Hardware
-
New EX4100 and EX4100-F switches—Starting in Junos OS Release 22.2R1, we introduce the EX4100 and EX4100-F family of switches that provide connectivity for high-density environments and scalability for network growth. You can deploy the EX4100 and EX4100-F stackable switches in small, medium, and large campus and branch enterprise networks. We support 24-port and 48-port switch variants with or without PoE+ and with different airflow directions. The switches have dedicated Virtual Chassis ports (VCPs) and uplink ports.
We support the following switches: EX4100-48P, EX4100-48T, EX4100-48T-AFI, EX4100-48T-DC, EX4100-24P, EX4100-24T, EX4100-24T-DC, EX4100-F-48P, EX4100-F-48T, EX4100-F-24P, and EX4100-F-24T.
Table 1: Features Supported on EX4100 and EX4100-F Switches Feature
Description
Access and authentication -
FQDN support in RADIUS configuration. The RADIUS server configuration supports fully qualified domain names (FQDN) that resolve to one or more IP addresses.
-
802.1X authentication. [See 802.1X Authentication.]
Captive portal. [See Captive Portal Authentication.]
Chassis -
FRU management and environment monitoring, and chassis support for EX4100 switches only, including:
• PSU, fan, and temperature sensors monitoring
• Power management support for two power supply units (PSUs) and two field-eplaceable fans. The system functions with one fan until it reaches shutdown temperature.
• When temperature reported by various sensors crosses the specified threshold, the fan speed increases or decreases to regulate the temperature. If the temperature exceeds the shutdown threshold, system shutdown is initiated.
CoS
-
Support for CoS configuration.
EVPN -
Support for EVPN-VXLAN group-based policies. EX4100 and EX4100-F switches provide standards-based multilevel segmentation (also called group-based policy, or GBP) on the basis of Layer 3 virtual networks and group-based tags rather than IP-based filters. This support allows for different levels of access control for endpoints and applications even within the same VLAN. The EX4100 and EX4100-F switches also provide GBP support for locally switched traffic on VXLAN access ports.
[See Micro and Macro Segmentation using Group Based Policy in a VXLAN.]
-
Support for the following Layer 2 VXLAN gateway services in an EVPN-VXLAN network:
-
802.1X authentication, accounting, central web authentication (CWA) authentication, and captive portal
-
CoS
-
DHCPv4 and DHCPv6 snooping, dynamic ARP inspection (DAI), neighbor discovery inspection, IP source guard and IPv6 source guard, and router advertisement (RA) guard (no multihoming)
-
Firewall filters and policing
-
Storm control, port mirroring, and MAC filtering
[See EVPN Feature Guide.]
-
-
Support for Layer 3 VXLAN gateway in EVPN-VXLAN centrally routed bridging (CRB) overlay or edge-routed bridging (ERB) overlay networks on standalone switches or Virtual Chassis. The switch supports the following features:
-
Default gateway using IRB interfaces to route traffic between VLANs. [See Using a Default Layer 3 Gateway to Route Traffic in an EVPN-VXLAN Overlay Network.]
-
IPv6 data traffic routed through an EVPN-VXLAN overlay network with an IPv4 underlay. [See Routing IPv6 Data Traffic through an EVPN-VXLAN Network with an IPv4 Underlay.]
-
EVPN pure Type 5 routes. [See Understanding EVPN Pure Type-5 Routes.]
The Virtual Chassis doesn’t support EVPN-VXLAN multihoming, but you can use the standalone switch as an EVPN-VXLAN provider edge (PE) device in multihoming use cases. We support the following Layer 2 VXLAN gateway features in an EVPN-VXLAN network:
-
Active/active multihoming
-
Proxy ARP use and ARP suppression, and Neighbor Discovery Protocol (NDP) use and NDP suppression on non-IRB interfaces
-
Ingress node replication for broadcast, unknown unicast, and multicast (BUM) traffic forwarding
[See EVPN Feature Guide.]
-
Flow monitoring -
Support for flow-based telemetry —You can configure flow-based telemetry (FBT) and additional parameters to track for a flow using the
feature-profile name features
statement at the [edit inline-monitoring
] hierarchy level.See [features and Flow-Based Telemetry (EX4100, EX4100-F, and EX4400 Series).]
Hardware
-
New EX4100 and EX4100-F switch models— We introduce the following models of the EX4100 Ethernet Switches:
-
EX4100-24P, EX4100-24T, and EX4100-24T-DC —Twenty-four 10/100/1000-Mbps RJ-45 ports, four 10/25-Gbps SFP28 Virtual Chassis ports (VCPs), and four 1000-Mbps/10-Gbps SFP+ uplink ports on the front panel. Only EX4100-24P has PoE+ enabled ports. EX4100-24T-DC is powered by DC power supplies; the rest of the switch models are powered by AC power supplies. All these switch models have AFO cooling.
-
EX4100-48P, EX4100-48T, EX4100-48T-AFI, EX4100-48T-DC—Forty-eight 10/100/1000-Mbps RJ-45 ports, four 10/25-Gbps SFP28 Virtual Chassis ports, and four 1000-Mbps/10Gbps SFP+ uplink ports on the front panel. Only EX4100-48P has PoE+ enabled ports. EX4100-48T-DC is powered by DC power supplies; the rest of the switch models are powered by AC power supplies. EX4100-48T-AFI has AFI cooling; the other switch models have AFO cooling.
-
EX4100-F-24P and EX4100-F-24T—Twenty-four 10/100/1000-Mbps RJ-45 ports, four 1/10 Gbps SFP+ Virtual Chassis ports, and four 1000-Mbps/10 Gbps SFP+ uplink ports on the front panel. Only EX4100-F-24P has PoE+ enabled ports. The switch models are powered by built-in AC power supplies and built-in AFO cooling.
-
EX4100-F-48P and EX4100-F-48T—Forty-eight 10/100/1000-Mbps RJ-45 ports, four 1/10 Gbps SFP+ Virtual Chassis ports, and four 1000-Mbps/10 Gbps SFP+ uplink ports on the front panel. Only EX4100-F-48P has PoE+ enabled ports. The switch models are powered by built-in AC power supplies and built-in AFO cooling.
-
High availability and resiliency
-
Resiliency support for inter-integrated controller (I2C), disk failure, and disk health.
[See High Availability User Guide.]
Interfaces
-
One multi-rate FPC and three multi-rate PICs.
EX4100-48P, EX4100-48T, EX4100-24P, and EX4100-24T support the following speeds:
-
Downlink ports on PIC 0 (ports 0–47 on EX4100-48P and EX4100-48T, ports 0–23 on EX4100-24P and EX4100-24T) support 10-Mbps, 100-Mbps, and 1-Gbps speeds.
-
VCPs (ports 0–3 on PIC 1) support 4x10-Gbps or 4x25-Gbps speeds. If you convert the VCPs to uplink ports, ports 0 through 3 on PIC1 support 1-Gbps speeds.
-
Uplink ports (ports 0–3 on PIC 2) support 4x10-Gbps or 4x1-Gbps speeds.
EX4100-F-48P, EX4100-F-48T, EX4100-F-24P, and EX4100-F-24T support the following speeds:
-
Downlink ports on PIC 0 (ports 0–47 for EX4100-F-48P and EX4100-F-48T, ports 0–23 for EX4100-F-24P and EX4100-F-24T) support 10-Mbps, 100-Mbps, and 1-Gbps speeds.
-
VCPs (ports 0–3 on PIC 1) support 4x10-Gbps speeds. If you convert the VCPs to uplink ports, ports 0 through 3 on PIC1 support 1-Gbps speeds.
-
Uplink ports (ports 0–3 on PIC 2) support 4x10-Gbps or 4x1-Gbps speeds.
[See Port speed.]
-
-
Optics support. [See Hardware Compatibility Tool.]
-
PoE support. EX4100 and EX4100-F switches support 802.3AT PoE+, fast PoE, and perpetual PoE .
Junos telemetry interface
-
Support for JTI Packet Forwarding Engine and Routing Engine sensor. You can use the Junos telemetry interface (JTI) and remote procedure calls (gRPC) to stream statistics from the switches to an outside collector.
-
Support for secure packet capture to Cloud using JTI. You can use Junos telemetry interface (JTI) to capture packets from a device and send them over a secure channel to an external collector (in the cloud) for monitoring and analysis.
To use secure packet capture, include the /junos/system/linecard/packet-capture resource path using a Junos remote procedure call (RPC).
Layer 2 features
-
Support for Layer 2 features.
[See Configuring Q-in-Q Tunneling and VLAN Q-in-Q Tunneling and VLAN Translation, Understanding Layer 2 Bridge Domains, and Understanding Layer 2 Learning and Forwarding.]
-
Support for Layer 2 multicast features.
[See Multicast Overview and Understanding Multicast Snooping.
-
Use the
interface-name
andip-address
options to configure the management address on the switch.[See Configuring LLDP (CLI Procedure) .]
Layer 3 features
-
Support for Layer 3 features and interior gateway protocols (OSPF, IS-IS, RIP, and ECMP) for IPv4 and IPv6.
[See Understanding OSPF Configurations and BGP Overview.]
Licensing
-
You need a license to use the software features on the EX4100 and EX4100-F switches. To know more about licenses andsupported features, see Flex Software License for EX Series Switches.
To add, delete, and manage licenses, see Managing Licenses.
Network management and monitoring
-
Support for Ethernet Operation, Administration, and Maintenance (OAM) and VRRP.
-
Support for IEEE 802.1ag CFM on service provider interfaces and Q-in-Q (point-to-point) interfaces.
[See Introduction to OAM Connectivity Fault Management (CFM).]
-
Support for Juniper Mist Wired Assurance. You can automatically onboard the EX4100 and EX4100-F switches to the Juniper Mist Cloud using a single activation code and provision the switch interfaces.
[ See Juniper AI-Driven Enterprise and Overview of EX Series Switches and the Juniper Mist Cloud.]
-
Support for:
-
Spanning-tree protocols. [See Spanning Tree Protocol Instances and Interfaces.]
-
sFlow network monitoring technology. [See sFlow Monitoring Technology.]
-
Local and remote port mirroring, and remote port mirroring to an IP address (GRE encapsulation). [See Port Mirroring and Analyzers.]
-
Software installation and upgrade
-
Support for DHCP option 43 suboption 8 to provide proxy server information in phone-home client. During the bootstrapping process, the phone-home client (PHC) can access the redirect server through a proxy server. The DHCP server uses DHCP option 43 suboption 8 to deliver the details of IPv4 and/or IPv6 proxy servers to the PHC. The DHCP daemon running on the target switch learns about the proxy servers in the initial DHCP cycle and then populates either the phc_vendor_specific_info.xml or the phc_v6_vendor-specific_info.xml file located in the /var/etc/ directory with the vendor-specific information.
-
Support for the phone-home client. The phone-home client (PHC) can securely provision an EX4100 or EX4100-F Virtual Chassis without requiring user interaction. You only need to:
-
Ensure that the Virtual Chassis members have the factory-default configuration.
-
Interconnect the member switches using dedicated or default-configured VCPs.
-
Connect the Virtual Chassis management port or any network port to the network.
-
Power on the Virtual Chassis members.
The PHC automatically starts up on the Virtual Chassis and connects to the phone-home server (PHS). The PHS responds with bootstrapping information, including the Virtual Chassis topology, software image, and configuration. The PHC upgrades each Virtual Chassis member with the new image and applies the configuration, and the Virtual Chassis is ready to go.
[See Obtaining Configurations and Software Image Without User Intervention Using Phone-Home Client.]
-
-
Secure boot support in U-boot phase to authenticate and verify the loaded software image while also preventing software-based attack.
-
ZTP with IPv6. You can use either the legacy DHCP-options-based zero-touch provisioning (ZTP) or the phone-home client (PHC) to provision software for the EX4100 and EX4100-F switches. If the switch boots up and receives DHCP options from the DHCP server for ZTP, ZTP resumes. If DHCP options are not present, the switch attempts the PHC method.
The DHCP server uses DHCPv6 options 59 and 17 and applicable suboptions to exchange ZTP-related information between itself and the DHCP client.
Timing
-
Support for Precision Time Protocol (PTP) transparent clock on uplink ports connected to external MACsec PHY (EX4100-48 and EX4100-24).
[See Understanding Transparent Clocks in Precision Time Protocol.]
-
Support for PTP transparent clock for all ports (EX4100-F-48 and EX4100-F-24) when MACsec is not enabled.
[See Understanding Transparent Clocks in Precision Time Protocol.]
Uplink failure detection
-
Support for debounce interval configuration. You can configure the debounce interval, which is the time (in seconds) that elapses before the downlink interfaces are brought up after a state change of the uplink interfaces.
You configure the
debounce-interval
statement at the[edit protocols uplink-failure-detection group group-name]
hierarchy level.[See Uplink Failure Detection.]
Virtual Chassis
-
Support for Virtual Chassis configuration. You can interconnect an EX4100 or EX4100 Multigigabit or EX4100-F switch with other EX4100 or EX4100-F switches into a Virtual Chassis in non-mixed mode.
-
-
New Routing Engine RE-S-X6-128G-K with TPM 2.0 (MX240, MX480, and MX960)—In Junos OS Release 22.2R1S2, we introduce the RE-S-X6-128G-K, a new Routing Engine integrated with Trusted Platform Module 2.0 (TPM 2.0). This new Routing Engine is an upgrade to the existing Routing Engine RE-S-X6-128G-S.
Note:The RE-S-X6-128G-K Routing Engine must be used with either SCBE2-MX or SCBE3-MX.
The key features of the RE-S-X6-128G-K include:
- Digital cryptographic identity (also called device ID or DevID) embedded in TP M2.0
- RFC 8572-based secure zero-touch provisioning (secure ZTP)
-
New MX304 Universal Routing Platform—Starting in Junos OS Release 22.2R1-S2, we introduce the MX304 router—a 2-U, compact modular system that can scale up to 4.8-Tbps capacity. This bandwidth gives hyperscalers, cloud providers, and service providers the performance and scalability needed as networks grow.The router supports 400GbE, 100GbE, 50GbE, 40GbE, 25GbE, and 10GbE interfaces. It has pluggable Routing Engines (it supports one or two Routing Engines), redundant power, and cooling capability. It accepts up to three line-card MICs (LMICs). Each LMIC has 1 YT chip and 1.6 Tbps of forwarding capacity. It supports 4x400-Gbps ports, 16x100-Gbps ports, or a combination.
Table 2: Features Supported on MX304 Feature
Description
Chassis -
Fabric management support includes fabric hardening, fabric board control, and fault handling. Fabric management includes support for built-in SFB and line-card MIC (LMIC model number JNP304-LMIC16-BASE). MX304 routers support three LMICs (additional LMIC model number MX304-LMIC16-BASE).
The SFB provides 18 fabric links to each PFE. There is no SFB fabric redundancy support.
[See Fabric Plane Management.]
-
Limited-encryption Junos OS image and boot restriction
[See Junos OS Editions.]
-
Support for platform resiliency
[See show system errors active.]
Class of service (CoS)
-
Forwarding CoS and hierarchical CoS (HCoS) support.
[See Understanding Class of Service and Hierarchical Class of Service for Subscriber Management Overview.]
Distributed denial-of service (DDoS)
-
DDoS protection is enabled by default.
[See Control Plane Distributed Denial-of-Service (DDoS) Protection Overview.]
Flow monitoring -
Support for Inline services—We support the following Inline services:
- Inline active flow monitoring
- Inline monitoring
- Video monitoring
- FlowTapLite
[See Monitoring, Sampling, and Collection Services Interfaces User Guide.]
-
Support for Routing-Engine-based traffic samplingYou can configure Routing-Engine-based traffic sampling. Traffic sampling enables you to copy traffic to a line card that performs flow accounting while the router forwards the packet to its original destination. You configure either an input or an output firewall filter with a matching term that contains the
then sample
statement. Routing-Engine-based traffic sampling supports only the version 5 and version 8 formats for exporting flow records.[See Configuring Traffic Sampling on MX, M and T Series Routers.]
Hardware -
The MX304 router contains pluggable Routing Engines and supports up to three LMICs. Each LMIC supports 4x400-Gbps ports, 16x100-Gbps ports, or a combination. The MX304 router has two dedicated AC, DC, or HVAC/HVDC power supply modules and front-to-back cooling.
-
Supported transceivers, optical interfaces, and DAC cables—Select your product in the Hardware Compatibility Tool to view supported transceivers, optical interfaces, and DAC cables for your platform or interface module. We update the HCT and provide the first supported release information when the optic becomes available.
High availability (HA) and resiliency
-
Support for BFD:
- Centralized, distributed, inline, single-hop, multihop, and micro-BFD.
- BFD over integrated routing and bridging (IRB) interfaces.
- BFD over pseudowire over logical tunnel and redundant logical tunnel interfaces.
- Virtual circuit connectivity verification (VCCV) BFD for Layer 2 VPNs, Layer 2 circuits, and virtual private LAN service (VPLS).
[See Understanding BFD for Static Routes for Faster Network Failure Detection, and Bidirectional Forwarding Detection (BFD).]
-
Resiliency support for Packet Forwarding Engine and the built-in Switch Fabric Board (SFB).
[See show system errors active.]
Interfaces
-
MX304 introduces a pluggable 4x400GbE and 16x100GbE Combo LMIC. MX304 can deliver a bandwidth of up to 4.8Tbps. Each MX304 LMIC hosts two Packet Forwarding Engines with overall bandwidth of 1.6 Tbps. Each PFE is capable of 800G and overall it becomes 1.6 Tbps.
Each port supports 10-Gbps, 25-Gbps, 40-Gbps, 50-Gbps, 100-Gbps, 200-Gbps, and 400-Gbps interface speeds using different optics.
You can channelize the interfaces as follows:
- Four 10 GbE interfaces
- Four 25 GbE interfaces
- One 100 GbE interfaces
- Two 100 GbE interfaces
- Four 100 GbE interfaces
Note that we support 40G channelization on all odd ports, but alternate ports should be empty.
You can configure the port speed at the
[edit chassis]
hierarchy level.[See Port Speed.]
-
Supports transceivers, optical interfaces, and direct attach copper (DAC) cables on MX304.
[See Hardware Compatibility Tool , and optics-options.]
-
Support for flexible tunnel interfaces
Juniper telemetryinterface (JTI)
-
NPU and CPU memory utilization telemetry sensor support in JTI—You can use JTI to stream network processing unit (NPU) and CPU statistics to an outside collector from an MX304 router. Include the following sensors in a remote procedure calls (gRPC) or gRPC network management interface (gNMI) subscription:
- /junos/system/linecard/cpu/memory/
- /junos/system/linecard/npu/memory/
- /junos/system/linecard/npu/utilization/
[See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]
-
Logical interface statistics for IPv4 and IPv6 family counters—You can stream per-family logical interface input and output counters for IPv4 and IPv6 traffic using JTI and gRPC to an outside collector.
Include the resource paths /junos/system/linecard/interface/logical/family/ipv4/usage/ and /junos/system/linecard/interface/logical/family/ipv6/usage/ in a gRPC subscription.
[See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]
-
Transceiver diagnostics sensor support in JTI—JTI supports the OpenConfig transceiver model
openconfig-platform-transceiver.yang
0.5.0. You can deliver ON_CHANGE transceiver statistics to an outside collector using remote procedure calls (gRPC) or gRPC network management interface (gNMI) services.[See Telemetry Sensor Explorer.]
Layer 2 features
-
Support for Layer 2 features
[See Configuring Q-in-Q Tunneling and VLAN Q-in-Q Tunneling and VLAN Translation, Understanding Layer 2 Bridge Domains, Understanding Layer 2 Learning and Forwarding, and Introduction to OAM Connectivity Fault Management (CFM).]
-
Support for Layer2 Ethernet services over GRE tunnel interfaces
[See Configuring Layer 2 Ethernet Services over GRE Tunnel Interfaces.]
Layer 3 features
-
Support for Layer 3 features
[See MPLS Overview, Multicast Overview, Tunnel Services Overview, and Understanding Next-Generation MVPN Control Plane.]
-
Load balancing support:
- Enhanced hash key options.
- Consistent flow hashing, source IP-only hashing, and destination IP-only hashing.
- Symmetrical load balancing over 802.3 and LAGs.
Layer 3 VPN
-
Anti-spoofing protection for next-hop-based dynamic tunnelsWe've added antispoofing capabilities to IPv4 tunnels and IPv4 data traffic. Antispoofing for next-hop-based dynamic tunnels can detect and prevent a compromised virtual machine (inner source reverse path forwarding check) but does not apply to a compromised server that is label-spoofing. The antispoofing protection is effective when the VRF routing instance has label-switched interfaces (LSIs) using vrf-table-label or virtual tunnel (VT) interfaces. We do not support antispoofing protection for per-next-hop labels on VRF routing instances.
[See Anti-Spoofing Protection for Next-Hop-Based Dynamic Tunnels Overview and Example: Configuring Anti-Spoofing Protection for Next-Hop-Based Dynamic Tunnels.]
MACsec
-
Support for Media Access Control Security (MACsec), including AES-256 encryption, extended packet numbering, and fail-open mode
[See Configuring Media Access Control Security (MACsec) on Routers.]
-
MACsec bounded delay protection
[See bounded-delay.]
Multicast
-
Auto LSP Policer support:
- Multicast load balancing of point-to-multipoint (P2MP) label-switched-paths (LSPs) over aggregated Ethernet child links.
- Automatic policers for MPLS P2MP LSPs.
- Display of packet and byte statistics for sub-LSPs of a P2MP LSP.
- GRES and graceful restart for MPLS P2MP LSPs.
- Multicast virtual private network (MVPN) extranet or overlapping functionality.
[See Example: Configuring Multicast Load Balancing over Aggregated Ethernet Links, and Point-to-Multipoint LSP Configuration]
Network management and monitoring
-
Support for port mirroring
[See Configuring Port Mirroring on M, T MX, ACX, and PTX Series Routers.]
-
Support for configuring ITU-T Y.1731 standard-compliant Ethernet synthetic loss measurement (ETH-SLM) and Ethernet delay measurement (ETH- DM) capabilities
Routing policy and firewall filters
-
Support for forwarding firewalls
[See Understanding Firewall Filter Match Conditions, Overview of Policers, Fast Update Filters Overview, Service Filter Overview, and Understanding Firewall Filter Fast Lookup Filter.]
Services applications
-
Inline Services support:
- Inline NAT—NAT44 and NPTv6
- Inline softwires—Mapping of Address and Port with Encapsulation (MAP-E) and IPv6 rapid deployment (6rd)
- Inline J-Flow
- Inline monitoring
- Video monitoring
- FlowTapLite
[See Inline NAT, Configuring Mapping of Address and Port with Encapsulation (MAP-E), Configuring Inline 6rd, and Monitoring, Sampling, and Collection Services Interfaces User Guide.]
-
Support for RFC 2544-based benchmarking tests
[See Understanding RFC2544-Based Benchmarking Tests on MX Series Routers.]
-
Support for Two-Way Active Measurement Protocol (TWAMP) and Real-Time Performance Monitoring (RPM)
[See Understand Two-Way Active Measurement Protocol, and Real-Time Performance Monitoring.]
-
DHCP security—The MX304 router supports the following DHCP security features:
- DHCP snooping with Option 82.
- DHCPv6 snooping with Option 16, Option 18, Option 37, and Option 79.
- Lightweight DHCPv6 relay agent.
[See DHCP Snooping.]
Software installation and upgrade
-
Support for secure boot
[See Secure Boot.]
-
Support for zero-touch provisioning (ZTP) on the management interface. ZTP automates the provisioning of the device configuration and software upgrade over the management interface of the Routing Engine.
-