the EVPN routing instance, and VLAN-aware service on the Virtual Switch routing instance (QFX10000 line switches)—Starting with Junos OS Release 17.3R1, you can configure both EVPN and Virtual Switch routing instances. EVPN routing instance supports VLAN-based service. It includes only a single broadcast domain and there is a one-to-one mapping between a VNI and MAC-VRF. Up to 100 EVPN routing instances are supported. The Virtual Switch instance supports VLAN-aware service, and up to 10 Virtual Switch routing instances are supported. Each Virtual Switch routing instance can have up to 4094 VLANs, but the total number of VLANs across the Virtual Switch routing instances cannot exceed the system limitation.

    Note

    If you create VLANs that are not part of a routing instance, they become part of the Default Switch routing instance.

  • EVPN Proxy ARP and ARP Suppression (QFX10000 line switches)—Starting with Junos OS Release 17.3R1, QFX10000 switches that function as provider edge (PE) devices in an Ethernet VPN-Virtual Extensible LAN (EVPN-VXLAN) environment support proxy Address Resolution Protocol (ARP) and ARP suppression. The proxy ARP and ARP suppression capabilities are enabled by default. For both features to work properly, the configuration of an integrated and routing (IRB) interface on the PE device is required.

    IRB interfaces configured on a PE device deliver ARP requests from both local and remote customer edge (CE) devices. When a PE device receives an ARP request from a CE device, the PE device searches its media access control (MAC)-IP address bindings database for the requested IP address. If the PE device finds the MAC-IP address binding in its database, it responds to the request. If the device does not find the MAC-IP address binding, it swaps the source MAC address in the request with the MAC address of the IRB interface on which the request was received and sends the request to all interfaces.

    Even when a PE device responds to an ARP request, ARP packets might still be flooded across the WAN. ARP suppression prevents this flooding from occurring.

    [See EVPN Proxy ARP and ARP Suppression.]

  • Support for external multicast router for EVPN with IGMP snooping (QFX10000)—Starting with Junos OS Release 17.3R1, you can configure a provider edge (PE) switch running Ethernet VPN (EVPN) to send and receive multicast traffic to an external multicast router. This implementation supports the forwarding of inter-VLAN multicast traffic without having to configure IRB interfaces. Traffic is forwarded through a Layer 3 multicast protocol such as Protocol Independent Multicast (PIM). To enable the PE switch to receive multicast traffic from the multicast router, include the multicast-router-interface statement at the [edit protocols igmp-snooping vlan vlan-name interface interface-name] hierarchy level.

    Support for forwarding inter-VLAN and intra-VLAN multicast traffic in an EVPN-VXLAN environment with IRB interfaces was introduced on QFX10000 switches in Junos OS Release 17.2R1.

    [See multicast-router-interface (IGMP Snooping).]

  • Support for external Layer 3 multicast device for EVPN with IGMP snooping (QFX10000)—Starting with Junos OS Release 17.3R1, you can connect an Ethernet VPN (EVPN) provider edge switch to an external Layer 3 device running a multicast protocol such as Protocol Independent Multicast (PIM). In this implementation, one or more provider edge switches configured with EVPN are connected to an external, that is, gateway, multicast device through a Layer 2 VLAN. To enable the PEs to forward traffic to the external domain, configure PIM-to-IGMP translation by including the pim-to-igmp-proxy upsream-interface irb-interface-name statements at the [edit routing-options multicast] hierarchy level. Additionally, this implementation supports configuring PIM on the IRB interfaces on the PE so that it functions only to forward inter-VLAN traffic within the data center. This means that you do not need to configure a PIM rendezvous point because forming PIM adjacencies is not required. The gateway device only needs to view the data center as a Layer 2 multicast domain. Include the new passive statement at the [edit protocols pim] hierarchy level to configure PIM to perform only inter-VLAN forwarding of multicast traffic.

    [See Overview of IGMP Snooping in an EVPN-VXLAN Enviornment.]

General Routing

  • Commit process split into two steps (QFX Series)—Starting in Junos OS Release 17.3R1, new configuration statements are introduced for commit to split the commit process into two steps. These configuration statements are prepare and activate.

    In the first step, known as preparation stage, commit prepare validates the configurations and then creates the necessary files and database entries so that the validated configurations can be activated at a later stage.

    In the second step, referred to as the activation stage, commit activate activates the previously prepared commit. A new configuration statement, prepared, is added to clear system commit, which clears the prepared commit cache

    This feature enables you to configure a number of Junos OS devices and simultaneously activate the configurations. This approach is helpful in time-critical scenarios.

    [See Commit Preparation and Activation Overview.]

High Availability (HA) and Resiliency

  • Support for VRRP over IRB interfaces (QFX5100 Virtual Chassis and Virtual Chassis Fabric)—Starting in Junos OS Release 17.3R1, you can configure Virtual Router Redundancy Protocol Version 3 (VRRPv3) for an IPv4 or IPv6 IRB interface on a QFX5100 Virtual Chassis or Virtual Chassis Fabric (VCF). The Virtual Chassis or VCF can act as the master or backup switch in a VRRP group, and the IRB interface forwards traffic sent to the configured VRRP virtual address that corresponds to the default gateway for the VLAN. Use the vrrp-group or vrrp-inet6-group configuration statement in the [edit interfaces irb unit logical-unit-number family (inet | inet6) address address] statement hierarchy on the Virtual Chassis or VCF as part of the IRB interface configuration.

    [See Configuring Basic VRRP Support for QFX and Configuring IRB Interfaces.]

Interfaces and Chassis

  • Increased number of link aggregation groups (LAGs) (QFX10008 and QFX10016 switches)—Starting with Junos OS Release 17.3R1, you can configure up to 1000 LAGs on QFX10008 and QFX10016 switches. To configure, include the device-count statement with a value of 1000 at the [edit chassis aggregated-devices ethernet] hierarchy level and add member links in each bundle.

  • Short-reach mode (QFX5100-48T switch)—Allows you to use short cable lengths (less than 10 meters) for copper-based 10-Gigabit Ethernet interfaces. Enabling short-reach mode reduces power consumption on these interfaces. You can configure short-reach mode for individual interfaces and for a range of interfaces. Enable short-reach mode for individual interfaces by including the enable statement at the [edit chassis fpc <slot-number> pic <slot-number>] hierarchy. Enable short-reach mode for a range of interfaces by including the enable statement at the [edit chassis fpc <slot-number> pic port-range <port low> <port high>] hierarchy.

  • IEEE 1588v2 Precision Time Protocol (PTP) Boundary Clock (QFX10002 switches)—Starting with Junos OS Release 17.3R1, a boundary clock, which has multiple network connections, can act as a source (master) or destination (slave) for synchronization messages. The boundary clock intercepts and processes all Precision Time Protocol (PTP) messages and passes all other traffic. The best master clock algorithm (BMCA) is used by the boundary clock to select the best clock from configured acceptable masters. You can configure a port as a boundary slave or as a boundary master. To configure a boundary clock, include the boundary statement at the [edit protocols ptp clock-mode] hierarchy level.

    [See IEEE 1588v2 PTP Boundary Clock Overview.]

  • Auto-channelization of interfaces (QFX5200 switch)—Starting in Junos OS Release 17.3, you can use the auto-channelization feature to divide and channelize data automatically by detecting the cable type. The mode and number of channels are decided based on the channel link status. On QFX5200, auto-channelization supports three modes of operation with unique port settings:

    • When 4x10G split cables are connected, the 40G port auto-channelizes to four 10G channels.

    • When 2x50G split cables are connected, the 100G port auto-channelizes to two 50G channels.

    • When 4x25G split cables are connected, the 100G port auto-channelizes to four 25G channels.

  • Support for static link protection on aggregated interfaces (QFX5100 switches)—Starting in Junos OS Release 17.3R1, you can enable link protection on a specified static label-switched paths (LSP). You can designate a primary and a backup physical link to support link protection. Egress traffic passes only through the designated primary link. This includes transit traffic and locally generated traffic on the router. When the primary link fails, traffic is routed through the backup link.

    See Configuring Node Protection or Link Protection for LSPs.

  • Support for consistent load balancing for ECMP groups (QFX10000 line switches)—Starting with Junos OS Release 17.3R1 on QFX10000 switches, you can prevent the reordering of flows to active paths in an ECMP group when one or more paths fail. Only flows that are on inactive paths are redirected. This feature applies only to Layer 3 adjacencies learned through external BGP connections. It overrides the default behavior of disrupting all existing, including active, TCP connections when an active path fails. Include the consistent-hash statement at the [edit policy-options policy-statement policy-statement-name then load-balance] hierarchy level. You must also configure a global per-packet load-balancing policy.

    [See Understanding Consistent Load Balancing Through Resilient Hashing on ECMP Groups. ]

  • CL74 FEC support for 25-gigabit and 50-gigabit channel speeds (QFX5200 switches)—Starting with Junos OS Release 17.3, you can disable or reenable clause 74 (CL74)—as well as CL91—forwarding error correction (FEC) support on QFX5200 switches. FEC CL91 is supported for the 100-gigabit port speed and FEC CL74 is supported for both 25-gigabit and 50-gigabit port speeds. FEC CL91 is enabled by default for the 100-gigabit port speed; when the ports are channelized either in 4x25-gigabit or 2x50-gigabit, FEC CL74 is enabled.

    • To disable the FEC mode:

    • To reenable the FEC mode:

      or

    • To check FEC status:

      The output for the show command will list FEC statistics for a particular interface-name, including the FEC corrected errors count, the FEC uncorrected errors count, and the type of FEC that was disabled or enabled.

Layer 2 Features

  • Support to exclude IRB Interfaces from state calculations (QFX5100)—Starting with Junos OS Release 17.3R1, you can exclude a trunk or access interface from the state calculations for an IRB interface for member VLANs. An IRB interface typically has multiple ports in a single VLAN. Excluding truck and access interfaces from state calculations means that as that soon as the port specifically assigned to the VLAN goes down, the the IRB interface for the VLAN is marked as down. Include theautostate-exclude statement at the [edit interfaces ether-options] hierarchy level. This feature was previously introduced in Junos OS Release 14.1X53-D40.

    [See Excluding an IRB Interface from State Calculations.]

  • Increases number of vmembers to 256k for integrated routing and bridging interfaces and aggregated Ethernet interfaces (QFX10000 line switches)—To calculate vmember utilization, multiply the number of VLANS assigned to a port by the number of ports. The number should be less than or equal to 256k.

Management

  • Enhancements to BGP peer sensors for Junos Telemetry Interface (QFX5110, QFX5200, and QFX10000)—Starting with Junos OS Release 17.3R1, telemetry data streamed through gRPC for BGP peers is reported separately for each routing instance. To export data for BGP peers, you must now include the following path in front of all supported paths: /network-instances/network-instance/[name_'instance-name']/protocols/protocol/

    Additionally, the following paths are also now supported:

    • /network-instances/network-instance/protocols/protocol/

      bgp/neighbors/neighbor/afi-safis/afi-safi/state/prefixes/accepted

    • /network-instances/network-instance/protocols/protocol/

      bgp/neighbors/snmp-peer-index

    • /network-instances/network-instance/protocols/protocol/

      bgp/neighbors/neighbor/afi-safis/afi-safi/state/queues/output

    • /network-instances/network-instance/protocols/protocol/

      bgp/neighbors/neighbor/afi-safis/afi-safi/state/queues/input

    • /network-instances/network-instance/protocols/protocol/

      bgp/neighbors/neighbor/state/ImportEval

    • /network-instances/network-instance/protocols/protocol/

      bgp/neighbors/neighbor/state/ImportEvalPending

    Use the telemetrySubscribe RPC to specify telemetry parameters and provision the sensor. If your device is running a version of Junos OS with an upgraded FreeBSD kernel, you must download the Junos Network Agent software package, which provides the interfaces to manage gRPC subscriptions.

    [See Guidelines for gRPC Sensors.]

  • Support for LSP events and properties sensor for Junos Telemetry Interface (QFX5110 and QFX5200)—Starting with Junos OS Release 17.3R1, you can export statistics for LSP events and properties through the Junos Telemetry Interface. Only gRPC streaming for this sensor is supported. You can export statistics for ingress point-to-point LSPs, point-to-multipoint LSPs, bypass LSPs, and dynamically created LSPs. To export data through gRPC, use the /mpls/lsps/ or /mpls/signal-protocols/ set of OpenConfig subscription paths. Use the telemetrySubscribe RPC to specify telemetry parameters and provision the sensor. If your device is running a version of Junos OS with an upgraded FreeBSD kernel, you must download the Junos Network Agent software package, which provides the interfaces to manage gRPC subscriptions. Streaming telemetry data through gRPC also requires you to download the OpenConfig for Junos OS module and YANG models. This sensor was previously supported only on QFX10000 switches, MX Series routers, and PTX Series routers.

    [See Guidelines for gRPC Sensors (Junos Telemetry Interface).]

  • Support for the Junos Telemetry Interface (QFX5110)—Starting with Junos OS Release 17.3R1, you can provision sensors through the Junos Telemetry Interface to export telemetry data for various network elements without involving polling on QFX5110 switches. Only gRPC streaming of statistics is supported on QFX5110 switches. UDP streaming is not supported.

    The following sensors are supported:

    • BGP peers

    • RSVP interface events

    • Memory utilization for routing protocol tasks

    • Label-switched-path events and properties

    • Ethernet interfaces enabled with the Link Layer Discovery Protocol

    To provision sensors to stream data through gRPC, use the telemetrySubscribe RPC to specify telemetry parameters for a specified list of OpenConfig commands paths. You must download the Junos Network Agent software package, which provides the interfaces to manage gRPC subscriptions. Streaming telemetry data through gRPC also requires you to download the OpenConfig for Junos OS module and YANG models.

    Support for the Junos Telemetry Interface was introduced on QFX10000 and QFX5200 switches in Junos OS Release 17.2R1.

    [See Overview of the Junos Telemetry Interface.]

Multicast

  • Support for static multicast route leaking for VRF and virtual-router instances (QFX5100 switches)—Starting with Junos OS Release 17.3R1, you can configure your switch to share IPv4 multicast routes among different virtual routing and forwarding (VRF) instances or different virtual-router instances. Only multicast static routes with a destination-prefix length of /32 are supported for multicast route leaking. Only Internet Group Management Protocol version 3 is supported. To configure multicast route leaking for VRF or virtual-router instances , include the next-table routing-instance-name.inet.0 statement at the [edit routing-instances routing-instance-name routing-options static route destination-prefix/32 hierarchy level. For routing-instance-name, include the name of a a VRF or virtual-router instance. This feature was initially introduced in Junos OS Release 14.X53-D40.

    [See Understanding Multicast Route Leaking for VRF and Virtual-Router Instances.]

MPLS

  • Support for Layer 2 circuit on aggregate interfaces (QFX10000 switches)—Starting in Junos OS release 17.3R1, you can configure a Layer 2 circuit on aggregate interfaces. You can apply input and output VLAN tags for pop, swap, and push label operations on the VLAN-CCC interface. VLAN tags are applied when traffic is sent to and from the Layer 2 circuit interface. These operations are performed only on the outer TAG. The pop VLAN tag removes the VLAN tag from the top of the VLAN tag stack. The push VLAN tag adds a new outer VLAN tag, and the swap VLAN tag replaces the existing outer VLAN tag with the new VLAN tag. This feature provides interoperability between Layer 2 services with a distinct VLAN at the local or remote end, or for instances where the Layer 2 service comes with a certain VLAN, but the remote peer has a different VLAN or no VLAN.

    [See CCC Overview .]

  • VRF support in IRB interfaces in a Layer 3 VPN (QFX5100 and QFX5100 Virtual Chassis)—Starting in Junos Release 17.3R1, you can configure IRB interfaces under virtual routing and forwarding (VRF) in a VPN Layer 3 network. IRB interfaces enable a switch to recognize which packets are being sent to local addresses so that they are bridged whenever possible and are routed only when needed. This same functionality applies, when IRB interfaces are part of routing instances or VRF. Virtual routing instances allows you to divide the switch into multiple independent virtual routers, each with its own routing table. This increases functionality by allowing network paths to be segmented without using multiple devices. Because traffic is automatically segregated, VRF also increases network security and can eliminate the need for encryption and authentication. Internet service providers often take advantage of VRF to create separate VPNs for their customers.

    [See Understanding Virtual Routing and Forwarding Tables .]

  • Support for BGP MPLS-based Ethernet VPN (QFX10000 switches)—Starting with Junos OS Release 17.3R1, you can use MPLS-based Ethernet VPN (EVPN) to route MAC addresses using BGP over an MPLS core network. An EVPN enables you to connect dispersed customer sites using a Layer 2 virtual bridge. As with other types of VPNs, an EVPN consists of customer edge (CE) devices (host, router, or switch) connected to a provider edge (PE) router or switch. The QFX10000 acts as a PE switch at the edge of the MPLS infrastructure. The switch can be connected by an MPLS Label Switched Path (LSP) which provides the benefits of MPLS technology, such as fast reroute and resiliency. You can deploy multiple EVPNs within a service provider network, each providing network connectivity to a customer while ensuring that the traffic sharing on that network remains private.

    [See EVPN Overview.]

Operation, Administration, and Maintenance

  • Junos daemons to natively emit JSON output (QFX Series)—Starting with Junos OS Release 17.3R1, the operational state emitted by the daemons is supported in JSON format as well as XML format. To configure JSON format, specify the following CLI command: set system export-format state-data json compact. To specify JSON format for specific command output, include display json in specific CLI commands.

  • Junos OpenConfig to support operational models for VLANs (QFX Series)—Starting with Junos OS Release 17.3R1, support has been added for an OpenConfig YANG model for VLANs via the addition of openconfig-vlan.yang, revision 1.0.2. This provides a unified view for the network agent to retrieve operational state from JUNOS daemons for VLANs.

Port Security

  • MAC-limiting support (QFX10000 switches)—Starting in Junos OS Release 17.3R1, you can configure MAC limiting on QFX10000 line switches. MAC limiting enhances port security by limiting the number of MAC addresses that can be learned within a VLAN. Limiting the number of MAC addresses protects the switch from flooding of the Ethernet switching table (also known as the MAC forwarding table or Layer 2 forwarding table). Flooding occurs when the number of new MAC addresses that are learned causes the Ethernet switching table to overflow, and previously learned MAC addresses are flushed from the table. The switch then reverts to flooding the previously-learned MAC addresses, which can impact performance and introduce security vulnerabilities.

    This feature was previously supported in an “X” release of Junos OS.

    [See Understanding MAC Limiting and MAC Move Limiting for Port Security.]

  • IP source guard (QFX5100, QFX5110, QFX5200)—Starting with Junos OS Release 17.3R1, you can configure the IP source guard access port security feature to mitigate the effects of source IP address spoofing and source MAC address spoofing. If IP source guard determines that a host connected to an access interface has sent a packet with an invalid source IP address or source MAC address in the packet header, it discards the packet.

    [See Understanding IP Source Guard for Port Security on EX Series Switches.]

Routing Protocols Policy and Firewall Filters

  • Flexible Ethernet Support (QFX10000 switches)—Starting in Junos OS release 17.3R1, you can configure inet, inet6, or vlan-circuit cross-connect (CCC) connections on a physical or aggregate ethernet interface. This allows you to set different forwarding rules for tagged and untagged traffic on the same interface. For example, you can forward tagged packets over the l2circuit and route untagged traffic normally in the native vlan mode.

    All logical devices that are under the flexible vlan tagging are identified by their vlan-id configuration. For untagged traffic, the association to the corresponding logical device is derived using the native vlan id configuration on the physical device. For traffic without a vlan tag, the default vlan id (native vlan id) is used to derive the layer2 domain.

Routing Protocols

  • Support for BGP Large Communities (QFX Series)—Starting with Junos OS 17.3R1, BGP community is enhanced to support BGP large community that uses 12-byte encoding where the most significant 4-bytes encode autonomous system number or global administrator and the remaining two 4-bytes encode operator defined local values. Currently, BGP normal community (4-byte) and BGP extended community (6-byte) provide limited support for BGP community attributes after the introduction of 4-byte autonomous system number. Configure the large BGP community attributes under [edit policy-options community community-name members] hierarchy level and under [edit routing-options static route route community] hierarchy level with keyword large followed by three 4-byte unsigned integers separated by colons. The attributes are represented as large:autonomous system number:local value 1:local value2.

  • Support for segment routing for IS-IS (QFX5110 and QFX5200)—Starting with Junos OS Release 17.3R1, you can advertise MPLS labels through IS-IS to support segment routing. IS-IS advertises a set of segments, which enables an ingress device to steer a packet through a specific set of nodes and links in the network without relying on the intermediate nodes in the network to determine the path to take. Two types of segments are supported: node and adjacency. A node segment represents a shortest-path link to a node. An adjacency segment represents a specific adjacency to a node. To enable segment routing, include the source-packet-routing statement at the [edit protocols isis] hierarchy level. By default, segment routing is enabled on all IS-IS levels. To disable advertising of the adjacency segment for a specified interface, include the no-advertise-adjacency-segment statement. You can also specify an interval for maintaining adjacency segments by including the adjacency-segment hold-time milliseconds statement.

    To enable node segments, include the node-segment statement at the [edit protocols isis source-packet-routing] hierarchy level. You have two options for advertising a range of indices for IPv4 or IPv6 addresses. Use the index-range statement to specify a dynamic label range managed by MPLS. To specify a specific block of indices, also known as a segment routing global block, include the start-label index-range statements at the [edit protocols isis source-packet-routing srgb] hierarchy level. This configuration enables MPLS to reserve the specified label range. Segment routing in IS-IS also supports provisioning prefix segment indices (SIDs) and anycast SIDs for both IPv4 and IPv6 prefixes. These SIDs are provisioned through a routing policy for each prefix. Include the prefix-segment index number statement at the [edit policy options policy-statement policy-namethen] hierarchy level. You can also enable IPG shortcuts for prefix segment routes. Include the shortcuts statement at the [edit protocols isis traffic-engineering family (inet-mpls | inet6-mpls)] hierarchy level.

    This feature was introduced on QFX5100 and QFX10000 switches in Junos OS Release 17.2R1.

    [See Understanding Source Packet Routing.]

  • BGP precision-timer support for reducing BGP hold-time (QFX5100, QFX5100 Virtual Chassis, QFX5110, QFX5200, QFX10000)—Starting in Junos OS Release 17.3R1, you can use BGP precision timers to enable BGP sessions to send frequent keepalive messages with hold times as short as 10 seconds. The hold time is the maximum time allowed to elapse between successive keepalive messages that BGP receives from a peer. The default hold time is 90 seconds; the default frequency for keepalive messages is 30 seconds. More frequent keepalive messages and shorter hold times might be desirable in large-scale deployments with many active sessions. When you set a hold-time value to less than 20 seconds, we recommend that you also configure the BGP precision-timers statement, so that if scheduler slip messages occur, the routing device continues to send keepalive messages. When the precision-timers statement is included, keepalive messages are generated in a dedicated kernel thread, thus helping to prevent BGP session flaps.

    [See precision-timers.]

  • Support for 128 equal-cost paths for BGP multipath (QFX10000)—Starting with Junos OS Release 17.3R1, you can configure a maximum of 128 equal-cost paths for external BGP peers. Previously, the maximum number supported was 64. For MPLS routes, the maximum number of equal-cost paths you can configure remains unchanged at 64. To specify 128 equal-cost paths for external BGP peers, include the maximum-ecmp 128 statement at the [edit chassis] hierarchy level. You must also configure a routing policy that exports routes from the routing table into BGP. Define a routing policy by including the policy-statement policy-name set of statements at the [edit policy-options] hierarchy level. Apply the policy to routes exported to the forwarding table by including the export policy-name statement at the [edit routing-options forwarding-table] hierarchy level.

    [See maximum-ecmp.]

    Note

    This feature is released but not supported in Junos OS Release 17.3R1.

  • Support for segment routing for OSPF (QFX5110 and QFX5200)—Starting with Junos OS Release 17.3R1, you can advertise MPLS labels through OSPF to support segment routing. Only IPv4 is supported. OSPFv3 is not supported. OSPF advertises a set of segments, which enables an ingress device to steer a packet through a specific set of nodes and links in the network without relying on the intermediate nodes in the network to determine the path to take. Two types of segments are supported: node and adjacency. A node segment represents a shortest-path link to a node. An adjacency segment represents a specific adjacency to a node. To enable segment routing, include the source-packet-routing statement at the [edit protocols ospf] hierarchy level. By default, segment routing is enabled for all OSPF areas. To disable for a specific area, include the no-source-packet-routing statement at the [edit protocols ospf area area-id] hierarchy level. To enable node segments, include the node-segment statement. You can specify a range for IPv4 addresses to advertise, which MPLS manages dynamically. To disable advertising of the adjacency segment for a specified interface, include the no-advertise-adjacency-segment statement.

    This feature was introduced on QFX5100 and QFX10000 switches in Junos OS Release 17.2R1.

    [See source-packet-routing.]

  • Support for alternate loop-free routes for IS-IS and OSPF (QFX10000)—Starting in Junos OS Release 17.3R1, this feature adds fast reroute capability for IS-IS and OSPF. Junos OS precomputes loop-free backup routes for all IS-IS or OSPF routes. These backup routes are preinstalled in the Packet Forwarding Engine, which performs a local repair and implements the backup path when the link for a primary next hop for a particular route is no longer available. A loop-free path is one that does not traverse the router to reach a given destination. That is, a neighbor that already forwards traffic to the router is not used as a backup route to that destination.

    You can enable support for alternate loop-free routes on any IS-IS or OSPF interface. To provide this support automatically for LDP label-switched paths (LSPs), you must also enable LDP on any interface for which you enabled support for loop-free alternate routes. In addition, you can extend backup coverage to include RSVP LSP paths.

    Junos OS provides two mechanisms to enable fast reroute for IS-IS or OSPF using alternate loop-free routes: link protection and node-link protection. When you enable link protection or node-link protection on an IS-IS or OSPF interface, the software creates an alternate path to the primary next hop for all destination routes that traverse a protected interface. Link protection offers per-link traffic protection. It supports fast rerouting of user traffic over one mission-critical link. Node-link protection establishes an alternate path through a different router altogether.

    [See Loop-Free Alternate Routes for OSPF Overview, Example: Configuring Link and Node Protection for IS-IS Routes.]

  • Support for alternate loop-free routes for IS-IS and OSPF (QFX5110 and QFX5200)—Starting in Junos OS Release 17.3R1, this feature adds fast reroute capability for IS-IS and OSPF. Junos OS precomputes loop-free backup routes for all IS-IS or OSPF routes. These backup routes are preinstalled in the Packet Forwarding Engine, which performs a local repair and implements the backup path when the link for a primary next hop for a particular route is no longer available. A loop-free path is one that does not traverse the router to reach a given destination. That is, a neighbor that already forwards traffic to the router is not used as a backup route to that destination.

    You can enable support for alternate loop-free routes on any IS-IS or OSPF interface. To provide this support automatically for LDP label-switched paths (LSPs), you must also enable LDP on any interface for which you enabled support for loop-free alternate routes. In addition, you can extend backup coverage to include RSVP LSP paths.

    Junos OS provides two mechanisms to enable fast reroute for IS-IS or OSPF using alternate loop-free routes: link protection and node-link protection. When you enable link protection or node-link protection on an IS-IS or OSPF interface, the software creates an alternate path to the primary next hop for all destination routes that traverse a protected interface. Link protection offers per-link traffic protection. It supports fast rerouting of user traffic over one mission-critical link. Node-link protection establishes an alternate path through a different router altogether.

    [See Loop-Free Alternate Routes for OSPF Overview, Example: Configuring Link and Node Protection for IS-IS Routes.]

  • Support for BGP link-state distribution extensions for segment routing (QFX5110 and QFX5200)—Starting in Junos OS Release 17.3R1, BGP link-state distribution extensions export segment-routing topology information to software-defined networking controllers. Although controllers can obtain the topology information by either being a part of an interior gateway protocol (IGP) domain or through BGP link-state distribution, the latter provides a more scalable mechanism for exporting this information. BGP link-state distribution is supported on inter-domain networks. This feature is useful in networks that are moving to segment routing at the transport layer but also have RSVP deployed. Include the ipv4-prefix statement at the [edit policy-options policy-statement policy-name term term-name from traffic-engineering] hierarchy level. This feature was introduced in Junos OS Release 17.2R1 on MX Series and PTX Series routers and on QFX5100 and QFX10000 switches.

    [See Link-State Distribution Using BGP Overview.]

  • Routing protocol process (rpd) recursive resolution over multipath (QFX Series)—Starting in Junos OS Release 17.3R1, when a BGP prefix that has a single protocol next hop is resolved over another BGP prefix that has multiple resolved paths (unilist), all the paths are selected for protocol next-hop resolution. In prior Junos OS releases, only one of the paths is picked for protocol next-hop resolution. This new feature benefits densely connected networks where BGP is used to establish infrastructure connectivity such as WAN networks with high equal-cost multipath and seamless MPLS topology.

    To configure recursive resolution over multipath, define a policy that includes the multipath-resolve action at the [edit policy-options policy-statement policy-name then] hierarchy level and import the policy at the [edit routing-options-resolution rib rib-name] hierarchy level.

    [See Configuring Recursive Resolution over BGP Multipath.]

Virtual Chassis

  • Virtual Chassis and Virtual Chassis Fabric (VCF) support (QFX5110)—Starting with Junos OS Release 17.3R1, QFX5110 switches can be interconnected into a Virtual Chassis or VCF and operate as one logical device managed as a single chassis, as follows:

    • QFX5110 Virtual Chassis: Up to 10 members, all QFX5110 switches or in combination with QFX5100 switches. We recommend using QFX5110 switches in the master and backup Routing Engine roles, and QFX5100 switches only in the linecard role.

    • QFX5110 VCF: Up to 20 members, all QFX5110 switches or in combination with QFX5100 switches. Spine members must be QFX5110-32Q switches.

    • A QFX5110 Virtual Chassis or VCF can contain QFX5110-32Q, QFX5110-48S, QFX5100-24Q, QFX5100-48S, and QFX5100-98S switches. The same software image runs on QFX5110 or QFX5100 switches in a Virtual Chassis or VCF, and you do not need to configure the switches into mixed mode.

      Caution

      Any QFX5100 switches running a “-qfx-5-” Junos OS software image must first be upgraded to a “-qfx-5e-” image (using the USB method) to successfully join a mixed QFX5110 Virtual Chassis or VCF.

    • Any (non-channelized) 100-Gbps or 40-Gbps QSFP28 ports, 40-Gbps QSFP+ ports, or 10-Gbps SFP+ ports can be Virtual Chassis ports (VCPs).

    [See Understanding QFX Series Virtual Chassis and Understanding QFX Virtual Chassis Fabric Components.]

Changes in Behavior and Syntax

This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands from Junos OS Release 17.3R3 for the QFX Series.

Class of Service (CoS)

  • When you configure a transmit-rate, you must also configure a guaranteed-rate at traffic-control-profiles. If you commit a configuration of a transmit-rate without a guaranteed-rate, a warning message is displayed and the default scheduler map is applied.

EVPNs

  • On QFX10000 switches running Junos OS Release 17.3R3 or later, the local preference setting for an Ethernet VPN (EVPN) pure type-5 route is inherited by IP routes that are derived from the EVPN type-5 route. Further, when selecting an IP route for incoming traffic, the QFX10000 switches consider the local preference of the route. A benefit of the QFX10000 switches including local preference in their route selection criteria is that you can set up a policy to manipulate the local preference, thereby controlling which route the switch selects.

  • By default, QFX10000, QFX5100, QFX5110, QFX5200, and QFX5210 switches that act as spine and leaf devices in an EVPN-VXLAN overlay network implement the core isolation feature. If one of these QFX switches loses all of its EVPN internal BGP (IBGP) peering sessions, the core isolation feature, working in conjunction with Link Aggregation Control Protocol (LACP), automatically brings down all Layer 2 Ethernet Switch Identifier (ESI) link aggregation group (LAG) interfaces on the switch. In some situations, this feature produces an undesired outcome that you can prevent by disabling the feature with the no-core-isolation configuration statement at the [edit protocols evpn] hierarchy level.

    [See Understanding When to Disable EVPN-VXLAN Core Isolation.]

General Routing

  • Support for deletion of static routes when the BFD session goes down (QFX Series)—Starting with Junos OS Release 17.3R1, the default behavior of the static route at the [edit routing-options static static-route bfd-admin-down] hierarchy level is active. So, the static routes are deleted when the BFD receives a session down message.

    [See Enabling BFD on Qualified Next Hops in Static Routes for Route Selection.]

Interfaces and Chassis

  • Starting with Junos OS Release 17.3R3, on QFX5100 switches, the configuration statement source-destination-only-loadbalancing under the [edit forwarding-options enhanced-hash-key] hierarchy is not visible in the CLI. The statement is not supported on QFX5100.

  • Packets with MTU size greater than the default value are dropped (QFX5110)—In Junos OS Release 17.3R3, on QFX5110 switches, setting maximum transmission unit (MTU) on the L3 interface does not take effect and packets with MTU size greater than the default value are dropped.

    [See mtu.]

Management

  • Changes to custom YANG RPC syntax (QFX Series)—Starting in Junos OS Release 17.3, custom YANG RPCs have the following changes in syntax:

    • The junos:action-execute statement is a substatement to junos:command. In earlier releases, the action-execute and command statements are placed at the same level, and the command statement is optional.

    • The CLI formatting for a custom RPC is defined within the junos-odl:format statement, which takes an identifier as an argument. In earlier releases, the CLI formatting is defined using a container that includes the junos-odl:cli-format statement with no identifier.

    • The junos-odl:style statement defines the formatting for different styles within the statement. In earlier releases, the CLI formatting for different styles is defined using a container that includes the junos-odl:cli-format and junos-odl:style statements.

  • Enhancement to show agent sensors command (QFX Series)—Starting with Junos OS Release 17.3R1, the show agent sensors command, which displays information about Junos Telemetry Interface sensors, displays the default value of 0 for the DSCP and Forwarding-class values. Previously, the displayed default value for these fields was 255. The default value is displayed when you do not configure a DSCP or forwarding-class value for a sensor at the [edit services analytics export-profile profile-name] hierarchy level.

    [See export-profile and show agent sensors.]

Network Management and Monitoring

  • Enhancement to about-to-expire logic for license expiry syslog messages (QFX Series)—As of Junos OS Release 17.3R1, the logic for multiple capacity type licenses and when their expiry raises alarms was changed. Before, the behavior had alarms and syslog messages for expiring licenses raised based on the highest validity, which would mislead users in the case of a license expiring earlier than the highest validity license. The new behavior has the about-to-expire logic based on the first expiring license.

  • SNMP syslog messages changed (QFX Series)—In Junos OS Release 17.3R1, two misleading SNMP syslog messages have been rewritten to accurately describe the event:

    • OLD --AgentX master agent failed to respond to ping. Attempting to re-register

      NEW –- AgentX master agent failed to respond to ping, triggering cleanup!

    • OLD –- NET-SNMP version %s AgentX subagent connected

      NEW --- NET-SNMP version %s AgentX subagent Open-Sent!

    [See the MIB Explorer.]

  • Change in default log level setting (QFX Series)—In Junos OS Release, 17.3R2, the following changes were made in default logging levels:

    Before this change:

    • SNMP_TRAP_LINK_UP was LOG_INFO for both the physical (IFD) and logical (IFL) interfaces.

    • SNMP_TRAP_LINK_DOWN was LOG_WARNING for both the physical (IFD) and logical (IFL) interfaces.

    After this change:

    • IFD LinkUp -> LOG_NOTICE (since this is an important message but less frequent)

    • IFL LinkUp -> LOG_INFO (no change)

    • IFD and IFL LinkDown -> LOG_WARNING (no change)

    See the MIB Explorer.

  • New context-oid option for trap-options configuration statement to distinguish the traps which come from a non-default routing instance and non-default logical system (QFX Series)—In Junos OS Release 17.3R3, a new option, context-oid, for the trap-options statement allows you to handle prefixes such as <routing-instance name>@<trap-group> or <logical-system name>/<routing-instance name>@<trap-group> as an additional varbind.

    [See trap-options.]

  • Reconfigure SNMPv3 configuration after upgrade (QFX Series)—Starting in Junos OS Release 17.3R1, you might need to reconfigure SNMPv3 after upgrading from an earlier release. This is necessary only if you are using SNMPv3 and if the engine ID is based on the MAC address because the engine ID has changed. Previously, customers had to reconfigure SNMPv3 after every reboot. This problem was fixed. If you upgrade, you must still reconfigure SNMPv3, but only once. If you have already reconfigured SNMPv3 in an earlier release, then you do not need to reconfigure SNMPv3 again. To reconfigure SNMP v3, use the delete snmp v3 command, commit, and then reconfigure SNMPv3 parameters. Platforms affected are QFX5100, QFX10002, QFX10008, and QFX10016.

    [See Configuring the Local Engine ID.]

Routing Policy and Firewall Filters

  • Support for configuring the GTP-TEID field for GTP traffic (QFX5100, QFX5110, and QFX5200 switches)—Starting in Junos OS Release 17.3R3, the gtp-tunnel-endpoint-identifier statement is supported to configure the hash calculation of IPv4 or IPv6 packets that are included in the GPRS tunneling protocol–tunnel endpoint identifier (GTP-TEID) field hash calculations. The gtp-tunnel-endpoint-identifier configuration statement is configured at the [edit forwarding-options enhanced-hash-key family inet] hierarchy level.

    In most of the cases, configuring gtp-tunnel-endpoint-identifier statement is sufficient for enabling GTP hashing. After enabling, if GTP hashing does not work, it is recommended to capture the packets using relevant tools and identify the offset value. As per standards, 0x32 is the default header offset value. But, due to some special patterns in the header, offset may vary to say 0x30, 0x28, and so on. In this cases, use gtp-header-offset statement to set a proper offset value. Once the header offset value is resolved, run gtp-tunnel-endpoint-identifier command for enabling GTP hashing successfully.

    [See gtp-tunnel-endpoint-identifier and gtp-header-offset.]

Virtual Chassis

  • Adaptive load balancing (ALB) feature (Virtual Chassis Fabric)—Starting in Junos OS Release 17.3R2, the adaptive load balancing (ALB) feature for Virtual Chassis Fabric (VCF) is being deprecated to avoid potential VCF instability. The fabric-load-balance configuration statement in the [edit forwarding-options enhanced-hash-key] hierarchy is no longer available to enable and configure ALB in a VCF. When upgrading a VCF to a Junos OS release where ALB is deprecated, if the configuration has ALB enabled, you should delete the fabric-load-balance configuration item before initiating the upgrade.

    [See Understanding Traffic Flow Through a Virtual Chassis Fabric and fabric-load-balance. ]

VLAN Infrastructure

  • LAG interface flaps while adding/removing a VLAN—From Junos OS Release 17.3 or later, the LAG interface flaps while adding or removing a VLAN. The flapping happens when a low speed SFP is plugged into a relatively high speed port. To avoid flapping, configure the port speed to match the speed of the SFP.

Known Behavior

This section lists known behavior, system maximums, and limitations in hardware and software in Junos OS Release 17.3R3 for the QFX Series.

For the most complete and latest information about known Junos OS problems, use the Juniper Networks online Junos Problem Report Search application.

Class of Service (CoS)

  • On QFX10000 line switches, oversubscribing all 8 queues configured with the transmit rate exact statement at the [edit class-of-service schedulers scheduler-name] hierarchy level might result in less than 100 percent utilization of port bandwidth.

    [See transmit-rate.]

EVPN

  • A provider edge (PE) device running EVPN IRB with an IGP configured in a VRF associated with the EVPN instance will be unable to establish an IGP adjacency with a CE device attached to a remote PE device. The IGP instance running in the VRF on the PE might be able to discover the IGP instance running on the remote CE through broadcast or multicast traffic, but will be unable to send unicast traffic directly to the remote CE device. PR977945

  • On QFX10000 switches configured as type-5 route peers, when only peer 1 advertises routes, that peer might not install the decapsulated next-hop (NH) route. As a result, type-5 encapsulated traffic sent by peer 2 is dropped until peer 2 advertises any type-5 route. As a workaround, configure a static route pointing to discard on peer 2 and advertise that route as a type-5 route to peer 1. PR1191092

  • A QFX10000 switch running Junos OS Release 17.3Rx software might experience a small and continuous traffic loss under the following conditions:

    • The switch is configured as a Layer 2 and/or Layer 3 VXLAN gateway in an EVPN-VXLAN topology with either a two-layer or collapsed IP fabric.

    • The switch has default ARP and MAC aging timer values.

    Under these conditions, the following types of traffic flows might be impacted:

    • Bidirectional Layer 3 traffic in a multihomed topology.

    • Unidirectional Layer 3 traffic in a single-homed topology.

    Note that this issue does not impact bidirectional Layer 3 traffic in a single-homed topology.

    To prevent loss in these traffic flows, you must set the aging-timer configuration statement in the [edit system arp] hierarchy level so that the value is less than the value of the global-mac-table-aging-time configuration statement in the [edit protocols l2-learning] hierarchy level. PR1309444

  • With VXLAN configured for 30 VXLAN VNis, L3 Unicast traffic loss might be observed on deleting and adding back all the VXLAN VNIs. PR1318045

  • Deleting a EVPN-VXLAN tenant causes scheduler slippage and BFD flap. PR1366032

  • When the vxlan VNI is removed at remote PE device, the flood groups are cleaned up and the MAC routes are deleted. The router continues to accept traffic for the duration the remote node sends traffic to the VNI that is cleaned up. The show commands will reflect the VNI as valid until the tunnel to the remote PE device is deleted. No operational impact. PR1366983

High Availability (HA) and Resiliency

  • During a nonstop software upgrade (NSSU) on an QFX5100 Virtual Chassis, a traffic loop or loss might occur if the Junos OS software version that you are upgrading and the Junos OS software version that you are upgrading to use different internal message formats. PR1123764

Layer 2 Features

  • On QFX5100 Virtual Chassis interfaces on which flexible VLAN tagging has been enabled, STP, RSTP, MSTP, and VSTP protocols are not supported. PR1075230

  • In EVPN-VXLAN deployment with QFX10000 switches, when vxlan enabled IRB interface is configured in the same routing instance as that of the the underlay vtep tunnel and if the remote VTEP interface IP is resolved over the IRB interface using routing protocols or static route, dc-pfe cores would be generated and all the interfaces would go down. dc-pfe cores would be continuously generated until configuration is corrected. PR1261824

  • When the replication tree used for flooding is reconverging, because some of the leaves have been deleted or added, there is expected to be some transient traffic loss even in leaves that have not changed. This affects only flooding and BUM traffic, not known unicast traffic. PR1274950

  • When NG-MVPN is configured with RSVP provider tunnels and NSR is used, then the egress router for the tunnel might not correctly replicate some of the tunnel state to the backup routing engine, leading to temporary traffic loss during NSR failover for the affected tunnels. PR1293014

MPLS

  • On QFX5100, QFX5110, QFX5200 switches with Layer 2 circuit configured on the PE switches, enabling VLAN bridge encapsulation on a CE interface drops packets if flexible Ethernet services and VLAN CCC encapsulation are configured on the same logical interface. You can configure only one encapsulation type, either set interfaces xe-0/0/18 encapsulation flexible-ethernet-services or set interfaces xe-0/0/18 encapsulation vlan-ccc. PR1329451

  • Layer 2 circuit on aggregated Ethernet (AE) interfaces is not supported on QFX5100, QFX5110, and QFX5200 switches. PR1333730

  • When an analyzer is configured on a QFX5100 switch in the egress direction, packets at the output of analyzer might contain incorrect 802.1q vlan tags. PR1032512

Platform and Infrastructure

  • On EX4600 and QFX5100 switches, the amount of time that it takes for Zero Touch Provisioning to complete might be lengthy because TFTP might take a long time to fetch required data. PR980530

  • On an EX4300 or a QFX5100 Virtual Chassis, when you perform an NSSU, there might be more than five seconds of traffic loss for multicast traffic. PR1125155

  • On QFX10008 switches, if you reboot a QFX10000-36Q line card or a QFX10000-30C line card with traffic running, sometimes framing errors are displayed in the CLI output. This is only a display issue. No actual framing errors have occurred, and traffic is unaffected. PR1223330

  • For a LAG interface, PFE populates only the bundle statistics and not the child's IFL statistics. It always returns zero for IFL statistics. There is a limitation in the hardware which restricts the per IFL stats PR1250870

  • If port speed is changed in from 25G to 100G or there are repeated changes in port speed settings, then the link may remain down. This is a SDK limitation and has been addressed in Broadcom SDK versions 6.5.8 and above. PR1250891

  • On the QFX10K-12C-DWDM Coherent Line Card, when an interface is configured In 8QAM mode, pull out of fiber on the second "OT" interface in the same AC400 module brings both the "OT" interfaces down. This does not affect any functionality. PR1258539

  • Multiple instances of the DAEMON-3-JTASK_SCHED_SLIP system message might be logged when over 50,000 MACs are configured and the device attempts to establish OSPF neighbors. This has no functional impact. PR1274706

  • On a QFX5110-32C switch, if a splitter cable is connected to a Spirent 10G CV/MX card, ports will not come up due to varied pre-empt settings for the splitter and DAC cables. There is a hardware limitation where we have no way in EEPROM to differentiate between splitter and DAC cable to apply different settings. As a workaround, use a 40G Spirent card with internal channelization on the Spirent side and manual channelization on the QFX5110-32C side. PR1280593

  • ERPS convergence takes time after GRES switchover and hence traffic loss is observed for a brief period. PR1290161

  • On QFX10000 line platforms, with a high scale of 4000 VNIs or 200K MACs or both, if large configuration change happens with traffic flowing, then forwarding descriptor memory corruption might occur, leading to complete traffic loss on certain ports. The qualification shows that a system with 400 VNIs has been stable. However, other configurations like global MAC count and underlying MPLS LSPs can increase system load. PR1296089

  • Port LEDs on QFX5100 do not work. If a device connects to a port on QFX5100, the port LED stays unlit. PR1317750

  • For QFX5110, there is a hardware limitation. QFX5110 can route from VxLAN (VFI) domain to VxLAN (VFI) domain only, does not support routing from VxLAN domain to non-VxLAN domain. PR1318178

  • When checking BUM traffic statistics on the VTEP, it might show that the traffic is flooding back to the other VTEPs. This is because the statistics is calculated earlier in the pipeline before the packets are actually dropped. This is a statistics issue due to a BRCM pipeline design and has no functionality impact. This is applicable to all Junos OS releases where VXLAN is supported. PR1348662

  • DLR MAC does not age out when global-mac-table-aging-time is set to 60 seconds. PR1367911

Routing Protocols

  • The QFX5100 switches do not support Bidirectional Forwarding Detection (BFD) timer values of less than 1 second. If a timer value less than 1 second is configured, it might cause BFD flapping. PR942035

  • During a graceful Routing Engine switchover (GRES) on QFX10000 switches, some IPv6 groups might experience momentary traffic loss. This issue occurs when IPv6 traffic is running with multiple paths to the source, and the join-load-balance statement for PIM is also configured. PR1208583

  • A QFX5110 switch running Junos OS Release 17.3R1 or later software functions as both a Layer 3 VXLAN gateway and a DHCP relay in an EVPN-VXLAN topology. After a DHCP client receives and later releases an IP address on an EVPN-VXLAN integrated routing and bridging (IRB) interface configured on the QFX5110 switch, the binding between the DHCP client and the IP address might not be deleted. As a result, the next time that the DHCP client requests an IP address, the response from the DHCP server might take a few minutes. PR1261483

  • QFX5110: Traffic loss of routed packets might be seen through a non-collapsed EVPN-VxLAN L3 GW, when disjoint VxLANs with IRB are provisioned and unprovisioned in bulk on it." PR1276423

  • Remotely received traffic is not flooded to an access concentrator on FPC 1 when FPC 0 is offlined. PR1290500

  • An adjacency segment identifier will not be created for IPv6-only configured interfaces. If the adjacency uses IP alone or IP+IPv6, then an IPv4 adjacency segment identifier or IPv6 adjacency segment identifier will be created. If the adjacency only uses IPv6, then no adjacency segment identifier will be created. PR1290515

  • A QFX10000 switch running Junos OS Release 17.3Rx or 17.4Rx software might experience a small and continuous traffic loss under the following conditions: 1) The switch is configured as a Layer 2 and/or Layer 3 VXLAN gateway in an EVPN-VXLAN topology with either a two-layer or collapsed IP fabric, and 2) The switch has default ARP and MAC aging timer values. Under these conditions, the following types of traffic flows might be impacted: 1) Bidirectional Layer 3 traffic in a multihomed topology, and 2) Unidirectional Layer 3 traffic in a single-homed topology. Note that this issue does not impact bidirectional Layer 3 traffic in a single-homed topology. PR1309444

Virtual Chassis

  • For a large VC, topology hash might have a good impact on VC stability as it reduces programming by skipping some route for intermediate topologies. However, it could delay traffic switch as we observed. By default, topology hash is on. There is hidden cli (set virtual-chassis no-topology-hashF) to turn it off. PR1296196

  • L2/L3 traffic drop is seen after rebooting whole VC (10 member) or changing VC member list (for example, making 6 VC member from 10 VC, back to 10 member VC). PR1314429

Known Issues

This section lists the known issues in hardware and software for the QFX Series switches in Junos OS Release 17.3R3.

Class of Service (CoS)

  • On QFX5110-32C switches, throughput as per RFC 2544 is not 100 percent for some of the frame sizes when the switch is configured with mixed 10/40/100G speed ports. It is fine when tested individually with 10-Gigabit Ethernet, 40-Gigabit Ethernet, and 100-Gigabit Ethernet ports separately. PR1256671

EVPN

  • Mac-move-shutdown stops working if “physical-loop” is introduced continuously in quick succession of 10 mins. Issue is not happening every time but can happen only if “physical-loop” is introduced atleast 4 times. If the loops are spanned over long time, the issue was not seen. The test was performed to check the overall impact on basic features. There was no issue seen on basic learning or major impact on any protocol. This is negative scenario and unlikely to happen in customer network where the multiple loops happen in a short time span. PR1284315

  • A new option exclusive-mac is added under protocols l2-learning global-mac-move as follows: set protocols l2-learning global-mac-move exclusive-mac <mac>. PR1285749

  • In an EVPN-VXLAN scenario, a previously learned MAC address from a remote Ethernet segment Identifier (ESI) cannot be changed to local even if it is connected directly. The MAC address of the host might remain as learned from ESI instead of the local interface until the MAC address is aged out. PR1303202

  • ARP gets deleted and re-learned during the first ARP refresh with EVPN-VXLAN multihomed CE. So traffic drops and recovers for the first ARP refresh. PR1327062

  • In a scaled EVPN-VXLAN setup, loading the scaled configuration and the base configuration alternately for a few times, can result in losing adjacency and hence the protocols will be down. PR1349659

  • The Packet Forwarding Engine process might crash some times when deleting the Layer 2 VXLAN Association and adding the VXLAN to IRB. This is timing issue so core is seen very rarely. PR1373621

  • The BGP and EVPN tables being out of synchronization. This issue might be related to the policy logic or policy configuration used. Routes that are in the BGP table are not appearing in the instance table. PR1374072

General Routing

  • While using SSH to log in to a VNF the error message Unrecognized command is seen. This error has no impact on the functionality. PR1108785

  • On a QFX5100 Virtual Chassis, the MAC address is not learned on an aggregated Ethernet interface configured as a VXLAN Layer 2 port and with the interface mode configured as access. The issue is observed only with aggregated Ethernet interfaces that span multiple Virtual Chassis members and when the member node is rebooted or power cycled. PR1112790

  • While scaling beyond 2000 VLANs or IRBs , Layer 3 multicast traffic does not converge to 100 percentage and continuous drops are observed after bringing down or bringing up the downstream interface or while an FPC comes online after FPC restart. PR1161485

  • When per-packet load balancing is removed or deleted, next hop index may change. PR1198092

  • The ICCP session is maintained by multihop BFD (non-distributed mode). The time interval for BFD keepalive messages is similar to a GRES configuration (for example, keepAlive = 8 seconds). PR1230576

  • On a QFX5110-48S switch, a Gigabit Ethernet interface goes down and comes back up once on a peer as part of a reboot. PR1237572

  • On QFX5100-48T with short-reach mode enabled on copper ports, these copper ports will flap when you commit any configuration related to routing instances. PR1248611

  • Single-bit and multiple-bit ECC errors are not logged on QFX5110 switches. PR1251917

  • On the QFX10000-12C-DWDM coherent line card, it is possible that sometimes the link flaps when MACsec is enabled on Ethernet interfaces. PR1253703

  • The management process might crash if the Openconfig package is installed immediately or within minutes of Network Agent package installation. This is a transient issue and will not impact any functionality. As a workaround, install Openconfig before installing Network Agent. PR1265815

  • The flexible VLAN tagged interface allows both primary and secondary VLAN configuration on different logical units of the same interface, but might not work as expected. PR1267160

  • This issue is applicable to all Virtual Chassis and Virtual Chassis Fabric combinations on the QFX5100, QFX5110, EX4300, and EX4600 platforms. If the reboot option is used with a large Virtual Chassis, some members might not be able to reboot. As a result, some members will still be running the old image and some members will be upgraded to the new image; this causes Virtual Chassis instability. PR1273271

  • No CPU usage is shown in output for show chassis fpc x ( x= QFX5100) in a mixed Virtual Chassis Fabric. CPU utilization values show 0, because the values are being normalized. CPU utilization value increases if the idle time decreases to some extent. PR1274665

  • A hostname synchronization issue occurs between the Junos OS VM instance and the Linux host on TVP platforms. PR1283710

  • On QFX5100 switches, static LAG link protection switchover/revert is not working consistently. PR1286471

  • When link protection with the backup port state "down" and LACP are configured, sometimes the primary port state goes down without a trigger event and the backup port comes up and begins handling traffic. PR1297596

  • When link protection with the backup port state "down" and LACP are configured, if the backup state "down" is removed from the configuration, both ports should come up and the primary port should pass all egress traffic. In some instances, however, traffic might pass through the backup port instead of the primary port. PR1297597

  • Port 0 of Qfx5100-48t does not come up in mixed VCF. As a workaround, use phy diag xe0 dsc command from the BCM shell upon reboot that brings up the port and stays up continuously until the next reboot. PR1323323

  • Family Ethernet-switching cannot be used when flexible VLAN tagging is configured. It is not supported. The behavior is non-deterministic with this configuration and there is a possibility that the dcpfe process generates core files. PR1316236

  • When configuring multihomed EVPN or MC LAG, use the same AE# or configure the same admin-key to make sure the port-ids from both the uplink devices are identical. Otherwise, only one side will come up. PR1324554

  • The management process (mgd) might panic after modifying aggregated Ethernet interface members under "ethernet-switching vlan" stanza. After the mgd panic, the remote session is terminated. PR1325736

  • VIP address cannot be pinged from back-up when VRRP is configured on subinterfaces on QFX10000. PR1338256

  • Commit error observed if the device is downgraded from Junos OS Release 18.2 to Junos OS Release 17.3R3. On loading the new image, certain stale symlinks from previous image contents need to be removed which impact mgd. In this case, the .slax script symlinks from /var/db/sripts/translation are not getting removed, which causes issues in the initial commit by mgd.The issue is only seen when the previous image was having translation scripts (as part of Junos image) and the new image isn't have these translation scripts PR1355542

  • A VC split is happening because the pfed process generates core files and crashes. As a workaround, before initiating NSSU, check if pfed generates core files and crashes. If yes monitor pfed process and start it if it does not run. Then perform NSSU. PR1362781

  • In QFX5100, if a scaled config involving lag interface, 3000+ vlans, and corresponding NHs is removed and new config involving lag interface is applied same time then new config may not take effect till previous config delete is complete. FXPC may take high cpu for prolonged time till delete of previous config is complete. Not observed any other impact on system. PR1363896

  • On QFX10008, QFX10016, PTX5000, PTX10008, PTX10016 platforms, MPLS EXP rewrite is not working properly when the child members of an aggregate interface are in different FPCs PR1364391

  • After a host stops sending traffic, its entries clear when its MAC address times out later. Sometimes IPv6 neighbor entry does not clear right away. There should be no functional impact since the host had already stopped sending traffic. The system eventually recovers when IPv6 neighbor entry times out. PR1368311

  • Before NSSU is initiated, it is recommended to cleanup the storage to avoid unexpected behavior because of storage full. PR1370573

  • On QFX10K platforms, the maximum number of ESI IFLs was 4000 in the Packet Forwarding Engine. The Packet Forwarding Engine process might crash above this limit. PR1371414

  • There are 3 vlans V1001, V1002 and V1003. V1001 is deleted and V1002’s VLAN ID and VNI is changed to that of V1001 and a new vlan V1200 is added with the VLAN ID and VNI of vlan V1002. After the above changes, V1200 is not created in the Packet Forwarding Engine and the other 2 VLANs are functioning as expected. The reason for the new VLAN not created is because, since the new VLAN needs to be created with the same VLAN ID as that of V1002, the bd_add for this VLAN is coming before the VLAN V1002 is updated with the VLAN ID of V1001. As a work around, add the bd again in the next commit. PR1371611

  • BGP session bounce might sometimes cause not to flood BUM traffic to all remote VTEPs. PR1373093

  • When IRB is deactivated or activated on a spine, some of the ARP/ND entries go missing on it. The entries on other remote spines remain in-tact. After restarting l2-learning on the spine where configuration change was made, the issue gets resolved. PR1374339

Interfaces and Chassis

  • On QFX5100 switches, with MAC and ARP inside an IFA block, an error message that states that an IRB interface and an aggregated Ethernet logical interface do not belong to the same routing instance might be displayed, even though they do belong to the same routing instance. PR1239191

  • The CLI allows you to configure more than 2048 sub-interfaces on LAG interface from Junos OS Release 17.2R1 but it should not be accepted and CLI should block it. PR1361689

Layer 2 Features

  • On a QFX5110 platform with VXLAN configured, when any packet goes out of an underlay L3 interface, VXLAN encapsulated packets might be sent with a VLAN tag and might be dropped at the remote VTEP end. PR1271708

  • When using PTP BC applications on QFX10002, the forwarding path for a directly connected device is not automatically present and is not triggered by the PTP packets generated by the QFX10002. As a workaround, either create the forwarding entries by configuring a routing protocol such as OSPF on the interface or add a static ARP entry for the remotely connected PTP device. PR1275327

  • On QFX10016, after deleting and re-adding of 1000 LAG interfaces, traffic drops are seen until ARP are refreshed even when all the LAG interfaces comes up. PR1289546

  • On QFX5000 platforms, when scaled configuration (with greater than 3000 bridge domains and greater than 8000 ESI FILS) is overwritten with Functional configuration (with 4 bridge domains and lesser than 10 ESI IFLs), using the load override command, approximately 2 minutes is taken for cleanup and adding of new configuration. Without waiting for 2 minutes, if overwrite of the configuration is done multiple times, then some bridge domains are not cleaned up in CLI. PR1363410

Network Management and Monitoring

  • The default syslog level is LOG_NOTICE in the default configuration. SNMP_TRAP_LINK_UP for the physical interface (IFD) is logged as LOG_INFO from day one. To help debug physical link UP issues, SNMP_TRAP_LINK_UP events will be logged by default. PR1287244

Routing Protocols

  • On QFX10000 line switches, traffic drop is seen with IS-IS version 6 traffic during convergence in either of the following two scenarios: 1) While doing port unshutdown (that is, bringing up the ports after bringing them down). 2) While FPC comes online after doing an FPC restart. This behavior is seen while flapping one of the IS-IS version 6 sessions. PR1190180

  • On QFX10000 line platforms, during a route next-hop churn or earliest deadline first (EDF), job priority changes, and memory corruption might occur, leading to processing issues and constant packet drop. PR1243724

  • When switchover and zeroize are done in quick succession, zeroize will delete the databases,. If dfwd starts the signup processing after the zeroize, it will generate a core file as the database is not present. Zeroize should be done when the system is in stable state; that is, signups processing by daemons is completed.PR1262385

  • On QFX5110 switches, an EVPN-VXLAN configuration using a custom-IRB MAC (same IP address, same MAC profile) might not work. As a workaround, we recommend you use a virtual gateway address. PR1291406

  • Performing GRES on the EVPN-VXLAN topology with uRPF results in total packet loss. PR1322217

  • BGP strongly recommends the configuration of local-address for each multihop iBGP/eBGP peer configuration. As a recommendation, local-address should be set to route-able lo0 address. Using a loopback address reduces dependency with interfaces. Note: Multihop is by default enabled for iBGP peers. PR1323557

  • On a QFX5200 Virtual Chassis, traffic loss of 0.04 percent is seen with a Routing Engine switchover for the GRE tunnel scale test. PR1323884

  • In a scaled setup, when the host table is full and the host entries are installed in LPM table, OSPF sessions might take more time to come up. PR1358289

  • L3-GW is not supported on QFX5110 with SP style of configuration in Junos OS Release 17.3R3. PR1363708

Software Installation and Upgrade

  • On QFX10K series, password recovery does not work, the commit fails when recovering a password. PR1368986

Resolved Issues

This section lists the issues fixed in the Junos OS main release and the maintenance releases.

For the most complete and latest information about known Junos OS defects, use the Juniper online Junos Problem Report Search application.

Resolved Issues: 17.3R3

General Routing

  • On QFX10000 switches, when using the auto-RP, the Protocol Independent Multicast egress interface disappears after a few minutes. PR1063448

  • The LAG interface input bytes counter continuously decreases when no packets come in. PR1266062

  • DHCP client is not working on the replacement build release. PR1296774

  • SFP management Ethernet port C0 might not come up. PR1298876

  • Traffic loss might be seen if sending traffic through the 40G interface. PR1309613

  • One aggregated Ethernet member does not send out sFlow sample packets. PR1311559

  • Traffic loss is observed while performing NSSU. PR1311977

  • Certain IGMP join packets cannot be processed correctly at a high rate. PR1314382

  • Transit traffic over GRE tunnel might hit the CPU and trigger a DDoS violation on the L3 next hop.PR1315773

  • On a Layer 2 next-generation switch platform (EX4300/EX4600/EX9200QFX5100/QFX10000), the l2cpd process might drop core files repeatedly if an interface is connected to a VoIP product with LLDP and LLDP-MED. enabled. PR1317114

  • Packets such as TDLS without an IP header are looped between the virtual gateways. PR1318382

  • The optic interface still transmits power after it has been administratively shut down. PR1318997

  • The packet might be dropped between 4-60 seconds when the master Routing Engine is rebooted in a Virtual Chassis. PR1319146

  • The chassis MIB SNMP OIDs for VC-B member chassis are not available after an MX-VC ISSU. PR1320370

  • The MAC address is stuck with "DR" flag on the spine node even though packets are received on an interface from the source MAC. PR1320724

  • On the QFX10016 EVPN-VXLAN scaled testbed, it takes up to 3 minutes for traffic to converge during a configuration. PR1323042

  • The openflow session cannot be established correctly with controller and interfaces options configured on QFX5100 Series switches. PR1323273

  • You need to upgrade to new firmware versions for jfirmware package to resolve issues for 100G-PSM4 and 100G-AOC. PR1323321

  • For EVPN of Type-5, the unicast traffic is getting dropped on the backup forwarder. PR1323907

  • The next hop of _all_ces__ flood details might go missing. PR1324739

  • VLAN or VLAN bridge might not be added or deleted if there is an IFBD HW token limit exhaustion. PR1325217

  • The ARP request packets might not be flooded on the QFX5110. PR1326022

  • The major alarm about Fan & PSU Airflow direction mismatch might be seen by removing the management cable. PR1327561

  • Deleting one VXLAN might cause traffic loop on another VXLAN in multi-homing EVPN/VXLAN scenario with Service Provider style interface. PR1327978

  • On a QFX10002, a major alarm should be cleared once the chassis has more PEM units installed than the "minimum PEM" configuration. PR1327999

  • The fan tray removal or insertion trap is not generated for the backup FPC. PR1329031

  • CoS is wrongly applied on Packet Forwarding Engine leading to egress traffic drop. PR1329141

  • The etherStatsCRCAlignErrors counters might disappear in the SNMP tree. PR1329713

  • After commit, members of VC or VCF are split and some members might get disconnected. PR1330132

  • After IP address move, the ARP table information is not in sync between the two spines. PR1330663

  • The rpd process generates core files on the new backup Routing Engine at task_quit,task_terminate_timer_callback,task_timer_dispatch,task_scheduler after disabling NSR+GRES. PR1330750

  • The out of HMC range and HMC READ faild error messages are seen. PR1332251

  • Traffic does not pass through VCP ports after rebooting the VC members. PR1332515

  • For EVPN-VXLAN, the designated forwarder drops multicast traffic. PR1333069

  • The SIB LEDs on the fan tray are off after the replacement of the Fan Tray Controllers (FTC). PR1334006

  • The DHCPv6 SOLICIT message is dropped. PR1334680

  • The SNMP jnxBoxDescr OID returns a different value when upgrading to Junos OS Release 17.2. PR1337798

  • The traffic coming from the remote VTEP PE might be dropped. PR1338532

  • The analyzer status might be show as down when port mirroring is configured to mirror packets from an aggregated Ethernet member. PR1338564

  • The VXLAN traffic might not be transmitted correctly with an IRB interface as an underlay interface of the VTEP tunnel. PR1338586

  • The DDoS counters for OSPF might not increase. PR1339364

  • The l2ald process generates core files at ../../../../../../src/junos/usr.sbin/l2ald/l2ald_vxlan_evpn.c:1603, when moving host between two multihomed interfaces. PR1339543

  • Multicast traffic drop is seen if downstream IRB interfaces have snooping enabled. PR1340003

  • Layer 3 traffic is not getting converged properly upon disabling the ECMP link between spine and leaf with EVPN-VXLAN configurations. PR1343172

  • BPDU packets might get dropped and bpdu-block-on-edge might not work. PR1343330

  • Broadcast frames might be modified with the ethertype 0x8850. PR1343575

  • In an EVPN VXLAN with a flexible-tag mode deployment, 100G interface statistics do not get updated for ingress traffic. PR1343746

  • The ARP reply packet auto generates the virtual gateway MAC in the Ethernet header. PR1344990

  • QFX5100 - Fan RPM fluctuates when temperature sensor reaches its threshold. PR1345181

  • CPU and Memory statistics not populating for backup switch in QFX5110 Virtual Chassis. PR1346268

  • Incorrect inner VLAN tag is sent from QFX10K platform with Q-in-Q configured on the Layer 3 sub-interface. PR1346371

  • Statistics process PFED might crash on an upgrade between certain releases. PR1346925

  • QFX5100-48T 10G interface might be autonegotiated at 100 Mbps speed instead of 10 Gbps. PR1347144

  • The IPFIX flow stats are incorrect in the exported record. PR1347229

  • The part numbers and serial numbers are not displayed for any of the 10G optics/dac connected. PR1347634

  • Traffic is discarded with destination MAC matching the virtual gateway MAC might be seen. PR1348659

  • The pfed process is consuming 80 to 90 percent of CPU, running subscriber management on PPC based routers. PR1351203

  • The GTP traffic might not be hashed correctly for the aggregated Ethernet interface. PR1351518

  • The RPC output is not showing failure when running request system software add with software already staged. PR1353466

  • The alarm errors might be seen during the bootup on QFX10000. PR1354582

  • Untagged packets might not be forwarded through the trunk port .PR1355338

  • On QFX5110 platforms, LX10 SFP needs to be reinserted after autonegotiation is enabled or disabled. PR1355746

  • The VXLAN traffic might be lost in EVPN type 2 and type 5 scenario. PR1355773

  • Spine switches might lose connectivity to the core network. PR1357296

  • The IGMP membership report packets might not be forwarded over an interface on QFX10k. PR1360137

  • The GTP traffic might not be hashed correctly for aggregated Ethernet interface. PR1361379

  • The clear services accounting statistics inline-jflow fpc-slot 0 command should be supported in QFX. PR1362396

  • The proxy ip+mac advertisements are not advertised by spine when host is learned from remote Layer 2 GW and installed in arp table PR1364591

  • On QFX5110, QFX5200, or QFX10000 switches, there is an issue with the root password recovery via console. PR1365740

EVPN

  • On EVPN-VXLAN QFX10000, the jprds_dlu_alpha_add : 222 JPRDS_DLU_ALPHA KHT addition failed. PR1258933

  • On a VXLAN-EVPN, there is IPv6 packet loss after a normal traffic run rate. PR1267830

  • The sub interface from the same physical port does not work if configured under the same VXLAN VLAN. PR1278761

  • When a VLAN uses an IRB interface as the routing interface, the vlan-id parameter must be set to "none" to ensure proper traffic routing. This issue is platform independent.PR1287557

  • For JDISwitchingReg, a VXLAN traffic loss is observed after deleting and adding VLANs. PR1318045

  • In Ethernet VPN (EVPN) or Virtual Extensible LAN (VXLAN), a Layer 3 gateway scenario with multihoming mode configured, the remote Address Resolution Protocol (ARP) entry might not be deleted correctly after deactivating/activating the aggregated Ethernet interface (AE interface with esi configured) or rebooting the device. It will cause traffic to be dropped.PR1326691

  • A core link flap might result in an inconsistent global MAC count. PR1328956

  • The partial multicast traffic might be dropped in an EVPN-VXLAN multihoming scenario with a non-default virtual switch or an EVPN routing-instance configured. PR1334408

  • On QFX5100 EVPN-VXLAN, the leaf is forwarding traffic to an incorrect VTEP after a MAC move or vmotion. PR1335431

  • The ARP entry might be deleted in redundant Layer 3 gateway EVPN-VXLAN scenario after IP address move happens. PR1336185

  • Configuring encapsulate-inner-vlan on the partial VXLANs might cause traffic impact. PR1337953

  • In an EVPN/VXLAN environment, BFD flaps cause VTEP flaps and cause a Packet Forwarding Engine crash. PR1339084

  • The rpd process generates unreproducible core files with scaling EVPN-VXLAN configuration on QFX10K platform. PR1339979

  • The rpd process might generate core files on deleting the default-switch in an EVPN-VXLAN environment. PR1342351

  • The traffic might get dropped as the core is down. PR1343515

  • Traffic might be lost on Layer 2 and Layer 3 spine node in multi home EVPN scenario. PR1355165

  • Increased risk of routing crash with temporary impact on traffic on QFX10000 or QFX5100 nodes with certain configuration changes or clearing Layer 2 or Layer 3 learning information a high-scale EVPN-VXLAN configuration environment PR1365257

  • The VTEPs MAC address is not learnt in the Ethernet switching table. PR1371995

High Availability (HA) and Resiliency

  • When igmp-snooping and bpdu-block-on-edge are enabled, the IP protocol multicast traffic sourced by the kernel (such as, OSPF and VRRP) gets dropped in the Packet Forwarding Engine level. PR1301773

Interfaces and Chassis

  • Multicast data packets are looping in MC-LAG. PR1281646

  • On QFX5K and EX4600 platforms, if ICL is configured on single interface (without LAG) and remote MCAE is down, and both MCLAG peers are rebooted, sometimes packets might drop on ICL of MCLAG peer where MCAE is up. PR1345316

  • If CVLANs range is 16, it might not pass traffic in a Q-in-Q scenario. PR1345994

Layer 2 Features

  • The NLB heartbeat packets might be dropped on QFX10000 or PTX Series. PR1322183

  • The ARP entry might be learned on STP blocking ports. PR1324245

  • MAC learning might fail for a device on an extended port of a satellite device after a MAC move in a Junos Fusion scenario. PR1324579

  • The DHCP discover packets might be looped in an MC-LAG and a DHCP-relay scenario. PR1325425

  • On a QFX5100 with multiple logical units configured on an interface, the input VLAN map point of presence (POP) is not removing the outer VLAN tag when Q-in-Q and VXLAN are involved. PR1331722

  • Push is not working for VXLAN local switching for Q-in-Q. PR1332346

  • The interface with flexible VLAN tagging and family Ethernet switching does not work on QFX10000. PR1337311

  • Traffic stops passing through the EVPN interface configured with encapsulation Ethernet bridge, unit 0; after code upgrade from Junos OS Release 15.1X53-D65 to Junos OS Release17.3R2. PR1344874

Layer 2 Ethernet Services

  • The jdhcpd process generates core files after making DHCP configuration changes. PR1324800

MPLS

  • On QFX5100, unified ISSU is not supported with MPLS configuration. PR1264786

  • Traffic drops during NSR switchover for RSVP P2MP provider tunnels used by MVPN. PR1293014

  • MPLS forwarding might not happen properly for some LSPs. PR1319379

  • The rpd process might crash on the backup Routing Engine due to memory exhaustion. PR1328974

  • The hot standby for l2circuit does not work on a QFX5100. PR1329720

  • RSVP sessions goes down for ingress LSPs with no-cspf enabled. PR1339916

  • The NO-propogate-TTL acts on MPLS swap operation. PR1366804

Platform and Infrastructure

  • Directories and files under /var/db/scripts lose execution permission or directory 'jet' is missing under /var/db/scripts file causing the following error: Invalid directory: No such file or directory error during commit PR1328570

  • While downgrading a Junos OS software from a later release, the router goes into amnesiac state. PR1341650

  • The ARP might not update and packets might get dropped at the Routing Engine. PR1348029

Routing Protocols

  • An mcsnoopd core file is observed at (enable_slip_detector=true, no_exit=true) at ../../../../../../src/junos/lib/libjtask/base/task_scheduler.c:275.PR1305239

  • Diffserv bits/ToS bits are not getting copied from the inner IP header to the GRE header. PR1313311

  • Some of the IPv4 multicast routes in the Packet Forwarding Engine might fail to install and update. PR1320723

  • On a QFX5100, consistent hashing is not getting programmed. PR1322299

  • The IS-IS Layer 2 hello packets are dropped when they come from a Brocade device. PR1325436

  • The loopbacked IRB interface is not accessible to the remote network. PR1333019

  • The dcpfe process crash is seen in route leak scenario on a QFX10000. PR1334714

  • The reverse path forwarding (RPF) check policy does not work as expected. PR1336909

  • Ping fails if MTU is different on the interfaces. PR1345495

  • Parity error in Layer 3 IPv4 table. PR1364657

Resolved Issues: 17.3R2

Hardware

  • The 1G copper module interface shows "Link-mode: Half-duplex" on QFX10000 line platforms. PR1286709

  • ULC-60S-6Q LC on QFX10008: The port becomes unusable after inserting a third-party SFP-T optic. PR1294394

Class of Service (CoS)

  • On EX4300, EX4600, or QFX5100, traffic might be dropped when there is more than one forwarding class under "forwarding-class-sets". PR1255077

EVPNs

  • Next-hop installation error messages are seen on QFX10000 line switches.PR1258930

  • QFX10002 VXLAN with MPLS underlay seen traffic loss at RSVP egress PR1289666

  • On QFX5100 switches with EVPN-VXLAN deployed, broadcast and multicast traffic might not be sent to other switches through VTEP interfaces. PR1293163

  • On QFX10000 switches with EVPN deployed, packet corruption is seen with Packet Forward Engine trap code (129) egp.v4_chksum when sending L3 inter-VNI traffic with the underlay vlan-tagging inet interface. PR1295491

  • df-election-type preference statements in the [show interfaces esi] hierarchy level are not supported on QFX10000 running Junos OS Release 17.3R1. PR1300093

  • The dynamic routing protocols might not work correctly over the IRB interface in an EVPN-VXLAN scenario with ECMP. PR1301521

  • RPD crash on loading EVPN configurations in qfx10002-72q. PR1305440

  • EVPN Proxy ARP might work properly. PR1312672

Interfaces and Chassis

  • Multicast data packets are looping in MC-LAG. PR1281646

  • ARP reply drop in MC-LAG scenario. PR1282349

  • On QFX5100 switches, an AE interface might flap upon commit if an explicit speed is configured on an AE member interface. PR1284495

  • Traffic might not be received on a 1-Gigabit Ethernet interface if autonegotiation is disabled and speed/duplex is configured on both the QFX Series switch and the peer host. PR1292275

  • The 40-Gigabit Ethernet interface might not come up if a specific vendor's DAC cable is used. PR1296011

  • On QFX Series platforms, the connectivity of IPv4 might be lost if the Logical interface (IFL) gl2d-property (eth) bit is set to 0. PR1297594

  • On QFX Series platforms with ZTP environment, the DHCP clients are not getting an IP address with /31 subnet in server configuration. PR1298234

  • The dcpfe process might crash and restart on MC-LAG active and standby nodes when there is ARP/NDP next-hop change. PR1299112

  • Disabled 10-Gigabit Ethernet interfaces might stay up on QFX10000 line switches. PR1300775

  • QFX10008/10016: Commit error is seen when configured with mixed speed. PR1301923

  • On QFX5100/5110/5200 devices, IGMP snooping entries are not learnt on MCLAG peer. PR1302620

  • QSFP+4x10G-IR channelized interface down between QFX5200 and PTX5000 PR1307400

  • Upgrading to 16.1R5 without “redundancy-group-id-list” statement prior in ICCP leads to commit failure during bootup. PR1311009

  • Core link flap might result in an inconsistent global MAC count. PR1328956

Layer 2 Features

  • Feature swap-swap might not work as expected in a Q-in-Q scenario. PR1297772

  • Device transmits packets that exceed the interface MTU. PR1306724

  • NLB heartbeat packets might be dropped on QFX10000/PTX. PR1322183

  • The DHCP Discover packets might be looped in MC-LAG and DHCP-Relay scenario. PR1325425

Layer 3 Features

  • QFX5110-48S: L3 VPN traffic is dropped for some instances when EVPN-VXLAN configuration is removed and reapplied. PR1307590

Management

  • QFX5110-48S: digital optical monitoring statistics cannot be received through the CLI in Junos OS Releases 15.1X53 through 17.x. PR1305506

MPLS

  • QFX5100: ISSU is not supported with MPLS configuration. PR1264786

  • 17.3: U8: QFX10008 is dropping the egress MPLS traffic, if the egress interface is an IRB with access L2 AE interface. PR1279827

  • DHCP clients cannot get IP addresses over BGP-L3VPN. PR1303442

  • LSP stop transferring/passing traffic after MPLS route is changed.PR1309058

  • MPLS forwarding might not happen properly for some LSPs. PR1319379

Network Management and Monitoring

  • UFT for non-local member is not shown in the CLI. PR1243758

  • MACsec issue: "show security macsec statistics" command does not show expected results. PR1283544

  • SNMP process is not running on QFX Series switches with incorrect source addresses. PR1285198

Platform and Infrastructure

  • Traffic loss might be observed for about 10 seconds if master member FPC reboots. PR1283702

  • QFX10002 and QFX10008: BFD sessions over IRB interfaces with Junos OS Releases 17.1R1, 17.1R2, 17.2R1. and 17.3R1 are centralized. PR1284743

  • The dexp process might crash after committing set system commit delta-export. PR1284788

  • Storm-control flags are not set after a Routing Engine switchover. PR1290246

  • OSPFv3 authentication using IPsec SA does not work if you are using IPsec to authenticate OSPFv3 neighbors on some QFX Series platforms. PR1301428

  • The sflow records are missing "extendedType ROUTER" fields as well as an outbound interface for traffic that is using BGP multipath. PR1303236

  • The FPC memory might be exhausted with SHEAF leak messages seen in the syslog. PR1311949

  • JDISwitchingReg : Traffic loss is observed while performing NSSU. PR1311977

  • CPU utilization is around 50% without any configuration. PR1312520

  • On QFX5200 Virtual Chassis, 100G port VCP not supported. PR1314922

  • Transit traffic over GRE tunnel might hit the CPU and trigger a DDoS violation on the L3 next hop. PR1315773

  • On an L2 next-generation switch platform (EX4300/EX4600/EX9200/QFX5100/QFX10000), l2cpd might drop core files repeatedly if an interface is connected to a VoIP product with LLDP and LLDP-MED enabled. PR1317114

  • Port speed is still showing 100G instead of 50G because the physical interface (IFD) has been channelized to 50G. PR1319884

  • FPCs go offline due to the error CHASSISD_IPC_CONNECTION_DROPPED: Dropped IPC connection for FPC.PR1321198

  • EVPN Type 5: Unicast traffic is getting dropped on the backup forwarder. PR1323907

  • QFX5100/EX4600/ACX5k : Major Alarm 'Fan & PSU Airflow direction mismatch' by removing management cable. PR1327561

  • QFX10002: Major alarm should be cleared once the chassis has more PEM units installed than the "minimum PEM" configuration. PR1327999

Port Security

  • Proxy-ARP and ARP suppression are not yet supported for the QFX10000 line. PR1293707

Routing Policy and Firewall Filters

  • The rpd might crash if vrf-target auto is configured under routing-instance. PR1301721

Routing Protocols

  • OVSDB and Openflow have some limitations on QFX5110, QFX5200, QFX10002, QFX10008, and QFX10016 switches running Junos OS Releases 17.1R1, 17.1R2, and 17.2R1. PR1288227

  • FBF with next-ip/next-ip6/next-interface is not working. PR1289642

  • Remotely received traffic is not flooded to AC on FPC 1 when FPC 0 was offlined. PR1290500

  • IPv6 multicast traffic drop occurs in PIM SSM scenario. PR1292519

  • On QFX5100, the fxpc process generates a core file. PR1294033

  • The dcpfe process might crash after a period of idle time on QFX10000 switches. PR1294055

  • If MPLS LSP self-ping is enabled (self-ping is enabled by default), the kernel might panic with an error message Fatal trap 12: page fault while in kernel mode." PR1303798

  • Observed mcsnoopd core file at __raise,abort,__task_quit__,task_quit,task_terminate_timer_callback,task_timer_dispatch,task_scheduler_internal (enable_slip_detector=true, no_exit=true) at ../../../../../../src/junos/lib/libjtask/base/task_scheduler.c:275. PR1305239

  • Packets drop is seen when programming for GRE traffic. PR1308438

Software Installation and Upgrade

  • After upgrading the QFX5100-96s-8q to Junos OS Release 16.1R4 from Junos OS Release 15.1R4, showing commit warning '/boot/ffp.cookie+". PR1283917

Virtual Chassis

  • QFX5100 TVP: Not able to load TVP image on top of a non-TVP 5100 image while adding a QFX5100 switch to the Virtual Chassis. PR1248145

  • QFX5200: New apply group not applying to the Virtual Chassis after a reboot. PR1305520

  • QFX-VC: Sometimes seeing that Multicast packets received 2x 3x times than expected. PR1306239

  • QFX5110 VC/VCF: VC members reboot before all members have image installed. PR1309103

  • Some log messages are seen on the QFX5110 platform when plugging in an SFP-SX. PR1311279

Resolved Issues: 17.3R1

General Routing

  • On QFX10000 line switches, sFlow monitoring technology output might display a negative number of samples after a long run. As a workaround, issue the clear sflow collector command to show or reset the count. PR1244080

  • VLAN association is not being updated in the Ethernet switching table when the device is configured in single supplicant mode. PR1283880

  • Hostname synchronization from Junos VM instance to Linux Host in TVP Platforms (QFX). PR1283710

Interfaces and Chassis

  • Interfaces randomly do not come up after a line card restart. PR1262839

  • On QFX5100 switches, a 40G interface may keep flapping when a 5M DAC cable is inserted. PR1273861

  • On QFX10000 switches, there may be an ot- link flap whenever there is an optics TCA alarm, however there is no loss of signal and no traffic loss observed. PR1279351

  • FEC disabled by default on 100G-LR optics for QFX5200 switches. PR1286389

Layer 2 Features

  • All the XML duplications and unformatted output are addressed. For Example, histogram was just declared as a element inside pfkey container, with this change a new container is defined for histogram. PR1271648

Port Security

  • On QFX10000 switches, MACsec sessions are not coming up on a Layer 3 sub-interface. PR1282995

Routing Protocols

  • When static Link protection mode configured back up state as down, primary port is going to down state instead of secondary port while secondary is at up state. PR1276156

  • UDP traffic with destination port 520 and 521 is discarded on QFX5110 switches after a Junos OS upgrade. PR1287271

  • In a data center environment with EVPN/VXLAN and proxy MAC plus IP advertisement enabled on a Layer 3 gateway, the state for some MACs may be lost during MAC moves. PR1291118

System Management

  • Multicast Listener Discovery (MLD) messages are seen continuously on QFX switches if the management ports are connected through a network. PR1277618

  • Analytics json data format reporting incorrect value for 'rxbps' counter. PR1285434

VXLAN

  • Two new CLI commands are added: set forwarding-options vxlan-routing next-hop number ; set forwarding-options vxlan-routing interface-num number. These commands are applicable only for QFX5110 switches. PR1259323

Documentation Updates

This section lists the errata and changes in Junos OS Release 17.3R3 for the QFX Series switches documentation.

Traffic Management User Guide for the QFX Series

  • Consolidation of the Traffic Management User Guide for QFX Series and EX4600 Switches (QFX Series)—Starting in Junos OS Release 17.3R1, the following three traffic management guides are consolidated into one user guide:

    • Traffic Management User Guide for QFX Series

    • Traffic Management User Guide for QFX 10000 Series

    • Traffic Management User Guide for EX4600 Switches

    [See Traffic Management User Guide for QFX Series and EX4600 Switches.]

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network.

Upgrading Software on QFX Series Switches

When upgrading or downgrading Junos OS, always use the jinstall package. Use other packages (such as the jbundle package) only when so instructed by a Juniper Networks support representative. For information about the contents of the jinstall package and details of the installation process, see the Installation and Upgrade Guide and Junos OS Basics in the QFX Series documentation.

If you are not familiar with the download and installation process, follow these steps:

  1. In a browser, go to https://support.juniper.net/support/downloads/junos.html.

    The Junos Platforms Download Software page appears.

  2. In the QFX Series section of the Junos Platforms Download Software page, select the QFX Series platform for which you want to download the software.
  3. Select 17.3 in the Release pull-down list to the right of the Software tab on the Download Software page.
  4. In the Install Package section of the Software tab, select the QFX Series Install Package for the 17.3 release.

    An Alert box appears.

  5. In the Alert box, click the link to the PSN document for details about the software, and click the link to download it.

    A login screen appears.

  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.
  7. Download the software to a local host.
  8. Copy the software to the device or to your internal software distribution site.
  9. Install the new jinstall package on the device.Note

    We recommend that you upgrade all software packages out of band using the console, because in-band connections are lost during the upgrade process.

    Customers in the United States and Canada use the following command:

    user@host> request system software add source/jinstall-host-qfx-10-f-x86-64-17.3 -R3.n-secure-signed.tgz reboot

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the switch.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname (available only for Canada and U.S. version)

    Adding the reboot command reboots the switch after the upgrade is installed. When the reboot is complete, the switch displays the login prompt. The loading process can take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note

After you install a Junos OS Release 17.3 jinstall package, you can issue the request system software rollback command to return to the previously installed software.

Installing the Software on QFX10002 Switches

Note

If you are upgrading from a version of software that does not have the FreeBSD 10 kernel (15.1X53-D30, for example), you will need to upgrade from Junos OS Release 15.1X53-D30 to Junos OS Release 15.1X53-D32. After you have installed Junos OS Release 15.1X53-D32, you can upgrade to Junos OS Release 15.1X53-D60 or Junos OS Release 17.3R2.

Note

On the switch, use the force-host option to force-install the latest version of the Host OS. However, by default, if the Host OS version is different from the one that is already installed on the switch, the latest version is installed without using the force-host option.

If the installation package resides locally on the switch, execute the request system software add <pathname><source> reboot command.

For example:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-f-x86-64-17.3 -R3.n-secure-signed.tgz reboot reboot

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> reboot command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-f-x86-64-17.3 -R3.n-secure-signed.tgz reboot reboot

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Upgrading Software from Junos OS Release 15.1X53-D3X to Junos OS Release 15.1X53-D60, 15.1X53-D61.7, 15.1X53-D62, and 15.1X53-D63 on QFX10008 and QFX10016 Switches

Note

Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://support.juniper.net/support.

The switch contains two Routing Engines, so you will need to install the software on each Routing Engine (re0 and re1).

If the installation package resides locally on the switch, execute the request system software add <pathname><source> command.

To install the software on re0:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re0

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re0 command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re0

To install the software on re1:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re1

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re1 command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re1

Reboot both Routing Engines.

For example:

user@switch> request system reboot both-routing-engines

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Installing the Software on QFX10008 and QFX10016 Switches

Because the switch has two Routing Engines, perform a Junos OS installation on each Routing Engine separately to avoid disrupting network operation.

Note

Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://support.juniper.net/support.

Warning

If graceful Routing Engine switchover (GRES), nonstop bridging (NSB), or nonstop active routing (NSR) is enabled when you initiate a software installation, the software does not install properly. Make sure you issue the CLI delete chassis redundancy command when prompted. If GRES is enabled, it will be removed with the redundancy command. By default, NSR is disabled. If NSR is enabled, remove the nonstop-routing statement from the [edit routing-options] hierarchy level to disable it.

  1. Log in to the master Routing Engine’s console.

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  2. From the command line, enter configuration mode:

    user@switch> configure
  3. Disable Routing Engine redundancy:

    user@switch# delete chassis redundancy
  4. Disable nonstop-bridging:

    user@switch# delete protocols layer2-control nonstop-bridging
  5. Save the configuration change on both Routing Engines:

    user@switch# commit synchronize
  6. Exit the CLI configuration mode:

    user@switch# exit

    After the switch has been prepared, you first install the new Junos OS release on the backup Routing Engine, while keeping the currently running software version on the master Routing Engine. This enables the master Routing Engine to continue operations, minimizing disruption to your network.

    After making sure that the new software version is running correctly on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the software version on the other Routing Engine.

  7. Log in to the console port on the other Routing Engine (currently the backup).

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  8. Install the new software package using the request system software add command:

    user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-f-x86-64-17.3 -R3.n-secure-signed.tgz reboot

    For more information about the request system software add command, see the CLI Explorer.

  9. Reboot the switch to start the new software using the request system reboot command:

    user@switch> request system reboot
    Note

    You must reboot the switch to load the new installation of Junos OS on the switch.

    To abort the installation, do not reboot your switch. Instead, finish the installation and then issue the request system software delete <package-name> command. This is your last chance to stop the installation.

    All the software is loaded when you reboot the switch. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.

    While the software is being upgraded, the Routing Engine on which you are performing the installation is not sending traffic.

  10. Log in and issue the show version command to verify the version of the software installed.

    user@switch> show version

    Once the software is installed on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the master Routing Engine software.

  11. Log in to the master Routing Engine console port.

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  12. Transfer routing control to the backup Routing Engine:

    user@switch> request chassis routing-engine master switch

    For more information about the request chassis routing-engine master command, see the CLI Explorer.

  13. Verify that the backup Routing Engine (slot 1) is the master Routing Engine:

    user@switch> show chassis routing-engine
  14. Install the new software package using the request system software add command:

    user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-f-x86-64-17.3 -R3.n-secure-signed.tgz reboot

    For more information about the request system software add command, see the CLI Explorer.

  15. Reboot the Routing Engine using the request system reboot command:

    user@switch> request system reboot
    Note

    You must reboot to load the new installation of Junos OS on the switch.

    To abort the installation, do not reboot your system. Instead, finish the installation and then issue the request system software delete jinstall <package-name> command. This is your last chance to stop the installation.

    The software is loaded when you reboot the system. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.

    While the software is being upgraded, the Routing Engine on which you are performing the installation does not send traffic.

  16. Log in and issue the show version command to verify the version of the software installed.

  17. Transfer routing control back to the master Routing Engine:

    user@switch> request chassis routing-engine master switch

    For more information about the request chassis routing-engine master command, see the CLI Explorer.

  18. Verify that the master Routing Engine (slot 0) is indeed the master Routing Engine:

    user@switch> show chassis routing-engine

Performing a Unified ISSU

You can use unified ISSU to upgrade the software running on the switch with minimal traffic disruption during the upgrade.

Note

Unified ISSU is supported for upgrading to Junos OS Release 17.3R2 from 17.1R1 or later. Upgrading to 17.3R2 from releases prior to 17.1R1 is not supported. For example, upgrading from Junos OS Release 14.1X53 to 17.3R2 is not supported.

Perform the following tasks:

Preparing the Switch for Software Installation

Before you begin software installation using unified ISSU:

  • Ensure that nonstop active routing (NSR), nonstop bridging (NSB), and graceful Routing Engine switchover (GRES) are enabled. NSB and GRES enable NSB-supported Layer 2 protocols to synchronize protocol information between the master and backup Routing Engines.

    To verify that nonstop active routing is enabled:

    Note

    If nonstop active routing is enabled, then graceful Routing Engine switchover is enabled.

    If nonstop active routing is not enabled (Stateful Replication is Disabled), see Configuring Nonstop Active Routing on Switches for information about how to enable it.

  • Enable nonstop bridging (NSB). See Configuring Nonstop Bridging on Switches (CLI Procedure) for information on how to enable it.

  • (Optional) Back up the system software—Junos OS, the active configuration, and log files—on the switch to an external storage device with the request system snapshot command.

Upgrading the Software Using Unified ISSU

This procedure describes how to upgrade the software running on a standalone switch.

To upgrade the switch using unified ISSU:

  1. Download the software package by following the procedure in the Downloading Software Files with a Browser section in Installing Software Packages on QFX Series Devices.

  2. Copy the software package or packages to the switch. We recommend that you copy the file to the /var/tmp directory.

  3. Log in to the console connection. Using a console connection allows you to monitor the progress of the upgrade.

  4. Start the ISSU:

    • On the switch, enter:

      where package-name.tgz is, for example, /jinstall-host-qfx-10-f-x86-64-17.3 -R3.n-secure-signed.tgz reboot.

    Note

    During the upgrade, you cannot access the Junos OS CLI.

    The switch displays status messages similar to the following messages as the upgrade executes:

    Note

    A unified ISSU might stop, instead of abort, if the FPC is at the warm boot stage. Also, any links that go down and up will not be detected during a warm boot of the Packet Forwarding Engine (PFE).

    Note

    If the unified ISSU process stops, you can look at the log files to diagnose the problem. The log files are located at /var/log/vjunos-log.tgz.

  5. Log in after the reboot of the switch completes. To verify that the software has been upgraded, enter the following command:

  6. Ensure that the resilient dual-root partitions feature operates correctly, by copying the new Junos OS image into the alternate root partitions of all of the switches:

    Resilient dual-root partitions allow the switch to boot transparently from the alternate root partition if the system fails to boot from the primary root partition.

Product Compatibility

Hardware Compatibility

To obtain information about the components that are supported on the devices, and the special compatibility guidelines with the release, see the Hardware Guide for the product.

To determine the features supported on QFX Series switches in this release, use the Juniper Networks Feature Explorer, a Web-based application that helps you to explore and compare Junos OS feature information to find the right software release and hardware platform for your network. Find Feature Explorer at https://pathfinder.juniper.net/feature-explorer/.

Hardware Compatibility Tool

For a hardware compatibility matrix for optical interfaces and transceivers supported across all platforms, see the Hardware Compatibility tool.