Hardware

Class of service

Support for CoS configuration with the following limitations:

• If you apply strict-high priority schedulers to queues 0 through 3, then the strict-high priority schedulers are also applied to queues 8 through 11. Therefore, we recommend that you apply strict-high priority schedulers only to queues 4 through 7.

• The EX4400 doesn't support the excess-rate configuration for schedulers.

[See schedulers (CoS).]

EVPN

Support for Layer 2 VXLAN gateway services in an EVPN-VXLAN network:

• 802.1X authentication, accounting, CWA authentication, and captive portal

• CoS

• DHCPv4 and DHCPv6 snooping, dynamc ARP inspection (DAI), neighbor discovery inspection, IP source guard and IPv6 source guard, and router advertisement (RA) guard (no multihoming)

• Firewall filters and policing

• Storm control, port mirroring, and MAC filtering

[See EVPN Feature Guide.]

Support for the following Layer 2 VXLAN gateway features in an EVPN-VXLAN network:

• Active/active multihoming

• Proxy ARP use and ARP suppression, and Neighbor Discovery Protocol (NDP) use and NDP suppression on non-IRB interfaces

• Ingress node replication for broadcast, unknown unicast, and multicast (BUM) traffic forwarding

[See EVPN Feature Guide.]

Layer 3 VXLAN gateway in EVPN-VXLAN centrally routed bridging overlay or edge-routed bridging overlay networks, supported on standalone switches or Virtual Chassis and including the following features:

• Default gateway using IRB interfaces to route traffic between VLANs. [See Using a Default Layer 3 Gateway to Route Traffic in an EVPN-VXLAN Overlay Network.]

• IPv6 data traffic routed through an EVPN-VXLAN overlay network with an IPv4 underlay. [See Routing IPv6 Data Traffic through an EVPN-VXLAN Network with an IPv4 Underlay.]

• EVPN pure Type 5 routes. [See Understanding EVPN Pure Type-5 Routes.]

The Virtual Chassis doesn’t support EVPN-VXLAN multihoming, but you can use the standalone switch as an EVPN-VXLAN provider edge device in multihoming use cases.

Support for VXLAN Group Based Policy (VXLAN-GBP). EX4400 switches support the use of existing Layer 3 VXLAN network identifiers (VNI) in conjunction with firewall filter policies to provide microsegmentation at the device or tag level, independent of the underlying network topology. IoT devices, for example, typically only need access to specific applications on the network. GBP keeps this traffic isolated by automatically applying security policies without the need for L2 or L3 lookups, or access control lists (ACLs). [See Example: Micro and Macro Segmentation using Group Based Policy in a VXLAN.]

High availability (HA) and resiliency

High availability includes NSSU, GRES, NSB, and NSR. [See High Availability User Guide.]

Interfaces and chassis

EX4400-24T and EX4400-24P models have 24 RJ-45 ports and 2 QSFP28 ports.

EX4400-48T and EX4400-48P models have 48 RJ-45 ports and 2 QSFP28 ports.

The EX4400-48F model has 36 1GbE SFP ports, 12 10GbE SFP+ ports, and 2 100GbE QSFP28 ports.

You can channelize the QSFP28 ports into four 25-Gbps or four 10-Gbps interfaces. [See Port Settings.]

Support for the IEEE 802.3bt standard for Power over Ethernet (PoE) and fast PoE. With fast PoE enabled, the switch saves PoE power settings across a reboot and powers on the powered device (PD) at the initial stage of the boot (within a few seconds of switching on power) before the complete switch is booted. To configure fast PoE, use the command set poe fast-poe. [See Understanding PoE on EX Series Switches.]

Junos telemetry interface (JTI)

JTI Packet Forwarding Engine and Routing Engine sensor support. Use the Junos telemetry interface (JTI) and remote procedure calls (gRPC) to stream statistics from the switches to an outside collector.

The following Routing Engine statistics are supported:

• LACP state export

• Chassis environmentals export

• Network discovery chassis and components

• LLDP export and LLDP model

• BGP peer information (RPD)

• RPD task memory utilization export

• Network discovery ARP table state

• Network discovery NDP table state

The following Packet Forwarding Engine statistics are supported:

• Congestion and latency monitoring

• Logical interface

• Filter

• Physical interface

• NPU/LC memory

• Network discovery NDP table state

To provision a sensor to export data through gRPC, use the telemetrySubscribe RPC to specify telemetry parameters.

[ See Configuring a Junos Telemetry Interface Sensor (CLI Procedure), Configure a NETCONF Proxy Telemetry Sensor in Junos, and Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

Junos XML API and scripting

Support for Python, SLAX, and XSLT scripting languages and for commit scripts and macros, event policy and event scripts, op scripts, and SNMP scripts. [See Automation Scripting User Guide.]

Support for Ethernet ring protection switching version 2 (ERPSv2), which reliably achieves carrier-class network requirements for Ethernet topologies to form a closed loop. [See Example: Configuring Ethernet Ring Protection Switching on QFX Series and EX Series Switches Supporting ELS.]

Layer 2 unicast features

• Bridge protocol data unit (BPDU) protection

• Ethernet ring protection switching (ERPS)

• IEEE 802.1p

• LAG resilient hashing

• Layer 3 VLAN-tagged subinterfaces

• LLDP (IEEE 802.1AB)

• Loop protection

• MAC address aging

• MAC address filtering

• Disable MAC learning

• Multiple Spanning Tree Protocol (MSTP) (IEEE 802.1s)

• Multiple VLAN Registration Protocol (MVRP) (IEEE 802.1ak)

• Persistent MAC (sticky MAC)

• Per VLAN MAC learning (limit)

• Port-based VLAN

• Proxy ARP

• Redundant trunk group (RTG)

• Root protection

• Routed VLAN interface (RVI)

• Rapid Spanning Tree Protocol (RSTP) (IEEE 802.1w)

• Static and dynamic link aggregation with LACP (fast and slow LACP)

• Static MAC address assignment for interface

• Storm control

• STP (IEEE 802.1D)

• Uplink failure detection

• VLAN

• VLAN—IEEE 802.1Q VLAN trunking

• VSTP

[See Ethernet Switching User Guide, Security Services Administration Guide, and Spanning-Tree Protocols User Guide.]

Layer 3 unicast features

• 32-way equal-cost multipath (ECMP)

• BFD (for RIP, OSPF, IS-IS, BGP, and PIM)

• BGP 4-byte ASN support

• BGP Add Path (BGP-AP)

• Filter based forwarding (FBF)

• IP directed broadcast traffic forwarding

• IPv4 BGP

• IPv4 multiprotocol BGP (MBGP)

• IPv4 over GRE

• IPv6 BGP

• IPv6 CoS (BA, classification and rewrite, scheduling based on traffic class)

• IPv6 IS-IS

• IPv6 Neighbor Discovery Protocol (NDP)

• IPv6 OSPFv3

• IPv6 ping

• IPv6 stateless auto-configuration

• IPv6 static routing

• IPv6 traceroute

• IS-IS

• OSPFv2

• Path MTU discovery

• RIPv2

• Static routing

• Unicast reverse path forwarding (unicast RPF)

• Virtual router for IS-IS, RIP, OSPF, and BGP

• Virtual Router Redundancy Protocol (VRRP)

• VRRPv3

[See High Availability User Guide, BGP User Guide, Routing Policies, Firewall Filters, and Traffic Policers User Guide, IS-IS User Guide, Security Services Administration Guide, and OSPF User Guide.]

Licensing

You need a license to use the software features on the EX4400-24T, EX4400-24P, EX4400-48T, EX4400-48P, and EX4400-48F switches. To learn about the features supported on this device. [See EX Series Switches Support for the Juniper Flex Program.]

[To add, delete, and manage licenses, see Managing Licenses.]

Multicast

• IGMP snooping

• IGMP: version 1, version 2, version 3

• Multicast Listener Discovery (MLD) snooping

• PIM-SM, PIM-SSM, PIM-DM

[See Multicast Protocols User Guide.]

Network management and monitoring

Chef support for EX4400-48F. [See Chef for Junos OS Getting Started Guide.]

EX4400 switches support the following Ethernet OAM link fault management (LFM) and connectivity fault management (CFM) features:

• Monitor faults, using the continuity check messages (CCM) protocol to discover and maintain adjacencies at the VLAN or link level.

• Discover paths and verify faults, using the Link Trace Message protocol (LTM protocol) to map the path taken to a destination MAC address.

• Isolate faults, using loopback messages

The EX4400 supports the following Ethernet switching events:

• adjacency loss

• connection-protection-tlv

• interface-status-tlv

• port-status-tlv

EX Series switches support the interface-down action.

[See Ethernet OAM and CFM for Switches and OAM Link Fault Management.]

• Local and remote port mirroring, and remote port mirroring to an IP address (GRE encapsulation). [See Port Mirroring and Analyzers.]

• sFlow network monitoring technology. [See sFlow Monitoring Technology.]

Support for Puppet for Junos OS. [See Puppet for Junos OS Administration Guide.]

Support for adding nonnative YANG modules to the Junos OS schema. [See Understanding the Management of Nonnative YANG Modules on Devices Running Junos OS.]

Support for configuring the ephemeral database using the NETCONF and Junos XML protocols. [See Understanding the Ephemeral Configuration Database.]

Support for Juniper Mist Wired Assurance. You can automatically onboard and provision Juniper Networks EX4400 switches to the Juniper Mist cloud using a single activation code. Juniper Mist Wired Assurance provides automated operations and enables the use of service-level expectations (SLEs) for IoT devices, Juniper access points driven by Mist AI, and other network devices.

[For an overview of Juniper Mist Wired Assurance and deployment instructions, see Juniper AI-Driven Enterprise and Overview of EX Series Switches and the Juniper Mist Cloud.]

Routing policy and firewall filters

Firewall filters and policers. [See Firewall Filters Overview.]

Security

Support for distributed denial-of-service (DDoS) protection. [See Control Plane Distributed Denial-of-Service (DDoS) Protection Overview.]

Support for the following port security features:

• DHCP snooping (IPv4 and IPv6)

• Dynamic ARP inspection (DAI)

• IPv6 neighbor discovery inspection

[See Security Services Administration Guide.]

Support for Media Access Control security with 256-bit cipher suite. [See Understanding Media Access Control Security (MACsec).]

Services applications

Flow-based telemetry (FBT) enables per-flow-level analytics, using inline monitoring services to create flows and collect them. A flow is a sequence of packets that have the same source IP, destination IP, source port, destination port, or protocol on an interface. For each flow, various parameters are collected and sent to a collector using the open-standard IPFIX template to organize the flow. You configure FBT by configuring the template statement at the [edit services inline-monitoring] hierarchy level, and including the flow-monitoring option. [See Inline Monitoring Services Configuration and template (Inline Monitoring).]

Software installation and upgrade

Support for secure boot. The implementation is based on the UEFI 2.4 standard. [See Software Installation and Upgrade Guide.]

Virtual Chassis

Virtual Chassis support for up to ten EX4400 switches interconnected and managed as a single device. The Virtual Chassis also supports NSSU to upgrade all member devices with a single command.

You configure and operate an EX4400 Virtual Chassis the same way as you do other EX Series and QFX Series Virtual Chassis. However, there are a few platform-specific VCP differences, including the following:

• By default, the two rear-panel 100GbE QSFP28 ports operate as four logical 50-Gbps VCP interfaces to connect the member switches. You can’t use any other ports as VCPs.

• These ports are in PIC slot 1, so the VCP ports on a switch are always named vcp-255/1/x, where x is a port number from 0 through 3.

[See Virtual Chassis Overview for Switches.]