Junos OS Release Notes for the QFX Series
These release notes accompany Junos OS Release 19.3R3 for the QFX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.
You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.
What's New
Learn about new features introduced in the Junos OS main and maintenance releases for QFX Series switches.
The following QFX Series platforms
are supported in Release 19.3R3: QFX5100, QFX5110 (32Q and 48S), QFX5120,
QFX5200, QFX5200-32CD, QFX5210, QFX10002, QFX10002-60C, QFX10008,
and QFX10016.
Junos on White Box runs on Accton Edgecore AS7816-64X switches in this release. The software is based on Junos OS running on QFX5210 switches, so release-note items that apply to QFX5210 switches also apply to Junos on White Box.
What’s New in Release 19.3R3
There are no new features or enhancements to existing features for QFX Series switches in Junos OS Release 19.3R3.
What’s New in Release 19.3R2
There are no new features or enhancements to existing features for QFX Series switches in Junos OS Release 19.3R2.
What’s New in Release 19.3R1
Hardware
JNP-SFPP-10GE-T transceivers (QFX10000-60S-6Q line card)—Starting in Junos OS Release 19.3R1, the QFX10000-60S-6Q line card supports the JNP-SFPP-10GE-T transceivers.
Note The JNP-SFPP-10GE-T SFP+ operates in multi-rate speeds of 100/1000/10G BASE-T. If the attached device advertises only 100/1000 BASE-T speeds, the SFP+ transceiver sets the line rate to the agreed autonegotiation rates. However, the transceiver considers the link to be a 10Gbps link which might cause one of the following unexpected behaviors:
Packet loss occurs because of the difference in actual versus provisioned speeds.
The SFP+ tranceiver link goes down reflecting the xe-a/b/c state to be down.
EVPN
Selective multicast forwarding and SMET support in EVPN-VXLAN (QFX5110 and QFX5120 switches)—Starting in Junos OS Release 19.3R1, Junos OS supports selective multicast Ethernet forwarding in an EVPN-VXLAN network. IGMP snooping enabled devices on a bridge domain monitor and selectively forward traffic from the access interface to the core. Devices that support selective multicast Ethernet forwarding do not send multicast traffic to all devices. Instead, they replicate and forward multicast traffic only to the devices that indicate an interest. This feature is supported on a spine-and-leaf topology where the network can consist of a mix of devices that support selective multicast Ethernet and those that do not support this feature.
BPDU protection in EVPN-VXLAN (QFX5100, QFX5110, and QFX5200)—Starting in Junos OS Release 19.3R1, you can enable BPDU protection to avoid network outages due to STP, MSTP, and RSTP miscalculations. Without BPDU protection, STP, MSTP, and RSTP BPDUs are not recognized and are flooded as unknown Layer 2 packets on the VXLAN interfaces. With BPDU protection, when a BPDU is received on an edge port in an EVPN-VXLAN environment, the edge port is disabled, and it stops forwarding all traffic. You can also configure BPDU protection to drop BPDU traffic but have all other traffic forwarded on interfaces without having to configure a spanning-tree protocol.
To enable BPDU protection on an edge port with RSTP on access and leaf devices:
set protocols rstp interface interface-name edge
set protocols rstp bpdu-block-on-edge
To enable BPDU protection without a spanning-tree protocol configured on access and leaf devices:
set protocols layer2-control bpdu-block interface interface-name
To enable BPDU protection without a spanning- tree protocol but still forward other traffic on access and leaf devices:
set protocols layer2-control bpdu-block interface interface-name drop
Forwarding and Sampling
Customizing hashing parameters and shared-buffer alpha values for better load balancing (EX4650 and QFX5120 switches)—These switches achieve load balancing through use of a hashing algorithm, which determines how to forward traffic over LAG bundles or to next-hop devices when ECMP is enabled. The hashing algorithm makes hashing decisions based on values in various packet fields. Starting with Junos OS Release 19.3R1, you can explicitly configure some hashing parameters to make hashing more efficient. The shared-buffer pool is a global memory space that all ports on the switch share dynamically as they need buffers. The switch uses the shared-buffer pool to absorb traffic bursts after the dedicated-buffer pool is exhausted. The shared-buffer pool threshold is dynamically calculated based on a factor called alpha. Also starting with Junos OS Release 19.3R1, you can specify the alpha, or dynamic threshold, value to determine the change threshold of shared buffer pools for both ingress and egress buffer partitions.
To specify hashing parameters:
user@switch# set forwarding-options enhanced-hash-key hash-parameters (ecmp | lag)To specify a threshold value for a particular queue:
user@switch# set class-of-service shared-buffer (ingress|egress) buffer-partition buffer dynamic-threshold value[See hash-parameters and buffer-partition].
Interfaces and Chassis
FTIs with support for UDP encapsulation (QFX Series)—Starting in Junos OS Release 19.3R1, you can configure flexible tunnel interfaces (FTIs) on the PTX Series routers/QFX Series switches, which provide support for static UDP tunnels only.
With the UDP tunnels-over-FTI feature, you can benefit from better traffic distribution over ECMP, that is achieved by the UDP source port derived from the hash value of the inner payload. In addition to this, the other benefits of this feature include, shortened interface hop counts, smooth IGP domain separation, and reduced operational complexity.
Gigabit Ethernet Optics for the QFX5110—Starting in Junos OS Release 19.3R1, QFX5110 switches support these optics:
SFP-GE10KT15R13
SFP-GE10KT13R15
SFP-GE40KT13R15
SFP-GE40KT15R13
EX-SFP-GE10KT15R13
EX-SFP-GE10KT13R15
EX-SFP-GE40KT13R15
EX-SFP-GE40KT15R13
See the [Hardware Compatibility Tool].
Host route generation support for ARP and Neighbor Discovery Protocol (NDP) (QFX5100)—Starting in Release 19.3R1, Junos OS supports host route generation for devices connected to QFX5100 switches in a data center. When you enable this feature on an interface for IPv4 or IPv6, host routes are created in the routing table for each device present in ARP (IPv4) and NDP (IPv6). These host routes can be exported to routing protocols to be advertised to the network by matching the new policy qualifier l2-learned-host-routing statement.
You can configure the host-route-generation statement under the [edit interfaces name unit name family inet/inet6] hierarchy, on each interface and for each address family.
Note Host route generation is disabled by default.
Proactive ARP detection (QFX5110 and QFX5120)—Starting with Junos OS Release 19.3R1, you can check the reachability of connected devices (within an IP subnet range) on a specified interface. To enable proactive ARP detection, configure the proactive-arp-detection statement at the [edit system arp] hierarchy level. After enabling the proactive-arp-detection statement, you can set the ARP configurations at the interface level by the setting the: host-discovery address-range, ageing-time-out seconds, and discovery-time-interval seconds options at the [edit interfaces interface-name family inet address ip-address] hierarchy level. Likewise, you can delete the ARP configuration settings by using the delete interfaces interface-name unit unit family inet address ip-address host-discovery address-range command.
[See proactive-arp-detection.]
QFX5120 supports JNP-SFPP-10GE-T—Starting in Junos OS Release 19.3R1, QFX5120 switches support the new copper 10GBASE-T SFP+ transceiver (JNP-SFPP-10GE-T), which provides a speed of 10 Gbps. Use the existing show commands such as show chassis pic and show chassis hardware to view the details of the transceivers.
Note In case a device with a different interface speed (that is, 1 Gbps or 100 Mbps) is connected on the other side of the wire, the interface on the Juniper device does not come up.
[See show chassis pic and show chassis hardware.]
Junos OS XML, API, and Scripting
IPv6 support in Python automation scripts (MX Series, PTX Series, and QFX Series)—Starting in Junos OS Release 19.3R1, devices running Junos OS with upgraded FreeBSD support using IPv6 in:
Python automation scripts, including commit, event, op, and SNMP scripts
Juniper Extension Toolkit (JET) scripts
YANG action scripts
IPv6 support enables Python scripts to establish connections and perform operations using IPv6 addresses.
Junos Telemetry Interface
JTI support for interface burst monitoring (QFX5220-128C and QFX5220-32CD )—Junos OS Evolved Release 19.3R1supports interface burst monitoring on Junos telemetry interface (JTI) to monitor physical interfaces for bursts. Use interface burst monitoring to help troubleshoot problems, make decisions, and adjust resources as needed.
Exported statistics report:
Peak bytes
The time peak bytes are detected
The direction (transmit or receive)
You can export interface burst statistics from the Juniper device to an outside collector by including the sensor
/junos/system/linecard/bmon-sw/in a subscription using remote procedure call (gRPC) services.To provision the sensor to export data through gRPC services, use the telemetrySubcribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support JTI.
Note This feature does not detect microbursts.
[See Understanding OpenConfig and gRPC on Junos Telemetry Interface and Guidelines for gRPC Sensors (Junos Telemetry Interface)]
Management
OpenConfig AAA data model support (ACX1100, ACX2100, ACX5448, ACX6360, EX4300, MX240, MX480, MX960, MX10003, PTX10008, PTX10016, QFX5110, and QFX10002)—Junos OS Release 19.3R1 supports the configuration leafs specified in the OpenConfig AAA data model. Mapping the OpenConfig AAA configuration to the Junos AAA configuration using the following YANG files in the data model makes this support possible:
The configuration model supporting the OpenConfig data model includes:
A translation script (
.py / .slax) that maps each configuration leaf in the OpenConfig schema to one or more configuration leafs in the Junos OS Schema.A deviation file (
.yang) that specifies how much the implementation deviates from the vendor-neutral model.
[See Mapping OpenConfig AAA Commands to Junos Configuration.]
Multicast
MLDv1, MLDv2, and MLD snooping (EX4650 and QFX5120-48Y switches and Virtual Chassis)—Starting in Junos OS Release 19.3R1, you can configure Multicast Listener Discovery (MLD) version 1 (MLDv1), MLD version 2 (MLDv2), and MLD snooping on EX4650 and QFX5120-48Y switches and Virtual Chassis. With MLD snooping enabled, these switches or Virtual Chassis replicate and forward IPv6 traffic for a multicast group only to the interfaces in a VLAN with listeners who joined the group, rather than flooding to all interfaces in the VLAN.
[See Examples: Configuring MLD and Understanding MLD Snooping.]
Routing Protocols
RIPng routing protocol supported (EX4650 and QFX5120 switches)—Starting with Junos OS Release 19.3R1, EX4650 and QFX5120 switches support the RIPng routing protocol.
[See Basic RIPng Configuration.]
Support for color mode in segment routing traffic engineering using BGP (MX Series, PTX Series, and QFX Series)—Starting in Junos OS Release 19.3R1, Junos OS supports color-only mode corresponding to color bits 01 and supports the steering fallback mechanism (in a limited manner) when color bits as set to 01 as described in IETF DRAFT-SPRING-SRTE. Use the extended-nexthop-color CLI configuration option to set color bits to 01 to enable color-only mode. Fall back to color-only SRTE policies is also supported and can be configured independently by configuring an import policy at the headend.
[See Understanding Ingress Peer Traffic Engineering for BGP SPRING.]
Routing Protocols and Firewall Filters
Support for IPv6 Filter-Based Forwarding (EX4650 and QFX5120 switches)—Starting with Junos OS Release 19.3R1, you can use stateless firewall filters in conjunction with filters and routing instances to control how IPv6 traffic travels in a network on EX4650 and QFX5120 switches. This is called IPv6 filter-based forwarding. To set up this feature, you define a filtering term that matches incoming packets based on the source or destination address and then specify the routing instance to send packets to. You can use filter-based forwarding to route specific types of traffic through a firewall or security device before the traffic continues on its path. You can also use it to give certain types of traffic preferential treatment or to improve load balancing of switch traffic.
[See Firewall Filter Match Conditions for IPv6 Traffic and Filter-Based Forwarding Overview.]
Services Applications
Support for real-time performance monitoring or RPM (QFX5120) —Starting in Junos OS Release 19.3R1, you can configure active probes to track and monitor traffic across the network and to investigate network problems on QFX5120 switches.
You can use RPM in the following ways:
Monitor time delays between devices.
Monitor time delays at the protocol level.
Set thresholds to trigger SNMP traps when values are exceeded.
You can configure thresholds for round-trip time, ingress or egress delay, standard deviation, jitter, successive lost probes, and total lost probes per test.
Determine automatically whether a path exists between a host router or switch and its configured BGP neighbors. You can view the results of the discovery using an SNMP client.
Use the history of the most recent 50 probes to analyze trends in your network and predict future needs.
[See Understanding Real-Time Performance Monitoring on Switches.]
Software Installation and Upgrade
Migration of Linux kernel version—Starting in Junos OS Release 19.3R1, the following devices support the Wind River Linux 9 (WRL9) kernel version:
Platforms
Routing Engine Supported
ACX5448-D
RE-ACX-5448
MX240, MX480, and MX960
RE-S-X6-64G
MX2020 and MX2010
REMX2K-X8-64G
MX204
RE-S-1600x8
MX10003
RE-S-1600x8
MX2008
RE-MX2008-X8-64G
MX10016
RE X10
MX10008
RE X10
PTX5000
RE-PTX-X8-64G
PTX3000
RCBPTX
PTX10016
RE-PTX-2X00x4/RE X10
PTX10008
RE-PTX-2X00x4/RE X10
PTX1000
RE-PTX1000
PTX10002-XX
RE-PTX10002-60C
EX9208
RE-S-EX9200-2X00x6
EX9251
EX9251-RE
EX9253
EX9253-RE
EX9204
RE-S-EX9200-2X00x6
EX9214
RE-S-EX9200-2X00x6
QFX10002
RE-QFX10002-60C
QFX10008
RE-QFX10008
QFX10016
RE-QFX10016
Starting in Junos OS Release 19.3R1, in order to install a VM host image based on Wind River Linux 9, you must upgrade the i40e NVM firmware on the following routers:
MX Series—MX240, MX480, MX960, MX2010, MX2020, MX2008, MX10016, and MX10008
PTX Series—PTX3000, PTX5000, PTX10016, PTX10008, and PTX10002-XX
If you perform a software upgrade on a router with i40e NVM version earlier than 6.01, the upgrade fails and the following error message is displayed:
ERROR: i40e NVM firmware is not compatible ,please upgrade i40e NVM before installing this package
ERROR: Aborting the installation
ERROR: Upgrade failed
Virtual Chassis
Virtual Chassis support (EX4650 and QFX5120-48Y switches)—Starting in Junos OS Release 19.3R1, you can interconnect two EX4650 or two QFX5120-48Y switches into a Virtual Chassis, which operates as one logical device managed as a single chassis.
Member switches must be two EX4650 or two QFX5120 switches (no mixed mode).
Both member switches take the Routing Engine role with one as master and one as backup.
You can use any of the 100-Gbps QSFP28 or 40-Gbps QSFP+ ports on the front panel (ports 48 through 55) as Virtual Chassis ports (VCPs) to connect the member switches.
You can run nonstop software upgrade (NSSU) to update the Junos OS release on both member switches with minimal traffic disruption during the upgrade.
EX4650 and QFX5120 Virtual Chassis support the same protocols and features as the standalone switches in Junos OS Release 19.3R1 except for the following:
IEEE 802.1X authentication
EVPN-VXLAN (QFX5120)
Layer 2 port security features, DHCP, and DHCP snooping
Junos telemetry interface (JTI)
MPLS
Multichassis link aggregation (MC-LAG)
Redundant trunk groups (RTG)
Priority-based flow control (PFC)
Configuration parameters and operation are the same as for other non-mixed EX Series and QFX Series Virtual Chassis.
What's Changed
Learn about what changed in Junos OS main and maintenance releases for QFX Series.
What's Changed in Release 19.3R3
General Routing
Logical Interface is created along with physical Interface by default (EX Series switches, QFX Series switches, MX Series routers)—The logical interface is created on ge, et, xe interfaces along with the physical interface, by default. In earlier Junos OS Releases, by default, only physical interfaces were created. For example, for ge interfaces, earlier when you view the show interfaces command, by default, only the physical interface (ge-0/0/0), was displayed. Now, the logical interface (ge-0/0/0.16386) is also displayed.
Control plane DDoS protection packet type option for ARP traffic (PTX Series and QFX Series)— Starting in this release, we've renamed the arp-snoop packet type option in the edit system ddos-protection protocols arp protocol group to arp. This packet type option enables you to change the default control plane distributed denial of service (DDoS) protection policer parameters for ARP traffic.
See protocols (DDoS) (PTX Series and QFX Series).
Interfaces and Chassis
Logical Interface is created along with physical Interface by default (QFX Series)—In Junos OS Release 19.3R3 and later, by default, logical interfaces are created along with the physical interfaces on ge-, et-, xe- ports. In earlier Junos OS releases, by default, only physical interfaces are created.
For example, for ge interfaces, earlier when you view the show interfaces command, by default, only the physical interface, for example, (ge-0/0/0), is displayed. Now, the logical interface, for example, (ge-0/0/0.16386) is also displayed.
Autonegotiation status displayed correctly (QFX5120-48Y)—In Junos OS Release 19.3R3, the show interfaces interface-name <media> <extensive> command displays the autonegotiation status only for the interface that supports autonegotiation. This is applicable when the switch operates at 1-Gbps speed.
In the earlier Junos OS releases, incorrect autonegotiation status is displayed even when autonegotiation is disabled.
Multicast
IGMP snooping in EVPN-VXLAN multihoming environments (QFX5110)—In an EVPN-VXLAN multihoming environment on QFX5110 switches, you can now selectively enable IGMP snooping only on those VLANs that might have interested listeners. In earlier releases, you must enable IGMP snooping on all VLANs associated with any configured VXLANs because all the VXLANs share VXLAN tunnel endpoints (VTEPs) between the same multihoming peers and require the same settings. This is no longer a configuration limitation.
Multicast Layer 2 transit traffic statistics by multicast source and group (EX4600, EX4650, and the QFX5000 line of switches)—Starting in Junos OS Release 19.3R3, we provide statistics on the packet count for each multicast group and source when passing multicast transit traffic at Layer 2 with IGMP snooping. Run the show multicast snooping route extensive CLI command to see this count in the Statistics: … n packets output field. The other statistics in that output field, kBps and pps, are not available (values displayed there are not valid statistics for multicast traffic at Layer 2). Before Junos OS Release 19.3R3, all three values in the Statistics output field for kBps, pps, and packets do not provide valid statistics for multicast traffic at Layer 2.
Platform and Infrastructure
Control plane DDoS protection packet type option for ARP traffic (PTX Series and QFX Series)—Starting in this release, the arp-snoop packet type option in the edit system ddos-protection protocols arp protocol group is renamed simply arp. This packet type option enables you to change default control plane DDoS protection policer parameters for ARP traffic. After this change, the edit system ddos-protection protocols arp protocol group includes aggregate, arp, and unclassified packet type options.
QFX-5120-32C switches support priority-based flow control (PFC) using Differentiated Services code points (DSCP) at Layer 3 for untagged traffic.
Routing Protocols
IGMP snooping in EVPN-VXLAN multihoming environments (QFX5110)— In an EVPN-VXLAN multihoming environment on QFX5110 switches, you can now selectively enable IGMP snooping only on those VLANs that might have interested listeners. In earlier releases, you must enable IGMP snooping on all VLANs associated with any configured VXLANs because all the VXLANs share VXLAN tunnel endpoints (VTEPs) between the same multihoming peers and require the same settings. This is no longer a configuration limitation.
Advertising /32 secondary loopback addresses to Traffic Engineering Database (TED) as prefixes (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—In Junos OS Release, multiple loopback addresses export into lsdist.0 and lsdist.1 routing tables as prefixes. This eliminates the issue of advertising secondary loopback addresses as router-ids instead of prefixes. In earlier Junos OS releases, multiple secondary loopback addresses in TED were added into lsdist.0 and lsdist.1 routing tables as part of node characteristics and advertised them as the router-id.
What's Changed in Release 19.3R2
Network Management and Monitoring
entPhysicalTable fetched on QFX10002—In Junos OS Release 19.3R2, the MIB data for entPhysicalTable will be fetched on a QFX10002-72Q or QFX10002-36Q switch.
[See SNMP Explorer.]
What's Changed in Release 19.3R1
General Routing
Support for full inheritance paths of configuration groups to be built into the database by default (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting with Junos OS Release 19.3R1, the persist-groups-inheritance option at the [edit system commit] hierarchy level is enabled by default. To disable this option, use no-persist-groups-inheritance.
[See commit (System).]
Interfaces and Chassis
Support for creating Layer 2 logical interfaces independently (ACX Series, EX Series, MX Series, PTX Series, and QFX Series)—In Junos OS Release 19.3R1 and later, QFX Series switches support creating Layer 2 logical interfaces independent of the Layer 2 routing-instance type. That is, you can configure and commit the Layer 2 logical interfaces separately and add the interfaces to the bridge domain or Ethernet VPN (EVPN) routing instance separately. Note that the Layer 2 logical interfaces work fine only when they are added to the bridge domain or EVPN routing instance.
In earlier Junos OS releases, when you use a Layer 2 logical interface configuration (units with encapsulation vlan-bridge configuration), then you must add the logical interface as part of a bridge domain or EVPN routing instance for the commit to succeed.
Logical interfaces created along with physical interfaces by default (QFX10000 and QFX5000 switches)—On the QFX10000 line of switches, logical interfaces are created along with the physical et-, sxe-, xe-, and channelized xe- interfaces. In earlier releases, only physical interfaces are created.
On the QFX5000 line of switches, by default, logical interfaces are created on channelized xe- interfaces. In earlier releases, logical interfaces are not created by default on channelized xe- interfaces (xe-0/0/0:1, xe-0/0/0:2, and so on), but they are created on et-, sxe-, and nonchannelized xe- interfaces.
Junos OS XML, API, and Scripting
Range defined for
confirm-timeoutvalue in NETCONF and Junos XML protocol sessions (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 19.3R1, the value for the<confirm-timeout>element in the Junos XML protocol<commit-configuration>operation must be in the range 1 through 65,535 minutes, and the value for the<confirm-timeout>element in the NETCONF<commit>operation must be in the range 1 through 4,294,967,295 seconds. In earlier releases, the range is determined by the minimum and maximum value of its unsigned integer data type.XML RPC equivalent included for the show bgp output-scheduler | display xml rpc CLI command (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 19.3R1, we’ve included an XML RPC equivalent for the show bgp output-scheduler | display xml rpc CLI command. In Junos OS releases before Release 19.3R1, the show bgp output-scheduler | display xml rpc CLI command does not have an XML RPC equivalent.
[See show bgp output-scheduler.]
Layer 2 Features
input-native-vlan-push (EX2300, EX3400, EX4600, EX4650, and the QFX5000 line of switches)—From Junos OS Release 19.3R1, the configuration statement input-native-vlan-push at the [edit interfaces interface-name] hierarchy level is introduced. You can use this statement in a Q-in-Q tunneling configuration to enable or disable whether the switch inserts a native VLAN identifier in untagged frames received on the C-VLAN interface, when the configuration statement input-vlan-map with a push operation is configured.
[See input-native-vlan-push.]
Services Applications
Commit check for incomplete tunnel encapsulation configuration on flexible tunnel interface (FTI) —Tunnel encapsulation configuration is mandatory for FTI interfaces. In Junos OS Release 19.3R1, when you try to commit any incomplete tunnel encapsulation configuration on an FTI, the CLI displays a commit error message.
Software Defined Networking
Increase in the maximum value of delegation-cleanup-timeout (QFX Series)—You can now configure a maximum of 2147483647 seconds as the delegation cleanup time for a Path Computation Client (PCC). This extends the time taken by the PCC to retain the last provided path over a PCEP session from the last session down time.
With the increase in maximum value of delegation-cleanup-timeout from 600 to 2147483647 seconds, you can benefit during a Path Computation Element (PCE) failover, or other network issues that may disrupt the PCEP session with the main active stateful PCE.
[See delegation-cleanup-timeout.]
System Logging
Preventing system instability during core file generation (QFX Series)—Starting with Release 19.3R1 onward, Junos OS checks for available storage space on the Routing Engine before generating core files either on request or because of an assertion condition. This check ensures that your device does not become unstable because of shortage of storage space on the Routing Engine. If the available space is not sufficient, core files are not generated. Instead, Junos OS either displays the Insufficient Disk space !!! Core generation skipped message as an output or issues the syslog message core generation is skipped due to disk full.
Known Limitations
Learn about known limitations in this release for QFX Series. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
Class of Service (CoS)
The PFC feature is not be supported on QFX5120/EX4650 2-member VC currently due to BCM limitation. PR1431895
EVPN
When a VLAN uses an IRB interface as the routing interface, the vlan-id parameter must be set to "none" to ensure proper traffic routing. This issue is platform-independent. PR1287557
Platform and Infrastructure
The chip has VLAN-based logical interface statistics. For a given logical interface, both IPv4 and IPv6 packets use the same VLAN, so both v4 and v6 are counted together in the statistics. There is no way to separately count them. Hence, IPv6 transit statistics is always 0. However, the total transit statistics (IPv4 + IPv6) will be displayed under Transit statistics. PR1327811
After installing the Junos OS Release 14.1X53-D51 on an EX4300, xe- interfaces are not seen. PR1336416
Downgrade from a TVP image to a non-TVP image is not supported. However, upgrade from a non-TVP image to a TVP image is supported. PR1345848
The 100-Gigabit Ethernet interface goes down after you configure and delete the Ethernet loopback configuration. PR1353734
On the QFX5100, if a scaled configuration involving a LAG interface, more that 3000 VLANs, and corresponding next hops is removed and a new configuration involving a LAG interface is applied at the same time, the new configuration might not take effect until the previous configuration has been deleted. During this time, FXPC might consume high CPU resources. No other system impact is observed. PR1363896
With 288,000 MAC scale, the Routing Engine command show ethernet-switching table summary output displays the learned scale entries after a delay of around 60 seconds. PR1367538
For USB installation if the USB storage device is not removed from device after a USB upgrade, the system might not come up and the system might reboot continuously. The Customer needs to manually change the boot sequence from BIOS menu to select boot from SSD. For PXE installation, the system boots twice from PXE before booting from SSD, and this increases boot time. PR1404717
Packets of size greater than the MTU of a GRE interface are not fragmented. PR1420803
During software validation Junos OS mounts the new image and validates the configuration against the new image. Since the TVP-based QFX Series platforms (QFX5000 and QFX10000 are already mounting the maximum 4 disks during normal execution it cannot mount the extra disk for this purpose. Thus QFX currently does not support configuration validation during upgrade on QFX5000 which is why the syntax error appears when the image installation is triggered with "validation". PR1421378
VLAN is not deleted in the hardware on IRB disable leading to ARP getting refreshed even though IRB is disabled. PR1421382
The chassisd core file is generated at
fpc_sfxpc_la_ng_show_hw ui_sfxpc_show_hardware ms_parse_substring. PR1434188On QFX5110-32Q running Junos OS 18.1R1 and later, due to a platform limitation, the channelization of the ports should follow the following design recommendations:
With 100-gigabit transceivers connected in the port range 28–31, only ports 0–19 can be channelized in default system-mode.
If a 40-gigabit transceiver is connected in any of the 100G supported ports, only ports in the range 1–18 can be channelized in default system mode.
If all 32 ports have 40-gigabit transceivers connected, only ports in the range 1–18 can be channelized in default system-mode.
In non-oversubscribed mode, all the valid ports (that is, 0–23) can be channelized as expected.
The set class-of-service shared-buffer ingress buffer-partition lossless-headroom percent 0 is not supported when in a Virtual Chassis, as the VCP ports should have some headroom to support PFC. The configuration is rejected at the hardware layer with a log message. PR1448377
On the QFX5120 switches, due to the additional hi-gig header, 100 percent throughput cannot be achieved when packets are forwarded through Virtual Chassis ports. PR1453709
Observing 100 percent L2 MAC scaling traffic loss in QFX10002-60C platform after loading EVPN-VXLAN collapsed profile configurations. PR1489753
Infrastructure
CRON core file is generated when the statement cron_popen child_process do_command is executed. PR1434152
Layer 2 Features
The Targeted-broadcast forward-only command does not broadcast the traffic. PR1359031
On QFX5000 platforms, you might see the pools exhausted for Table:EGR_DVP_ATTRIBUTE error message when statistics requests exceed the supported scale because of the limited pool resources used for statistics collection on the hardware. There is no functional impact except for statistics collection for some hardware counters for which flex counter allocation failed for the time, the limit is exceeded. The statistics counters start functioning normally without manual change when the pool comes back to normal limit. PR1479826
Routing Protocols
Targeted broadcast functionality with VXLAN is not supported yet on QFX5000 platforms. In a non VXLAN scenario, bcast dest IP look up results in a next hop with the destination MAC address of all 0xffs and gives the class ID for IFP to match and action to redirect to IPMC with VLAN membership check. In case of a VxLAN, l3 egress intf, egr l3 next hop, and ingress l3 entry creations are failing. PR1397086
When IRACL v6 and loopback v6 entries are present, delete and rollback of loopback v6 takes time to re-program the entries in hardware. This is because loopback v6 has high priority in the same IRACL groups and the existing IRACL v6 entries have to be reshuffled in the hardware. PR1428087
Open Issues
Learn about open issues in this release for QFX Series. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
EVPN
OVSDB-managed QFX5100 or QFX5110 switch is encapsulating VXLAN traffic and sending it to an incorrect destination MAC address when multiple remote VTEPs are in the same subnet and reachable by means of an IRB interface in a stretched VLAN. PR1424698
In an EVPN-VXLAN core isolation scenario, the server is multihomed to the leaf devices through LACP interfaces. If graceful restart is enabled, when you reboot the system or restart routing on the leaf device, the core isolation does not work. If you reboot the system, the issue results in the leaf device silently dropping the traffic sent from the server during the time window between LACP coming up and BGP coming up. If you restart routing, there might be no traffic drop because of the graceful restart. PR1461795
High Availability (HA) and Resiliency
Syslog error message kernel: GENCFG: op 51 (AE bias) failed; err 255 (Undefined) is seen. These messages do not have any functionality impact. PR1416004
Infrastructure
The error message ftpd[14105]: bl_init: connect failed for `/var/run/blacklistd.sock' (No such file or directory) is seen during FTP. PR1315605
Interfaces and Chassis
Multicast traffic can be flooded for 15 to 20 seconds to both MC-LAG peers, after the following sequence of steps:
1. Disable or enable ICL.
2. Reboot one of the MC-LAG peers.
3. Disable or enable a member link of ICL.
This results in no traffic loss, and one of the MC-LAG nodes processes duplicate packets during this time period. PR1422473
Flooding of ARP reply unicast packets is seen as a result of an ARP request sent for the device's VRRP MAC address. The ARP reply, which is flooded in the VLAN by the device, has the correct DMAC of the originator of the ARP request. In other words, the ARP reply is flooded but with the correct unicast DMAC. The ARP reply is not broadcasted. PR1454764
Junos Fusion Provider Edge
IGMP membership is not getting learned by the AD fully even when the IGMP queries are being sent out. PR1419265
Layer 2 Features
In case of QFX5000 Virtual Chassis and Virtual Chassis Fabric setups, when IGMP snooping is enabled, multicast traffic is forwarded based on IGMP joins/reports. But when the IGMP report times out, traffic should be dropped; instead it is flooded in the VLAN. This happens only in case of QFX5000 Virtual Chassis and Virtual Chassis Fabric; this issue is not seen on stand-alone QFX5000 devices. PR1431893
Platform and Infrastructure
In configurations with IRB interfaces, during times of interface deletion (for example, FPC reboot), the Packet Forwarding Engine might log the error as nh_ucast_change:291Referenced l2ifl not found. This condition should be transient, with the system reconverging on the expected state. PR1054798
On QFX10002-60C switches, the filter operation with the log action is not supported for protocols other than Layer 2, IPv4, and IPv6. The following message is seen in firewall logs: Protocol 0 not recognized. PR1325437
Backup Routing Engine might crash after GRES occurs continuously for more than 10 times. PR1348806
The QFX10000 platform drops the wireless access point (WAP) heartbeat packets; as a result, the WAP cannot work. PR1352805
When VLAN is added as an action for changing the VLAN in both ingress and egress filters, the filter is not installed. PR1362609
On the QFX10000 line of switches with EVPN-VXLAN, the following error message is seen: expr_nh_fwd_get_egress_install_mask:nh type Indirect of nh_id: # is invalid. PR1367121
The user might not be able to stop the ZTP bootstrap process when a QFX10016 or QFX10008 switch with many line cards is powered on with the factory-default configuration. PR1369959
USB upgrade of NOS image is not supported. PR1373900
100-Gbps VCP links might go down (become unavailable) after the linecard member of a QFX5200 Virtual Chassis is renumbered. PR1374655
Intermittent traffic loss is observed with RTG streams while flapping the RTG primary interface. PR1388082
The show chassis fpc command displays an incorrect amount of available memory on an FPC (DRAM and buffer utilization). PR1394978
On QFX5000 platforms with a scaled setup of the aggregated Ethernet bundles and VLANs, if LACP is enabled, and there are scaled configuration changes, for example, deleting 4000 VLANs/VXLANs and reapplying them, some interfaces of the aggregated Ethernet bundle might go to the detached state. Due to this issue, the running routing protocols (for example, LACP and BGP) go down over the affected aggregated Ethernet bundles. PR1406691
You might see multiple reconnect logs, JTASK_IO_CONNECT_FAILED, during the device initialization. There is no functionality impact because of these messages. These messages can be ignored. PR1408995
On QFX5110 and QFX5120 platforms, unicast RPF check in strict mode might not work properly. PR1417546
On the QFX10000 line of devices, if an analyzer is configured to a mirror traffic of an input aggregated Ethernet interface and a new member is added to the same aggregated Ethernet interface, then the analyzer might not provide sample packets that flow through the newly added child interface. PR1417694
The show ptp lock-status command is not supported on the QFX5110-48S-4C device. PR1426863
Power cycling while ISSU/ISSR is in progress does not seems to be a valid test scenario. The problem occurs because of ISSU-specific sysctl and nvram variables are left with intermediate state values and those should be cleared. However, if such abnormal event occurs, while ISSU/ISSR is in progress, and the system enters into a problematic state. As a workaround, use the following commands to clear ISSU/ISSR-specific sysctl and nvram variables from their intermediate state:
SYSCTL CLEAR : -RE:0% sysctl hw.re.tissu=0 RE:0% sysctl hw.re.issu_state=0 RE:0% sysctl hw.lc.issuboot=0
SYSCTL CLEAR : - RE:0% sysctl hw.re.tissu=0 RE:0% sysctl hw.re.issu_state=0 RE:0% sysctl hw.lc.issuboot=0 NVRAM CLEAR COMMANDS : ---------------------- RE:0% nvram setenv hw.lc.issuboot 0 RE:0% nvram getenv hw.lc.issuboot hw.lc.issuboot=0 RE:0% nvram setenv hw.re.tissu 0 RE:0% nvram getenv hw.re.tissu hw.re.tissu=0
Then the system should be able to recover, provided sudden power failure does not damage anything beyond the ISSU. PR1427563
The unified ISSU is not supported on QFX5200 switches and fails from Junos OS Release 17.2X75-D43.2 through some target versions. Also, dcpfe crash might be seen. PR1438690
The unified ISSU fails and is not supported for QFX5200 from Junos OS Release 17.2X75-D4(x) through Junos OS Release 19.2R1. PR1440288
On QFX5000 platforms, the port qualifier is supported. This installs two entries in the Packet Forwarding Engine, one with source-port and second one with destination-port with value as specified in the port configuration. PR1440980
On the QFX10000 line of switches, removal of the EVPN-VXLAN Layer 3 gateway on the IRB interface from the spine switches might cause traffic to be silently discarded. As a workaround, configure all virtual gateways with unique IPv4 or IPv6 MAC addresses. PR1446291
Whenever any member in an RSPAN VLAN is removed from that VLAN, you must reconfigure the analyzer session for that RSPAN VLAN. PR1452459
On QFX5200-32C-32Q switches, VM core file is generated after upgrading from Junos OS Release 18.3 throttle image to Junos OS Release 19.3R1 at ...../.amd/svl-engdata1vs1/occamdev/build/freebsd/stable_11/20190614.234225 __ci_fbsd_builder_stable_11.0.269d466/src/sys/kern/kern_shutdown.c:313. PR1455851
Fan display in the output of the show chassis environment command is not proper. PR1457896
On the QFX5000 and QFX10000 lines of switches, 9.51 percent degradation with commit time and 12 percent degradation with VLAN commit convergence are observed. PR1457939
On the QFX5110 switches, VXLAN VNI (multicast) scaling traffic issue is observed from the VXLAN tunnel to the Layer 2 interface. PR1462548
On QFX Series platforms, if there are a lot of MAC moves, the system might stop new MAC learning and old MAC addresses might get stuck, aged, and deleted. Because of this issue, Layer 2 traffic forwarding and the customer service might be impacted. PR1475005
If the archival function is enabled with the routing-instance statement and transfer mode is set as SFTP/SCP for archive-sites, it might not work and fail to transfer the files. PR1507044
On QFX Series platforms, in rare case, HMC memory error might cause routes update failure and traffic impact on the Packet Forwarding Engine. PR1515092
Disruptive switchover (no GRES or NSR configured) can lead to stale PPM entries programmed on the new master Routing Engine. If both GRES and NSR are activated after disruptive switchover and then a GRES is performed, the BFD sessions might flap continuously. PR1518106
On all Junos platforms that support Open vSwitch database (OVSDB), the vgd core file might generated when the OVSDB server is restarted. The vgd daemon restart after the core file generation might cause traffic impact. This issue happens when OVSDB server is disconnected and the device sends some updates events to server. PR1518807
SNMP MIB walk with jnxContentsDescr does not show power supply number on QFX platforms. PR1529108
Routing Protocols
On QFX10000 switches, VRRP is not converging in an MC-LAG environment, because the default routing instance, lo0.0, has been moved to a user-defined routing instance. As a workaround, do not move lo0.0 to the user-defined routing instance. Use a different lo0 logical interface, such as lo0.1 or lo0.2, in the user-defined routing instance. PR1274204
On QFX5100 Virtual Chassis or Virtual Chassis Fabric, when the mini-PDT-base configuration is issued, the following error message is seen in the hardware: BRCM_NH-,brcm_nh_bdvlan_ucast_uninstall(), 128:l3 nh 6594 unintsall failed. There is no functionality impact because of this error message. PR1407175
On QFX5120 switches, transit traffic drop is seen with loop back filter configuration. PR1426828
QFX5110 MC-LAG: L2_L3_INTF_OPS_ERROR messages are seen after node reboot. PR1435314
On the QFX5100 Virtual Chassis or Virtual Chassis Fabric, traffic loss on multiple traffic streams after reboot and interface flapping of the Virtual Chassis node are observed. PR1500508
On QFX10000 platforms, deleting the physical interface under an aggregated Ethernet interface might flap the BFD sessions formed on the remaining physical interfaces if the same IP address is configured on multiple units in different routing instances. PR1516556
Virtual Chassis
QFX5110-48S reports false parity error messages such as soc_mem_array_sbusdma_read. The QFX5110-48S SDK can raise false alarms for parity error messages such as soc_mem_array_sbusdma_read. This is a false positive error message. PR1276970
On the QFX5000 Virtual Chassis, the DDoS violations that occur on the backup are not reported to the Routing Engine. PR1490552
Resolved Issues
Learn which issues were resolved in Junos OS main and maintenance releases for QFX Series.
For the most complete and latest information about known Junos OS defects, use the Juniper online Junos Problem Report Search application.
Resolved Issues: Release 19.3R3
Platform and Infrastructure
On QFX5100 Virtual Chassis, MacDrainTimeOut and bcm_port_update failed: Internal error is observed. PR1284590
Port LEDs do not work on QFX5100 in QFX5110-QFX5100 mixed mode Virtual Chassis. PR1317750
During bootup, the error message CMQFX: Error requesting SET BOOLEAN, illegal setting 66 is generated. PR1385954
The 10-Gigabit Ethernet fiber interfaces might flap frequently when they are connected to other vendor's switch. PR1409448
The show interface command shows Media type: Fiber on QFX5100-48T switches running the QFX 5e Series image. PR1419732
VM core files are generated on QFX Series Virtual Chassis. PR1421250
SFP-LX10 stays down until autonegotiate is disabled. PR1423201
CoS rewrite rules applied under an aggregated Ethernet interface might not take effect after NSSU. PR1430173
The l2cpd process might crash and generate a core file when interfaces flap. PR1431355
The FPC might crash when a firewall filter is modified. PR1432116
The default logical interfaces on channelized physical interfaces might not be created after ISSU/ISSR. PR1439358
The PMTUD might not work for both IPv4 and IPv6 if the ingress Layer 3 interface is an IRB interface. PR1442587
CRC error might be seen on the VCPs of the QFX5100 Virtual Chassis. PR1449406
The em0 route might be rejected after the em0 interface is disabled and then enabled. PR1449897
FPC does not restart immediately after rebooting the system. That might cause packet loss. PR1449977
On QFX10000 platforms, CoS classification does not work. PR1450265
On QFX5000 switches, no warning or error is shown when the dual VLAN tag feature is configured on the physical interface. PR1450455
On QFX5110 Virtual Chassis, the master FPC might come up in master state again after reboot instead of backup. PR1454343
On QFX5120 switches, untagged hosts ARP/NS requests connected on the encapsulation ethernet-bridge interface are not being resolved. PR1454804
A firewall filter might not be able to be applied in a particular Virtual Chassis or Virtual Chassis Fabric member as TCAM is running out of space. PR1455177
In a 16+ member QFX5100 Virtual Chassis Fabric, the FROM column in the output of show system users shows incorrect information. PR1455201
The priority-based flow control (PFC) feature does not work on the QFX10000 line of switches. PR1455309
The cosd crash might be observed if the forwarding-class-set configuration is directly applied on the child interface of an aggregated Ethernet interface. PR1455357
Telemetry traffic might not be sent out when the telemetry server is reachable through a different routing instance. PR1456282
Link-up delay and traffic drop might be seen on mixed SP Layer 2 or Layer 3 and EP Layer 2 type configurations. PR1456336
QFX5110 QSFP-100GBASE-SR4 made by the third party cannot link up. PR1457266
The Packet Forwarding Engine process might crash after Routing Engine switchover on QFX10000 platforms. PR1457414
On QFX5110 switches, port 51 has one LED blinking amber continuously. PR1457516
Intermittent LAG interface flap might be seen on QFX platforms. PR1458363
On QFX5210 switches, the LED does not light on port 64 and 65 after an upgrade to Junos OS Release 19.2R1. PR1458514
On QFX5200 switches, the lightweight DHCPv6 relay agent functionality might be broken. PR1459499
The accept-source-mac feature with VXLAN is not working on QFX5000 platforms. PR1460885
On the QFX10000 line of switches, show forwarding-options enhanced-hash-key does not work. PR1462519
On the QFX5000 line of switches, the fxpc process might generate a core file when you change MTU in a VXLAN scenario with firewall filters applied. PR1462594
On QFX5100 devices, the interface output counter is double counted for self-generated traffic. PR1462748
On QFX5100 Virtual Chassis and Virtual Chassis Fabric, the error BRCM-VIRTUAL,brcm_vxlan_walk_svp(),6916:Failed to find L2-iff for ifl: might appear during cleanup EVPN-VXLAN configurations with Mini-PDT base configurations. PR1463939
On the QFX10000 line of switches, the FPC process might restart during runtime. PR1464119
On QFX10000 platforms, the interface might not come up on FPC restart. PR1464650
On QFX5100-24Q switches, unable to attach a filter to an IRB interface when that filter contains an action to remark the DSCP value to a nonzero value. PR1464883
PEM is not present spontaneously on QFX5210 switches. PR1465183
On QFX5100-48T switches, a 10-Gigabit Ethernet interface might not come up or negotiate at 1-Gbps speed when connected with the BRCM 10G/GbE 2+2P 57800-t rNDC card. PR1465196
The QSFP-100G-PSM4 could not be correctly identified on QFX5200 or QFX5110 platforms. PR1465214
The physical interface of aggregated Ethernet might take time to come up after disabling or enabling it. PR1465302
Junos OS exhibits consistent fan and power supply numbering on whiteboxes (-O and -OZ). PR1465327
In Virtual Chassis scenario, the broadcast and multicast traffic might be dropped over an IRB or a LAG interface. PR1466423
BGP open messages with specific types of BGP optional capabilities causes BMP messages not to be encoded correctly when sent to the BMP collector. PR1466477
On QFX10000 platforms, EBUF parity interrupt is not seen. PR1466532
IPv6 traffic over Layer 3 VPN might fail. PR1466659
Slow packet drops might be seen on QFX5000 platforms. PR1466770
EPR iCRC errors in QFX10000 platforms might cause protocols to go down. PR1466810
A few of the DHCP INFORM packets specific to a particular VLAN might be taking the incorrect resolve queue. PR1467182
Ingress drops to be included at the CLI from interface statistics and added to InDiscards. PR1468033
QFX5000 switches might generate VM core file due to the use of an unsupported QSFP. PR1468368
Optics measurements might not be streamed for interfaces of a PIC over JTI. PR1468435
MAC address might not be learned on a new extended port after vMotion in a Junos fusion data center environment. PR1468732
On the QFX5100 line of switches, traffic loss might be seen with framing errors or runts if MACsec is configured. PR1469663
If continuous interface flap occurs at ingress or egress of the PE devices, the IP routed packets might get looped on the MPLS PHP node. PR1469998
Incorrect counter value is observed for the arrival rate and the peak rate for the DDoS commands. PR1470385
The speed 10 Mbps might not be configured on the ge- interface PR1471216
When the VTEP source interface is configured in the multiple routing instances, there might be traffic loss. PR1471465
The shaping of CoS does not work after reboot. PR1472223
DSCP marking might not work as expected if the fixed classifiers are applied to interfaces on QFX5000 platforms. PR1472771
The detached interface in a LAG might process the xSTP BPDUs. PR1473313
On QFX5000 switches, the global-mac-table-aging-time statement shows unexpected behavior with multihomed EVPN VXLAN ESI. PR1473464
The l2ald crash might be observed when around 16,000 VLAN IDs share the same VXLAN tunnel and the Packet Forwarding Engine is rebooted. PR1473521
The RIPv2 packets forwarded across a Layer 2 circuit connection might be dropped. PR1473685
On the QFX5000 line of switches in an EVPN-VXLAN scenario, continuous error log messages might be raised. PR1474545
On the QFX5000 line of switches, the Layer 2 circuit might fail to communicate through VLAN 2. PR1474935
sFlow does not work correctly if the received traffic goes out of more than one interface. PR1475082
On the QFX5200 switches, the DAC cables are not being properly detected in the Packet Forwarding Engine. PR1475249
There might be traffic drop on QFX5110 or QFX5120 switches acting as leaf switches in a multicast environment with VXLAN. PR1475430
FPC major error is observed after the system boots up or the FPC restarts. PR1475851
The QFX Series platforms exhibit invalid Packet Forwarding Engine PG counter pairs to copy src 0xfffff80, dst 0. PR1476829
On the QFX10002-36Q/72Q switches, the following continuous error messages are logged on the device on getting adoption valid bit[8] asserted: prds_ptc_wait_adoption_status: PECHIP[1] PTC[1]: timeout. PR1477192
Egress port mirroring might not work when the analyzer port and the mirrored port belong to a different FPC. PR1477956
The default Virtual Chassis MAC persistence timer is incorrectly set to 20 seconds instead of 20 minutes. PR1478905
The SLAX script might be lost after upgrading software. PR1479803
The remaining interface might be still in Down state even though the number of channelized interfaces is no more than 5. PR1480480
The ARP request packets for an unknown host might get dropped in a remote PE device in an EVPN-VXLAN scenario. PR1480776
VLAN creation failure might be observed with the scaled VLAN and Layer 3 configuration. PR1484964
The queue statistics are not as expected after configuring the IFD and logical interface shaping with the transmit rate and the scheduler-map. PR1488935
After ISSU or ISSR, a port using SR4 or LR4 optics might not come up. PR1490799
The BFD sessions start to flap when the firewall filter in loopback0 is changed. PR1491575
Traceroute monitor with mtr version v.69 shows a false 10 percent loss. PR1493824
On the QFX5120 switch in the MC-LAG scenario, traffic loss is observed. PR1494507
ARP does not get refreshed after timeout on QFX10002-60C switches acting as an EVPN-VXLAN gateway. PR1497209
Virtual Chassis is not stable with a channelization interface. PR1497563
Outbound SSH connection flap or memory leak issue might be observed when pushing the configuration to an ephemeral DB with high rate. PR1497575
An lcmd core file might be generated on QFX52100-64C switches. PR1497947
Traffic might get dropped if an aggregated Ethernet member interface is deleted and then added or an SFP transceiver of the aggregated Ethernet member interface is unplugged/plugged. PR1497993
On QFX5210 switches, unexpected behavior is seen for Port LED after upgrade. PR1498175
Traffic loss might be seen in certain conditions under a multihomed PE scenario. PR1498863
On QFX5100 and QFX5110 switches, firewall filter might not get applied. PR1499647
BFD sessions flap after deactivating or activating the aggregated Ethernet interface or executing GRES. PR1500798
On QFX5100 switches, ERPS might not work correctly. PR1500825
Unable to set up LLDP neighborship on QFX5000 platforms. PR1504354
Core files are generated if you add or delete ERP configuration multiple times and restart l2cpd. PR1505710
On QFX10002, QFX10008, and QFX10016 platforms, PECHIP wedge caused by deactivating CoS ETS configuration affects traffic flow. PR1509220
ARP replies might be flooded through the EVPN-VXLAN network as unknown unicast ARP reply. PR1510329
The MAC learning might not work properly after multiple MTU changes on the access port in a VXLAN scenario. PR1516653
The sFlow adaptive-sampling with the rate limiter statement enabled crosses sample rate 65535. PR1525589
Class of Service (CoS)
On QFX5120 switches, the priority-based flow control (PFC) feature is not supported on 2-member Virtual Chassis currently because of the hardware limitation. PR1431895
Shaping does not work after the reboot if shaping-rate is configured. PR1432078
The traffic is placed in network-control queue on an extended port even if it comes in with different DSCP marking. PR1433252
On QFX5120-32C switches, when you move unicast traffic to a multicast queue through an MF classifer, the show interface queue command does not display any status. PR1459281
Traffic might be forwarded to an incorrect queue when a fixed classifier is used. PR1510365
EVPN
The rpd might crash after changing EVPN-related configuration. PR1467309
The ESI of IRB interface does not update after an autonomous-system number change if the interface is down. PR1482790
An l2ald memory leak might be observed in an EVPN scenario. PR1498023
The VXLAN function might be broken due to a timing issue. PR1502357
Unable to create a new VTEP interface. PR1520078
Forwarding and Sampling
Type 1 ESI/AD route might not be generated locally on an EVPN PE device in the all-active mode. PR1464778
High Availability (HA) and Resiliency
Unified ISSU is not supported on QFX5000 platforms. PR1472183
Infrastructure
The l2ald and eventd processes are hogging 100 percent after the clear ethernet-switching table command is issued. PR1452738
Interfaces and Chassis
The MC-LAG configuration-consistency ICL configuration might fail after committing some changes. PR1459201
On a QFX Series platform, VRRPv3 MIBs are not working to poll VRRPv6-related objects. PR1467649
Executing commit might become unresponsive due to a stuck dcd process. PR1470622
Commit error is not thrown when a member link is added to multiple aggregation groups with different interface-specific options. PR1475634
MC-LAG consistency check fails if multiple IRB units are configured with the same VRRP group. PR1488681
Junos Fusion Enterprise
Loop detection might not work on extended ports in Junos fusion scenarios. PR1460209
Layer 2 Features
The LLDP function might fail when a Juniper Networks device connects to a non-Juniper one. PR1462171
A few MAC addresses might be missing from the MAC table in software on QFX5000 platforms. PR1467466
After rebooting, an fxpc core file might be seen when committing the configuration. PR1467763
Ingress traffic might be silently dropped if the underlying interface flaps in an EVPN-VXLAN scenario. PR1469596
Traffic might be affected if composite next hop is enabled. PR1474142
The FPC goes down when a 100-Gigabit Ethernet link comes up on the network port of the QFX5110-48S switches. PR1499422
Layer 2 Ethernet Services
In an EVPN-VXLAN ERB scenario, DHCP relay-source lo0.1 is not used when enabled with anycast legacy IRB. PR1455076
Member links state might be asychronized on a connection between PE and CE devices in an EVPN active/active scenario. PR1463791
Issues with DHCPv6 relay processing confirm and reply packets. PR1496220
The MC-LAG might be down after disabling and then enabling the force-up statement. PR1500758
After the switch is rebooted, the aggregated Ethernet interface might sometimes not come up. PR1505523
MPLS
On QFX10002 switches, the show mpls static-lsp | display xml command produces invalid XML. PR1469378
Traffic might be silently dropped and discarded on a PE device when a CE device sends traffic to the PE device and the destination is resolved with two LSPs through one upstream interface. PR1475395
Traffic might be lost over a QFX5100 switch acting as a transit PHP node in the MPLS network. PR1477301
BGP session might keep flapping between two directly connected BGP peers because of the incorrect TCP-MSS in use. PR1493431
Routing Protocols
OSPF VRF sessions take a long time to come up when the host table is full and host routes are in LPM table. PR1358289
Invalid VRRP mastership election on QFX5110 Virtual Chassis peers. PR1367439
Host-destined packets with the filter log action might not reach the Routing Engine if log/syslog is enabled. PR1379718
On QFX5100, BGP IPv4 or IPv6 convergence and RIB install or delete time degraded. PR1414121
PIM (S,G) joins can cause MSDP to incorrectly announce source active messages in some cases. PR1443713
CRC errors might be seen on QFX5100 Virtual Chassis. PR1444845
A core file might be generated when you add or remove an EVPN Type-5 routing instance. PR1455547
On QFX5100 Virtual Chassis or Virtual Chassis Fabric, the brcm_ipmc_route_counter_delete:3900Multicast stat destroy failed (-10:Operation still running) error is observed after unified ISSU with Mini-PDT base configurations. PR1460791
The other querier present interval timer cannot be changed in an IGMP/MLD snooping scenario. PR1461590
An mcsnoopd crash might be seen if one BD/VLAN is configured as part of EVPN and it has any multicast router interfaces (static/dynamic). PR1468737
Traffic might not be forwarded over an ECMP link in an EVPN-VXLAN scenario. PR1475819
GRE transit traffic is not forwarded in a VRRP scenario. PR1477073
LACP interface might not go to collecting and distributing state along with the force-up statement. PR1484523
FPC might go to NotPrsnt state after upgrading with non-QFX5100-24Q image in a Virtual Chassis/Virtual Chassis Fabric setup. PR1485612
CPU port queue gets full due to excessive pause frames being received on interfaces. This causes control packets from the CPU to all ports to be dropped. PR1487707
The BGP route-target family might prevent the route reflector from reflecting Layer 2 VPN and Layer 3 VPN routes. PR1492743
The rpd might crash on QFX10000 due to rpd resolver problem of indirect next hop. PR1494005
Firewall filter might not work in certain conditions in a Virtual Chassis setup. PR1497133
Traffic drop might be observed after modifying the FBF firewall filter. PR1499918
The filter installation fails if the number of filter entries configured exceeds 1000. PR1514570
User Interface and Configuration
The version information under the configuration is changed from Junos OS Release 19.1. PR1457602
Resolved Issues: Release 19.3R2
Class of Service (CoS)
Without this fix, show cos scheds-per-pfe and show cos pfe-scheduler-ifds Packet Forwarding Engine CLI causes the forwarding plan to restart on QFX10008 switches.PR1452013
EVPN
ARP and IPv6 neighbor entries cannot be cleared when they are learned from EVPN multi-home ESI. The following commands do not clear ARP and IPv6 neighbor entries when they are learned from EVPN multi-home ESI. clear ethernet-switching evpn arp-table clear ethernet-switching evpn nd-table clear ethernet-switching mac-ip-table PR1446957
When there is a VXLAN with VLAN ID of 2 on a QFX5100, ARP does not get resolved. PR1453865
Under EVPN multihoming mode, if ARP Request or Neighbor Solicitation (NS) message encapsulated in Dual Tagged VLAN arrives at the DF (designated forwarder) which might send it back to the local segment as it was, that might cause a loop and at last, overwhelms the device. However, it does not happen with normal broadcast traffic. BDF (backup designated forwarder) does not have this behavior. PR1459830
Forwarding and Sampling
Commit failure with error might be seen and the dfwd crashes when applying a firewall filter with action then traffic-class or then dscp to an interface. PR1452435
General Routing
On QFX5100 platforms, LR4 QSFPs might take longer to come up than others (up to 15 minutes). This is an intermittent occurrence. PR1337340
mib2d generates a core file in mib2d_write_snmpidx at snmpidx_sync.c on both ADs while bringing. PR1354452
On QFX5110, the interface FEC counter does not work though FEC function has been supported. PR1382803
The show chassis errors active detail command does not support QFK5000 platform. It is hidden and taken care in other opened scopes. PR1386255
The optic comes with Tx enabled by default. As the port is administratively disabled, the port is stopped. But, as the port is not started, it does not disable Tx. PR1411015
When IPv4 and IPv6 are programmed at the same time, most of the IPv6 routes are not installed due to the hardware route table getting full. PR1412873
On all Junos OS platforms with channelizing ports on FPCs, if 40G ports that are channelized to 10G ports already (eg:xe-2/0/16:0) are being channelized to 10G again, they might get incorrectly channelized. PR1423496
The dcpfe/Packet Forwarding Engine might not start on AS7816-64X and QFX5K platform devices which results in all the interfaces going down. PR1426737
When configuring the global-mac-limit or global-map-ip-limit lower than the number of currently learned MAC/MAC-IP entries, the total number of learned MAC/MAC-IP entries might be more than the configured limit. PR1428572
On QFX10k platforms, the dcpfe might crash on all line cards if VTEP flap or next-hop deletion happens in scaled environment. PR1431735
When you plug in unsupported SFP-T module to MPC/DPC/FPC, the line card might crash. PR1432809
When NSSU is done from 18.1R3 to any forward image on QFX5100-VC with LACP link protection configuration, there might be around 5 minutes traffic loss. Traffic loss is not seen during NSSU if link protection configuration is not present. PR1435519
dcpfe core file generation is observed with sxe interface and NSSU is performed. PR1435963
On QFX platforms, the FPC might crash if both the AE (Aggregate Ethernet) bundle flapping on the local device and the configuration change on the peer device which can cause the interface down occur at the same time. PR1437295
On QFX10002 or QFX10008 or QFX10016 Series platforms with MACsec feature enabled, the BGP neighborship might not be established. PR1438143
After upgrading Junos OS Release 19.1, port LED shows different from the previous. PR1438359
On QFX10008 or QFX10016 platform, xSTP recognizes 1G SFP-T optic interface as LAN type link even if it is in full-duplex mode. This might cause the xSTP to converge slowly. As a workaround, configure the xSTP link type from LAN to Pt-Pt (Point To Point) using the command set protocols <vstp/rstp/mstp> <vlan X> interface <interface name> mode point-to-point. PR1439095
When lacp is configured with link protection and force-up on local, and peer is configured with link protection, disabling the active member on peer device causes the LACP MUX state to be stuck in attached state. Issue is not seen if link protection is not configured on the peer device. PR1439268
EX4600 VC might split if you replace the Virtual Chassis-port connection from SR4 or other fiber QSFP with DAC cable. PR1440062
There is a IPC sequence issue when Virtual Chassis member rebooted in aggregated interface. After rebooting Virtual Chassis member, RE kernel inject mac entry to fpc. Because of IPC sequence issue, RE added mac entry, originally source mac entry, is added to fpc as remote mac entry. And entry is never be aged out because it is remote entry. PR1440574
On QFX5000 Series platforms(except for the QFX5100) in the VXLAN scenario, the traffic is not classified properly on the UNI interface which has multiple VLANs configured. PR1445960
When unicast arp request is received by EX3400/QFX5100 switch and it is configured with "set switch-options no-arp-trap option", the arp request may not be replied. This has been fixed and unicast ARP request will be replied even with "set switch-options no-arp-trap option" configuration. PR1448071
On QFX series platform, the sFlow sample packets would stop on one Aggregated Ethernet (AE) member link if ingress sFlow is configured on the member link. This would cause inaccurate monitoring on network traffic. PR1449568
On QFX5000 platform when dual vlan tag feature is configured on physical interface a warning/error is not received. Since this feature is supported only on logical and sub interfaces, it does not work when configured on a physical interface. PR1450455
On QFX5120 Series switches (function as PE devices), all the L3 tunneling (for example, IP in IP, GRE, VXLAN) packets hit the wrong routing table while receiving the encapsulated packets on the L3VPN MPLS PE-CE interface. This can result in a black hole issue. PR1451032
If OVSDB is enabled on the device, in a rare case, vgd (VTEP gateway daemon) core file might be seen when a tunnel is deleted twice. It might cause OVSDB to not work properly. PR1452149
On QFX10000 platforms, DHCP offer packet with unicast flag set gets dropped if anycast IP is used in a VXLAN multi-homed setup. PR1452870
The VLAN specific parameters might not be used if configuring VLAN all option and VLAN specific configuration. PR1453505
On QFX5100 or QFX5110 or QFX5120 or QFX5200 or QFX5210 Series platforms with an EVPN/VXLAN scenario, the classifier might not be applied to the interface successfully and all the traffic flows in the best-effort queue. PR1453512
show chassis led status outputs might not be proper along with some port status. PR1453821
On QFX5100-VC VGD process hogs the CPU without switch-options vtep-source-interface lo0.0 configuration. PR1454014
EVPN-VXLAN: MAC+IP Count may be shown as Zero in the output of CLI show ethernet-switching global-information on Xellent (QFX10002-60c). PR1454603
On the QFX5210 platform, the laser emits from the 10G SFP+ port even though the interface is disabled or the device is rebooted. It will cause the peer's interface to be up and might impact traffic. PR1456742
QFX series switches generate SNMP trap for high temperature after upgrading to any of the affected Junos software. This is due to a temperature threshold value being set incorrectly in the software, SNMP false trap related to temperature gets generated and results in "over temperature" logs. PR1457456
In EVPN-VXLAN with retaining S-VLAN Tags and C-VLAN tags scenario, both S-VLAN and C-VLAN tags are treated as the data of a packet when it is transported. When a dual-tagged ARP packet arrives at ingress PE, the device could only recognize either untagged ARP packet or single tag ARP packet, and if it is not, the device assumes that it is not an ARP packet. Since ARP resolution fails, all subsequent communication does not happen. PR1458206
On QFX5000 platforms dhcp6 security with LDRA option not supported, When ldra is configured, ldra filter from punt packets to the host path conflicts with system default dhcpv6 relay filter. Therefore, packets are not punted to host path. PR1459499
On QFX10008 or QFX10016 Series platforms, the "forwarding" option for routing-instance type configuration is missed, it might impact the function related to this configuration. For example, FBF does not work because of the missing configuration. PR1460181
"entPhysicalTable" MIB does not fetch expected data on QFX10002-72Q / 36Q platforms PR1462582
Interfaces and Chassis
VRRP-V6 state flaps with init and idle states after configuring vlan-tagging. PR1445370
Layer 2 Features
When QFX5100 is initialized, in rare condition, if storm control is configured on the interface, it might not work as expected. The traffic levels are not monitored and the unknown unicast packets are not dropped. PR1354889
In ERPS topologies, after failure recovery or reboot, some nodes might not converge to IDLE state and their interfaces might remain in discarding state. This is caused because two STP instances might get created, resulting in two STG groups. Traffic loss might be caused. PR1431262
On QFX5100 or QFX5110 or EX4600 platforms, if copper base SFP-T is used, the MAC/ARP learning might not work for the SFP-T. PR1437577
On QFX5100 or QFX5110 or QFX5120 or QFX5200 or QFX5210 Series platforms with load-balance configuration, the uneven traffic distribution might be seen on the link aggregation group (LAG) interfaces. PR1455161
Platform and Infrastructure
When several continuous HTTP requests received through REST API, the REST service might get non-responsive. PR1449987
Routing Protocols
Due to Bad Chip ID, fxpc core file generation is encountered once during reboot of device, later it recovers by itself with no other issues. PR1432023
When applying a firewall filter, which has a modifier to change the DSCP value of a packet, to an IRB interface, the action modifier has no effect. PR1441444
With protocol igmp-snooping configured, if some receiver joins/leaves a group, few seconds of traffic drop might be seen on the existing receivers. PR1457228
On edge-routed bridging (ERB) EVPN-VXLAN multihoming designs with QFX5110 and QFX5120 switches work as Layer 3 gateways, in some rare condition, when one of the switches acting as L3 gateway comes up after reboot, the egress interface in Packet Forwarding Engine for some end-host might not be updated to the correct next-hop interface in the hardware on that gateway. This issue causes traffic disruption for the affected end host PR1460688
When deleting IRB on QFX-5110, IRB does not get removed from Packet Forwarding Engine and will blackhole traffic to irb mac address. PR1463092
User Interface and Configuration
QFX5100 might be unable to commit baseline configuration after zeroize {master:0}[edit] root# commit check Mar 26 05:50:48 mustd: UI_FILE_OPERATION_FAILED: File /var/run/db/enable-process.data doesn't exist Mar 26 05:50:48 mgd[1938]: UI_FILE_OPERATION_FAILED: Failed to open /var/run/db/enable-process.data+ file error: Failed to open /var/run/db/enable-process.data+ file error: configuration check-out failed: daemon file propagation failed. PR1426341
Resolved Issues: Release 19.3R1
Class of Service (CoS)
On QFX10008, FPC0 generates a core file after running the Packet Forward Engine command show cos sched-usage. PR1449645
EVPN
The rpd process might crash with EVPN type-3 route churn. PR1394803
Multicast MAC address might be learned in the Ethernet switching table on QFX5000 or QFX10000 platforms with EVPN-VXLAN configured. PR1420764
The device might proxy the ARP probe packets in an EVPN environment. PR1427109
Asynchronous between ARP table and Ethernet switching table happens if EVPN ESI link flap multiple times. PR1435306
Configuring ESI on a single-homed 25G port might not work. PR1438227
MAC and IP addresses routes are not consistent. PR1441464
A change in VLAN configuration is seen when l2ald restarted resulting in kernel sync issues due and impact forwarding. PR1450832
When there is a VxLAN with a vlan-id of 2 on a QFX5100, ARP will not get resolved. PR1453865
General Routing
[SIRT]Certain QFX and EX Series devices are vulnerable to 'Etherleak' memory disclosure in Ethernet padding data (CVE-2017-2304) PR1063645
The 1G copper module interface shows "Link-mode: Half-duplex" on QFX10000 line platforms PR1286709
Port LEDs do not work on QFX5100 in QFX5110-QFX5100 mixed mode virtual chassis PR1317750
QFX10002-60C: Commit should deny when mixed L2 and L3/L4 match conditions are configured on a L2 filter. PR1326715
When powering off an individual FPC the other FPC PFE might go offline too PR1344395
Interface flap 100GBASE-LR4 seen during a unified ISSU. PR1353415
QFX5120/EX4650 : Convergence delay between PE1 and P router link is more than expected delay value. PR1364244
Traffic spikes generated by IPFIX might be seen on QFX10002 PR1365864
Error logs seen when channelization is deleted in AS7816-64X product. [Err] 0:_pm4x25_line_side_phymod_interface_get: [Wed Jun 13 08:22:45.845 LOG: Err] ERROR: u=0 p=81 interface type 16 not supported by internal SERDES for this speed 50000 PR1366137
The backup member switch might fail to become the master switch after switchover on QFX5100/QFX5200/EX4600 Virtual Chassis platform PR1372521
New CLI knob to enable copying of Open vSwitch Database (OVSDB) to RAM on Virtual Chassis backup RE instead of SSD PR1382522
Static default route with next-table inet.0 does not work PR1383419
CLI "show chassis errors active detail" not supported for QFK5K platforms. PR1386255
QFX5110 - Fan LED turns Amber randomly PR1398349
CPU Interrupt process high due to intr{swi4: clock (0)} on qfx5100-48t-6q running a "QFX 5e Series" image and 18.x code PR1398632
The DHCPv6 relay-reply packet might be dropped by the DHCP relay PR1399683
QSFP-100GBASE-SR4/LR4 might take a long time to come up after disabling interface or reboot PR1402127
The DHCP discover packets are forwarded out of an interface incorrectly if DHCP snooping is configured on that interface PR1403528
Executing command "request system configuration rescue save" may fail with error messages PR1405189
DHCP Not working for some clients in dual AD fusion setup on EP ports. PR1405495
Ping over loopback might not work over TYPE 5 tunnel on QFX10000 platforms PR1405786
QFX5120 : In VxLAN-EVPN configuration , transition from collapsed to non-collapsed L2/L3 GW and vice versa needs switch reload PR1405956
QFX5200/5100 might not be able to send out control plane traffic to the peering device PR1406242
QFX10002 showing error fpc0 prds_ptc_clear_all_pulse_and_samples: prds_ptc_clear_all_pulse_and_samples PE 4 PTC 2: after clearing sample, sample still valid 1 PR1407095
After upgrading junos to 18.1R2 QFX10k send packet without innner vlan tag PR1407347
MAC address movement might not happen in Flexible Ethernet Services mode when family inet/inet6 and vlan-bridge are configured on the same ifd PR1408230
Fan failure alarms might be seen on QFX5100-96S after upgrade to 17.3R1 PR1408380
LLDP memory leak when ieee dcbx packet is received in auto-neg mode followed by another dcbx packet with none of ieee_dcbx tlvs present. PR1410239
EX2300-24P,error message: dc-pfe: BRCM_NH-,brcm_nh_resolve_get_nexthop(),346:Failed to find if family PR1410717
Storm control not shutting down mc-ae interface PR1411338
FPC CPU may not be displayed correctly PR1412314
Junos PCC may reject PCUpdate/PCCreate message if there is metric type other than type 2 PR1412659
QFX5K : Intermittently chassis alarms not raised after power-cycle of the device PR1413981
QFX5K: EVPN / VxLAN: Mutlicast NH limit is 4K PR1414213
VC Ports using DAC may not establish link on QFX5200 PR1414492
Two instances of Junos are running after Junos upgrade to 18.1R3-S3.7 PR1416585
Mac learning might not happen on trunk mode interface in EVPN/MPLS scenario PR1416987
Traffic loss might be seen on the ae interface on QFX10000 platforms PR1418396
Traffic loss might be seen after NSSU operation PR1418889
Rebooting QFX5200-48Y using "request system reboot" doesn't take physical links offline immediately PR1419465
libvirtMib_suba core seen during installation PR1419536
The 100G PSM4 optics connected ports go down randomly during the repeated power cycle PR1419826
Ping fails over Type-5 tunnel on IRB interfaces under EVPN-VXLAN scenario PR1420785
An interface may go to downstate on QFX10000/PTX10000 platform PR1421075
QFX5120-32C: DHCP binding on client might fail when QFX5120-32C acting as DHCP server, this is seen only for channelized port PR1421110
BFD might stuck in slow mode on QFX10002/QFX10008/QFX100016 platform PR1422789
QFX5100-48T 10G interface might be auto-negotiated at 1G speed instead of 10G PR1422958
The interface can not get up when the remote-connected interface only supports 100M in QFX5100 VC setup PR1423171
IPv6 multicast traffic received on one VC member might be dropped when egressing on other VC member if MLD snooping is enabled. PR1423310
ON QFX5120-32C , BUM traffic coming over IRB underlay interface gets dropped on destination vtep in PIM based VxLAN. PR1423705
Traffic is dropped after FPC reboot with AE member links deactivated by remote device. PR1423707
The J-Flow export might fail when channelization is configured on FPC QFX10000-30C. PR1423761
A ping over EVPN type-5 route to QFX10000 does not work. PR1423928
All interfaces will be down and the dcpfe will get crash if SFP-T is inserted on QFX5210. PR1424090
IPv6 communication issue might be seen after passing through QFX10002-60C platforms. PR1424244
QFX5120 QSFP-100G-PSM4 become undetected and come back up as channelized interfaces PR1424647
All interfaces creation failed after NSSU. PR1425716
The host-bound traffic might be dropped after performing change configuration related to prefix-list. PR1426539
QFX5210: Received LLDP frames on em0 not displaying in LLDP neighbor output. PR1426753
Heap memory leak might be seen on QFX10000 platforms. PR1427090
CRC errors can be seen when other manufacturer device is connected to QFX10000 with QSFP-100GBASE-LR4-T2 optics. PR1427093
Rebooting or stopping Virtual Chassis member might cause 30 seconds down on RTG link. PR1427500
QFX5100-VCF rollback for uncommitted configuration takes 1 hour. PR1427632
The dcpfe process might crash and restart in MC-LAG scenario when the ARP/NDP next-hop is changed. PR1427994
Interface with optic "QSFP-100GBASE-ER4L" is not coming up in Junos Is Release 18.3R1-S2.1. PR1428113
Licenses used flag for ovsdb on show system license will not be flagged even though ovsdb is configured and working. PR1428207
Incorrect display of MAC/MAC+IP and count values, after setting global-mac-limit and global-mac-ip-limit. PR1428572
Show chassis environment shows Input0 and Input1. PR1428690
L2ALD generates a core file when number of VXLAN HW IFBDS exceeds the maximum limit of 16382. PR1428936
On QFX10008, after Routing Engine switchover, led status is not set for missing fan tray. PR1429309
When forward-only is set within dhcp-reply, dhcp declines are not forwarded to server. PR1429456
DHCP-relay might not work in an EVPN-VxLAN scenario. PR1429506
DHCP-relay might not work in an EVPN-VxLAN scenario. PR1429536
Extra incorrect MAC move might be seen when the host moves continuously between the different ESIs. PR1429821
Interface on QFX does not come up after the transceiver is replaced with one having different speed. PR1430115
In a collapsed VGA4 script ping on shared ESI R6 to R7 IRB address is failing. PR1430327
The firewall filters might not be attached on the interfaces after doing some changes. PR1430385
Traffic impact might be seen on QFX10000 platforms with interface hold-down timer configured. PR1430722
On QFX Series platforms the validation of meta data files failed on hypervisor. PR1431111
SIB Link Error detected on a specific Packet Forwarding Engine might cause complete service impact. PR1431592
The dcpfe might crash on all line cards on QFX10000 in scaled setup. PR1431735
All ingress traffic might be dropped on 100m fixed speed port with no-auto-negotiation enabled. PR1431885
The optical power of interface may gradually reduce the optical power for almost 3 mins after issuing request system reboot at now on QFX5110 and QFX5120. PR1431900
L2 traffic drop on QFX10000 with interface MTU lower than 270 bytes. PR1431902
Outer VLAN tag may not be pushed in the egress VXLAN traffic towards the host for QinQ scenario PR1432703
L3 filters applied to PVLAN IRB interface may not work after ISSU PR1434941
SIB/FPC Link Error alarms might be observed on QFX10K due to a single CRC PR1435705
The mc-ae interface may get stuck in waiting state in dual mc-ae scenario PR1435874
DHCP discover packets sent to IP addresses in the same subnet as irb interface cause the QFX5110 to send bogus traffic out of dhcp-snooping enabled interfaces PR1436436
Unknown SNMP trap (1.3.6.1.4.1.2636.3.69.1.0.0.1) sent on QFX5110 restart PR1436968
QFX5110, QFX5200, QFX5210 There is no jnxFruOK SNMP trap message when only the Power cable is disconnected and connected back. PR1437709
The DHCP Snooping table might be cleared for VLAN ID 1 after adding a new VLAN ID to it PR1438351
Interfaces configured with flexible-vlan-tagging might loss connectivity PR1439073
DHCPv6 relay binding is not up while verifying the DHCP Snooping along with DHCPv6 Relay PR1439844
Traffic drop seen on disable/enable MC-LAG. PR1440732
From interface match condition with IRB over AE interface not working. PR1441230
QFX5110 - L2 & L3 IFL on IFD - flexible-ethernet-services - VXLAN passing over L2 ifd breaks, L3 P2P communication. PR1441690
The interface's operational status in HW and SW might be out of sync in EVPN setup with arp-proxy feature enabled. PR1442310
Flow control does not work as expected on 100G interface of QFX5110. PR1442522
The PMTUD might not work for both IPv4 and IPv6 if the ingress L3 interface is an IRB. PR1442587
DHCPv6 Client might fail to get an IP address. PR1442867
When a line-card is rebooted, the MC-LAG might not get programmed after the line-card comes back online. PR1444100
QFX5200 : Observing "DCBCM[bcore_init]: ioctl call failed ret:0" failure message when changing UFT profile in FPC logs PR1445855
On QFX10008 traffic impact might be seen when the JSRV interface is used. PR1445939
Traffic Discarded for only specified VLAN in IPACL_VXLAN filters PR1446489
Long IPv6 address are not displayed fully on ipv6 neighbor table. PR1447115
Unicast arp requests are not replied with no-arp-trap option. PR1448071
Rebooting QFX5120-48Y using "request system reboot" doesn't take physical links offline immediately PR1448102
On QFX5120, the incoming layer 3 encapsulated packets are dropped on L3VPN MPLS PE-CE interface. PR1451032
vgd core file might be generated on any platforms supporting OVSDB. PR1452149
DHCP offer packet with unicast flag set gets dropped by 10k in a vxlan multi-homed (ESI) setup using anycast IP PR1452870
QFX10002-60c: EVPN-VXLAN: MAC+IP Count is shown as Zero PR1454603
Interfaces and Chassis
Missing mandatory ICCP configuration statement redundancy-group-id-list produces misleading error message. PR1402606
The logical interfaces in EVPN routing instances might flap after committing configurations. PR1425339
An ARP entry is not learned at one of mc-lag device at QFX10000. PR1449806
Layer 2 Ethernet Services
LACP PDU might be looped towards peer MC-LAG nodes. PR1379022
Layer 2 Features
On QFX Series switches the error message Failed with error (-7) while deleting the trunk 1 on the device 0. PR1393276
QinQ might be malfunctioning if vlan-id-lists are configured. PR1395312
On all QFX5000, symmetric hashing can be done with the hashing options, though it cannot be enabled and stored in the Junos OS configuration. PR1397229
On QFX Series EVPN-VXLAN, the unicast IPv6 NS message gets flooded on L3GW. Both IPv4 and IPv6 traffic gets dropped on L2SW. PR1405814
IGMP-snooping on EVPN-VXLAN might impact OSPF hello packets flooding after VTEP leaf reboot. PR1406502
QFX5110 VC generates DDOS messages of different protocols on inserting a 1G/10G SFP or forming VCP connection. PR1410649
Stale entries might be observed in a layer 3 VXLAN gateway scenario. PR1423368
The FXPC might continually crash when firewall filter is applied on a logical unit of a DSC interface. PR1428350
JTASK and multimove depth failed errors seen after HALT. PR1434687
Transit DHCPv6 packets might be dropped on QFX5100 and QFX5200 platforms. PR1436415
QFX5000 switches not properly hashing MPLS transit traffic from VXLAN to L2 LAG. PR1448488
MPLS
Traffic loss might be observed after changing the configuration protocols mpls in ldp-tunneling scenario. PR1428081
In QFX5110, the l2circuit traffic might be silently dropped or discarded at EVPN SPINE/MPLS LSP TRANSIT device if VXLAN access interface flaps on remote PE node. PR1435504
Packet loss is seen with ECMP resilient-hash enabled on QFX Series platforms. PR1442033
Routing Protocols
Some storm control error logs might be seen on QFX Series platforms. PR1355607
Host destined packets with filter log action might not reach to the Routing Engine if log/syslog is enabled. PR1379718
The IRB transit traffic might not be counted for EVPN/VXLAN traffic. PR1383680
AUTONEG errors and flush operation failed error, seen after power cycle of the device. PR1394866
On QFX5110, the firewall filter applied on VxLAN mapped VLAN is not supported on EVPN-VXLAN scenario. PR1398237
The same traffic flow might be forwarded to different ECMP next hops on QFX5000 platforms. PR1422324
The traffic loss might start after deleting IRB logical interface. PR1424284
The rpd process generates a core file due to improper handling of Graceful Restart stale routes. PR1427987
BGP statement multipath multiple-as does not work in specific scenario. PR1430899
BGP session might go into down status once the traffic flow starts. PR1431259
Ping fails over Type-5 tunnel on IRB interfaces under EVPN-VXLAN scenario. PR1433918
The IPv4 fragmented packets might be broken if PTP transparent clock is configured. PR1437943
The bandwidth value of the DDOS-protection might cause the packets loss after the device reboot. PR1440847
One of the downstream interfaces flapped and the traffic through xe-2/0/38 broken interface. PR1441402
IPv6 connectivity between MC-LAG peers might fail when multiple IRB interfaces are present. PR1443507
QFX5110 MCLAG: L2_L3_INTF_OPS_ERROR messages seen after node reboot. PR1435314
PIM (S,G) joins can cause MSDP to incorrectly announce source active messages in some cases. PR1443713
The QFX5120 might drop the tunnel encapsulated packets if it acts as a transit device. PR1447128
Loopback address exported into other VRF instance might not work on QFX Series platforms. PR1449410
MPLS LDP might still use stale MAC of the neighbor even the LDP neighbor's MAC changes. PR1451217
Few seconds of traffic drop might be seen towards the existing receivers when another receiver joins/leaves. PR1457228
User Interface and Configuration
QFX5100 were unable to commit baseline configuration after zeroize. PR1426341
Documentation Updates
There are no errata or changes in Junos OS Release 19.3R3 documentation for the QFX Series.
Migration, Upgrade, and Downgrade Instructions
This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network.
Upgrading Software on QFX Series Switches
When upgrading or downgrading Junos OS, always use the jinstall package. Use other packages (such as the jbundle package) only when so instructed by a Juniper Networks support representative. For information about the contents of the jinstall package and details of the installation process, see the Installation and Upgrade Guide and Junos OS Basics in the QFX Series documentation.
If you are not familiar with the download and installation process, follow these steps:
- In a browser, go to https://www.juniper.net/support/downloads/junos.html.
The Junos Platforms Download Software page appears.
- In the QFX Series section of the Junos Platforms Download Software page, select the QFX Series platform for which you want to download the software.
- Select 19.3 in the Release pull-down list to the right of the Software tab on the Download Software page.
- In the Install Package section of the Software tab, select
the QFX Series Install Package for the 19.2 release.
An Alert box appears.
- In the Alert box, click the link to the PSN document for
details about the software, and click the link to download it.
A login screen appears.
- Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.
- Download the software to a local host.
- Copy the software to the device or to your internal software distribution site.
- Install the new jinstall package on the device.
Note We recommend that you upgrade all software packages out of band using the console, because in-band connections are lost during the upgrade process.
Customers in the United States and Canada use the following command:
user@host> request system software add source/jinstall-host-qfx-5-x86-64-19.3-R3.n-secure-signed.tgz rebootReplace source with one of the following values:
/pathname—For a software package that is installed from a local directory on the switch.For software packages that are downloaded and installed from a remote location:
ftp://hostname/pathnamehttp://hostname/pathnamescp://hostname/pathname(available only for Canada and U.S. version)
Adding the reboot command reboots the switch after the upgrade is installed. When the reboot is complete, the switch displays the login prompt. The loading process can take 5 to 10 minutes.
Rebooting occurs only if the upgrade is successful.
After you install a Junos OS Release 19.3jinstall package, you can issue the request system software rollback command to return to the previously installed software.
Installing the Software on QFX10002-60C Switches
This section explains how to upgrade the software, which includes
both the host OS and the Junos OS. This upgrade requires that you
use a VM host package—for example, a junos-vmhost-install-x.tgz .
During a software upgrade, the alternate partition of the SSD is upgraded, which will become primary partition after a reboot .If there is a boot failure on the primary SSD, the switch can boot using the snapshot available on the alternate SSD.
The QFX10002-60C switch supports only the 64-bit version of Junos OS.
If you have important files in directories other than /config and /var, copy the files to a secure location before upgrading. The files under /config and /var (except /var/etc) are preserved after the upgrade.
To upgrade the software, you can use the following methods:
If the installation package resides locally on the switch, execute the request vmhost software add <pathname><source> command.
For example:
user@switch> request vmhost software add /var/tmp/junos-vmhost-install-qfx-x86-64-19.3R3.9.tgzIf the Install Package resides remotely from the switch, execute the request vmhost software add <pathname><source> command.
For example:
user@switch> request vmhost software add ftp://ftpserver/directory/junos-vmhost-install-qfx-x86-64-19.3R3.9.tgzAfter the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.
user@switch> show versionInstalling the Software on QFX10002 Switches
If you are upgrading from a version of software that does not have the FreeBSD 10 kernel (15.1X53-D30, for example), you will need to upgrade from Junos OS Release 15.1X53-D30 to Junos OS Release 15.1X53-D32. After you have installed Junos OS Release 15.1X53-D32, you can upgrade to Junos OS Release 15.1X53-D60 or Junos OS Release 18.3R1.
On the switch, use the force-host option to force-install the latest version of the Host OS. However, by default, if the Host OS version is different from the one that is already installed on the switch, the latest version is installed without using the force-host option.
If the installation package resides locally on the switch, execute the request system software add <pathname><source> reboot command.
For example:
user@switch> request system software add /var/tmp/jinstall-host-qfx-10-f-x86-64-19.3R3.n-secure-signed.tgz
rebootIf the Install Package resides remotely from the switch, execute the request system software add <pathname><source> reboot command.
For example:
user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-f-x86-64-19.3R3.n-secure-signed.tgz
rebootAfter the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.
user@switch> show versionUpgrading Software from Junos OS Release 15.1X53-D3X to Junos OS Release 15.1X53-D60, 15.1X53-D61.7, 15.1X53-D62, and 15.1X53-D63 on QFX10008 and QFX10016 Switches
Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://www.juniper.net/support.
The switch contains two Routing Engines, so you will need to install the software on each Routing Engine (re0 and re1).
If the installation package resides locally on the switch, execute the request system software add <pathname><source> command.
To install the software on re0:
user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz
re0If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re0 command.
For example:
user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz
re0To install the software on re1:
user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz
re1If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re1 command.
For example:
user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz
re1Reboot both Routing Engines.
For example:
user@switch> request system reboot both-routing-enginesAfter the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.
user@switch> show versionInstalling the Software on QFX10008 and QFX10016 Switches
Because the switch has two Routing Engines, perform a Junos OS installation on each Routing Engine separately to avoid disrupting network operation.
Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://www.juniper.net/support.
If graceful Routing Engine switchover (GRES), nonstop bridging (NSB), or nonstop active routing (NSR) is enabled when you initiate a software installation, the software does not install properly. Make sure you issue the CLI delete chassis redundancy command when prompted. If GRES is enabled, it will be removed with the redundancy command. By default, NSR is disabled. If NSR is enabled, remove the nonstop-routing statement from the [edit routing-options] hierarchy level to disable it.
Log in to the master Routing Engine’s console.
For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.
From the command line, enter configuration mode:
user@switch> configureDisable Routing Engine redundancy:
user@switch# delete chassis redundancyDisable nonstop-bridging:
user@switch# delete protocols layer2-control nonstop-bridgingSave the configuration change on both Routing Engines:
user@switch# commit synchronizeExit the CLI configuration mode:
user@switch# exitAfter the switch has been prepared, you first install the new Junos OS release on the backup Routing Engine, while keeping the currently running software version on the master Routing Engine. This enables the master Routing Engine to continue operations, minimizing disruption to your network.
After making sure that the new software version is running correctly on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the software version on the other Routing Engine.
Log in to the console port on the other Routing Engine (currently the backup).
For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.
Install the new software package using the request system software add command:
user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-f-x86-64-19.3R3.n-secure-signed.tgzFor more information about the request system software add command, see the CLI Explorer.
Reboot the switch to start the new software using the request system reboot command:
user@switch> request system rebootNote You must reboot the switch to load the new installation of Junos OS on the switch.
To abort the installation, do not reboot your switch. Instead, finish the installation and then issue the request system software delete <package-name> command. This is your last chance to stop the installation.
All the software is loaded when you reboot the switch. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.
While the software is being upgraded, the Routing Engine on which you are performing the installation is not sending traffic.
Log in and issue the show version command to verify the version of the software installed.
user@switch> show versionOnce the software is installed on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the master Routing Engine software.
Log in to the master Routing Engine console port.
For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.
Transfer routing control to the backup Routing Engine:
user@switch> request chassis routing-engine master switchFor more information about the request chassis routing-engine master command, see the CLI Explorer.
Verify that the backup Routing Engine (slot 1) is the master Routing Engine:
user@switch> show chassis routing-engineRouting Engine status:
Slot 0:
Current state Backup
Election priority Master (default)
Routing Engine status:
Slot 1:
Current state Master
Election priority Backup (default)Install the new software package using the request system software add command:
user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-f-x86-64-19.3R3.n-secure-signed.tgzFor more information about the request system software add command, see the CLI Explorer.
Reboot the Routing Engine using the request system reboot command:
user@switch> request system rebootNote You must reboot to load the new installation of Junos OS on the switch.
To abort the installation, do not reboot your system. Instead, finish the installation and then issue the request system software delete jinstall <package-name> command. This is your last chance to stop the installation.
The software is loaded when you reboot the system. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.
While the software is being upgraded, the Routing Engine on which you are performing the installation does not send traffic.
Log in and issue the show version command to verify the version of the software installed.
Transfer routing control back to the master Routing Engine:
user@switch> request chassis routing-engine master switchFor more information about the request chassis routing-engine master command, see the CLI Explorer.
Verify that the master Routing Engine (slot 0) is indeed the master Routing Engine:
user@switch> show chassis routing-engineRouting Engine status:
Slot 0:
Current state Master
Election priority Master (default)
outing Engine status:
Slot 1:
Current state Backup
Election priority Backup (default)
Performing a Unified ISSU
You can use unified ISSU to upgrade the software running on the switch with minimal traffic disruption during the upgrade.
Unified ISSU is supported in Junos OS Release 13.2X51-D15 and later.
Perform the following tasks:
Preparing the Switch for Software Installation
Before you begin software installation using unified ISSU:
Ensure that nonstop active routing (NSR), nonstop bridging (NSB), and graceful Routing Engine switchover (GRES) are enabled. NSB and GRES enable NSB-supported Layer 2 protocols to synchronize protocol information between the master and backup Routing Engines.
To verify that nonstop active routing is enabled:
Note If nonstop active routing is enabled, then graceful Routing Engine switchover is enabled.
user@switch> show task replication Stateful Replication: Enabled RE mode: MasterIf nonstop active routing is not enabled (Stateful Replication is Disabled), see Configuring Nonstop Active Routing on Switches for information about how to enable it.
Enable nonstop bridging (NSB). See Configuring Nonstop Bridging on Switches (CLI Procedure) for information on how to enable it.
(Optional) Back up the system software—Junos OS, the active configuration, and log files—on the switch to an external storage device with the request system snapshot command.
Upgrading the Software Using Unified ISSU
This procedure describes how to upgrade the software running on a standalone switch.
To upgrade the switch using unified ISSU:
Download the software package by following the procedure in the Downloading Software Files with a Browser section in Installing Software Packages on QFX Series Devices.
Copy the software package or packages to the switch. We recommend that you copy the file to the /var/tmp directory.
Log in to the console connection. Using a console connection allows you to monitor the progress of the upgrade.
Start the ISSU:
On the switch, enter:
user@switch> request system software in-service-upgrade /var/tmp/package-name.tgzwhere package-name.tgz is, for example, jinstall-host-qfx-10-f-x86-64-19.3R3.n-secure-signed.tgz.
Note During the upgrade, you cannot access the Junos OS CLI.
The switch displays status messages similar to the following messages as the upgrade executes:
warning: Do NOT use /user during ISSU. Changes to /user during ISSU may get lost! ISSU: Validating Image ISSU: Preparing Backup RE Prepare for ISSU ISSU: Backup RE Prepare Done Extracting jinstall-host-qfx-5-f-x86-64-18.3R1.n-secure-signed.tgz ... Install jinstall-host-qfx-5-f-x86-64-19.2R1.n-secure-signed.tgz completed Spawning the backup RE Spawn backup RE, index 0 successful GRES in progress GRES done in 0 seconds Waiting for backup RE switchover ready GRES operational Copying home directories Copying home directories successful Initiating Chassis In-Service-Upgrade Chassis ISSU Started ISSU: Preparing Daemons ISSU: Daemons Ready for ISSU ISSU: Starting Upgrade for FRUs ISSU: FPC Warm Booting ISSU: FPC Warm Booted ISSU: Preparing for Switchover ISSU: Ready for Switchover Checking In-Service-Upgrade status Item Status Reason FPC 0 Online (ISSU) Send ISSU done to chassisd on backup RE Chassis ISSU Completed ISSU: IDLE Initiate em0 device handoff
Note A unified ISSU might stop, instead of abort, if the FPC is at the warm boot stage. Also, any links that go down and up will not be detected during a warm boot of the Packet Forwarding Engine (PFE).
Note If the unified ISSU process stops, you can look at the log files to diagnose the problem. The log files are located at /var/log/vjunos-log.tgz.
Log in after the reboot of the switch completes. To verify that the software has been upgraded, enter the following command:
user@switch> show versionEnsure that the resilient dual-root partitions feature operates correctly, by copying the new Junos OS image into the alternate root partitions of all of the switches:
user@switch> request system snapshot slice alternateResilient dual-root partitions allow the switch to boot transparently from the alternate root partition if the system fails to boot from the primary root partition.
Upgrade and Downgrade Support Policy for Junos OS Releases
Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.
You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2 and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.
You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.
For more information about EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.