Junos OS Release Notes for the QFX Series
These release notes accompany Junos OS Release 18.1R3 for the QFX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.
Caveat: Juniper Networks does not recommend configuring and deploying EVPN-VXLAN on QFX Series platforms running Junos OS 18.1R1.
You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.
New and Changed Features
This section describes the new features and enhancements to existing features in the Junos OS main release and the maintenance releases for QFX Series.
The following QFX Series platforms are supported in Release 18.1R3: QFX5100, QFX5110, QFX5200, QFX5210, QFX10002, QFX10008, and QFX10016.
Release 18.1R3-S3 New and Changed Features
EVPNs
Multicast support with IGMP snooping on spine and leaf devices in an EVPN-VXLAN centrally-routed bridging overlay network (QFX10002, QFX10008, QFX10016, and QFX5110 switches)—Starting with Junos OS Release 18.1R3-S3, multicast forwarding with IGMP snooping is supported on spine and leaf devices in an EVPN-VXLAN centrally-routed bridging overlay network consisting of QFX10002, QFX10008, or QFX10016 switches as spine devices and QFX5110 switches as leaf devices. With IGMP snooping enabled in a centrally-routed bridging architecture, leaf devices forward multicast traffic at Layer 2 within a VLAN only, while spine devices perform forwarding within a VLAN and can also be configured with IRB interfaces to perform inter-VLAN routing. Spine or leaf devices forward multicast traffic on the access side only to interested listeners based on IGMP snooping state, but continue to use ingress replication to flood multicast traffic into the EVPN core to reach other spine or leaf devices that might serve interested listeners.
All of the following scenarios are supported for both intra-VLAN and inter-VLAN multicast traffic:
Multicast source and multicast receivers within the EVPN-VXLAN network
Multicast source external to the EVPN-VXLAN network and multicast receivers within the EVPN-VXLAN network
Multicast receiver external to the EVPN-VXLAN network and multicast source within the EVPN-VXLAN network
To route multicast traffic from or to multicast sources and receivers external to the EVPN-VXLAN network, spine devices use PIM on a multicast VLAN through an external gateway (such as an MX Series router).
IPv6 data traffic support through an EVPN-VXLAN overlay network (QFX5110 switches)—Starting with Junos OS Release 18.1R3-S3, QFX5110 switches that function as Layer 3 VXLAN gateways can route IPv6 data traffic through an EVPN-VXLAN overlay network. With this feature enabled, Layer 2 or 3 data packets from one IPv6 host to another IPv6 host are encapsulated with an IPv4 outer header and transported over the IPv4 underlay network. The Layer 3 VXLAN gateways in the EVPN-VXLAN overlay network learn the IPv6 routes through the exchange of EVPN Type 2 and Type 5 routes.
[See Routing IPv6 Data Traffic through an EVPN-VXLAN Network With an IPv4 Underlay.]
MAC filtering, storm control, and port mirroring support in EVPN-VXLAN networks (QFX5100 and QFX5110 switches)—Starting with Junos OS Release 18.1R3-S3, QFX5100 and QFX5110 switches support the following features in an EVPN-VXLAN overlay network:
MAC filtering
Storm control
Port mirroring and analyzers
[See MAC Filtering, Storm Control, and Port Mirroring Support in an EVPN-VXLAN Environment.]
MAC filtering and storm control support in EVPN-VXLAN networks (QFX10002 and QFX10008 switches)—Starting with Junos OS Release 18.1R3-S3, QFX10002 and QFX10008 switches support the following features in an EVPN-VXLAN overlay network:
MAC filtering
Storm control
[See MAC Filtering, Storm Control, and Port Mirroring Support in an EVPN-VXLAN Environment.]
Support for firewall filtering and policing on EVPN-VXLAN traffic (QFX5100 and QFX5110)—Starting with Junos OS Release 18.1R3-S3, you can configure firewall filters and policers on VXLAN traffic in an EVPN topology. Firewall filters provide rules that define whether to accept or discard packets that are transiting an interface. Policing, or rate limiting, lets you control the amount of traffic that enters the switch and determines the actions to take when the traffic exceeds the defined limit. You configure firewall filters at the [edit firewall] hierarchy level. For each firewall filter that you apply to a VXLAN, you can specify family ethernet-switching to filter Layer 2 (Ethernet) packets or family inet to filter on IRB interfaces. The IRB interface acts as a Layer 3 routing interface to connect the XVLANs in collapsed or non-collapsed IP fabric topologies. You can only apply firewall filters and policers on CE-facing interfaces in the ingress direction (traffic entering the XVLAN). For IRB interfaces, you can only apply filtering at the ingress point of a non-encapsulated frame routed through the IRB interface.
This feature was previously supported in an "X" release of Junos OS.
This feature is not supported on a QFX5100 Virtual Chassis in an EVPN-VXLAN topology.
[See Understanding EVPN with VXLAN Data Plane Encapsulation and Overview of Firewall Filters.]
Support for VMTO for ingress traffic (QFX5100, QFX5110, QFX5200, QFX5210, QFX10002, QFX10008, and QFX10016 switches)—Starting in Junos OS Release 18.1R3-S3, you can configure the PE device to support virtual machine traffic optimization (VMTO) for ingress traffic. VMTO eliminates the unnecessary ingress routing to default gateways when a virtual machine is moved from one data center to another.
To enable VMTO, configure remote-ip-host routes in the [edit routing-instances routing-instance-name protocols evpn] hierarchy level. You can also filter out the unwanted routes by configuring an import policy under the remote-ip-host routes option.
Support for Multihomed Proxy Advertisement (QFX5100, QFX5110, QFX5200, QFX5210, QFX10002, QFX10008, and QFX10016 switches)—Junos now provides enhanced support to proxy advertise the Mac address and IP route entry from all PEs that are multi-homed to a CE device. This can prevent traffic loss when one of the links to the PE fails. To support the multihomed proxy advertisement, all multi-homed PE devices should have the same multihomed proxy advertisement bit value. The multihomed proxy advertisement feature is enabled by default and Junos uses the default multihomed proxy advertisement bit value of 0x20.
[See EVPN Multihoming Overview.]
Support for OSPF, IS-IS, BGP, and static routing on IRB interfaces in EVPN-VXLAN networks (QFX Series)—Starting in Junos OS Release 18.1R3-S3, you can configure OSPF, IS-IS, BGP, and static routing with bidirectional forwarding detection (BFD) on an IRB interface that is used as a routed interface in EVPN. This allows protocol adjacencies to be established between an IRB on a Layer 3 gateway and a CE device connected directly to a Layer 3 gateway or to a Layer 2 leaf device in an EVPN-VXLAN network.
[See Supported Protocols on an IRB Interface in EVPN-VXLAN .]
Routing Policy and Firewall Filters
Support for IPv6 Filter-Based Forwarding (QFX5200 switches)— Starting with Junos OS Release 18.1R3-S3, you can use stateless firewall filters in conjunction with filters and routing instances to control how IPv6 traffic travels in a network. This is called IPv6 filter-based forwarding. To setup this feature, you define a filtering term that matches incoming packets based on the source or destination address and then specify the routing instance to send packets to. You can use filter-based forwarding to route specific types of traffic through a firewall or security device before the traffic continues on its path. You can also use it to give certain types of traffic preferential treatment or to improve load balancing of switch traffic.
This feature was previously supported in an "X" release of Junos OS.
[See Firewall Filter Match Conditions for IPv6 Traffic and Filter-Based Forwarding Overview.]
Security
Support for firewall filtering and policing on EVPN-VXLAN traffic (QFX5100, QFX5100 Virtual Chassis, QFX5110 switches)— Starting with Junos OS Release 18.1R3-S3, you can configure firewall filters and policers on VXLAN traffic in an EVPN topology. For each firewall filter that you apply to a VXLAN, you can specify family ethernet-switching to filter Layer 2 (Ethernet) packets or family inet to filter on IRB interfaces. The IRB interface acts as a Layer 3 routing interface to connect the XVLANs in collapsed or non-collapsed IP fabric topologies. You can only apply firewall filters and policers on CE-facing interfaces in the ingress direction (traffic entering the XVLAN). For IRB interfaces, you can only apply filtering at the ingress point of a non-encapsulated frame routed through the IRB interface.
This feature was previously supported in an “X” release of Junos OS.
[See Understanding EVPN with VXLAN Data Plan Encapsulation and Overview of Firewall Filters.]
Release 18.1R3 New and Changed Features
EVPNs
Layer 2 and 3 families, encapsulation types, and VXLAN on same physical interface (QFX5100, QFX5110, and QFX5200 switches)—Starting with Junos OS Release 18.1R3, you can configure and successfully commit the following on a physical interface of a QFX5100, QFX5110, or QFX5200 switch in an EVPN-VXLAN environment:
Layer 2 bridging (family ethernet-switching) on any logical interface unit number (unit 0 and any non-zero unit number).
VXLAN on any logical interface unit number (unit 0 and any non-zero unit number).
Layer 2 bridging (family ethernet-switching and encapsulation vlan-bridge) on different logical interfaces (unit 0 and any non-zero unit number).
Layer 3 IPv4 routing (family inet) and VXLAN on different logical interfaces (unit 0 and any non-zero unit number).
For the above configurations to be successfully committed and work properly, you must specify the encapsulation flexible-ethernet-services configuration statements at the physical interface level—for example, set interfaces xe-0 /0/5 encapsulation flexible-ethernet-services.
Interfaces and Chassis
Support for connectivity fault management (CFM) (QFX5210 switches)—Starting in Junos OS 18.1R3, you can use the connectivity fault management (CFM) feature to monitor an Ethernet network that may comprise one or more service instances. A service instance could be a VLAN or a collection of VLANs. CFM creates a maintenance domain (MD) entity that is a network or part of the network for which faults in connectivity are managed. An MD is associated with a level. The allocation of levels to the various network entities are decided based on their needs from an OAM perspective. For example, network entities such as operators, providers, and customers can be part of different administrative domains. Each administrative domain is mapped into one OAM domain. The OAM domain provides enough information for management, avoiding security breaches, and performing end-to-end monitoring. Configure CFM at the [edit protocols oam ethernet connectivity-fault-management] hierarchy level.
Junos on White Box
Junos on White Box—Starting with Junos OS Release 18.1R3, the Junos on White Box software provides a disaggregated Junos that decouples the Junos operating system from Juniper Networks switches and runs as independent software on Open Compute Project (OCP)-compliant network hardware, enabling you to use that hardware in your data center (DC) networks and providing a robust, feature-rich network operating system for enabling the DC Fabric buildout. Junos for White Box is standalone software providing standards-based network protocols such as ISIS and BGP, overlay technology such as VXLAN with EVPN control plane, and full automation capabilities and is similar to the reliable, high performance Junos OS that powers the Juniper Networks QFX Series Data Center portfolio.
Key Junos OS features that enhance the functionality and capabilities of the White Box switches include:
Software modularity, with process modules running independently in their own protected memory space and with the ability to do process restarts.
Uninterrupted routing and forwarding, with features such as nonstop active routing (NSR) and nonstop bridging (NSB).
Commit and rollback functionality that ensures error-free network configurations.
A powerful set of scripts for on-box problem detection, reporting, and resolution.
Release 18.1R2 New and Changed Features
EVPNs
IPv4 inter-VLAN multicast forwarding modes for EVPN (QFX10000 switches)—Starting with Junos OS Release 18.1R2, QFX10000 switches can forward IPv4 multicast traffic between VLANs in EVPN-VXLAN networks with these IP fabric architectures:
Two-layer IP fabric in which QFX10000 switches function as Layer 3 gateways, and QFX5100 or QFX5200 switches function as Layer 2 gateways. From their central location in the IP fabric, the QFX10000 switches on which IRB interfaces are configured can route multicast traffic from one VLAN to another. This mode of multicast forwarding is known as centrally-routed mode.
One-layer IP fabric in which QFX10000 switches function as both Layer 2 and Layer 3 gateways. From their location at the edge of the IP fabric, the QFX10000 switches on which IRB interfaces are configured can route multicast traffic from one VLAN to another. This mode of multicast forwarding is known as edge-routed mode.
To configure the multicast forwarding mode, you can specify the irb configuration statement with the local-remote option (centrally-routed mode) or the local-only option (edge-routed mode) in the [edit forwarding-options multicast-replication evpn] hierarchy level.
Note We do not recommend specifying the local-remote option on some QFX10000 switches and the local-only option on the other QFX10000 switches in either of the IP fabric architectures. Doing so might cause the QFX10000 switches to forward the inter-VLAN multicast traffic inconsistently.
Restoration Procedures and Failure Handling
Device recovery mode introduced in Junos OS with upgraded FreeBSD (QFX Series)—In Junos OS Release 18.1R2, for devices running Junos OS with upgraded FreeBSD, provided you have saved a rescue configuration on the device, there is an automatic device recovery mode that goes into action should the system go into amnesiac mode.The new process is for the system to automatically retry to boot with the saved rescue configuration. In this circumstance, the system displays a banner "Device is in recovery mode” in the CLI (in both the operational and configuration modes). Previously, there was no automatic process to recover from amnesiac mode. A user with load and commit permission had to log in using the console and fix the issue in the configuration before the system would reboot.
Release 18.1R1 New and Changed Features
Hardware
QFX10002-60C switch—Starting in Junos OS Release 18.1R1, Juniper Networks introduces the QFX10002-60C switch. The Juniper Networks QFX10000 line of Ethernet switches provides cloud builders and data center operators with scalable solutions for both core and spine data center deployments. The 2 U fixed-configuration switch has 60 flexible configuration speed ports that can be set for 40-Gbps or 100-Gbps speeds. The QFX10002-60C also supports 10-Gigabit Ethernet when the ports are configured for 40-Gigabit Ethernet and channelized into 4 independent 10-Gigabit Ethernet ports. The QFX10002-60C is available with either AC or DC power supplies. The airflow is airflow out, where air comes into the vents in the port panel and exhausts through the field-replaceable units (FRU) panel. [See QFX10002 Hardware Overview.]
QFX5210-64C switch—Starting in Junos OS Release 18.1R1, Juniper Networks introduces the QFX5210-64C Switch. The 1 U fixed configuration switch is designed for cloud customers who need either a top-of-rack switch or a lean spine switch with flexible port speeds and high-port density. The Routing Engine and control plane are driven by the 2.2 GHz quad-core Intel; Xeon; CPU with 16 GB of memory and a 128-GB solid-state drive (SSD) for storage. The QFX5210-64C can be configured for 10/25/40/50/100 Gigabit Ethernet speeds. The switch comes standard with redundant fans and redundant power supplies. The QFX5210-64C can be ordered with either ports-to-FRUs or FRUs-to-ports airflow. The model is available with either AC or DC power supplies. [See QFX5210 System Overview.]
QFX5200-48Y switch— The Juniper Networks QFX5200 line of fixed-configuration access switches are designed for cloud builders and data centers deploying next-generation IP fabric networks. The QFX5200-48Y offers 48 ports of native 25-Gbps speed for downlinks and 6 ports of 100-Gbps speeds for uplinks. The 1 U fixed chassis switch allows a flexible configuration of the ports. The 40 downlink ports can be configured either as 10-Gbps speeds or 25-Gbps speeds while the 6 uplink ports can be configured for either 40-Gbps speeds or 100-Gbps speeds. The QFX5200-48Y comes standard with redundant fans and redundant power supplies. The QFX5200-48Y can be ordered with either ports-to-FRUs (AFO) or FRUs-to-ports (AFi) airflow. The model is available with either AC or DC power supplies.
Authentication, Authorization, and Accounting (AAA) (RADIUS)
Access control and authentication (QFX5100 switches)—Starting with Junos OS Release 18.1 R1, QFX5110 and QFX5200 switches support controlling access to your network using 802.1X authentication and MAC RADIUS authentication.
802.1X authentication provides port-based network access control (PNAC) as defined in the IEEE 802.1X standard. QFX5100 switches support 802.1X features including guest VLAN, private VLAN, server fail fallback, dynamic changes to a user session, RADIUS accounting, and configuration of port-filtering attributes on the RADIUS server using VSAs. You configure 802.1X authentication at the [edit protocols dot1x] hierarchy level.
MAC RADIUS authentication is used to authenticate end devices independently of whether they are enabled for 802.1X authentication. You can permit end devices that are not 802.1X-enabled to access the LAN by configuring MAC RADIUS authentication on the switch interfaces to which the end devices are connected. You configure MAC RADIUS authentication at the [edit protocols dot1x authenticator interface interface-name mac-radius] hierarchy level.
Class of Service (CoS)
Support for data center quantized congestion notification (DCQCN) (QFX5100, QFX5110, QFX5200, QFX5210 switches)—Remote Direct Memory Access (RDMA) provides the high throughput and ultra-low latency, with low CPU overhead, necessary for modern datacenter applications. RDMA is deployed using the RoCEv2 protocol, which relies on priority-based flow control (PFC) to enable a drop-free network. DCQCN is an end-to-end congestion control scheme for RoCEv2. Starting in Junos OS Release 18.1R1, Junos OS supports DCQCN by combining explicit congestion notification (ECN) and PFC to overcome the limitations of PFC to support end-to-end lossless Ethernet.
[See Data Center Quantized Congestion Notification (DCQCN).]
EVPN
Support for IGMP snooping for EVPN-VXLAN in a multihomed environment (QFX5110 switches)—Starting in Junos OS Release 18.1R1, QFX5110 switches support IGMP snooping with Ethernet EVPN (EVPN). This feature is useful in an EVPN-VXLAN environment with significant multicast traffic. IGMP snooping enables PE devices to send multicast traffic to CE devices only as needed, which preserves bandwidth. To configure IGMP snooping, Include the igmp-snooping (all | vlan-number) set of statements at the [edit protocols] hierarchy level. You must also include the proxy statement in the IGMP snooping configuration. All multihomed interfaces must have the same configuration.
[See Overview of IGMP Snooping in an EVPN-VXLAN Environment.]
EVPN control plane and VXLAN data plane support (QFX5210 switches)—By using a Layer 3 IP-based underlay network coupled with an Ethernet VPN-Virtual Extensible LAN (EVPN-VXLAN) overlay network, you can deploy larger networks than those possible with traditional Layer 2 Ethernet-based architectures. With overlay networks, endpoints (bare-metal servers [BMSs] and virtual machines [VMs]) can be placed anywhere in the network and can remain connected to the same logical Layer 2 network, enabling the virtual topology to be decoupled from the physical topology.
The physical underlay network over which EVPN-VXLAN is commonly deployed is a two-layer IP fabric, which includes spine and leaf devices. The spine devices provide connectivity between the leaf devices, and the leaf devices function as Layer 2 VXLAN gateways and provide connectivity to the attached endpoints. Starting with Junos OS Release 18.1R1, you can deploy QFX5210 switches as leaf nodes in the EVPN-VXLAN overlay network.
EVPN proxy ARP and ARP suppression, and NDP and NDP suppression with or without IRB interfaces (QFX5100, QFX5110, and QFX5200 switches)—Starting with Junos OS Release 18.1R1, QFX5100 and QFX5200 switches that function as Layer 2 VXLAN gateways and QFX5110 switches that function as Layer 2 or Layer 3 VXLAN gateways in an Ethernet VPN-Virtual Extensible LAN (EVPN-VXLAN) environment support proxy Address Resolution Protocol (ARP) and ARP suppression, and Network Discovery Protocol (NDP) and NDP suppression. The proxy ARP and ARP suppression, and NDP and NDP suppression capabilities are enabled by default. Any interface configured on a Layer 2 or Layer 3 VXLAN gateway can deliver ARP requests from both local and remote hosts.
In addition, you can control the following aspects of the media access control (MAC)-IP address bindings database on a Layer 2 or Layer 3 VXLAN gateway:
The maximum number of MAC-IP address entries in the database
The amount of time a locally learned MAC-IP address binding remains in the database
[See EVPN Proxy ARP and ARP Suppression, and NDP and NDP Suppression.]
Support for duplicate MAC address detection and suppression (QFX5100, QFX5110, and QFX5200 switches)— When a MAC address relocates, PE devices can converge on the latest location by using sequence numbers in the extended community field. Misconfigurations in the network can lead to duplicate MAC addresses. Starting in Junos OS Release 18.1R1, QFX5100, QFX5110, and QFX5200 switches support duplicate MAC address detection and suppression.
You can modify the duplicate MAC address detection settings on the switches by configuring the detection window for identifying duplicate MAC address and the number of MAC address moves detected within the detection window before duplicate MAC detection is triggered and the MAC address is suppressed. In addition, you can also configure an optional recovery time that the switches wait before the duplicate MAC address is automatically unsuppressed.
To configure duplicate MAC detection parameters, use the detection-window, detection-threshold, and auto-recovery-time statements at the [edit routing instance routing-instance-name protocols evpn duplicate-mac-detection] hierarchy level.
To clear duplicate MAC suppression manually, use the clear evpn duplicate-mac-suppression command.
[See Overview of MAC Mobility. ]
Interfaces and Chassis
Generic routing encapsulation (GRE) support (QFX10002-60C switches)—Starting with Junos OS Release 18.1R1, ou can use GRE tunneling services to encapsulate any network layer protocol over an IP network. Acting as a tunnel source router, the switch encapsulates a payload packet that is to be transported through a tunnel to a destination network. The switch first adds a GRE header and then adds an outer IP header that is used to route the packet. When it receives the packet, a switch performing the role of a tunnel remote router extracts the tunneled packet and forwards the packet to the destination network. GRE tunnels can be used to connect noncontiguous networks and to provide options for networks that contain protocols with limited hop counts.
Support for private VLANs and support for IRB in P-VLAN (QFX5210 switches)—Starting with Junos OS Release 18.1R1, QFX5210 switches support private VLANs. VLANs limit broadcasts to specified users. Private VLANs (P-VLANs) take this concept a step further by splitting the broadcast domain into multiple isolated broadcast subdomains and essentially putting secondary VLANs inside a primary VLAN. P-VLANs restrict traffic flows through their member switch ports (called “private ports”) so that these ports communicate only with a specified uplink trunk port or with specified ports within the same VLAN. The uplink trunk port is usually connected to a router, firewall, server, or provider network. Each P-VLAN typically contains many private ports that communicate only with a single uplink, thereby preventing the ports from communicating with each other.
Just like regular VLANs, P-VLANs are isolated on Layer 2 and require that a Layer 3 device be used to route traffic among them. P-VLANs are useful for restricting the flow of broadcast and unknown unicast traffic and for limiting the communication between known hosts. Service providers use P-VLANs to keep their customers isolated from one another.
[See Understanding Private VLANs.]
Also starting with Junos OS Release 18.1R1, you can configure an integrated routing and bridging (IRB) interface in a private VLAN (P-VLAN) so that devices within community VLANs and isolated VLANs can communicate with each other and with devices outside the P-VLAN at Layer 3 without requiring you to install a router.
[See Example: Configuring a Private VLAN Spanning Multiple Switches with an IRB Interface.]
FEC support for 25-gigabit and 50-gigabit channel speeds (QFX5210 switches)—Starting with Junos OS Release 18.1R1, you can configure forward error correction (FEC) clauses CL74 and CL91 on QFX5210 switches. FEC CL91 can be configured on 100-gigabit interfaces and FEC CL74 can be configured on 25-gigabit and 50-gigabit interfaces. Because the FEC clauses are applied by default on these interfaces, you must disable the FEC clauses if you do not want to apply them.
To disable the FEC mode:
[edit]
set interfaces interface-name gigether-options fec noneTo reenable the FEC mode:
[edit]
set interfaces interface-name gigether-options fec (fec74|fec91)or
[edit]
delete interfaces interface-name gigether-options fec noneTo check FEC status:
show interfaces interface-nameThe output for the show command will list FEC statistics for a particular interface-name, including the FEC corrected errors count, the FEC uncorrected errors count, and the type of FEC that was disabled or enabled.
[See FEC.]
Resilient hashing support for equal cost multipath routes (QFX5210 switches)—Starting with Junos OS Release 18.1R1, resilient hashing is now supported by equal cost multipath (ECMP) sets.
Note Resilient hashing is not supported on link aggregations groups (LAGs).
[See Understanding the Use of Resilient Hashing to Minimize Flow Remapping in Trunk Groups.]
Multichassis link aggregation groups (MC-LAG) (QFX5210 switches)—Starting with Junos OS Release 18.1R1, MC-LAG enables a client device to form a logical LAG interface using two switches. MC-LAG provides redundancy and load balancing between the two switches, multihoming support, and a loop-free Layer 2 network without running STP.
On one end of an MC-LAG is an MC-LAG client that has one or more physical links in a LAG. This client does not need to detect the MC-LAG. On the other side of the MC-LAG are two MC-LAG QFX10008 switches. Each of these switches has one or more physical links connected to a single client. The switches coordinate with each other to ensure that data traffic is forwarded properly.
[See Multichassis Link Aggregation Features, Terms, and Best Practices.]
Auto-channelization of interfaces (QFX5210 switch)—Starting in Junos OS Release 18.1R1, you can use the auto-channelization feature to divide and channelize data automatically by detecting the cable type. The mode and number of channels are decided based on the channel link status. On QFX5210, auto-channelization supports three modes of operation with unique port settings:
When 4x10G split cables are connected, the 40G port auto-channelizes to four 10G channels.
When 2x50G split cables are connected, the 100G port auto-channelizes to two 50G channels.
When 4x25G split cables are connected, the 100G port auto-channelizes to four 25G channels.
Channelization support (QFX10002-60C switches)—Starting with Junos OS Release 18.1R1, you can use channelization functionality to subdivide a larger flexible optical interface into sub-interfaces or channels. The QFX10002-60C switch has 12 ASIC circuits (PE) as a part of a Packet Forwarding Engine, and each PE switch has 5 ports (one standalone MAC port and 4 channelized MAC ports). The standalone MAC ports cannot be channelized. The QFX10002-60C switch allows you to channelize 48 ports out of available 60 ports.
By default, the ports come up in a mode that does not support channelization. If you channelize a port in a PE switch for the first time, it would result in FPC reboot. But if you channelize another port in the same PE switch, the FPC will not be rebooted. If you channelize a port in a different PE switch, the FPC will be rebooted.
To enable channelization on an interface:
[edit chassis fpc fpc-slot pic pic-slot]user@switch# set port port-number channel-speed speed[See Channelizing Interfaces.]
Dynamic port swap from 40G to 100G without restarting the Packet Forwarding Engine (QFX5110 switches) —Starting in Junos OS Release 18.1R1, you can configure different system modes to achieve varying levels of port density on QFX5110-32Q switches without restarting the Packet Forwarding Engine. The QFX5110-32Q switch has fixed 32 front panel network ports. Four 100G ports can either function as 32x40G or 20x40G – 4x100G. You can combine the port configurations supported into default mode or non-oversubscribed mode. The dcpfe restart is triggered with the mode change.
[See Configuring the System Mode.]
Support for 128k vmembers and 96k Address Resolution Protocol (ARP) and Neighbor Discovery (ND) entries when using enhanced convergence in multichassis link aggregation groups (MC-LAG) (QFX10000 switches)—Starting with Junos OS Release 18.1R1, the number of vmembers has increased to 128k, and the number of ARP and ND entries has increased to 96k. This increased scale is supported only when you enable the enhanced-convergence statement. Enhanced convergence improves Layer 2 and Layer 3 convergence time during multichassis aggregated Ethernet (MC-AE) link failures and restoration scenarios.
If you have configured an IRB interface over an MC-AE interface that has enhanced convergence enabled, then you must configure enhanced convergence on the IRB interface as well. Enhanced convergence must be enabled for both Layer 2 and Layer 3 interfaces.
To configure enhanced convergence, enable the enhanced-convergence statement at the [edit interfaces ae unit-number aggregated-ether-options mc-ae] at the Junos OS CLI hierarchy.
To configure enhanced convergence on an IRB interface, enable the enhanced-convergence statement at the [edit interfaces irb unit unit-number] at the Junos OS CLI hierarchy.
[See Multichassis Link Aggregation Features, Terms, and Best Practices.]
Support for additional 10G data ports (QFX5210 switches)—Starting in Junos OS Release 18.1R1, QFX5210 switches support two additional 10G data ports. You can use the two additional data ports as revenue ports.
FEC support for 100-gigabit port speeds (QFX10002, QFX10008, and QFX10016 Switches)—Starting with Junos OS Release 18.1R1, you can configure forward error correction (FEC) clause CL91 on QFX10000 series switches. FEC CL91 can be configured on 100-gigabit interfaces. FEC CL91 clause is applied by default on these interfaces. If you do not want to apply the FEC CL91 clause, you can disable it.
To disable the FEC mode:
[edit]
set interfaces interface-name gigether-options fec noneTo reenable the FEC mode:
[edit]
set interfaces interface-name gigether-options fec (fec74|fec91)or
[edit]
delete interfaces interface-name gigether-options fec noneTo check FEC status:
show interfaces interface-nameThe output for the show command will list FEC statistics for a particular interface-name, including the FEC corrected errors count, the FEC uncorrected errors count, and the type of FEC that was disabled or enabled.
[See FEC.]
Support for Protocol Independent Multicast (PIM) Dual Designated Router Mode (QFX10002, QFX10008, and QFX10016 switches)—Starting in Junos OS Release 18.1R1, you can enable PIM dual designated router mode for a pair of Multichassis Link Aggregation Group (MC-LAG) peers managing VLAN multicast traffic and Layer 3 multicast traffic over IRB interfaces.
PIM dual designated router mode sets up one device in a pair of MC-LAG peers as a primary designated router (DR), and the other device as a standby or backup DR for redundancy in managing multicast packet forwarding. Both devices join the multicast forwarding tree and receive multicast traffic. If the primary device fails, the standby device quickly takes over forwarding multicast packets with minimal traffic disruption.
Link Aggregation Control Protocol (LACP) force-up enhancements (QFX5210 switches)—Starting in Junos OS Release 18.1R1, if an aggregated Ethernet interface (AE) on a switch has multiple member links and one member link in that AE is in the force-up state with its peer’s LACP down, and then if LACP comes up partially—that is, if LACP is established with a non-force-up member link—force-up is disabled on the member link on which force-up has been set, and that member link is ready for connection establishment through LACP. Force-up is eligible only if the server-side interface has LACP issues.
Channelization support (QFX10002-60C switches)—Starting with Junos OS Release 18.1R1, you can use channelization functionality to subdivide a larger flexible optical interface into sub-interfaces or channels. The QFX10002-60C switch has 12 ASIC circuits (PE) as a part of a Packet Forwarding Engine, and each PE switch has 5 ports (one standalone MAC port and 4 channelized MAC ports). The standalone MAC ports cannot be channelized. The QFX10002-60C switch allows you to channelize 48 ports out of available 60 ports.
By default, the ports come up in a mode that does not support channelization. If you channelize a port in a PE switch for the first time, it would result in FPC reboot. But if you channelize another port in the same PE switch, the FPC will not be rebooted. If you channelize a port in a different PE switch, the FPC will be rebooted.
To enable channelization on an interface:
[edit chassis fpc fpc-slot pic pic-slot]user@switch# set port port-number channel-speed speed[See Channelizing Interfaces.]
Channelizing Ethernet interfaces (QFX5200 switches)—Starting with Junos OS Release 18.1R1, you can channelize the 100-Gigabit Ethernet interfaces to two independent 50-Gigabit Ethernet. The default 100-Gigabit Ethernet interfaces can also be configured as 40-Gigabit Ethernet interfaces, and in this configuration can either operate as dedicated 40-Gigabit Ethernet interfaces or can be channelized to four independent 10-Gigabit Ethernet interfaces using breakout cables.
There are a total of 54 physical ports on the QFX5200 switch. Ports 0 - 47 can be used as 25-Gigabit Ethernet interfaces. Ports 48 - 53 can be used as either 40-Gigabit Ethernet or 100-Gigabit Ethernet interfaces. You choose the speed by plugging in the appropriate transceiver. They can also be channelized to 10G, 40G, or 100G.
Channelizing Ethernet Interfaces (QFX5210 switches)—Starting with Junos OS Release 18.1R1, you can channelize the 100-Gigabit Ethernet interfaces to two independent 50-Gigabit Ethernet or to four independent 25-Gigabit Ethernet interfaces. The default 100-Gigabit Ethernet interfaces can also be configured as 40-Gigabit Ethernet interfaces, and in this configuration can either operate as dedicated 40-Gigabit Ethernet interfaces or can be channelized to four independent 10-Gigabit Ethernet interfaces using breakout cables.
There are a total of 64 physical ports on the QFX5210 switch. Any port can be used as either 100-Gigabit Ethernet or 40-Gigabit Ethernet interfaces. You choose the speed by plugging in the appropriate transceiver. They can also be channelized to 50G, 25G or 10G.
IPv4
Generic routing encapsulation (GRE) support (QFX5200 and QFX5210 switches)—Starting in Junos OS Release 18.1R1, you can use GRE tunneling services to encapsulate any network layer protocol over an IP network. Acting as a tunnel source router, the switch encapsulates a payload packet that is to be transported through a tunnel to a destination network. The switch first adds a GRE header and then adds an outer IP header that is used to route the packet. When it receives the packet, a switch performing the role of a tunnel remote router extracts the tunneled packet and forwards the packet to the destination network. GRE tunnels can be used to connect noncontiguous networks and to provide options for networks that contain protocols with limited hop counts.
Layer 2, Layer 3, multicast, IPv4, IPv6, and hierarchical ECMP support (QFX5210-64C switches)—Starting in Junos OS Release 18.1R1, the feature set supporting the QFX5200 switch for Junos OS Release 17.3 DCB also supports the QFX5210-64C switch.
IPv6
Layer 2, Layer 3, multicast, IPv4, IPv6, and hierarchical ECMP support (QFX5210-64C switches)—Starting in Junos OS Release 18.1R1, the feature set supporting the QFX5200 switch for Junos OS Release 17.3 DCB also supports the QFX5210-64C switch.
Junos OS XML API and Scripting
SLAX and Python scripts now can be sourced over the non-default VRF management instance (QFX Series)—Starting in Junos OS Release 18.1R1, configuration of commit, event, JET, op, and SNMP scripts is upgraded to support the non-default management routing instance mgmt_junos as an option when specifying the source URL for refreshing or downloading SLAX and Python scripts.
[See Using an Alternate Source Location for a Script or Configuring and Using a Master Source Location for a Script.]
Layer 2 Features
Layer 2 features (QFX5210 switches)—Starting with Junos OS Release 18.1R1, the following Layer 2 features are supported:
VLAN support
VLANs enable you to divide one physical broadcast domain into multiple virtual domains.
Link Layer Discovery Protocol (LLDP) support
LLDP enables a switch to advertise its identity and capabilities on a LAN, as well as receive information about other network devices.
Q-in-Q tunneling support
This feature enables service providers on Ethernet access networks to extend a Layer 2 Ethernet connection between two customer sites.
Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), Multiple Spanning Tree Protocol (MSTP), and VLAN Spanning Tree Protocol (VSTP) support
These protocols enable a switch to advertise its identity and capabilities on a LAN and receive information about other network devices.
Layer 2, Layer 3, multicast, IPv4, IPv6, and hierarchical ECMP support (QFX5210-64C switches)—Starting in Junos OS Release 18.1R1, the feature set supporting the QFX5200 switch for Junos OS Release 17.3 DCB also supports the QFX5210-64C switch.
Layer 3 Features
Layer 2, Layer 3, multicast, IPv4, IPv6, and hierarchical ECMP support (QFX5210-64C switches)—Starting in Junos OS Release 18.1R1, the feature set supporting the QFX5200 switch for Junos OS Release 17.3 DCB also supports the QFX5210-64C switch.
Management
Support for the Junos Telemetry Interface (QFX5100 switches)—Starting with Junos OS Release 18.1R1, you can provision sensors through the Junos Telemetry Interface to export telemetry data for various network elements without involving polling. On QFX5100 switches, only gRPC streaming of statistics is supported. UDP streaming is not supported.
The following sensors are supported:
Chassis components
Aggregated Ethernet interfaces configured with the Link Aggregation Control Protocol
Network Discovery Protocol table state
For resource path names for these sensors, see Guidelines for gRPC Sensors (Junos Telemetry Interface)
To provision sensors to stream data through gRPC, create a subscription and specify parameters using the telemetrySubscribe RPC. You must download the Junos Network Agent software package, which provides the interfaces to manage gRPC subscriptions. Streaming telemetry data through gRPC also requires you to download the OpenConfig for Junos OS module and YANG models.
[See Understanding OpenConfig and gRPC on Junos Telemetry Interface.]
ARP and NDP telemetry support for Junos Telemetry Interface (JTI) (QFX5110)—Starting with Junos OS Release 18.1R1, you can export Address Resolution Protocol (ARP) and Neighbor Discovery Protocol (NDP) statistics through the Junos Telemetry Interface for QFX5110 switches. Sensor support for ARP and NDP statistics is at the same level of support as for QFX10000 and QFX5200 switches in Junos OS Release 17.2R1.
To provision the sensor to export data through gRPC, use the telemetrySubcribe RPC to specify telemetry parameters.
To export telemetry data from Juniper equipment to an external collector, both Junos Telemetry Interface (JTI) and gRPC must be configured.
For resource names and OpenConfig paths for these sensors, see Guidelines for gRPC Sensors (Junos Telemetry Interface).
MPLS
Support for equal-cost multipath routing on MPLS label-switching routers (QFX5210 switches)—Starting in Junos OS Release 18.1R1, you can configure equal cost multipath (ECMP) routing on MPLS label-switched routers (LSRs). ECMP is a Layer 3 mechanism for load-balancing traffic to a destination over multiple equal-cost next hops. When a link goes down, ECMP uses fast reroute protection to shift packet forwarding to use operational links, thereby decreasing packet loss.
This feature was previously supported in an "X" release of Junos OS.
MPLS support (QFX5210 switches)—Starting in Junos OS Release 18.1R1, MPLS is supported on the QFX5210 switch. MPLS provides both label edge routers (LER) and label switch routers (LSR) and provides the following capabilities:
Support for both MPLS major protocols, LDP and RSVP
IS-IS interior gateway protocol (IGP) traffic engineering
Class of service (CoS)
Object access method, including ping, traceroute, and Bidirectional Forwarding Detection (BFD)
Fast reroute (FRR), a component of MPLS local protection. (Both one-to-one local protection and many-to-one local protection are supported.)
Loop-free alternate (LFA)
6 PE devices
Layer 3 VPNs for both IPv4 and IPv6
LDP tunneling over RSVP
This feature was previously supported in an "X" release of Junos OS.
[See MPLS Overview for Switches.]
Multicast
Multicast-only fast reroute (MoFRR) (QFX10002, QFX10008, and QFX10016 switches)—Starting in Junos OS Release 18.1R1, QFX10002, QFX10008, and QFX10016 switches support MoFRR, which minimizes multicast packet loss in PIM domains when there are link failures. With MoFRR enabled, the switch maintains both a primary and a backup multicast packet stream toward the multicast source, accepting traffic received on the primary path and dropping traffic received on the backup path. Upon primary path failure, the backup path becomes the primary path and quickly takes over forwarding the multicast traffic. If alternative paths are available, a new backup path is created. When enabling MoFRR, you can optionally configure a policy for the (S,G) entries to which MoFRR should apply; otherwise, MoFRR applies to all multicast (S,G) streams.
[See Understanding Multicast-Only Fast Reroute on Switches.]
Layer 2, Layer 3, multicast, IPv4, IPv6, and hierarchical ECMP support (QFX5210-64C switches)—Starting in Junos OS Release 18.1R1, the feature set supporting the QFX5200 switch for Junos OS Release 17.3 DCB also supports the QFX5210-64C switch.
Network Management and Monitoring
Support for sFlow, port mirroring, and port mirroring to an IP address (QFX5210 switches)—Starting in Junos OS Release 18.1 R1 the QFX5210 switch supports sFlow technology. sFlow technology is a monitoring technology for high-speed switched or routed networks. sFlow monitoring randomly samples network packets and sends the samples to a monitoring station called a collector. You can configure sFlow monitoring on the switch to continuously monitor traffic at wire speed on all interfaces simultaneously. sFlow monitoring also collects samples of network packets, providing you with visibility into network traffic information. You configure sFlow monitoring at the edit protocols sflow hierarchy level. sFlow operational commands include show sflow and clear sflow collector statistics. This feature was previously supported in an "X" release of Junos OS.
[See Understanding How to Use sFlow Technology for Network Monitoring on a Switch.]
Also starting in Junos OS Release 18.1R1, you can use port mirroring on QFX5210 switches to copy packets entering or exiting a port or entering a VLAN and send the copies to a local interface for local monitoring or to a VLAN for remote monitoring. Use port mirroring to send traffic to applications that analyze traffic for purposes such as monitoring compliance, enforcing policies, detecting intrusions, monitoring and predicting traffic patterns, and correlating events. This feature was previously supported in an "X" release of Junos OS.
[See Understanding Port Mirroring.]
Finally, also starting in Junos OS Release 18.1R1, you can send mirrored packets to an IP address over a Layer 3 network (for example, if there is no Layer 2 connectivity to the analyzer device). This feature also enables you to apply an IEEE-1588 timestamp to the mirrored packets.This feature was previously supported in an "X" release of Junos OS.
[See Understanding Port Mirroring.]
Port Security
MACsec license enforcement (EX3400, EX4300, EX4600, EX9200, QFX5100 switches and Junos Fusion Enterprise)—Starting in Junos OS Release 18.1R1, Media Access Control Security (MACsec) requires the installation of a MACsec feature license. If the MACsec license is not installed, MACsec functionality cannot be activated. You add the MACsec license using the request system license add command.
Routing Protocols
Support for BGP multipath at global level (QFX Series)—Starting with Junos OS Release 18.1R1, BGP multipath is available at the global level in addition to the group and neighbor level. In earlier Junos OS releases BGP multipath is supported only at the group and neighbor levels. A new configuration option disable is available at the [edit protocols bgp multipath] hierarchy level to disable BGP multipath for specific groups or neighbors. This allows you to configure BGP multipath globally and disable it for specific groups according to your network requirements.
[See disable.]
Security
Distributed denial-of-service (DDoS) protection (QFX5210 switches)—Starting with Junos OS Release 18.1R1, you can use DDoS protection to enable the switch to continue functioning while under a DDoS attack.
[See Understanding Distributed Denial-of-Service Protection on QFX Series Switches.]
Support for firewall filters (QFX5210)—Starting in Junos OS Release 18.1R1, you can define firewall filters on the switch that defines whether to accept or discard packets. You can use firewall filters on interfaces, VLANs, routed VLAN interfaces (RVIs), link aggregation groups (LAGs), and loopback interfaces. You configure firewall filters at the [edit firewall ] hierarchy level.
This feature was previously supported in an “X” release of Junos OS.
[See Overview of Firewall Filters.]
Storm control support (QFX5210 switches)—Starting in Junos OS Release 18.1R1, you can monitor traffic levels and take a specified action when a defined traffic level (called the storm control level) is exceeded, preventing packets from proliferating and degrading service. You can configure the switch to drop broadcast and unknown unicast packets, shut down interfaces, or temporarily disable interfaces when a traffic storm occurs.
This feature was previously supported in an “X” release of Junos OS.
[See Understanding Storm Control.]
Support for policers (QFX5210 switches)—Starting in Junos OS Release 18.1R1, you can use policers to apply limits to traffic flow and to set consequences for packets that exceed those limits. A switch polices traffic by limiting the input or output transmission rate of a class of traffic according to user-defined criteria. Policing (or rate-limiting) traffic allows you to control the maximum rate of traffic sent or received on an interface and to provide multiple priority levels or classes of service.
This feature was previously supported in an “X” release of Junos OS.
[See Overview of Policers.]
Software Defined Networking (SDN)
Layer 2 VXLAN gateway (QFX5210 switches)—Virtual Extensible LAN (VXLAN) is an overlay technology that allows you to stretch Layer 2 connections over an intervening Layer 3 network by encapsulating (tunneling) Ethernet frames in a VXLAN packet that includes IP addresses. You can use VXLAN tunnels to enable migration of virtual machines between servers that exist in separate Layer 2 domains by tunneling the traffic through Layer 3 networks. This functionality allows you to dynamically allocate resources within or between data centers without being constrained by Layer 2 boundaries or being forced to create large or geographically stretched Layer 2 domains.
Starting with Junos OS Release 18.1R1, you can manually create VXLANs on QFX5210 switches instead of using a controller such as a VMware NSX for vSphere or Juniper Networks Contrail controller. If you use this approach, you must also configure Protocol Independent Multicast (PIM) on the VTEPs so that they can create VXLAN tunnels between themselves.
[See Understanding VXLANs.]
OVSDB-VXLAN support with VMware NSX for vSphere (QFX5210 switches)—Starting with Junos OS Release 18.1R1, the Open vSwitch Database (OVSDB) management protocol provides a means through which an NSX for vSphere controller can communicate with QFX5210 switches and provision them as Layer 2 Virtual Extensible LAN (VXLAN) gateways. In an environment in which NSX for vSphere 6.3.5 or later is deployed, an NSX for vSphere controller and these switches can exchange control and statistical information, thereby enabling virtual machine (VM) traffic from entities in a virtualized network to be forwarded to entities in a physical network and vice versa.
[See Understanding the OVSDB Protocol Running on Juniper Networks Devices.]
OVSDB-VXLAN support with VMware NSX for vSphere (QFX5110 and QFX5200 switches)—Starting with Junos OS Release 18.1R1, the Open vSwitch Database (OVSDB) management protocol provides a means through which an NSX for vSphere controller can communicate with QFX5110 and QFX5200 switches and provision them as Layer 2 Virtual Extensible LAN (VXLAN) gateways. In an environment in which NSX for vSphere 6.3.5 or later is deployed, an NSX for vSphere controller and these switches can exchange control and statistical information, thereby enabling virtual machine (VM) traffic from entities in a virtualized network to be forwarded to entities in a physical network and vice versa.
[See Understanding the OVSDB Protocol Running on Juniper Networks Devices.]
Software Installation and Upgrade
ZTP support (QFX10002-60C switch)—Starting with Junos OS Release 18.1R1, ZTP, automates the provisioning of the device configuration and software image with minimal manual intervention, and is supported on QFX10002-60C VM hosts. When you physically connect a supported device to the network and boot it with a factory configuration, the device attempts to upgrade the Junos OS software image automatically and autoinstall a configuration provided on the DHCP server.
Storage and Fibre Channel
Support for FIP snooping and DCBX (QFX5210)—Starting in Junos OS Release 18.1R1, QFX5210 switches support FCoE Initialization Protocol (FIP) snooping and Data Center Bridging Capability Exchange protocol (DCBX), which are technologies that help enable transporting converged Ethernet traffic. FIP snooping filters prevent FCoE devices from gaining unauthorized access to a Fibre Channel (FC) storage device or another FCoE device. DCBX discovers the data center bridging (DCB) capabilities of connected peers, and advertises the capabilities of applications on interfaces by exchanging information in the form of application type, length, and value elements (TLVs).
[See Storage User Guide and Traffic Management User Guide for the QFX Series and EX4600 Switches.]
Support for Converged Enhanced Ethernet (CEE) features (QFX5210)—Starting in Junos OS Release 18.1R1, QFX5210 switches support the following data center bridging (DCB) traffic management features for transporting CEE traffic:
Priority-based flow control (PFC) for traffic prioritization and managing link bandwidth for lossless traffic
Buffer space management to prevent dropped traffic with PFC
Congestion notification for managing link bandwidth, including Explicit Congestion Notification (ECN) and Data Center Quantized Congestion Notification (DCQCN)
Data Center Bridging Capabilities Exchange protocol (DCBX)
CEE enables traffic differentiation at the link layer and sharing of links for both Ethernet and FCoE traffic.
[See Traffic Management User Guide for the QFX Series and EX4600 Switches.]
System Management
Integrated software feature licenses (QFX5210 switches)—Starting with Junos OS Release 18.1R1, the standard QFX Series premium feature license for BGP, Intermediate System-to-Intermediate System (IS-IS), and Virtual Extensible Local Area Network (VXLAN), and Open vSwitch Database (OVSDB) software license and the standard QFX Series advanced feature license for BGP, Intermediate System-to-Intermediate System (IS-IS), MPLS, and Virtual Extensible Local Area Network (VXLAN), and Open vSwitch Database (OVSDB) license are supported.
[See Software Features That Require Licenses on the QFX Series.]
Support for the Precision Time Protocol (PTP) G.8275.2 enhanced profile (QFX5110-48S-4C switches)—Starting in Junos OS Release 18.1R1, you can enable the G.8275.2 enhanced profile to support telecom applications that require accurate phase and time synchronization for phase alignment and time of day synchronization over a wide area network. This profile supports PTP over IPv4 unicast, ordinary and boundary clocks, and unicast negotiation.
To configure the G.8275.2 enhanced profile, enable the g.8275.2.enh statement at the [edit protocols ptp profile-type] Junos OS CLI hierarchy.
[See Understanding the PTP G.8275.2 Enhanced Profile (Telecom Profile).]
Support for request vmhost and show vmhost commands (QFX10002-60C switches)—Starting in Junos OS Release 18.1R1, many of the request system and show system commands have been replaced with request vmhost and show vmhost commands.
Here is a list of the vmhost commands that are now supported:
request vmhost cleanup
request vmhost file-copy
request vmhost halt
request vmhost hard-disk-test
request vmhost power-off
request vmhost power-on
request vmhost reboot
request vmhost snapshot
request vmhost software add
request vmhost software rollback
request vmhost zeroize
show vmhost bridge
show vmhost crash
show vmhost hard-disk-test
show vmhost hardware
show vmhost information
show vmhost logs
show vmhost management-if
show vmhost netstat
show vmhost processes
show vmhost resource-usage
show vmhost snapshot
show vmhost status
show vmhost uptime
show vmhost version
[See VM Host Operations and Management for more information.]
Changes in Behavior and Syntax
This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands from Junos OS Release 18.1R3 for the QFX Series.
Interfaces and Chassis
Modified output of show-ptp-clock command (QFX Series switches)—Starting in Junos OS Release 18.1R1, the output of the show-ptp-clock command is modified to display the value of the GMC Class field as 248 for a PTP boundary clock when the lock state of the clock is Acquiring.
Management
Enhancement to LSP statistics sensor for Junos Telemetry Interface (MX Series, PTX Series, QFX10000 switches, and EX9200 switches)—Starting with Junos OS 18.1R1, the telemetry data exported for the LSP statistics sensor no longer includes the phrase and source 0.0.0.0 after the LSP name in the value string for the prefix key. This change reduces the payload size of data exported. The following is an example of the new format:
str_value: /mpls/lsps/constrained-path/tunnels/tunnel[name='LSP-4-3']/state/counters[name='c-27810']/Enhancement to NPU memory sensors for Junos Telemetry Interface (QFX5110, QFX5200, and QFX10000 switches)—Starting with Junos OS Release 18.1R1, the format of telemetry data exported through gRPC for NPU memory and memory utilization implements prefix compression. This change reduces the payload size of data exported. The following example shows the new format:
key: __prefix__
str_value: /components/component[name='FPC0:NPU0']/properties/property
key: [name='mem-util-edmem-size']/value
uint_value: 12345
Telemetry data is exported in key-value pairs. Previously, the data exported included the component and property names in a single key string.[See Guidelines for gRPC Sensors.]
Network Management and Monitoring
SNMP syslog messages changed (QFX Series)—In Junos OS Release 18.1R1, two misleading SNMP syslog messages have been rewritten to accurately describe the event:
OLD—AgentX master agent failed to respond to ping. Attempting to re-register
NEW—AgentX master agent failed to respond to ping, triggering cleanup!OLD—NET-SNMP version %s AgentX subagent connected
NEW—NET-SNMP version %s AgentX subagent Open-Sent!
[See the MIB Explorer.]
Network Operations and Troubleshooting Automation
JET - Correction to escaped characters notification events (QFX Series data center switches)–Per RFC7159, certain characters must be escaped. Data returned from JET notification subscriptions contained escaped characters that were not required. This has been corrected to comply with RFC7159.
respawn-on-normal-exit option added to [edit system extensions extension-service application file <application-name>] hierarchy (QFX Series Data Center Switches)–This option helps to ensure that daemonized Juniper Extension Toolkit (JET) applications that exit normally will restart without user intervention. Daemonized JET applications that exit unexpectedly will still restart without user intervention. This is the default behavior.
Routing Policy and Firewall Filters
Support for configuring the GTP-TEID field for GTP traffic (QFX5000 line of switches)—Starting in Junos OS Release 17.3R3 and 18.1R2, the gtp-tunnel-endpoint-identifier statement is supported to configure the hash calculation of IPv4 or IPv6 packets that are included in the GPRS tunneling protocol–tunnel endpoint identifier (GTP-TEID) field hash calculations. The gtp-tunnel-endpoint-identifier configuration statement is configured at the [edit forwarding-options enhanced-hash-key family inet] hierarchy level.
In most of the cases, configuring gtp-tunnel-endpoint-identifier statement is sufficient for enabling GTP hashing. After enabling, if GTP hashing does not work, it is recommended to capture the packets using relevant tools and identify the offset value. As per standards, 0x32 is the default header offset value. But, due to some special patterns in the header, offset may vary to say 0x30, 0x28, and so on. In this cases, use gtp-header-offset statement to set a proper offset value. Once the header offset value is resolved, run gtp-tunnel-endpoint-identifier command for enabling GTP hashing successfully.
[See gtp-tunnel-endpoint-identifier and gtp-header-offset.]
Routing Protocols
IGMP snooping in EVPN-VXLAN multihoming environments (QFX5110)—In an EVPN-VXLAN multihoming environment on QFX5110 switches, you can now selectively enable IGMP snooping only on those VLANs that might have interested listeners. In earlier releases, you must enable IGMP snooping on all VLANs associated with any configured VXLANs because all the VXLANs share VXLAN tunnel endpoints (VTEPs) between the same multihoming peers and require the same settings. This is no longer a configuration limitation.
Known Behavior
This section lists known behavior, system maximums, and limitations in hardware and software in Junos OS Release 18.1R3 for the QFX Series.
For the most complete and latest information about known Junos OS problems, use the Juniper Networks online Junos Problem Report Search application.
EVPN
On QFX10000 switches configured as type-5 route peers, when only peer 1 advertises routes, that peer might not install the de-encapsulated next-hop (NH) route. As a result, type-5 encapsulated traffic sent by peer 2 is dropped until peer 2 advertises any type-5 route. As a workaround, configure a static route pointing to discard on peer 2 and advertise that route as a type-5 route to peer 1. PR1191092
EVPN/VXLAN implementations support up to 100 EVPN VLAN-based routing instances. Above 100 instances, MAC learning might behave incorrectly. PR1287644
Interfaces and Chassis
When you commit a configuration change for IRB from VRRP to non-VRRP and the IRB address also changed to VRRP VIP. Junos OS loses the direct route from the IRB. This is a limitation. This issue was also logged in PR1191371. PR1319124
Because the link speed command cannot be hidden , configuring or committing the same should result in the intended functionality . Otherwise MC-LAG peer states will get impacted. PR1329030
Forcing the LAG/MC-LAG feature up is not supported on the QFX10000 platform. PR1332475
Supported ARP scale is 48,000 over MC-LAG interfaces PR1334321
Layer 2 Features
On QFX5100 Virtual Chassis interfaces on which flexible VLAN tagging has been enabled, STP, RSTP, MSTP, and VSTP protocols are not supported. PR1075230
In EVPN-VXLAN deployment with QFX1000 switches, when VXLAN enabled IRB interface is configured in the same routing instance as that of the the underlay VTEP tunnel and if the remote VTEP interface IP is resolved over the IRB interface using routing protocols or static route, dc-pfe cores would be generated and all the interfaces would go down. The dc-pfe core files would be continuously generated until the configuration is corrected. PR1261824
On QFX10016, after deleting and re-adding 1000 LAG interfaces, traffic drops could be seen until ARP is refreshed even though all LAG interfaces come up. PR1289546
LAG-based resilient hashing is not supported on QFX5200 and QFX5210 switches. ECMP-based resilient hashing is supported on those switches. PR1321505
QFX5210-64C: Resilient hashing is not supported for LAG interfaces. PR1325499
Packet statistics are not supported for logical child members of aggregated Ethernet (AE) interface. PR1335454
Supported global Vmember scale is 64000 when created over AE interfaces PR1337569
Multicast
To use IGMP snooping on QFX5110 switches in an EVPN-VXLAN multihoming environment, you must enable IGMP snooping on all VLANs associated with any configured VXLANs. You cannot selectively enable IGMP snooping only on those VLANs that might have interested listeners, because all the VXLANs share virtual tunnel endpoints (VTEPs) between the same multihoming peers and must have the same settings. PR1407557
Platform and Infrastructure
While scaling beyond 2000 VLAN/IRBs , L3 multicast traffic does not converge to 100 percentage and continuous drops are observed after bringing down /up the downstream interface up or down or while an FPC comes online after FPC restart. PR1161485
On the QFX10000-12C-DWDM coherent line card, it is possible that sometimes the link flaps when MACsec is enabled on Ethernet interfaces. PR1253703
ERPS convergence takes time after GRES switchover and hence traffic loss is observed for a brief period. PR1290161
On QFX Series, the logical interface (IFD) and the physical interface (IFL) go down when traffic exceeds the rate-limit. Storm control is supported only on interfaces configured in family Ethernet-switching. Moreover, in this family, we support only one IFL per IFD. Due to this, bringing down the IFD is acceptable. Flexible VLAN tagging is not supported on the interfaces enabled for storm control. PR1295523
On QFX10000 line platforms, with a high scale of 4000 VNIs or 200K MACs, or both, if a large configuration change happens with traffic flowing, then forwarding descriptor memory corruption might occur, leading to complete traffic loss on certain ports. The qualification shows that a system with 400 VNIs has been stable. However, other configurations like global MAC count and underlying MPLS LSPs can increase system load. PR1296089
Em1 does not show correct speed when its other end is connected to 10m/100m ports. PR1303902
One main requirement with CoS on the FC interface is that the FC interface should be brought down before applying any CoS configuration. Thus you need to bring down the interface, apply the CoS configuration, and bring up the interface. This is required due to HW (BCM) limitation. PR1320425
IRBs interface on VXLAN that has IGMP snooping configured on that VXLAN are currently supported. If IRB is configured, then a dcd restart could lead to multicast traffic loss. PR1322057
This issue occurs in an MH EVPN-VXLAN scaled scenario, with IGMP snooping configured: 1) For 10000 s,g scale : the trigger is to disable DF link for convergence. Total convergence for 10000 s,g scale is 4.5 secs with traffic rate of 60kpps Per flow convergence loss ranges from 3.16 secs to 5.66 secs. 2) For 8000 s,g scale, the trigger is to disable DF link for convergence: Total convergence for 8000 s,g scale is 2.86 secs with traffic rate of 60 kpps. Per flow convergence loss ranges from 1.86 secs to 3.73 secs. PR1323155
When you perform PIC offline followed by online on the rombauer QIC module, the entire FPC that houses the Rombauer PIC will reboot. PR1324362
100G DAC/Copper cable is connected between QFX5210-64C and QFX10000 devices, links might not come up reliably. The rest of the 100G Optics/AOC, 40G Optics/DAC/Copper work well when connected between QFX5210-64C and QFX10000 devices. PR1324600
Configuration of mac-table-size under vlan switch-options is not supported for QFX10002-60C. PR1325315
QFX5210-64C : Irrespective of the physical interface speed, the speed displayed for Gr-interface is always 800 Mbps. PR1325695
The mac-learning-limit option is not supported under VLAN switch-options for QFX10002-60C platform PR1325752
The Broadcom chip has VLAN-based logical interface (IFL) statistics. Because for a given IFL both IPv4 and IPv6 use the same VLAN, statistics will count both IPv4 and IPv6 together. There is no way to separately count them. Hence, "IPv6 transit statistics" is always 0. However, the total transit statistics (IPv4 + IPv6) will be displayed under "Transit statistics". PR1327811
Need to increase global-mac-table-aging-time and global-mac-ip-table-aging-time settings on Junos Fusion Provider Edge ADs: set protocols l2-learning global-mac-table-aging-time 900 set protocols l2-learning global-mac-ip-table-aging-time 720. PR1328929
Configuring an IRB physical interface (IFD) static MAC address will not take effect. Only in logical interface (IFL) level static configuration works. PR1329032
Because the scaling numbers for flex counters in Broadcom is less than the number of maximum multicast routes that can be installed in hardware and also the flex counters are shared among different entities like VFI, VRF,VFP,L3IIF,SOURCE_VP,MPLS_ENTRY,VLAN_XLATE,PORT_TABLE,L3_ENTRY_IPV4_ MULTICAST,L3_ENTRY_IPV6_MULTICAST,L3_DEFIP, creation of counter will fail after the scale limit(70,000). PR1330473
The use of flexible-vlan-tagging with two VLAN tags is not supported on Layer 3 logical interfaces on QFX5110-48S and QFX5200 switches. PR1330510
All the UFT profiles except l3-profile while doing the multicast s,g entries scale test noticed the PFE mcast table occupancy is not upto 95%. This is a product limitation, Broadcom informed that they cannot do much about optimizing table utilization for all group range. PR1332170
Error messages related to rt_pfe_veto might be seen when a large number of routes are learned and downloaded to FIB. It indicates slowness of the Packet Forwarding Engine to install the routes in HW and will not have any functionality impact PR1333553
A few error messages related to function rt_mesh_group_add_check() will be seen during reboot and are harmless. PR1335363
Analyzer is not supported on QFX10002-60C. PR1335970
Inline and distributed BFD is not supported for IRB interfaces. Configure BFD timers according to guidelines for centralized mode. This problem is more pronounced in IS-IS because it needs more packets (L1 and L2) to maintain the sessions. PR1339127
On QFX5110-48S, PTP delay-req packets might be generated at less than 128 PPS when the delay-request interval is configured as -7. PR1339775
On QFX5000 platforms multihop BFD sessions might flap after a disruptive trigger in topology with aggressive BFD timeout < 1s. Examples of disruptive triggers: (a) restart routing and (b) reboot of router. PR1340469
In an IPCLOS topology, when a spine/leaf is rebooted, you may see around 100 secs of traffic loss. The reason for this is that, Junos will start advertising routes before PFE route programming is completed, which can cause traffic loss. This is mainly a design trade off.PR1341398
In a scaled VRRP scenario with 1000 groups , it takes around 17 seconds for all traffic to converge onto the backup node. PR1341811
On switching platforms the LACP AE minimum-link with sync-reset enabled feature is not supported on an aggregate interface where MicroBFD is enabled. PR1342657
On upgrading QFX10002 from Junos 15.1X53-D66 to Release 18.1R1 release, some of the 100G ports are not created. PR1343970
When a request system reboot now is triggered it is observed it takes 10 seconds for the interfaces to go down. This issue is not observed in 18.2 images. PR1344831
When you deactivate or activate IRB with VRRP configuration in a scaled setup with 1000 VRRP groups, convergence time will be around 10 to 30 seconds. PR1345272
On any platform that does not clear out /mfs when installing a new software release such as EX and QFX Series, when upgrading from certain releases to Junos OS Release 18.1R1 the statistics daemon PFED might generate a core file. This issue does not impact service. PR1346925
QFX-60C: Scheduler slip of sflowd daemon "sflowd[24814]: JTASK_SCHED_SLIP" observed whenever sflow configured 40g interface got channelized to 4x10g interface or non-channelized from 10g interface to 40g interface or Devices reboot or Whenever FPC Restart. PR1358045
Accton AS7816-64X systems are shipping with 14 characters but Junos limitation is 12 characters. Accton serial number contains 781664X as first 7 characters and 78 should be added from show chassis hardware output when serial number is required. PR1371126
Routing Protocols
Configuring link aggregation group (LAG) hashing with the [edit forwarding-options enhanced-hash-key] inet vlan-id statement uses the VLAN ID in the hashing algorithm calculation. On some switching platforms, when this option is configured for a LAG that spans FPCs, such as in a Virtual Chassis or Virtual Chassis Fabric (VCF), packets are dropped due to an issue with using an incorrect VLAN ID in the hashing algorithm. As a result, the vlan-id hashing option is not supported in a Virtual Chassis or VCF containing any of the following switches as members: EX4300, EX4600, QFX5100, or QFX5110. Under these conditions, use any of the other supported enhanced-hash-key hashing configuration options instead. PR1293920
The route unidimensional limit is 1.6 million routes in Junos OS Release 18.1R1. PR1320865
If you configure GRE tunneling with the underlying ECMP next-hop instead of a unicast next hop, traffic might be dropped. This scenario is not supported. PR1332309
Storage and Fibre Channel
If the configuration changes or any aggregation devices (AD) restart, you might see inconsistency in the output of show ethernet-switching table and show fip snooping satellite on different ADs for some time. It takes time for the ADs to completely restart and hence MAC addresses might be learned over EVPN (DRP flag). When AD restart is complete, MAC addresses should be learned locally and hence the DRP flag moves to the S flag. It can take up to 10 minutes to get consistent output for show commands. The output for show ethernet-switching table on all ADs will show all the MAC addresses. However, the flags against the MAC addresses might be different on the ADs because the MAC addresses might be learned statically on some ADs and dynamically on others. The flag against the dynamic MAC addresses will be changed from D to S once those MAC addresses are relayed from the satellite device (SD) to the AD, which can take up to 10 minutes. However, there should not be any traffic drop. Traffic drop is expected only initially, when the AD has just been restarted. PR1304173
Virtual Chassis
VC internal loop might happen at a node coming up from a reboot. During nonstop software upgrade (NSSU) on a QFX5100 Virtual Chassis, a minimal traffic disruption or traffic loop(>2s) might occur and it is considered to be known behavior. Release note reference: https://www.juniper.net/documentation/en_US/junos/information-products/topic-collections/release-notes/17.2/topic-118735.htmlPR1347902
Services Applications
You cannot configure analyzers on QFX10002-60C switches. The CLI configuration command set forwarding-options analyzer and the CLI operational command show forwarding-options analyzer are not supported on the switch.PR1340607
Known Issues
This section lists the known issues in hardware and software for the QFX Series switches in Junos OS Release 18.1R3.
For the most complete and latest information about known Junos OS problems, use the Juniper Networks online Junos Problem Report Search application.
EVPN
In a scaled setup, if mac-move is triggered more than four times, the detection might not be reliable. PR1284315
Chained-composite-next-hop (CNH) is a must for EVPN pure type 5 with VXLAN encapsulation. Without this, the Packet Forwarding Engine will not program the tunnel NH. You have to explicitly set it on QFX5110. set routing-options forwarding-table chained-composite-next-hop ingress evpn. On the QFX10000, it is applied as part of default configuration. user@router> show configuration routing-options forwarding-table | display inheritance defaults. PR1303246
In an EVPN collapsed L2/L3 multihomed GWs topology, when traffic is sent from IP fabric toward EVPN, some traffic loss is seen. If the number of hosts behind EVPN gateways is increased, the traffic loss becomes higher. PR1311773
On QFX5000 and QFX10000 platforms, VTEP's MAC address is not learned in the Ethernet switching table though it is present in the EVPN database. PR1371995
Interfaces and Chassis
A difference in error message reporting is seen while trying to configure 100G and 40G in a LAG. The QFX10002-72Q error message is more meaningful than the QFX10002-60C error message. PR1340974
Layer 2 Features
On the QFX5210, there are issues with the latency test. The Issues with the latency tests: 10G latency values of cut-through are higher than store and forward, in the 40G latency test for the frame size 1280, higher latency value are seen. PR1343579
On random initialization of QFX5100, the programming of the storm control profile is missed within hardware on random interfaces. This is not visible over CLI and the configuration still shows as intact. This happens as a result of interface speed not properly getting detected within the hardware. PR1354889
No error/warning shown during this configuration commit. PR1359982
In case of the access side interfaces as SP style interfaces, when a new IFL is added and if there is already an IFL on the IFD, there is a 20-50 msec traffic drop on existing IFL. PR1367488
MPLS
There could be some lingering RSVP state that would keep some labeled routes programmed in the Packet Forwarding Engine longer than they should be. This RSVP state will eventually expire and then delete the RSVP MPLS routes from FIB. However, traffic loss is not anticipated due to this lingering state or the corresponding label routes in the FIB. In the worst case, in a network where there is persistent link flapping going on, this lingering state could interfere with the LSP scale being achieved. PR1331976
The traffic loss was more than 50 ms while performing FRR. The traffic loss was well within 50 ms during FRR. However, the ingress nodes re-signals tunnels on detection of primary path failure detection and switches traffic to new tunnels. This occurs when transit LSR is not fully completed with the tunnel installation. Hence, more drop is observed during the overall FRR event. PR1345843
Statistics of transit traffic do not increment LSP statistics signaled by RSVP-TE. PR1362936
The issue occurs when on optimize timer expiry, the traffic engineering database version number match indicates a CSPF has already run for the path, if an optimization has not yet been done with that version, it will be run despite the version number match. (This occurs due to per-path optimize-seq-no that is updated with a traffic engineering database seq no only on optimization.) When the path is disabled to avoid invalid ERO, making sure this does not interfere with global repair/local reversion. PR1365653
Platform and Infrastructure
When per-packet load balancing is removed or deleted, next hop index might change. PR1198092
Single-bit and multiple-bit ECC errors are not logged on QFX5110 switches. PR1251917
On QFX10000 series switches, at initialization, the port group module comes up after some time and negative ACKs are seen until the port group module is up. Once the port group module is up, negative ACKs are no longer observed. This is an expected behavior due to an Aggressive Link Scan feature introduced in Junos OS Release 17.2. PR1271579
On QFX5110 Series switches, Digital optical monitoring (DOM) status via CLI is not correct for Junos OS Releases 15.1X53 through 17.x. The light level statistics can be seen in the FPC shell level. There is no traffic impact. PR1305506
Traffic drop occurs on sending traffic over "et" interfaces due to CRC errors. PR1313977
Family Ethernet-switching cannot be used when flexible-vlan-tagging is configured. It is unsupported. The behavior is nondeterministic with this configuration and there is a possibility of seeing a dcpfe core file. PR1316236
Port LEDs on the QFX5100 do not work. If a device connects to a port on the QFX5100, the port LED stays unlit. PR1317750
There might be a traffic loss on the ingress PE device if the EVPN MPLS is configured later on remote PE device or from the working condition EVPN MPLS is disabled and enabled later. PR1319770
On a QFX10016, permanent traffic loss is seen for some hosts after the initial ARP timer expiry caused by an ARP entry is not synchronized between the two PE devices. PR1322288
On the QFX10016 EVPN-VXLAN scaled testbed, it takes up to 3 minutes for traffic to converge when configuration related to a tenant (5 IRBs/VLAN) is added. PR1323042
Port 0 of Qfx5100-48t does not come up in mixed VCF. As a workaround, use the phy diag xe0 dsc command from the BCM shell on reboot. This brings up the port, which stays up continuously until the next reboot. PR1323323
QFX5210: No prune to RP was sent from LHR after shifting to the GR Interface, when the RP is in transit node (multicast over GRE tunnel scenario). PR1323620
Traffic statistics for multicast stream on GR interfaces do not work on QFX5000 line platform. PR1323622
Interface uptime has increased by 8 seconds from Junos OS Release 17.4R1 to Release 18.1R1. Note that SDK upgrades across releases impacts parameters such as login prompt appear time, FPC up time, and interface up time after switch reboot. PR1324374
Persistent MAC is not enabled. PR1325313
QFX10002-60C filter operation with log action is not supported for protocols other than L2/IPv4/v6 and the following message Protocol 0 not recognized is seen in firewall logs. PR1325437
The management process (mgd) might panic after modifying AE interface members under ethernet-switching vlan stanza. After mgd panic, your remote session is terminated as a result. PR1325736
In a streaming telemetry scenario, if performing commit full, na-grpd daemon might restart, causing disconnection of streaming telemetry. PR1326366
Analyzer is not supported in QFX10002-60C. PR1327288
On QFX5100 series platforms, in some cases, class of Service (CoS) configuration is not properly applied in Packet Forwarding Engine (PFE), leading to unexpected egress traffic drop on some interfaces. PR1329141
In an EVPN-VXLAN scenario, ARP table information is not synchronized on two spines after reconfiguring an end host on a multihomed CE interface from IP1/MAC1 to IP1/MAC2. PR1330663
On QFX52xx standalone devices with Vxlan configured, user configured Ingress ACL scale limit is 256 terms. PR1331730
BFD session over AE flaps when member link carrying the BFD Tx flaps. PR1333307
Changing MTU for GRE and underlying interfaces in single commit will be a caveat for the RLI Xellent: QFX: PFE: IP GRE (RLI NO: 34078). Refrain from committing MTU changes for GRE and underlying interfaces in single commit. For any GRE interface MTU update follow the mentioned workaround. PR1335739
QFX 5200 ISSU with GR only support BGP, No OSPF support. PR1336442
Changing MTU for GRE and underlying interfaces in single commit requires a caveat for the IPv4 GRE feature. Refrain from committing MTU changes for GRE and underlying interfaces in a single commit. For any GRE interface MTU update follow the mentioned workaround. PR1339601
With Junos OS Release 18.1R1 image, when QFX5000 and 10000 boxes are upgraded through ZTP, the configuration commit might fail if the configuration is fetched through a python script. PR1349240
When ZTP script fails to copy the ZTP configuration file from the DHCP server to the current directory location because of the read-only file system, then you need to specify the destination path to download that has read-write permission and has sufficient space to download. PR1354197
On QFX10002, QFX10008, and QFX1016 spine nodes, the Virtual Extensible LAN (VXLAN) traffic might be lost if the VLAN tagged underlay traffic is received on Ethernet VPN (EVPN) type 2 and needs to be routed on to EVPN type5 tunnel. PR1355773
On QFX5110, the FEC for 100G optics is not being displayed when the expected behavior is for FEC to be shown as NONE. On QFX10002, the FEC for 40g optics is being displayed as NONE when expected behavior is for FEC not to be displayed. On QFX10008 , the FEC for 40G optics is being displayed as NONE when the expected behavior is for FEC not to be displayed. PR1360948
When MC-LAG is configured with force-up enabled on MC-LAG Nodes, the LACP admin key should not match with the access/CE device. PR1362346
On QFX10000 platform with IRB enabled, traffic might not be forwarded on some of the child members when the member link of the AE is added or deleted. PR1362653
QFX52100: Filter with routing-instance applied to family inet logical interface (IFL) causes traffic to be discarded on unrelated interfaces. PR1364020
pm4x25_line_side_phymod_interfa ERROR: u=0 p=81 interface type 16 not supported by internal SERDES for this speed 50000. This error messages is seen when channelization is detected in the build Junos OS Release 18.1R3. PR1366137
The issue is observed if both local and remote end are Auto-Channelised and the local port QSFP is removed. PR1370887
100G DAC is not used by customer. PR1373028
USB upgrade of NOS image is not supported. PR1373900
When one 50g port is made down with ifconfig command, other one also goes down in Junos OS Release 18.1R3. PR1376389
LOC and Diag System LEDs on the front panel are not defined yet. PR1380459
ifOutMulticastPkts , ifInBroadcastPkts and ifOutBroadcastPkts shows incorrect value in Junos OS Release 18.1R3 build in AS7816-64X. PR1384069
BGP session bounce might sometimes prevent BUM traffic from being flooded to all remote VTEPs. PR1373093
On QFX5000 platforms, there is a matching chassis:fpc:pic:port between the sxe interface and the et interface. If dcd process restarts, the BGP session might flap due to aggregated Ethernet interface flap after the physical interface in it is detached or attached. Any other configuration change operation resulting in sending SIGHUP to dcd would cause the aggregated Ethernet interface to flap. PR1373188
The Junos license (JUNOS-FP-C2) is not getting installed on Junos white boxes.PR1383274
Routing Protocols
On EX4600 and QFX5100 switches with Q-in-Q, if the native VLAN is configured on a Q-in-Q interface connected to a customer device, the packets going out with the native VLAN ID (customer-VLAN) are still tagged. PR1105247
On QFX10000 line platforms, during route next-hop churn or earliest deadline first (EDF) job priority changes, memory corruption might occur, leading to processing issues and constant packet drop. PR1243724
For the QFX10002 and QFX10008 switches, you might observe an increase in the convergence time of OSPF routes when compared to Junos OS 17.3 releases. An average increase of 1.5 seconds is seen for 100,000 OSPFv3 routes. PR1297541
Performing GRES on the EVPN-VXLAN topology with uRPF results in total packet loss. PR1322217
In the PVLAN configuration, the isolated VLAN and Community VLAN should not use the same VLAN Id. PR1323520
VLAN range shown in community VLAN is 1..4094. Hence, VLAN 0 should not be configured as community VLAN in PVLAN. PR1323719
When MoFRR is enabled, traffic statistics on the multicast route show double the outgoing traffic. Accounting is done for both the primary and backup route, hence the issue. When one of the upstream interfaces goes down, this issue will not be seen. PR1326338
Higher convergence time for LFA with BFD occurs in Junos OS Release 18.1. PR1337412
On QFX5210, when ICCP/ICL link is disabled/enabled, data-driven ARP learning is taking 2-3 seconds longer than on QFX5200-32C, leading to ~10 seconds of IPv4 and IPv6 traffic loss. PR1338444
If permanent traffic loop is created in IPCLOS topology, PFE CPU utilization can go high which can result in ping drops PR1341107
On a scaled setup, when the host table is full and the host entries are installed in LPM table, OSPF sessions might take more time to come up. PR1358289
Disabling a LAG member that is part of an L3 IRB interface sometime causes traffic loss. PR1359841
L3-GW is not supported on QFX5110 with SP style of configuration in Junos OS Release 17.3R3. PR1363708
Resolved Issues
This section lists the issues fixed in the Junos OS main release and the maintenance releases.
For the most complete and latest information about known Junos OS defects, use the Juniper online Junos Problem Report Search application.
Resolved Issues: 18.1R3
Class of Service (CoS)
DST IP 224/4 match condition is programmed in HW as 224/24 in loopback FF entry rep=0. PR1354377
EVPN
EVPN-VXLAN QFX10000: jprds_dlu_alpha_add : 222 JPRDS_DLU_ALPHA KHT addition failed. PR1258933
When a VLAN uses an IRB interface as the routing interface, the vlan-id parameter must be set to none” to ensure proper routing. This issue is platform independent. PR1287557
Rpd has unreproducible core file with scaling EVPN-VXLAN configuration on QFX10000 platform. PR1339979
On a scaled EVPN-VXLAN setup, loading the scaled configuration and the base configuration alternately for a few times can result in losing adjacency and hence the protocols will be down. PR1349659
Traffic might be lost on Layer2 and Layer3 spine nodes in multihomed EVPN scenario. PR1355165
The QFX10000 might drop transited traffic coming from an MPLS network to EVPN-VXLAN. PR1360159
Increased risk of routing crash with temporary impact on traffic on QFX10000 or QFX5100 nodes with certain configuration changes or clearing L2 or L3 learning information in a high-scale EVPN-VXLAN configuration environment. PR1365257
Ospf sessions are not coming up between MX and QFX10000 as ARP entries get deleted and added. PR1366860
Proxy ARP might not work as expected in an EVPN environment. PR1368911
QFX10000 / Import default ipv6 route to VRF causes infinite entries to get created in 'evpn ip-prefix-database' and become unstable. PR1369166
Infrastructure
QFX5100: Enabling mac-move-limit stops ping on flexible-vlan-tagging enabled interface. PR1357742
Interfaces and Chassis
MC-LAG peer does not send ARP request to the host. PR1360216
Layer 2 Features
LACP packets are getting dropped with native-vlan-id configured after reboot. PR1361054
The dcpfe/fxpc process might crash on Packet Forwarding Engines with low memory when allocating a huge memory. PR1362332
QFX5000 Virtual Chassis acting as EVPN-VxLAN ARP proxy might cause ARP resolution to fail. PR1365699
Hashing is not working for IPV6 packet encapsulated in VXLAN scenario PR1368258
When native-vlan-id is configured for AE LACP session to multihomed server goes down PR1369424
A port might still work even if it is deleted from an AE interface. PR1372577
MPLS
LSP is not received by QFX5110. PR1351055
NO-propogate-TTL acts on MPLS swap operation. PR1366804
LSP with auto-bandwidth enabled goes down during HMC error condition. PR1374102
Platform and Infrastructure
The etherStatsCRCAlignErrors counters might disappear in the SNMP tree. PR1329713
AI-script does not auto re-install unless it is manually done after a Junos upgrade. PR1337028
The DF of an EVPN instance might flood all the ARP request back to the Ethernet segment. PR1337275
On QFX5100 platforms, LR4 QSFP can take up to 15 minutes to come up after Virtual Chassis reboot. PR1337340
On QFX10000 platforms, VRRP function does not work well when it is configured on subinterfaces. PR1338256
On QFX5100, QFX5200, QFX5110, and EX4600 platforms, BPDU packets might get dropped and bpdu-block-on-edge might not work. PR1343330
QFX5100: Fan RPM fluctuates when temperature sensor reaches its threshold. PR1345181
Backup Routing Engine might experience a crash, causing vmcore to be generated on master Routing Engine, master Routing Engine performance will not be affected. PR1346218
On QFX10000 platforms, syslog error messages might be seen in syslog after configuring multiple LAG interfaces under sFlow protocol. PR1346493
QFX5100-48T 10G interface might be auto-negotiated at 100M speed instead of 10G. PR1347144
Traffic with destination MAC matching the virtual gateway MAC might be silently dropped or discarded.PR1348659
The BGP session might flap after changing the extended-vni-list under the EVPN hierarchy. PR1349600
After upgrading to Junos OS Release 17.2R2 , QFX5100 40G port port has interoperability issues with some other vendors. PR1349664
Dcpfe process might crash on QFX10000 switches. PR1351503
QFX10002: Telemetry traffic does not leave the local device when the telemetry server is reachable through a routing instance. PR1352593
QFX5100 ARP fails after change interface MAC address is changed.PR1353241
RPC output is not showing failure when running request system software add with software already staged. PR1353466
On QFX5110 platforms, SFP-LX10 might stay in up or down state when connected. PR1353677
The Alarm errors might be seen during the startup on QFX10000. PR1354582
Untagged packets may not be forwarded through the trunk port PR1355338
Commit error is observed if the device is downgraded from Junos OS Release 18.2 to Release 17.3R3. PR1355542
On LX10 SFPs on QFX5110 platforms, autonegotation is not in effect with a new configuration. PR1355746
"Load averages" output under show chassis routing-engine shows "nan" periodically. PR1356676
The IGMP membership report packets might not be forwarded over an interface on QFX10000. PR1360137
On QFX10000, virtual-gateway-address should be only configured on an IRB interface associated with a VXLAN VLAN. PR1360646
The GTP traffic might not be hashed correctly for the AE interface. PR1361379
On QFX10K platforms, the "clear services accounting statistics inline-jflow fpc-slot" command does not work. PR1362396
QFX5100VC: Unable to connect management address through vme interface. PR1362437
Traffic might not be forwarded when the member link of the AE is added or deleted. PR1362653
1G interface might stop working when no-auto-negotiation is configured. PR1362977
OSPF might remain in initialization status after firmware upgrade loading the Junos OS Release 14.1X53-D47.4 image. PR1362996
On QFX10008 and QFX10016 platforms, MPLS exp rewrite might not work for IPv6 and IPv4 traffic. PR1364391
Root password recovery process does not work. PR1365740
On QFX10002-60C and QFX10000-30C platforms, some interfaces do not come up during initialization after a reboot. PR1368203
On QFX5100, QFX5110, and QFX5200 platforms, IS-IS adjacency goes down when MTU 9192 is configured. PR1368913
The commit or commit check might fail due to the error of cannot have lsp-cleanup-timer without lsp-provisioning. PR1368992
On QFX10000 platforms, before the Junos OS Release 17.3R3, the maximum number of ESI logical interface (IFLs) was 4000 in the Packet Forwarding Engine. PR1371414
TPI-50840 BUM traffic received on 5110 is not flooded to all remote vteps. PR1373093
LLDP might stop fully working between a QFX10000 and non-Juniper device. PR1374321
Routing Protocols
On QFX5110 platforms, setting MTU on a L3 interface does not take effect. PR1345495
On QFX10000 platforms, NETCONF SSH TCP port 830 traffic hits host path or unclassified queue. PR1345744
On QFX5100 platforms, parity errors in the L3 IPv4 table in the Packet Forwarding Engine memory might cause traffic to be silently dropped or discarded. PR1364657
Software Installation and Upgrade
Commit might fail in single-user mode. PR1368986
Resolved Issues: 18.1R2
EVPN
Sub interface from the same physical port do not work if configured under same VXLAN VLAN. PR1278761
VXLAN traffic loss is observed after deleting and adding VLANs. PR1318045
QFX5100: EVPN-VXLAN: leaf device forwarding traffic to the incorrect VTEP after MAC move / vmotion. PR1335431
Configuration of VXLANs with and without encapsulate-inner-vlan cannot co exist causing traffic issues on access interfaces. PR1337953
In EVPN/VXLAN environment, BFD flaps cause VTEP flaps and cause the Packet Forwarding Engine to crash PR1339084
The rpd generates a core file on QFX Series switches with multiple VLANs with vlan-id zero, unique VNID. PR1342351
Interfaces and Chassis
CVLANs range is 16 might not pass traffic in a Q-in-Q scenario. PR1345994
Layer 2 Features
QFX5100: With multiple logical units configured on an interface, input-vlan-map POP is not removing outer vlan-tag when QinQ and VXLAN are involved. PR1331722
Push is not working for VXLAN local switching with the QinQ. PR1332346
Interface with flexible-vlan-tagging and family ethernet-switching does not work on the QFX10000 line.. PR1337311
MPLS
The hot standby for l2circuit does not work on QFX5100, QFX5110, and QFX5200. PR1329720
Platform and Infrastructure
C0 fiber link does not come up. PR1298876
Packets such as TDLS without IP headers are looped between virtual gateways. PR1318382
Autonegotiation is not working as expected between EX4300 and SRX5800. PR1318382
The openflow session cannot be established correctly with controller and interfaces options configured on QFX5100 series switches. PR1323273
The GRE traffic is not decapsulated by the firewall filter.PR1325104
VLAN or VLAN bridge might not be added or deleted if there is an IFBD hardware token limit exhaustion. PR1325217
Deleting one VXLAN might cause traffic loop on another VXLAN in a multihoming EVPN-VXLAN scenario with service provider style interface. PR1327978
Directories and files under
/var/db/scriptslost execution permission or directory 'jet' is missing under/var/db/scriptscausing error: Invalid directory: No such file or directory error during commit. PR1328570The PTX10000 line card might reboot continuously after upgrading to Junos OS Release 17.2R1 or later if HMC BIST fails. PR1330618
DHCP relay/server is not working on GRE interface on QFX10002-36Q (Elit). PR1331158
PTP BC with its PTP slave interface configured on a 100-Gigabit Ethernet interface might get stuck in FREERUN state. PR1331752
EVPN-VXLAN: DF drops multicast traffic. PR1333069
Chassis reboots continuously when USB drive is connected after image recovery through USB and after CLI image install. PR1335269
PTX1000 and QFX10002-60C: Python scripts/shell scripts cannot be executed during ZTP because veriexec is enabled. PR1334425
Supported scale for logical interface (IFL) based GRE tunnel on QFX10002-60C is 512. PR1335681
SNMP jnxBoxDescr oid returns different value when upgrading to Junos OS Release 17.2. PR1337798
The traffic coming from the remote VTEP PE device might be dropped. PR1338532
The analyzer status might show as down when port mirroring is configured to mirror packets from an AE member. PR1338564
The VXLAN traffic might not be transmitted correctly with IRB interface as underlay interface of VTEP tunnel. PR1338586
DDOS counters for OSPF might not increment. PR1339364
Reduced multicast scale with downstream IRB interfaces with snooping enabled.PR1340003
QFX5200: Inconsistent result occurs after using deactivate xxx command in pfc-priority and no-loss context. PR1340012
JDI-RCT : QFX5210-64C : IPv4 traffic routed out through the incorrect interface after rpd restart in leaf of IPCLOS profile. PR1341381
While downgrading PTX from a later release, the router goes into amnesiac state. PR1341650
JDI-RCT: EVPN-VXLAN: L3 traffic is not getting converged properly upon disabling the ECMP link between the spine and leaf devices with EVPN-VXLAN configurations. PR1343172
Broadcast frames might be modified with the ethertype 0x8850. PR1343575
EVPN-VXLAN: VLAN with flexible-tag mode , the xe statistics do not get updated for ingress traffic.PR1343746
Implement edit interfaces interface-name ether-options] configured-flow-control option for QFX Series switches. PR1343917
EVPN-VXLAN: ARP reply packet has auto generated virtual gateway MAC in Ethernet header. PR1344990
The fxpc process might generate core files when removing a VXLAN configuration. PR1345231
EVPN Type5: QFX5110 dcpfe generates core files at
src/pfe/common/pfe-arch/brcm/applications/virtual/brcm_vxlan.c:2185.PR1346980Part numbers and serial numbers are not displayed for any of the optics/DAC connected. PR1347634
The ARP might not update and packets might get dropped at the Routing Engine. PR1348029
On the QFX10002-60C VMHOST, a crash was observed at @ prds_if_ifl_get_gre_stats (ifl=0x9288a608, expr_ifl_l2d_stats=0x2cd3790c), just after configuring the GR Interface on it. PR1348932
The pfed process is consuming 80-90 percent CPU usage when running subscriber management on PPC-based routers. PR1351203
The GTP traffic might not be hashed correctly for aggregated Ethernet interface. PR1351518
Routing Protocols
Diffserv bits/ToS bits are not getting copied from the inner IP header to GRE header, Wireshark captured attached with PR. PR1313311
Some of the IPv4 multicast routes in the Packet Forwarding Engine might fail to install and update. PR1320723
The dcpfe crash is seen in route leak scenario on QFX10000. PR1334714
The rpf-check-policy does not work as expected. PR1336909
QFX loopback firewall filter is not able to catch packets with martian source address. PR1343511
vrf-fallback on the QFX5100 switch, is not supported in ALPM mode. PR1345501
IPv6 packets with hop-by-hop header are not matched by filters. PR1346052
Resolved Issues: 18.1R1
Class of Service (CoS)
For some of the frame sizes, throughput is not 100 percent. PR1256671
EVPN
NH installation error messages are seen on QFX10000 .PR1258930
VXLAN-EVPN: IPv6 Packet loss after normal traffic run rate. PR1267830
Normal VRRP MAC is triggering a MAC move, and logical interfaces on the BD are getting shut down. PR1285749
QFX10002 VXLAN with MPLS underlay has traffic loss at RSVP egress.PR1289666
The df-election-type preference statements at the [show interfaces esi] hierarchy level are not supported on QFX10000 running Junos OS Release 17.3R1. PR1300093
QFX5110-48S: L3 VPN traffic is dropped for some instances when EVPN-VXLAN configuration is removed and reapplied. PR1307590
Dcpfe might crash on EVPN-VXLAN setup. PR1315531
Core file link flap might result in inconsistent global MAC count. PR1328956
EVPN-VXLAN: EVPN Type7 route is not synced across ESI peers when virtual-switching or EVPN instance exist. PR1334408
QFX5100 -- EVPN-VXLAN -- Leaf forwarding traffic to incorrect VTEP after MAC move / vmotion. PR1335431
Interfaces and Chassis
Multicast data packets are looping in MC-LAG. PR1281646
ARP reply drop occurs in MC-LAG scenario. PR1282349
Upgrading to Junos OS Release 16.1R5 without the redundancy-group-id-list statement prior in ICCP leads to commit failure during bootup. PR1311009
Layer 2 Features
To set up PTP BC forwarding on a QFX10002, configure routing on the interface or add a static ARP entry on the remote PTP device. PR1275327
Device transmits packets that exceed interface MTU.PR1306724
The bpdu-block-on-edge statement does not work correctly when fast-tune is enabled. PR1307440
jdhcpd core files are observed after making DHCP configuration changes. PR1324800
Commit error occurs while configuring native-vlan-id .PR1318881
NLB heartbeat packets might be dropped on QFX10000 and PTX Series.PR1322183
ARP entry might be learned on STP blocking ports. PR1324245
Junos Fusion MAC Learning failure occurs for device on Extended Satellite Interface. PR1324579
The DHCP discover packets might be looped in an MC-LAG and DHCP-relay scenario. PR1325425
QFX5100 : With multiple logical units configured on an interface, " input-vlan-map POP " is not removing outer vlan-tag when QinQ and VXLAN are involved. PR1331722
Interface with flexible-vlan-tagging and family ethernet-switching does not work on QFX10K. PR1337311
MPLS
QFX5100: ISSU is not supported with MPLS configuration.PR1264786
Traffic drop during NSR switchover for RSVP P2MP provider tunnels used by MVPN occurs.PR1293014
DHCP clients cannot get IP address over BGP-L3VPN.PR1303442
MPLS forwarding might not happen properly for some LSPs.PR1319379
The rpd might crash on backup RE due to memory exhaustion. PR1328974
Hot standby for l2circuit does not work on QFX5100. PR1329720
Multicast
aggregated Ethernet interface and IRB configuration issue causes kernel crash and causes either chassis or FPC to reboot.PR1335904
Platform and Infrastructure
UFT for non local member is not shown in the CLI. PR1243758
QFX5100 TVP: Not able to load TVP image on top of a non-TVP 5100 image while adding a QFX5100 switch to the Virtual Chassis. PR1248145
Copper ports flap on QFX5100-48T when short-reach-mode is enabled. PR1248611
After upgrading the QFX5100/EX4600 to Junos OS Release 16.1 from 15.1, commit warning. /boot/ffp.cookie+ might be seen. PR1283917
On QFX5100 switches, an AE interface might flap upon commit if an explicit speed is configured on an AE member interface. PR1284495
BFD sessions might flap when BFD is configured over IRB interfaces. PR1284743
Protocols might flap when disabling the AE member link. PR1289703
Storm-control flags are not set after a Routing Engine switchover. PR1290246
On QFX5100, the fxpc process generates a core file. PR1294033
ULC-60S-6Q LC on QFX10008: The port becomes unusable after inserting a third-party SFP-T optic. PR1294394
Oinker and TCP connection drop might be seen during large file SCP/FTP to the system (high intr{ virtio_p} seen). PR1295774
The 40-Gigabit Ethernet interface might not come up if a specific vendor's DAC cable is used. PR1296011
The disable-pfe action upon hybrid memory cube (HMC) fatal errors might have a system-wide impact on PTX Series platforms. PR1300180
QFX10008/10016: commit error is seen when configured with mixed speed. PR1301923
If MPLS LSP self-ping is enabled (self-ping is enabled by default), the kernel might panic with an error message Fatal trap 12: page fault while in kernel mode.PR1303798
Systems running 32-bit Junos OS might generate rpd core file when traceoptions are enabled. PR1305440
QFX5110-48S: Digital optical monitoring statistics cannot be received through the CLI in Junos OS Releases 15.1X53 through 17.x. PR1305506
QFX5200: New apply group is not applying to the Virtual Chassis after a reboot. PR1305520
QFX5100 crashes and the fxcp process generates a core file. PR1306768
Some error messages might be observed on EVPN-VXLAN setup. PR1307014
QSFP+4x10G-IR channelized interface goes down between QFX5200 and PTX5000. PR1307400
Traffic stopped passing LSP after MPLS route change. PR1309058
QFX5110 VC/VCF: Virtual Chassis members reboot before all members have image installed. PR1309103
Run time pps statistics value might show zero for a subinterface of AE interface. PR1309485
Traffic loss might be seen if sending traffic through the 40G interface. PR1309613
Some log messages are seen on QFX5110 platform when plugging in an SFP-SX. PR1311279
One aggregated Ethernet member does not send out sFlow sample packets. PR1311559
The FPC memory might be exhausted with SHEAF leak messages seen in the syslog. PR1311949
Traffic loss is observed while performing NSSU. PR1311977
CPU utilization is around 50 percentwithout any configuration. PR1312520
QFX5100:5100-24q: After loading TVP image, unable to offline/online the EX4600-EM-8F PIC; shows as unsupported. PR1313392
QFX10002-60C will support show vmhost crash to display core files in the host OS. PR1314451
Transit traffic over GRE tunnel might hit CPU and trigger a DDoS violation on L3NHOP. PR1315773
On switch platforms running under Junos OS with Enhanced Layer 2 Software (ELS) (EX4300/EX4600/EX9200/QFX5100/QFX10000), l2cpd might generate core files repeatedly if an interface is connected to VoIP product with LLDP and LLDP-MED enabled. PR1317114
The optic interface still transmits power after it has been administratively shut down. PR1318997
The packet might be dropped between 4-60 seconds when the master Routing Engine is rebooted in a virtual chassis. PR1319146
Port speed is still showing 100G instead of 50G as IFD has been channelized to 50G. PR1319884
Chassis MIB SNMP OIDs for VC-B member chassis are not available after MX-VC ISSU. PR1320370
The MACac address is stuck with "DR" flag on the spine node even though packets are received on theinterface from source MAC.PR1320724
FPCs are gone offline due to CHASSISD_IPC_CONNECTION_DROPPED: Dropped IPC connection for FPC . PRF1321198
The openflow session cannot be established correctly with controller on QFX5100 Series switches. PR1323273
Update new firmware versions for jfirmware package for 100G-PSM4 and 100G-AOC issues. PR1323321
EVPN Type 5: Unicast traffic getting is dropped on backup forwarder PR1323907
VLAN or VLAN bridge might not be added or deleted if there is an IFBD HW token limit exhaustion. PR1325217
MAC move is not expected when disabled globally with set protocols l2-learning global-mac-move disable-action PR1325524
ARP request packets might not be flooded on QFX5110. PR1326022
QFX5210-64CWhen the physical interface is down, show chassis LED CLI still showing as "Green". PR1326078
QFX5100/EX4600/ACX5k : Major Alarm Fan & PSU Airflow direction mismatch occurs when removing management cable. PR1327561
Deleting one VXLAN might cause traffic loop on another VXLAN in multi-homing EVPN/VXLAN scenario with Service Provider style interface. PR1327978
Major alarm should be cleared once the chassis has more PEM units installed than the "minimum PEM" configuration. PR1327999
Junos automation folder lost execution permissions. PR1328570
Fan tray removal/insertion trap is not generated for the backup FPC. PR1329031
QFX10000-60C : Although the set chassis fpc 0 pic command has the option of PIC numbers 0 to 2 , the switch has only 1 PIC.PR1329105
After commit, members of VC or VCF are split and some members may get disconnected. PR1330132
When configure total of 500 tunnels and all are part of routing-instance ( 500 routing-instance) and 500 BGP session with 20k routes. Adding or deleting configurations might occasionally result in FPC crash. PR1331983
The error messages out of HMC range and HMC READ faild are seen. PR1332251
The SOLICIT message of DHCPv6 is dropped. PR1334680
Supported scale for IFL based GRE tunnel on QFX10002-60C is 512. PR1335681
PTX1000 & QFX10002-60C: Python scripts/shell scripts cannot be executed during ZTP as veriexec is enabled.PR1334425
CLI for beacon port state is not supported on QFX10002-60C. PR1337125
The traffic coming from the remote VTEP PE might be dropped. PR1338532
QFX5200 : Inconsistent result after using 'deactivate xxx' command on 'pfc-priority' and 'no-loss' context. PR1340012
Implement edit interfaces interface-name ether-options] configured-flow-control option for QFX. PR1343917
When upgrading from certain release to 18.1R1 statistics daemon PFED may be seen to core. This issue is not service impacting. The issue can be cleared by rebooting the chassis or by deleting all files from /mfs. PR1346925
Routing Policy and Firewall Filters
The rpd might crash if vrf-target auto is configured under routing-instance PR1301721
Routing Protocols
Filter-based forwarding (FBF) with next-ip/next-ip6/next-interface is not working PR1289642
Remotely received traffic is not flooded to AC on FPC 1 when FPC 0 is offlined.PR1290500
An mcsnoopd core file is observed at __raise,abort,__task_quit__,task_quit,task_terminate_timer_callback,task_timer_dispatch,task_scheduler_internal (enable_slip_detector=true, no_exit=true) at ../../../../../../src/junos/lib/libjtask/base/task_scheduler.c:275 PR1305239
GRE tunneled packets might be dropped. PR1308438
QFX5100: Consistent hashing is not getting programmed. PR1322299
QFX10002-60C is not supported as FHR in multicast PIM SM based network. PR1324116
IS-IS L2 Hello packets are dropped when they come from a Brocade device. PR1325436
vrf-fallback on QFX5K is not supported in ALPM mode. PR1345501
Virtual Chassis
Sometimes multicast packets are received two or three time faster.PR1306239
Documentation Updates
There are no documentation errata or changes for the QFX Series switches in Junos OS Release 18.1R2.
New Simplified Documentation Architecture
With the release of Junos OS Release 18.1, Juniper is simplifying its technical documentation to make it easier for you to find information and know that you can rely on it when you find it. In the past, we organized documentation about Junos OS software features into platform-specific documents. In many cases, features are supported on multiple platforms, so you might not easily find the document you want for your platform.
With Junos OS Release 18.1, we have eliminated the platform-specific software feature documents. For example, if you want to find documentation on OSPF, there is only one document regardless of which platform you have. Here are some of the benefits of our new simplified architecture:
Over time, you will see better search results when looking for Juniper documentation. You will be able to find what you want faster and be assured that is the right document.
If a software feature is supported on multiple platforms, you can find information about all the platforms in one place.
Because we have eliminated many documents that covered similar topics, you will now find one document with all the information.
You can know that you are always getting the most current and accurate information.
Migration, Upgrade, and Downgrade Instructions
This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network.
Upgrading Software on QFX Series Switches
When upgrading or downgrading Junos OS, always use the jinstall package. Use other packages (such as the jbundle package) only when so instructed by a Juniper Networks support representative. For information about the contents of the jinstall package and details of the installation process, see the Installation and Upgrade Guide and Junos OS Basics in the QFX Series documentation.
If you are not familiar with the download and installation process, follow these steps:
- In a browser, go to https://www.juniper.net/support/downloads/junos.html.
The Junos Platforms Download Software page appears.
- In the QFX Series section of the Junos Platforms Download Software page, select the QFX Series platform for which you want to download the software.
- Select 18.1 in the Release pull-down list to the right of the Software tab on the Download Software page.
- In the Install Package section of the Software tab, select
the QFX Series Install Package for the 18.1 release.
An Alert box appears.
- In the Alert box, click the link to the PSN document for
details about the software, and click the link to download it.
A login screen appears.
- Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.
- Download the software to a local host.
- Copy the software to the device or to your internal software distribution site.
- Install the new jinstall package on the device.
Note We recommend that you upgrade all software packages out of band using the console, because in-band connections are lost during the upgrade process.
Customers in the United States and Canada use the following command:
user@host> request system software add source/jinstall-host-qfx-5-x86-64-18.1 -R3.n-secure-signed.tgz rebootReplace source with one of the following values:
/pathname—For a software package that is installed from a local directory on the switch.For software packages that are downloaded and installed from a remote location:
ftp://hostname/pathnamehttp://hostname/pathnamescp://hostname/pathname(available only for Canada and U.S. version)
Adding the reboot command reboots the switch after the upgrade is installed. When the reboot is complete, the switch displays the login prompt. The loading process can take 5 to 10 minutes.
Rebooting occurs only if the upgrade is successful.
After you install a Junos OS Release 18.1 jinstall package, you can issue the request system software rollback command to return to the previously installed software.
Installing the Software on QFX10002-60C Switches
This section explains how to upgrade the software, which includes
both the host OS and the Junos OS. This upgrade requires that you
use a VM host package—for example, a junos-vmhost-install-x.tgz .
During a software upgrade, the alternate partition of the SSD is upgraded, which will become primary partition after a reboot .If there is a boot failure on the primary SSD, the switch can boot using the snapshot available on the alternate SSD.
The QFX10002-60C switch supports only the 64-bit version of Junos OS.
If you have important files in directories other than /config and /var, copy the files to a secure location before upgrading. The files under /config and /var (except /var/etc) are preserved after the upgrade.
To upgrade the software, you can use the following methods:
If the installation package resides locally on the switch, execute the request vmhost software add <pathname><source> command.
For example:
user@switch> request vmhost software add /var/tmp/junos-vmhost-install-qfx-x86-64-18.1R3.9.tgzIf the Install Package resides remotely from the switch, execute the request vmhost software add <pathname><source> command.
For example:
user@switch> request vmhost software add ftp://ftpserver/directory/junos-vmhost-install-qfx-x86-64-18.1R3.9.tgzAfter the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.
user@switch> show versionInstalling the Software on QFX10002 Switches
If you are upgrading from a version of software that does not have the FreeBSD 10 kernel (15.1X53-D30, for example), you will need to upgrade from Junos OS Release 15.1X53-D30 to Junos OS Release 15.1X53-D32. After you have installed Junos OS Release 15.1X53-D32, you can upgrade to Junos OS Release 15.1X53-D60 or Junos OS Release 18.1R1.
On the switch, use the force-host option to force-install the latest version of the Host OS. However, by default, if the Host OS version is different from the one that is already installed on the switch, the latest version is installed without using the force-host option.
If the installation package resides locally on the switch, execute the request system software add <pathname><source> reboot command.
For example:
user@switch> request system software add /var/tmp/jinstall-host-qfx-10-f-x86-64-18.1R3.n-secure-signed.tgz
rebootIf the Install Package resides remotely from the switch, execute the request system software add <pathname><source> reboot command.
For example:
user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-f-x86-64-18.1R3.n-secure-signed.tgz
rebootAfter the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.
user@switch> show versionUpgrading Software from Junos OS Release 15.1X53-D3X to Junos OS Release 15.1X53-D60, 15.1X53-D61.7, 15.1X53-D62, and 15.1X53-D63 on QFX10008 and QFX10016 Switches
Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://www.juniper.net/support.
The switch contains two Routing Engines, so you will need to install the software on each Routing Engine (re0 and re1).
If the installation package resides locally on the switch, execute the request system software add <pathname><source> command.
To install the software on re0:
user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz
re0If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re0 command.
For example:
user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz
re0To install the software on re1:
user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz
re1If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re1 command.
For example:
user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz
re1Reboot both Routing Engines.
For example:
user@switch> request system reboot both-routing-enginesAfter the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.
user@switch> show versionInstalling the Software on QFX10008 and QFX10016 Switches
Because the switch has two Routing Engines, perform a Junos OS installation on each Routing Engine separately to avoid disrupting network operation.
Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://www.juniper.net/support.
If graceful Routing Engine switchover (GRES), nonstop bridging (NSB), or nonstop active routing (NSR) is enabled when you initiate a software installation, the software does not install properly. Make sure you issue the CLI delete chassis redundancy command when prompted. If GRES is enabled, it will be removed with the redundancy command. By default, NSR is disabled. If NSR is enabled, remove the nonstop-routing statement from the [edit routing-options] hierarchy level to disable it.
Log in to the master Routing Engine’s console.
For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.
From the command line, enter configuration mode:
user@switch> configureDisable Routing Engine redundancy:
user@switch# delete chassis redundancyDisable nonstop-bridging:
user@switch# delete protocols layer2-control nonstop-bridgingSave the configuration change on both Routing Engines:
user@switch# commit synchronizeExit the CLI configuration mode:
user@switch# exitAfter the switch has been prepared, you first install the new Junos OS release on the backup Routing Engine, while keeping the currently running software version on the master Routing Engine. This enables the master Routing Engine to continue operations, minimizing disruption to your network.
After making sure that the new software version is running correctly on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the software version on the other Routing Engine.
Log in to the console port on the other Routing Engine (currently the backup).
For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.
Install the new software package using the request system software add command:
user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-f-x86-64-18.1R3.n-secure-signed.tgzFor more information about the request system software add command, see the CLI Explorer.
Reboot the switch to start the new software using the request system reboot command:
user@switch> request system rebootNote You must reboot the switch to load the new installation of Junos OS on the switch.
To abort the installation, do not reboot your switch. Instead, finish the installation and then issue the request system software delete <package-name> command. This is your last chance to stop the installation.
All the software is loaded when you reboot the switch. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.
While the software is being upgraded, the Routing Engine on which you are performing the installation is not sending traffic.
Log in and issue the show version command to verify the version of the software installed.
user@switch> show versionOnce the software is installed on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the master Routing Engine software.
Log in to the master Routing Engine console port.
For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.
Transfer routing control to the backup Routing Engine:
user@switch> request chassis routing-engine master switchFor more information about the request chassis routing-engine master command, see the CLI Explorer.
Verify that the backup Routing Engine (slot 1) is the master Routing Engine:
user@switch> show chassis routing-engineRouting Engine status:
Slot 0:
Current state Backup
Election priority Master (default)
Routing Engine status:
Slot 1:
Current state Master
Election priority Backup (default)Install the new software package using the request system software add command:
user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-f-x86-64-18.1R3.n-secure-signed.tgzFor more information about the request system software add command, see the CLI Explorer.
Reboot the Routing Engine using the request system reboot command:
user@switch> request system rebootNote You must reboot to load the new installation of Junos OS on the switch.
To abort the installation, do not reboot your system. Instead, finish the installation and then issue the request system software delete jinstall <package-name> command. This is your last chance to stop the installation.
The software is loaded when you reboot the system. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.
While the software is being upgraded, the Routing Engine on which you are performing the installation does not send traffic.
Log in and issue the show version command to verify the version of the software installed.
Transfer routing control back to the master Routing Engine:
user@switch> request chassis routing-engine master switchFor more information about the request chassis routing-engine master command, see the CLI Explorer.
Verify that the master Routing Engine (slot 0) is indeed the master Routing Engine:
user@switch> show chassis routing-engineRouting Engine status:
Slot 0:
Current state Master
Election priority Master (default)
outing Engine status:
Slot 1:
Current state Backup
Election priority Backup (default)
Performing a Unified ISSU
You can use unified ISSU to upgrade the software running on the switch with minimal traffic disruption during the upgrade.
Unified ISSU is supported in Junos OS Release 13.2X51-D15 and later.
Perform the following tasks:
Preparing the Switch for Software Installation
Before you begin software installation using unified ISSU:
Ensure that nonstop active routing (NSR), nonstop bridging (NSB), and graceful Routing Engine switchover (GRES) are enabled. NSB and GRES enable NSB-supported Layer 2 protocols to synchronize protocol information between the master and backup Routing Engines.
To verify that nonstop active routing is enabled:
Note If nonstop active routing is enabled, then graceful Routing Engine switchover is enabled.
user@switch> show task replication Stateful Replication: Enabled RE mode: MasterIf nonstop active routing is not enabled (Stateful Replication is Disabled), see Configuring Nonstop Active Routing on Switches for information about how to enable it.
Enable nonstop bridging (NSB). See Configuring Nonstop Bridging on Switches (CLI Procedure) for information on how to enable it.
(Optional) Back up the system software—Junos OS, the active configuration, and log files—on the switch to an external storage device with the request system snapshot command.
Upgrading the Software Using Unified ISSU
This procedure describes how to upgrade the software running on a standalone switch.
To upgrade the switch using unified ISSU:
Download the software package by following the procedure in the Downloading Software Files with a Browser section in Installing Software Packages on QFX Series Devices.
Copy the software package or packages to the switch. We recommend that you copy the file to the /var/tmp directory.
Log in to the console connection. Using a console connection allows you to monitor the progress of the upgrade.
Start the ISSU:
On the switch, enter:
user@switch> request system software in-service-upgrade /var/tmp/package-name.tgzwhere package-name.tgz is, for example, jinstall-host-qfx-10-f-x86-64-18.1R3.n-secure-signed.tgz.
Note During the upgrade, you cannot access the Junos OS CLI.
The switch displays status messages similar to the following messages as the upgrade executes:
warning: Do NOT use /user during ISSU. Changes to /user during ISSU may get lost! ISSU: Validating Image ISSU: Preparing Backup RE Prepare for ISSU ISSU: Backup RE Prepare Done Extracting jinstall-host-qfx-5-f-x86-64-18.1R3.n-secure-signed.tgz ... Install jinstall-host-qfx-5-f-x86-64-18.1R3.n-secure-signed.tgz completed Spawning the backup RE Spawn backup RE, index 0 successful GRES in progress GRES done in 0 seconds Waiting for backup RE switchover ready GRES operational Copying home directories Copying home directories successful Initiating Chassis In-Service-Upgrade Chassis ISSU Started ISSU: Preparing Daemons ISSU: Daemons Ready for ISSU ISSU: Starting Upgrade for FRUs ISSU: FPC Warm Booting ISSU: FPC Warm Booted ISSU: Preparing for Switchover ISSU: Ready for Switchover Checking In-Service-Upgrade status Item Status Reason FPC 0 Online (ISSU) Send ISSU done to chassisd on backup RE Chassis ISSU Completed ISSU: IDLE Initiate em0 device handoff
Note A unified ISSU might stop, instead of abort, if the FPC is at the warm boot stage. Also, any links that go down and up will not be detected during a warm boot of the Packet Forwarding Engine (PFE).
Note If the unified ISSU process stops, you can look at the log files to diagnose the problem. The log files are located at /var/log/vjunos-log.tgz.
Log in after the reboot of the switch completes. To verify that the software has been upgraded, enter the following command:
user@switch> show versionEnsure that the resilient dual-root partitions feature operates correctly, by copying the new Junos OS image into the alternate root partitions of all of the switches:
user@switch> request system snapshot slice alternateResilient dual-root partitions allow the switch to boot transparently from the alternate root partition if the system fails to boot from the primary root partition.
Upgrade and Downgrade Support Policy for Junos OS Releases
Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.
You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2 and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.
You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.
For more information about EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.
Product Compatibility
Hardware Compatibility
To obtain information about the components that are supported on the devices, and the special compatibility guidelines with the release, see the Hardware Guide for the product.
To determine the features supported on QFX Series switches in this release, use the Juniper Networks Feature Explorer, a Web-based application that helps you to explore and compare Junos OS feature information to find the right software release and hardware platform for your network. Find Feature Explorer at https://pathfinder.juniper.net/feature-explorer/.
Hardware Compatibility Tool
For a hardware compatibility matrix for optical interfaces and transceivers supported across all platforms, see the Hardware Compatibility tool.