Junos OS Release Notes for the QFX Series
These release notes accompany Junos OS Release 19.1R3 for the QFX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.
You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.
What's New
Learn about new features introduced in the Junos OS main and maintenance releases for QFX Series.
The following QFX Series platforms are supported in Release 19.1R3: QFX5100, QFX5110 (32Q and 48S), QFX5120, QFX5200, QFX5210, QFX10002, QFX10002-60C, QFX10008, and QFX10016.
What’s New in Release 19.1R3-S2
Routing Policy and Firewall Filters
Loopback firewall filter scale optimization (QFX5120-48Y and EX4650)—Starting with Junos OS Release 19.1R3-S2, you can configure up to 768 loopback filter terms for IPv6, and up to 1152 terms for IPv4. To do so, you configure an ingress firewall filter, apply it to the loopback interface, and then enable the loopback-firewall-optimization command at the [edit chassis] hierarchy level (this triggers the packet forwarding engine (PFE) to restart).
Terms that include a reserved multicast destination (for example 224.0.0.x/24) and terms with a time-to-live (TTL) of 0/1 are not directly supported. Instead, you need to configure a separate filter for these terms. For example, to count OSPF packets on the loopback interface, you would create a separate filter with terms for the protocol (OSPF) to count packets destined to a reserved multicast address (such as 224.0. 0.6).
What’s New in Release 19.1R3
There are no new features and enhancements to the existing features for the QFX Series switches in Junos OS Release 19.1R3.
What’s New in Release 19.1R2
EVPN
EVPN-VXLAN support (QFX10002-60C switches)—Starting in Junos OS Release 19.1R2, the QFX10002-60C switch can function as a Layer 2 or Layer 3 VXLAN gateway in both EVPN-VXLAN centrally-routed and edge-routed bridging overlays (EVPN-VXLAN topologies with two-layer and collapsed IP fabrics). In these roles, the switch supports the following features:
Enterprise style of Layer 2 interface configuration
Active/active multihoming
Default routing instance
Multiple routing instances of type virtual switch, and VLAN-aware service on the virtual switch routing instance
Pure type-5 routes
Proxy ARP use and ARP suppression, and proxy NDP use and NDP suppression on an IRB interface
ESIs on physical and aggregated Ethernet interfaces
OSPF, IS-IS, BGP, and static routing on IRB interfaces
DHCP relay
IPv6 support for user data traffic
EVPN-VXLAN with MPLS as transport layer
MAC mobility
[See EVPN User Guide.]
BPDU protection in EVPN-VXLAN (QFX5100, QFX5110, and QFX5200 switches)—Starting in Junos OS Release 19.1R2, you can enable BPDU protection in an EVPN-VXLAN configuration. With a spanning tree protocol configured on an edge port, you can enable BPDU protection. If a BPDU is received on the edge port, the edge port is disabled and it stops forwarding all traffic. You can also configure BPDU protection on VXLAN interfaces without a spanning tree protocol configured, or enable BPDU protection and have other traffic forwarded. Only the BPDUs are dropped, and all other traffic is forwarded. Additionally, you can unblock an interface either automatically or manually.
To enable BPDU protection with RSTP on an edge port on access and leaf devices:
set protocols rstp interface interface-name edge
set protocols rstp bpdu-block-on-edge
To enable BPDU protection with a spanning tree protocol on access and leaf devices:
set protocols layer2-control bpdu-block interface interface-name
To enable BPDU protection but still forward other traffic on access and leaf devices:
set protocols layer2-control bpdu-block interface interface-name drop
To automatically unblock an interface using an expiry timer on access and leaf devices:
set protocols layer2-control bpdu-block disable-timeout time in seconds
To manually unblock an interface on access and leaf devices:
run clear error bpdu interface all
Support for EVPN-VXLAN features (QFX5120-32C)—Starting in Junos OS Release 19.1R2, QFX5120-32C switches support the following features in an EVPN-VXLAN environment:
Firewall filtering and policing
Graceful restart
Class of service (CoS)
Virtual machine traffic optimization (VMTO) for ingress traffic
MAC limiting (firewall filter-based)
Storm control
Port mirroring and analyzers
Core isolation
[See the EVPN User Guide.]
What’s New in Release 19.1R1
Hardware
QFX5120-32C switches— Starting with Release 19.1R1, Junos OS supports the fixed-configuration QFX5120-32C switch. This switch provides 100-Gbps spine-and-leaf connectivity in Layer 2 and Layer 3 fabrics for cloud and Web services.
The QFX5120-32C has 2 SFP+ ports that operate at 10-Gbps speed, and 32 ports that can operate at 40-Gbps (with QSFP+ transceivers) and 100-Gbps speeds (with QSFP28 transceivers). You can use breakout cables to channelize the 40-Gbps ports into four 10-Gigabit Ethernet interfaces and the 100-Gbps ports into four 25-Gigabit Ethernet interfaces.
The QFX5120-32C is available with AC power supplies and with front-to-back or back-to-front airflow.
Authentication, Authorization and Accounting (AAA) (RADIUS)
Support for SFTP global disablement (QFX Series)—Starting in Junos OS Release 19.1R1, we have globally disabled incoming SSH File Transfer Protocol (SFTP) connections by default. You can enable incoming SFTP connections globally by configuring the statement sftp-server at the [edit system services ssh] hierarchy level. Prior to Junos OS Release 19.1R1, the incoming SFTP connections were globally enabled by default.
[See Configuring sftp-server]
Class of Service (CoS)
Support for per-port buffer monitoring (QFX5000 switches)—Starting with Junos OS Release 19.1R1, to keep track of peak buffer occupancy for each queue or priority group on a port, you can enable per-port buffer monitoring on a QFX5000 Series switch by setting buffer-monitor-enable at the [edit chassis fpc slot-number traffic-manager] hierarchy level. You can then monitor the buffer occupancy on the designated ports by executing the show interfaces priority-group interface-name buffer-occupancy or show interfaces queue interface-namebuffer-occupancy command.
[See traffic-manager.]
Support for class of service (CoS) on QFX5120-32C switches (QFX Series)—Starting in Junos OS Release 19.1R1, QFX5120-32C switches support most class of service (CoS) features. IP precedence classification is not supported; DSCP classifiers are supported but can’t be set at ingress. Also, as with other QFX5200 series switches, CoS flexible hierarchical scheduling (ETS) is not supported.
CoS is the assignment of traffic flows to different service levels. Service providers can use router-based CoS features to define service levels that provide different delay, jitter (delay variation), and packet loss characteristics to particular applications served by specific traffic flows.
[See CoS Operational Comparison Between QFX5100, QFX5120, QFX5200, and QFX5210 Switches.]
EVPNs
EVPN proxy ARP and ARP suppression, and proxy NDP and NDP suppression without IRB interfaces (QFX10000 switches)—Starting in Junos OS Release 19.1R1, QFX10000 switches that function as Layer 2 VXLAN gateways in an EVPN-VXLAN environment support proxy ARP and ARP suppression, and proxy NDP and NDP suppression on non-IRB interfaces. Now, any interface configured on these Layer 2 VXLAN gateways can deliver ARP and NDP requests from both local and remote devices.
In addition, you can now control the following aspects of the MAC-IP address bindings database on a QFX10000 switch:
The maximum number of MAC-IP address entries in the database
The amount of time a locally learned MAC-IP address binding remains in the database
[See EVPN Proxy ARP and ARP Suppression, and Proxy NDP and NDP Suppression.]
Forwarding and Sampling
Customizing hashing parameters and shared-buffer alpha values for better load balancing (QFX5100, QFX5110, QFX5200, and QFX5210 switches)—These switches achieve load balancing through use of a hashing algorithm, which determines how to forward traffic over LAG bundles or to next-hop devices when ECMP is enabled. The hashing algorithm makes hashing decisions based on values in various packet fields. Starting with Junos OS Release 19.1R1, you can explicitly configure some hashing parameters to make hashing more efficient. The shared-buffer pool is a global memory space that all ports on the switch share dynamically as they need buffers. The switch uses the shared-buffer pool to absorb traffic bursts after the dedicated-buffer pool is exhausted. The shared-buffer pool threshold is dynamically calculated based on a factor called “alpha”. Also starting with Junos OS Release 19.1R1, you can specify the alpha, or dynamic threshold, value to determine the change threshold of shared buffer pools for both ingress and egress buffer partitions.
To specify hashing parameters:
user@switch# set forwarding-options enhanced-hash-key hash-parameters (ecmp | lag)To specify a threshold value for a particular queue:
user@switch# set class-of-service shared-buffer (ingress|egress) buffer-partition buffer dynamic-threshold value[See hash-parameters and buffer-partition].
General Routing
Supported features on new hardware (QFX5120-32C)—Starting with Junos OS Release 19.1R1, the following Junos OS features are supported on QFX5120-32C switches:
Layer 2 unicast features:
802.1Q VLAN trunking
802.1p
PVLAN
Routed VLAN interface (RVI)
Layer 3 VLAN-tagged logical interfaces
4096 VLANs
MAC address filtering
MAC address aging configuration
Static MAC address assignment for interface
Per-VLAN MAC learning (limit)
MAC learning disable
Persistent MAC (sticky MAC)
Q-in-Q Tag manipulation
MAC address limit per port
MAC limiting
MAC limiting per port, per VLAN
MAC move limiting
PVLAN on Q-in-Q
802.1D
802.1w (RSTP)
802.1s (MST)
BPDU protection
Loop protection
Root protection
VSTP
RSTP and VSTP running concurrently
Link aggregation (static and dynamic) with LACP (fast and slow LACP)
LLDP
Multiple VLAN Registration Protocol (802.1ak)
Layer 2 multicast features:
IGMP snooping for IGMPv1, IGMPv2, and IGMPv3
IGMP proxy
IGMP querier
Virtual router (VRF-lite) IGMP snooping
[See Multicast Overview.]
Layer 3 unicast features:
Static routing, ping, and traceroute (IPv4, IPv6)
OSPFv2 (IPv4) and OSPFv3 (IPv6)
RIPv2
BGP (IPv4, IPv6), BGP 4-byte ASN support, and BGP multipath
MBGP (IPv4)
IS-IS (IPv4, IPv6)
BFD (for RIP, OSPF, IS-IS, BGP, PIM)
Filter-based forwarding (FBF)
Unicast reverse path forwarding (RPF)
IP directed broadcast traffic forwarding
VRRP
VRRPv3 (IPv6)
Neighbor Discovery Protocol (IPv6)
Path MTU discovery
IPv6 CoS—Behavior aggregate (BA) classifiers, multifield (MF) classifiers and rewrite rules, traffic-class scheduling
IPv6 stateless address autoconfiguration
ECMP—32-way
Hierarchical ECMP
Virtual router (VRF-lite) IS-IS, RIP, OSPF, BGP
[See BGP User Guide, IPv6 Neighbor Discovery User Guide, IS-IS User Guide, OSPF User Guide, Protocol-Independent Routing Properties User Guide, and RIP User Guide.]
Layer 3 multicast features:
IGMP version 1 (IGMPv1), version 2 (IGMPv2), and version 3 (IGMPv3)
IGMP filtering
PIM sparse mode (PIM-SM)
PIM source-specific multicast (PIM-SSM)
PIM dense mode (PIM-DM)
Virtual router (VRF-lite) PIM, IGMP
Multicast Source Discovery Protocol (MSDP)
[See Multicast Overview.]
VXLAN features:
EVPN-VXLAN—Layer 2 and Layer 3 VXLAN gateways
Pure type-5 routes. [See EVPN Type-5 Route with VXLAN encapsulation for EVPN-VXLAN.]
IGMP snooping. [See Overview of IGMP Snooping in an EVPN-VXLAN Environment.]
Tunneling of Q-in-Q traffic. [See Examples: Tunneling Q-in-Q Traffic in an EVPN-VXLAN Overlay Network.]
Support for OSPF, IS-IS, BGP, and static routing on IRB interfaces. [See Supported Protocols on an IRB Interface in EVPN-VXLAN.]
Support for IPv6 data traffic. [See Routing IPv6 Data Traffic through an EVPN-VXLAN Network with an IPv4 Underlay.]
MAC mobility. [See Overview of MAC Mobility.]
EVPN proxy ARP and ARP suppression, and NDP and NDP suppression. [See EVPN Proxy ARP and ARP Suppression, and NDP and NDP Suppression
OVSDB-VXLAN—Layer 2 VXLAN gateway. [See Understanding the OVSDB Protocol Running on Juniper Networks Devices.]
PIM-based Layer 2 VXLAN gateway. [See Examples: Manually Configuring VXLANs on QFX Series and EX4600 Switches.]
MPLS support. [See MPLS Feature Support on QFX Series and EX4600 Switches.]
Multichassis link aggregation group (MC-LAG). [See Multichassis Link Aggregation Features, Terms, and Best Practices.]
Services support:
sFlow. [See Overview of sFlow Technology.]
Port mirroring. [See Understanding Port Mirroring.]
Storm control. [See Understanding Storm Control.]
Resilient hashing support for LAGs and ECMP routes. [See Understanding the Use of Resilient Hashing to Minimize Flow Remapping in Trunk/ECMP Groups.]
Distributed denial of service (DDoS) protection. [See Understanding Distributed Denial-of-Service Protection on QFX Series Switches.]
Unified Forwarding Table (UFT). [See Understanding the Unified Forwarding Table.]
Interfaces and Chassis
Multichassis link aggregation groups, configuration synchronization, and configuration consistency check (MC-LAG) (QFX5120 switches)—Starting in Junos OS Release 19.1R1, MC-LAG enables a client device to form a logical LAG interface using two switches. MC-LAG provides redundancy and load balancing between the two switches, multihoming support, and a loop-free Layer 2 network without running spanning tree protocols (STP).
[See Multichassis Link Aggregation Features, Terms, and Best Practices.]
Increasing the number of ARP and neighbor discovery entries to 256,000 (QFX10008 and QFX10016 switches)—Starting in Junos OS Release 19.1R1, the number of ARP and neighbor discovery entries has increased to 256,000 when enabling the enhanced-convergence statement. Enhanced convergence improves Layer 2 and Layer 3 convergence time during enhanced MC-LAG and VXLAN L3 gateway restoration scenarios.
To increase the number of ARP an neighbor discovery entries, enable the arp-enhanced-scale statement at the [edit system] hierarchy.
Channelizing enhancement on QFX5210-64C switches—Starting in Junos OS Release 19.1R1, the behavior of Flexi-pic mode on QFX5210-64C switches has improved. Channelizing ports in this mode no longer disables a corresponding port. The new behavior allows you to use any port within four designated blocks for channelization as long as the total number of channels does not exceed 128 or 32 in any one of the four blocks. Channelization helps to maximize port utilization.
Channelizing interfaces on QFX5120-32C switches—The 32 ports on the QFX5120-32C switch support native 40- or 100-Gigabit Ethernet configuration and channelized 10-, 25-, or 40-Gigabit Ethernet configuration. Starting in Junos OS Release 19.1R1, you can channelize the default 100-Gbps ports into four 25-Gigabit Ethernet or two 50-Gigabit Ethernet interfaces, and the 40-Gbps ports into four 10-Gigabit Ethernet interfaces (using breakout cables).
If you have disabled auto-channelization, then to channelize the ports, manually configure the port speed using the set chassis fpc slot-number port port-number channel-speed speed command, where the speed can be set to 10G, 25G, 50G.
Note The last 100-Gbps port (port 31) does not support four 10-Gigabit Ethernet port or four 25-Gigabit Ethernet port channelization. Only 40-Gigabit Ethernet, 100-Gigabit Ethernet and 2x50-Gigabit Ethernet interfaces are supported on port 31.
You cannot configure channelized interfaces to operate as Virtual Chassis ports.
Junos Telemetry Interface
Support for the Junos telemetry interface (JTI) (QFX10002 and PTX10002)—Starting with Junos OS Release 19.1R1, you can provision sensors through the Junos telemetry interface to export telemetry data for several network elements without involving polling. You can stream data through UDP or gRPC.
Only the following sensors are supported on QFX10002 switches and PTX10002 routers:
Physical interfaces statistics
Label-switched-path (LSP) statistics
Network processing unit (NPU) memory
NPU memory utilization
CPU memory
To provision sensors to stream data through UDP, all parameters are configured at the [edit services analytics] hierarchy level.
To provision a sensor to export data through gRPC, use the telemetrySubscribe RPC to specify telemetry parameters.
Streaming telemetry data through gRPC also requires you to download the OpenConfig for Junos OS module and YANG models.
[See Guidelines for gRPC Sensors (Junos Telemetry Interface) and show chassis hardware.]
Layer 2 Features
L2PT support (QFX5200 switches and QFX5200 Virtual Chassis)—Starting with Junos OS Release 19.1R1, you can configure Layer 2 protocol tunneling (L2PT) for the following protocols on QFX5200 switches and QFX5200 Virtual Chassis: CDP, E-LMI, GVRP, IEEE 802.1X, IEEE 802.3AH, LACP, LLDP, MMRP, MVRP, STP (including RSTP and MSTP), UDLD, VSTP, and VTP.
[See Layer 2 Protocol Tunneling.]
Licensing
QFX5120-32C switch license —Starting in Junos OS Release 19.1R1, Juniper Networks introduces the QFX5120-32C switch.
The QFX5120-32C switch supports the following licenses models:
Base features for the QFX5120-32C switch include OSPF, OSPFv3, and RIPng.
Advanced Feature License (AFL) for QFX5120-32C switch includes BGP, IS-IS, MPLS, VXLAN, and Open vSwitch Database (OVSDB).
PFL for QFX5120-32C switch includes Border Gateway Protocol (BGP), Intermediate System-to-Intermediate System (IS-IS), Virtual Extensible Local Area Network (VXLAN), and Open vSwitch Database (OVSDB).
[See Software Features That Require Licenses for QFX Series.]
Management
Tracing support for individual JET application files (QFX Series)—Previously you could configure traceoptions for all applications. Starting in Junos OS Release 19.1R1, you can also configure traceoptions for an individual application file. If you configure trace options both globally (all applications) and locally (by application file), the local configuration has the higher priority. You must commit global traceoptions and the daemonized application configurations at the same time for the global traceoptions for the daemonized application to take effect.
[See application.]
MPLS
MPLS scaling enhancements (QFX5100, QFX5110, QFX5200, QFX5210)—Starting in Junos OS Release 19.1R1, MPLS scaling is enhanced on the switches. For instance, you can increase the scale from its default 1024 to 8192 on the QFX5100. This enhancement optimizes and increases the ingress tunnel scale to address the current needs of data center networks either in IP-CLOS or IP over MPLS application spaces.
Control transport address used for targeted-LDP session (QFX Series)—Currently, only the router ID or interface address is used as the LDP transport address. Starting in Junos OS Release 19.1R1, you can configure any other IP address as the transport address of targeted LDP sessions, session groups, and interfaces. This new configuration is applicable only for configured LDP neighbors that have Layer 2 circuit, MPLS, and VPLS adjacencies.
This feature is beneficial when you have multiple loopback interface addresses, and different IGPs associated with LDP interfaces, and you can control the session established between targeted LDP neighbors with the configured transport address.
[See Control Transport Address Used for Targeted-LDP Session.]
Policy-based multipath routes (QFX Series)—In segment routing networks with multiple protocols in the core, you can combine segment routing traffic engineered (SR-TE) LDP routes and SR-TE IP routes to create a multipath route that is installed in the routing information base (also known as routing table). You can resolve BGP service routes over the mutlipath route through policy configuration and steer traffic differently for different prefixes.
Use of SID labels as first hop for resolving non-colored static segment routing LSPs (QFX Series)—Currently, for a static non-colored segment routing traffic-engineered LSP to be usable, the first hop of the segment list must be an IP address. Only the second to nth hop could be segment identifier (SID) labels. Starting in Junos OS Release 19.1R1, this requirement does not apply. You can now configure SID labels as the first hop in the segment list.
With this configuration, static non-colored segment routing LSPs are resolved using MPLS fast reroute (FRR) and weighted equal-cost multipath. Without this configuration, by default, the LSPs are resolved using IP address.
Support of install statement for segment routing LSPs (QFX Series)—The install destination-prefix statement which is currently supported at the [edit protocols mpls label-switched-path lsp-name] and [edit protocols mpls static-label-switched-path lsp-name ingress] hierarchy levels is now also supported at the [edit protocols source-packet-routing source-routing-path lsp-name] hierarchy level for both colored and non-colored static segment routing label-switched paths (LSPs).
You can associate one or more prefixes with a segment routing LSP using the install statement. When the LSP is up, all the prefixes are installed as entries into the inet.3 or inet6.3 routing table.
[See install (Protocols MPLS).]
Network Management and Monitoring
Local port mirroring support (QFX10002-60C switch)—Starting in Junos OS Release 19.1R1, QFX10002-60C switches support local port mirroring. Port mirroring copies packets entering or exiting a port or entering a VLAN and sends the copies to a local interface for local monitoring. You can use port mirroring to send traffic to applications that analyze traffic for purposes such as monitoring compliance, enforcing policies, detecting intrusions, monitoring and predicting traffic patterns, correlating events, and so on.
[See Examples: Configuring Port Mirroring for Local Analysis.]
sFlow performance improvements (QFX Series)—Starting in Junos OS Release 19.1R1, the following improvements have been added to the sFlow technology feature:
For MX Series, PTX Series, and QFX Series, you can configure forwarding class and DSCP values per collector.
For PTX Series and QFX Series, you can configure IPv6 addresses for the source-ip and agent-id.
Enhancements are made to the following CLI commands: show sflow collector, show sflow collector address ip-address, and show sflow interface.
[See Understanding How to Use sFlow Technology for Network Monitoring, collector, agent-id, source-ip, show flow collector, and show flow interface.]
Routing Policy and Firewall Filters
Support for IPv6 filter-based forwarding (QFX5100, QFX5110, and QFX5200 switches)— Starting with Junos OS Release 19.1R1, you can use stateless firewall filters in conjunction with filters and routing instances to control how IPv6 traffic travels in a network. This is called IPv6 filter-based forwarding. To set up this feature, you define a filtering term that matches incoming packets based on the source or destination address and then specify the routing instance to send packets to. You can use filter-based forwarding to route specific types of traffic through a firewall or security device before the traffic continues on its path. You can also use it to give certain types of traffic preferential treatment or to improve load balancing of switch traffic.
This feature was previously supported in an "X" release of Junos OS.
[See Firewall Filter Match Conditions and Understanding Filter-Based Forwarding.]
Support for 2000 Egress Firewall Filters (QFX5110 switches)—Starting in Junos OS Release 19.1R1, you can configure up to 2000 VLAN firewall filters on the switch. This feature is only supported in the egress direction (traffic exiting the VLAN). To configure, include the egress-to-ingress option under the from statement at the [edit firewall] hierarchy level.
Support for packet load balancing based on GTP-TEID hashing (QFX10002, QFX10008, and QFX10016 switches)—Starting in Junos OS Release 19.1R1, you can configure load balancing of IPv4 or IPv6 packets by using GPRS Tunneling Protocol-tunnel endpoint identifier (GTP-TEID) field hash calculations. The GTP-TEID hashing is added to the Layer 2 and Layer 3 field hashing that you have already configured. To enable this feature, configure the gtp-tunnel-endpoint-identifier statement at the [edit forwarding-options enhanced-hash-key family inet] or the [edit forwarding-options enhanced-hash-key family inet6] hierarchy Level. GTP versions 1 and 2 are supported; they support only user data. You must use UDP port number 2152 for both GTP versions.
Support for matching IPv6 source addresses from an inet6 egress interface (QFX5100)—Starting in Junos OS Release 19.1R1, you can configure an firewall filter on a IPv6 egress interface to match specified IPv6 source or destination addresses, for example, to protect a third-party device connected to the switch.
[See eracl-ip6-match and Example: Configuring an Egress Filter Based on IPv6 Source or Destination IP Addresses.]
Routing Protocols
Support for BGP graceful shutdown (QFX Series)— Starting in Junos OS Release 19.1R1, graceful traffic migration from one BGP next hop to another is supported, without traffic interruption. Also, BGP administrative shutdown communication can be sent to the BGP peer.
You can configure both graceful-shutdown and shutdown statements at the [edit protocols bgp], [edit protocols bgp group group-name], and [edit protocols bgp group group-name neighbor address] hierarchy levels.
Note Graceful shutdown is disabled by default.
[See: graceful-shutdown (Protocols BGP), shutdown (Protocols BGP).]
Support for 128 equal-cost paths for BGP multipath (QFX10000)—Starting with Junos OS Release 19.1R1, you can configure a maximum of 128 equal-cost paths for external BGP peers. Previously, the maximum number supported was 64. For MPLS routes, the maximum number of equal-cost paths you can configure remains unchanged at 64. To specify 128 equal-cost paths for external BGP peers, include the maximum-ecmp 128 statement at the [edit chassis] hierarchy level. You must also configure a routing policy that exports routes from the routing table into BGP. Define a routing policy by including the policy-statement policy-name set of statements at the [edit policy-options] hierarchy level. Apply the policy to routes exported to the forwarding table by including the export policy-name statement at the [edit routing-options forwarding-table] hierarchy level.
[See maximum-ecmp.]
Support for policy-based allocation for IPv4 BGP-labeled unicast (QFX Series)—Starting in Junos OS Release 19.1R1, this feature supports:
Allocating policy-based label for IPv4 BGP-LU prefixes in per-prefix label allocation mode.
1:1 mapping between prefixes and labels.
Map policy for labels.
Fallback actions of dynamic and reject for handling error conditions.
[See policy-options, route-filter-list.]
System Management
Support for aggregated Ethernet and loopback interfaces on primary and secondary interfaces using PTP (QFX5110 switches) —Starting with Junos OS Release 19.1R1, you can configure both primary and secondary interfaces as aggregated Ethernet and loopback interfaces using PTP over IPv4 and IPv6 unicast transport on the IEEE 1588v2 default profile and the G.8275.2 enhanced profile. Although, the loopback interface (lo0.0) is the same for both the primary and secondary aggregated Ethernet interfaces, the IP addresses must be unique.
[See Understanding the PTP G.8275.2 Enhanced Profile (Telecom Profile)Multicast Overview.]
What's Changed
Learn about what changed in the Junos OS main and maintenance releases for QFX Series.
What’s Changed in Release 19.1R3
General Routing
Advertising 32 secondary loopback addresses to traffic engineering database as prefixes (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—We've made changes to export multiple loopback addresses to the lsdist.0 and lsdist.1 routing tables as prefixes. This eliminates the issue of advertising secondary loopback addresses as router IDs instead of prefixes. In earlier releases, multiple secondary loopback addresses in the traffic engineering database were added to the lsdist.0 and lsdist.1 routing tables as part of node characteristics and advertised them as the router ID.
Multicast
Multicast Layer 2 transit traffic statistics by multicast source and group (EX4600, EX4650, and the QFX5000 line of switches)—Starting in Junos OS Release 19.1R3, EX4600, EX4650, and the QFX5000 line of switches provide statistics on the packet count for each multicast group and source when passing multicast transit traffic at Layer 2 with IGMP snooping. Run the show multicast snooping route extensive CLI command to see this count in the Statistics: … n packets output field. The other statistics in that output field, kBps and pps, are not available (values displayed there are not valid statistics for multicast traffic at Layer 2). In earlier Junos OS releases, all three values in the Statistics output field for kBps, pps, and packets do not provide valid statistics for multicast traffic at Layer 2.
Network Management and Monitoring
entPhysicalTable fetched on QFX10002—In Junos OS Release 19.1R3, the MIB data for entPhysicalTable is fetched on a QFX10002-72Q or QFX10002-36Q switch.
[See SNMP Explorer.]
Platform and Infrastructure
Automatic installation of YANG-based CLI for RIFT protocol (MX Series, QFX Series, and vMX with 64-bit and x86-based servers)—In Rift 1.2 Release, installation of the CLI for RIFT protocol occurs automatically along with the installation of the junos-rift package. In the pre-1.0 releases of the junos-rift package, the RIFT CLI had to be installed separately using request system yang command after installation of the junos-rift package.
Advertising 32 secondary loopback addresses to traffic engineering database as prefixes ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—We've made changes to export multiple loopback addresses to the lsdist.0 and lsdist.1 routing tables as prefixes. This eliminates the issue of advertising secondary loopback addresses as router IDs instead of prefixes. In earlier releases, multiple secondary loopback addresses in the traffic engineering database were added to the lsdist.0 and lsdist.1 routing tables as part of node characteristics and advertised them as the router ID.
What’s Changed in Release 19.1R2
EVPN
Support for disabling automatic ESI generation (MX Series and QFX Series)—Starting with Junos OS Release 19.1R2, Junos OS supports disabling the automatic ESI generation for virtual gateway addresses. We recommend that you disable the automatic ESI generation for EVPN networks with edge-routed bridging to improve performance. To disable automatic ESI generation, include the no-auto-virtual-gateway-esi statement at the [edit interfaces name irb unit logical-unit-number] hierarchy level.
Logical Interface is created along with physical Interface by default (QFX Series switches)—In Junos OS Release 19.1R2 and later, logical interface is created on ge, et, xe interfaces along with the physical interface, by default. In earlier Junos OS Releases, by default, only physical interfaces are created.
For example, for ge interfaces, earlier when you view the show interfaces command, by default, only the physical interface (ge-0/0/0), is displayed. Now, the logical interface (ge-0/0/0.16386) is also displayed.
Interfaces and Chassis
The resilient-hash statement is no longer available under aggregated-ether-options (QFX5200 and QFX5210 switches)—Starting in Junos OS Release 19.1R2, the resilient-hash statement is no longer available in the [edit interfaces aex aggregated-ether-options] hierarchy level. Resilient hashing is not supported on LAGs on QFX5200 and QFX5210.
[See aggregated-ether-options.]
Logical interfaces created along with physical interfaces by default (QFX10000 and QFX5000 switches)—On the QFX10000 line of switches, logical interfaces are created along with the physical et-, sxe-, xe-, and channelized xe- interfaces. In earlier releases, only physical interfaces are created.
On the QFX5000 line of switches, by default, logical interfaces are created on channelized xe- interfaces. In earlier releases, logical interfaces are not created by default on channelized xe- interfaces (xe-0/0/0:1, xe-0/0/0:2, and so on), but they are created on et-, sxe-, and nonchannelized xe- interfaces.
Layer 2 Features
input-native-vlan-push (EX2300, EX3400, EX4600, EX4650, and the QFX5000 line of switches)—In Junos OS Release 19.1R2, we have introduced the configuration statement input-native-vlan-push at the [edit interfaces interface-name] hierarchy level. You can use this statement in a Q-in-Q tunneling configuration to enable or disable whether the switch inserts a native VLAN identifier in untagged frames received on the C-VLAN interface, when the input-vlan-map configuration statement with a push operation is configured.
[See input-native-vlan-push.]
Network Management and Monitoring
The show system schema command and
<get-yang-schema>RPC require specifying an output directory (QFX Series)—Starting in Junos OS Release 19.1R2, when you issue the show system schema operational mode command in the CLI or execute the<get-yang-schema>RPC in a remote session to retrieve schema files, you must specify the directory in which to generate the output files by including the output-directory command option in the CLI or the<output-directory>element in the RPC. In earlier releases, you can omit the output-directory argument when requesting a single module to display the module in standard output.
Services and Applications
Commit check for incomplete tunnel encapsulation configuration on flexible tunnel interface (FTI) —Tunnel encapsulation configuration is mandatory for FTI interfaces. In Junos OS Release 19.1R2, when you try to commit any incomplete tunnel encapsulation configuration on an FTI, the CLI displays a commit error message.
Software-Defined Networking
Increase in the maximum value of delegation-cleanup-timeout (QFX Series)—You can now configure a maximum of 2147483647 seconds as the delegation cleanup time for a Path Computation Client (PCC). This extends the time taken by the PCC to retain the last provided path over a PCEP session from the last session down time.
With the increase in maximum value of delegation-cleanup-timeout from 600 to 2147483647 seconds, you can benefit during a Path Computation Element (PCE) failover, or other network issues that might disrupt the PCEP session with the main active stateful PCE.
[See delegation-cleanup-timeout.]
What’s Changed in Release 19.1R1
EVPN
Starting with Junos OS Release 19.1R1, the no-arp-suppression configuration statement is no longer supported on any device.
[See no-arp-suppression.]
New options in show evpn instance command (QFX series)—Starting in Junos OS Release 19.1R1, you can use the show evpn instance esi-info command to only display the ESI information for a routing instance and show evpn instance neighbor-info to only display the IP address of the EVPN neighbor for a routing instance. Information associated with the ESI, such as the route distinguisher, bridge domain, and IRB are filtered out.
Interfaces and Chassis
Commit error thrown when GRE interface and tunnel source interface are configured in different routing instances (QFX Series)—In Junos OS Release 19.1R1, QFX Series switches do not support configuring GRE interface and the underlying tunnel source interface in two different routing instances. If you try this configuration, it will result in a commit error with the following error message:
error: GRE interface (gr-0/0/0.0) and its underlying tunnel source interface are in different routing-instances
error: configuration check-out failed
New XML tag element
<lacp-hold-up-state>added in show lacp interfaces XML display (QFX Series)—Starting in Junos OS Release 19.1R1, the show lacp interfaces | display xml command displays a new XML tag element<lacp-hold-up-state>. The<lacp-hold-up-state>displays the time interval an interface holds before it changes from state, down to up. In earlier Junos OS releases, the LACP hold up the information for all interfaces was in a single<lacp-hold-up-information>XML tag. Now, for each interface it is displayed in a separate<lacp-hold-up-information>XML tag.Support for creating Layer 2 logical interfaces independently (ACX Series, EX Series, MX Series, PTX Series, and QFX Series)—In Junos OS Releases 18.4R1, 18.4R2, 19.1R1, 19.1R2, and later, QFX Series switches support creating Layer 2 logical interfaces independent of the Layer 2 routing-instance type. That is, you can configure and commit the Layer 2 logical interfaces separately and add the interfaces to the bridge domain or Ethernet VPN (EVPN) routing instance separately. Note that the Layer 2 logical interfaces work fine only when they are added to the bridge domain or EVPN routing instance.
In earlier Junos OS releases, when you use a Layer 2 logical interface configuration (units with encapsulation vlan-bridge configuration), then you must add the logical interface as part of a bridge domain or EVPN routing instance for the commit to succeed.
Network Management and Monitoring
sysName.0 MIB object displays the fully qualified domain name (QFX Series)—Starting in Junos OS Release 19.1R1, the sysName.0 MIB object displays the fully qualified domain name. That is, if the hostname and domain name are configured on the system, both will show up for the sysName.0 MIB object: host-name.domain-name. Previously, only the hostname showed up.
[see show snmp mib.]
NETCONF
<kill-session>operation returns different values in<rpc-error>when the session identifier is equal to the current session ID (QFX Series)—Starting in Junos OS Release 19.1R1, when you execute the<kill-session>NETCONF operation and the session identifier is equal to the current session ID, the values of the<error-type>and<error-tag>elements in the resulting<rpc-error>areapplicationandinvalid-value, respectively. In earlier releases, the<error-type>and<error-tag>values areprotocolandoperation-failed.[See <kill-session>.]
Security
Syslog or log action on firewall drops packets (QFX5000 switches)—Starting in 19.1R1, if you configure a syslog or log action on an ingress firewall filter, control packets and ICMP packets sent to the Routing Engine might be dropped.
Firewall warning message (QFX5000 switches)—Starting in 19.1R1, a warning message is displayed whenever a firewall term includes log or syslog with the accept filter action.
User Interface and Configuration
Options for monitor traffic interfaces statement added (QFX Series)—Starting in Junos OS Release 19.1R1, the options write-fileand read-file under the monitor traffic command are included in the visible CLI.
[See monitor traffic.]
Known Limitations
Learn about known limitations in this release for QFX Series.
For the most complete and latest information about known Junos OS problems, use the Juniper Networks online Junos Problem Report Search application.
EVPN
On QFX10000 switches configured as type-5 route peers, when only peer 1 advertises routes, that peer might not install the de-encapsulated next-hop route. As a result, type-5 encapsulated traffic sent by peer 2 is dropped until peer 2 advertises any type-5 route. As a workaround, configure a static route pointing to discard on peer 2 and advertise that route as a type-5 route to peer 1. PR1191092
When a VLAN uses an IRB interface as the routing interface, the vlan-id parameter must be set to none to ensure proper traffic routing. This issue is platform independent. PR1287557
General Routing
On the QFX5100, if a scaled configuration involving a LAG interface, more than 3000 VLANs, and corresponding next hops is removed and a new configuration involving a LAG interface is applied at the same time, the new configuration might not take effect until the previous configuration has been deleted. During this time, FXPC might consume high CPU resources. No other system impact is observed. PR1363896
The statement pm4x25_line_side_phymod_interfa might throw the error ERROR: u=0 p=81 interface type 16 not supported by internal SERDES for this speed 50000. This error message is seen when a channelization is detected in Junos OS Release 18.1R3. PR1366137
If out-of-band management link is operated at a speed other than 1000 Mbps (for example, link peer is kept 10/100 Mbps) on QFX Series products within the Junos VM, the corresponding interface always reflects a speed of 1000 Mbps in all aspects. For example, in the output of the show interfaces em0 command. The actual speed in use will reflects only on the corresponding interface on the Linux host. PR1401382
When doing an RFC MAC learning rate, we achieve a learning rate of only 13,000 MAC entries. For higher learning rate, we see some MACs are not learned, but sometimes the issue is not seen even at higher rates. PR1403603
The maximum number of Layer 3 interfaces that can be configured on QFX5100 is 8000, QFX5200 is 8000, and QFX5110 is 12,000. PR1406107
On a QFX5120, ARP might not get resolved for an untagged packet coming on an interface with encapsulation ethernet-bridge when this interface is in a VXLAN with the encapsulate-inner-vlan statement. PR1454804
Infrastructure
If Junos OS panics with a file-system-related panic, such as 'dup alloc', recovery through the OAM shell might be needed. From the OAM shell, run 'fsck' on the root volume until it is marked clean. Only at this point it is safe to reboot to the normal volume. PR1444941
Layer 2 Features
The Targeted-broadcast forward-only command does not broadcast the traffic. PR1359031
xSTP configuration is not supported on flexible-vlan-tagging interfaces for any of the QFX5000 line of devices (QFX5100, QFX5110, QFX5200, QFX5210, QFX5120). PR1414659
Hierarchical ECMP with VXLAN OVERLAY routing is not supported on QFX5000 devices. PR1456594
MPLS
There is no warning message about Packet Forwarding Engine restart when the MPLS tunnel extend configuration is deleted. PR1394722
Platform and Infrastructure
When the sFlow collector can be reached only through the Routing Engine, large samples due to heavy traffic can cause the Routing Engine CPU to become busy. PR1332337
On QFX10002, QFX10008, and QFX10016, ND is incorrectly working on an IRB/Layer 3 interface with a discard filter. PR1338067
Hardware watchdog does not work on QFX10008 and QFX10002-60C. PR1343131
The 100-Gigabit Ethernet interface goes down after you configure and delete the Ethernet loopback configuration. PR1353734
When vlan is added as an action for changing the VLAN in both ingress and egress filters, the filter is not installed. PR1362609
On a QFX5120 switch with 288,000 MAC scale, the Routing Engine show ethernet-switching table summary command output shows the learned scale entries after a delay of around 60 seconds. PR1367538
Junos OS can hang trying to acquire the SMP IPI lock while rebooting when it is running as a VM on Linux and the QEMU hypervisor. You can recover the device by power cycling it. PR1385970
These error logs are expected when routes pointing to target next hops are in turn pointing to hold next hops. These error logs appear for a short time. Later, when the next hop changes from hold next hop to a valid next hop, unilist next hops are walked again and updated with the appropriate weight and reroute counters, and no more error logs are seen. PR1387559
Re-ARP request sent without a VLAN ID (so Routing Engine ARP fails). PR1390794
The QFX5100 (Junos OS Release 19.1R1) uses SDK version 6.3.7. Unified ISSU with BST configuration is not supported and is a product limitation with regard to BCM chipset running on SDK 6.3.7. Even configuring BST after the unified ISSU might not work. As a workaround, restarting of Packet Forwarding Engine is required after the unified ISSU. For QFX5110, unified ISSU is not supported on Junos OS Release 19.1R1. PR1395587
On QFX5120 system, the hardware link scan thread interrupt processing takes significant time due to firmware limitation. This results in greater than 50 ms convergence delay during MPLS FRR. PR1403082
Routing Protocols
When an interface is configured with family mpls, one label is reserved for the explicit-null case. Only one label is used across the different MPLS interfaces for the explicit-null case. This label will only be deleted when all the interfaces with family mpls are deleted. So the maximum number of tunnels you can have is 1. PR1418733
Security
—On QFX5000 platforms, if a syslog or log action is configured on a firewall filter, control packets and ICMP packets sent to the Routing Engine might be dropped.
Virtual Chassis
A Virtual Chassis internal loop might happen at a node coming up from a reboot. During nonstop software upgrade (NSSU) on a QFX5100 Virtual Chassis, a minimal traffic disruption or traffic loop (>2 seconds) might occur. PR1347902
Open Issues
Learn about open issues in this release for QFX Series.
For the most complete and latest information about known Junos OS problems, use the Juniper Networks online Junos Problem Report Search application.
EVPN
At times, when l2ald is restarted, a race condition occurs where VTEP notification comes in from the kernel before lo0. As a result, l2ald is unable to process the VTEP add request and gets stuck in an infinite loop. PR1384022
General Routing
Layer 3 multicast traffic does not converge to 100 percent and continuous drops are observed after the downstream interface goes down or comes up or while an FPC comes online after FPC restart.This happens with multicast replication for 1000 VLANs or IRB interfaces. PR1161485
Port LEDs on the QFX5100 do not work. If a device connects to a port on the QFX5100, the port LED stays unlit. PR1317750
On the QFX10002-60C, the filter operation with log action is not supported for protocols other than Layer 2, IPv4, and IPv6. The following message is seen in the firewall logs: Protocol 0 not recognized. PR1325437
Backup Routing Engine might crash after GRES occurs continuously for more than 10 times. PR1348806
QFX10000 platform drops the access point (AP) heartbeat packets, as result the WAP cannot work. PR1352805
Interface flapping is observed only on a peer port with 100GBASE-LR4 optics in the warm boot stage of VMs during a unified ISSU process. As a workaround, do not use 100GBASE-LR4 during a unified ISSU. PR1353415
A mib2d core file is generated in mib2d_write_snmpidx at snmpidx_sync.c on both active directories while bringing up a base traffic profile. PR1354452
When a rpd reads next hops from the kernel on restart, in the INH -> FWD NH{List NH} -> {Chain NH} scenario, the rpd should not create old-style list next hop for the forwarding next hop. PR1360354
On the QFX5100, if a scaled configuration involving a LAG interface, more that 3000 VLANs, and corresponding next hops is removed and a new configuration involving a LAG interface is applied at the same time, the new configuration might not take effect until the previous configuration has been deleted. During this time, FXPC might consume high CPU resources. No other system impact is observed. PR1363896
The statement pm4x25_line_side_phymod_interfa might throw the error ERROR: u=0 p=81 interface type 16 not supported by internal SERDES for this speed 50000. This error messages is seen when channelization is detected in Junos OS Release 18.1R3. PR1366137
On the QFX10000 line of switches, with EVPN-VXLAN, the following error is seen: expr_nh_fwd_get_egress_install_mask:nh type Indirect of nh_id: # is invalid. PR1367121
The user might not be able to stop the ZTP bootstrap, when an QFX10016 or an QFX10008 switch with more number of line cards is powered on with factory-default configuration. PR1369959
USB upgrade of NOS image is not supported. PR1373900
On QFX10008 and QFX10016 platforms, traffic loss might occur because of switch modular failure on the Control Board (CB). This failure further causes all SIBs to be marked as faulty and causes FPCs to restart until Routing Engine switchover occurs. PR1384870
With MLD-snooping enabled and when we have two receivers in the same VLAN interested in the same group address but from a different source, traffic is received only on the receiver that sent the lastest MLD report. This is because we do not install S, G routes in hardware when MLD snooping is enabled. PR1386440
Control plane switch management (CPSM) daemon memory leak occurs in the VM host. It might also result logrotate not to work, and cause large CPSM log size. PR1387903
In the Junos OS Release 18.4R1 branch, intermittent traffic loss is observed with RTG streams while flapping the RTG primary interface. PR1388082
DCPFE didn't come up in some instances of abruptly powering off and powering on the QFX5120-EX4650. To recover the device, power cycle it or reboot the host. PR1393554
Layer 2 multicast and broadcast convergence is high while deleting and adding back the scale configurations of VLANs and VXLAN. PR1399002
A QFX10000's FPC may restart if an operator configures VXLAN's VNI 0 identifier. PR1401215
On the QFX5120, OVSDB-managed VXLAN experiences traffic loss. PR1401943
If the USB storage device is not removed from device after an upgrade, the system might come up and might reboot repeatedly. As a workaround, you need to manually change the boot sequence from the BIOS menu to select boot from SSD. PR1404717
On the QFX10002, traffic drop is observed with MSTP configuration (65 instances and 64 interfaces with 3840 VLANs) PR1408943
You might see multiple reconnect logs, JTASK_IO_CONNECT_FAILED, during the device initialization. There is no functionality impact due to these messages. These messages can be ignored. PR1408995
Intermittently chassis alarms not raised after power-cycle of the device. Chassis alarms can be recovered by restarting lcmd from CLI - request app-engine service restart chassis-manager or, restart chassis-control PR1413981
On QFX5110 and QFX5120 platforms, uRPF check in strict mode does not work properly. PR1417546
When a bad optics is connected to the device that could inhibit EEPROM failure conditions or I2C read failure conditions, the device could end up in this condition. Please check the description of the issue mentioned in the PR. PR1420874
When NSSU is done from Junos OS Release 18.1R3 to any later image on QFX5100 Virtual Chassis with LACP link protection configured, there might be around 5 minutes of traffic loss. Traffic loss is not seen during NSSU if the link protection configuration is not present. PR1435519
When routing process is restarted, if the system is configured with EVPN service, memory of the Layer 2 address learning daemon (l2ald) increases by 4000 when you use show system processes extensive | match l2ald. PR1435561
Unified ISSU might fail from Junos OS Release 17.2X75-D43.2 to some target versions on QFX5200 platforms. And dcpfe crash might be seen. PR1438690
Unified ISSU will is not supported for QFX5200 from Junos OS Release 17.2X75-D4x to Junos OS Release 19.2R1. PR1440288
On QFX10000 switches and EVPN-VXLAN (spine-leaf) scenario, QFX10000 spine switches are configured with VXLAN Layer 3 gateway (utilizing the virtual gateway) on an IRB interface. If you enable and then subsequently remove the VXLAN Layer 3 gateway on this IRB interface on one or some of these spine switches, traffic drop might be observed. As a workaround, if all virtual gateways are configured with an unique IPv4 or IPv6 MAC address, this issue does not occur. PR1446291
Whenever any member in RSPAN VLAN is removed from that VLAN, you must reconfigure the analyzer session for that RSPAN VLAN. PR1452459
In an EVPN-VXLAN with service-provider style configuration, if the VLAN name associated with access ports is changed, then the virtual bridge domain might not be created. This is because the bridge domain add notification for the new VLAN comes before the bridge domain delete notification for the old VLAN. Because of this, virtual bridge domain might not be created and MAC's might not be learned. PR1454095
After changing the VLAN name on the trunk interface, local host MAC learning will be hold for more than 30 seconds. PR1454274
Enabling maintenance configuration on MH device without disabling the ESI link might lead to a traffic loop. We recommend that you disable the ESI link instead of the maintenance configuration on the MH device. PR1456349
On QFX5110, FEC errors might be seen on the other side. PR1457266
Change of VTEP source address by changing the loopback address will trigger reduction in Vport and VNI. PR1467158
On QFX5100 Virtual Chassis, 10-Gigabit VCP ports will not be active. PR1494980
Infrastructure
The following messages are seen during FTP: ftpd[14105]: bl_init: connect failed for
/var/run/blacklistd.sock(No such file or directory) messages are seen during FTP. PR1315605
Interfaces and Chassis
Flooding of ARP reply unicast packets is seen as a result of an ARP request sent for the device's VRRP MAC address. The ARP reply that is flooded in the VLAN by the device has the correct DMAC of the originator of the ARP request. That is, the ARP reply is flooded but with the correct unicast DMAC. The ARP reply is not broadcasted. PR1454764
Layer 2 Features
If the access-side interfaces are used as SP-style interfaces, when a new logical interface is added and if there is already a logical interface on the physical interface, there is a 20-50 ms traffic drop on the existing logical interface. PR1367488
On the QFX5120, during new tenant addition, there might be a few transient packet drops (2-15 packets) for a couple of random intra-VNI traffic streams in an EVPN-VXLAN topology for the existing tenants. The drop is almost negligible and is autorecovered. PR1455654
With QFX5110 and QFX5200 plaforms, if storm control IS enabled on the interfaces along vxlan configuration, storm control will not get effected with ARP REQ packets coming more than storm control threshold. PR1469837
On QFX5110 and QFX5120 platforms, changing the lo0 IP address might sometimes either result in stale entry of IP in mpls_entry table or missing IP entry, which results in traffic drop for VXLAN traffic. PR1472333
MPLS
A lingering RSVP state might keep some labeled routes programmed in the Packet Forwarding Engine longer than they should be. This RSVP state eventually expires and then delete the RSVP MPLS routes from FIB. However, traffic loss is not anticipated because of this lingering state or the corresponding label routes in the FIB. In the worst case, in a network, where there is persistent link flapping going on, this lingering state might interfere with the LSP scale being achieved. PR1331976
Platform and Infrastructure
In configurations with IRB interfaces, during times of interface deletion (for example, FPC reboot), the Packet Forwarding Engine might log errors stating nh_ucast_change:291Referenced l2ifl not found. This condition should be transient, with the system reconverging on the expected state. PR1054798
Routing Protocols
Higher convergence time for LFA with BFD in Junos OS Release 18.1. PR1337412
The pimd_rtrequest_v4(1133), IS_MASTER_RE: 1, Process: rpd, RTM_ID: 5, error: 17, errmsg: rt exists; ifindex = 340 error messages are cosmetic and expected logs. These logs are not harmful and have no functional impact; they just show the state of PIM register messages. These logs are already LOG_DEBUG for external builds, and you do not need to make any change in any of the components. PR1371431
When a MOLEX QSFP+ DAC cable is connected to the QFX5210, the link might not come up. A DCPFE might generate a core file and the fxpc process might not come up. PR1397158
There is no functionality impact because of the following error message: BRCM_NH-,brcm_nh_bdvlan_ucast_uninstall(),128:l3 nh 6594 unintsall failed in h/w with Mini-PDT base configurations. PR1407175
In Junos OS Release 19.1R3, the MUX state of LACP interface will not change sometimes when force-up is onfigured. PR1484523
Resolved Issues
Learn which issues were resolved in the Junos OS main and maintenance releases for QFX Series.
For the most complete and latest information about known Junos OS defects, use the Juniper online Junos Problem Report Search application.
Resolved Issues: 19.1R3
Class of Service (CoS)
Shaping does not work after the reboot if the shaping-rate is configured. PR1432078
The traffic is placed in network-control queue on extended port even if it comes in with different dscp marking. PR1433252
On QFX5120-32C, while moving unicast traffic to the multicast queue through the MF classifer, the show interface queue <> command does not display any statistics. PR1459281
EVPN
ARP request/NS might be sent back to the local segment by the DF router. PR1459830
The rpd might crash after the EVPN-related configuration is changed. PR1467309
Forwarding and Sampling
The l2ald process might experience memory leak on platforms running Junos OS. PR1455034
Type 1 ESI/AD route might not be generated locally on EVPN PE in the all-active mode. PR1464778
General Routing
On QFX5100 switches, the LR4 QSFP transceiver might take up to 15 minutes to come up after a Virtual Chassis reboot. PR1337340
The 10-Gigabit fiber interfaces might flap frequently when they are connected to other vendor's switch PR1409448
The optic module comes with Tx enabled by default. As the port is administratively disabled, the port is stopped but as the port has not been started, it does not disable Tx. PR1411015
Part of routes could not be provided into the Packet Forwarding Engine when both IPv4 and IPv6 are used. PR1412873
The show interface command indicates Media type: Fiber on QFX5100-48T running the QFX 5e Series image. PR1419732
Ports might get incorrectly channelized if they are already 10-Gbps ports and they are channelized to 10-Gbps again. PR1423496
The host-bound traffic might be dropped after performing change configuration related to prefix-list. PR1426539
The l2cpd process might crash and generate a core file when the interfaces are flapping. PR1431355
The FPC might crash when a firewall filter is modified. PR1432116
The line card might crash because the installed SFP-T module is not supported. PR1432809
BGP neighbourship might not come up if the MACsec feature is configured. PR1438143
The EX4600 or QFX5100 Virtual Chassis might not come up after the Virtual Chassis port fiber connection is replaced with DAC cable. PR1440062
MAC addresses learned on the RTG might not be aged out after a Virtual Chassis member is rebooted. PR1440574
CRC error might be seen on the VCPs of the QFX5100 Virtual Chassis. PR1449406
The FPC does not restart immediately after the system is rebooted, which might cause packet loss. PR1449977
CoS classification does not work on QFX10000. PR1450265
FPC core files might be seen after changing the configuration of PTP or Synchronous Ethernet. PR1451950
The l2ald and eventd hogs 100 percent after clear ethernet-switching table is issued. PR1452738
The classifier configuration does not get applied to the interface in an EVPN-VXLAN environment. PR1453512
The show chassis led command shows a wrong status. PR1453821
On QFX5100-VC, the vgd process hogs the CPU without the switch-options vtep-source-interface lo0.0 configuration. PR1454014
After a reboot, the master FPC might come up in master state again instead of backup state. PR1454343
Dcpfe should crash because usage of data is not NULL terminated on QFX5000. PR1454527
On QFX10002-60c, in an EVPN-VXLAN environmenet, the MAC+IP count is shown as zero. PR1454603
The untagged hosts ARP/NS requests might not be resolved when it is connected on encapsulation ethernet-bridge'\ interface. PR1454804
A firewall filter might not be able to be applied in a particular VC/VCF member as TCAM space running out. PR1455177
In a 16+ member QFX5100 VCF, the FROM column under the show system users command output reports feb0, feb1, feb2, and feb3 for fpc16, fpc17, fpc18, and fpc19 respectively. PR1455201
The PFC feature does not work on the QFX10000 line of switches. PR1455309
The cosd crash might be observed if the forwarding-class-set is directly applied on the child interface of an aggregated Ethernet interface. PR1455357
Link-up delay and traffic drop might be seen on mixed SP L2, SP L3, and EP L2 type configurations. PR1456336
The Packet Forwarding Engine process might crash after a Routing Engine switchover on QFX10000 platforms. PR1457414
Overtemperature SNMP trap messages are displayed after update even though the temperatures are within the system thresholds. PR1457456
QFX5110 switches port 51 has one LED blinking amber Junos OS Release 19.1R1.6. PR1457516
Dual tag Q-in-Q not working with EVPN-VXLAN PR1458206
On a QFX5210, the LED does not light on port 64 and 65 after upgrade to Junos OS Release 19.2R1. PR1458514
The BPDU packet might be looped between leaf DF switch and non-DF switch and causes traffic blocking. PR1458929
JDI-_QFX5200_-REGRESSION-SWITCHING-QFX5200: DHCPv6 LDRA relay bounded count is not as expected after DHCP is configured. PR1459499
The fxpc process might crash due to several BGP IPV6 session flaps. PR1459759
The forwarding option is missing from the routing-instance type configuration. PR1460181
The accept-source-mac feature with VXLAN is not working on QFX5000 platforms. PR1460885
The entPhysicalTable MIB is not fetching expected data on QFX10002-72Q / 36Q platforms. PR1462582
The fxpc process might generate core files when changing the MTU in a VXLAN scenario with firewall filters applied on QFX5000 platforms. PR1462594
JDI-RCT : QFX 5100 VC/VCF : Observing the error BRCM-VIRTUAL,brcm_vxlan_walk_svp(),6916:Failed to find L2-iff for ifl: while cleaning up Evpan-VxLAN configurations with Mini-PDT base. configurations. PR1463939
The FPC might restart during run time on PTX10000 or QFX10000 platforms. PR1464119
The dcpfe might crash when changing the firewall filter on QFX5000 platforms. PR1464352
The interface might not come up on FPC restart on QFX10000 platforms. PR1464650
PEM is not present spontaneously on QFX5210. PR1465183
A 10G interface might not come up on QFX5100-48T switches or negotiate at speed 1G when connected with Broadcom 57800-T daughter card. PR1465196
The QSFP-100G-PSM4 could not be correctly identified on QFX5200 or QFX5110 platforms. PR1465214
The physical interface of aggregated Ethernet might take time to come up after disable/enable. PR1465302
The broadcast and multicast traffic might be dropped over IRB or LAG interface in QFX/EX VC scenario. PR1466423
BGP Open messages with specific types of BGP Optional Capabilities causing BMP messages not been encoded correctly when sent to the BMP Collector. PR1466477
EBUF parity interrupt is not seen on QFX10K/PTX platforms. PR1466532
IPv6 traffic might get dropped in Layer 3 VPN network. PR1466659
Slow packet drop might be seen on QFX5000 switches. PR1466770
DHCPvX ACK messages do not receive response to broadcast INFORM packets with Junos OS Release19.1R2.3. PR1467182
Ingress drops are to be included at the CLI from interface statistics and added to InDiscards. PR1468033
Optics measurements might not be streamed for interfaces of a PIC over JTI PR1468435
MAC address might not be learned on a new extended port after VMotion in Junos Fusion Data Center environment. PR1468732
If continuous interface flaps at ingress/egress of PE devices, IP routed packets might be looped on the MPLS PHP node. PR1469998
Incorrect counter value for "Arrival rate" and "Peak rate" for ddos commands. PR1470385
The speed 10m might not be configured on the GE interface. PR1471216
Traffic loss might occur when a VTEP source interface is configured in multiple routing instances. PR1471465
QFX5K: Egress PACL size will be half in Junos OS Release 19.4R1. PR1472206
The shaping of CoS does not work after reboot. PR1472223
Detached interface in LAG processing xSTP BPDUs. PR1473313
An l2ald crash might be seen when around 16000 VLAN IDs sharing the same VXLAN tunnel and when the Packet Forwarding Engine is rebooted. PR1473521
On QFX5000 switches, RIPv2 routes that are being forwarded across an Layer 2 circuit connection are dropped. PR1473685
Continuous error log messages might be raised on QFX5000 switches in an EVPN-VXLAN scenario. PR1474545
Layer 2 circuit might fail to communicate through VLAN 2 on QFX5000 switches. PR1474935
MACsec traffic over Layer 2 circuit might not work on QFX10000, PTX10000, and PTX1000 platforms after upgrading from Junos OS Release 15.1 to later versions. PR1475089
DAC cables are not being properly detected in Packet Forwarding Engine in QFX5200 on Junos OS Release18.4R2-S2.4. PR1475249
There might be traffic drop on QFX5110/5120 switches acting as leaf switch in a multicast environment with VxLAN. PR1475430
QFX Platforms are exhibiting invalid PFE PG counter pairs to copy, src 0xfffff80, dst 0. PR1476829
Continous Error logs on the device: prds_ptc_wait_adoption_status: PECHIP[1] PTC[1]: timeout on getting adoption valid bit[8] asserted. PR1477192
ARP request packets for unknown host might get dropped in remote PE in EVPN-VXLAN scenario. PR1480776
Interfaces and Chassis
Traffic might be forwarded to wrong interfaces in an MC-LAG scenario. PR1465077
Executing commit might hang because of the struck dcd process. PR1470622
Commit error is not thrown when member link is added to multiple aggregation group with different interface specific options. PR1475634
Layer 2 Features
Storm control configuration may be disabled for the interface. PR1354889
Physical layer and MAC/ARP learning might not work for copper base SFP-T on QFX5100/QFX5110/EX4600. PR1437577
The LLDP function might fail when a Juniper device connects to a non-Juniper one. PR1462171
QFX5110-32Q: Some of the MAC addresses are missing from the MAC table in software after restarting the Packet Forwarding Engine. PR1467466
The fxpc core might be seen when committing the configuration all together, for example, after a reboot. PR1467763
Ingress traffic might be blackholed if underlying interfaces flap in EVPN/VXLAN scenario. PR1469596
Traffic might be affected if composite next hop is enabled. PR1474142
MPLS
On QFX10002 switches, the show mpls static-lsp | display xml command produces invalid XML. PR1469378
Traffic might be lost over QFX5100 switches acting as a transit PHP node in the MPLS network. PR1477301
Platform and Infrastructure
The SLAX script might be lost after upgrading software. PR1479803
Routing Protocols
OSPF VRF sessions might take a long time to come up when the host table is full and host routes are in the LPM table. PR1358289
Invalid VRRP mastership election is seen on QFX5110-VC peers. PR1367439
The traffic with destination UDP port 520 (RIP) or 521 (RIPng) gets dropped on QFX5000 and EX4600 switches. PR1429543
Host destined packets with filter log action might not reach to the routing engine if log/syslog is enabled. PR1379718
QFX5100 : BGP v4/v6 convergence & RIB install/delete time degraded in Junos OS Releases 19.1R1/19.2R1/19.3R1/19.4R1. PR1414121
On the QFX5000 Series platforms acting as Layer 2 circuit PE (tunnel terminating node), if VLAN 2 is used for Layer 2 circuit communication with CE node, the VLAN 2 packets might be dropped on PE. PR1474935
CRC errors might be seen on QFX5100 Virtual Chassis. PR1444845
Core files might be generated when the EVPN Type-5 routing instance is being added or removed. PR1455547
The egress interface in the Packet Forwarding Engine for some end hosts might not be correct on the Layer 3 gateway switch after it is rebooted. PR1460688
On QFX 5100 Virtual Chassis or Virtual Chassis Fabric, the brcm_ipmc_route_counter_delete:3900Multicast stat destroy failed (-10:Operation still running) error is seen after performing unified ISSU with Mini-PDT base configurations. PR1460791
When deleting an IRB I terface on the Layer 3 gateway, IRB does not get removed from the Paacket Forwarding Engine and might cause traffic to be discarded silently to IRB MAC address. PR1463092
The mcsnoopd crash might be seen if one BD/VLAN is configured as part of EVPN and it has any multicast router interfaces (static/dynamic). PR1468737
Traffic might not be forwarded over an ECMP link in an EVPN-VXLAN scenario. PR1475819
ARP packets are always sent to CPU regardless of whether the storm-control is activated. PR1476708
GRE transit traffic does not get forwarded in a VRRP scenario. PR1477073
Resolved Issues: 19.1R2
Class of Service (CoS)
On QFX10008, FPC0 crashes and generates a core file after running the Packet Forwarding Engine command show cos sched-usage. PR1449645
show cos scheds-per-pfe and show cos pfe-scheduler-ifds Packet Forwarding Engine commands will restart forwarding planes on QFX10008 switches PR1452013
EVPN
The rpd process crashes with EVPN type-3 route churn. PR1394803
The show evpn instance extensive esi command does not filter the output of desired ESI or neighbor information of an EVPN instance. PR1402175
ARP entry is still pointing to failed VTEP after PE-CE link fails for multihomed remote ESI. PR1420294
Multicast MAC address might be learned in the Ethernet switching table on QFX5000 and QFX10000 platforms with EVPN-VXLAN configured. PR1420764
The device may proxy the ARP probe packets in an EVPN environment. PR1427109
Unexpected next-hop operation error from Kernel to L2ald in a Layer 2 gateway during the MAC movement operation. PR1430764
Asynchronous between ARP table and Ethernet switching table happens if EVPN ESI link flap multiple times. PR1435306
The multihomed mac-ip table entry might not be cleaned when host MAC is deleted from MAC table. PR1436712
Configuring ESI on a single-homed 25G port might not work. PR1438227
When using no-arp-suppression, an ARP request might not be sent out when an ARP entry aged out. PR1441464
ARP and IPv6 neighbor entries cannot be cleared when they are learned from EVPN multi-home ESI. PR1446957
VLAN configuration change with l2ald restart might cause Kernel synchronization issues due and impact forwarding. PR1450832
When there is a VXLAN with VLAN ID of 2 on a QFX5100, ARP will not get resolved. PR1453865
ARP request/NS might be sent back to the local segment by DF router. PR1459830
Forwarding and Sampling
Commit error and dfwd core file might be observed when applying a firewall filter with action "then traffic-class" or "then dscp". PR1452435
General Routing
Certain QFX Series devices are vulnerable to 'Etherleak' memory disclosure in Ethernet padding data. PR1063645
The 1G copper module interface shows Link-mode: Half-duplex on QFX10000 line platforms. PR1286709
On QFX10002-60C, commit might be denied when L2 and L3/L4 mix-match conditions are configured on a L2 filter. PR1326715
On QFX5100 platforms, LR4 QSFP might take up to 15 minutes to come up after Virtual Chassis reboot. PR1337340
When powering off an individual FPC, the other FPC Packet Forwarding Engine might go offline. PR1344395
On QFX5210, when filter with routing instance is applied to a family inet logical interface, traffic gets discarded on unrelated interfaces. PR1364020
On QFX5120 and EX4650 line of switches, the convergence delay between PE1 and P router link is more than expected delay value. PR1364244
Traffic spikes generated by IPFIX might be seen on QFX10002. PR1365864
The backup member switch might fail to become the master switch after switchover on QFX5100, QFX5200, and EX4600 Virtual Chassis platform. PR1372521
RIPv2 update packets might not send with IGMP snooping enabled. PR1375332
New configuration statement to enable copying of Open vSwitch Database (OVSDB) to RAM on Virtual Chassis backup Routing Engine instead of SSD. PR1382522
FEC error counts are not updated for QFX5110. PR1382803
Static default route with next-table inet.0 does not work. PR1383419
The rpd end up with krt queue stuck might be seen in vrf scenario. PR1386475
Error message portmod_port_core_access_get: Invalid parameter seen in log messages. PR1388591
ARP received on SP-Style interface not sent to all RVTEPs in case of QFX5100 VC only, normal BUM traffic works fine. PR1388811
When show command is taking a long time to display results, the STP might change states because BPDUs are no longer processed and cause lots of outages. PR1390330
On QFX5110 fan LED turns Amber randomly. PR1398349
The interrupt process consumes high CPU because of the intr{swi4: clock (0)} on QFX5100-48t-6Q running a QFX5100 Series image and Junos OS Release 18.x code. PR1398632
The DHCPv6 relay-reply packet might be dropped by the DHCP relay. PR1399683
On QFX5100, traffic initiated from a server connected to an interface will be dropped at the interface on the switch if the interface was configured with family ethernet-switching with VXLAN and the configuration is changed to family inet. PR1399733
On QFX5110 platforms, from Junos OS Release 17.3 and later, the interfaces with SFP-LX10 transceivers and auto-negotiation enabled(default configuration) might be down. PR1399878
On QFX5120-32C Error logs for flex counter seen with GRE configuration. PR1400515
QSFP-100GBASE-SR4/LR4 might take a long time to come up after disabling interface or reboot PR1402127
The DHCP discover packets are forwarded out of an interface incorrectly if DHCP snooping is configured on that interface PR1403528
Executing command "request system configuration rescue save" may fail with error messages PR1405189
DHCP Not working for some clients in dual AD fusion setup on EP ports. PR1405495
Ping over loopback might not work over TYPE 5 tunnel on QFX10000 platforms PR1405786
QFX5120 : In VxLAN-EVPN configuration, transition from collapsed to non-collapsed L2/L3 GW and vice versa needs switch reload PR1405956
QFX5200/5100 might not be able to send out control plane traffic to the peering device PR1406242
QFX10002 showing error fpc0 prds_ptc_clear_all_pulse_and_samples: prds_ptc_clear_all_pulse_and_samples PE 4 PTC 2: after clearing sample, sample still valid 1 PR1407095
No inner VLAN tag is added even with input-vlan-map push configured on QFX10000 platforms. PR1407347
MAC address movement might not happen in Flexible Ethernet Services mode when family inet/inet6 and vlan-bridge are configured on the same physical interface. PR1408230
Fan failure alarms might be seen on QFX5100-96S after upgrade to Junos OS Release 17.3R1. PR1408380
Restarting line card on QFX10008 and QFX10016 with MC-LAG enhanced-convergence, the intra-vlan traffic might silently be dropped or discarded. PR1409631
LLDP memory leak when ieee dcbx packet is received in auto-neg mode followed by another dcbx packet with none of ieee_dcbx tlvs present. PR1410239
On QFX5120 platform with QSFP-100G-PSM4 transceiver, because of the timing fault on FPGA (Field Programmable Gate Array) hardware, the link might go down as TX laser being disabled. PR1410687
On EX2300-24P or QFX5100, error message dc-pfe: BRCM_NH-,brcm_nh_resolve_get_nexthop(),346:Failed to find if family might be seen. PR1410717
The optic comes with Tx enabled by default. As the port is administratively disabled, the port is stopped but as the port has not been started, it does not disable Tx. PR1411015
Storm control not shutting down mc-ae interface. PR1411338
The spfe on satellite device in Junos fusion setup might crash and it could cause the satellite device to get offline. PR1412279
PEM alarm for backup FPC will be remained on master FPC though backup FPC is detached from Virtual Chassis. PR1412429
Junos PCC might reject PCUpdate/PCCreate message if there is a metric type other than type 2. PR1412659
On QFX5120 devices route table is full for IPv6 routes in some scenario. PR1412873
QFX5K: EVPN / VxLAN: Mutlicast NH limit is 4K. PR1414213
The QFX10002 might stop forwarding packets after the "chassis-control" process restarts. PR1414434
VC Ports using DAC may not establish link on QFX5200 PR1414492
DC output information is missing in the "show chassis environment pem" output for whitebox PR1414703
VXLAN Encapsulation nexthop (VENH) doesnt get installed during BGP flap or restart routing. PR1415450
Changing FEC parameter for 100GE interfaces with QSFP-100GBASE-SR4 optics is not taking effect PR1416376
Two instances of Junos are running after Junos upgrade to 18.1R3-S3.7 PR1416585
The dcpfe crash might be seen in EVPN-VXLAN scenario PR1416925
MAC learning might not happen on trunk mode interface in EVPN/MPLS scenario. PR1416987
Extended remote port mirroring traffic is not tagged when the output interface is a trunk port. PR1418162
Traffic loss might be seen on the ae interface on QFX10000 platforms PR1418396
Traffic loss might be seen after NSSU operation. PR1418889
Rebooting QFX5200-48Y using "request system reboot" doesn't take physical links offline immediately PR1419465
The 100G PSM4 optics connected ports go down randomly during a repeated power cycle PR1419826
Traffic drop might be observed when transit static LSP is configured on EX4650 and QFX5120 platforms PR1420370
Ping fails over Type-5 tunnel on IRB interfaces under EVPN-VXLAN scenario PR1420785
An interface may go to downstate on QFX10000/PTX10000 platform PR1421075
QFX5120-32C: DHCP binding on client might fail when QFX5120-32C acting as DHCP server, this is seen only for channelized port PR1421110
fusion: ETS config not applied on non-cascade ports when AD is rebooted PR1421429
BFD might stuck in slow mode on QFX10002/QFX10008/QFX100016 platform PR1422789
QFX5100-48T 10G interface might be auto-negotiated at 1G speed instead of 10G PR1422958
The interface can not get up when the remote-connected interface only supports 100M in QFX5100 VC setup PR1423171
IPv6 multicast traffic received on one VC member might be dropped when egressing on other VC member if MLD snooping is enabled PR1423310
ON QFX5120-32C , BUM traffic coming over irb underlay interface gets dropped on destination vtep in PIM based VxLAN PR1423705
Traffic is dropped after FPC reboot with AE member links deactivated by remote device PR1423707
The Jflow export might fail when channelization is configured on FPC QFX10000-30C PR1423761
Ping over EVPN type-5 route to QFX10000 does not work. PR1423928
All interfaces will be down and the dcpfe will get crash if SFP-T is inserted on QFX5210. PR1424090
IPv6 communication issue might be seen after passing through QFX10002-60C platforms. PR1424244
QFX5120 QSFP-100G-PSM4 become undetected and come back up as channelized interfaces. PR1424647
All interfaces creation failed after NSSU PR1425716
The dcpfe or PFE might not start on AS7816-64X and QFX5K TVP platform devices. PR1426737
QFX5210: Received LLDP frames on em0 not displaying in LLDP neighbor output PR1426753
Heap memory leak might be seen on QFX10000 platforms PR1427090
CRC errors can be seen when other manufacturer device is connected to QFX10000 with QSFP-100GBASE-LR4-T2 optics. PR1427093
Rebooting or halting VC member might cause 30 seconds down on RTG link. PR1427500
QFX5100-VCF 'rollback' for uncommitted configuration takes 1 hour. PR1427632
On QFX10000 platforms certain interfaces might go to down state. PR1427883
The dcpfe process might crash and restart in MC-LAG scenario when the ARP/NDP next hop is changed. PR1427994
QFX5120-48Y interface with optic "QSFP-100GBASE-ER4L" is not coming up in Junos OS Release 18.3R1-S2.1. PR1428113
Licenses used flag for ovsdb on show system license might not be flagged even though ovsdb is configured and working. PR1428207
In correct display of MAC/MAC+IP and count values, after setting global-mac-limit and global-mac-ip-limit. PR1428572
EVPN-VXLAN l2ald process might generate a core file when number of VXLAN HW IFBDS exceeds the maximum limit of 16382. PR1428936
On QFX10008 after Routing Engine switchover, the LED status is not set for missing fan tray. PR1429309
DHCP-relay may not work in an EVPN-VxLAN scenario PR1429506
Extra incorrect MAC move might be seen when the host moves continuously between the different ESI. PR1429821
Interface on QFX5120 switches does not come up after the transceiver is replaced with one having different speed. PR1430115
In collapsed VGA4 script ping on shared ESI R6 to R7 IRB address is failing. PR1430327
Traffic impact might be seen on QFX10000 platforms with interface hold-down timer configured. PR1430722
On QFX Series switches, the Validation of meta data files failed message is seen on hypervisor. PR1431111
SIB Link Error error message is detected on a specific Packet Forwarding Engine might cause complete service impact. PR1431592
The dcpfe might crash on all line cards on QFX10000 in scaled setup. PR1431735
The et- interfaces might not come up on QFX10000-60S-6Q. PR1431743
All ingress traffic might be dropped on 100m fixed speed port with no-auto-negotiation enabled. PR1431885
The optical power of interface might gradually reduce the optical power for almost 3 minutes after issuing request system reboot at now on QFX5110 and QFX5120. PR1431900
L2 traffic drop on QFX10000 with interface MTU lower than 270 bytes. PR1431902
Outer VLAN tag may not be pushed in the egress VXLAN traffic towards the host for QinQ scenario PR1432703
Traffic loss might be seen on QFX10000 platforms using LC1105. PR1433300
L3 filters applied to PVLAN IRB interface might not work after ISSU. PR1434941
SIB/FPC link rrror alarms might be observed on QFX10000 due to a single CRC. PR1435705
The mc-ae interface might get stuck in waiting state in dual mc-ae scenario. PR1435874
QFX5200 NSSU: dcpfe core file is seen after NSSU upgrade of backup followed by reboot. PR1435963
DHCP discover packets sent to IP addresses in the same subnet as IRB interface cause the QFX5110 to send bogus traffic out of dhcp-snooping enabled interfaces. PR1436436
Unknown SNMP trap (1.3.6.1.4.1.2636.3.69.1.0.0.1) sent on QFX5110 restart. PR1436968
The FPC might crash if both the aggregated Ethernet bundle flapping on local device and the configuration change on peer device occur at the same time. PR1437295
QFX5110, QFX5200, QFX5210 There is no jnxFruOK SNMP trap message when only the Power cable is disconnected and connected back. PR1437709
The DHCP snooping table might be cleared for VLAN ID 1 after adding a new VLAN ID to it. PR1438351
Port LED turns red when cable connected on QFX5210. PR1438359
Interfaces configured with flexible-vlan-tagging might loss connectivity. PR1439073
The xSTP recognizes 1G SFP-T optic interface as LAN type resulting in slow STP convergence. PR1439095
LACP MUX state struck in "Attached" after disabling peer active members when link protection is enabled on local along with force-up. PR1439268
DHCPv6 relay binding is not up while verifying the DHCP snooping along with DHCPv6 relay. PR1439844
EX4600 Virtual Chassis does not come up after replacing Virtual Chassis port from fiber connection to DAC cable. PR1440062
MAC addresses learned on RTG might not be aged out after a Virtual Chassis member rebooted. PR1440574
Layer 2 and Layer 3 traffic drop is seen on disabling and then re-enabling mclag. PR1440732
On QFX5110 switches, Layer 2 and Layer 3 logical interfaces on physical interfaces flexible-ethernet-services VXLAN passing over Layer 2 physical breaks, Layer 3 P2P communication. PR1441690
The operational status of the interface in hardware and software might be out of synchronization in EVPN setup with arp-proxy feature enabled. PR1442310
Flow control does not work as expected on 100-Gigabit Ethernet interface of QFX5110. PR1442522
The PMTUD might not work for both IPv4 and IPv6 if the ingress Layer 3 interface is an IRB. PR1442587
DHCPv6 client might fail to get an IP address. PR1442867
When a line card is rebooted, the MC-LAG might not get programmed after the line card comes back online. PR1444100
On QFX5200, the error DCBCM[bcore_init]: ioctl call failed ret:0 failure message is observed when changing UFT profile in FPC logs. PR1445855
On QFX10008 traffic impact might be seen when the JSRV interface is used. PR1445939
CoS classifier might not work as expected. PR1445960
Traffic is discarded for only specified VLAN in IPACL_VXLAN filters. PR1446489
Long IPv6 address are not displayed fully on IPv6 neighbor table. PR1447115
Unicast arp requests are not replied with no-arp-trap option. PR1448071
Rebooting QFX5120-48Y using request system reboot does not take physical links offline immediately. PR1448102
QFX10000 -- QSFP28 100G AOC / 740-065632 & QSFP+ 40G / 740-043308 transceiver -- port LED remains lit green after disconnecting one end PR1448121
Except one aggregated Ethernet member link, the other links do not send out sFlow sample packets for ingress traffic. PR1449568
On QFX5120, the incoming L3-encapsulated packets are dropped on L3VPN MPLS PE-CE interface. PR1451032
vgd core files might be generated on any platforms supporting OVSDB. PR1452149
DHCP offer packet with unicast flag set gets dropped by QFX10000 in a VXLAN multi-homed setup using anycast IP. PR1452870
Configuration change in VLAN all option might affect the per VLAN configuration. PR1453505
The classifier configuration does not get applied to the interface in an EVPN/VXLAN environment. PR1453512
show chassis led shows incorrect status. PR1453821
QFX10002-60c EVPN-VXLAN, MAC+IP count is shown as zero. PR1454603
The laser from the 10G SFP+ interface is still on when the interface is disabled or the device is rebooted. PR1456742
Over temperature SNMP trap messages are shown up after update even though the temperature are within the system thresholds. PR1457456
The BPDU packet might be looped between leaf DF switch and non-DF switch and blocks traffic. PR1458929
The forwarding option is missed in routing instance type. PR1460181
In EVPN scenario memory leak might be observed when proxy-macip-advertisement is configured. PR1461677
Interfaces and Chassis
Changing the value of mac-table-size to default might reboot all the FPCs. PR1386768
Missing mandatory ICCP configuration statement redundancy-group-id-list produces misleading error message. PR1402606
The logical interfaces in EVPN routing instances might flap after committing configurations. PR1425339
VRRP-V6 state is flapping with init and idle states after configuring vlan-tagging. PR1445370
An ARP entry is not learned at one of mc-lag device at QFX10000. PR1449806
Flooding of ARP reply unicast packets for switch VRRP MAC address through every port in VLAN. PR1454764
The traffic might be forwarded to incorrect interfaces in MC-LAG scenario. PR1465077
Layer 2 Ethernet Services
LACP PDU might be looped towards peer MC-LAG nodes. PR1379022
BFD might flap when some of underlay ECMP interfaces are disabled in the leaf nodes. PR1416941
The malfunction of core isolation feature in EVPN-VxLAN scenarios causes traffic drop. PR1417729
The DHCP decline packets are not forwarded to DHCP server when forward-only is set within dhcp-reply. PR1429456
Layer 2 Features
Storm control configuration may be disabled for the interface. PR1354889
VxLAN next hop entry leak issue on QFX5000 platforms. PR1387757
With IGMP snooping enabled on the LEAF switches, multicast traffic is forwarded to VLAN/VNI which does not have active receiver. PR1388888
On QFX Series line of switches, the following error message Failed with error (-7) while deleting the trunk 1 on the device 0 is observed when adding or removing local-bias setting on SP style LAG interface. PR1393276
QinQ might be malfunctioning if vlan-id-lists are configured. PR1395312
On QFX5000 line of switches, symmetric hashing can be configured with the hashing options, though it cannot be enabled and stored in the Junos OS configuration. PR1397229
On QFX Series EVPN-VXLAN, unicast IPv6 NS message floods on L3 gateway. Therefore, both IPv4 and IPv6 traffic drops on L2SW. PR1405814
IGMP-snooping on EVPN-VXLAN might impact OSPF hello packets flooding after VTEP leaf reboot. PR1406502
QFX5110 Virtual Chassis generates DDoS messages of different protocols on inserting a 1G/10G SFP or forming VCP connection. PR1410649
Packet loss might be seen when one of the Spine switch fails or reboots. PR1421672
Stale entries might be observed in a layer 3 VXLAN gateway scenario. PR1423368
The fxpc might continually crash when firewall filter is applied on a logical unit of a dsc interface. PR1428350
ERPS nodes do not converge to IDLE state after failure recovery or reboot. PR1431262
EVPN-VXLAN non-collapsed JTASK and multimove depth failed errors seen after HALT. PR1434687
Transit DHCPv6 packets might be dropped on QFX5100 and QFX5200 platforms. PR1436415
The MAC/ARP learning might not work for copper base SFP-T on QFX5100 and QFX5110. PR1437577
QFX5000 switches are not properly hashing MPLS transit traffic from VXLAN to L2 LAG. PR1448488
Unequal LAG hashing is seen on QFX5100 running Junos OS Release 14.1X53-D28.17. PR1455161
MPLS
Traffic loss might be observed after changing configuration under protocols mpls in ldp-tunneling scenario. PR1428081
The l2circuit traffic might silently get dropped or discarded at
EVPN SPINE/MPLS LSP TRANSITdevice if VXLAN access interface flaps on remote PE node. PR1435504Packet loss might occur when ECMP resilient-hash is enabled on QFX5200 switch. PR1442033
Platform and Infrastructure
REST API process will get non-responsive when a number of request coming with a high rate. PR1449987
Routing Protocols
Some storm control error logs might be seen on QFX Series platforms. PR1355607
Value added in hexa after unknown ext-community is getting reset to 0. PR1371448
Host destined packets with filter log action might not reach to the Routing Engine if log or syslog is enabled. PR1379718
The IRB transit traffic might not be counted for EVPN/VXLAN traffic. PR1383680
EVPN VXLAN non-collapsed: AUTONEG errors and flush operation failed error are seen after the power cycle of the device. PR1394866
On QFX5110, the firewall filter applied on VxLAN mapped VLAN is not supported in EVPN-VxLAN scenario. PR1398237
ERACL firewall group will operate in double wide mode for QFX5110 in Junos OS Release 19.1R1. PR1408670
ICMPv6 RA packets generated by Routing Engine might be dropped on the backup member of Virtual Chassis if igmp-snooping is configured. PR1413543
The dcpfe might crash when any interface flap. PR1415297
The QFX and EX switch may not install all IRB MAC addresses in the initialization PR1416025
The same traffic flow might be forwarded to different ECMP next hops on QFX5K. platforms PR1422324
The traffic loss might start after deleting IRB logical interface. PR1424284
The rpd might generate a core file because of the improper handling of graceful restart stale routes. PR1427987
BGP statement multipath multiple-as does not work in specific scenario. PR1430899
BGP session might go into down status once the traffic flow starts. PR1431259
fxpc core file is generated once during reboot due to Bad Chip ID. PR1432023
Ping fails over type-5 tunnel on IRB interfaces under EVPN-VXLAN scenario. PR1433918
The IPv4 fragmented packets might be broken if PTP transparent clock is configured. PR1437943
The bandwidth value of the DDoS-protection might cause the packets loss after the device reboot. PR1440847
Traffic might be dropped after the QinQ enabled interface is flapped or a change is made to the vlan-id-list. PR1441402
On QFX5210, firewall filter DSCP action modifier does not work when firewall filter is mapped to IRB. PR1441444
The rpd process might crash in inter-AS option B L3VPN scenario if CNHs is used. PR1442291
IPv6 connectivity between MC-LAG peers might fail when multiple IRB interfaces are present. PR1443507
PIM (S,G) joins might cause MSDP to incorrectly announce source active messages in some cases. PR1443713
The QFX5120 might drop the tunnel encapsulated packets if it acts as a transit device. PR1447128
Loopback address exported into other VRF instance might not work on QFX Series platforms. PR1449410
MPLS LDP might still use stale MAC of the neighbor even the LDP neighbor's MAC changes. PR1451217
A few seconds of traffic drop might be seen on the existing receivers when another receiver joins or leaves. PR1457228
The egress interface in Packet Forwarding Engine for some end-hosts might not be correct on the layer 3 gateway switch after it is rebooted. PR1460688
User Interface and Configuration
QFX5100 devices are unable to commit baseline configuration after zeroize. PR1426341
Resolved Issues: 19.1R1
EVPN
A few minutes of traffic loss might be observed during recovery from link failure. PR1396597
VNI is not updated on default route 0.0.0.0/0 advertised by EVPN type 5 prefix when the local is configuration changed. PR1396915
EVPN routes might show Route Label: 0 in addition to the real label. PR1405695
The rpd might crash after NSR switchover. PR1408749
Interfaces and Chassis
Constant dcpfe process crash might be seen if using an unsupported GRE interface configuration. PR1369757
Layer 2 Ethernet Services
After GRES switchover, LACP will be down on the peer device and never recover automatically. PR1395943
Layer 2 Features
The IPv6 NS/NA packets coming from the remote VTEP are not getting forwarded to the local host. PR1387519
The dcpfe process might crash after VXLAN overlay ping. PR1388103
With IGMP snooping enabled on the leaf switches, multicast traffic is forwarded to VLAN/VNI, which doesn't have an active receiver. PR1388888
RTG MAC refresh packets will be sent out from non-RTG ports if the RTG interface belonging to the Virtual Chassis master flaps. PR1389695
Packets destined to 01:00:0c:cc:cc:cc are not forwarded on QFX10000. PR1389829
EVPN-VXLAN: Dcpfe is restarted at the _bcm_field_td_counter_last_hw_val_update routine after upgrading spine with latest image. PR1398251
On QFX5000, dcpfe process crash might be observed during restart of Packet Forwarding Engine or system with scaled EVPN/VXLAN configuration. PR1403305
The IPv6 NS/NA packets received over VTEP from an ESI host are incorrectly flooded back to the host. PR1405820
With Junos OS releases before 19.1R1, on devices with cut-through configuration enabled, after reboot of the device, cut-through mode will be disabled on the channelized interfaces. PR1407706
With arp-suppression/proxy-arp feature, QFX5100 or QFX5110 might not forward IPv6 Router Solicitations or Advertisements. PR1414496
MPLS
LSP "statistics" and "auto-bandwidth" functionality might not take effect with single-hop LSPs. PR1390445
Network Management and Monitoring
Log files might not get compressed during the upgrade. PR1414303
Platform and Infrastructure
The 1-Gigabit Ethernet copper module interface shows "Link-mode: Half-duplex" on QFX10000 line platforms. PR1286709
Optics BiDi: FEC incorrectly displayed on QFX5110 and QFX10002-36Q. PR1360948
SFP-T might not work on QFX5100/QFX5110 devices. PR1366218
The first 2 characters out of 14 of AS7816-64 serial number is truncated. PR1371126
For the Junos OS 18.1R1 or later, USB image installation on QFX5210-64C, an AMI BIOS upgrade is required. PR1371199
Packet Forwarding Engine is in a bad state after performing optics insertion or removal on a port. PR1372041
The IPv6 routed packet might be transmitted through an interface whose VRRP state is in non-master. PR1372163
QFX5110 ethernet-switching flood group shows incorrect information. PR1374436
Packet Forwarding Engine wedge might be observed if there are interfaces going to the down state. PR1376366
EM policy update is needed on QFX5210-64C. PR1380077
The overlay ECMP might not work as expected on QFX5110 in an EVPN-VXLAN environment. PR1380084
IPv6 ping might fail for spine node in EVPN scenario. PR1380590
Traffic black hole is caused by FPC offline in MC-LAG scenario. PR1381446
The QFX-QSFP-40G-SR4 transceiver might not be recognized after upgrading Junos OS on QFX5100e. PR1381545
LACP gets stuck in detached/attached state when the interface is configured with native VLAN ID and VXLAN VLAN. PR1382209
QFX10008 continuously shows RPD_KRT_Q_RETRIES: list nexthop ADD: No such file or directory. PR1383426
The DMA failure errors might be seen when the cache is flushed or the cache is full. PR1383608
DHCP packets might be dropped on a Junos fusion Data Center scenario (QFX10000 line of devices). PR1383623
Last reboot reason is not correct if device is rebooted because of power cycle. PR1383693
The Virtual Chassis could not come up after upgrading to QFX5E platforms (TVP-based platforms for QFX5100 or QFX5200 switches). PR1383876
A “force host” upgrade is required for QFX5110-48S-4C in Junos OS Release 18.4 if the PTP over IPV6 G.8275.2 feature is configured. PR1384073
Tuning issue exist for SFPP-10G-DT-ZRC2 and SFPP-10G-CT50-ZR. PR1384524
QFX5120: Occasionally two of the channelized 25-Gigabit Ethernet ports using 4x25G breakout cable will not come up after Junos OS reboot. PR1384898
The IPv6 packet might not be routed when the IPv6 packet is encapsulated over IPv4 GRE tunnel on QFX10000. PR1385723
The spine EVPN routes might be stuck in a hidden state with next hop as unusable after FPC is offline in the spine. PR1386147
DDoS statistics and logging are not working for internal queues such as Q42 and Q4. PR1387508
Traffic drop might be seen on QFX10000 platform with EVPN-VXLAN configured. PR1387593
QFX5100/QFX5110/QFX5200/QFX5210 Virtual Chassis could not be formed normally. PR1387730
Certain log messages might be observed on QFX Series platforms. PR1388479
MAC learning might stop working on some LAG interfaces. PR1389411
FPC might crash on QFX5100 and EX4600 platforms in a large-scale scenario. PR1389872
The vmcore might be seen when routing changes are made on the peer spine in an EVPN VXLAN scenario. PR1390573
An incorrect error message might be seen when J-Flow sensors are configured with reporting rate less than 30 seconds. PR1390740
Smid core file is seen during sanity script execution on QFX5100 and EX4300. PR1391909
Sdk-vmmd might consistently write to the memory. PR1393044
10-Gigabit Ethernet copper link flapping might happen during TISSU operation of QFX5100-48T switches. PR1393628
IPV6 next-hop programming issue might be observed on QFX10000/PTX1000/PTX10000 devices. PR1393937
L2ALD core file is seen when l2-learning traceoptions were enabled. PR1394380
DRAM and buffer utilization fields are not correct for QFX10000 platforms. PR1394978
PTP over Ethernet traffic could be dropped if IGMP and PTP TC are configured together. PR1395186
DOT1XD core found at
pnac_bd_create pnac_bdm_handler knl_async_receive_and_process. PR1395384Unable to install licenses automatically on QFX Series platforms. PR1395534
BRCM_NH-,brcm_bcm_mpls_tunnel_initiator_clear(),226:bcm_mpls_tunnel_initiator_get failed intf = 4 failure error logs might seen in syslog. PR1396014
If GRES/NSR is enabled on a QFX5100 (single Routing Engine), DHCP subscribers are failing to bind. PR1396470
QFX10002-60C: FPC might not be detected after the ukern crashes. PR1396507
High jsd or na-grpcd CPU usage might be seen even JET or JTI is not used. PR1398398
The DHCPv6 relay packets are dropped when both the UDP source and destination ports are 547. PR1399067
CPU hog might be observed on QFX10000 platform. PR1399369
The DHCPv6 relay-reply packet might be dropped by the DHCP relay. PR1399683
ARP refresh functionality might fail in an EVPN scenario. PR1399873
PEM I2C failure alarm might be showed incorrectly as failed. PR1400380
MAC-limit with persistent MAC is not working after reboot. PR1400507
Only one Packet Forwarding Engine could be disabled on FPC with multiple Packet Forwarding Engines in error/wedge condition. PR1400716
The authd might crash when issuing show network-access requests pending command during the authd restarting. PR1401249
File permissions are changed for
/var/db/scriptsfiles after reboot. PR1402852The VRRP VIP might not work when it is configured on the LAG interface. PR1404822
ARP/ND will not be resolved in case of native VLAN ID configured for LAG access interface. PR1404895
Commit warning occurs on QFX5100. PR1405138
VXLAN transit traffic over tagged underlay L3 Interface gets dropped due to hardware limitation. PR1406282
EVPN-VXLAN: QFX10002: With arp-suppression present (enabled by default), packets egressing the QFX Series switch are tagged with 4095 VLAN when using SP-style configurations on the ports. PR1407059
DHCP discover packets are getting dropped over VXLAN tunnel on a pure L2 VLAN when DHCP relay is enabled for other VLANs. PR1408161
The FPC might crash and could not come up if interface-num or next hop is set to maximum value under vxlan-routing on QFX Series platforms. PR1409949
Routing Protocols
QFX5120: The command output show pfe route summary hw will show different scale values for the IPv4 and IPv6 LPM routes rather than the supported scale. PR1366579
Host-destined packets with filter log action might reach the Routing Engine. PR1379718
MMU errors on QFX5200 running Junos OS Release 15.1X53-D234.2. PR1381790
BUM packets might get looped if EVPN multihoming interface flaps. PR1387063
The next hop in hardware for existing ECMP route might not be updated when ecmp-resilient-hash is configured. PR1387713
CLI show evpn igmp-snooping database extensive output needs to be modified according to the SMET functionality. PR1391406
On QFX5110 and QFX5200 switches, the non-collapsed EVPN-VXLAN dcfpe core file is seen at brcm_pkt_tx_flush, l2alm_mac_ip_timer_handle_expiry_event_loc after a random event. PR1397205
Documentation Updates
There are no errata or changes in Junos OS Release 19.1R3 documentation for the QFX Series.
Migration, Upgrade, and Downgrade Instructions
This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network.
Upgrading Software on QFX Series Switches
When upgrading or downgrading Junos OS, always use the jinstall package. Use other packages (such as the jbundle package) only when so instructed by a Juniper Networks support representative. For information about the contents of the jinstall package and details of the installation process, see the Installation and Upgrade Guide and Junos OS Basics in the QFX Series documentation.
If you are not familiar with the download and installation process, follow these steps:
- In a browser, go to https://www.juniper.net/support/downloads/junos.html.
The Junos Platforms Download Software page appears.
- In the QFX Series section of the Junos Platforms Download Software page, select the QFX Series platform for which you want to download the software.
- Select 18.3 in the Release pull-down list to the right of the Software tab on the Download Software page.
- In the Install Package section of the Software tab, select
the QFX Series Install Package for the 18.3 release.
An Alert box appears.
- In the Alert box, click the link to the PSN document for
details about the software, and click the link to download it.
A login screen appears.
- Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.
- Download the software to a local host.
- Copy the software to the device or to your internal software distribution site.
- Install the new jinstall package on the device.
Note We recommend that you upgrade all software packages out of band using the console, because in-band connections are lost during the upgrade process.
Customers in the United States and Canada use the following command:
user@host> request system software add source/jinstall-host-qfx-5-x86-64-18.3-R1.n-secure-signed.tgz rebootReplace source with one of the following values:
/pathname—For a software package that is installed from a local directory on the switch.For software packages that are downloaded and installed from a remote location:
ftp://hostname/pathnamehttp://hostname/pathnamescp://hostname/pathname(available only for Canada and U.S. version)
Adding the reboot command reboots the switch after the upgrade is installed. When the reboot is complete, the switch displays the login prompt. The loading process can take 5 to 10 minutes.
Rebooting occurs only if the upgrade is successful.
After you install a Junos OS Release 18.3 jinstall package, you can issue the request system software rollback command to return to the previously installed software.
Installing the Software on QFX10002-60C Switches
This section explains how to upgrade the software, which includes
both the host OS and the Junos OS. This upgrade requires that you
use a VM host package—for example, a junos-vmhost-install-x.tgz .
During a software upgrade, the alternate partition of the SSD is upgraded, which will become primary partition after a reboot .If there is a boot failure on the primary SSD, the switch can boot using the snapshot available on the alternate SSD.
The QFX10002-60C switch supports only the 64-bit version of Junos OS.
If you have important files in directories other than /config and /var, copy the files to a secure location before upgrading. The files under /config and /var (except /var/etc) are preserved after the upgrade.
To upgrade the software, you can use the following methods:
If the installation package resides locally on the switch, execute the request vmhost software add <pathname><source> command.
For example:
user@switch> request vmhost software add /var/tmp/junos-vmhost-install-qfx-x86-64-18.1R1.9.tgzIf the Install Package resides remotely from the switch, execute the request vmhost software add <pathname><source> command.
For example:
user@switch> request vmhost software add ftp://ftpserver/directory/junos-vmhost-install-qfx-x86-64-18.1R1.9.tgzAfter the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.
user@switch> show versionInstalling the Software on QFX10002 Switches
If you are upgrading from a version of software that does not have the FreeBSD 10 kernel (15.1X53-D30, for example), you will need to upgrade from Junos OS Release 15.1X53-D30 to Junos OS Release 15.1X53-D32. After you have installed Junos OS Release 15.1X53-D32, you can upgrade to Junos OS Release 15.1X53-D60 or Junos OS Release 18.3R1.
On the switch, use the force-host option to force-install the latest version of the Host OS. However, by default, if the Host OS version is different from the one that is already installed on the switch, the latest version is installed without using the force-host option.
If the installation package resides locally on the switch, execute the request system software add <pathname><source> reboot command.
For example:
user@switch> request system software add /var/tmp/jinstall-host-qfx-10-f-x86-64-18.3R1.n-secure-signed.tgz
rebootIf the Install Package resides remotely from the switch, execute the request system software add <pathname><source> reboot command.
For example:
user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-f-x86-64-18.3R1.n-secure-signed.tgz
rebootAfter the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.
user@switch> show versionUpgrading Software from Junos OS Release 15.1X53-D3X to Junos OS Release 15.1X53-D60, 15.1X53-D61.7, 15.1X53-D62, and 15.1X53-D63 on QFX10008 and QFX10016 Switches
Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://www.juniper.net/support.
The switch contains two Routing Engines, so you will need to install the software on each Routing Engine (re0 and re1).
If the installation package resides locally on the switch, execute the request system software add <pathname><source> command.
To install the software on re0:
user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz
re0If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re0 command.
For example:
user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz
re0To install the software on re1:
user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz
re1If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re1 command.
For example:
user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz
re1Reboot both Routing Engines.
For example:
user@switch> request system reboot both-routing-enginesAfter the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.
user@switch> show versionInstalling the Software on QFX10008 and QFX10016 Switches
Because the switch has two Routing Engines, perform a Junos OS installation on each Routing Engine separately to avoid disrupting network operation.
Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://www.juniper.net/support.
If graceful Routing Engine switchover (GRES), nonstop bridging (NSB), or nonstop active routing (NSR) is enabled when you initiate a software installation, the software does not install properly. Make sure you issue the CLI delete chassis redundancy command when prompted. If GRES is enabled, it will be removed with the redundancy command. By default, NSR is disabled. If NSR is enabled, remove the nonstop-routing statement from the [edit routing-options] hierarchy level to disable it.
Log in to the master Routing Engine’s console.
For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.
From the command line, enter configuration mode:
user@switch> configureDisable Routing Engine redundancy:
user@switch# delete chassis redundancyDisable nonstop-bridging:
user@switch# delete protocols layer2-control nonstop-bridgingSave the configuration change on both Routing Engines:
user@switch# commit synchronizeExit the CLI configuration mode:
user@switch# exitAfter the switch has been prepared, you first install the new Junos OS release on the backup Routing Engine, while keeping the currently running software version on the master Routing Engine. This enables the master Routing Engine to continue operations, minimizing disruption to your network.
After making sure that the new software version is running correctly on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the software version on the other Routing Engine.
Log in to the console port on the other Routing Engine (currently the backup).
For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.
Install the new software package using the request system software add command:
user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-f-x86-64-18.3R1.n-secure-signed.tgzFor more information about the request system software add command, see the CLI Explorer.
Reboot the switch to start the new software using the request system reboot command:
user@switch> request system rebootNote You must reboot the switch to load the new installation of Junos OS on the switch.
To abort the installation, do not reboot your switch. Instead, finish the installation and then issue the request system software delete <package-name> command. This is your last chance to stop the installation.
All the software is loaded when you reboot the switch. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.
While the software is being upgraded, the Routing Engine on which you are performing the installation is not sending traffic.
Log in and issue the show version command to verify the version of the software installed.
user@switch> show versionOnce the software is installed on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the master Routing Engine software.
Log in to the master Routing Engine console port.
For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.
Transfer routing control to the backup Routing Engine:
user@switch> request chassis routing-engine master switchFor more information about the request chassis routing-engine master command, see the CLI Explorer.
Verify that the backup Routing Engine (slot 1) is the master Routing Engine:
user@switch> show chassis routing-engineRouting Engine status:
Slot 0:
Current state Backup
Election priority Master (default)
Routing Engine status:
Slot 1:
Current state Master
Election priority Backup (default)Install the new software package using the request system software add command:
user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-f-x86-64-18.3R1.n-secure-signed.tgzFor more information about the request system software add command, see the CLI Explorer.
Reboot the Routing Engine using the request system reboot command:
user@switch> request system rebootNote You must reboot to load the new installation of Junos OS on the switch.
To abort the installation, do not reboot your system. Instead, finish the installation and then issue the request system software delete jinstall <package-name> command. This is your last chance to stop the installation.
The software is loaded when you reboot the system. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.
While the software is being upgraded, the Routing Engine on which you are performing the installation does not send traffic.
Log in and issue the show version command to verify the version of the software installed.
Transfer routing control back to the master Routing Engine:
user@switch> request chassis routing-engine master switchFor more information about the request chassis routing-engine master command, see the CLI Explorer.
Verify that the master Routing Engine (slot 0) is indeed the master Routing Engine:
user@switch> show chassis routing-engineRouting Engine status:
Slot 0:
Current state Master
Election priority Master (default)
outing Engine status:
Slot 1:
Current state Backup
Election priority Backup (default)
Performing a Unified ISSU
You can use unified ISSU to upgrade the software running on the switch with minimal traffic disruption during the upgrade.
Unified ISSU is supported in Junos OS Release 13.2X51-D15 and later.
Perform the following tasks:
Preparing the Switch for Software Installation
Before you begin software installation using unified ISSU:
Ensure that nonstop active routing (NSR), nonstop bridging (NSB), and graceful Routing Engine switchover (GRES) are enabled. NSB and GRES enable NSB-supported Layer 2 protocols to synchronize protocol information between the master and backup Routing Engines.
To verify that nonstop active routing is enabled:
Note If nonstop active routing is enabled, then graceful Routing Engine switchover is enabled.
user@switch> show task replication Stateful Replication: Enabled RE mode: MasterIf nonstop active routing is not enabled (Stateful Replication is Disabled), see Configuring Nonstop Active Routing on Switches for information about how to enable it.
Enable nonstop bridging (NSB). See Configuring Nonstop Bridging on Switches (CLI Procedure) for information on how to enable it.
(Optional) Back up the system software—Junos OS, the active configuration, and log files—on the switch to an external storage device with the request system snapshot command.
Upgrading the Software Using Unified ISSU
This procedure describes how to upgrade the software running on a standalone switch.
To upgrade the switch using unified ISSU:
Download the software package by following the procedure in the Downloading Software Files with a Browser section in Installing Software Packages on QFX Series Devices.
Copy the software package or packages to the switch. We recommend that you copy the file to the /var/tmp directory.
Log in to the console connection. Using a console connection allows you to monitor the progress of the upgrade.
Start the ISSU:
On the switch, enter:
user@switch> request system software in-service-upgrade /var/tmp/package-name.tgzwhere package-name.tgz is, for example, jinstall-host-qfx-10-f-x86-64-18.3R1.n-secure-signed.tgz.
Note During the upgrade, you cannot access the Junos OS CLI.
The switch displays status messages similar to the following messages as the upgrade executes:
warning: Do NOT use /user during ISSU. Changes to /user during ISSU may get lost! ISSU: Validating Image ISSU: Preparing Backup RE Prepare for ISSU ISSU: Backup RE Prepare Done Extracting jinstall-host-qfx-5-f-x86-64-18.3R1.n-secure-signed.tgz ... Install jinstall-host-qfx-5-f-x86-64-18.3R1.n-secure-signed.tgz completed Spawning the backup RE Spawn backup RE, index 0 successful GRES in progress GRES done in 0 seconds Waiting for backup RE switchover ready GRES operational Copying home directories Copying home directories successful Initiating Chassis In-Service-Upgrade Chassis ISSU Started ISSU: Preparing Daemons ISSU: Daemons Ready for ISSU ISSU: Starting Upgrade for FRUs ISSU: FPC Warm Booting ISSU: FPC Warm Booted ISSU: Preparing for Switchover ISSU: Ready for Switchover Checking In-Service-Upgrade status Item Status Reason FPC 0 Online (ISSU) Send ISSU done to chassisd on backup RE Chassis ISSU Completed ISSU: IDLE Initiate em0 device handoff
Note A unified ISSU might stop, instead of abort, if the FPC is at the warm boot stage. Also, any links that go down and up will not be detected during a warm boot of the Packet Forwarding Engine (PFE).
Note If the unified ISSU process stops, you can look at the log files to diagnose the problem. The log files are located at /var/log/vjunos-log.tgz.
Log in after the reboot of the switch completes. To verify that the software has been upgraded, enter the following command:
user@switch> show versionEnsure that the resilient dual-root partitions feature operates correctly, by copying the new Junos OS image into the alternate root partitions of all of the switches:
user@switch> request system snapshot slice alternateResilient dual-root partitions allow the switch to boot transparently from the alternate root partition if the system fails to boot from the primary root partition.
Upgrade and Downgrade Support Policy for Junos OS Releases
Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.
You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2 and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.
You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.
For more information about EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.