Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

MPLS Limitations on QFX Series and EX4600 Switches

 

MPLS is a fully implemented protocol on routers, while switches support a subset of the MPLS features. The limitations of each switch are listed in a separate section here, although many of the limitations are duplicates that apply to more than one switch.

MPLS Limitations on QFX10000 Switches

  • Configuring an MPLS firewall filter on a switch that is deployed as an egress provider edge (PE) switch has no effect.

  • Configuring the revert-timer statement at the [edit protocols mpls] hierarchy level has no effect.

  • These LDP features are not supported on the QFX10000 switches:

    • LDP multipoint

    • LDP link protection

    • LDP Bidirectional Forwarding Detection (BFD)

    • LDP Operation Administration and Management (OAM)

    • LDP multicast-only fast reroute (MoFRR)

  • Pseudowire-over-aggregated Ethernet interfaces on UNI are not supported.

  • MPLS-over-UDP tunnels are not supported on the following:

    • MPLS TTL propagation

    • IP fragmentation at the tunnel start point

    • CoS rewrite rules and priority propagation for RSVP LSP labels (ingress tunnels only)

    • Plain IPv6

    • Multicast traffic

    • Firewall filters on tunnel start and endpoints

    • CoS tunnel endpoints

    Note

    MPLS-over-UDP tunnels are created only if corresponding RSVP-TE, LDP, or BGP-LU tunnels are not available for the destination route.

MPLS Limitations on EX4600, EX4650, QFX5100, QFX5110, QFX5120, QFX5200, and QFX5210 Switches

  • MPLS support differs on the various switches. EX4600 switches support only basic MPLS functionality while the QFX5100, QFX5110, QFX5120, QFX5200, and QFX5210 switches support some of the more advanced features. See MPLS Feature Support on QFX Series and EX4600 Switches for details.

  • On a QFX5100 switch, configuring integrated bridging and routing (IRB) interfaces on the MPLS core is implemented on the switch by using TCAM rules. This is the result of a chip limitation on the switch, which only allows for a limited amount of TCAM space. There is 1K TCAM space is allocated for IRB. If multiple IRBs exist, make sure that you have enough available TCAM space on the switch. To check the TCAM space, see TCAM Filter Space Allocation and Verification in QFX Devices from Junos OS 12.2x50-D20 Onward.

  • (QFX5100, QFX5110, QFX5120, QFX5200, QFX5210, EX4600) When VLAN bridge encapsulation is enabled on a CE connected interface, the switch drops packets if both flexible Ethernet services and VLAN CCC encapsulations are configured on the same logical interface. Only one can be configured, not both. For example:

    set interfaces xe-0/0/18 encapsulation flexible-ethernet-services, or set interfaces xe-0/0/18 encapsulation vlan-ccc.

  • Layer 2 circuits on aggregated Ethernet (AE) interfaces are not supported on QFX5100, QFX5110, QFX5120, QFX5200, and QFX5210 switches.

  • Layer 2 circuit local switching is not supported on the EX4600, EX4650, and QFX5100 switches.

  • The QFX5100, QFX5110, QFX5120, QFX5200, and QFX5210 switches do not depend on the VRF match for loopback filters configured at different routing instances. Loopback filters per routing instance (such as lo0.100, lo0.103, lo0.105) are not supported and may cause unpredictable behavior. We recommend that you only apply the loopback filter (lo0.0) to the master routing instance

  • On EX4600 and EX4650 switches, when loopback filters with both accept and deny terms for the same IP address are configured and if RSVP packets have that IP address in either source IP or destination IP, then those RSVP packets will be dropped even if accept terms have higher priority than deny terms. As per design, if the switch receives an RSVP packet with IP OPTION, the packet is copied to the CPU and then the original packet is dropped. Because RSVP packets are marked for drop, the accept term will not process these packets and the deny term will drop the packets.

  • On a link-protected, fast reroute Layer 2 circuit, you might see a traffic convergence delay of 200 to 300 milliseconds.

  • Layer 2 circuit local switching is not supported on the EX4600, EX4650, and QFX5100 switches.

  • If you configure the BGP labeled unicast address family (using the labeled-unicast statement at the [edit protocols bgp family inet] hierarchy level) on a QFX Series switch or on an EX4600 switch deployed as a route reflector for BGP labeled routes, path selection will occur at the route reflector, and a single best path will be advertised. This will result in loss of BGP multipath informaton.

  • Although fast reroute (FRR) on regular interfaces is supported, the include-all and include-any options for FRR are not supported. See Fast Reroute Overview.

  • FRR is not supported on MPLS over IRB interfaces.

  • MPLS-based circuit cross-connects (CCC) are not supported—only circuit-based pseudowires are supported.

  • Configuring link aggregation groups (LAGs) on user-to-network interface (UNI) ports for L2 circuits is not supported.

  • MTU signaling in RSVP and discovery is supported in the control plane. However, this cannot be enforced in the data plane.

  • With L2 circuit-based pseudowires, if multiple equal-cost RSVP LSPs are available to reach an L2 circuit neighbor, one LSP is randomly used for forwarding. Use this feature to specify LSPs for specific L2 circuit traffic to load-share the traffic in the MPLS core.

  • Configuring an MPLS firewall filter on a switch that is deployed as an egress provider edge (PE) switch has no effect.

  • Firewall filters and policers on family mpls are only supported on QFX5100 switches that act as pure label-switching routers (LSRs) in an MPLS network. A pure LSR is a transit router that switches paths solely on the incoming label’s instructions. Firewall filters and policers on family mpls are not supported on QFX5100 ingress and egress provider edge (PE) switches. This includes switches that perform penultimate hop popping (PHP).

  • Configuring the revert-timer statement at the [edit protocols mpls] hierarchy level has no effect.

  • These are the hardware limitations for EX4600, EX4650, QFX5100, QFX5110, QFX5120, QFX5200, and QFX5210 switches:

    • Push of a maximum of three labels is supported in the MPLS edge switch if label swap is not done.

    • Push of a maximum of two labels is supported in the MPLS edge switch if label swap is done.

    • Pop at line rate is supported for a maximum of two labels.

    • Global label space is supported but interface-specific label space is not supported.

    • MPLS ECMP on PHY node with BOS=1 is not supported for single labels.

    • QFX Series switches with Broadcom chips do not support separate next hops for the same label with different S bits (S-0 and S-1). This includes the QFX3500, QFX3600, EX4600, QFX5100, and QFX5200 switches.

    • On EX4600, EX4650, QFX5100, QFX5110, QFX5120, QFX5200, and QFX5210 switches, the MPLS MTU command can cause unexpected behavior—this is due to SDK chipset limitations on this platform.

  • These LDP features are not supported on the EX4600, EX4650, QFX5100, QFX5110, QFX5120, QFX5200, and QFX5210 switches:

    • LDP multipoint

    • LDP link protection

    • LDP Bidirectional Forwarding Detection (BFD)

    • LDP Operation Administration and Management (OAM)

    • LDP multicast-only fast reroute (MoFRR)

MPLS Limitations on QFX5100 Virtual Chassis and Virtual Chassis Fabric Switches

The following MPLS features are not supported by the QFX5100 VC and QFX5100 VCF switches:

  • Next-hop LSP

  • BFD including BFD triggered FRR

  • L2 VPN based on BGP (See RFC 6624)

  • VPLS

  • Extended VLAN CCC

  • Pseudowire protection using Ethernet OAM

  • Local switching of pseudo-wire

  • Pseudowire fault detection based on VCCV

  • QFX Series switches with Broadcom chipsets do not support separate next hops for the same label with different S bits (S-0 and S-1). This includes QFX3500, QFX3600, EX4600, QFX5100, and QFX5200 switches.

MPLS Limitations on QFX3500 Switches

  • If you configure the BGP labeled unicast address family (using the labeled-unicast statement at the [edit protocols bgp family inet] hierarchy level) on a QFX Series switch or on an EX4600 switch deployed as a route reflector for BGP labeled routes, path selection will occur at the route reflector, and a single best path will be advertised. This will result in loss of BGP multipath information.

  • Although fast reroute is supported, the include-all and include-any options for fast reroute are not supported. See Fast Reroute Overview for details.

  • MPLS-based circuit cross-connects (CCC) are not supported—only circuit-based pseudowires are supported.

  • MTU signaling in RSVP and discovery is supported in the control plane. However, this cannot be enforced in the data plane.

  • With Layer 2 (L2) circuit-based pseudowires, if multiple equal-cost RSVP label-switched paths (LSPs) are available to reach a L2 circuit neighbor, one LSP is randomly used for forwarding. Use this feature to specify LSPs for specific L2 circuit traffic to load-share the traffic in the MPLS core.

  • Configuring an MPLS firewall filter on a switch that is deployed as an egress provider edge (PE) switch has no effect.

  • Configuring the revert-timer statement at the [edit protocols mpls] hierarchy level has no effect.