Junos OS Release Notes for EX Series Switches

 

These release notes accompany Junos OS Release
17.3R3 for the EX Series. They describe new and changed features,
limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks
Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

New and Changed Features

This section describes the new features and enhancements to
existing features in the Junos OS main release and the maintenance
releases for EX Series.

Note

The following EX Series switches are supported in Junos
OS Release 17.3R3: EX4300, EX4600, and EX9200.

Note

In Junos OS Release 17.3R3, J-Web is supported on the
EX4300 and EX4600 switches in both standalone and Virtual Chassis
setup.

The J-Web distribution model being used provides two packages:

• Platform package—Installed as part of Junos OS;
  provides basic functionalities of J-Web.

• Application package—Optionally installable package;
  provides complete functionalities of J-Web.

For details about the J-Web distribution model, see Release Notes: J-Web Application Package Release 17.3A1 for EX4300
and EX4600 Switches.

Release 17.3R3 New and Changed Features

Restoration Procedures and Failure Handling

• Device recovery mode introduced in Junos OS with
  upgraded FreeBSD (EX Series)—Starting in Junos
  OS Release 17.3R3, for devices running Junos OS with upgraded FreeBSD,
  there is an automatic device recovery mode that goes into action should
  the system go into amnesiac mode provided you have saved a rescue
  configuration on the device. This process enables the system to automatically
  reboot with the saved rescue configuration. The system displays a
  banner “Device is in recovery mode” in the CLI in both operational
  and configuration modes. Previously, there was no automatic process
  to recover from amnesiac mode. A user with load and commit permission
  had to log in using the console and fix the issue in the configuration
  before the system would reboot.

  [See Saving a Rescue Configuration File.]

Release 17.3R2 New and Changed Features

There are no new features or enhancements to existing features
for EX Series in Junos OS Release 17.3R2.

Release 17.3R1 New and Changed Features

Authentication, Authorization, and Accounting (AAA) (RADIUS)

• Access control and authentication (EX4600 switches)—Starting with Junos OS Release 17.3R1, EX4600 switches support
  controlling access to your network using 802.1X authentication and
  MAC RADIUS authentication.

  • 802.1X authentication provides port-based network access
    control (PNAC) as defined in the IEEE 802.1X standard. QFX5100 switches
    support 802.1X features including guest VLAN, private VLAN, server
    fail fallback, dynamic changes to a user session, RADIUS accounting,
    and configuration of port-filtering attributes on the RADIUS server
    using VSAs. You configure 802.1X authentication at the [edit
    protocols dot1x] hierarchy level.

  • MAC RADIUS authentication is used to authentice end devices
    independently of whether they are enabled for 802.1X authentication.
    You can permit end devices that are not 802.1X-enabled to access the
    LAN by configuring MAC RADIUS authentication on the switch interfaces
    to which the end devices are connected. You configure MAC RADIUS
    authentication at the [edit protocols dot1x authenticator interface
    interface-name mac-radius] hierarchy level.

• IPv6 for RADIUS AAA (EX4300 and
  EX9200)—Starting in Junos OS Release 17.3R1, EX4300
  and EX9200 switches support IPv6 for user authentication, authorization,
  and accounting (AAA) using RADIUS servers, in addition to the existing
  IPv4 support. You can specify which source address Junos OS uses to
  contact an external RADIUS server. To configure an IPv6 source address
  for RADIUS authentication, include the source-address statement at
  the [edit system radius-server server-address] hierarchy level. To configure an IPv6 source address for RADIUS
  accounting, include the source-address statement at the [edit system
  accounting destination radius server server-address] hierarchy level.

  Note

  If an IPv6 RADIUS server is configured without any source-address,
  default ::0 is considered to be the source address.

  [See source-address.]

• Port bounce with CoA requests
  and framed-IPv6-address RADIUS attribute for AAA (EX4300 and EX9200)—Starting in Junos OS Release 17.3R1, the port bounce feature
  is supported on EX4300 and EX9200 switches. Change of Authorization
  (CoA) requests are RADIUS messages sent from the authentication, authorization,
  and accounting (AAA) server to the switch. They are typically used
  to dynamically change the VLAN for the host based on device profiling.
  End devices such as printers do not have a mechanism to detect the
  VLAN change, so they do not renew the lease for their DHCP address
  in the new VLAN. The port bounce feature is used to force the end
  device to initiate DHCP re-negotiation by causing a link flap on the
  authenticated port. There is no configuration required to enable the
  port bounce feature. Framed-IPv6-Address is an additional RADIUS attribute
  to support clients with an IPv6 address. The attribute is included
  in the Access-Request message sent from the client to the AAA server.

  [See Understanding RADIUS-Initiated Changes to an Authorized User Session and Understanding 802.1X and RADIUS Accounting on Switches.]

EVPNs

• EVPN type-5 route support (EX9200)—Starting with Junos OS Release 17.3R1, you can configure type-5
  routing in an Ethernet VPN (EVPN) environment. Type-5 routing, which
  advertises IP prefixes through EVPN, is used when the Layer 2 domain
  does not exist at the remote data centers or metro network peering
  points.

  On EX9200 switches, two models are supported:

  • Pure type-5 route without an overlay next hop and type-2
    route (MPLS encapsulation only)

  • Type-5 route with a gateway IRB interface as an overlay
    next hop and type-2 route (MPLS and VXLAN encapsulation)

  To enable pure type-5 routing, include the ip-prefix-routes
  advertise direct-nexthop statement at the [edit routing-instances routing-instance-name protocols evpn] hierarchy
  level. To enable type-5 routing with a gateway IRB interface, include
  the ip-prefix-routes advertise gateway-address statement
  at the [edit routing-instances routing-instance-name protocols evpn] hierarchy level. Specify a gateway IRB interface
  by including the gateway-interface irb-interface-name statement at the [edit routing-instances routing-instance-name protocols evpn ip-prefix-routes] hierarchy level.

  [See ip-prefix-routes.]

• IPv6 support over IRB interfaces for EVPN (EX9200
  switches)—Starting in Junos OS Release 17.3R1,
  the Ethernet VPN (EVPN) integrated routing and bridging (IRB) solution
  supports IPv6 and the Neighborhood Discovery Protocol (NDP). NDP is
  used by IPv6 nodes on the same link to discover each other’s presence,
  determine each other’s Link Layer addresses, find routers, and maintain
  reachability information about the paths to active neighbors. IPv6
  addresses over IRB for EVPN is supported for unique VLAN EVPN instances
  and for virtual switches with protocol EVPN instances.

  [See EVPN with IRB Solution Overview.]

• EVPN multihoming with ESI per logical interface
  (EX9200)—In releases before Junos OS Release 17.3R1,
  for EX9200 switches, you can configure an Ethernet segment identifier
  (ESI) only on a physical or aggregated Ethernet interface. In an EVPN-MPLS
  topology where a customer edge (CE) device is multihomed in active-standby
  or active-active mode to multiple provider edge (PE) devices, if a
  physical or aggregated Ethernet interface on an EX9200 switch is considered
  a non-designated forwarder (DF), the logical interfaces configured
  on the physical or aggregated Ethernet interface cannot be used for
  other services. Starting with Junos OS Release 17.3R1 for EX9200 switches,
  you can now configure an ESI on a logical interface. As a result,
  even if a logical interface is a non-DF, other logical interfaces
  on the same physical or aggregated Ethernet interface can still be
  used for other services.

  [See Example: Configuring an ESI on a Logical Interface for EVPN Multihoming.]

• Layer 3 VXLAN gateway in EVPN-VXLAN topology with
  a two-layer IP fabric (EX9200)—Starting with Junos
  OS Release 17.3R1, EX9200 switches can function as a Layer 3 VXLAN
  gateway, or spine device, in an EVPN-VXLAN topology with a two-layer
  IP fabric. In this role, the EX9200 switch uses integrated routing
  and bridging (IRB) interfaces to route traffic between hosts in different
  virtual networks (VNs) created by the Contrail virtualization software.
  When physical (bare-metal) servers in one VN need to communicate with
  other physical servers or virtual machines (VMs) in another VN, you
  can also configure an IRB interface as a default Layer 3 gateway that
  handles the inter-VN traffic for physical servers. In an EVPN-VXLAN
  topology where a provider edge (PE) device such as a Layer 2 VXLAN
  gateway or a Contrail vRouter is multihomed in active-active mode
  to two Layer 3 VXLAN gateways, you can configure redundant default
  gateways on the Layer 3 VXLAN gateways.

  [See Understanding EVPN with VXLAN Data Plane Encapsulation.]

Layer 2 Features

• IRB in PVLAN (EX4600)—Starting
  with Junos OS Release 17.3R1, you can configure an IRB interface in
  a private VLAN (PVLAN) so that devices in the community and isolated
  VLANs can communicate with each other and with devices outside the
  PVLAN at Layer 3 without requiring you to install a router.

  [See Example: Configuring a Private VLAN Spanning Multiple Switches with
  an IRB Interface.]

• PVLAN and Q-in-Q configurations co-exist on a
  physical interface (EX4600)—Starting with Junos
  OS Release 17.3R1, a private VLAN (PVLAN) configuration and a Q-in-Q
  tunneling configuration can co-exist on the same Ethernet port. Q-in-Q
  requires a service provider configuration method, and PVLAN requires
  an enterprise configuration method. To enable both configurations
  to exist on the same physical interface, you must configure flexible
  Ethernet services to support dual methods of configuring logical interfaces.

  [See Understanding Flexible Ethernet Services Encapsulation on Switches.]

• L2PT support for tunneling additional protocols
  (EX9200)—Starting with Junos OS Release 17.3R1,
  you can configure Layer 2 protocol tunneling (L2PT) for the following
  new protocols on EX9200 switches: E-LMI, GVRP, IEEE 802.1X, IEEE802.3AH,
  LACP, LLDP, MMRP, MVRP, and UDLD.

  [See Layer 2 Protocol Tunneling.]

• L2PT support for tunneling additional protocols
  (EX4300)—Starting with Junos OS Release 17.3R1,
  you can configure Layer 2 protocol tunneling (L2PT) for the following
  new protocols on EX4300 switches: E-LMI, IEEE 802.1X, MMRP, and UDLD.

  [See Layer 2 Protocol Tunneling.]

Layer 3 Features

• Port-based LAN broadcast traffic forwarding (port helpers)
  for multiple destination servers (EX9200)—Starting
  in Junos OS Release 17.3R1, you can configure port helpers on EX9200
  switches with multiple destination servers for a given port. Port
  helpers listen on configured UDP ports for incoming LAN broadcast
  traffic, and forward those packets to configured destination servers
  as unicast traffic. Configure port helpers to listen on a port and
  forward the traffic to a specified server using the forwarding-options
  helpers port port-number configuration
  statement with one of the following options:

  • Global—Specify only server server-ip-address to listen on any interface for the configured
    port.

  • VLAN-specific—Specify interface irb-interface-name server server-ip-address to listen only
    on a specified IRB interface.

  • Interface-specific—Specify interface l3-interface-name server server-ip-address to listen only on a specified Layer 3 interface.

  [See Configuring Port-based LAN Broadcast Packet Forwarding.]

Management

• Support for the Junos Telemetry Interface (EX9200
  switches)—Starting with Junos OS Release 17.3R1,
  the Junos Telemetry Interface is supported on EX9200 switches. Both
  UDP and gRPC streaming of statistics are supported. Junos Telemetry
  Interface enables you to provision sensors to export telemetry data
  for various network elements without involving polling. The following
  sensors are supported on EX9200 switches:

  • Aggregated Ethernet interfaces configured with the Link
    Aggregation Control Protocol (gRPC streaming only)

  • Ethernet interfaces enabled with the Link Layer Discovery
    Protocol (gRPC streaming only)

  • RSVP interface events (gRPC streaming only)

  • BGP peers (gRPC streaming only)

  • Memory utilization for routing protocol tasks (gRPC streaming
    only)

  • LSP events and properties (gRPC streaming only)

  • LSP statistics (UDP and gRPC streaming)

  • Network Discovery Protocol table state (gRPC streaming
    only)

  • Address Resolution Protocol table state (gRPC streaming
    only)

  • IPFIX inline flow sampling (UDP streaming only)

  • Queue depth statistics for ingress and egress queue traffic
    (UDP streaming only)

  • Logical interfaces (UDP and gRPC streaming)

  • Firewall filter statistics (UDP and gRPC streaming)

  • Optical interfaces (UDP and gRPC streaming)

  • Network processing unit (NPU) memory (UDP and gRPC streaming)

  • NPU memory utilization (UDP and gRPC streaming)

  • CPU memory (UDP and gRPC streaming)

  • Fabric statistics (UDP streaming only)

  • Physical interfaces (UDP and gRPC streaming)

  • Chassis components (gRPC streaming only)

  To provision sensors to stream data through UDP, all parameters
  are configured at the [edit services analytics] hierarchy
  level. To provision sensors to stream data through gRPC, use the telemetrySubscribe RPC to specify telemetry parameters for
  a specified list of OpenConfig command paths. Because EX9200 switches
  run a version Junos OS with an upgraded FreeBSD kernel, you must download
  the Junos Network Agent software package, which provides the interfaces
  to manage gRPC subscriptions. Streaming telemetry data through gRPC
  also requires you to download the OpenConfig for Junos OS module and
  YANG models.

  [See Overview of the Junos Telemetry Interface.]

• Support for the Junos Telemetry Interface (EX4600
  switches)—Starting with Junos OS Release 17.3R1,
  you can provision sensors through the Junos Telemetry Interface to
  export telemetry data for various network elements without involving
  polling on EX4600 switches. Only gRPC streaming of statistics is supported
  on EX4600 switches. UDP streaming is not supported.

  The following sensors are supported:

  • BGP peers

  • RSVP interface events

  • Memory utilization for routing protocol tasks

  • Label-switched-path events and properties

  • Ethernet interfaces enabled with the Link Layer Discovery
    Protocol

  To provision sensors to stream data through gRPC, use the telemetrySubscribe RPC to specify telemetry parameters for
  a specified list of OpenConfig commands paths. You must download the
  Junos Network Agent software package, which provides the interfaces
  to manage gRPC subscriptions. Streaming telemetry data through gRPC
  also requires you to download the OpenConfig for Junos OS module and
  YANG models.

  [See Overview of the Junos Telemetry Interface.]

• Support for Two-Way Active
  Measurement Protocol (TWAMP) (EX4300 Switches)—Starting
  in Junos OS Release 17.3R1, you can measure network performance between
  any two devices that support the TWAMP protocol. You can use the TWAMP-Control
  protocol to set up performance measurement sessions and the TWAMP-Test
  protocol to send and receive performance measurement probes.

  You can configure TWAMP to start or stop all of the sessions
  for all of the TWAMP clients, or start or stop a session for a specific
  TWAMP client. When you start all the test session configured for a
  particular TWAMP client, the control-client initiates all requested
  testing with a Start-Sessions message, and the server sends an acknowledgment.
  If the control connection is not active between the server and the
  client, the control connection is also established and the test connections
  are started later. If the control-client name is not specified, all
  the configured test sessions are commenced.

  When you stop the test session, the control connection is closed
  only after the Stop-sessions message is sent from the TWAMP client
  to the TWAMP server. If the control-client name is not specified,
  all the configured test sessions are closed.

Multiprotocol Label Switching (MPLS)

•  Support for resource RSVP (EX9200)—Starting
  in Junos OS Release 17.3R1, the EX9200 switch supports RSVP. RSVP
  is a signaling protocol that reserves resources, such as for IP unicast
  and multicast flows, and requests QoS parameters for applications.
  The protocol was extended with MPLS RSVP-TE to enable RSVP to set
  up label-switched paths (LSPs) that can be used for traffic engineering
  in MPLS networks. RSVP is automatically enabled on interfaces on which
  MPLS-TE is configured. You can enable up to 200 RSVP-TE sessions in
  the EX9200 advanced feature license (AFL).

  [See RSVP Overview .]

Operation, Administration, and Maintenance

• Junos OS OpenConfig to support operational models
  for VLANs (EX Series)—Starting with Junos OS Release
  17.3R1, Junos OS supports an OpenConfig YANG model for VLANs via the
  addition of openconfig-vlan.yang,
  revision 1.0.2. This provides a unified view for the network agent
  to retrieve an operational state from Junos OS processes (daemons)
  for VLANs.

Services Applications

• Support for enhancing the current inline JFlow
  scale limits for certain line cards (EX9200-6QS, EX9200-12QS, and
  EX9200-40XS)—Starting in Junos OS Release 17.3R1,
  the ipv4-flow-table-size and the ipv6-flow-table-size allow up to 256 flow-table-size to support 64M flows at the [edit chassis fpc slot-number inline-services
  flow-table-size] hierarchy level. The existing limit
  on flow-export-rate under inline-jflow for each family in the sampling instance is increased to 3200 from
  400.

Changes in Behavior and Syntax

This section lists the changes in behavior of Junos OS features
and changes in the syntax of Junos OS statements and commands from
Junos OS Release 17.3R3 for the EX Series.

General Routing

• Support for deletion of static routes when the BFD session
  goes down (EX Series)—Starting with Junos OS Release
  17.3R1, the default behavior of the static route at the [edit
  routing-options static static-route bfd-admin-down] hierarchy
  level is active. So, the static routes are deleted when the BFD receives
  a session down message. [See Enabling BFD on Qualified Next Hops in Static Routes for Route Selection.]

• Enhancement to the show interfaces mc-ae extensive command—You can now view additional LACP information
  about the LACP partner system ID when you run the show interfaces
  mc-ae extensive command. The output now displays the following
  two additional fields:

  • Local Partner System ID-LACP partner system ID as seen
    by the local node.

  • Peer Partner System ID-LACP partner system ID as seen
    by the MC-AE peer node.

  Previously, the show interfaces mc-ae extensive command
  did not display these additional fields.

  [See show interfaces mc-ae..]

Management

• Changes to custom YANG RPC syntax (EX Series)—Starting in Junos OS Release 17.3, custom YANG RPCs have the
  following changes in syntax:

  • The junos:action-execute statement
    is a substatement to junos:command. In
    earlier releases, the action-execute and command statements are placed at the same level, and
    the command statement is optional.

  • The CLI formatting for a custom RPC is defined within
    the junos-odl:format statement, which takes
    an identifier as an argument. In earlier releases, the CLI formatting
    is defined using a container that includes the junos-odl:cli-format statement with no identifier.

  • The junos-odl:style statement
    defines the formatting for different styles within the statement.
    In earlier releases, the CLI formatting for different styles is defined
    using a container that includes the junos-odl:cli-format and junos-odl:style statements.

Multicast

• Support for per-source multicast traffic forwarding
  with IGMPv3 (EX4300)—Starting in Junos OS Release
  17.3R3, EX4300 switches forward multicast traffic on a per-source
  basis according to received IGMPv3 INCLUDE and EXCLUDE reports. In
  releases prior to this release, EX4300 switches process IGMPv3 reports,
  but instead of source-specific multicast (SSM) forwarding, they consolidate
  IGMPv3 INCLUDE and EXCLUDE mode reports for a group into one route
  for all sources sending to the group. As a result, with the prior
  behavior, receivers might get traffic from sources they didn’t
  specify.

  [See IGMP Snooping Overview.]

Network Management and Monitoring

• Enhancement to about-to-expire logic for license expiry syslog messages
  (EX Series)—Starting in Junos OS Release 17.3R1,
  the logic for multiple capacity type licenses and when their expiry
  raises alarms was changed. Before, the behavior had alarms and syslog
  messages for expiring licenses raised based on the highest validity,
  which would mislead users in the case of a license expiring earlier
  than the highest validity license. The new behavior has the about-to-expire
  logic based on the first expiring license.

• Change to default log level setting (EX Series)—Starting
  in Junos OS Release 17.3R2, changes were made in default logging levels:

  Before the change:

  • SNMP_TRAP_LINK_UP was LOG_INFO for both the physical (IFD)
    and logical (IFL) interfaces.

  • SNMP_TRAP_LINK_DOWN was LOG_WARNING for both the physical
    (IFD) and logical (IFL) interfaces.

  After the change:

  • IFD LinkUp -> LOG_NOTICE (changed because although this
    is an important message, it occurs very frequently)

  • IFL LinkUp -> LOG_INFO (no change)

  • IFD and IFL LinkDown -> LOG_WARNING (no change)

  [See the MIB Explorer.]

• Changes to SNMP syslog messages changed (EX Series)—Starting in Junos OS Release 17.3R1, two misleading SNMP syslog
  messages have been rewritten to accurately describe the event:

  • OLD –AgentX master agent failed to respond
    to ping. Attempting to re-register
    NEW –- AgentX master agent failed to respond
    to ping, triggering cleanup!

  • OLD –- NET-SNMP version %s AgentX
    subagent connected
    NEW — NET-SNMP version %s AgentX subagent Open-Sent!

  [See the MIB Explorer.]

• New context-oid option for trap-options configuration
  statement distinguishes between traps coming from a non-default routing
  instance and non-default logical system (EX Series)—Starting
  in Junos OS Release 17.3R3, the context-oid option for
  the trap-options statement allows you to handle prefixes
  such as <routing-instance name>@<trap-group> or <logical-system
  name>/<routing-instance name>@<trap-group> as an additional
  variable binding.

  [See trap-options.]

• Reconfigure SNMPv3 configuration after upgrade (EX4600)—Starting in Junos OS Release 17.3R1, you might need to reconfigure
  SNMPv3 after upgrading from an earlier release. This is necessary
  only if you are using SNMPv3 and if the engine ID is based on the
  MAC address because the engine ID has changed. Previously, customers
  had to reconfigure SNMPv3 after every reboot. This problem was fixed.
  If you upgrade, you must still reconfigure SNMPv3, but only once.
  If you have already reconfigured SNMPv3 in an earlier release, then
  you do not need to reconfigure SNMPv3 again. To reconfigure SNMP v3,
  use the delete snmp v3 command, commit, and then reconfigure
  SNMPv3 parameters.

  [See Configuring the Local Engine ID.]

Routing Protocols

• Change in the default behavior of the advertise-from-main-vpn-tables configuration statement—BGP now advertises EVPN
  routes from the main bgp.evpn.0 table. You can no longer configure
  BGP to advertise the EVPN routes from the routing instance table.
  In earlier Junos OS Releases, BGP advertised EVPN routes from the
  routing instance table by default.

  [See advertise-from-main-vpn-tables.]

Services Applications

• Changes to the show services rpm history-results command (EX Series)—Starting in Junos OS Release
  17.3R2, you must include the owner owner and test name options when
  using the show services rpm history-results command.

  [See show services rpm history-results.]

VLAN Infrastructure

• LAG interface flaps while adding/removing a VLAN—From Junos OS Release 17.3 or later, the LAG interface flaps
  while adding or removing a VLAN. The flapping happens when a low speed
  SFP is plugged into a relatively high speed port. To avoid flapping,
  configure the port speed to match the speed of the SFP.

Known Behavior

This section lists known behavior, system maximums, and limitations
in hardware and software in Junos OS Release 17.3R3 for the EX Series.

For the most complete and latest information about known Junos
OS defects, use the Juniper Networks online Junos Problem Report Search application.

Authentication, Authorization, and Accounting (AAA) (RADIUS)

• On EX4300 switches, when 802.1X single-supplicant authentication
  is initiated, multiple “EAP Request Id Frame Sent” packets might be
  sent. PR1163966

Platform and Infrastructure

• On EX4600 switches,
  the amount of time that it takes for Zero Touch Provisioning to complete
  might be lengthy because TFTP might take a long time to fetch required
  data. PR980530

Known Issues

This section lists the known issues in hardware
and software in Junos OS Release 17.3R3 for the EX Series.

For the most complete and latest information about known Junos
OS defects, use the Juniper Networks online Junos Problem Report Search application.

General Routing

• EX9200 is not qualified to support
  DAC types. PR1369662

High Availability (HA) and Resiliency

• vmcore on backup Routing Engine though not critical could
  impact NSR functionality. This can be hit in particular scenarios
  like: – Back to back GRES with specific configuration. – Commit and
  rollback the configuration Impact: This will not impact the production
  Routing Engine since core is on backup. Also, the issue is seen very
  rarely. Hence, this should not impact the production. PR1269383

Layer 2 Features

• The eswd process might crash after doing a Routing Engine
  switchover in an EX Series Virtual Chassis scenario. The crash happens
  due to a disordered processing of VLAN/vmember by eswd and L2PT modules.
  As the order of processing does not remain the same every time, the
  crash is random across switchovers. PR1275468

Platform and Infrastructure

• On EX4600 and QFX5100 switches, the amount of
  time that it takes for Zero Touch Provisioning to complete might be
  lengthy because TFTP might take a long time to fetch required data. PR980530

• On EX4300, EX4600, and QFX5100 switches, if a remote analyzer
  has an output IP address that is reachable through a route learned
  by BGP, the analyzer might be in a DOWN state. PR1007963

• On chassis based line cards, the FI: Protect:
  Parity error for CP freepool SRAM SRAM parity error
  might be seen. It’s harmless and can be ignored. PR1079726

• On an EX4300 or a QFX5100 Virtual Chassis, when you perform
  an NSSU, there might be more than five seconds of traffic loss for
  multicast traffic. PR1125155

• On EX4300 switches, when 802.1X single-supplicant authentication
  is initiated, multiple “EAP Request Id Frame Sent” packets might be
  sent. PR1163966

• On an EX9200-12QS line card, interfaces with the default speed
  of 10-Gigabit Ethernet are not brought down even when the remote end
  of a connection is misconfigured as 40-Gigabit Ethernet. PR1175918

• On an EX9200-40XS line card, if you toggle the MACsec encryption
  option multiple times, encryption and protected MACsec statistics
  might be updated incorrectly. As a workaround, restart the line card. PR1185659

• On an EX9200 switch with MC-LAG, when the enhanced-convergence
  statement is enabled, and when the kernel sends a next hop message
  to the Packet Forwarding Engine, the full Layer 2 header is not sent
  and a packet might be generated with an invalid source MAC address
  for some VLANs. PR1223662

• On an EX Series switch chassis, if Dynamic Host Configuration
  Protocol (DHCP) relay or DHCP server is configured along with bpdu-block,
  a memory allocation issue may be seen. That can lead to a memory exhaustion
  issue for the DHCP process. PR1259918

• A flexible VLAN-tagged interface allows both primary and secondary
  VLAN configuration on different logical units of the same interface,
  but might not work as expected. PR1267160

• On EX4300 10G links, preexisting MACsec sessions might not come
  up after the following events: Process (pfex, dot1x) restart or system
  restart Link flaps. PR1294526

• MPC5 inline keepalive PPP echo requests not transmitted
  when anchor point is lt-x/2/x or lt-x/3/x in pseudowire deployment. PR1345727

• There are multiple failures when a events like node reboots,
  ICL flaps and ICCP flaps happens even with enhanced convergence configured
  there will be no guarantee that sub-second convergence will be achieved.PR1371493

• Scale of 150 VRRP was not tested before, there are no issues
  observed for 100 VRRP groups. At the higher scale, there are no drops
  but traffic gets flooded for group beyond 100. PR1371520

Virtual Chassis

• When the linecard role FPC is removed and rejoined to
  the Virtual Chassis immediately, the LAG interface on the master or
  backup would not be reprogrammed in the rejoined FPC. PR1255302

Resolved Issues

This section lists the issues fixed in the Junos OS main release
and the maintenance releases for EX Series.

For the most complete and latest information about known Junos
OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 17.3R3

EVPN

• The traffic might get dropped as the core is down. PR1343515

High Availability (HA) and Resiliency

• When igmp-snooping and bpdu-block-on-edge are enabled, IP protocol multicast traffic sourced by the kernel
  such OSPF, VRRP gets dropped in the Packet Forwarding Engine level. PR1301773

Infrastructure

• PFC feature might not work on an EX4600. PR1322439

• ifinfo core files can be generated on EX4600 Virtual Chassis. PR1324326

Interfaces and Chassis

• Identical IP addresses can be configured on different
  logical interfaces from different physical interfaces in the same
  routing instance (including master routing instance). PR1221993

• On an EX4300 Virtual Chassis, an LACP flap is observed
  after rebooting the master FPC with PDT configurations. PR1301338

• The interface might not work properly after the FPC restarts. PR1329896

• The MAC address assigned to an aggregated Ethernet member
  interface is not the same as that of its parent aggregated Ethernet
  interface upon master node removal. PR1333734

• On an EX4600 MC-LAG after reboot of VRRP master and backup
  black holes traffic to downstream switches. PR1345316

MPLS

• On EX4600 switches, unified ISSU is not supported with
  an MPLS configuration. PR1264786

Platform and Infrastructure

• After access rejected the dot1x process might crash due to a
  memory leak. PR1160059

• The interface-range command cannot be used
  to set speed and autonegotiation properties for a group of interfaces. PR1258851

• The mismatch of VLAN ID between an logical interface and
  VLAN configuration might result in traffic blackhole. PR1259310

• EX : Interface does not come up after unplugged/plugged the
  1G SFP. PR1261468

• MACsec session cannot be recovered after physically flapping
  one link of an aggregated Ethernet. PR1283314

• Doing load replace terminal and attempting to replace
  the interface stanza might terminate the current CLI session and leave
  user session hanging. PR1293587

• An eswd core file might be observed if apply-groups is configured
  under interface-range. PR1300709

• Multicast receiver connected to EX4300 might not be able
  to get the multicast streaming. PR1308269

• Autonegotiation is not working as expected between EX4300
  and SRX5800. PR1311458

• JDISwitchingReg : Traffic loss is observed while performing
  NSSU. PR1311977

• IGMP snooping might not learn multicast router interface
  dynamically. PR1312128

• PEM alarms and L2C failures are observed on MX240/MX480/MX960/EX92/SRX5K
  devices. PR1312336

• The interface with 1G SFP might go down if no-auto-negotiation
  is configured. PR1315668

• IGMPv3 on an EX4300 does not have the correct outgoing
  interfaces in the Packet Forwarding Engine that are listed in the
  kernel. PR1317141

• The vmcore might be seen and the device might reboot after the
  ICL is changed from an aggregated Ethernet to a physical interface. PR1318929

• High latency might be observed between the master Routing
  Engine and other FPC. PR1319795

• Multicast traffic might not be forwarded to one of the
  receivers. PR1323499

• MAC learning issue and new VLANs creation failure might
  happen for some VLANs on EX4300 platform. PR1325816

• EX Series switches do not send RADIUS request after modifying
  the interface-range configuration. PR1326442

• An l2cpd process might generate a core file. PR1325917

• The major alarm about Fan & PSU Airflow direction mismatch might be seen by removing management cable. PR1327561

• Traffic going through aggregated Ethernet interface might be
  dropped if mastership changes. PR1327578

• CoS is wrongly applied on Packet Forwarding Engine leading to
  egress traffic drop. PR1329141

• [EX4300] When exhausting TCAM table filter is still programmed. PR1330148

• The rpd process generated a core file on thenew backup Routing
  Engine at task_quit,task_terminate_timer_callback,task_timer_dispatch,task_scheduler after disabling NSR+GRES. PR1330750

• The interface on which the VSTP is disabled by CLI might stay
  in the “Discarding” state after device rebooting. PR1333684

• STP BPDUs are not sent out on another active child when an anchor
  FPC has no active child. PR1333872

• MQSS errors and alarms might happen when an interface goes down. PR1334928

• An EX4300 will not generate L2ALD storm control action
  logs if the interface has a redundant trunk group (RTG) configuration. PR1335256

• IGMP packets are forwarded out of the RTG backup interface. PR1335733

• L2cpd memory leak appears on EX platforms with VoIP configured. PR1337347

• MAC source address filter with the accept-source-mac statement does not work if MAC move limit is configured. PR1341520

• MSTP might not work normally after permitting a commit. PR1342900

• The filter might not be programmed in Packet Forwarding
  Engine even though TCAM entries are available. PR1345296

• Statistics daemon pfed might generate a core file on an upgrade
  between certain releases. PR1346925

• After EX9200 FPC becomes Online, other FPC CPU may go 100% usage
  and have traffic loss near 30sec. PR1346949

• The VLAN translation feature does not work for the control
  plane traffic. PR1348094

• EX4600 detects a Latency-over-Threshold event with a wrong value. PR1348749

• Traffic drop might happen if LLC packets are sent with
  DSAP and SSAP as 0x88 and 0x8e. PR1348618

• Firewall filter with then syslog option is unable to send
  syslog files to the syslog server running Junos OS Release 16.1R5
  or Release 16.1R6 on an EX4300 Virtual Chassis. PR1351548

• A high usage chassis alarm in “/var” does not clear from
  the EX4300 Virtual Chassis when a file is copied from fpc1 (master)
  to fpc0 (backup). PR1354007

• The ports using SFP-T transceiver might be still up after
  system halt. PR1354857

• The FPC would crash due to the memory leak caused by the
  VTEP traffic. PR1356279

• MPCs might restart during ISSU. PR1359282

Routing Protocols

• An mcsnoopd core file is observed at __raise,abort,__task_quit__,task_quit,task_terminate_timer_callback,task_timer_dispatch,task_scheduler_internal
(enable_slip_detector=true, no_exit=true) at ../../../../../../src/junos/lib/libjtask/base/task_scheduler.c:275 . PR1305239

• OSPF routes cannot be installed to the routing table until
  the lsa-refresh timer expires. PR1316348

• BGP peer is not established after Routing Engine switchover
  when graceful-restart and BFD enabled. PR1324475

• The igmp-snooping command might be enabled
  unexpectedly. PR1327048

Resolved Issues: 17.3R2

Authentication, Authorization, and Accounting (AAA) (RADIUS)

• MacSec Issue show security macsec statistics command does not show expected results.PR1283544

• The Link Layer Discovery Protocol-Media Endpoint Discovery
  (LLDP-MED) cannot forward correct Packet Ordering Engine class. PR1296547

• An l2ald crash occurs with no apparent trigger. PR1302344

• The CLI command show snmp mib walk used for jnxMIMstMstiPortState
  does not display anything in Junos OS Release 17.1R2 on the EX4600
  platform. PR1305281

• Traffic loss is observed while
  performing NSSU.PR1311977

• Dhcp-security binding table might not get updated. PR1312670

• A memory leak is seen for dot1xd. PR1313578

• The dot1x process might stop authenticating if continuous
  dot1x clients reauthentication requests can’t get processed PR1300050

• EX series switches do not send radius request after modifying
  the interface-range configuration. PR1326442

• QFX5100/EX4600/ACX5k : Major Alarm ‘Fan & PSU Airflow
  direction mismatch’ by removing management cable. PR1327561

Class of Service (CoS)

• On EX4300, EX4600, or QFX5100, traffic might be dropped
  when there is more than one forwarding class under “forwarding-class-sets”. PR1255077

EVPNs

• Split Horizon Label is not allocated after switching configuration
  of ESI from ‘single-active’ to ‘all-active’ PR1307056

Infrastructure

• On EX Series switches, the file system might get corrupted
  multiple times during an image upgrade or commit operation. As a result,
  the image might fail to upgrade because the EX Series switches bypass
  the file system corruption check when file system is corrupted. PR1317250

• On EX4600, priority-based flow control (PFC) frames might
  not work. PR1322439

Interfaces and Chassis

• In a Virtual Chassis setup with aggregated Ethernet interfaces
  and multiple protocols configured in the system, intermittently we
  see LACP flap when the master is rebooted. Workaround is to toggle
  the interfaces where LACP is flapping. PR1301338

• The interface might not work properly after FPC restarts. PR1329896

Layer 2 Features

• Feature swap-swap might not work as expected in a Q-in-Q
  scenario. PR1297772

MPLS

• QFX5100: ISSU is not supported with MPLS configuration. PR1264786

Platform and Infrastructure

• On EX4300 Virtual Chassis, a 10-Gigabit Ethernet VCP might
  not get a neighbor after a system reboot. PR1261363

• CPU utilization for pfex_junos usage might go high if
  DHCP relay packets are coming continually. PR1276995

• Traffic loss might be observed for about 10 seconds if
  master member FPC reboots PR1283702

• On EX4300 switches, filter-based forwarding (FBF) might
  not work properly after deactivating or activating. This occurs because
  stale entries cannot be freed in ternary content addressable memory
  (TCAM); it leads to insufficient space in TCAM to process filters. PR1293581

• On an EX4300 switch, packets larger than 1452 bytes will
  be dropped after generic routing encapsulation (GRE), because the
  “Fragmentation of payload” and “GRE Path MTU discovery” are not supported
  on an EX4300 Series switch. PR1293787

• On EX4300 some functions of IPv6 Router Advertisement
  Guard do not work. PR1294260

• ERROR: /dev/da0s1a is not a JUNOS snapshot is seen during system startup. PR1297888

• On EX4300 switches, when unknown unicast ICMP packets
  are received by an interface, packets are routed, so TTL is decremented. PR1302070

• On EX4300 Virtual Chassis, the FRU PSU removal and insertion
  traps are not generated for master or backup FPCs. PR1302729

• There is an inconsistent IEEE P-bit marking in the 802.1Q
  header for OSPF packets. PR1306750

• Traceroute not working in EX9200 device for routing-instances
  running on 17.1R3 Junos version. PR1310615

• IGMP snooping might not learn the multicast router interface
  dynamically. PR1312128

• On EX4300VC, l2cpd core file might be seen, if the interface
  is disabled under VSTP and enabled under RSTP PR1317908

• High latency might be observed between the master Routing
  Engine and another Flexible PIC Concentrator (FPC). PR1319795

• On EX4300VC, VSTP BPDUs are not getting processed and
  root-bridge convergence fails for certain vlans PR1320719

• Multicast traffic might not get forwarded to one of the
  receivers. PR1323499

• A Layer 2 Control Protocol process (l2cpd) might generate
  a core file. PR1325917

Routing Protocols

• JDI-RCT:M/Mx:Observed mcsnoopd core @ __raise,abort,__task_quit__,task_quit,task_terminate_timer_callback,task_timer_dispatch,task_scheduler_internal
  (enable_slip_detector=true, no_exit=true) at ../../../../../../src/junos/lib/libjtask/base/task_scheduler.c:275 .PR1305239

Virtual Chassis

• On EX4300 FRU removal/insertion trap not generated for
  non-master (backup/line card) FPCs. PR1293820

Resolved Issues: 17.3R1

Authentication, Authorization, and Accounting (AAA) (RADIUS)

• VLAN association is not being updated in the Ethernet switching
  table when the device is configured in single supplicant mode. PR1283880

Infrastructure

• EX4300 aggregated interface is down while interface member
  VLAN is PVLAN and LACP is enabled. PR1264268

Interfaces and Chassis

• Junos: EX Series PFE and MX MPC7E/8E/9E PFE crash when fetching
  interface stats with extended-statistics enabled (CVE-2017-10611);
  Refer to https://kb.juniper.net/JSA10814 for more information. PR1247026

Layer 2 Features

• All the XML duplications and unformatted output are addressed.
  For Example, histogram was just declared as a element inside pfkey
  container, with this change a new container is defined for histogram. PR1271648

Platform and Infrastructure

• Layer 3 protocol packets are not being sent out from the
  switch. PR1226976

This section lists the errata and changes in
Junos OS Release 17.3R3 for the EX Series switches documentation.

Traffic Management User Guide for EX4600 Switches

• Consolidation of the Traffic Management User Guide for QFX Series
  and EX4600 Switches (EX4600)—Starting in Junos
  OS Release 17.3R1, the following three traffic management guides are
  consolidated into one user guide:

  • Traffic Management User Guide for QFX Series

  • Traffic Management User Guide for QFX 10000 Series

  • Traffic Management User Guide for EX4600 Switches

  [See Traffic Management User Guide for QFX Series and EX4600 Switches.]

• Support for deletion of static routes when the BFD session
  goes down (QFX Series)—Starting with Junos OS
  Release 17.3R1, the default behavior of the static route at the [edit routing-options static static-route bfd-admin-down] hierarchy
  level is active. So, the static routes are deleted when the BFD receives
  a session down message. [See Enabling BFD on Qualified Next Hops in Static Routes for Route Selection.]

Migration, Upgrade, and Downgrade Instructions

This section contains the upgrade and downgrade support policy
for Junos OS for the EX Series. Upgrading or downgrading Junos OS
can take several hours, depending on the size and configuration of
the network. For information about software installation and upgrade,
see the Installation and Upgrade Guide.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three
Junos OS releases at a time is not provided, except for releases
that are designated as Extended End-of-Life (EEOL) releases. EEOL
releases provide direct upgrade and downgrade paths—you can
upgrade directly from one EEOL release to the next EEOL release, even
though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs
directly before or after the currently installed EEOL release, or
to two EEOL releases before or after. For example, Junos OS Releases
14.1, 14.2, 15.1 and 16.1 are EEOL releases. You can upgrade from
Junos OS Release 14.1 to Release 15.1 or even from Junos OS Release
14.1 to Release 16.1. However, you cannot upgrade directly from a
non-EEOL release that is more than three releases ahead or behind.

To upgrade or downgrade from a non-EEOL release to a release
more than three releases before or after, first upgrade to the next
EEOL release and then upgrade or downgrade from that EEOL release
to your target release.

For more information on EEOL releases and to review a list of
EEOL releases, see https://support.juniper.net/support/eol/software/junos/

Product Compatibility

Hardware Compatibility

To obtain information about the components that are supported
on the devices, and the special compatibility guidelines with the
release, see the Hardware Guide for the product.

To determine the features supported on EX Series switches in
this release, use the Juniper Networks Feature Explorer, a Web-based
application that helps you to explore and compare Junos OS feature
information to find the right software release and hardware platform
for your network. Find Feature Explorer at https://pathfinder.juniper.net/feature-explorer/.

Hardware Compatibility Tool

For a hardware compatibility matrix for optical interfaces and
transceivers supported across all platforms, see the Hardware Compatibility
tool.