Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for the QFX Series

 

These release notes accompany Junos OS Release 18.4R3 for the QFX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

New and Changed Features

This section describes the new features and enhancements to existing features in the Junos OS main release and the maintenance releases for QFX Series.

Note

The following QFX Series platforms are supported in Release 18.4R3: QFX5100, QFX5110, QFX5120, QFX5200, QFX5210, QFX10002, QFX10008, and QFX10016. Junos on White Box is also supported in Release 18.4R1.

New and Changed Features: 18.4R3

There are no new features in Junos OS Release 18.4R3 for QFX Series.

New and Changed Features: 18.4R2

EVPNs

  • Layer 2 and Layer 3 VXLAN gateways (EX4650 and QFX5120 switches)—Starting with Junos OS Release 18.4R2, you can deploy EX4650 and QFX5120 switches as follows:

    • As a Layer 2 VXLAN gateway, or a Layer 2 and Layer 3 VXLAN gateway in an EVPN overlay network

    • (QFX5120 switches only) As a Layer 2 VXLAN gateway in an Open vSwitch Database (OVSDB) overlay network

    VXLAN is an overlay technology that allows you to stretch Layer 2 connections over an intervening Layer 3 network by encapsulating (tunneling) Ethernet frames in a VXLAN packet that includes IP addresses. Using VXLANs to connect Layer 2 domains over a Layer 3 network means that you do not need to use the Spanning Tree Protocol (STP) to converge the topology (so no links are blocked) but can use more robust routing protocols in the Layer 3 network instead.

    [See Understanding VXLANs.]

  • EVPN control plane and VXLAN data plane support (EX4650 and QFX5120 switches)—Starting with Junos OS Release 18.4R2, EX4650 and QFX5120 switches support EVPN-VXLAN. By using a Layer 3 IP-based underlay network coupled with an EVPN-VXLAN overlay network, you can place endpoints anywhere in the network and remain connected to the same logical Layer 2 network.

    EVPN-VXLAN is commonly deployed over the following physical underlay architectures:

    • A two-layer IP fabric that includes spine devices (Layer 3 VXLAN gateways) and leaf devices (Layer 2 VXLAN gateways). You can deploy EX4650 and QFX5120 switches as spine or leaf devices in this fabric.

    • A one-layer IP fabric that includes leaf devices that function as both Layer 2 and Layer 3 VXLAN gateways. You can deploy EX4650 and QFX5120 switches as leaf nodes in this fabric.

    [See Understanding EVPN with VXLAN Data Encapsulation.]

  • EVPN pure type-5 route support (EX4650 and QFX5120 switches)—Starting with Junos OS Release 18.4R2, you can configure pure type-5 routing in an EVPN-VXLAN environment. Pure type-5 routing is used when the Layer 2 domain does not exist at the remote data centers. A pure type-5 route advertises the summary IP prefix and includes a BGP extended community called a router MAC, which carries the MAC address of the sending switch and provides next-hop reachability for the prefix. To configure pure type-5 routing, include the ip-prefix-routes advertise direct-nexthop statement at the [edit routing-instances routing-instance-name protocols evpn] hierarchy level. To enable two-level equal-cost multipath (ECMP) next hops in an EVPN-VXLAN overlay network, you must also include the overlay-ecmp statement at the [edit forwarding-options vxlan-routing] hierarchy level.

    [See ip-prefix-routes.]

  • Selective multicast forwarding and SMET support in EVPN-VXLAN (QFX5110 and QFX5120 switches)—Starting in Junos OS Release 18.4R2, Junos OS supports selective multicast Ethernet forwarding in an EVPN-VXLAN network. IGMP snooping enabled devices on a bridge domain monitor and selectively forward traffic from the access interface to the core. Devices that support selective multicast Ethernet forwarding do not send multicast traffic to all devices. Instead, they replicate and forward multicast traffic only to the devices that indicate an interest. This feature is supported on a spine-and-leaf topology where the network can consist of a mix of devices that support selective multicast Ethernet and those that do not support this feature.

    [See Selective Multicast Forwarding.]

  • BPDU protection in EVPN-VXLAN (QFX5100, QFX5110, and QFX5200 switches)—Starting in Junos OS Release 18.4R2, you can enable BPDU protection in an EVPN-VXLAN configuration. With a spanning tree protocol configured on an edge port, you can enable BPDU protection. If a BPDU is received on the edge port, the edge port is disabled and it stops forwarding all traffic. You can also configure BPDU protection on VXLAN interfaces without a spanning tree protocol configured, or enable BPDU protection and have other traffic forwarded. Only the BPDUs are dropped, and all other traffic is forwarded. Additionally, you can unblock an interface either automatically or manually.

    • To enable BPDU protection with RSTP on an edge port on access and leaf devices:

      set protocols rstp interface interface-name edge

      set protocols rstp bpdu-block-on-edge

    • To enable BPDU protection with a spanning tree protocol on access and leaf devices:

      set protocols layer2-control bpdu-block interface interface-name

    • To enable BPDU protection but still forward other traffic on access and leaf devices:

      set protocols layer2-control bpdu-block interface interface-name drop

    • To automatically unblock an interface using an expiry timer on access and leaf devices:

      set protocols layer2-control bpdu-block disable-timeout time in seconds

    • To manually unblock an interface on access and leaf devices:

      run clear error bpdu interface all

  • Assisted replication in data centers with EVPN-VXLAN overlay networks (QFX Series switches)—Starting in Junos OS Release 18.4R2, QFX Series switches support assisted replication (AR) in data centers with EVPN-VXLAN networks to optimize replication of BUM traffic being forwarded into the EVPN core. Instead of flooding BUM traffic using ingress replication, devices configured as AR leaf devices forward the traffic to an AR replicator device that can better handle the replication load, and only the AR replicator device replicates and forwards the traffic to the overlay tunnels. You can configure switches in the QFX10000 line as AR replicator devices and any QFX Series devices that support EVPN-VXLAN as AR leaf devices.

    AR devices advertise EVPN Type 3 (Inclusive Multicast Ethernet Tag [IMET]) routes that include special AR Type and Flags fields indicating AR device roles. The network can also include devices that do not support AR (regular network virtualization edge (RNVE) devices), which ignore AR routes and use ingress replication to forward BUM traffic toward the EVPN core.

    You can configure AR with IGMP snooping to further optimize BUM traffic replication and forwarding.

    To enable assisted replication and configure devices into AR replicator or AR leaf roles, use the assisted-replication configuration statement at the [edit protocols evpn] hierarchy level.

Software Defined Networking

  • Layer 2 and Layer 3 VXLAN gateways (EX4650 and QFX5120 switches)—Starting with Junos OS Release 18.4R2, you can deploy EX4650 and QFX5120 switches as follows:

    • As a Layer 2 VXLAN gateway, or a Layer 2 and Layer 3 VXLAN gateway in an EVPN overlay network

    • (QFX5120 switches only) As a Layer 2 VXLAN gateway in an OVSDB overlay network

    VXLAN is an overlay technology that allows you to stretch Layer 2 connections over an intervening Layer 3 network by encapsulating (tunneling) Ethernet frames in a VXLAN packet that includes IP addresses. Using VXLANs to connect Layer 2 domains over a Layer 3 network means that you do not need to use the Spanning Tree Protocol (STP) to converge the topology (so no links are blocked) but can use more robust routing protocols in the Layer 3 network instead.

    [See Understanding VXLANs.]

  • OVSDB support with VMware NSX for vSphere (QFX5120 switches)—Starting with Junos OS Release 18.4R2, the Open vSwitch Database (OVSDB) management protocol provides a control plane through which an NSX controller can provision QFX5120 switches. In an environment in which NSX Release 6.4.5 or later is deployed, an NSX controller and these switches can exchange control and statistical information, thereby enabling virtual machine (VM) traffic from entities in a virtualized network to be forwarded to entities in a physical network and the reverse.

    The physical underlay network over which OVSDB-VXLAN is commonly deployed is a two-layer IP fabric that includes spine and leaf devices. The spine devices function as Layer 3 VXLAN gateways, and the leaf devices function as Layer 2 VXLAN gateways. You can deploy QFX5120 switches as leaf devices in this fabric.

    [See Understanding the OVSDB Protocol Running on Juniper Networks Devices.]

New and Changed Features: 18.4R1

Authentication, Authorization, and Accounting (AAA)

  • Support for password change policy enhancement (QFX Series)—Starting in Junos OS Release 18.4R1, the Junos OS password change policy for local user accounts is enhanced to comply with additional password policies. As part of the policy improvement, you can configure the following:

    • maximum-lifetime-value—The maximum duration of a password. The password expires after the maximum is reached.

    • minimum-lifetime-value—The minimum duration of a password. You cannot change the password until the minimum duration is reached.

    [See password.]

Class of Service (CoS)

  • Class of service support on VXLAN interfaces (QFX10000)—Starting with Junos OS 18.4R1, standard class of service (CoS) features-–classifiers, rewrite rules, and schedulers-–are supported on VXLAN interfaces on the QFX10000 line of switches.

    [See Understanding CoS on OVSDB-Managed VXLAN Interfaces.]

  • Class of service support on VXLAN interfaces (QFX5100)—Starting with Junos OS 18.4R1, standard class of service (CoS) features - classifiers, rewrite rules, and schedulers - are supported on VXLAN interfaces on QFX5100 switches.

    [See Understanding CoS on OVSDB-Managed VXLAN Interfaces.]

EVPNs

  • Support for graceful restart on EVPN-VXLAN (QFX Series)—Starting in Junos OS Release 18.4R1, Junos OS supports graceful restart on EVPN-VXLAN on EX9200 and QFX Series switches and MX Series routers. Graceful restart allows the device to recover from a routing process restart or Routing Engine switchover without nonstop active routing (NSR) enabled.

    [See NSR and Unified ISSU Support for EVPN Overview.]

  • Selective multicast forwarding and SMET support in EVPN-VXLAN (QFX10002, QFX10008, and QFX10016)—Starting in Junos OS Release 18.4R1, Junos OS supports selective multicast forwarding in a centrally EVPN-VXLAN network. Devices on a bridge domain with IGMP snooping enabled will monitor traffic on the access interfaces and selective forwarding towards the core. Devices that support selective multicast forwarding replicate and forward multicast traffic only to other interested devices. This feature is supported on a centrally-routed spine-and-leaf topology on QFX 10000 switches where the network can consist of a mix of SMET supported and non-SMET supported devices. This is achieved because the ingress devices can flood multicast traffic to the non-SMET capable devices while selectively forwarding the traffic among SMET capable devices. The ingress device can determine whether a device on the EVPN network is capable of supporting SMET by the presence or absences of the multicast flag community in a EVPN type 3 route message and will forward the traffic accordingly. Thus, the data center fabric can be upgraded in phases without disrupting existing multicast operations.

    [See Selective Multicast Forwarding .]

  • Support for VMTO for ingress traffic (QFX Series)—Starting in Junos OS Release 18.4R1, you can configure a leaf or spine device that is configured as a Layer 3 gateway to support virtual machine traffic optimization (VMTO) for ingress traffic. VMTO eliminates the unnecessary ingress routing to default gateways when a virtual machine is moved from one data center to another.

    To enable VMTO, configure remote-ip-host routes at the [edit routing-instances routing-instance-name protocols evpn] hierarchy level. You can also filter out the unwanted routes by configuring an import policy under the remote-ip-host routes option.

    [See Configuring EVPN Routing Instances.]

  • Support for multihomed proxy advertisement (QFX Series)—Starting in Junos OS Release 18.4R1, Junos OS now provides enhanced support to proxy advertise the MAC address and IP route entry from all leaf devices that are multihomed to a CE device. This can prevent traffic loss when one of the connection to the leaf device fails. To support the multihomed proxy advertisement, all multihomed PE devices should have the same multihomed proxy advertisement bit value. The multihomed proxy advertisement feature is enabled by default, and Junos OS uses the default multihomed proxy advertisement bit value of 0x20.

    [See EVPN Multihoming Overview.]

  • Layer 2 and 3 families, encapsulation types, and VXLAN on the same physical interface (QFX5100, QFX5110, and QFX5200 switches)—You can configure and commit the following on a physical interface of a QFX5100, QFX5110, or QFX5200 switch in an EVPN-VXLAN environment:

    • Layer 2 bridging (family ethernet-switching) on any logical interface unit number (unit 0 and any nonzero unit number).

    • VXLAN on any logical interface unit number (unit 0 and any nonzero unit number).

    • Layer 2 bridging (family ethernet-switching and encapsulation vlan-bridge) on different logical interfaces (unit 0 and any nonzero unit number).

    • Layer 3 IPv4 routing (family inet) and VXLAN on different logical interfaces (unit 0 and any nonzero unit number).

    For these configurations to be successfully committed and to work properly, you must specify the encapsulation flexible-ethernet-services configuration statement at the physical interface level—for example, set interfaces xe-0/0/5 encapsulation flexible-ethernet-services.

    This feature was previously introduced in Junos OS Release 18.1R3.

    [See Understanding Flexible Ethernet Services Support With EVPN-VXLAN.]

  • Automatically generated Ethernet segment identifiers in EVPN-VXLAN and EVPN-MPLS networks (MX240, MX480, QFX5100, and QFX5110)—Starting in Junos OS Release 18.4R1, you can configure aggregated Ethernet interfaces and aggregated Ethernet logical interfaces to automatically derive Ethernet segment identifiers (ESIs) from the Link Aggregation Control Protocol (LACP) configuration. This feature is supported in the following environments:

    • On Juniper Networks devices that are multihomed in active-active mode in an EVPN-VXLAN overlay network.

    • On Juniper Networks devices that are multihomed in active-standby or active-active mode in an EVPN-MPLS overlay network.

    [See Understanding Automatically Generated and Assigned ESIs in EVPN Networks.]

  • MAC filtering, storm control, and port mirroring support in EVPN-VXLAN overlay networks (QFX5100 and QFX5110 switches)—QFX5100 and QFX5110 switches support the following features in an EVPN-VXLAN overlay network:

    • MAC filtering

    • Storm control

    • Port mirroring and analyzers

    [See MAC Filtering, Storm Control, and Port Mirroring Support on EVPN-VXLAN Interfaces. ]

  • MAC filtering and storm control support in EVPN-VXLAN overlay networks (QFX10002 and QFX10008 switches)—QFX10002 and QFX10008 switches support the following features in an EVPN-VXLAN overlay network:

    • MAC filtering

    • Storm control

    [See MAC Filtering, Storm Control, and Port Mirroring Support on EVPN-VXLAN Interfaces. ]

  • IPv6 data traffic support through an EVPN-VXLAN overlay network (QFX10000 and QFX5110 switches)—Starting with Junos OS Release 18.4R1, QFX10000 and QFX5110 switches that function as Layer 3 VXLAN gateways can route IPv6 data traffic through an EVPN-VXLAN overlay network. With this feature enabled, Layer 2 or 3 data packets from one IPv6 host to another IPv6 host are encapsulated with an IPv4 outer header and transported over the IPv4 underlay network. The Layer 3 VXLAN gateways in the EVPN-VXLAN overlay network learn the IPv6 routes through the exchange of EVPN type-2 and type-5 routes.

    This feature was previously introduced in Junos OS Release 15.1X53-D30 on QFX10000 switches.

    [See Routing IPv6 Data Traffic through an EVPN-VXLAN Network With an IPv4 Underlay.]

High Availability (HA) and Resiliency

  • VRRP scale improvements per aggregated Ethernet bundle (QFX Series)—Starting in Junos OS Release 18.4R1, you can configure up to 4000 active VRRP sessions per aggregated Ethernet bundle on QFX Series routers. To configure VRRP support, include the vrrp-group statement at the [edit interfaces interface-name unit logical-unit-number family inet address ip-address] hierarchy level.

    [See Understanding VRRP]

Junos on White Box

Operation, Administration, and Maintenance (OAM)

  • Connectivity fault management (CFM) support (QFX5200 and QFX5210)—IEEE 802.1ag CFM provides fault isolation and detection over large Layer 2 networks that may span several service provider networks. You can configure CFM to monitor, isolate, and verify faults in these interconnected provider bridge networks. Starting in Junos OS Release 18.4R1, Junos OS provides CFM support on QFX5200 and QFX5210.

    CFM support on QFX5200 and QFX5210 has the following limitations:

    • CFM support is provided via software using filters. This can impact scaling.

    • Inline Packet Forwarding Engine mode is not supported. In Inline PFE mode, you can delegate periodic packet management (PPM) processing to the Packet Forwarding Engine which results in faster packet handling. The CCM interval supported is 10 milliseconds.

    • Performance monitoring (ITU-T Y.1731 Ethernet Service OAM) is not supported.

    • CCM interval of less than 1 second is not supported.

    • CFM is not supported on routed interfaces and aggregated Ethernet (lag) interfaces.

    • MIP half function, to divide the MIP functionality into two unidirectional segments to improve network coverage, is not supported.

    • Up MEP is not supported.

    • Total number of CFM sessions supported is 20.

    [See Understanding Ethernet OAM Connectivity Fault Management for Switches.]

System Management

  • Passive Monitoring support (QFX10000 switches)— Starting with Junos OS Release 18.4R1, you can enable passive monitoring on the switch to passively capture traffic from monitoring interfaces. Passive monitoring provides filtering capabilities for monitoring ingress and egress traffic at the Internet point of presence (PoP) where security networks are attached. With passive monitoring, the switch does not route packets from the monitored interface or run any routing protocols related to those interfaces. It only receives traffic flows, collects intercepted traffic, and exports it to monitoring tools like IDS servers and packet analyzers, or other devices such as routers or end node hosts. To enable this feature, include the passive-monitor-mode statement at the [edit interface] hierarchy level. This feature was previously supported in an "X" release of Junos OS.

    See [Understanding Passive Monitoring on QFX10000 Switches.]

  • IPv6 support added to Precision Time Protocol (PTP) G.8275.2) enhanced profile (QFX5110 and QFX5200 switches)— Starting with Junos OS Release 18.4R1, the G.8275.2 enhanced profile supports IPv6 transport.

    To configure the G.8275.2 enhanced profile, enable the g.8275.2.enh statement at the [edit protocols ptp profile-type] Junos OS CLI hierarchy.

    To configure IPv6 transport, enable the ipv6 statement at the [edit protocols ptp master interface interface-name unicast-mode transport] and [edit protocols ptp slave interface interface-name unicast-mode transport] Junos OS CLI hierarchies.

VPNs

  • Support to control traceroute over Layer 3 VPN (QFX Series)—Starting in Junos OS Release 18.4R1, in a Layer 3 VPN topology with vrf-table-label configured and multiple customer edge (CE) routers configured in the same VPN routing and forwarding (VRF) routing instance, when traceroute is performed to a remote provider edge (PE) router for a CE-facing network, the ICMP time exceeded packet determines the correct IP address as the source address.

    To control the traceroute over Layer 3 VPN topology with vrf-table-label configured and multiple CE routers configured in the same VRF, you can configure allow-l3vpn-traceroute-src-select at the[edit system] hierarchy level that determines the correct IP source address by reviewing the destination routing instance and destination IP address.

    [See allow-l3vpn-traceroute-src-select.]

Changes in Behavior and Syntax

This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands from Junos OS main release and the maintenance releases for QFX Series.

Changes in Behavior and Syntax: 18.4R3-S4

Platform and Infrastructure

  • Priority-based flow control (PFC) support (QFX5120-32C)—Starting with JunosOS 18.4R3-S4, QFX5120-32C switches support priority-based flow control (PFC) using Differentiated Services code points (DSCP) at Layer 3 for untagged traffic.

  • IGMP snooping in EVPN-VXLAN multihoming environments (QFX5110)—In an EVPN-VXLAN multihoming environment on QFX5110 switches, you can now selectively enable IGMP snooping only on those VLANs that might have interested listeners. In earlier releases, you must enable IGMP snooping on all VLANs associated with any configured VXLANs because all the VXLANs share VXLAN tunnel endpoints (VTEPs) between the same multihoming peers and require the same settings. This is no longer a configuration limitation.

Changes in Behavior and Syntax: 18.4R3

Junos Telemetry Interface

  • Automatic installation of YANG-based CLI for RIFT protocol (MX Series, QFX Series, and vMX with 64-bit and x86-based servers)—In Rift 1.2 Release, installation of the CLI for RIFT protocol occurs automatically along with the installation of the junos-rift package. In the pre-1.0 releases of the junos-rift package, the RIFT CLI had to be installed separately using request system yang command after installation of the junos-rift package.

Routing Protocols

  • Advertising /32 secondary loopback addresses to traffic engineering database as prefixes (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—We've made changes to export multiple loopback addresses to the lsdist.0 and lsdist.1 routing tables as prefixes. This eliminates the issue of advertising secondary loopback addresses as router IDs instead of prefixes. In earlier releases, multiple secondary loopback addresses in the traffic engineering database were added to the lsdist.0 and lsdist.1 routing tables as part of node characteristics and advertised them as the router ID.

  • Precision Time Protocol (PTP) interface configuration (MX2020, MX2010, MX480, MX960, and MX240)—Remove the aggregated Ethernet interface association and upgrade the device when configuring PTP interface.

Network Management and Monitoring

  • entPhysicalTable fetched on QFX10002—In Junos OS Release 18.4R3, the MIB data for entPhysicalTable is fetched on a QFX10002-72Q or QFX10002-36Q switch.

    [See SNMP Explorer.]

Changes in Behavior and Syntax: 18.4R2-S1

Software-Defined Networking (SDN)

  • Increase in the maximum value of delegation-cleanup-timeout (QFX Series)—You can now configure a maximum of 2147483647 seconds as the delegation cleanup time for a Path Computation Client (PCC). This extends the time taken by the PCC to retain the last provided path over a PCEP session from the last session down time.

    With the increase in maximum value of delegation-cleanup-timeout from 600 to 2147483647 seconds, you can benefit during a Path Computation Element (PCE) failover, or other network issues that may disrupt the PCEP session with the main active stateful PCE.

    [See delegation-cleanup-timeout.]

Changes in Behavior and Syntax: 18.4R2

EVPNs

  • New options in show evpn instance command (QFX series)—Starting in Junos OS Release 18.4R2, you can use the show evpn instance esi-info command to display only the ESI information for a routing instance and show evpn instance neighbor-info to display only the IP address of the EVPN neighbor for a routing instance. Information associated with the ESI, such as the route distinguisher, bridge domain, and IRB are filtered out.

  • Changes to show evpn instance extensive command (QFX series)—Starting in Junos OS Release 18.4R2, the output for show evpn instance extensive displays information on the core next hop for unknown multicast streams only. For known multicast streams, use the show evpn igmp-snooping proxy command.

  • Support for disabling automatic ESI generation (MX Series and QFX Series)—Starting with Junos OS Release 18.4R2, Junos OS supports disabling the automatic ESI generation for virtual gateway addresses. We recommend that you disable the automatic ESI generation for EVPN networks with edge-routed bridging to improve performance. To disable automatic ESI generation, include the no-auto-virtual-gateway-esi statement at the [edit interfaces name irb unit logical-unit-number] hierarchy level.

Interfaces and Chassis

  • Commit error when GRE interface and tunnel source interface configured in different routing instances (QFX Series)—In Junos OS Releases 17.3R4, 17.4R3, 18.1R4, 18.2R3, 18.3R2, and 18.4R2, QFX Series switches do not support configuring a GRE interface and the underlying tunnel source interface in two different routing instances. If you try this configuration, it will result in a commit error with the following error message:

    error: GRE interface (gr-0/0/0.0) and its underlying tunnel source interface are in different routing-instances

    error: configuration check-out failed

    [See Understanding Generic Routing Encapsulation .]

  • New XML tag element <lacp-hold-up-state> added in show lacp interfaces XML display (QFX Series)—In Junos OS Release 18.4R2, the show lacp interfaces | display xml command displays a new XML tag element <lacp-hold-up-state>. The <lacp-hold-up-state> displays the time interval an interface holds before it changes state from down to up. In earlier Junos OS releases, the LACP hold-up the information for all interfaces were in a single <lacp-hold-up-information> XML tag. This information for each interface is now displayed in a separate <lacp-hold-up-information> XML tag.

  • The resilient-hash statement is no longer available under aggregated-ether-options (QFX5200 and QFX5210 switches)—Starting in Junos OS Release 18.4R2, the resilient-hash statement is no longer available at the [edit interfaces aex aggregated-ether-options] hierarchy level. Resilient hashing is not supported on LAGs on QFX5200 and QFX5210.

    [See aggregated-ether-options.]

  • Logical interface is created along with physical interface by default (QFX10000 and QFX5000 line of switches)—In Junos OS Release 18.4R2, on the QFX10000 line of switches, by default, logical interface are created on et-, sxe-, and non-channelized xe- interface along with the physical interface. In earlier Junos OS Releases, by default, only physical interfaces are created.

    On QFX5000 line of routers, by default logical interface is created on channelized xe- interfaces. In earlier Junos OS releases, by default, channelized interfaces (xe-0/0/0:1, xe-0/0/0:2, and so on) do not have logical interfaces by default and only the nonchannelized et- and xe- interfaces and sxe- creates logical interfaces.

  • Logical Interface is created along with physical Interface by default (QFX Series switches)—In Junos OS Release 18.4R2 and later, logical interface is created on ge, et, xe interfaces along with the physical interface, by default. In earlier Junos OS Releases, by default, only physical interfaces are created.

    For example, for ge interfaces, earlier when you view the show interfaces command, by default, only the physical interface (ge-0/0/0), is displayed. Now, the logical interface (ge-0/0/0.16386) is also displayed.

Security

  • Syslog or log action on firewall drops packets (QFX5000 switches)—Starting in Junos OS Release 18.4R2, if you configure a syslog or log action on an ingress firewall filter, control packets and ICMP packets sent to the Routing Engine might be dropped.

  • Firewall warning message (QFX5000 switches)—Starting in Junos OS Release 18.4R2, a warning message is displayed whenever a firewall term includes log or syslog with the accept filter action.

Services Applications

  • Commit check for incomplete tunnel encapsulation configuration on flexible tunnel interface (FTI)—Tunnel encapsulation configuration is mandatory for FTI interfaces. In Junos OS Release18.4R2, when you try to commit any incomplete tunnel encapsulation configuration on an FTI, the CLI displays a commit error message.

Changes in Behavior and Syntax: 18.4R1

Interfaces and Chassis

  • Change in default action for fatal errors (QFX10002, QFX10008, and QFX10016 switches)—Starting in Junos OS Release 18.4R1, by default, for all fatal errors on the QFX10000 line of switches, Junos OS raises an alarm and disables all Packet Forwarding Engine interfaces that raised the error.

  • Support for creating layer 2 logical interface independently (ACX Series, EX Series, MX Series, PTX Series, and QFX Series)—In Junos OS Releases 18.4R1, 18.4R2, and later, QFX Series switches support creating Layer 2 logical interfaces independent of the Layer 2 routing-instance type. That is, you can configure and commit the Layer 2 logical interfaces separately and add the interfaces to the bridge domain or Ethernet VPN (EVPN) routing instance separately. Note that the Layer 2 logical interfaces work fine only when they are added to the bridge domain or EVPN routing instance.

    In earlier Junos OS releases, when you use a Layer 2 logical interface configuration (units with encapsulation vlan-bridge configuration), then you must add the logical interface as part of a bridge domain or EVPN routing instance for the commit to succeed.

Network Management and Monitoring

  • The NETCONF server omits warnings in RPC replies when the rfc-compliant statement is configured and the operation returns <ok/> (QFX Series)—Starting in Junos OS Release 18.4R1, when you configure the rfc-compliant statement at the [edit system services netconf] hierarchy level to enforce certain behaviors by the NETCONF server, the server must not return an RPC reply that encloses both an <rpc-error> element and an <ok/> element. If the operation is successful, but the server reply would enclose one or more <rpc-error> elements of severity warning in addition to the <ok/> element, then the warnings are omitted. In earlier releases, or when the rfc-compliant statement is not configured, the NETCONF server might issue an RPC reply that encloses both an <rpc-error> element of severity warning and an <ok/> element.

  • SNMP customization configuration introduced (QFX Series)—In Junos OS Release 18.4R1, we’ve introduced the CLI configuration command set snmp customization ether-stats-ifd-only. When ether-stats-ifd-only is configured, the show snmp mib walk etherstatsTable command displays data only for physical interfaces

    [See customization (SNMP).]

Known Behavior

This section lists known behavior, system maximums, and limitations in hardware and software in Junos OS Release 18.4R3 for the QFX Series.

For the most complete and latest information about known Junos OS problems, use the Juniper Networks online Junos Problem Report Search application.

Class of Service (CoS)

  • On QFX5120 and EX4650 switches, if the CoS configurations are modified when egress traffic is shaped at a very low rate (less than 50 Mbps), packets might get stuck in the MMU buffers permanently. This condition might cause ingress or egress traffic drops. When low-rate shapers (less than 50 Mbps) are applied on egress queues, we suggest that you deactivate shaping before any CoS modification or ensure that traffic is stopped before doing CoS modification. PR1367432

EVPN

  • When a VLAN uses an IRB interface as the routing interface, the VLAN-ID parameter must be set to "none" to ensure proper traffic routing. This issue is platform independent. PR1287557

Infrastructure

  • If Junos OS panics with a filesystem-related panic, such as dup alloc, recovery through the OAM shell might be needed. From the OAM shell, run 'fsck' on the root volume until it is marked clean. Only at this point is it safe to reboot to the normal volume. PR1444941

Interfaces and Chassis

  • When you commit a configuration change for an IRB interface from VRRP to non-VRRP and also change the IRB address to VRRP VIP, Junos OS loses direct route from the IRB interfaces. This is a limitation, and this issue was logged in PR1191371. PR1319124

  • Multicast traffic can be flooded for 15 to 20 seconds to both MC-LAG peers, after the following sequence of steps:

    1. Disable or enable ICL.

    2. Reboot one of MC-LAG peers.

    3. Disable or enable a member link of ICL. This will result in no traffic loss, and one of the MC-LAG nodes will be processing duplicate packets during this time period. PR1422473

Layer 2 Features

  • The show multicast snooping route extensive command is currently not supported on QFX devices. PR1386905

  • In MH scenarios, a QFX5000 device does not support transition of the Remote Learnt Mac (DR) to Locally Learnt MAC (DL) when the traffic hashes to MH PE where the MAC is programmed as DR. Due to this, during MAC/MAC-IP aging, the MAC entry on both the PE devices will be deleted and re-learned. PR1419988

  • With QFX5110/5200 platforms, if storm control enabled on the interfaces along VXLAN configuration, storm control will not get effected with ARP REQ packets coming more than storm control threshold. PR1469837

MPLS

  • There will not be any warning message about Packet Forwarding Engine restart when MPLS tunnel extend configuration is deleted. PR1394722

Platform and Infrastructure

  • Port LEDs on the QFX5100 do not work. If a device connects to a port on the QFX5100, the port LED stays unlit. PR1317750

  • In QFX10002, based on memory availability, it can scale up to 300 remote PE with a total of 600 tunnels. It is not recommended to go beyond this scale to avoid exceeding memory. PR1329243

  • When the sFlow collector can be reached only through the Routing Engine, large samples because the heavy traffic might cause the Routing Engine CPU to become busy. PR1332337

  • In an IPCLOS topology, when a spine/leaf is rebooted, you might see around 100 seconds of traffic loss. The reason for this is that, Junos OS will start advertising routes before Packet Forwarding Engine route programming is completed, which can cause traffic loss. This is mainly a design trade-off. If we wait for Packet Forwarding Engine programming to complete, then route convergence will suffer. PR1341398

  • Hardware watchdog does not work on QFX10008 and QFX10002-60C/PTX10002-60C. PR1343131

  • The 100-Gigabit Ethernet interface goes down after you configure and delete the Ethernet loopback configuration. PR1353734

  • When VLAN is added as an action for changing the VLAN in both ingress and egress filters, the filter is not installed. PR1362609

  • A few error messages related to function rt_mesh_group_add_check() will be seen during reboot and are harmless. PR1365049

  • Autochannelization is not supported for "40GBASE-BXSR", "QSFP+40GE-LX4", "QSFP-100G-PSM4" and "100GBASE-BXSR" optics. PR1366103

  • The pm4x25_line_side_phymod_interfa statement might throw the error ERROR: u=0 p=81 interface type 16 not supported by internal SERDES for this speed 50000. This error message is seen when channelization is detected in Junos OS Release 18.1R3. PR1366137

  • When the egress-to-ingress option is enabled to use ingress TCAM for the egress filters, it is expected that the egress counters will count the packets on the ingress side as well. PR1369048

  • Error logs are expected when routes point to the target next hop, which in turn point to hold next hops. These error logs are present for a short time. Later, when the next hop changes from a hold next hop to a valid next hop, unilist next hops will be walked again and updated with the appropriate weight and reroute counters, and no more error logs will be seen. PR1387559

  • On Junos OS Release 18.4R1 branch, intermittent traffic loss is observed with RTG streams while flapping the RTG primary interface. PR1388082

  • Re-ARP request is sent without VLAN ID (so RE-ARP fails). PR1390794

  • With WRL7 on QFX5000 devices, there is a possibility in a reboot scenario of the system going to DB prompt. This is due to a known issue in the QEMU version in WRL7. As of now there is no plan to update the WRL version on QFX5000. PR1411826

  • If the commit fails with statements constraint check failed even though the dependent configuration is in place, there is a possibility that main and dependent configurations are configured through different groups. It is due to system constraints. PR1437047

  • CRC errors will be observed on VCP links with the QSFP-100G-SR4 transceiver. PR1455388

  • QFX5100 sends arp reply with vmac after remove vrrp and use same vip as RVI. PR1457087

  • The issue occurs because of a PECHIP limitation when underlay is tagged. After Decap when inner packet is recirculated it still retains the vlan tag property from outer header since outer header was tagged. Thus 4 bytes of inner tag got overwritten in inner packet and packet got corrupted which will result in EGP chksum trap seen in PECHIP. Fixing PECHIP limitation in software has high risk. It will be accommodated in future release. As a workaround, enable encapsulate-inner-vlan configuration. PR1435864

Routing Protocols

  • QFX5120: 254 neighbors and 200000 routes can be scaled for IS-ISv4. Beyond 200000 routes with 254 neighbors, adjacency flaps and traffic drop will be seen. However, with 40 neighbors and 351000 routes got scaled. PR1368106

  • Targeted broadcast functionality with VXLAN is not supported yet on QFX5000 platforms. In a non-vxlan case, broadcast destination IP lookup results in next hop with destination MAC of all 0xffs and gives the class-id for IFP to match and action to redirect to IPMC with VLAN membership check. In VXLAN case, Layer 3 egress interface, egr l3 next hop, ingress l3 entry creations are failing. PR1397086

  • QFX10002: After applying firewall family ethernet-switching filter from ether-type ARP, the firewall does not filter the ARP request and the counter does not increment. The configuration works if we disable the user-clan-id match from the term. PR1426590

  • On QFX5120 switches with VXLAN configured, user-configured ACLs are limited to only one type (iRACL, iVACL or iPACL). PR1464567

Virtual Chassis

  • A Virtual Chassis internal loop might happen on a node coming up from a reboot. During nonstop software upgrade (NSSU) on a QFX5100 Virtual Chassis, a minimal traffic disruption or traffic loop (greater than 2 seconds) might occur. PR1347902

Known Issues

This section lists the known issues in hardware and software for the QFX Series switches in Junos OS Release 18.4R3.

For the most complete and latest information about known Junos OS problems, use the Juniper Networks online Junos Problem Report Search application.

Class of Service (CoS)

  • On QFX5100 Series platforms, in some cases, CoS configuration is not applied appropriately in the Packet Forwarding Engine, leading to unexpected egress traffic drop on some interfaces. PR1329141

  • In a Junos fusion scenario, when traffic from AD (aggregation device) to SD (satellite device) is exported with a different DSCP marking, it might be changed into network-control queue on the extended port of SD. PR1433252

EVPN

  • Mac-move-shutdown stops working if a physical loop is introduced continuously in quick succession of 10 minutes. The issue is not seen every time but can occur only if a physical loop is introduced at least four times. If the loops span a long period, the issue is not seen. A test is performed to check the overall impact on basic features. There is no issue seen on basic learning or major impact on any protocol. This is a negative scenario, but it is unlikely to occur in a customer network where the multiple loops occur within a short time span. We need to fix the loop once occurred, as it can have multiple implications on network performance. PR1284315

  • At times, when l2ald is restarted, a race condition occurs where VTEP notification comes in from the kernel before lo0. As a result, l2ald is unable to process the VTEP add request and gets stuck in an indefinite loop. PR1384022

  • On a QFX10000 with nonstop routing enabled and running EVPN, if Routing Engine switchover occurs, EVPN traffic could see significant traffic loss. PR1394099

  • [evpn_vxlan] [virtual_switch] IRB mac/ip information will be deleted from ethernet-switching arp/nd table when no-arp-suppression is configured. PR1394959

  • To filter and see the output of desired ESI or neighbor information of an EVPN instance, we created two new choices, namely show evpn instance <> esi-info esi <> show evpn instance <> neighbor-info neighbor <>. PR1402175

  • In an assisted replication(AR)-enabled network, there will be blackholing of multicast traffic toward AR-leaf devices that do not support snooping if the AR replicators are snooping enabled. PR1403292

  • OVSDB-managed QFX5100 or QFX5110 is encapsulating VXLAN traffic and sending to the incorrect destination MAC when multiple remote VTEPs are in the same subnet and reachable via an IRB interface in a stretched vlan. This issue is planned to be resolved on the QFX5110 but will not be resolved on the QFX5100. Resolution is still pending for the QFX5110. PR1424698

  • In Ethernet Virtual Private Network - Virtual Extensible LAN (EVPN-VXLAN) Core Isolation scenario, the server is multihomed to the leaf devices through LACP (Link Aggregation Control Protocol) interfaces. If GR (graceful restart) is enabled, upon system reboot or restart routing on the leaf device, the Core Isolation will not work. In the system reboot case, the issue results in the leaf device silently dropping the traffic sent from the server during the time window between LACP coming up and BGP (Border Gateway Protocol) coming up. In the restart routing case, there might be no traffic drop because of the GR. PR1461795

Forwarding and Sampling

  • Commit failure with error might be seen and the dfwd crashes when applying a firewall filter with action then traffic-class or then dscp to an interface. PR1452435

Infrastructure

  • When there is a high route churn or when there is a high rate of route updates being pushed to the kernel, the show interface command might show delay or not show all statistics due to route updates being prioritized over statistics messages. PR1250328

  • The following messages are seen during FTP: ftpd[14105]: bl_init: connect failed for `/var/run/blacklistd.sock (No such file or directory). PR1315605

Interfaces and Chassis

  • Traffic drop observed when trying to configure ae interface description. PR1305794

  • Customers might notice the flooding of ARP reply unicast packets as a result of an ARP request sent for the device's VRRP MAC address. This should not cause major issues. The ARP reply that is flooded in the VLAN by the device has the correct DMAC of the originator of the ARP request. In other words, the ARP reply is flooded but with the correct unicast DMAC. The ARP reply is not broadcast. PR1454764

Layer 2 Features

  • In QFX5000 platforms, when a scaled configuration (with greater than 3000 bridge domains and greater than 8000 ESI FILS) is overwritten with a functional configuration (with 4 bridge domains and less than 10 ESI IFLs), using load override command, it takes around 2 minutes for cleanup and adding of the new configuration. Without waiting for 2 minutes, if overwrite of the configuration is done multiple times, then some bridge domains are not cleaned up in CLI. PR1363410

  • On QFX Series platforms, if vlan-id-lists are configured under a single IFD (a physical interface), QinQ might be malfunctioning for certain vlan-id-list(s). PR1395312

  • On QFX Series , on the interfaces where LLDP is already disabled (commit) and there is any change on any interface in the next commit, l2cpd sends the message to disable LLDP on the all the interfaces to the kernel and the kernel tries to remove the implicit filters, which return ENOENT, since entries were already disabled during the first commit. The following messages are harmless to the system. PR1400606

  • On QFX5000 platforms, the FPC crashes when a firewall filter is applied on a logical unit of a DSC interface. This issue has traffic impact. PR1428350

  • On QFX5000 platforms with Ethernet Virtual Private Network (EVPN) and Virtual Extensible LAN (VXLAN) scenario, if there are underlying interface flaps for the core network side, all the ingress traffic might be silently dropped by the VXLAN Tunnel Endpoint (VTEP) due to this issue. PR1469596

  • With QFX5110/5200 platforms, if storm control is enabled on the interfaces along VXLAN configuration, storm control will not get affected with ARP REQ packets coming more than the storm control threshold. PR1469837

  • If a dummy interface (which is not on the system) is a part of an AE on which IPACL VxLAN filters are installed, we might see a DCPFE core file while deleting the dummy interface from under the AE. PR1476768

Layer 2 Ethernet Services

  • In MC-LAG with force-up scenario, the LACP PDU loop might be seen when both MC-LAG nodes and the access device are using same admin key. PR1379022

  • On the QFX5000 line of devices , when some (two or more than two) underlay interfaces with ECMP are brought down on leaf devices, the multihop BFD overlay sessions between spine and leaf devices might flap. And if BFD flaps, the protocols depending on BFD (typically, IBGP protocols) would also flap, which leads to traffic impact. PR1416941

MPLS

  • There could be some lingering RSVP state that would keep some labeled routes programmed in the Packet Forwarding Engine longer than they should be. This RSVP state will eventually expire and then delete the RSVP MPLS routes from FIB. However, traffic loss is not anticipated due to this lingering state or the corresponding label routes in the FIB. In the worst case, in a network, where there is persistent link flapping going on, this lingering state could interfere with the LSP scale being achieved. PR1331976

  • Statistics of transit traffic does not increment LSP statistics signaled by RSVP-TE. PR1362936

  • On QFX5000 switches, when ECMP resilient hash is enabled, the list of unicast next-hop entries may not be programmed correctly. This will impact traffic flow. After the fix applied in the software through this PR, resilient hash feature and hierarchical ECMP feature can't be used together. You must disable hierarchical ECMP, which is, default behavior in QFX5000, to enable the resilient-hash feature. PR1442033

Platform and Infrastructure

  • In configurations with IRB interfaces, during times of interface deletion (for example, FPC reboot), the Packet Forwarding Engine might log the error nh_ucast_change:291Referenced l2ifl not found. This condition should be transient, with the system reconverging on the expected state. PR1054798

  • Certain QFX Series devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as 'Etherleak' and often detected as CVE-2003-0001. Refer to JSA10773 for more information. PR1063645

  • Layer 3 multicast traffic does not converge to 100 percent and continuous drops are observed after the downstream interface goes down or comes up or while an FPC comes online after restarting. This happens with multicast replication for 1000 VLAN/IRB interfaces. PR1161485

  • When you issue request system reboot, the box undergoes zeroization, which triggers ZTP. During the mounting stage, /var/db/scripts/import does not get created, which later causes the configuration to be committed partially. This is seen in the warning Warning: Commit failed, activating partial configuration. Warning: Edit the router configuration to fix these errors. Root cause has not been identified for this problem. PR1289782

  • Port LEDs on the QFX5100 do not work. If a device connects to a port on the QFX5100, the port LED stays unlit. PR1317750

  • The error message is displayed when the FPC goes online or offline. PR1322491

  • Interface uptime has increased by 8 seconds from Junos OS Release 17.4R1 to Junos OS Release 18.1R1. Also, SDK upgrades across releases can impact the parameters such as login prompt appear time, FPC up time, and interface up time after switch reboot. PR1324374

  • On the QFX10002-60C, filter operation with log action is not supported for protocols other than Layer 2, IPv4, and IPv6. The following message is seen in firewall logs: Protocol 0 not recognized. PR1325437

  • This issue applies to QFX10002-60C platform only. When the user configures a Layer 2 filter with mixed Layer 2 and Layer 3/Layer 4 match conditions, error syslog is displayed to the user. The above has been corrected. With this fix, Junos OS software denies a commit when mixed Layer 2 and Layer 3/Layer 4 match conditions are configured on an Layer 2 filter. PR1326715

  • The BFD session over an aggregated Ethernet interface flaps when a member link carrying the BFD Tx flaps. PR1333307

  • On QFX10002, QFX10008, and QFX10016, ND is incorrectly working on an IRB/Layer 3 interface with a discard filter. PR1338067

  • While downgrading a device running Junos OS from a later release, the box goes into amnesiac state with the following error: during system boot up: Creating initial configuration: mgd: error: commit-script mgd: error: could not open translation script: /var/db/scripts/translation/openconfig-policy.slax: No such file or directory mgd: error: 1 error reported by translation scripts mgd: error: translation script failure Warning: Commit failed, activating partial configuration. Warning: Edit the router configuration to fix these errors. PR1341650

  • On the QFX10000 line of switches, NETCONF over SSH traffic through TCP port 830 might hit the host path queue that is unclassified. This can result in DDoS violations in the unclassified queue. PR1345744

  • Backup Routing Engine might crash when GRES happens continuously for more than 10 times. PR1348806

  • QFX10000 platform drops the vendor’s wireless access point (AP) heartbeat packets. As a result, the Aruba wireless AP cannot work. PR1352805

  • mib2d core file in mib2d_write_snmpidx at snmpidx_sync.c on both ADs while bringing. PR1354452

  • When MC-LAG is configured with force-up enabled on MC-LAG nodes, the LACP admin key should not match the key of the access or CE device. PR1362346

  • On QFX5000 platforms, if lcmd is restarted, a chassisd core file will be generated with traffic drop for a few seconds. PR1363652

  • On the QFX5100, if a scaled configuration involving a LAG interface, more than 3000 VLANs, and the corresponding next hops, is removed and a new configuration involving a LAG interface is applied at the same time, the new configuration might not take effect until the previous configuration has been deleted. During this time, the fxpc process might consume high CPU resources. No other system impact is observed. PR1363896

  • QFX52100: Filter with then routing-instance applied to family inet IFL causes traffic to be discarded on unrelated interfaces. PR1364020

  • From Junos OS Release 17.3R1, on a QFX10002 platform, in a rare condition, the IPFIX flow statistics (packet/byte counters) are incorrect in the exported record. Because the statistics are not collected properly, the flow might time out and get deleted because of an inactive timeout, causing exported records to be sent out unexpectedly. Traffic spikes generated by IPFIX might be seen. PR1365864

  • On the QFX5200, an error might be encountered when upgrading from Junos OS Release 15.1X53-D230.3 (the image with enhanced automation support [flex]) to an Junos OS Release 18.1R1.9 image without the enhanced automation. PR1366080

  • The pm4x25_line_side_phymod_interfa statement might throw the error ERROR: u=0 p=81 interface type 16 not supported by internal SERDES for this speed 50000. This error message is seen when channelization is detected in the Junos OS Release 18.1R3. PR1366137

  • On the QFX10000 line of switches, with EVPN-VXLAN, the following error is seen: expr_nh_fwd_get_egress_install_mask:nh type Indirect of nh_id: # is invalid. PR1367121

  • Dedicated minimum buffers are reserved for some queues according to the Junos OS working model. These buffers are always available to those queues irrespective of the traffic pattern throughout the system. When the clearing stat statement is used, these values are visible. This cosmetic or minor issue has no functional impact. PR1367978

  • User might not be able to stop the ZTP bootstrap, when a QFX10016 or QFX10008 router with more number of line cards is powered on with factory-default configuration. PR1369959

  • If both the local and remote ends are auto-channelized and the local port QSFP is removed, then the 100-Gigabit Ethernet interface does not come up on port 62 after removing SFP on port 30, which is channelized. PR1370887

  • The DSCP values for IPv6 PTP packets exiting the QFX5110 have the DSCP value set as 111,000 and go out only in network control queue. PR1371064

  • Changing the bridge-domain name breaks the communication for that particular bridge domain (ATTip45186). PR1371495

  • MAC learning does not happen after restart of l2-learning daemon for interfaces on backup. Traffic still gets forwarded. PR1372220

  • USB upgrade of NOS image is not supported. PR1373900

  • When CBF (CoS-based forwarding) is enabled, due to the indexed next hop installation issue in kernel, the rpd process might crash upon route flap and LSP flap. PR1374558

  • In Junos OS Release 18.1R3, when one 50-Gigabit Ethernet port is taken down using the ifconfig command, the other one also goes down. PR1376389

  • When you sample flows for which the ingress and egress interfaces are of aggregate type on QFX10000 switches, you might see syslog messages about expr_get_local_pfe_child_ifl and flowtb_get_cpu_header_fields. Even though these messages are non-impact messages, they will crowd syslog files and syslog servers. PR1379227

  • On QFX5110, interface FEC counter does not work though FEC function has been supported. Added statistics counter support through this PR. PR1382803

  • On QFX10008 and QFX10016 platforms, traffic loss might be observed because of switch modular failure on the Control Board (CB). This failure further causes all SIBs to be marked as faulty and causes FPCs to restart until Routing Engine switchover occurs. PR1384870

  • With MLD-snooping enabled and when we have two receivers in the same VLAN interested in the same group address but from a different source, traffic is received on only one receiver that sent the lastest MLD report. This is because we do not install S, G routes in H/w when MLD snooping is enabled. PR1386440

  • On 18.4R1 branch, intermittent traffic loss is observed with RTG streams while flapping the RTG primary interface. PR1388082

  • When the show command is taking a long time to display results, the STP might change states as BPDUs are no longer processed and cause lots of outages. PR1390330

  • If PTP transparent clock is configured on the QFX5200, and if IGMP snooping is configured for the same VLAN as PTP traffic, the PTP over Ethernet traffic might be dropped. The fix enables the forwarding of this traffic. PR1395186

  • Layer 2 multicast and broadcast convergence is high while deleting and adding back the scale configurations of VLANs and VXLANs. PR1399002

  • Layer 3 gateway is not supported on QFX5110 with SP style of configuration in Junos OS Release 18.1R3-S2 and Junos OS Release 18.4R1. PR1399131

  • On QFX5100, traffic initiated from a server connected to an interface is dropped at the interface on the switch if the interface is configured with family ethernet-switching with VXLAN and the configuration is changed to family inet. PR1399733

  • On QFX5000 switches with scaled setup of the aggregated ethernet (AE) bundles and VLANs, if Link Aggregation Control Protocol (LACP) is enabled, and there are scaled configuration changes, for example, delete 4000 vlans/vxlan and reapply them again, some interfaces of the AE bundle might go to the detached state. Due to this issue, the running routing protocols (for example, LACP and BGP) will get down over the affected AE bundles. PR1406691

  • PXE installation might fail due to a failure in image upgrade post PXE initialization. PR1406743

  • When IPv4 and IPv6 are programmed at the same time, most of the IPv6 routes are not installed due to the hardware route table getting full. PR1412873

  • Layer 2 logical interfaces configuration can now be committed separately from the bridge domain or EVPN configuration. PR1414363

  • On QFX5110 and QFX5120 platforms, unicast RPF check in strict mode might not work properly. PR1417546

  • ERSPAN traffic is not tagged when the output interface is a trunk port. PR1418162

  • libvirtMib_suba core file might be observed during installation of images. There is no functional impact due to this issue, since the core files are generated the libvirtMib_subagent. PR1419536

  • When a bad optics is connected to the device, which could inhibit EEPROM failure conditions or I2C read failure conditions, the device could end-up in this condition. PR1420874

  • On the QFX10000 line of switches, if the prefix entries configured in the prefix list exceeds the limit that the Packet Forwarding Engine (PFE) chipset supports, some unexpected behavior might be observed (for example, the host-bound traffic drops) after performing change operation related to the prefix-list configuration (for example, add a prefix to the prefix list that is associated with filter). PR1426539

  • The show ptp lock-status command is not supported on QFX5110-48s-4c device from Junos OS Release 19.3. PR1426863

  • On QFX10002-60C/PTX10002-60C platforms, if there is a SIB Link Error detected on specific Packet Forwarding Engines, all the Packet forwarding Engines might not forward traffic to one another. The error may be caused by a hardware condition such as any bad optics connected. PR1431592

  • On QFX5110/QFX5120, optical interfaces such as 1G/10G SFP/SFP+ may take almost 3 minutes to reduce the Tx power to "0" on the other end of the interface, after issuing the request system reboot at now command. PR1431900

  • On the QFX10000 line of switches, if a firewall filter with multiple match conditions is configured on interfaces that are up and the firewall filter is modified (either a new action is added or the condition is added/removed , or for any other reason), the FPC might crash and restart. It might affect the service/traffic. PR1432116

  • Issue in the current PR is because of PECHIP limitation when underlay is tagged. After Decap when the inner packet is recirculated it still retains the VLAN tag property from the outer header since the outer header was tagged. Thus 4 bytes of inner tag got overwritten in the inner packet and the packet got corrupted, which resulted in EGP chksum trap seen in PECHIP. Fixing PECHIP limitation in software has high risk. As a workaround, enable the encapsulate-inner-vlan statement. PR1435864

  • On QFX10002, QFX10008, and QFX10016 Series platforms with enhanced convergence configured in an MC-LAG scenario, if a line card that has MC-LAG links is rebooted, the MC-LAG might not function correctly after the line card comes back up. The impact is that it might not block the BUM traffic received on the interchassis link (ICL) and might cause MAC movement and packet loss on the downstream devices. PR1444100

  • Error log DCBCM[bcore_init]: ioctl call failed ret:0 can be seen on FPC start/restart in FPC log messages. This error has no functional impact and can be ignored if observed. This error log can occur from Junos OS Release 18.3 onward on QFX-5e series platforms, except QFX5120. PR1445855

  • On QFX10000 platforms and in an EVPN-VXLAN (spine-leaf) scenario, the QFX10000 spine switches are configured with VXLAN Layer 3 gateway (utilizing the virtual gateway) on an IRB interface. if you enable and then subsequently remove the VXLAN Layer 3 gateway on this IRB interface on one or some of these spine switches, traffic drop might be observed. If all virtual gateways are configured with an unique IPv4 or IPv6 MAC address, this issue would not happen. This is also the workaround. PR1446291

  • In QFX5100 Virtual Chassis scenario, CRC (Cyclic Redundancy Check) error might be seen on the VCPs (Virtual Chassis ports) when the VCPs are "BCM84328 PHY" ports. The CRC error indicates there is data corruption or corrupted data, and the issue might degrade the system performance. The issue can be avoided by using non-"BCM84328 PHY" ports as VCPs to build the Virtual Chassis. PR1449406

  • On QFX10000 platforms, under the scale scenario with more than 500 aggregated Ethernet logical interfaces, if the classifier configuration frequent churns or link flaps, the CoS classification will not work on the impacted interfaces. PR1450265

  • On QFX10000 platforms, DHCP offer packet with unicast flag set gets dropped if anycast IP is used in a VXLAN multihomed setup. PR1452870

  • On a QFX5100 Virtual Chassis VGD process overuses the CPU without switch-options vtep-source-interface lo0.0 configuration. PR1454014

  • On QFX5110-32Q Virtual Chassis with 100-Gigabit Ethernet VCP links, if the master switch with the lowest MAC address is rebooted, it might come up in the master state again instead of backup. This can have outage of around ten minutes and packet loss. PR1454343

  • On a QFX5120, ARP does not get resolved for an untagged packet coming on an interface with encapsulation ethernet-bridge' and when this interface is in a VXLAN with encapsulate-inner-vlan configuration. PR1454804

  • On QFX platforms with Link Aggregation Group (LAG) interfaces, if periodic SFP diagnostic is configured with a short interval (test sfp periodic diagnostic-interval 3), the LAG interfaces might have intermittent flaps and therefore cause service impact due to this issue. PR1458363

  • On QFX5100 platforms, the fxpc (Packet Forwarding Engine manager) process might crash when multiple BGP IPv6 sessions (for instance, around 500) are flapped and then restored at the same time. PR1459759

  • When you try to apply a firewall filter that contains a then dscp action to a Layer 3 inet subinterface, you will get an error when trying to commit. Applying the same filter to an IRB interface succeeds as does applying the same filter to a Layer 3 subinterface on QFX5100-48S. PR1464883

  • On QFX5210 platforms, due to a firmware issue on the power supplies (PEMs) of the switch, the Routing Engine may spontaneously misread the status registers of a power supply. This produces erroneous messages of PEM not present. Although the power supply is present and can deliver power, the system may then deactivate the power supply believing it not to be present. PR1465183

  • 10-Gbps speed on QFX5100-48T negotiates with 1-Gbps speed with BRCM 10G/GbE 2+2P 57800-t rNDC on Junos OS Release 19.1R2. PR1465196

  • On QFX5200 or QFX5110 platforms, when frequent hot swap of optics module happens, the QSFP-100G-PSM4 could become undetected and related links will not come up. PR1465214

  • On devices running Junos OS, the physical interface of AE might come up after a long delay (4 mins) if there are millions of BGP routes learned on the device. This delay is happening because the Packet Forwarding Engine Manager thread is busy processing the routing updates from the Routing Engine. These routing updates are the result of AE interface going down at the first step of disabling the interface. PR1465302

  • When tunnel services are configured on a PIC, the optics measurements that subscribed through gRPC might not be streamed. PR1468435

  • IP loop is observed at MPLS PHP node with continuous interface flaps at ingress/egress PE devices. This is observed with MPLS link protection configuration on all nodes. PR1469998

Routing Protocols

  • In an MC-LAG setup, when status-control standby is rebooting and status-control active is down, and if the ICCP session-establishment timer is configured less than or equal to the init-delay-timer on status-control standby, then the mcae status of status-control standby might not come as active until the peer node is up. To avoid this, during these cases, ICCP session-establishment timer should be configured greater than init-delay-timer with preferably 100s or more. PR1348648

  • In a scaled setup, when the host table is full and the host entries are installed in the LPM table, OSPF sessions might take more time to come up. PR1358289

  • Value added in Hexa after Unknown Ext-Community is getting reset to 0. PR1371448

  • On QFX-5100 VC/VCF, the following error is observed: BRCM_NH-,brcm_nh_bdvlan_ucast_uninstall(), 128:l3 nh 6594 unintsall failed in h/w with mini-PDT base configurations. There is no functionality impact because of this error message. PR1407175

  • QFX5100: BGP v4/v6 convergence and RIB install or delete time degraded in 19.1R1, 19.2R1, 19.3R1, and 19.4R1. PR1414121

  • On QFX5110/QFX5200 platforms, the dcpfe might crash if any interface flaps. PR1415297

  • On QFX5000 with SP (service provider) style VLAN configuration (in this method, each VLAN-ID is locally significant to a physical interface), if interface-mac-limit/mac-table-size is configured (that is, software MAC learning is enabled) and the scale of MAC addresses on the box is more than 2000, traffic might be dropped after the QinQ enabled interface is flapped or a change is made to the vlan-id-list. PR1441402

  • When applying a firewall filter, which has a modifier to change the DSCP value of a packet, to an IRB interface, the action modifier has no effect. PR1441444

  • On a QFX5120 platform acting as a transit node, it might drop all the tunnel encapsulated packets like MPLS over GRE, MPLS over Generic Network Virtualization Encapsulation (GNVE) / MPLS over Generic Protocol Extension (GPE) packets. PR1447128

  • With protocol igmp-snooping configured, if some receiver joins/leaves a group, a few seconds of traffic drop might be seen on the existing receivers. PR1457228

  • Multicast statistics-related errors such as brcm_ipmc_route_counter_delete:3900Multicast stat destroy failed (-10:Operation still running) will be observed during unified ISSU, and these messages are harmless and do not affect multicast functionality. PR1460791

Resolved Issues

This section lists the issues fixed for the QFX Series switches in the Junos OS main release and the maintenance releases.

For the most complete and latest information about known Junos OS defects, use the Juniper online Junos Problem Report Search application.

Resolved Issues: 18.4R3

Authentication and Access Control

  • Without dot1x configuration, the syslog dot1xd[2192]: task_connect: task PNACAUTH./var/run/authd_control addr /var/run/authd_control: Connection refused is generated repeatedly. PR1406965

Class of Service (CoS)

  • QFX10008: FPC0 generated core files after running the Packet Forwarding Engine command show cos sched-usage. PR1449645

  • The show cos scheds-per-pfe and show cos pfe-scheduler-ifds Packet Forwarding Engine commands will restart forwarding planes on QFX10008 switches. PR1452013

EVPN

  • Unexpected next-hop operation error from kernel to l2ald in a Layer 2 gateway during the MAC movement operation. PR1430764

  • Asynchronous between ARP table and Ethernet switching table happens if the EVPN ESI link flaps multiple times. PR1435306

  • The multihomed mac-ip table entry might not be cleaned when the host MAC is deleted from the MAC table. PR1436712

  • Configuring ESI on a single-homed 25 Gigabit Ethernet port might not work. PR1438227

  • When using no-arp-suppression, an ARP request might not be sent out when an ARP entry ages out. PR1441464

  • ARP and IPv6 neighbor entries cannot be cleared when they are learned from EVPN multihome ESI. PR1446957

  • EVPN-VXLAN NON-COLLAPSED: ARP will get resolved on QFX5100 for VXLAN with VLAN ID of 2. PR1453865

  • ARP request/NS might be sent back to the local segment by DF router. PR1459830

Interfaces and Chassis

  • VRRP-V6 state is flapping with init and idle states after configuring vlan-tagging. PR1445370

  • On QFX10000 ARP entries might not be synced between mc-lag devices. PR1449806

  • The traffic might be forwarded to wrong interfaces in an MC-LAG scenario. PR1465077

Layer 2 Features

  • Packet loss might be seen when one of the spine switch fails or reboots. PR1421672

  • Ethernet ring protection switching (ERPS) nodes might not converge to IDLE state after failure recovery or reboot. PR1431262

  • EVPN-VXLAN NON-COLLAPSED: JTASK and multimove depth failed errors are seen after HALT. PR1434687

  • Transit DHCPv6 packets might be dropped on QFX5100/QFX5200 platforms. PR1436415

  • Physical layer and MAC/ARP learning might not work for copper base SFP-T on QFX5100/QFX5110/EX4600. PR1437577

  • The traffic leaving QFX5000 and EX4600 switches might not be properly load-balanced over AE interfaces. PR1448488

  • Unequal LAG hashing might happen on QFX Series devices. PR1455161

  • The fxpc.core might be seen when committing the configuration all together, for example, after the reboot. PR1467763

Layer 2 Ethernet Services

  • The DHCP DECLINE packets are not forwarded to the DHCP server when forward-only is set within dhcp-reply. PR1429456

MPLS

  • The l2circuit traffic might be silently dropped at EVPN SPINE/MPLS LSP TRANSIT device if VXLAN access interface flaps on remote PE node (QFX5110). PR1435504

  • [QFX10002]: The command show mpls static-lsp | display xml produces INVALID XML. PR1469378

  • MPLS LDP ping or trace route fails over QFX5100 as transit PHP node. PR1477301

Platform and Infrastructure

  • On QFX5100 platforms, LR4 QSFP can take up to 15 minutes to come up after Virtual Chassis reboot. PR1337340

  • When powering off an individual FPC, the other FPC Packet Forwarding Engine might go offline too. PR1344395

  • The backup member switch might fail to become the master switch after switchover on QFX5100 and QFX5200 Virtual Chassis platform. PR1372521

  • New CLI configuration to enable copying of Open vSwitch Database (OVSDB) to RAM on Virtual Chassis backup Routing Engine instead of SSD. PR1382522

  • QSFP-100GBASE-SR4/LR4 might take a long time to come up after disabling interface or reboot. PR1402127

  • The MTU might change to a Jumbo default size on Packet Forwarding Engine side after deleting and re-adding the interface. PR1402588

  • Ping over loopback might not work over TYPE 5 tunnel on QFX10000 platforms. PR1405786

  • QFX5200 and QFX5100 might not be able to send out control plane traffic to the peering device. PR1406242

  • No inner VLAN tag is added even with input-vlan-map push configured on QFX10000 platforms. PR1407347

  • QFX5000 : Transit traffic loss when one of LAG child interfaces is deleted or deactivated. PR1408178

  • The optic comes with Tx enabled by default. As the port is administratively disabled, the port is stopped but as the port has not been started, it does not disable Tx. PR1411015

  • Storm control is not shutting down mc-ae interface. PR1411338

  • The QFX10002 might stop forwarding packets after the chassis-control process restarts. PR1414434

  • QFX5120-32C: DHCP binding on client might fail when QFX5120-32C is acting as DHCP server. This is seen only for a channelized port. PR1421110

  • IPv6 multicast traffic received on one Virtual Chassis member might be dropped when exiting another other Virtual Chassis member if MLD snooping is enabled. PR1423310

  • Ports might get incorrectly chanalized if they are configured as 10-Gbps ports already and they are channelized to 10 Gbps again. PR1423496

  • On QFX5000 and QFX10000 switches, packet drops might be seen for the traffic that has to go over Type-5 overlay tunnel. PR1423928

  • The dcpfe/Packet Forwarding Engine might not start on AS7816-64X and QFX5000 TVP devices. PR1426737

  • QFX5210: Received LLDP frames on em0 are not displayed in LLDP neighbor output. PR1426753

  • Rebooting or halting Virtual Chassis member might cause traffic on RTG link to be down for about 30 seconds. PR1427500

  • QFX5100-VCF - rollback for uncommitted configuration takes 1 hour. PR1427632

  • Packet drops, replication failure, or ksyncd crashes might be seen on the logical system of a device running Junos OS after Routing Engine switchover. PR1427842

  • The dcpfe process might crash and restart in an MC-LAG scenario when the ARP/NDP next-hop is changed. PR1427994

  • The jumbo frame size packets are dropped when maximum MTU size is configured. PR1428094

  • Licenses used flag for OVSDB on show system license won't be flagged even though OVSDB is configured and working. PR1428207

  • The global-mac-limit and global-mac-ip-limit might allow more entries than the configured values. PR1428572

  • [QFX10008] After Routing Engine switchover, LED status is not set for missing fan tray. PR1429309

  • DHCP relay might not work in an EVPN-VXLAN scenario. PR1429506

  • DHCP relay might not work in an EVPN-VXLAN scenario. PR1429536

  • Traffic impact might be seen on QFX10000 platforms with interface hold-down timer configured. PR1430722

  • The l2cpd process might crash and generate a core file when interfaces are flapping. PR1431355

  • The dcpfe might crash on all line cards on QFX10000 in a scaled setup. PR1431735

  • All ingress traffic might be dropped on 100-Mbps fixed speed port with no-auto-negotiation enabled. PR1431885

  • Layer 2 traffic drop on QFX10000 with interface MTU size lower than 270 bytes. PR1431902

  • Outer VLAN tag might not be pushed in the egress VXLAN traffic toward the host for QinQ scenario. PR1432703

  • Line card might crash due to plugged in unsupported SFP-T module. PR1432809

  • Traffic loss might be seen on QFX10000/PTX10000 platforms using line card LC1105. PR1433300

  • Layer 3 filters applied to PVLAN IRB interface might not work after unified ISSU. PR1434941

  • QFX5100-Virtual Chassis : NSSU: There might be approximate 1 minute traffic loss during NSSU with LACP link protection configuration. PR1435519

  • SIB/FPC Link Error alarms might be observed on QFX10000 due to a single CRC. PR1435705

  • The mc-ae interface might get stuck in waiting state in a dual mc-ae scenario. PR1435874

  • QFX5200 NSSU: dcpfe core files are seen after NSSU upgrade of backup followed by reboot. PR1435963

  • Laser TX remained enabled while interface is disabled using the Routing Engine CLI configuration. PR1436286

  • DHCP discover packets sent to IP addresses in the same subnet as irb interface cause the QFX5110 to send bogus traffic out of dhcp-snooping enabled interfaces. PR1436436

  • Unknown SNMP trap (1.3.6.1.4.1.2636.3.69.1.0.0.1) sent on QFX5110 restart. PR1436968

  • The FPC might crash if both the AE bundle flapping on a local device and the configuration change on peer device occur at the same time. PR1437295

  • QFX5110, QFX5200, QFX5210: There is no jnxFruOK SNMP trap message when only the power cable is disconnected and connected back. PR1437709

  • Routing Engine switchover does not work as expected while SSD failure occurs. PR1437745

  • BGP neighborship might not come up if the MACsec feature is configured. PR1438143

  • The DHCP Snooping table might be cleared for VLAN ID 1 after adding a new VLAN ID to it. PR1438351

  • Interfaces configured with flexible-vlan-tagging might lose connectivity. PR1439073

  • The xSTP recognizes 1G SFP-T optic interface as LAN type resulting in slow STP convergence. PR1439095

  • LACP MUX state struck in "Attached" after disabling peer active members when link protection is enabled on local along with force-up. PR1439268

  • DHCPv6 relay binding is not up while verifying the DHCP snooping along with DHCPv6 relay. PR1439844

  • QFX Series Virtual Chassis does not comes up after replacing Virtual Chassis port from fiber connection to DAC cable. PR1440062

  • MAC addresses learned on RTG might not be aged out after a Virtual Chassis member is rebooted. PR1440574

  • QFX10002 MCLAG PDT: Layer 2, Layer 3 Traffic drop seen when you disable and then enable MC-LAG. PR1440732

  • The Layer 3 communication might break on an interface that is configured with flexible-ethernet-services. PR1441690

  • The operational status of the interface in hardware and software might be out of synchronization in an EVPN setup with the arp-proxy feature enabled. PR1442310

  • Flow control does not work as expected on a 100-Gigabit Ethernet interface of QFX5110. PR1442522

  • The PMTUD might not work for both IPv4 and IPv6 if the ingress Layer 3 interface is an IRB. PR1442587

  • DHCPv6 client might fail to get an IP address. PR1442867

  • On QFX10008 traffic impact might be seen when the JSRV interface is used. PR1445939

  • CoS classifier might not work as expected. PR1445960

  • Traffic discarded for only specified VLAN in IPACL_VXLAN filters. PR1446489

  • Long IPv6 addresses are not displayed fully on IPv6 neighbor table. PR1447115

  • Unicast ARP requests are not replied to with no-arp-trap option. PR1448071

  • Rebooting QFX5120-48Y using request system reboot doesn't take physical links offline immediately. PR1448102

  • Except one AE member link, the other links do not send out sFlow sample packets for ingress traffic. PR1449568

  • FPC does not restart immediately after rebooting the system. That might cause packet loss. PR1449977

  • REST API process will get non-responsive when a number of request come with a high rate. PR1449987

  • Tunneling-encapsulated packets are dropped on a Layer 3 VPN MPLS PE-CE interface. PR1451032

  • FPC core files might be seen after changing the configuration of PTP or Synchronized Ethernet. PR1451950

  • vgd core files might be generated when the tunnel gets deleted twice. PR1452149

  • There might be interface reachability issues on AS7816. PR1452433

  • Configuration change in VLAN all option might affect the per-VLAN configuration. PR1453505

  • The classifier configuration doesn't get applied to the interface in an EVPN/VXLAN environment. PR1453512

  • The show chassis led shows incorrect status. PR1453821

  • In a 16+ member QFX5100 VCF, the FROM column under the show system users output reports feb0/1/2/3 for fpc16/17/18/19, respectively. PR1455201

  • The PFC feature doesn't work on QFX10000 Series platforms. PR1455309

  • The laser from the 10G SFP+ interface is still on when the interface is disabled or the device is rebooted. PR1456742

  • The Packet Forwarding Engine process might crash after Routing Engine switchover on QFX10000 platforms. PR1457414

  • Overtemperature SNMP trap messages are shown up after update even though the temperatures are within the system thresholds. PR1457456

  • Dual tag Q-in-Q not working with EVPN-VXLAN. PR1458206

  • The BPDU packet might be looped between leaf DF switch and non-DF switch and causes traffic blocking. PR1458929

  • DHCPv6 LDRA relay bounded count is not as expected after DHCP configured. PR1459499

  • The forwarding option is missed in routing-instance type. PR1460181

  • The accept-source-mac feature with VXLAN is not working on QFX5000 platforms. PR1460885

  • The "entPhysicalTable" MIB is not fetching expected data on QFX10002-72Q / 36Q platforms. PR1462582

  • The fxpc process might generate core files when changing MTU in a VXLAN scenario with firewall filters applied on QFX5000 platforms. PR1462594

  • QFX 5100 VC/VCF : Observing error BRCM-VIRTUAL,brcm_vxlan_walk_svp(),6916:Failed to find L2-iff for ifl: while cleanup Evpan-VxLAN configs with Mini-PDT base configurations. PR1463939

  • The dcpfe might crash when changing the firewall filter on QFX5000 platforms. PR1464352

  • BGP open messages with specific types of BGP Optional Capabilities causing BMP messages not to be encoded correctly when sent to the BMP Collector. PR1466477

  • Slow packet drops might be seen on QFX5000 platforms. PR1466770

  • Ingress drops to be included at CLI from interface statistics and added to InDiscards. PR1468033

  • l2ald core is seen (l2ald_mem_free, l2ald_update_comp_vmenh) after restarting dc-pfe in Virtual Chassis devices. PR1473521

Routing Protocols

  • Some storm control error logs might be seen on QFX Series platforms. PR1355607

  • Invalid VRRP mastership election on QFX5110-VC peers. PR1367439

  • The IRB transit traffic might not be counted for EVPN/VXLAN traffic. PR1383680

  • The same traffic flow might be forwarded to different ECMP next-hops on QFX5000 platforms. PR1422324

  • The traffic with destination UDP port 521 (RIPng) gets dropped on QFX5000 platforms. PR1429543

  • BGP configuration multipath multiple-as does not work in a specific scenario. PR1430899

  • The fxpc core files might be seen during the reboot of QFX5100/EX4600 switches. PR1432023

  • The IPv4 fragmented packets might be broken if PTP transparent clock is configured. PR1437943

  • The bandwidth value of the DDoS protection might cause packets loss after a device reboot. PR1440847

  • The rpd process might crash in an inter-AS option B Layer 3 VPN scenario if CNHs is used. PR1442291

  • IPv6 connectivity between MC-LAG peers might fail when multiple IRB interfaces are present. PR1443507

  • PIM (S,G) joins can cause MSDP to incorrectly announce source active messages in some cases. PR1443713

  • Loopback address exported into other VRF instance might not work on QFX Series platforms. PR1449410

  • MPLS LDP might still use stale MAC of the neighbor even the LDP neighbor's MAC changes. PR1451217

  • The egress interface in Packet Forwarding Engine for some end-hosts might not be correct on the Layer 3 gateway switch after it is rebooted. PR1460688

  • When deleting IRB on the Layer 3 gateway, IRB does not get removed from Packet Forwarding Engine and will silently drop traffic to IRB MAC address. PR1463092

User Interface and Configuration

  • QFX5100 is unable to commit the baseline configuration after zeroization. PR1426341

Resolved Issues: 18.4R2

Class of Service (CoS)

  • Error message STUCK_BUFF : port_sp not empty for port 35 sp 1 pkts:1 is seen when a lag bundle is configured with 64 lag links. PR1346452

EVPN

  • The rpd process might crash with EVPN type 3 route churn. PR1394803

  • VNI is not updated on default route 0.0.0.0/0 advertised by EVPN type 5 prefix when the local configuration is changed. PR1396915

  • ARP refresh functionality might fail in an EVPN scenario. PR1399873

  • EVPN: In the non-collapsed (centralized) topology, when one of the two spines deactivates the underlay protocol (OSPF), the leaf still points the virtual gateway MAC next hop to the spine that is down. PR1403524

  • ARP entry is still pointing to the failed VTEP after the PE-CE link fails for a multihomed remote ESI PR1420294

  • Multicast MAC addresses are learned in the Ethernet switching table with VXLAN through an ARP packet in a pure L2 configuration PR1420764

  • The device might proxy the ARP probe packets in an EVPN environment PR1427109

  • Extra incorrect MAC move might be seen when the host moves continuously between the different ESIs PR1429821

Forwarding and Sampling

  • On Junos OS, firewall filter terms named "internal-1" and "internal-2" are ignored. PR1394922

General Routing

  • The 1iGigabit copper module interface shows Link-mode: Half-duplex on QFX10000 line platforms. PR1286709

  • On QFX5120, convergence delay between PE1 and P router links is more than the expected delay value. PR1364244

  • RIPv2 update packets might not be sent with IGMP snooping enabled. PR1375332

  • EM policy update is needed on QFX5210-64C. PR1380077

  • The overlay ECMP might not work as expected on QFX5110 in an EVPN-VXLAN environment PR1380084

  • There is an inconsistency in applying a scheduler map with excess rate on the physical interface and aggregated Ethernet interface. PR1380294

  • Traffic is silently dropped and discarded when the FPC is taken offline in an MC-LAG scenario. PR1381446

  • The QFX-QSFP-40G-SR4 transceiver might not be recognized after upgrading Junos OS on QFX5100e. PR1381545

  • Static default route with next-table inet.0 does not work. PR1383419

  • The log of RPD_KRT_Q_RETRIES: list nexthop ADD: No such file or directory might be continuously shown after the rpd process restart. PR1383426

  • DMA failure errors might be seen when the cache is flushed or the cache is full. PR1383608

  • DHCP packets might be dropped in a Junos fusion data center scenario (QFX10000 line of devices). PR1383623

  • Last reboot reason is not correct if the device is rebooted because of power cycling. PR1383693

  • The Virtual Chassis could not come up after upgrading to QFX5E platforms . PR1383876

  • Disable reporting of correctable single-bit error on Hybrid Memory Cube (HMC) and prevent a major alarm. PR1384435

  • QFX5120 occasionally two of the channelized 25-Gigabit ports using 4x25-Gigabit breakout cable will not come up after Junos OS reboot. PR1384898

  • The spine EVPN routes might be stuck in a hidden state with the next hop as unusable after the FPC is offline in the spine. PR1386147

  • The show chassis errors active detail command is not supported on QFK5000 platforms. PR1386255

  • The rpd process might end up with stuck krt queue entries in a VRF scenario. PR1386475

  • Traffic drop might be seen on QFX10000 platforms with EVPN-VXLAN configured. PR1387593

  • QFX5100, QFX5110, QFX5200, and QFX5210 Virtual Chassis could not be formed normally. PR1387730

  • On QFX5100 Virtual Chassis, ARP received on SP-Style interface is not sent to all RVTEPs. Normal BUM traffic works fine. PR1388811

  • FPC might crash on QFX5100 platforms in a large-scale scenario PR1389872

  • Input rate pps does not increase on QFX5200-48Y uplink ports when the packet is a pure L2 packet like non-etherII or non-EtherSnap. PR1389908

  • An incorrect error message might be seen when Jflow sensors are configured with reporting rate less than 30 seconds. PR1390740

  • 10-Gigabit copper link flapping might happen during a TISSU operation of QFX5100-48T switches. PR1393628

  • IPv6 next hop programming issue might be observed on QFX10000 devices. PR1393937

  • On QFX5110 Virtual Chassis, fan tray output is not displayed for backup Routing Engine. PR1394655

  • PTP-over-Ethernet traffic could be dropped if IGMP and PTP TC are configured together. PR1395186

  • Unable to install licenses automatically on QFX Series platforms. PR1395534

  • BRCM_NH-,brcm_bcm_mpls_tunnel_initiator_clear(),226:bcm_mpls_tunnel_initiator_get failed intf = 4 failure error logs might seen in syslog. PR1396014

  • The subscriber bindings might not be successful on QFX Series platforms. PR1396470

  • On QFX5110, the fan LED turns amber randomly. PR1398349

  • High jsd or na-grpcd CPU usage might be seen even when JET or JTI is not used. PR1398398

  • CPU interrupt process is high because of the intr{swi4: clock (0)} on QFX5100-48T-6Q running a QFX 5e Series image and Junos OS 18.x code. PR1398632

  • The DHCPv6 relay packets are dropped when both the UDP source and destination ports are 547. PR1399067

  • CPU hog might be observed on QFX10000 Series platform. PR1399369

  • The DHCPv6 relay packets might be dropped by the DHCP relay. PR1399683

  • SFP-LX10 does not work on QFX5110 PR1399878

  • PEM I2C failure alarm might be shown incorrectly as failed. PR1400380

  • MAC limit with persistent MAC is not working after reboot PR1400507

  • Only one Packet Forwarding Engine might be disabled on an FPC with multiple PFEs in error/wedge condition. PR1400716

  • The authd might crash when issuing show network-access requests pending command during the authd restart. PR1401249

  • File permissions are changed for /var/db/scripts files after reboot. PR1402852

  • The STP does not work when aggregated interfaces number is "ae1000" or above in QFX5000 and "ae480" or above in other QFX Series platforms. PR1403338

  • The DHCP discover packets are forwarded out of an interface incorrectly if DHCP snooping is configured on that interface. PR1403528

  • The VRRP VIP might not work when it is configured on the LAG interface. PR1404822

  • ARP/ND will not be resolved if a native VLAN ID is configured for an LAG access interface. PR1404895

  • Commit warning message occurs on QFX5100. PR1405138

  • Executing the command request system configuration rescue save might fail with error messages. PR1405189

  • DHCP does not work for some clients in Junos fusion aggregated device (AD) setup on EP ports. PR1405495

  • On QFX5120, in a VXLAN-EVPN configuration, transition from collapsed to non-collapsed L2 or L3 gateway and vice versa needs a switch reload. PR1405956

  • VXLAN transit traffic over a tagged underlay L3 interface and underlay IRB gets dropped due to a hardware limitation. PR1406282

  • The ARP request might not be resolved successfully if the arp-suppression is enabled and vlan-id-list is configured on the spine node. PR1407059

  • The Packet Forwarding Engine might get disabled unexpectedly because of a auto correctable non-fatal hardware error on QFX10002, QFX10008, and QFX10016. PR1408012

  • DHCP discover packets might be dropped over a VXLAN tunnel if DHCP relay is enabled for other VXLAN or VLANs. PR1408161

  • MAC address movement might not happen in flexible Ethernet services mode when family inet/inet6 and vlan-bridge are configured on the same physical interface. PR1408230

  • Fan failure alarms might be seen on QFX5100-96S after an upgrade to Junos OS Release 17.3R1. PR1408380

  • Restarting a line card on QFX10008 and QFX10016 with MC-LAG enhanced-convergence might cause intra-VLAN traffic to get silently dropped and discarded. PR1409631

  • The FPC might crash and might not come up if interface-num or next hop is set to the maximum value under vxlan-routing on QFX Series platforms. PR1409949

  • LLDP memory leak occur when IEEE DCBX packet is received in autonegotiation mode followed by another DCBX packet with none of ieee_dcbx tlvs present. PR1410239

  • On QFX5100-48T and QFX5100-6Q, the error message dc-pfe: BRCM_NH-,brcm_nh_resolve_get_nexthop(),346:Failed to find rt table is seen. PR1410717

  • Traffic loss might be observed after VXLAN configuration change PR1411858

  • The spfe on a satellite device in a Junos fusion setup might crash and it might cause the satellite device to go offline. PR1412279

  • On QFX Series platform, PEM alarm for backup FPC will be remained on master FPC though backup FPC is detached from Virtual Chassis. PR1412429

  • The Junos OS device acting as the PCC might reject PCUpdate or PCCreate message if there is a metric type other than type 2. PR1412659

  • On the QFX5000 line of switches, the EVPN-VXLAN multicast next-hop limit is 4000. PR1414213

  • Virtual Chassis ports using DAC might not establish a link on QFX5200. PR1414492

  • DC output information is missing in the show chassis environment pem output for whitebox. PR1414703

  • VXLAN encapsulation next hop (VENH) does not get installed during BGP flapping or when routing is restarted. PR1415450

  • FEC change from FEC91 to NONE does not taked effect on 100-Gigabit Ethernet interfaces with QSFP-100GBASE-SR4 optics. PR1416376

  • Two instances of Junos OS are running after an upgrade to Junos OS Release 18.1R3-S3.7. PR1416585

  • In Junos OS Release 18.1R3-S3, restarting routing on spine devices leads to the dcpfe generating a core file at nh_composite_change. PR1416925

  • Rebooting QFX5200-48Y using request system reboot does not take physical links offline immediately. PR1419465

  • During QFX5120-48Y or QFX5120-32C power cycling tests, 100-Gigabit PSM4 optics connected ports went down randomly PR1419826

  • An interface might go to down state on QFX10000 and PTX10000 platforms. PR1421075

  • On QFX5120-32C, DHCP binding on the client might fail when the QFX5120-32C acts as the DHCP server. This is seen only for channelized ports. PR1421110

  • Fusion: ETS configuration is not applied on non-cascade ports when the AD is rebooted. PR1421429

  • BFD might get stuck in slow mode on QFX10002/QFX10008/QFX100016 platform PR1422789

  • QFX5100-48T 10G interface might be autonegotiated at 1-Gbps speed instead of 10Gbps. PR1422958

  • The interface cannot come up when the remote-connected interface only supports 100M in QFX5100 Virtual Chassis setup. PR1423171

  • ON QFX5120-32C , BUM traffic coming over irb underlay interface gets dropped on destination vtep in PIM-based VXLAN. PR1423705

  • Traffic is dropped after FPC reboot with AE member links deactivated by remote device. PR1423707

  • Ping over an EVPN type-5 route to QFX10000 does not work. PR1423928

  • All interfaces will be down and the dcpfe might crash if SFP-T is inserted in a QFX5210. PR1424090

  • IPv6 neighbor solicitation packets for link-local addresses are dropped when passing through QFX10002-60C. PR1424244

  • All interfaces creation fails after NSSU. PR1425716

  • Heap memory leak might be seen on QFX10000 platforms. PR1427090

  • The rpd process might generate a core file because of the improper handling of graceful restart stale routes. PR1427987

  • QFX5120-48Y interface with the optic QSFP-100GBASE-ER4L does not come up in "18.3R1-S2.1" PR1428113

  • On QFX Series EVPN-VXLAN, the l2ald process crashes and generates a core file when the number of hardware VXLAN IFBDS exceeds the maximum limit of 16382. PR1428936

  • DHCP relay might not work in an EVPN VXLAN scenario. PR1429506

  • An interface on a QFX Switches does not come up after the transceiver is replaced with one having different speed. PR1430115

  • In collapsed VGA4 script ping on shared ESI R6 to R7 IRB address fails. PR1430327

  • On QFX Series switches, the Validation of metadata files failed message is seen on the hypervisor. PR1431111

  • QFX5110 SFP-T: All ingress traffic is dropped on 100M fixed speed port with no-autonegotiation. PR1431885

  • Transit DHCPv6 packets might be dropped on QFX5000 platforms PR1436415

  • On QFX5110, QFX5200, QFX5210, there is no jnxFruOK SNMP trap message when only the power cable is disconnected and connected back. PR1437709

Interfaces and Chassis

  • Constant dcpfe process crash might be seen when an unsupported GRE interface configuration is used. PR1369757

  • Changing the value of mac-table-size to default might lead all FPCs to reboot. PR1386768

  • Missing mandatory ICCP configuration statement redundancy-group-id-list produces a misleading error message. PR1402606

  • The logical interfaces in EVPN routing instances might flap after committing configurations PR1425339

Junos Fusion Satellite Software

  • Extended port (EP) LAG might go down on the satellite devices (SDs) if the related cascade port (CP) links to an aggregation device (AD) go down. PR1397992

Layer 2 Ethernet Services

  • The malfunction of the core isolation feature in EVPN-VXLAN scenarios causes traffic to be silently dropped and discarded. PR1417729

Layer 2 Features

  • VXLAN next hop entry leak issue is seen on EX4600 and QFX5000 platforms. PR1387757

  • With IGMP snooping enabled on the leaf switches, multicast traffic is forwarded to VLAN/VNI that does not have an active receiver. PR1388888

  • On QFX Series, the error message Failed with error (-7) while deleting the trunk 1 on the device 0 is seen. PR1393276

  • On QFX5000 platforms, symmetric hashing can be done though it can not be enabled and stored in the Junos OS configuration. PR1397229

  • On EVPN-VXLAN, dcpfe is restarted at the _bcm_field_td_counter_last_hw_val_update routine after upgrading spine with the latest image. PR1398251

  • ARP response packets might include an incorrect VLAN ID and VNI PR1400000

  • On QFX5000, dcpfe process crash might be observed during restart of Packet Forwarding Engine on a system with scaled EVPN-VXLAN configuration. PR1403305

  • On QFX Series EVPN-VXLAN, the unicast IPv6 NS message gets flooded on L3GW. Both IPv4 and IPv6 traffic drops on L2SW. PR1405814

  • The IPv6 NS/NA packets received over VTEP from an ESI host are incorrectly flooded back to the host. PR1405820

  • IGMP snooping on EVPN-VXLAN might impact OSPF hello packets flooding after a VTEP leaf reboot. PR1406502

  • QFX5110VC generates DDOS messages of different protocols on inserting a 1G/10G SFP or forming VCP connection PR1410649

  • With arp-suppression enabled, the QFX5000 might not forward IPv6 router solicitations or advertisement packets. PR1414496

Network Management and Monitoring

  • The chassisd might crash and restart after the AGENTX session between master(snmpd) and sub-agent timeout. PR1396967

  • Log files might not get compressed during the upgrade. PR1414303

Routing Protocols

  • BUM packets might get looped if EVPN multihoming interface flaps PR1387063

  • EVPN-VXLAN NON-COLLAPSED: AUTONEG errors and flush operation failed errors are seen after the device is power cycled. PR1394866

  • On QFX5110 and QFX5200, EVPN-VXLAN NON-COLLAPSED: dcfpe generates a core file at brcm_pkt_tx_flush, l2alm_mac_ip_timer_handle_expiry_event_loc, after a random event. PR1397205

  • On QFX5110, firewall filter applied on a VXLAN mapped VLAN is not supported in a EVPN-VXLAN scenario. PR1398237

  • The rpd generates a core file and inappropriate route selection might be seen when L2VPN is used PR1398685

  • The FPC/dcpfe process might crash because of interface flapping. PR1408428

  • Host-generated ICMPv6 RA packets might be dropped on the backup member of VC if IGMP-snooping is configured. PR1413543

  • The QFX Series switch might not install all IRB MAC addresses in the initialization PR1416025

  • After an IRB logical interface is deleted, the MAC entry for the IRB interface is deleted for the IRB hardware address, and packets destined to other IRB logical interfaces where MAC is not configured are impacted. PR1424284

Spanning Tree Protocols

  • The l2cpd might crash if the VSTP traceoptions and VSTP VLAN all commands are configured. PR1407469

Resolved Issues: 18.4R1

EVPN

  • The QFX10000 might drop transited traffic coming from the MPLS network to VXLAN-EVPN. PR1360159

  • Proxy ARP might not work as expected in an EVPN environment. PR1368911

  • QFX10000 or import default IPv6 route to VRF causes infinite entries to get created in evpn ip-prefix-database and become unstable. PR1369166

  • VTEP's MAC address might not be learned in the Ethernet switching table. PR1371995

General Routing

  • After clearing the QFX5100 is treating 40G AOC uplink as 4x10g breakout with auto-channelization enabled. PR1317872

  • Status LED on the chassis does not show up on QFX10002-60c. PR1332991

  • AI-script does not get auto-upgrade unless it is manually done after a Junos OS upgrade. PR1337028

  • On QFX5100 platforms, LR4 QSFP can take up to 15 minutes to come up after a Virtual Chassis reboot. PR1337340

  • QFX5100 40G port has an interoperability issue with some other vendors. PR1349664

  • ARP learning might fail after changing the interface MAC address. PR1353241

  • On EVPN-VXLAN, the VXLAN traffic might be lost in EVPN type 2 and type 5 scenario. PR1355773

  • The QFX5120-48Y cannot match on user-vlan-id for tunnel terminated packets. PR1358669

  • On the QFX10000 line of switches, packets will be dropped when virtual-gateway-address is configured on an IRB interface associated with a non-vxlan VLAN. PR1360646

  • FEC is incorrectly displayed on QFX10002-36Q and QFX5110. PR1360948

  • VME interface might be unreachable after link flap of em0 on master FPC. PR1362437

  • Traffic might not be forwarded when the member link of the aggregated Ethernet interface is added or deleted. PR1362653

  • A 1G interface might stop working when autonegotiation is off by default. PR1362977

  • The following log messages are seen: kernel: tcp_timer_keep: Dropping socket connection. PR1363186

  • On QFX10008 and QFX10016 platforms, MPLS exp rewrite might not work for IPv6 and IPv4 traffic. PR1364391

  • Traffic loss is observed when unified ISSU is performed with aggregated Ethernet interfaces configured with LACP protocol. PR1365316

  • Root password recovery process does not work. PR1365740

  • The l2cpd process might crash when configuring MVRP with private VLAN and RSTP interface all. PR1365937

  • QFX5110-5100 VCF / 1G link does not come up. PR1366218

  • The tagged traffic is dropped in the untagged EVPN/VXLAN scenario. PR1366336

  • On QFX10002-60C and QFX10000-30C platforms, some interfaces do not come up during initialization after a reboot. PR1368203

  • On QFX Series switches, IS-IS adjacency with Cisco might go down. PR1368913

  • The commit or commit check might fail due to the error cannot have lsp-cleanup-timer without lsp-provisioning. PR1368992

  • In certain routing topologies with sFlow configured, sampled packets might be duplicated and sFlow records are not sent to the collector. PR1370464

  • The first 2 characters out of 14 of AS7816-64 serial number are truncated. PR1371126

  • For Junos OS Release 18.1R1 and earlier releases, the USB image installation on QFX5210-64C, AMI bios upgrade needs to be done. PR1371199

  • On the QFX10000 line of switches, before the Junos OS Release 17.3R3 code, the maximum number of ESI logical interfaces was 4000 in the Packet Forwarding Engine. PR1371414

  • On QFX5100, the IPv6 routed packet will be transmitted though VRRP state in transition to master. PR1372163

  • Packets might be dropped after deleting a filter from an interface. PR1372957

  • MAC refresh packet might not be sent out from the new primary link after RTG failover. PR1372999

  • TPI-50840 BUM traffic received on 5110 is not flooded to all remote VTEPs. PR1373093

  • BOOTP packets might be dropped if BOOTP support is not enabled at the global level. PR1373807

  • LLDP might stop fully working between a QFX10000 line switch and a non-Juniper Network device. PR1374321

  • On QFX5110, Ethernet switching flood group shows incorrect information. PR1374436

  • Only the loopback interface is supported under VRF routing instances. PR1375130

  • Packet Forwarding Engine wedge might be observed if there are interfaces going to down state. PR1376366

  • The same address family (subnet logical interface or IRB logical interface, but not both) needs to be configured for establishing VTEPs. PR1376996

  • The autonegotiation interface might go down if the opposite device supports only 10/100M autonegotiation. PR1377298

  • Debug logs are printed as error logs in /var/log/messages. expr_nh_flabel_check_overwrite: Caller nh_id params message is classified as error log when it should be LOG_INFO. PR1377447

  • Deleting an IRB interface might affect other IRB interfaces if the same custom MAC address is configured. PR1379002

  • LOC and Diag system LED's on the front panel are not defined yet. PR1380459

  • L3VPN traffic might be dropped due to one core-facing interface being down. PR1380783

  • A QFX5xxx Packet Forwarding Engine might show DISCARD next-hop for overlay-bgp-lo0-ip in a spine-and-leaf topology. PR1380795

  • Virtual Chassis master is copying /var/db/ovsdatabase to backup every 10 seconds, which causes a high write IO and shortens the SSD lifetime in Open vSwitch Database (OVSDB) environment. PR1381888

  • EVPN-VXLAN ARP/NDP proxy is not working. PR1382483

  • The Packet Forwarding Engine might crash if the GRE destination IP is resolved over another GRE tunnel. PR1382727

  • The functionality under the license "JUNOS-FP-C2" might take effect even it does not get installed properly. PR1383274

  • The 'force-host' upgrade is required for QFX5110-48S-4C in Junos OS Release 18.4 if the PTP over IPv6 G.8275.2 feature configured. PR1384073

  • The Layer 3 interface might stop pinging directly connected link address after deleting Layer 2 on a physical interface. PR1384144

  • On QFX5110 platforms, SFPP-10G-DT-ZRC2 and SFPP-10G-CT50-ZR transceivers might not be tunable and remain 1550.10nm by default in the hardware. PR1384524

  • Port-mirroring-instance or analyzer-based mirroring does not work with input as VLAN ingress when VLAN is mapped to VXLAN. PR1384732

  • All 1G SFP copper and 1G fiber optic links remain up on QFX10008 after all SIBs/FPCs are offline. PR1385062

  • The IPv6 packet might not be routed when IPv6 packet is encapsulated over IPv4 GRE tunnel on QFX10000. PR1385723

  • CPSM daemon memory leak occurs in VMHOST. PR1387903

  • On the QFX10000 line of switches, MAC learning might stop working on some LAG interfaces after frequent MAC moves. PR1389411

  • FPC might crash on QFX5100 platforms in a large-scale scenario. PR1389872

  • The vmcore might be seen when routing changes are made on the peer spine in an EVPN-VXLAN scenario. PR1390573

  • The smid core file is seen during sanity script execution on QFX5100. PR1391909

  • The l2ald core file is seen when a Layer 2 learning traceoptions were enabled. PR1394380

  • DRAM and buffer utilization fields are not correct for QFX10000 platforms. PR1394978

  • DOT1XD core file is found at pnac_bd_create pnac_bdm_handler knl_async_receive_and_process. PR1395384

  • On QFX5110 Virtual Chassis, after Routing Engine switchover, LACP will be brought down on the peer device and never recover automatically. PR1395943

  • The Juniper Extension Toolkit (JET) or Junos Telemetry Interface (JTI) is not used, because of a bug in the GRPC stack which is used by jsd and na-grpcd daemons. PR1398398

Interfaces and Chassis

  • Stating in Junos OS 17.2R1, on QFX Series products, the CLI allows you to configure more logical interfaces than the limit of 2048 logical interfaces on the LAG interface. PR1361689

  • On QFX5200 MC-LAG parse_remove_ifl_from_routing_inst() ERROR : No route inst on et-0/0/16.16386, error is seen after restarting l2cpd daemon. PR1373927

Layer 2 Features

  • On QFX5100, storm control profile is missing for interfaces in hardware. PR1354889

  • LACP packets are getting dropped with native-vlan-id configured after reboot. PR1361054

  • QFX5000 the Virtual Chassis acting as EVPN-VXLAN ARP proxy might cause ARP resolution to fail. PR1365699

  • Hashing does not work for the IPv6 packet encapsulated in VXLAN scenario. PR1368258

  • When native-vlan-id is configured for aggregated Ethernet interface, the LACP session to the multihomed server goes down. PR1369424

  • DHCP discover packets might be dropped if VXLAN is configured. PR1377521

  • Packets might be dropped on AD in a Junos Fusion Data Center environment. PR1377841

  • The dcpfe process might crash while changing MTU of physical ports for GRE. PR1384517

  • The LACP might be in detached state when deleting native-vlan-id on aggregated Ethernet interface with flexible-vlan-tagging configured. PR1385409

  • On QFX5000 line switches, if EVPN-TYPE 5 routes are present, when doing "restart routing" or a BGP session to a neighbor device flaps, the dcpfe core file might be seen. PR1387360

  • On QFX5000, EVPN-VXLAN failed to forward the IPv6 NS packet from remote VTEP to local host. PR1387519

  • The dcpfe process might crash after VXLAN overlay ping. PR1388103

  • RTG MAC refresh packets will be sent out from non-RTG ports if the RTG interface belonging to the Virtual Chassis master flaps. PR1389695

  • Cisco Discovery Protocol (CDP) packets are not forwarded by QFX10000 line switches. PR1389829

MPLS

  • LSP might not be established properly between QFX5000 line switch and other devices. PR1351055

  • NO-propogate-TTL acts on MPLS swap operation. PR1366804

  • LSP with auto-bandwidth enabled goes down during HMC error condition. PR1374102

  • LSP "statistics" and "auto-bandwidth" functionality might not take effect with single-hop LSPs. PR1390445

Network Management and Monitoring

  • For QFX5110, the returned SNMP values of module temperature-HighAlarmThreshold, LowAlarmThreshold, and HighWarningThreshold are not as same as the one shown in the CLI. PR1369030

Platform and Infrastructure

  • When chassis control restart is done with aggregated Ethernet and CoS rewrite configuration, the Platform failed to bind rewrite messages might be seen in the syslog. PR1315437

  • When Junos OS next hop index allocation fails, the private index space get exhausted through the incoming ARP requests to the management interface. PR1360039

  • Forwarding is broken after adding protocol EVPN extended-vlan-id. PR1368802

  • Traffic is silently dropped or discarded with indirect next hop and load balancing. PR1376057

  • LSI binding is missing upon nd6 entry refresh after Layer 2 logical interface flap. PR1380590

  • IRB interface does not turn down when master of Virtual Chassis is rebooted or stopped. PR1381272

Routing Protocols

  • On QFX5100 platforms, the parity errors in Layer 3 IPv4 table in the Packet Forwarding Engine memory might cause traffic to be silently dropped and discarded. PR1364657

  • On QFX5120 platforms, the command output for the configuration statement show pfe route summary hw shows different scale values for the IPv4 and IPv6 lpm routes rather than the supported scale. PR1366579

  • The dcpfe might crash and all interfaces flap. PR1369011

  • When ecmp-resilient-hash is configured for the existing ECMP route, the update to the next hop in hardware fails. PR1387713

  • The show evpn igmp-snooping database extensive command output needs to be modified as per the SMET functionality. PR1391406

User Interface and Configuration

  • Adding or deleting the VLAN member starting with a VLAN-ID number might cause many errors. PR1362535

Documentation Updates

There are no documentation errata or changes for the QFX Series switches in Junos OS Release 18.4R3.

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network.

Upgrading Software on QFX Series Switches

When upgrading or downgrading Junos OS, always use the jinstall package. Use other packages (such as the jbundle package) only when so instructed by a Juniper Networks support representative. For information about the contents of the jinstall package and details of the installation process, see the Installation and Upgrade Guide and Junos OS Basics in the QFX Series documentation.

If you are not familiar with the download and installation process, follow these steps:

  1. In a browser, go to https://www.juniper.net/support/downloads/junos.html.

    The Junos Platforms Download Software page appears.

  2. In the QFX Series section of the Junos Platforms Download Software page, select the QFX Series platform for which you want to download the software.
  3. Select 18.4 in the Release pull-down list to the right of the Software tab on the Download Software page.
  4. In the Install Package section of the Software tab, select the QFX Series Install Package for the 18.4 release.

    An Alert box appears.

  5. In the Alert box, click the link to the PSN document for details about the software, and click the link to download it.

    A login screen appears.

  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.
  7. Download the software to a local host.
  8. Copy the software to the device or to your internal software distribution site.
  9. Install the new jinstall package on the device.Note

    We recommend that you upgrade all software packages out of band using the console, because in-band connections are lost during the upgrade process.

    Customers in the United States and Canada use the following command:

    user@host> request system software add source/jinstall-host-qfx-5-x86-64-18.4-R3.n-secure-signed.tgz reboot

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the switch.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname (available only for Canada and U.S. version)

    Adding the reboot command reboots the switch after the upgrade is installed. When the reboot is complete, the switch displays the login prompt. The loading process can take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note

After you install a Junos OS Release 18.4 jinstall package, you can issue the request system software rollback command to return to the previously installed software.

Installing the Software on QFX10002-60C Switches

This section explains how to upgrade the software, which includes both the host OS and the Junos OS. This upgrade requires that you use a VM host package—for example, a junos-vmhost-install-x.tgz .

During a software upgrade, the alternate partition of the SSD is upgraded, which will become primary partition after a reboot .If there is a boot failure on the primary SSD, the switch can boot using the snapshot available on the alternate SSD.

Note

The QFX10002-60C switch supports only the 64-bit version of Junos OS.

Note

If you have important files in directories other than /config and /var, copy the files to a secure location before upgrading. The files under /config and /var (except /var/etc) are preserved after the upgrade.

To upgrade the software, you can use the following methods:

If the installation package resides locally on the switch, execute the request vmhost software add <pathname><source> command.

For example:

user@switch> request vmhost software add /var/tmp/junos-vmhost-install-qfx-x86-64-18.4R3.9.tgz

If the Install Package resides remotely from the switch, execute the request vmhost software add <pathname><source> command.

For example:

user@switch> request vmhost software add ftp://ftpserver/directory/junos-vmhost-install-qfx-x86-64-18.4R3.9.tgz

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Installing the Software on QFX10002 Switches

Note

If you are upgrading from a version of software that does not have the FreeBSD 10 kernel (15.1X53-D30, for example), you will need to upgrade from Junos OS Release 15.1X53-D30 to Junos OS Release 15.1X53-D32. After you have installed Junos OS Release 15.1X53-D32, you can upgrade to Junos OS Release 15.1X53-D60 or Junos OS Release 18.4R3.

Note

On the switch, use the force-host option to force-install the latest version of the Host OS. However, by default, if the Host OS version is different from the one that is already installed on the switch, the latest version is installed without using the force-host option.

If the installation package resides locally on the switch, execute the request system software add <pathname><source> reboot command.

For example:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-f-x86-64-18.4R3.n-secure-signed.tgz reboot

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> reboot command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-f-x86-64-18.4R3.n-secure-signed.tgz reboot

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Upgrading Software from Junos OS Release 15.1X53-D3X to Junos OS Release 15.1X53-D60, 15.1X53-D61.7, 15.1X53-D62, and 15.1X53-D63 on QFX10008 and QFX10016 Switches

Note

Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://www.juniper.net/support.

The switch contains two Routing Engines, so you will need to install the software on each Routing Engine (re0 and re1).

If the installation package resides locally on the switch, execute the request system software add <pathname><source> command.

To install the software on re0:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re0

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re0 command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re0

To install the software on re1:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re1

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re1 command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re1

Reboot both Routing Engines.

For example:

user@switch> request system reboot both-routing-engines

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Installing the Software on QFX10008 and QFX10016 Switches

Because the switch has two Routing Engines, perform a Junos OS installation on each Routing Engine separately to avoid disrupting network operation.

Note

Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://www.juniper.net/support.

Warning

If graceful Routing Engine switchover (GRES), nonstop bridging (NSB), or nonstop active routing (NSR) is enabled when you initiate a software installation, the software does not install properly. Make sure you issue the CLI delete chassis redundancy command when prompted. If GRES is enabled, it will be removed with the redundancy command. By default, NSR is disabled. If NSR is enabled, remove the nonstop-routing statement from the [edit routing-options] hierarchy level to disable it.

  1. Log in to the master Routing Engine’s console.

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  2. From the command line, enter configuration mode:

    user@switch> configure
  3. Disable Routing Engine redundancy:

    user@switch# delete chassis redundancy
  4. Disable nonstop-bridging:

    user@switch# delete protocols layer2-control nonstop-bridging
  5. Disable nonstop-routing (if enabled):

    user@switch# delete routing-options nonstop-routing
  6. Save the configuration change on both Routing Engines:

    user@switch# commit synchronize
  7. Exit the CLI configuration mode:

    user@switch# exit

    After the switch has been prepared, you first install the new Junos OS release on the backup Routing Engine, while keeping the currently running software version on the master Routing Engine. This enables the master Routing Engine to continue operations, minimizing disruption to your network.

    After making sure that the new software version is running correctly on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the software version on the other Routing Engine.

  8. Log in to the console port on the other Routing Engine (currently the backup).

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  9. Install the new software package using the request system software add command:

    user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-f-x86-64-18.4R3.n-secure-signed.tgz

    For more information about the request system software add command, see the CLI Explorer.

  10. Reboot the switch to start the new software using the request system reboot command:

    user@switch> request system reboot
    Note

    You must reboot the switch to load the new installation of Junos OS on the switch.

    To abort the installation, do not reboot your switch. Instead, finish the installation and then issue the request system software delete <package-name> command. This is your last chance to stop the installation.

    All the software is loaded when you reboot the switch. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.

    While the software is being upgraded, the Routing Engine on which you are performing the installation is not sending traffic.

  11. Log in and issue the show version command to verify the version of the software installed.

    user@switch> show version

    Once the software is installed on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the master Routing Engine software.

  12. Log in to the master Routing Engine console port.

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  13. Transfer routing control to the backup Routing Engine:

    user@switch> request chassis routing-engine master switch

    For more information about the request chassis routing-engine master command, see the CLI Explorer.

  14. Verify that the backup Routing Engine (slot 1) is the master Routing Engine:

    user@switch> show chassis routing-engine
  15. Install the new software package using the request system software add command:

    user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-f-x86-64-18.4R3.n-secure-signed.tgz

    For more information about the request system software add command, see the CLI Explorer.

  16. Reboot the Routing Engine using the request system reboot command:

    user@switch> request system reboot
    Note

    You must reboot to load the new installation of Junos OS on the switch.

    To abort the installation, do not reboot your system. Instead, finish the installation and then issue the request system software delete jinstall <package-name> command. This is your last chance to stop the installation.

    The software is loaded when you reboot the system. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.

    While the software is being upgraded, the Routing Engine on which you are performing the installation does not send traffic.

  17. Log in and issue the show version command to verify the version of the software installed.

  18. Transfer routing control back to the master Routing Engine:

    user@switch> request chassis routing-engine master switch

    For more information about the request chassis routing-engine master command, see the CLI Explorer.

  19. Verify that the master Routing Engine (slot 0) is indeed the master Routing Engine:

    user@switch> show chassis routing-engine

Performing a Unified ISSU

You can use unified ISSU to upgrade the software running on the switch with minimal traffic disruption during the upgrade.

Note

Unified ISSU is supported in Junos OS Release 13.2X51-D15 and later.

Perform the following tasks:

Preparing the Switch for Software Installation

Before you begin software installation using unified ISSU:

  • Ensure that nonstop active routing (NSR), nonstop bridging (NSB), and graceful Routing Engine switchover (GRES) are enabled. NSB and GRES enable NSB-supported Layer 2 protocols to synchronize protocol information between the master and backup Routing Engines.

    To verify that nonstop active routing is enabled:

    Note

    If nonstop active routing is enabled, then graceful Routing Engine switchover is enabled.

    If nonstop active routing is not enabled (Stateful Replication is Disabled), see Configuring Nonstop Active Routing on Switches for information about how to enable it.

  • Enable nonstop bridging (NSB). See Configuring Nonstop Bridging on Switches (CLI Procedure) for information on how to enable it.

  • (Optional) Back up the system software—Junos OS, the active configuration, and log files—on the switch to an external storage device with the request system snapshot command.

Upgrading the Software Using Unified ISSU

This procedure describes how to upgrade the software running on a standalone switch.

To upgrade the switch using unified ISSU:

  1. Download the software package by following the procedure in the Downloading Software Files with a Browser section in Installing Software Packages on QFX Series Devices.

  2. Copy the software package or packages to the switch. We recommend that you copy the file to the /var/tmp directory.

  3. Log in to the console connection. Using a console connection allows you to monitor the progress of the upgrade.

  4. Start the ISSU:

    • On the switch, enter:

      where package-name.tgz is, for example, jinstall-host-qfx-10-f-x86-64-18.4R3.n-secure-signed.tgz.

    Note

    During the upgrade, you cannot access the Junos OS CLI.

    The switch displays status messages similar to the following messages as the upgrade executes:

    Note

    A unified ISSU might stop, instead of abort, if the FPC is at the warm boot stage. Also, any links that go down and up will not be detected during a warm boot of the Packet Forwarding Engine (PFE).

    Note

    If the unified ISSU process stops, you can look at the log files to diagnose the problem. The log files are located at /var/log/vjunos-log.tgz.

  5. Log in after the reboot of the switch completes. To verify that the software has been upgraded, enter the following command:

  6. Ensure that the resilient dual-root partitions feature operates correctly, by copying the new Junos OS image into the alternate root partitions of all of the switches:

    Resilient dual-root partitions allow the switch to boot transparently from the alternate root partition if the system fails to boot from the primary root partition.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2 and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.

You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.