Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for the QFX Series

 

These release notes accompany Junos OS Release 18.3R3 for the QFX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

New and Changed Features

This section describes the new features and enhancements to existing features in the Junos OS main release and the maintenance releases for the QFX Series switches.

Note

The following QFX Series platforms are supported in Release 18.3R3: QFX5100, QFX5110, QFX5120, QFX5200, QFX5210, QFX10002, QFX10008, and QFX10016.

Release 18.3R3 New and Changed Features

There are no new features or enhancements to existing features in the Junos OS Release 18.3R3 for the QFX Series switches.

Release 18.3R2 New and Changed Features

MPLS

  • Control transport address used for targeted-LDP session (QFX Series)—Currently, only the router-ID or interface address is used as the LDP transport address. Starting in Junos OS Release 18.3R2, you can configure any other IP address as the transport address of targeted LDP sessions, session-groups, and interfaces. This new configuration is applicable only for configured LDP neighbors that have Layer 2 circuit, MPLS, and VPLS adjacencies.

    This feature is beneficial when you have multiple loopback interface addresses, and different IGPs associated with LDP interfaces, and you can control the session established between targeted LDP neighbors with the configured transport address.

    [See Control Transport Address Used for Targeted-LDP Session.]

Release 18.3R1-S3 New and Changed Features

EVPN

  • Layer 3 VXLAN gateway (QFX5120 switches)—Starting in Junos OS Release 18.3R1-S3, you can deploy QFX5120 switches as a Layer 3 VXLAN gateway in EVPN-VXLAN overlay networks with the following IP fabric architectures:

    • A two-layer IP fabric that includes spine devices (Layer 3 VXLAN gateways) and leaf devices (Layer 2 VXLAN gateways). You can deploy QFX5120 switches as spine or leaf device in this fabric.

    • A one-layer IP fabric that includes leaf devices that function as both Layer 2 and Layer 3 VXLAN gateways. You can deploy QFX5120 switches as leaf nodes in this fabric.

    The QFX5120 switches also support EVPN pure type-5 routes.

    [See Understanding EVPN with VXLAN Data Encapsulation and Understanding EVPN Pure Type-5 Routes.]

Interfaces and Chassis

  • Host route generation support for ARP and Neighbor Discovery Protocol (NDP) (QFX5100)—Starting in Release 18.3R1-S3, Junos OS supports host route generation for devices connected to QFX5100 switches in a data center. When you enable this feature on an interface for IPv4 or IPv6, host routes are created in the routing table for each device present in ARP (IPv4) and NDP (IPv6). These host routes can be exported to routing protocols to be advertised to the network by matching the new policy qualifier l2-learned-host-routing statement.

    You can configure the host-route-generation statement under the [edit interfaces name unit name family inet/inet6] hierarchy, on each interface and for each address family.

    Note

    Host route generation is disabled by default.

  • Proactive ARP detection (QFX5100)—Starting with Junos OS Release 18.3R1-S3, you can check the reachability of connected devices (within an IP subnet range) on a specified interface.

    To enable proactive ARP detection, configure the proactive_arp_detection statement at the [edit system arp] hierarchy level. After you enable proactive ARP detection, an ARP request is sent over the interface, and the ARP reply received is updated in the ARP cache.

Release 18.3R1-S2 New and Changed Features

EVPN

Release 18.3R1 New and Changed Features

Hardware

  • QFX5120-48Y switches—Starting with Junos OS Release 18.3R1, the QFX5120-48Y switch is available as a fixed-configuration switch with the following built-in ports:

    • Forty-eight 25-Gigabit Ethernet ports that can operate at 1-Gbps, 10-Gbps, or 25-Gbps speed and support SFP, SFP+, or QSFP28 transceivers.

    • Eight 100-Gigabit Ethernet ports that can operate at 40-Gbps or 100-Gbps speed and support QSFP+ or QSFP28 transceivers. When these ports operate at 40-Gbps speed, you can configure four 10-Gbps interfaces and connect breakout cables, increasing the total number of supported 10-Gbps ports to 80. When these ports operate at 100-Gbps speed, you can configure four 25-Gbps interfaces and connect breakout cables, increasing the total number of supported 25-Gbps ports to 80.

    A total of four models are available: two featuring AC power supplies and front-to-back or back-to-front airflow and two featuring DC power supplies and front-to-back or back-to-front airflow.

    Caution

    QFX5120 switches require the use of Junos OS Release 18.3R1.11 which is available on the QFX5120 software download page.

    [See QFX5120 Documentation.]

  • QFX5210-64C-DC switches—Starting in Junos OS Release 18.3R1, Juniper Networks expands the QFX5210-64C line of switches to include DC power options. Like the existing AC models, the QFX5210-64C-DC is a 64-port, fixed-chassis switch designed for spine-and-leaf applications that need high-port density in next-generation IP fabric networks. All 64 ports in the 2 U, standalone switch default to 100 Gbps speeds but you can also configure the ports for 10 Gbps, 25 Gbps, 40 Gbps, and 50 Gbps speeds. The routing engine and control plane are driven by the 2.2 GHz quad-core Intel® Xeon® CPU with 16 GB of memory and an enterprise grade 100 GB solid-state drive (SSD) for storage. The QFX5210-64C-DC comes standard with redundant fans and redundant power supplies. The switch can be ordered with either ports-to-FRUs or FRUs-to-ports airflow.

    [See QFX5210 System Overview.]

  • Support for JNP-SFP-10G-BX40D and JNP-SFP-10G-BX40U transceivers (QFX5110)— Starting in Junos OS Release 18.3R1, the QFX5100 switches support the JNP-SFP-10G-BX40D and the JNP-SFP-10G-BX40U transceivers. The JNP-SFP-10G-BX40D and JNP-SFP-10G-BX40U transceivers are for single SMF bidirectional applications. A JNP-SFP-10G-BX40D transceiver should always be connected to a JNP-SFP-10G-BX40U transceiver with a single SMF. The operating link distance is up to 40 km. With a single LC receptacle, the JNP-SFP-10G-BX40D transceiver transmits a 1330 nm wavelength signal and receives a 1270 nm signal, whereas JNP-SFP-10G-BX40U transceiver transmits a 1270 nm wavelength signal and receives a 1330 nm signal. [See the Hardware Compatibility Tool.]

Authentication, Authorization, and Accounting (AAA) (RADIUS)

  • Support for password change policy enhancement (QFX Series)—Starting in Junos OS Release 18.3R1, the Junos password change policy for local user accounts is enhanced to comply with certain additional password policies. As part of the policy improvement, you can configure the following:

    • minimum-character-changes—The number of characters by which the new password should be different from the existing password.

    • minimum-reuse—The number of older passwords, which should not match the new password.

    See password

Class of Service (CoS)

  • Support for CoS on QFX5120 switches (QFX5120)—Starting in Junos OS Release 18.3R1, the QFX5120 switch supports class of service (CoS) functionality. CoS is the assignment of traffic flows to different service levels. You can use CoS features to define service levels that provide different delay, jitter (delay variation), and packet loss characteristics to ensure quality of service (QoS) to particular applications served by specific traffic flows across the network.

    Compared to CoS functionality on QFX5100 and QFX5110 switches, QFX5120 switches provide significantly more buffer memory (32 MB), but do not support hierarchical scheduling or ETS. The QFX5120 also supports eight unicast and two multicast queues.

    [See CoS Support on QFX Series Switches, EX4600 Line of Switches, and QFabric Systems.]

EVPN

  • IPv4 inter-VLAN multicast forwarding modes for EVPN (QFX10000 switches)—Starting with Junos OS Release 18.3R1, QFX10000 switches can forward IPv4 multicast traffic between VLANs in EVPN-VXLAN networks with these IP fabric architectures:

    • Two-layer IP fabric in which QFX10000 switches function as Layer 3 gateways, and QFX5100 or QFX5200 switches function as Layer 2 gateways.

    • One-layer IP fabric in which QFX10000 switches function as both Layer 2 and Layer 3 gateways.

      In both architectures, QFX10000 switches on which IRB interfaces are configured can route multicast traffic from one VLAN to another.

    [See Multicast Support in EVPN-VXLAN Overlay Networks.]

  • Tunneling Q-in-Q traffic through an EVPN-VXLAN overlay network (QFX10000 switches)—Starting with Junos OS Release 18.3R1, QFX10000 switches that function as Layer 3 and Layer 2 virtual tunnel endpoints (VTEPs) can tunnel single-tagged and double-tagged Q-in-Q packets through an EVPN-VXLAN overlay network. In addition to tunneling Q-in-Q packets, the ingress and egress VTEPs can perform the following Q-in-Q actions:

    • Delete, or pop, an outer service provider VLAN (S-VLAN) tag from an incoming packet.

    • Add, or push, an outer S-VLAN tag onto an outgoing packet.

    • Map a configured range of customer VLAN (C-VLAN) IDs to an S-VLAN.

      Note

      The QFX10000 switches do not support the pop and push actions with a configured range of VLANs.

    [See Examples: Tunneling Q-in-Q Traffic in an EVPN-VXLAN Overlay Network.]

  • Note

    This feature is documented but not supported on QFX5110 switches in Junos OS Release 18.3R1.

    IPv6 data traffic support through an EVPN-VXLAN overlay network (QFX5110 switches)—Starting with Junos OS Release 18.3R1, QFX5110 switches that function as Layer 3 VXLAN gateways can route IPv6 data traffic through an EVPN-VXLAN overlay network. With this feature enabled, Layer 2 or 3 data packets from one IPv6 host to another IPv6 host are encapsulated with an IPv4 outer header and transported over the IPv4 underlay network. The Layer 3 VXLAN gateways in the EVPN-VXLAN overlay network learn the IPv6 routes through the exchange of EVPN type-2 and type-5 routes.

    [See Routing IPv6 Data Traffic through an EVPN-VXLAN Network With an IPv4 Underlay.]

  • Firewall filtering and policing on IRB Interfaces in EVPN-VXLAN (QFX10000 switches)—Starting with Junos OS Release 18.3R1, you can configure a firewall filter on an IRB interface in an EVPN-VXLAN topology. The IRB interface acts as a Layer 3 routing interface to connect the VXLANs in one-layer or two-layer IP fabric topologies. Firewall filters can only be configured on the IRB interface after the VXLAN header is stripped by the VXLAN tunnel endpoint (VTEP). Only ingress filtering is supported.

    [See Firewall Filter Match Conditions and Actions for QFX10000 Switches.]

General Routing

  • Layer 3 unicast features (QFX5120)—Starting with Junos OS Release 18.3R1, the following Layer 3 unicast features are supported:

    • Static routing, ping, and traceroute (IPv4, IPv6)

    • OSPFv2 (IPv4) and OSPFv3 (IPv6)

    • RIPv2

    • BGP (IPv4, IPv6), BGP 4-byte ASN support, and BGP multipath

    • MBGP (IPv4)

    • IS-IS (IPv4, IPv6)

    • BFD (for RIP, OSPF, IS-IS, BGP, PIM)

    • Unicast reverse path forwarding (RPF)

    • Filter based forwarding (FBF)

    • IP directed broadcast traffic forwarding

    • IPv4 over GRE

    • Virtual router redundancy protocol (VRRP)

    • VRRPv3 (IPv6)

    • Neighbor Discovery Protocol (IPv6)

    • Path MTU discovery

    • IPv6 class of service—Behavior aggregate (BA) classifiers, multifield (MF) classifiers and rewrite rules, traffic-class scheduling)

    • IPv6 stateless address autoconfiguration

    • Equal-cost multipath (ECMP)—32-way

    • Virtual router (VRF-lite) IS-IS, RIP, OSPF, BGP

Interfaces and Chassis

  • Multichassis link aggregation groups, configuration synchronization, and configuration consistency check (MC-LAG) (QFX5120 switches)—Starting with Junos OS Release 18.3R1, MC-LAG enables a client device to form a logical LAG interface using two switches. MC-LAG provides redundancy and load balancing between the two switches, multihoming support, and a loop-free Layer 2 network without running Spanning Tree Protocol (STP).

    Configuration synchronization enables you to easily propagate, synchronize, and commit configurations from one MC-LAG peer to another. Log in to either peer to manage both, and use configuration groups to simplify the configuration process. You can create one configuration group each for the local peer and the remote peer, and a global configuration common to both peers. Create conditional groups to specify when peer configurations are synchronized.

    Use configuration consistency checks, which are enabled by default, to find configuration-parameter inconsistencies between multichassis link aggregation group (MC-LAG) peers.

    [See Multichassis Link Aggregation Features, Terms, and Best Practices.]

  • Channelizing Interfaces on QFX5120-48Y Switches—On the QFX5120-48Y switch, there are a total of 56 ports. Of these 56 ports, 8 ports (labeled 48 through 56) are uplink ports that support 100-Gigabit Ethernet interfaces (QSFP28 ports) and 40-Gigabit Ethernet interfaces (QSFP+ ports). The other 48 ports (labeled 0 through 47) are SFP+ ports that support 25-Gigabit Ethernet interfaces or 10-Gigabit Ethernet interfaces. The default speed for the SFP+ ports is 10 Gbps.

    Starting with Junos OS Release 18.3R1, you can channelize the 100-Gigabit Ethernet interfaces to four independent 25-Gigabit Ethernet interfaces. The default 100-Gigabit Ethernet interfaces can also be configured as 40-Gigabit Ethernet interfaces, and in this configuration can either operate as dedicated 40-Gigabit Ethernet interfaces, or can be channelized to four independent 10-Gigabit Ethernet interfaces using breakout cables on the QFX5120-48Y switch.

    Note

    The uplink ports on the QFX5120-48Y switches support auto-channelization.

    If you have disabled auto-channelization, then to channelize the ports, manually configure the port speed using the set chassis fpc slot-number port port-number channel-speed speed command, where the speed can be set to 10G or 25G. If a 100-Gigabit Ethernet transceiver is connected, you can only set the speed to 25G. For the SFP+ ports, you can set the speed to 25G or 1G. There is no commit check for this, however.

    Note

    You cannot configure channelized interfaces to operate as Virtual Chassis ports.

    See [Channelizing Interfaces on QFX5120-48Y Switches].

  • Resilient hashing support for link aggregation groups and equal-cost multipath routes (QFX5120 switches)—Starting with Junos OS Release 18.3R1, resilient hashing is supported by link aggregation groups (LAGs) and equal-cost multipath (ECMP) sets on QFX5120 switches. A LAG combines Ethernet interfaces (members) to form a logical point-to-point link that increases bandwidth, provides reliability, and allows load balancing. Resilient hashing enhances LAGs by minimizing destination remapping when a new member is added to or deleted from the LAG. Resilient hashing works in conjunction with the default static hashing algorithm. It distributes traffic across all members of a LAG by tracking the flow’s LAG member utilization. When a flow is affected by a LAG member change, the Packet Forwarding Engine rebalances the flow by reprogramming the flow set table. Destination paths are remapped when a new member is added to or existing members are deleted from a LAG. Resilient hashing applies only to unicast traffic and supports a maximum of 1024 LAGs, with each group having a maximum of 256 members. An ECMP group for a route contains multiple next-hop equal cost addresses for the same destination in the routing table. (Routes of equal cost have the same preference and metric values.) Junos OS uses a hash algorithm to choose one of the next-hop addresses in the ECMP group to install in the forwarding table. Flows to the destination are rebalanced using resilient hashing. Resilient hashing enhances ECMPs by minimizing destination remapping when a new member is added to or deleted from the ECMP group.

    [See Understanding the Use of Resilient Hashing to Minimize Flow Remapping in Trunk/ECMP Groups.]

Junos Telemetry Interface

  • Routing Engine and Packet Forwarding Engine sensors for the Junos Telemetry Interface (EX4650 and QFX5120-48Y switches)—Starting with Junos OS Release 18.3R1, Routing Engine and Packet Forwarding Engine statistics are supported through the Junos Telemetry Interface on EX4650 and QFX5120-48Y switches with the same level of support found on QFX5100 switches using Junos OS Release 18.1R1.

    The following Routing Engine statistics are supported through JTI:

    • LACP state export

    • Chassis environmentals export

    • Network discovery chassis and components

    • LLDP export and LLDP model

    • BGP peer information (RPD)

    • RSVP interface export

    • RPD task memory utilization export

    • LSP event export

    • Network Discovery ARP table state

    • Network Discovery NDP table state

    The following Packet Forwarding Engine statistics are supported through JTI:

    • Congestion and latency monitoring

    • Logical interface

    • Filter

    • Physical interface

    • LSP

    • NPU/LC memory

    • Network Discovery NDP table state

    Only gRPC streaming is supported.

    To provision the sensor to export data through remote procedure call (gRPC), use the telemetrySubscribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires you to download the OpenConfig for Junos OS module.

    [See Guidelines for gRPC Sensors (Junos Telemetry Interface).]

  • Expanded physical interface queue and traffic statistics sensors for Junos Telemetry Interface (JTI) (ACX Series, EX Series, MX Series, PTX Series, and QFX Series)—Starting with Junos OS Release 18.3R1, additional resource paths are added to stream physical (IFD) statistics.

    Prior to Junos OS Release 18.3R1, both traffic and queue statistics for physical interfaces (IFD) are sent out together using the resource path /interfaces for gRPC streaming (which is internally used to create /junos/system/linecard/interface/) or /junos/system/linecard/interface/ for UDP (native) sensors.

    Now, traffic and queue statistics can be delivered separately. Doing so can reduce the reap time for non-queue data for platforms supporting Virtual Output Queues (VOQ).

    The following UDP resource paths can be configured:

    • /junos/system/linecard/interface/ is the existing resource path (no change). Traffic and queue statistics are sent together.

    • /junos/system/linecard/interface/traffic/ exports all fields except queue statistics.

    • /junos/system/linecard/interface/queue/ exports queue statistics.

    The gRPC resource path /interfaces now has the following behavior:

    • In releases prior to Junos OS 18.3R1, it delivers all IFD traffic and queue statistics. In Junos OS 18.3R1 and higher, it delivers statistics in two sensors:

      • /junos/system/linecard/interface/traffic/ exports all fields except queue statistics.

      • /junos/system/linecard/interface/queue/ exports queue statistics.

    To provision the sensor to export data through gRPC, use the telemetrySubcribe RPC to specify telemetry parameters. For streaming through UDP, all parameters are configured at the [edit services analytics] hierarchy level. Streaming telemetry data through gRPC also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the Junos Telemetry Interface (JTI).

    [See sensor (Junos Telemetry Interface), Configuring a Junos Telemetry Interface Sensor (CLI Procedure), and Guidelines for gRPC Sensors (Junos Telemetry Interface).]

    For exporting statistics using UDP native sensors, configure parameters at the [edit services analytics] hierarchy level.

Layer 2 Features

  • Layer 2 unicast features( QFX5120 switches)—Starting with Junos OS Release 18.3R1, the following Layer 2 unicast features are supported:

    • 802.1Q VLAN trunking

    • PVLAN

    • IRB

    • Layer 3 Vlan-tagged logical interfaces

    • 4096 VLANs

    • MAC address filtering

    • MAC address aging configuration

    • Static MAC address assignment for interface

    • Per-VLAN MAC learning (limit)

    • MAC learning disable

    • Persistent MAC (sticky MAC)

    • Q-in-Q Tag manipulation

    • MAC address limit per port

    • MAC limiting

    • MAC limiting per port, per VLAN

    • MAC move limiting

    • PVLAN on Q-in-Q

    • 802.1D

    • 802.1w (RSTP)

    • 802.1s (MST)

    • BPDU protection

    • Loop protection

    • Root protection

    • VSTP

    • RSTP and VSTP running concurrently

    • Link aggregation (static and dynamic) with LACP (fast and slow LACP)

    • LLDP

    • Multiple VLAN Registration Protocol (802.1ak)

    See Ethernet Switching User Guide.

  • Layer 2 unicast features ( QFX5120 switches)—Starting with Junos OS Release 18.3R1, you can use the unified forwarding table (UFT) feature to allocate forwarding table resources to optimize the memory available for different address types based on the needs of your network. You can choose to allocate a higher percentage of memory for one type of address or another.

    [See Understanding the Unified Forwarding Table.]

MPLS

  • Support for MPLS over UDP tunnels (QFX10000 switches)— Starting with Junos OS Release 18.3R1, MPLS-over-UDP tunnels are supported on QFX10000 switches. For every dynamic tunnel configured on the switch a tunnel composite next hop, an indirect next hop, and a forwarding next hop is created to resolve the tunnel destination route. You can also use policy control to resolve the dynamic tunnel over select prefixes by including the forwarding-rib configuration statement at the [edit routing-options dynamic-tunnels] hierarchy level.

    The next-hop-based dynamic tunnel feature benefits data center deployments that require mesh IP connectivity from one provider edge (PE) device to all other PE devices in the network.

    [See Example: Configuring Next-Hop-Based MPLS-Over-UDP Dynamic Tunnels.]

  • MPLS support (QFX5120)—Starting with Junos OS Release 18.3R1, the following MPLS features are supported:

    • LDP (tunneling over RSVP, targeted LDP, LDP over RSVP)

    • RSVP-TE

    • TE++ container LSPs

    • Automatic bandwidth allocation on LSPs

    • IPv6 tunneling over an MPLS IPv4 network (6PE and 6VPE)

    • Ethernet-over-MPLS (L2 circuit)

    • Layer 3 VPN

    • Carrier-of-carrier VPNs

    • ECMP routing

    • Segment routing

    • EVPN-VXLAN

    • MPLS over IRB interfaces

    • VRF support in IRB Interfaces

    [See MPLS Feature Support on QFX Series and EX4600 Switches.]

Multicast

  • Layer 3 multicast features (QFX5120)—Starting with Junos OS Release 18.3R1, the following Layer 3 multicast features are supported:

    • IGMP version 1 (IGMPv1), version 2 (IGMPv2), and version 3 (IGMPv3)

    • IGMP filtering

    • PIM sparse mode (PIM-SM)

    • PIM dense mode (PIM-DM)

    • PIM source-specific multicast (PIM-SSM)

    • Multicast Source Discovery Protocol (MSDP)

    IGMP and PIM are also supported on virtual routers.

    [See Multicast Overview.]

  • Layer 2 multicast features (QFX5120)—Starting with Junos OS Release 18.3R1, the following Layer 2 multicast features are supported:

    • IGMP snooping for IGMPv1, IGMPv2, and IGMPv3

    • IGMP proxy

    • IGMP querier

    IGMP snooping is also supported on virtual routers.

    [See Multicast Overview.]

Network Management and Monitoring

  • Customized MIBs for sending custom traps based on syslog events (QFX Series)—Starting in Junos OS Release 18.3R1, there is a process whereby customers can define their own MIBs for trap notifications. The customized MIB maps a particular error message with a custom OID rather than a generic one. Juniper Networks provides two new MIB roots reserved for customer MIBs, one for the custom MIB modules and the other for the trap notifications. For this process, you must convert the MIB to YANG format, and a tool is available for that.

    [See Customized SNMP MIBs for Syslog Traps.]

  • Services support: sFlow, port mirroring, and storm control (QFX5120 switches)—Starting in Junos OS Release 18.3R1, the following services are provided on QFX5120 switches:

    • sFlow networking monitoring technology—Collects samples of network packets and sends them in a UDP datagram to a monitoring station called a collector. You can configure sFlow technology on a device to monitor traffic continuously at wire speed on all interfaces simultaneously.

    • Local and remote port mirroring and remote port mirroring to an IP address—Copies packets entering or exiting a port or entering a VLAN and sends the copies to a local interface (local port mirroring), to a VLAN (remote port mirroring), or to the IP address of a device running an analyzer application on a remote network (remote port mirroring to an IP address [GRE encapsulation]). (When you use remote port mirroring to an IP address, the mirrored packets are GRE-encapsulated.)

    • Storm control—Causes a device to monitor traffic levels and take a specified action when a specified traffic level—called the storm control level—is exceeded, thus preventing packets from proliferating and degrading service. You can configure devices to drop broadcast and unknown unicast packets, shut down interfaces, or temporarily disable interfaces when the storm control level is exceeded.

    [See Overview of sFlow Technology, Understanding Port Mirroring, and Understanding Storm Control.]

  • New fallback option for sFlow adaptive sampling (QFX Series) —Starting with Junos OS Release 18.3R1, you can use the new CLI option adaptive-sampling fallback in sFlow monitoring configurations to back up the adaptive sampling rate on switch interfaces.

    Currently, adaptive sampling uses a binary backoff algorithm to reduce the sampling loads on the selected interfaces. However, if the sampling rate suddenly increases because of a spike in traffic, it does not revert to the previously configured value even after traffic stabilizes. Adaptive sampling fallback uses a binary backup algorithm to back up and decrease the sampling rate without affecting normal traffic. To enable this feature, include the adaptive-sample-rate fallback statement at the [edit protocols sFlow ] hierarchy level. Adaptive sampling fallback is disabled by default. [See Understanding How to Use sFlow Technology for Network Monitoring.]

Restoration Procedures and Failure Handling

  • Device recovery mode introduced in Junos OS with upgraded FreeBSD (QFX Series)—Starting in Junos OS Release 18.3R1, for devices running Junos OS with upgraded FreeBSD, provided you have saved a rescue configuration on the device, there is an automatic device recovery mode that goes into action should the system go into amnesiac mode.The new process is for the system to automatically retry to boot with the saved rescue configuration. In this circumstance, the system displays a banner "Device is in recovery mode” in the CLI (in both the operational and configuration modes). Previously, there was no automatic process to recover from amnesiac mode. A user with load and commit permission had to log in using the console and fix the issue in the configuration before the system would reboot.

    [See Saving a Rescue Configuration File.]

Routing Protocols

  • Junos OS, OpenConfig, and Network Agent packages are delivered in a single TAR file (QFX Series)—Starting in Junos OS Release 18.3R1, the Junos OS image includes the OpenConfig package and Network Agent; therefore, you do not need to install OpenConfig or Network Agent separately on your device.

    [See Installing the OpenConfig Package and Installing the Agent Network Package.]

Security

  • Support for firewall filters (QFX5120)—Starting with Junos OS Release 18.3R1, you can configure firewall rules to filter incoming network traffic based on a series of user-defined rules. You can specify whether to accept, permit, deny, or forward a packet before it enters an interface. If a packet is accepted, you can also configure additional actions to perform on the packet, such as class-of-service (CoS) marking (grouping similar types of traffic together and treating each type of traffic as a class with its own level of service priority) and traffic policing (controlling the maximum rate of traffic sent or received). You configure firewall filters at the [edit firewall] hierarchy level.

    [See Firewall Filters Overview.]

  • Support for distributed denial-of-service protection (QFX5120)—Starting with Junos OS Release 18.3R1, you can configure denial-of-service (DoS) protection on the switches to continue to function while under attack. A denial-of-service (DoS) attack is any attempt to deny valid users access to network or server resources by using up all the resources of the network element or server. DDoS protection identifies and suppresses malicious control packets while enabling legitimate control traffic to be processed. A single point of DDoS protection management enables you to customize profiles for your network control traffic. To protect against DDoS attacks, you can configure policers for host-bound exception traffic. The policers specify rate limits for all control traffic for a given protocol. You can also monitor policers, obtaining information such as the number of violations encountered and the number of packets received or dropped.

    [See Understanding Distributed Denial-of-Service Protection on QFX Series Switches.]

System Management

  • Secure boot (QFX5120 switches)—Starting with Junos OS Release 18.3R1, a significant system security enhancement is introduced: secure bBoot. The secure boot implementation is based on the UEFI 2.4 standard. The BIOS has been hardened and serves as a core root of trust. The BIOS updates, the bootloader, and the kernel are cryptographically protected. No action is required to implement secure boot.

User Interface and Configuration

  • Support for configuring the ephemeral database using the NETCONF and Junos XML protocols (QFX Series)—Starting in Junos OS Release 18.3R1, NETCONF and Junos XML protocol client applications can configure the ephemeral configuration database. The ephemeral database provides a fast programmatic interface that enables multiple clients to simultaneously load and commit configuration changes on a device running Junos OS and with significantly greater throughput than when committing data to the candidate configuration database. The device’s active configuration is a merged view of the committed configuration database and the configuration data in all instances of the ephemeral configuration database. Ephemeral configuration data is volatile and is deleted upon rebooting the device.

    [See Understanding the Ephemeral Configuration Database.]

Changes in Behavior and Syntax

This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands from Junos OS Release 18.3R3 for the QFX Series.

EVPN

  • New options in show evpn instance command (QFX Series)—Starting in Junos OS Release 18.3R2, you can use the show evpn instance esi-info command to only display the ESI information for a routing instance and show evpn instance neighbor-info to only display the IP address of the EVPN neighbor for a routing instance. Information associated with the ESI, such as the route distinguisher, bridge domain, and IRB are filtered out.

Interfaces and Chassis

  • Logical interfaces created along with physical interfaces by default (QFX10000 and QFX5000 switches)—On the QFX10000 line of switches, logical interfaces are created along with the physical et-, sxe-, xe-, and channelized xe- interfaces. In earlier releases, only physical interfaces are created.

    On the QFX5000 line of switches, by default, logical interfaces are created on channelized xe- interfaces. In earlier releases, logical interfaces are not created by default on channelized xe- interfaces (xe-0/0/0:1, xe-0/0/0:2, and so on), but they are created on et-, sxe-, and nonchannelized xe- interfaces.

  • Packets with MTU size greater than the default value are dropped (QFX5110)—In Junos OS Releases 17.3R3, 17.4R2, 18.1R2, 18.1R3, 18.2R1, 18.3R1, and later, on QFX5110 switches, setting maximum transmission unit (MTU) on the L3 interface does not take effect and packets with MTU size greater than the default value are dropped.

    [See mtu.]

  • New XML tag element <lacp-hold-up-state> added in show lacp interfaces XML display (QFX Series)—In Junos OS Release 18.3R2, the show lacp interfaces | display xml command displays a new XML tag element <lacp-hold-up-state>. The <lacp-hold-up-state> displays the time interval an interface holds before it changes from state, down to up. In earlier Junos OS releases, the LACP hold up the information for all interfaces were in a single <lacp-hold-up-information> XML tag. Now, for each interface it is displayed in a separate <lacp-hold-up-information> XML tag.

  • Commit Error thrown when GRE interface and Tunnel source interface configured in different routing instances (QFX Series)—In Junos OS Releases 18.3R2, QFX Series switches does not support configuring GRE interface and the underlying tunnel source interface in two different routing instances. If you try this configuration, it will result in a commit error with the following error message:

    error: GRE interface (gr-0/0/0.0) and its underlying tunnel source interface are in different routing-instances

    error: configuration check-out failed

    [See Understanding Generic Routing Encapsulation .]

  • The resilient-hash statement is no longer available under aggregated-ether-options (QFX5200 and QFX5210 switches)—Starting in Junos OS Release 18.3R2, the resilient-hash statement is no longer available in the [edit interfaces aex aggregated-ether-options] hierarchy level. Resilient hashing is not supported on LAGs on QFX5200 and QFX5210.

    [See aggregated-ether-options.]

Junos OS XML API and Scripting

  • MD5 and SHA-1 hashing algorithms are no longer supported for script checksums (QFX Series)—Starting in Junos OS Release 18.3R1, Junos OS does not support configuring an MD5 or SHA-1 checksum hash to verify the integrity of local commit, event, op, SNMP, or Juniper Extension Toolkit (JET) scripts or support using an MD5 or SHA-1 checksum hash with the op url url key option to verify the integrity of remote op scripts.

Layer 2 Features

  • input-native-vlan-push (EX2300, EX3400, EX4600, EX4650, and the QFX5000 line of switches)—From Junos OS Release 18.3R3, the configuration statement input-native-vlan-push at the [edit interfaces interface-name] hierarchy level is introduced. You can use this statement in a Q-in-Q tunneling configuration to enable or disable whether the switch inserts a native VLAN identifier in untagged frames received on the C-VLAN interface, when the configuration statement input-vlan-map with a push operation is configured.

    [See input-native-vlan-push.]

Network Management and Monitoring

  • Junos OS does not support management of YANG packages in configuration mode (QFX Series)—Starting in Junos OS Release 18.3R1, adding, deleting, or updating YANG packages using the run command in configuration mode is not supported.

  • The NETCONF server omits warnings in RPC replies when the rfc-compliant statement is configured and the operation returns <ok/> (QFX Series)—Starting in Junos OS Release 18.3R2, when you configure the rfc-compliant statement at the [edit system services netconf] hierarchy level to enforce certain behaviors by the NETCONF server, if the server reply after a successful operation includes both an <ok/> element and one or more <rpc-error> elements with a severity level of warning, the warnings are omitted. In earlier releases, or when the rfc-compliant statement is not configured, the NETCONF server might issue an RPC reply that includes both an <rpc-error> element with a severity level of warning and an <ok/> element.

Routing Policy and Firewall Filters

  • Support for configuring the GTP-TEID field for GTP traffic (QFX5000 line of switches)—Starting in Junos OS Release 17.3R3, 17.4R2, 18.1R2, 18.2R1, and 18.3R1, the gtp-tunnel-endpoint-identifier statement is supported to configure the hash calculation of IPv4 or IPv6 packets that are included in the GPRS tunneling protocol–tunnel endpoint identifier (GTP-TEID) field hash calculations. The gtp-tunnel-endpoint-identifier configuration statement is configured at the [edit forwarding-options enhanced-hash-key family inet] hierarchy level.

    In most of the cases, configuring gtp-tunnel-endpoint-identifier statement is sufficient for enabling GTP hashing. After enabling, if GTP hashing does not work, it is recommended to capture the packets using relevant tools and identify the offset value. As per standards, 0x32 is the default header offset value. But, due to some special patterns in the header, offset may vary to say 0x30, 0x28, and so on. In this cases, use gtp-header-offset statement to set a proper offset value. Once the header offset value is resolved, run gtp-tunnel-endpoint-identifier command for enabling GTP hashing successfully.

    [See gtp-tunnel-endpoint-identifier and gtp-header-offset.]

Security

  • Syslog or log action on firewall drops packets (QFX5000 switches)—Starting in 18.3R2, if you configure a syslog or log action on an ingress firewall filter, control packets and ICMP packets sent to the Routing Engine might be dropped.

  • Firewall warning message (QFX5000 switches)—Starting in 18.3R2, a warning message is displayed whenever a firewall term includes log or syslog with the accept filter action.

Virtual Chassis

  • New configuration option to disable automatic Virtual Chassis port conversion (QFX5100 Virtual Chassis)—Starting in Junos OS Release 18.3R1, you can use the no-auto-conversion statement at the [edit virtual-chassis] hierarchy level to disable automatic Virtual Chassis port (VCP) conversion in a QFX5100 Virtual Chassis. Automatic VCP conversion is enabled by default on these switches. When automatic VCP conversion is enabled, if you connect a new member to a Virtual Chassis or add a new link between two existing members in a Virtual Chassis, the ports on both sides of the link are automatically converted into VCPs when all of the following conditions are true:

    • LLDP is enabled on the interfaces for the members on both sides of the link. The two sides exchange LLDP packets to accomplish the port conversion.

    • The Virtual Chassis must be preprovisioned with the switches on both sides of the link already configured in the members list of the Virtual Chassis using the set virtual-chassis member command.

    • The ports on both ends of the link are supported as VCPs and are not already configured as VCPs.

    Automatic VCP conversion is not needed when using default-configured VCPs on both sides of the link to interconnect two members. On both ends of the link, you can also manually configure network or uplink ports that are supported as VCPs, whether or not the automatic VCP conversion feature is enabled.

    Deleting the no-auto-conversion statement from the configuration returns the Virtual Chassis to the default behavior, which reenables automatic VCP conversion.

Known Behavior

This section lists known behavior, system maximums, and limitations in hardware and software in Junos OS Release 18.3R3 for the QFX Series.

For the most complete and latest information about known Junos OS problems, use the Juniper Networks online Junos Problem Report Search application.

Class of Service (CoS)

  • On QFX5120 and EX4650 switches, if the CoS configurations are modified when egress traffic is shaped at very low rate (less than 50 Mbps), packets might get stuck in the MMU buffers permanently. It might cause ingress/egress traffic drops. When low rate shapers (less than 50 Mbps) are applied on egress queues, we suggest that you deactivate shaping before any CoS modification or ensure traffic is stopped before doing CoS modification. PR1367432

EVPN

  • When a VLAN uses an IRB interface as the routing interface, the vlan-id parameter must be set to "none" to ensure proper traffic routing. This issue is platform-independent. PR1287557

Interfaces and Chassis

  • Multicast traffic can be flooded for 15 to 20 seconds to both MC-LAG peers, after the following sequence of steps:

    1. Disable or enable icl.

    2. Reboot one of the MC-LAG peers.

    3. Disable or enable member link of ICL.

    This results in no traffic loss because one of the MC-LAG nodes will be processing duplicate packets during this time. PR1422473

Layer 2 Features

  • The Targeted-broadcast forward-only command does not broadcast the traffic. PR1359031

  • For QFX5120 and EX4650 the switch might learn its own MAC address on the network interface if it is attached to an IRB interface to a VLAN. As a result of the incorrect MAC learning, it might result in the incorrect forwarding in a MC-LAG scenario. PR1365942

  • Host table overflow happens and routes are not programmed when the host table utilization is over 68 percent in lpm-profile UFT for Trident 3 platforms. PR1376581

Platform and Infrastructure

  • On the QFX10002, based on memory availability, it can scale up to 300 remote PE devices with a total of 600 tunnels. To avoid exceeding memory, we recommend that you do not go beyond this scale. PR1329243

  • When the sflow collector can be reached only through Routing Engine, Large samples due to heavy traffic can cause Routing Engine CPU to become busy. PR1332337

  • Hardware watchdog does not work on QFX10008 and QFX10002-60C/PTX10002-60C. PR1343131

  • The issue is specific to flexible VLAN-tagged interface and does not happen if the interface is in trunk mode with EVPN-VXLAN configuration. PR1345568

  • The 100-Gigabit Ethernet interface goes down after you configure and delete the Ethernet loopback configuration. PR1353734

  • If device is power-cycled abruptly, occasionally messages DIRECTORY CORRUPTED I=149350 OWNER=0 MODE=40755 are printed continuously on console during device boot up. The error logs are coming from inside Junos VM. As soon as any disk write operation is initated from inside the VM, it will be written on host disk as well. However, if power cycle happens before disk write completes, this issue is bound to occur. PR1361094

  • IFL stats are not supported for Layer 2 and aggregated Ethernet interfaces, it is supported only for Layer 3 interfaces (Layer 3 interface should not be member of aggregated Ethernet). Make sure you have only normal Layer 3 interface. PR1361185

  • 40GBASE-BXSR– bidirectional optics channelization is not supported. PR1361891

  • In QFX5000 switches when more than one interface is attached to an output VLAN for remote port mirroring, the traffic will be received by only one of the interfaces. PR1363358

  • A few error messages related to function rt_mesh_group_add_check() will be seen during reboot and are harmless. PR1365049

  • Autochannelization is not supported for 40GBASE-BXSR, QSFP+40GE-LX4, QSFP-100G-PSM4 and 100GBASE-BXSR optics. PR1366103

  • QFX5120/EX4650: with 288,000 MAC scale, Routing Engine command show ethernet-switching table summary output will show the learned scale entries after a delay of around 60 seconds. PR1367538

  • Subsecond BFD interval timer is not supported for QFX5120 and EX4650 switches. PR1368671

  • Since QFX5120/EX4650 switches are VM-based system the recovery is done from Linux recovery. PR1371014

  • A bug in PTP-FPGA is causing all the streams to follow the announce rate of first master stream created on to the PTP FPGA, instead of the announce rate of the corresponding stream. As a result, all other backup devices end up with receiving announce at the rate of first stream, even though the negotiated rates are different for these streams. As a workaround, configure the same announce rate for all the downstream slaves. PR1383203

  • Intermittently after Junos OS reboot two of channelized 25 Gigabit Ethernet ports using 4x25G breakout cable might not come up. PR1384898

  • Junos OS might hang trying to acquire the SMP IPI lock while rebooting when it is running as a VM on Linux and QEMU hypervisor. Device can be recovered using power-cycle of the device. PR1385970

  • On QFX10008/10016 with QFX10000-12C-DWDM line card installed, the line card might crash when booting up. The issue results in traffic disruption during the line card booting up. PR1386400

  • These error logs are expected when routes pointing to target next hop which in turn pointing to HOLD next hop. These error logs will be present for short time. Later, when the next hop changes from HOLD next hop to valid next hop, Unilist next hops will be walked again and updated with appropriate weight and reroute counters, and no more error logs will be seen. PR1387559

  • RE-ARP request sent without VLAN-ID (so RE-ARP fails). PR1390794

Routing Protocols

  • QFX5120/EX4650: 254 neighbour and 200k routes can be scaled for ISISv4. Beyond 200k routes with 254 neighbour, Adjacency flaps and traffic drop will be seen However, with 40 neighbour 351000 routes got scaled. PR1368106

  • Because the flex counters are shared among IFPs and other tables, in a unidimensional testing, ipmc stats counter created will not be equivalent to the number of ipmc entries created and stat counter creation will fail with error No resources for operation after 60,000 entries. PR1371399

  • The mcsnoopd error messages are seen in logs while adding or deleting IGMP PIM configuration. These are debug messages and are not harmful. PR1371662

User Interface and Configuration

  • Auto-complete caution for QFX10002-60c and PTX10002-60c personalities—Starting in Junos OS Release 18.3R2, for QFX10002-60c and PTX10002-60c personalities, do not use auto-complete to display the list of arguments for the request system software delete command. You must look for the package name using the show system software command and then explicitly type the software package name in the request system software delete command.

    [See request system software delete.]

Virtual Chassis

  • A Virtual Chassis internal loop might happen on a node coming up from a reboot. During nonstop software upgrade (NSSU) on a QFX5100 Virtual Chassis, a minimal traffic disruption or traffic loop (greater than 2 seconds) might occur. PR1347902

Known Issues

This section lists the known issues in hardware and software for the QFX Series switches in Junos OS Release 18.3R3.

For the most complete and latest information about known Junos OS problems, use the Juniper Networks online Junos Problem Report Search application.

EVPN

  • Mac-move-shutdown stops working if a “physical loop” is introduced continuously in quick succession of 10 minutes. The issue is not seen every time but can occur only if the physical loop is introduced at least four times. If the loops span a long period, the issue is not seen. A test is performed to check the overall impact on basic features. There is no issue seen on basic learning or major impact on any protocol. This is a negative scenario, but it is unlikely to occur in a customer network where the multiple loops occur within a short time span. PR1284315

  • Chained composite next-hop (CNH) is must for EVPN pure type 5 with VXLAN encapsulation. Without it, the Packet Forwarding Engine would not program the tunnel NH. You have to explicitly set it on QFX5110. set routing-options forwarding-table chained-composite-next-hop ingress evpn QFX10K. It is applied as a part of default configuration. user@routers> show configuration routing-options forwarding-table | display inheritance defaults. PR1303246

  • In an EVPN-collapsed Layer 2/Layer 3 multi-homed GWs topology, when traffic is sent from IP fabric towards EVPN, some traffic loss is seen. If the number of hosts behind EVPN gateways is increased, the traffic loss becomes higher. This issue is seen with QFX10000. PR1311773

  • Core link flap might result in inconsistent global MAC count. PR1328956

  • At times, when l2ald is restarted, a race condition occurs where VTEP notification comes in from the kernel before lo0. As a result, l2ald is unable to process the VTEP add request and gets stuck in an indefinite loop. PR1384022

Infrastructure

  • The following messages are seen during FTP: ftpd[14105]: bl_init : connect failed for /var/run/blacklistd.sock (No such file or directory) messages are seen during FTP. PR1315605

Layer 2 Features

  • On QFX10016, after delete and re-adding of 1000 LAG interfaces, traffic drops could be seen until ARP are refreshed even though all lag interfaces comes up. PR1289546

  • TPI-52277: The Targeted-broadcast forward-only command does not broadcast the traffic. PR1359031

  • 5120 - traffic is dropped when the core side interface is configured as IRB. PR1394952

  • On QFX platforms, if vlan-id-lists are configured under a single IFD (a physical interface), QinQ might be malfunctioning for certain vlan-id-list(s). PR1395312

  • MAC/ARP learning does not occur for SFP-T. PR1437577

MPLS

  • There could be some lingering RSVP state which would keep some labeled routes programmed in the Packet Forwarding Engine longer than they should be. This RSVP state will eventually expire and then delete the RSVP MPLS routes from FIB. However, traffic losses is not anticipated due to this lingering state or the corresponding label routes in the FIB. In the worst case, in a network, where there is persistent link flapping going on, this lingering state could interfere with the LSP scale being achieved. PR1331976

Platform and Infrastructure

  • On QFX5100 Virtual Chassis interfaces on which flexible VLAN tagging has been enabled, STP, RSTP, MSTP, and VSTP protocols are not supported. PR1075230

  • Layer 3 multicast traffic does not converge to 100 percentage and continuous drops are observed after bringing down/up the downstream interface or while an FPC comes online after FPC restart. This happens with multicast replication for 1000 VLAN/IRBs. PR1161485

  • Single-bit and multiple-bit ECC errors are not logged on QFX5110 switches. PR1251917

  • On QFX10002 platform, SXE interfaces erroneously configured in configuration might cause MAC pause frames to be generated on these internal interfaces and cause Packet Forwarding Engine lockup. As a workaround, delete SXE interfaces from the configuration and reboot. PR1281123

  • Traffic drop occurs on sending traffic over "et" interfaces due to CRC errors. PR1313977

  • There might be a traffic loss on ingress PE device if the EVPN MPLS is configured later on remote PE device or from the working condition. EVPN MPLS is disabled and enabled later. PR1319770

  • On a router with a third-generation FPC, the error message is displayed when the FPC goes online or offline. PR1322491

  • On the QFX10002-60C, filter operation with log action is not supported for protocols other than Layer 2, IPv4, and IPv6. The following message is seen in firewall logs: Protocol 0 not recognized. PR1325437

  • BFD session over aggregated Ethernet flaps when a member link carrying the BFD Tx flaps. PR1333307

  • On QFX10002, QFX10008, and QFX10016, ND is incorrectly working on IRB/Layer 3 interface with discard filter. PR1338067

  • The QFX10000 platform drops the wireless Access Point (AP) heartbeat packets, as a result, the Aruba wireless AP cannot work. PR1352805

  • The 100-Gigabit Ethernet interface goes down after you configure and delete the Ethernet loopback configuration. PR1353734

  • mib2d core files in mib2d_write_snmpidx at snmpidx_sync.c on both ADs while bringing. PR1354452

  • When MC-LAG is configured with force-up enabled on MC-LAG nodes, the LACP admin key should not match the key of the access or CE device. PR1362346

  • When VLAN is added as an action for changing the VLAN in both ingress and egress filters, the filter will not be installed. PR1362609

  • QFX5120/EX4650: After sFLOW configuration deletion, For every 5 minutes the error message sflow_net_socket_init, 423sflow socket connect failed (socket closed) will be displayed on the VTY console. PR1363381

  • On QFX5000/EX4650 platforms, if lcmd is restarted, a chassisd core file will be generated with traffic drop for few seconds. PR1363652

  • Force-host upgrade is required for QFX5110-48S-4C in Junos OS Release 18.3 if the PTP over IPV6 G.8275.2 feature is required. PR1364735

  • On the QFX5200, an error might be encountered when upgrading from Junos OS Release 15.1X53-D230.3 (the image with enhanced automation support [flex]) to Junos OS Release 18.1R1.9 image without the enhanced automation. PR1366080

  • The statement pm4x25_line_side_phymod_interfa might throw the error ERROR: u=0 p=81 interface type 16 not supported by internal SERDES for this speed 50000. This error message is seen when channelization is detected in the build 18.1R3. PR1366137

  • On the QFX10000 line of switches, with EVPN-VXLAN, the following error is seen: expr_nh_fwd_get_egress_install_mask:nh type Indirect of nh_id: # is invalid. PR1367121

  • Dedicated minimum buffers are reserved for some queues according to the Junos OS working model. These buffers are always available to those queues irrespective of the traffic pattern throughout the system. When the clearing stat statement is used, these values are visible. This cosmetic or minor issue has no functional impact. PR1367978

  • Immediately after AIS script package installation, if any CLI command is executed then no output is generated. PR1368039

  • When we have a large scale of VLANs around 4000, and if we add and delete VLANs as part of the same commit or two different commits with less time interval between them, then the vlan tokens in kernel will be exhausted. As a result, some of the vlans will not get tagged. This can be identified by the following error: /kernel: dcf_ng_vlan_alloc_hw_token: Couldn't allocate hardware token 65535 err=1PR1371445

  • MAC learning does not happen after restart of l2-learning daemon for interfaces on backup. Traffic still gets forwarded. PR1372220

  • In Junos OS Release 18.1R3, when one 50-Gigabit Ethernet port is taken down using the ifconfig command, the other one also goes down. PR1376389

  • LOC and Diag System LEDs on the front panel are not defined yet. PR1380459

  • Last reboot reason is not correct if device is rebooted because of power cycle. Last reboot reason will be displayed as Vjunos reboot even if the device got rebooted due to power cycling. PR1383693

  • On QFX5120/EX4650, the installation error rcu_sched self-detected stall on CPU is seen. PR1384791

  • On QFX10008 and QFX10016 platforms, traffic loss might be observed because of switch modular failure on the Control Board (CB). This failure further causes all SIBs to be marked as faulty and causes FPCs to restart until Routing Engine switchover occurs. PR1384870

  • Junos OS can hang trying to acquire the SMP IPI lock while rebooting when it is running as a VM on Linux and QEMU hypervisor. Device can be recovered using power-cycle of the device. PR1385970

  • With MLD-snooping enabled and when we have two receivers in the same VLAN interested in the same group address but from a different source, traffic will be received on only one receiver, which sent the lastest MLD report. This is because we do not install S, G routes in hardware when MLD snooping is enabled. PR1386440

  • DCPFE did not come up in some instances of abrupt power-off/power-on of QFX5120/EX4650, power-cycle of the device or host reboot will recover the device. PR1393554

  • If PTP transparent clock is configured on the QFX5200, and if IGMP snooping is configured for the same VLAN as PTP traffic, the PTP over Ethernet traffic might be dropped. The fix enables the forwarding of this traffic. PR1395186

  • Changing of vni underlay is unsupported. PR1397999

  • QFX5120: OVSDB managed VXLAN sees traffic loss. PR1401943

  • The optic comes with Tx enabled by default. As the port is administratively disabled, the port is stopped but as the port has not been started, it does not disable Tx. PR1411015

  • On QFX5110, QFX5120 platforms, uRPF check in strict mode will not work properly. PR1417546

  • A libvirtMib_suba core file might be observed during installation of images. There is no functional impact due to this core file, because this core file happens in the libvirtMib_subagent. PR1419536

  • Persistent MAC learning is not expected as per TC. PR1422446

  • Ports gets incorrectly channelized even if ports of master is configured. PR1423496

  • This issue is happening when there are two primary addresses are configured on the Lo0 and one is removed later. In this case, all IFBDs are removed and added back due to static VTEP configuration. RG-ID of BD is reset and MAC sync does not happen. This happens for a few VLAN only. PR1424013

  • On PTX1000/10000, PTX3000/5000 with FPC3 or QFX10000 line, if the prefix entries configured in prefix-list exceeds the limit what the Packet Forwarding Engine (PFE) chipset supports, some unexpected behavior might be observed (for example, the host-bound traffic drops) after performing change operation related to the prefix-list configuration (for example, add a prefix to prefix-list that is associated with filter). PR1426539

  • When NSSU is done from Junos OS Release 18.1R3 to any forward image on QFX5100-VC with LACP link protection config, there might be around 5 minutes of traffic loss. Traffic loss is not seen during NSSU if link protection configuration is not present. PR1435519

  • QFX5200: ISSU failed from 17.2X75-D4x to 19.2R1 will not be supported for QFX5200. PR1440288

  • There is an IPC sequence issue when Virtual Chassis member is rebooted in aggregated interface. After rebooting Virtual Chassis member, Routing Engine kernel injects MAC entry to FPC. Because of IPC sequence issue, Routing Engine added MAC entry, originally source MAC entry, is added to FPC as a remote MAC entry. The entry is never aged out because it is a remote entry. PR1440574

  • The show chassis led status outputs may not proper along with some port status. PR1453821

  • On QFX5100, when unified ISSU is performed with Layer 3 protocols configured, then traffic loss of 0.8 seconds is observed. PR1459701

  • If ARP request addressed to IRB address is received on a local interface with proxy-macip-advertisement statement configured, mbuf memory leak would be seen due to a defect in the software. Over a period of time if memory leak continues, it would cause traffic impact. This issue is applicable to Junos 18.1 onwards and the following specific Junos releases are affected: Junos OS Release 18.1R3-S3, 18.2R3,18.3R2,18.4R2,19.1R1 and 19.2R1 onwards. PR1461677

Routing Protocols

  • BGP as protocol strongly recommends configuration of local-address for each multihop iBGP/eBGP peer configuration. As a recommendation local-address should be route-able lo0 address. Using loopback address reduces dependency with interfaces. Note: Multihop is by default enabled for iBGP peers. PR1323557

  • Higher convergence time for LFA with BFD occurs in Junos OS Release 18.1. PR1337412

  • In MC-LAG setup, when status-control standby is rebooting and status-control active is down, and if ICCP session-establishment timer is configured less than or equal to the init-delay-timer on status-control standby, then mcae status of status-control standby might not come as active until the peer node is up. To avoid this, during these cases, ICCP session-establishment timer should be configured greater than init-delay-timer with preferably 100s or more. PR1348648

  • On a scaled setup, when the host table is full and the host entries are installed in LPM table, OSPF sessions might take more time to come up. PR1358289

  • When extended community type "Experimental (0x80)" with sub-type value "Tag (0x84)" is configured with value in hex, the value gets set to 0. PR1371448

  • There is no functionality impact due to this error message. PR1407175

  • The separate group creation for egress-to-ingress feature (in QFX5110) will be supported from Junos OS Release 19.1R2 onward. In 19.1R1, this feature will use the already existing ERACL firewall group. As a result of this extra qualifier in ERACL group, the group will operate in double wide mode instead of single wide, hence leading to reduced scale. PR1408670

  • QFX5100 : BGP v4/v6 convergence & RIB install/delete time degraded in Junos OS Release 19.1R1, 19.2R1, 19.3R1, and 19.4R1. PR1414121

  • QFX5110: Egress port for ARP entry in Packet Forwarding Engine is not modified from VTEP to local ESI port, after device boots up. PR1460688

  • Multicast statistics related errors such as brcm_ipmc_route_counter_delete:3900Multicast stat destroy failed (-10:Operation still running) will be observed during unified ISSU and these messages are harmless and does not affect multicast functionality. PR1460791

Resolved Issues

This section lists the issues fixed for the QFX Series switches in the Junos OS main release and the maintenance releases.

For the most complete and latest information about known Junos OS defects, use the Juniper online Junos Problem Report Search application.

Resolved Issues: 18.3R3

Authentication and Access Control

  • Without dot1x configuration, the syslog dot1xd[2192]: task_connect: task PNACAUTH./var/run/authd_control addr /var/run/authd_control: Connection refused is generated repeatedly. PR1406965

Class of Service (CoS)

  • QFX10008: FPC0 generated core files after running the Packet Forwarding Engine command show cos sched-usage. PR1449645

  • The show cos scheds-per-pfe and show cos pfe-scheduler-ifds Packet Forwarding Engine commands will restart forwarding planes on QFX10008 switches. PR1452013

EVPN

  • The process rpd crash might be observed with EVPN type-3 route churn. PR1394803

  • Multicast MAC address might be learned in the Ethernet switching table on QFX5000/QFX10000 platforms with EVPN-VXLAN configured. PR1420764

  • The device might send the ARP Probe packets to the proxy server in an EVPN environment. PR1427109

  • Asynchronous between ARP table and Ethernet switching table happens if EVPN ESI link flap occurs multiple times. PR1435306

  • Configuring ESI on a single-homed 25-Gigabit Ethernet port might not work. PR1438227

  • VLAN configuration change with l2ald restart can cause Kernel sync issues due and impact forwarding. PR1450832

  • JDI-RCT: EVPN-VXLAN NON-COLLAPSED:ARP will get resolved on QFX5100 for VXLAN having vlan-id of 2. PR1453865

Forwarding and Sampling

  • The kernel crash might be observed when there is a firewall filter modification. PR1365265

Interfaces and Chassis

  • Missing mandatory ICCP configuratation statement redundancy-group-id-list produces misleading error message. PR1402606

  • The logical interfaces in EVPN routing instances might flap after committing configurations. PR1425339

  • VRRP-V6 state is flapping with init and idle states after configuring vlan-tagging. PR1445370

Junos Fusion Provider Edge

  • QFX5110 : Autonegotiation is not disabled in hardware after setting no-auto-negotiation option in CLI. PR1411852

  • Junos Fusion Provider Edge Phase2/3: Deprecate Junos Fusion Support on QFX10000. PR1448245

Layer 2 Features

  • VXLAN nexthop entry leak issue on EX4600 and QFX5000 platforms. PR1387757

  • With IGMP snooping enabled on the leaf switches, multicast traffic is forwarded to VLAN/VNI which does not have an active receiver. PR1388888

  • On QFX Series switches, the error message Failed with error (-7) while deleting the trunk 1 on the device 0 is seen. PR1393276

  • EVPN-VXLAN - Unicast IPv6 NS message gets flooded on L3GW, So both IPv4 and IPv6 traffic gets dropped on L2SW. PR1405814

  • IGMP-snooping on EVPN-VXLAN might impact OSPF hello packets flooding after VTEP leaf reboot. PR1406502

  • QFX5110VC generates DDoS messages of different protocols on inserting a 1G/10G SFP or forming VCP connection. PR1410649

  • Stale entries might be observed in a Layer 3 VXLAN gateway scenario. PR1423368

  • The fxpc might continually crash when firewall filter is applied on a logical unit of a dsc interface. PR1428350

  • Transit DHCPv6 packets might be dropped on QFX5100/QFX5200 platforms. PR1436415

  • Unequal LAG hashing on QFX5100 running Junos OS 14.1X53-D28.17. PR1455161

Layer 2 Ethernet Services

  • LACP PDU might be looped toward peer MC-LAG nodes. PR1379022

MPLS

  • Traffic loss might be observed after changing configuration under protocols mpls in ldp-tunneling scenario. PR1428081

  • The l2 circuit traffic might be silently dropped at EVPN spine/MPLS LSP transit device if VXLAN access interface flaps on remote PE node(QFX5110). PR1435504

  • Packet loss is seen with ECMP resilient-hash enabled on QFX platforms. PR1442033

Platform and Infrastructure

  • [SIRT]Certain QFX Series and EX Series devices are vulnerable to 'Etherleak' memory disclosure in Ethernet padding data (CVE-2017-2304). PR1063645

  • The 1G copper module interface shows Link-mode: Half-duplex on QFX10000 line platforms. PR1286709

  • Port LEDs do not work on QFX5100 in QFX5110-QFX5100 mixed mode virtual chassis. PR1317750

  • The Platform failed to bind rewrite message could be seen when chassis control restart is done with the CoS rewrite rule configured on aggregated Ethernet interface. PR1315437

  • QFX10002-60C: Commit should deny when mixed Layer 2 and Layer 3/Layer 4 match conditions are configured on a Layer 2 filter. PR1326715

  • When powering off an individual FPC, the other FPC Packet Forwarding Engine might go offline too. PR1344395

  • QFX5120/EX4650 : Convergence delay between PE1 and P router link is more than expected delay value. PR1364244

  • Traffic spikes generated by IPFIX might be seen on QFX10002. PR1365864

  • The backup member switch might fail to become the master switch after switchover on QFX5100/QFX5200/EX4600 Virtual Chassis platform. PR1372521

  • New CLI command to enable copying of Open vSwitch Database (OVSDB) to RAM on Virtual Chassis backup Routing Engine instead of SSD. PR1382522

  • Telemetry data export might be missed in between sometimes for if multiple LLDP sensors are getting exported simultaneously. PR1382691

  • FEC error counts do not update for QFX5110. PR1382803

  • Static default route with next-table inet.0 does not work. PR1383419

  • Disable reporting of correctable single-bit error on Hybrid Memory Cube (HMC) and prevent Major Alarm. PR1384435

  • The rpd ending up with krt queue stuck might be seen in VRF scenario. PR1386475

  • CPU Interrupt process high due to intr{swi4: clock (0)} on qfx5100-48t-6q running a “QFX 5e Series" image and 18.x code. PR1398632

  • The DHCPv6 relay-reply packet might be dropped by the DHCP relay. PR1399683

  • QSFP-100GBASE-SR4/LR4 might take a long time to come up after disabling interface or reboot. PR1402127

  • The MTU might change to a Jumbo default size on Packet Forwarding Engine side after deleting and re-adding the interface. PR1402588

  • The DHCP discover packets are forwarded out of an interface incorrectly if DHCP snooping is configured on that interface. PR1403528

  • Executing the command request system configuration rescue save might fail with error messages. PR1405189

  • DHCP is not working for some clients in dual AD fusion setup on EP ports. PR1405495

  • Ping over loopback might not work over TYPE 5 tunnel on QFX10000 platforms. PR1405786

  • QFX5120 : In VXLAN-EVPN configuration , transition from collapsed to non-collapsed Layer2/Layer3 GW and vice versa needs switch reload. PR1405956

  • QFX5200/5100 might not be able to send out control plane traffic to the peering device. PR1406242

  • Some interfaces of aggregated Ethernet bundle might go to the detached state after the bulk configurations change on QFX5000 platforms. PR1406691

  • QFX10002 showing error: fpc0 prds_ptc_clear_all_pulse_and_samples: prds_ptc_clear_all_pulse_and_samples PE 4 PTC 2: after clearing sample, sample still valid 1. PR1407095

  • After upgrading to Junos OS Release 18.1R2, QFX10000 sends packet without inner VLAN tag. PR1407347

  • MAC address movement might not happen in Flexible Ethernet Services mode when family inet/inet6 and vlan-bridge are configured on the same physical interfaces. PR1408230

  • Fan failure alarms might be seen on QFX5100-96S after upgrade to Junos Os Release 17.3R1. PR1408380

  • LLDP memory leak when ieee dcbx packet is received in autonegotiation mode followed by another dcbx packet with none of ieee_dcbx tlvs present. PR1410239

  • EX2300-24P, error message: dc-pfe: BRCM_NH-,brcm_nh_resolve_get_nexthop(),346:Failed to find if family. PR1410717

  • Storm control not shutting down mc-ae interface. PR1411338

  • PEM Alarm for backup FPC will remain on master FPC even though backup FPC was detached from Virtual Chassis. PR1412429

  • Junos OS PCC might reject PCUpdate/PCCreate message if there is metric type other than type 2. PR1412659

  • QFX5000: EVPN/VXLAN: Mutlicast NH limit is 4000. PR1414213

  • The PTX1000/PTX10002/QFX10002 might stop forwarding packets after the chassis-control process restarts. PR1414434

  • Virtual Chassis Ports using DAC might not establish link on QFX5200. PR1414492

  • The dcpfe crash might be seen in EVPN-VXLAN scenario. PR1416925

  • MAC learning might not happen on trunk mode interface in EVPN/MPLS scenario. PR1416987

  • ERSPAN traffic is not tagged when output interface is trunk port. PR1418162

  • Traffic loss might be seen on the ae interface on QFX10000 platforms. PR1418396

  • Traffic loss might be seen after NSSU operation. PR1418889

  • Rebooting QFX5200-48Y using request system reboot does not take physical links offline immediately. PR1419465

  • The 100G PSM4 optics connected ports go down randomly during the repeated power cycle. PR1419826

  • Traffic drop might be observed when transit static LSP is configured on EX4650/QFX5120 platforms. PR1420370

  • Ping fails over Type-5 tunnel on IRB interfaces under EVPN-VXLAN scenario. PR1420785

  • An interface might go to down state on QFX10000/PTX10000 platform. PR1421075

  • QFX5120-32C: DHCP binding on client might fail when QFX5120-32C is acting as DHCP server. This is seen only for channelized port. PR1421110

  • Fusion: ETS configuration is not applied on noncascade ports when AD is rebooted. PR1421429

  • BFD might get stuck in slow mode on QFX10002/QFX10008/QFX100016 platform. PR1422789

  • QFX5100-48T 10G interface might be auto-negotiated at 1G speed instead of 10G. PR1422958

  • The interface cannot get up when the remote-connected interface only supports 100M in QFX5100 Virtual Chassis setup. PR1423171

  • IPv6 multicast traffic received on one Virtual Chassis member might be dropped when egressing on another Virtual Chassis member if MLD snooping is enabled. PR1423310

  • ON QFX5120-32C , BUM traffic coming over IRB underlay interface gets dropped on destination VTEP in PIM based VxLAN. PR1423705

  • Traffic is dropped after FPC reboot with aggregated Ethernet member links deactivated by remote device. PR1423707

  • The J-flow export might fail when channelization is configured on FPC QFX10000-30C. PR1423761

  • Ping over EVPN type-5 route to QFX10000 does not work. PR1423928

  • All interfaces will be down and the dcpfe will get crash if SFP-T is inserted on QFX5210. PR1424090

  • IPv6 communication issue might be seen after passing through QFX10002-60C platforms. PR1424244

  • QFX5120 QSFP-100G-PSM4 become undetected and come back up as channelized interfaces. PR1424647

  • All interfaces creation failed after NSSU. PR1425716

  • QFX5210: Received LLDP frames on em0 not displaying in LLDP neighbor output. PR1426753

  • Heap memory leak might be seen on QFX10000 platforms. PR1427090

  • CRC errors can be seen when other manufacturer device is connected to QFX10000 with QSFP-100GBASE-LR4-T2 optics. PR1427093

  • Rebooting or halting Virtual Chassis member might cause 30 seconds down on RTG link. PR1427500

  • QFX5100-VCF - “rollback” for uncommitted configuration takes 1 hour. PR1427632

  • The dcpfe process might crash and restart in MC-LAG scenario when the ARP/NDP next-hop is changed. PR1427994

  • QFX5120-48Y/EX4650-48Y: Interface with optic "QSFP-100GBASE-ER4L" is not coming up in "18.3R1-S2.1". PR1428113

  • Licenses used flag for ovsdb on show system license will not be flagged even though ovsdb is configured and working. PR1428207

  • EVPN-VXLAN : L2ALD core files are generated when number of VXLAN HW IFBDS exceeds the maximum limit of 16382. PR1428936

  • [QFX10008] After Routing Engine switchover, LED status is not set for missing fan tray. PR1429309

  • When forward-only is set within dhcp-reply, dhcp declines are not forwarded to server. PR1429456

  • DHCP-relay might not work in an EVPN-VXLAN scenario. PR1429506

  • DHCP-relay might not work if the DHCP server is reached through the routes learnt through EVPN type-5 routes. PR1429536

  • Interface on QFX Series device does not come up after the transceiver is replaced with one with different speed. PR1430115

  • [evpn_vxlan] [default_switch_instance] QFX5120 - In Collapsed VGA4 script ping on shared ESI R6 to R7 irb address is failing. PR1430327

  • Traffic impact might be seen on QFX10000 platforms with interface hold-down timer configured. PR1430722

  • QFX Series switch : Validation of meta data files failed on hypervisor. PR1431111

  • SIB Link Error detected on a specific Packet Forwarding Engine might cause complete service impact. PR1431592

  • The dcpfe might crash on all line cards on QFX10000 in scaled setup. PR1431735

  • All ingress traffic might be dropped on 100m fixed speed port with no-auto-negotiation enabled. PR1431885

  • The optical power of interface might gradually reduce the optical power for almost 3 minutes after issuing request system reboot at now on QFX5110/5120/5210. PR1431900

  • Outer VLAN tag may not be pushed in the egress VXLAN traffic towards the host for QinQ scenario. PR1432703

  • Overflow filters on PVLAN IRB might not work after unified ISSU. PR1434941

  • SIB/FPC Link Error alarms might be observed on QFX10000 due to a single CRC. PR1435705

  • The mc-ae interface might get stuck in waiting state in dual mc-ae scenario. PR1435874

  • QFX5200 NSSU: dcpfe core file is seen after NSSU upgrade of backup followed by reboot. PR1435963

  • Laser TX might remain enabled while the interface is disabled. PR1436286

  • DHCP discover packets sent to IP addresses in the same subnet as IRB interface cause the QFX5110 to send bogus traffic out of dhcp-snooping enabled interfaces. PR1436436

  • Unknown SNMP trap (1.3.6.1.4.1.2636.3.69.1.0.0.1) sent on QFX5110 restart. PR1436968

  • The FPC might crash if both the ae boundle flapping on local device and the configuration change on peer device occur at the same time. PR1437295

  • QFX5110, QFX5200, QFX5210: There is no jnxFruOK SNMP trap message when the power cable is disconnected and connected back. PR1437709

  • The DHCP snooping table might be cleared for VLAN ID 1 after adding a new VLAN ID to it. PR1438351

  • Interfaces configured with flexible-vlan-tagging might lose connectivity. PR1439073

  • LACP MUX state struck in "Attached" after disabling peer active members when link protection is enabled on local along with force-up. PR1439268

  • JDI-RCT: QFX10002 MCLAG PDT:L2,L3 Traffic drop seen when disabling or enabling mclag. PR1440732

  • QFX5110 - L2 & L3 IFL on IFD - flexible-ethernet-services - VXLAN passing over Layer2 ifd breaks, Layer3 P2P communication. PR1441690

  • The operational status of the interface in HW and SW might be out of synchronization in EVPN setup with arp-proxy feature enabled. PR1442310

  • Flow control does not work as expected on 100-Gigabit Ethernet interface of QFX5110. PR1442522

  • DHCPv6 client might fail to get an IP address. PR1442867

  • When a line-card is rebooted, MC-LAG might not get programmed after the line card comes back online. PR1444100

  • QFX5200 : Observing DCBCM[bcore_init]: ioctl call failed ret:0 failure message when changing UFT profile in FPC logs. PR1445855

  • On QFX10008 traffic impact might be seen when the JSRV interface is used. PR1445939

  • CoS classifier might not work as expected. PR1445960

  • Traffic is discarded for only specified VLAN in IPACL_VXLAN filters. PR1446489

  • Long IPv6 address are not displayed fully on IPv6 neighbor table. PR1447115

  • Unicast arp requests are not replied with no-arp-trap option. PR1448071

  • One aggregated Ethernet member link does not send out sFlow sample packets for ingress traffic. PR1449568

  • QFX5120: Incoming Layer3-encapsulated packets are dropped on Layer3VPN MPLS PE-CE interface. PR1451032

  • Vgd core files might happen on any platforms supporting OVSDB. PR1452149

  • DHCP offer packet with unicast flag set gets dropped by QFX10000 in a VXLAN multi-homed (ESI) setup using anycast IP. PR1452870

  • QFX5100 : Configuration change in global level vlan bridge-priority is affecting per-vlan bridge-priority. PR1453505

Routing Protocols

  • Some storm control error logs might be seen on QFX Series platforms. PR1355607

  • Host-destined packets with filter log action might not reach the routing engine if log/syslog is enabled. PR1379718

  • The IRB transit traffic might not be counted for EVPN/VXLAN traffic. PR1383680

  • JDI-RCT: EVPN-VXLAN NON-COLLAPSED: AUTONEG errors and flush operation failed error, seen after power cycle of the device. PR1394866

  • ICMPv6 RA packets generated by Routing Engine might be dropped on the backup member of Virtual Chassis if igmp-snooping is configured. PR1413543

  • The QFX Series and EX Series switch might not install all IRB MAC addresses in the initialization. PR1416025

  • The same traffic flow might be forwarded to different ECMP next-hops on QFX5000 platforms. PR1422324

  • The traffic loss might start after deleting IRB logical interface. PR1424284

  • The rpd would generate core files due to improper handling of graceful restart stale routes. PR1427987

  • BGP statement multipath multiple-as does not work in specific scenario. PR1430899

  • BGP session might go into down status once the traffic flow starts. PR1431259

  • fxpc core files are seen once during reboot due to Bad Chip ID. PR1432023

  • Ping fails over Type-5 tunnel on IRB interfaces under EVPN-VXLAN scenario. PR1433918

  • The IPv4 fragmented packets might be broken if PTP transparent clock is configured. PR1437943

  • The bandwidth value of the DDoS-protection might cause packets loss after the device reboot. PR1440847

  • One of the downstream interfaces flapped and the traffic through interface xe-2/0/38 broke. PR1441402

  • QFX5210: Firewall Filter DSCP Action Modifier does not work when Firewall Filter is mapped to IRB. PR1441444

  • The rpd process might crash in inter-AS option B Layer 3 VPN scenario if CNHs is used. PR1442291

  • IPv6 connectivity between MC-LAG peers might fail when multiple IRB interfaces are present. PR1443507

  • PIM (S,G) joins can cause MSDP to incorrectly announce source active messages in some cases. PR1443713

  • The QFX5120 might drop the tunnel encapsulated packets if it acts as a transit device. PR1447128

  • Loopback address exported into other VRF instance might not work on ACX Series, EX Series, and QFX Series platforms. PR1449410

  • MPLS LDP might still use stale MAC address of the neighbor even after the LDP neighbor's MAC changes. PR1451217

  • A few seconds of traffic drop might be seen towards the existing receivers when another receiver joins/leaves. PR1457228

User Interface and Configuration

  • EX4600 and QFX5100 were unable to commit baseline configuration after returning to zero. PR1426341

Resolved Issues: 18.3R2

EVPN

  • A few minutes of traffic loss might be observed during recovery from link failure. PR1396597

  • VNI is not updated on default route 0.0.0.0/0 advertised by EVPN type 5 prefix when local configuration is changed. PR1396915

  • In the non-collapsed (centralized) topology, when one of the two spines deactivates the underlay protocol (ospf), the leaf still points the virtual gateway MAC's next hop to the spine that is down PR1403524

  • The rpd might crash after NSR switchover in an EVPN scenario. PR1408749

General Routing

  • The 1-Gigabit copper module interface shows Link-mode: Half-duplex on QFX10000 line platforms. PR1286709

  • Status LED on the chassis does not show up on QFX10002-60C. PR1332991

  • FEC is incorrectly displayed on QFX10002 and QFX5110. PR1360948

  • On QFX5110 with Junos OS Release 17.3R1, the following log messages are seen: kernel: tcp_timer_keep: Dropping socket connection. PR1363186

  • Extended traffic loss might be observed when unified ISSU is performed with aggregated Ethernet interface configured with LACP protocol. PR1365316

  • SFP-T might not work on QFX5100/QFX5110 devices. PR1366218

  • For releases later than Junos OS Release 18.1R1, USB image installation on QFX5210-64C requires an AMI Bios upgrade. PR1371199

  • The Packet Forwarding Engine is in a bad state after performing optics insertion or removal on a port. PR1372041

  • The IPv6 routed packet might be transmitted through an interface whose VRRP state is in non-master. PR1372163

  • MAC refresh packet might not be sent out from the new primary link after RTG failover. PR1372999

  • On the QFX5110, the Ethernet switching flood group shows incorrect information. PR1374436

  • RIPv2 update packets might not sent with IGMP snooping enabled. PR1375332

  • A Packet Forwarding Engine wedge might be observed if there are interfaces going to down state. PR1376366

  • Same address family [Subnet logical interface or IRB logical interface but not both] needs to be configured for establishing VTEPs. PR1376996

  • The autonegotiation interface might go down if the opposite device supports only 10/100M autonegotiation. PR1377298

  • The expr_nh_flabel_check_overwrite: Caller nh_id params debug log message is classified as error log when it should be LOG_INFO. PR1377447

  • Deleting an IRB interface might affect other IRB interfaces if the same custom MAC address is configured. PR1379002

  • The overlay ECMP might not work as expected on QFX5110 in an EVPN-VXLAN environment. PR1380084

  • The Packet Forwarding Engine on QFX5000 might have DISCARD next hop for overlay-bgp-lo0-ip in the VXLAN scenario. PR1380795

  • Traffic might be discarded without notification caused by FPC offline in a MC-LAG scenario. PR1381446

  • The 40G-SR4 transceiver might not be recognized after a Junos OS upgrade on QF5100e. PR1381545

  • SSD lifetime might be shortened in OVSDB environment. PR1381888

  • LACP stuck in detached or attached state when an interface configured with native VLAN ID and VXLAN VLAN. PR1382209

  • EVPN-VXLAN ARP/NDP proxy is not working. PR1382483

  • The Packet Forwarding Engine might crash if the GRE destination IP is resolved over another GRE tunnel. PR1382727

  • The RPD_KRT_Q_RETRIES: list nexthop ADD: No such file or directory log might be continuously shown after the rpd restarts. PR1383426

  • DMA failure errors might be seen when the cache flushes or the cache is full. PR1383608

  • The Virtual Chassis could not come up after upgrading to QFX5E platforms (TVP-based platforms for QFX5100 or QFX5200 switches). PR1383876

  • The Layer 3 interface might stop pinging the directly connected link address after deleting Layer 2 on the physical interface. PR1384144

  • On QFX5110platforms,SFPP-10G-DT-ZRC2 and SFPP-10G-CT50-ZR transceivers might not be tunable and remain 1550.10nmby default in the hardware. PR1384524

  • Vm core file might be seen on the Junos OS Release 18.1R3. PR1384750

  • Occasionally two of the channelized 25-Gigabit ports using 4x25-Gigabit breakout cable will not come up after Junos OS reboot. PR1384898

  • All 1-Gigabit SFP copper and 1-Gigabit fiber optic links remain up on QFX10008 after all SIBs/FPCs are offline. PR1385062

  • The IPv6 packet might not be routed when the IPv6 packet is encapsulated over IPv4 GRE tunnel on QFX10000. PR1385723

  • The spine EVPN routes might be stuck in a hidden state with next hop as unusable after FPC is offline in the spine. PR1386147

  • DDOS statistics and logging is not working for internal queues such as Q42 and Q4. PR1387508

  • Traffic drop might be seen on QFX10000 platform with EVPN-VXLAN configured. PR1387593

  • QFX5100, QFX5110, QFX5200, and QFX5210 Virtual Chassis could not be formed normally. PR1387730

  • CPSM daemon memory leak in seen on VM host. PR1387903

  • Certain log messages might be observed on QFX platforms. PR1388479

  • ARP received on SP-Style interface is not sent to all RVTEPs in case of QFX5100 Virtual Chassis. Normal BUM traffic works fine. PR1388811

  • MAC learning might stop working on some LAG interfaces. PR1389411

  • FPC might crash on QFX5100 and EX4600 platforms in a large-scale scenario. PR1389872

  • The vmcore might be seen when routing changes are made on the peer spine in an EVPN-VXLAN scenario. PR1390573

  • An incorrect error message might be seen when J-Flow sensors are configured with reporting rate less than 30 seconds. PR1390740

  • sdk-vmmd might consistently write to the memory. PR1393044

  • 10-Gigabit Ethernet copper link flapping might happen during TISSU operation of QFX5100-48T switches. PR1393628

  • IPv6 next hop programming issue might be observed on QFX10000 switches. PR1393937

  • L2ALD core files are seen when l2-learning traceoptions are enabled. PR1394380

  • DRAM and buffer utilization fields are not correct for QFX10000 platforms. PR1394978

  • PTP over Ethernet traffic could be dropped if IGMP and PTP TC are configured together. PR1395186

  • Unable to install licenses automatically on QFX Series platforms. PR1395534

  • The subscriber bindings might not be successful on QFX/EX platforms. PR1396470

  • On QFX5110, fan LED turns amber randomly. PR1398349

  • High jsd or na-grpcd CPU usage might be seen even though JET or JTI is not used. PR1398398

  • The DHCPv6 relay packets are dropped when both the UDP source and destination ports are 547. PR1399067

  • CPU hog might be observed on PTX/QFX10000 switches. PR1399369

  • The DHCPv6 relay-reply packet might be dropped by the DHCP relay. PR1399683

  • ARP refresh functionality might fail in an EVPN scenario. PR1399873

  • SFP-LX10 does not work on QFX5110. PR1399878

  • PEM I2C failure alarm might be showed incorrectly as failed. PR1400380

  • MAC-limit with persistent MAC is not working after reboot PR1400507

  • Only one Packet Forwarding Engine could be disabled on FPC with multiple Packet Forwarding Engines in error/wedge condition. PR1400716

  • The authd might crash when issuing the show network-access requests pending command during the authd restart. PR1401249

  • File permissions are changed for /var/db/scripts files after reboot PR1402852

  • The STP does not work when aggregated interfaces number is "AE1000" or above in QFX5000 and "AE480" or above in other QFX and EX Series switches. PR1403338

  • The VRRP VIP might not work when it is configured on the LAG interface. PR1404822

  • ARP/ND will not be resolved in case of native VLAN ID configured for LAG access interface. PR1404895

  • A commit warning is seen on QFX5100. PR1405138

  • VXLAN transit traffic over tagged underlay Layer 3 interface gets dropped due to hardware limitation. PR1406282

  • The ARP request might not be resolved successfully if the arp-suppression is enabled and vlan-id-list is configured on the spine node. PR1407059

  • DHCP discover packets getting dropped over VXLAN tunnel on a pure Layer 2 VLAN when DHCP relay is enabled for other VLANs. PR1408161

  • The FPC might crash and does not come up if interface number or next hop is set to maximum value under vxlan-routing on QFX platforms. PR1409949

Interfaces and Chassis

  • Constant dcpfe process crash might be seen if using an unsupported GRE interface configuration. PR1369757

Junos Fusion Provider Edge

  • BUM traffic might get dropped on peer Fusion Aggregation Device when the link between the Satellite device and the local aggregate device goes down. PR1384440

Junos Fusion Satellite Software

  • Extended Port (EP) LAG might go down on the Satellite Devices (SDs) if the related Cascade Port (CP) that links to an Aggregation Device (AD) goes down. PR1397992

Layer 2 Features

  • The dcpfe process might crash while changing MTU of physical ports for GRE. PR1384517

  • The LACP might be in detached state when deleting native-vlan-id on the aggregated Ethernet interface with flexible-vlan-tagging configured. PR1385409

  • The dcpfe core file might be observed when doing restart routing or BGP neighbors flaps when EVPN-TYPE 5 routes are present. PR1387360

  • The IPv6 NS/NA packets coming from the remote VTEP are not getting forwarded to the local host. PR1387519

  • The dcpfe process might crash after VXLAN overlay ping. PR1388103

  • With IGMP snooping enabled on the leaf switches, multicast traffic is forwarded to VLAN/VNI which does not have an active receiver. PR1388888

  • RTG MAC refresh packets will be sent out from non-RTG ports if the RTG interface belonging to the Virtual Chassis master flaps. PR1389695

  • Packets destined to 01:00:0c:cc:cc:cc are not forwarded on QFX10000. PR1389829

  • DCPFE restarted at the _bcm_field_td_counter_last_hw_val_update routine after upgrading spine with latest image. PR1398251

  • With native VLAN (160) configured and host on non-native plan(100 -tagged) ARP packets sent with wrong VNI. PR1400000

  • The dc-pfe process crash might be observed during restart of the Packet Forwarding Engine or system with scaled EVPN-VXLAN configuration. PR1403305

  • The IPv6 NS/NA packets received over VTEP from an ESI host are wrongly flooded back to the host. PR1405820

  • With arp-suppression enabled, QFX5K/EX46 might not forward IPv6 Router Solicitations or advertisements packets. PR1414496

Layer 2 Ethernet Services

  • After GRES switchover, LACP might be down on the peer device and can never been recovered automatically. PR1395943

Multiprotocol Label Switching (MPLS)

  • LSP "statistics" and "auto-bandwidth" functionality might not take effect with single-hop LSPs. PR1390445

Network Management and Monitoring

  • Log files might not get compressed during the upgrade. PR1414303

Platform and Infrastructure

  • Traffic might be discarded with indirect next-hop and load balancing. PR1376057

  • IPv6 ping might fail for spine node in an EVPN scenario. PR1380590

  • IRB interface does not go down when master of Virtual Chassis is rebooted or halted. PR1381272

Routing Protocols

  • The pfe process might crash and all interfaces might flap as a result. PR1369011

  • The rpd process might crash after committing the configuration related to mapping-server-entry. PR1379558

  • Host-destined packets with filter log action might reach the Routing Engine. PR1379718

  • BUM packets might get looped if EVPN multihoming interface flaps. PR1387063

  • If a QFX5100 device has a host route with ECMP (equal-cost multipath) next-hops and receives a better path with single next-hop then next-hop in hardware will not be changed. PR1387713

  • A dcfpe core file is seen at brcm_pkt_tx_flush, l2alm_mac_ip_timer_handle_expiry_event_loc after a random event. PR1397205

  • The rpd core file might be seen when Layer 2 VPN is used. PR1398685

Resolved Issues: 18.3R1

Class of Service (CoS)

  • A DST IP 224/4 match condition is programmed in the hardware as 224/24 in loopback FF entry rep=0. PR1354377

EVPN

  • On a QFX10000 line switch with EVPN-VXLAN, jprds_dlu_alpha_add : 222 JPRDS_DLU_ALPHA KHT addition failed.PR1258933

  • Logical interfaces from the same physical port do not work if configured under the same VXLAN VLAN. PR1278761

  • When a VLAN uses an IRB interface as the routing interface, the vlan-id parameter must be set to "none" to ensure proper traffic routing. This issue is platform independent. PR1287557

  • In EVPN-VXLAN environments, BFD flaps cause VTEP flaps and then Packet Forwarding Engine process crashes. PR1339084

  • On QFX10000 line platforms with a scaling EVPN-VXLAN configuration, rpd generates a core file. PR1339979

  • In EVPN-VXLAN scenarios, traffic might get silently dropped or directed to interfaces that are down, but LACP is up. PR1343515

  • Traffic loss might be seen on Layer 2 and Layer nodes in a multihomed EVPN scenario. PR1355165

  • The QFX10000 might drop transited traffic coming from the MPLS network to VXLAN-EVPN. PR1360159

  • Increased risk of routing crash with temporary impact on traffic occurs on QFX10000 or QFX5100 nodes with certain configuration changes or when clearing L2 or L3 learning information in a high-scale EVPN-VXLAN configuration environment. PR1365257

  • OSPF sessions are not coming up between MX Series routers and QFX10000 line switches as ARP entries get deleted and added. PR1366860

  • Proxy ARP might not work as expected in an EVPN environment. PR1368911

  • On QFX10000 line switches, importing the default IPv6 route to VRF causes infinite entries to get created in the EVPN internal IP prefix database and become unstable. PR1369166

Infrastructure

  • QFX5100: Enabling mac-move-limit stops ping on the flexible-vlan-tagging enabled interface. PR1357742

Interfaces and Chassis

  • Packets might drop on ICL of the MC-LAG peer where MC-LAG is up. PR1345316

  • If the C-VLAN range is 16, it might not pass traffic in a Q-in-Q scenario. PR1345994

Junos Fusion Provider Edge

  • Ppmd crashes after changing the mode of EX4300 from standalone to SD. PR1375647

Junos Fusion Satellite Software

  • AD failure (power off) in a DC fusion is causing complete or partial traffic loss for an extended period. PR1352167

Layer 2 Features

  • Broadcast frames might be modified with the ethertype 0x8850. PR1343575

  • On random initialization of QFX5100 the programming of storm control profile in missed within hardware on random interfaces. This is not visible over CLI and the configuration still shows intact. PR1354889

  • LACP packets are getting dropped with native-vlan-id configured after reboot. PR1361054

  • The dcpfe or fxpc process might crash on Packet Forwarding Engines with low memory when allocating huge memory. PR1362332

  • QFX5000 Virtual Chassis acting as EVPN-VXLAN ARP proxy might cause ARP resolution to fail. PR1365699

  • Hashing does not work for the IPv6 packet encapsulated in a VXLAN scenario. PR1368258

  • When native-vlan-id is configured for an AE interface, the LACP session to multihomed server goes down. PR1369424

  • A port might still work even if it is deleted from an AE interface. PR1372577

  • DHCP Discover packets might be dropped if VXLAN is configured. PR1377521

MPLS

  • RSVP sessions go down for ingress LSPs with no-cspf enabled. PR1339916

  • LSP is not received by QFX5110. PR1351055

  • NO-propogate-TTL acts on the MPLS swap operation. PR1366804

  • LSP with auto-bandwidth enabled goes down during an HMC error condition. PR1374102

Network Management and Monitoring

  • For QFX5110, the returned snmp values of ModuleTemperature-HighAlarmThreshold/LowAlarmThreshold/HighWarningThreshold is not as same as the one shown on CLI. PR1369030

Platform and Infrastructure

  • On the QFX10016 EVPN-VXLAN scaled testbed, it takes up to 3 minutes for traffic to converge when configuration. PR1323042

  • The GRE traffic is not de-encapsulated by the firewall filter. PR1325104

  • CoS is incorrectly applied on the Packet Forwarding Engine, leading to egress traffic drop. PR1329141

  • The etherStatsCRCAlignErrors counters might disappear in the SNMP tree. PR1329713

  • On QFX10000 line platforms, DHCP relay/server is not working on a GRE interface. PR1331158

  • EVPN-VXLAN: Delay Factor drops multicast traffic. PR1333069

  • Ethernet frames with Ethernet type of 0x8922 might be modified at egress by QFX10000 line platforms. PR1334711

  • The device uses the well-known ports as source port in VXLAN scenario. PR1335227

  • AI-script does not get automatically reinstalled during a Junos OS upgrade on a next-generation Routing Engine. PR1337028

  • The Delay Factor of an EVPN instance might flood all the ARP requests back to the Ethernet segment. PR1337275

  • On QFX5100 platforms, LR4 QSFP can take up to 15 minutes to come up after VC reboot. PR1337340

  • On the QFX10000 platforms, VRRP function does not work well when it is configured on logical interfaces. PR1338256

  • The VXLAN traffic might not be transmitted correctly with the IRB interface as the underlay interface of the VTEP tunnel. PR1338586

  • On QFX5000 line platforms, DDoS counters for OSPF might not increase. PR1339364

  • Multicast traffic drop is seen if downstream IRB interfaces have snooping enabled. PR1340003

  • On QFX5100, QFX5200, QFX5110, and EX4600 platforms, BPDU packets might get dropped and bpdu-block-on-edge might not work. PR1343330

  • PAFXPC core files were seen when remote member ifd was referenced in the "show dcbcm ifd <ifd-name> on QFX5100 Platform configured in a Virtual Chassis. PR1343701

  • On QFX10000 line platforms, in an EVPN-VXLAN with flexible-tag mode deployment, 100G interface statistics do not get updated for ingress traffic. PR1343746

  • On any platforms supporting EVPN-VXLAN, any IRB-sourced packet might use the VRRP/virtual-gateway MAC address in the Ethernet header instead of the IRB MAC address. PR1344990

  • On the QFX5100, the fan RPM fluctuates when the temperature sensor reaches its threshold. PR1345181

  • The fxpc process might crash when removing all VXLAN configuration. PR1345231

  • The backup Routing Engine might crash, causing vmcore to be generated on the master Routing Engine, master Routing Engine performance will not be affected. PR1346218

  • Incorrect inner VLAN tag is sent from QFX10K platform with Q-in-Q configured on the Layer 3 logical interface. PR1346371

  • On QFX10000 line platforms, syslog error messages might be seen in syslog after configuring multiple LAG interfaces under the sFlow protocol. PR1346493

  • QFX5100-48T 10G interface might be autonegotiated at 100M speed instead of 10G. PR1347144

  • On QFX5110-48S-4C platforms, part numbers and serial numbers are not displayed for any of the 10G optics/DAC connected. PR1347634

  • Traffic in which the destination MAC matches the virtual gateway MAC might be silently dropped or discarded. PR1348659

  • On the QFX10002-60C, vmhost might generate a core file right after a GR interface is configured. PR1348932

  • The BGP session might flap after changing the extended-vni-list under EVPN hierarchy. PR1349600

  • QFX5100 40G port has an interoperability issue with some other vendors. PR1349664

  • The pfed process might consume high CPU resources if subscriber or interface statistics are used at a large scale. PR1351203

  • Dcpfe process might crash on QFX10000 switches. PR1351503

  • The GTP traffic might not be hashed correctly for the AE interface. PR1351518

  • Telemetry traffic does not leave the local device when the telemetry server is reachable through a virtual router routing-instance. PR1352593

  • QFX5100 ARP fails after the change interface MAC address is changed. PR1353241

  • RPC output is not showing failure when running request system software add with software already staged. PR1353466

  • On QFX5110 platforms, SFP-LX10 might stay in up or down state when connected. PR1353677

  • Alarm errors might be seen during startup on QFX10000. PR1354582

  • Untagged packets might not be forwarded through the trunk port. PR1355338

  • A commit error is observed if the device is downgraded from Junos OS Release 18.2 or 18.3 release to Release 17.3R3. PR1355542

  • On LX10 SFPs on QFX5110 platforms, autonegotiation is not in effect with new configurations. PR1355746

  • EVPN-VXLAN: the VXLAN traffic might be lost in EVPN type 2 and type 5 scenario. PR1355773

  • Load averages output under show chassis routing-engine shows nan periodically. PR1356676

  • The device cannot match on user-vlan-id for tunnel-terminated packets. PR1358669

  • The IGMP membership report packets might not be forwarded over an interface on QFX10000 line switches. PR1360137

  • On QFX10000 line platforms, packets will be dropped when virtual-gateway-address is configured on an IRB interface associated with a non-VXLAN VLAN. PR1360646

  • The GTP traffic might not be hashed correctly on the AE interface. PR1361379

  • On QFX10000 line platforms, the clear services accounting statistics inline-jflow fpc-slot command does not work. PR1362396

  • The QFX5100 Virtual Chassis is unable to connect to the management address through the vme interface. PR1362437

  • Traffic might not be forwarded when the member link of the AE interface is added or deleted. PR1362653

  • 1G interface might stop working when "auto-negotiation" is off by default. PR1362977

  • OSPF might remain in init status after firmware upgrade loading the Junos OS Release 14.1X53-D47.4 image. PR1362996

  • On QFX10008, QFX10016, PTX1000, PTX5000, PTX10008, and PTX10016 platforms, MPLS exp rewrite might not work for IPv6 and IPv4 traffic. PR1364391

  • Root password recovery process does not work. PR1365740

  • The tagged traffic is dropped in the untagged EVPN-VXLAN scenario. PR1366336

  • On PTX10002, QFX10002-60C, and QFX10000-30C platforms, some interfaces do not come up during initialization after a reboot. PR1368203

  • On QFX5100, QFX5110, and QFX5200 platforms, IS-IS adjacency goes down when MTU 9192 is configured. PR1368913

  • The 'commit' or 'commit check' might fail due to the error of cannot have lsp-cleanup-timer without lsp-provisioning. PR1368992

  • The ipv4-dscp command is affecting the CoS treatment of PTPoIPv6 packets at the egress queue on PTP BC and PTP OSC with G.8275.2.enh profile. PR1371064

  • On QFX10000 line platforms, before Junos OS Release 17.3R3 code, the maximum number of ESI logical interfaces was 4000 in the Packet Forwarding Engine. PR1371414

  • Packet is dropped after the filter on the interface is deleted. PR1372957

  • TPI-50840 BUM traffic received on QFX5110 is not flooded to all remote VTEPs. PR1373093

  • BOOTP packets might be dropped if BOOTP-support is not enabled at the global level. PR1373807

  • LLDP might stop fully working between a QFX10000 and a non-Juniper device. PR1374321

Routing Protocols

  • The rpf-check-policystatement does not work as expected. PR1336909

  • On QFX5110 platforms, setting MTU on an L3 interface does not take effect. PR1345495

  • On QFX10000 line platforms, NETCONF SSH TCP port 830 traffic is hitting host path or an unclassified queue. PR1345744

  • On QFX5100 and EX4600 platforms, parity errors in the L3 IPv4 table in the Packet Forwarding Engine memory might cause traffic to be dropped or silently discarded. PR1364657

Virtual Chassis

  • Traffic loop might be seen during network port to Virtual Chassis Port(VCP) port conversion. PR1346851

Documentation Updates

There are no documentation errata or changes for the QFX Series switches in Junos OS Release 18.3R3.

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network.

Upgrading Software on QFX Series Switches

When upgrading or downgrading Junos OS, always use the jinstall package. Use other packages (such as the jbundle package) only when so instructed by a Juniper Networks support representative. For information about the contents of the jinstall package and details of the installation process, see the Installation and Upgrade Guide and Junos OS Basics in the QFX Series documentation.

If you are not familiar with the download and installation process, follow these steps:

  1. In a browser, go to https://www.juniper.net/support/downloads/junos.html.

    The Junos Platforms Download Software page appears.

  2. In the QFX Series section of the Junos Platforms Download Software page, select the QFX Series platform for which you want to download the software.
  3. Select 18.3 in the Release pull-down list to the right of the Software tab on the Download Software page.
  4. In the Install Package section of the Software tab, select the QFX Series Install Package for the 18.3 release.

    An Alert box appears.

  5. In the Alert box, click the link to the PSN document for details about the software, and click the link to download it.

    A login screen appears.

  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.
  7. Download the software to a local host.
  8. Copy the software to the device or to your internal software distribution site.
  9. Install the new jinstall package on the device.Note

    We recommend that you upgrade all software packages out of band using the console, because in-band connections are lost during the upgrade process.

    Customers in the United States and Canada use the following command:

    user@host> request system software add source/jinstall-host-qfx-5-x86-64-18.3-R3.n-secure-signed.tgz reboot

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the switch.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname (available only for Canada and U.S. version)

    Adding the reboot command reboots the switch after the upgrade is installed. When the reboot is complete, the switch displays the login prompt. The loading process can take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note

After you install a Junos OS Release 18.3 jinstall package, you can issue the request system software rollback command to return to the previously installed software.

Installing the Software on QFX10002-60C Switches

This section explains how to upgrade the software, which includes both the host OS and the Junos OS. This upgrade requires that you use a VM host package—for example, a junos-vmhost-install-x.tgz .

During a software upgrade, the alternate partition of the SSD is upgraded, which will become primary partition after a reboot .If there is a boot failure on the primary SSD, the switch can boot using the snapshot available on the alternate SSD.

Note

The QFX10002-60C switch supports only the 64-bit version of Junos OS.

Note

If you have important files in directories other than /config and /var, copy the files to a secure location before upgrading. The files under /config and /var (except /var/etc) are preserved after the upgrade.

To upgrade the software, you can use the following methods:

If the installation package resides locally on the switch, execute the request vmhost software add <pathname><source> command.

For example:

user@switch> request vmhost software add /var/tmp/junos-vmhost-install-qfx-x86-64-18.3R3.9.tgz

If the Install Package resides remotely from the switch, execute the request vmhost software add <pathname><source> command.

For example:

user@switch> request vmhost software add ftp://ftpserver/directory/junos-vmhost-install-qfx-x86-64-18.3R3.9.tgz

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Installing the Software on QFX10002 Switches

Note

If you are upgrading from a version of software that does not have the FreeBSD 10 kernel (15.1X53-D30, for example), you will need to upgrade from Junos OS Release 15.1X53-D30 to Junos OS Release 15.1X53-D32. After you have installed Junos OS Release 15.1X53-D32, you can upgrade to Junos OS Release 15.1X53-D60 or Junos OS Release 18.3R3.

Note

On the switch, use the force-host option to force-install the latest version of the Host OS. However, by default, if the Host OS version is different from the one that is already installed on the switch, the latest version is installed without using the force-host option.

If the installation package resides locally on the switch, execute the request system software add <pathname><source> reboot command.

For example:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-f-x86-64-18.3R3.n-secure-signed.tgz reboot

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> reboot command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-f-x86-64-18.3R3.n-secure-signed.tgz reboot

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Upgrading Software from Junos OS Release 15.1X53-D3X to Junos OS Release 15.1X53-D60, 15.1X53-D61.7, 15.1X53-D62, and 15.1X53-D63 on QFX10008 and QFX10016 Switches

Note

Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://www.juniper.net/support.

The switch contains two Routing Engines, so you will need to install the software on each Routing Engine (re0 and re1).

If the installation package resides locally on the switch, execute the request system software add <pathname><source> command.

To install the software on re0:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re0

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re0 command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re0

To install the software on re1:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re1

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re1 command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re1

Reboot both Routing Engines.

For example:

user@switch> request system reboot both-routing-engines

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Installing the Software on QFX10008 and QFX10016 Switches

Because the switch has two Routing Engines, perform a Junos OS installation on each Routing Engine separately to avoid disrupting network operation.

Note

Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://www.juniper.net/support.

Warning

If graceful Routing Engine switchover (GRES), nonstop bridging (NSB), or nonstop active routing (NSR) is enabled when you initiate a software installation, the software does not install properly. Make sure you issue the CLI delete chassis redundancy command when prompted. If GRES is enabled, it will be removed with the redundancy command. By default, NSR is disabled. If NSR is enabled, remove the nonstop-routing statement from the [edit routing-options] hierarchy level to disable it.

  1. Log in to the master Routing Engine’s console.

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  2. From the command line, enter configuration mode:

    user@switch> configure
  3. Disable Routing Engine redundancy:

    user@switch# delete chassis redundancy
  4. Disable nonstop-bridging:

    user@switch# delete protocols layer2-control nonstop-bridging
  5. Save the configuration change on both Routing Engines:

    user@switch# commit synchronize
  6. Exit the CLI configuration mode:

    user@switch# exit

    After the switch has been prepared, you first install the new Junos OS release on the backup Routing Engine, while keeping the currently running software version on the master Routing Engine. This enables the master Routing Engine to continue operations, minimizing disruption to your network.

    After making sure that the new software version is running correctly on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the software version on the other Routing Engine.

  7. Log in to the console port on the other Routing Engine (currently the backup).

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  8. Install the new software package using the request system software add command:

    user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-f-x86-64-18.3R3.n-secure-signed.tgz

    For more information about the request system software add command, see the CLI Explorer.

  9. Reboot the switch to start the new software using the request system reboot command:

    user@switch> request system reboot
    Note

    You must reboot the switch to load the new installation of Junos OS on the switch.

    To abort the installation, do not reboot your switch. Instead, finish the installation and then issue the request system software delete <package-name> command. This is your last chance to stop the installation.

    All the software is loaded when you reboot the switch. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.

    While the software is being upgraded, the Routing Engine on which you are performing the installation is not sending traffic.

  10. Log in and issue the show version command to verify the version of the software installed.

    user@switch> show version

    Once the software is installed on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the master Routing Engine software.

  11. Log in to the master Routing Engine console port.

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  12. Transfer routing control to the backup Routing Engine:

    user@switch> request chassis routing-engine master switch

    For more information about the request chassis routing-engine master command, see the CLI Explorer.

  13. Verify that the backup Routing Engine (slot 1) is the master Routing Engine:

    user@switch> show chassis routing-engine
  14. Install the new software package using the request system software add command:

    user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-f-x86-64-18.3R3.n-secure-signed.tgz

    For more information about the request system software add command, see the CLI Explorer.

  15. Reboot the Routing Engine using the request system reboot command:

    user@switch> request system reboot
    Note

    You must reboot to load the new installation of Junos OS on the switch.

    To abort the installation, do not reboot your system. Instead, finish the installation and then issue the request system software delete jinstall <package-name> command. This is your last chance to stop the installation.

    The software is loaded when you reboot the system. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.

    While the software is being upgraded, the Routing Engine on which you are performing the installation does not send traffic.

  16. Log in and issue the show version command to verify the version of the software installed.

  17. Transfer routing control back to the master Routing Engine:

    user@switch> request chassis routing-engine master switch

    For more information about the request chassis routing-engine master command, see the CLI Explorer.

  18. Verify that the master Routing Engine (slot 0) is indeed the master Routing Engine:

    user@switch> show chassis routing-engine

Performing a Unified ISSU

You can use unified ISSU to upgrade the software running on the switch with minimal traffic disruption during the upgrade.

Note

Unified ISSU is supported in Junos OS Release 13.2X51-D15 and later.

Perform the following tasks:

Preparing the Switch for Software Installation

Before you begin software installation using unified ISSU:

  • Ensure that nonstop active routing (NSR), nonstop bridging (NSB), and graceful Routing Engine switchover (GRES) are enabled. NSB and GRES enable NSB-supported Layer 2 protocols to synchronize protocol information between the master and backup Routing Engines.

    To verify that nonstop active routing is enabled:

    Note

    If nonstop active routing is enabled, then graceful Routing Engine switchover is enabled.

    If nonstop active routing is not enabled (Stateful Replication is Disabled), see Configuring Nonstop Active Routing on Switches for information about how to enable it.

  • Enable nonstop bridging (NSB). See Configuring Nonstop Bridging on Switches (CLI Procedure) for information on how to enable it.

  • (Optional) Back up the system software—Junos OS, the active configuration, and log files—on the switch to an external storage device with the request system snapshot command.

Upgrading the Software Using Unified ISSU

This procedure describes how to upgrade the software running on a standalone switch.

To upgrade the switch using unified ISSU:

  1. Download the software package by following the procedure in the Downloading Software Files with a Browser section in Installing Software Packages on QFX Series Devices.

  2. Copy the software package or packages to the switch. We recommend that you copy the file to the /var/tmp directory.

  3. Log in to the console connection. Using a console connection allows you to monitor the progress of the upgrade.

  4. Start the ISSU:

    • On the switch, enter:

      where package-name.tgz is, for example, jinstall-host-qfx-10-f-x86-64-18.3R3.n-secure-signed.tgz.

    Note

    During the upgrade, you cannot access the Junos OS CLI.

    The switch displays status messages similar to the following messages as the upgrade executes:

    Note

    A unified ISSU might stop, instead of abort, if the FPC is at the warm boot stage. Also, any links that go down and up will not be detected during a warm boot of the Packet Forwarding Engine (PFE).

    Note

    If the unified ISSU process stops, you can look at the log files to diagnose the problem. The log files are located at /var/log/vjunos-log.tgz.

  5. Log in after the reboot of the switch completes. To verify that the software has been upgraded, enter the following command:

  6. Ensure that the resilient dual-root partitions feature operates correctly, by copying the new Junos OS image into the alternate root partitions of all of the switches:

    Resilient dual-root partitions allow the switch to boot transparently from the alternate root partition if the system fails to boot from the primary root partition.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2 and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.

You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.

Product Compatibility

Hardware Compatibility

To obtain information about the components that are supported on the devices, and the special compatibility guidelines with the release, see the Hardware Guide for the product.

To determine the features supported on QFX Series switches in this release, use the Juniper Networks Feature Explorer, a Web-based application that helps you to explore and compare Junos OS feature information to find the right software release and hardware platform for your network. Find Feature Explorer at https://apps.juniper.net/feature-explorer/.

Hardware Compatibility Tool

For a hardware compatibility matrix for optical interfaces and transceivers supported across all platforms, see the Hardware Compatibility tool.

Release History Table
Release
Description
Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the Junos Telemetry Interface (JTI).