Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for the QFX Series

 

These release notes accompany Junos OS Release 19.1R3 for the QFX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

What's New

Learn about new features introduced in the Junos OS main and maintenance releases for QFX Series.

Note

The following QFX Series platforms are supported in Release 19.1R3: QFX5100, QFX5110 (32Q and 48S), QFX5120, QFX5200, QFX5210, QFX10002, QFX10002-60C, QFX10008, and QFX10016.

What’s New in Release 19.1R3-S2

Routing Policy and Firewall Filters

  • Loopback firewall filter scale optimization (QFX5120-48Y and EX4650)—Starting with Junos OS Release 19.1R3-S2, you can configure up to 768 loopback filter terms for IPv6, and up to 1152 terms for IPv4. To do so, you configure an ingress firewall filter, apply it to the loopback interface, and then enable the loopback-firewall-optimization command at the [edit chassis] hierarchy level (this triggers the packet forwarding engine (PFE) to restart).

    Terms that include a reserved multicast destination (for example 224.0.0.x/24) and terms with a time-to-live (TTL) of 0/1 are not directly supported. Instead, you need to configure a separate filter for these terms. For example, to count OSPF packets on the loopback interface, you would create a separate filter with terms for the protocol (OSPF) to count packets destined to a reserved multicast address (such as 224.0. 0.6).

    [See Planning the Number of Firewall Filters to Create.]

What’s New in Release 19.1R3

There are no new features and enhancements to the existing features for the QFX Series switches in Junos OS Release 19.1R3.

What’s New in Release 19.1R2

EVPN

  • EVPN-VXLAN support (QFX10002-60C switches)—Starting in Junos OS Release 19.1R2, the QFX10002-60C switch can function as a Layer 2 or Layer 3 VXLAN gateway in both EVPN-VXLAN centrally-routed and edge-routed bridging overlays (EVPN-VXLAN topologies with two-layer and collapsed IP fabrics). In these roles, the switch supports the following features:

    • Enterprise style of Layer 2 interface configuration

    • Active/active multihoming

    • Default routing instance

    • Multiple routing instances of type virtual switch, and VLAN-aware service on the virtual switch routing instance

    • Pure type-5 routes

    • Proxy ARP use and ARP suppression, and proxy NDP use and NDP suppression on an IRB interface

    • ESIs on physical and aggregated Ethernet interfaces

    • OSPF, IS-IS, BGP, and static routing on IRB interfaces

    • DHCP relay

    • IPv6 support for user data traffic

    • EVPN-VXLAN with MPLS as transport layer

    • MAC mobility

    [See EVPN User Guide.]

  • BPDU protection in EVPN-VXLAN (QFX5100, QFX5110, and QFX5200 switches)—Starting in Junos OS Release 19.1R2, you can enable BPDU protection in an EVPN-VXLAN configuration. With a spanning tree protocol configured on an edge port, you can enable BPDU protection. If a BPDU is received on the edge port, the edge port is disabled and it stops forwarding all traffic. You can also configure BPDU protection on VXLAN interfaces without a spanning tree protocol configured, or enable BPDU protection and have other traffic forwarded. Only the BPDUs are dropped, and all other traffic is forwarded. Additionally, you can unblock an interface either automatically or manually.

    • To enable BPDU protection with RSTP on an edge port on access and leaf devices:

      set protocols rstp interface interface-name edge

      set protocols rstp bpdu-block-on-edge

    • To enable BPDU protection with a spanning tree protocol on access and leaf devices:

      set protocols layer2-control bpdu-block interface interface-name

    • To enable BPDU protection but still forward other traffic on access and leaf devices:

      set protocols layer2-control bpdu-block interface interface-name drop

    • To automatically unblock an interface using an expiry timer on access and leaf devices:

      set protocols layer2-control bpdu-block disable-timeout time in seconds

    • To manually unblock an interface on access and leaf devices:

      run clear error bpdu interface all

  • Support for EVPN-VXLAN features (QFX5120-32C)—Starting in Junos OS Release 19.1R2, QFX5120-32C switches support the following features in an EVPN-VXLAN environment:

    • Firewall filtering and policing

    • Graceful restart

    • Class of service (CoS)

    • Virtual machine traffic optimization (VMTO) for ingress traffic

    • MAC limiting (firewall filter-based)

    • Storm control

    • Port mirroring and analyzers

    • Core isolation

    [See the EVPN User Guide.]

What’s New in Release 19.1R1

Hardware

  • QFX5120-32C switches— Starting with Release 19.1R1, Junos OS supports the fixed-configuration QFX5120-32C switch. This switch provides 100-Gbps spine-and-leaf connectivity in Layer 2 and Layer 3 fabrics for cloud and Web services.

    The QFX5120-32C has 2 SFP+ ports that operate at 10-Gbps speed, and 32 ports that can operate at 40-Gbps (with QSFP+ transceivers) and 100-Gbps speeds (with QSFP28 transceivers). You can use breakout cables to channelize the 40-Gbps ports into four 10-Gigabit Ethernet interfaces and the 100-Gbps ports into four 25-Gigabit Ethernet interfaces.

    The QFX5120-32C is available with AC power supplies and with front-to-back or back-to-front airflow.

Authentication, Authorization and Accounting (AAA) (RADIUS)

  • Support for SFTP global disablement (QFX Series)—Starting in Junos OS Release 19.1R1, we have globally disabled incoming SSH File Transfer Protocol (SFTP) connections by default. You can enable incoming SFTP connections globally by configuring the statement sftp-server at the [edit system services ssh] hierarchy level. Prior to Junos OS Release 19.1R1, the incoming SFTP connections were globally enabled by default.

    [See Configuring sftp-server]

Class of Service (CoS)

  • Support for per-port buffer monitoring (QFX5000 switches)—Starting with Junos OS Release 19.1R1, to keep track of peak buffer occupancy for each queue or priority group on a port, you can enable per-port buffer monitoring on a QFX5000 Series switch by setting buffer-monitor-enable at the [edit chassis fpc slot-number traffic-manager] hierarchy level. You can then monitor the buffer occupancy on the designated ports by executing the show interfaces priority-group interface-name buffer-occupancy or show interfaces queue interface-namebuffer-occupancy command.

    [See traffic-manager.]

  • Support for class of service (CoS) on QFX5120-32C switches (QFX Series)—Starting in Junos OS Release 19.1R1, QFX5120-32C switches support most class of service (CoS) features. IP precedence classification is not supported; DSCP classifiers are supported but can’t be set at ingress. Also, as with other QFX5200 series switches, CoS flexible hierarchical scheduling (ETS) is not supported.

    CoS is the assignment of traffic flows to different service levels. Service providers can use router-based CoS features to define service levels that provide different delay, jitter (delay variation), and packet loss characteristics to particular applications served by specific traffic flows.

    [See CoS Operational Comparison Between QFX5100, QFX5120, QFX5200, and QFX5210 Switches.]

EVPNs

  • EVPN proxy ARP and ARP suppression, and proxy NDP and NDP suppression without IRB interfaces (QFX10000 switches)—Starting in Junos OS Release 19.1R1, QFX10000 switches that function as Layer 2 VXLAN gateways in an EVPN-VXLAN environment support proxy ARP and ARP suppression, and proxy NDP and NDP suppression on non-IRB interfaces. Now, any interface configured on these Layer 2 VXLAN gateways can deliver ARP and NDP requests from both local and remote devices.

    In addition, you can now control the following aspects of the MAC-IP address bindings database on a QFX10000 switch:

    • The maximum number of MAC-IP address entries in the database

    • The amount of time a locally learned MAC-IP address binding remains in the database

    [See EVPN Proxy ARP and ARP Suppression, and Proxy NDP and NDP Suppression.]

Forwarding and Sampling

  • Customizing hashing parameters and shared-buffer alpha values for better load balancing (QFX5100, QFX5110, QFX5200, and QFX5210 switches)—These switches achieve load balancing through use of a hashing algorithm, which determines how to forward traffic over LAG bundles or to next-hop devices when ECMP is enabled. The hashing algorithm makes hashing decisions based on values in various packet fields. Starting with Junos OS Release 19.1R1, you can explicitly configure some hashing parameters to make hashing more efficient. The shared-buffer pool is a global memory space that all ports on the switch share dynamically as they need buffers. The switch uses the shared-buffer pool to absorb traffic bursts after the dedicated-buffer pool is exhausted. The shared-buffer pool threshold is dynamically calculated based on a factor called “alpha”. Also starting with Junos OS Release 19.1R1, you can specify the alpha, or dynamic threshold, value to determine the change threshold of shared buffer pools for both ingress and egress buffer partitions.

    To specify hashing parameters:

    user@switch# set forwarding-options enhanced-hash-key hash-parameters (ecmp | lag)

    To specify a threshold value for a particular queue:

    user@switch# set class-of-service shared-buffer (ingress|egress) buffer-partition buffer dynamic-threshold value

    [See hash-parameters and buffer-partition].

General Routing

Interfaces and Chassis

  • Multichassis link aggregation groups, configuration synchronization, and configuration consistency check (MC-LAG) (QFX5120 switches)—Starting in Junos OS Release 19.1R1, MC-LAG enables a client device to form a logical LAG interface using two switches. MC-LAG provides redundancy and load balancing between the two switches, multihoming support, and a loop-free Layer 2 network without running spanning tree protocols (STP).

    [See Multichassis Link Aggregation Features, Terms, and Best Practices.]

  • Increasing the number of ARP and neighbor discovery entries to 256,000 (QFX10008 and QFX10016 switches)—Starting in Junos OS Release 19.1R1, the number of ARP and neighbor discovery entries has increased to 256,000 when enabling the enhanced-convergence statement. Enhanced convergence improves Layer 2 and Layer 3 convergence time during enhanced MC-LAG and VXLAN L3 gateway restoration scenarios.

    To increase the number of ARP an neighbor discovery entries, enable the arp-enhanced-scale statement at the [edit system] hierarchy.

    [See Increasing ARP and Network Discovery Protocol Entries for Enhanced MC-LAG and Layer 3 VXLAN Topologies.]

  • Channelizing enhancement on QFX5210-64C switches—Starting in Junos OS Release 19.1R1, the behavior of Flexi-pic mode on QFX5210-64C switches has improved. Channelizing ports in this mode no longer disables a corresponding port. The new behavior allows you to use any port within four designated blocks for channelization as long as the total number of channels does not exceed 128 or 32 in any one of the four blocks. Channelization helps to maximize port utilization.

    [See Channelizing Interfaces on Switches.]

  • Channelizing interfaces on QFX5120-32C switches—The 32 ports on the QFX5120-32C switch support native 40- or 100-Gigabit Ethernet configuration and channelized 10-, 25-, or 40-Gigabit Ethernet configuration. Starting in Junos OS Release 19.1R1, you can channelize the default 100-Gbps ports into four 25-Gigabit Ethernet or two 50-Gigabit Ethernet interfaces, and the 40-Gbps ports into four 10-Gigabit Ethernet interfaces (using breakout cables).

    If you have disabled auto-channelization, then to channelize the ports, manually configure the port speed using the set chassis fpc slot-number port port-number channel-speed speed command, where the speed can be set to 10G, 25G, 50G.

    Note
    • The last 100-Gbps port (port 31) does not support four 10-Gigabit Ethernet port or four 25-Gigabit Ethernet port channelization. Only 40-Gigabit Ethernet, 100-Gigabit Ethernet and 2x50-Gigabit Ethernet interfaces are supported on port 31.

    • You cannot configure channelized interfaces to operate as Virtual Chassis ports.

    [See Channelizing Interfaces on Switches.]

Junos Telemetry Interface

  • Support for the Junos telemetry interface (JTI) (QFX10002 and PTX10002)—Starting with Junos OS Release 19.1R1, you can provision sensors through the Junos telemetry interface to export telemetry data for several network elements without involving polling. You can stream data through UDP or gRPC.

    Only the following sensors are supported on QFX10002 switches and PTX10002 routers:

    • Physical interfaces statistics

    • Label-switched-path (LSP) statistics

    • Network processing unit (NPU) memory

    • NPU memory utilization

    • CPU memory

    To provision sensors to stream data through UDP, all parameters are configured at the [edit services analytics] hierarchy level.

    To provision a sensor to export data through gRPC, use the telemetrySubscribe RPC to specify telemetry parameters.

    Streaming telemetry data through gRPC also requires you to download the OpenConfig for Junos OS module and YANG models.

    [See Guidelines for gRPC Sensors (Junos Telemetry Interface) and show chassis hardware.]

Layer 2 Features

  • L2PT support (QFX5200 switches and QFX5200 Virtual Chassis)—Starting with Junos OS Release 19.1R1, you can configure Layer 2 protocol tunneling (L2PT) for the following protocols on QFX5200 switches and QFX5200 Virtual Chassis: CDP, E-LMI, GVRP, IEEE 802.1X, IEEE 802.3AH, LACP, LLDP, MMRP, MVRP, STP (including RSTP and MSTP), UDLD, VSTP, and VTP.

    [See Layer 2 Protocol Tunneling.]

Licensing

  • QFX5120-32C switch license —Starting in Junos OS Release 19.1R1, Juniper Networks introduces the QFX5120-32C switch.

    The QFX5120-32C switch supports the following licenses models:

    • Base features for the QFX5120-32C switch include OSPF, OSPFv3, and RIPng.

    • Advanced Feature License (AFL) for QFX5120-32C switch includes BGP, IS-IS, MPLS, VXLAN, and Open vSwitch Database (OVSDB).

    • PFL for QFX5120-32C switch includes Border Gateway Protocol (BGP), Intermediate System-to-Intermediate System (IS-IS), Virtual Extensible Local Area Network (VXLAN), and Open vSwitch Database (OVSDB).

    [See Software Features That Require Licenses for QFX Series.]

Management

  • Tracing support for individual JET application files (QFX Series)—Previously you could configure traceoptions for all applications. Starting in Junos OS Release 19.1R1, you can also configure traceoptions for an individual application file. If you configure trace options both globally (all applications) and locally (by application file), the local configuration has the higher priority. You must commit global traceoptions and the daemonized application configurations at the same time for the global traceoptions for the daemonized application to take effect.

    [See application.]

MPLS

  • MPLS scaling enhancements (QFX5100, QFX5110, QFX5200, QFX5210)—Starting in Junos OS Release 19.1R1, MPLS scaling is enhanced on the switches. For instance, you can increase the scale from its default 1024 to 8192 on the QFX5100. This enhancement optimizes and increases the ingress tunnel scale to address the current needs of data center networks either in IP-CLOS or IP over MPLS application spaces.

    [See Supported MPLS Scaling Values.]

  • Control transport address used for targeted-LDP session (QFX Series)—Currently, only the router ID or interface address is used as the LDP transport address. Starting in Junos OS Release 19.1R1, you can configure any other IP address as the transport address of targeted LDP sessions, session groups, and interfaces. This new configuration is applicable only for configured LDP neighbors that have Layer 2 circuit, MPLS, and VPLS adjacencies.

    This feature is beneficial when you have multiple loopback interface addresses, and different IGPs associated with LDP interfaces, and you can control the session established between targeted LDP neighbors with the configured transport address.

    [See Control Transport Address Used for Targeted-LDP Session.]

  • Policy-based multipath routes (QFX Series)—In segment routing networks with multiple protocols in the core, you can combine segment routing traffic engineered (SR-TE) LDP routes and SR-TE IP routes to create a multipath route that is installed in the routing information base (also known as routing table). You can resolve BGP service routes over the mutlipath route through policy configuration and steer traffic differently for different prefixes.

    [See Policy-Based Multipath Routes Overview.]

  • Use of SID labels as first hop for resolving non-colored static segment routing LSPs (QFX Series)—Currently, for a static non-colored segment routing traffic-engineered LSP to be usable, the first hop of the segment list must be an IP address. Only the second to nth hop could be segment identifier (SID) labels. Starting in Junos OS Release 19.1R1, this requirement does not apply. You can now configure SID labels as the first hop in the segment list.

    With this configuration, static non-colored segment routing LSPs are resolved using MPLS fast reroute (FRR) and weighted equal-cost multipath. Without this configuration, by default, the LSPs are resolved using IP address.

    [See Static Segment Routing Label Switched Path.]

  • Support of install statement for segment routing LSPs (QFX Series)—The install destination-prefix statement which is currently supported at the [edit protocols mpls label-switched-path lsp-name] and [edit protocols mpls static-label-switched-path lsp-name ingress] hierarchy levels is now also supported at the [edit protocols source-packet-routing source-routing-path lsp-name] hierarchy level for both colored and non-colored static segment routing label-switched paths (LSPs).

    You can associate one or more prefixes with a segment routing LSP using the install statement. When the LSP is up, all the prefixes are installed as entries into the inet.3 or inet6.3 routing table.

    [See install (Protocols MPLS).]

Network Management and Monitoring

  • Local port mirroring support (QFX10002-60C switch)—Starting in Junos OS Release 19.1R1, QFX10002-60C switches support local port mirroring. Port mirroring copies packets entering or exiting a port or entering a VLAN and sends the copies to a local interface for local monitoring. You can use port mirroring to send traffic to applications that analyze traffic for purposes such as monitoring compliance, enforcing policies, detecting intrusions, monitoring and predicting traffic patterns, correlating events, and so on.

    [See Examples: Configuring Port Mirroring for Local Analysis.]

  • sFlow performance improvements (QFX Series)—Starting in Junos OS Release 19.1R1, the following improvements have been added to the sFlow technology feature:

    • For MX Series, PTX Series, and QFX Series, you can configure forwarding class and DSCP values per collector.

    • For PTX Series and QFX Series, you can configure IPv6 addresses for the source-ip and agent-id.

    • Enhancements are made to the following CLI commands: show sflow collector, show sflow collector address ip-address, and show sflow interface.

    [See Understanding How to Use sFlow Technology for Network Monitoring, collector, agent-id, source-ip, show flow collector, and show flow interface.]

Routing Policy and Firewall Filters

  • Support for IPv6 filter-based forwarding (QFX5100, QFX5110, and QFX5200 switches)— Starting with Junos OS Release 19.1R1, you can use stateless firewall filters in conjunction with filters and routing instances to control how IPv6 traffic travels in a network. This is called IPv6 filter-based forwarding. To set up this feature, you define a filtering term that matches incoming packets based on the source or destination address and then specify the routing instance to send packets to. You can use filter-based forwarding to route specific types of traffic through a firewall or security device before the traffic continues on its path. You can also use it to give certain types of traffic preferential treatment or to improve load balancing of switch traffic.

    This feature was previously supported in an "X" release of Junos OS.

    [See Firewall Filter Match Conditions and Understanding Filter-Based Forwarding.]

  • Support for 2000 Egress Firewall Filters (QFX5110 switches)—Starting in Junos OS Release 19.1R1, you can configure up to 2000 VLAN firewall filters on the switch. This feature is only supported in the egress direction (traffic exiting the VLAN). To configure, include the egress-to-ingress option under the from statement at the [edit firewall] hierarchy level.

    [See Planning the Number of Firewall Filters to Create.]

  • Support for packet load balancing based on GTP-TEID hashing (QFX10002, QFX10008, and QFX10016 switches)—Starting in Junos OS Release 19.1R1, you can configure load balancing of IPv4 or IPv6 packets by using GPRS Tunneling Protocol-tunnel endpoint identifier (GTP-TEID) field hash calculations. The GTP-TEID hashing is added to the Layer 2 and Layer 3 field hashing that you have already configured. To enable this feature, configure the gtp-tunnel-endpoint-identifier statement at the [edit forwarding-options enhanced-hash-key family inet] or the [edit forwarding-options enhanced-hash-key family inet6] hierarchy Level. GTP versions 1 and 2 are supported; they support only user data. You must use UDP port number 2152 for both GTP versions.

    [See gtp-tunnel-endpoint-identifier.]

  • Support for matching IPv6 source addresses from an inet6 egress interface (QFX5100)—Starting in Junos OS Release 19.1R1, you can configure an firewall filter on a IPv6 egress interface to match specified IPv6 source or destination addresses, for example, to protect a third-party device connected to the switch.

    [See eracl-ip6-match and Example: Configuring an Egress Filter Based on IPv6 Source or Destination IP Addresses.]

Routing Protocols

  • Support for BGP graceful shutdown (QFX Series)— Starting in Junos OS Release 19.1R1, graceful traffic migration from one BGP next hop to another is supported, without traffic interruption. Also, BGP administrative shutdown communication can be sent to the BGP peer.

    You can configure both graceful-shutdown and shutdown statements at the [edit protocols bgp], [edit protocols bgp group group-name], and [edit protocols bgp group group-name neighbor address] hierarchy levels.

    Note

    Graceful shutdown is disabled by default.

    [See: graceful-shutdown (Protocols BGP), shutdown (Protocols BGP).]

  • Support for 128 equal-cost paths for BGP multipath (QFX10000)—Starting with Junos OS Release 19.1R1, you can configure a maximum of 128 equal-cost paths for external BGP peers. Previously, the maximum number supported was 64. For MPLS routes, the maximum number of equal-cost paths you can configure remains unchanged at 64. To specify 128 equal-cost paths for external BGP peers, include the maximum-ecmp 128 statement at the [edit chassis] hierarchy level. You must also configure a routing policy that exports routes from the routing table into BGP. Define a routing policy by including the policy-statement policy-name set of statements at the [edit policy-options] hierarchy level. Apply the policy to routes exported to the forwarding table by including the export policy-name statement at the [edit routing-options forwarding-table] hierarchy level.

    [See maximum-ecmp.]

  • Support for policy-based allocation for IPv4 BGP-labeled unicast (QFX Series)—Starting in Junos OS Release 19.1R1, this feature supports:

    • Allocating policy-based label for IPv4 BGP-LU prefixes in per-prefix label allocation mode.

    • 1:1 mapping between prefixes and labels.

    • Map policy for labels.

    • Fallback actions of dynamic and reject for handling error conditions.

    [See policy-options, route-filter-list.]

System Management

  • Support for aggregated Ethernet and loopback interfaces on primary and secondary interfaces using PTP (QFX5110 switches) —Starting with Junos OS Release 19.1R1, you can configure both primary and secondary interfaces as aggregated Ethernet and loopback interfaces using PTP over IPv4 and IPv6 unicast transport on the IEEE 1588v2 default profile and the G.8275.2 enhanced profile. Although, the loopback interface (lo0.0) is the same for both the primary and secondary aggregated Ethernet interfaces, the IP addresses must be unique.

    [See Understanding the PTP G.8275.2 Enhanced Profile (Telecom Profile)Multicast Overview.]

What's Changed

Learn about what changed in the Junos OS main and maintenance releases for QFX Series.

What’s Changed in Release 19.1R3

General Routing

  • Advertising 32 secondary loopback addresses to traffic engineering database as prefixes (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—We've made changes to export multiple loopback addresses to the lsdist.0 and lsdist.1 routing tables as prefixes. This eliminates the issue of advertising secondary loopback addresses as router IDs instead of prefixes. In earlier releases, multiple secondary loopback addresses in the traffic engineering database were added to the lsdist.0 and lsdist.1 routing tables as part of node characteristics and advertised them as the router ID.

Multicast

  • Multicast Layer 2 transit traffic statistics by multicast source and group (EX4600, EX4650, and the QFX5000 line of switches)—Starting in Junos OS Release 19.1R3, EX4600, EX4650, and the QFX5000 line of switches provide statistics on the packet count for each multicast group and source when passing multicast transit traffic at Layer 2 with IGMP snooping. Run the show multicast snooping route extensive CLI command to see this count in the Statistics: … n packets output field. The other statistics in that output field, kBps and pps, are not available (values displayed there are not valid statistics for multicast traffic at Layer 2). In earlier Junos OS releases, all three values in the Statistics output field for kBps, pps, and packets do not provide valid statistics for multicast traffic at Layer 2.

    [See show multicast snooping route.]

Network Management and Monitoring

  • entPhysicalTable fetched on QFX10002—In Junos OS Release 19.1R3, the MIB data for entPhysicalTable is fetched on a QFX10002-72Q or QFX10002-36Q switch.

    [See SNMP Explorer.]

Platform and Infrastructure

  • Automatic installation of YANG-based CLI for RIFT protocol (MX Series, QFX Series, and vMX with 64-bit and x86-based servers)—In Rift 1.2 Release, installation of the CLI for RIFT protocol occurs automatically along with the installation of the junos-rift package. In the pre-1.0 releases of the junos-rift package, the RIFT CLI had to be installed separately using request system yang command after installation of the junos-rift package.

  • Advertising 32 secondary loopback addresses to traffic engineering database as prefixes ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—We've made changes to export multiple loopback addresses to the lsdist.0 and lsdist.1 routing tables as prefixes. This eliminates the issue of advertising secondary loopback addresses as router IDs instead of prefixes. In earlier releases, multiple secondary loopback addresses in the traffic engineering database were added to the lsdist.0 and lsdist.1 routing tables as part of node characteristics and advertised them as the router ID.

What’s Changed in Release 19.1R2

EVPN

  • Support for disabling automatic ESI generation (MX Series and QFX Series)—Starting with Junos OS Release 19.1R2, Junos OS supports disabling the automatic ESI generation for virtual gateway addresses. We recommend that you disable the automatic ESI generation for EVPN networks with edge-routed bridging to improve performance. To disable automatic ESI generation, include the no-auto-virtual-gateway-esi statement at the [edit interfaces name irb unit logical-unit-number] hierarchy level.

  • Logical Interface is created along with physical Interface by default (QFX Series switches)—In Junos OS Release 19.1R2 and later, logical interface is created on ge, et, xe interfaces along with the physical interface, by default. In earlier Junos OS Releases, by default, only physical interfaces are created.

    For example, for ge interfaces, earlier when you view the show interfaces command, by default, only the physical interface (ge-0/0/0), is displayed. Now, the logical interface (ge-0/0/0.16386) is also displayed.

Interfaces and Chassis

  • The resilient-hash statement is no longer available under aggregated-ether-options (QFX5200 and QFX5210 switches)—Starting in Junos OS Release 19.1R2, the resilient-hash statement is no longer available in the [edit interfaces aex aggregated-ether-options] hierarchy level. Resilient hashing is not supported on LAGs on QFX5200 and QFX5210.

    [See aggregated-ether-options.]

  • Logical interfaces created along with physical interfaces by default (QFX10000 and QFX5000 switches)—On the QFX10000 line of switches, logical interfaces are created along with the physical et-, sxe-, xe-, and channelized xe- interfaces. In earlier releases, only physical interfaces are created.

    On the QFX5000 line of switches, by default, logical interfaces are created on channelized xe- interfaces. In earlier releases, logical interfaces are not created by default on channelized xe- interfaces (xe-0/0/0:1, xe-0/0/0:2, and so on), but they are created on et-, sxe-, and nonchannelized xe- interfaces.

Layer 2 Features

  • input-native-vlan-push (EX2300, EX3400, EX4600, EX4650, and the QFX5000 line of switches)—In Junos OS Release 19.1R2, we have introduced the configuration statement input-native-vlan-push at the [edit interfaces interface-name] hierarchy level. You can use this statement in a Q-in-Q tunneling configuration to enable or disable whether the switch inserts a native VLAN identifier in untagged frames received on the C-VLAN interface, when the input-vlan-map configuration statement with a push operation is configured.

    [See input-native-vlan-push.]

Network Management and Monitoring

  • The show system schema command and <get-yang-schema> RPC require specifying an output directory (QFX Series)—Starting in Junos OS Release 19.1R2, when you issue the show system schema operational mode command in the CLI or execute the <get-yang-schema> RPC in a remote session to retrieve schema files, you must specify the directory in which to generate the output files by including the output-directory command option in the CLI or the <output-directory> element in the RPC. In earlier releases, you can omit the output-directory argument when requesting a single module to display the module in standard output.

Services and Applications

  • Commit check for incomplete tunnel encapsulation configuration on flexible tunnel interface (FTI) —Tunnel encapsulation configuration is mandatory for FTI interfaces. In Junos OS Release 19.1R2, when you try to commit any incomplete tunnel encapsulation configuration on an FTI, the CLI displays a commit error message.

Software-Defined Networking

  • Increase in the maximum value of delegation-cleanup-timeout (QFX Series)—You can now configure a maximum of 2147483647 seconds as the delegation cleanup time for a Path Computation Client (PCC). This extends the time taken by the PCC to retain the last provided path over a PCEP session from the last session down time.

    With the increase in maximum value of delegation-cleanup-timeout from 600 to 2147483647 seconds, you can benefit during a Path Computation Element (PCE) failover, or other network issues that might disrupt the PCEP session with the main active stateful PCE.

    [See delegation-cleanup-timeout.]

What’s Changed in Release 19.1R1

EVPN

  • Starting with Junos OS Release 19.1R1, the no-arp-suppression configuration statement is no longer supported on any device.

    [See no-arp-suppression.]

  • New options in show evpn instance command (QFX series)—Starting in Junos OS Release 19.1R1, you can use the show evpn instance esi-info command to only display the ESI information for a routing instance and show evpn instance neighbor-info to only display the IP address of the EVPN neighbor for a routing instance. Information associated with the ESI, such as the route distinguisher, bridge domain, and IRB are filtered out.

Interfaces and Chassis

  • Commit error thrown when GRE interface and tunnel source interface are configured in different routing instances (QFX Series)—In Junos OS Release 19.1R1, QFX Series switches do not support configuring GRE interface and the underlying tunnel source interface in two different routing instances. If you try this configuration, it will result in a commit error with the following error message:

    error: GRE interface (gr-0/0/0.0) and its underlying tunnel source interface are in different routing-instances

    error: configuration check-out failed

    [See Understanding Generic Routing Encapsulation.]

  • New XML tag element <lacp-hold-up-state> added in show lacp interfaces XML display (QFX Series)—Starting in Junos OS Release 19.1R1, the show lacp interfaces | display xml command displays a new XML tag element <lacp-hold-up-state>. The <lacp-hold-up-state> displays the time interval an interface holds before it changes from state, down to up. In earlier Junos OS releases, the LACP hold up the information for all interfaces was in a single <lacp-hold-up-information> XML tag. Now, for each interface it is displayed in a separate <lacp-hold-up-information> XML tag.

  • Support for creating Layer 2 logical interfaces independently (ACX Series, EX Series, MX Series, PTX Series, and QFX Series)—In Junos OS Releases 18.4R1, 18.4R2, 19.1R1, 19.1R2, and later, QFX Series switches support creating Layer 2 logical interfaces independent of the Layer 2 routing-instance type. That is, you can configure and commit the Layer 2 logical interfaces separately and add the interfaces to the bridge domain or Ethernet VPN (EVPN) routing instance separately. Note that the Layer 2 logical interfaces work fine only when they are added to the bridge domain or EVPN routing instance.

    In earlier Junos OS releases, when you use a Layer 2 logical interface configuration (units with encapsulation vlan-bridge configuration), then you must add the logical interface as part of a bridge domain or EVPN routing instance for the commit to succeed.

Network Management and Monitoring

  • sysName.0 MIB object displays the fully qualified domain name (QFX Series)—Starting in Junos OS Release 19.1R1, the sysName.0 MIB object displays the fully qualified domain name. That is, if the hostname and domain name are configured on the system, both will show up for the sysName.0 MIB object: host-name.domain-name. Previously, only the hostname showed up.

    [see show snmp mib.]

  • NETCONF <kill-session> operation returns different values in <rpc-error> when the session identifier is equal to the current session ID (QFX Series)—Starting in Junos OS Release 19.1R1, when you execute the <kill-session> NETCONF operation and the session identifier is equal to the current session ID, the values of the <error-type> and <error-tag> elements in the resulting <rpc-error> are application and invalid-value, respectively. In earlier releases, the <error-type> and <error-tag> values are protocol and operation-failed.

    [See <kill-session>.]

Security

  • Syslog or log action on firewall drops packets (QFX5000 switches)—Starting in 19.1R1, if you configure a syslog or log action on an ingress firewall filter, control packets and ICMP packets sent to the Routing Engine might be dropped.

  • Firewall warning message (QFX5000 switches)—Starting in 19.1R1, a warning message is displayed whenever a firewall term includes log or syslog with the accept filter action.

User Interface and Configuration

  • Options for monitor traffic interfaces statement added (QFX Series)—Starting in Junos OS Release 19.1R1, the options write-fileand read-file under the monitor traffic command are included in the visible CLI.

    [See monitor traffic.]

Known Limitations

Learn about known limitations in this release for QFX Series.

For the most complete and latest information about known Junos OS problems, use the Juniper Networks online Junos Problem Report Search application.

EVPN

  • On QFX10000 switches configured as type-5 route peers, when only peer 1 advertises routes, that peer might not install the de-encapsulated next-hop route. As a result, type-5 encapsulated traffic sent by peer 2 is dropped until peer 2 advertises any type-5 route. As a workaround, configure a static route pointing to discard on peer 2 and advertise that route as a type-5 route to peer 1. PR1191092

  • When a VLAN uses an IRB interface as the routing interface, the vlan-id parameter must be set to none to ensure proper traffic routing. This issue is platform independent. PR1287557

General Routing

  • On the QFX5100, if a scaled configuration involving a LAG interface, more than 3000 VLANs, and corresponding next hops is removed and a new configuration involving a LAG interface is applied at the same time, the new configuration might not take effect until the previous configuration has been deleted. During this time, FXPC might consume high CPU resources. No other system impact is observed. PR1363896

  • The statement pm4x25_line_side_phymod_interfa might throw the error ERROR: u=0 p=81 interface type 16 not supported by internal SERDES for this speed 50000. This error message is seen when a channelization is detected in Junos OS Release 18.1R3. PR1366137

  • If out-of-band management link is operated at a speed other than 1000 Mbps (for example, link peer is kept 10/100 Mbps) on QFX Series products within the Junos VM, the corresponding interface always reflects a speed of 1000 Mbps in all aspects. For example, in the output of the show interfaces em0 command. The actual speed in use will reflects only on the corresponding interface on the Linux host. PR1401382

  • When doing an RFC MAC learning rate, we achieve a learning rate of only 13,000 MAC entries. For higher learning rate, we see some MACs are not learned, but sometimes the issue is not seen even at higher rates. PR1403603

  • The maximum number of Layer 3 interfaces that can be configured on QFX5100 is 8000, QFX5200 is 8000, and QFX5110 is 12,000. PR1406107

  • On a QFX5120, ARP might not get resolved for an untagged packet coming on an interface with encapsulation ethernet-bridge when this interface is in a VXLAN with the encapsulate-inner-vlan statement. PR1454804

Infrastructure

  • If Junos OS panics with a file-system-related panic, such as 'dup alloc', recovery through the OAM shell might be needed. From the OAM shell, run 'fsck' on the root volume until it is marked clean. Only at this point it is safe to reboot to the normal volume. PR1444941

Layer 2 Features

  • The Targeted-broadcast forward-only command does not broadcast the traffic. PR1359031

  • xSTP configuration is not supported on flexible-vlan-tagging interfaces for any of the QFX5000 line of devices (QFX5100, QFX5110, QFX5200, QFX5210, QFX5120). PR1414659

  • Hierarchical ECMP with VXLAN OVERLAY routing is not supported on QFX5000 devices. PR1456594

MPLS

  • There is no warning message about Packet Forwarding Engine restart when the MPLS tunnel extend configuration is deleted. PR1394722

Platform and Infrastructure

  • When the sFlow collector can be reached only through the Routing Engine, large samples due to heavy traffic can cause the Routing Engine CPU to become busy. PR1332337

  • On QFX10002, QFX10008, and QFX10016, ND is incorrectly working on an IRB/Layer 3 interface with a discard filter. PR1338067

  • Hardware watchdog does not work on QFX10008 and QFX10002-60C. PR1343131

  • The 100-Gigabit Ethernet interface goes down after you configure and delete the Ethernet loopback configuration. PR1353734

  • When vlan is added as an action for changing the VLAN in both ingress and egress filters, the filter is not installed. PR1362609

  • On a QFX5120 switch with 288,000 MAC scale, the Routing Engine show ethernet-switching table summary command output shows the learned scale entries after a delay of around 60 seconds. PR1367538

  • Junos OS can hang trying to acquire the SMP IPI lock while rebooting when it is running as a VM on Linux and the QEMU hypervisor. You can recover the device by power cycling it. PR1385970

  • These error logs are expected when routes pointing to target next hops are in turn pointing to hold next hops. These error logs appear for a short time. Later, when the next hop changes from hold next hop to a valid next hop, unilist next hops are walked again and updated with the appropriate weight and reroute counters, and no more error logs are seen. PR1387559

  • Re-ARP request sent without a VLAN ID (so Routing Engine ARP fails). PR1390794

  • The QFX5100 (Junos OS Release 19.1R1) uses SDK version 6.3.7. Unified ISSU with BST configuration is not supported and is a product limitation with regard to BCM chipset running on SDK 6.3.7. Even configuring BST after the unified ISSU might not work. As a workaround, restarting of Packet Forwarding Engine is required after the unified ISSU. For QFX5110, unified ISSU is not supported on Junos OS Release 19.1R1. PR1395587

  • On QFX5120 system, the hardware link scan thread interrupt processing takes significant time due to firmware limitation. This results in greater than 50 ms convergence delay during MPLS FRR. PR1403082

Routing Protocols

  • When an interface is configured with family mpls, one label is reserved for the explicit-null case. Only one label is used across the different MPLS interfaces for the explicit-null case. This label will only be deleted when all the interfaces with family mpls are deleted. So the maximum number of tunnels you can have is 1. PR1418733

Security

  • —On QFX5000 platforms, if a syslog or log action is configured on a firewall filter, control packets and ICMP packets sent to the Routing Engine might be dropped.

Virtual Chassis

  • A Virtual Chassis internal loop might happen at a node coming up from a reboot. During nonstop software upgrade (NSSU) on a QFX5100 Virtual Chassis, a minimal traffic disruption or traffic loop (>2 seconds) might occur. PR1347902

Open Issues

Learn about open issues in this release for QFX Series.

For the most complete and latest information about known Junos OS problems, use the Juniper Networks online Junos Problem Report Search application.

EVPN

  • At times, when l2ald is restarted, a race condition occurs where VTEP notification comes in from the kernel before lo0. As a result, l2ald is unable to process the VTEP add request and gets stuck in an infinite loop. PR1384022

General Routing

  • Layer 3 multicast traffic does not converge to 100 percent and continuous drops are observed after the downstream interface goes down or comes up or while an FPC comes online after FPC restart.This happens with multicast replication for 1000 VLANs or IRB interfaces. PR1161485

  • Port LEDs on the QFX5100 do not work. If a device connects to a port on the QFX5100, the port LED stays unlit. PR1317750

  • On the QFX10002-60C, the filter operation with log action is not supported for protocols other than Layer 2, IPv4, and IPv6. The following message is seen in the firewall logs: Protocol 0 not recognized. PR1325437

  • Backup Routing Engine might crash after GRES occurs continuously for more than 10 times. PR1348806

  • QFX10000 platform drops the access point (AP) heartbeat packets, as result the WAP cannot work. PR1352805

  • Interface flapping is observed only on a peer port with 100GBASE-LR4 optics in the warm boot stage of VMs during a unified ISSU process. As a workaround, do not use 100GBASE-LR4 during a unified ISSU. PR1353415

  • A mib2d core file is generated in mib2d_write_snmpidx at snmpidx_sync.c on both active directories while bringing up a base traffic profile. PR1354452

  • When a rpd reads next hops from the kernel on restart, in the INH -> FWD NH{List NH} -> {Chain NH} scenario, the rpd should not create old-style list next hop for the forwarding next hop. PR1360354

  • On the QFX5100, if a scaled configuration involving a LAG interface, more that 3000 VLANs, and corresponding next hops is removed and a new configuration involving a LAG interface is applied at the same time, the new configuration might not take effect until the previous configuration has been deleted. During this time, FXPC might consume high CPU resources. No other system impact is observed. PR1363896

  • The statement pm4x25_line_side_phymod_interfa might throw the error ERROR: u=0 p=81 interface type 16 not supported by internal SERDES for this speed 50000. This error messages is seen when channelization is detected in Junos OS Release 18.1R3. PR1366137

  • On the QFX10000 line of switches, with EVPN-VXLAN, the following error is seen: expr_nh_fwd_get_egress_install_mask:nh type Indirect of nh_id: # is invalid. PR1367121

  • The user might not be able to stop the ZTP bootstrap, when an QFX10016 or an QFX10008 switch with more number of line cards is powered on with factory-default configuration. PR1369959

  • USB upgrade of NOS image is not supported. PR1373900

  • On QFX10008 and QFX10016 platforms, traffic loss might occur because of switch modular failure on the Control Board (CB). This failure further causes all SIBs to be marked as faulty and causes FPCs to restart until Routing Engine switchover occurs. PR1384870

  • With MLD-snooping enabled and when we have two receivers in the same VLAN interested in the same group address but from a different source, traffic is received only on the receiver that sent the lastest MLD report. This is because we do not install S, G routes in hardware when MLD snooping is enabled. PR1386440

  • Control plane switch management (CPSM) daemon memory leak occurs in the VM host. It might also result logrotate not to work, and cause large CPSM log size. PR1387903

  • In the Junos OS Release 18.4R1 branch, intermittent traffic loss is observed with RTG streams while flapping the RTG primary interface. PR1388082

  • DCPFE didn't come up in some instances of abruptly powering off and powering on the QFX5120-EX4650. To recover the device, power cycle it or reboot the host. PR1393554

  • Layer 2 multicast and broadcast convergence is high while deleting and adding back the scale configurations of VLANs and VXLAN. PR1399002

  • A QFX10000's FPC may restart if an operator configures VXLAN's VNI 0 identifier. PR1401215

  • On the QFX5120, OVSDB-managed VXLAN experiences traffic loss. PR1401943

  • If the USB storage device is not removed from device after an upgrade, the system might come up and might reboot repeatedly. As a workaround, you need to manually change the boot sequence from the BIOS menu to select boot from SSD. PR1404717

  • On the QFX10002, traffic drop is observed with MSTP configuration (65 instances and 64 interfaces with 3840 VLANs) PR1408943

  • You might see multiple reconnect logs, JTASK_IO_CONNECT_FAILED, during the device initialization. There is no functionality impact due to these messages. These messages can be ignored. PR1408995

  • Intermittently chassis alarms not raised after power-cycle of the device. Chassis alarms can be recovered by restarting lcmd from CLI - request app-engine service restart chassis-manager or, restart chassis-control PR1413981

  • On QFX5110 and QFX5120 platforms, uRPF check in strict mode does not work properly. PR1417546

  • When a bad optics is connected to the device that could inhibit EEPROM failure conditions or I2C read failure conditions, the device could end up in this condition. Please check the description of the issue mentioned in the PR. PR1420874

  • When NSSU is done from Junos OS Release 18.1R3 to any later image on QFX5100 Virtual Chassis with LACP link protection configured, there might be around 5 minutes of traffic loss. Traffic loss is not seen during NSSU if the link protection configuration is not present. PR1435519

  • When routing process is restarted, if the system is configured with EVPN service, memory of the Layer 2 address learning daemon (l2ald) increases by 4000 when you use show system processes extensive | match l2ald. PR1435561

  • Unified ISSU might fail from Junos OS Release 17.2X75-D43.2 to some target versions on QFX5200 platforms. And dcpfe crash might be seen. PR1438690

  • Unified ISSU will is not supported for QFX5200 from Junos OS Release 17.2X75-D4x to Junos OS Release 19.2R1. PR1440288

  • On QFX10000 switches and EVPN-VXLAN (spine-leaf) scenario, QFX10000 spine switches are configured with VXLAN Layer 3 gateway (utilizing the virtual gateway) on an IRB interface. If you enable and then subsequently remove the VXLAN Layer 3 gateway on this IRB interface on one or some of these spine switches, traffic drop might be observed. As a workaround, if all virtual gateways are configured with an unique IPv4 or IPv6 MAC address, this issue does not occur. PR1446291

  • Whenever any member in RSPAN VLAN is removed from that VLAN, you must reconfigure the analyzer session for that RSPAN VLAN. PR1452459

  • In an EVPN-VXLAN with service-provider style configuration, if the VLAN name associated with access ports is changed, then the virtual bridge domain might not be created. This is because the bridge domain add notification for the new VLAN comes before the bridge domain delete notification for the old VLAN. Because of this, virtual bridge domain might not be created and MAC's might not be learned. PR1454095

  • After changing the VLAN name on the trunk interface, local host MAC learning will be hold for more than 30 seconds. PR1454274

  • Enabling maintenance configuration on MH device without disabling the ESI link might lead to a traffic loop. We recommend that you disable the ESI link instead of the maintenance configuration on the MH device. PR1456349

  • On QFX5110, FEC errors might be seen on the other side. PR1457266

  • Change of VTEP source address by changing the loopback address will trigger reduction in Vport and VNI. PR1467158

  • On QFX5100 Virtual Chassis, 10-Gigabit VCP ports will not be active. PR1494980

Infrastructure

  • The following messages are seen during FTP: ftpd[14105]: bl_init: connect failed for /var/run/blacklistd.sock (No such file or directory) messages are seen during FTP. PR1315605

Interfaces and Chassis

  • Flooding of ARP reply unicast packets is seen as a result of an ARP request sent for the device's VRRP MAC address. The ARP reply that is flooded in the VLAN by the device has the correct DMAC of the originator of the ARP request. That is, the ARP reply is flooded but with the correct unicast DMAC. The ARP reply is not broadcasted. PR1454764

Layer 2 Features

  • If the access-side interfaces are used as SP-style interfaces, when a new logical interface is added and if there is already a logical interface on the physical interface, there is a 20-50 ms traffic drop on the existing logical interface. PR1367488

  • On the QFX5120, during new tenant addition, there might be a few transient packet drops (2-15 packets) for a couple of random intra-VNI traffic streams in an EVPN-VXLAN topology for the existing tenants. The drop is almost negligible and is autorecovered. PR1455654

  • With QFX5110 and QFX5200 plaforms, if storm control IS enabled on the interfaces along vxlan configuration, storm control will not get effected with ARP REQ packets coming more than storm control threshold. PR1469837

  • On QFX5110 and QFX5120 platforms, changing the lo0 IP address might sometimes either result in stale entry of IP in mpls_entry table or missing IP entry, which results in traffic drop for VXLAN traffic. PR1472333

MPLS

  • A lingering RSVP state might keep some labeled routes programmed in the Packet Forwarding Engine longer than they should be. This RSVP state eventually expires and then delete the RSVP MPLS routes from FIB. However, traffic loss is not anticipated because of this lingering state or the corresponding label routes in the FIB. In the worst case, in a network, where there is persistent link flapping going on, this lingering state might interfere with the LSP scale being achieved. PR1331976

Platform and Infrastructure

  • In configurations with IRB interfaces, during times of interface deletion (for example, FPC reboot), the Packet Forwarding Engine might log errors stating nh_ucast_change:291Referenced l2ifl not found. This condition should be transient, with the system reconverging on the expected state. PR1054798

Routing Protocols

  • Higher convergence time for LFA with BFD in Junos OS Release 18.1. PR1337412

  • The pimd_rtrequest_v4(1133), IS_MASTER_RE: 1, Process: rpd, RTM_ID: 5, error: 17, errmsg: rt exists; ifindex = 340 error messages are cosmetic and expected logs. These logs are not harmful and have no functional impact; they just show the state of PIM register messages. These logs are already LOG_DEBUG for external builds, and you do not need to make any change in any of the components. PR1371431

  • When a MOLEX QSFP+ DAC cable is connected to the QFX5210, the link might not come up. A DCPFE might generate a core file and the fxpc process might not come up. PR1397158

  • There is no functionality impact because of the following error message: BRCM_NH-,brcm_nh_bdvlan_ucast_uninstall(),128:l3 nh 6594 unintsall failed in h/w with Mini-PDT base configurations. PR1407175

  • In Junos OS Release 19.1R3, the MUX state of LACP interface will not change sometimes when force-up is onfigured. PR1484523

Resolved Issues

Learn which issues were resolved in the Junos OS main and maintenance releases for QFX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper online Junos Problem Report Search application.

Resolved Issues: 19.1R3

Class of Service (CoS)

  • Shaping does not work after the reboot if the shaping-rate is configured. PR1432078

  • The traffic is placed in network-control queue on extended port even if it comes in with different dscp marking. PR1433252

  • On QFX5120-32C, while moving unicast traffic to the multicast queue through the MF classifer, the show interface queue <> command does not display any statistics. PR1459281

EVPN

  • ARP request/NS might be sent back to the local segment by the DF router. PR1459830

  • The rpd might crash after the EVPN-related configuration is changed. PR1467309

Forwarding and Sampling

  • The l2ald process might experience memory leak on platforms running Junos OS. PR1455034

  • Type 1 ESI/AD route might not be generated locally on EVPN PE in the all-active mode. PR1464778

General Routing

  • On QFX5100 switches, the LR4 QSFP transceiver might take up to 15 minutes to come up after a Virtual Chassis reboot. PR1337340

  • The 10-Gigabit fiber interfaces might flap frequently when they are connected to other vendor's switch PR1409448

  • The optic module comes with Tx enabled by default. As the port is administratively disabled, the port is stopped but as the port has not been started, it does not disable Tx. PR1411015

  • Part of routes could not be provided into the Packet Forwarding Engine when both IPv4 and IPv6 are used. PR1412873

  • The show interface command indicates Media type: Fiber on QFX5100-48T running the QFX 5e Series image. PR1419732

  • Ports might get incorrectly channelized if they are already 10-Gbps ports and they are channelized to 10-Gbps again. PR1423496

  • The host-bound traffic might be dropped after performing change configuration related to prefix-list. PR1426539

  • The l2cpd process might crash and generate a core file when the interfaces are flapping. PR1431355

  • The FPC might crash when a firewall filter is modified. PR1432116

  • The line card might crash because the installed SFP-T module is not supported. PR1432809

  • BGP neighbourship might not come up if the MACsec feature is configured. PR1438143

  • The EX4600 or QFX5100 Virtual Chassis might not come up after the Virtual Chassis port fiber connection is replaced with DAC cable. PR1440062

  • MAC addresses learned on the RTG might not be aged out after a Virtual Chassis member is rebooted. PR1440574

  • CRC error might be seen on the VCPs of the QFX5100 Virtual Chassis. PR1449406

  • The FPC does not restart immediately after the system is rebooted, which might cause packet loss. PR1449977

  • CoS classification does not work on QFX10000. PR1450265

  • FPC core files might be seen after changing the configuration of PTP or Synchronous Ethernet. PR1451950

  • The l2ald and eventd hogs 100 percent after clear ethernet-switching table is issued. PR1452738

  • The classifier configuration does not get applied to the interface in an EVPN-VXLAN environment. PR1453512

  • The show chassis led command shows a wrong status. PR1453821

  • On QFX5100-VC, the vgd process hogs the CPU without the switch-options vtep-source-interface lo0.0 configuration. PR1454014

  • After a reboot, the master FPC might come up in master state again instead of backup state. PR1454343

  • Dcpfe should crash because usage of data is not NULL terminated on QFX5000. PR1454527

  • On QFX10002-60c, in an EVPN-VXLAN environmenet, the MAC+IP count is shown as zero. PR1454603

  • The untagged hosts ARP/NS requests might not be resolved when it is connected on encapsulation ethernet-bridge'\ interface. PR1454804

  • A firewall filter might not be able to be applied in a particular VC/VCF member as TCAM space running out. PR1455177

  • In a 16+ member QFX5100 VCF, the FROM column under the show system users command output reports feb0, feb1, feb2, and feb3 for fpc16, fpc17, fpc18, and fpc19 respectively. PR1455201

  • The PFC feature does not work on the QFX10000 line of switches. PR1455309

  • The cosd crash might be observed if the forwarding-class-set is directly applied on the child interface of an aggregated Ethernet interface. PR1455357

  • Link-up delay and traffic drop might be seen on mixed SP L2, SP L3, and EP L2 type configurations. PR1456336

  • The Packet Forwarding Engine process might crash after a Routing Engine switchover on QFX10000 platforms. PR1457414

  • Overtemperature SNMP trap messages are displayed after update even though the temperatures are within the system thresholds. PR1457456

  • QFX5110 switches port 51 has one LED blinking amber Junos OS Release 19.1R1.6. PR1457516

  • Dual tag Q-in-Q not working with EVPN-VXLAN PR1458206

  • On a QFX5210, the LED does not light on port 64 and 65 after upgrade to Junos OS Release 19.2R1. PR1458514

  • The BPDU packet might be looped between leaf DF switch and non-DF switch and causes traffic blocking. PR1458929

  • JDI-_QFX5200_-REGRESSION-SWITCHING-QFX5200: DHCPv6 LDRA relay bounded count is not as expected after DHCP is configured. PR1459499

  • The fxpc process might crash due to several BGP IPV6 session flaps. PR1459759

  • The forwarding option is missing from the routing-instance type configuration. PR1460181

  • The accept-source-mac feature with VXLAN is not working on QFX5000 platforms. PR1460885

  • The entPhysicalTable MIB is not fetching expected data on QFX10002-72Q / 36Q platforms. PR1462582

  • The fxpc process might generate core files when changing the MTU in a VXLAN scenario with firewall filters applied on QFX5000 platforms. PR1462594

  • JDI-RCT : QFX 5100 VC/VCF : Observing the error BRCM-VIRTUAL,brcm_vxlan_walk_svp(),6916:Failed to find L2-iff for ifl: while cleaning up Evpan-VxLAN configurations with Mini-PDT base. configurations. PR1463939

  • The FPC might restart during run time on PTX10000 or QFX10000 platforms. PR1464119

  • The dcpfe might crash when changing the firewall filter on QFX5000 platforms. PR1464352

  • The interface might not come up on FPC restart on QFX10000 platforms. PR1464650

  • PEM is not present spontaneously on QFX5210. PR1465183

  • A 10G interface might not come up on QFX5100-48T switches or negotiate at speed 1G when connected with Broadcom 57800-T daughter card. PR1465196

  • The QSFP-100G-PSM4 could not be correctly identified on QFX5200 or QFX5110 platforms. PR1465214

  • The physical interface of aggregated Ethernet might take time to come up after disable/enable. PR1465302

  • The broadcast and multicast traffic might be dropped over IRB or LAG interface in QFX/EX VC scenario. PR1466423

  • BGP Open messages with specific types of BGP Optional Capabilities causing BMP messages not been encoded correctly when sent to the BMP Collector. PR1466477

  • EBUF parity interrupt is not seen on QFX10K/PTX platforms. PR1466532

  • IPv6 traffic might get dropped in Layer 3 VPN network. PR1466659

  • Slow packet drop might be seen on QFX5000 switches. PR1466770

  • DHCPvX ACK messages do not receive response to broadcast INFORM packets with Junos OS Release19.1R2.3. PR1467182

  • Ingress drops are to be included at the CLI from interface statistics and added to InDiscards. PR1468033

  • Optics measurements might not be streamed for interfaces of a PIC over JTI PR1468435

  • MAC address might not be learned on a new extended port after VMotion in Junos Fusion Data Center environment. PR1468732

  • If continuous interface flaps at ingress/egress of PE devices, IP routed packets might be looped on the MPLS PHP node. PR1469998

  • Incorrect counter value for "Arrival rate" and "Peak rate" for ddos commands. PR1470385

  • The speed 10m might not be configured on the GE interface. PR1471216

  • Traffic loss might occur when a VTEP source interface is configured in multiple routing instances. PR1471465

  • QFX5K: Egress PACL size will be half in Junos OS Release 19.4R1. PR1472206

  • The shaping of CoS does not work after reboot. PR1472223

  • Detached interface in LAG processing xSTP BPDUs. PR1473313

  • An l2ald crash might be seen when around 16000 VLAN IDs sharing the same VXLAN tunnel and when the Packet Forwarding Engine is rebooted. PR1473521

  • On QFX5000 switches, RIPv2 routes that are being forwarded across an Layer 2 circuit connection are dropped. PR1473685

  • Continuous error log messages might be raised on QFX5000 switches in an EVPN-VXLAN scenario. PR1474545

  • Layer 2 circuit might fail to communicate through VLAN 2 on QFX5000 switches. PR1474935

  • MACsec traffic over Layer 2 circuit might not work on QFX10000, PTX10000, and PTX1000 platforms after upgrading from Junos OS Release 15.1 to later versions. PR1475089

  • DAC cables are not being properly detected in Packet Forwarding Engine in QFX5200 on Junos OS Release18.4R2-S2.4. PR1475249

  • There might be traffic drop on QFX5110/5120 switches acting as leaf switch in a multicast environment with VxLAN. PR1475430

  • QFX Platforms are exhibiting invalid PFE PG counter pairs to copy, src 0xfffff80, dst 0. PR1476829

  • Continous Error logs on the device: prds_ptc_wait_adoption_status: PECHIP[1] PTC[1]: timeout on getting adoption valid bit[8] asserted. PR1477192

  • ARP request packets for unknown host might get dropped in remote PE in EVPN-VXLAN scenario. PR1480776

Interfaces and Chassis

  • Traffic might be forwarded to wrong interfaces in an MC-LAG scenario. PR1465077

  • Executing commit might hang because of the struck dcd process. PR1470622

  • Commit error is not thrown when member link is added to multiple aggregation group with different interface specific options. PR1475634

Layer 2 Features

  • Storm control configuration may be disabled for the interface. PR1354889

  • Physical layer and MAC/ARP learning might not work for copper base SFP-T on QFX5100/QFX5110/EX4600. PR1437577

  • The LLDP function might fail when a Juniper device connects to a non-Juniper one. PR1462171

  • QFX5110-32Q: Some of the MAC addresses are missing from the MAC table in software after restarting the Packet Forwarding Engine. PR1467466

  • The fxpc core might be seen when committing the configuration all together, for example, after a reboot. PR1467763

  • Ingress traffic might be blackholed if underlying interfaces flap in EVPN/VXLAN scenario. PR1469596

  • Traffic might be affected if composite next hop is enabled. PR1474142

MPLS

  • On QFX10002 switches, the show mpls static-lsp | display xml command produces invalid XML. PR1469378

  • Traffic might be lost over QFX5100 switches acting as a transit PHP node in the MPLS network. PR1477301

Platform and Infrastructure

  • The SLAX script might be lost after upgrading software. PR1479803

Routing Protocols

  • OSPF VRF sessions might take a long time to come up when the host table is full and host routes are in the LPM table. PR1358289

  • Invalid VRRP mastership election is seen on QFX5110-VC peers. PR1367439

  • The traffic with destination UDP port 520 (RIP) or 521 (RIPng) gets dropped on QFX5000 and EX4600 switches. PR1429543

  • Host destined packets with filter log action might not reach to the routing engine if log/syslog is enabled. PR1379718

  • QFX5100 : BGP v4/v6 convergence & RIB install/delete time degraded in Junos OS Releases 19.1R1/19.2R1/19.3R1/19.4R1. PR1414121

  • On the QFX5000 Series platforms acting as Layer 2 circuit PE (tunnel terminating node), if VLAN 2 is used for Layer 2 circuit communication with CE node, the VLAN 2 packets might be dropped on PE. PR1474935

  • CRC errors might be seen on QFX5100 Virtual Chassis. PR1444845

  • Core files might be generated when the EVPN Type-5 routing instance is being added or removed. PR1455547

  • The egress interface in the Packet Forwarding Engine for some end hosts might not be correct on the Layer 3 gateway switch after it is rebooted. PR1460688

  • On QFX 5100 Virtual Chassis or Virtual Chassis Fabric, the brcm_ipmc_route_counter_delete:3900Multicast stat destroy failed (-10:Operation still running) error is seen after performing unified ISSU with Mini-PDT base configurations. PR1460791

  • When deleting an IRB I terface on the Layer 3 gateway, IRB does not get removed from the Paacket Forwarding Engine and might cause traffic to be discarded silently to IRB MAC address. PR1463092

  • The mcsnoopd crash might be seen if one BD/VLAN is configured as part of EVPN and it has any multicast router interfaces (static/dynamic). PR1468737

  • Traffic might not be forwarded over an ECMP link in an EVPN-VXLAN scenario. PR1475819

  • ARP packets are always sent to CPU regardless of whether the storm-control is activated. PR1476708

  • GRE transit traffic does not get forwarded in a VRRP scenario. PR1477073

Resolved Issues: 19.1R2

Class of Service (CoS)

  • On QFX10008, FPC0 crashes and generates a core file after running the Packet Forwarding Engine command show cos sched-usage. PR1449645

  • show cos scheds-per-pfe and show cos pfe-scheduler-ifds Packet Forwarding Engine commands will restart forwarding planes on QFX10008 switches PR1452013

EVPN

  • The rpd process crashes with EVPN type-3 route churn. PR1394803

  • The show evpn instance extensive esi command does not filter the output of desired ESI or neighbor information of an EVPN instance. PR1402175

  • ARP entry is still pointing to failed VTEP after PE-CE link fails for multihomed remote ESI. PR1420294

  • Multicast MAC address might be learned in the Ethernet switching table on QFX5000 and QFX10000 platforms with EVPN-VXLAN configured. PR1420764

  • The device may proxy the ARP probe packets in an EVPN environment. PR1427109

  • Unexpected next-hop operation error from Kernel to L2ald in a Layer 2 gateway during the MAC movement operation. PR1430764

  • Asynchronous between ARP table and Ethernet switching table happens if EVPN ESI link flap multiple times. PR1435306

  • The multihomed mac-ip table entry might not be cleaned when host MAC is deleted from MAC table. PR1436712

  • Configuring ESI on a single-homed 25G port might not work. PR1438227

  • When using no-arp-suppression, an ARP request might not be sent out when an ARP entry aged out. PR1441464

  • ARP and IPv6 neighbor entries cannot be cleared when they are learned from EVPN multi-home ESI. PR1446957

  • VLAN configuration change with l2ald restart might cause Kernel synchronization issues due and impact forwarding. PR1450832

  • When there is a VXLAN with VLAN ID of 2 on a QFX5100, ARP will not get resolved. PR1453865

  • ARP request/NS might be sent back to the local segment by DF router. PR1459830

Forwarding and Sampling

  • Commit error and dfwd core file might be observed when applying a firewall filter with action "then traffic-class" or "then dscp". PR1452435

General Routing

  • Certain QFX Series devices are vulnerable to 'Etherleak' memory disclosure in Ethernet padding data. PR1063645

  • The 1G copper module interface shows Link-mode: Half-duplex on QFX10000 line platforms. PR1286709

  • On QFX10002-60C, commit might be denied when L2 and L3/L4 mix-match conditions are configured on a L2 filter. PR1326715

  • On QFX5100 platforms, LR4 QSFP might take up to 15 minutes to come up after Virtual Chassis reboot. PR1337340

  • When powering off an individual FPC, the other FPC Packet Forwarding Engine might go offline. PR1344395

  • On QFX5210, when filter with routing instance is applied to a family inet logical interface, traffic gets discarded on unrelated interfaces. PR1364020

  • On QFX5120 and EX4650 line of switches, the convergence delay between PE1 and P router link is more than expected delay value. PR1364244

  • Traffic spikes generated by IPFIX might be seen on QFX10002. PR1365864

  • The backup member switch might fail to become the master switch after switchover on QFX5100, QFX5200, and EX4600 Virtual Chassis platform. PR1372521

  • RIPv2 update packets might not send with IGMP snooping enabled. PR1375332

  • New configuration statement to enable copying of Open vSwitch Database (OVSDB) to RAM on Virtual Chassis backup Routing Engine instead of SSD. PR1382522

  • FEC error counts are not updated for QFX5110. PR1382803

  • Static default route with next-table inet.0 does not work. PR1383419

  • The rpd end up with krt queue stuck might be seen in vrf scenario. PR1386475

  • Error message portmod_port_core_access_get: Invalid parameter seen in log messages. PR1388591

  • ARP received on SP-Style interface not sent to all RVTEPs in case of QFX5100 VC only, normal BUM traffic works fine. PR1388811

  • When show command is taking a long time to display results, the STP might change states because BPDUs are no longer processed and cause lots of outages. PR1390330

  • On QFX5110 fan LED turns Amber randomly. PR1398349

  • The interrupt process consumes high CPU because of the intr{swi4: clock (0)} on QFX5100-48t-6Q running a QFX5100 Series image and Junos OS Release 18.x code. PR1398632

  • The DHCPv6 relay-reply packet might be dropped by the DHCP relay. PR1399683

  • On QFX5100, traffic initiated from a server connected to an interface will be dropped at the interface on the switch if the interface was configured with family ethernet-switching with VXLAN and the configuration is changed to family inet. PR1399733

  • On QFX5110 platforms, from Junos OS Release 17.3 and later, the interfaces with SFP-LX10 transceivers and auto-negotiation enabled(default configuration) might be down. PR1399878

  • On QFX5120-32C Error logs for flex counter seen with GRE configuration. PR1400515

  • QSFP-100GBASE-SR4/LR4 might take a long time to come up after disabling interface or reboot PR1402127

  • The DHCP discover packets are forwarded out of an interface incorrectly if DHCP snooping is configured on that interface PR1403528

  • Executing command "request system configuration rescue save" may fail with error messages PR1405189

  • DHCP Not working for some clients in dual AD fusion setup on EP ports. PR1405495

  • Ping over loopback might not work over TYPE 5 tunnel on QFX10000 platforms PR1405786

  • QFX5120 : In VxLAN-EVPN configuration, transition from collapsed to non-collapsed L2/L3 GW and vice versa needs switch reload PR1405956

  • QFX5200/5100 might not be able to send out control plane traffic to the peering device PR1406242

  • QFX10002 showing error fpc0 prds_ptc_clear_all_pulse_and_samples: prds_ptc_clear_all_pulse_and_samples PE 4 PTC 2: after clearing sample, sample still valid 1 PR1407095

  • No inner VLAN tag is added even with input-vlan-map push configured on QFX10000 platforms. PR1407347

  • MAC address movement might not happen in Flexible Ethernet Services mode when family inet/inet6 and vlan-bridge are configured on the same physical interface. PR1408230

  • Fan failure alarms might be seen on QFX5100-96S after upgrade to Junos OS Release 17.3R1. PR1408380

  • Restarting line card on QFX10008 and QFX10016 with MC-LAG enhanced-convergence, the intra-vlan traffic might silently be dropped or discarded. PR1409631

  • LLDP memory leak when ieee dcbx packet is received in auto-neg mode followed by another dcbx packet with none of ieee_dcbx tlvs present. PR1410239

  • On QFX5120 platform with QSFP-100G-PSM4 transceiver, because of the timing fault on FPGA (Field Programmable Gate Array) hardware, the link might go down as TX laser being disabled. PR1410687

  • On EX2300-24P or QFX5100, error message dc-pfe: BRCM_NH-,brcm_nh_resolve_get_nexthop(),346:Failed to find if family might be seen. PR1410717

  • The optic comes with Tx enabled by default. As the port is administratively disabled, the port is stopped but as the port has not been started, it does not disable Tx. PR1411015

  • Storm control not shutting down mc-ae interface. PR1411338

  • The spfe on satellite device in Junos fusion setup might crash and it could cause the satellite device to get offline. PR1412279

  • PEM alarm for backup FPC will be remained on master FPC though backup FPC is detached from Virtual Chassis. PR1412429

  • Junos PCC might reject PCUpdate/PCCreate message if there is a metric type other than type 2. PR1412659

  • On QFX5120 devices route table is full for IPv6 routes in some scenario. PR1412873

  • QFX5K: EVPN / VxLAN: Mutlicast NH limit is 4K. PR1414213

  • The QFX10002 might stop forwarding packets after the "chassis-control" process restarts. PR1414434

  • VC Ports using DAC may not establish link on QFX5200 PR1414492

  • DC output information is missing in the "show chassis environment pem" output for whitebox PR1414703

  • VXLAN Encapsulation nexthop (VENH) doesnt get installed during BGP flap or restart routing. PR1415450

  • Changing FEC parameter for 100GE interfaces with QSFP-100GBASE-SR4 optics is not taking effect PR1416376

  • Two instances of Junos are running after Junos upgrade to 18.1R3-S3.7 PR1416585

  • The dcpfe crash might be seen in EVPN-VXLAN scenario PR1416925

  • MAC learning might not happen on trunk mode interface in EVPN/MPLS scenario. PR1416987

  • Extended remote port mirroring traffic is not tagged when the output interface is a trunk port. PR1418162

  • Traffic loss might be seen on the ae interface on QFX10000 platforms PR1418396

  • Traffic loss might be seen after NSSU operation. PR1418889

  • Rebooting QFX5200-48Y using "request system reboot" doesn't take physical links offline immediately PR1419465

  • The 100G PSM4 optics connected ports go down randomly during a repeated power cycle PR1419826

  • Traffic drop might be observed when transit static LSP is configured on EX4650 and QFX5120 platforms PR1420370

  • Ping fails over Type-5 tunnel on IRB interfaces under EVPN-VXLAN scenario PR1420785

  • An interface may go to downstate on QFX10000/PTX10000 platform PR1421075

  • QFX5120-32C: DHCP binding on client might fail when QFX5120-32C acting as DHCP server, this is seen only for channelized port PR1421110

  • fusion: ETS config not applied on non-cascade ports when AD is rebooted PR1421429

  • BFD might stuck in slow mode on QFX10002/QFX10008/QFX100016 platform PR1422789

  • QFX5100-48T 10G interface might be auto-negotiated at 1G speed instead of 10G PR1422958

  • The interface can not get up when the remote-connected interface only supports 100M in QFX5100 VC setup PR1423171

  • IPv6 multicast traffic received on one VC member might be dropped when egressing on other VC member if MLD snooping is enabled PR1423310

  • ON QFX5120-32C , BUM traffic coming over irb underlay interface gets dropped on destination vtep in PIM based VxLAN PR1423705

  • Traffic is dropped after FPC reboot with AE member links deactivated by remote device PR1423707

  • The Jflow export might fail when channelization is configured on FPC QFX10000-30C PR1423761

  • Ping over EVPN type-5 route to QFX10000 does not work. PR1423928

  • All interfaces will be down and the dcpfe will get crash if SFP-T is inserted on QFX5210. PR1424090

  • IPv6 communication issue might be seen after passing through QFX10002-60C platforms. PR1424244

  • QFX5120 QSFP-100G-PSM4 become undetected and come back up as channelized interfaces. PR1424647

  • All interfaces creation failed after NSSU PR1425716

  • The dcpfe or PFE might not start on AS7816-64X and QFX5K TVP platform devices. PR1426737

  • QFX5210: Received LLDP frames on em0 not displaying in LLDP neighbor output PR1426753

  • Heap memory leak might be seen on QFX10000 platforms PR1427090

  • CRC errors can be seen when other manufacturer device is connected to QFX10000 with QSFP-100GBASE-LR4-T2 optics. PR1427093

  • Rebooting or halting VC member might cause 30 seconds down on RTG link. PR1427500

  • QFX5100-VCF 'rollback' for uncommitted configuration takes 1 hour. PR1427632

  • On QFX10000 platforms certain interfaces might go to down state. PR1427883

  • The dcpfe process might crash and restart in MC-LAG scenario when the ARP/NDP next hop is changed. PR1427994

  • QFX5120-48Y interface with optic "QSFP-100GBASE-ER4L" is not coming up in Junos OS Release 18.3R1-S2.1. PR1428113

  • Licenses used flag for ovsdb on show system license might not be flagged even though ovsdb is configured and working. PR1428207

  • In correct display of MAC/MAC+IP and count values, after setting global-mac-limit and global-mac-ip-limit. PR1428572

  • EVPN-VXLAN l2ald process might generate a core file when number of VXLAN HW IFBDS exceeds the maximum limit of 16382. PR1428936

  • On QFX10008 after Routing Engine switchover, the LED status is not set for missing fan tray. PR1429309

  • DHCP-relay may not work in an EVPN-VxLAN scenario PR1429506

  • Extra incorrect MAC move might be seen when the host moves continuously between the different ESI. PR1429821

  • Interface on QFX5120 switches does not come up after the transceiver is replaced with one having different speed. PR1430115

  • In collapsed VGA4 script ping on shared ESI R6 to R7 IRB address is failing. PR1430327

  • Traffic impact might be seen on QFX10000 platforms with interface hold-down timer configured. PR1430722

  • On QFX Series switches, the Validation of meta data files failed message is seen on hypervisor. PR1431111

  • SIB Link Error error message is detected on a specific Packet Forwarding Engine might cause complete service impact. PR1431592

  • The dcpfe might crash on all line cards on QFX10000 in scaled setup. PR1431735

  • The et- interfaces might not come up on QFX10000-60S-6Q. PR1431743

  • All ingress traffic might be dropped on 100m fixed speed port with no-auto-negotiation enabled. PR1431885

  • The optical power of interface might gradually reduce the optical power for almost 3 minutes after issuing request system reboot at now on QFX5110 and QFX5120. PR1431900

  • L2 traffic drop on QFX10000 with interface MTU lower than 270 bytes. PR1431902

  • Outer VLAN tag may not be pushed in the egress VXLAN traffic towards the host for QinQ scenario PR1432703

  • Traffic loss might be seen on QFX10000 platforms using LC1105. PR1433300

  • L3 filters applied to PVLAN IRB interface might not work after ISSU. PR1434941

  • SIB/FPC link rrror alarms might be observed on QFX10000 due to a single CRC. PR1435705

  • The mc-ae interface might get stuck in waiting state in dual mc-ae scenario. PR1435874

  • QFX5200 NSSU: dcpfe core file is seen after NSSU upgrade of backup followed by reboot. PR1435963

  • DHCP discover packets sent to IP addresses in the same subnet as IRB interface cause the QFX5110 to send bogus traffic out of dhcp-snooping enabled interfaces. PR1436436

  • Unknown SNMP trap (1.3.6.1.4.1.2636.3.69.1.0.0.1) sent on QFX5110 restart. PR1436968

  • The FPC might crash if both the aggregated Ethernet bundle flapping on local device and the configuration change on peer device occur at the same time. PR1437295

  • QFX5110, QFX5200, QFX5210 There is no jnxFruOK SNMP trap message when only the Power cable is disconnected and connected back. PR1437709

  • The DHCP snooping table might be cleared for VLAN ID 1 after adding a new VLAN ID to it. PR1438351

  • Port LED turns red when cable connected on QFX5210. PR1438359

  • Interfaces configured with flexible-vlan-tagging might loss connectivity. PR1439073

  • The xSTP recognizes 1G SFP-T optic interface as LAN type resulting in slow STP convergence. PR1439095

  • LACP MUX state struck in "Attached" after disabling peer active members when link protection is enabled on local along with force-up. PR1439268

  • DHCPv6 relay binding is not up while verifying the DHCP snooping along with DHCPv6 relay. PR1439844

  • EX4600 Virtual Chassis does not come up after replacing Virtual Chassis port from fiber connection to DAC cable. PR1440062

  • MAC addresses learned on RTG might not be aged out after a Virtual Chassis member rebooted. PR1440574

  • Layer 2 and Layer 3 traffic drop is seen on disabling and then re-enabling mclag. PR1440732

  • On QFX5110 switches, Layer 2 and Layer 3 logical interfaces on physical interfaces flexible-ethernet-services VXLAN passing over Layer 2 physical breaks, Layer 3 P2P communication. PR1441690

  • The operational status of the interface in hardware and software might be out of synchronization in EVPN setup with arp-proxy feature enabled. PR1442310

  • Flow control does not work as expected on 100-Gigabit Ethernet interface of QFX5110. PR1442522

  • The PMTUD might not work for both IPv4 and IPv6 if the ingress Layer 3 interface is an IRB. PR1442587

  • DHCPv6 client might fail to get an IP address. PR1442867

  • When a line card is rebooted, the MC-LAG might not get programmed after the line card comes back online. PR1444100

  • On QFX5200, the error DCBCM[bcore_init]: ioctl call failed ret:0 failure message is observed when changing UFT profile in FPC logs. PR1445855

  • On QFX10008 traffic impact might be seen when the JSRV interface is used. PR1445939

  • CoS classifier might not work as expected. PR1445960

  • Traffic is discarded for only specified VLAN in IPACL_VXLAN filters. PR1446489

  • Long IPv6 address are not displayed fully on IPv6 neighbor table. PR1447115

  • Unicast arp requests are not replied with no-arp-trap option. PR1448071

  • Rebooting QFX5120-48Y using request system reboot does not take physical links offline immediately. PR1448102

  • QFX10000 -- QSFP28 100G AOC / 740-065632 & QSFP+ 40G / 740-043308 transceiver -- port LED remains lit green after disconnecting one end PR1448121

  • Except one aggregated Ethernet member link, the other links do not send out sFlow sample packets for ingress traffic. PR1449568

  • On QFX5120, the incoming L3-encapsulated packets are dropped on L3VPN MPLS PE-CE interface. PR1451032

  • vgd core files might be generated on any platforms supporting OVSDB. PR1452149

  • DHCP offer packet with unicast flag set gets dropped by QFX10000 in a VXLAN multi-homed setup using anycast IP. PR1452870

  • Configuration change in VLAN all option might affect the per VLAN configuration. PR1453505

  • The classifier configuration does not get applied to the interface in an EVPN/VXLAN environment. PR1453512

  • show chassis led shows incorrect status. PR1453821

  • QFX10002-60c EVPN-VXLAN, MAC+IP count is shown as zero. PR1454603

  • The laser from the 10G SFP+ interface is still on when the interface is disabled or the device is rebooted. PR1456742

  • Over temperature SNMP trap messages are shown up after update even though the temperature are within the system thresholds. PR1457456

  • The BPDU packet might be looped between leaf DF switch and non-DF switch and blocks traffic. PR1458929

  • The forwarding option is missed in routing instance type. PR1460181

  • In EVPN scenario memory leak might be observed when proxy-macip-advertisement is configured. PR1461677

Interfaces and Chassis

  • Changing the value of mac-table-size to default might reboot all the FPCs. PR1386768

  • Missing mandatory ICCP configuration statement redundancy-group-id-list produces misleading error message. PR1402606

  • The logical interfaces in EVPN routing instances might flap after committing configurations. PR1425339

  • VRRP-V6 state is flapping with init and idle states after configuring vlan-tagging. PR1445370

  • An ARP entry is not learned at one of mc-lag device at QFX10000. PR1449806

  • Flooding of ARP reply unicast packets for switch VRRP MAC address through every port in VLAN. PR1454764

  • The traffic might be forwarded to incorrect interfaces in MC-LAG scenario. PR1465077

Layer 2 Ethernet Services

  • LACP PDU might be looped towards peer MC-LAG nodes. PR1379022

  • BFD might flap when some of underlay ECMP interfaces are disabled in the leaf nodes. PR1416941

  • The malfunction of core isolation feature in EVPN-VxLAN scenarios causes traffic drop. PR1417729

  • The DHCP decline packets are not forwarded to DHCP server when forward-only is set within dhcp-reply. PR1429456

Layer 2 Features

  • Storm control configuration may be disabled for the interface. PR1354889

  • VxLAN next hop entry leak issue on QFX5000 platforms. PR1387757

  • With IGMP snooping enabled on the LEAF switches, multicast traffic is forwarded to VLAN/VNI which does not have active receiver. PR1388888

  • On QFX Series line of switches, the following error message Failed with error (-7) while deleting the trunk 1 on the device 0 is observed when adding or removing local-bias setting on SP style LAG interface. PR1393276

  • QinQ might be malfunctioning if vlan-id-lists are configured. PR1395312

  • On QFX5000 line of switches, symmetric hashing can be configured with the hashing options, though it cannot be enabled and stored in the Junos OS configuration. PR1397229

  • On QFX Series EVPN-VXLAN, unicast IPv6 NS message floods on L3 gateway. Therefore, both IPv4 and IPv6 traffic drops on L2SW. PR1405814

  • IGMP-snooping on EVPN-VXLAN might impact OSPF hello packets flooding after VTEP leaf reboot. PR1406502

  • QFX5110 Virtual Chassis generates DDoS messages of different protocols on inserting a 1G/10G SFP or forming VCP connection. PR1410649

  • Packet loss might be seen when one of the Spine switch fails or reboots. PR1421672

  • Stale entries might be observed in a layer 3 VXLAN gateway scenario. PR1423368

  • The fxpc might continually crash when firewall filter is applied on a logical unit of a dsc interface. PR1428350

  • ERPS nodes do not converge to IDLE state after failure recovery or reboot. PR1431262

  • EVPN-VXLAN non-collapsed JTASK and multimove depth failed errors seen after HALT. PR1434687

  • Transit DHCPv6 packets might be dropped on QFX5100 and QFX5200 platforms. PR1436415

  • The MAC/ARP learning might not work for copper base SFP-T on QFX5100 and QFX5110. PR1437577

  • QFX5000 switches are not properly hashing MPLS transit traffic from VXLAN to L2 LAG. PR1448488

  • Unequal LAG hashing is seen on QFX5100 running Junos OS Release 14.1X53-D28.17. PR1455161

MPLS

  • Traffic loss might be observed after changing configuration under protocols mpls in ldp-tunneling scenario. PR1428081

  • The l2circuit traffic might silently get dropped or discarded at EVPN SPINE/MPLS LSP TRANSIT device if VXLAN access interface flaps on remote PE node. PR1435504

  • Packet loss might occur when ECMP resilient-hash is enabled on QFX5200 switch. PR1442033

Platform and Infrastructure

  • REST API process will get non-responsive when a number of request coming with a high rate. PR1449987

Routing Protocols

  • Some storm control error logs might be seen on QFX Series platforms. PR1355607

  • Value added in hexa after unknown ext-community is getting reset to 0. PR1371448

  • Host destined packets with filter log action might not reach to the Routing Engine if log or syslog is enabled. PR1379718

  • The IRB transit traffic might not be counted for EVPN/VXLAN traffic. PR1383680

  • EVPN VXLAN non-collapsed: AUTONEG errors and flush operation failed error are seen after the power cycle of the device. PR1394866

  • On QFX5110, the firewall filter applied on VxLAN mapped VLAN is not supported in EVPN-VxLAN scenario. PR1398237

  • ERACL firewall group will operate in double wide mode for QFX5110 in Junos OS Release 19.1R1. PR1408670

  • ICMPv6 RA packets generated by Routing Engine might be dropped on the backup member of Virtual Chassis if igmp-snooping is configured. PR1413543

  • The dcpfe might crash when any interface flap. PR1415297

  • The QFX and EX switch may not install all IRB MAC addresses in the initialization PR1416025

  • The same traffic flow might be forwarded to different ECMP next hops on QFX5K. platforms PR1422324

  • The traffic loss might start after deleting IRB logical interface. PR1424284

  • The rpd might generate a core file because of the improper handling of graceful restart stale routes. PR1427987

  • BGP statement multipath multiple-as does not work in specific scenario. PR1430899

  • BGP session might go into down status once the traffic flow starts. PR1431259

  • fxpc core file is generated once during reboot due to Bad Chip ID. PR1432023

  • Ping fails over type-5 tunnel on IRB interfaces under EVPN-VXLAN scenario. PR1433918

  • The IPv4 fragmented packets might be broken if PTP transparent clock is configured. PR1437943

  • The bandwidth value of the DDoS-protection might cause the packets loss after the device reboot. PR1440847

  • Traffic might be dropped after the QinQ enabled interface is flapped or a change is made to the vlan-id-list. PR1441402

  • On QFX5210, firewall filter DSCP action modifier does not work when firewall filter is mapped to IRB. PR1441444

  • The rpd process might crash in inter-AS option B L3VPN scenario if CNHs is used. PR1442291

  • IPv6 connectivity between MC-LAG peers might fail when multiple IRB interfaces are present. PR1443507

  • PIM (S,G) joins might cause MSDP to incorrectly announce source active messages in some cases. PR1443713

  • The QFX5120 might drop the tunnel encapsulated packets if it acts as a transit device. PR1447128

  • Loopback address exported into other VRF instance might not work on QFX Series platforms. PR1449410

  • MPLS LDP might still use stale MAC of the neighbor even the LDP neighbor's MAC changes. PR1451217

  • A few seconds of traffic drop might be seen on the existing receivers when another receiver joins or leaves. PR1457228

  • The egress interface in Packet Forwarding Engine for some end-hosts might not be correct on the layer 3 gateway switch after it is rebooted. PR1460688

User Interface and Configuration

  • QFX5100 devices are unable to commit baseline configuration after zeroize. PR1426341

Resolved Issues: 19.1R1

EVPN

  • A few minutes of traffic loss might be observed during recovery from link failure. PR1396597

  • VNI is not updated on default route 0.0.0.0/0 advertised by EVPN type 5 prefix when the local is configuration changed. PR1396915

  • EVPN routes might show Route Label: 0 in addition to the real label. PR1405695

  • The rpd might crash after NSR switchover. PR1408749

Interfaces and Chassis

  • Constant dcpfe process crash might be seen if using an unsupported GRE interface configuration. PR1369757

Layer 2 Ethernet Services

  • After GRES switchover, LACP will be down on the peer device and never recover automatically. PR1395943

Layer 2 Features

  • The IPv6 NS/NA packets coming from the remote VTEP are not getting forwarded to the local host. PR1387519

  • The dcpfe process might crash after VXLAN overlay ping. PR1388103

  • With IGMP snooping enabled on the leaf switches, multicast traffic is forwarded to VLAN/VNI, which doesn't have an active receiver. PR1388888

  • RTG MAC refresh packets will be sent out from non-RTG ports if the RTG interface belonging to the Virtual Chassis master flaps. PR1389695

  • Packets destined to 01:00:0c:cc:cc:cc are not forwarded on QFX10000. PR1389829

  • EVPN-VXLAN: Dcpfe is restarted at the _bcm_field_td_counter_last_hw_val_update routine after upgrading spine with latest image. PR1398251

  • On QFX5000, dcpfe process crash might be observed during restart of Packet Forwarding Engine or system with scaled EVPN/VXLAN configuration. PR1403305

  • The IPv6 NS/NA packets received over VTEP from an ESI host are incorrectly flooded back to the host. PR1405820

  • With Junos OS releases before 19.1R1, on devices with cut-through configuration enabled, after reboot of the device, cut-through mode will be disabled on the channelized interfaces. PR1407706

  • With arp-suppression/proxy-arp feature, QFX5100 or QFX5110 might not forward IPv6 Router Solicitations or Advertisements. PR1414496

MPLS

  • LSP "statistics" and "auto-bandwidth" functionality might not take effect with single-hop LSPs. PR1390445

Network Management and Monitoring

  • Log files might not get compressed during the upgrade. PR1414303

Platform and Infrastructure

  • The 1-Gigabit Ethernet copper module interface shows "Link-mode: Half-duplex" on QFX10000 line platforms. PR1286709

  • Optics BiDi: FEC incorrectly displayed on QFX5110 and QFX10002-36Q. PR1360948

  • SFP-T might not work on QFX5100/QFX5110 devices. PR1366218

  • The first 2 characters out of 14 of AS7816-64 serial number is truncated. PR1371126

  • For the Junos OS 18.1R1 or later, USB image installation on QFX5210-64C, an AMI BIOS upgrade is required. PR1371199

  • Packet Forwarding Engine is in a bad state after performing optics insertion or removal on a port. PR1372041

  • The IPv6 routed packet might be transmitted through an interface whose VRRP state is in non-master. PR1372163

  • QFX5110 ethernet-switching flood group shows incorrect information. PR1374436

  • Packet Forwarding Engine wedge might be observed if there are interfaces going to the down state. PR1376366

  • EM policy update is needed on QFX5210-64C. PR1380077

  • The overlay ECMP might not work as expected on QFX5110 in an EVPN-VXLAN environment. PR1380084

  • IPv6 ping might fail for spine node in EVPN scenario. PR1380590

  • Traffic black hole is caused by FPC offline in MC-LAG scenario. PR1381446

  • The QFX-QSFP-40G-SR4 transceiver might not be recognized after upgrading Junos OS on QFX5100e. PR1381545

  • LACP gets stuck in detached/attached state when the interface is configured with native VLAN ID and VXLAN VLAN. PR1382209

  • QFX10008 continuously shows RPD_KRT_Q_RETRIES: list nexthop ADD: No such file or directory. PR1383426

  • The DMA failure errors might be seen when the cache is flushed or the cache is full. PR1383608

  • DHCP packets might be dropped on a Junos fusion Data Center scenario (QFX10000 line of devices). PR1383623

  • Last reboot reason is not correct if device is rebooted because of power cycle. PR1383693

  • The Virtual Chassis could not come up after upgrading to QFX5E platforms (TVP-based platforms for QFX5100 or QFX5200 switches). PR1383876

  • A “force host” upgrade is required for QFX5110-48S-4C in Junos OS Release 18.4 if the PTP over IPV6 G.8275.2 feature is configured. PR1384073

  • Tuning issue exist for SFPP-10G-DT-ZRC2 and SFPP-10G-CT50-ZR. PR1384524

  • QFX5120: Occasionally two of the channelized 25-Gigabit Ethernet ports using 4x25G breakout cable will not come up after Junos OS reboot. PR1384898

  • The IPv6 packet might not be routed when the IPv6 packet is encapsulated over IPv4 GRE tunnel on QFX10000. PR1385723

  • The spine EVPN routes might be stuck in a hidden state with next hop as unusable after FPC is offline in the spine. PR1386147

  • DDoS statistics and logging are not working for internal queues such as Q42 and Q4. PR1387508

  • Traffic drop might be seen on QFX10000 platform with EVPN-VXLAN configured. PR1387593

  • QFX5100/QFX5110/QFX5200/QFX5210 Virtual Chassis could not be formed normally. PR1387730

  • Certain log messages might be observed on QFX Series platforms. PR1388479

  • MAC learning might stop working on some LAG interfaces. PR1389411

  • FPC might crash on QFX5100 and EX4600 platforms in a large-scale scenario. PR1389872

  • The vmcore might be seen when routing changes are made on the peer spine in an EVPN VXLAN scenario. PR1390573

  • An incorrect error message might be seen when J-Flow sensors are configured with reporting rate less than 30 seconds. PR1390740

  • Smid core file is seen during sanity script execution on QFX5100 and EX4300. PR1391909

  • Sdk-vmmd might consistently write to the memory. PR1393044

  • 10-Gigabit Ethernet copper link flapping might happen during TISSU operation of QFX5100-48T switches. PR1393628

  • IPV6 next-hop programming issue might be observed on QFX10000/PTX1000/PTX10000 devices. PR1393937

  • L2ALD core file is seen when l2-learning traceoptions were enabled. PR1394380

  • DRAM and buffer utilization fields are not correct for QFX10000 platforms. PR1394978

  • PTP over Ethernet traffic could be dropped if IGMP and PTP TC are configured together. PR1395186

  • DOT1XD core found at pnac_bd_create pnac_bdm_handler knl_async_receive_and_process. PR1395384

  • Unable to install licenses automatically on QFX Series platforms. PR1395534

  • BRCM_NH-,brcm_bcm_mpls_tunnel_initiator_clear(),226:bcm_mpls_tunnel_initiator_get failed intf = 4 failure error logs might seen in syslog. PR1396014

  • If GRES/NSR is enabled on a QFX5100 (single Routing Engine), DHCP subscribers are failing to bind. PR1396470

  • QFX10002-60C: FPC might not be detected after the ukern crashes. PR1396507

  • High jsd or na-grpcd CPU usage might be seen even JET or JTI is not used. PR1398398

  • The DHCPv6 relay packets are dropped when both the UDP source and destination ports are 547. PR1399067

  • CPU hog might be observed on QFX10000 platform. PR1399369

  • The DHCPv6 relay-reply packet might be dropped by the DHCP relay. PR1399683

  • ARP refresh functionality might fail in an EVPN scenario. PR1399873

  • PEM I2C failure alarm might be showed incorrectly as failed. PR1400380

  • MAC-limit with persistent MAC is not working after reboot. PR1400507

  • Only one Packet Forwarding Engine could be disabled on FPC with multiple Packet Forwarding Engines in error/wedge condition. PR1400716

  • The authd might crash when issuing show network-access requests pending command during the authd restarting. PR1401249

  • File permissions are changed for /var/db/scripts files after reboot. PR1402852

  • The VRRP VIP might not work when it is configured on the LAG interface. PR1404822

  • ARP/ND will not be resolved in case of native VLAN ID configured for LAG access interface. PR1404895

  • Commit warning occurs on QFX5100. PR1405138

  • VXLAN transit traffic over tagged underlay L3 Interface gets dropped due to hardware limitation. PR1406282

  • EVPN-VXLAN: QFX10002: With arp-suppression present (enabled by default), packets egressing the QFX Series switch are tagged with 4095 VLAN when using SP-style configurations on the ports. PR1407059

  • DHCP discover packets are getting dropped over VXLAN tunnel on a pure L2 VLAN when DHCP relay is enabled for other VLANs. PR1408161

  • The FPC might crash and could not come up if interface-num or next hop is set to maximum value under vxlan-routing on QFX Series platforms. PR1409949

Routing Protocols

  • QFX5120: The command output show pfe route summary hw will show different scale values for the IPv4 and IPv6 LPM routes rather than the supported scale. PR1366579

  • Host-destined packets with filter log action might reach the Routing Engine. PR1379718

  • MMU errors on QFX5200 running Junos OS Release 15.1X53-D234.2. PR1381790

  • BUM packets might get looped if EVPN multihoming interface flaps. PR1387063

  • The next hop in hardware for existing ECMP route might not be updated when ecmp-resilient-hash is configured. PR1387713

  • CLI show evpn igmp-snooping database extensive output needs to be modified according to the SMET functionality. PR1391406

  • On QFX5110 and QFX5200 switches, the non-collapsed EVPN-VXLAN dcfpe core file is seen at brcm_pkt_tx_flush, l2alm_mac_ip_timer_handle_expiry_event_loc after a random event. PR1397205

Documentation Updates

There are no errata or changes in Junos OS Release 19.1R3 documentation for the QFX Series.

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network.

Upgrading Software on QFX Series Switches

When upgrading or downgrading Junos OS, always use the jinstall package. Use other packages (such as the jbundle package) only when so instructed by a Juniper Networks support representative. For information about the contents of the jinstall package and details of the installation process, see the Installation and Upgrade Guide and Junos OS Basics in the QFX Series documentation.

If you are not familiar with the download and installation process, follow these steps:

  1. In a browser, go to https://www.juniper.net/support/downloads/junos.html.

    The Junos Platforms Download Software page appears.

  2. In the QFX Series section of the Junos Platforms Download Software page, select the QFX Series platform for which you want to download the software.
  3. Select 18.3 in the Release pull-down list to the right of the Software tab on the Download Software page.
  4. In the Install Package section of the Software tab, select the QFX Series Install Package for the 18.3 release.

    An Alert box appears.

  5. In the Alert box, click the link to the PSN document for details about the software, and click the link to download it.

    A login screen appears.

  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.
  7. Download the software to a local host.
  8. Copy the software to the device or to your internal software distribution site.
  9. Install the new jinstall package on the device.Note

    We recommend that you upgrade all software packages out of band using the console, because in-band connections are lost during the upgrade process.

    Customers in the United States and Canada use the following command:

    user@host> request system software add source/jinstall-host-qfx-5-x86-64-18.3-R1.n-secure-signed.tgz reboot

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the switch.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname (available only for Canada and U.S. version)

    Adding the reboot command reboots the switch after the upgrade is installed. When the reboot is complete, the switch displays the login prompt. The loading process can take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note

After you install a Junos OS Release 18.3 jinstall package, you can issue the request system software rollback command to return to the previously installed software.

Installing the Software on QFX10002-60C Switches

This section explains how to upgrade the software, which includes both the host OS and the Junos OS. This upgrade requires that you use a VM host package—for example, a junos-vmhost-install-x.tgz .

During a software upgrade, the alternate partition of the SSD is upgraded, which will become primary partition after a reboot .If there is a boot failure on the primary SSD, the switch can boot using the snapshot available on the alternate SSD.

Note

The QFX10002-60C switch supports only the 64-bit version of Junos OS.

Note

If you have important files in directories other than /config and /var, copy the files to a secure location before upgrading. The files under /config and /var (except /var/etc) are preserved after the upgrade.

To upgrade the software, you can use the following methods:

If the installation package resides locally on the switch, execute the request vmhost software add <pathname><source> command.

For example:

user@switch> request vmhost software add /var/tmp/junos-vmhost-install-qfx-x86-64-18.1R1.9.tgz

If the Install Package resides remotely from the switch, execute the request vmhost software add <pathname><source> command.

For example:

user@switch> request vmhost software add ftp://ftpserver/directory/junos-vmhost-install-qfx-x86-64-18.1R1.9.tgz

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Installing the Software on QFX10002 Switches

Note

If you are upgrading from a version of software that does not have the FreeBSD 10 kernel (15.1X53-D30, for example), you will need to upgrade from Junos OS Release 15.1X53-D30 to Junos OS Release 15.1X53-D32. After you have installed Junos OS Release 15.1X53-D32, you can upgrade to Junos OS Release 15.1X53-D60 or Junos OS Release 18.3R1.

Note

On the switch, use the force-host option to force-install the latest version of the Host OS. However, by default, if the Host OS version is different from the one that is already installed on the switch, the latest version is installed without using the force-host option.

If the installation package resides locally on the switch, execute the request system software add <pathname><source> reboot command.

For example:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-f-x86-64-18.3R1.n-secure-signed.tgz reboot

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> reboot command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-f-x86-64-18.3R1.n-secure-signed.tgz reboot

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Upgrading Software from Junos OS Release 15.1X53-D3X to Junos OS Release 15.1X53-D60, 15.1X53-D61.7, 15.1X53-D62, and 15.1X53-D63 on QFX10008 and QFX10016 Switches

Note

Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://www.juniper.net/support.

The switch contains two Routing Engines, so you will need to install the software on each Routing Engine (re0 and re1).

If the installation package resides locally on the switch, execute the request system software add <pathname><source> command.

To install the software on re0:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re0

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re0 command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re0

To install the software on re1:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re1

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re1 command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re1

Reboot both Routing Engines.

For example:

user@switch> request system reboot both-routing-engines

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Installing the Software on QFX10008 and QFX10016 Switches

Because the switch has two Routing Engines, perform a Junos OS installation on each Routing Engine separately to avoid disrupting network operation.

Note

Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://www.juniper.net/support.

Warning

If graceful Routing Engine switchover (GRES), nonstop bridging (NSB), or nonstop active routing (NSR) is enabled when you initiate a software installation, the software does not install properly. Make sure you issue the CLI delete chassis redundancy command when prompted. If GRES is enabled, it will be removed with the redundancy command. By default, NSR is disabled. If NSR is enabled, remove the nonstop-routing statement from the [edit routing-options] hierarchy level to disable it.

  1. Log in to the master Routing Engine’s console.

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  2. From the command line, enter configuration mode:

    user@switch> configure
  3. Disable Routing Engine redundancy:

    user@switch# delete chassis redundancy
  4. Disable nonstop-bridging:

    user@switch# delete protocols layer2-control nonstop-bridging
  5. Save the configuration change on both Routing Engines:

    user@switch# commit synchronize
  6. Exit the CLI configuration mode:

    user@switch# exit

    After the switch has been prepared, you first install the new Junos OS release on the backup Routing Engine, while keeping the currently running software version on the master Routing Engine. This enables the master Routing Engine to continue operations, minimizing disruption to your network.

    After making sure that the new software version is running correctly on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the software version on the other Routing Engine.

  7. Log in to the console port on the other Routing Engine (currently the backup).

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  8. Install the new software package using the request system software add command:

    user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-f-x86-64-18.3R1.n-secure-signed.tgz

    For more information about the request system software add command, see the CLI Explorer.

  9. Reboot the switch to start the new software using the request system reboot command:

    user@switch> request system reboot
    Note

    You must reboot the switch to load the new installation of Junos OS on the switch.

    To abort the installation, do not reboot your switch. Instead, finish the installation and then issue the request system software delete <package-name> command. This is your last chance to stop the installation.

    All the software is loaded when you reboot the switch. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.

    While the software is being upgraded, the Routing Engine on which you are performing the installation is not sending traffic.

  10. Log in and issue the show version command to verify the version of the software installed.

    user@switch> show version

    Once the software is installed on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the master Routing Engine software.

  11. Log in to the master Routing Engine console port.

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  12. Transfer routing control to the backup Routing Engine:

    user@switch> request chassis routing-engine master switch

    For more information about the request chassis routing-engine master command, see the CLI Explorer.

  13. Verify that the backup Routing Engine (slot 1) is the master Routing Engine:

    user@switch> show chassis routing-engine
  14. Install the new software package using the request system software add command:

    user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-f-x86-64-18.3R1.n-secure-signed.tgz

    For more information about the request system software add command, see the CLI Explorer.

  15. Reboot the Routing Engine using the request system reboot command:

    user@switch> request system reboot
    Note

    You must reboot to load the new installation of Junos OS on the switch.

    To abort the installation, do not reboot your system. Instead, finish the installation and then issue the request system software delete jinstall <package-name> command. This is your last chance to stop the installation.

    The software is loaded when you reboot the system. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.

    While the software is being upgraded, the Routing Engine on which you are performing the installation does not send traffic.

  16. Log in and issue the show version command to verify the version of the software installed.

  17. Transfer routing control back to the master Routing Engine:

    user@switch> request chassis routing-engine master switch

    For more information about the request chassis routing-engine master command, see the CLI Explorer.

  18. Verify that the master Routing Engine (slot 0) is indeed the master Routing Engine:

    user@switch> show chassis routing-engine

Performing a Unified ISSU

You can use unified ISSU to upgrade the software running on the switch with minimal traffic disruption during the upgrade.

Note

Unified ISSU is supported in Junos OS Release 13.2X51-D15 and later.

Perform the following tasks:

Preparing the Switch for Software Installation

Before you begin software installation using unified ISSU:

  • Ensure that nonstop active routing (NSR), nonstop bridging (NSB), and graceful Routing Engine switchover (GRES) are enabled. NSB and GRES enable NSB-supported Layer 2 protocols to synchronize protocol information between the master and backup Routing Engines.

    To verify that nonstop active routing is enabled:

    Note

    If nonstop active routing is enabled, then graceful Routing Engine switchover is enabled.

    If nonstop active routing is not enabled (Stateful Replication is Disabled), see Configuring Nonstop Active Routing on Switches for information about how to enable it.

  • Enable nonstop bridging (NSB). See Configuring Nonstop Bridging on Switches (CLI Procedure) for information on how to enable it.

  • (Optional) Back up the system software—Junos OS, the active configuration, and log files—on the switch to an external storage device with the request system snapshot command.

Upgrading the Software Using Unified ISSU

This procedure describes how to upgrade the software running on a standalone switch.

To upgrade the switch using unified ISSU:

  1. Download the software package by following the procedure in the Downloading Software Files with a Browser section in Installing Software Packages on QFX Series Devices.

  2. Copy the software package or packages to the switch. We recommend that you copy the file to the /var/tmp directory.

  3. Log in to the console connection. Using a console connection allows you to monitor the progress of the upgrade.

  4. Start the ISSU:

    • On the switch, enter:

      where package-name.tgz is, for example, jinstall-host-qfx-10-f-x86-64-18.3R1.n-secure-signed.tgz.

    Note

    During the upgrade, you cannot access the Junos OS CLI.

    The switch displays status messages similar to the following messages as the upgrade executes:

    Note

    A unified ISSU might stop, instead of abort, if the FPC is at the warm boot stage. Also, any links that go down and up will not be detected during a warm boot of the Packet Forwarding Engine (PFE).

    Note

    If the unified ISSU process stops, you can look at the log files to diagnose the problem. The log files are located at /var/log/vjunos-log.tgz.

  5. Log in after the reboot of the switch completes. To verify that the software has been upgraded, enter the following command:

  6. Ensure that the resilient dual-root partitions feature operates correctly, by copying the new Junos OS image into the alternate root partitions of all of the switches:

    Resilient dual-root partitions allow the switch to boot transparently from the alternate root partition if the system fails to boot from the primary root partition.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2 and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.

You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.