Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for the QFX Series

 

These release notes accompany Junos OS Release 17.4R3 for the QFX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

New and Changed Features

This section describes the new features for the QFX Series switches in Junos OS Release 17.4R3.

Note

The following QFX Series platforms are supported in Release 17.4R3: QFX5100, QFX5110, QFX5200, QFX10002, QFX10008, and QFX10016.

Release 17.4R3 New and Changed Features

  • There are no new features or enhancements to existing features for QFX Series Switches in Junos OS Release 17.4R3.

Release 17.4R2 New and Changed Features

Restoration Procedures and Failure Handling

  • Device recovery mode support in Junos OS with upgraded FreeBSD (QFX Series)—Starting in Junos OS Release 17.4R2, devices running Junos OS with an upgraded FreeBSD and a saved rescue configuration have an automatic device recovery mode should the system go into amnesiac mode. The new process has the system automatically reboot with the saved rescue configuration. Then, the system displays "Device is in recovery mode” in the CLI (in both operational and configuration modes). Previously, there was no automatic process to recover from amnesiac mode. A user with load and commit permission had to log in using the console and fix the issue in the configuration before the system would reboot.

    [See Saving a Rescue Configuration File.]

Virtual Chassis

  • Virtual Chassis support (QFX5200 switches)—Starting in Junos OS Release 17.3R2, QFX5200 switches can be interconnected into a Virtual Chassis as one logical device managed as a single chassis. A QFX5200 Virtual Chassis can contain up to 3 members, which must be QFX5200 switches (no mixed mode support). Any non-channelized 100-Gbps QSFP28 ports or 40-Gbps QSFP+ ports can be configured as Virtual Chassis ports (VCPs) to interconnect member switches. Configuration and operation are the same as for other QFX Series Virtual Chassis.

    [See Understanding QFX Series Virtual Chassis.]

Release 17.4R1 New and Changed Features

Hardware

  • QFX10000-30C-M line card (QFX10008 and QFX100016 switches)–-Starting with Junos OS Release 17.4R-S2, the QFXF10000-30C-M line cards provides 30 ports of either 100-gigabit or 40-gigabit QSFP28 with MACsec features.

Class of Service (CoS)

  • Priority-based flow control (PFC) using Differentiated Services code points (DSCP) at Layer 3 for untagged traffic (QFX5110 and QFX5200 switches)—Starting in Junos OS Release 17.4R1, to support lossless traffic across Layer 3 connections to Layer 2 subnetworks on QFX5110 and QFX5200 switches, you can configure priority-based flow control (PFC) to operate using 6-bit DSCP values from Layer 3 headers of untagged VLAN traffic, rather than IEEE 802.1P priority values in Layer 2 VLAN-tagged packet headers. DSCP-based PFC is required to support Remote Direct Memory Access (RDMA) over converged Ethernet version 2 (RoCEv2).

    To enable DSCP-based PFC, map a forwarding class to a PFC priority using the pfc-priority statement, define a congestion notification profile to enable PFC on traffic specified by a 6-bit DSCP value, and set up a classifier for the DSCP value and the PFC-mapped forwarding class.

    [See Understanding PFC Using DSCP at Layer 3 for Untagged Traffic.]

EVPNs

  • Support for LACP in EVPN active-active multihoming (QFX5100, QFX5100 Virtual Chassis, QFX5110, and QFX5200 switches)——Starting with Junos OS Release 17.4R1, an extra level of redundancy can be achieved in an Ethernet VPN (EVPN) active-active multihoming network by configuring the Link Aggregation Control Protocol (LACP) on both the endpoints of the link between the multihomed customer edge (CE) and provider edge (PE) devices. The link aggregation group (LAG) interface of the multihomed CE-PE link can either be in the active or in the standby state. The interface state is monitored and operated by LACP to ensure fast convergence on isolation of a multihomed PE device from the core. When there is a core failure, a traffic black hole can occur at the isolated PE device. With the support for LACP on the CE-PE link, at the time of core isolation, the CE-facing interface of the multihomed PE device is set to the standby state, thereby blocking data traffic transmission from and toward the multihomed CE device. After the core recovers from the failure, the interface state is switched back from standby to active.

    To configure LACP in EVPN active-active multihoming network:

    • On the multihomed CE device include the lacp active statement at the [edit interfaces aex aggregated-ether-options] hierarchy.

    • On the multihomed PE device include the lacp active statement at the [edit interfaces aex aggregated-ether-options] hierarchy, and include the service-id number statement at the [edit switch-options] hierarchy.

    [See Understanding LACP for EVPN Active-Active Multihoming.]

  • EVPN pure type-5 route support (QFX5110 switches)—Starting with Junos OS Release 17.4R1, you can configure pure type-5 routing in an Ethernet VPN (EVPN) Virtual Extensible LAN (VXLAN) environment. Pure type-5 routing is used when the Layer 2 domain does not exist at the remote data centers. A pure type-5 route advertises the summary IP prefix and includes a BGP extended community called a router MAC, which is used to carry the MAC address of the sending switch and to provide next-hop reachability for the prefix. To configure pure type-5 routing include the ip-prefix-routes advertise direct-nexthop statement at the [edit routing-instances routing-instance-name protocols evpn] hierarchy level. To enable two-level equal-cost multipath (ECMP) next hops in an EVPN-VXLAN overlay network, you must also include the overlay-ecmp statement at the [edit forwarding-options vxlan-routing] hierarchy level.

    [See ip-prefix-routes.]

  • SPRING support for EVPN (QFX10000 switches)—-Starting in Junos OS Release 17.4R1, Junos OS supports using Source Packet Routing in Networking (SPRING) as the underlay transport in EVPN. SPRING tunnels enable routers to steer a packet through a specific set of nodes and links in the network.

    To configure SPRING, use the source-packet-routing statement at the [edit protocols isis] hierarchy level.

    [See Understanding Source Packet Routing in Networking (SPRING).]

  • Support for duplicate MAC address detection and suppression (QFX10000 switches)— When a MAC address relocates, PE devices can converge on the latest location by using sequence numbers in the extended community field. Misconfigurations in the network can lead to duplicate MAC addresses. Starting in Junos OS Release 17.4R1, Juniper supports duplicate MAC address detection and suppression.

    You can modify the duplicate MAC address detection settings on the switch by configuring the detection window for identifying duplicate MAC address and the number of MAC address moves detected within the detection window before duplicate MAC detection is triggered and the MAC address is suppressed. In addition, you can also configure an optional recovery time that the switch waits before the duplicate MAC address is automatically unsupressed.

    To configure duplicate MAC detection parameters, use the detection-window, detection-threshold, and auto-recovery-time statements at the [edit routing instance routing-instance-name protocols evpn duplicate-mac-detection] hierarchy level.

    To clear duplicate MAC suppression manually, use the clear evpn duplicate-mac-suppression command.

    [See Overview of MAC Mobility. ]

General Routing

  • Enhancement to show chassis forwarding-options command (QFX5200 Virtual Chassis)—Starting in Junos OS Release 17.4R1, the show chassis forwarding-options command displays information about memory banks for QFX5200 Virtual Chassis only for the master. This information is not displayed for all the other members Memory banks can be partitioned among different types of forwarding table entries through the Unified Forwarding Table feature. Values remain the same across all members. All configuration changes for the Unified Forwarding Table are made through the Master.

    [See show chassis forwarding-options.]

Interfaces and Chassis

  • Support for resilient hashing for LAGs and ECMP (QFX10000)—Starting with Junos OS Release 17.4R1 on QFX10000 switches, you can prevent the reordering of flows to active paths in link aggregation groups (LAGs) or ECMP when one or more paths fail. Only flows that are on inactive paths are redirected. It overrides the default behavior of disrupting all existing, including active, TCP connections when an active path fails. You can optionally set a specific value for the resilient-hash seed that differs from the hash-seed value that will be used by the other hash functions on the switch. A resilient hashing configuration on ECMP is applied through use of a route policy.

    [See Understanding the Use of Resilient Hashing to Minimize Flow Remapping.]

  • Enterprise profile for Precision Time Protocol (PTP) (QFX10002 switches)—Starting with Junos OS Release 17.41, the enterprise profile, which is based on PTPv2, provides the ability for enterprise and financial markets to timestamp on different systems and to handle a range of latency and delays.

    The enterprise profile supports the following options:

    • IPv4 multicast transport

    • Ordinary and boundary clocks

    • 1-Gigabit SFP grandmaster port

    • 512 downstream slave clocks

    You can configure the enterprise profile at the [edit protocols ptp profile-type] hierarchy.

    [See Understanding Transparent Clocks in Precision Time Protocol.]

  • Support for Precision Time Protocol (PTP) transparent clock (QFX5200 switches)—Starting with Junos OS Release 17.4R1, PTP synchronizes clocks throughout a packet-switched network. With a transparent clock, the PTP packets are updated with residence time as the packets pass through the switch. There is no master/slave designation. End-to-end transparent clocks are supported. With an end-to-end transparent clock, only the residence time is included. The residence time can be sent in a one-step process, which means that the timestamps are sent in one packet. In a two-step process, estimated timestamps are sent in one packet, and additional packets contain updated timestamps. In addition, UDP over IPv4 and IPv6 and unicast and multicast transparent clock are supported.

    [See Understanding Transparent Clocks in Precision Time Protocol.]

Junos OS XML API and Scripting

  • Automation script library additions and upgrades (QFX Series)—Starting in Junos OS Release 17.4R1, devices running Junos OS include new and upgraded Python modules as well as upgraded versions of Junos PyEZ and libslax. On-box Python automation scripts can use features supported in Junos PyEZ Release 2.1.4 and earlier releases to perform operational and configuration tasks on devices running Junos OS. Python automation scripts can also leverage new on-box Python modules including ipaddress, jxmlease, pyang, serial, and six, as well as upgraded versions of existing modules. In addition, SLAX automation scripts can include features supported in libslax release 0.22.0 and earlier releases.

    [See Overview of Python Modules Available on Devices Running Junos OS and libslax Distribution Overview.]

Management

  • Enhancements to LSP events sensor for Junos Telemetry Interface (QFX5110, QFX5200, and QFX10000 switches) —Starting with Junos OS Release 17.4R1, telemetry data streamed through gRPC for LSP events and properties is reported separately for each routing instance. To export data for LSP events and properties, you must now include /network-instances/network-instance[name_'instance-name']/ in front of all supported paths. For example, to export LSP events for RSVP Signaling protocol attributes, use the following path: /network-instances/network-instance[name_'instance-name']/mpls/signaling-protocols/rsvp-te/. Use the telemetrySubscribe RPC to specify telemetry parameters and provision the sensor. If your device is running a version of Junos OS with an upgraded FreeBSD kernel, you must download the Junos Network Agent software package, which provides the interfaces to manage gRPC subscriptions.

    [See Guidelines for gRPC Sensors.]

  • Enhancement to BGP sensor for Junos Telemetry Interface (QFX5110, QFX5200, and QFX10000 switches)—Starting with Junos OS Release 17.4R1, you can specify to export the number of BGP peers in a BGP group for telemetry data exported through gRPC. To export the number of BGP peers for a group, use the following OpenConfig path: /network-instances/network-instance[name_'instance-name']/protocols/protocol/

    bgp/peer-groups/peer-group[name_'peer-group-name]/state/peer-count/
    . The BGP peer count value exported reflects the number of peering sessions in a group. For example, for a BGP group with two devices, the peer count reported is 1 (one) because each group member has one peer. To provision the sensor to export data through gRPC, use the telemetrySubcribe RPC to specify telemetry parameters.

    [See Guidelines for gRPC Sensors.]

  • Support for multiple, smaller configuration YANG modules (QFX Series)—Starting in Junos OS Release 17.4R1, the YANG module for the Junos OS configuration schema is split into a root configuration module that is augmented by multiple, smaller modules. The root configuration module comprises the top-level configuration node and any nodes that are not emitted as separate modules. Separate, smaller modules augment the root configuration module for the different configuration statement hierarchies. Smaller configuration modules enable YANG tools and utilities to more quickly and efficiently compile and work with the modules, because they only need to import the modules required for the current operation.

    [See Understanding the YANG Modules That Define the Junos OS Configuration.]

Multicast

  • Support for static multicast route leaking for VRF and virtual-router instances (QFX5110 and QFX5200 switches)—Starting with Junos OS Release 17.4R1, you can configure your switch to share IPv4 multicast routes among different virtual routing and forwarding (VRF) instances or different virtual-router instances. Only multicast static routes with a destination-prefix length of /32 are supported for multicast route leaking. Only Internet Group Management Protocol version 3 is supported. To configure multicast route leaking for VRF or virtual-router instances , include the next-table routing-instance-name.inet.0 statement at the [edit routing-instances routing-instance-name routing-options static route destination-prefix/32] hierarchy level. For routing-instance-name, include the name of a VRF or virtual-router instance.

    [See Understanding Multicast Route Leaking for VRF and Virtual-Router Instances.]

  • MLD snooping versions 1 and 2 (QFX5100 switches and Virtual Chassis)—Starting with Junos OS Release 17.4R1, QFX5100 switches and QFX5100 Virtual Chassis support Multicast Listener Discovery (MLD) snooping version 1 (MLDv1) and version 2 (MLDv2). MLD snooping constrains the flooding of IPv6 multicast traffic on VLANs. When MLD snooping is enabled on a VLAN, the switch examines MLD messages encapsulated within ICMPv6 packets transferred between hosts and multicast routers. The switch learns which hosts are interested in receiving traffic for a multicast group, and forwards multicast traffic only to those interfaces in the VLAN that are connected to interested receivers instead of flooding the traffic to all interfaces. You configure MLD snooping parameters and enable MLD snooping using configuration statements at the [edit protocols] mld-snooping vlan vlan-name hierarchy.

    [See Understanding MLD Snooping on Switches.]

  • Multicast-only fast reroute (MoFRR) (QFX5100, QFX5110, and QFX5200 switches)—Starting in Junos OS Release 17.4R1, QFX5100, QFX5110, and QFX5200 switches support MoFRR, which minimizes multicast packet loss in PIM domains when there are link failures. With MoFRR enabled, the switch maintains both a primary and a backup multicast packet stream toward the multicast source, accepting traffic received on the primary path and dropping traffic received on the backup path. Upon primary path failure, the backup path becomes the primary path and quickly takes over forwarding the multicast traffic. If alternative paths are available, a new backup path is created. When enabling MoFRR, you can optionally configure a policy for the (S,G) entries to which MoFRR should apply; otherwise MoFRR applies to all multicast (S,G) streams.

    [See Understanding Multicast-Only Fast Reroute on Switches.]

  • Support for rpf-selection statement for PIM protocol at global instance level (QFX Series)—Starting in Junos OS 17.4R1, the rpf-selection statement for the PIM protocol is available at global instance level. You can configure group and source statements at the [edit protocols pim rpf-selection] hierarchy level.

MPLS

  • Support for BGP MPLS-based Ethernet VPN (QFX10000 Series switches)—Starting with Junos OS Release 17.4R1, you can use MPLS-based Ethernet VPN (EVPN) to route MAC addresses using BGP over an MPLS core network. An EVPN enables you to connect dispersed customer sites by using a Layer 2 virtual bridge. As with other types of VPNs, an EVPN consists of a customer edge (CE) device (host, router, or switch) connected to a provider edge (PE) switch. The QFX10000 acts as a PE switch at the edge of the MPLS infrastructure. The switch can be connected by an MPLS Label Switched Path (LSP) which provides the benefits of MPLS technology, such as fast reroute and resiliency. You can deploy multiple EVPNs within a service provider network, each providing network connectivity to a customer while ensuring that the traffic sharing on that network remains private.

    [See EVPN Overview.]

  • Support for static adjacency segment identifier for ISIS (QFX Series)—Starting with Junos OS Release 17.4R1, you can configure static adjacency segment ID (SID) labels for an interface. You can configure two IPv4 adjacency SIDs (protected and unprotected), IPv6 adjacency SIDs (protected and unprotected) per level per interface. You can use the same adjacent SID for multiple interfaces by grouping a set of interfaces under an interface-group and configuring the adjacency-segment for that interface-group. For static adjacency SIDs, the labels are picked from either a static reserved label pool or from segment routing global block (SRGB).

    [See Static Adjacency Segment Identifier for ISIS.]

  • Support for static adjacency segment identifier for aggregate Ethernet member links (QFX Series)—Starting with Junos OS Release 17.4R1, you can configure a transit single-hop static label switched path (LSP) for a specific member link of an aggregate Ethernet (AE) interface. A static labeled route is added with next-hop pointing to the AE member link of an aggregate interface. Label for these routes is picked from the segment routing local block (SRLB) pool of the configured static label range. This feature is supported for AE interfaces only.

    A new member-interface CLI command is added under [edit protocols mpls static-label-switched-path lsp-name transit] hierarchy to configure the AE member interface name. The static LSP label is configured from a defined static label range.

    [See Configuring Static Adjacency Segment Identifier for Aggregate Ethernet Member Links Using Single-Hop Static LSP.]

  • Support for PCEP (QFX5100, QFX5110, QFX5200 switches)—Starting with Junos OS Release 17.4R1, MPLS RSVP-TE functionality was extended to provide a partial client-side implementation of the stateful Path Computation Element (PCE) architecture (draft-ietf-pce-stateful-pce). The PCE computes path for the traffic engineered LSPs (TE LSPs) of ingress routers that are configured for external control. The ingress router that connects to a PCE is called a Path Computation Client (PCC). The PCC is configured with the Path Computation Client Protocol (PCEP) (defined in RFC 5440, but limited to the functionality supported on a stateful PCE only) to facilitate external path computing by a PCE. In this new functionality, the active stateful PCE sets parameters for the PCC's TE LSPs, such as bandwidth, path (ERO), and priority.

    [See PCEP Overview.]

  • Support for Flap and MBB counter for LSP (QFX Series)—Starting in Junos OS Release 17.4R1, the show mpls lsp extensive command introduces the following two counters for LSP on master routing engine (RE) only:

    • Flap counter–- Counts the number of times a LSP flaps down or up.

    • MBB counter— Counts the number of times a LSP incurs MBB.

    The clear mpls lsp counters command resets the flap and the MBB counter to zero.

  • Display of labels in received record route for unprotected LSPs by show mpls lsp extensive command (QFX Series)—The show mpls lsp extensive command displays the labels in received record route (RRO) for protected LSPs. Starting in Junos OS Release 17.4R1, the command also displays the labels associated with the hops in RRO for unprotected LSPs as well. The label recording in RRO is enabled by default.

  • Support for default timeout duration for self-ping on an LSP instance (QFX Series)—Starting in Junos OS 17.4R1, the default timeout duration for which the self-ping runs on an LSP instance is reduced from 65,535 (runs until success) to 1800 seconds. You can also manually configure the self-ping duration value between 1 to 65,535 (runs until success) seconds using the self-ping-duration value command at the [edit protocols mpls label-switched-path label-switched-path] hierarchy level. By default, self-ping is enabled. The LSP types such as CCC, P2MP, VLAN-based , and non-default instances do not support self-ping . You can configure the no-self-ping command at the [edit protocols mpls label-switched-path label-switched-path] hierarchy level to override the behavior of self-ping running by default.

  • Support for label history for MPLS protocol (QFX Series)—Starting in Junos OS Release 17.4R1, configure max-entries number option at [edit protocols mpls label-history] hierarchy level to display label allocation, release history, and associated information such as RSVP session that helps debug label related error such as stale label route and deleted label route. You can configure the limit for the maximum number of MPLS history entry per label . By default, label history is off and there is no maximum limit for the number of entries for each label. The show mpls label history label-value command displays the label history for a given label value and the show mpls label history label-range start-label end-label command displays the history of labels between the given label range.

    The clear mpls label history command clears the label history details.

  • Support for adjusting the threshold of autobandwidth based on the absolute value for LSP (QFX Series)—Current autobandwidth threshold adjustment is done based on the configured percentage that is hard to tune to work well for both small and large bandwidth reservations. For a given threshold percentage, when the bandwidth reservation is small there can be multiple LSP resignalling events. This is because the LSP is responsive to even minor increase or decrease in the utilization when current reservation is small. For example, a small threshold adjustment of 5 percent allows large LSPs of say 1G to respond to changes in bandwidth of the order of 50M. However, that same threshold adjustment results in too many LSP resignalling events for small LSPs of say 10M reservation. Increasing the adjust threshold percentage by for example 40 percent minimizes LSP resignalling for small LSPs. However, large LSPs do not react to bandwidth usage changes unless it is huge, for example 400M. Starting in Junos OS Release 17.4R1, you can configure an absolute value based threshold along with the percentage based threshold that helps avoid the bandwidth getting triggered for LSPs of both small and large bandwidth reservations. Configure adjust-threshold-absolute value option at [edit protocols mpls label-switched-path lsp-name auto-bandwidth] hierarchy level.

Network Management and Monitoring

  • Real-time performance monitoring (RPM) (QFX5100 switches)—Starting in Junos OS Release 17.4R1-S1, real-time performance monitoring (RPM) on QFX5100 switches enables you to configure active probes to track and monitor traffic across the network and to investigate network problems.

    The ways in which you can use RPM include:

    • Monitor time delays between devices.

    • Monitor time delays at the protocol level.

    • Set thresholds to trigger SNMP traps when values are exceeded.

      You can configure thresholds for round-trip time, ingress or egress delay, standard deviation, jitter, successive lost probes, and total lost probes per test.

    • Determine automatically whether a path exists between a host router or switch and its configured BGP neighbors. You can view the results of the discovery using an SNMP client.

    • Use the history of the most recent 50 probes to analyze trends in your network and predict future needs.

    [See Understanding Real-Time Performance Monitoring on Switches .]

Port Security

  • Media Access Control Security (MACsec) support (QFX10008 and QFX10016 switches)—Starting in Junos OS Release 17.4R1-S2, MACsec is supported on all 30 interfaces of the QFX10000-30C-M line card when it is installed in a QFX10008 or QFX10016 switch. MACsec is an 802.1AE IEEE industry-standard security technology that provides secure communication for all traffic on point-to-point Ethernet links. MACsec is capable of identifying and preventing most security threats, and can be used in combination with other security protocols to provide end-to-end network security. MACsec can be enabled only on domestic versions of Junos OS software.

    [See Understanding Media Access Control Security (MACsec).]

Routing Protocols

  • Topology-independent loop-free alternate for IS-IS (QFX Series)—Starting in Junos OS Release 17.4R1, topology-independent loop-free alternate (TI-LFA) with segment routing provides MPLS fast reroute (FRR) backup paths corresponding to the post-convergence path for a given failure. You can enable TI-LFA for IS-IS by configuring the use-post-convergence-lfa statement at the [edit protocols isis backup-spf-options] hierarchy level. TI-LFA provides protection against link failure, node failure, and failures of fate-sharing groups.

    You can enable the creation of post-convergence backup paths for a given interface by configuring the post-convergence-lfa statement at the [edit protocols isis interface interface-name level level] hierarchy level. The post-convergence-lfa statement enables link-protection mode.

    You can enable node-protection and/or fate-sharing-protection mode for a given interface at the [edit protocols isis interface interface-name level level post-convergence-lfa] hierarchy level. To use a particular fate-sharing group as a constraint for the fate-sharing-aware post-convergence path, you need to configure the use-for-post-convergence-lfa statement at the [edit routing-options fate-sharing group group-name] hierarchy level.

    [See Understanding Topology-Independent Loop-Free Alternate with Segment Routing for IS-IS.]

  • Support for EBGP route server (QFX Series)—Starting in Junos OS Release 17.4R1, BGP feature is enhanced to support EBGP route server functionality. A BGP route server is the external BGP (EBGP) equivalent of an internal IBGP (IBGP) route reflector that simplifies the number of direct point-to-point EBGP sessions required in a network. EBGP route server propagates unmodified BGP routing information between external BGP peers to facilitate high scale exchange of routes in peering points such as Internet Exchange Points (IXPs). When BGP is configured as a route server, EBGP routes are propagated between peers unmodified, with full attribute transparency (NEXT_HOP, AS_PATH, MULTI_EXIT_DISC, AIGP, and Communities).

    The BGP JET bgp_route_service.proto API has been enhanced to support route server functionality as follows:

    • Program the EBGP route server.

    • Inject routes to the specific route server RIB for selectively advertising it to the client groups in client-specific RIBs.

    The BGP JET bgp_route_service.proto API includes a peer-type object that identifies individual routes as either EBGP or IBGP (default).

    [See BGP Route Server Overview.]

  • Support for BGP advertising aggregate bandwidth across external BGP links for load balancing (QFX Series)—Starting in Junos OS Release 17.4R1, BGP uses a new link bandwidth extended community, aggregate-bandwidth, to advertise aggregated bandwidth of multipath routes across external links. BGP calculates the aggregate of multipaths that have unequal bandwidth allocation and advertises the aggregated bandwidth to external BGP peers. A threshold to the aggregate bandwidth can be configured to restrict the bandwidth usage of a BGP group. In earlier Junos OS releases, a BGP speaker receiving multipaths from its internal peers advertised the link bandwidth associated with the active route. To advertise aggregated bandwidth of multipath routes and to set a maximum threshold, configure a policy with aggregate-bandwidth and limit bandwidth actions at the [edit policy-options policy-statement name then] hierarchy level.

    See [Advertising Aggregate Bandwidth Across External BGP Links for Load Balancing Overview].

Services Applications

  • Support for IPFIX templates for flow aggregation (QFX10008 and QFX10016)—Starting with Junos OS Release 17.4R1, you can define a flow record template for unicast IPv4 and IPv6 traffic in IP Flow Information Export (IPFIX) format. Templates are transmitted to the collector periodically. To define an IPFIX template, include the version-ipfix template template-name set of statements at the [edit services flow-monitoring] hierarchy level.

    You must also perform the following configuration:

    • Sampling instance at the [edit forwarding-options] hierarchy level.

    • Associate the sampling instance with the FPC at the [edit chassis] hierarchy level and with a template configured at the [edit services flow-monitoring] hierarchy level.

    • Firewall filter for the family of traffic to be sampled at the [edit firewall] hierarchy level.

    This feature was previously introduced on QFX10002 switches in Junos OS Release 17.2R1.

    [See Configuring Flow Aggregation to Use IPFIX Flow Templates.]

Software Installation and Upgrade

  • Support for personality files (QFX5100 switches)—Starting in Junos OS Release 17.4R1, when a switch in a data center network goes down because of a hardware failure, replacing that switch can be time-consuming and error-prone, because you have to ensure that the crucial elements that you had running on the downed switch are exactly replicated on the new switch. To save time and to avoid errors in configuration and state when you replace a switch, create a “personality” file for your current switch while the switch is still up and save that personality file on a remote server. The “personality” of a switch could include (but is not limited to) its running configuration, SNMP indices, and installed scripts and packages. If the current switch goes down, retrieve the personality file from the server, install it on a new switch, and then bring that new switch online in place of the downed switch.

    [See Personality File for Easy Switch Replacement.]

Virtual Chassis

  • Virtual Chassis support (QFX5200 switches)—Starting in Junos OS Release 17.4R1, QFX5200 switches can be interconnected into a Virtual Chassis as one logical device managed as a single chassis. A QFX5200 Virtual Chassis can contain up to 3 members that must be QFX5200-32C switches (no mixed mode support). Any non-channelized 100-Gbps QSFP28 ports or 40-Gbps QSFP+ ports can be configured as Virtual Chassis ports (VCPs) to interconnect member switches. Configuration and operation are the same as for other QFX Series Virtual Chassis.

    [See Understanding QFX Series Virtual Chassis.]

Changes in Behavior and Syntax

This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands from Junos OS Release 17.4R2 for the QFX Series.

Class of Service (CoS)

  • When you configure a transmit-rate, you must also configure a guaranteed-rate under traffic-control-profiles. If you commit a configuration of a transmit-rate without a guaranteed-rate, a warning message is displayed and the default scheduler map is applied.

EVPNs

  • Change to the show vlans evpn command (QFX5100 switches)—Starting with Junos OS Release 17.4R2, the show vlans evpn command is replaced by the show ethernet-switching evpn command.

General Routing

  • Change in default value for port ID TLV for QFX5200 switches—In Junos OS Release 17.4R1, for QFX5200 switches, the default value used for port ID TLV in LLDP messages is interface name, not SNMP index.

Interfaces and Chassis

  • Commit Error thrown when GRE interface and Tunnel source interface configured in different routing instances (QFX Series)—In Junos OS Releases 17.3R4 and 17.4R3, QFX series switches does not support configuring GRE interface and the underlying tunnel source interface in two different routing instances. If you try this configuration, it will result in a commit error with the following error message:

    error: GRE interface (gr-0/0/0.0) and its underlying tunnel source interface are in different routing-instances

    error: configuration check-out failed

    [See Understanding Generic Routing Encapsulation .]

  • Packets with MTU size greater than the default value are dropped (QFX5110)—In Junos OS Releases 17.3R3 and 17.4R2, on QFX5110 switches, setting maximum transmission unit (MTU) on the L3 interface does not take effect and packets with MTU size greater than the default value are dropped.

    [See mtu.]

  • New XML tag element <lacp-hold-up-state> added in show lacp interfaces XML display (QFX Series)—In Junos OS Release 17.4R3, the show lacp interfaces | display xml command displays a new XML tag element <lacp-hold-up-state>. The <lacp-hold-up-state> displays the time interval an interface holds before it changes from state, down to up. In earlier Junos OS releases, the LACP hold up the information for all interfaces were in a single <lacp-hold-up-information> XML tag. Now, for each interface it is displayed in a separate <lacp-hold-up-information> XML tag.

  • The resilient-hash statement is no longer available under aggregated-ether-options (QFX5200 switches)—Starting in Junos OS Release 17.4R3, the resilient-hash statement is no longer available in the [edit interfaces aex aggregated-ether-options] hierarchy level. Resilient hashing is not supported on LAGs on QFX5200.

    [See aggregated-ether-options.]

Management

  • Changes to Junos OS YANG module naming conventions (QFX Series)—Starting in Junos OS Release 17.4R1, the native Junos OS YANG modules use a new naming convention for the module's name, filename, and namespace. The module name and filename include the device family and the area of the configuration or command hierarchy to which the schema in the module belongs. In addition, the module filename includes a revision date. The module namespace is simplified to include the device family, the module type, and an identifier that is unique to each module and that differentiates the namespace of the module from that of other modules.

    [See Understanding Junos OS YANG Modules.]

MPLS

  • Support for Flap and MBB counter for LSP (QFX Series)—Starting in Junos OS Release 17.4R1, the show mpls lsp extensive command introduces the following two counters for LSP on the master routing engine (RE) only:

    • Flap counter–- Counts the number of times a LSP flaps down or up.

    • MBB counter— Counts the number of times a LSP incurs MBB.

    The clear mpls lsp counters command resets the flap and the MBB counter to zero.

  • Display of labels in received record route for unprotected LSPs by show mpls lsp extensive command (QFX Series)—The show mpls lsp extensive command displays the labels in received record route (RRO) for protected LSPs. Starting in Junos OS Release 17.4R1, the command also displays the labels associated with the hops in RRO for unprotected LSPs as well. The label recording in RRO is enabled by default.

  • Support for default timeout duration for self-ping on an LSP instance (QFX Series)—Starting in Junos OS 17.4R1, the default timeout duration for which the self-ping runs on an LSP instance is reduced from 65,535 (runs until success) to 1800 seconds. You can also manually configure the self-ping duration value between 1 to 65,535 (runs until success) seconds using the self-ping-duration value command at the [edit protocols mpls label-switched-path label-switched-path] hierarchy level. By default, self-ping is enabled. The LSP types such as CCC, P2MP, VLAN-based , and non-default instances do not support self-ping . You can configure the no-self-ping command at the [edit protocols mpls label-switched-path label-switched-path] hierarchy level to override the behavior of self-ping running by default.

  • Support for label history for MPLS protocol (QFX Series)—Starting in Junos OS Release 17.4R1, configure max-entries number option at the [edit protocols mpls label-history] hierarchy level to display label allocation, release history, and associated information such as RSVP session that helps debug label related error such as stale label route and deleted label route. You can configure the limit for the maximum number of MPLS history entries per label . By default, label history is off and there is no maximum limit for the number of entries for each label. The show mpls label history label-value command displays the label history for a given label value and the show mpls label history label-range start-label end-label command displays the history of labels between the given label range.

    The clear mpls label history command clears the label history details.

  • Support for adjusting the threshold of autobandwidth based on the absolute value for LSP (QFX Series)—Current autobandwidth threshold adjustment is done based on the configured percentage which is hard to tune to work well for both small and large bandwidth reservations. For a given threshold percentage, when the bandwidth reservation is small there can be multiple LSP resignaling events. This is because the LSP is responsive to even minor increases or decreases in the utilization when current reservation is small. For example, a small threshold adjustment of 5 percent allows large LSPs of around 1G to respond to changes in bandwidth of the order of 50M. However, that same threshold adjustment results in too many LSP resignalling events for small LSPs of around 10M reservation. Increasing the adjust threshold percentage by for example 40 percent minimizes LSP resignaling for small LSPs. However, large LSPs do not react to bandwidth usage changes unless they are huge, for example, 400M. Starting in Junos OS Release 17.4R1, you can configure an absolute value-based threshold along with the percentage-based threshold that helps avoid the bandwidth getting triggered for LSPs of both small and large bandwidth reservations. Configure adjust-threshold-absolute value option at the [edit protocols mpls label-switched-path lsp-name auto-bandwidth] hierarchy level.

  • When the no-propagate-ttl statement is configured on a QFX5200 switch in an MPLS network, the TTL value is not is not copied and decremented on the transit devices during a swap operation. When the switch acts as an ingress device for an LSP, it pushes an MPLS header with a TTL value of 255, regardless of the IP packet TTL. When the switch acts as the penultimate provider switch, it pops the MPLS header without writing the MPLS TTL into the IP packet. PR1368417

Network Management and Monitoring

  • Change in default log level setting (QFX Series)—In Junos OS Release, 17.4R1, the following changes were made in default logging levels:

    Before this change:

    • SNMP_TRAP_LINK_UP was LOG_INFO for both the physical (IFD) and logical (IFL) interfaces.

    • SNMP_TRAP_LINK_DOWN was LOG_WARNING for both the physical (IFD) and logical (IFL) interfaces.

    After this change:

    • IFD LinkUp -> LOG_NOTICE (because this is an important message but less frequent)

    • IFL LinkUp -> LOG_INFO (no change)

    • IFD and IFL LinkDown -> LOG_WARNING (no change)

    [See the MIB Explorer.]

  • New context-oid option for trap-options configuration statement to distinguish the traps that come from a non-default routing instance with a non-default logical system (QFX Series)—Starting in Junos OS Release 17.4R2, a new option, context-oid, for the trap-options statement allows you to handle prefixes such as <routing-instance name>@<trap-group> or <logical-system name>/<routing-instance name>@<trap-group> as an additional varbind.

    [See trap-options.]

  • SNMP syslog messages changed (QFX Series)—In Junos OS Release 17.4R1, two misleading SNMP syslog messages have been rewritten to accurately describe the event:

    • OLD —AgentX master agent failed to respond to ping. Attempting to re-register

      NEW — AgentX master agent failed to respond to ping, triggering cleanup!

    • OLD — NET-SNMP version %s AgentX subagent connected

      NEW — NET-SNMP version %s AgentX subagent Open-Sent!

    [See the SNMP MIB Explorer.]

  • The NETCONF server omits warnings in RPC replies when the rfc-compliant statement is configured and the operation returns <ok/> (QFX Series)—Starting in Junos OS Release 17.4R3, when you configure the rfc-compliant statement at the [edit system services netconf] hierarchy level to enforce certain behaviors by the NETCONF server, if the server reply after a successful operation includes both an <ok/> element and one or more <rpc-error> elements with a severity level of warning, the warnings are omitted. In earlier releases, or when the rfc-compliant statement is not configured, the NETCONF server might issue an RPC reply that includes both an <rpc-error> element with a severity level of warning and an <ok/> element.

Routing Policy and Firewall Filters

  • Support for configuring the GTP-TEID field for GTP traffic (QFX5000 line of switches)—Starting in Junos OS Release 17.3R3 and 17.4R2, the gtp-tunnel-endpoint-identifier statement is supported to configure the hash calculation of IPv4 or IPv6 packets that are included in the GPRS tunneling protocol–tunnel endpoint identifier (GTP-TEID) field hash calculations. The gtp-tunnel-endpoint-identifier configuration statement is configured at the [edit forwarding-options enhanced-hash-key family inet] hierarchy level.

    In most of the cases, configuring gtp-tunnel-endpoint-identifier statement is sufficient for enabling GTP hashing. After enabling, if GTP hashing does not work, it is recommended to capture the packets using relevant tools and identify the offset value. As per standards, 0x32 is the default header offset value. But, due to some special patterns in the header, offset may vary to say 0x30, 0x28, and so on. In this cases, use gtp-header-offset statement to set a proper offset value. Once the header offset value is resolved, run gtp-tunnel-endpoint-identifier command for enabling GTP hashing successfully.

    [See gtp-tunnel-endpoint-identifier and gtp-header-offset.]

Security

  • Support to log the SSH key changes—Starting with Junos OS 17.4R1, the configuration statement log-key-changes is introduced at the [edit system services ssh ] hierarchy level. When the log-key-changes configuration statement is enabled and committed (with the commit command in configuration mode), Junos OS logs the changes to the set of authorized SSH keys for each user (including the keys that were added or removed). Junos OS logs the differences since the last time the log-key-changes configuration statement was enabled. If the log-key-changes configuration statement was never enabled, then Junos OS logs all the authorized SSH keys.

  • Syslog or log action on firewall drops packets (QFX5000 switches)—Starting in 17.4R3, if you configure a syslog or log action on an ingress firewall filter, control packets and ICMP packets sent to the Routing Engine might be dropped.

Software Licensing

  • Key generator adds one day to make the duration of license show as 365 days (QFX Series)—Starting in Junos OS Release 17.4R1, the duration of subscription licenses as generated by the show system license command and shown in the output is correct to the numbers of days. Before this fix, for example, for a 1-year subscription license, the duration was generated as 364 days. After the fix, the duration of the 1-year subscription now shows as 365 days.

    [See show system license.]

Virtual Chassis

  • Adaptive load balancing (ALB) feature (Virtual Chassis Fabric)—Starting in Junos OS Release 17.4R1, the adaptive load balancing (ALB) feature for Virtual Chassis Fabric (VCF) is being deprecated to avoid potential VCF instability. The fabric-load-balance configuration statement in the [edit forwarding-options enhanced-hash-key] hierarchy is no longer available to enable and configure ALB in a VCF. When upgrading a VCF to a Junos OS release where ALB is deprecated, if the configuration has ALB enabled, you should delete the fabric-load-balance configuration item before initiating the upgrade.

    [See Understanding Traffic Flow Through a Virtual Chassis Fabric and fabric-load-balance.]

  • New configuration option to disable automatic Virtual Chassis port conversion (QFX5100 Virtual Chassis)—Starting in Junos OS Release 17.4R2, you can use the no-auto-conversion statement at the [edit virtual-chassis] hierarchy level to disable automatic Virtual Chassis port (VCP) conversion in a QFX5100 Virtual Chassis. Automatic VCP conversion is enabled by default on these switches. When automatic VCP conversion is enabled, if you connect a new member to a Virtual Chassis or add a new link between two existing members in a Virtual Chassis, the ports on both sides of the link are automatically converted into VCPs when all of the following conditions are true:

    • LLDP is enabled on the interfaces for the members on both sides of the link. The two sides exchange LLDP packets to accomplish the port conversion.

    • The Virtual Chassis must be preprovisioned with the switches on both sides of the link already configured in the members list of the Virtual Chassis using the set virtual-chassis member command.

    • The ports on both ends of the link are supported as VCPs and are not already configured as VCPs.

    Automatic VCP conversion is not needed when using default-configured VCPs on both sides of the link to interconnect two members. On both ends of the link, you can also manually configure network or uplink ports that are supported as VCPs, whether or not the automatic VCP conversion feature is enabled.

    Deleting the no-auto-conversion statement from the configuration returns the Virtual Chassis to the default behavior, which reenables automatic VCP conversion.

    [See no-auto-conversion.]

Known Behavior

This section lists known behavior, system maximums, and limitations in hardware and software in Junos OS Release 17.4R3 for the QFX Series.

For the most complete and latest information about known Junos OS problems, use the Juniper Networks online Junos Problem Report Search application.

Class of Service (CoS)

  • With pechip version 1.1, if dot1p rewrites are configured on an interface, then packets that are not matching to a rewrite rule will not retain their previous value. Set the rewrite rule value to 0. This functionality is fixed in pechip version 2.0 PR1294471

EVPN

  • A provider edge (PE) device running EVPN IRB with an IGP configured in a VRF associated with the EVPN instance will be unable to establish an IGP adjacency with a CE device attached to a remote PE device. The IGP instance running in the VRF on the PE might be able to discover the IGP instance running on the remote CE through broadcast or multicast traffic, but will be unable to send unicast traffic directly to the remote CE device. PR977945

  • When a VLAN uses an IRB interface as the routing interface, the VLAN ID parameter must be set to "none" to ensure proper traffic routing. This issue is platform independent. PR1287557

  • Even though an ARP route is learned locally, the show arp command output on the provider edge (PE) device on which the route was learned might display the route as permanent remote. In Junos OS releases earlier than Junos OS Release 17.4R1, permanent remote means that the ARP route was learned from a remote PE device such as an EVPN Type 2 route (MAC+IP route).

    This issue might occur under the following conditions:

    • A customer edge (CE) device is multihomed to QFX10000 switches in an EVPN-VXLAN topology with a two-layer IP fabric or collapsed IP fabric.

    • The QFX switches function as Layer 3 only, or Layer 2 and Layer 3 PE devices.

    • The QFX switches run Junos OS Release 17.4R1 or later.

    To work around this issue, you can view locally learned ARP routes by entering the show evpn database origin local command on the PE devices. PR1324824

General Routing

  • L3 multicast traffic does not converge to 100 percent and continuous drops are observed after bringing down/up the downstream interface or while an FPC comes online after FPC restart. This happens with multicast replication for 1000 VLAN/IRB's. PR1161485

  • Port LEDs on the QFX5100 do not work. If a device connects to a port on the QFX5100, the port LED stays unlit. PR1317750

  • On v44 stage3 the mib2d crashes at mib2d_write_snmpidx after loading the configuration from SNP to PDT configuration. PR1300892

  • L2 and L3 are not supported together. You cannot have encapsulation (inet, flexible-ethernet-services, and vlan-bridge) on the same interface. PR1358200

  • Having the network control protocols such as BGP, PIM, IGP, LDP, etc not to starve while node management activities taking place on the device, FTP SSH is being rate-limited on the WAN (IRB) interfaces. PR1371509

  • On QFX10K/QFX5K switches, packet drops can occur for the traffic that has to use an EVPN type-5 overlay tunnel if the first FPC(FPC0) is down on the other end of the tunnel. In this case, the destination switch which has the FPC0 down receives the packet and drops it. PR1423928

Interfaces and Chassis

  • Configuring link aggregation group (LAG) hashing with the edit forwarding-options enhanced-hash-key inet vlan-id statement uses the VLAN ID in the hashing algorithm calculation. On some switching platforms, when this option is configured for a LAG that spans FPCs, such as in a Virtual Chassis or Virtual Chassis Fabric (VCF), packets are dropped due to an issue with using an incorrect VLAN ID in the hashing algorithm. As a result, the vlan-id hashing option is not supported in a Virtual Chassis or VCF containing any of the following switches as members: EX4300, EX4600, QFX5100, or QFX5110 switches. Under these conditions, use any of the other supported enhanced-hash-key hashing configuration options instead. PR1293920

Junos Fusion Satellite Software

  • PEM alarm behavior is same for Junos OS (standalone) also for SD (SNOS). The PEM # Not Present present alarm is triggered only if that PEM FRU is removed from the box at runtime. This alarm will be cleared, once the PEM is inserted back or board is rebooted. PR1287856

Layer 2 Features

  • On QFX5100 Virtual Chassis interfaces on which flexible VLAN tagging has been enabled, STP, RSTP, MSTP, and VSTP protocols are not supported. PR1075230

MPLS

  • Layer 2 circuits on aggregated Ethernet interfaces are not supported on QFX5100, QFX5110, and QFX5200 switches. PR1333730

  • On QFX5100, QFX5110, QFX5200 switches with Layer 2 circuit configured on the PE switches, enabling VLAN bridge encapsulation on a CE interface drops packets if flexible Ethernet services and VLAN CCC encapsulation are configured on the same logical interface. You can configure only one encapsulation type, either set interfaces xe-0/0/18 encapsulation flexible-ethernet-services or set interfaces xe-0/0/18 encapsulation vlan-ccc. PR1329451

Routing Protocols

  • During a graceful Routing Engine switchover (GRES) on QFX10000 switches, some IPv6 groups might experience momentary traffic loss. This issue occurs when IPv6 traffic is running with multiple paths to the source, and the join-load-balance statement for PIM is also configured. PR1208583

  • For the QFX10002 and QFX10008 switches, you might observe an increase in the convergence time of OSPF routes when compared to Junos OS Release 17.3. An average increase of 1.5 seconds is seen for 100,000 OSPFv3 routes. PR1297541

  • A QFX10000 switch running Junos OS Release 17.3Rx or 17.4Rx software might experience a small and continuous traffic loss under the following conditions: 1) The switch is configured as a Layer 2, Layer 3 or both VXLAN gateway in an EVPN-VXLAN topology with either a two-layer or collapsed IP fabric. 2) The switch has default ARP and MAC aging timer values. Under these conditions, the following types of traffic flows might be impacted: 1) Bidirectional Layer 3 traffic in a multihomed topology, and 2) Unidirectional Layer 3 traffic in a single-homed topology. Note that this issue does not impact bidirectional Layer 3 traffic in a single-homed topology. PR1309444

Platform and Infrastructure

  • On a QFX5100 Virtual Chassis, when you perform an NSSU, there might be more than five seconds of traffic loss for multicast traffic. PR1125155

  • On a QFX5110-32C switch, if a splitter cable is connected to a peer end device capable of 10G CV/MX card, ports will not come up due to varied pre-empt settings for the splitter and DAC cables. There is a hardware limitation where we have no way in EEPROM to differentiate between splitter and DAC cable to apply different settings. As a workaround, use and manual channelisation on the QFX5110-32C side. PR1280593

  • ERPS convergence takes time after a GRES switchover and hence traffic loss is observed for a brief period. PR1290161

  • On QFX Series, the logical interface (IFD) and the physical interface (IFL) go down when traffic exceeds the ratelimit. Storm control is supported only on interfaces configured in family Ethernet-switching. Moreover, in this family, only one IFL is supported per IFD. Thus, bringing down the IFD is acceptable. Flexible VLAN tagging is not supported on the interfaces enabled for storm control. PR1295523

  • Traffic drop occurs when sending Layer 3 traffic across an MPLS LSP. PR1311977

  • Traffic drop occurs when sending traffic over "et" interfaces due to CRC errors. PR1313977

  • On Junos OS Automation Enhancement images there is a way to use the Python interpreter in interactive mode. When Python interpreter is used in an interactive mode on a shell, the prompt does not seem to return immediately. This is an example of an session: -- % python Python 2.7.8 (default, Nov 10 2017, 01:45:13) [GCC 4.2.1 (for JUNOS)] on junos Type "help", "copyright", "credits" or "license" for more information. >>> >>> print "hello" >>> hello ----------> waiting here, hit 'enter' here to return the python prompt >>> quit() >>> % -- The regular script is not impacted. PR1324124

Virtual Chassis

  • Virtual Chassis internal loop might happen at a node coming up from a reboot. During nonstop software upgrade (NSSU) on an QFX5100 Virtual Chassis, a minimal traffic disruption or traffic loop(>2s) might occur and its considered to be known behavior. Release note reference: https://www.juniper.net/documentation/en_US/junos/information-products/topi c-collections/release-notes/17.2/topic-118735.html PR1347902

Known Issues

This section lists the known issues in hardware and software for the QFX Series switches in Junos OS Release 17.4R3.

For the most complete and latest information about known Junos OS problems, use the Juniper Networks online Junos Problem Report Search application.

EVPN

  • Mac-move-shutdown stops working if a “physical loop” is introduced continuously in quick succession of 10 minutes. The issue is not seen every time but can occur only if physical loop is introduced at least four times. If the loops span a long period, the issue is not seen. A test is performed to check the overall impact on basic features. There is no issue seen on basic learning or major impact on any protocol. This is a negative scenario, but it is unlikely to occur in a customer network where the multiple loops occur in a short time span. PR1284315

  • When a VLAN uses an IRB interface as the routing interface, the VLAN ID parameter must be set to "none" to ensure proper traffic routing. This issue is platform independent. PR1287557

  • The chained-composite-next-hop (CNH) is a must for EVPN pure type 5 with VXLAN encapsulation. Without this Packet Forwarding Engine might not program the tunnel next hop. This should be explicitly set it on QFX5110. set routing-options forwarding-table chained-composite-next-hop ingress evpn. QFX10000 it is applied as part of default configuration. user@host> show configuration routing-options forwarding-table | display inheritance defaults. PR1303246

  • In a EVPN collapsed L2/L3 multi-homed gateways topology, when traffic is sent from IP fabric towards EVPN, some traffic loss is seen. If the number of hosts behind EVPN gateways is increased, the traffic loss becomes higher. This issue is seen with QFX10000. PR1311773

  • ARP gets deleted and relearned during the first ARP refresh with EVPN-VXLAN multihomed CE, so traffic drops and recovers for first ARP refresh. PR1327062

  • In an EVPN environment, proxy ARP and ARP suppression is enabled on the PE device by default for reducing the flooding of ARP packets. However, in the case of ARP probe packets used in the process of Duplicate Address Detection (DAD), the client might treat the IP address that it is in use as duplicated address after receiving the proxied packets from PE device. PR1427109

Forwarding and Sampling

  • Commit failure with error might be seen and the dfwd crashes when applying a firewall filter with action "then traffic-class" or "then dscp" to an interface. PR1452435

General Routing

  • L3 multicast traffic does not converge to 100 percent and continuous drops are observed after bringing down/up the downstream interface or while an FPC comes online after FPC restart.This happens with multicast replication for 1000 VLAN/IRB's. PR1161485

  • When per-packet load balancing is removed or deleted, next hop index might change. PR1198092

  • Single-bit and multiple-bit ECC errors are not logged on QFX5110 switches. PR1251917

  • On the QFX10000-12C-DWDM coherent line card, it is possible that sometimes the link flaps when MACsec is enabled on Ethernet interfaces. PR1253703

  • The management process (daemon) might crash if the Openconfig package is installed immediately or within minutes of network agent package installation. This is a transient issue and will not impact any functionality. There is no action needed from the user side in response to the crash. As a workaround, install Openconfig before installing network agent. PR1265815

  • On QFX5100-VC, the buffer is corrupted on port 0 (*/*/0) and error message MACDRAINTIMEOUT and dcbcm_check_stuck_buffers are observed, which could eventually lead to port 0 (*/*/0) flapping. PR1284590

  • On QFX5100 switches, LACP link protection switchover/revert is not working when LACP link-protection is configured with backup-state "down". set interfaces ae0 aggregated-ether-options link-protection backup-state down. When configuring LACP, the state of the backup link should not be configured manually as down. This is not supported if LACP is configured. PR1286471

  • When link protection with the backup port state "down" and LACP are configured, if backup state "down" is removed from the configuration, both ports should be up and the primary port should pass all egress traffic. In some instances, however, traffic might pass through the backup port instead of the primary port. PR1297597

  • Traffic drop occurs on sending traffic over "et" interfaces due to CRC errors. PR1313977

  • Family Ethernet-switching cannot be used when flexible-vlan-tagging is configured. It is unsupported. The behavior is non-deterministic with this configuration and there is a possibility of seeing dcpfe core file. PR1316236

  • Port LEDs on QFX5100 do not work. If a device connects to a port on QFX5100, the port LED stays unlit. PR1317750

  • On a QFX Series devices with a third-generation FPC, the error message is displayed when the FPC goes online or offline. PR1322491

  • The management process (mgd) might panic after modifying aggregated Ethernet interface members under ethernet-switching vlan stanza. After mgd panic, your remote session is terminated as a result. PR1325736

  • On QFX52xx standalone devices with VXLAN configured, user configured ingress ACL scale limit is 256 terms. PR1331730

  • The mib2d core file might be generated in mib2d_write_snmpidx at snmpidx_sync.c on both ADs. PR1354452

  • On QFX5110, the FEC for 100G optics is not being displayed when expected behavior is for FEC to be shown as NONE. On QFX10002-36Q, the FEC for 40G optics is being displayed as NONE when expected behavior is for FEC not to be displayed. On QFX10008, the FEC for 40G optics is being displayed as NONE when expected behavior is for FEC not to be displayed. PR1360948

  • When MC-LAG is configured with force-up enabled on MCLAG nodes, the LACP admin key should not match the key of the access or CE device. PR1362346

  • Currently, other than QFX5100-24Q and EX4600, PIC1 is not supported on any other platforms inline with QFX5100. The command below cannot be used on PIC1 set chassis fpc 0 pic 1 port <x> channel-speed disable-auto-speed-detection. This will result in a commit error [edit chassis fpc 0 pic 1 port 2 channel-speed] channel-speed disable-auto-speed-detection. PIC1 is not valid for auto-speed disable mode error configuration check-out failed. So, if you want to disable auto-channelisation on PIC1, you have to disable auto-speed-detection for whole FPC set chassis fpc 0 auto-speed-detection disable. PR1362647

  • On QFX52100, filter with the routing instance applied to family inet logical interfaces causes traffic to be discarded on unrelated interfaces. PR1364020

  • From Junos OS Release 17.3R1, on QFX10002 platform, in a rare condition, the IPFIX flow statistics (packet/byte counters) are incorrect in the exported record. Since the statistics are not collected properly, the flow might timeout and get deleted because of the inactive timeout, causing the number of exported records to be sent out unexpected. Traffic spikes generated by IPFIX might be seen. PR1365864

  • On the QFX10000 line of switches, with EVPN-VXLAN, the following error is seen expr_nh_fwd_get_egress_install_mask:nh type Indirect of nh_id: # is invalid. PR1367121

  • The L2 bridge domain might fail to create on Packet Forwarding Engine after changing VLAN configuration. For example, there are 3 VLANs V1001, V1002 and V1003. V1001 is deleted and V1002's VLAN ID and VNI is changed to that of V1001 and a new VLAN V1200 is added with the VLAN ID and VNI of VLAN V1002. After the above changes, V1200 is not created in Packet Forwarding Engine and the other 2 VLANs are functioning as expected. The reason for the new VLAN not created is due to out of order messages. This is a timing issue. PR1371611

  • On QFX10000 platforms, when a same filter is applied on both input and output directions at same time, packets might be dropped after removing that filter. PR1372957

  • Starting in Junos OS Release 17.1R1, the MAC address of interfaces on the QFX10002-36Q and QFX10002-72Q will change. On the QFX10002-36Q, after you upgrade to Junos OS Release 17.x, the last octet of interface MAC addresses will increase by 3. On the QFX10002-72Q, after the upgrade to Junos OS Release 17.x, the last octet of interface MAC addresses will increase by 6. PR1375349

  • In certain scenario's where flows are sampled through aggregate bundles when jflow sampling is enabled, the following harmless error logs can be seen [Tue Oct 30 18:17:40.648 LOG: Info] expr_get_local_pfe_child_ifl: cannot find child ifl of agg ifl 74 for this fpc [Tue Oct 30 18:17:40.648 LOG: Info] flowtb_get_cpu_header_fields: Failed to find local child ifl for 74 [Tue Oct 30 18:17:40.648 LOG: Info] fpc0 cannot find stream on [hostname]. PR1379227

  • Due to transient hardware condition single-bit error (SBE) event are corrected and have no operational impact. Reporting of those events had been disabled to prevent alarms and possibly unnecessary hardware replacements. PR1384435

  • On QFX10008 and QFX10016 platforms, traffic loss might be observed because of switch modular failure on the Control Board (CB). This failure further causes all SIBs to be marked as faulty and causes FPCs to restart until Routing Engine switchover occurs. PR1384870

  • With MLD-snooping enabled and when we have two receivers in the same VLAN interested in the same group address but from a different source, traffic will be received on only one receiver which sent the lastest MLD report. This is because we do not install S, G routes in hardware when MLD-snooping is enabled. PR1386440

  • When show command is taking a long time to display results, the STP might change states as BPDUs are no longer processed and cause lots of outages. PR1390330

  • On QFX10000 switches, the major alarm FPC Management Ethernet Link Down might be displayed for management Ethernet (em0 or em1) interface that is administratively down. The alarm message has no service impact and can be ignored. PR1391949

  • On QFX5100, traffic initiated from a server connected to an interface will be dropped at the interface on the switch if the interface is configured with family ethernet-switching with VXLAN and the configuration is changed to family inet. PR1399733

  • When mac-table-aging-time is configured, bridge domain sequence get incremented unnecessarily. As a result, all MACs get flushed when the change message is received by l2-learning daemon with new sequence number. PR1403358

  • On QFX10000 platforms, in EVPN-VXLAN scenarios, ping between Spine to Spine loopback over TYPE 5 tunnel might not work. PR1405786

  • The optic comes with Tx enabled by default. As the port is administratively disabled, the port is stopped but as the port has not been started, it does not disable Tx. PR1411015

  • On a QFX5120 system Transition from VXLAN/EVPN collapsed to non-collapsed L2/L3 gateway and vice versa needs switch reload due to stale source vtep IP. PR1405956

  • During normal operation on QFX10002 platforms, if the chassis-control process restarts, the hardware might not get properly programmed. This causes packets to be dropped on the output interface. PR1414434

  • On QFX10000 platforms with EVPN scenario, if an EVPN instance is created using the statement set protocols evpn encapsulation mpls, then the MAC learning might not happen on the CE-facing interface if the interface is configured with trunk-mode, because the solution of EVPN/MPLS is not currently supported on QFX10000 Series devices. PR1416987

  • On QFX5110 and QFX5120 platforms, uRPF check in strict mode will not work properly. PR1417546

  • ERSPAN traffic is not tagged when the output interface is a trunk port. PR1418162

  • On QFX10002, QFX10008, and QFX10016 platforms, there is an aggregated Ethernet interface which has atleast 2 child links, which are located on different Packet Forwarding Engine chips, and this aggregated Ethernet interface is added to a VXLAN VLAN with IRB as an access interface, if aggregated Ethernet membership changes, for example, removing one child link from the aggregated Ethernet, traffic loss might be seen on the aggregated Ethernet interface. PR1418396

  • show interface indicates "Media type: Fiber" on QFX5100-48T running QFX 5e Series image. This is a display issue. Physical interface: xe-0/0/0, Enabled, Physical link is Down Interface index: 650, SNMP ifIndex: 515 Link-level type: Ethernet, MTU: 1514, LAN-PHY mode, Link-mode: Auto, Speed: Auto, BPDU Error: None, Loop Detect PDU Error: None, Ethernet-Switching Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Disabled, Auto-negotiation: Disabled, Remote fault: Offline, Media type: Fiber <<<<<< Here!! Should be "Copper" Device flags : Present Running Down Interface flags: Hardware-Down SNMP-Traps Internal: 0x4000 Link flags : None. PR1419732

  • Multiple EX Series platforms might be unable to commit baseline configuration after zeroize. {master:0}[edit] root# commit check Mar 26 05:50:48 mustd: UI_FILE_OPERATION_FAILED: File /var/run/db/enable-process.data doesn't exist Mar 26 05:50:48 mgd[1938]: UI_FILE_OPERATION_FAILED: Failed to open /var/run/db/enable-process.data+ file error: Failed to open /var/run/db/enable-process.data+ file error: configuration check-out failed: daemon file propagation failed. PR1426341

  • CRC errors can be seen when other manufacturer device is connected to QFX10000 on a 100G link with QSFP-100GBASE-LR4-T2. Other manufacturer device report CRC errors and input errors on those 100G links. The QFX10000 interfaces do not show any errors. It might cause packet loss. PR1427093

  • On QFX10002, QFX10008, and QFX10016 Series platforms with enhanced MC-LAG scenario, the dcpfe process might crash and restart if the ARP/NDP next hop is changed. PR1427994

  • On QFX5110, QFX5120, and QFX5210, optical interface like 1G/10G SFP/SFP+ might take almost 3 minutes to reduce the tx power to "0" on the other end of the interface, after issuing request system reboot at now command. PR1431900

  • On QFX10002, QFX10008, and QFX10016 Series platforms with enhanced convergence is configured in an MC-LAG scenario, if a line-card that has MC-LAG links is rebooted, the MC-LAG might not function correctly after the line-card comes back up. The impact is that it might not block the BUM traffic received on the interchassis link (ICL) and might cause the MAC movement and packet loss on the downstream devices. PR1444100

  • In QFX10000 Series platforms, if a firewall filter with multiple match conditions is configured on interfaces which are Up and the firewall filter is modified (either a new action is added or the condition is added/removed etc.), the FPC might crash and restart. It might affect the service/traffic. PR1432116

  • A firewall configuration change operation might not be done correctly within the Packet Forwarding Engine causing transit packets drops. PR1433648

  • On QFX10008/QFX10016 platform, xSTP recognizes 1G SFP-T optic interface as LAN type link even if it is in full-duplex mode. This might cause the xSTP to converge slowly. As a workaround, configure the xSTP link type from LAN to Pt-Pt (point to point) using command set protocols <vstp> <vlan-X> interface <interface-name> mode point-to-point. PR1439095

  • There is a sequence issue when Virtual Chassis member rebooted in aggregated interface. After rebooting VC member, Routing Engine kernel inject MAC entry to FPC that rebooted. Because of the sequence issue, Routing Engine added MAC entry, originally source MAC entry, to FPC as remote MAC entry. And MAC entry is never be aged out because it is remote entry. PR1440574

  • QFX 10002, QFX10008, and QFX10016 when upgrading these systems from Junos OS Release 18.1 or previous to 18.2 or later releases , a minor error is reported. But upgrade/downgrade goes through fine. One side effect of this error is that, if upgrade or downgrade is happening as part of ZTP, then ZTP fails. ZTP keeps on upgrading (or downgrading) forever and ZTP never completes. PR1446540

  • In QFX5100 Virtual Chassis scenario, Cyclic Redundancy Check (CRC) error might be seen on the Virtual Chassis Port (VCPs) when the VCPs are "BCM84328 PHY" ports. The CRC error indicates there is data corrupt, the issue might reduce the system performance. The issue can be avoided by using non-"BCM84328 PHY" ports as VCPs to build the VC. PR1449406

  • The sFlow sample packets might stop on one aggregated ethernet member link if ingress sFlow is configured on the member link. This might cause inaccurate monitoring on the network traffic. PR1449568

  • On QFX10K platforms, under the scale scenario more than 500 AE IFLs, if the classifier configuration frequent churns or link flaps, the CoS classification will not work on the impacted interfaces. PR1450265

  • In EVPN-VXLAN with service provider style config, if VLAN name associated with access ports is changed then virtual bridge domain may not be created. This is because Bridge domain add notification for the new VLAN comes before Bridge domain delete for the old vlan. Due to this, virtual Bridge domain will not be created and MAC's will not be learnt. PR1454095

  • On QFX51/EX4300/EX4600 VC/VCF scenario with Vxlan used, when configuring a firewall filter and commit, the firewall filter might not be able to be applied in a particular VC/VCF member for TCAM space running out. PR1455177

  • On QFX Series platforms with Link Aggregation Group (LAG) interface, if periodic "SFP diagnostic" is configured with short interval (e.g. test sfp periodic diagnostic-interval 3), the LAG interfaces might have intermittent flaps and therefore bring service impact due to this issue. PR1458363

  • On QFX5100 and EX4600 platforms, the fxpc (packet forwarding engine manager) process might crash when multiple BGP IPV6 sessions (for instance around 500) are flapped and then restored at the same time. PR1459759

  • On QFX10K platforms, FPC might restart if there is some corruption in BCM switch (a small internal ethernet switch, instead of PFE engine) inside the FPC. It is a timing issue. The reason is that the PCIe speed configuration for BCM switch is not correct. And this issue is resolved in some FPC U-boot versions. PR1464119

  • On QFX5100-48T, the 10G interface might not come up or negotiate at the speed of 1G with Broadcom 10G 57800-T daughter card. In the issue state, speed will be set to 1G which might make the interface down and result in traffic impact. PR1465196

  • EPR iCRC errors in QFX10000 series platforms might cause protocols down. FPC will be in wedged state and will not pass traffic on that PFE if hitting this issue. EPR iCRC errors are normal and caused by transient hardware conditions. EPR iCRC errors are not expected to impact the protocols, and only one CRC failed packet will be dropped. But due to incorrect handling of this error, it affects protocols and causes FPC wedge. PR1466810

  • When tunnel-services are configured on a PIC, the optics measurements that subscribed via gRPC might not be streamed. PR1468435

  • On QFX5K platform, when MPLS node-link-protection is configured on all nodes (PE and P device), the IP routed packets might be looped on the MPLS PHP node (P device) if continuous interface flaps at ingress/egress of PE devices. PR1469998

Interfaces and Chassis

  • Traffic drop is observed when trying to configure aggregated Ethernet interface description. PR1305794

  • A QFX switch may send out ARP reply unicast packets as a result of an ARP request sent for the device's VRRP MAC address. PR1454764

  • When dynamic DHCP sessions are existing in the device, if multiple commits in parallel are performed, the commit might hang up. PR1470622

Layer 2 Ethernet Services

  • In MC-LAG with force-up scenario, the LACP PDU loop might be seen when both MC-LAG nodes and access device using same admin key. PR1379022

  • On QFX5000 Series or EX4300/EX4600/EX2300/EX3400 platforms with Spine-Leaf scenario, when some (two or more than two) underlay interfaces with ECMP are brought down on leaf devices, the multi-hop BFD overlay sessions between spines and leafs might flap. And if BFD flaps, the protocols depending on BFD (typically, IBGP protocols) might also flap, which leads to traffic impact. PR1416941

Layer 2 Features

  • On QFX10016, after delete and readding of 1000 lag interfaces, traffic drops might be seen until ARP are refreshed even though all lag interfaces comes up. PR1289546

  • On QFX Series platforms, if vlan-id-lists are configured under a single physical interface, QinQ might be malfunctioning for certain vlan-id-list(s). PR1395312

  • On QFX5000 platforms, the fxpc might continuously crash when a firewall filter is applied on a logical unit of a dsc interface. It has a traffic impact. PR1428350

  • On QFX5100/QFX5110/EX4600 platforms, if copper base SFP-T is used, it might not get up on physical layer and the MAC/ARP learning might not work if it gets up. The PR fixes both layer-1 and layer-2 issues in this scenario. PR1437577

  • On EX/QFX platforms with STP disabled, the LLDP function might fail when a Juniper device connects to a non-Juniper one. In this scenario, the LLDP PDU with destination MAC 01:80:c2:00:00:00, which is one of the three reserved MAC addresses for LLDP in IEEE 802.1AB, will be ignored by Juniper LLDP process, and this causes the LLDP function failure. This issue has service impact. PR1462171

MPLS

  • LDP to BGP stitching with eBGP indirect next hop having an implicit null label does not work. As a workaround, ensure the peer advertises a real label by adding another router between the egress and ingress PE devices. Use the IBGP that gets resolved over LDP or RSVP-TE LSPs. This will ensure that the BGP indirect next hop has a real label. PR1254702

  • Statistics of transit traffic does not increment LSP statistics signaled by RSVP-TE. PR1362936

Network Management and Monitoring

  • On all platforms, after the AGENTX session timeout between master(snmpd) and sub-agent, the sub-agent might crash and restart. PR1396967

Platform and Infrastructure

  • In configurations with IRB interfaces, during times of interface deletion (for example, FPC reboot), the Packet Forwarding Engine might log the error as nh_ucast_change:291Referenced l2ifl not found. This condition should be transient, with the system reconverging on the expected state. PR1054798

Routing Protocols

  • OSPF stuck at Exchange state for lag interfaces in a QFX5100-EX4300 mixed Virtual Chassis setup whose child members belong to EX4300 after Rebooting Virtual Chassis. PR1459329

  • For single-hop eBGP session, upon interface down event, do not do GR helper logic.

  • On QFX10000 line platforms, during route next hop churn or earliest deadline first (EDF) job priority changes, memory corruption might occur, leading to processing issues and constant packet drop. PR1243724

  • BGP as protocol strongly recommends configuration of local-address for each multihop iBGP/eBGP peer configuration. As a recommendation local-address should be route-able lo0 address. Using loopback address reduces dependency with interfaces. Note: Multihop is by default enabled for iBGP Peers. PR1323557

  • When cleaning up routes as the peer goes down, we observe a 30 percent degradation in time taken in Junos OS Release 17.2X75-D91 as compared to Junos OS Release 17.2. PR1329921

  • On a scaled setup, when the host table is full and the host entries are installed in LPM table, OSPF sessions might take more time to come up. PR1358289

  • In some specific scenarios, the configuration of bpdu-block-on-edge might cause both QFX5110 to claim as VRRP masters. PR1367439

  • L3 traffic travelling through QFX5000 do not get converged, after various triggers. PR1379418

  • On QFX Series switches except for QFX10000, if host destined packets (that is, the destination address belongs to the device) come from the interface with ingress filter of log/syslog action (for example, filter <> term <> then log/syslog), such packets should not be dropped and reach the Routing Engine. PR1379718

  • On QFX10002\QFX10008\QFX10016 Series platforms with EVPN/VXLAN deployment scenario, the transit statistics of Integrated Routing and Bridging (IRB) interface might fail to be counted for the EVPN/VXLAN traffic, but it works for the regular IRB interface. PR1383680

  • There is no functionality impact due to this error message. PR1407175

  • On QFX5200 and QFX5110 platform or Junos OS on White Box (AS7816), interface flap might cause FPC watchdog timeout which then further triggers the FPC/dcpfe crash. As a result, traffic impact might be observed at that time. PR1408428

  • On QFX5110 and QFX5200 platforms, the dcpfe might crash if any interface flaps. PR1415297

  • By default BGP multipath is for load balance with BGP neighbors in same AS. For load balance with BGP neighbors in different AS, the statement multiple-as is further needed. However, if the statement multiple-as is only configured in some BGP groups but not in all BGP groups, the expected load balance will not work. PR1430899

  • When Precision Time Protocol (PTP) transparent clock is enabled, PTP adds the residence time to the Correction Field of the PTP packets as they pass through the device. On QFX5K platforms with PTP transparent clock enabled, the IPv4 fragmented packets of UDP datagram might be broken by PTP in some rare scenario, and the corrupted packets will be discarded by system. This issue has traffic impact. PR1437943

  • On QFX5K/EX4600 with service provider (SP) style VLAN configuration (in this method, each VLAN-ID is locally significant to a physical interface), if interface-mac-limit/mac-table-size is configured (that is, software MAC learning is enabled) and the scale of MAC addresses on the box is more than 2000, traffic might be dropped after Q-in-Q enabled interface is flapped or a change is made to the vlan-id-list. PR1441402

  • OSPF stuck at Exchange state for lag interfaces in a QFX5100-EX4300 mixed VC setup whose child members belong to EX4300 after Rebooting VC. PR1459329

  • Multicast statistics related errors like brcm_ipmc_route_counter_delete:3900Multicast stat destroy failed (-10:Operation still running) will be observed during ISSU and these messages are harmless and does not affect multicast functionality. PR1460791

Virtual Chassis

  • ACX5000 reports false parity error messages like soc_mem_array_sbusdma_read. The ACX5000 SDK can raise false alarms for parity error messages like soc_mem_array_sbusdma_read. This is a false positive error message. PR1276970

Resolved Issues

This section lists the issues fixed in the Junos OS main release and the maintenance releases for the QFX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper online Junos Problem Report Search application.

Resolved Issues: 17.4R3

Authentication and Access Control

  • Without dot1x configuration, the syslog dot1xd[2192]: task_connect: task PNACAUTH./var/run/authd_control addr /var/run/authd_control: Connection refused is generated repeatedly. PR1406965

Class of Service (CoS)

  • CoS is incorrectly applied on Packet Forwarding Engine, leading to egress traffic drop. PR1329141

EVPN

  • QFX10000 import default IPv6 route to VRF causes infinite entries to get created in ’evpn ip-prefix-database’ and become unstable. PR1369166

  • Some MACs are in EVPN database, but not in ethernet-switching table after clearing entry in ethernet table. PR1377496

  • ARP refresh functionality might fail in an EVPN scenario. PR1399873

  • A few minutes of traffic loss might be observed during recovery from link failure PR1396597

  • In the non-collapsed (centralized) topology, when one of the 2 spines deactivates the underlay protocol (ospf), the leaf still points the virtual-gw-mac's next hop to the down spine. PR1403524

  • ARP entry is still pointing to failed VTEP after PE-CE link fails for multihomed remote ESI. PR1420294

  • The device may proxy the ARP Probe packets in an EVPN environment PR1427109

  • ARP request/NS might be sent back to the local segment by DF router PR1459830

Forwarding and Sampling

  • The kernel crash might be observed when there is a firewall filter modification. PR1365265

  • Firewall filter terms named "internal-1" and "internal-2" are ignored. PR1394922

  • The l2ald process might observe memory leak on Junos OS platforms. PR1455034

General Routing

  • The 1G copper module interface shows "Link-mode: Half-duplex" on QFX10000 line platforms. PR1286709

  • Syslogs contain messages with %PFE-3: fpc0 ifd null, port 28 dc-pfe: %USER-3: ifd null, port 28 : %PFE-3: fpc0 ifd null, port 29 dc-pfe: %USER-3: ifd null, port 29. PR1295711

  • Oinker and TCP connection drop is seen during large file SCP or FTP to the system (high intr{ virtio_p} seen). PR1295774

  • Port 0 does not come up in QFX5100-48T member in a mixed VCF. PR1323323

  • MACsec causes dot1xd JTASK_SCHED_SLIP or FPC disconnect. PR1322302

  • AI-script does not get auto upgrade unless it is manually done after a Junos OS upgrade. PR1337028

  • QFX5000 platforms might display fpc0 error requesting CMTFPC SET INTEGER, illegal setting 37 observed after upgrade. PR1340897

  • On QFX10000, FPC process crashes after J-Flow processes a malformed packet. PR1348417

  • The FXPC process might crash after adding or deleting a Q-in-Q VLAN to an interface on EX2300 and EX3400 platforms. PR1334850

  • QFX5100 40G port has an interoperability issue with some other vendors. PR1349664

  • When VOIP VLAN is set as NATIVE VLAN on the port, the interface still shows up as a tagged interface and drops all untagged traffic. PR1349712

  • Bogus DDOS counter values and syslog messages might be seen after clearing DDOS statistics for a specific protocol on QFX10000 Series switches. PR1351212

  • Unable to create QFX5200 VC w/100G DACs. PR1360721

  • VME interface might be unreachable after link flap of em0 on master FPC. PR1362437

  • The following log messages are seen: kernel: tcp_timer_keep: Dropping socket connection. PR1363186

  • Extended traffic loss when performing a unified ISSU or GRES with an aggregated Ethernet interface configured with LACP. PR1365316

  • SFP-T might not work on QFX5100 and QFX5110 devices. PR1366218

  • In certain routing topologies with sFlow configured, sampled packets might be duplicated and sFlow records are not sent to the collector. PR1370464

  • Packet Forwarding Engine is in a bad state after performing optics insertion or removal on a port. PR1372041

  • The IPv6 routed packet might be transmitted through interface whose VRRP state is in non-master. PR1372163

  • The backup member switch might fail to become the master switch after switchover on QFX5100, QFX5200, and EX4600 Virtual Chassis platform. PR1372521

  • MAC refresh packet might not be sent out from the new primary link after RTG failover. PR1372999

  • TPI-50840 BUM traffic received on QFX5110 is not flooded to all remote VTEPs. PR1373093

  • The QSFP-100G-LR4-T2 has been incorrectly identified as QSFP-100G-LR4. Hence, the operational parameters might not be programmed correctly. PR1373758

  • LLDP might stop working fully between QFX10000 and non-Juniper device. PR1374321

  • On QFX5110, ethernet-switching flood group shows incorrect information. PR1374436

  • The rpd process might crash when route flap and LSP flap occur with CBF enabled. PR1374558

  • RIPv2 update packets might not send with IGMP-snooping enabled. PR1375332

  • Packet Forwarding Engine wedge might be observed if there are interfaces going to down state. PR1376366

  • The auto-negotiation interface might go down if the opposite device supports only 10/100M auto-negotiation. PR1377298

  • Debug log message, expr_nh_flabel_check_overwrite: Caller nh_id params, classified as error log when it should be LOG_INFO. PR1377447

  • Deleting an IRB interface might affect other IRB interface if the same custom MAC address is configured. PR1379002

  • The overlay-ecmp might not work as expected on QFX5110 in an EVPN-VXLAN environment. PR1380084

  • There is an inconsistency in applying scheduler map with excess-rate on the physical interface and aggregated Ethernet interface. PR1380294

  • L3 VPN traffic might be dropped because of one core-facing interface down. PR1380783

  • Packet Forwarding Engine on QFX5000 might show DISCARD next-hop for overlay-bgp-lo0-ip in the VXLAN scenario. PR1380795

  • IRB interface does not turn down when master of Virtual Chassis is rebooted or halted. PR1381272

  • Traffic is silently dropped when FPC goes offline in an MC-LAG scenario. PR1381446

  • The 40G-SR4 transceiver might not be recognized after upgrading to QFX100e OS. PR1381545

  • LACP might get stuck in detached state on QFX5000 platforms in VXLAN scenario. PR1382209

  • New CLI statement to enable copying of Open vSwitch Database (OVSDB) to RAM on Virtual Chassis backup Routing Engine instead of SSD. PR1382522

  • The Packet Forwarding Engine might crash if the GRE destination IP is resolved over another GRE tunnel. PR1382727

  • Static default route with next-table inet.0 does not work. PR1383419

  • The log messages RPD_KRT_Q_RETRIES: list nexthop ADD: No such file or directory might be shown continuously after the rpd process restarts. PR1383426

  • The DMA failure errors might be seen when the cache flush or the cache is full. PR1383608

  • DHCP packets might be dropped on a Junos Fusion Data Center scenario. (QFX10000 series) PR1383623

  • The Virtual Chassis might not come up after upgrading to QFX5E platforms (TVP-based platforms for QFX5100 or QFX5200 switches). PR1383876

  • BFD sessions might flap consistently. PR1384601

  • VM core file might be seen on the Junos OS Release 18.1R3. PR1384750

  • All 1G SFP copper and 1G fiber optic links remain UP on QFX10008 after all SIBs or FPCs are offline. PR1385062

  • ARP/ethernet-table is pointing to down the aggregated Ethernet interface if MTU is changed. PR1385199

  • The IPv6 packet might not be routed when IPv6 packet is encapsulated over IPv4 GRE tunnel on QFX10000. PR1385723

  • The spine EVPN routes might get stuck in a hidden state with next hop as unusable after FPC is offline in the spine. PR1386147

  • The QFX10000-12C DWDM line card might crash when booting up. PR1386400

  • The rpd process might get stuck with KRT queue in VRF scenario. PR1386475

  • DDOS statistics and logging is not working for internal queues such as Q42 and Q4. PR1387508

  • Traffic drop might be seen on QFX10000 platform with EVPN VXLAN configured. PR1387593

  • QFX5100, QFX5110, QFX5200, and QFX5210 Virtual chassis could not be formed normally. PR1387730

  • Certain log messages might be observed on QFX Series platforms. PR1388479

  • MAC learning might stop working on some LAG interfaces. PR1389411

  • Link problems might occur with 100G-AOC on QFX Series platforms. PR1389478

  • FPC might crash on QFX5100 platforms in a large-scale scenario. PR1389872

  • The input rate statistics might not increase if there are non-standard packets flow. PR1389908

  • The vmcore file might be seen when routing changes are made on the peer spine in an EVPN VXLAN scenario. PR1390573

  • An incorrect error message might be seen when J-Flow sensors are configured with reporting rate less than 30 seconds. PR1390740

  • sdk-vmmd might consistently write to the memory. PR1393044

  • 10-Gigabit Ethernet copper link flapping might happen during TISSU operation of QFX5100-48T switches. PR1393628

  • IPv6 next-hop programming issue might be observed on QFX10000/PTX1000/PTX10000 devices. PR1393937

  • The dhcp-security binding table might not be updated because of the renew request with '0.0.0.0' value in 'ciaddr'. PR1394341

  • L2ALD core file is seen when l2-learning traceoptions are enabled. PR1394380

  • On QFX5110 VC, Fan tray output is not displayed for backup Routing Engine. PR1394655

  • DRAM and buffer utilization fields are not correct for QFX10000 platforms. PR1394978

  • Unable to install licenses automatically on QFX Series platforms. PR1395534

  • The subscriber bindings might not be successful on QFX and EX Series platforms. PR1396470

  • On QFX5110, Fan LED turns Amber randomly. PR1398349

  • The DHCPv6 relay packets are dropped when both the UDP source and destination ports are 547. PR1399067

  • CPU hog might be observed on QFX10000 Series platform. PR1399369

  • SFP-LX10 does not work on QFX5110. PR1399878

  • Only one Packet Forwarding Engine can be disabled on FPC with multiple Packet Forwarding Engines in error/wedge condition. PR1400716

  • The dcpfe crashes after adding or deleting a large number of LSPs several times. PR1400868

  • The authd might stop when issuing show network-access requests pending command during the authd restarting. PR1401249

  • The MTU might change to a Jumbo default size on Packet Forwarding Engine side after deleting and re-adding the interface. PR1402588

  • File permissions are changed for /var/db/scripts files after reboot. PR1402852

  • The STP does not work when aggregated interfaces number is "ae1000" or above in QFX5000 and "ae480" or above in other QFX or EX Series platforms. PR1403338

  • Storm-control profile does not take effect after reboot of device/member of a Virtual Chassis if traffic flow increases beyond the threshold post reboot. PR1403424

  • The DHCP discover packets are forwarded out of an interface incorrectly if DHCP snooping is configured on that interface. PR1403528

  • The VRRP VIP might not work when it is configured on the LAG interface. PR1404822

  • Executing command request system configuration rescue save might fail with error messages. PR1405189

  • DHCP is not working for some clients in dual AD fusion setup on EP ports. PR1405495

  • On QFX10002, SNMP trap for PSU removal or insertion is not generated. PR1405877

  • The Packet Forwarding Engine might get disabled unexpectedly due to a auto correctable non-fatal hardware error on PTX or QFX10002/QFX10008/QFX10016. PR1408012

  • The DHCP discover packets might be dropped over VXLAN tunnel if DHCP relay is enabled for other VXLAN/VLANs. PR1408161

  • Fan failure alarms might be seen on QFX5100-96S after upgrading to Junos OS Release 17.3R1. PR1408380

  • Restarting line card on QFX10008 and QFX10016 with MC-LAG enhanced-convergence might cause intra-vlan traffic to get silently dropped and discarded. PR1409631

  • The FPC might crash and might not come up if interface-num or next-hop is set to maximum value under vxlan-routing on QFX Series platforms. PR1409949

  • LLDP memory leak when ieee_dcbx packet is received in auto-negotiation mode followed by another dcbx packet with none of ieee_dcbx TLVs present. PR1410239

  • Storm control is not shutting down mc-ae interface. PR1411338

  • PEM alarm for backup FPC remains on master FPC though backup FPC that is detached from Virtual Chassis. PR1412429

  • Junos PCC might reject PCUpdate/PCCreate message if there is metric type other than type 2. PR1412659

  • Virtual Chassis ports using DAC might not establish link on QFX5200. PR1414492

  • Rebooting QFX5200-48Y using request system reboot does not take physical links offline immediately. PR1419465

  • An interface might go to downstate on QFX10000/PTX10000 platform. PR1421075

  • BFD might get stuck in slow mode on QFX10002/QFX10008/QFX100016 platform. PR1422789

  • QFX5100-48T 10G interface might be auto-negotiated at 1G speed instead of 10G. PR1422958

  • The interface cannot get up when the remote-connected interface only supports 100M in QFX5100 Virtual Chassis setup. PR1423171

  • Traffic is dropped after FPC reboot with aggregated Ethernet member links deactivated by the remote device. PR1423707

  • The J-Flow export might fail when channelization is configured on FPC QFX10000-30C. PR1423761

  • All interfaces creation fails after NSSU. PR1425716

  • Heap memory leak might be seen on QFX10000 platforms PR1427090

  • Rebooting or halting Virtual Chassis member might cause 30 seconds down on RTG link. PR1427500

  • Licenses used flag for ovsdb on show system license might not be flagged even though ovsdb is configured and working. PR1428207

  • On EVPN-VXLAN L2ALD core files are generated when number of VXLAN hardware IFBDS exceeds the maximum limit of 16382. PR1428936

  • On QFX10008 after Routing Engine switchover, LED status is not set for missing fan tray. PR1429309

  • When forward-only is set within dhcp-reply, dhcp declines are not forwarded to the server. PR1429456

  • DHCP-relay might not work in an EVPN-VXLAN scenario. PR1429536

  • Interface on QFX Series does not come up after the transceiver is replaced with one having a different speed. PR1430115

  • On QFX10000, hold-down timer configured interface are processing incoming packets leading to packet forwarding through the ASIC. PR1430722

  • On QFX switch, Validation of meta data files failed message is observed. PR1431111

  • The dcpfe might crash on all line cards on QFX10000 in scaled setup. PR1431735

  • All ingress traffic might be dropped on 100m fixed speed port with no-auto-negotiation enabled PR1431885

  • Outer VLAN tag might not be pushed in the egress VXLAN traffic towards the host for QinQ scenario. PR1432703

  • On QFX10000 platforms, SIB and FPC minor Link Error alarms might happen on QFX10000 switches due to a single CRC. PR1435705

  • LASER TX remained enabled while interface is disabled using the Routing Engine CLI configuration. PR1436286

  • DHCP discover packets sent to IP addresses in the same subnet as IRB interface cause the QFX5110 to send bogus traffic out of dhcp-snooping enabled interfaces. PR1436436

  • Unknown SNMP trap (1.3.6.1.4.1.2636.3.69.1.0.0.1) sent on QFX5110 restart. PR1436968

  • On QFX5110, QFX5200, QFX5210 line of switches, there is no jnxFruOK SNMP trap message when only the power cable is disconnected and connected back. PR1437709

  • The DHCP Snooping table might be cleared for VLAN ID 1 after adding a new VLAN ID to it. PR1438351

  • PSU status keeps "Check" when power supply is disconnected. PR1441920

  • Flow control does not work as expected on 100G interface of QFX5110. PR1442522

  • Chassis alarm message Management Ethernet Link Down will be displayed on QFX 10000 Series switches. PR1391949

  • The TCP connection for external or internal might be dropped due to a kernel issue PR1401507

  • QFX5k : Transit traffic loss when one of LAG child interfaces deleted or deactivated PR1408178

  • The PTX1000/PTX10002/QFX10002 may stop forwarding packets after the "chassis-control" process restarts PR1414434

  • Traffic loss might be seen on the ae interface on QFX10000 platforms PR1418396

  • Traffic loss might be seen after NSSU operation PR1418889

  • CRC errors can be seen when other manufacturer device is connected to QFX10K with QSFP-100GBASE-LR4-T2 optics PR1427093

  • QFX5100-VCF - 'rollback' for uncommitted config takes 1 hour PR1427632

  • On QFX10k/PTX10k platforms certain interfaces might go to down state PR1427883

  • The jumbo frame size packets are dropped when max MTU is configured PR1428094

  • The l2cpd process might crash and generate a core dump when interfaces are flapping PR1431355

  • The et interfaces might not come up on QFX10000-60S-6Q PR1431743

  • Traffic loss might be seen on QFX10k/PTX10k platforms using line card LC1105 PR1433300

  • VC Mezz temp and QIC sensor get failure on QFX PR1433525

  • The mc-ae interface may get stuck in waiting state in dual mc-ae scenario PR1435874

  • The FPC might crash if both the AE bundle flapping on local device and the configuration change on peer device occur at the same time PR1437295

  • BGP neighbourship might not come up if the MACsec feature is configured PR1438143

  • Interfaces configured with flexible-vlan-tagging might loss connectivity PR1439073

  • The EX4600/QFX5100 VC might not come up after replacing VC port fiber connection with DAC cable PR1440062

  • When a line-card is rebooted, the MC-LAG may not get programmed after the line-card comes back online PR1444100

  • On QFX10008 traffic impact might be seen when the JSRV interface is used PR1445939

  • On QFX10K platforms removing EVPN-VXLAN L3 Gateway on the IRB interface from spine switches might cause black holing of traffic PR1446291

  • Qfx10008: FPC0 cored after running the pfe command "show cos sched-usage" PR1449645

  • "show cos scheds-per-pfe" and "show cos pfe-scheduler-ifds" pfe commands will restart forwarding planes on QFX10008 switches PR1452013

  • Vgd core might happen when tunnel getting deleted twice PR1452149

  • Config change in VLAN all option might affect the per-VLAN configuration PR1453505

  • Slow packet drops might be seen on QFX5000 platforms PR1466770

  • Ingress drops to be included at CLI from interface statistics and added to InDiscards PR1468033

Infrastructure

  • Packets with the DEI/CFI bit set to 1 in the L2 header might not be forwarded. PR1326855

  • Traffic gets silently dropped and discarded with indirect next hop and load balancing. PR1376057

Interfaces and Chassis

  • Constant dcpfe process crash might be seen when using an unsupported GRE interface configuration. PR1369757

  • On QFX5200 MCLAG, parse_remove_ifl_from_routing_inst() ERROR : No route inst on et-0/0/16.16386 errors are seen after l2cpd daemon is restarted. PR1373927

  • Changing the value of mac-table-size to default might lead all FPC to reboot. PR1386768

  • The logical interfaces in EVPN routing instances might flap after committing configurations. PR1425339

  • The traffic might be forwarded to wrong interfaces in MC-LAG scenario. PR1465077

Junos Fusion Satellite Software

  • Extended Port (EP) LAG might go down on the Satellite Devices (SDs) if the related Cascade Port (CP) links to an Aggregation Device (AD) goes down. PR1397992

  • ARP Request packet might be dropped at egress SD when ingress and egress ECID is same. PR1458930

Layer 2 Ethernet Services

  • Junos core file jdhcpd.core.0 found in dhcpv6_packet_handle is seen. PR1329390

  • BOOTP packets might be dropped if BOOTP-support is not enabled at the global level. PR1373807

  • The malfunction of core isolation feature in EVPN-VXLAN scenarios might cause traffic drop. PR1417729

  • After GRES switchover, LACP will be down on peer device and never been recovered automatically PR1395943

Layer 2 Features

  • Storm control configuration might be disabled for the interface. PR1354889

  • LACP packets might be dropped with native-vlan-id configured after reboot. PR1361054

  • When native-vlan-id is configured for aggregated Ethernet LACP session to multihomed server goes down. PR1369424

  • On QFX5000 Series switches, a stack buffer overflow vulnerability in Packet Forwarding Engine manager (FXPC) process is seen. PR1371400

  • DHCP discover packets might be dropped if there is VXLAN configured. PR1377521

  • Packets might be dropped on AD in Junos Fusion Data Center environment. PR1377841

  • The dcpfe process might crash while changing MTU of physical ports for GRE. PR1384517

  • The LACP might be detached state when deleting native-vlan-id on aggregated Ethernet interface with flexible-vlan-tagging configured. PR1385409

  • The dcpfe core might be observed when doing "restart routing" or BGP neighbors flaps when EVPN-TYPE 5 routes are present. PR1387360

  • RTG MAC refresh packets will be sent out from non-RTG ports if the RTG interface belonging to the Virtual Chassis master flaps. PR1389695

  • On QFX Series platforms, error message Failed with error (-7) while deleting the trunk 1 on the device 0is observed. PR1393276

  • On QFX5000 platforms symmetric hashing can be done, though it can not be enabled and stored in the Junos OS configuration. PR1397229

  • DCPFE is restarted at the _bcm_field_td_counter_last_hw_val_update routine after upgrading spine with latest image. PR1398251

  • QFX5110 Virtual Chassis generates DDOS messages of different protocols on inserting a 1G/10G SFP or forming VCP connection. PR1410649

  • The traffic with triple or more 802.1Q tags might fail to forward. PR1415769

  • Stale entries might be observed in a layer 3 VXLAN gateway scenario. PR1423368

  • Transit DHCPv6 packets might be dropped on QFX5100 and QFX5200 platforms. PR1436415

  • dcpfe core file is generated in QFX5200. PR1362557

  • Unequal LAG hashing might happen on QFX Series devices. PR1455161

MPLS

  • Traffic loss might be observed after changing configuration under "protocols mpls" in ldp-tunneling scenario PR1428081

  • The LSP might remain UP even if no path is acceptable due to CSPF failure. PR1365653

  • The rpd might crash when executing Routing Engine switchover under BGP environment and route churn occurs. PR1373313

  • LSP with auto-bandwidth enabled goes down during HMC error condition. PR1374102

  • LSP "statistics" and "auto-bandwidth" functionality might not take effect with single hop LSPs. PR1390445

  • The l2circuit traffic might sliently get dropped at EVPN SPINE/MPLS LSP TRANSIT device if VXLAN access interface flaps on remote PE node(QFX5110). PR1435504

Network Management and Monitoring

  • The AGENTX session timeout between master (snmpd) and subagent triggers some daemon crash PR1396967

Platform and Infrastructure

  • The Platform failed to bind rewrite message might be seen when chassis control restart is done with the CoS rewrite rule configured on an aggregated Ethernet interface. PR1315437

Routing Protocols

  • vrf-fallback on QFX5000 is not supported in ALPM mode. PR1345501

  • Some storm control error logs might be seen on QFX Series platforms. PR1355607

  • The pfe process might crash and all interfaces might flap. PR1369011

  • The rpd process might crash after committing the configuration related to mapping-server-entry. PR1379558

  • BUM packets might get looped if EVPN multihoming interface flap. PR1387063

  • It might fail to update next hop in hardware for existing ECMP route when ecmp-resilient-hash is configured. PR1387713

  • On EVPN-VXLAN NON-COLLAPSED autonegotiation errors and flush operation failed errors are seen after power cycle of the device. PR1394866

  • The rpd soft core and inappropriate route selection might be seen when L2VPN is used. PR1398685

  • ICMPv6 RA packets generated by Routing Engine might be dropped on the backup member of Virtual Chassis if igmp-snooping is configured. PR1413543

  • The same traffic flow might be forwarded to different ECMP next hops on QFX5000 platforms. PR1422324

  • The rpd process might generate a core file because of the improper handling of Graceful Restart stale routes. PR1427987

  • On QFX5110 devices, we might not be able to ping the IRB address when being received as a type 5 route. PR1433918

  • DDOS violation for protocols with shared host-path queue even when PPS rate is below the configured bandwidth value. PR1440847

  • The rpd process might crash in inter-AS option B L3VPN scenario if CNHs is used. PR1442291

  • When VRF fallback is enabled, running "show pfe route ip hw lpm" may crash the switch. PR1367584

  • The IRB transit traffic might not be counted for EVPN/VXLAN traffic. PR1383680

  • Junos OS: vSRX, SRX1500, SRX4K, ACX5K, EX4600, QFX5100, QFX5110, QFX5200, QFX10K and NFX Series: console management port device authentication credentials are logged in clear text. PR1408195

  • Loopback address exported into other VRF instance might not work on EX/QFX/ACX platforms. PR1449410

  • MPLS LDP may still use stale MAC of the neighbor even the LDP neighbor's MAC changes. PR1451217

  • The egress interface in PFE for some end-hosts may not be correct on the layer 3 gateway switch after it is rebooted. PR1460688

Spanning Tree Protocols

  • The l2cpd might crash if the VSTP traceoptions and VSTP VLAN all commands are configured. PR1407469

User Interface and Configuration

  • Switch may unable to commit baseline configuration after zeroize. PR1426341

Resolved Issues: 17.4R2

Class of Service (CoS)

  • You cannot filter packets with DstIP as 224/4 and DST MAC = QFX_intf_mac on a loopback interface using a single match condition for source address 224.0.0.0/4. PR1354377

EVPN

  • Next hop installation error messages are seen on QFX10000 line switches. PR1258930

  • EVPN-VXLAN QFX10000: jprds_dlu_alpha_add : 222 JPRDS_DLU_ALPHA KHT addition failed. PR1258933

  • VXLAN-EVPN: IPv6 packet loss after a normal traffic run rate. PR1267830

  • Subinterfaces from the same physical port do not work if configured under the same VXLAN VLAN. PR1278761

  • For a VLAN with an IRB interface as the routing interface, set the vlan-id parameter to "none" to ensure proper traffic routing.PR1287557

  • QFX10000 VXLAN with MPLS underlay traffic loss is seen at the RSVP egress. PR1289666

  • VXLAN traffic loss is observed after deleting and adding VLANs. PR1318045

  • A core link flap might result in an inconsistent global MAC count. PR1328956

  • The partial multicast traffic might be dropped in an EVPN-VXLAN multi homing scenario with non-default virtual-switch/evpn routing-instance configured. PR1334408

  • The MAC movement between remote VTEP and local VTEP might cause traffic to be transmitted incorrectly in an EVPN-VXLAN scenario. PR1335431

  • Configuring encapsulate-inner-vlan on the partial VXLANs might cause traffic impact. PR1337953

  • In an EVPN-VXLAN environment, BFD flaps cause VTEP flaps and cause the Packet Forwarding Engine to crash. PR1339084

  • Rpd has unreproducible cored with scaling EVPN-VXLAN configuration on QFX10K platform. PR1339979

  • The rpd core might be seen if deleting the default switch in an EVPN-VXLAN environment. PR1342351

  • In an EVPN-VXLAN scenario, the traffic might get dropped as the core-facing interfaces goes down. PR1343515

  • Traffic might be lost on a Layer 2 and Layer 3 spine node in a multihome EVPN scenario. PR1355165

  • The QFX10000 might drop transited traffic coming from MPLS network to VXLAN/EVPN. PR1360159

  • Increased risk of a routing crash with temporary impact on traffic on QFX10000 or QFX5100 nodes with certain configuration changes or clearing L2 or L3 learning information in a high-scale EVPN-VXLAN configuration environment. PR1365257

  • Proxy ARP may not work as expected in an EVPN environment. PR1368911

  • QFX10k / Import default ipv6 route to VRF causes infinite entries to get created in 'evpn ip-prefix-database' and become unstable. PR1369166

High Availability (HA) and Resiliency

  • When igmp-snooping and bpdu-block-on-edge are enabled, IP protocol multicast traffic sourced by the kernel such as OSPF, VRRP, and so on gets dropped in the Packet Forwarding Engine level. PR1301773

Infrastructure

  • QFX5100: Enabling mac-move-limit stops ping on flexible-vlan-tagging enabled interface. PR1357742

Interfaces and Chassis

  • Multicast data packets are looping in MC-LAG. PR1281646

  • Upgrading might encounter a commit failure if redundancy-group-id-list is not configured under ICCP. PR1311009

  • CVLANs range is 16, which might not pass traffic in a Q-in-Q scenario. PR1345994

  • MC-LAG peer doesn't send ARP request to the host. PR1360216

Layer 2 Ethernet Services

  • A jdhcpd core file is generated after making DHCP configuration changes. PR1324800

Layer 2 Features

  • Device transmits packets that exceed the interface MTU. PR1306724

  • NLB heartbeat packets might be dropped on a QFX10000. PR1322183

  • ARP entry might be learned on STP blocking ports. PR1324245

  • The DHCP discover packets might be looped in an MC-LAG and a DHCP-relay scenario. PR1325425

  • QFX5100: With multiple logical units configured on an interface, input-vlan-map POP is not removing outer VLAN-tag when Q-in-Q and VXLAN are involved. PR1331722

  • The operation of pushing a VLAN tag does not work for VXLAN local switching tunneled Q-in-Q traffic. PR1332346

  • Interface with flexible-vlan-tagging and family ethernet-switching does not work on a QFX10000. PR1337311

MPLS

  • QFX5100: ISSU is not supported with an MPLS configuration. PR1264786

  • Traffic drop during a NSR switchover for RSVP P2MP provider tunnels used by MVPN . PR1293014

  • MPLS forwarding might not happen properly for some LSPs. PR1319379

  • The rpd process might crash on backup Routing Engine due to memory exhaustion. PR1328974

  • The hot standby for the L2 circuit does not work on a QFX5000. PR1329720

  • RSVP sessions go down for ingress LSPs with no-cspf enabled. PR1339916

  • LSP is not received by QFX5110. PR1351055

  • NO-propogate-TTL acts on MPLS Swap operation. PR1366804

  • LSP with auto-bandwidth enabled goes down during HMC error condition. PR1374102

Platform and Infrastructure

  • After upgrading the QFX5100 to Junos OS Release 16.1 or later from Junos OS Release 15.1, the commit warning /boot/ffp.cookie+ might be seen. PR1283917

  • SFP management Ethernet port C0 might not come up. PR1298876

  • Run-time pps statistics value might show zero for a subinterface of the aggregated Ethernet interface. PR1309485

  • Traffic loss might be seen if traffic is sent through the 40G interface. PR1309613

  • Some log messages are seen on the QFX5110 platform when plugging in an SFP-SX. PR1311279

  • One aggregated Ethernet member cannot send out sFlow sample packets. PR1311559

  • The FPC memory might be exhausted with SHEAF leak messages seen in the syslog. PR1311949

  • Traffic loss is observed while performing NSSU. PR1311977

  • A memory leak is seen for dot1xd. PR1313578

  • Some certain IGMP join packets cannot be processed correctly at a high rate. PR1314382

  • Transit traffic over a GRE tunnel might hit the CPU and trigger a DDoS violation on the L3 next hop. PR1315773

  • On an L2 next-generation switch platform (QFX5100/QFX10000), l2cpd might drop core files repeatedly if an interface is connected to a VoIP product with LLDP and LLDP-MED enabled. PR1317114

  • Packets such as TDLS without an IP header are looped between virtual gateways. PR1318382

  • The optic interface transmits power even after it has been administratively shutdown. PR1318997

  • The packet might be dropped between 4-60 seconds when the master Routing Engine is rebooted in a virtual chassis. PR1319146

  • Chassis MIB SNMP OIDs for VC-B member chassis are not available after MX-VC ISSU. PR1320370

  • The MAC address is stuck with "DR" flag on spine node even though packets are received on the interface from the source MAC. PR1320724

  • FPCs go offline in some situations. PR1321198

  • On the QFX10016 EVPN-VXLAN scaled testbed, it takes up to 3 minutes for traffic to converge when configured. PR1323042

  • The openflow session cannot be established correctly with controller and interface options configured on QFX5100 switches. PR1323273

  • Update new firmware versions for jfirmware package for 100G-PSM4 and 100G-AOC issues. PR1323321

  • EVPN Type 5: Unicast traffic is getting dropped on the backup forwarder. PR1323907

  • The next hop of _all_ces__ flood details might go missing. PR1324739

  • The GRE traffic is not decapsulated by the firewall filter. PR1325104

  • VLAN or VLAN bridge might not be added or deleted if there is an IFBD HW token limit exhaustion. PR1325217

  • ARP request packets might not be flooded on a QFX5110. PR1326022

  • The major alarm about 'Fan & PSU Airflow direction mismatch' might be seen by removing the management cable. PR1327561

  • Deleting one VXLAN might cause a traffic loop on another VXLAN in a multi homing EVPN-VXLAN scenario with a service provider style interface. PR1327978

  • QFX10002: Major alarm should be cleared once the chassis has more PEM units installed than the minimum PEM configuration. PR1327999

  • Directories and files under /var/db/scripts lose execution permission or directory 'jet' is missing under /var/db/scripts causing error: Invalid directory: No such file or directory error during commit. PR1328570

  • FAN tray removal or insertion trap is not generated for a backup FPC. PR1329031

  • The etherStatsCRCAlignErrors counters might disappear in the SNMP tree. PR1329713

  • After commit, members of Virtual Chassis or VCF are split and some members might get disconnected. PR1330132

  • An rpd process core file generated on a new backup Routing Engine at task_quit,task_terminate_timer_callback,task_timer_dispatch,task_scheduler after disabling NSR+GRES. PR1330750

  • The out of HMC range and HMC READ faild error messages are seen. PR1332251

  • Traffic does not pass through VCP ports after rebooting the Virtual Chassis members. PR1332515

  • EVPN-VXLAN: DF drops multicast traffic. PR1333069

  • On QFX10K8/QFX10K16 platforms, SIB LEDs on the fan tray are off after the replacement of the Fan Tray Controllers (FTC). PR1334006

  • The DHCPv6 SOLICIT message is dropped. PR1334680

  • AI-script does not get auto re-install upon a JUNOS upgrade on Next Generation-Routing Engine. PR1337028

  • The DF of an EVPN instance might flood all the ARP request back to the Ethernet Segment. PR1337275

  • On QFX5100 platforms, LR4 QSFP can take up to 15 min to come up after Virtual Chassis reboot. PR1337340

  • SNMP jnxBoxDescr OID returns different value when upgrading to Junos OS Release 17.2. PR1337798

  • On the QFX10000 platforms, VRRP function does not work well when it is configured on sub-interfaces. PR1338256

  • The traffic coming from the remote VTEP PE might be dropped. PR1338532

  • The analyzer status might show as down when port mirroring is configured to mirror packets from an aggregated Ethernet member. PR1338564

  • The VXLAN traffic might not be transmitted correctly with an IRB interface as the underlay interface of the VTEP tunnel. PR1338586

  • DDoS counters for OSPF might not increase. PR1339364

  • Multicast traffic drop is seen if downstream IRB interfaces have snooping enabled. PR1340003

  • On the QFX5200: there is an inconsistent result after using deactivate xxx command on ’pfc-priority’ and 'no-loss' context. PR1340012

  • L3 traffic is not getting converged properly upon disabling the ECMP link between spine and leaf with EVPN-VXLAN configurations. PR1343172

  • BPDU packets might get dropped and bpdu-block-on-edge might not work. PR1343330

  • Broadcast frames might be modified with the ethertype 0x8850. PR1343575

  • EVPN-VXLAN: VLAN with flexible-tag mode , the xe statistics appears to not be updated for ingress. PR1343746

  • LACP packets are getting dropped with native-vlan-id configured after reboot. PR1361054

  • QFX5000 Virtual-Chassis acting as EVPN-VxLAN ARP Proxy might cause ARP resolution to fail. PR1365699

  • Hashing does not work for the IPv6 packet encapsulated in VxLAN scenario. PR1368258

  • When native-vlan-id is configured for aggregated Ethernet LACP session to multihomed server goes down. PR1369424

  • A port might still work if it's deleted from an aggregated Ethernet interface. PR1372577

  • Implement the edit interfaces interface-name ether-options] configured-flow-control option for the QFX Series. PR1343917

  • For EVPN-VXLAN, the ARP packet uses VRRP/virtual-gateway MAC in an Ethernet header instead of an IRB MAC address. PR1344990

  • In the QFX5100, fan RPM fluctuates when temperature sensor reaches its threshold. PR1345181

  • FXPC process might generate a core file when removing VXLAN configuration. PR1345231

  • Backup Routing Engine might experience a crash, causing vmcore to be generated on master Routing Engine, master Routing Engine performance will not be affected. PR1346218

  • CPU and memory statistics not populating for the backup switch in a QFX5110 Virtual Chassis. PR1346268

  • An incorrect inner VLAN tag is sent from the QFX10000 platform with Q-in-Q configured on the Layer 3 sub interface. PR1346371

  • Statistics daemon pfed might generate core files on an upgrade between certain releases. PR1346925

  • On QFX5110 switches, a DCPFE core file might be generated after removing Type-5 tunnel in an EVPN-VXLAN configuration. PR1346980

  • A QFX5100-48T 10G interface might be auto negotiated at 100M speed instead of 10G. PR1347144

  • On QFX5110-48S-4C platforms, part numbers and serial numbers are not displayed for any of the 10G optics/DAC connected. PR1347634

  • The ARP might not update and packets might get dropped at the Routing Engine. PR1348029

  • On a QFX5100, a BGP session flaps when changes are made on the extended-vni-list under the EVPN hierarchy and if the BGP neighborship is through an IRB. PR1349600

  • QFX5100 40G port has an interoperability issue with some other vendors. PR1349664

  • Blackholing traffic with destination MAC matching the virtual gateway MAC might be seen. PR1348659

  • The pfed process might consume high CPU if subscriber or interface statistics are used at large scale. PR1351203

  • A DCPFE process might crash on QFX10000 switches. PR1351503

  • The GTP traffic might not be hashed correctly for an aggregated Ethernet interface. PR1351518

  • Telemetry traffic does not leave the local box when telemetry server is reachable via a VR routing-instance. PR1352593

  • QFX5100 arp fail after change interface MAC address. PR1353241

  • RPC output not showing failure when running request system software add with software already staged. PR1353466

  • SFP-LX10 on QFX5110 might fail to connect with another device. PR1353677

  • The alarm errors might be seen during the bootup on a QFX10000. PR1354582

  • Untagged packets might not be forwarded through the trunk port. PR1355338

  • Commit error observed if box is downgraded from from 18.2/18.3 release to 17.3R3. PR1355542

  • On QFX5110 platforms, LX10 SFP needs to be reinserted after autonegotiation is enabled or disabled. PR1355746

  • EVPN-VXLAN: the VXLAN traffic might be lost in EVPN type 2 and type 5 scenario. PR1355773

  • "Load averages" output under show chassis routing-engine shows "nan" periodically. PR1356676

  • The IGMP membership report packets might not be forwarded over an interface on a QFX10000. PR1360137

  • On QFX10k, virtual-gateway-address should be only configured on a irb interface associated with a vxlan VLAN. PR1360646

  • Unable to create QFX5200 VC w/100G DACs. PR1360721

  • The GTP traffic might not be hashed correctly on aggregated Ethernet interface. PR1361379

  • The clear services accounting statistics inline-jflow fpc-slot 0 command should be supported in QFX Series. PR1362396

  • QFX5100VC: Unable to connect management address through vme interface. PR1362437

  • On QFX10008, QFX10016, PTX1000, PTX5000, PTX10008, PTX10016 platforms, MPLS exp rewrite might not work for IPV6 and IPV4 traffic. PR1364391

  • Root password recovery process doesn't work. PR1365740

  • On QFX5100/QFX5110/QFX5200 platforms, ISIS adjacency goes down when mtu 9192 is configured. PR1368913

  • On QFX10000 platforms, before the 17.3R3 code, the maximum number of ESI IFLs was 4000 in the Packet Forwarding Engine. PR1371414

  • TPI-50840 BUM traffic received on 5110 is not flooded to all remote vteps. PR1373093

Routing Protocols

  • Observed mcsnoopd core file at __raise,abort,__task_quit__,task_quit,task_terminate_timer_callback,task_timer_dispatch,task_scheduler_internal (enable_slip_detector=true, no_exit=true) at ../../../../../../src/junos/lib/libjtask/base/task_scheduler.c:275 PR1305239

  • Packet drop is seen when programming for GRE traffic. PR1308438

  • Diffserv bits/ToS bits are not getting copied from Inner IP header to GRE header. PR1313311

  • Some of the IPv4 multicast routes in the Packet Forwarding Engine might fail to install and update. PR1320723

  • On the QFX5100, consistent hashing is not getting programmed. PR1322299

  • IS-IS Layer 2 hello packets are dropped when they come from another vendor’s device. PR1325436

  • The loopbacked IRB interface is not accessible to a remote network. PR1333019

  • The dcpfe process crash is seen in a route leak scenario on the QFX10000. PR1334714

  • The rpf-check-policy does not work as expected. PR1336909

  • Ping fails if MTU is different on the interfaces. DF is not working as expected. PR1345495

  • vrf-fallback on QFX5K is not supported in ALPM mode. PR1345501

  • On QFX10000 platforms, Netconf SSH TCP port 830 traffic hitting host path/unclassified queue. PR1345744

  • On QFX5100 platforms, parity errors in L3 IPv4 table in the Packet Forwarding Engine memory might cause traffic black holing. PR1364657

Software Installation and Upgrade

  • Commit may fail in single-user mode. PR1368986

Virtual Chassis

  • QFX-Virtual Chassis: Sometimes, the multicast packets are received 2x 3x times than expected. PR1306239

Resolved Issues: 17.4R1

Class of Service (CoS)

  • On QFX5100 switches, traffic might be dropped when there is more than one forwarding class under forwarding-class-sets. PR1255077

  • The transmit rate applied with forwarding-class-set does not work properly. PR1277497

EVPNs

  • On QFX5100 switches with EVPN-VXLAN deployed, broadcast and multicast traffic might not be sent to other switches through VTEP interfaces. PR1293163

  • On QFX10000 switches with EVPN deployed, packet corruption is seen with Packet Forward Engine trap code (129) egp.v4_chksum when sending L3 inter-VNI traffic with the underlay vlan-tagging inet interface. PR1295491

  • The dynamic routing protocols might not work correctly over the IRB interface in an EVPN-VXLAN scenario with ECMP. PR1301521

  • QFX5110-48S: L3 VPN traffic is dropped for some instances when EVPN-VXLAN configuration is removed and reapplied. PR1307590

Hardware

  • FEC is disabled by default on 100G-LR optics for QFX5200 switches. PR1286389

  • The 1G copper module interface shows "Link-mode: Half-duplex" on QFX10000 line platforms. PR1286709

  • ULC-60S-6Q LC on QFX10008: The port becomes unusable after inserting a third-party SFP-T optic. PR1294394

  • Update new firmware versions for jfirmware package for 100G-PSM4 and 100G-AOC issues. PR1323321

High Availability (HA) and Resiliency

  • Normal VRRP MAC is triggering a MAC move, and logical interfaces on the BD are getting shut down. PR1285749

Infrastructure

  • Create new command: "enable-tcp-nodelay" and allow flash sub-jobs to run for max quantum.PR1136167

  • Disabled 10-Gigabit Ethernet interfaces might stay up on QFX10000 line switches.PR1300775

  • The 40-Gigabit Ethernet connection between two QFX5100-24Qs might not come up sometimes. PR1178799

  • QFX10002 and QFX10008: BFD sessions over IRB interfaces with Junos OS Releases 17.1R1, 17.1R2, 17.2R1. and 17.3R1 are centralized. PR1284743

Interfaces and Chassis

  • Random interfaces do not come up after a line card is rebooted. PR1262839

  • Copper ports flap on QFX5100-48T when short-reach-mode is enabled. PR1248611

  • The 40-Gigabit Ethernet interface might flap between QFX5100 and other products. PR1273861

  • QFX10000-12C-DWDM: an ot- interface link flap is observed whenever an optics TCA alarm is raised; however, there is no LOS and no traffic loss is observed. PR1279351

  • On QFX5100 switches, an AE interface might flap upon commit if an explicit speed is configured on an AE member interface PR1284495

  • On QFX10000 line switches, the input and output rates for 10-Gigabit, 40-Gigabit, or 100-Gigabit Ethernet interfaces are not 0 if the interface is down. PR1291412

  • Traffic might not be received on a 1-Gigabit Ethernet interface if autonegotiation is disabled and speed/duplex is configured on both the QFX Series switch and the peer host. PR1292275

  • High heap memory utilization might be seen if multiple SFP-T optics are inserted or set interface <> link-mode full-duplex is enabled. PR1294208

  • The 40-Gigabit Ethernet interface might not come up if a specific vendor’s DAC cable is used. PR1296011

  • QFX10008/10016: Commit error is seen when configured with mixed speed. PR1301923

Junos Fusion Satellite Software

  • Native VLAN on an aggregated Ethernet interface terminated on multiple satellite devices. PR1305698

Layer 2 Features

  • To set up PTP BC forwarding on a QFX10002, configure routing on the interface or add a static ARP entry on the remote PTP device.PR1275327

  • Feature swap-swap might not work as expected in a Q-in-Q scenario. PR1297772

  • QFX5100 crashes and the fxcp process generates a core file. PR1306768

MPLS

  • QFX10008 is dropping egress MPLS traffic, if the egress interface is an IRB with access L2 AE interface. PR1279827

Network Management and Monitoring

  • UFT for non-local member is not shown in the CLI. PR1243758

  • LAG interface input bytes counter continuously decreases when no packets come in. PR1266062

  • SNMP process is not running on QFX Series switches with incorrect source addresses. PR1285198

  • On QFX5100, an incorrect alarm type might be displayed. PR1291622

  • Previous learned MAC address from remote ESI cannot be changed to local. PR1303202

  • The sflow records are missing "extendedType ROUTER" fields as well as an outbound interface for traffic that is using BGP multipath. PR1303236

  • QFX5110-48S: digital optical monitoring statistics cannot be received through the CLI in Junos OS Releases 15.1X53 through 17.x. PR1305506

Platform and Infrastructure

  • A hostname synchronization issue occurs between the Junos OS VM instance and the Linux host in TVP platforms. PR1283710

  • The dexp process might crash after committing set system commit delta-export. PR1284788

  • The dcpfe process might crash and restart on MC-LAG active and standby nodes when there is ARP/NDP next-hop change. PR1299112

  • OSPFv3 authentication using IPsec SA does not work if you are using IPsec to authenticate OSPFv3 neighbors on some QFX Series platforms. PR1301428

Port Security

  • On QFX10000 switches, MACsec sessions are not coming up on a Layer 3 logical interface. PR1282995

  • Proxy-ARP and ARP suppression are not yet supported for the QFX10000 line. PR1293707

Routing Protocols

  • When the static link protection mode configured backup state is down, the primary port goes to down state instead of the secondary port, and the secondary remains in up state. PR1276156

  • Analytics JSON data format is reporting a incorrect value for 'rxbps' counter. PR1285434

  • On QFX5100 switches, if a term with the policer action is configured, dc-pfe: list_destroy() messages might be displayed on commit. PR1286209

  • GRE tunnel traffic does not switch over to the alternate path if the primary path to the tunnel destination changes. PR1287249

  • UDP traffic with destination port 520 and 521 is discarded on QFX5110 switches after a Junos OS upgrade. PR1287271

  • OVSDB and Openflow have some limitations on QFX5110, QFX5200, QFX10002. QFX10008, and QFX10016 switches running Junos OS Releases 17.1R1, 17.1R2, and 17.2R1. PR1288227

  • Storm-control flags are not set after a Routing Engine switchover. PR1290246

  • In a data center environment with EVPN-VXLAN and proxy MAC plus IP advertisement enabled on a Layer 3 gateway, the state for some MACs might be lost during MAC moves. PR1291118

  • QFX5110-32C: Routable ICMP packets get flooded on one of the newly provisioned 100 VXLAN IRB interfaces on a non-collapsed VXLAN L3 gateway (same IP, same MAC profile). PR1291406

  • The dcpfe process might crash after a period of idle time on QFX10000 switches. PR1294055

Software Licensing

  • VXLAN license might display as invalid if QFX-ADV-FEATURE-LIC is installed. PR1288916

Virtual Chassis

  • QFX5100 TVP: Not able to load TVP image on top of a non-TVP 5100 image while adding a QFX5100 switch to the Virtual Chassis. PR1248145

  • QFX5100: The ovsdb-server daemon failed to start. PR1288052

  • On QFX-5100, the fxpc process generates a core file. PR1294033

  • QFX5200: New apply group not applying to the Virtual Chassis after a reboot. PR1305520

VLAN Infrastructure

  • VLAN association is not being updated in the Ethernet switching table when the device is configured in single supplicant mode. PR1283880

Documentation Updates

There are no documentation errata or changes for the QFX Series switches in Junos OS Release 17.4R3.

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network.

Upgrading Software on QFX Series Switches

When upgrading or downgrading Junos OS, always use the jinstall package. Use other packages (such as the jbundle package) only when so instructed by a Juniper Networks support representative. For information about the contents of the jinstall package and details of the installation process, see the Installation and Upgrade Guide and Junos OS Basics in the QFX Series documentation.

If you are not familiar with the download and installation process, follow these steps:

  1. In a browser, go to https://www.juniper.net/support/downloads/junos.html.

    The Junos Platforms Download Software page appears.

  2. In the QFX Series section of the Junos Platforms Download Software page, select the QFX Series platform for which you want to download the software.
  3. Select 17.4 in the Release pull-down list to the right of the Software tab on the Download Software page.
  4. In the Install Package section of the Software tab, select the QFX Series Install Package for the 17.4 release.

    An Alert box appears.

  5. In the Alert box, click the link to the PSN document for details about the software, and click the link to download it.

    A login screen appears.

  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.
  7. Download the software to a local host.
  8. Copy the software to the device or to your internal software distribution site.
  9. Install the new jinstall package on the device.Note

    We recommend that you upgrade all software packages out of band using the console, because in-band connections are lost during the upgrade process.

    Customers in the United States and Canada use the following command:

    user@host> request system software add sourcejinstall-host-qfx-10-f-x86-64-17.4 -R3.n-secure-signed.tgz reboot reboot

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the switch.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname (available only for Canada and U.S. version)

    Adding the reboot command reboots the switch after the upgrade is installed. When the reboot is complete, the switch displays the login prompt. The loading process can take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note

After you install a Junos OS Release 17.4 jinstall package, you can issue the request system software rollback command to return to the previously installed software.

Installing the Software on QFX10002 Switches

Note

If you are upgrading from a version of software that does not have the FreeBSD 10 kernel (15.1X53-D30, for example), you will need to upgrade from Junos OS Release 15.1X53-D30 to Junos OS Release 15.1X53-D32. After you have installed Junos OS Release 15.1X53-D32, you can upgrade to Junos OS Release 15.1X53-D60 or Junos OS Release 17.4R1.

Note

On the switch, use the force-host option to force-install the latest version of the Host OS. However, by default, if the Host OS version is different from the one that is already installed on the switch, the latest version is installed without using the force-host option.

If the installation package resides locally on the switch, execute the request system software add <pathname><source> reboot command.

For example:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-f-x86-64-17.4 -R3.n-secure-signed.tgz reboot reboot

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> reboot command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-f-x86-64-17.4 -R3.n-secure-signed.tgz reboot reboot

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Upgrading Software from Junos OS Release 15.1X53-D3X to Junos OS Release 15.1X53-D60, 15.1X53-D61.7, 15.1X53-D62, and 15.1X53-D63 on QFX10008 and QFX10016 Switches

Note

Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://www.juniper.net/support.

The switch contains two Routing Engines, so you will need to install the software on each Routing Engine (re0 and re1).

If the installation package resides locally on the switch, execute the request system software add <pathname><source> command.

To install the software on re0:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re0

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re0 command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re0

To install the software on re1:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re1

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re1 command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re1

Reboot both Routing Engines.

For example:

user@switch> request system reboot both-routing-engines

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Installing the Software on QFX10008 and QFX10016 Switches

Because the switch has two Routing Engines, perform a Junos OS installation on each Routing Engine separately to avoid disrupting network operation.

Note

Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://www.juniper.net/support.

Warning

If graceful Routing Engine switchover (GRES), nonstop bridging (NSB), or nonstop active routing (NSR) is enabled when you initiate a software installation, the software does not install properly. Make sure you issue the CLI delete chassis redundancy command when prompted. If GRES is enabled, it will be removed with the redundancy command. By default, NSR is disabled. If NSR is enabled, remove the nonstop-routing statement from the [edit routing-options] hierarchy level to disable it.

  1. Log in to the master Routing Engine’s console.

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  2. From the command line, enter configuration mode:

    user@switch> configure
  3. Disable Routing Engine redundancy:

    user@switch# delete chassis redundancy
  4. Disable nonstop-bridging:

    user@switch# delete protocols layer2-control nonstop-bridging
  5. Save the configuration change on both Routing Engines:

    user@switch# commit synchronize
  6. Exit the CLI configuration mode:

    user@switch# exit

    After the switch has been prepared, you first install the new Junos OS release on the backup Routing Engine, while keeping the currently running software version on the master Routing Engine. This enables the master Routing Engine to continue operations, minimizing disruption to your network.

    After making sure that the new software version is running correctly on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the software version on the other Routing Engine.

  7. Log in to the console port on the other Routing Engine (currently the backup).

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  8. Install the new software package using the request system software add command:

    user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-f-x86-64-17.4 -R3.n-secure-signed.tgz reboot

    For more information about the request system software add command, see the CLI Explorer.

  9. Reboot the switch to start the new software using the request system reboot command:

    user@switch> request system reboot
    Note

    You must reboot the switch to load the new installation of Junos OS on the switch.

    To abort the installation, do not reboot your switch. Instead, finish the installation and then issue the request system software delete <package-name> command. This is your last chance to stop the installation.

    All the software is loaded when you reboot the switch. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.

    While the software is being upgraded, the Routing Engine on which you are performing the installation is not sending traffic.

  10. Log in and issue the show version command to verify the version of the software installed.

    user@switch> show version

    Once the software is installed on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the master Routing Engine software.

  11. Log in to the master Routing Engine console port.

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  12. Transfer routing control to the backup Routing Engine:

    user@switch> request chassis routing-engine master switch

    For more information about the request chassis routing-engine master command, see the CLI Explorer.

  13. Verify that the backup Routing Engine (slot 1) is the master Routing Engine:

    user@switch> show chassis routing-engine
  14. Install the new software package using the request system software add command:

    user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-17.4R3.n-secure-signed.tgz

    For more information about the request system software add command, see the CLI Explorer.

  15. Reboot the Routing Engine using the request system reboot command:

    user@switch> request system reboot
    Note

    You must reboot to load the new installation of Junos OS on the switch.

    To abort the installation, do not reboot your system. Instead, finish the installation and then issue the request system software delete jinstall <package-name> command. This is your last chance to stop the installation.

    The software is loaded when you reboot the system. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.

    While the software is being upgraded, the Routing Engine on which you are performing the installation does not send traffic.

  16. Log in and issue the show version command to verify the version of the software installed.

  17. Transfer routing control back to the master Routing Engine:

    user@switch> request chassis routing-engine master switch

    For more information about the request chassis routing-engine master command, see the CLI Explorer.

  18. Verify that the master Routing Engine (slot 0) is indeed the master Routing Engine:

    user@switch> show chassis routing-engine

Performing a Unified ISSU

You can use unified ISSU to upgrade the software running on the switch with minimal traffic disruption during the upgrade.

Note

Unified ISSU is supported in Junos OS Release 13.2X51-D15 and later.

Perform the following tasks:

Preparing the Switch for Software Installation

Before you begin software installation using unified ISSU:

  • Ensure that nonstop active routing (NSR), nonstop bridging (NSB), and graceful Routing Engine switchover (GRES) are enabled. NSB and GRES enable NSB-supported Layer 2 protocols to synchronize protocol information between the master and backup Routing Engines.

    To verify that nonstop active routing is enabled:

    Note

    If nonstop active routing is enabled, then graceful Routing Engine switchover is enabled.

    If nonstop active routing is not enabled (Stateful Replication is Disabled), see Configuring Nonstop Active Routing on Switches for information about how to enable it.

  • Enable nonstop bridging (NSB). See Configuring Nonstop Bridging on Switches (CLI Procedure) for information on how to enable it.

Upgrading the Software Using Unified ISSU

This procedure describes how to upgrade the software running on a standalone switch.

To upgrade the switch using unified ISSU:

  1. Download the software package by following the procedure in the Downloading Software Files with a Browser section in Installing Software Packages on QFX Series Devices.

  2. Copy the software package or packages to the switch. We recommend that you copy the file to the /var/tmp directory.

  3. Log in to the console connection. Using a console connection allows you to monitor the progress of the upgrade.

  4. Start the ISSU:

    • On the switch, enter:

      where package-name.tgz is, for example, jinstall-host-qfx-5-17.3R1-signed.tgz.

    Note

    During the upgrade, you cannot access the Junos OS CLI.

    The switch displays status messages similar to the following messages as the upgrade executes:

    Note

    A unified ISSU might stop, instead of abort, if the FPC is at the warm boot stage. Also, any links that go down and up will not be detected during a warm boot of the Packet Forwarding Engine (PFE).

    Note

    If the unified ISSU process stops, you can look at the log files to diagnose the problem. The log files are located at /var/log/vjunos-log.tgz.

  5. Log in after the reboot of the switch completes. To verify that the software has been upgraded, enter the following command:

  6. Ensure that the resilient dual-root partitions feature operates correctly, by copying the new Junos OS image into the alternate root partitions of all of the switches:

    Resilient dual-root partitions allow the switch to boot transparently from the alternate root partition if the system fails to boot from the primary root partition.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2 and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3. However, you cannot upgrade directly from a non-EEOL release that is more than three releases ahead or behind.

To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.