Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for the QFX Series

 

These release notes accompany Junos OS Release 18.2R3 for the QFX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

New and Changed Features

This section describes the new features and enhancements to existing features in Junos OS main release and the maintenance releases for QFX Series.

Note

The following QFX Series platforms are supported in Release 18.2R3: QFX5100, QFX5110, QFX5200, QFX5210, QFX10002, QFX10008, and QFX10016.

Release 18.2R3 New and Changed Features

  • There are no new features or enhancements to existing features for QFX Series in Junos OS Release 18.2R3.

Release 18.2R2 New and Changed Features

  • There are no new features or enhancements to existing features for QFX Series in Junos OS Release 18.2R2.

Release 18.2R1 New and Changed Features

Hardware

  • QFX10000-30C-M line card supports channelization (QFX10008 and QFX10016 switches)—Starting in Junos OS Release 18.2R1. 40-Gigabit Ethernet ports on the QFX10000-30C-M line card can be channelized to 10-Gigabit Ethernet. When ports are in channelization mode, every fifth port is disabled.

    [See QFX10000-30C-M Line Card.]

  • Support for JNP-QSFP-100G-BXSR transceiver (QFX5200)—Starting in Junos OS Release 18.2R1, the QFX5200 switches support the JNP-QSFP-100G-BXSR transceiver. The 100 Gigabit bidirectional transceiver has a dual transmitter/receiver that allows it to transmit and receive data through a single optical fiber. Each bidirectional transceiver has two LC receptacles that receive and transmit on different optical wavelengths. The wavelength of the input optical signal needs to match the receive wavelength of the pairing transceiver. For example, if transceiver A has a transmit wavelength of 850 nm and a receive wavelength of 900 nm, then the pairing transceiver B should have a matching receive wavelength of 850 nm and a transmit wavelength of 900 nm.

    [See the Hardware Compatibility Tool.]

Authentication Access Control

  • Enhancement to NTP authentication method (QFX5110, QFX10000)— Starting in Junos OS Release 18.2R1, Junos OS supports NTP authentication for both SHA-1 and SHA2-256, in addition to the existing NTP authentication method, MD5. You can now choose from among MD5, SHA-1, and SHA2-256 for synchronizing the clocks of Juniper Network routers, switches, and other security devices on the Internet. Using SHA-1 instead of MD5 improves the security of devices with very little impact to timing, while using SHA2-256 provides an increase in security over SHA-1.

    Note

    By default, network time synchronization is unauthenticated.

    To implement authentication, use set authentication-key key_number type at the [edit system ntp] hierarchy level.

    • To enable SHA-1 authentication, use set authentication key key_number type sha1 value password at the [edit system ntp] hierarchy level.

    • To enable SHA2-256 authentication, use set authentication key key_number type sha256 value password at the [edit system ntp] hierarchy level.

    [See authentication-key and Configuring NTP Authentication Keys.]

EVPN

  • Support for firewall filtering and policing on EVPN-VXLAN traffic (QFX5100 and QFX5110)—Starting with Junos OS Release 18.2R1, you can configure firewall filters and policers on VXLAN traffic in an EVPN topology. Firewall filters provide rules that define whether to accept or discard packets that are transiting an interface. Policing, or rate limiting, lets you control the amount of traffic that enters the switch and further determines the actions to be taken when the traffic exceeds the defined limit. You configure firewall filters at the [edit firewall] hierarchy level. For each firewall filter that you apply to a VXLAN, you can specify family ethernet-switching to filter Layer 2 (Ethernet) packets, or family inet to filter on IRB interfaces. The IRB interface acts as a Layer 3 routing interface to connect the VXLANs in one-layer or two-layer IP fabric topologies. You can only apply firewall filters and policers only on CE-facing interfaces in the ingress direction (traffic entering the VXLAN). For IRB interfaces, you can apply filtering only at the ingress point of non-encapsulated frames routed through the IRB interface.

    This feature is not supported on a QFX5100 Virtual Chassis in an EVPN-VXLAN topology.

    [See Understanding VXLANs and Overview of Firewall Filters.].

  • IPv6 data traffic support through an EVPN-VXLAN overlay network (QFX5110 switches)—Starting with Junos OS Release 18.2R1, QFX5110 switches that function as Layer 3 VXLAN gateways can route IPv6 data traffic through an EVPN-VXLAN overlay network. With this feature enabled, Layer 2 or Layer 3 data packets from one IPv6 host to another IPv6 host are encapsulated with an IPv4 outer header and transported over the IPv4 underlay network. The Layer 3 VXLAN gateways in the EVPN-VXLAN overlay network learn the IPv6 routes through the exchange of EVPN Type 2 and Type 5 routes. To enable IPv6 data traffic support, you configure the IRB interfaces on all Layer 3 VXLAN gateways with the same IPv4 and IPv6 anycast virtual gateway addresses (VGAs). To support this feature, no other IPv6 configuration is required in the underlay or overlay networks.

    (The feature described above is documented but not supported on QFX5110 switches in Junos OS Release 18.2R1.)

    [See Routing IPv6 Data Traffic Through an EVPN-VXLAN Network with an IPv4 Underlay.]

  • Support for OSPF, IS-IS, BGP, and static routing on IRB interfaces in EVPN-VXLAN networks (QFX5110)—Starting in Junos OS Release 18.2R1, you can configure OSPF, IS-IS, BGP, and static routing with bidirectional forwarding detection (BFD) on an IRB interface that is used as a routed interface in EVPN. This configuration allows protocol adjacencies to be established between an IRB interface on a Layer 3 gateway and a CE device and between an IRB interface on a Layer 3 gateway and a CE device connected to a Layer 2 leaf device in an EVPN-VXLAN network.

    [See Supported Protocols on an IRB Interface in EVPN-VXLAN .]

  • Support for IS-IS on IRB interfaces in EVPN-VXLAN networks (QFX 10000)—Starting in Junos OS Release 18.2R1, you can configure IS-IS on an IRB interface that is used as a routed interface in EVPN. This configuration allows protocol adjacencies to be established between an IRB interface on a Llayer 3 gateway and a CE device and between an IRB interface on a Layer 3 gateway and a CE device connected to a Layer 2 leaf device in an EVPN-VXLAN network.

    [See Supported Protocols on an IRB Interface in EVPN-VXLAN .]

  • Note

    QFX5110 and QFX5200 switches do not currently support the pop functionality, which has the following implications for this feature:

    • The following use cases are not supported:

      • Traffic Pattern 1: Popping an S-VLAN tag

      • Traffic Pattern 4: Popping and later pushing an S-VLAN tag

    • Without the pop functionality, this feature does not actually support the tunneling of Q-in-Q traffic through an EVPN-VXLAN overlay network. The functionality that is currently supported is flexible VLAN tagging.

    Tunneling Q-in-Q traffic through an EVPN-VXLAN overlay network (QFX5110 and QFX5200 switches)—Starting with Junos OS Release 18.2R1, QFX5110 and QFX5200 switches that function as Layer 2 VXLAN tunnel endpoints (VTEPs) can tunnel single-tagged and double-tagged Q-in-Q packets through an Ethernet VPN-Virtual Extensible LAN (EVPN-VXLAN) overlay network. In addition to tunneling Q-in-Q packets, the ingress and egress VTEPs can perform the following Q-in-Q actions:

    • Delete, or pop, an outer service VLAN (S-VLAN) tag from an incoming packet.

    • Add, or push, an outer S-VLAN tag onto an outgoing packet.

    • Map a configured range of customer VLAN (C-VLAN) IDs to an S-VLAN.

      Note

      The QFX5110 and QFX5200 switches do not support the pop and push actions with a configured range of VLANs.

    The ingress and egress VTEPs support the tunneling of Q-in-Q packets and the Q-in-Q actions in the context of specific traffic patterns.

    [See Examples: Tunneling Q-in-Q Traffic in an EVPN-VXLAN Overlay Network.]

Interfaces and Chassis

  • Channelization support on QFX10000-30C-M line cards (QFX10008 and QFX10016 switches)–Starting in Junos OS Release 18.2R1, you can channelize the 40-Gbps port speeds of the QFX10000-30C-M line card into four independent data channels of 10-Gbps. The Media Access Control Security (MACsec) ports auto sense the transceiver and set the port to the default (non-channelized) mode D. By changing a port to mode A (channelized), the associated Packet Forwarding Engine reboots the four ports that it controls and disables one port.

Junos Telemetry Interface

  • Packet Forwarding Engine sensors for the Junos Telemetry Interface (QFX5100, QFX5110, and QFX5200 Switches) —Starting with Junos OS Release 18.2R1, you can export Packet Forwarding Engine statistics through the Junos Telemetry Interface using native sensors. Native sensors export data close to the source, such as the line card or network processing unit (NPU), using the User Datagram Protocol (UDP).

    The native sensors listed in Table 1 are supported.

    Table 2: Supported Packet Forwarding Sensors

    Sensor

    Exports

    /junos/system/linecard/qmon-sw/

    Tip: This sensor is only available on QFX5000 Series Switches.

    Statistics for congestion and latency monitoring

    /junos/system/linecard/interface/logical/usage/

    Logical interface statistics

    /junos/system/linecard/firewall/

    Filter statistics

    /junos/system/linecard/interface/

    Physical interface statistics

    /junos/services/label-switched-path/usage/

    Label-switched paths (LSP) statistics

    /junos/system/linecard/cpu/memory/

    Network Processing Unit (NPU)/Line Card memory

    For streaming statistics through UDP, all parameters are configured at the [edit services analytics] hierarchy level.

    Support for the Junos Telemetry Interface was introduced on QFX10000 and QFX5200 switches in Junos OS Release 17.2R1.

    [See sensor and Configuring a Junos Telemetry Interface Sensor (CLI Procedure).]

  • Streaming OpenConfig data from Routing Engine sensors over UDP in protobuf format (QFX Series)–Starting in Junos OS Release 18.2R1, you can stream OpenConfig-based sensor data from Routing Engine sensors by using the Junos Telemetry Interface (JTI). JTI enables you to stream the OpenConfig sensor data in gRPC/protobuf format rather than in key/value pairs. Using this format is more efficient and makes the messages smaller.

    [See Overview of the Junos Telemetry Interface.]

Port Security

  • IPv6 Router Advertisement guard (RA guard) (QFX5100/QFX5110/QFX5200)—Starting with Junos OS Release 18.2R1, IPv6 RA guard is supported on QFX5100, QFX5110, and QFX5200 switches. router advertisement guard protects networks against rogue RA messages generated either maliciously or unintentionally by unauthorized or improperly configured routers connecting to the network segment. RA guard works by validating the messages based on whether they meet certain criteria, which is configured on the switch as a policy. RA guard inspects the router advertisement message and compares the information contained in the message attributes to the policy. Depending on the policy, RA guard either drops or forwards the RA messages that match the conditions.

    [See Understanding IPv6 Router Advertisement Guard.]

  • Client link-layer address option 79 for DHCPv6 (QFX5100/QFX5100-VC, QFX5110/QFX5110-VC, QFX5200, QFX10002, QFX10008, QFX10016)—Starting in Junos OS Release 18.2R1, you can configure DHCPv6 option 79 to insert the DHCPv6 client link-layer address in the header of the DHCPv6 RELAY-FORWARD message that is sent from the client to the upstream device. The client link layer address can be used along with other identifiers to associate DHCPv4 and DHCPv6 messages from a dual-stack client.

    [See Inserting the DHCPv6 Client MAC Address Option (Option 79) In DHCPv6 Packets].

Restoration Procedures Failure

  • Device recovery mode introduced in Junos OS with upgraded FreeBSD (QFX Series)—Starting in Junos OS Release 18.2R1, for devices running Junos OS with upgraded FreeBSD, provided you have saved a rescue configuration on the device, an automatic device recovery mode is triggered if the system goes into amnesiac mode. In this new process, the system automatically retries to boot with the saved rescue configuration. The system displays the banner Device is in recovery mode in the CLI (in both the operational and configuration modes).In earlier releases of Junos OS, there is no automatic process to recover from amnesiac mode; therefore a user with load and commit permission must log in using the console and fix the issue in the configuration before the system can reboot.

    [See Saving a Rescue Configuration File.]

Routing Protocols

  • Remote LFA support for LDP in IS-IS and OSPF (QFX5100, QFX5110, QFX5200)—Beginning with Junos OS Release 18.2R1, you can configure a remote loop-free alternate (LFA) to extend the backup provided by the LFA in an IS-IS or OSPF network. This feature is useful especially for Layer 1 metro rings where the remote LFA is not directly connected to the point of local repair (PLR). The existing LDP implemented for the MPLS tunnel setup can be reused for the protection of IS-IS and OSPF networks and subsequent LDP destinations, thereby eliminating the need for RSVP-TE backup tunnels for backup coverage.

    To configure remote LFA over LDP tunnels in an IS-IS network, include the remote-backup-calculation statement at the [edit protocols isis backup-spf-options] hierarchy level and the auto-targeted-session statement at the [edit protocols ldp] hierarchy level.

    [See Example: Configuring Remote LFA over LDP Tunnels in IS-IS Networks. and Example: Configuring Remote LFA Over LDP Tunnels in OSPF Networks.]

Security

  • Support for CCC firewall filters (QFX10000 switches)—Starting with Junos OS Release 18.2R1, you can configure inbound and outbound firewall filters with counter and policer actions on Layer Layer 2 circuit cross-connect (CCC) traffic (family ccc). This feature is beneficial if you use Layer 2 point-to-point circuits to connect customers between sites and want to use policers to apply limits to traffic flowing over CCC circuits. You configure Layer 2 firewall filters at the [edit firewall filter family ccc] hierarchy level.

    [See CCC Overview and Firewall Filter Match Conditions for Layer 2 CCC Traffic.]

Software Installation and Upgrade

  • Zero Touch Provisioning (QFX10008 and QFX10016 switches)—Starting with Junos OS Release 18.2R1, you can use Zero Touch Provisioning to provision new Juniper Networks switches in your network automatically without manual intervention. When you physically connect a switch to the network and boot it with a default configuration, it attempts to automatically upgrade the Junos OS software and install a configuration file from the network. The switch uses information that you configure on a Dynamic Host Configuration Protocol (DHCP) server to locate the necessary software image and configuration files on the network

    [See Zero Touch Provisioning.]

System Management

  • Support for the Precision Time Protocol (PTP) AES67, SMPTE ST-2059-2, and AES67+SMPTE profiles (QFX5110-48S and QFX5200 switches)—Starting in Junos OS Release 18.2R1, you can enable the AES67, SMPTE ST-2059-2, and AES67+SMPTE profiles to support video applications for capture (for example, cameras), video edit, and playback to be used in professional broadcast environments. The PTP standard allows multiple video sources to stay in synchronization across various equipment by providing time and frequency synchronization to all devices. These profile support PTP over IPv4 multicast and ordinary and boundary clocks.

    To configure the AES67, SMPTE ST-2059-2, and AES67+SMPTE profiles, enable one of the aes67, smpte, or aes67-smpte statements at the [edit protocols ptp profile-type] Junos OS CLI hierarchy.

    See [Understanding the PTP Media Profiles.]

  • Zero Touch Provisioning (QFX10002-60C switches)—Starting with Junos OS Release 18.2, Zero Touch Provisioning allows you to provision new Juniper Networks routers in your network automatically without manual intervention. When you physically connect a switch to the network and boot it with a default configuration, the switch attempts to automatically upgrade the Junos OS software image and install a configuration file from the network. The switch uses information that you configure on a Dynamic Host Configuration Protocol (DHCP) server to locate the necessary software image and configuration files on the network. If you do not configure the DHCP server to provide this information, the switch boots with the preinstalled software and default configuration. The Zero Touch Provisioning process either upgrades or downgrades the Junos OS version.

    [See Understanding Zero Touch Provisioning.]

  • New tool to detect high CPU utilization (QFX Series)—Starting in Junos OS Release 18.2R1, a flight recorder tool is introduced to gather historical data on when the CPU utilization on a device was high and what processes caused the high utilization. The tool collects snapshots of data, enabling detection of high CPU usage and faster resolution of issues.

    Because some of the high CPU utilization cases are intentional or expected, you can enable and disable the flight recorder tool to avoid false alarms.

    [See request flight-recorder set high-cpu and show flight-recorder status.]

VLAN Infrastructure

  • Flexible Ethernet support (QFX10000 Switches)—Starting in Junos OS Release 18.2R1, you can configure inet, inet6, or VLAN circuit cross connect (CCC) connections on a physical or aggregated Ethernet interface. This configuration enables you to set different forwarding rules for tagged and untagged traffic on the same interface. For example, you can forward tagged packets over the Layer 2 circuit and route untagged traffic normally in the native VLAN mode.

    All logical devices that are under the flexible VLAN tagging are identified by their VLAN ID configuration. For untagged traffic, the association to the corresponding logical device is derived using the native VLAN ID configuration on the physical device. For traffic without a VLAN tag, the default VLAN ID ( or native VLAN ID) is used to derive the Layer 2 domain.

Changes in Behavior and Syntax

This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands from Junos OS Release 18.2R3 for the QFX Series.

EVPN

  • New options in show evpn instance command (QFX series)—Starting in Junos OS Release 18.2R3, you can use the show evpn instance esi-info command to display only the ESI information for a routing instance and show evpn instance neighbor-info to display only the IP address of the EVPN neighbor for a routing instance. Information associated with the ESI, such as the route distinguisher, bridge domain, and IRB are filtered out.

High Availability (HA) and Resiliency

  • commit fast-synchronize option not supported for products with single Routing Engine (QFX Series)—Starting in Junos OS Release 18.2R1, Junos OS does not support the configuration option commit fast-synchronize at the [edit system] hierarchy level for all the products with single Routing Engine for which chassis redundancy graceful-switchover is not supported. This option is disabled from the CLI.

Interfaces and Chassis

  • New XML tag element <lacp-hold-up-state> added in show lacp interfaces XML display (QFX Series)—In Junos OS Release 18.2R3, the show lacp interfaces | display xml command displays a new XML tag element <lacp-hold-up-state>. The <lacp-hold-up-state> displays the time interval an interface holds before it changes from state, down to up. In earlier Junos OS releases, the LACP hold up the information for all interfaces were in a single <lacp-hold-up-information> XML tag. Now, for each interface it is displayed in a separate <lacp-hold-up-information> XML tag.

  • Packets with MTU size greater than the default value are dropped (QFX5110)—In Junos OS Releases 17.3R3, 17.4R2, 18.1R2, 18.1R3, and 18.2R1, on QFX5110 switches, setting maximum transmission unit (MTU) on the Layer3 interface does not take effect and packets with MTU size greater than the default value are dropped.

    [See mtu.]

  • The resilient-hash statement is no longer available under aggregated-ether-options (QFX5200 and QFX5210 switches)—Starting in Junos OS Release 18.2R3, the resilient-hash statement is no longer available in the [edit interfaces aex aggregated-ether-options] hierarchy level. Resilient hashing is not supported on LAGs on QFX5200 and QFX5210.

    [See aggregated-ether-options.]

  • Logical interfaces created along with physical interfaces by default (QFX10000 and QFX5000 switches)—On the QFX10000 line of switches, logical interfaces are created along with the physical et-, sxe-, xe-, and channelized xe- interfaces. In earlier releases, only physical interfaces are created.

    On the QFX5000 line of switches, by default, logical interfaces are created on channelized xe- interfaces. In earlier releases, logical interfaces are not created by default on channelized xe- interfaces (xe-0/0/0:1, xe-0/0/0:2, and so on), but they are created on et-, sxe-, and nonchannelized xe- interfaces.

  • Commit error when GRE interface and tunnel source interface configured in different routing instances (QFX Series)—In Junos OS Release 18.2R3, QFX Series switches do not support the configuration of the GRE interface and the underlying tunnel source interface in two different routing instances. If you try this configuration, it will result in a commit error with the following error message:

    error: GRE interface (gr-0/0/0.0) and its underlying tunnel source interface are in different routing-instances

    error: configuration check-out failed

    [See Understanding Generic Routing Encapsulation .]

Junos OS XML, API, and Scripting

  • Junos XML protocol <open-configuration> operation no longer emits an uncommitted changes warning (QFX Series)—Starting in Junos OS Release 18.2R1, the Junos XML protocol <open-configuration> operation does not emit an uncommitted changes will be discarded on exit warning message when opening a private copy of the candidate configuration. However, Junos OS still discards the uncommitted changes upon closing the private copy.

  • MD5 and SHA-1 hashing algorithms are no longer supported for script checksums (QFX Series)—Starting in Junos OS Release 18.2R2, Junos OS does not support configuring an MD5 or SHA-1 checksum hash to verify the integrity of local commit, event, op, SNMP, or Juniper Extension Toolkit (JET) scripts or support using an MD5 or SHA-1 checksum hash with the op url url key option to verify the integrity of remote op scripts.

Junos Telemetry Interface

  • Change to the configuration location for gRPC-based sensor subscriptions from an external collector (QFX Series)—Starting in Junos OS Release 18.2R1, when an external streaming server, or collector, provisions sensors to export data through gRPC on devices running Junos OS, the sensor configuration is committed to the junos-analytics instance of the ephemeral configuration database, and the configuration can be viewed by using the show ephemeral-configuration instance junos-analytics operational command. In earlier releases, the sensor configuration is committed to the default instance of the ephemeral configuration database.

Layer 2 Features

  • input-native-vlan-push (EX2300, EX3400, EX4600, EX4650, and the QFX5000 line of switches)—From Junos OS Release 18.2R3, the configuration statement input-native-vlan-push at the [edit interfaces interface-name] hierarchy level is introduced. You can use this statement in a Q-in-Q tunneling configuration to enable or disable whether the switch inserts a native VLAN identifier in untagged frames received on the C-VLAN interface, when the configuration statement input-vlan-map with a push operation is configured.

    [See input-native-vlan-push.]

MPLS

  • When the no-propagate-ttl statement is configured on a QFX5200 switch in an MPLS network, the TTL value is not is not copied and decremented on the transit devices during a swap operation. When the switch acts as an ingress device for an LSP, it pushes an MPLS header with a TTL value of 255, regardless of the IP packet TTL. When the switch acts as the penultimate provider switch, it pops the MPLS header without writing the MPLS TTL into the IP packet. PR1368417

Network Management and Monitoring

  • New context-oid option for trap-options configuration statement to distinguish the traps that come from a nondefault routing instance and nondefault logical system (QFX Series)—In Junos OS Release 18.2R1, a new option, context-oid, for the trap-options statement enables you to handle prefixes such as <routing-instance name>@<trap-group> or <logical-system name>/<routing-instance name>@<trap-group> as an additional varbind.

    [See trap-options.]

  • Junos OS does not support management of YANG packages in configuration mode (QFX Series)—Starting in Junos OS Release 18.2R2, adding, deleting, or updating YANG packages using the run command in configuration mode is not supported.

  • The NETCONF server omits warnings in RPC replies when the rfc-compliant statement is configured and the operation returns <ok/> (QFX Series)—Starting in Junos OS Release 18.2R2, when you configure the rfc-compliant statement at the [edit system services netconf] hierarchy level to enforce certain behaviors by the NETCONF server, if the server reply after a successful operation includes both an <ok/> element and one or more <rpc-error> elements with a severity level of warning, the warnings are omitted. In earlier releases, or when the rfc-compliant statement is not configured, the NETCONF server might issue an RPC reply that includes both an <rpc-error> element with a severity level of warning and an <ok/> element.

Routing Policy and Firewall Filters

  • Support for configuring the GTP-TEID field for GTP traffic (QFX5000 line of switches)—Starting in Junos OS Release 18.2R1, the gtp-tunnel-endpoint-identifier statement is supported to configure the hash calculation of IPv4 or IPv6 packets that are included in the GPRS tunneling protocol–tunnel endpoint identifier (GTP-TEID) field hash calculations. The gtp-tunnel-endpoint-identifier configuration statement is configured at the [edit forwarding-options enhanced-hash-key family inet] hierarchy level.

    In most of the cases, configuring the gtp-tunnel-endpoint-identifier statement is sufficient for enabling GTP hashing. After enabling, if GTP hashing does not work, we recommend that you capture the packets by using relevant tools and identify the offset value. According to standards, 0x32 is the default header offset value. But, due to some special patterns in the header, the offset value might vary, to say, 0x30, 0x28, and so on. In this cases, use gtp-header-offset statement to set a proper offset value. After the header offset value is resolved, run the gtp-tunnel-endpoint-identifier command to enable GTP hashing successfully.

    [See gtp-tunnel-endpoint-identifier and gtp-header-offset.]

Security

  • Syslog or log action on firewall lead to packet drops (QFX5000 switches)—Starting in Junos OS Release 18.2R3, if you configure a syslog or log action on an ingress firewall filter, control packets and ICMP packets sent to the Routing Engine might be dropped.

  • Firewall warning message (QFX5000 switches)—Starting in Junos OS Release 18.2R3, a warning message is displayed whenever a firewall term includes the log or syslog option with the accept filter action.

Software Installation and Upgrade

  • New DHCP option introduced for ZTP retry (QFX Series)—Starting in Junos OS Release 18.2R1, a new DHCP option is introduced to set the timeout value for the file downloads over FTP. If the transfer-mode option is set as FTP, the default value for the time out is automatically set as 120 minutes. That is, if the FTP session gets interrupted due to loss of connectivity in the middle of a file transfer, it will timeout after 120 minutes and ZTP will retry to fetch the file. This value can be overridden using the DHCP option as follows:

    where “val” is the user configurable timeout value in seconds and must be provided within double quotation marks.

Virtual Chassis

  • New configuration option to disable automatic Virtual Chassis port conversion (QFX5100 Virtual Chassis)—Starting in Junos OS Release 18.2R2, you can use the no-auto-conversion statement at the [edit virtual-chassis] hierarchy level to disable automatic Virtual Chassis port (VCP) conversion in a QFX5100 Virtual Chassis. Automatic VCP conversion is enabled by default on these switches. When automatic VCP conversion is enabled, if you connect a new member to a Virtual Chassis or add a new link between two existing members in a Virtual Chassis, the ports on both sides of the link are automatically converted into VCPs when all of the following conditions are true:

    • LLDP is enabled on the interfaces for the members on both sides of the link. The two sides exchange LLDP packets to accomplish the port conversion.

    • The Virtual Chassis must be preprovisioned with the switches on both sides of the link already configured in the members list of the Virtual Chassis using the set virtual-chassis member command.

    • The ports on both ends of the link are supported as VCPs and are not already configured as VCPs.

    Automatic VCP conversion is not needed when using default-configured VCPs on both sides of the link to interconnect two members. On both ends of the link, you can also manually configure network or uplink ports that are supported as VCPs, whether or not the automatic VCP conversion feature is enabled.

    Deleting the no-auto-conversion statement from the configuration returns the Virtual Chassis to the default behavior, which reenables automatic VCP conversion.

Known Behavior

This section lists known behavior, system maximums, and limitations in hardware and software in Junos OS Release 18.2R3 for the QFX Series.

For the most complete and latest information about known Junos OS problems, use the Juniper Networks online Junos Problem Report Search application.

EVPN

  • When a VLAN uses an IRB interface as the routing interface, the VLAN-ID parameter must be set as none to ensure proper traffic routing. This issue is platform-independent. PR1287557

  • EVPN-VXLAN implementations support up to 100 EVPN VLAN-based routing instances. If you have more than 100 instances, MAC learning might behave incorrectly. PR1287644

General Routing

  • Layer 3 multicast traffic does not converge to 100 percent and a few continuous drops are observed after bringing an interface down and back up again or while an FPC comes online after FPC restart. This behavior is seen when scaling beyond 2000 VLANs or 2000 IRBs with VLAN replication configured. PR1161485

  • VLAN tag is removed for inter-VNI traffic on a Layer 3 gateway when the encapsulation or de-encapsulation VLAN configuration or statement is enabled. PR1185295

  • When per-packet load balancing is removed or deleted, the next-hop index might change. PR1198092

  • Single-bit and multiple-bit ECC errors are not logged on QFX5110 switches. PR1251917

  • On the QFX10000-12C-DWDM coherent line card, links might flap when MACsec is enabled on Ethernet interfaces. PR1253703

  • On the QFX10000 line of switches, at initialization, the port group module comes up after some time and negative ACKs are seen until the port group module is up. After the port group module is up, negative ACKs are no longer observed. This is an expected behavior due to an aggressive link scan feature introduced in Junos OS Release 17.2. PR1271579

  • On the QFX10000 line of switches, with a high scale of 4000 VNIs or 200,000 MACs, or both, if a large configuration change happens with traffic flowing, then forwarding descriptor memory corruption might occur, leading to complete traffic loss on certain ports. The qualification shows that a system with 400 VNIs is stable. However, other configurations such as global MAC count and underlying MPLS LSPs can increase system load. PR1296089

  • Traffic drop occurs because of CRC errors when traffic is sent over et-interfaces. PR1313977

  • Port LEDs on the QFX5100 do not work. If a device connects to a port on the QFX5100, the port LED remains unlit. PR1317750

  • On a QFX10016, permanent traffic loss is seen for some hosts after the initial ARP timer expiry caused by an ARP entry is not synchronized between the two PE devices. PR1322288

  • On the QFX10016 EVPN-VXLAN scaled testbed, it takes up to 3 minutes for traffic to converge when a configuration related to a tenant (five IRB interfaces or VLANs) is added. PR1323042

  • In a MH EVPN-VXLAN scenario, with IGMP snooping configured, in a scaled scenario: 1) For 10000 s,g scale: Trigger: disable DF link for convergence: Total convergence for 10000 s,g scale is 4.5 seconds with traffic rate of 60 kpps. Per flow convergence loss ranges from 3.16 seconds to 5.66 seconds 2) For 8000 s,g scale: Trigger :disable DF link for convergence: Total convergence for 8000 s,g scale is 2.86 seconds with traffic rate of 60 kpps. Per flow convergence loss ranges from 1.86 seconds to 3.73 seconds. PR1323155

  • Traffic statistics for multicast stream on gr-interfaces does not work on a QFX5000 platform. PR1323622

  • With 100-Gigabit DAC/copper cable connected between QFX5210-64C and QFX10000 devices, links might not come up reliably. The rest of the 100-Gigabit optics/AOC and 40-Gigabit optics/DAC/copper work well when connected between QFX5210-64C and QFX10000 devices. PR1324600

  • Configuration of mac-table-size under VLAN switch options is not supported for QFX10002-60C. PR1325315

  • In QFX5210-64C, irrespective of the physical interface speed, the speed displayed for gr-interface is always 800 mbps. PR1325695

  • The mac-learning-limit option is not supported under VLAN switch options for the QFX10002-60C platform. PR1325752

  • A few harmless error messages related to function rt_mesh_group_add_check() are seen during reboot. PR1335363

  • Traffic statistics do not get updated on the gr-0/0/0 interface with ECMP. PR1335670

  • On switching platforms, LACP aggregate Ethernet minimum-link with sync-reset enabled feature is not supported on an aggregated interface where micro-BFD is enabled. PR1342657

  • Hardware watchdog does not work on QFX10008 and QFX10002-60C/PTX10002-60C platforms. PR1343131

  • When the routes are changed from V4 to V6 or vice versa, routes are getting added from STC before all previous routes are deleted. Hence, error messages are seen. PR1350719

  • The 100-Gigabit Ethernet interface goes down after Ethernet loopback is configured or deleted. PR1353734

  • On the QFX5100, if a scaled configuration involving a LAG interface, more than 3000 VLANs, and corresponding next hops is removed and a new configuration involving a LAG interface is applied at the same time, the new configuration might not take effect until the previous configuration has been deleted. During this time, the FXPC process might utilize high CPU resources. PR1363896

  • GRE tunnel next hop as ECMP is not supported. PR1368653

  • On Junos OS Release 18.2R2, the intermittent traffic loss is observed with RTG streams while flapping the RTG primary interface. PR1388082

  • RE-ARP requests fail because they are sent without VLAN-ID. PR1390794

Interfaces and Chassis

  • As the link-speed configuration statement cannot be hidden, unexpected behavior is observed with MC LAG peer status. PR1329030

  • The supported ARP scale over MC-LAG interfaces is 48,000. PR1334321

Layer 2 Features

  • On QFX5100 Virtual Chassis interfaces on which flexible VLAN tagging has been enabled, STP, RSTP, MSTP, and VSTP protocols are not supported. PR1075230

  • In a QFX5210-64C platform, resilient hashing is not supported for LAG interfaces. PR1325499

  • Packet statistics are not supported for logical child members of aggregated Ethernet interface. PR1335454

  • Targeted-broadcast forward-only does not broadcast the traffic. PR1359031

  • With IGMP snooping enabled on the leaf switches, multicast traffic is forwarded to VLAN/VNI, which does not have an active receiver. PR1388888

Routing Protocols

  • The route unidimensional limit in Junos OS Release 18.1R1 is 1.6 million routes. PR1320865

  • Removal and adding of em0 configuration cause physical interface to be reconfigured. This might cause BFD to flap if aggressive BFD timers are configured because of the hardware interrupt in the kernel. QFX5100 platform does not support BFD for minimum interval of less than 1 second. PR1332229

Virtual Chassis

  • Virtual Chassis internal loop might happen at a node coming up from a reboot. During nonstop software upgrade (NSSU) on an QFX5100 Virtual Chassis, a minimal traffic disruption or traffic loop (greater than 2 seconds) might occur and it is considered to be known behavior. PR1347902

Known Issues

This section lists the known issues in hardware and software for the QFX Series switches in Junos OS Release 18.2R3.

For the most complete and latest information about known Junos OS problems, use the Juniper Networks online Junos Problem Report Search application.

EVPN

  • In a scaled setup, if mac-move is triggered more than four times, the MAC move detection might not be reliable. PR1284315

  • The chained-composite-next-hop (CNH) is a must for EVPN pure type 5 with VXLAN encapsulation. Without this Packet Forwarding Engine might not program the tunnel next hop. You have to explicit set it on QFX5110 using set routing-options forwarding-table chained-composite-next-hop ingress evpn, QFX10,000 it is applied as part of default configuration. user@host> show configuration routing-options forwarding-table | display inheritance defaults. PR1303246

  • On QFX10000, in an EVPN collapsed L2 and L3 multihomed GWs topology, when traffic is sent from IP fabric toward EVPN, some traffic loss is seen. If the number of hosts behind EVPN gateways is increased, the traffic loss becomes higher. PR1311773

  • In an EVPN-VXLAN scenario, ARP table information is not synchronized on two spines after reconfiguring an end host on a multihomed CE interface from IP1/MAC1 to IP1/MAC2. PR1330663

  • When VTEP scale of more than 200 is used in Junos OS release 18.1R1, VTEPs might not come up for all the tunnels and might impact traffic. PR1342175

  • On QFX5110 and QFX5200 switches that are configured to tunnel Q-in-Q traffic in an EVPN-VXLAN network, the pop operation does not work on ingress interfaces. PR1344102

  • To filter and see the output of desired ESI or neighbor information of an EVPN instance, there are two new choices available: show evpn instance <> esi-info esi <> and show evpn instance <> neighbor-info neighbor <>. PR1402175

General Routing

  • Certain QFX Series devices do not pad Ethernet packets with zeros. Therefore, some packets can contain fragments of system memory or data from previous packets. This issue is also known as Etherleak and often detected as CVE-2003-0001. For more information see https://kb.juniper.net/JSA10773. PR1063645

  • On QFX5100 Virtual Chassis interfaces on which flexible VLAN tagging has been enabled, STP, RSTP, MSTP, and VSTP protocols are not supported. PR1075230

  • Layer 3 multicast traffic does not converge to 100 percent and continuous traffic drops are observed after bringing down/up the downstream interface or when an FPC comes online after FPC restart. This occur with multicast replication for 1000 VLAN/IRB's. PR1161485

  • Because of the incorrect type defined when printing value drawn from Packet Forwarding Engine, the output for the show interfaces command might show an extremely large number instead of the actual value. For example, user@host> show interfaces extensive et-0/1/0 Physical interface: et-0/1/0, Enabled, Physical link is Up . Input errors: Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Bucket drops: 0, Policed discards: 0, L3 incompletes: 0, L2 channel errors: 0, L2 mismatch timeouts: 0, FIFO errors: 0, Resource errors: 429496729600 <<<<<<<<<<<<<<<< Output errors: Carrier transitions: 3, Errors: 0, Drops: 0, Collisions: 0, Aged packets: 0, FIFO errors: 0, HS link CRC errors: 0, MTU errors: 0, Resource errors: 0, Bucket drops: 0 Where 429496729600 is 6400000000 in hexadecimal. However, the actual value is 0x64 or 100 in decimal. PR1245748

  • Single-bit and multiple-bit ECC errors are not logged on QFX5110 switches. PR1251917

  • On QFX10000 Series switches, at initialization, the port group module comes up after some time and negative ACKs are seen until the port group module is up. After the port group module is up, negative ACKs are no longer observed. This is an expected behavior because of an aggressive link scan feature introduced in Junos OS Release 17.2. PR1271579

  • Traffic drop occurs because of CRC errors when traffic is sent over et interfaces. PR1313977

  • Port LEDs on QFX5100 do not work. If a device connects to a port on QFX5100, the port LED stays unlit. PR1317750

  • There might be traffic loss on the ingress PE device after a new EVPN neighbor is added or an existing EVPN neighbor is deleted. PR1319770

  • Interface uptime has increased by 8 seconds from Junos OS Release 17.4R1 to Junos OS Release 18.1R1. Also, SDK upgrades across releases might impact the parameters such as login prompt appear time, FPC up time, and interface up time after switch reboot. PR1324374

  • The management process (mgd) might panic after modifying aggregated Ethernet interface members under ethernet-switching vlan stanza. As a result, the remote session is terminated. PR1325736

  • When user configures an L2 filter with mixed L2 and L3 match condition, error syslog is displayed to the user. As a workaround, commit is denied when mixed L2 and L3/L4 match conditions are configured on a L2 filter. PR1326715

  • On QFX5200 standalone devices with VXLAN configured, the user-configured ingress ACL scale limit is 256 terms. PR1331730

  • A BFD session over aggregated Ethernet flaps when a member link carrying the BFD Tx flaps. PR1333307

  • Refrain from committing MTU changes for GRE and underlying interfaces in single commit. For any GRE interface MTU update follow the mentioned workaround. PR1335739

  • On QFX10002, QFX10008, and QFX10016, ND is incorrectly working on IRB/Layer 3 interface with discard filter. PR1338067

  • Changing MTU for GRE and underlying interfaces in single commit will be a caveat for the IPv4 GRE feature. Refrain from committing MTU changes for GRE and underlying interfaces in single commit. For any GRE interface MTU update follow the mentioned workaround. PR1339601

  • The issue is specific to flexible VLAN-tagged interface and does not happen if the interface is in trunk mode with EVPN-VXLAN configuration. PR1345568

  • Downgrade from TVP image to a non-TVP image is not supported. Upgrade from a non-TVP to a TVP image is supported. PR1345848

  • QFX10000 platform drops the Aruba wireless access point (AP) heartbeat packets. As result, the Aruba wireless AP cannot work. PR1352805

  • This issue observed only with 100 LR4 optics in the warm boot stage of VM's during unified ISSU process, flap is observed only on peer port. Recommend no to use 100G LR4 during unified ISSU. PR1353415

  • The 100-Gigabit Ethernet interface goes down after you configure and delete the Ethernet loopback configuration. PR1353734

  • While hot swapping 100G and 40G BiDi optics, it is recommended to give a gap of 4 to 5 seconds before you remove and re-insert. PR1356502

  • On QFX5100 platforms with sFlow enabled, when deleting or deactivating the sFlow interface, all other interfaces might go down and fxpc core files are generated. PR1356868

  • When MC-LAG is configured with force-up enabled on MCLAG nodes, the LACP admin key should not match the key of the access or CE device. PR1362346

  • On QFX5210 switches, the filter with routing-instance applied to family inet logical interface causes traffic drop and gets discarded on unrelated interfaces. PR1364020

  • From Junos OS Release 17.3R1, on the QFX10002 platform, in a rare condition, the IPFIX flow statistics (packet/byte counters) are incorrect in the exported record. Since the statistics are not collected properly, the flow might time out and get deleted because of the inactive timeout, causing the number of exported records to be sent out unexpected. Traffic spikes generated by IPFIX might be seen. PR1365864

  • On the QFX5200, an error might be encountered when upgrading from Junos OS Release 15.1X53-D230.3 (the image with enhanced automation support [flex]) to an Junos OS Release 18.1R1.9 (image without the enhanced automation). PR1366080

  • The statement pm4x25_line_side_phymod_interfa might throw the error ERROR: u=0 p=81 interface type 16 not supported by internal SERDES for this speed 50000. This error messages are seen when channelization is detected in the Junos OS Release 18.1R3. PR1366137

  • On the QFX10000 line of switches, with EVPN-VXLAN, the following error message is seen: expr_nh_fwd_get_egress_install_mask:nh type Indirect of nh_id: # is invalid. PR1367121

  • When any CLI command is executed immediately after the AIS script package is installed, then no output is generated. PR1368039

  • The user might not be able to stop the ZTP bootstrap when a QFX10016 or QFX10008 router with more number of line cards is powered ON with the factory default configuration. PR1369959

  • The L2 bridge domain might not be created on Packet Forwarding Engine after changing VLAN configuration. PR1371611

  • Static speed of 100M setting remains after changing the speed 100M to auto-negotiation. PR1372647

  • Beginning in Junos OS Release 17.1R1, the MAC address of the interfaces on the QFX10002-36Q and QFX10002-72Q will change. On the QFX10002-36Q, after the upgrading to Junos OS Release 17.x, the last octet of the interface MAC addresses increases by 3. On the QFX10002-72Q, after the upgrading to Junos OS Release 17.x, the last octet of the interface MAC addresses increases by 6. PR1375349

  • In Junos OS Release 18.1R3, when one 50-Gigabit Ethernet port is taken down using the ifconfig command, the other port also goes down. PR1376389

  • In certain scenario's where flows are sampled through aggregate bundles when jflow sampling is enabled, the following harmless error logs can be seen: [Tue Oct 30 18:17:40.648 LOG: Info] expr_get_local_pfe_child_ifl: cannot find child ifl of agg ifl 74 for this fpc [Tue Oct 30 18:17:40.648 LOG: Info] flowtb_get_cpu_header_fields: Failed to find local child ifl for 74 [Tue Oct 30 18:17:40.648 LOG: Info] fpc0 cannot find stream on [hostname]. PR1379227

  • LOC and Diag system LEDs on the front panel are not defined yet. PR1380459

  • In case multiple LLDP sensors are getting exported together and part of their keys are overlapped, data for these sensors can get skipped sometimes from being exported. PR1382691

  • Last reboot reason is not correct if the device is rebooted because of power cycle. Last reboot reason will be displayed as vJunos OS reboot even if the device get rebooted because of the power cycling. PR1383693

  • Port-mirroring-instance or analyzer-based mirroring does not work with input as VLAN ingress when VLAN is mapped to VXLAN. PR1384732

  • On QFX10008 and QFX10016 platforms, traffic loss might be observed because of switch modular failure on the control board (CB). This failure further causes all SIBs to be marked as faulty and causes FPCs to restart until Routing Engine switchover occurs. PR1384870

  • On Junos OS Release 18.4R1, the intermittent traffic loss is observed with RTG streams while flapping the RTG primary interface. PR1388082

  • When the show command takes a long time to display results, the STP might change its status because the BPDUs are no longer processed and cause outages. PR1390330

  • On QFX10000 switches, the major alarm FPC Management Ethernet Link Down might be displayed for the management Ethernet (em0 or em1) interface that is administratively down. The alarm message has no service impact and can be ignored. PR1391949

  • If PTP transparent clock is configured on the QFX5200, and if IGMP snooping is configured for the same VLAN as PTP traffic, the PTP over Ethernet traffic might be dropped. PR1395186

  • L2 multicast and broadcast convergence is high while deleting and adding back the scale configurations of VLANs and VXLAN. PR1399002

  • On QFX5100, the traffic initiated from a server connected to an interface might be dropped at the interface on the switch if the interface is configured with family Ethernet-switching with VXLAN and the configuration is changed to family inet. PR1399733

  • On QFX10002, QFX10008, and QFX10016, a auto correctable non-fatal hardware error on PE chip (which is ASIC on QFX10002, the third-generation FPC on PTX3000/PTX5000, and the Line card on QFX10008/QFX10016) is reported as 'FATAL' error. Hence, the related Packet Forwarding Engine might get disabled. The code changes have been made to change the error category from 'FATAL' to 'INFO' to avoid the Packet Forwarding Engine to be disabled unexpectedly. PR1408012

  • When the storm control profile is applied on MC-AE interface, even if the traffic exceeds the bandwidth of the storm configuration does not shut down. Because traffic is not going through this policer-based rate limiting algorithm. PR1411338

  • On QFX10,000 platforms with EVPN, if an EVPN instance is created through the statement set protocols evpn encapsulation mpls, then the MAC learning might not happen on the CE-facing interface if the interface is configured with trunk-mode, because EVPN/MPLS is not supported on QFX10000 Series devices. PR1416987

  • On the QFX5110 platforms, uRPF check in strict mode might not work appropriately. PR1417546

  • ERSPAN traffic is not tagged when the output interface is a trunk port. PR1418162

  • On Junos OS routers and switches with Link aggregation control protocol (LACP) enabled, deactivating a remote aggregated Ethernet member link will make the local member link move to LACP detached state. The detached link will be invalidated from the Packet Forwarding Engine aggregated Ethernet-forwarding table as expected. However, if the device is rebooted with this state, all the member links will be enabled in Packet Forwarding Engine aggregated Ethernet-forwarding table irrespective of LACP states and result in traffic drop. PR1423707

  • When channelization is configured on FPC QFX10000-30C (ULC-30Q28) while jFlow (jFlow v9 or v10) is configured on this board, the jFlow export might fail. As a result, loss of sample flow is seen. PR1423761

  • CRC errors can be seen when other manufacturer device is connected to QFX10000 on a 100-gigabit link with QSFP-100GBASE-LR4-T2. Other manufacturer device report CRC errors and input errors on those 100-gigabit links. The QFX10000 interfaces do not show any errors causing packet loss. PR1427093

  • On QFX10000 Series platforms, the range of Maximum Transmission Unit (MTU) allowed for Layer 2 interface is from 256 to 9216. However, when configuring MTU lower than 270 (256 to 269 inclusive), the Layer 2 traffic drop is seen because of the defective MTU check. PR1431902

  • VRRP-V6 state is flapping with init and idle states after configuring vlan-tagging. PR1445370

Infrastructure

  • FTP displays the following messages: ftpd[14105]: bl_init: connect failed for `/var/run/blacklistd.sock' (No such file or directory). PR1315605

Layer 2 Ethernet Services

  • In an MC-LAG with force-up scenario, an LACP PDU loop might be seen when both MC-LAG nodes and the access device use the same admin key. PR1379022

  • On QFX5100 and QFX5200 line of switches with spine-leaf scenario, when some (two or more than two) underlay interfaces with ECMP are brought down on a leaf device, the multihop BFD overlay sessions between spines and leafs might flap. And if BFD flaps, the protocols depending on BFD (typically, IBGP Protocol) might also flap, which leads to traffic impact. PR1416941

Layer 2 Features

  • On QFX10016, after delete and re-adding of 1000 lag interfaces, traffic drops could be seen until ARP are refreshed even though all lag interfaces come up. PR1289546

  • The Targeted-broadcast forward-only command does not broadcast the traffic. PR1359031

  • On a QFX5100 Q-in-Q might stop working for certain vlan-id-list configured under a physical interface. As a result, a Packet Forwarding Engine binary issue is addressed through an upcoming image. PR1395312

  • On Junos OS QFX5000, on the interfaces where lldp is already disabled (commit) and there is any change on any interface in the next commit, l2cpd sends the message to disable lldp on all the interfaces to kernel. The kernel tries to remove the implicit filters, which return ENOENT, since entries were already disabled during the first commit. PR1400606

  • On QFX5110 devices, stale entries might fill up the L3 egress table, preventing new entries from being added. This might impact traffic. PR1423368

  • On QFX5000 platforms, the fxpc might crash repeatedly when a firewall filter is applied on a logical unit of a DSC interface. This impacts traffic. PR1428350

  • Firewall counters of VXLAN access ports might not show correct values after child members are deleted or added in aggregated Ethernet interfaces. PR1441424

MPLS

  • There could be some lingering RSVP state that would keep some labeled routes programmed in the Packet Forwarding Engine longer than they should be. This RSVP state will eventually expire and then delete the RSVP MPLS routes from FIB. However, traffic loss is not anticipated because of this lingering state or the corresponding label routes in the FIB. In the worst case, in a network where there is persistent link flapping going on, this lingering state could interfere with the LSP scale being achieved. PR1331976

  • Statistics of transit traffic do not increment LSP statistics signaled by RSVP-TE. PR1362936

Platform and Infrastructure

  • In configurations with IRB interfaces, when interfaces are deleted (for example, FPC reboot), the Packet Forwarding Engine might log errors stating nh_ucast_change:291Referenced l2ifl not found. This condition should be transient, with the system reconverging on the expected state. PR1054798

Routing Protocols

  • For the QFX10002 and QFX10008 switches, you might observe an increase in the convergence time of OSPF routes when compared to Junos OS Release 17.3. An average increase of 1.5 seconds is seen for 100,000 OSPFv3 routes. PR1297541

  • In a PVLAN configuration, the isolated VLAN and community VLAN should not use same VLAN ID. PR1323520

  • We strongly recommend using BGP as the protocol for configuring the local-address for each multihop iBGP/eBGP peer configuration. We recommend that local-address be a routeable lo0 address. Using loopback address reduces dependency with interfaces. Note: Multihop is enabled for iBGP peers by default. PR1323557

  • The VLAN range shown in community VLAN is 1.4094. Hence, VLAN 0 should not be configured as community VLAN in PVLAN. PR1323719

  • When MoFRR is enabled, the traffic statistics on the multicast route show double the outgoing traffic because accounting is done for both the primary and backup route. When one of the upstream interfaces goes down, this issue is not seen. There is no workaround for this issue. PR1326338

  • Higher convergence time for LFA with BFD occur in Junos OS Release 18.1. PR1337412

  • On a scaled setup, when the host table is full and the host entries are installed in the LPM table, OSPF sessions might take more time to come up. PR1358289

  • On the QFX Series switches (except for QFX10,000 line of switches, if host-destined packets (that is, the destination address belongs to the device) come from the interface with ingress filter of log/syslog action (for example, 'filter <> term <> then log/syslog'), such packets might not be dropped and might reach the Routing Engine unexpectedly. PR1379718

  • The BRCM_NH-,brcm_nh_bdvlan_ucast_uninstall(),128:l3 nh 6594 unintsall failed in h/w with Mini-PDT base configurations error is seen on QFX5100 Virtual Chassis. There is no functionality impact due to this error message.PR1407175

  • On QFX5110 and QFX5200 platforms, the dcpfe might crash if any interface flaps. PR1415297

  • In BGP graceful restart scenario, including helper mode which is enabled by default, rpd might crash and generate a core file because of the improper handling of BGP graceful restart stale routes while deleting the BGP neighbor. The rpd might crash and service/traffic impact might occur. PR1427987

Resolved Issues

This section lists the issues fixed in the Junos OS main release and the maintenance releases.

For the most complete and latest information about known Junos OS defects, use the Juniper online Junos Problem Report Search application.

Resolved Issues: 18.2R3

Authentication and Access Control

  • Without configuring anything related to dot1x, the syslog dot1xd[2192]: task_connect: task PNACAUTH./var/run/authd_control addr /var/run/authd_control: Connection refused is generated repeatedly. PR1406965

Class of Service (CoS)

  • When a lag bundle is configured with 64 lag links the following error message is seen: STUCK_BUFF : port_sp not empty for port 35 sp 1 pkts:1. PR1346452

EVPN

  • The rpd process might crash with EVPN type-3 route churn. PR1394803

  • A few minutes of traffic loss might be observed during recovery from link failure. PR1396597

  • VNI is not updated on default route 0.0.0.0/0 advertised by EVPN type 5 prefix when the local configuration is changed. PR1396915

  • In the non-collapsed (centralized) topology, when one of the 2 spines deactivates the underlay protocol (OSPF), the leaf still points the virtual-gw-mac's next hop to the down spine. PR1403524

  • EVPN routes might show "Route Label: 0" in addition to the real label. PR1405695

  • The rpd might crash after NSR switchover in an EVPN scenario. PR1408749

  • ARP entry points to failed VTEP after PE-CE link fails for multihomed remote ESI. PR1420294

  • Multicast MAC addresses are learned in the Ethernet switching table with VXLAN through an ARP packet in a pure L2 configuration. PR1420764

  • The device might proxy the ARP probe packets in an EVPN environment. PR1427109

Forwarding and Sampling

  • The kernel crash might be observed when there is a firewall filter modification. PR1365265

  • On Junos OS, firewall filter terms named "internal-1" and "internal-2" are ignored. PR1394922

General Routing

  • The 1-gigabit Ethernet copper module interface shows "Link-mode: Half-duplex" on QFX10000 line platforms. PR1286709

  • SFP-T might not work on QFX5100 and QFX5110 devices. PR1366218

  • Packet Forwarding Engine is in a bad state after performing optics insertion or removal on a port. PR1372041

  • The backup member switch might fail to become the master switch after switchover on QFX5100 and QFX5200 Virtual Chassis platforms. PR1372521

  • RIPv2 update packets might not be sent when IGMP snooping is enabled. PR1375332

  • Packet Forwarding Engine might get wedged if there are interfaces going to the down state. PR1376366

  • Debug log message, expr_nh_flabel_check_overwrite: Caller nh_id params, classified as an error log when it should be LOG_INFO. PR1377447

  • The overlay ECMP might not work as expected on QFX5110 in an EVPN-VXLAN environment. PR1380084

  • There is an inconsistency in applying scheduler map with excess-rate on the physical interface and aggregated Ethernet interface. PR1380294

  • Traffic drops and get discarded by FPC offline in MC-LAG scenario. PR1381446

  • The QFX-QSFP-40G-SR4 transceiver might not be recognized after upgrading Junos OS on QFX5100e. PR1381545

  • Static default route with next-table inet.0 does not work. PR1383419

  • The log of RPD_KRT_Q_RETRIES: list nexthop ADD: No such file or directory might be continuously shown after the rpd process restarts. PR1383426

  • DMA failure errors might be seen when the cache is flushed or the cache is full. PR1383608

  • The Virtual Chassis could not come up after upgrading to QFX5E platforms. PR1383876

  • Disable reporting of correctable single-bit error on Hybrid Memory Cube (HMC) and prevents a major alarm. PR1384435

  • The QFX10K-12C-DWDM line card might crash when booting up. PR1386400

  • The rpd process might end up with KRT queue might get stuck in a VRF scenario. PR1386475

  • QFX5100, QFX5110, QFX5200, and QFX5210 Virtual chassis could not be formed normally. PR1387730

  • Certain log messages might be observed on QFX Series platforms. PR1388479

  • On QFX5100 Virtual Chassis, ARP received on SP-Style interface are not sent to all RVTEPs. Normal BUM traffic works fine. PR1388811

  • FPC might crash on QFX5100 platforms in a large scale scenario. PR1389872

  • An incorrect error message might be seen when J-Flow sensors are configured with reporting rate less than 30 seconds. PR1390740

  • 10-gigabit Ethernet copper link flapping might happen during TISSU operation of QFX5100-48T switches. PR1393628

  • IPv6 next-hop programming issue might be observed on QFX10,000 devices. PR1393937

  • Unable to install licenses automatically on QFX Series platforms. PR1395534

  • The subscriber bindings might not be successful on QFX Series platforms. PR1396470

  • On QFX5110 switches, the Fan LED turns amber randomly. PR1398349

  • The interrupt process consumes high CPU because of the intr{swi4: clock (0)} on QFX5100-48t-6Q running a QFX5100 Series image and Junos OS Release 18.x code. PR1398632

  • The DHCPv6 relay packets are dropped when both the UDP source and destination ports are 547. PR1399067

  • CPU hog might be observed on QFX10,000 Series platform. PR1399369

  • The DHCPv6 relay-reply packet might be dropped by the DHCP relay. PR1399683

  • SFP-LX10 transceivers do not work on QFX5110. PR1399878

  • PEM I2C failure alarm might be shown incorrectly as failed. PR1400380

  • Only one Packet Forwarding Engine might be disabled on FPC with multiple Packet Forwarding Engines in error/wedge condition. PR1400716

  • The authd might crash when issuing show network-access requests pending command when restarting the authd process. PR1401249

  • File permissions are changed for /var/db/scripts files after reboot. PR1402852

  • The STP does not work when aggregated Ethernet interfaces number is "ae1000" or above in QFX5000 and "ae480" or above in other QFX Series switches. PR1403338

  • The DHCP discover packets are forwarded out of an interface incorrectly if DHCP snooping is configured on that interface. PR1403528

  • The VRRP VIP might not work when it is configured on the LAG interface. PR1404822

  • ARP/ND is not resolved if native VLAN ID configured for LAG access interface. PR1404895

  • Executing the request system configuration rescue save command might fail with error messages. PR1405189

  • DHCP might not work for some clients in dual AD fusion setup on EP ports. PR1405495

  • The DHCP discover packets might be dropped over VXLAN tunnel if DHCP relay is enabled for other VXLAN/VLANs. PR1408161

  • MAC address movement might not happen in flexible Ethernet services mode when family inet/inet6 and vlan-bridge are configured on the same physical interface. PR1408230

  • Fan failure alarms might be seen on QFX5100-96S after upgrading to Junos OS Release 17.3R1. PR1408380

  • Restarting line card on QFX10008 and QFX10016 with MC-LAG enhanced-convergence might cause intra-VLAN traffic to get silently dropped and discarded. PR1409631

  • The FPC might crash and might not come up if interface-num or next hop is set to maximum value under vxlan-routing on QFX Series platforms. PR1409949

  • LLDP memory leak when ieee dcbx packet is received in autonegotiation mode followed by another dcbx packet with none of ieee_dcbx tlvs present. PR1410239

  • On EX2300-24P, the following error message is observed. dc-pfe: BRCM_NH-,brcm_nh_resolve_get_nexthop(),346:Failed to find if family. PR1410717

  • Traffic loss might be observed after VXLAN configuration change. PR1411858

  • The spfe on satellite device in a Junos Fusion setup might crash and it could cause the satellite device to go offline. PR1412279

  • The PEM alarm for the backup FPC remains on the master FPC though backup FPC is detached from the Virtual Chassis. PR1412429

  • Junos PCC might reject PCUpdate/PCCreate message if the metric type is not type 2. PR1412659

  • On QFX5000, EVPN or VXLAN mutlicast next-hop limit is 4000. PR1414213

  • Virtual Chassis ports using DAC might not establish links on the QFX5200. PR1414492

  • VXLAN encapsulation nexthop (VENH) does not get installed during BGP flap or restart routing. PR1415450

  • Traffic loss might be seen on the aggregated Ethernet interface on QFX10000 platforms. PR1418396

  • Rebooting QFX5200-48Y using request system reboot does not take physical links offline immediately. PR1419465

  • Ping fails over Type-5 tunnel on IRB interfaces under EVPN-VXLAN scenario. PR1420785

  • Error messages might be seen on QFX10,000 platforms during DFE tuning. PR1421075

  • BFD might get stuck in slow mode on QFX10002, QFX10008, and QFX100016 platform. PR1422789

  • QFX5100-48T 10G interface might be autonegotiated at 1-Gbps speed instead of 10-Gbps. PR1422958

  • The interface cannot start up when the remote-connected interface only supports only 100M in QFX5100 Virtual Chassis setup. PR1423171

  • All interfaces might go down and the dcpfe might crash if SFP-T is inserted on QFX5210. PR1424090

  • IPv6 neighbor solicitation packets for link-local address are dropped when passing through QFX10002-60C. PR1424244

  • All interfaces creation failed after NSSU. PR1425716

  • Heap memory leak might be seen on QFX10,000 platforms. PR1427090

  • Licenses using the flag for OVSDB on show system license might not be flagged even though OVSDB is configured and working. PR1428207

  • On EVPN-VXLAN, the L2ALD generates a core files are generated when number of VXLAN hardware IFBDS exceeds the maximum limit of 16,382. PR1428936

  • DHCP-relay might not work in an EVPN-VXLAN scenario. PR1429536

  • Interface on QFX Series devices does not come up after the transceiver is replaced with one having different speed. PR1430115

  • On the QFX10000 line of devices, when incoming packets are processed by interfaces that have the hold-down timer configured, packets are forwarded through the ASIC. PR1430722

  • On QFX switches Validation of meta data files failed on hypervisor. PR1431111

  • On QFX5110 SFP-T, all ingress traffics are dropped on 100M fixed-speed port configured with no autonegotiation. PR1431885

  • LASER TX remained enabled while interface is disabled using the Routing Engine CLI configuration. PR1436286

  • Transit DHCPv6 packets might be dropped on QFX5100 and QFX5200 platforms. PR1436415

  • On QFX5110, QFX5200, and QFX5210 switches, there is no jnxFruOK SNMP trap message when the power cable is disconnected and connected back. PR1437709

Interfaces and Chassis

  • The dcpfe process might crash on using an unsupported GRE interface configuration. PR1369757

  • Changing the value of mac-table-size to default might cause all FPCs to reboot. PR1386768

  • The logical interfaces in EVPN routing instances might flap after committing configurations. PR1425339

Junos Fusion Satellite Software

  • Extended port (EP) LAG might go down on the satellite devices (SDs) if the related cascade port (CP) links to an aggregation device (AD) go down. PR1397992

Layer 2 Ethernet Services

  • The malfunction of the core isolation feature in EVPN-VXLAN scenarios causes traffic drop and gets discarded. PR1417729

  • Continuous MAC change might cause CPU hogs and FPC reboots. PR1424653

Layer 2 Features

  • VXLAN next-hop entry leak issue is seen on QFX5100 and QFX5200 line of switches. PR1387757

  • With IGMP snooping enabled on the leaf switches, multicast traffic is forwarded to VLAN/VNI which does not have an active receiver. PR1388888

  • On QFX Series switches, error message Failed with error (-7) while deleting the trunk 1 on the device 0. PR1393276

  • On EVPN-VXLAN, the DCPFE restarts at the _bcm_field_td_counter_last_hw_val_update routine after upgrading spine with the latest image. PR1398251

  • ARP response packets might include an incorrect VLAN ID and VNI. PR1400000

  • The dcpfe process might crash when the Packet Forwarding System with scaled EVPN/VXLAN configuration restarts. PR1403305

  • EVPN-VXLAN unicast IPv6 NS message gets flooded on Layer 3 gateway. Therefore, both IPv4 and IPv6 traffics get dropped on Layer 2 switch. PR1405814

  • The IPv6 NS/NA packets received over VTEP from an ESI host are incorrectly flooded back to the host. PR1405820

  • IGMP-snooping on EVPN-VXLAN might cause the flooding of OSPF hello packets after VTEP leaf reboot. PR1406502

  • QFX5110 Virtual Chassis generates DDoS messages of different protocols on inserting a 1G/10G SFP or forming VCP connection. PR1410649

  • With arp-suppression enabled, QFX5100 and QFX5200 might not forward IPv6 router solicitations or advertisements packets. PR1414496

Network Management and Monitoring

  • The chassisd might crash and restart after the AGENTX session time out between master (snmpd) and sub-agent. PR1396967

  • Log files might not get compressed during the upgrade. PR1414303

Platform and Infrastructure

  • The Platform failed to bind rewrite message might be seen when chassis control is restarted with the CoS rewrite rule configured on aggregated Ethernet interface. PR1315437

Routing Protocols

  • BUM packets might get looped if EVPN multihoming interface flaps. PR1387063

  • Autonegotiation errors and flush operation failed error is seen after the power cycle of the device. PR1394866

  • On QFX5110 and QFX5200 switches, EVPN-VXLAN non-collapsed dcfpe core file is seen at brcm_pkt_tx_flush, l2alm_mac_ip_timer_handle_expiry_event_loc, after the random event. PR1397205

  • The rpd soft core file is seen and inappropriate route selection might be seen when Layer 2 VPN is used. PR1398685

  • The FPC/dcpfe process might crash because of the interface flap. PR1408428

  • Host-generated ICMPv6 RA packets might be dropped on the backup member of a Virtual Chassis if igmp-snooping is configured. PR1413543

  • The QFX Series switches might not install all IRB MAC addresses in the initialization. PR1416025

  • On QFX5200 switches, consistent traffic flow is seen. But the hash for ECMP next hop is not consistent. PR1422324

  • After deleting IRB logical interface, MAC entry for the IRB is deleted for the IRB hardware address, packets destined to other IRB logical interfaces where MAC is not configured. PR1424284

Spanning Tree Protocols

  • The l2cpd might crash if the VSTP traceoptions and VSTP VLAN all commands are configured. PR1407469

Resolved Issues: 18.2R2

Class of Service (CoS)

  • The packets with destination-address 224.0.0.0/4 cannot be matched by loopback filter. PR1354377

EVPN

  • The QFX10000 might drop if transited traffic comes from MPLS network to VXLAN/EVPN. PR1360159

  • The l2ald core file is generated at l2ald_get_bd_client in qfx10k2: EVPN-VXLAN. PR1365254

  • Increased risk of routing crash with temporary impact on traffic on QFX10000 or QFX5100 nodes with certain configuration changes or clearing L2 or L3 learning information a high-scale EVPN-VXLAN configuration environment. PR1365257

  • Proxy ARP might not work as expected in an EVPN environment. PR1368911

  • QFX10000 or import default IPv6 route to VRF causes infinite entries to get created in 'evpn ip-prefix-database' and become unstable. PR1369166

  • VTEP's MAC address might not be learned in the Ethernet switching table. PR1371995

  • The statement [evpn_vxlan] [virtual_switch] show ethernet-switching vxlan-tunnel-end-point esi shows large number of MAC count on QFX10000. PR1394982

General Routing

  • After zeroizing, QFX5100 is treating 40G AOC uplink as 4x10g breakout on enabling auto-channelization. PR1317872

  • On the QFX10016 EVPN-VXLAN, it takes upto 3 minutes for traffic to converge when configured. PR1323042

  • Port 0 does not come up in QFX5100-48t member in mixed VCF. PR1323323

  • CoS is incorrectly applied on Packet Forwarding Engine leading to egress traffic drop. PR1329141

  • Status LED on the chassis does not show up on QFX10002-60c. PR1332991

  • AI-script does not get auto upgrade unless it is manually done after a Junos OS upgrade. PR1337028

  • On QFX5100 platforms, LR4 QSFP can take up to 15 minutes to come up after Virtual Chassis reboot. PR1337340

  • On the QFX10000 platforms, VRRP function does not work well when it is configured on sub-interfaces. PR1338256

  • On QFX5200, unified ISSU from Junos OS Release 17.2X75-D41 to Junos OS Release 18.2 will be aborted when dcpfe crashes. PR1338300

  • PAFXPC core file is generated when a remote member physical interface is referenced in show dcbcm ifd <ifd-name> on QFX5100 platform configured in a VC. PR1343701

  • On QFX5100, FAN RPM fluctuates when temperature sensor reaches its threshold. PR1345181

  • On QFX10000 platforms, NETCONF SSH TCP port 830 traffic hits host path or unclassified queue. PR1345744

  • Backup Routing Engine might experience a crash, causing vmcore to be generated on master Routing Engine, master Routing Engine performance will not be affected. PR1346218

  • Blackholing traffic with destination MAC matching the virtual gateway MAC might be seen. PR1348659

  • The BGP session might flap after changing the extended-vni-list under EVPN hierarchy. PR1349600

  • QFX5100 40G port has an interoperability issue with some other vendors. PR1349664

  • Bogus DDoS counter values and syslog messages could be seen after clearing DDoS statistics for a specific protocol on QFX10000 Series switches. PR1351212

  • ARP learning might fail after changing the interface MAC address. PR1353241

  • On EVPN-VXLAN the VXLAN traffic might be lost in EVPN type 2 and type 5 scenario. PR1355773

  • "Load averages" output under show chassis routing-engine shows "nan" periodically. PR1356676

  • The IGMP membership report packets might not be forwarded over an interface on QFX10000. PR1360137

  • On QFX10000 platform, packets will be dropped when virtual-gateway-address is configured on an IRB interface associated with a non-vxlan VLAN. PR1360646

  • FEC is incorrectly displayed on QFX10002-36Q and QFX5110. PR1360948

  • The GTP traffic might not be hashed correctly on aggregated Ethernet interface. PR1361379

  • On QFX10000 platforms, the clear services accounting statistics inline-jflow fpc-slot command does not work. PR1362396

  • VME interface might be unreachable after the link flap of em0 on master FPC. PR1362437

  • Traffic might not be forwarded when the member link of the aggregated Ethernet is added or deleted. PR1362653

  • 1G interface might stop working when "auto-negotiation" is off by default. PR1362977

  • The kernel displays syslog message for the configuration tcp_timer_keep Dropping socket connection. PR1363186

  • On QFX10008 and QFX10016 platforms, MPLS exp rewrite might not work for IPv6 and IPv4 traffic. PR1364391

  • Traffic loss is observed when unified ISSU is performed when aggregated Ethernet interfaces is configured with LACP protocol. PR1365316

  • Root password recovery process does not work. PR1365740

  • The l2cpd process might crash when configuring MVRP with private VLAN and RSTP interface all. PR1365937

  • SFP-T might not work on QFX5100 and QFX5110 devices. PR1366218

  • The tagged traffic is dropped in the untagged EVPN/VXLAN scenario. PR1366336

  • The chassisd might crash after issuing the CLI show chassis hardware. PR1366746

  • On QFX10002-60C and QFX10000-30C platforms, some interfaces do not come up during initialization after a reboot. PR1368203

  • On QFX Series switches IS-IS adjacency with another vendor’s switches might go down. PR1368913

  • The commit or commit check might fail because of the error cannot have lsp-cleanup-timer without lsp-provisioning. PR1368992

  • In certain routing topologies with sFlow configured, sampled packets might be duplicated and sFlow records are not sent to the collector. PR1370464

  • On QFX10000 platforms, before the Junos OS Release 17.3R3 code, the maximum number of ESI logical interfaces is 4000 in the Packet Forwarding Engine. PR1371414

  • On QFX5100, the IPv6 routed packet will be transmitted though VRRP state is in transition to master. PR1372163

  • Packets might be dropped after deleting a filter from an interface. PR1372957

  • MAC refresh packet might not be sent out from the new primary link after RTG failover. PR1372999

  • TPI-50840 BUM traffic received on 5110 is not flooded to all remote vteps. PR1373093

  • BOOTP packets might be dropped if BOOTP-support is not enabled at the global level. PR1373807

  • LLDP might stop fully working between QFX10000 and non-Juniper device. PR1374321

  • On QFX5110 Ethernet-switching flood group shows incorrect information. PR1374436

  • Only loopback interface is supported under VRF routing instances. PR1375130

  • Same address family [Subnet IFL or IRB IFL but not both] needs to be configured for establishing VTEPs. PR1376996

  • The auto-negotiation interface might go down if the opposite device supports only 10/100M auto-negotiation. PR1377298

  • Deleting an IRB interface might affect other IRB interfaces if the same custom MAC address is configured. PR1379002

  • L3VPN traffic might be dropped because of one core-facing interface down. PR1380783

  • A QFX5xxx packet forwarding engine (PFE) might show DISCARD next hop for overlay-bgp-lo0-ip in a leave-spine topology. PR1380795

  • Virtual Chassis master is copying /var/db/ovs database to backup every 10 seconds which causes a high write IO and shorten the SSD lifetime in Open vSwitch Database (OVSDB) environment. PR1381888

  • EVPN-VXLAN ARP and NDP proxy is not working. PR1382483

  • The Packet Forwarding Engine might crash if the GRE destination IP is resolved over another GRE tunnel. PR1382727

  • The Layer3 interface might stop pinging directly connected link address after deleting Layer2 on physical interface. PR1384144

  • BFD sessions might flap consistently. PR1384601

  • All 1G SFP copper and 1G fiber optic links remain up on QFX10008 after all SIBs/FPCs are offline. PR1385062

  • The IPv6 packet might not be routed when IPv6 packet is encapsulated over IPv4 GRE tunnel on QFX10000. PR1385723

  • The spine EVPN routes might get stuck in a hidden state with next hop as unusable after FPC is offline in the spine. PR1386147

  • Intra PoD traffic drop observed with trap code sw.egnh.cfg_discard and VXLAN/VTEP programming missing. PR1387593

  • CPSM daemon memory leak in VMHOST. PR1387903

  • On QFX10000 platforms, MAC learning might stop working on some LAG interfaces after frequent MAC moves. PR1389411

  • BFD flaps are seen on QFX10000 platforms with inline BFD. PR1389569

  • IPv6 next hop programming issue is observed on QFX10016 device running on Junos OS Release 15.1X53-D67. PR1393937

  • The l2ald core file seen when Layer 2 learning traceoptions are enabled. PR1394380

  • On QFX5110 Virtual Chassis, after Routing Engine switchover, LACP will be down on a peer device and will never been recovered automatically. PR1395943

  • If GRES and NSR is enabled on a QFX5100 (single Routing Engine), DHCP subscribers fails to bind. PR1396470

Infrastructure

  • On QFX5100, enabling mac-move-limit stops ping on flexible-vlan-tagging enabled interface. PR1357742

Interfaces and Chassis

  • MC-LAG peer does not send ARP request to the host. PR1360216

  • On QFX products, the CLI allows to configure more sub-interface than the limit of 2048 sub-interfaces on lag interface from Junos OS Release 17.2R1. PR1361689

  • On QFX5200 MCLAG, parse_remove_ifl_from_routing_inst() ERROR: No route inst on et-0/0/16.16386, errors are seen after restarting l2cpd daemon. PR1373927

Layer 2 Features

  • On QFX5100, the Junos OS Release 14.1X53-D46.7 the storm control profile is missing for interfaces in hardware. PR1354889

  • LACP packets are getting dropped with native-vlan-id configured after reboot. PR1361054

  • The dcpfe or fxpc process might crash on Packet Forwarding Engines with low memory when a huge memory is allocated. PR1362332

  • QFX5000 Virtual Chassis acting as EVPN-VXLAN ARP proxy might cause ARP resolution to fail. PR1365699

  • Hashing does not work for the IPv6 packet encapsulated in VXLAN scenario. PR1368258

  • When native-vlan-id is configured for aggregated Ethernet LACP session to multihomed server goes down. PR1369424

  • A port might still work if it is deleted from an aggregated Ethernet interface. PR1372577

  • DHCP discover packets might be dropped if there is VXLAN configured. PR1377521

  • Packets might be dropped on AD in Junos Fusion Data Center environment. PR1377841

  • The dcpfe process might crash while changing MTU of physical ports for GRE. PR1384517

  • The LACP might be detached state when deleting native-vlan-id on aggregated Ethernet interface with flexible-vlan-tagging configured. PR1385409

  • The dcpfe core might be observed when doing “restart routing" or BGP neighbors flaps when EVPN-TYPE 5 routes are present. PR1387360

  • On QFX5000 switches, EVPN-VXLAN fails to forward the IPv6 NS packet from remote VTEP to local host. PR1387519

  • The dcpfe process might crash after VXLAN overlay ping. PR1388103

  • RTG MAC refresh packets will be sent out from non-RTG ports if the RTG interface belonging to Virtual Chassis master flaps. PR1389695

  • Cisco Discovery Protocol (CDP) packets are not forwarded by QFX10000. PR1389829

MPLS

  • LSP might not be established properly between QFX5000 and other devices. PR1351055

  • The LSP might remain UP even if no path is acceptable because of CSPF failure. PR1365653

  • NO-propogate-TTL acts on MPLS swap operation. PR1366804

  • LSP with auto-bandwidth enabled goes down during HMC error condition. PR1374102

  • On QFX10000, the LSP statistics and autobandwidth functionality do not work on QFX10002 with single hop LSP. It works with multi-hop LSP. PR1390445

Platform and Infrastructure

  • On Junos OS, the next hop index allocation fails. The private index space exhausts through incoming ARP requests to management interface (CVE-2018-0063). PR1360039

  • When migrating from VPLS to EVPN vlan-aware, after adding routing-instance configuration with protocols evpn extended-vlan-list, the traffic is dropped on Packet Forwarding Engine as "invalid L2 token". PR1368802

  • Traffic is silently dropped and discarded with indirect next hop and load balancing. PR1376057

  • LSI binding is missing upon nd6 entry refresh after l2ifl flap. PR1380590

  • IRB interface does not turn down when master of Virtual Chassis is rebooted or stopped. PR1381272

Routing Protocols

  • On QFX5100 platforms, parity errors in L3 IPv4 table in the Packet Forwarding Engine memory might result in traffic getting silently dropped and discarded. PR1364657

  • The dcpfe might crash and all interfaces flap. PR1369011

  • If a QFX5100 device has a host route with ECMP next hops and receives a better path with single next hop then the next hop in hardware will not be changed. PR1387713

Software Installation and Upgrade

  • Commit might fail in single-user mode. PR1368986

Resolved Issues: 18.2R1

EVPN

  • Error message JPRDS_DLT_ALPHA KHT shows as failed, but the entries in hardware are programmed correctly. PR1258933

  • In an EVPN-VXLAN setup, IPv6 packet loss is observed after normal traffic run rate. PR1267830

  • The sub interface from same physical port do not work if configured under same VXLAN VLAN. PR1278761

  • When a VLAN uses an IRB interface as the routing interface, the vlan-id parameter must be set to "none" to ensure proper traffic routing. PR1287557

  • VXLAN traffic loss is observed after deleting and adding VLANs. PR1318045

  • Core link flap might result in an inconsistent global MAC count. PR1328956

  • On QFX5100, with EVPN-VXLAN, the leaf device is forwarding traffic to the incorrect VTEP after MAC move/vmotion. PR1335431

  • Traffic might be lost on Layer2 and Layer3 spine node in multihome EVPN scenario. PR1355165

  • In an EVPN-VXLAN environment, BFD flap causes VTEP to flap and the Packet Forwarding Engine crashes. PR1339084

  • The routing protocol process (rpd) crashes and generates a core file on QFX Series switches with multiple VLANs with vlan-id zero, unique VNID. PR1342351

  • The traffic might get dropped because the core is down. PR1343515

General Routing

  • C0 fiber link does not come up. PR1298876

  • Traffic loss might be seen while sending traffic through the 40G interface. PR1309613

  • Traffic loss is observed while performing NSSU. PR1311977

  • Certain IGMP join packets cannot be processed correctly at a high rate. PR1314382

  • Transit traffic over GRE tunnel might hit the CPU and trigger a DDoS violation on the L3 next hop. PR1315773

  • Packets such as TDLS without IP header are looped between virtual gateways. PR1318382

  • Chassis MIB SNMP OIDs for VC-B member chassis are not available after MX Series Virtual Chassis unified ISSU. PR1320370

  • The MAC address get stuck with "DR" flag on the spine node even though packets are received on the interface from source MAC. PR1320724

  • The OpenFlow session cannot be established correctly with controller and interfaces options configured on QFX5100 switches. PR1323273

  • On a QFX10000 platform deployed in a spine layer without any CE interfaces attached, the ARPs will not get resolved on the spine, and traffic drop might be observed. PR1324739

  • The GRE traffic is not decapsulated by the firewall filter. PR1325104

  • VLAN or VLAN bridge might not be added or deleted if there is an IFBD HW token limit exhaustion. PR1325217

  • Unable to configure persistent learning using CLI set switch-options interface <interface-name> because no option is found PR1325313

  • MAC move is not expected when disabled globally with CLI set protocols l2-learning global-mac-move disable-action. PR1325524

  • MAC aging is not happening on lag interface. PR1325555

  • ARP request packets might not be flooded on QFX5110. PR1326022

  • On QFX5210, when the physical interface is down, the CLI show chassis LED still shows "Green". PR1326078

  • The major alarm about Fan and PSU Airflow direction mismatch might be seen by removing the management cable. PR1327561

  • Deleting one VXLAN might cause traffic loop on another VXLAN in a multihoming EVPN and VXLAN scenario with the service provider style interface. PR1327978

  • On QFX10002, a major alarm should be cleared once the chassis has more PEM units installed than the "minimum PEM" configuration. PR1327999

  • A FAN tray removal or insertion trap is not generated for the backup FPC. PR1329031

  • IRB physical interface static MAC address is not taking effect. PR1329032

  • The CLI command set chassis fpc 0 pic has an option of PIC numbers 0 to 2, but the hardware only has one PIC. PR1329105

  • The etherStatsCRCAlignErrors port counters might disappear in the SNMP tree. PR1329713

  • After commit, members of Virtual Chassis or VCF are split and some members might get disconnected. PR1330132

  • The rpd generates a core file on new backup Routing-Engine at task_quit,task_terminate_timer_callback,task_timer_dispatch,task_scheduler after disabling NSR+GRES. PR1330750

  • On QFX10002-36Q, DHCP relay or server not working on GRE interface. PR1331158

  • PTP BC with its PTP slave interface configured on a 100-Gigabit Ethernet interface might get stuck in FREERUN state. PR1331752

  • Adding or deleting a tunnel configuration might result in FPC crash in a scaled GRE tunnels scenario. PR1331983

  • On QFX5210, for some of the UFT profiles, the UFT is not able to scale the s,g entries to around 95 percent of the supported scale. PR1332170

  • The error messages out of HMC range and HMC READ faild are seen. PR1332251

  • Traffic does not flow through VCP ports after rebooting the Virtual Chassis members. PR1332515

  • In an EVPN-VXLAN environment, DF drops multicast traffic. PR1333069

  • The SDHCPv6 SOLICIT message is dropped. PR1334680

  • Ethernet frame with Ethernet type of 0x8922 might be modified at egress by QFX10000. PR1334711

  • The chassis reboots continuously when USB drive is connected after image recovery through USB and after CLI image install. PR1335269

  • The supported scale for logical interface-based GRE tunnel on QFX10002-60C is 512. PR1335681

  • The CLI command for beacon port state is not supported on QFX10002-60C. PR1337125

  • SNMP jnxBoxDescr oid returns different value when upgrading to Junos OS Release 17.2. PR1337798

  • The traffic coming from the remote VTEP PE device might get dropped. PR1338532

  • The analyzer status might show as down when port mirroring is configured to mirror packets from an aggregated Ethernet member. PR1338564

  • The VXLAN traffic might not be transmitted correctly with IRB interface as underlay interface of VTEP tunnel. PR1338586

  • Reduced multicast scale with downstream IRB interfaces with snooping enabled. PR1340003

  • Inconsistent result is seen in QFX5200 after using deactivate xxx command in pfc-priority and no-loss context. PR1340012

  • IPv4 traffic routed out through incorrect interface after rpd restarts in leaf of IPCLOS profile. PR1341381

  • In an EVPN-VXLAN, L3 traffic is not getting converged properly upon disabling the ECMP link between the spine and the leaf with EVPN-VXLAN configurations. PR1343172

  • BPDU packets might get dropped and bpdu-block-on-edge might not work. PR1343330

  • Broadcast frames might be modified with the ethertype 0x8850. PR1343575

  • In an EVPN/VXLAN, VLAN with flexible-tag mode, the xe statistics is not updated for ingress. PR1343746

  • Implement [edit interfaces interface-name ether-options] configured-flow-control option for QFX Series switches. PR1343917

  • EVPN-VXLAN: ARP packet uses VRRP/virtual-gateway MAC in Ethernet header instead of IRB MAC address. PR1344990

  • QFX5100 - Fan RPM fluctuates when temperature sensor reaches its threshold. PR1345181

  • FXPC process might generate a core file while removing a VXLAN configuration. PR1345231

  • Incorrect inner VLAN tag is sent from QFX10000 platform with Q-in-Q configured on the Layer3 sub-interface. PR1346371

  • In QFX10000 SFlow scaling scenario, error messages are seen in syslog messages with respect to SFlow after configuring multiple LAG interfaces under SFlow protocol. PR1346493

  • On QFX5100, in an EVPN a DCPFE core file is generated at src/pfe/common/pfe-arch/brcm/applications/virtual/brcm_vxlan.c:2185. PR1346980

  • QFX5100-48T 10G interface might be auto-negotiated at 100M speed instead of 10G. PR1347144

  • The IPFIX flow statistics are incorrect in the exported record. PR1347229

  • Part numbers and serial numbers are not displayed for any of the 10G optics or DAC connected. PR1347634

  • QFX10000 systems might encounter a chassis alarm indicating FPC 0 Major Errors - PE Error code: 0x2100ba. PR1347805

  • Once in QFX10002-60C VMHOST crash is observed at prds_if_ifl_get_gre_stats (ifl=0x9288a608, expr_ifl_l2d_stats=0x2cd3790c), just after configuring GR interface on it. PR1348932

  • The pfed process consumes 80 to 90 percent CPU running subscriber management on PPC-based routers. PR1351203

  • DCPFE process might crash on QFX10000 switches. PR1351503

  • The GTP traffic might not be hashed correctly for AE interface. PR1351518

  • RPC output not showing failure when running request system software add with software already staged. PR1353466

  • SFP-LX10 stay in up or down when connected. PR1353677

  • The alarm errors might be seen during the bootup on QFX10000. PR1354582

  • Untagged packets might not be forwarded through the trunk port. PR1355338

  • On QFX5110 platforms, LX10 SFP needs to be reinserted after autonegotiation is enabled or disabled. PR1355746

  • TPI-50840: qfx5110 ethernet-switching flood group shows incorrect information PR1374436

  • Only loopback interface is supported under vrf routing instances PR1375130

Interfaces and Chassis

  • If customer virtual local area network (CVLAN) range-16 (for example, vlan-id-list 30-45) is configured in a Q-in-Q (802.1ad) scenario, all the 16 VLANs might not pass traffic. PR1345994

Junos Fusion Satellite Software

  • AD failure (power off) in a DC fusion is causing complete or partial traffic loss for extended period. PR1352167

Layer 2 Features

  • MAC learning might fail for device on extended port of satellite device after MAC moving in a Junos Fusion scenario. PR1324579

  • The DHCP discover packets might be looped in an MC-LAG and DHCP-Relay scenario. PR1325425

  • In QFX5100, with multiple logical units configured on an interface, input-vlan-map POP does not remove outer vlan-tag when Q-in-Q and VXLAN are involved. PR1331722

  • Push is not working for VXLAN local switching with the Q-in-Q. PR1332346

  • Interface with flexible-vlan-tagging and family ethernet-switching does not work on QFX10000. PR1337311

  • The DCPFE/FXPC process might crash and generate a core file. PR1362332

MPLS

  • In a QFX5100, a unified ISSU is not supported with MPLS configuration. PR1264786

  • A traffic drop is seen during NSR switchover for RSVP P2MP provider tunnels used by MVPN. PR1293014

  • MPLS forwarding might not happen properly for some LSPs. PR1319379

  • The rpd might crash on the backup Routing Engine because of memory exhaustion. PR1328974

  • The hot standby for l2 circuit does not work on QFX5000. PR1329720

Multicast

  • An aggregated Ethernet or IRB configuration causes kernel crash vmcore , and causes chassis or FPC reboot. PR1335904

Platform and Infrastructure

  • The ARP might not update, and packets might get dropped at the Routing Engine. PR1348029

  • When a Junos OS image is shipped with translation scripts downgrading to another image, stale symlinks of translation scripts at the time of mgd initialization leads box going into amnesiac state. PR1341650

Routing Protocols

  • The copy-tos-to-outer-ip-header command is not supported, because of the hardware limitation. PR1313311

  • Some of the IPv4 multicast routes in the Packet Forwarding Engine might fail to install and update. PR1320723

  • In QFX5100, consistent hashing is not getting programmed. PR1322299

  • QFX10002-60C is not supported as FHR in multicast PIM SM based network. PR1324116

  • IS-IS L2 Hello packets are dropped when they come from a Brocade device. PR1325436

  • Degradation is seen in some OSPF parameters and some of the RIB parameters are improved. PR1329921

  • The loopbacked IRB interface is not accessible to the remote network. PR1333019

  • The dcpfe crashes in a route leak scenario on QFX10000. PR1334714

  • The rpf-check-policy does not work as expected. PR1336909

  • On QFX5000 Series switches, BGP might be down due to the congestion state of CPU on receiving Ethernet pause frames. PR1343597

  • DF is not working; ping fails if MTU is different on the interfaces. PR1345495

  • The vrf-fallback on QFX5000 is not supported in ALPM mode. PR1345501

  • IPv6 packets with hop-by-hop header cannot be matched using filters. PR1346052

Documentation Updates

There are no errata or changes in Junos OS Release 18.2R3 documentation for the QFX Series.

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network.

Upgrading Software on QFX Series Switches

When upgrading or downgrading Junos OS, always use the jinstall package. Use other packages (such as the jbundle package) only when so instructed by a Juniper Networks support representative. For information about the contents of the jinstall package and details of the installation process, see the Installation and Upgrade Guide and Junos OS Basics in the QFX Series documentation.

If you are not familiar with the download and installation process, follow these steps:

  1. In a browser, go to https://www.juniper.net/support/downloads/junos.html.

    The Junos Platforms Download Software page appears.

  2. In the QFX Series section of the Junos Platforms Download Software page, select the QFX Series platform for which you want to download the software.
  3. Select 18.2 in the Release pull-down list to the right of the Software tab on the Download Software page.
  4. In the Install Package section of the Software tab, select the QFX Series Install Package for the 18.2 release.

    An Alert box appears.

  5. In the Alert box, click the link to the PSN document for details about the software, and click the link to download it.

    A login screen appears.

  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.
  7. Download the software to a local host.
  8. Copy the software to the device or to your internal software distribution site.
  9. Install the new jinstall package on the device.Note

    We recommend that you upgrade all software packages out of band using the console, because in-band connections are lost during the upgrade process.

    Customers in the United States and Canada use the following command:

    user@host> request system software add source/jinstall-host-qfx-5-x86-64-18.2-R2.n-secure-signed.tgz reboot

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the switch.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname (available only for Canada and U.S. version)

    Adding the reboot command reboots the switch after the upgrade is installed. When the reboot is complete, the switch displays the login prompt. The loading process can take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note

After you install a Junos OS Release 18.2 jinstall package, you can issue the request system software rollback command to return to the previously installed software.

Installing the Software on QFX10002-60C Switches

This section explains how to upgrade the software, which includes both the host OS and the Junos OS. This upgrade requires that you use a VM host package—for example, a junos-vmhost-install-x.tgz .

During a software upgrade, the alternate partition of the SSD is upgraded, which will become primary partition after a reboot .If there is a boot failure on the primary SSD, the switch can boot using the snapshot available on the alternate SSD.

Note

The QFX10002-60C switch supports only the 64-bit version of Junos OS.

Note

If you have important files in directories other than /config and /var, copy the files to a secure location before upgrading. The files under /config and /var (except /var/etc) are preserved after the upgrade.

To upgrade the software, you can use the following methods:

If the installation package resides locally on the switch, execute the request vmhost software add <pathname><source> command.

For example:

user@switch> request vmhost software add /var/tmp/junos-vmhost-install-qfx-x86-64-18.2R3.9.tgz

If the Install Package resides remotely from the switch, execute the request vmhost software add <pathname><source> command.

For example:

user@switch> request vmhost software add ftp://ftpserver/directory/junos-vmhost-install-qfx-x86-64-18.2R3.9.tgz

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Installing the Software on QFX10002 Switches

Note

If you are upgrading from a version of software that does not have the FreeBSD 10 kernel (15.1X53-D30, for example), you will need to upgrade from Junos OS Release 15.1X53-D30 to Junos OS Release 15.1X53-D32. After you have installed Junos OS Release 15.1X53-D32, you can upgrade to Junos OS Release 15.1X53-D60 or Junos OS Release 18.2R3.

Note

On the switch, use the force-host option to force-install the latest version of the Host OS. However, by default, if the Host OS version is different from the one that is already installed on the switch, the latest version is installed without using the force-host option.

If the installation package resides locally on the switch, execute the request system software add <pathname><source> reboot command.

For example:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-f-x86-64-18.2R3.n-secure-signed.tgz reboot

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> reboot command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-f-x86-64-18.2R3.n-secure-signed.tgz reboot

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Upgrading Software from Junos OS Release 15.1X53-D3X to Junos OS Release 15.1X53-D60, 15.1X53-D61.7, 15.1X53-D62, and 15.1X53-D63 on QFX10008 and QFX10016 Switches

Note

Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://www.juniper.net/support.

The switch contains two Routing Engines, so you will need to install the software on each Routing Engine (re0 and re1).

If the installation package resides locally on the switch, execute the request system software add <pathname><source> command.

To install the software on re0:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re0

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re0 command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re0

To install the software on re1:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re1

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re1 command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re1

Reboot both Routing Engines.

For example:

user@switch> request system reboot both-routing-engines

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Installing the Software on QFX10008 and QFX10016 Switches

Because the switch has two Routing Engines, perform a Junos OS installation on each Routing Engine separately to avoid disrupting network operation.

Note

Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://www.juniper.net/support.

Warning

If graceful Routing Engine switchover (GRES), nonstop bridging (NSB), or nonstop active routing (NSR) is enabled when you initiate a software installation, the software does not install properly. Make sure you issue the CLI delete chassis redundancy command when prompted. If GRES is enabled, it will be removed with the redundancy command. By default, NSR is disabled. If NSR is enabled, remove the nonstop-routing statement from the [edit routing-options] hierarchy level to disable it.

  1. Log in to the master Routing Engine’s console.

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  2. From the command line, enter configuration mode:

    user@switch> configure
  3. Disable Routing Engine redundancy:

    user@switch# delete chassis redundancy
  4. Disable nonstop-bridging:

    user@switch# delete protocols layer2-control nonstop-bridging
  5. Save the configuration change on both Routing Engines:

    user@switch# commit synchronize
  6. Exit the CLI configuration mode:

    user@switch# exit

    After the switch has been prepared, you first install the new Junos OS release on the backup Routing Engine, while keeping the currently running software version on the master Routing Engine. This enables the master Routing Engine to continue operations, minimizing disruption to your network.

    After making sure that the new software version is running correctly on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the software version on the other Routing Engine.

  7. Log in to the console port on the other Routing Engine (currently the backup).

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  8. Install the new software package using the request system software add command:

    user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-f-x86-64-18.2R3.n-secure-signed.tgz

    For more information about the request system software add command, see the CLI Explorer.

  9. Reboot the switch to start the new software using the request system reboot command:

    user@switch> request system reboot
    Note

    You must reboot the switch to load the new installation of Junos OS on the switch.

    To abort the installation, do not reboot your switch. Instead, finish the installation and then issue the request system software delete <package-name> command. This is your last chance to stop the installation.

    All the software is loaded when you reboot the switch. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.

    While the software is being upgraded, the Routing Engine on which you are performing the installation is not sending traffic.

  10. Log in and issue the show version command to verify the version of the software installed.

    user@switch> show version

    Once the software is installed on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the master Routing Engine software.

  11. Log in to the master Routing Engine console port.

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  12. Transfer routing control to the backup Routing Engine:

    user@switch> request chassis routing-engine master switch

    For more information about the request chassis routing-engine master command, see the CLI Explorer.

  13. Verify that the backup Routing Engine (slot 1) is the master Routing Engine:

    user@switch> show chassis routing-engine
  14. Install the new software package using the request system software add command:

    user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-f-x86-64-18.2R3.n-secure-signed.tgz

    For more information about the request system software add command, see the CLI Explorer.

  15. Reboot the Routing Engine using the request system reboot command:

    user@switch> request system reboot
    Note

    You must reboot to load the new installation of Junos OS on the switch.

    To abort the installation, do not reboot your system. Instead, finish the installation and then issue the request system software delete jinstall <package-name> command. This is your last chance to stop the installation.

    The software is loaded when you reboot the system. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.

    While the software is being upgraded, the Routing Engine on which you are performing the installation does not send traffic.

  16. Log in and issue the show version command to verify the version of the software installed.

  17. Transfer routing control back to the master Routing Engine:

    user@switch> request chassis routing-engine master switch

    For more information about the request chassis routing-engine master command, see the CLI Explorer.

  18. Verify that the master Routing Engine (slot 0) is indeed the master Routing Engine:

    user@switch> show chassis routing-engine

Performing a Unified ISSU

You can use unified ISSU to upgrade the software running on the switch with minimal traffic disruption during the upgrade.

Note

Unified ISSU is supported in Junos OS Release 13.2X51-D15 and later.

Perform the following tasks:

Preparing the Switch for Software Installation

Before you begin software installation using unified ISSU:

  • Ensure that nonstop active routing (NSR), nonstop bridging (NSB), and graceful Routing Engine switchover (GRES) are enabled. NSB and GRES enable NSB-supported Layer 2 protocols to synchronize protocol information between the master and backup Routing Engines.

    To verify that nonstop active routing is enabled:

    Note

    If nonstop active routing is enabled, then graceful Routing Engine switchover is enabled.

    If nonstop active routing is not enabled (Stateful Replication is Disabled), see Configuring Nonstop Active Routing on Switches for information about how to enable it.

  • Enable nonstop bridging (NSB). See Configuring Nonstop Bridging on Switches (CLI Procedure) for information on how to enable it.

  • (Optional) Back up the system software—Junos OS, the active configuration, and log files—on the switch to an external storage device with the request system snapshot command.

Upgrading the Software Using Unified ISSU

This procedure describes how to upgrade the software running on a standalone switch.

To upgrade the switch using unified ISSU:

  1. Download the software package by following the procedure in the Downloading Software Files with a Browser section in Installing Software Packages on QFX Series Devices.

  2. Copy the software package or packages to the switch. We recommend that you copy the file to the /var/tmp directory.

  3. Log in to the console connection. Using a console connection allows you to monitor the progress of the upgrade.

  4. Start the ISSU:

    • On the switch, enter:

      where package-name.tgz is, for example, jinstall-host-qfx-10-f-x86-64-18.2R3.n-secure-signed.tgz.

    Note

    During the upgrade, you cannot access the Junos OS CLI.

    The switch displays status messages similar to the following messages as the upgrade executes:

    Note

    A unified ISSU might stop, instead of abort, if the FPC is at the warm boot stage. Also, any links that go down and up will not be detected during a warm boot of the Packet Forwarding Engine (PFE).

    Note

    If the unified ISSU process stops, you can look at the log files to diagnose the problem. The log files are located at /var/log/vjunos-log.tgz.

  5. Log in after the reboot of the switch completes. To verify that the software has been upgraded, enter the following command:

  6. Ensure that the resilient dual-root partitions feature operates correctly, by copying the new Junos OS image into the alternate root partitions of all of the switches:

    Resilient dual-root partitions allow the switch to boot transparently from the alternate root partition if the system fails to boot from the primary root partition.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2, and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.

You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.

Product Compatibility

Hardware Compatibility

To obtain information about the components that are supported on the devices, and the special compatibility guidelines with the release, see the Hardware Guide for the product.

To determine the features supported on QFX Series switches in this release, use the Juniper Networks Feature Explorer, a Web-based application that helps you to explore and compare Junos OS feature information to find the right software release and hardware platform for your network. Find Feature Explorer at https://pathfinder.juniper.net/feature-explorer/.

Hardware Compatibility Tool

For a hardware compatibility matrix for optical interfaces and transceivers supported across all platforms, see the Hardware Compatibility tool.