Junos OS Release Notes for the QFX Series

 

These release notes accompany Junos OS Release 17.4R2 for the QFX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

New and Changed Features

This section describes the new features for the QFX Series switches in Junos OS Release 17.4R2.

Note

The following QFX Series platforms are supported in Release 17.4R2: QFX5100, QFX5110, QFX5200, QFX10002, QFX10008, and QFX10016.

Release 17.4R2 New and Changed Features

Restoration Procedures and Failure Handling

  • Device recovery mode support in Junos OS with upgraded FreeBSD (QFX Series)—Starting in Junos OS Release 17.4R2, devices running Junos OS with an upgraded FreeBSD and a saved rescue configuration have an automatic device recovery mode should the system go into amnesiac mode. The new process has the system automatically reboot with the saved rescue configuration. Then, the system displays "Device is in recovery mode” in the CLI (in both operational and configuration modes). Previously, there was no automatic process to recover from amnesiac mode. A user with load and commit permission had to log in using the console and fix the issue in the configuration before the system would reboot.

    [See Saving a Rescue Configuration File.]

Release 17.4R1 New and Changed Features

Hardware

  • QFX10000-30C-M line card (QFX10008 and QFX100016 switches)–-Starting with Junos OS Release 17.4R-S2, the QFXF10000-30C-M line cards provides 30 ports of either 100-gigabit or 40-gigabit QSFP28 with MACsec features.

Class of Service (CoS)

  • Priority-based flow control (PFC) using Differentiated Services code points (DSCP) at Layer 3 for untagged traffic (QFX5110 and QFX5200 switches)—Starting in Junos OS Release 17.4R1, to support lossless traffic across Layer 3 connections to Layer 2 subnetworks on QFX5110 and QFX5200 switches, you can configure priority-based flow control (PFC) to operate using 6-bit DSCP values from Layer 3 headers of untagged VLAN traffic, rather than IEEE 802.1P priority values in Layer 2 VLAN-tagged packet headers. DSCP-based PFC is required to support Remote Direct Memory Access (RDMA) over converged Ethernet version 2 (RoCEv2).

    To enable DSCP-based PFC, map a forwarding class to a PFC priority using the pfc-priority statement, define a congestion notification profile to enable PFC on traffic specified by a 6-bit DSCP value, and set up a classifier for the DSCP value and the PFC-mapped forwarding class.

    [See Understanding PFC Using DSCP at Layer 3 for Untagged Traffic.]

EVPNs

  • Support for LACP in EVPN active-active multihoming (QFX5100, QFX5100 Virtual Chassis, QFX5110, and QFX5200 switches)——Starting with Junos OS Release 17.4R1, an extra level of redundancy can be achieved in an Ethernet VPN (EVPN) active-active multihoming network by configuring the Link Aggregation Control Protocol (LACP) on both the endpoints of the link between the multihomed customer edge (CE) and provider edge (PE) devices. The link aggregation group (LAG) interface of the multihomed CE-PE link can either be in the active or in the standby state. The interface state is monitored and operated by LACP to ensure fast convergence on isolation of a multihomed PE device from the core. When there is a core failure, a traffic black hole can occur at the isolated PE device. With the support for LACP on the CE-PE link, at the time of core isolation, the CE-facing interface of the multihomed PE device is set to the standby state, thereby blocking data traffic transmission from and toward the multihomed CE device. After the core recovers from the failure, the interface state is switched back from standby to active.

    To configure LACP in EVPN active-active multihoming network:

    • On the multihomed CE device include the lacp active statement at the [edit interfaces aex aggregated-ether-options] hierarchy.

    • On the multihomed PE device include the lacp active statement at the [edit interfaces aex aggregated-ether-options] hierarchy, and include the service-id number statement at the [edit switch-options] hierarchy.

    [See Understanding LACP for EVPN Active-Active Multihoming.]

  • EVPN pure type-5 route support (QFX5110 switches)—Starting with Junos OS Release 17.4R1, you can configure pure type-5 routing in an Ethernet VPN (EVPN) Virtual Extensible LAN (VXLAN) environment. Pure type-5 routing is used when the Layer 2 domain does not exist at the remote data centers. A pure type-5 route advertises the summary IP prefix and includes a BGP extended community called a router MAC, which is used to carry the MAC address of the sending switch and to provide next-hop reachability for the prefix. To configure pure type-5 routing include the ip-prefix-routes advertise direct-nexthop statement at the [edit routing-instances routing-instance-name protocols evpn] hierarchy level. To enable two-level equal-cost multipath (ECMP) next hops in an EVPN-VXLAN overlay network, you must also include the overlay-ecmp statement at the [edit forwarding-options vxlan-routing] hierarchy level.

    [See ip-prefix-routes.]

  • SPRING support for EVPN (QFX10000 switches)—-Starting in Junos OS Release 17.4R1, Junos OS supports using Source Packet Routing in Networking (SPRING) as the underlay transport in EVPN. SPRING tunnels enable routers to steer a packet through a specific set of nodes and links in the network.

    To configure SPRING, use the source-packet-routing statement at the [edit protocols isis] hierarchy level.

    [See Understanding Source Packet Routing in Networking (SPRING).]

  • Support for duplicate MAC address detection and suppression (QFX10000 switches)— When a MAC address relocates, PE devices can converge on the latest location by using sequence numbers in the extended community field. Misconfigurations in the network can lead to duplicate MAC addresses. Starting in Junos OS Release 17.4R1, Juniper supports duplicate MAC address detection and suppression.

    You can modify the duplicate MAC address detection settings on the switch by configuring the detection window for identifying duplicate MAC address and the number of MAC address moves detected within the detection window before duplicate MAC detection is triggered and the MAC address is suppressed. In addition, you can also configure an optional recovery time that the switch waits before the duplicate MAC address is automatically unsupressed.

    To configure duplicate MAC detection parameters, use the detection-window, detection-threshold, and auto-recovery-time statements at the [edit routing instance routing-instance-name protocols evpn duplicate-mac-detection] hierarchy level.

    To clear duplicate MAC suppression manually, use the clear evpn duplicate-mac-suppression command.

    [See Overview of MAC Mobility. ]

General Routing

  • Enhancement to show chassis forwarding-options command (QFX5200 Virtual Chassis)—Starting in Junos OS Release 17.4R1, the show chassis forwarding-options command displays information about memory banks for QFX5200 Virtual Chassis only for the master. This information is not displayed for all the other members Memory banks can be partitioned among different types of forwarding table entries through the Unified Forwarding Table feature. Values remain the same across all members. All configuration changes for the Unified Forwarding Table are made through the Master.

    [See show chassis forwarding-options.]

Interfaces and Chassis

  • Support for resilient hashing for LAGs and ECMP (QFX10000)—Starting with Junos OS Release 17.4R1 on QFX10000 switches, you can prevent the reordering of flows to active paths in link aggregation groups (LAGs) or ECMP when one or more paths fail. Only flows that are on inactive paths are redirected. It overrides the default behavior of disrupting all existing, including active, TCP connections when an active path fails. You can optionally set a specific value for the resilient-hash seed that differs from the hash-seed value that will be used by the other hash functions on the switch. A resilient hashing configuration on ECMP is applied through use of a route policy.

    [See Understanding the Use of Resilient Hashing to Minimize Flow Remapping.]

  • Enterprise profile for Precision Time Protocol (PTP) (QFX10002 switches)—Starting with Junos OS Release 17.41, the enterprise profile, which is based on PTPv2, provides the ability for enterprise and financial markets to timestamp on different systems and to handle a range of latency and delays.

    The enterprise profile supports the following options:

    • IPv4 multicast transport

    • Ordinary and boundary clocks

    • 1-Gigabit SFP grandmaster port

    • 512 downstream slave clocks

    You can configure the enterprise profile at the [edit protocols ptp profile-type] hierarchy.

    [See Understanding Transparent Clocks in Precision Time Protocol.]

  • Support for Precision Time Protocol (PTP) transparent clock (QFX5200 switches)—Starting with Junos OS Release 17.4R1, PTP synchronizes clocks throughout a packet-switched network. With a transparent clock, the PTP packets are updated with residence time as the packets pass through the switch. There is no master/slave designation. End-to-end transparent clocks are supported. With an end-to-end transparent clock, only the residence time is included. The residence time can be sent in a one-step process, which means that the timestamps are sent in one packet. In a two-step process, estimated timestamps are sent in one packet, and additional packets contain updated timestamps. In addition, UDP over IPv4 and IPv6 and unicast and multicast transparent clock are supported.

    [See Understanding Transparent Clocks in Precision Time Protocol.]

Junos OS XML API and Scripting

  • Automation script library additions and upgrades (QFX Series)—Starting in Junos OS Release 17.4R1, devices running Junos OS include new and upgraded Python modules as well as upgraded versions of Junos PyEZ and libslax. On-box Python automation scripts can use features supported in Junos PyEZ Release 2.1.4 and earlier releases to perform operational and configuration tasks on devices running Junos OS. Python automation scripts can also leverage new on-box Python modules including ipaddress, jxmlease, pyang, serial, and six, as well as upgraded versions of existing modules. In addition, SLAX automation scripts can include features supported in libslax release 0.22.0 and earlier releases.

    [See Overview of Python Modules Available on Devices Running Junos OS and libslax Distribution Overview.]

Management

  • Enhancements to LSP events sensor for Junos Telemetry Interface (QFX5110, QFX5200, and QFX10000 switches) —Starting with Junos OS Release 17.4R1, telemetry data streamed through gRPC for LSP events and properties is reported separately for each routing instance. To export data for LSP events and properties, you must now include /network-instances/network-instance[name_'instance-name']/ in front of all supported paths. For example, to export LSP events for RSVP Signaling protocol attributes, use the following path: /network-instances/network-instance[name_'instance-name']/mpls/signaling-protocols/rsvp-te/. Use the telemetrySubscribe RPC to specify telemetry parameters and provision the sensor. If your device is running a version of Junos OS with an upgraded FreeBSD kernel, you must download the Junos Network Agent software package, which provides the interfaces to manage gRPC subscriptions.

    [See Guidelines for gRPC Sensors.]

  • Enhancement to BGP sensor for Junos Telemetry Interface (QFX5110, QFX5200, and QFX10000 switches)—Starting with Junos OS Release 17.4R1, you can specify to export the number of BGP peers in a BGP group for telemetry data exported through gRPC. To export the number of BGP peers for a group, use the following OpenConfig path: /network-instances/network-instance[name_'instance-name']/protocols/protocol/

    bgp/peer-groups/peer-group[name_'peer-group-name]/state/peer-count/
    . The BGP peer count value exported reflects the number of peering sessions in a group. For example, for a BGP group with two devices, the peer count reported is 1 (one) because each group member has one peer. To provision the sensor to export data through gRPC, use the telemetrySubcribe RPC to specify telemetry parameters.

    [See Guidelines for gRPC Sensors.]

  • Support for multiple, smaller configuration YANG modules (QFX Series)—Starting in Junos OS Release 17.4R1, the YANG module for the Junos OS configuration schema is split into a root configuration module that is augmented by multiple, smaller modules. The root configuration module comprises the top-level configuration node and any nodes that are not emitted as separate modules. Separate, smaller modules augment the root configuration module for the different configuration statement hierarchies. Smaller configuration modules enable YANG tools and utilities to more quickly and efficiently compile and work with the modules, because they only need to import the modules required for the current operation.

    [See Understanding the YANG Modules That Define the Junos OS Configuration.]

Multicast

  • Support for static multicast route leaking for VRF and virtual-router instances (QFX5110 and QFX5200 switches)—Starting with Junos OS Release 17.4R1, you can configure your switch to share IPv4 multicast routes among different virtual routing and forwarding (VRF) instances or different virtual-router instances. Only multicast static routes with a destination-prefix length of /32 are supported for multicast route leaking. Only Internet Group Management Protocol version 3 is supported. To configure multicast route leaking for VRF or virtual-router instances , include the next-table routing-instance-name.inet.0 statement at the [edit routing-instances routing-instance-name routing-options static route destination-prefix/32] hierarchy level. For routing-instance-name, include the name of a VRF or virtual-router instance.

    [See Understanding Multicast Route Leaking for VRF and Virtual-Router Instances.]

  • MLD snooping versions 1 and 2 (QFX5100 switches and Virtual Chassis)—Starting with Junos OS Release 17.4R1, QFX5100 switches and QFX5100 Virtual Chassis support Multicast Listener Discovery (MLD) snooping version 1 (MLDv1) and version 2 (MLDv2). MLD snooping constrains the flooding of IPv6 multicast traffic on VLANs. When MLD snooping is enabled on a VLAN, the switch examines MLD messages encapsulated within ICMPv6 packets transferred between hosts and multicast routers. The switch learns which hosts are interested in receiving traffic for a multicast group, and forwards multicast traffic only to those interfaces in the VLAN that are connected to interested receivers instead of flooding the traffic to all interfaces. You configure MLD snooping parameters and enable MLD snooping using configuration statements at the [edit protocols] mld-snooping vlan vlan-name hierarchy.

    [See Understanding MLD Snooping on Switches.]

  • Multicast-only fast reroute (MoFRR) (QFX5100, QFX5110, and QFX5200 switches)—Starting in Junos OS Release 17.4R1, QFX5100, QFX5110, and QFX5200 switches support MoFRR, which minimizes multicast packet loss in PIM domains when there are link failures. With MoFRR enabled, the switch maintains both a primary and a backup multicast packet stream toward the multicast source, accepting traffic received on the primary path and dropping traffic received on the backup path. Upon primary path failure, the backup path becomes the primary path and quickly takes over forwarding the multicast traffic. If alternative paths are available, a new backup path is created. When enabling MoFRR, you can optionally configure a policy for the (S,G) entries to which MoFRR should apply; otherwise MoFRR applies to all multicast (S,G) streams.

    [See Understanding Multicast-Only Fast Reroute on Switches.]

  • Support for rpf-selection statement for PIM protocol at global instance level (QFX Series)—Starting in Junos OS 17.4R1, the rpf-selection statement for the PIM protocol is available at global instance level. You can configure group and source statements at the [edit protocols pim rpf-selection] hierarchy level.

MPLS

  • Support for BGP MPLS-based Ethernet VPN (QFX10000 Series switches)—Starting with Junos OS Release 17.4R1, you can use MPLS-based Ethernet VPN (EVPN) to route MAC addresses using BGP over an MPLS core network. An EVPN enables you to connect dispersed customer sites by using a Layer 2 virtual bridge. As with other types of VPNs, an EVPN consists of a customer edge (CE) device (host, router, or switch) connected to a provider edge (PE) switch. The QFX10000 acts as a PE switch at the edge of the MPLS infrastructure. The switch can be connected by an MPLS Label Switched Path (LSP) which provides the benefits of MPLS technology, such as fast reroute and resiliency. You can deploy multiple EVPNs within a service provider network, each providing network connectivity to a customer while ensuring that the traffic sharing on that network remains private.

    [See EVPN Overview.]

  • Support for static adjacency segment identifier for ISIS (QFX Series)—Starting with Junos OS Release 17.4R1, you can configure static adjacency segment ID (SID) labels for an interface. You can configure two IPv4 adjacency SIDs (protected and unprotected), IPv6 adjacency SIDs (protected and unprotected) per level per interface. You can use the same adjacent SID for multiple interfaces by grouping a set of interfaces under an interface-group and configuring the adjacency-segment for that interface-group. For static adjacency SIDs, the labels are picked from either a static reserved label pool or from segment routing global block (SRGB).

    [See Static Adjacency Segment Identifier for ISIS.]

  • Support for static adjacency segment identifier for aggregate Ethernet member links (QFX Series)—Starting with Junos OS Release 17.4R1, you can configure a transit single-hop static label switched path (LSP) for a specific member link of an aggregate Ethernet (AE) interface. A static labeled route is added with next-hop pointing to the AE member link of an aggregate interface. Label for these routes is picked from the segment routing local block (SRLB) pool of the configured static label range. This feature is supported for AE interfaces only.

    A new member-interface CLI command is added under [edit protocols mpls static-label-switched-path lsp-name transit] hierarchy to configure the AE member interface name. The static LSP label is configured from a defined static label range.

    [See Configuring Static Adjacency Segment Identifier for Aggregate Ethernet Member Links Using Single-Hop Static LSP.]

  • Support for PCEP (QFX5100, QFX5110, QFX5200 switches)—Starting with Junos OS Release 17.4R1, MPLS RSVP-TE functionality was extended to provide a partial client-side implementation of the stateful Path Computation Element (PCE) architecture (draft-ietf-pce-stateful-pce). The PCE computes path for the traffic engineered LSPs (TE LSPs) of ingress routers that are configured for external control. The ingress router that connects to a PCE is called a Path Computation Client (PCC). The PCC is configured with the Path Computation Client Protocol (PCEP) (defined in RFC 5440, but limited to the functionality supported on a stateful PCE only) to facilitate external path computing by a PCE. In this new functionality, the active stateful PCE sets parameters for the PCC's TE LSPs, such as bandwidth, path (ERO), and priority.

    [See PCEP Overview.]

  • Support for Flap and MBB counter for LSP (QFX Series)—Starting in Junos OS Release 17.4R1, the show mpls lsp extensive command introduces the following two counters for LSP on master routing engine (RE) only:

    • Flap counter–- Counts the number of times a LSP flaps down or up.

    • MBB counter— Counts the number of times a LSP incurs MBB.

    The clear mpls lsp counters command resets the flap and the MBB counter to zero.

  • Display of labels in received record route for unprotected LSPs by show mpls lsp extensive command (QFX Series)—The show mpls lsp extensive command displays the labels in received record route (RRO) for protected LSPs. Starting in Junos OS Release 17.4R1, the command also displays the labels associated with the hops in RRO for unprotected LSPs as well. The label recording in RRO is enabled by default.

  • Support for default timeout duration for self-ping on an LSP instance (QFX Series)—Starting in Junos OS 17.4R1, the default timeout duration for which the self-ping runs on an LSP instance is reduced from 65,535 (runs until success) to 1800 seconds. You can also manually configure the self-ping duration value between 1 to 65,535 (runs until success) seconds using the self-ping-duration value command at the [edit protocols mpls label-switched-path label-switched-path] hierarchy level. By default, self-ping is enabled. The LSP types such as CCC, P2MP, VLAN-based , and non-default instances do not support self-ping . You can configure the no-self-ping command at the [edit protocols mpls label-switched-path label-switched-path] hierarchy level to override the behavior of self-ping running by default.

  • Support for label history for MPLS protocol (QFX Series)—Starting in Junos OS Release 17.4R1, configure max-entries number option at [edit protocols mpls label-history] hierarchy level to display label allocation, release history, and associated information such as RSVP session that helps debug label related error such as stale label route and deleted label route. You can configure the limit for the maximum number of MPLS history entry per label . By default, label history is off and there is no maximum limit for the number of entries for each label. The show mpls label history label-value command displays the label history for a given label value and the show mpls label history label-range start-label end-label command displays the history of labels between the given label range.

    The clear mpls label history command clears the label history details.

  • Support for adjusting the threshold of autobandwidth based on the absolute value for LSP (QFX Series)—Current autobandwidth threshold adjustment is done based on the configured percentage that is hard to tune to work well for both small and large bandwidth reservations. For a given threshold percentage, when the bandwidth reservation is small there can be multiple LSP resignalling events. This is because the LSP is responsive to even minor increase or decrease in the utilization when current reservation is small. For example, a small threshold adjustment of 5 percent allows large LSPs of say 1G to respond to changes in bandwidth of the order of 50M. However, that same threshold adjustment results in too many LSP resignalling events for small LSPs of say 10M reservation. Increasing the adjust threshold percentage by for example 40 percent minimizes LSP resignalling for small LSPs. However, large LSPs do not react to bandwidth usage changes unless it is huge, for example 400M. Starting in Junos OS Release 17.4R1, you can configure an absolute value based threshold along with the percentage based threshold that helps avoid the bandwidth getting triggered for LSPs of both small and large bandwidth reservations. Configure adjust-threshold-absolute value option at [edit protocols mpls label-switched-path lsp-name auto-bandwidth] hierarchy level.

Network Management and Monitoring

  • Real-time performance monitoring (RPM) (QFX5100 switches)—Starting in Junos OS Release 17.4R1-S1, real-time performance monitoring (RPM) on QFX5100 switches enables you to configure active probes to track and monitor traffic across the network and to investigate network problems.

    The ways in which you can use RPM include:

    • Monitor time delays between devices.

    • Monitor time delays at the protocol level.

    • Set thresholds to trigger SNMP traps when values are exceeded.

      You can configure thresholds for round-trip time, ingress or egress delay, standard deviation, jitter, successive lost probes, and total lost probes per test.

    • Determine automatically whether a path exists between a host router or switch and its configured BGP neighbors. You can view the results of the discovery using an SNMP client.

    • Use the history of the most recent 50 probes to analyze trends in your network and predict future needs.

    [See Understanding Real-Time Performance Monitoring on Switches .]

Port Security

  • Media Access Control Security (MACsec) support (QFX10008 and QFX10016 switches)—Starting in Junos OS Release 17.4R1-S2, MACsec is supported on all 30 interfaces of the QFX10000-30C-M line card when it is installed in a QFX10008 or QFX10016 switch. MACsec is an 802.1AE IEEE industry-standard security technology that provides secure communication for all traffic on point-to-point Ethernet links. MACsec is capable of identifying and preventing most security threats, and can be used in combination with other security protocols to provide end-to-end network security. MACsec can be enabled only on domestic versions of Junos OS software.

    [See Understanding Media Access Control Security (MACsec).]

Routing Protocols

  • Topology-independent loop-free alternate for IS-IS (QFX Series)—Starting in Junos OS Release 17.4R1, topology-independent loop-free alternate (TI-LFA) with segment routing provides MPLS fast reroute (FRR) backup paths corresponding to the post-convergence path for a given failure. You can enable TI-LFA for IS-IS by configuring the use-post-convergence-lfa statement at the [edit protocols isis backup-spf-options] hierarchy level. TI-LFA provides protection against link failure, node failure, and failures of fate-sharing groups.

    You can enable the creation of post-convergence backup paths for a given interface by configuring the post-convergence-lfa statement at the [edit protocols isis interface interface-name level level] hierarchy level. The post-convergence-lfa statement enables link-protection mode.

    You can enable node-protection and/or fate-sharing-protection mode for a given interface at the [edit protocols isis interface interface-name level level post-convergence-lfa] hierarchy level. To use a particular fate-sharing group as a constraint for the fate-sharing-aware post-convergence path, you need to configure the use-for-post-convergence-lfa statement at the [edit routing-options fate-sharing group group-name] hierarchy level.

    [See Understanding Topology-Independent Loop-Free Alternate with Segment Routing for IS-IS.]

  • Support for EBGP route server (QFX Series)—Starting in Junos OS Release 17.4R1, BGP feature is enhanced to support EBGP route server functionality. A BGP route server is the external BGP (EBGP) equivalent of an internal IBGP (IBGP) route reflector that simplifies the number of direct point-to-point EBGP sessions required in a network. EBGP route server propagates unmodified BGP routing information between external BGP peers to facilitate high scale exchange of routes in peering points such as Internet Exchange Points (IXPs). When BGP is configured as a route server, EBGP routes are propagated between peers unmodified, with full attribute transparency (NEXT_HOP, AS_PATH, MULTI_EXIT_DISC, AIGP, and Communities).

    The BGP JET bgp_route_service.proto API has been enhanced to support route server functionality as follows:

    • Program the EBGP route server.

    • Inject routes to the specific route server RIB for selectively advertising it to the client groups in client-specific RIBs.

    The BGP JET bgp_route_service.proto API includes a peer-type object that identifies individual routes as either EBGP or IBGP (default).

    [See BGP Route Server Overview.]

  • Support for BGP advertising aggregate bandwidth across external BGP links for load balancing (QFX Series)—Starting in Junos OS Release 17.4R1, BGP uses a new link bandwidth extended community, aggregate-bandwidth, to advertise aggregated bandwidth of multipath routes across external links. BGP calculates the aggregate of multipaths that have unequal bandwidth allocation and advertises the aggregated bandwidth to external BGP peers. A threshold to the aggregate bandwidth can be configured to restrict the bandwidth usage of a BGP group. In earlier Junos OS releases, a BGP speaker receiving multipaths from its internal peers advertised the link bandwidth associated with the active route. To advertise aggregated bandwidth of multipath routes and to set a maximum threshold, configure a policy with aggregate-bandwidth and limit bandwidth actions at the [edit policy-options policy-statement name then] hierarchy level.

    See [Advertising Aggregate Bandwidth Across External BGP Links for Load Balancing Overview].

Services Applications

  • Support for IPFIX templates for flow aggregation (QFX10008 and QFX10016)—Starting with Junos OS Release 17.4R1, you can define a flow record template for unicast IPv4 and IPv6 traffic in IP Flow Information Export (IPFIX) format. Templates are transmitted to the collector periodically. To define an IPFIX template, include the version-ipfix template template-name set of statements at the [edit services flow-monitoring] hierarchy level.

    You must also perform the following configuration:

    • Sampling instance at the [edit forwarding-options] hierarchy level.

    • Associate the sampling instance with the FPC at the [edit chassis] hierarchy level and with a template configured at the [edit services flow-monitoring] hierarchy level.

    • Firewall filter for the family of traffic to be sampled at the [edit firewall] hierarchy level.

    This feature was previously introduced on QFX10002 switches in Junos OS Release 17.2R1.

    [See Configuring Flow Aggregation to Use IPFIX Flow Templates.]

Software Installation and Upgrade

  • Support for personality files (QFX5100 switches)—Starting in Junos OS Release 17.4R1, when a switch in a data center network goes down because of a hardware failure, replacing that switch can be time-consuming and error-prone, because you have to ensure that the crucial elements that you had running on the downed switch are exactly replicated on the new switch. To save time and to avoid errors in configuration and state when you replace a switch, create a “personality” file for your current switch while the switch is still up and save that personality file on a remote server. The “personality” of a switch could include (but is not limited to) its running configuration, SNMP indices, and installed scripts and packages. If the current switch goes down, retrieve the personality file from the server, install it on a new switch, and then bring that new switch online in place of the downed switch.

    [See Personality File for Easy Switch Replacement.]

Changes in Behavior and Syntax

This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands from Junos OS Release 17.4R2 for the QFX Series.

Class of Service (CoS)

  • When you configure a transmit-rate, you must also configure a guaranteed-rate under traffic-control-profiles. If you commit a configuration of a transmit-rate without a guaranteed-rate, a warning message is displayed and the default scheduler map is applied.

EVPNs

  • Change to the show vlans evpn command (QFX5100 switches)—Starting with Junos OS Release 17.4R2, the show vlans evpn command is replaced by the show ethernet-switching evpn command.

General Routing

  • Change in default value for port ID TLV for QFX5200 switches—In Junos OS Release 17.4R1, for QFX5200 switches, the default value used for port ID TLV in LLDP messages is interface name, not SNMP index.

Management

  • Changes to Junos OS YANG module naming conventions (QFX Series)—Starting in Junos OS Release 17.4R1, the native Junos OS YANG modules use a new naming convention for the module's name, filename, and namespace. The module name and filename include the device family and the area of the configuration or command hierarchy to which the schema in the module belongs. In addition, the module filename includes a revision date. The module namespace is simplified to include the device family, the module type, and an identifier that is unique to each module and that differentiates the namespace of the module from that of other modules.

    [See Understanding Junos OS YANG Modules.]

MPLS

  • Support for Flap and MBB counter for LSP (QFX Series)—Starting in Junos OS Release 17.4R1, the show mpls lsp extensive command introduces the following two counters for LSP on the master routing engine (RE) only:

    • Flap counter–- Counts the number of times a LSP flaps down or up.

    • MBB counter— Counts the number of times a LSP incurs MBB.

    The clear mpls lsp counters command resets the flap and the MBB counter to zero.

  • Display of labels in received record route for unprotected LSPs by show mpls lsp extensive command (QFX Series)—The show mpls lsp extensive command displays the labels in received record route (RRO) for protected LSPs. Starting in Junos OS Release 17.4R1, the command also displays the labels associated with the hops in RRO for unprotected LSPs as well. The label recording in RRO is enabled by default.

  • Support for default timeout duration for self-ping on an LSP instance (QFX Series)—Starting in Junos OS 17.4R1, the default timeout duration for which the self-ping runs on an LSP instance is reduced from 65,535 (runs until success) to 1800 seconds. You can also manually configure the self-ping duration value between 1 to 65,535 (runs until success) seconds using the self-ping-duration value command at the [edit protocols mpls label-switched-path label-switched-path] hierarchy level. By default, self-ping is enabled. The LSP types such as CCC, P2MP, VLAN-based , and non-default instances do not support self-ping . You can configure the no-self-ping command at the [edit protocols mpls label-switched-path label-switched-path] hierarchy level to override the behavior of self-ping running by default.

  • Support for label history for MPLS protocol (QFX Series)—Starting in Junos OS Release 17.4R1, configure max-entries number option at the [edit protocols mpls label-history] hierarchy level to display label allocation, release history, and associated information such as RSVP session that helps debug label related error such as stale label route and deleted label route. You can configure the limit for the maximum number of MPLS history entries per label . By default, label history is off and there is no maximum limit for the number of entries for each label. The show mpls label history label-value command displays the label history for a given label value and the show mpls label history label-range start-label end-label command displays the history of labels between the given label range.

    The clear mpls label history command clears the label history details.

  • Support for adjusting the threshold of autobandwidth based on the absolute value for LSP (QFX Series)—Current autobandwidth threshold adjustment is done based on the configured percentage which is hard to tune to work well for both small and large bandwidth reservations. For a given threshold percentage, when the bandwidth reservation is small there can be multiple LSP resignaling events. This is because the LSP is responsive to even minor increases or decreases in the utilization when current reservation is small. For example, a small threshold adjustment of 5 percent allows large LSPs of around 1G to respond to changes in bandwidth of the order of 50M. However, that same threshold adjustment results in too many LSP resignalling events for small LSPs of around 10M reservation. Increasing the adjust threshold percentage by for example 40 percent minimizes LSP resignaling for small LSPs. However, large LSPs do not react to bandwidth usage changes unless they are huge, for example, 400M. Starting in Junos OS Release 17.4R1, you can configure an absolute value-based threshold along with the percentage-based threshold that helps avoid the bandwidth getting triggered for LSPs of both small and large bandwidth reservations. Configure adjust-threshold-absolute value option at the [edit protocols mpls label-switched-path lsp-name auto-bandwidth] hierarchy level.

  • When the no-propagate-ttl statement is configured on a QFX5200 switch in an MPLS network, the TTL value is not is not copied and decremented on the transit devices during a swap operation. When the switch acts as an ingress device for an LSP, it pushes an MPLS header with a TTL value of 255, regardless of the IP packet TTL. When the switch acts as the penultimate provider switch, it pops the MPLS header without writing the MPLS TTL into the IP packet. PR1368417

Network Management and Monitoring

  • Change in default log level setting (QFX Series)—In Junos OS Release, 17.4R1, the following changes were made in default logging levels:

    Before this change:

    • SNMP_TRAP_LINK_UP was LOG_INFO for both the physical (IFD) and logical (IFL) interfaces.

    • SNMP_TRAP_LINK_DOWN was LOG_WARNING for both the physical (IFD) and logical (IFL) interfaces.

    After this change:

    • IFD LinkUp -> LOG_NOTICE (because this is an important message but less frequent)

    • IFL LinkUp -> LOG_INFO (no change)

    • IFD and IFL LinkDown -> LOG_WARNING (no change)

    [See the MIB Explorer.]

  • New context-oid option for trap-options configuration statement to distinguish the traps that come from a non-default routing instance with a non-default logical system (QFX Series)—Starting in Junos OS Release 17.4R2, a new option, context-oid, for the trap-options statement allows you to handle prefixes such as <routing-instance name>@<trap-group> or <logical-system name>/<routing-instance name>@<trap-group> as an additional varbind.

    [See trap-options.]

  • SNMP syslog messages changed (QFX Series)—In Junos OS Release 17.4R1, two misleading SNMP syslog messages have been rewritten to accurately describe the event:

    • OLD --AgentX master agent failed to respond to ping. Attempting to re-register

      NEW –- AgentX master agent failed to respond to ping, triggering cleanup!

    • OLD –- NET-SNMP version %s AgentX subagent connected

      NEW --- NET-SNMP version %s AgentX subagent Open-Sent!

    [See the SNMP MIB Explorer.]

Routing Policy and Firewall Filters

  • Support for configuring the GTP-TEID field for GTP traffic (QFX5000 line of switches)—Starting in Junos OS Release 17.3R3 and 17.4R2, the gtp-tunnel-endpoint-identifier statement is supported to configure the hash calculation of IPv4 or IPv6 packets that are included in the GPRS tunneling protocol–tunnel endpoint identifier (GTP-TEID) field hash calculations. The gtp-tunnel-endpoint-identifier configuration statement is configured at the [edit forwarding-options enhanced-hash-key family inet] hierarchy level.

    In most of the cases, configuring gtp-tunnel-endpoint-identifier statement is sufficient for enabling GTP hashing. After enabling, if GTP hashing does not work, it is recommended to capture the packets using relevant tools and identify the offset value. As per standards, 0x32 is the default header offset value. But, due to some special patterns in the header, offset may vary to say 0x30, 0x28, and so on. In this cases, use gtp-header-offset statement to set a proper offset value. Once the header offset value is resolved, run gtp-tunnel-endpoint-identifier command for enabling GTP hashing successfully.

    [See gtp-tunnel-endpoint-identifier and gtp-header-offset.]

Security

  • Support to log the SSH key changes—Starting with Junos OS 17.4R1, the configuration statement log-key-changes is introduced at the [edit system services ssh ] hierarchy level. When the log-key-changes configuration statement is enabled and committed (with the commit command in configuration mode), Junos OS logs the changes to the set of authorized SSH keys for each user (including the keys that were added or removed). Junos OS logs the differences since the last time the log-key-changes configuration statement was enabled. If the log-key-changes configuration statement was never enabled, then Junos OS logs all the authorized SSH keys.

Software Licensing

  • Key generator adds one day to make the duration of license show as 365 days (QFX Series)—Starting in Junos OS Release 17.4R1, the duration of subscription licenses as generated by the show system license command and shown in the output is correct to the numbers of days. Before this fix, for example, for a 1-year subscription license, the duration was generated as 364 days. After the fix, the duration of the 1-year subscription now shows as 365 days.

    [See show system license.]

Virtual Chassis

  • Adaptive load balancing (ALB) feature (Virtual Chassis Fabric)—Starting in Junos OS Release 17.4R1, the adaptive load balancing (ALB) feature for Virtual Chassis Fabric (VCF) is being deprecated to avoid potential VCF instability. The fabric-load-balance configuration statement in the [edit forwarding-options enhanced-hash-key] hierarchy is no longer available to enable and configure ALB in a VCF. When upgrading a VCF to a Junos OS release where ALB is deprecated, if the configuration has ALB enabled, you should delete the fabric-load-balance configuration item before initiating the upgrade.

    [See Understanding Traffic Flow Through a Virtual Chassis Fabric and fabric-load-balance.]

  • New configuration option to disable automatic Virtual Chassis port conversion (QFX5100 Virtual Chassis)—Starting in Junos OS Release 17.4R2, you can use the no-auto-conversion statement at the [edit virtual-chassis] hierarchy level to disable automatic Virtual Chassis port (VCP) conversion in a QFX5100 Virtual Chassis. Automatic VCP conversion is enabled by default on these switches. When automatic VCP conversion is enabled, if you connect a new member to a Virtual Chassis or add a new link between two existing members in a Virtual Chassis, the ports on both sides of the link are automatically converted into VCPs when all of the following conditions are true:

    • LLDP is enabled on the interfaces for the members on both sides of the link. The two sides exchange LLDP packets to accomplish the port conversion.

    • The Virtual Chassis must be preprovisioned with the switches on both sides of the link already configured in the members list of the Virtual Chassis using the set virtual-chassis member command.

    • The ports on both ends of the link are supported as VCPs and are not already configured as VCPs.

    Automatic VCP conversion is not needed when using default-configured VCPs on both sides of the link to interconnect two members. On both ends of the link, you can also manually configure network or uplink ports that are supported as VCPs, whether or not the automatic VCP conversion feature is enabled.

    Deleting the no-auto-conversion statement from the configuration returns the Virtual Chassis to the default behavior, which reenables automatic VCP conversion.

    [See no-auto-conversion.]

Known Behavior

This section lists known behavior, system maximums, and limitations in hardware and software in Junos OS Release 17.4R2 for the QFX Series.

For the most complete and latest information about known Junos OS problems, use the Juniper Networks online Junos Problem Report Search application.

Class of Service (CoS)

  • With pechip version 1.1, if dot1p rewrites are configured on an interface, then packets that are not matching to a rewrite rule will not retain their previous value. Set the rewrite rule value to 0. This functionality is fixed in pechip version 2.0 PR1294471

EVPN

  • A provider edge (PE) device running EVPN IRB with an IGP configured in a VRF associated with the EVPN instance will be unable to establish an IGP adjacency with a CE device attached to a remote PE device. The IGP instance running in the VRF on the PE might be able to discover the IGP instance running on the remote CE through broadcast or multicast traffic, but will be unable to send unicast traffic directly to the remote CE device. PR977945

  • A QFX10000 switch running Junos OS Release 17.4R1 or later might experience a small and continuous traffic loss under the following conditions:

    • The switch is configured as a Layer 2, Layer 3 or both VXLAN gateway in an EVPN-VXLAN topology with either a two-layer or collapsed IP fabric.

    • The switch has default ARP and MAC aging timer values.

    Under these conditions, the following types of traffic flows might be impacted:

    • Bidirectional Layer 3 traffic in a multihomed topology.

    • Unidirectional Layer 3 traffic in a single-homed topology.

    Note that this issue does not impact bidirectional Layer 3 traffic in a single-homed topology.

    To prevent loss in these traffic flows, you must set the aging-timer configuration statement in the [edit system arp] hierarchy level so that the value is less than the value of the global-mac-table-aging-time configuration statement in the [edit protocols l2-learning] hierarchy level. PR1309444

  • Even though an ARP route is learned locally, the show arp command output on the provider edge (PE) device on which the route was learned might display the route as permanent remote. In Junos OS releases earlier than Junos OS Release 17.4R1, permanent remote means that the ARP route was learned from a remote PE device such as an EVPN Type 2 route (MAC+IP route).

    This issue might occur under the following conditions:

    • A customer edge (CE) device is multihomed to QFX10000 switches in an EVPN-VXLAN topology with a two-layer IP fabric or collapsed IP fabric.

    • The QFX switches function as Layer 3 only, or Layer 2 and Layer 3 PE devices.

    • The QFX switches run Junos OS Release 17.4R1 or later.

    To work around this issue, you can view locally learned ARP routes by entering the show evpn database origin local command on the PE devices. PR1324824

Interfaces and Chassis

  • Configuring link aggregation group (LAG) hashing with the edit forwarding-options enhanced-hash-key inet vlan-id statement uses the VLAN ID in the hashing algorithm calculation. On some switching platforms, when this option is configured for a LAG that spans FPCs, such as in a Virtual Chassis or Virtual Chassis Fabric (VCF), packets are dropped due to an issue with using an incorrect VLAN ID in the hashing algorithm. As a result, the vlan-id hashing option is not supported in a Virtual Chassis or VCF containing any of the following switches as members: EX4300, EX4600, QFX3500, QFX3600, QFX5100, or QFX5110 switches. Under these conditions, use any of the other supported enhanced-hash-key hashing configuration options instead. PR1293920

Layer 2 Features

  • On QFX5100 Virtual Chassis interfaces on which flexible VLAN tagging has been enabled, STP, RSTP, MSTP, and VSTP protocols are not supported. PR1075230

MPLS

  • Layer 2 circuits on aggregated Ethernet interfaces are not supported on QFX5100, QFX5110, and QFX5200 switches. PR1333730

  • On QFX5100, QFX5110, QFX5200 switches with Layer 2 circuit configured on the PE switches, enabling VLAN bridge encapsulation on a CE interface drops packets if flexible Ethernet services and VLAN CCC encapsulation are configured on the same logical interface. You can configure only one encapsulation type, either set interfaces xe-0/0/18 encapsulation flexible-ethernet-services or set interfaces xe-0/0/18 encapsulation vlan-ccc. PR1329451

Routing Protocols

  • During a graceful Routing Engine switchover (GRES) on QFX10000 switches, some IPv6 groups might experience momentary traffic loss. This issue occurs when IPv6 traffic is running with multiple paths to the source, and the join-load-balance statement for PIM is also configured. PR1208583

  • For the QFX10002 and QFX10008 switches, you might observe an increase in the convergence time of OSPF routes when compared to Junos OS Release 17.3. An average increase of 1.5 seconds is seen for 100,000 OSPFv3 routes. PR1297541

  • A QFX10000 switch running Junos OS Release 17.3Rx or 17.4Rx software might experience a small and continuous traffic loss under the following conditions: 1) The switch is configured as a Layer 2, Layer 3 or both VXLAN gateway in an EVPN-VXLAN topology with either a two-layer or collapsed IP fabric. 2) The switch has default ARP and MAC aging timer values. Under these conditions, the following types of traffic flows might be impacted: 1) Bidirectional Layer 3 traffic in a multihomed topology, and 2) Unidirectional Layer 3 traffic in a single-homed topology. Note that this issue does not impact bidirectional Layer 3 traffic in a single-homed topology. PR1309444

Platform and Infrastructure

  • On a QFX5100 Virtual Chassis, when you perform an NSSU, there might be more than five seconds of traffic loss for multicast traffic. PR1125155

  • On a QFX5110-32C switch, if a splitter cable is connected to a peer end device capable of 10G CV/MX card, ports will not come up due to varied pre-empt settings for the splitter and DAC cables. There is a hardware limitation where we have no way in EEPROM to differentiate between splitter and DAC cable to apply different settings. As a workaround, use and manual channelisation on the QFX5110-32C side. PR1280593

  • ERPS convergence takes time after a GRES switchover and hence traffic loss is observed for a brief period. PR1290161

  • On QFX Series, the logical interface (IFD) and the physical interface (IFL) go down when traffic exceeds the ratelimit. Storm control is supported only on interfaces configured in family Ethernet-switching. Moreover, in this family, only one IFL is supported per IFD. Thus, bringing down the IFD is acceptable. Flexible VLAN tagging is not supported on the interfaces enabled for storm control. PR1295523

  • Traffic drop occurs when sending Layer 3 traffic across an MPLS LSP. PR1311977

  • Traffic drop occurs when sending traffic over "et" interfaces due to CRC errors. PR1313977

  • On Junos OS Automation Enhancement images there is a way to use the Python interpreter in interactive mode. When Python interpreter is used in an interactive mode on a shell, the prompt does not seem to return immediately. This is an example of an session: -- % python Python 2.7.8 (default, Nov 10 2017, 01:45:13) [GCC 4.2.1 (for JUNOS)] on junos Type "help", "copyright", "credits" or "license" for more information. >>> >>> print "hello" >>> hello ----------> waiting here, hit 'enter' here to return the python prompt >>> quit() >>> % -- The regular script is not impacted. PR1324124

Virtual Chassis

  • Virtual Chassis internal loop might happen at a node coming up from a reboot. During nonstop software upgrade (NSSU) on an QFX5100 Virtual Chassis, a minimal traffic disruption or traffic loop(>2s) might occur and its considered to be known behavior. Release note reference: https://www.juniper.net/documentation/en_US/junos/information-products/topi c-collections/release-notes/17.2/topic-118735.html PR1347902

Known Issues

This section lists the known issues in hardware and software for the QFX Series switches in Junos OS Release 17.4R2.

For the most complete and latest information about known Junos OS problems, use the Juniper Networks online Junos Problem Report Search application.

EVPN

  • In a scaled setup, if MAC move is triggered more than 4 times, the MAC move detection might not be reliable. PR1284315

  • CNH (chained-composite-next-hop) is must for EVPN pure type 5 with VXLAN encapsulation. Without this Packet Forwarding Engine wouldn’t program the tunnel next hop. You have to explicit set it on QFX5110. set routing-options forwarding-table chained-composite-next-hop ingress evpn. QFX10000 it is applied as part of default configuration. user@router> show configuration routing-options forwarding-table | display inheritance defaults. PR1303246

  • In an EVPN collapsed Layer 2 or Layer 3 multihomed gateway topology, when traffic is sent from an IP fabric towards EVPN, some traffic loss is seen. If the number of hosts behind the EVPN gateways is increased, the traffic loss becomes higher. This issue is seen with the QFX10000. PR1311773

  • ARP gets deleted and relearned during the first ARP refresh with EVPN-VXLAN multihomed CE, so traffic drops and recovers for the first ARP refresh. PR1327062

  • On QFX platforms (QFX5K/10K), VTEP's MAC address is not learned in the ethernet switching table though they are present in the EVPN database. PR1371995

Layer 2 Features

  • When an FPC encounters a memory exhaustion condition, the FPC restarts unexpectedly with the PPMAN: failed decoding IDL msg - retval -2 type 5 encode_len 208 length 208 data 0x344ff1b0 message. PR1321117

MPLS

  • LDP to BGP stitching with an eBGP indirect next hop having an implicit null label does not work. It does work when BGP indirect next hop has a real label. As a workaround, perform the following: (1) Ensure the peer advertises a real label by adding another router between the egress and ingress PE devices. (2) Use IBGP, which gets resolved over LDP or RSVP-TE LSPs. This will ensure that the BGP indirect next hop has a real label. PR1254702

  • On optimize timer expiry, when the ted version number match indicates a CSPF has already run for the path, if an optimization has not yet been done with that version, it will be run despite the version number match. (Having a per path optimize-seq-no that is updated with ted seq no only on optimization.) When path-cc-updated is false and CSPF fails for optimization, disable the path just like we do for the ones on avoid colors/invalid ERO, making sure this does not interfere with global repair/local reversion. PR1365653

Platform and Infrastructure

  • While scaling more than 2000 VLAN or IRBs, Layer 3 multicast traffic does not converge to 100 percent and continuous drops are observed after bringing down or up the downstream interface or while an FPC comes online after an FPC restart. PR1161485

  • When per-packet load balancing is removed or deleted, the next-hop index might change. PR1198092

  • On PTX platforms with FPC3, PTX1000 with build-in chassis and QFX10000 platforms, a Flexible PIC Concentrator (FPC) major alarm might be seen if the system detects parity error, and the error messages DLU: ilp memory cache error and DLU: ilp prot1 detected_imem_even error might appear. The alarm might be cleared without intervention. This error may also be accompanied by traffic loss. PR1251154

  • Single-bit and multiple-bit ECC errors are not logged on QFX5110 switches. PR1251917

  • On the QFX10000-12C-DWDM coherent line card, it is possible that sometimes the link flaps when MACsec is enabled on Ethernet interfaces. PR1253703

  • The management process (daemon) might crash if the Openconfig package is installed immediately or within minutes of Network Agent package installation. This is a transient issue and will not impact any functionality. There is no action needed from the user side in response to the crash. As a workaround, install Openconfig before installing Network Agent. PR1265815

  • On QFX5100 switches, static LAG link protection switchover/revert is not working consistently. PR1286471

  • When link protection with the backup port state "down" and LACP are configured, if backup state "down" is removed from the configuration, both ports should be up and the primary port should pass all egress traffic. In some instances, however, traffic might pass through the backup port instead of the primary port. PR1297597

  • Traffic drop occurs on sending traffic over "et" interfaces due to CRC errors. PR1313977

  • Family Ethernet-switching cannot be used when flexible-vlan-tagging is configured. It is unsupported. The behavior is non-deterministic with this configuration and there is a possibility of seeing a dcpfe core file. PR1316236

  • Port 0 of Qfx5100-48t does not come up in a mixed VCF. As a workaround, use the phy diag xe0 dsc command as of now from the BCM shell upon reboot, which brings up the port and stays up continuously until the next reboot. PR1323323

  • The management process (mgd) might panic after modifying aggregated Ethernet interface members under the ethernet-switching vlan stanza. After mgd panic, your remote session is terminated as a result. PR1325736

  • In Streaming Telemetry scenario, if performing "commit full", na-grpd daemon might restart causing disconnection of streaming telemetry. PR1326366

  • On QFX5100 Series platforms, in some cases, the CoS (class of Service) configuration is not properly applied in the Packet Forwarding Engine, leading to an unexpected egress traffic drop on some interfaces. PR1329141

  • On QFX52xx standalone devices with Vxlan configured, user configured Ingress ACL scale limit is 256 terms. PR1331730

  • On QFX5110, the FEC for 100g optics is not being displayed when expected behavior is for FEC to be shown as NONE. On QFX10002 Elit, the FEC for 40g optics is being displayed as NONE when expected behavior is for FEC not to be displayed. On QFX10008 Ultimat, the FEC for 40g optics is being displayed as NONE when expected behavior is for FEC not to be displayed. PR1360948

  • When MCLAG is configured with Force-Up enabled on MCLAG Nodes, LACP admin key should not match with Access/CE device. PR1362346

  • On QFX10000 platform with IRB enabled, traffic might not be forwarded on some of the child members when the member link of the aggregated Ethernet is added or deleted. PR1362653

Routing Protocols

  • For single-hop eBGP session, upon interface down event, do not do GR helper logic. In problem state Peer: 8.3.0.2 AS 100 Local: 8.3.0.1 AS 101 Group: EBGP Routing-Instance: master Forwarding routing-instance: master Type: External State: Active Flags: <> Last State: Idle Last Event: Start Last Error: Cease Import: [ reject ] Options: <Preference PeerAS LocalAS Refresh> Holdtime: 90 Preference: 170 Local AS: 101 Local System AS: 0 Number of flaps: 2 Last flap event: Stop Error: 'Cease' Sent: 1 Recv: 0 NLRI we are holding stale routes for: inet-unicast Time until stale routes are deleted or become long-lived stale: 00:01:54 >>>>>>>>>> Time until end-of-rib is assumed for stale routes: 00:04:54 Table inet.0 RIB State: BGP restart is complete Send state: not advertising Active prefixes: 14 Received prefixes: 21 Accepted prefixes: 15 Suppressed due to damping: 0 Stale prefixes: 21 >>>>>>>>>>>>>>>>>> With the fix: Peer: 8.3.0.2 AS 100 Local: 8.3.0.1 AS 101 Group: EBGP Routing-Instance: master Forwarding routing-instance: master Type: External State: Active Flags: <> Last State: Idle Last Event: Start Last Error: Cease Import: [ reject ] Options: <Preference PeerAS LocalAS Refresh> Holdtime: 90 Preference: 170 Local AS: 101 Local System AS: 0 Number of flaps: 1 Last flap event: Stop Error: 'Cease' Sent: 1 Recv: 0 PR1129271

  • On QFX10000 line platforms, during a route next-hop churn or an earliest deadline first (EDF) job priority changes, memory corruption might occur, leading to processing issues and constant packet drop. PR1243724

  • We strongly recommend using BGP as the protocol for configuring the local-address for each multihop iBGP/eBGP peer configuration. We recommend that local-address be a routeable lo0 address. Using loopback address reduces dependency with interfaces. Note: Multihop is by default enabled for iBGP peers. PR1323557

  • On a scaled setup, when the host table is full and the host entries are installed in an LPM table, OSPF sessions might take more time to come up. PR1358289

Resolved Issues

This section lists the issues fixed in the Junos OS main release and the maintenance releases for the QFX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper online Junos Problem Report Search application.

Resolved Issues: 17.4R2

Class of Service (CoS)

  • You cannot filter packets with DstIP as 224/4 and DST MAC = QFX_intf_mac on a loopback interface using a single match condition for source address 224.0.0.0/4. PR1354377

EVPN

  • Next hop installation error messages are seen on QFX10000 line switches. PR1258930

  • EVPN-VXLAN QFX10000: jprds_dlu_alpha_add : 222 JPRDS_DLU_ALPHA KHT addition failed. PR1258933

  • VXLAN-EVPN: IPv6 packet loss after a normal traffic run rate. PR1267830

  • Subinterfaces from the same physical port do not work if configured under the same VXLAN VLAN. PR1278761

  • For a VLAN with an IRB interface as the routing interface, set the vlan-id parameter to "none" to ensure proper traffic routing.PR1287557

  • QFX10000 VXLAN with MPLS underlay traffic loss is seen at the RSVP egress. PR1289666

  • VXLAN traffic loss is observed after deleting and adding VLANs. PR1318045

  • A core link flap might result in an inconsistent global MAC count. PR1328956

  • The partial multicast traffic might be dropped in an EVPN-VXLAN multi homing scenario with non-default virtual-switch/evpn routing-instance configured. PR1334408

  • The MAC movement between remote VTEP and local VTEP might cause traffic to be transmitted incorrectly in an EVPN-VXLAN scenario. PR1335431

  • Configuring encapsulate-inner-vlan on the partial VXLANs might cause traffic impact. PR1337953

  • In an EVPN-VXLAN environment, BFD flaps cause VTEP flaps and cause the Packet Forwarding Engine to crash. PR1339084

  • Rpd has unreproducible cored with scaling EVPN-VXLAN configuration on QFX10K platform. PR1339979

  • The rpd core might be seen if deleting the default switch in an EVPN-VXLAN environment. PR1342351

  • In an EVPN-VXLAN scenario, the traffic might get dropped as the core-facing interfaces goes down. PR1343515

  • Traffic might be lost on a Layer 2 and Layer 3 spine node in a multihome EVPN scenario. PR1355165

  • The QFX10000 might drop transited traffic coming from MPLS network to VXLAN/EVPN. PR1360159

  • Increased risk of a routing crash with temporary impact on traffic on QFX10000 or QFX5100 nodes with certain configuration changes or clearing L2 or L3 learning information in a high-scale EVPN-VXLAN configuration environment. PR1365257

  • Proxy ARP may not work as expected in an EVPN environment. PR1368911

  • QFX10k / Import default ipv6 route to VRF causes infinite entries to get created in 'evpn ip-prefix-database' and become unstable. PR1369166

High Availability (HA) and Resiliency

  • When igmp-snooping and bpdu-block-on-edge are enabled, IP protocol multicast traffic sourced by the kernel such as OSPF, VRRP, and so on gets dropped in the Packet Forwarding Engine level. PR1301773

Infrastructure

  • QFX5100: Enabling mac-move-limit stops ping on flexible-vlan-tagging enabled interface. PR1357742

Interfaces and Chassis

  • Multicast data packets are looping in MC-LAG. PR1281646

  • Upgrading might encounter a commit failure if redundancy-group-id-list is not configured under ICCP. PR1311009

  • CVLANs range is 16, which might not pass traffic in a Q-in-Q scenario. PR1345994

  • MC-LAG peer doesn't send ARP request to the host. PR1360216

Layer 2 Ethernet Services

  • A jdhcpd core file is generated after making DHCP configuration changes. PR1324800

Layer 2 Features

  • Device transmits packets that exceed the interface MTU. PR1306724

  • NLB heartbeat packets might be dropped on a QFX10000. PR1322183

  • ARP entry might be learned on STP blocking ports. PR1324245

  • The DHCP discover packets might be looped in an MC-LAG and a DHCP-relay scenario. PR1325425

  • QFX5100: With multiple logical units configured on an interface, input-vlan-map POP is not removing outer VLAN-tag when Q-in-Q and VXLAN are involved. PR1331722

  • The operation of pushing a VLAN tag does not work for VXLAN local switching tunneled Q-in-Q traffic. PR1332346

  • Interface with flexible-vlan-tagging and family ethernet-switching does not work on a QFX10000. PR1337311

MPLS

  • QFX5100: ISSU is not supported with an MPLS configuration. PR1264786

  • Traffic drop during a NSR switchover for RSVP P2MP provider tunnels used by MVPN . PR1293014

  • MPLS forwarding might not happen properly for some LSPs. PR1319379

  • The rpd process might crash on backup Routing Engine due to memory exhaustion. PR1328974

  • The hot standby for the L2 circuit does not work on a QFX5000. PR1329720

  • RSVP sessions go down for ingress LSPs with no-cspf enabled. PR1339916

  • LSP is not received by QFX5110. PR1351055

  • NO-propogate-TTL acts on MPLS Swap operation. PR1366804

  • LSP with auto-bandwidth enabled goes down during HMC error condition. PR1374102

Platform and Infrastructure

  • After upgrading the QFX5100 to Junos OS Release 16.1 or later from Junos OS Release 15.1, the commit warning /boot/ffp.cookie+ might be seen. PR1283917

  • SFP management Ethernet port C0 might not come up. PR1298876

  • Run-time pps statistics value might show zero for a subinterface of the aggregated Ethernet interface. PR1309485

  • Traffic loss might be seen if traffic is sent through the 40G interface. PR1309613

  • Some log messages are seen on the QFX5110 platform when plugging in an SFP-SX. PR1311279

  • One aggregated Ethernet member cannot send out sFlow sample packets. PR1311559

  • The FPC memory might be exhausted with SHEAF leak messages seen in the syslog. PR1311949

  • Traffic loss is observed while performing NSSU. PR1311977

  • A memory leak is seen for dot1xd. PR1313578

  • Some certain IGMP join packets cannot be processed correctly at a high rate. PR1314382

  • Transit traffic over a GRE tunnel might hit the CPU and trigger a DDoS violation on the L3 next hop. PR1315773

  • On an L2 next-generation switch platform (QFX5100/QFX10000), l2cpd might drop core files repeatedly if an interface is connected to a VoIP product with LLDP and LLDP-MED enabled. PR1317114

  • Packets such as TDLS without an IP header are looped between virtual gateways. PR1318382

  • The optic interface transmits power even after it has been administratively shutdown. PR1318997

  • The packet might be dropped between 4-60 seconds when the master Routing Engine is rebooted in a virtual chassis. PR1319146

  • Chassis MIB SNMP OIDs for VC-B member chassis are not available after MX-VC ISSU. PR1320370

  • The MAC address is stuck with "DR" flag on spine node even though packets are received on the interface from the source MAC. PR1320724

  • FPCs go offline in some situations. PR1321198

  • On the QFX10016 EVPN-VXLAN scaled testbed, it takes up to 3 minutes for traffic to converge when configured. PR1323042

  • The openflow session cannot be established correctly with controller and interface options configured on QFX5100 switches. PR1323273

  • Update new firmware versions for jfirmware package for 100G-PSM4 and 100G-AOC issues. PR1323321

  • EVPN Type 5: Unicast traffic is getting dropped on the backup forwarder. PR1323907

  • The next hop of _all_ces__ flood details might go missing. PR1324739

  • The GRE traffic is not decapsulated by the firewall filter. PR1325104

  • VLAN or VLAN bridge might not be added or deleted if there is an IFBD HW token limit exhaustion. PR1325217

  • ARP request packets might not be flooded on a QFX5110. PR1326022

  • The major alarm about 'Fan & PSU Airflow direction mismatch' might be seen by removing the management cable. PR1327561

  • Deleting one VXLAN might cause a traffic loop on another VXLAN in a multi homing EVPN-VXLAN scenario with a service provider style interface. PR1327978

  • QFX10002: Major alarm should be cleared once the chassis has more PEM units installed than the minimum PEM configuration. PR1327999

  • Directories and files under /var/db/scripts lose execution permission or directory 'jet' is missing under /var/db/scripts causing error: Invalid directory: No such file or directory error during commit. PR1328570

  • FAN tray removal or insertion trap is not generated for a backup FPC. PR1329031

  • The etherStatsCRCAlignErrors counters might disappear in the SNMP tree. PR1329713

  • After commit, members of Virtual Chassis or VCF are split and some members might get disconnected. PR1330132

  • An rpd process core file generated on a new backup Routing Engine at task_quit,task_terminate_timer_callback,task_timer_dispatch,task_scheduler after disabling NSR+GRES. PR1330750

  • The out of HMC range and HMC READ faild error messages are seen. PR1332251

  • Traffic does not pass through VCP ports after rebooting the Virtual Chassis members. PR1332515

  • EVPN-VXLAN: DF drops multicast traffic. PR1333069

  • On QFX10K8/QFX10K16 platforms, SIB LEDs on the fan tray are off after the replacement of the Fan Tray Controllers (FTC). PR1334006

  • The DHCPv6 SOLICIT message is dropped. PR1334680

  • AI-script does not get auto re-install upon a JUNOS upgrade on Next Generation-Routing Engine. PR1337028

  • The DF of an EVPN instance might flood all the ARP request back to the Ethernet Segment. PR1337275

  • On QFX5100 platforms, LR4 QSFP can take up to 15 min to come up after Virtual Chassis reboot. PR1337340

  • SNMP jnxBoxDescr OID returns different value when upgrading to Junos OS Release 17.2. PR1337798

  • On the QFX10000 platforms, VRRP function does not work well when it is configured on sub-interfaces. PR1338256

  • The traffic coming from the remote VTEP PE might be dropped. PR1338532

  • The analyzer status might show as down when port mirroring is configured to mirror packets from an aggregated Ethernet member. PR1338564

  • The VXLAN traffic might not be transmitted correctly with an IRB interface as the underlay interface of the VTEP tunnel. PR1338586

  • DDoS counters for OSPF might not increase. PR1339364

  • Multicast traffic drop is seen if downstream IRB interfaces have snooping enabled. PR1340003

  • On the QFX5200: there is an inconsistent result after using deactivate xxx command on ’pfc-priority’ and 'no-loss' context. PR1340012

  • L3 traffic is not getting converged properly upon disabling the ECMP link between spine and leaf with EVPN-VXLAN configurations. PR1343172

  • BPDU packets might get dropped and bpdu-block-on-edge might not work. PR1343330

  • Broadcast frames might be modified with the ethertype 0x8850. PR1343575

  • EVPN-VXLAN: VLAN with flexible-tag mode , the xe statistics appears to not be updated for ingress. PR1343746

  • LACP packets are getting dropped with native-vlan-id configured after reboot. PR1361054

  • QFX5000 Virtual-Chassis acting as EVPN-VxLAN ARP Proxy might cause ARP resolution to fail. PR1365699

  • Hashing does not work for the IPv6 packet encapsulated in VxLAN scenario. PR1368258

  • When native-vlan-id is configured for aggregated Ethernet LACP session to multihomed server goes down. PR1369424

  • A port might still work if it's deleted from an aggregated Ethernet interface. PR1372577

  • Implement the edit interfaces interface-name ether-options] configured-flow-control option for the QFX Series. PR1343917

  • For EVPN-VXLAN, the ARP packet uses VRRP/virtual-gateway MAC in an Ethernet header instead of an IRB MAC address. PR1344990

  • In the QFX5100, fan RPM fluctuates when temperature sensor reaches its threshold. PR1345181

  • FXPC process might generate a core file when removing VXLAN configuration. PR1345231

  • Backup Routing Engine might experience a crash, causing vmcore to be generated on master Routing Engine, master Routing Engine performance will not be affected. PR1346218

  • CPU and memory statistics not populating for the backup switch in a QFX5110 Virtual Chassis. PR1346268

  • An incorrect inner VLAN tag is sent from the QFX10000 platform with Q-in-Q configured on the Layer 3 sub interface. PR1346371

  • Statistics daemon pfed might generate core files on an upgrade between certain releases. PR1346925

  • On QFX5110 switches, a DCPFE core file might be generated after removing Type-5 tunnel in an EVPN-VXLAN configuration. PR1346980

  • A QFX5100-48T 10G interface might be auto negotiated at 100M speed instead of 10G. PR1347144

  • On QFX5110-48S-4C platforms, part numbers and serial numbers are not displayed for any of the 10G optics/DAC connected. PR1347634

  • The ARP might not update and packets might get dropped at the Routing Engine. PR1348029

  • On a QFX5100, a BGP session flaps when changes are made on the extended-vni-list under the EVPN hierarchy and if the BGP neighborship is through an IRB. PR1349600

  • QFX5100 40G port has an interoperability issue with some other vendors. PR1349664

  • Blackholing traffic with destination MAC matching the virtual gateway MAC might be seen. PR1348659

  • The pfed process might consume high CPU if subscriber or interface statistics are used at large scale. PR1351203

  • A DCPFE process might crash on QFX10000 switches. PR1351503

  • The GTP traffic might not be hashed correctly for an aggregated Ethernet interface. PR1351518

  • Telemetry traffic does not leave the local box when telemetry server is reachable via a VR routing-instance. PR1352593

  • QFX5100 arp fail after change interface MAC address. PR1353241

  • RPC output not showing failure when running request system software add with software already staged. PR1353466

  • SFP-LX10 on QFX5110 might fail to connect with another device. PR1353677

  • The alarm errors might be seen during the bootup on a QFX10000. PR1354582

  • Untagged packets might not be forwarded through the trunk port. PR1355338

  • Commit error observed if box is downgraded from from 18.2/18.3 release to 17.3R3. PR1355542

  • On QFX5110 platforms, LX10 SFP needs to be reinserted after autonegotiation is enabled or disabled. PR1355746

  • EVPN-VXLAN: the VXLAN traffic might be lost in EVPN type 2 and type 5 scenario. PR1355773

  • "Load averages" output under show chassis routing-engine shows "nan" periodically. PR1356676

  • The IGMP membership report packets might not be forwarded over an interface on a QFX10000. PR1360137

  • On QFX10k, virtual-gateway-address should be only configured on a irb interface associated with a vxlan VLAN. PR1360646

  • Unable to create QFX5200 VC w/100G DACs. PR1360721

  • The GTP traffic might not be hashed correctly on aggregated Ethernet interface. PR1361379

  • The clear services accounting statistics inline-jflow fpc-slot 0 command should be supported in QFX Series. PR1362396

  • QFX5100VC: Unable to connect management address through vme interface. PR1362437

  • On QFX10008, QFX10016, PTX1000, PTX5000, PTX10008, PTX10016 platforms, MPLS exp rewrite might not work for IPV6 and IPV4 traffic. PR1364391

  • Root password recovery process doesn't work. PR1365740

  • On QFX5100/QFX5110/QFX5200 platforms, ISIS adjacency goes down when mtu 9192 is configured. PR1368913

  • On QFX10000 platforms, before the 17.3R3 code, the maximum number of ESI IFLs was 4000 in the Packet Forwarding Engine. PR1371414

  • TPI-50840 BUM traffic received on 5110 is not flooded to all remote vteps. PR1373093

Routing Protocols

  • Observed mcsnoopd core file at __raise,abort,__task_quit__,task_quit,task_terminate_timer_callback,task_timer_dispatch,task_scheduler_internal (enable_slip_detector=true, no_exit=true) at ../../../../../../src/junos/lib/libjtask/base/task_scheduler.c:275 PR1305239

  • Packet drop is seen when programming for GRE traffic. PR1308438

  • Diffserv bits/ToS bits are not getting copied from Inner IP header to GRE header. PR1313311

  • Some of the IPv4 multicast routes in the Packet Forwarding Engine might fail to install and update. PR1320723

  • On the QFX5100, consistent hashing is not getting programmed. PR1322299

  • IS-IS Layer 2 hello packets are dropped when they come from another vendor’s device. PR1325436

  • The loopbacked IRB interface is not accessible to a remote network. PR1333019

  • The dcpfe process crash is seen in a route leak scenario on the QFX10000. PR1334714

  • The rpf-check-policy does not work as expected. PR1336909

  • Ping fails if MTU is different on the interfaces. DF is not working as expected. PR1345495

  • vrf-fallback on QFX5K is not supported in ALPM mode. PR1345501

  • On QFX10000 platforms, Netconf SSH TCP port 830 traffic hitting host path/unclassified queue. PR1345744

  • On QFX5100 platforms, parity errors in L3 IPv4 table in the Packet Forwarding Engine memory might cause traffic black holing. PR1364657

Software Installation and Upgrade

  • Commit may fail in single-user mode. PR1368986

Virtual Chassis

  • QFX-Virtual Chassis: Sometimes, the multicast packets are received 2x 3x times than expected. PR1306239

Resolved Issues: 17.4R1

Class of Service (CoS)

  • On QFX5100 switches, traffic might be dropped when there is more than one forwarding class under forwarding-class-sets. PR1255077

  • The transmit rate applied with forwarding-class-set does not work properly. PR1277497

EVPNs

  • On QFX5100 switches with EVPN-VXLAN deployed, broadcast and multicast traffic might not be sent to other switches through VTEP interfaces. PR1293163

  • On QFX10000 switches with EVPN deployed, packet corruption is seen with Packet Forward Engine trap code (129) egp.v4_chksum when sending L3 inter-VNI traffic with the underlay vlan-tagging inet interface. PR1295491

  • The dynamic routing protocols might not work correctly over the IRB interface in an EVPN-VXLAN scenario with ECMP. PR1301521

  • QFX5110-48S: L3 VPN traffic is dropped for some instances when EVPN-VXLAN configuration is removed and reapplied. PR1307590

Hardware

  • FEC is disabled by default on 100G-LR optics for QFX5200 switches. PR1286389

  • The 1G copper module interface shows "Link-mode: Half-duplex" on QFX10000 line platforms. PR1286709

  • ULC-60S-6Q LC on QFX10008: The port becomes unusable after inserting a third-party SFP-T optic. PR1294394

  • Update new firmware versions for jfirmware package for 100G-PSM4 and 100G-AOC issues. PR1323321

High Availability (HA) and Resiliency

  • Normal VRRP MAC is triggering a MAC move, and logical interfaces on the BD are getting shut down. PR1285749

Infrastructure

  • Create new command: "enable-tcp-nodelay" and allow flash sub-jobs to run for max quantum.PR1136167

  • Disabled 10-Gigabit Ethernet interfaces might stay up on QFX10000 line switches.PR1300775

  • The 40-Gigabit Ethernet connection between two QFX5100-24Qs might not come up sometimes. PR1178799

  • QFX10002 and QFX10008: BFD sessions over IRB interfaces with Junos OS Releases 17.1R1, 17.1R2, 17.2R1. and 17.3R1 are centralized. PR1284743

Interfaces and Chassis

  • Random interfaces do not come up after a line card is rebooted. PR1262839

  • Copper ports flap on QFX5100-48T when short-reach-mode is enabled. PR1248611

  • The 40-Gigabit Ethernet interface might flap between QFX5100 and other products. PR1273861

  • QFX10000-12C-DWDM: an ot- interface link flap is observed whenever an optics TCA alarm is raised; however, there is no LOS and no traffic loss is observed. PR1279351

  • On QFX5100 switches, an AE interface might flap upon commit if an explicit speed is configured on an AE member interface PR1284495

  • On QFX10000 line switches, the input and output rates for 10-Gigabit, 40-Gigabit, or 100-Gigabit Ethernet interfaces are not 0 if the interface is down. PR1291412

  • Traffic might not be received on a 1-Gigabit Ethernet interface if autonegotiation is disabled and speed/duplex is configured on both the QFX Series switch and the peer host. PR1292275

  • High heap memory utilization might be seen if multiple SFP-T optics are inserted or set interface <> link-mode full-duplex is enabled. PR1294208

  • The 40-Gigabit Ethernet interface might not come up if a specific vendor’s DAC cable is used. PR1296011

  • QFX10008/10016: Commit error is seen when configured with mixed speed. PR1301923

Junos Fusion Satellite Software

  • Native VLAN on an aggregated Ethernet interface terminated on multiple satellite devices. PR1305698

Layer 2 Features

  • To set up PTP BC forwarding on a QFX10002, configure routing on the interface or add a static ARP entry on the remote PTP device.PR1275327

  • Feature swap-swap might not work as expected in a Q-in-Q scenario. PR1297772

  • QFX5100 crashes and the fxcp process generates a core file. PR1306768

MPLS

  • QFX10008 is dropping egress MPLS traffic, if the egress interface is an IRB with access L2 AE interface. PR1279827

Network Management and Monitoring

  • UFT for non-local member is not shown in the CLI. PR1243758

  • LAG interface input bytes counter continuously decreases when no packets come in. PR1266062

  • SNMP process is not running on QFX Series switches with incorrect source addresses. PR1285198

  • On QFX5100, an incorrect alarm type might be displayed. PR1291622

  • Previous learned MAC address from remote ESI cannot be changed to local. PR1303202

  • The sflow records are missing "extendedType ROUTER" fields as well as an outbound interface for traffic that is using BGP multipath. PR1303236

  • QFX5110-48S: digital optical monitoring statistics cannot be received through the CLI in Junos OS Releases 15.1X53 through 17.x. PR1305506

Platform and Infrastructure

  • A hostname synchronization issue occurs between the Junos OS VM instance and the Linux host in TVP platforms. PR1283710

  • The dexp process might crash after committing set system commit delta-export. PR1284788

  • The dcpfe process might crash and restart on MC-LAG active and standby nodes when there is ARP/NDP next-hop change. PR1299112

  • OSPFv3 authentication using IPsec SA does not work if you are using IPsec to authenticate OSPFv3 neighbors on some QFX Series platforms. PR1301428

Port Security

  • On QFX10000 switches, MACsec sessions are not coming up on a Layer 3 logical interface. PR1282995

  • Proxy-ARP and ARP suppression are not yet supported for the QFX10000 line. PR1293707

Routing Protocols

  • When the static link protection mode configured backup state is down, the primary port goes to down state instead of the secondary port, and the secondary remains in up state. PR1276156

  • Analytics JSON data format is reporting a incorrect value for 'rxbps' counter. PR1285434

  • On QFX5100 switches, if a term with the policer action is configured, dc-pfe: list_destroy() messages might be displayed on commit. PR1286209

  • GRE tunnel traffic does not switch over to the alternate path if the primary path to the tunnel destination changes. PR1287249

  • UDP traffic with destination port 520 and 521 is discarded on QFX5110 switches after a Junos OS upgrade. PR1287271

  • OVSDB and Openflow have some limitations on QFX5110, QFX5200, QFX10002. QFX10008, and QFX10016 switches running Junos OS Releases 17.1R1, 17.1R2, and 17.2R1. PR1288227

  • Storm-control flags are not set after a Routing Engine switchover. PR1290246

  • In a data center environment with EVPN-VXLAN and proxy MAC plus IP advertisement enabled on a Layer 3 gateway, the state for some MACs might be lost during MAC moves. PR1291118

  • QFX5110-32C: Routable ICMP packets get flooded on one of the newly provisioned 100 VXLAN IRB interfaces on a non-collapsed VXLAN L3 gateway (same IP, same MAC profile). PR1291406

  • The dcpfe process might crash after a period of idle time on QFX10000 switches. PR1294055

Software Licensing

  • VXLAN license might display as invalid if QFX-ADV-FEATURE-LIC is installed. PR1288916

Virtual Chassis

  • QFX5100 TVP: Not able to load TVP image on top of a non-TVP 5100 image while adding a QFX5100 switch to the Virtual Chassis. PR1248145

  • QFX5100: The ovsdb-server daemon failed to start. PR1288052

  • On QFX-5100, the fxpc process generates a core file. PR1294033

  • QFX5200: New apply group not applying to the Virtual Chassis after a reboot. PR1305520

VLAN Infrastructure

  • VLAN association is not being updated in the Ethernet switching table when the device is configured in single supplicant mode. PR1283880

Documentation Updates

There are no documentation errata or changes for the QFX Series switches in Junos OS Release 17.4R2.

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network.

Upgrading Software on QFX Series Switches

When upgrading or downgrading Junos OS, always use the jinstall package. Use other packages (such as the jbundle package) only when so instructed by a Juniper Networks support representative. For information about the contents of the jinstall package and details of the installation process, see the Installation and Upgrade Guide and Junos OS Basics in the QFX Series documentation.

If you are not familiar with the download and installation process, follow these steps:

  1. In a browser, go to https://www.juniper.net/support/downloads/junos.html.

    The Junos Platforms Download Software page appears.

  2. In the QFX Series section of the Junos Platforms Download Software page, select the QFX Series platform for which you want to download the software.
  3. Select 17.4 in the Release pull-down list to the right of the Software tab on the Download Software page.
  4. In the Install Package section of the Software tab, select the QFX Series Install Package for the 17.4 release.

    An Alert box appears.

  5. In the Alert box, click the link to the PSN document for details about the software, and click the link to download it.

    A login screen appears.

  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.
  7. Download the software to a local host.
  8. Copy the software to the device or to your internal software distribution site.
  9. Install the new jinstall package on the device.Note

    We recommend that you upgrade all software packages out of band using the console, because in-band connections are lost during the upgrade process.

    Customers in the United States and Canada use the following command:

    user@host> request system software add sourcejinstall-host-qfx-10-f-x86-64-17.4 -R1.n-secure-signed.tgz reboot reboot

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the switch.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname (available only for Canada and U.S. version)

    Adding the reboot command reboots the switch after the upgrade is installed. When the reboot is complete, the switch displays the login prompt. The loading process can take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note

After you install a Junos OS Release 17.4 jinstall package, you can issue the request system software rollback command to return to the previously installed software.

Installing the Software on QFX10002 Switches

Note

If you are upgrading from a version of software that does not have the FreeBSD 10 kernel (15.1X53-D30, for example), you will need to upgrade from Junos OS Release 15.1X53-D30 to Junos OS Release 15.1X53-D32. After you have installed Junos OS Release 15.1X53-D32, you can upgrade to Junos OS Release 15.1X53-D60 or Junos OS Release 17.4R1.

Note

On the switch, use the force-host option to force-install the latest version of the Host OS. However, by default, if the Host OS version is different from the one that is already installed on the switch, the latest version is installed without using the force-host option.

If the installation package resides locally on the switch, execute the request system software add <pathname><source> reboot command.

For example:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-f-x86-64-17.4 -R2.n-secure-signed.tgz reboot reboot

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> reboot command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-f-x86-64-17.4 -R1.n-secure-signed.tgz reboot reboot

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Upgrading Software from Junos OS Release 15.1X53-D3X to Junos OS Release 15.1X53-D60, 15.1X53-D61.7, 15.1X53-D62, and 15.1X53-D63 on QFX10008 and QFX10016 Switches

Note

Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://www.juniper.net/support.

The switch contains two Routing Engines, so you will need to install the software on each Routing Engine (re0 and re1).

If the installation package resides locally on the switch, execute the request system software add <pathname><source> command.

To install the software on re0:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re0

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re0 command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re0

To install the software on re1:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re1

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re1 command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re1

Reboot both Routing Engines.

For example:

user@switch> request system reboot both-routing-engines

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Installing the Software on QFX10008 and QFX10016 Switches

Because the switch has two Routing Engines, perform a Junos OS installation on each Routing Engine separately to avoid disrupting network operation.

Note

Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://www.juniper.net/support.

Warning

If graceful Routing Engine switchover (GRES), nonstop bridging (NSB), or nonstop active routing (NSR) is enabled when you initiate a software installation, the software does not install properly. Make sure you issue the CLI delete chassis redundancy command when prompted. If GRES is enabled, it will be removed with the redundancy command. By default, NSR is disabled. If NSR is enabled, remove the nonstop-routing statement from the [edit routing-options] hierarchy level to disable it.

  1. Log in to the master Routing Engine’s console.

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  2. From the command line, enter configuration mode:

    user@switch> configure
  3. Disable Routing Engine redundancy:

    user@switch# delete chassis redundancy
  4. Disable nonstop-bridging:

    user@switch# delete protocols layer2-control nonstop-bridging
  5. Save the configuration change on both Routing Engines:

    user@switch# commit synchronize
  6. Exit the CLI configuration mode:

    user@switch# exit

    After the switch has been prepared, you first install the new Junos OS release on the backup Routing Engine, while keeping the currently running software version on the master Routing Engine. This enables the master Routing Engine to continue operations, minimizing disruption to your network.

    After making sure that the new software version is running correctly on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the software version on the other Routing Engine.

  7. Log in to the console port on the other Routing Engine (currently the backup).

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  8. Install the new software package using the request system software add command:

    user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-f-x86-64-17.4 -R1.n-secure-signed.tgz reboot

    For more information about the request system software add command, see the CLI Explorer.

  9. Reboot the switch to start the new software using the request system reboot command:

    user@switch> request system reboot
    Note

    You must reboot the switch to load the new installation of Junos OS on the switch.

    To abort the installation, do not reboot your switch. Instead, finish the installation and then issue the request system software delete <package-name> command. This is your last chance to stop the installation.

    All the software is loaded when you reboot the switch. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.

    While the software is being upgraded, the Routing Engine on which you are performing the installation is not sending traffic.

  10. Log in and issue the show version command to verify the version of the software installed.

    user@switch> show version

    Once the software is installed on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the master Routing Engine software.

  11. Log in to the master Routing Engine console port.

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  12. Transfer routing control to the backup Routing Engine:

    user@switch> request chassis routing-engine master switch

    For more information about the request chassis routing-engine master command, see the CLI Explorer.

  13. Verify that the backup Routing Engine (slot 1) is the master Routing Engine:

    user@switch> show chassis routing-engine
  14. Install the new software package using the request system software add command:

    user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-17.4R1.n-secure-signed.tgz

    For more information about the request system software add command, see the CLI Explorer.

  15. Reboot the Routing Engine using the request system reboot command:

    user@switch> request system reboot
    Note

    You must reboot to load the new installation of Junos OS on the switch.

    To abort the installation, do not reboot your system. Instead, finish the installation and then issue the request system software delete jinstall <package-name> command. This is your last chance to stop the installation.

    The software is loaded when you reboot the system. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.

    While the software is being upgraded, the Routing Engine on which you are performing the installation does not send traffic.

  16. Log in and issue the show version command to verify the version of the software installed.

  17. Transfer routing control back to the master Routing Engine:

    user@switch> request chassis routing-engine master switch

    For more information about the request chassis routing-engine master command, see the CLI Explorer.

  18. Verify that the master Routing Engine (slot 0) is indeed the master Routing Engine:

    user@switch> show chassis routing-engine

Performing a Unified ISSU

You can use unified ISSU to upgrade the software running on the switch with minimal traffic disruption during the upgrade.

Note

Unified ISSU is supported in Junos OS Release 13.2X51-D15 and later.

Perform the following tasks:

Preparing the Switch for Software Installation

Before you begin software installation using unified ISSU:

  • Ensure that nonstop active routing (NSR), nonstop bridging (NSB), and graceful Routing Engine switchover (GRES) are enabled. NSB and GRES enable NSB-supported Layer 2 protocols to synchronize protocol information between the master and backup Routing Engines.

    To verify that nonstop active routing is enabled:

    Note

    If nonstop active routing is enabled, then graceful Routing Engine switchover is enabled.

    If nonstop active routing is not enabled (Stateful Replication is Disabled), see Configuring Nonstop Active Routing on Switches for information about how to enable it.

  • Enable nonstop bridging (NSB). See Configuring Nonstop Bridging on Switches (CLI Procedure) for information on how to enable it.

Upgrading the Software Using Unified ISSU

This procedure describes how to upgrade the software running on a standalone switch.

To upgrade the switch using unified ISSU:

  1. Download the software package by following the procedure in the Downloading Software Files with a Browser section in Installing Software Packages on QFX Devices.

  2. Copy the software package or packages to the switch. We recommend that you copy the file to the /var/tmp directory.

  3. Log in to the console connection. Using a console connection allows you to monitor the progress of the upgrade.

  4. Start the ISSU:

    • On the switch, enter:

      where package-name.tgz is, for example, jinstall-host-qfx-5-17.3R1-signed.tgz.

    Note

    During the upgrade, you cannot access the Junos OS CLI.

    The switch displays status messages similar to the following messages as the upgrade executes:

    Note

    A unified ISSU might stop, instead of abort, if the FPC is at the warm boot stage. Also, any links that go down and up will not be detected during a warm boot of the Packet Forwarding Engine (PFE).

    Note

    If the unified ISSU process stops, you can look at the log files to diagnose the problem. The log files are located at /var/log/vjunos-log.tgz.

  5. Log in after the reboot of the switch completes. To verify that the software has been upgraded, enter the following command:

  6. Ensure that the resilient dual-root partitions feature operates correctly, by copying the new Junos OS image into the alternate root partitions of all of the switches:

    Resilient dual-root partitions allow the switch to boot transparently from the alternate root partition if the system fails to boot from the primary root partition.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2 and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3. However, you cannot upgrade directly from a non-EEOL release that is more than three releases ahead or behind.

To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.

Product Compatibility

Hardware Compatibility

To obtain information about the components that are supported on the devices, and the special compatibility guidelines with the release, see the Hardware Guide for the product.

To determine the features supported on QFX Series switches in this release, use the Juniper Networks Feature Explorer, a Web-based application that helps you to explore and compare Junos OS feature information to find the right software release and hardware platform for your network. Find Feature Explorer at https://pathfinder.juniper.net/feature-explorer/.

Hardware Compatibility Tool

For a hardware compatibility matrix for optical interfaces and transceivers supported across all platforms, see the Hardware Compatibility tool.