Hardware

New extension module (EX4400)—Starting in Junos OS Release 23.1R1, EX4400 switches support the new 1x100GbE QSFP28 extension module (model number: EX4400-EM-1C).

The extension module supports Media Access Control Security (MACsec) with AES-256 encryption.

You can install one 40GbE QSFP+ transceiver or one 100GbE QSFP28 transceiver in the extension module. You can channelize the port on the extension module to support 10-Gbps and 25-Gbps speeds by using a breakout cable.

See EX4400 Switch Hardware Guide.

New EX4400 switch model(EX Series)—In Junos OS Release 23.1R1, we introduce the new EX4400-24X model of the EX4400 Switch. The EX4400-24X model has 24 1GbE/10GbE SFP/SFP+ ports on the front panel and two 100GbE QSFP28 ports on the front panel. The model supports 550-W AC or 550-W DC power supplies and front-to-back or back-to-front airflow directions.

EX4400 switches are our first cloud-ready switches. You can deploy EX4400 switches in cloud networks and manage them by using Juniper Mist Wired Assurance.

The EX4400 switches provide connectivity for high-density environments and scalability for growing networks. Typically, you use EX4400 switches in large branch offices, campus wiring closets, and data centers. In data centers, you can position EX4400 switches as top-of-rack switches to provide connectivity for all devices in the rack.

EX4400 switches support channelization (see Port Settings).

To install the EX4400 switch hardware and perform initial software configuration, routine maintenance, and troubleshooting, see EX4400 Switch Hardware Guide. See Feature Explorer for the complete list of features for any platform.

Table 1: Features Supported by the EX4400-24X
Feature	Description
Authentication and Access Control	Support for 802.1X authentication. [See 802.1X Authentication.] Support for captive portal authentication. [See Captive Portal Authentication.]
Chassis	Software support for platform infrastructure, fan, and power management. Support for Cloud LED (CLD). [See EX4400 Chassis.]
Class of Service	Support for class-of-service (CoS) configuration. [See Class of Service User Guide (EX Series Switches Except EX4600 and EX9200 Switches).]
EVPN	Support for the following Layer 2 VXLAN gateway features in an EVPN-VXLAN network: Active/active multihoming Proxy Address Resolution Protocol (ARP) usage and ARP suppression, and Neighbor Discovery Protocol (NDP) usage and NDP suppression on interfaces without integrated routing and bridging Ingress node replication for broadcast, unknown unicast, and multicast (BUM) traffic forwarding [See EVPN Feature Guide.] Support for Layer 2 VXLAN gateway services in an EVPN-VXLAN network: 802.1X authentication, accounting, central Web authentication (CWA), and captive portal Class of service DHCPv4 and DHCPv6 snooping, dynamic ARP inspection (DAI), neighbor discovery inspection, IP source guard and IPv6 source guard, and router advertisement (RA) guard (no multihoming) Firewall filters and policing Storm control, port mirroring, and MAC filtering [See EVPN Feature Guide.] Support for the following Layer 3 VXLAN gateway features in an EVPN-VXLAN network: Default gateway using IRB interfaces to route traffic between VLANs IPv6 data traffic routing through an EVPN-VXLAN overlay network with an IPv4 underlay EVPN pure Type 5 routes The Virtual Chassis doesn’t support EVPN-VXLAN multihoming, but you can use the standalone switch as an EVPN-VXLAN provider edge (PE) device in multihoming use cases. [See EVPN Feature Guide.] Support for VXLAN-GBP—The EX4400-24X model supports the existing Layer 3 VXLAN network identifiers (VNI) in conjunction with firewall filter policies to provide microsegmentation at the level of a device or a tag, independent of the underlying network topology. IoT devices, for example, typically need access to only specific applications on the network. Group-based policy (GBP) keeps this traffic isolated by automatically applying security policies without the need for Layer 2 (L2) or L3 lookups or access control lists (ACLs). [See Example: Micro and Macro Segmentation using Group Based Policy in a VXLAN.]
High Availability and Resiliency	Support for high availability includes nonstop software upgrade (NSSU), GRES, nonstop bridging (NSB), and nonstop active routing (NSR). [See High Availability User Guide.] Resiliency support for inter-integrated controller (I2C), disk failure, and disk health. [See High Availability User Guide.]
Interfaces	Network interfaces support— Support for the following features: 24x10G SFP fixed ports 2x100G network ports, which can be converted to VC ports and vice versa 4x25G modular uplink with VC port conversion support 4x10G modular uplink 1x100G modular uplink with VC port conversion support OAM based resiliency Supported transceivers, optical interfaces, and DAC cables—Select your product in the Hardware Compatibility Tool to view supported transceivers, optical interfaces, and direct attach copper (DAC) cables for your platform or interface module. We update the tool and provide the first supported release information when the optic becomes available.
Junos Telemetry Interface	Flow-based telemetry, inline monitoring services, and secure packet capture to the cCloud using Junos telemetry interface (JTI). [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface), Flow-Based Telemetry (EX4100, EX4100-F, and EX4400 Series), Inline Monitoring Services Configuration, and Telemetry Sensor Explorer.]
Layer 2 features	Support for the following Layer 2 features: Bridge protocol data unit (BPDU) protection Ethernet ring protection switching (ERPS) IEEE 802.1p Resilient hashing on LAGs Layer 3 VLAN-tagged subinterfaces LLDP (IEEE 802.1AB) Loop protection MAC address accounting MAC address aging MAC address filtering Disable MAC learning Multiple Spanning Tree Protocol (MSTP) (IEEE 802.1s) Multiple VLAN Registration Protocol (MVRP) (IEEE 802.1ak) Persistent MAC (sticky MAC) Per VLAN MAC learning (limit) Port-based VLAN Proxy ARP Redundant trunk group (RTG) Root protection Routed VLAN interface (RVI) Rapid Spanning Tree Protocol (RSTP) (IEEE 802.1w) Static and dynamic link aggregation with LACP (fast and slow LACP) Static MAC address assignment for interface Storm control STP (IEEE 802.1D) Uplink failure detection VLAN VLAN—IEEE 802.1Q VLAN trunking VSTP [See Ethernet Switching User Guide, Security Services Administration Guide, and Spanning-Tree Protocols User Guide.]
Layer 3 features	Support for the following Layer 3 features: 32-way ECMP BFD (for RIP, OSPF, IS-IS, BGP, and PIM) BGP 4-byte ASN support BGP Add Path (BGP-AP) Filter based forwarding (FBF) IP directed broadcast traffic forwarding IPv4 BGP IPv4 multiprotocol BGP (MBGP) IPv4 over GRE IPv6 BGP IPv6 CoS (BA, classification and rewrite, scheduling based on traffic class) IPv6 IS-IS IPv6 Neighbor Discovery Protocol (NDP) IPv6 OSPFv3 IPv6 ping IPv6 stateless auto-configuration IPv6 static routing IPv6 traceroute IS-IS OSPFv2 Path MTU discovery RIPv2 Static routing Unicast reverse path forwarding (unicast RPF) Virtual router for IS-IS, RIP, OSPF, and BGP Virtual Router Redundancy Protocol (VRRP) VRRPv3 [See High Availability User Guide, BGP User Guide, Routing Policies, Firewall Filters, and Traffic Policers User Guide, IS-IS User Guide, Security Services Administration Guide, and OSPF User Guide.]
Multicast features	Support for the following multicast features: IGMP snooping IGMP: version 1 through version 3 Multicast Listener Discovery (MLD) snooping PIM-SM, PIM-SSM, PIM-DM [See Multicast Protocols User Guide.]
Network Management and Monitoring	Support for the following Ethernet OAM link fault management (LFM) and CFM features: Monitor faults by using the continuity check message (CCM) protocol to discover and maintain adjacencies at the VLAN or link level. Discover paths and verify faults by using the Link Trace Message (LTM) protocol to determine the path taken from an endpoint to a destination MAC address. Isolate faults by using loopback messages. [See Ethernet OAM and CFM for Switches and OAM Link Fault Management.] Support for local and remote port mirroring, and remote port mirroring to an IP address (GRE encapsulation). [See Port Mirroring and Analyzers.] Support for the sFlow network monitoring technology. [See sFlow Monitoring Technology.] Support for Juniper Mist Wired Assurance—You can automatically onboard and provision Juniper Networks EX4400 switches to the Juniper Mist cloud by using a single activation code. Juniper Mist Wired Assurance provides automated operations. It also enables the use of service-level expectations (SLEs) for IoT devices, Juniper access points driven by Mist AI, and other network devices. [For an overview of Juniper Mist Wired Assurance and deployment instructions, see Cloud-Ready Switches with Mist and Overview of EX Series Switches and the Juniper Mist Cloud.]
Precision Time Protocol	Support for Precision Time Protocol (PTP) transparent clock. [See PTP Transparent Clocks.]
Routing Policies and Firewall Filters	Support for firewall filters and policers. [See Firewall Filters Overview.]
Security	Support for Media Access Control Security (MACsec) with 256-bit cipher suite. [See Understanding Media Access Control Security (MACsec).] Support for distributed denial-of-service (DDoS) protection. [See Control Plane Distributed Denial-of-Service (DDoS) Protection Overview.] Support for the following port security features: DHCP snooping (IPv4 and IPv6) Dynamic ARP inspection (DAI) IPv6 neighbor discovery inspection [See Security Services Administration Guide.]
Software Installation and Upgrade	Support for secure boot. The implementation is based on the UEFI 2.4 standard. [See Software Installation and Upgrade Guide.] Support for phone-home client (PHC). The PHC can securely provision an EX4400 Virtual Chassis without requiring user interaction. [See Provision a Virtual Chassis Using the Phone-Home Client.] Support for zero-touch provisioning (ZTP). Zero-touch provisioning enables you to install or upgrade the software on your device with minimal manual intervention. [See Zero Touch Provisioning.] Support for DHCP option 43 suboption 8 to provide proxy server information in a PHC. During the bootstrapping process, the PHC can access the redirect server or the phone-home server (PHS) through a proxy server. The DHCP server uses DHCP option 43 suboption 8 or DHCP option 17 suboption 8 to deliver the details of both IPv4 and IPv6 proxy servers to the PHC. [See Obtaining Configurations and Software Image Without User Intervention Using Phone-Home Client.]
Virtual Chassis	Support for Virtual Chassis—EX4400-24X switches support Virtual Chassis formation in the HGoE mode. You can connect up to 10 EX4400-24X/EX4400 switches in a Virtual Chassis and manage them as a single device. [See EX4400 Switches in a Virtual Chassis.]