Junos OS Release Notes for EX Series Switches
These release notes accompany Junos OS Release 19.1R3 for the EX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.
You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.
What's New
Learn about new features introduced in the Junos OS main and maintenance releases for EX Series switches.
The following EX Series switches are supported in Release 19.1R3: EX2300, EX3400, EX4300, EX4600-40F, EX4650, EX9200, EX9204, EX9208, EX9214, EX9251, and EX9253.
What’s New in Release 19.1R3
There are no new features or enhancements to existing features for EX Series switches in Junos OS Release 19.1R3.
What’s New in Release 19.1R2
There are no new features or enhancements to existing features for EX Series switches in Junos OS Release 19.1R2.
What’s New in Release 19.1R1
Hardware
Support for SFP transceivers on 4-port 1-Gigabit Ethernet/10-Gigabit Ethernet SFP+ uplink module (model number: EX-UM-4SFPP-MR) (EX4300-48MP and EX4300-48MP-S switches)—Starting with Junos OS Release 19.1R1, the 4-port 1-Gigabit Ethernet/10-Gigabit Ethernet SFP+ uplink module (model number: EX-UM-4SFPP-MR) for EX4300-48MP and EX4300-48MP-S switches support SFP transceivers. You do not need to configure 1-Gigabit Ethernet speed on the uplink module to support SFP transceivers; the uplink module automatically detects the transceiver and creates the interfaces accordingly.
Authentication, Authorization, and Accounting (AAA)
RADIUS over TLS (using RadSec) support (EX4300 switches)—Starting in Junos OS Release 19.1R1, EX4300 switches support RadSec. The RadSec protocol provides secure transport of RADIUS authentication and accounting data across untrusted networks using Transport Layer Security (TLS) over TCP as the transport protocol.
[See RADIUS over TLS (RADSEC).]
Support for SFTP global disablement (EX Series)—Starting in Junos OS Release 19.1R1, we have globally disabled incoming SSH File Transfer Protocol (SFTP) connections by default. You can enable incoming SFTP connections globally by configuring the sftp-server statement at the [edit system services ssh] hierarchy level. Prior to Junos OS Release 19.1R1, the incoming SFTP connections are globally enabled by default.
[See Configuring sftp-server.]
Dynamic Host Configuration Protocol
Increased number of DHCP relay servers supported (EX9200 switches)—Starting in Junos OS Release 19.1R1, server groups can include up to 32 active server IP addresses in a DHCPv4 or DHCPv6 relay configuration.
EVPNs
Support for proxy MAC addresses in an ARP request (EX9200)—Starting in Junos OS Release 19.1R1, provider edge (PE) devices in an EVPN network that support ARP proxy can use a proxy MAC address in the ARP replies message to a host. When a PE device receives an ARP request or NDP request, it searches its MAC-IP address binding database for the requested IP address. If the device finds the MAC-IP address entry in its database, it responds to the request with the proxy MAC address. The proxy MAC address is derived from the IRB interface in an EVPN network with edge-routed bridging overlay and from the manually configured MAC address in a centrally routed bridging overlay. If the device does not find an entry, the PE device replaces the MAC and IP address from the customer edge (CE) device in the ARP request with the proxy MAC and IP address of the IRB interface. This allows for enhanced security (that is, Layer 3 filtering) deployments on Layer 3 gateway for both inter-VLAN and intra-VLAN traffic will be routed.
To enable this feature, configure the proxy-mac [irb | proxy-mac-address] statement at the [edit routing-instances routing-instance-name protocols evpn] hierarchy or at the [edit routing-instances routing-instance-name bridge-domains domain_name] hierarchy.
EVPN-VXLAN support (EX4300-48MP switches)—Starting in Junos OS Release 19.1R1, the EX4300-48MP switch, which functions as a Layer 2 VXLAN gateway in an EVPN-VXLAN network, supports the following features:
Active/active multihoming
Proxy ARP use and ARP suppression, and NDP use and NDP suppression on non-IRB interfaces
Ingress node replication for broadcast, unknown unicast, and multicast (BUM) traffic forwarding
[See EVPN User Guide.]
Interfaces and Chassis
Support for 1-Gbps speed on 4-port 1-Gigabit Ethernet/10-Gigabit Ethernet uplink module (EX4300-48MP)—Starting with Junos OS Release 19.1R1, the 4-port 1-Gigabit Ethernet/10-Gigabit Ethernet uplink module (EX-UM-4SFPP-MR) on EX4300-48MP switches supports 1-Gbps speed. You do not need to explicitly configure 1-Gbps speed on the uplink module, because the uplink module automatically identifies the installed 1-Gigabit SFP transceivers and creates the interfaces accordingly.
Note The status LED of the 1-Gigabit Ethernet uplink module port is solid green (instead of blinking green) because of a device limitation. However, there is no impact on device functionality.
[See speed (Ethernet).]
Support to channelize 100-Gigabit Ethernet port as four 25-Gigabit Ethernet ports in uplink module (EX4300-48MP)—Starting with Junos OS Release 19.1R1, in the 2-port QSFP+/1-port QSFP28 uplink module on EX4300-48MP switches, you can channelize the 100-Gigabit Ethernet port to operate as four independent 25-Gigabit Ethernet ports by using breakout cables.
[See Setting the Mode on 2-port QSFP+/1-port QSFP28 Uplink Module (CLI Procedure).]
Improved performance of small packets (EX Series)—Starting in Junos OS Release 19.1R1, the EX9200-40XS and EX9200-12QS line cards provide improved performance of small packets (with a minimum packet size of 64 bytes) in the transmit direction. To enable this feature, reduce the number of active ports (at the PIC level) to the following maximum numbers:
Sixteen 10-Gbps ports
Four 40-Gbps ports
Two 100-Gbps ports (when the line card is in 240-Gbps mode)
Three 100-Gbps ports (when the line card is in 400-Gbps mode)
To configure the number of active ports, use the existing command set chassis fpc slot pic slot number-of-ports number-of-active-ports.
Note The command does not change packet performance at the Packet Forwarding Engine level; it improves packet performance in the transmit direction at the port level only.
Junos Telemetry Interface
Export of data associated with the Junos kernel through Junos Telemetry Interface (JTI) (EX9200, EX9251, and EX9253)—Starting in Junos OS Release 19.1R1, you can export data associated with the Junos kernel through remote procedure calls (gRPC) and JTI. Kernel telemetry data includes information on Veriexec state, graceful Routing Engine switchover (GRES), in-service software upgrade (ISSU), and Routing Engine ifstate. Junos kernel sensors can be used by device monitoring and network analytics applications to provide insight into the health status of the Junos kernel.
Junos kernel sensors introduced in Junos OS Release 19.1R1 support both periodical and ON_CHANGE streaming. The following Junos kernal resource paths support periodical streaming only:
/junos/kernel-ifstate/dead-ifstates-cnt
/junos/kernel-ifstate/alive-ifstates-cnt
/junos/kernel-ifstate/delayed-unrefs-cnt
/junos/kernel-ifstate/delayed-unrefs-max
[See Understanding OpenConfig and gRPC on Junos Telemetry Interface and Guidelines for gRPC Sensors (Junos Telemetry Interface).]
Operation, Administration, and Maintenance (OAM)
LFM support on EX2300 and EX3400 switches —Starting with Junos OS Release 19.1R1, EX2300 and EX3400 switches support OAM link fault management (LFM). OAM LFM can be configured on point-to-point Ethernet links that are connected directly or through Ethernet repeaters, and on aggregated Ethernet interfaces. The LFM status of individual links determines the LFM status of the aggregated Ethernet interface. The switches support the following OAM LFM features:
Discovery and link monitoring
Remote fault detection
Remote loopback
Routing Policy and Firewall Filters
Support for matching IPv6 source addresses from an inet6 egress interface (EX4300)—Starting in Junos OS Release 19.1R1, you can configure a firewall filter on an IPv6 egress interface to match specified IPv6 source or destination addresses-–for example, to protect a third-party device connected to the switch.
[See eracl-ip6-match and Example: Configuring an Egress Filter Based on IPv6 Source or Destination IP Addresses.]
Routing Protocols
Support for BGP graceful shutdown (EX Series)— Starting in Junos OS Release 19.1R1, graceful traffic migration from one BGP next hop to another is supported, without traffic interruption. Also, BGP administrative shutdown communication can be sent to the BGP peer.
You can configure both graceful-shutdown and shutdown statements at the [edit protocols bgp], [edit protocols bgp group group-name], and [edit protocols bgp group group-name neighbor address] hierarchy levels.
Note Graceful shutdown is disabled by default.
[See graceful-shutdown (Protocols BGP), shutdown (Protocols BGP).]
Security
MPLS scaling enhancements (EX4600 switches)—Starting in Junos OS Release 19.1R1, MPLS scaling is enhanced on the EX4600 switch. For instance, you can increase the scale from its default 1024 to 8192. This enhancement optimizes and increases the ingress tunnel scale to address the current needs of data center networks either in IP-CLOS or IP-over-MPLS application spaces.
Software Installation and Upgrade
Phone-home client (EX4300-MP switches)—Starting with Junos OS Release 19.1R1, you can use either the legacy DHCP-options-based ZTP or the phone-home client (PHC) to provision software for the switch. If the switch boots up and there are DHCP options received from the DHCP server for ZTP, ZTP resumes. If DHCP options are not present, PHC is attempted. PHC enables the switch to securely obtain bootstrapping data, such as a configuration or software image, with no user intervention other than having to physically connect the switch to the network. When the switch first boots, PHC connects to a redirect server, which will redirect to a phone-home server to get the configuration or software image.
To initiate either DHCP-options-based ZTP or PCH, either the switch must be in a factory-default state, or you can issue the request system zeroize command.
Phone-home client (EX2300-MP switches)—Starting with Junos OS Release 19.1R1, you can use either the legacy DHCP-options-based ZTP or the phone-home client (PHC) to provision software for the switch. If the switch boots up and there are DHCP options received from the DHCP server for ZTP, ZTP resumes. If DHCP options are not present, PHC is attempted. PHC enables the switch to securely obtain bootstrapping data, such as a configuration or software image, with no user intervention other than having to physically connect the switch to the network. When the switch first boots, PHC connects to a redirect server, which will redirect to a phone-home server to get the configuration or software image.
To initiate either DHCP-options-based ZTP or PCH, either the switch must be in a factory-default state, or you can issue the request system zeroize command.
What's Changed
Learn about what changed in the Junos OS main and maintenance releases for EX Series.
What's Changed in Release 19.1R3
Multicast
Multicast Layer 2 transit traffic statistics by multicast source and group (EX4600, EX4650, and the QFX5000 line of switches)—Starting in Junos OS Release 19.1R3, EX4600, EX4650, and the QFX5000 line of switches provide statistics on the packet count for each multicast group and source when passing multicast transit traffic at Layer 2 with IGMP snooping. Run the show multicast snooping route extensive CLI command to see this count in the Statistics: … n packets output field. The other statistics in that output field, kBps and pps, are not available (values displayed there are not valid statistics for multicast traffic at Layer 2). In earlier Junos OS releases, all three values in the Statistics output field for kBps, pps, and packets do not provide valid statistics for multicast traffic at Layer 2.
What's Changed in Release 19.1R2
Interfaces and Chassis
Support for creating Layer 2 logical interfaces independently (ACX Series, EX Series, MX Series, PTX Series, and QFX Series)—In Junos OS Releases 18.4R1, 18.4R2, 19.1R1, 19.1R2, and later, EX Series switches support creating Layer 2 logical interfaces independent of the Layer 2 routing-instance type. That is, you can configure and commit the Layer 2 logical interfaces separately and add the interfaces to the bridge domain or Ethernet VPN (EVPN) routing instance separately. Note that the Layer 2 logical interfaces work fine only when they are added to the bridge domain or EVPN routing instance.
In earlier Junos OS releases, when you use a Layer 2 logical interface configuration (units with encapsulation vlan-bridge configuration), then you must add the logical interface as part of a bridge domain or EVPN routing instance for the commit to succeed.
Logical Interface is created along with physical Interface by default (MX Series routers, EX Series switches, and QFX Series switches)—In Junos OS Release 19.1R2 and later, logical interface is created on ge, et, xe interfaces along with the physical interface, by default. In earlier Junos OS Releases, by default, only physical interfaces are created.
For example, for ge interfaces, earlier when you view the show interfaces command, by default, only the physical interface (ge-0/0/0), is displayed. Now, the logical interface (ge-0/0/0.16386) is also displayed.
Layer 2 Features
input-native-vlan-push (EX2300, EX3400, EX4600, EX4650, and the QFX5000 line of switches)—From Junos OS Release 19.1R2, the configuration statement input-native-vlan-push at the [edit interfaces interface-name] hierarchy level is introduced. You can use this statement in a Q-in-Q tunneling configuration to enable or disable whether the switch inserts a native VLAN identifier in untagged frames received on the C-VLAN interface, when the configuration statement input-vlan-map with a push operation is configured.
[See input-native-vlan-push.]
Network Management and Monitoring
The show system schema command and
<get-yang-schema>RPC require specifying an output directory (EX Series)—Starting in Junos OS Release 19.1R2, when you issue the show system schema operational mode command in the CLI or execute the<get-yang-schema>RPC in a remote session to retrieve schema files, you must specify the directory in which to generate the output files by including the output-directory command option in the CLI or the<output-directory>element in the RPC. In earlier releases, you can omit the output-directory argument when requesting a single module to display the module in standard output.
What's Changed in Release 19.1R1
EVPN
Starting with Junos OS Release 19.1R1, the no-arp-suppression configuration statement is no longer supported on any device.
[See no-arp-suppression.]
Interfaces and Chassis
No support for performance monitoring on AE Interfaces (EX4300)—Y.1731 performance monitoring (PM) over aggregated Ethernet interfaces is not supported on EX4300 switches. [See sla-iterator-profile.]
Network Management and Monitoring
sysName.0 MIB object displays the fully qualified domain name (EX Series)—Starting in Junos OS Release 19.1R1, the sysName.0 MIB object displays the fully qualified domain name. That is, if the hostname and domain name are configured on the system, both names are displayed for the sysName.0 MIB object: host-name.domain-name. Previously, only the host name was displayed.
[See show snmp mib.]
NETCONF
<kill-session>operation returns different values in<rpc-error>when the session identifier is equal to the current session ID (EX Series)—Starting in Junos OS Release 19.1R1, when you execute the<kill-session>NETCONF operation and the session identifier is equal to the current session ID, the values of the<error-type>and<error-tag>elements in the resulting<rpc-error>areapplicationandinvalid-value, respectively. In earlier releases, the<error-type>and<error-tag>values areprotocolandoperation-failed.[See <kill-session>.]
Security
Syslog or log action on firewall drops packets (EX4600 switches)—Starting in Junos OS Release 19.1R1, if you configure a syslog or log action on an ingress firewall filter, control packets and ICMP packets sent to the Routing Engine might be dropped.
User Interface and Configuration
Options for monitor traffic interfaces statement added (EX Series)—Starting in Junos OS Release 19.1R1, the options write-fileand read-file under the monitor traffic command are included in the visible CLI.
[See monitor traffic.]
Known Limitations
This section lists known behavior, system maximums, and limitations in hardware and software in Junos OS Release 19.1R3 for the EX Series.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
EVPN
When a VLAN uses an IRB interface as the routing interface, the vlan-id parameter must be set to "none" to ensure a proper traffic routing. This issue is platform-independent. PR1287557
General Routing
When VLAN is added as an action for changing the VLAN in both ingress and egress filters, the filter will not be installed. PR1362609
On EX4650 with 288,000 MAC scale, the Routing Engine show ethernet-switching table summary command output shows the learned scale entries after a delay of around 60 seconds. PR1367538
Junos OS might hang trying to acquire the SMP IPI lock while rebooting when it is running as a VM on Linux and QEMU hypervisor. As a workaround, you can power cycle the device. PR1385970
After you upgrade to Junos OS Release 19.3, the system hangs after executing the request system software add /var/tmp/<image-gz> command. As a workaround, power cycle the device. It might resume normal functioning. PR1405629
Security
—On EX4600 switches, if a syslog or log action is configured on a firewall filter, control packets and ICMP packets sent to the Routing Engine might be dropped.
Infrastructure
If Junos OS panics experiences a file system-related panic, such as 'dup alloc', recovery through the OAM shell might be needed. From the OAM shell, run fsck on the root volume until it is marked clean. Only at this point is it safe to reboot to the normal volume. PR1444941
Virtual Chassis
A Virtual Chassis internal loop might happen at a node coming up from a reboot. During nonstop software upgrade (NSSU) on EX4600 and EX4300 Virtual Chassis, a minimal traffic disruption or traffic loop (greater than 2 seconds) might be seen. PR1347902
Open Issues
Learn about open issues in Junos OS Release 19.1R3 for EX Series. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
Authentication and Access Control
Before running the load ssl-certificate path PATHNAME command, configure the path using the CLI set protocols dot1x ssl-certificate-path PATHNAME command if the default pathname is not
/var/tmp/. PR1431086
General Routing
The ARP queue limit has been changed from 100 pps to 3000 pps. PR1165757
On an EX2300 switch, the output of the show chassis routing-engine command might display an incorrect value of mac reset in the last reboot reason field. PR1331264
Traffic flooding happens instead of routing when VRRP scaled more than 150. PR1371520
An EX4300 switch configured with a firewall filter on lo0 and dhcp-security on VLAN simultaneously might drop legitimate DHCP renew requests from clients on the corresponding VLANs. PR1376454
On an EX9208 switch, a few 10-Gigabit Ethernet interfaces are going down with the error message if_msg_ifd_cmd_tlv_decode ifd xe-0/0/0 #190 down with ASIC Error. PR1377840
After the Media Access Control security (MACsec) session is deleted, the corresponding interfaces might lose their MACsec function if LACP is enabled on them and the exclude lacp statement is configured under the [security macsec] hierarchy. PR1378710
On an EX4650 switch, DCPFE does not come up in some instances when the switch is abruptly powered off and powered on. Power cycle the device or reboot the host to recover the device. PR1393554
There is a possibility of seeing multiple reconnect logs, JTASK_IO_CONNECT_FAILED, during the device initialization. There is no functionality impact because of these messages. These messages can be ignored. PR1408995
On an EX9200 switch with MC-LAG configuration and other features enabled, there is a loss of approximately 20 seconds during restart of the routing daemon. This traffic loss varies with the configuration that is done. PR1409773
On EX2300 and EX4650 platforms, uRPF check in strict mode might not work properly. PR1417546
For an EVPN instance with integrated routing and bridging (IRB) interface, the proxy ARP and ARP suppression is enabled by default. With EVPN proxy ARP, ARP suppression enabled, and Junos OS Release 17.2R3 and later or 17.3R3 and later (correlated service release is also affected), the kernel process on master Routing Engine might crash because of a software defect on packet handling. This is a rare issue. PR1443903
On an EX9214 switch, if the MACsec-enabled link flaps after reboot, the error errorlib_set_error_log(): err_id(-1718026239) is observed. PR1448368
On EX3400 Virtual Chassis, during reboot or upgrade, because of a high CPU load in the slow path of FXPC, the TCP keepalive message is not sent. Hence, it is observed that some Virtual Chassis members might take longer to join the Virtual Chassis. PR1467707
On EX2300 switches with mac-limit and drop-and-log action configured, when the limit threshold is reached, a syslog message is triggered, but no SNMP trap is generated. PR1482709
Infrastructure
On EX3400 and EX2300 line of switches, during zero-touch provisioning (ZTP) with configuration and image upgrade with FTP, image upgrade is successful, but sometimes VM core files might be generated. PR1377721
On EX Series switches, if you configure a large-scale number of firewall filters on some interfaces, FPC crash and generation of core files might be seen. PR1434927
On an EX4300 switch, the CLI configuration on-disk-failure is not supported. PR1450093
Interfaces and Chassis
After GRES, the VSTP port cost on aggregated Ethernet interfaces might get changed, leading to a topology change. PR1174213
Junos Fusion Provider Edge
On a Junos fusion for enterprise system, intermediate traffic drop is seen between AD and SD when sFlow is enabled on an ingress interface. This is not seen always. When sFlow is enabled, the original packet is getting corrupted for those packets that hit the sFlow filter. This is because a few packets transmitted from the egress of AD1 are short of FCS (4 bytes) + 2 bytes of data, due to which the drop occurs. It is seen that the normal data packets are of size 128 bytes (4 bytes FCS + 14 bytes Ethernet header + 20 bytes IP header + 90 bytes data), while the corrupted packet is 122 bytes (14 bytes Ethernet header + 20 bytes IP header + 88 bytes data). PR1450373
Junos Fusion Satellite Software
In Junos fusion SP setup, EX4300 acting as satellite devices is generating temperature sensor alarm on multiple satellite devices modules connected to same aggregation device. PR1466324
Multicast
IGMP query packets might be duplicated between Layer 2 interfaces when IGMP snooping is enabled. PR1391753
Network Management and Monitoring
Trace files are not closed properly; as a result, writing of traceoptions to the log file suddenly stops. PR1380764
Platform and Infrastructure
There are multiple failures when events such as node reboots and ICL or ICCP flaps; and even with enhanced convergence configured there is no guarantee that subsecond convergence will be achieved. PR1371493
The image size grows over a period of time and subsequently storage might be insufficient to install images when upgrading EX2300 and EX3400 platforms. The upgrade might fail with the error message not enough space to unpack. PR1464808
In a Virtual Chassis with the VRRP master initially and if the VRRP IRB is disabled, then traffic destined to the VRRP VIP on the new VRRP master might be dropped if this is in the traffic path. PR1491348
Routing Protocols
Error messages pimd_rtrequest_v4(1133), IS_MASTER_RE: 1, Process: rpd, RTM_ID: 5, error: 17, errmsg: rt exists; ifindex = 340 are cosmetic and expected logs. These logs are not harmful and have no functional impact, but they just show the state of PIM register messages. These logs are already LOG_DEBUG for external builds, you do not need to make any change in any of the components. PR1371431
In 19.1R3 release, MUX state of LACP interface might not change when force-up configured. PR1484523
Subscriber Access Management
The authd reuses address quickly before jdhcpd has completely cleaned up the old subscriber, which results in syslog errors: jdhcpd: %USER-3-DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add 10.1.128.3 as it is already used by 1815. PR1402653
Resolved Issues
Learn which issues were resolved in the Junos OS main and maintenance releases for the EX Series.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
Resolved Issues: 19.1R3
Class of Service (CoS)
Shaping does not work after the reboot if shaping-rate is configured. PR1432078
The traffic is placed in network-control queue on extended port even if it comes in with different DSCP marking. PR1433252
EVPN
The ARP request or neighbor solicitation message might be sent back to the local segment by the DF router. PR1459830
The rpd might crash after the EVPN-related configuration is changed. PR1467309
Forwarding and Sampling
Memory leak might be observed in the l2ald process. PR1455034
Type 1 ESI/AD route might not be generated locally on EVPN PE in the all-active mode. PR1464778
General Routing
The l2cpd process might crash and generate a core file when interfaces flap. PR1431355
Micro-BFD 3x100 ms flap is seen upon inserting a QSFP transceiver into other port. PR1435221
IRB over VTEP unicast traffic might get dropped on EX9200 platforms. PR1436924
The rpd might generate a core file during router bootup due to a file pointer issue because there are two code paths that can close the file. PR1438597
On EX4600, the Virtual Chassis does not come up after you replace the Virtual Chassis port fiber connection with a DAC cable. PR1440062
MAC addresses learned on RTG might not be aged out after a Virtual Chassis member is rebooted. PR1440574
On EX3400 with half-duplex mode on 10M or 100M speed at medium traffic rates due to PHY side MAC buffer inconsistent state, MAC pause frames are seen on the port and egress traffic on the port stops to flow. PR1452209
The l2ald and eventd processes are hogging 100 percent after clear ethernet-switching table command is issued. PR1452738
A firewall filter might not be able to be applied in a particular Virtual Chassis or Virtual Chassis Fabric member as TCAM space running out of space. PR1455177
Packet drop might be seen after removing and reinserting the SFP transceiver on the 40-Gigabit Ethernet uplink module ports. PR1456039
Link-up delay and traffic drop might be seen on mixed service provider Layer 2/Layer 3 and enterprise style Layer 2 type configurations. PR1456336
The syslog timeout connecting to peer database-replication is generated when the show version detail command is issued. PR1457284
Overtemperature SNMP trap messages are displayed after update even though the temperatures are within the system thresholds. PR1457456
The correct VoIP VLAN information in LLDP-MED packets might not be sent after commit if dynamic VoIP VLAN assignment is used. PR1458559
The fxpc process might crash due to BGP IPV6 session flaps. PR1459759
On EX2300 and EX3400 platforms, storage space limitation leads to image installation failure during phone home. PR1460087
MAC addresses learned on RTG might not be aged out after aging time. PR1461293
RTG link faces nearly 20 seconds down during backup node rebooting. PR1461554
Configuring any combination of VLANs and interfaces under VSTP/MSTP might prevent any VSTP/MSTP-related configuration from being committed. PR1463251
There are some command lines to disable MAC learning and some of them are not working. PR1464797
The jdhcpd might consume high CPU and no further subscribers can be brought up if there are more than 4000 DHCP relay clients in the MAC move scenario. PR1465277
On EX2300 switches, an FXPC core file is generated after mastership election based on user priority. PR1465526
The broadcast and multicast traffic might be dropped over an IRB or a LAG interface in a EX Virtual Chassis scenario. PR1466423
The MAC move message might have an incorrect "from" interface when MAC moves rapidly. PR1467459
Optics measurements might not be streamed for interfaces of a PIC over JTI. PR1468435
FPC might be down when configuring vxlan-routing. PR1468736
With autonegotiation enabled, EX3400 advertises only 100 Mbps whenever we configure the 100-Mbps speed. PR1471931
The shaping of CoS does not work after a reboot. PR1472223
The RIPv2 packets forwarded across a Layer 2 circuit connection might be dropped. PR1473685
The dhcpd process might crash in a Junos fusion environment. PR1478375
TFTP installation from loader prompt might not succeed on the EX Series devices. PR1480348
In EVPN-VXLAN scenario, RP request packets for unknown host might get dropped in remote PE. PR1480776
Infrastructure
On EX4600 and EX4300 Virtual Chassis, the queue buffers might get stuck. As a result, error messages related to soft reset of port is seen. PR1462106
The traffic dropped on EX4300-48MP device acting as a leaf in Layer 2 IP fabric EVPN VXLAN environment. PR1463318
In an EX2300 Virtual Chassis scenario, continuous dcpfe error messages and eventd process hog might be seen. PR1474808
Interfaces and Chassis
The traffic might be forwarded to incorrect interfaces in an MC-LAG scenario. PR1465077
Executing commit might become unresponsive due to a stuck device control process. PR1470622
Junos fusion for enterprise
Inconsistency in the loop detect feature on newly provisioned SDs. PR1460209
Junos fusion Satellite Software
The dpd crash might be observed on satellite devices in Junos fusion for enterprise. PR1460607
Layer 2 Features
Physical layer and MAC/ARP learning might not work for copper base SFP-T on EX4600 switches. PR1437577
The LLDP function might fail when a Juniper device connects to a non-Juniper device. PR1462171
After rebooting, the FXPC core file might be seen when committing the configuration. PR1467763
Traffic might be affected if composite next hop is enabled. PR1474142
Platform and Infrastructure
The laser Tx might be enabled while the interface is disabled. PR1445626
NSSU causes traffic loss again after the backup to master transitions. PR1448607
On certain MPCs, cm errors need to be reclassified. PR1449427
The IRB traffic might get dropped after mastership switchover. PR1453025
The OSPF neighbor might go down when mDNS/PTP traffic is received at a rate higher than 1400 pps. PR1459210
ERP might not revert to IDLE state after reload or reboot of multiple switches. PR1461434
On EX4300 Virtual Chassis, traffic loss may be observed longer than 20 seconds when performing NSSU. PR1461983
IGMP reports are dropped with mixed enterprise or SP configuration styles on EX4300 switches. PR1466075
The switch might not be able to learn MAC addresses with dot1x and interface-mac-limit configured. PR1470424
On EX4300 switches, input firewall filter attached to isolated or community VLANs not matching dot1p bits on VLAN header. PR1478240
Routing Protocols
Host destined packets with filter log action might not reach to the Routing Engine if log/syslog is enabled. PR1379718
EX9208: BGP v4/v6 convergence and RIB install/delete time degraded in Junos OS Release 19.1R1, 19.2R1, 19.3R1, and 19.4R1. PR1414121
The traffic with destination UDP port 520 (RIP) or 521 (RIPng) drops on EX4600 switches. PR1429543
User Interface and Configuration
Problem with access to J-Web after update from Junos OS Release 18.2R2 to 18.2R3. PR1454150
Resolved Issues: 19.1R2
EVPN
The device might proxy the ARP probe packets in an EVPN environment. PR1427109
Configuring ESI on a single-homed 25-Gigabit Ethernet port might not work. PR1438227
ARP request/NS might be sent back to the local segment by DF router. PR1459830
General Routing
Certain EX Series devices are vulnerable to 'Etherleak' memory disclosure in Ethernet padding data. PR1063645
Transit OSPF traffic over Q-in-Q tunneling might be dropped if a firewall filter is applied to Lo0. interface PR1355111
l2ald process might crash and generate a core file on EX2300 Virtual Chassis when a trunk port is converted to 802.1x access port with tagged traffic flowing. PR1362587
IPv6 router advertisement (RA) messages might increase internal kernel memory usage. PR1369638
RIPv2 update packets might not send when IGMP-snooping is enabled. PR1375332
Interface flapping on an EX Series Virtual Chassis might cause high CPU utilization and multicast traffic delay. PR1393405
The fxpc core file might be generated if a scaled number of filter-based forwarding (FBF) filters are configured. PR1398256
EX3400 might not learn 30,000 MAC addresses when it sends MAC learning traffic. PR1399575
The DHCP discover packets are forwarded out of an interface incorrectly if DHCP snooping is configured on that interface. PR1403528
MAC address movement might not happen in Flexible Ethernet Services mode when the families inet or inet6 and vlan-bridge are configured on the same physical interface. PR1408230
On EX2300-24P, the error message dc-pfe: BRCM_NH-,brcm_nh_resolve_get_nexthop(),346:Failed to find if family is seen. PR1410717
EX Series PEM alarm for backup FPC will remain on master FPC although the backup FPC is detached from the Virtual Chassis. PR1412429
On EX4300-48MP switches, the chassis status LED is lit yellow instead of amber. PR1413194
The upgrade of the PoE firmware might fail on EX3400. PR1413802
VXLAN encapsulation next hop (VENH) does not get installed during BGP flapping or when routing is restarted. PR1415450
On EX3400, the show chassis environment command repeats OK and Failed at short intervals. PR1417839
The EX3400 Virtual Chassis status might be unstable during the bootup of Virtual Chassis or after the Virtual Chassis port flapping. PR1418490
Traffic drop might be observed when a transit static LSP is configured on EX4650 and QFX5120 platforms. PR1420370
Virtual Chassis might become unstable and FXPC might generate a core file when there are a lot of configured filter entries. PR1422132
The interface on failed member FPC of EX2300 or EX3400 Virtual Chassis might stay up for 120 seconds. PR1422507
Ensure Phone-home works in factory default configuration. PR1423015
IPv6 multicast traffic received on one Virtual Chassis member might be dropped when exiting another Virtual Chassis member if MLD snooping is enabled. PR1423310
On EX3400 auto-negotiation status shows incomplete on ge-0/2/0 using SFP-SX. PR1423469
Multicast traffic might be silently dropped on an ingress port with igmp-snooping enabled. PR1423556
MACsec connection on EX4600 platforms might not come back up after interface is disconnected and then reconnected. PR1423597
On MX204 optics SFP-1GE-FE-E-T, I2C read errors are seen when an SFP-T transceiver is inserted into a disabled state port. PR1423858
EX2300 or EX4300 platforms might fail to get an image/configuration from a phone-home server. PR1424321
MAC overlaps between different switches. PR1425123
The jdhcpd process might consume 100 percent CPU and crash if dhcp-security is configured. PR1425206
VC split after network topology is changed. PR1427075
The fxpc or Packet Forwarding Engine might crash on EX2300 and EX3400 platforms. PR1427391
Rebooting or halting a Virtual Chassis member might cause 30 seconds down on the RTG link. PR1427500
On EX2300-24P, the l2ald core files are generated after the removal and re-addition of multiple supplicant mode with PVLAN on interface. PR1428469
Verification of ND inspection with a dynamically bound client, moved to a different VLAN on the same port, is failing. PR1428769
EX4300-48MP switch cannot learn MAC addresses through some access ports that are directly connected to a host when auto-negotiation is used. PR1430109
Incorrect model information while polling through SNMP from Virtual Chassis. PR1431135
Packet drop might be seen if native VLAN is configured along with flexible VLAN tagging. PR1434646
The mc-ae interface may get stuck in waiting state in a dual mc-ae scenario. PR1435874
i40e NVM upgrade support for EX9200 platform. PR1436223
LED turns on even after the VC members are powered off. PR1438252
The DHCP snooping table might be cleared for VLAN ID 1 after adding a new VLAN ID to it. PR1438351
The dot1x might not work when captive-port is also configured on the interface on a backup or non-master FPC. PR1439200
DHCPv6 relay binding is not up while verifying the DHCP snooping along with DHCPv6 relay. PR1439844
EX4600 Virtual Chassis does not come up after replacing Virtual Chassis port from fiber connection to DAC cable. PR1440062
CPU might hang or interface might get stuck on a particular 100G port on EX Series switches. PR1440526
MAC addresses learned on RTG might not be aged out after a Virtual Chassis member is rebooted. PR1440574
Clients in an isolated VLAN might not get IP addresses after completing authentication when both dhcp-security and dot1x are configured. PR1442078
EX3400 FAN alarm (Fan X not spinning) appears and disappears repeatedly after removal of the fantray (absent). PR1442134
DHCPv6 client might fail to get an IP address. PR1442867
Nondesignated port is not moving to backup port role. PR1443489
/var/host/motd does not exist message is flooded every 5 seconds in chassisd logs. PR1444903
Packets drop might be seen after removing and reinserting the SFP of the 40G uplink module ports. PR1456039
On EX4300-MP, the following log is generated continuously: rpd [6550]: task_connect: task AGENTD I/O.128.0.0.1+9500 addr 128.0.0.1+9500: Connection refused. PR1445618
Major alarm log messages for temperature conditions for EX4600 at 56 degrees Celsius. PR1446363
Traffic might be dropped when a firewall filter rule uses 'then vlan' as the action in a VC scenario. PR1446844
The phone-home feature might fail on EX4300 switches because sysctl cannot read the device serial number. PR1447291
Added the on-disk-failure CLI configuration on the EX3400 switches. PR1447853
Unicast ARP requests are not replied to with the no-arp-trap option. PR1448071
On EX3400, IPv6 routes received through BGP do not show the correct age time. PR1449305
DHCP snooping static binding is not effective after the configuration is deleted and added back. PR1451688
Configuration change in VLAN all option might affect the per-VLAN configuration. PR1453505
Version compare in PHC might fail, making PHC to download the same image. PR1453535
Timeout connecting to peer 'database-replication'. PR1457284
SNMP trap messages are shown up after upgrade even when the temperature are within the system thresholds. PR1457456
Infrastructure
The Packet Forwarding Engine is flooded with mesages // pkt rx on ifd NULL unit 0. PR1381151
The traffic to the NLB server may not be forwarded if the NLB cluster works on multicast mode. PR1411549
Some Junos OS releases might not be installed successfully on EX2300-C platform. PR1414688
The operations on console might not work if the system ports console log-out-on-disconnect statement is configured. PR1433224
EX3400 might reboot suddenly generating VM core files. PR1456668
The traffic dropped on EX4300-48MP device acting as a leaf in Layer 2 IP fabric EVPN VXLAN environment. PR1463318
Interfaces and Chassis
Missing mandatory ICCP configuration statement redundancy-group-id-list produces a misleading error message. PR1402606
The logical interfaces in EVPN routing instances might flap after committing configurations. PR1425339
On EX9200 line of Ethernet switches, the unexpected commit error duplicate VLAN-ID occurs. PR1430966
VRRP-v6 state is flapping with init and idle states after configuring vlan-tagging. PR1445370
The traffic might be forwarded to wrong interfaces in MC-LAG scenario. PR1465077
J-Web
Some error messages might be seen when using J-Web. PR1446081
Junos fusion for enterprise
PoE over LLDP negotiation is not supported in Junos fusion for enterprise setup. PR1366106
Traffic might be silently dropped and discarded in a Junos fusion for enterprise with dual-AD. PR1417139
1-Gigabit SFP transceiver in a 10-Gigabit Ethernet upstream port on EX3400/EX4300 satellite device may not come up. PR1420343
Loop-detect feature not working in Junos fusion for enterprise. PR1426757
Layer 2 Ethernet Services
BFD might flap when some of underlay ECMP interfaces are disabled in the leaf nodes. PR1416941
The malfunction of the core isolation feature in EVPN-VXLAN scenarios causes traffic to be silently dropped and discarded. PR1417729
The DHCP DECLINE packets are not forwarded to the DHCP server when forward-only is set within dhcp-reply. PR1429456
DHCP request might get dropped in a DHCP relay scenario. PR1435039
On EX9200, DHCP-Relay is stripping the GIADDR field in messages toward the DHCP clients. PR1443516
Layer 2 Features
ERPS nodes do not converge to idle state after failure recovery or reboot. PR1431262
The MAC ARP learning might not work for copper base SFP-T on QFX5100, QFX5110, and EX4600 line of switches. PR1437577
Network Management and Monitoring
Overtemperature trap is not sent out even though there is a Temperature Hot alarm. PR1412161
Platform and Infrastructure
On EX4300, OAM LFM might not work on extended-vlan-bridge interface with native vlan configured. PR1399864
On EX9251, EX9253, and EX9208, DDoS violation for LLDP, MVRP, provider MVRP, and 802.1x is incorrectly reported as LACP DDoS violation. PR1409626
Untagged traffic is single-tagged in Q-in-Q scenario on EX4300 platforms. PR1413700
In EX4300 few ports might remain in dot1x connecting state and fail to transition to authenticated state. PR1417270
Overtemperature SNMP trap is generated incorrectly for LC (EX4300-48P) based on master Routing Engine (EX4300-48MP) temperature threshold value. PR1419300
EX4300: Runt counter never incremented. PR1419724
EX4300 does not send Fragmentation needed message when MTU is exceeded with DF bit set. PR1419893
The pfex process might crash and and generate core files when the SFP transceiver is reinserted. PR1421257
Traffic loss when one of the logical interfaces on a LAG is deactivated or deleted. PR1422920
The auditd crashes when accounting RADIUS server is not reachable. PR1424030
SNMP (ifHighSpeed) value is not displayed properly only for VCP interfaces, and it appears as zero. PR1425167
Interface flapping scenario might lead to ECMP next-hop install failure on EX4300 switches. PR1426760
IPv6 traffic might be dropped when static /64 IPv6 routes are configured. PR1427866
VIP might not forward the traffic if VRRP is configured on an aggregated Ethernet interface. PR1428124
EX4300 does not drop FCS frames with CRC error on 10-Gigabit Ethernet interfaces. PR1429865
Unicast ARP requests are not replied to with the "no-arp-trap" option. PR1429964
EX4300 enables the soft error recovery feature on the Packet Forwarding Engine, which can automatically detect the Packet Forwarding Engine parity error and recover by itself. PR1430079
The ERPS failover does not work as expected on an EX4300 device. PR1432397
The
/var/db/scriptsdirectory might be deleted after executing request system zeroize. PR1436773PoE might not work after upgrading the PoE firmware on EX4300 platforms. PR1446915
REST API process is non-responsive when a number of requests arrive with a high rate. PR1449987
ERP might not revert back to IDLE state after reload/reboot of multiple switches PR1461434
Routing Protocols
Host-destined packets with filter log action might not reach the Routing Engine if log/syslog is enabled. PR1379718
ICMPv6 RA packets generated by the Routing Engine might be dropped on the backup member of the Virtual Chassis if igmp-snooping is configured. PR1413543
The EX Series switch may not install all IRB MAC addresses during initialization. PR1416025
Sometimes, IGMP snooping may not work. Workaround is to restart the multicast-snooping process. PR1420921
Error message RPD_DYN_CFG_GET_PROF_NAME_FAILED: Get profile name for session XXX failed: -7, might be seen in syslog after restarting routing daemon. PR1439514
The bandwidth value of the DDoS-protection might cause packet loss after the device is rebooted. PR1440847
Traffic might be dropped after the QinQ enabled interface is flapped or a change is made to the vlan-id-list. PR1441402
IPv6 connectivity between MC-LAG peers might fail when multiple IRB interfaces are present. PR1443507
Junos OS BFD sessions with authentication flap after a certain time. PR1448649
Loopback address exported into other VRF instance might not work on ACX Series, EX Series, and QFX Series platforms. PR1449410
Subscriber Access Management
On EX4300,
/varshowing full; the/var/log/dfcd_encfile grows in size. PR1425000
Virtual Chassis
Current MAC address might change when you delete one of the multiple Layer 3 interfaces. PR1449206
VPNs
MVPN using PIM dense mode does not prune the OIF when PIM prune is received. PR1425876
Resolved Issues: 19.1R1
EVPN
A few minutes traffic loss might be observed during recovery from link failure. PR1396597
General Routing
FPM board status is missing in SNMP MIB walk result. PR1364246
The OAM Ethernet connectivity-fault-management configured on aggregated Ethernet interfaces is not supported; and no commit error is seen. PR1367588
ARP request packets might be sent out with 802.1Q VLAN tag. PR1379138
The 40-Gigabit Ethernet and 100- Gigabit Ethernet uplink port number options show incorrect number ranges. PR1382578
Commit error is observed for the first time while loading the mini-PDT base configurations. PR1383469
On the EX4650 switch, occasionally two of the channelized 25-Gigabit Ethernet ports that are using 4x25G breakout cable will not come up after Junos OS reboots. PR1384898
ARP and ethernet-table entry in pointing to an aggregated Ethernet interface whose state is down. PR1385199
On EX4300-48MP, the session-option stanza under the [access profile] hierarchy for EX Series and QFX Series platforms is not applicable. PR1385229
On EX9200 platforms, the warning message prefer-status-control-active with status-control standby might be seen whenever you commit an operation. PR1386479
On EX2300 with stacked VLAN, flexible-vlan-tagging is unable to obtain DHCP IP for IRB after a reboot/power-cycle. PR1387039
On EX3400 Virtual Chassis, Error tvp_status_led_set and Error:tvp_optics_diag_eeprom_read syslog errors are seen. PR1389407
MAC learning might stop working on some LAG interfaces. PR1389411
On EX4300-48MP, need to remove messages Recommend power cycle the device to complete the upgrade and Please power cycle the device to complete the upgrade after ssd firmware upgrade. PR1389543
"Input rate pps" is not increased on EX2300-MP uplink ports if the packet is a pure Layer 2 packet like non-etherII or non-EtherSnap. PR1389908
The smid core file is generated during sanity script execution on QFX5100 and EX4300 switches. PR1391909
PTP over Ethernet traffic might be dropped when IGMP and PTP TC are configured together. PR1395186
DOT1XD core file is generated at
pnac_bd_create pnac_bdm_handler knl_async_receive_and_process. PR1395384On EX2300, MAC table is not populated after interface-mode change. PR1396422
High jsd or na-grpcd CPU usage might be seen even if JET or JTI is not used. PR1398398
After upgrading Junos OS Release 15.1X53 to Junos OS Release 18.2R1.9, the EX3400 cannot learn 30,000 MAC addresses. PR1399575
The FBF routing-instance instance-type "forwarding" is missed for EX Series (EX3400). PR1400163
MAC-limit with persistent MAC is not working after reboot. PR1400507
The authd might crash when you issue the show network-access requests pending command during authd restart. PR1401249
On EX4300-48mp, packets are dropped after configuring traffic filter and routing instance. PR1407424
The l2cpd might crash if the VSTP traceoptions and VSTP VLAN all commands are configured. PR1407469
The chassisd output power budget is received continuously for 5 seconds without any alarm after upgrading to Junos OS Release 18.1R3. PR1414267
VXLAN Encapsulation nexthop (VENH) does not get installed during BGP flap or restart routing. PR1415450
Infrastructure
IfSpeed and IfHighSpeed are erroneously reported as zero on EX2300. PR1326902
Junos fusion for enterprise
An error peer_daemon: bad daemon: scpd is seen on EX9251 switch running Junos OS Releases 18.1R1 and 18.1R2. PR1369646
Cannot login to SD cluster though it is recognized by AD properly. PR1395570
The l2ald process might generate a core file when persistent MAC addresses are cleared from the switching table. PR1409403
Extended ports do not adjust MTU in Junos fusion for enterprise on VOIP-enabled ports. PR1411179
Layer 2 Features
RTG MAC refresh packets are sent out from non-RTG ports if the RTG interface belonging to the Virtual Chassis master flaps. PR1389695
Layer 3 Features
The l2ald might crash when the clear ethernet-switching table persistent-learning command is issued. PR1381739
Platform and Infrastructure
Ping does not go through device after WTR timer expires in ERPS scenario. PR1132770
EX4300 upgrade fails during validation of slax script. PR1376750
ECMP route installation failure with log messages such as unilist install failure might be observed on EX4300 device. PR1376804
Packet drops on interface if the statement gigether-options loopback is configured. PR1380746
Traffic loss is seen in Layer 2 VPN with GRE tunnel. PR1381740
EX4300 device chooses incorrect bridge-id as RSTP bridge-id. PR1383356
On EX4300-48MP switch mixed Virtual Chassis, PoE interface maximum power configuration on member EX4300 gives an error if configured more than 30. PR1383717
Unicast DHCP request get misforwarded to backup RTG link on EX4300-VC. PR1388211
ICMPV6 packets are not classified with static or multifield forwarding-class mapping. PR1388324
Layer 3 IP route might be deleted after a Layer 2 next-hop change is seen. PR1389688
Continuous log messages get printed in EX4300: 17.4 / MCSNOOPD ICCP Context./var/run/iccpd_control addr /var/run/iccpd_control: Connection refused. PR1391942
On EX4300 switches, tcpdump shows that the kernel is sending out the ARP response on receiving the ARP request, but that the response does not get on the wire. PR1405168
The policer might not work when it is applied through the dynamic filter. PR1410973
Routing Protocols
The PPM mode for BFD session in EX4300 is centralized and not distributed by default. PR1361800
On EX4300-48MP, stale VLAN entries are seen after continuous script is run involving split, merge, and reboot. PR1363739
On EX4650 switches, the command output for the show pfe route summary hw statement shows different scale values for the IPv4 and IPv6 LPM routes rather than the supported scale. PR1366579
Host-destined packets with filter log action might reach the Routing Engine. PR1379718
EX4300 might drop the incoming IS-IS hello packets when IGMP or MLD snooping is configured. PR1400838
Documentation Updates
There are no errata or changes in Junos OS Release 19.1R3 documentation for the EX Series switches.
Migration, Upgrade, and Downgrade Instructions
This section contains the upgrade and downgrade support policy for Junos OS for the EX Series. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network. For information about software installation and upgrade, see the Installation and Upgrade Guide.
Upgrade and Downgrade Support Policy for Junos OS Releases
Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.
You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2, and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.
You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.
For more information about EEOL releases and to review a list of EEOL releases, see https://support.juniper.net/support/eol/software/junos/.