Release Notes 11.3R4 - Juniper Networks
Release Notes 11.3R4 - Juniper Networks
Release Notes 11.3R4 - Juniper Networks
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Junos ® OS 11.3 <strong>Release</strong> <strong>Notes</strong><br />
<strong>Release</strong> <strong>11.3R4</strong><br />
13 January 2012<br />
Revision 5<br />
These release notes accompany <strong>Release</strong> <strong>11.3R4</strong> of the Junos OS. They describe device<br />
documentation and known problems with the software for EX Series Ethernet Switches,<br />
QFX Series, and Common Platform Features.<br />
For the latest, most complete information about outstanding and resolved issues with<br />
the Junos OS software, see the <strong>Juniper</strong> <strong>Networks</strong> online software defect search application<br />
at http://www.juniper.net/prsearch.<br />
You can also find these release notes on the <strong>Juniper</strong> <strong>Networks</strong> Junos OS Documentation<br />
Web page, which is located at http://www.juniper.net/techpubs/software/junos/.<br />
Contents Junos OS <strong>Release</strong> <strong>Notes</strong> for EX Series Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
New Features in Junos OS <strong>Release</strong> 11.3 for EX Series Switches . . . . . . . . . . . . . 4<br />
Resilient Dual-Root Partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5<br />
Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5<br />
Ethernet Switching and Spanning Trees . . . . . . . . . . . . . . . . . . . . . . . . . . . 8<br />
Fibre Channel over Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8<br />
High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8<br />
Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8<br />
Layer 2 and Layer 3 Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9<br />
MPLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9<br />
Multicast Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9<br />
Virtual Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10<br />
Changes in Default Behavior and Syntax in Junos OS <strong>Release</strong> 11.3 for EX<br />
Series Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10<br />
Ethernet Switching and Spanning Trees . . . . . . . . . . . . . . . . . . . . . . . . . . 10<br />
Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11<br />
Software Installation and Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11<br />
Limitations in Junos OS <strong>Release</strong> 11.3 for EX Series Switches . . . . . . . . . . . . . . . 11<br />
Ethernet Switching and Spanning Trees . . . . . . . . . . . . . . . . . . . . . . . . . . 12<br />
Firewall Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12<br />
Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12<br />
Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12<br />
Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13<br />
J-Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14<br />
1
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
2<br />
Management and RMON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14<br />
Multicast Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14<br />
Virtual Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14<br />
Outstanding Issues in Junos OS <strong>Release</strong> 11.3 for EX Series Switches . . . . . . . 16<br />
Access Control and Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16<br />
Ethernet Switching and Spanning Trees . . . . . . . . . . . . . . . . . . . . . . . . . . 16<br />
Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16<br />
J-Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17<br />
Layer 2 and Layer 3 Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20<br />
Management and RMON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20<br />
Power over Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20<br />
Resolved Issues in Junos OS <strong>Release</strong> 11.3 for EX Series Switches . . . . . . . . . . 20<br />
Issues Resolved in <strong>Release</strong> 11.3R1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21<br />
Issues Resolved in <strong>Release</strong> 11.3R2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33<br />
Issues Resolved in <strong>Release</strong> 11.3R3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34<br />
Issues Resolved in <strong>Release</strong> <strong>11.3R4</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37<br />
Changes to and Errata in Documentation for Junos OS <strong>Release</strong> 11.3 for EX<br />
Series Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39<br />
Changes to the Junos OS for EX Series Switches Documentation . . . . . 39<br />
Errata . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39<br />
Upgrade and Downgrade Instructions for Junos OS <strong>Release</strong> 11.3 for EX Series<br />
Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41<br />
Upgrading from Junos OS <strong>Release</strong> 10.4R3 or Later . . . . . . . . . . . . . . . . . . 41<br />
Upgrading from Junos OS <strong>Release</strong> 10.4R2 or Earlier . . . . . . . . . . . . . . . . 43<br />
Downgrading to Junos OS <strong>Release</strong> 10.4R2 or Earlier . . . . . . . . . . . . . . . . 56<br />
Upgrade Policy for Junos OS Extended End Of Life <strong>Release</strong>s . . . . . . . . . 56<br />
Upgrading or Downgrading from Junos OS <strong>Release</strong> 9.4R1 for EX Series<br />
Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57<br />
Upgrading from Junos OS <strong>Release</strong> 9.3R1 to <strong>Release</strong> 11.3 for EX Series<br />
Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57<br />
Upgrading EX Series Switches Using NSSU . . . . . . . . . . . . . . . . . . . . . . . 57<br />
Junos OS <strong>Release</strong> <strong>Notes</strong> for the QFX Series . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60<br />
New Features in Junos OS <strong>Release</strong> 11.3 for the QFX Series . . . . . . . . . . . . . . . 60<br />
Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60<br />
Layer 2 and Layer 3 Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60<br />
Multicast Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61<br />
Network Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61<br />
Changes in Default Behavior and Syntax in Junos OS <strong>Release</strong> 11.3 for the<br />
QFX Series . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62<br />
Traffic Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62<br />
Limitations in Junos OS <strong>Release</strong> 11.3 for the QFX Series . . . . . . . . . . . . . . . . . 65<br />
Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66<br />
Traffic Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66<br />
Outstanding Issues in Junos OS <strong>Release</strong> 11.3 for the QFX Series . . . . . . . . . . . 67<br />
Configuration and File Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67<br />
Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67<br />
Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68<br />
Junos OS Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68<br />
Layer 2 and Layer 3 Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
Multicast Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69<br />
Network Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69<br />
Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69<br />
Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70<br />
Traffic Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70<br />
Resolved Issues in Junos OS <strong>Release</strong> 11.3 for the QFX Series . . . . . . . . . . . . . . 71<br />
Issues Resolved in <strong>Release</strong> 11.3R5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71<br />
Issues Resolved in <strong>Release</strong> <strong>11.3R4</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72<br />
Issues Resolved in <strong>Release</strong> 11.3R3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73<br />
Issues Resolved in <strong>Release</strong> 11.3R2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75<br />
Errata in Documentation for Junos OS <strong>Release</strong> 11.3 for the QFX Series . . . . . . 77<br />
Standards Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78<br />
Upgrade and Downgrade Instructions for Junos OS <strong>Release</strong> 11.3 for the QFX<br />
Series . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78<br />
Procedure for Upgrading CoS from Junos OS <strong>Release</strong> 11.1 or <strong>Release</strong> 11.2<br />
to <strong>Release</strong> 11.3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78<br />
Basic Procedure for Upgrading to Junos OS <strong>Release</strong> 11.3 . . . . . . . . . . . . . 79<br />
Upgrade and Downgrade Support Policy for Junos OS Extended End<br />
of Life Software <strong>Release</strong>s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81<br />
Junos OS <strong>Release</strong> <strong>Notes</strong> for <strong>Juniper</strong> <strong>Networks</strong> Common Platform Features . . . . . 83<br />
Unsupported Features in Junos OS <strong>Release</strong> 11.3 for Common Platform<br />
Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83<br />
High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83<br />
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83<br />
Network Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84<br />
Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85<br />
Subscriber Access Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85<br />
VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85<br />
Issues in Junos OS <strong>Release</strong> 11.3 for Common Platform Features . . . . . . . . . . 86<br />
Current Software <strong>Release</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86<br />
Previous <strong>Release</strong>s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89<br />
Junos OS Documentation and <strong>Release</strong> <strong>Notes</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . 108<br />
Documentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109<br />
Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109<br />
Revision History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111<br />
3
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
Junos OS <strong>Release</strong> <strong>Notes</strong> for EX Series Switches<br />
• New Features in Junos OS <strong>Release</strong> 11.3 for EX Series Switches on page 4<br />
• Changes in Default Behavior and Syntax in Junos OS <strong>Release</strong> 11.3 for EX Series<br />
Switches on page 10<br />
• Limitations in Junos OS <strong>Release</strong> 11.3 for EX Series Switches on page 11<br />
• Outstanding Issues in Junos OS <strong>Release</strong> 11.3 for EX Series Switches on page 16<br />
• Resolved Issues in Junos OS <strong>Release</strong> 11.3 for EX Series Switches on page 20<br />
• Changes to and Errata in Documentation for Junos OS <strong>Release</strong> 11.3 for EX Series<br />
Switches on page 39<br />
• Upgrade and Downgrade Instructions for Junos OS <strong>Release</strong> 11.3 for EX Series<br />
Switches on page 41<br />
New Features in Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
4<br />
This section describes new features in <strong>Release</strong> 11.3 of the Junos operating system (Junos<br />
OS) for EX Series switches.<br />
NOTE: If you are upgrading from <strong>Release</strong> 10.4R2 or earlier, you must install<br />
new loader software as part of the upgrade process. This special software<br />
upgrade takes a little more time to complete than a standard upgrade. See<br />
“Upgrade and Downgrade Instructions for Junos OS <strong>Release</strong> 11.3 for EX Series<br />
Switches” on page 41 for instructions.<br />
Not all EX Series software features are supported on all EX Series switches in the current<br />
release. For a list of all EX Series software features and their platform support, see EX<br />
Series Switch Software Features Overview.<br />
New features are described on the following pages:<br />
• Resilient Dual-Root Partitions on page 5<br />
• Hardware on page 5<br />
• Ethernet Switching and Spanning Trees on page 8<br />
• Fibre Channel over Ethernet on page 8<br />
• High Availability on page 8<br />
• Infrastructure on page 8<br />
• Layer 2 and Layer 3 Protocols on page 9<br />
• MPLS on page 9<br />
• Multicast Protocols on page 9<br />
• Virtual Chassis on page 10<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Resilient Dual-Root Partitions<br />
• Resilient dual-root partitioning—Resilient dual-root partitioning, introduced on EX<br />
Series switches with Junos OS <strong>Release</strong> 10.4R3, provides additional resiliency to switches<br />
in the following ways:<br />
• Allows the switch to boot transparently from the second root partition if the system<br />
fails to boot from the primary root partition.<br />
• Provides separation of the root Junos OS file system from rest of the file system. If<br />
corruption of the /var file system occurs (which is more likely than corruption of the<br />
root file system because of the greater frequency of read and write operations), the<br />
root file system is insulated from the corruption.<br />
This new feature incorporates some enhancements that entail additional steps and<br />
require additional time when you upgrade from a release that does not support resilient<br />
dual-root partitions (that is, from <strong>Release</strong> 10.4R2 or earlier) to one that does. When<br />
upgrading from a release that supports resilient dual-root partitions, these additional<br />
steps are not required.<br />
For detailed upgrade instructions, see “Upgrade and Downgrade Instructions for Junos<br />
OS <strong>Release</strong> 11.3 for EX Series Switches” on page 41. [See Understanding Resilient<br />
Dual-Root Partitions on Switches.]<br />
Hardware<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
• DC power supply support on EX2200 switches—EX2200 switches now support DC<br />
power supplies. [See EX2200 Switch Models.]<br />
• EX2200-C switch—The EX2200-C switch is a 12-port, compact, fanless,<br />
fixed-configuration switch. There are two models: EX2200-C-12T-2G (no Power over<br />
Ethernet (PoE)) and EX2200-C-12P-2G (PoE+ on all ports). Each EX2200-C switch<br />
has two dual-purpose uplink ports. You can configure a dual-purpose uplink port to<br />
operate either as a 10/100/1000 port or as an SFP module port, but not both at the<br />
same time.<br />
EX2200-C switches support the following optical transceivers:<br />
• EX-SFP-1FE-FX (100BASE-FX, 2 km)<br />
• EX-SFP-1GE-LH (1000BASE-LH or 1000BASE-ZX, 70 km)<br />
• EX-SFP-1GE-LX (1000BASE-LX, 10 km)<br />
• EX-SFP-1GE-SX (1000BASE-SX, 220 m, 275 m, 500 m, or 550 m)<br />
EX2200-C switches do not support switch connection and configuration through the<br />
J-Web interface.<br />
[See EX2200 Switch Hardware Documentation.]<br />
New Features in Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
• EX3300 switch—The EX3300 switch is a fixed-configuration switch that is available<br />
in six models—24-port or 48-port models with either all ports equipped for Power over<br />
Ethernet (PoE) or none of the ports equipped for PoE. All EX3300 models provide<br />
network ports that have 10/100/1000BASE-T Gigabit Ethernet connectors and uplink<br />
5
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
6<br />
ports that support 10-gigabit small form-factor pluggable (SFP+) transceivers for use<br />
with fiber connections. You can connect individual EX3300 switches together to form<br />
one unit and manage the unit as a single chassis, called a Virtual Chassis. You can<br />
include up to six member switches in the Virtual Chassis.<br />
EX3300 switches support the following SFP+ optical transceivers:<br />
• EX-SFP-10GE-LR (10GBASE-LR, 10 km)<br />
• EX-SFP-10GE-LRM (10GBASE-LRM, 220 m)<br />
• EX-SFP-10GE-SR (10GBASE-SR, 26 m, 33 m, 66 m, 82 m, 300 m)<br />
• EX-SFP-10GE-USR (10GBASE-SR, 10 m, 30 m, 100 m)<br />
EX3300 switches support the following SFP optical transceivers:<br />
• EX-SFP-1GE-LX (1000BASE-LX, 10 km)<br />
• EX-SFP-1GE-SX (1000BASE-SX, 220 m, 275 m, 500 m, 550 m)<br />
EX3300 switches support the following SFP+ direct attach cables:<br />
• EX-SFP-10GE-DAC-1m (1 m)<br />
• EX-SFP-10GE-DAC-7m (7 m)<br />
EX3300 switches do not support switch connection and configuration through the<br />
J-Web interface.<br />
[See EX3300 Hardware Documentation.]<br />
• EX6210 switch—The EX6210 switch is a 10-slot, high-density, high-performance,<br />
cost-effective modular solution for enterprise campus, data center access, and<br />
high-density wiring-closet deployments.<br />
The EX6210 switch is supported on Junos OS <strong>Release</strong> 11.3R2 and later.<br />
This switch has fully redundant Switch Fabric and Routing Engine (SRE) modules.<br />
Each SRE module houses four 10-Gigabit Ethernet SFP+ uplink ports. EX6210 switches<br />
support the following redundant and load-sharing power supplies:<br />
• 2500 W AC power supply<br />
• 2100 W DC power supply<br />
EX6210 switches have a single fan tray that contains six redundant fans and provides<br />
front-to-back chassis cooling.<br />
EX6210 switches support two types of line cards:<br />
• 48-port 10/100/1000B-T RJ-45<br />
• 48-port 10/100/1000B-T PoE+ RJ-45<br />
EX6200 switches support the following optical transceivers:<br />
• EX-SFP-10GE-USR (10GBASE-USR, 10 m, 30 m, 100 m)<br />
• EX-SFP-10GE-ER (10GBASE-ER, 40 km)<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
• EX-SFP-10GE-LR (10GBASE-LR, 10 km)<br />
• EX-SFP-10GE-LRM (10GBASE-LRM, 220 m)<br />
• EX-SFP-10GE-SR (10GBASE-SR, 26 m, 33 m, 66 m, 82 m, 300 m<br />
EX6210 switches do not support switch connection and configuration through the<br />
J-Web interface.<br />
[See EX6210 Hardware Documentation.]<br />
• New optical transceiver support for EX6200 Series switches at <strong>Release</strong><br />
<strong>11.3R4</strong>—Support for the following transceivers on EX6200 Series switches has been<br />
added at <strong>Release</strong> <strong>11.3R4</strong>:<br />
• EX-SFP-1GE-LH (1000BASE-LR or 1000BASE-ZX, 70 km)<br />
• EX-SFP-1GE-LX (1000BASE-LX, 10 km)<br />
• EX-SFP-1GE-LX40K (1000BASE-ZX, 40 km)<br />
• EX-SFP-1GE-SX (1000BASE-SX, 220 m, 275 m, 500 m, 550 m)<br />
• EX-SFP-1GE-T (1000BASE-T, 100 m)<br />
New Features in Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
• XRE200 External Routing Engine support for Virtual Chassis Control Interface<br />
modules—The XRE200 External Routing Engine now supports a 4-port 1000BASE-X<br />
Gigabit Ethernet SFP Virtual Chassis Control Interface (VCCI) module. You can use<br />
the SFP ports on this VCCI module to extend the Virtual Chassis port (VCP) connections<br />
within an EX8200 Virtual Chassis over long distances. [See Virtual Chassis Control<br />
Interface (VCCI) Modules in an XRE200 External Routing Engine.]<br />
7
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
8<br />
Ethernet Switching and Spanning Trees<br />
• Support for input (ingress) counting on routed VLAN interfaces (RVIs) on EX8200<br />
switches—You can now configure the RVI input counters by including the<br />
ingress-counting statement at the [edit vlans vlan-name l3-interface<br />
vlan.logical-interface-number] hierarchy level on EX8200 switches. To view the ingress<br />
counters, use the show interfaces vlan command. In the output, see the Traffic Statistics<br />
values for Input Bytes, Output Bytes, Input Packets, and Output Packets. [See<br />
ingress-counting and show interfaces vlan.]<br />
Fibre Channel over Ethernet<br />
• EX4500 switch support for DCBX—EX4500 switches now support the Data Center<br />
Bridging Capability Exchange protocol (DCBX). DCBX advertises the local capability<br />
and administrative state for priority-based flow control (PFC), detects the PFC<br />
capabilities of DCB peers, and automatically enables or disables PFC on an interface<br />
depending on whether the PFC configuration of the DCB peer is compatible with the<br />
PFC configuration on the switch interface. [See Understanding Data Center Bridging<br />
Capability Exchange Protocol for EX Series Switches.]<br />
High Availability<br />
• Nonstop bridging for LACP on EX8200 switches and EX8200 Virtual<br />
Chassis—Nonstop bridging (NSB) for Link Aggregation Control Protocol (LACP) is now<br />
supported on EX8200 switches and EX8200 Virtual Chassis. You can now configure<br />
NSB to enable transparent switchover between the master and backup Routing Engines<br />
without having to restart LACP. [See Understanding Nonstop Bridging on EX Series<br />
Switches.]<br />
• Nonstop bridging for LLDP and LLDP-MED on EX4200 Virtual Chassis, EX4500<br />
Virtual Chassis, EX8200 switches, and EX8200 Virtual Chassis—Nonstop bridging<br />
(NSB) for Link Layer Discovery Protocol (LLDP) and Link Layer Discovery<br />
Protocol–Media Endpoint Discovery (LLDP-MED) is now supported on EX4200 Virtual<br />
Chassis, EX4500 Virtual Chassis, EX8200 switches, and EX8200 Virtual Chassis. You<br />
can now configure NSB to enable transparent switchover between the master and<br />
backup Routing Engines without having to restart LLDP and LLDP-MED. [See<br />
Understanding Nonstop Bridging on EX Series Switches.]<br />
• Nonstop bridging for spanning-tree protocols on EX4200 Virtual Chassis and EX8200<br />
switches—Nonstop bridging (NSB) for all spanning-tree protocols is now supported<br />
on EX4200 Virtual Chassis and EX8200 switches with dual Routing Engines. You can<br />
now configure NSB to enable transparent switchover between the master and backup<br />
Routing Engines without having to restart the spanning-tree protocol. [See<br />
Understanding Nonstop Bridging on EX Series Switches.]<br />
Infrastructure<br />
• EX2200 switch added software support—EX2200 switches now support<br />
authentication fallback, captive portal authentication (Layer 2 and Layer 3 interfaces),<br />
configuring firewall filters on the management Ethernet interface (me0), and Multiple<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
VLAN Registration Protocol (MVRP). [See Understanding Server Fail Fallback and<br />
Authentication on EX Series Switches, Example: Setting Up Captive Portal Authentication<br />
on an EX Series Switch, Firewall Filters for EX Series Switches Overview, and Understanding<br />
Multiple VLAN Registration Protocol (MVRP) on EX Series Switches.]<br />
• Nonstop active routing for OSPFv2 with BFD, RIP, BGP, or IS-IS, and nonstop active<br />
routing for IGMP with BFD on EX6200 switches—Nonstop active routing (NSR) for<br />
OSPFv2 with BFD, RIP, BGP, IS-IS, and IGMP is now supported on EX6200 switches.<br />
You can now configure NSR to enable transparent switchover between the master<br />
and backup Routing Engines without having to restart OSPFv2 with BFD, RIP, BGP, or<br />
IS-IS, or IGMP with BFD. NSR supports RIP versions 1 and 2 and IGMP versions 1, 2, and<br />
3 with BFD on EX6200 switches. [See Understanding Nonstop Active Routing on EX Series<br />
Switches.]<br />
• Nonstop active routing for OSPFv3 and RIP—Nonstop active routing (NSR) for OSPFv3<br />
and all versions of RIP is supported on EX8200 Virtual Chassis. You can configure<br />
nonstop active routing to enable transparent switchover of the external Routing Engines<br />
without having to restart OSPFv3 or RIP. [See Understanding Nonstop Active Routing on<br />
EX Series Switches.]<br />
Layer 2 and Layer 3 Protocols<br />
• Routed multicast traffic on virtual routing and forwarding (VRF) instances—Routed<br />
multicast traffic is now supported on all VRF instances, not just the default instance.<br />
[See Understanding Virtual Routing Instances on EX Series Switches].<br />
MPLS<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
• Layer 2 VPN CCC and Layer 2 circuit CCC on VLAN-encapsulated interfaces—Layer<br />
2 virtual private network (VPN) circuit cross-connect (CCC) and Layer 2 circuit CCC<br />
on VLAN-encapsulated interfaces are supported on EX8200 switches. [See<br />
Understanding Using MPLS-Based Layer 2 and Layer 3 VPNs on EX Series Switches.]<br />
Multicast Protocols<br />
• GRES support for IGMP snooping—Graceful Routing Engine switchover (GRES) now<br />
supports all versions of IGMP snooping on EX4200 Virtual Chassis, EX8200 switches,<br />
and EX8200 Virtual Chassis. GRES can now sync the IGMP snooping state between<br />
master and backup Routing Engines to enable transparent switchover of IGMP snooping.<br />
GRES supports all versions of IGMP snooping. [See High Availability Features for EX<br />
Series Switches Overview.]<br />
• MVR on EX2200 switches—Multicast VLAN registration (MVR) is now supported on<br />
EX2200 switches. With MVR, multicast traffic can be shared between source VLANs<br />
and subscriber VLANs. [See Understanding Multicast VLAN Registration on EX Series<br />
Switches.]<br />
New Features in Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
9
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
Related<br />
Documentation<br />
Virtual Chassis<br />
• EX4500 Virtual Chassis configuration in the J-Web interface—You can now configure<br />
EX4500 Virtual Chassis in the J-Web interface. [See Configuring an EX4200 Virtual<br />
Chassis (J-Web Procedure).]<br />
• MAC address assignment enhancement for Virtual Chassis interfaces—Layer 2<br />
•<br />
network interfaces that are part of a Virtual Chassis are now automatically assigned<br />
unique MAC addresses. Assigning a unique MAC address for each Layer 2 interface in<br />
a Virtual Chassis helps ensure that functions that require unique MAC address<br />
differentiation—such as redundant trunk groups (RTGs), Link Aggregation Control<br />
Protocol (LACP), and general monitoring functions—can work correctly. This feature<br />
is supported on EX4200 Virtual Chassis, EX4500 Virtual Chassis, and EX8200 Virtual<br />
Chassis. [See Understanding MAC Address Assignment in an EX Series Switch and<br />
Understanding MAC Address Assignment on a Virtual Chassis.]<br />
Changes in Default Behavior and Syntax in Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
on page 10<br />
• Limitations in Junos OS <strong>Release</strong> 11.3 for EX Series Switches on page 11<br />
• Outstanding Issues in Junos OS <strong>Release</strong> 11.3 for EX Series Switches on page 16<br />
• Resolved Issues in Junos OS <strong>Release</strong> 11.3 for EX Series Switches on page 20<br />
• Changes to and Errata in Documentation for Junos OS <strong>Release</strong> 11.3 for EX Series<br />
Switches on page 39<br />
• Upgrade and Downgrade Instructions for Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
on page 41<br />
Changes in Default Behavior and Syntax in Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
10<br />
This section lists the changes in default behavior and syntax in Junos OS <strong>Release</strong> 11.3 for<br />
EX Series switches.<br />
Ethernet Switching and Spanning Trees<br />
• EX Series switches no longer support GVRP.<br />
• On switches running Junos OS releases earlier than Junos OS <strong>Release</strong> 11.3, protocol<br />
data units (PDUs) sent and received by Multiple VLAN Registration Protocol (MVRP)<br />
contained an extra byte that was used internally by Junos OS programmers. This extra<br />
byte in the PDUs prevented MVRP from conforming to the IEEE 802.1ak standard. This<br />
extra byte was removed in <strong>Release</strong> 11.3 to make MVRP compatible with the standard.<br />
If all switches in your network are running <strong>Release</strong> 11.3, you will see no change in<br />
operation regarding MVRP and there are no steps you need to take to continue using<br />
MVRP. If your network is running only <strong>Release</strong> 11.2 or earlier, you also do not need to<br />
do anything to continue using MVRP.<br />
Only if your network is running a mix of <strong>Release</strong> 11.3 and earlier releases of Junos OS<br />
(for example, <strong>Release</strong>s 10.4, 11.1, or 11.2) do you need to take steps to make your switches<br />
compatible when using MVRP. In such cases, execute the set protocols mvrp<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Related<br />
Documentation<br />
add-attribute-length-in-pdu command and commit that change on each switch running<br />
Junos OS <strong>Release</strong> 11.3 to add the extra byte to generated PDUs. Doing this makes Junos<br />
OS <strong>Release</strong> 11.3 MVRP compatible with MVRP in earlier releases.<br />
Hardware<br />
• If you configure an SFP uplink module to operate in 1-gigabit mode by including the<br />
sfpplus statement at the [edit chassis fpc slotpic pic-number] hierarchy of the<br />
configuration, the configuration has no effect and no warning or error message is<br />
displayed. The sfpplus statement configures the operating mode for SFP+ uplink<br />
modules only, in Junos OS <strong>Release</strong>s 10.4R2 and later.<br />
Software Installation and Upgrade<br />
• For EX Series switches, sFlow technology and routing policy have been removed from<br />
•<br />
the extended feature license (EFL). An EFL is now required only for the following<br />
features: Q-in-Q tunneling, BFD liveness detection, connectivity fault management<br />
(CFM), IGMP, MSDP, OSPFv2, PIM and PIM sparse mode, real-time performance<br />
monitoring (RPM), service VLANs (S-VLANs), unicast reverse-path forwarding (RPF),<br />
virtual routers, and VRRP.<br />
New Features in Junos OS <strong>Release</strong> 11.3 for EX Series Switches on page 4<br />
• Limitations in Junos OS <strong>Release</strong> 11.3 for EX Series Switches on page 11<br />
• Outstanding Issues in Junos OS <strong>Release</strong> 11.3 for EX Series Switches on page 16<br />
• Resolved Issues in Junos OS <strong>Release</strong> 11.3 for EX Series Switches on page 20<br />
• Changes to and Errata in Documentation for Junos OS <strong>Release</strong> 11.3 for EX Series<br />
Switches on page 39<br />
• Upgrade and Downgrade Instructions for Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
on page 41<br />
Limitations in Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
This section lists the limitations in Junos OS <strong>Release</strong> 11.3 for EX Series switches. If the<br />
limitation is associated with an item in our bug database, the description is followed by<br />
the bug tracking number.<br />
For the most complete and latest information about known Junos OS defects, use the<br />
<strong>Juniper</strong> online Junos Problem Report Search application at<br />
http://www.juniper.net/prsearch.<br />
Limitations in Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
11
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
12<br />
Ethernet Switching and Spanning Trees<br />
• On EX Series switches, only dynamically learned routes can be imported from one<br />
routing table group to another. [This is a known software limitation.]<br />
Firewall Filters<br />
• On EX3200 and EX4200 switches, when a very large number of firewall filters are<br />
included in the configuration, it might take a long time, possibly as long as a few minutes,<br />
for the egress filter rules to be installed. [PR/468806: This is a known software<br />
limitation.]<br />
• On EX3300 switches, if you add and delete filters with a large number of terms (on<br />
the order of 1000 or more) in the same commit operation, not all the filters are installed.<br />
As a workaround, add filters in one commit operation, and delete filters in a separate<br />
commit operation. [PR/581982: This is a known software limitation.]<br />
• On EX8200 switches, if you configure an implicit or explicit discard action as the last<br />
term in an IPv6 firewall filter on a loopback (lo0) interface, all the control traffic from<br />
the loopback interface is dropped. To prevent this, you must configure an explicit accept<br />
action. [This is a known software limitation.]<br />
Hardware<br />
• On 40-port SFP+ line cards for EX8200 switches, the LEDs on the left of the network<br />
ports do not blink to indicate that there is link activity if you set the speed of the network<br />
ports to 10/100/1000 Mbps. However, if you set the speed to 10 Gbps, the LEDs blink.<br />
[PR/502178: This is a known limitation.]<br />
Infrastructure<br />
• Do not use nonstop software upgrade (NSSU) to upgrade the software on an EX8200<br />
switch from Junos OS <strong>Release</strong> 10.4 to <strong>Release</strong> 11.1 or later if you have configured the<br />
PIM, IGMP, or MLD protocols on the switch. If you attempt to use NSSU, your switch<br />
might be left in a nonfunctional state from which it is difficult to recover. If you have<br />
these multicast protocols configured, use the request system software add command<br />
to upgrade the software on an EX8200 switch from <strong>Release</strong> 10.4 to <strong>Release</strong> 11.1 or<br />
later. [This is a known software limitation.]<br />
• On EX Series switches, the show snmp mib walk etherMIB command does not display<br />
any output, even though etherMIB is supported. This occurs because the values are<br />
not populated at the module level—they are populated at the table level only. You can<br />
issue show snmp mib walk dot3StatsTable, show snmp mib walk dot3PauseTable, and<br />
show snmp mib walk dot3ControlTable commands to display the output at the table<br />
level. [PR/442373: This is a known software limitation.]<br />
• Momentary loss of an inter-Routing Engine IPC message might trigger the alarm that<br />
displays the message “Loss of communication with Backup RE”. However, no<br />
functionality is affected. [PR/477943: This is a known software limitation.]<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
• On EX4500 switches, the maintenance menu is not disabled even if you include the<br />
lcd maintenance-menu disable statement in the configuration. [PR/551546: This is a<br />
known software limitation.]<br />
• When you enable the filter-id attribute on the RADIUS server for a particular client,<br />
none of the required 802.1X authentication rules are installed in the IPv6 database.<br />
Therefore, IPv6 traffic on the authenticated interface is not filtered; only IPv4 traffic is<br />
filtered on that interface. [PR/560381: This is a known software limitation.]<br />
• Distributed periodic packet management (PPM) of Bidirectional Forwarding Detection<br />
(BFD) protocol traffic is not supported for virtual routing instances. As a workaround,<br />
use the centralized PPM model by disabling distributed PPM with the command set<br />
routing-options ppm no-delegate-processing. [PR/580774: This is a known software<br />
limitation.]<br />
• On EX8200 switches, if OAM link-fault management (LFM) is configured on a member<br />
of a VLAN on which Q-in-Q tunneling is also enabled, OAM PDUs cannot be transmitted<br />
to the Routing Engine. [PR/583053: This is a known software limitation.]<br />
• If you have configured sFlow technology on an EX8200 switch that you are upgrading<br />
from Junos OS <strong>Release</strong> 10.4 or <strong>Release</strong> 11.1 using nonstop software upgrade (NSSU),<br />
disable sFlow technology before you perform the upgrade. Once the upgrade is<br />
complete, you can reenable sFlow technology. If you do not disable sFlow technology<br />
before you perform the upgrade with NSSU, sFlow technology will not work properly<br />
after the upgrade. Using NSSU to upgrade from <strong>Release</strong> 11.2 or later to a later release<br />
has no impact on sFlow technology functionality. [PR/587138: This is a known software<br />
limitation.]<br />
• When you reconfigure the maximum transmission unit (MTU) value of a next hop more<br />
than eight times without restarting the switch, the interface uses the maximum value<br />
of the eight previously configured values as the next MTU value. [PR/590106: This is<br />
a known software limitation.]<br />
• On EX8208 and EX8216 switches that have two Routing Engines, one Routing Engine<br />
cannot be running Junos OS <strong>Release</strong> 10.4 or later while the other one is running <strong>Release</strong><br />
10.3 or earlier. Ensure that both Routing Engines in a single switch run either <strong>Release</strong><br />
10.4 or later or <strong>Release</strong> 10.3 or earlier. [PR/604378: This is a known software limitation.]<br />
Interfaces<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
• EX Series switches do not support IPv6 interface statistics. Therefore, all values in the<br />
output of the show snmp mib walk ipv6IfStatsTable command always display a count<br />
of 0. [PR/480651: This is a known software limitation.]<br />
• On EX8216 switches, a link might go down momentarily when an interface is added to<br />
a LAG. [PR/510176: This is a known software limitation.]<br />
Limitations in Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
• On EX Series switches, if you clear LAG interface statistics while the LAG is down, then<br />
bring up the LAG and pass traffic without checking for statistics, and finally bring the<br />
LAG interface down and check interface statistics again, the statistics might be<br />
inaccurate. As a workaround, use the show interfaces interface-name command to<br />
13
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
14<br />
check LAG interface statistics before bringing down the interface. [PR/542018: This is<br />
a known software limitation.]<br />
• On EX6210 switches, the power on and power off options for the set chassis fpc<br />
command are not supported for the slots in which a Switch Fabric and Routing Engine<br />
(SRE) module is installed (slots 4 and 5). To disable the uplink ports on the SRE<br />
modules, use the set interfaces interface-namedisable command. [PR/598928: This<br />
is a known software limitation.]<br />
J-Web Interface<br />
• EX2200-C, EX3300, and EX6210 switches do not support switch connection and<br />
configuration through the J-Web interface. [This is a known software limitation.]<br />
• If four or more EX8200-40XS line cards are inserted in an EX8208 or EX8216 switch,<br />
the Support Information page (Maintain Customer Support > Support Information)<br />
in the J-Web interface might fail to load because the configuration might be larger than<br />
the maximum size of 5 MB. The error message "Configuration too large to handle" is<br />
displayed. [PR/552549: This is a known software limitation.]<br />
• The J-Web interface does not support role-based access control—it supports only<br />
users in the super-user authorization class. Therefore, a user who is not in the super-user<br />
class, such as a user with view-only permission, is able to launch the J-Web interface<br />
and configure everything, but the configurations fail on the committing, and the switch<br />
displays access permission errors. [PR/604595: This is a known software limitation.]<br />
Management and RMON<br />
• On EX Series switches, an SNMP query fails when the SNMP index size of a table is<br />
greater than 128 bytes, because the Net SNMP tool does not support SNMP index sizes<br />
greater than 128 bytes. [PR/441789: This is a known software limitation.]<br />
• When MVRP is configured on a trunk interface, you cannot configure connectivity fault<br />
management (CFM) on that interface. [PR/540218: This is a known software limitation.]<br />
Multicast Protocols<br />
• MLD snooping of IPv6 multicast traffic is not supported. Layer 2 multicast traffic is<br />
always flooded on the VLAN. [This is a known software limitation.]<br />
Virtual Chassis<br />
• On an EX4500 Virtual Chassis, if you issue the ping command to the IPv6 address of<br />
the virtual management Ethernet (VME) interface, the ping fails. [PR/518314: This is<br />
a known software limitation.]<br />
• The automatic software update feature is not supported on EX4500 switches that<br />
are members of a Virtual Chassis. [PR/541084: This is a known software limitation.]<br />
• When an EX4500 switch becomes a member of a Virtual Chassis, it is assigned a<br />
member ID. If that member ID is a nonzero value, then if that member switch is<br />
downgraded to a software image that does not support Virtual Chassis, you cannot<br />
change the member ID to 0. A standalone EX4500 switch must have a member ID of<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Related<br />
Documentation<br />
0. The workaround is to convert the EX4500 Virtual Chassis member switch to a<br />
standalone EX4500 switch and then downgrade the software to an earlier release, as<br />
follows:<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
1. Disconnect all Virtual Chassis cables from the member to be downgraded.<br />
2. Convert the member switch to a standalone EX4500 switch by issuing the request<br />
virtual-chassis reactivate command.<br />
3. Renumber the member ID of the standalone switch to 0 by issuing the request<br />
virtual-chassis renumber command.<br />
4. Downgrade the software to the earlier release.<br />
[PR/547590: This is a known software limitation.]<br />
• When you add a new member switch to an existing EX4200 Virtual Chassis, EX4500<br />
•<br />
Virtual Chassis, or mixed EX4200 and EX4500 Virtual Chassis in a ring topology, a<br />
member switch that was already part of the Virtual Chassis might become<br />
nonoperational for several seconds, after which it will return to the operational state<br />
with no user intervention. Network traffic to the member switch is dropped during the<br />
downtime. To avoid this issue, follow this procedure:<br />
1. Cable one dedicated or user-configured Virtual Chassis port (VCP) on the new<br />
member switch to the existing Virtual Chassis.<br />
2. Power on the new member switch.<br />
3. Wait for the new switch to become operational in the Virtual Chassis. Monitor the<br />
show virtual-chassis command output to confirm the new switch is recognized by<br />
the Virtual Chassis and is in the Prsnt state.<br />
4. Cable the other dedicated or user-configured VCP on the new member switch to<br />
the Virtual Chassis.<br />
[PR/591404: This is a known software limitation.]<br />
New Features in Junos OS <strong>Release</strong> 11.3 for EX Series Switches on page 4<br />
• Changes in Default Behavior and Syntax in Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
on page 10<br />
• Outstanding Issues in Junos OS <strong>Release</strong> 11.3 for EX Series Switches on page 16<br />
• Resolved Issues in Junos OS <strong>Release</strong> 11.3 for EX Series Switches on page 20<br />
• Changes to and Errata in Documentation for Junos OS <strong>Release</strong> 11.3 for EX Series<br />
Switches on page 39<br />
• Upgrade and Downgrade Instructions for Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
on page 41<br />
Limitations in Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
15
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
Outstanding Issues in Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
16<br />
The following are outstanding issues in Junos OS <strong>Release</strong> <strong>11.3R4</strong> for EX Series switches.<br />
The identifier following the description is the tracking number in our bug database.<br />
For the most complete and latest information about known Junos OS defects, use the<br />
<strong>Juniper</strong> online Junos Problem Report Search application at<br />
http://www.juniper.net/prsearch.<br />
NOTE: Other software issues that are common to both EX Series switches<br />
and M, MX, and T Series routers are listed in “Issues in Junos OS <strong>Release</strong> 11.3<br />
for Common Platform Features” on page 86.<br />
Access Control and Port Security<br />
• The show lldp neighbors command displays the interface description instead of the<br />
interface name. [PR/602442]<br />
Ethernet Switching and Spanning Trees<br />
• If the bridge priority of a VLAN Spanning Tree Protocol (VSTP) root bridge is changed<br />
such that this bridge will become a nonroot bridge, the transition might take more than<br />
2 minutes, and you might see a loop during the transition. [PR/661691]<br />
• If you apply a large number of VLAN tags (approximately 1000 tags) and commit the<br />
configuration after applying each individual tag, an mgd core file might be created.<br />
[PR/680841]<br />
• On EX Series and QFX Series switches, if you reconfigure a trunk port to access mode<br />
(and if you perform the necessary dependent configurations to delete all but one of<br />
the VLANs), or if you reconfigure an access port to trunk mode, VLAN Spanning Tree<br />
Protocol (VSTP) instances might not converge properly, resulting in the formation of<br />
a loop. As a workaround, delete the VSTP configuration before reconfiguring the ports.<br />
[PR/668449]<br />
Infrastructure<br />
• On EX8208 switches, when a line card that has no interface configurations and is not<br />
connected to any device is taken offline using the request chassis fpc-slot slot-number<br />
offline command, the Bidirectional Forwarding Detection process (bfd) starts and<br />
stops repeatedly. The same bfd process behavior occurs on a line card that is connected<br />
to a Layer 3 domain when another line card that is on the same switch and is connected<br />
to a Layer 2 domain is taken offline. [PR/548225]<br />
• The number of users reported by the show system users command does not include<br />
Web users. [PR/572822]<br />
• On EX Series switches, the request system snapshot command includes the as-primary<br />
option. [PR/603204]<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
• On switches on which a large number of VLAN interfaces are configured, BFD sessions<br />
might go down and come back up on routed VLAN interfaces (RVIs) during a graceful<br />
Routing Engine switchover (GRES) operation. [PR/612642]<br />
• Packet loss of about 2 percent to 5 percent might occur for traffic destined to MAC<br />
addresses that begin with 03: or 09:. [PR/658631]<br />
• The /var/log/wtmp file might become excessively large, and thus the switch might<br />
run out of disk space on the /var partition. As a workaround, use the request system<br />
storage cleanup command, or manually delete and re-create the /var/log/wtmp file<br />
from the shell. [PR/681369]<br />
• When you run the commit check command, the word operation in the command output<br />
might be misspelled. [PR/704910]<br />
• On EX2200, EX3300, and EX6200 switches, and on EX8200 Virtual Chassis, NetBIOS<br />
snooping does not work. [PR/706588]<br />
J-Web Interface<br />
• In the J-Web interface, you cannot commit some configuration changes in the Ports<br />
Configuration page or the VLAN Configuration page because of the following limitations<br />
for port-mirroring ports and port-mirroring VLANs:<br />
• A port configured as the output port for an analyzer cannot be a member of any<br />
VLAN other than the default VLAN.<br />
• A VLAN configured to receive analyzer output can be associated with only one<br />
interface.<br />
[PR/400814]<br />
• In the J-Web interface, the Ethernet Switching Monitor page (Monitor > Switching ><br />
Ethernet Switching) might not display monitoring details if there are more than 13,000<br />
MAC entries on the switch. [PR/425693]<br />
• In the J-Web interface, in the Port Security Configuration page, you are required to<br />
configure action when you configure MAC limit even though configuring an action value<br />
is not mandatory in the CLI. [PR/434836]<br />
• In the J-Web interface, in the OSPF Global Settings table in the OSPF Configuration<br />
page, the Global Information table in the BGP Configuration page, or the Add Interface<br />
window in the LACP Configuration page, if you try to change the position of columns<br />
using the drag-and-drop method, only the column header moves to the new position<br />
instead of the entire column. [PR/465030]<br />
• When a large number of static routes is configured and you have navigated to pages<br />
other than page 1 in the Route Information table on the Static Routing monitoring page<br />
in the J-Web interface (Monitor > Routing > Route Information), changing the Route<br />
Table to query other routes refreshes the page but does not return to page 1. For<br />
example, if you run a query from page 3 and the new query returns very few results,<br />
the Results table continues to display page 3 and shows no results. To view the results,<br />
navigate to page 1 manually. [PR/476338]<br />
Outstanding Issues in Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
17
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
18<br />
• In the J-Web interface for EX4500 switches, the Port Configuration page (Configure<br />
> Interfaces > Ports), the Port Security Configuration page (Configure > Security ><br />
Port Security), and the Filters Configuration page (Configure > Security > Filters)<br />
display features that are not supported on EX4500 switches. [PR/525671]<br />
• When you use an HTTPS connection in the Microsoft Internet Explorer browser to save<br />
a report from the following pages in the J-Web interface, the error message “Internet<br />
Explorer was not able to open the Internet site” is displayed on the pages:<br />
• Files page (Maintain > Files)<br />
• History page (Maintain > Config Management > History)<br />
• Port Troubleshooting page (Troubleshoot > Troubleshoot > Troubleshoot Port)<br />
• Static Routing page (Monitor > Routing > Route Information)<br />
• Support Information page (Maintain > Customer Support > Support Information)<br />
• View Events page (Monitor > Events and Alarms > View Events)<br />
[PR/542887]<br />
• When you open a J-Web session using HTTPS, then enter a username and password<br />
and click on the Login button, the J-Web interface takes 20 seconds longer to launch<br />
and load the Dashboard page than it does if you use HTTP. [PR/549934]<br />
• In the J-Web interface, the link status might not be displayed correctly on the Port<br />
Configuration page or the LACP (Link Aggregation Control Protocol) Configuration<br />
page if the Commit Options preference is set to "single commit" (the Validate<br />
configuration changes option). [PR/566462]<br />
• If you have accessed the J-Web interface using an HTTPS connection through the<br />
Microsoft Internet Explorer Web browser, you might not be able to download and save<br />
reports from some pages on the Monitor, Maintain, and Troubleshoot tabs. Some<br />
affected pages are at these locations:<br />
• Maintain > Files > Log Files > Download<br />
• Maintain > Config Management > History<br />
• Maintain > Customer Support > Support Information > Generate Report<br />
• Troubleshoot > Troubleshoot Port > Generate Report<br />
• Monitor > Events and Alarms > View Events > Generate Report<br />
• Monitor > Routing > Route Information > Generate Report<br />
As a workaround, you can use the Mozilla Firefox Web browser to download and save<br />
reports using an HTTPS connection. [PR/566581]<br />
• In the J-Web interface, the report generated from the Events page (Monitor > Events<br />
and Alarms > View Events) does not show the description for the first four to five<br />
events. As a workaround, view the description from the Events page or from the Junos<br />
OS CLI. [PR/661752]<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
• In the J-Web interface, on the Port Troubleshooting page (Troubleshoot > Troubleshoot<br />
> Troubleshoot Port), when you click on the help button in the Troubleshoot Port<br />
Wizard, an incorrect help page is displayed. [PR/664158]<br />
• In the J-Web interface, you cannot associate a filter name that contains spaces to a<br />
VLAN on the VLAN Configuration page (Configure > Switching > VLAN). As a<br />
workaround, go to the Filters Configuration page (Configure > Security > Filters), click<br />
the filter name to be associated, and then click Edit. In the popup window, use the<br />
Association tab to associate a VLAN to the filter. [PR/677145]<br />
• If you have created dynamic VLANs by enabling MVRP from the CLI, in the J-Web<br />
interface, the following J-Web options do not work with dynamic VLANs and static<br />
VLANs:<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
• On the Port Configuration page (Configure > Interface > Ports)—Port profile (select<br />
the interface, click Edit, and select Port Role) or the VLAN option (select the interface,<br />
click Edit, and select VLAN Options).<br />
• VLAN option on the Link Aggregation page (Configure > Interface > Link<br />
Aggregation)—Select the aggregated interface, click Edit, and click VLAN.<br />
• On the 802.1X Configuration page (Configure > Security > 802.1x)—VLAN assignment<br />
in the exclusion list (click Exclusion List and select VLAN Assignment) or the move<br />
to guest VLAN option (select the port, click Edit, select 802.1X Configuration, and<br />
click the Authentication tab).<br />
• Port security configuration (Configure > Security > Port Security).<br />
• On the Port Mirroring Configuration page (Configure > Security > Port<br />
Mirroring)—Analyzer VLAN or ingress or egress VLAN (click Add or Edit and then<br />
add or edit the VLAN).<br />
[PR/669188]<br />
• In the J-Web interface, on the Redundant Trunk Group (RTG) Configuration page<br />
(Configure > Switching > RTG), the Commit option is not enabled. As a workaround,<br />
select the Validate and commit configuration change option before modifying the<br />
configuration. [PR/677220]<br />
• In the J-Web interface, the tooltip for Fan Image might not load in the dashboard. As<br />
a workaround, view the fan status on the Chassis Information page (Monitor > System<br />
View > Chassis Information). [PR/677922]<br />
• In the J-Web interface, HTTPS access might work with an invalid certificate. As a<br />
workaround, after you change the certificate issue the restart web-management<br />
command to restart the J-Web interface. [PR/700135]<br />
• On EX4500 Virtual Chassis, if you use the CLI to switch from virtual-chassis mode to<br />
intraconnect mode, the J-Web dashboard might not list all the Virtual Chassis hardware<br />
components and the image of the master and backup switch chassis might not be<br />
visible after an autorefresh occurs. [PR/702924]<br />
Outstanding Issues in Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
19
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
Related<br />
Documentation<br />
Layer 2 and Layer 3 Protocols<br />
• When a BGP interface is flapping quickly, BGP might unnecessarily withdraw prefixes<br />
even when a good route to that prefix still exists. [PR/677191]<br />
Management and RMON<br />
• The connectivity-fault management (CFM) process (cfmd) might create a core file.<br />
[PR/597302]<br />
• When you create a static ARP entry for an interface and then issue the show snmp mib<br />
walk command, the static ARP entry is incorrectly identified in the command output<br />
as a dynamic entry (3) rather than a static entry (4). [PR/662290]<br />
• sFlow technology does not support IPv6 collectors, source IP addresses, or agent IDs.<br />
In Junos OS releases previous to this one, configuration of these features was not<br />
blocked. If your configuration includes any of these features, you must remove them<br />
before upgrading to this Junos OS release. [PR/659922]<br />
Power over Ethernet<br />
• On EX2200-C switches, two problems might occur when devices powered by Power<br />
•<br />
over Ethernet (PoE) are connected to the switch and the switch reboots. The first<br />
problem occurs when PoE is enabled on the switch interfaces. The powered devices<br />
connected to those interfaces draw power while the switch is rebooting, and then after<br />
the switch stabilizes, the powered devices reboot twice. The second problem occurs<br />
when PoE is disabled on the switch interfaces. The powered devices connected to<br />
those interfaces draw power while the switch is rebooting, and then after the switch<br />
stabilizes, the powered devices reboot twice and then shut down. As a workaround, if<br />
you do not want the powered devices to reboot, connect them to the interfaces after<br />
the switch has stabilized after its reboot. [PR/675971]<br />
New Features in Junos OS <strong>Release</strong> 11.3 for EX Series Switches on page 4<br />
• Changes in Default Behavior and Syntax in Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
on page 10<br />
• Limitations in Junos OS <strong>Release</strong> 11.3 for EX Series Switches on page 11<br />
• Resolved Issues in Junos OS <strong>Release</strong> 11.3 for EX Series Switches on page 20<br />
• Changes to and Errata in Documentation for Junos OS <strong>Release</strong> 11.3 for EX Series<br />
Switches on page 39<br />
• Upgrade and Downgrade Instructions for Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
on page 41<br />
Resolved Issues in Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
20<br />
The following are the issues that have been resolved in Junos OS <strong>Release</strong> 11.3 for EX<br />
Series switches. The identifier following the descriptions is the tracking number in our<br />
bug database.<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
For the most complete and latest information about known Junos OS defects, use the<br />
<strong>Juniper</strong> online Junos Problem Report Search application at<br />
http://www.juniper.net/prsearch.<br />
NOTE: Other software issues that are common to both EX Series switches<br />
and M, MX, and T Series routers are listed in “Issues in Junos OS <strong>Release</strong> 11.3<br />
for Common Platform Features” on page 86.<br />
• Issues Resolved in <strong>Release</strong> 11.3R1 on page 21<br />
• Issues Resolved in <strong>Release</strong> 11.3R2 on page 33<br />
• Issues Resolved in <strong>Release</strong> 11.3R3 on page 34<br />
• Issues Resolved in <strong>Release</strong> <strong>11.3R4</strong> on page 37<br />
Issues Resolved in <strong>Release</strong> 11.3R1<br />
The following issues have been resolved since Junos OS <strong>Release</strong> 11.2. The identifier<br />
following the description is the tracking number in our bug database.<br />
Access Control and Port Security<br />
• On EX4200 or EX8200 switches that are connected to a Dell PowerConnect switch,<br />
if you enable LLDP between the switches, the output of the show lldp neighbor<br />
command does not display remote interface information for the PowerConnect switch.<br />
[PR/533399: This issue has been resolved.]<br />
• On EX Series switches, configuring 802.1X (dot1x) might generate a core file when<br />
VLANs are being configured. [PR/553166: This issue has been resolved.]<br />
• In 802.1X (dot1x) single-secure mode, when the supplicant switches from server-fail<br />
authentication to RADIUS authentication on a VLAN, traffic might be dropped. As a<br />
workaround, issue the clear dot1x firewall command. [PR/561754: This issue has been<br />
resolved.]<br />
• On EX Series switches, DHCP relay does not add the proper prefixes for priority-tagged<br />
frames, so these packets are dropped on interfaces on which LLDP-MED is not enabled.<br />
[PR/572454: This issue has been resolved.]<br />
• When an EX Series switch receives an LLDP PDU with a 0-byte TLV information string,<br />
it treats the PDU as an error and discards all information received on that interface.<br />
According to the IEEE standard, a TLV information string can be 0 bytes. [PR/572818:<br />
This issue has been resolved.]<br />
• If storm control is enabled, the Link Aggregation Control Protocol (LACP) might stop<br />
and then restart when Layer 2 packets are sent at a high rate of speed. As a workaround,<br />
disable storm control for all multicast traffic on aggregated Ethernet interfaces by<br />
issuing the command set ethernet-switching-options storm-control interface<br />
interface-name no-multicast. [PR/575560: This issue has been resolved.]<br />
• In 802.1X authentication, voice traffic might be dropped after a VLAN expires.<br />
[PR/579804: This issue has been resolved.]<br />
Resolved Issues in Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
21
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
22<br />
• When DHCP snooping is enabled, after an IP address is dynamically assigned to a<br />
device, when the device sends DHCPINFORM packets to obtain other DHCP parameters,<br />
the switch blocks these packets. [PR/580068: This issue has been resolved.]<br />
• The 802.1X process (dot1xd) might crash, making it impossible for switch users to<br />
connect to the network. [PR/587531: This issue has been resolved.]<br />
• When the username for 802.1X (dot1x) authentication exceeds 50 characters, Junos<br />
OS truncates the username field. [PR/588063: This issue has been resolved.]<br />
• EX Series switches might send EAP packets on interfaces on which 802.1X (dot1x) is<br />
not enabled. [PR/594644: This issue has been resolved.]<br />
• On EX8200 switches, multiple core files might be created by the LLDP process (lldpd),<br />
the packet management process (ppmd), and the switch forwarding process (sfid)<br />
after you upgrade the switches. [PR/599846: This issue has been resolved.]<br />
• In LLDP-MED packets, the LCI Length for Civic Addresses is not present. [PR/600233:<br />
This issue has been resolved.]<br />
• On EX Series switches, the authentication process (authd) and the 802.1X process<br />
(dot1x) might use excessive amounts of memory, and authd and dot1x core files might<br />
be created. This does not affect the operation of the switch. As a workaround, disable<br />
the statistics configuration under the [edit access profile] configuration hierarchy.<br />
[PR/602450: This issue has been resolved.]<br />
• If you configure MAC RADIUS authentication by including the mac-radius statement<br />
at the [edit protocols dot1x authenticator interface interface-name] hierarchy level, and<br />
if user or MAC addresses continuously fail authentication, a dot1x core file might be<br />
created. [PR/602468: This issue has been resolved.]<br />
• If you have configured 802.1X (dot1x) on an interface, then removed the 802.1X<br />
configuration, 802.1X filters configured on that interface are not deleted. [PR/662196:<br />
This issue has been resolved.]<br />
Device Security<br />
• If you configure storm control with the action shutdown, after you reboot the switch,<br />
storm control is not enabled on all the ports on which it is configured. [PR/605468:<br />
This issue has been resolved.]<br />
Ethernet Switching and Spanning Trees<br />
• If you modify the MSTP configuration and VLAN membership for an interface, that<br />
modification could result in an inconsistent MSTP membership for that interface. As<br />
a workaround, restart the Ethernet switching process (eswd) after making the<br />
configuration changes. [PR/525507: This issue has been resolved.]<br />
• If the switching table is flooded with MAC address entries, an Ethernet switching process<br />
(eswd) core file might be created. [PR/537883: This issue has been resolved.]<br />
• When the primary redundant trunk group (RTG) interface is disabled, causing an RTG<br />
switchover, MAC entries on the upstream switches are refreshed. However, when the<br />
primary RTG link is enabled, the MAC entries are not refreshed on the upstream switches.<br />
[PR/555158: This issue has been resolved.]<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
• After configuring STP, if you undo the configuration, switch operation might slow down<br />
significantly, with the software forwarding process (sfid) consuming more than 90<br />
percent of the CPU memory. [PR/574285: This issue has been resolved.]<br />
• On EX8200 switches, you might not be able to configure private VLANs across the<br />
switch. [PR/599729: This issue has been resolved.]<br />
• VSTP virtual bridges are not supported. [PR/605973: This issue has been resolved.]<br />
• On EX8200 switches, a Q-in-Q service VLAN might not be removed when a packet<br />
enters through a trunk port and exits from an access port. [PR/660247: This issue has<br />
been resolved.]<br />
• When BPDUs are forwarded to the best-effort queue instead of to the control queue,<br />
MSTP might not converge. [PR/665376: This issue has been resolved.]<br />
Firewall Filters<br />
• When you configure a firewall filter for the ethernet-switching family, a pfem core file<br />
might be created. [PR/580454:This issue has been resolved.]<br />
• When the filter name, term name, and counter name in an 802.1X firewall filter are<br />
long, a Packet Forwarding Engine (pfem) core file might be created when you activate<br />
the filter. [PR/592709: This issue has been resolved.]<br />
• On EX4500 switches, you cannot commit an inbound VLAN-based filter or a<br />
router-based firewall filter that includes counter as one of the actions. This problem<br />
does not apply to Layer 2 port-based firewall filters. [PR/597899: This issue has been<br />
resolved.]<br />
Hardware<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
• On EX4500 switches, the show chassis environment power-supply-unit command does<br />
not display values for the input voltage, the output voltage, and the output current.<br />
[PR/534958: This issue has been resolved.]<br />
• On EX8200 switches in which a 40-port SFP+ line card is installed, packets might be<br />
dropped when the line card is configured to run at full line rate. [PR/577988: This issue<br />
has been resolved.]<br />
• If you set a custom chassis display message with the set chassis display message<br />
command, the message might remain on the LCD panel indefinitely even though you<br />
did not include the permanent option in your command. [PR/579234: This issue has<br />
been resolved.]<br />
• The EPROMs of SFP+ electrical loopbacks might get corrupted. [PR/580116: This issue<br />
has been resolved.]<br />
• The power capacity statistics displayed by the show chassis power-budget-statistics<br />
command are incorrect. [PR/588745: This issue has been resolved.]<br />
• On EX8200 switches, some SFP and SFP+ line cards do not operate properly.<br />
[PR/595245: This issue has been resolved.]<br />
Resolved Issues in Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
23
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
24<br />
• On EX8200 switches, if autonegotiation is disabled on SFP ports that are connected<br />
to a link partner on which autonegotiation is disabled, it might take a long time for the<br />
link to come up. [PR/601574: This issue has been resolved.]<br />
• On EX4500 switches, you might not be able to clear firewall filter counters.<br />
[PR/604479: This issue has been resolved.]<br />
• On an EX8200-40XS line card, if you insert an SFP module and then disable<br />
autonegotiation on the 40XS port, the link does not come up. [PR/609413: This issue<br />
has been resolved.]<br />
• When certain SFPs that are not attached to optical cables are inserted into an EX<br />
Series switch, the switch does not generate low-power warnings or alarms. The<br />
transceivers that exhibit this behavior have these vendor (Opnext) part numbers:<br />
TRS2000EN-S201 (10G-SR), TRS2000EN-S211 (10G-SR), and TRS5020EN-S201<br />
(10G-LR). Use the show chassis pic fpc-slot fpc-number pic-slot pic-number command<br />
to display the vendor part numbers of the transceivers in your switch. [PR/613153:This<br />
issue has been resolved.]<br />
• When the switch temperature exceeds its threshold, alarms for EX-PFE2 Packet<br />
Forwarding Engines might not be raised. The functionality of the switch is not affected.<br />
[PR/614354:This issue has been resolved.]<br />
Infrastructure<br />
• On EX3200 and EX4200 switches that are configured with a factory default<br />
configuration, if you use the set date command to change the date, the switches accept<br />
the date but display the message "date: connect: Can't assign requested address".<br />
[PR/499641: This issue has been resolved.]<br />
• The show chassis routing-engine command might erroneously show an uptime of 14,700<br />
days. [PR/537224: This issue has been resolved.]<br />
• When you include wildcards in a routing policy filter that also includes Classless<br />
Interdomain Routing (CIDR) addresses or that maps IPv4 addresses to IPv6 addresses,<br />
the forwarding process (pfem) might stop operating. [PR/544518: This issue has been<br />
resolved.]<br />
• If neither an intraconnect module nor a Virtual Chassis module is installed in EX4500<br />
switches, the switch boots but is not fully functional. Traffic loss can occur during<br />
packet forwarding. The result of the resolution of this issue is that the switch will not<br />
boot unless one of those modules is installed. [PR/544628: This issue has been<br />
resolved.]<br />
• While the switch is performing a nonstop software upgrade (NSSU) operation using<br />
FTP, the software image remains in the /var/tmp/...transferring.file directory and is not<br />
removed after the upgrade completes. [PR/546543: This issue has been resolved.]<br />
• On EX4200 switches, when the mode on an SFP+ uplink module is changed from 10g<br />
to 1g or from 1g to 10g, the switch does not learn MAC addresses until it is rebooted.<br />
[PR/573857: This issue has been resolved.]<br />
• When the switch is running under a high traffic load, it might stop operating and a<br />
Packet Forwarding Engine (pfem) core file might be created. [PR/576409: This issue<br />
has been resolved.]<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
• On EX2200 switches, the software forwarding process (sfid) might deadlock, with the<br />
result that traffic is blocked and MAC addresses cannot be learned. As a workaround,<br />
reboot the switch. [PR/579725: This issue has been resolved.]<br />
• On EX8200 switches, when you are upgrading the line cards, the nonstop software<br />
upgrade (NSSU) process might abort. The system generates a core file when this<br />
happens. [PR/580494: This issue has been resolved.]<br />
• On EX8200 switches, all FPCs might go offline after a graceful Routing Engine<br />
switchover (GRES) operation, and the switch then displays the message "Chassis<br />
connection dropped." [PR/584491: This issue has been resolved.]<br />
• On EX2200 switches, if you configure the dhcp-option82 statement, the switch might<br />
stop operating and a software forwarding process (sfid) core file might be created.<br />
[PR/588990: This issue has been resolved.]<br />
• When you reboot an EX Series switch running Junos OS <strong>Release</strong> 10.4R3 or later, the<br />
switch might take up to 6 minutes to become operational. [PR/589457: This issue has<br />
been resolved.]<br />
• On EX4500 switches, configuring the log-out-on-disconnect statement has no effect.<br />
[PR/590891: This issue has been resolved.]<br />
• On EX4500 switches, the system-generated MAC addresses for all interfaces in PIC<br />
slot 2 (that is, interfaces in the right-hand uplink module) are identical. [PR/590922:<br />
This issue has been resolved.]<br />
• If the switch receives three or more soft resets within 30 seconds, Junos OS shuts down<br />
the switch. [PR/590977: This issue has been resolved.]<br />
• On EX8200 Virtual Chassis, VLANs might not be able to connect to each other.<br />
[PR/592691: This issue has been resolved.]<br />
• Boot sequencing was not disabled by default. As a fix, the new boot sequencing<br />
environment variable (boot.btsq.disable) enables transparent rebooting for resilient<br />
dual-root partitions. In Junos OS <strong>Release</strong>s 10.4R3 and 11.1R1, you must reset this<br />
environment variable. It is disabled by default in newer loader software packages.<br />
Junos OS automatically sets this variable for Junos OS versions that support resilient<br />
dual-root partitions. [PR/592913: This issue has been resolved.]<br />
• The Junos OS kernel does not support the Freescale MPC8544 PCI host controller,<br />
which is on EX2200, EX3200, and EX4200 switches. [PR/594880: This issue has been<br />
resolved.]<br />
• On EX8200 switches, if a jloader-ex package earlier than version 3.5.0 is mounted on<br />
the switch and version 3.5.0 of the package is mounted during an installation, the earlier<br />
jloader-ex package is used to select the uboot and loader binaries, and the existing<br />
binaries instead of the new binaries are burned to the boot flash memory. As a result,<br />
the new jloader-ex package, version 3.5.0, is not installed. [PR/595514: This issue has<br />
been resolved.]<br />
• On EX8200 switches or on XRE200 External Routing Engines, after routing and traffic<br />
recover from a graceful Routing Engine switchover (GRES) operation, a core file might<br />
be created after the Ethernet switching process (eswd) is restarted or after a line card<br />
is taken offline. [PR/596013: This issue has been resolved.]<br />
Resolved Issues in Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
25
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
26<br />
• If you move a host to a port associated with a different DHCP pool than the one with<br />
which it was originally associated, the Preboot Execution Environment (PXE) boot<br />
process might fail. [PR/596152: This issue has been resolved.]<br />
• If SNMP is running on the switch, the Ethernet switching process (eswd) might stop<br />
operating and a core file might be created on the switch. [PR/596305: This issue has<br />
been resolved.]<br />
• On EX8200 switches, if you change the power line input for a 2000 W AC power supply<br />
from high voltage to low voltage, or vice versa, power management might not correctly<br />
reflect the changed power supply capacity in its power budget. To avoid this problem,<br />
follow this procedure when you change the power supply input voltage:<br />
1. Disconnect the power supply from the existing power source.<br />
2. Wait until the output of the show chassis environment psu command shows the<br />
power supply to be offline.<br />
3. Connect the power supply to the new power source.<br />
[PR/596409: This issue has been resolved.]<br />
• On EX8200 switches, the software forwarding process (sfid) might repeatedly stop<br />
operating on the line cards. [PR/597870: This issue has been resolved.]<br />
• When you upgrade an EX Series switch whose configuration contains a firewall filter<br />
that includes only noncontiguous masks in the term's match condition, the switch<br />
might fail to start and a Packet Forwarding Engine (pfem) core file might be created.<br />
As a workaround, do not configure only noncontiguous masks. [PR/598333: This issue<br />
has been resolved.]<br />
• The Junos XML management protocol RPC command creates<br />
two copies of packages in the /var/tmp directory but does not remove the master copy<br />
once it copies it to incoming-package.tgz. [PR/598827: This issue has been resolved.]<br />
• On EX8200 switches, after the switching table has been cleared multiple times and<br />
after the routed VLAN interfaces (RVIs) go down and come back up multiple times,<br />
the switch stops learning ARP replies on some of the RVIs. [PR/598889: This issue<br />
has been resolved.]<br />
• If you use nonstop software upgrade (NSSU) to upgrade from Junos OS <strong>Release</strong> 11.1<br />
to <strong>Release</strong> 11.2 or later, NetBIOS snooping might not work correctly after the upgrade.<br />
If NetBIOS snooping is configured on an EX Series switch that you are upgrading from<br />
Junos OS <strong>Release</strong> 11.1 using nonstop software upgrade (NSSU), disable NetBIOS<br />
snooping before you perform the upgrade. Once the upgrade is complete, reenable<br />
NetBIOS snooping. If you have configured NetBIOS snooping on an EX8200 switch<br />
that you are upgrading from Junos OS <strong>Release</strong> 11.1 to <strong>Release</strong> 11.2 or later using nonstop<br />
software upgrade (NSSU), disable NetBIOS snooping before you perform the upgrade.<br />
Once the upgrade is complete, you can reenable NetBIOS snooping. If you do not<br />
disable NetBIOS snooping before you perform the upgrade with NSSU, NetBIOS<br />
snooping will not work properly after the upgrade. Using NSSU to upgrade from <strong>Release</strong><br />
11.2 or later to a later release has no impact on NetBIOS snooping functionality.<br />
[PR/599563: This issue has been resolved.]<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
• During a graceful Routing Engine switchover (GRES) restart operation, if the master<br />
Routing Engine loses power, there might be a 30-second timeout in forwarding.<br />
[PR/600030: This issue has been resolved.]<br />
• On EX2200, EX3200, EX4200, and EX4500 switches, if the switch has been up for<br />
more than 25 days, the show chassis routing-engine command displays the wrong<br />
uptime. [PR/602211: This issue has been resolved.]<br />
• The switch might create a software forwarding process (sfid) core file for no apparent<br />
reason. [PR/603926: This issue has been resolved.]<br />
• During a graceful Routing Engine switchover (GRES) operation on a switch on which<br />
PIM is configured, a routing protocol process (rpd) core file might be created.<br />
[PR/604475: This issue has been resolved.]<br />
• On EX2200 switches, if parity errors occur, the switch might stop forwarding traffic.<br />
[PR/604808: This issue has been resolved.]<br />
• When you commit an IPv6 configuration, the switch might display the db> prompt.<br />
[PR/606959: This issue has been resolved.]<br />
• On EX4500 switches, a cfmd core file might be created. [PR/607188: This issue has<br />
been resolved.]<br />
• In rare instances, a file system inconsistency might exist if you shut down an EX Series<br />
switch ungracefully. The result is a system panic, and a vmcore file is created. As a<br />
workaround, use the nand-mediack utility for checking bad blocks in the NAND flash<br />
memory. Review KB20570<br />
(http://kb.juniper.net/InfoCenter/index?page=content=KB20570) from the <strong>Juniper</strong><br />
Technical Assistance Center for instructions about how to use this utility. [PR/609798:<br />
This issue has been resolved.]<br />
• When you upgrade Junos OS, traffic might not flow between two directly connected<br />
interfaces. [PR/661131: This issue has been resolved.]<br />
• If you have configured port 1 on the SFP uplink module, the system log files might show<br />
an error and might get full within a few minutes. [PR/661426]<br />
• If you remove or change interfaces soon after completing a nonstop software upgrade<br />
(NSSU) operation, the multicast snooping process (mcsnoopd) might create a core<br />
file. [PR/662065: This issue has been resolved.]<br />
• If you delete a VLAN that has no VLAN ID, firewall filters might stop operating properly.<br />
[PR/662651: This issue has been resolved.]<br />
• When DHCP unicast packets are processed on a server for the first time, the processing<br />
time might slow down, which might prevent the DHCP lease from getting renewed.<br />
[PR/668511:This issue has been resolved.]<br />
Resolved Issues in Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
27
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
28<br />
Interfaces<br />
• On EX2200, EX3200, EX4200, and EX4500 switches, although an interface is not<br />
created if you do not install any transceiver in a fiber port, the show chassis lcd or show<br />
chassis led command might show that an interface exists, showing its LED status as<br />
Off. For 10-Gigabit Ethernet interfaces on EX4500 switches, the output of these<br />
commands might show the interface prefix as ge- instead of xe-. As a workaround,<br />
issue the show interfaces terse command to check whether a transceiver is actually<br />
installed and to display the xe- interface prefix to verify the interface's 10-Gigabit<br />
Ethernet capability. [PR/568301: This issue has been resolved.]<br />
• If you rename the member range within an interface range, you cannot commit the<br />
configuration. [PR/572209: This issue has been resolved.]<br />
• On EX4500 switches, if more than 14 ports in the switch are subscribed to a 10-gigabit<br />
full-duplex rate of traffic, the switch might not be able to achieve a 10-gigabit wire rate<br />
for 64-byte and 128-byte packets. There is no impact on performance if the number<br />
of ports actively involved in 10-gigabit wire-rate traffic is 14 or fewer or if the packet<br />
size is greater than 150 bytes. [PR/573319: This issue has been resolved.]<br />
• When an interface’s status changes, the syslog message "KERN-1-GENCFG: op 8 (CoS)<br />
failed; err 5 (Invalid)" might appear in the system log (syslog) file. [PR/576027: This<br />
issue has been resolved.]<br />
• On aggregated Ethernet interfaces, the values for the actual and calculated packet<br />
load-balancing performance differ. [PR/587223: This issue has been resolved.]<br />
• It is not possible to debug the Junos OS kernel during the bootup process. To fix this<br />
issue, support for issuing the boot -d option from the loader has been added.<br />
[PR/587428: This issue has been resolved.]<br />
• During a reboot of an EX8200 switch, the links on the interfaces of neighboring devices<br />
might go up and down repeatedly even though the interfaces on the EX8200 switch<br />
that connect to those interfaces on neighboring devices have not yet been initialized.<br />
[PR/591800: This issue has been resolved.]<br />
• On EX4200 switches, if autonegotiation is enabled on an SFP interface and if this<br />
interface is connected to a link partner on which autonegotiation is disabled, the<br />
interface might not establish a connection with its partner. As a workaround, use the<br />
same configuration on both sides of the connection: either enable autonegotiation on<br />
both sides or disable it on both sides. [PR/593126: This issue has been resolved.]<br />
• If you use a wildcard character when configuring an interface range, an Ethernet<br />
switching process (eswd) core file might be created. [PR/599555: This issue has been<br />
resolved.]<br />
• A physical interface might not shut down even after the interface’s configured hold<br />
time expires. [PR/602113: This issue has been resolved.]<br />
• VRRP interfaces might not converge. [PR/602121: This issue has been resolved.]<br />
• When you are upgrading Junos OS, if you have enabled VSTP for all VLANs, an Ethernet<br />
switching process (eswd) core file might be created. [PR/602341: This issue has been<br />
resolved.]<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
• If you use the restart vrrp command to restart VRRP, a ppmd core file might be created.<br />
[PR/602606: This issue has been resolved.]<br />
• On EX Series switches, a LAG interface might not come up when the primary interface<br />
is disabled and link protection is enabled. [PR/603194: This issue has been resolved.]<br />
J-Web Interface<br />
• In the J-Web interface, the dashboard does not display the uplink ports or uplink module<br />
ports unless transceivers are plugged into the ports. [PR/477549:This issue has been<br />
resolved.]<br />
• In the J-Web interface, the software Upload and Install Package option might not display<br />
a warning message when there are pending changes to be committed. [PR/514853:<br />
This issue has been resolved.]<br />
• In the J-Web interface, the support information help link does not redirect to the <strong>Juniper</strong><br />
Customer Support site. As a workaround, go to the Table of Contents of the help system<br />
and select Registering the EX Series Switch with the J-Web Interface. [PR/552634:<br />
This issue has been resolved.]<br />
• In the J-Web interface, the Configure Schedulers page (Configure > Class of Service<br />
> Schedulers) shows the exact, exact-percent, and exact-remainder options in the<br />
Add/Edit window in the Transmit Rate list, even though these options are not supported<br />
on EX Series switches. [PR/590490: This issue has been resolved.]<br />
• In the J-Web interface, if the switch is configured as a Virtual Chassis and has more<br />
than one uplink module connection, the total number of ports that the dashboard lists<br />
as being underutilized is incorrect. [PR/591080: This issue has been resolved.]<br />
• In the J-Web interface on EX8216 switches, the FPC number of an inserted line card<br />
might not be listed under Ports for FPC on the Ports Monitoring page (Monitor ><br />
Interfaces). As a workaround, select the all option under Ports for FPC to display all<br />
the interfaces, including those for line cards. PR/593623: This issue as been resolved.]<br />
• In the J-Web interface, you cannot disable an IPv4 or IPv6 address on the Port<br />
Configuration page (Configure > Interfaces > Ports). [PR/600080: This issue has<br />
been resolved.]<br />
• In the J-Web interface, in the Link Layer Discovery Protocol (LLDP) Configuration page<br />
(Configure > Switching > LLDP), the Details of Port field does not show the proper<br />
values for the Neighbor list and Neighbor count. [PR/600232: This issue has been<br />
resolved.]<br />
• On EX2200 switches, J-Web Web management does not start. [PR/603062: This<br />
issue has been resolved.]<br />
Resolved Issues in Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
• In the J-Web interface, when you open the Static Routing Configuration page (Configure<br />
> Routing > Static Routing) and click Edit to edit an IPv6 static route, the J-Web<br />
interface displays the page for editing IPv4 addresses. As a workaround, use the CLI<br />
to edit the IPv6 addresses. [PR/660613: This issue has been resolved.]<br />
• On EX8200 Virtual Chassis that include an EX8216 switch in which an EX8200-40XS<br />
line card is installed in slot 2, 3, or 4, the J-Web interface does not populate the line<br />
card’s interfaces images in the expanded view of the dashboard. As a workaround,<br />
29
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
30<br />
install the line card in a slot other than one of these three. [PR/662231: This issue has<br />
been resolved.]<br />
Layer 2 and Layer 3 Protocols<br />
• If you reboot an EX Series switch on which Layer 2, Layer 3, and multicast protocols<br />
are configured, the Bidirectional Forwarding Detection protocol (BFD) might start and<br />
stop when multiple duplicate PPM entries are created on the Routing Engine.<br />
[PR/551267: This issue has been resolved.]<br />
• If you configure a Layer 2 link aggregation group (LAG) interface with storm control<br />
such that the interface shuts down as the result of a traffic storm, and if you then<br />
modify the LAG configuration to Layer 3 and back to Layer 2, the LAG interface never<br />
shuts down even if the traffic storm continues. [PR/578412: This issue has been<br />
resolved.]<br />
• The routing protocol process (rpd) might create a core file when you include the<br />
traceoptions statement at the [edit routing-options] hierarchy level. As a workaround,<br />
disable the traceoptions—for example, by configuring the flag normal option.<br />
[PR/596007: This issue has been resolved.]<br />
Management and RMON<br />
• When the polling interval on an interface is changed from the default value of 0 to<br />
another value through the inclusion of the polling-interval configuration statement, an<br />
sFlow technology core file might be created. [PR/561414: This issue has been resolved.]<br />
• With sFlow monitoring, if you enable both an ingress sFlow collector and an egress<br />
sFlow collector on an interface, the traffic bandwidth usage shown in the Traffic Sentinel<br />
sFlow collector might be incorrect. [PR/590040: This issue has been resolved.]<br />
• When you mirror packets to an analyzer, the output might contain incorrect VLAN tags.<br />
[PR/601483: This issue has been resolved.]<br />
• The dot1qVlanStaticUntaggedPorts MIB reports incorrect values for voice VLANs.<br />
[PR/658559: This issue has been resolved.]<br />
• When you use the snmpwalk application to get information about switch interfaces,<br />
it returns information about incorrect interfaces. [PR/664940: This issue has been<br />
resolved.]<br />
Multicast Protocols<br />
• On EX8200 switches, when IGMP snooping is enabled on an interface, the IPv6<br />
multicast Layer 2 control frame is not forwarded to other interfaces in the same VLAN.<br />
[PR/456700: This issue has been resolved.]<br />
• The system log (syslog) files might fill up with the message "snp_igmp_io_flood: relay<br />
failed". These messages are informational only. They indicate that the system corrected<br />
itself from a condition in which it would have flooded an IGMP packet of unknown type<br />
out of the same port it was received on. [PR/564675: This issue has been resolved.]<br />
• When virtual routing and forwarding (VRF) and multicast are configured on a switch<br />
on which IGMP snooping is not enabled, an IGMP snooping (mcsnoop) core file might<br />
be created. [PR/601034: This issue has been resolved.]<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
Virtual Chassis<br />
• On EX8200 Virtual Chassis, IGMP snooping static receivers are removed when they<br />
receive a Leave message. [PR/518091: This issue has been resolved.]<br />
• On EX8200 Virtual Chassis, ECMP might not work for links between Virtual Chassis.<br />
[PR/531342: This issue has been resolved.]<br />
• On EX8200 Virtual Chassis, if you issue the request system reboot slice alternate<br />
command, the Routing Engine might not reboot. [PR/535401: This issue has been<br />
resolved.]<br />
• On EX4200 Virtual Chassis on which VSTP is configured, VSTP might experience<br />
unexpected topology changes. [PR/541091: This issue has been resolved.]<br />
• When the Virtual Chassis backup switch is rebooted, a redundant trunk group (RTG)<br />
failover might occur incorrectly, with RTC from the Virtual Chassis master primary link<br />
erroneously switching to the secondary link of the Virtual Chassis backup. [PR/562398:<br />
This issue has been resolved.]<br />
• Upgrading the Junos OS image on an individual member of an EX8200 Virtual Chassis<br />
does not work. As a workaround, upgrade the Junos OS image for the entire Virtual<br />
Chassis. In addition, upgrading the Junos OS image of an EX8200 Virtual Chassis from<br />
an XRE200 External Routing Engine that is in the linecard role or the backup role does<br />
not work. As a workaround, upgrade the software image from the master external<br />
Routing Engine. [PR/574137: This issue has been resolved.]<br />
• On EX4200 Virtual Chassis, the next-hop information in the forwarding table is not<br />
cleared when a Virtual Chassis switchover occurs. [PR/576098: This issue has been<br />
resolved.]<br />
• On an EX8200 Virtual Chassis on which NSR is enabled, during an XRE200 External<br />
Routing Engine switchover, Layer 3 routing protocols might stop and restart repeatedly,<br />
leading to traffic loss. [PR/581492: This issue has been resolved.]<br />
• A large number of MAC pause frames might stall a Virtual Chassis member's IPC<br />
connection, causing the member to lose its connection to the Virtual Chassis.<br />
[PR/581804: This issue has been resolved.]<br />
• When you halt a member of an EX4200 Virtual Chassis, the link on an uplink module<br />
port configured as a VCP might not be brought down. [PR/582996: This issue has<br />
been resolved.]<br />
• On a Virtual Chassis that is configured with a private VLAN (PVLAN) and a link<br />
aggregation group (LAG), if the Virtual Chassis loses one of its members, traffic flow<br />
might not resume properly across the remaining LAG members, resulting in traffic loss.<br />
[PR/587953:This issue has been resolved.]<br />
Resolved Issues in Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
• EX4200 Virtual Chassis members might not reboot and might create a Virtual Chassis<br />
control process (vccpd) core file. [PR/588466: This issue has been resolved.]<br />
• On EX4200 switches, VRRPv3 advertisements are not forwarded on a Layer 2 VLAN<br />
on which IGMP snooping is enabled. [PR/588712: This issue has been resolved.]<br />
• On an EX8200 Virtual Chassis, during a nonstop software upgrade (NSSU), one or<br />
more internal NSSU states might not be cleared on a master Routing Engine. This<br />
31
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
32<br />
might prevent some CLI commands from executing. [PR/592476: This issue has been<br />
resolved.]<br />
• On EX4200 Virtual Chassis, high-priority packets are not sent properly from line cards<br />
to the master. [PR/593840: This issue has been resolved.]<br />
• On EX8200 Virtual Chassis, after you upgrade Junos OS using the request system<br />
software add and request system reboot commands, the CPU load is very high on both<br />
the master and backup XRE200 External Routing Engines. The CPU load recovers to<br />
normal after 10 minutes or after you reboot the master switch. [PR/596374: This issue<br />
has been resolved.]<br />
• If you assign the linecard role to member IDs 8 or 9, the kernel might crash and the<br />
XRE200 External Routing Engine might reboot continuously. As specified in the EX8200<br />
Virtual Chassis documentation, assign the linecard role only to member IDs 0 through<br />
7. [PR/600125: This issue has been resolved.]<br />
• On EX8200 Virtual Chassis, the chassis control process (chassisd) on the master<br />
member might restart in the following scenarios:<br />
• If the Virtual Chassis does not have a member ID 8 or 9, and any member reboots<br />
or the Virtual Chassis is split<br />
• If the Virtual Chassis has member IDs 8 and 9, and member 8 or 9 reboots<br />
Because of this issue, NSSU does not work. [PR/600218: This issue has been resolved.]<br />
• On EX4200 Virtual Chassis, it might take 20 minutes or longer to distribute the Junos<br />
OS image bundle in a 10-member Virtual Chassis. As a workaround, use the no-validate<br />
option to improve the performance. [PR/604270: This issue has been resolved.]<br />
• On EX8200 Virtual Chassis running a Junos OS image with resilient dual-root<br />
partitioning, when the kernel synchronization process (ksyncd) on the backup Routing<br />
Engines fails or when the master and backup Routing Engines are out of sync, both<br />
conditions that create a ksyncd core file, it might take more than 12 minutes for the<br />
core file to be created. During this time, the Virtual Chassis is highly unstable: the<br />
Routing Engine CPU is at 100 percent; all control protocols, such as BFD, IS-IS, and<br />
OSPF, are constantly stopping and restarting; and the CLI prompt is not displayed after<br />
you type a CLI command. This issue does not occur with nonresilient dual-root<br />
partitioning Junos OS images. [PR/609061: This issue has been resolved.]<br />
• On EX8200 Virtual Chassis, the output resource errors on the bme0 interface might<br />
increment continuously even after you reboot the interface. [PR/611243: This issue has<br />
been resolved.]<br />
• On EX8200 Virtual Chassis, GRE-tunneled traffic is not being transmitted across the<br />
chassis. For possible workarounds, contact JTAC. [PR/669513: This issue has been<br />
resolved.]<br />
• In Virtual Chassis composed of both EX4200 and EX4500 switches, you cannot<br />
configure PoE. [PR/671980: This issue has been resolved.]<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
Issues Resolved in <strong>Release</strong> 11.3R2<br />
The following issues have been resolved since Junos OS <strong>Release</strong> 11.3R1. The identifier<br />
following the description is the tracking number in our bug database.<br />
Ethernet Switching and Spanning Trees<br />
• RSTP might process BPDUs that do not comply with the IEEE standard, which might<br />
lead to unintended spanning-tree convergence behavior. [PR/683829: This issue has<br />
been resolved.]<br />
Infrastructure<br />
• Layer 3 next-hop entries might remain queued in the kernel of the backup Routing<br />
Engine and might never be installed in the forwarding table. [PR/670799: This issue<br />
has been resolved.]<br />
• A memory leak might occur, as evidenced by "jt_nh_multiple_init() returned error code<br />
"(No memory:3)!" system log (syslog) messages. This leak disrupts traffic forwarding.<br />
[PR/676826: This issue has been resolved.]<br />
• On EX4500 switches, ICMPv6 packets might transit the Routing Engine even though<br />
IPv6 is not configured. [PR/682953: This issue has been resolved.]<br />
• When the same firewall filter and Layer 3 classifier is applied to two Layer 3 interfaces,<br />
a Packet Forwarding Engine (pfem) core file might be created. [PR/683747: This issue<br />
has been resolved.]<br />
Resolved Issues in Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
33
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
34<br />
Interfaces<br />
• The Ethernet interfaces in a link aggregation group (LAG) might all have the same MAC<br />
address as the parent aggregated Ethernet (ae-) interface. [PR/681385: This issue has<br />
been resolved.]<br />
J-Web Interface<br />
• If the password has been removed from the authentication-order statement and the<br />
external authentication server (TACACS+ or RADIUS) is down, you might not be able<br />
to log in to the J-Web interface. [PR/599613: This issue has been resolved.]<br />
Layer 2 and Layer 3 Protocols<br />
• If a router or switch acting as both an autonomous system boundary router (ASBR)<br />
and an area border router (ABR) is reachable through both a backbone area and a stub<br />
area, and if the advertisement through stub area advertising has a higher metric than<br />
the advertisement through the backbone area, the external routes might be installed<br />
incorrectly in the routing table. The routing table entry incorrectly shows that the next<br />
hop is through the stub area. [PR/610813: This issue has been resolved.]<br />
Multicast Protocols<br />
• If interfaces go up and down frequently, a memory leak might occur and cfmd and<br />
mcsnoopd core files might be created. [PR/688356: This issue has been resolved.]<br />
Virtual Chassis<br />
• On EX8200 Virtual Chassis, if the topology is formed such that ingress multicast traffic<br />
is routed first to the rendezvous point (RP) and then returns to the Virtual Chassis for<br />
egress via Layer 2 multicast, the multicast traffic is forwarded only to receivers<br />
connected to the Virtual Chassis member in which the returned multicast traffic is<br />
received. Multicast traffic is not forwarded to other receivers in other Virtual Chassis<br />
members. [PR/666355: This issue has been resolved.]<br />
Issues Resolved in <strong>Release</strong> 11.3R3<br />
The following issues have been resolved since Junos OS <strong>Release</strong> 11.3R2. The identifier<br />
following the description is the tracking number in our bug database.<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
Access Control and Port Security<br />
• When you reboot or upgrade the software on a switch that has an active client connect<br />
to an 802.1X interface, a VLAN core file might be created. [PR/686513: This issue has<br />
been resolved.]<br />
Firewall Filters<br />
• For two-rate, three-color policers, the egress traffic might not flow at the configured<br />
peak information rate (PIR). [PR/687564: This issue has been resolved.]<br />
High Availability<br />
• On EX8200 Virtual Chassis, NSSU might get stuck when you upgrade FPCs one by<br />
one. As a workaround, configure upgrade groups for groups of FPCs, which you can<br />
upgrade simultaneously, with minimal traffic loss. [PR/669764: This issue has been<br />
resolved.]<br />
• When you perform a nonstop software upgrade (NSSU) operation on an EX8200<br />
Virtual Chassis, if you do not include the reboot option when you request the NSSU to<br />
have the switch perform an automatic reboot, the upgrade might hang indefinitely<br />
after the Junos OS images have been pushed to the master Routing Engine.<br />
[PR/692422: This issue has been resolved.]<br />
Infrastructure<br />
• The system log (syslog) files contain the message “<strong>Juniper</strong> syscall not available.” These<br />
messages are harmless, and you can ignore them. [PR/519153: This issue has been<br />
resolved.]<br />
• The system log (syslog) file might contain the following message: “/var: filesystem<br />
full.” [PR/600145: This issue has been resolved.]<br />
• On an EX4200 switch, when you disable a Q-in-Q interface on which you have<br />
configured a large number (more than 500) of VLAN swap rules, control traffic might<br />
be affected for about 10 minutes. During this time, the forwarding process (pfem) can<br />
consume up to 98 percent of the CPU. The system resumes its normal state after the<br />
forwarding process completes its processing. [PR/678792: This issue has been<br />
resolved.]<br />
Resolved Issues in Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
• The system log (syslog) files might contain storm-control–related messages even<br />
when storm control is not configured. [PR/679231: This issue has been resolved.]<br />
• On EX3300 switches, when you load the factory default settings, the last two ports of<br />
the uplink ports are configured as Virtual Chassis ports (VCPs). If you convert these<br />
ports to normal network ports, they might not pass traffic. As a workaround, reboot<br />
the switch after converting the ports. [PR/685300: This issue has been resolved.]<br />
• When you configure VLAN ID translation when using Q-in-Q tunneling, if you apply a<br />
tricolor marking (TCM) policer to the Q-in-Q interface, a Packet Forwarding Engine<br />
(pfem) core file might be created. [PR/688438: This issue has been resolved.]<br />
• In an EX8200 Virtual Chassis that is configured with an implicit deny statement and<br />
that has VCCP traffic flowing through 10-Gigabit Ethernet ports configured as Virtual<br />
35
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
36<br />
Chassis ports (VCPs), if you apply a loopback filter, the FPCs (line cards) of member<br />
0 and member 1 can lose contact with master Routing Engine. [PR/688983: This issue<br />
has been resolved.]<br />
• You might not be able to commit a configuration on an XRE200 External Routing<br />
Engine, and the switch might display the error "could not save to juniper.save+".<br />
[PR/689764: This issue has been resolved.]<br />
• An EX4200 switch might stop forwarding traffic, and a Packet Forwarding Engine<br />
(pfem) core file might be created. [PR/691504: This issue has been resolved.]<br />
• On EX4500 switches, the LCD panel might not list the ADM (administrative status) or<br />
DPX (duplex) options in the Idle menu. Also, when you press Enter to cycle through<br />
the status LED modes, you might not be able to cycle through them. [PR/692341: This<br />
issue has been resolved.]<br />
• On EX4200 switches, if you connect and then disconnect the cable to the port on which<br />
the Bidirectional Forwarding Detection (BFD) protocol is running, a software forwarding<br />
process (sfid) core file might created. [PR/694150: This issue has been resolved.]<br />
• When you configure a syslog action in a firewall filter on the me0 interface, an EX2200<br />
switch might crash when you commit the configuration. [PR/694602: This issue has<br />
been resolved.]<br />
• On EX3200 and EX4200 switches, transmit FIFO queue overruns might cause the<br />
switch to stop working. [PR/695071: This issue has been resolved.]<br />
• Approximately every 300 seconds, a multicast route entry might be deleted and added<br />
back again, resulting in a traffic loss of about 1-3 seconds. [PR/698129: This issue has<br />
been resolved.]<br />
Management and RMON<br />
• On EX4200 switches, if you specify the source-address statement when configuring a<br />
system log file, the switch might not send the correct source IP address to the syslog<br />
server after the switch reboots. [PR/608724: This issue has been resolved.]<br />
• On EX4500 switches, you cannot configure BGP on the BGP Configuration page<br />
(Configure > Routing > BGP). [PR/699308: This issue has been resolved.]<br />
Virtual Chassis<br />
• When EX4200 and EX4500 switches are interconnected into the same Virtual Chassis<br />
to form a mixed EX4200 and EX4500 Virtual Chassis, the switches might fail to form<br />
a Virtual Chassis. [PR/681072: This issue has been resolved.]<br />
• On an XRE200 External Routing Engine, the rescue configuration might not get<br />
synchronized with the backup XRE200 External Routing Engine. [PR/687797: This<br />
issue has been resolved.]<br />
• In an EX4200 Virtual Chassis, if a member other than the master reboots from the<br />
backup partition, the system alarm "Host # Boot from backup root" should clear when<br />
that member is rebooted from the active partition. However, the master retains the<br />
alarm until it is rebooted or until the mastership switches. [PR/694256: This issue has<br />
been resolved.]<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Issues Resolved in <strong>Release</strong> <strong>11.3R4</strong><br />
The following issues have been resolved since Junos OS <strong>Release</strong> 11.3R3. The identifier<br />
following the description is the tracking number in our bug database.<br />
Access Control and Port Security<br />
• When the switch is performing 802.1X (dot1x) authentication using MAC RADIUS, you<br />
might see the following message in the system log (syslog) file: "kmem type temp<br />
using 57344K, exceeding limit 57344K". [PR/697815: This issue has been resolved.]<br />
• When you add a new VLAN on a switch on which you have also configured loopback<br />
and other IPv4 firewall filters, a Packet Forwarding Engine (pfem) core file might be<br />
created that contains the message "No space available in tcam". [PR/701779: This<br />
issue has been resolved.]<br />
• When you enable LLDP-MED autonegotiation on an EX Series switch, the<br />
autonegotiation bit in LLDP-MED packet is set to not-supported, which might cause IP<br />
phones to discard LLDP-MED packets received from the switch. [PR/708752: This<br />
issue has been resolved.]<br />
Ethernet Switching and Spanning Trees<br />
• On EX Series switches, when you remove a VLAN that has a VLAN ID and then add the<br />
same VLAN ID but with a different VLAN name, the Ethernet switching process (eswd)<br />
might create a core file. [PR/668210: This issue has been resolved.]<br />
• When the same MAC address is learned on both the primary and community VLANS,<br />
an Ethernet switching process (eswd) core file might be created. [PR/693942: This<br />
issue has been resolved.]<br />
• EX Series switches might not learn the MAC addresses of directly connected devices.<br />
[PR/695280: This issue has been resolved.]<br />
• On EX4500 switches with an interface in loopback mode, BPDUs might be processed<br />
instead of being dropped as expected, generating topology change notifications (TCNs).<br />
As a workaround, disable the interface that is in loopback mode. [PR/698077: This<br />
issue has been resolved.]<br />
• If the egress interface is a trunk interface, frames that exceed 9216 bytes might not be<br />
fragmented. [PR/705905: This issue has been resolved.]<br />
Hardware<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
• For Opnext SFPs with <strong>Juniper</strong> part number 740-021308 and types SFP+ 10GE-SR,<br />
SFP+ 10GE-LR, or SFP+ 10GE-ER, when the low-power threshold is crossed, the<br />
power-low warning alarm is not set on extra-scale (ES) and Power over Ethernet (PoE)<br />
line cards. [PR/683732: This issue has been resolved.]<br />
Infrastructure<br />
• After you upgrade Junos OS, an sfid core file might be created. [PR/691958: This issue<br />
has been resolved.]<br />
Resolved Issues in Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
37
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
38<br />
Related<br />
Documentation<br />
• On EX8200 switches that have IPv6 and IPv4 configured on routing instances, when<br />
many interfaces go down and come back up repeatedly, the next-hop programming<br />
for some routes might fail, which can cause disruptions in traffic. [PR/701985: This<br />
issue has been resolved.]<br />
Interfaces<br />
• EX Series switches do not show the control packet counters in both directions on the<br />
logical units of aggregated Ethernet (ae) interfaces. [PR/693202: This issue has been<br />
resolved.]<br />
• Interfaces might not come up, and the system log (syslog) file might contain the<br />
message "DCD_CONFIG_WRITE_FAILED: configuration write failed for an RT ADD:<br />
Cannot allocate memory". [PR/697300: This issue has been resolved.]<br />
• When you configure the member interfaces of an aggregated Ethernet interface before<br />
you configure the aggregated Ethernet (aex) device using set commands from the CLI,<br />
the aggregated Ethernet interface does not receive MAC updates. As a workaround,<br />
configure the aggregated Ethernet interface first, then configure the member interfaces.<br />
[PR/680913: This issue has been resolved.]<br />
J-Web Interface<br />
• In the J-Web interface, if you discard any available MIB profile, file, or predefined object<br />
from accounting-options on the Point and Click CLI Configuration page (Configure ><br />
CLI Tools > Point and Click CLI), the J-Web session times out. As a workaround, perform<br />
the same operation from the CLI. [PR/689261: This issue has been resolved.]<br />
• In the J-Web interface, the dashboard is not displayed. [PR/700274: This issue has<br />
been resolved.]<br />
Management and RMON<br />
• EX Series switches might not send jnxMIMst traps. [PR/707141: This issue has been<br />
resolved.]<br />
Virtual Chassis<br />
• On XRE200 External Routing Engines, the output of the show chassis hardware<br />
•<br />
command might contain duplicate Routing Engine inventory information for members<br />
8 and 9. [PR/663272: This issue has been resolved.]<br />
New Features in Junos OS <strong>Release</strong> 11.3 for EX Series Switches on page 4<br />
• Changes in Default Behavior and Syntax in Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
on page 10<br />
• Limitations in Junos OS <strong>Release</strong> 11.3 for EX Series Switches on page 11<br />
• Outstanding Issues in Junos OS <strong>Release</strong> 11.3 for EX Series Switches on page 16<br />
• Changes to and Errata in Documentation for Junos OS <strong>Release</strong> 11.3 for EX Series<br />
Switches on page 39<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
• Upgrade and Downgrade Instructions for Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
on page 41<br />
Changes to and Errata in Documentation for Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
• Changes to the Junos OS for EX Series Switches Documentation on page 39<br />
• Errata on page 39<br />
Changes to the Junos OS for EX Series Switches Documentation<br />
This section lists changes that have been made to the Junos OS for EX Series switches<br />
documentation.<br />
Firewall Filters<br />
• The Firewall Filter Match Conditions and Actions for EX Series Switches document has<br />
been split into two new documents:<br />
• The Descriptions of Firewall Filter Match Conditions for EX Series Switches document<br />
describes match conditions, actions, and action modifiers.<br />
• The Platform Support for Firewall Filter Match Conditions on EX Series Switches<br />
Errata<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
document details support per switch type, including bind points, for match conditions,<br />
actions, and action modifiers for IPv4 and IPv6 ingress and egress traffic.<br />
This section lists outstanding issues with the documentation for Junos OS <strong>Release</strong> 11.3<br />
for EX Series switches.<br />
Changes to and Errata in Documentation for Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
Access Control and Port Security<br />
• When you enable DHCP-relay functionality on a switch and you configure tracing with<br />
the set forwarding-options helpers traceoptions command, no DHCP-relay–related<br />
messages are logged. As a workaround, configure tracing with the traceoptions<br />
statement at the [edit system services dhcp] hierarchy level. For example, the following<br />
commands log DHCP-relay-related messages to the file dhcp.log:<br />
set system services dhcp traceoptions file dhcp.log<br />
set system services dhcp traceoptions level all<br />
set system services dhcp traceoptions flag all<br />
[This issue was being tracked by PR/679781.]<br />
39
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
40<br />
Class of Service<br />
• On EX Series switches, you cannot configure a scheduler map on an individual interface<br />
that is a member of a link aggregation group (LAG). Instead, you must configure the<br />
scheduler map on the LAG itself (that is, on the aggregated Ethernet (ae) interface).<br />
[This issue was being tracked by PR/692629.]<br />
Hardware<br />
• The documentation does not list the following transceivers, which are supported for<br />
EX6200 switches as of <strong>Release</strong> <strong>11.3R4</strong>:<br />
• EX-SFP-1GE-LH<br />
• EX-SFP-1GE-LX<br />
• EX-SFP-1GE-LX40K<br />
• EX-SFP-1GE-SX<br />
• EX-SFP-1GE-T<br />
Infrastructure<br />
• The Managing Programs and Processes Using Junos OS Operational Mode Commands<br />
topic implies that damage to the file system might occur if you do not gracefully shut<br />
down Junos OS before powering off the router—notice, however, that this implication<br />
does not apply to EX Series switches that are running Junos OS <strong>Release</strong> 10.4R3 or later.<br />
Graceful shutdown is not required for switches running <strong>Release</strong> 10.4R3 or later because<br />
these releases include the resilient dual-root partitioning feature, which prevents file<br />
corruption if the switches do not shut down gracefully.<br />
Interfaces<br />
• The documentation for configuring autonegotiation on Ethernet interfaces on EX Series<br />
switches neglects to state that you cannot disable autonegotiation on Tri-State copper<br />
Ethernet interfaces that are manually configured for 1-Gbps link speed. If you configure<br />
an interface for 1-Gbps link speed and no autonegotiation, you can commit the<br />
configuration without an error. However, on copper interfaces, this configuration is<br />
ignored as invalid and autonegotiation is enabled by default. To correct the configuration<br />
and disable autonegotiation:<br />
1. Delete the no-auto-negotiation statement and commit the configuration.<br />
2. Set the interface speed with the speed statement to 10 or 100 Mbps, set the<br />
no-auto-negotiation statement, and commit the configuration.<br />
• The documentation for configuring physical interfaces on EX Series switches does not<br />
cover the supported hold-time configuration statement, which is used to dampen<br />
interface transitions. For information about the hold-time configuration statement, see<br />
Damping Interface Transitions.<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Related<br />
Documentation<br />
J-Web Interface<br />
• In the J-Web interface, you cannot configure interface ranges and interface groups.<br />
[This issue was being tracked by PR/600559.]<br />
Multicast Protocols<br />
• The Junos OS 11.3 <strong>Release</strong> <strong>Notes</strong> for 11.3R1, 11.3R2, and 11.3R3 incorrectly state that routed<br />
•<br />
multicast traffic is supported only on the default virtual routing and forwarding (VRF)<br />
instance. This limitation was removed in <strong>Release</strong> 11.3R1—routed multicast traffic is<br />
supported on all VRF instances in <strong>Release</strong> 11.3R1or later.<br />
New Features in Junos OS <strong>Release</strong> 11.3 for EX Series Switches on page 4<br />
• Changes in Default Behavior and Syntax in Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
on page 10<br />
• Limitations in Junos OS <strong>Release</strong> 11.3 for EX Series Switches on page 11<br />
• Outstanding Issues in Junos OS <strong>Release</strong> 11.3 for EX Series Switches on page 16<br />
• Resolved Issues in Junos OS <strong>Release</strong> 11.3 for EX Series Switches on page 20<br />
• Upgrade and Downgrade Instructions for Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
on page 41<br />
Upgrade and Downgrade Instructions for Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
This section discusses the following topics:<br />
• Upgrading from Junos OS <strong>Release</strong> 10.4R3 or Later on page 41<br />
• Upgrading from Junos OS <strong>Release</strong> 10.4R2 or Earlier on page 43<br />
• Downgrading to Junos OS <strong>Release</strong> 10.4R2 or Earlier on page 56<br />
• Upgrade Policy for Junos OS Extended End Of Life <strong>Release</strong>s on page 56<br />
• Upgrading or Downgrading from Junos OS <strong>Release</strong> 9.4R1 for EX Series<br />
Switches on page 57<br />
• Upgrading from Junos OS <strong>Release</strong> 9.3R1 to <strong>Release</strong> 11.3 for EX Series<br />
Switches on page 57<br />
Upgrade and Downgrade Instructions for Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
• Upgrading EX Series Switches Using NSSU on page 57<br />
Upgrading from Junos OS <strong>Release</strong> 10.4R3 or Later<br />
You can use this procedure to upgrade Junos OS on a standalone EX Series switch with<br />
a single Routing Engine. You can also use it to upgrade all members of a Virtual Chassis<br />
or a single member of a Virtual Chassis. To upgrade software on a standalone EX6200<br />
switch or EX8200 switch with dual Routing Engines, see Installing Software on an EX<br />
Series Switch with Redundant Routing Engines (CLI Procedure).<br />
On EX8200 switches and EX8200 Virtual Chassis, you can also use nonstop software<br />
upgrade (NSSU) to perform the upgrade. For more information, see “Upgrading EX Series<br />
Switches Using NSSU” on page 57.<br />
41
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
42<br />
To install software upgrades on a switch with a single Routing Engine or on a Virtual<br />
Chassis:<br />
1. Download the software package as described in Downloading Software Packages from<br />
<strong>Juniper</strong> <strong>Networks</strong>.<br />
2. (Optional) Back up the current software configuration to a second storage option.<br />
See the Junos OS Installation and Upgrade Guide for instructions.<br />
3. (Optional) Copy the software package to the switch. We recommend that you use<br />
FTP to copy the file to the /var/tmp directory.<br />
This step is optional because Junos OS can also be upgraded when the software<br />
image is stored at a remote location.<br />
4. Install the new package on the switch:<br />
user@switch> request system software add package<br />
Replace package with one of the following paths:<br />
• For a software package in a local directory on the switch—/var/tmp/package.tgz.<br />
• For a software package on a remote server:<br />
• ftp://hostname/pathname/package.tgz<br />
• http://hostname/pathname/package.tgz<br />
where package.tgz is, for example, jinstall-ex-4200-11.3R1.8-domestic-signed.tgz.<br />
To install software packages on all the switches in a mixed EX4200 and EX4500<br />
Virtual Chassis, use the set option to specify both the EX4200 package and the<br />
EX4500 package:<br />
user@switch> request system software add set [package package]<br />
Include the optional member option to install the software package on only one<br />
member of a Virtual Chassis:<br />
user@switch> request system software add package member member-id<br />
Other members of the Virtual Chassis are not affected. To install the software on all<br />
members of the Virtual Chassis, do not include the member option.<br />
NOTE: To abort the installation, do not reboot your device; instead, finish<br />
the installation and then issue the request system software delete<br />
package.tgz command, where package.tgz is, for example,<br />
jinstall-ex-8200-11.3R1.8-domestic-signed.tgz. This is your last chance to<br />
stop the installation.<br />
5. Reboot to start the new software (to reboot a single member, use the member option):<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
user@switch> request system reboot<br />
6. After the reboot has completed, log in and verify that the new version of the software<br />
is properly installed:<br />
user@switch> show version<br />
Upgrading from Junos OS <strong>Release</strong> 10.4R2 or Earlier<br />
Upgrading to Junos OS <strong>Release</strong> 11.3 from <strong>Release</strong> 10.4R2 or earlier is more complex than<br />
previous upgrade procedures as a result of the introduction of resilient dual-root partitions<br />
in <strong>Release</strong> 10.4R3. This new feature incorporates some enhancements that add additional<br />
steps when you upgrade from a release that does not support resilient dual-root partitions<br />
to one that does. Once you are running a release that supports resilient dual-root<br />
partitions, such as <strong>Release</strong> 11.3, future upgrades will not require these additional steps.<br />
The following points summarize the differences between this upgrade and previous<br />
upgrades:<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
• The disk partitions are automatically reformatted to four partitions during the reboot<br />
of the switch that completes the Junos OS upgrade. The reformat increases the reboot<br />
time for EX8200 switches by 10 to 25 minutes per Routing Engine. For other switches,<br />
the increase in boot time is 5 to 10 minutes.<br />
• The configuration files in /config are saved in volatile memory before the reformat and<br />
then restored after the reformat—however, the files in /var are not saved and are lost<br />
after the upgrade.<br />
Upgrade and Downgrade Instructions for Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
NOTE: We recommend that you copy your data files to external media<br />
using the request system snapshot command before you perform the<br />
upgrade. Files in the /var directory, such as log files and user /home<br />
directories, are not saved. In addition, a power failure during the reboot<br />
could cause the configuration files to be lost.<br />
• You must upgrade the loader software. You upgrade the loader software by installing<br />
the loader software package from the CLI.<br />
NOTE: To obtain the loader software package: see the Download Software<br />
page at http://www.juniper.net/support/products/junos/dom/. Click on the<br />
version, then the Software tab, then the name of the software install<br />
package. In the pop-up Alert box, click on the link to the PSN document.<br />
On switches other than the EX8200 switches, upgrading the loader software does not<br />
significantly increase the upgrade time because you can complete the upgrade of both<br />
Junos OS and the loader software with a single reboot.<br />
On EX8200 switches, upgrading the loader software requires an additional reboot per<br />
Routing Engine because of the way the loader software is stored in the flash memory.<br />
On EX8200 switches only, you can verify that the loader software requires upgrading<br />
43
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
44<br />
before you perform the upgrade—if the loader software does not need upgrading, the<br />
additional reboot per Routing Engine is not required.<br />
NOTE: If you upgrade to <strong>Release</strong> 11.3 and do not upgrade the loader<br />
software, the switch will come up and will function normally. However, if<br />
the switch cannot boot from the active root partition, it will not be able to<br />
transparently boot from the alternate root partition.<br />
Table 1 on page 44 lists the installation packages required to upgrade the loader<br />
software.<br />
Table 1: Required Installation Packages for Upgrading the Loader Software<br />
Platform<br />
EX2200 switch<br />
EX3200 switch<br />
EX4200 switch<br />
EX4500 switch<br />
EX8200 switch<br />
XRE200 External Routing Engine<br />
Installation Package<br />
jloader-ex-2200-11.3build-signed.tgz<br />
jloader-ex-3242-11.3build-signed.tgz<br />
jloader-ex-3242-11.3build-signed.tgz<br />
jloader-ex-4500-11.3build-signed.tgz<br />
jloader-ex-8200-11.3build-signed.tgz<br />
The loader software does not need to be upgraded.<br />
• When you upgrade to a release that supports resilient dual-root partitions from one<br />
that does not, the upgrade process automatically copies the contents of the primary<br />
root partition to the alternate root partition at the end of the upgrade process. Because<br />
the resilient dual-root partitions feature enables the switch to boot transparently from<br />
the alternate root partition, we recommend that you use the request system snapshot<br />
command to copy the contents of the primary root partition to the alternate root<br />
partition after all future Junos OS upgrades.<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
NOTE: If you upgrade the loader software in a separate step after you upgrade<br />
Junos OS, users might see the following message when they log in to the<br />
switch:<br />
At least one package installed on this device has limited support<br />
This message can be safely ignored.<br />
You can permanently remove this message by deleting the loader software<br />
package and rebooting the system. For example, on an EX4200 switch:<br />
user@switch> request system software delete jloader-ex-3242<br />
Unmounted /packages/mnt/jloader-ex-3242-11.3 ...<br />
user@switch> request system reboot<br />
Reboot the system ? [yes,no] (no) yes<br />
The following pages include more detailed instructions for performing a software upgrade<br />
from <strong>Release</strong> 10.4R2 or earlier:<br />
• Determining Whether the Loader Software Needs Upgrading on EX8200 Switches<br />
and EX8200 Virtual Chassis on page 45<br />
• Installing the Loader Software and Junos OS on EX2200, EX3200, Standalone EX4200,<br />
and Standalone EX4500 Switches on page 47<br />
• Upgrading the Loader Software and Junos OS on EX4200 Virtual Chassis on page 48<br />
• Upgrading the Loader Software on EX4500 Virtual Chassis and Mixed EX4200 and<br />
EX4500 Virtual Chassis on page 49<br />
• Upgrading Junos OS and the Loader Software on Standalone EX8200<br />
Switches on page 51<br />
• Upgrading Junos OS and the Loader Software on EX8200 Virtual Chassis on page 53<br />
Determining Whether the Loader Software Needs Upgrading on EX8200 Switches and<br />
EX8200 Virtual Chassis<br />
Before you begin the software upgrade on an EX8200 switch or an EX8200 Virtual<br />
Chassis, determine whether the loader software needs upgrading. It is possible that a<br />
switch running a Junos OS release earlier than <strong>Release</strong> 10.4R3 has a version of the loader<br />
software installed that supports resilient dual-root partitions. For example, the switch<br />
might have been shipped from the factory with a Junos OS release earlier than <strong>Release</strong><br />
10.4R3 but with a version of the loader software that supports resilient dual-root partitions.<br />
Or the switch might have been downgraded from a Junos OS release that supports<br />
resilient dual-root partitions but still retain a version of the loader software that supports<br />
resilient dual-root partitions.<br />
Upgrade and Downgrade Instructions for Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
NOTE: This procedure is available only on EX8200 switches. On all other<br />
switches, you must upgrade your loader software.<br />
45
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
46<br />
To determine whether the loader software needs upgrading:<br />
1. Determine the version of the loader software:<br />
user@switch> show chassis firmware<br />
Part Type Version<br />
FPC 6 U-Boot U-Boot 1.1.6 (Jan 13 2009 - 06:55:22) 2.3.0<br />
loader FreeBSD/PowerPC U-Boot bootstrap loader 2.2<br />
FPC 7 U-Boot U-Boot 1.1.6 (Jan 13 2009 - 06:55:22) 2.3.0<br />
loader FreeBSD/PowerPC U-Boot bootstrap loader 2.2<br />
Routing Engine 0 U-Boot U-Boot 1.1.6 (Mar 11 2011 - 04:29:01) 3.5.0<br />
loader FreeBSD/PowerPC U-Boot bootstrap loader 2.4<br />
Routing Engine 1 U-Boot U-Boot 1.1.6 (Mar 11 2011 - 04:29:01) 3.5.0<br />
loader FreeBSD/PowerPC U-Boot bootstrap loader 2.4<br />
NOTE: On an EX8200 Virtual Chassis, you cannot execute this command<br />
on the master external Routing Engine. The command must be executed<br />
on each member switch:<br />
1. From the master external Routing Engine, start a shell session on the<br />
member switch. For example:<br />
user@external-routing-engine> request session member 0<br />
2. Enter the CLI and execute the show chassis firmware command.<br />
3. Repeat these steps for the other member switch.<br />
The loader software version appears after the timestamp for U-Boot 1.1.6. In the<br />
preceding example, the version is 3.5.0. (Ignore the 1.1.6 version information in U-Boot<br />
1.1.6—it does not indicate whether or not the version of the loader software supports<br />
resilient dual-root partitioning.)<br />
2. If the loader software version is 3.5.0 or later on EX8200 switches, your loader software<br />
does not need upgrading to support resilient dual-root partitioning. To upgrade to<br />
<strong>Release</strong> 11.3, install Junos OS, following the standard installation procedures. See<br />
“Upgrading from Junos OS <strong>Release</strong> 10.4R3 or Later” on page 41.<br />
3. If the loader software version is earlier than 3.5.0, you must upgrade your loader<br />
software. Follow the instructions in “Upgrading Junos OS and the Loader Software<br />
on Standalone EX8200 Switches” on page 51 or “Upgrading Junos OS and the Loader<br />
Software on EX8200 Virtual Chassis” on page 53.<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
Installing the Loader Software and Junos OS on EX2200, EX3200, Standalone EX4200,<br />
and Standalone EX4500 Switches<br />
To upgrade the loader software and Junos OS on EX2200, EX3200, standalone EX4200,<br />
and standalone EX4500 switches:<br />
1. Download the loader software package and the Junos OS package from the <strong>Juniper</strong><br />
<strong>Networks</strong> website as described in Downloading Software Packages from <strong>Juniper</strong><br />
<strong>Networks</strong>. Place the software packages on an internal software distribution site or in<br />
a local directory on the switch. We recommend using /var/tmp as the local directory<br />
on the switch.<br />
NOTE: To obtain the loader software package, see the Download Software<br />
page at http://www.juniper.net/support/products/junos/dom/. Click on the<br />
version, then the Software tab, then the name of the software install<br />
package. In the pop-up Alert box, click on the link to the PSN document.<br />
2. Install the loader package:<br />
user@switch> request system software add package<br />
Replace package with one of the following paths:<br />
• For a software package in the /var/tmp directory on the<br />
switch—/var/tmp/package.tgz<br />
• For a software package on a remote server:<br />
• ftp://hostname/pathname/package.tgz<br />
• http://hostname/pathname/package.tgz<br />
where package.tgz is, for example, jloader-ex-3242-11.3build-signed.tgz.<br />
3. Install the Junos OS package, following the same procedure you used to install the<br />
loader software package.<br />
4. Reboot the switch:<br />
Upgrade and Downgrade Instructions for Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
user@switch> request system reboot<br />
Reboot the system ? [yes,no] (no) yes<br />
If you are monitoring the reboot from the console, you see messages similar to the<br />
following during the partition reformat:<br />
Disk needs to be formatted in order to proceed<br />
Saving the configuration in memory before formatting the disk<br />
FILE SYSTEM CLEAN; SKIPPING CHECKS<br />
clean, 31543 free (10 frags, 3953 blocks, 0.0% fragmentation)<br />
32+0 records in<br />
32+0 records out<br />
16384 bytes transferred in 0.033161 secs (494075 bytes/sec)<br />
******* Working on device /dev/da0 *******<br />
.<br />
.<br />
47
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
48<br />
.<br />
Restoring configuration<br />
5. Verify that the loader software has been upgraded:<br />
user@switch> show chassis firmware<br />
Part Type Version<br />
FPC 0 uboot U-Boot 1.1.6 (Mar 28 2011 - 04:09:20)<br />
1.0.0<br />
loader FreeBSD/PowerPC U-Boot bootstrap loader<br />
2.4<br />
The U-Boot version that follows the date information must be 1.0.0 or later.<br />
6. Verify that Junos OS has been upgraded:<br />
user@switch> show version<br />
Upgrading the Loader Software and Junos OS on EX4200 Virtual Chassis<br />
You perform the upgrade of the loader software and Junos OS on an EX4200 Virtual<br />
Chassis from the Virtual Chassis master switch. The master switch pushes the installation<br />
packages to all the Virtual Chassis members. You can also upgrade the loader software<br />
and Junos OS on a single member switch from the master switch.<br />
To upgrade the loader software and Junos OS:<br />
1. Download the loader software package and the Junos OS package from the <strong>Juniper</strong><br />
<strong>Networks</strong> website as described in Downloading Software Packages from <strong>Juniper</strong><br />
<strong>Networks</strong>. Place the software packages on an internal software distribution site or in<br />
a local directory on the master switch. We recommend using /var/tmp as the local<br />
directory on the master switch.<br />
NOTE: To obtain the loader software package, see the Download Software<br />
page at http://www.juniper.net/support/products/junos/dom/. Click on the<br />
version, then the Software tab, then the name of the software install<br />
package. In the pop-up Alert box, click on the link to the PSN document.<br />
2. Log in to the master of the Virtual Chassis.<br />
3. Install the loader software package:<br />
• To install the package on all members of the Virtual Chassis:<br />
user@switch> request system software add package<br />
• To install the package on a single member of the Virtual Chassis:<br />
user@switch> request system software add package member member-id<br />
Replace package with one of the following paths:<br />
• For a software package in the /var/tmp directory on the<br />
switch—/var/tmp/package.tgz<br />
• For a software package on a remote server:<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
• ftp://hostname/pathname/package.tgz<br />
• http://hostname/pathname/package.tgz<br />
where package.tgz is, for example, jloader-ex-3242-11.3build-signed.tgz.<br />
4. Install the Junos OS package, following the same procedure you used to install the<br />
loader software package.<br />
5. Reboot the Virtual Chassis (to reboot a single member, use the member option):<br />
user@switch> request system reboot<br />
Reboot the system ? [yes,no] (no) yes<br />
If you are monitoring the reboot from the console, you see messages similar to the<br />
following during the disk reformat:<br />
Disk needs to be formatted in order to proceed<br />
Saving the configuration in memory before formatting the disk<br />
FILE SYSTEM CLEAN; SKIPPING CHECKS<br />
clean, 31543 free (10 frags, 3953 blocks, 0.0% fragmentation)<br />
32+0 records in<br />
32+0 records out<br />
16384 bytes transferred in 0.033161 secs (494075 bytes/sec)<br />
******* Working on device /dev/da0 *******<br />
.<br />
.<br />
.<br />
Restoring configuration<br />
6. Verify that the new version of the loader software is on all members of the Virtual<br />
Chassis:<br />
Upgrade and Downgrade Instructions for Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
user@switch> show chassis firmware<br />
fpc0:<br />
--------------------------------------------------------------------------<br />
Part Type Version<br />
FPC 0 uboot U-Boot 1.1.6 (Mar 11 2011 - 04:29:01) 1.0.0<br />
loader FreeBSD/PowerPC U-Boot bootstrap loader 2.4<br />
FPC 1 uboot U-Boot 1.1.6 (Mar 11 2011 - 04:29:01) 1.0.0<br />
loader FreeBSD/PowerPC U-Boot bootstrap loader 2.4<br />
The U-Boot version that follows the date information must be 1.0.0 or later.<br />
7. Verify that the new Junos OS release is on all members of the Virtual Chassis:<br />
user@switch> show version<br />
Upgrading the Loader Software on EX4500 Virtual Chassis and Mixed EX4200 and<br />
EX4500 Virtual Chassis<br />
To create an EX4500 Virtual Chassis or a mixed EX4200 and EX4500 Virtual Chassis,<br />
you must upgrade Junos OS on the member switches to <strong>Release</strong> 11.1 or later before you<br />
form the Virtual Chassis. For instructions on how to upgrade Junos OS and the loader<br />
software on the member switches before they are part of the Virtual Chassis, see<br />
“Installing the Loader Software and Junos OS on EX2200, EX3200, Standalone EX4200,<br />
and Standalone EX4500 Switches” on page 47.<br />
49
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
50<br />
If you did not upgrade the loader software on one or more of the member switches before<br />
you formed the Virtual Chassis, you can use the following procedure to upgrade the loader<br />
software on member switches after the Virtual Chassis is formed.<br />
To upgrade the loader software:<br />
1. Download the loader software package from the <strong>Juniper</strong> <strong>Networks</strong> website as<br />
described in Downloading Software Packages from <strong>Juniper</strong> <strong>Networks</strong>. Place the software<br />
packages on an internal software distribution site or in a local directory on the master<br />
switch. We recommend using /var/tmp as the local directory on the master switch.<br />
NOTE: To obtain the loader software package, see the Download Software<br />
page at http://www.juniper.net/support/products/junos/dom/. Click on the<br />
version, then the Software tab, then the name of the software install<br />
package. In the pop-up Alert box, click on the link to the PSN document.<br />
For a mixed EX4200 and EX4500 Virtual Chassis, you must download the loader<br />
packages for both switches.<br />
2. Log in to the master of the Virtual Chassis.<br />
3. Install the loader software package:<br />
• To install the package on all members of an EX4500 Virtual Chassis:<br />
user@switch> request system software add package<br />
• To install the package on all members of a mixed EX4200 and EX4500 Virtual<br />
Chassis:<br />
user@switch> request system software add set [ex4200-package ex4500-package]<br />
• To install the package on a single member of the Virtual Chassis:<br />
user@switch> request system software add package member member-id<br />
4. Reboot the Virtual Chassis (to reboot a single member, use the member option):<br />
user@switch> request system reboot<br />
Reboot the system ? [yes,no] (no) yes<br />
5. Verify that the correct version of the loader software is on all members of the Virtual<br />
Chassis:<br />
root@switch> show chassis firmware<br />
fpc0:<br />
--------------------------------------------------------------------------<br />
Part Type Version<br />
FPC 0 uboot U-Boot 1.1.6 (Mar 11 2011 - 04:29:01) 1.0.0<br />
loader FreeBSD/PowerPC U-Boot bootstrap loader 2.4<br />
FPC 1 uboot U-Boot 1.1.6 (Mar 11 2011 - 04:29:01) 1.0.0<br />
loader FreeBSD/PowerPC U-Boot bootstrap loader 2.4<br />
The U-Boot version that follows the date information must be 1.0.0 or later.<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
Upgrading Junos OS and the Loader Software on Standalone EX8200 Switches<br />
NOTE: On EX8200 switches, you must upgrade Junos OS before you can<br />
upgrade the loader software.<br />
The loader software for an EX8200 Routing Engine resides in two flash memory banks.<br />
At any time, one bank acts as the primary bank and the Routing Engine boots from it.<br />
The other bank is the backup bank—if the Routing Engine cannot boot from the primary<br />
bank, it boots from the backup bank. When you upgrade the loader software, the upgraded<br />
software is installed in the backup bank, which then becomes the new primary bank.<br />
Thus the primary and backup banks alternate each time you upgrade the loader software,<br />
with the primary bank containing the most recently installed version of the software and<br />
the backup bank containing the previous version.<br />
To upgrade the loader software on an EX8200 Routing Engine, you must perform the<br />
upgrade twice: once for each bank. Each upgrade requires a reboot of the Routing Engine.<br />
NOTE: If you do not upgrade the loader software in both banks and the<br />
Routing Engine boots from the previous version of the loader software in the<br />
backup bank, the Routing Engine can no longer boot transparently from the<br />
alternate root partition if it cannot boot from the primary root partition.<br />
For an EX8200 switch with redundant Routing Engines, you must upgrade the loader<br />
software on both Routing Engines. You can upgrade the loader software on a Routing<br />
Engine only when it is master.<br />
Ensure that graceful Routing Engine switchover (GRES) and nonstop active routing (NSR)<br />
are disabled before you begin the upgrade.<br />
To upgrade the master Routing Engine on a switch with redundant Routing Engines or<br />
to upgrade the Routing Engine on a switch with a single Routing Engine:<br />
1. Download and install the Junos OS package on each Routing Engine as described in<br />
Installing Software on an EX Series Switch with Redundant Routing Engines (CLI<br />
Procedure) or Installing Software on an EX Series Switch with a Single Routing Engine<br />
(CLI Procedure).<br />
Upgrade and Downgrade Instructions for Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
2. Download the loader software package from the <strong>Juniper</strong> <strong>Networks</strong> website and place<br />
the software package on an internal software distribution site or in a local directory<br />
on the switch. We recommend using /var/tmp as the local directory on the switch.<br />
NOTE: To obtain the loader software package, see the Download Software<br />
page at http://www.juniper.net/support/products/junos/dom/. Click on the<br />
version, then the Software tab, then the name of the software install<br />
package. In the pop-up Alert box, click on the link to the PSN document.<br />
51
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
52<br />
3. Log in to the switch and enter the shell. We recommend using a console connection.<br />
4. Determine the primary bank and the version of the loader software in the bank:<br />
% kenv | grep boot.primary.bank<br />
boot.primary.bank="0"<br />
% kenv | grep boot.ver<br />
boot.ver="2.4.0"<br />
5. Enter the CLI and install the loader package:<br />
user@switch> request system software add package<br />
Replace package with one of the following paths:<br />
• For a software package in the /var/tmp directory on the<br />
switch—/var/tmp/package.tgz<br />
• For a software package on a remote server:<br />
• ftp://hostname/pathname/package.tgz<br />
• http://hostname/pathname/package.tgz<br />
where package.tgz is, for example, jloader-ex-8200-11.3build-signed.tgz.<br />
6. Upgrade the firmware:<br />
user@switch> request system firmware upgrade scb<br />
Firmware upgrade initiated....<br />
Please wait for ~2mins for upgrade to complete....<br />
7. After waiting for a couple of minutes, reboot the Routing Engine:<br />
user@switch> request system reboot<br />
Reboot the system ? [yes,no] (no) yes<br />
8. Enter the shell and verify that the previous backup bank is now the primary bank and<br />
that it contains the upgraded loader software:<br />
% kenv | grep boot.primary.bank<br />
boot.primary.bank="1"<br />
% kenv | grep boot.ver<br />
boot.ver="3.5.0"<br />
9. To install the loader software in the current backup bank, repeat Step 4 through Step<br />
8.<br />
NOTE: If you installed the loader software package from /var/tmp, you<br />
will need to copy the loader software package to /var/tmp again before<br />
you can repeat Step 4 through Step 8 because it is removed after each<br />
installation.<br />
10. (Optional) The following message might be displayed when a user logs in to the<br />
system:<br />
--- JUNOS 11.3R1.9 built 2011-03-19 22:06:32 UTC<br />
At least one package installed on this device has limited support.<br />
Run 'file show /etc/notices/unsupported.txt' for details..<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
This message can be safely ignored. It appears as a result of upgrading the loader<br />
software after you upgrade Junos OS.<br />
You can permanently remove this message by removing the loader software package<br />
and rebooting the system:<br />
Upgrade and Downgrade Instructions for Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
user@switch> request system software delete jloader-ex-8200<br />
Unmounted /packages/mnt/jloader-ex-8200-11.3 ...<br />
user@switch> request system reboot<br />
Reboot the system ? [yes,no] (no) yes<br />
To upgrade the backup Routing Engine on a switch with redundant Routing Engines:<br />
1. Log in to the backup Routing Engine. We recommend using a console connection.<br />
2. Perform a master switchover so that the backup Routing Engine becomes the master:<br />
user@switch> request chassis routing-engine master switch<br />
warning: Traffic will be interrupted while the PFE is re-initialized<br />
Toggle mastership between routing engines ? [yes,no] (no) yes<br />
Resolving mastership...<br />
Complete. The local routing engine becomes the master.<br />
3. Follow the same procedure for upgrading the loader software that you used for the<br />
original master Routing Engine (Step 3 through Step 10). When you reboot the Routing<br />
Engine after upgrading the loader software in the first bank, mastership returns to the<br />
original master Routing Engine. You will need to perform another master switchover<br />
before you can upgrade the loader software in the second bank.<br />
Upgrading Junos OS and the Loader Software on EX8200 Virtual Chassis<br />
To upgrade an EX8200 Virtual Chassis, you must upgrade the loader software on each<br />
Routing Engine of each member switch. The loader software on the external Routing<br />
Engines does not need to be upgraded.<br />
As described in “Upgrading Junos OS and the Loader Software on Standalone EX8200<br />
Switches” on page 51, the loader software for a Routing Engine resides in two flash<br />
memory banks and both banks must be upgraded with the new loader software.<br />
53
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
54<br />
To upgrade the loader software and Junos OS:<br />
1. Download the loader software package and the Junos OS package from the <strong>Juniper</strong><br />
<strong>Networks</strong> website as described in Downloading Software Packages from <strong>Juniper</strong><br />
<strong>Networks</strong>. Place the software packages on an internal software distribution site or in<br />
a local directory on the master external Routing Engine. We recommend using /var/tmp<br />
as the local directory.<br />
NOTE: To obtain the loader software package, see the Download Software<br />
page at http://www.juniper.net/support/products/junos/dom/. Click on the<br />
version, then the Software tab, then the name of the software install<br />
package. In the pop-up Alert box, click on the link to the PSN document.<br />
2. Log in to the master external Routing Engine.<br />
3. Install the Junos OS package:<br />
user@external-routing-engine> request system software add package<br />
Replace package with one of the following paths:<br />
• For a software package in the /var/tmp directory on the<br />
switch—/var/tmp/package.tgz<br />
• For a software package on a remote server:<br />
• ftp://hostname/pathname/package.tgz<br />
• http://hostname/pathname/package.tgz<br />
where package.tgz is, for example, jinstall-ex-xre200-11.3R1.8-domestic-signed.tgz.<br />
4. Reboot the Virtual Chassis:<br />
user@external-routing-engine> request system reboot<br />
Reboot the system ? [yes,no] (no) yes<br />
5. After the reboot completes, verify that Junos OS has been upgraded on all members:<br />
user@external-routing-engine> show version<br />
6. Install the loader package:<br />
user@external-routing-engine> request system software add package<br />
Replace package with the path to the loader package.<br />
The package is pushed to each member switch from the master external Routing<br />
Engine.<br />
7. Upgrade the loader software in the current backup banks on both Routing Engines on<br />
a member switch (member 0 is used in the command examples):<br />
a. Enter the CLI and log in to the member switch:<br />
user@external-routing-engine> request session member 0<br />
b. Upgrade the firmware in the backup bank on the master Routing Engine:<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
user@switch> request system firmware upgrade scb<br />
Firmware upgrade initiated....<br />
Please wait for ~2mins for upgrade to complete....<br />
c. Wait a couple of minutes and then reboot the Routing Engine:<br />
user@switch> request system reboot<br />
Reboot the system ? [yes,no] (no) yes<br />
d. Upgrade the firmware in the current backup bank of the backup Routing Engine<br />
(now the master) by repeating Step a through Step c.<br />
Because the loader software has been upgraded in the backup banks, they now<br />
become the primary banks.<br />
8. After the reboots of the Routing Engines complete, log in to the member switch again<br />
and verify that the loader software has been upgraded in the primary banks:<br />
user@external-routing-engine> request session member 0<br />
user@switch> show chassis firmware<br />
Part Type Version<br />
FPC 1 U-Boot U-Boot 1.1.6 (Mar 25 2009 - 06:13:12) 2.4.0<br />
loader FreeBSD/PowerPC U-Boot bootstrap loader 2.2<br />
FPC 5 U-Boot U-Boot 1.1.6 (Nov 5 2008 - 09:16:00)<br />
loader FreeBSD/PowerPC U-Boot bootstrap loader<br />
Routing Engine 0 U-Boot U-Boot 1.1.6 (Mar 11 2011 - 04:29:01) 3.5.0<br />
loader FreeBSD/PowerPC U-Boot bootstrap loader 2.4<br />
Routing Engine 1 U-Boot U-Boot 1.1.6 (Mar 11 2011 - 04:29:01) 3.5.0<br />
loader FreeBSD/PowerPC U-Boot bootstrap loader 2.4<br />
The U-Boot version that appears after the build date and time must be 3.5.0 or later.<br />
9. Upgrade the loader software in the new backup banks on both Routing Engines on<br />
the member switch:<br />
a. Upgrade the firmware in the backup bank on the master Routing Engine:<br />
user@switch> request system firmware upgrade scb<br />
Firmware upgrade initiated....<br />
Please wait for ~2mins for upgrade to complete....<br />
b. Perform a master switchover to make the backup Routing Engine the master<br />
Routing Engine:<br />
Upgrade and Downgrade Instructions for Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
user@switch> request chassis routing-engine master switch<br />
Toggle mastership between routing engines ? [yes,no] (no) yes<br />
You are returned to the master external Routing Engine after the master switchover.<br />
c. Log back in to the member switch:<br />
user@external-routing-engine> request session member 0<br />
d. Upgrade the firmware in the backup bank on the new master Routing Engine:<br />
user@switch> request system firmware upgrade scb<br />
Firmware upgrade initiated....<br />
Please wait for ~2mins for upgrade to complete....<br />
55
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
56<br />
e. Verify that the loader software has been upgraded in the new primary banks on<br />
both Routing Engines:<br />
user@switch> show chassis firmware<br />
Part Type Version<br />
FPC 1 U-Boot U-Boot 1.1.6 (Mar 25 2009 - 06:13:12) 2.4.0<br />
loader FreeBSD/PowerPC U-Boot bootstrap loader 2.2<br />
FPC 5 U-Boot U-Boot 1.1.6 (Nov 5 2008 - 09:16:00)<br />
loader FreeBSD/PowerPC U-Boot bootstrap loader<br />
Routing Engine 0 U-Boot U-Boot 1.1.6 (Mar 11 2011 - 04:29:01) 3.5.0<br />
loader FreeBSD/PowerPC U-Boot bootstrap loader 2.4<br />
Routing Engine 1 U-Boot U-Boot 1.1.6 (Mar 11 2011 - 04:29:01) 3.5.0<br />
loader FreeBSD/PowerPC U-Boot bootstrap loader 2.4<br />
f. Exit to the master external Routing Engine.<br />
10. Upgrade the loader software on the other member switch in the Virtual Chassis by<br />
repeating Step 7 through Step 9.<br />
Downgrading to Junos OS <strong>Release</strong> 10.4R2 or Earlier<br />
When you downgrade to a Junos OS release that does not support resilient dual-root<br />
partitions (<strong>Release</strong> 10.4R2 or earlier), the downgrade process automatically:<br />
• Reformats the disk from four partitions to three partitions during the reboot of the<br />
switch that completes the Junos OS downgrade. The reformat causes a one-time<br />
increase in boot time—10 to 25 additional minutes per Routing Engine for EX8200<br />
switches; 5 to 10 additional minutes for other switches.<br />
• Disables the boot-sequencing function of the loader software. With the boot-sequencing<br />
function disabled, the loader software behaves as it did before resilient dual-root<br />
partitions were introduced. The loader software itself is not downgraded—there is no<br />
need to downgrade it.<br />
To downgrade to <strong>Release</strong> 10.4R2 or earlier:<br />
1. Use the request system snapshot command to save your data files to external media<br />
before you perform the downgrade.<br />
2. Install Junos OS.<br />
NOTE: Files in the /config directory are saved and restored during the<br />
downgrade process. However, files in the /var directory, such as log files<br />
and user /home directories, are not saved. In addition, a power failure<br />
during the reboot could cause the configuration files to be lost.<br />
Upgrade Policy for Junos OS Extended End Of Life <strong>Release</strong>s<br />
A direct upgrade and downgrade path is now available for Junos OS Extended End of<br />
Life (EEOL) releases. You can upgrade directly from one EEOL release to the next release<br />
even though EEOL releases frequently occur in increments beyond three releases. The<br />
current upgrade and downgrade policy for a non-EEOL release is that you can upgrade<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
or downgrade only by up to three releases at a time. The +3 policy remains unchanged<br />
for non-EEOL releases but includes a direct upgrade and downgrade path for EEOL to<br />
next EEOL releases.<br />
It is important to note that you can upgrade or downgrade only to the EEOL release that<br />
occurs directly before or after the currently installed EEOL release. For example, Junos<br />
OS <strong>Release</strong>s 8.5, 9.3, and 10.0 are EEOL releases. You can upgrade from Junos OS <strong>Release</strong><br />
8.5 to Junos OS <strong>Release</strong> 10.0 only by first upgrading to Junos OS <strong>Release</strong> 9.3. This policy<br />
also applies to downgrades where you cannot skip an EEOL release but must target the<br />
EEOL release occurring directly before the currently installed EEOL release.<br />
For more information on EEOL releases and to review a list of EEOL releases, see<br />
http://www.juniper.net/support/eol/junos.html .<br />
Upgrading or Downgrading from Junos OS <strong>Release</strong> 9.4R1 for EX Series Switches<br />
The ARP aging time configuration in the system configuration stanza in Junos OS <strong>Release</strong><br />
9.4R1 is incompatible with the ARP aging time configuration in Junos OS <strong>Release</strong> 9.3R1<br />
or earlier and Junos OS <strong>Release</strong> 9.4R2 or later. If you have configured system arp<br />
aging-timer aging-time on EX Series switches running Junos OS <strong>Release</strong> 9.4R1 and upgrade<br />
to Junos OS <strong>Release</strong> 9.4R2 or later or downgrade to Junos OS <strong>Release</strong> 9.3R1 or earlier,<br />
the switch will display configuration errors on booting up after the upgrade or downgrade.<br />
As a workaround, delete the arp aging-timer aging-time configuration in the system<br />
configuration stanza and reapply the configuration after you complete the upgrade or<br />
downgrade.<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
The format of the file in which the EX4200 Virtual Chassis topology information is stored<br />
was changed in Junos OS <strong>Release</strong> 9.4. When you downgrade Junos OS <strong>Release</strong> 9.4 or<br />
later running on EX4200 switches in a Virtual Chassis to Junos OS <strong>Release</strong> 9.3 or earlier,<br />
make topology changes, and then upgrade to Junos OS <strong>Release</strong> 9.4 or later, the topology<br />
changes you made using Junos OS <strong>Release</strong> 9.3 or earlier are not retained. The switch<br />
restores the last topology change you made using Junos OS <strong>Release</strong> 9.4.<br />
Upgrading from Junos OS <strong>Release</strong> 9.3R1 to <strong>Release</strong> 11.3 for EX Series Switches<br />
If you are upgrading from Junos OS <strong>Release</strong> 9.3R1 and have voice over IP (VoIP) enabled<br />
on a private VLAN (PVLAN), you must remove this configuration before upgrading, to<br />
prevent upgrade problems. VoIP on PVLAN interfaces is not supported in releases later<br />
than Junos OS <strong>Release</strong> 9.3R1.<br />
Upgrade and Downgrade Instructions for Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
Upgrading EX Series Switches Using NSSU<br />
You can use nonstop software upgrade (NSSU) to upgrade Junos OS releases on EX8200<br />
standalone switches and EX8200 Virtual Chassis. For instructions on how to perform an<br />
upgrade using NSSU, see Upgrading Software on an EX8200 Standalone Switch Using<br />
Nonstop Software Upgrade (CLI Procedure) or Upgrading Software on an EX8200 Virtual<br />
Chassis Using Nonstop Software Upgrade (CLI Procedure).<br />
Table 2 on page 58 details NSSU support per Junos OS release and provides pointers to<br />
any known issues for particular upgrade scenarios.<br />
57
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
Table 2: Using NSSU to Upgrade Junos OS on EX8200 Switches and EX8200 Virtual Chassis<br />
Switch<br />
Platform<br />
EX8200<br />
standalone<br />
switch<br />
EX8200<br />
Virtual<br />
Chassis<br />
58<br />
Upgrade from<br />
<strong>Release</strong> x.x<br />
10.4R1 or 10.4R2<br />
10.4R3 or later<br />
11.1R1 or later<br />
11.2R1<br />
11.2R2<br />
11.3R1 or later<br />
10.4R1 or later<br />
11.1R1, 11.1R2, or<br />
11.1R3<br />
11.1R4<br />
11.1R5 or later<br />
11.2R1<br />
11.2R2<br />
11.3R1 or later<br />
Upgrade to<br />
<strong>Release</strong><br />
10.4R4 or<br />
Later<br />
Not<br />
supported<br />
Supported<br />
–<br />
–<br />
–<br />
–<br />
Not<br />
supported<br />
–<br />
–<br />
–<br />
–<br />
–<br />
–<br />
Upgrade to<br />
<strong>Release</strong> 11.1R4<br />
or Later<br />
Not supported<br />
Supported<br />
Supported<br />
–<br />
–<br />
–<br />
Not supported<br />
Not<br />
recommended<br />
Not<br />
recommended<br />
–<br />
–<br />
–<br />
–<br />
Upgrade to<br />
<strong>Release</strong> 11.2R1<br />
Not supported<br />
Supported<br />
Supported<br />
Supported<br />
–<br />
–<br />
Not supported<br />
Not<br />
recommended<br />
Supported<br />
Supported<br />
Supported<br />
–<br />
–<br />
Upgrade to<br />
<strong>Release</strong> 11.2R2<br />
Not supported<br />
Supported<br />
Supported<br />
Supported<br />
Supported<br />
–<br />
Not supported<br />
Not<br />
recommended<br />
Supported<br />
Supported<br />
Supported<br />
Supported<br />
–<br />
Upgrade to<br />
<strong>Release</strong> 11.3R1 or<br />
later<br />
Not supported<br />
Supported<br />
Supported<br />
Supported<br />
Supported<br />
Supported<br />
Not supported<br />
Not recommended<br />
Supported<br />
Supported<br />
Supported<br />
Supported<br />
Supported<br />
On an EX8200 Virtual Chassis, an NSSU operation can be performed only if you have<br />
configured the XRE200 External Routing Engine member ID to be 8 or 9.<br />
NOTE: Do not use nonstop software upgrade (NSSU) to upgrade the software<br />
on an EX8200 switch from Junos OS <strong>Release</strong> 10.4 if you have configured the<br />
IGMP, MLD, or PIM protocols on the switch. If you attempt to use NSSU, your<br />
switch might be left in a nonfunctional state from which it is difficult to<br />
recover. If you have these multicast protocols configured, upgrade the<br />
software on the EX8200 switch from <strong>Release</strong> 10.4 by following the<br />
instructions in Installing Software on an EX8200 Switch with Redundant Routing<br />
Engines (CLI Procedure). This issue does not apply to upgrades from <strong>Release</strong><br />
11.1 or later.<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Related<br />
Documentation<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
•<br />
NOTE: If you are using NSSU to upgrade the software on an EX8200 switch<br />
from Junos OS <strong>Release</strong> 10.4 or <strong>Release</strong> 11.1 and sFlow technology is enabled,<br />
disable sFlow technology before you perform the upgrade using NSSU. After<br />
the upgrade is complete, you can reenable sFlow technology. If you do not<br />
disable sFlow technology before you perform the upgrade with NSSU, sFlow<br />
technology will not work properly. This issue does not affect upgrades from<br />
<strong>Release</strong> 11.2 or later.<br />
NOTE: If you are using NSSU to upgrade the software on an EX8200 switch<br />
from Junos OS <strong>Release</strong> 11.1 and NetBIOS snooping is enabled, disable NetBIOS<br />
snooping before you perform the upgrade using NSSU. After the upgrade is<br />
complete, you can reenable NetBIOS snooping. If you do not disable NetBIOS<br />
snooping before you perform the upgrade with NSSU, NetBIOS snooping will<br />
not work properly. This issue does not affect upgrades from <strong>Release</strong> 11.2 or<br />
later.<br />
New Features in Junos OS <strong>Release</strong> 11.3 for EX Series Switches on page 4<br />
• Changes in Default Behavior and Syntax in Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
on page 10<br />
• Limitations in Junos OS <strong>Release</strong> 11.3 for EX Series Switches on page 11<br />
• Outstanding Issues in Junos OS <strong>Release</strong> 11.3 for EX Series Switches on page 16<br />
• Resolved Issues in Junos OS <strong>Release</strong> 11.3 for EX Series Switches on page 20<br />
• Changes to and Errata in Documentation for Junos OS <strong>Release</strong> 11.3 for EX Series<br />
Switches on page 39<br />
Upgrade and Downgrade Instructions for Junos OS <strong>Release</strong> 11.3 for EX Series Switches<br />
59
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
Junos OS <strong>Release</strong> <strong>Notes</strong> for the QFX Series<br />
• New Features in Junos OS <strong>Release</strong> 11.3 for the QFX Series on page 60<br />
• Changes in Default Behavior and Syntax in Junos OS <strong>Release</strong> 11.3 for the QFX<br />
Series on page 62<br />
• Limitations in Junos OS <strong>Release</strong> 11.3 for the QFX Series on page 65<br />
• Outstanding Issues in Junos OS <strong>Release</strong> 11.3 for the QFX Series on page 67<br />
• Resolved Issues in Junos OS <strong>Release</strong> 11.3 for the QFX Series on page 71<br />
• Errata in Documentation for Junos OS <strong>Release</strong> 11.3 for the QFX Series on page 77<br />
• Upgrade and Downgrade Instructions for Junos OS <strong>Release</strong> 11.3 for the QFX<br />
Series on page 78<br />
New Features in Junos OS <strong>Release</strong> 11.3 for the QFX Series<br />
60<br />
To view the entire set of software information in PDF format, see the Complete Software<br />
Guide for Junos OS for the QFX Series, <strong>Release</strong> 11.3.<br />
• Interfaces on page 60<br />
• Layer 2 and Layer 3 Protocols on page 60<br />
• Multicast Protocols on page 61<br />
• Network Management on page 61<br />
Interfaces<br />
• Enhanced LAG capabilities (QFX3500 switches)—Enable you to use multiple network<br />
cables and ports in parallel to increase link speed and redundancy. The expanded<br />
support for link aggregation (LAG) on QFX3500 switches now lets you to support up<br />
to 32 members in a LAG bundle. You can specify the members of a LAG at the [edit<br />
interfaces ether-options 802.3ad] hierarchy level.<br />
Layer 2 and Layer 3 Protocols<br />
• Border Gateway Protocol (QFX3500 switches)—Border Gateway Protocol (BGP) is<br />
an exterior gateway protocol (EGP) for routing traffic between autonomous systems<br />
(ASs). You can configure BGP at the [edit protocols bgp] hierarchy level.<br />
• Open Shortest Path First (QFX3500 switches)—The IPv4 Open Shortest Path First<br />
protocol is an interior gateway protocol (IGP) for routing traffic within an autonomous<br />
system (AS). QFX3500 switches support OSPFv1 and OSPFv2. You can configure<br />
OSPF at the [edit protocols ospf] hierarchy level.<br />
• Dynamic Host Control Protocol relay agent (QFX3500 switches)—Enables a switch<br />
to relay a DHCP request broadcast by a locally attached host to a DHCP server. To<br />
enable DHCP relay, include the bootp statement at the [edit forwarding-options helpers]<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
hierarchy level and the dhcp-option82 statement at the [edit ethernet-switching-options<br />
secure-access-port vlan] hierarchy level.<br />
• Virtual Router Redundancy Protocol (QFX3500 switches)—Enables you to provide<br />
alternative gateways for end hosts that are configured with static default routes. You<br />
can implement VRRP to provide a highly available default path to a gateway without<br />
needing to configure dynamic routing or router discovery protocols on end hosts. To<br />
configure VRRP, include the vrrp-group statement at the [edit interfaces unit family<br />
inet address] hierarchy level and the vrrp statement at the [edit protocols] hierarchy<br />
level.<br />
Multicast Protocols<br />
• Protocol Independent Multicast sparse mode (QFX3500 switches)—Enables efficient<br />
routing to multicast groups with receivers sparsely spread over multiple networks. To<br />
configure PIM sparse mode, include the pim statement at the [edit protocols] hierarchy<br />
level.<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
Network Management<br />
• sFlow technology (QFX3500 switches)—sFlow technology is a monitoring technology<br />
for high-speed switched or routed networks. You can configure sFlow technology to<br />
monitor traffic continuously at wire speed on all interfaces simultaneously. sFlow<br />
technology also collects samples of network packets, which can provide you with<br />
visibility into network traffic information. The QFX3500 switches support the sFlow<br />
standard, which is described in RFC 3176, InMon Corporation's sFlow: A Method for<br />
Monitoring Traffic in Switches and Routed <strong>Networks</strong>. You configure sFlow monitoring<br />
at the [edit protocols sflow] hierarchy level. sFlow operational commands include show<br />
sflow and clear sflow collector statistics.<br />
• Uplink failure detection (QFX3500 switches)—Extends support for this existing EX<br />
Series switch feature to QFX Series switches. Uplink failure detection enables a switch<br />
to detect link failures on uplink interfaces and to propagate this information to downlink<br />
interfaces, so that servers connected to those downlink interfaces can switch over to<br />
secondary interfaces.<br />
New Features in Junos OS <strong>Release</strong> 11.3 for the QFX Series<br />
Uplink failure detection supports network adapter teaming and provides network<br />
redundancy. In network adapter teaming, all of the network interface cards (NICs) on<br />
a server are configured in a primary or secondary relationship and share the same IP<br />
address. When the primary link goes down, the server transparently shifts the connection<br />
to the secondary link. With uplink failure detection, the switch monitors uplink interfaces<br />
for link failures. When it detects a failure, it disables the downlink interfaces. When the<br />
server detects a disabled downlink interface, it switches over to the secondary link to<br />
ensure traffic is not dropped but sent over the secondary path instead.<br />
When configuring uplink failure detection, you add an uplink interface and a<br />
corresponding downlink interface as a pair into a failure detection group. To add uplink<br />
interfaces to the group, include the link-to-monitor interface-name statement at the<br />
[edit protocols uplink-failure-detection group group-name] hierarchy level. To add<br />
downlink interfaces to the group, include the link-to-disable interface-name statement<br />
at the [edit protocols uplink-failure-detection group group-name] hierarchy level.<br />
61
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
Related<br />
Documentation<br />
•<br />
For more information about configuring uplink failure detection, see Configuring<br />
Interfaces for Uplink Failure Detection.<br />
Changes in Default Behavior and Syntax in Junos OS <strong>Release</strong> 11.3 for the QFX Series<br />
on page 62<br />
• Limitations in Junos OS <strong>Release</strong> 11.3 for the QFX Series on page 65<br />
• Outstanding Issues in Junos OS <strong>Release</strong> 11.3 for the QFX Series on page 67<br />
• Resolved Issues in Junos OS <strong>Release</strong> 11.3 for the QFX Series on page 71<br />
• Errata in Documentation for Junos OS <strong>Release</strong> 11.3 for the QFX Series on page 77<br />
• Upgrade and Downgrade Instructions for Junos OS <strong>Release</strong> 11.3 for the QFX Series on<br />
page 78<br />
Changes in Default Behavior and Syntax in Junos OS <strong>Release</strong> 11.3 for the QFX Series<br />
62<br />
Traffic Management<br />
• In Junos OS <strong>Release</strong> 11.3, the class-of-service (CoS) implementation on QFX3500<br />
switches differs significantly from that in previous releases. For full information about<br />
these changes, see Overview of CoS Changes Introduced in Junos OS <strong>Release</strong> 11.3. A<br />
summary of the changes is included below.<br />
NOTE: To upgrade to Junos OS <strong>Release</strong> 11.3, we recommend that you<br />
remove your CoS configuration before you upgrade the switch to Junos OS<br />
<strong>Release</strong> 11.3, then upgrade the switch, modify your CoS configuration based<br />
on the revised guidelines, and then reapply the CoS configuration after the<br />
software upgrade.<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
The CoS changes and configuration recommendations for Junos OS <strong>Release</strong> 11.3 are<br />
as follows:<br />
• The default IEEE unicast classifiers have been updated with the following mappings<br />
for forwarding class, queue, and priority as shown in Table 3 on page 63.<br />
Table 3: IEEE Unicast Classifiers for Junos OS <strong>Release</strong> 11.3<br />
Code Point<br />
000<br />
001<br />
010<br />
011<br />
100<br />
101<br />
110<br />
111<br />
Forwarding Class<br />
best-effort<br />
best-effort<br />
best-effort<br />
fcoe<br />
no-loss<br />
best-effort<br />
network-control<br />
network-control<br />
Loss Priority<br />
• Default schedulers contain the following changes, as shown in Table 4 on page 63:<br />
• All IEEE 802.1p priorities map to a single multidestination forwarding class.<br />
• The default transmit rates have been changed (see “Bandwidth” column in Table<br />
4 on page 63).<br />
• The default forwarding classes have changed. Instead of eight classes, there are<br />
now five: fcoe, no-loss (guaranteed delivery for TCP lossless traffic), best-effort<br />
low<br />
low<br />
low<br />
low<br />
low<br />
low<br />
low<br />
low<br />
(be), network-control (nc), and multicast best-effort (mcast).<br />
Table 4: Default Schedulers for Junos OS <strong>Release</strong> 11.3<br />
Forwarding Class<br />
best-effort (be)<br />
fcoe<br />
no-loss<br />
network-control (nc)<br />
multicast-best-effort (mcast)<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
Changes in Default Behavior and Syntax in Junos OS <strong>Release</strong> 11.3 for the QFX Series<br />
Priority/Queue<br />
Low/0<br />
Low/3<br />
Low/4<br />
Low/7<br />
Low/8<br />
Bandwidth<br />
5%<br />
35%<br />
35%<br />
5%<br />
20%<br />
63
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
64<br />
• There is now one multidestination default forwarding class. (In Junos OS <strong>Release</strong> 11.2<br />
and earlier, there were four default multidestination forwarding classes.)<br />
• The excess-rate statement is no longer supported. You must remove it from your<br />
CoS configuration used in Junos OS <strong>Release</strong> 11.2 and earlier in order to upgrade to<br />
Junos OS <strong>Release</strong> 11.3.<br />
NOTE: The CoS process does not start if the excess-rate statement exists<br />
in your configuration.<br />
• The transmit-rate statement is not allowed in forwarding classes that have strict-high<br />
priority queues, and the guaranteed-rate statement is not allowed in forwarding class<br />
sets (fc-sets) that have strict-high priority queues.<br />
• If you wish to configure strict-high priority queues, you can include them only in one<br />
fc-set. The switch issues a commit error if you exceed this limit.<br />
• Strict-high priority queues cannot be included in an fc-set set that also contains<br />
other queues that are not strict-high priority (even if ETS is not required). The switch<br />
issues a commit error if you break this rule.<br />
NOTE: You must remove mixed priority queues from your CoS<br />
configuration used in Junos OS <strong>Release</strong> 11.2 and earlier in order to upgrade<br />
to Junos OS <strong>Release</strong> 11.3. The CoS process does not start if mixed priority<br />
queues are included in the same fc-set.<br />
• Strict-high priority is not allowed in multidestination queues and fc-sets.<br />
• The high priority option has been removed from the scheduler configuration (only<br />
low and strict-high priorities are now supported in Junos OS <strong>Release</strong> 11.3).<br />
• Remove strict priority queues from your configuration.<br />
• Avoid configuring the transmit-rate option as an exact rate. Instead, configure the<br />
transmit-rate as a percentage.<br />
• If you included default multidestination forwarding classes for a switch running Junos<br />
OS <strong>Release</strong> 11.2 and earlier, you need to reclassify all these forwarding classes into<br />
a single multidestination forwarding class.<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Related<br />
Documentation<br />
•<br />
NOTE: Summary—On QFX3500 switches, when you upgrade Junos OS on<br />
the switch to <strong>Release</strong> 11.3, if the existing CoS configuration specifies any<br />
of the parameters listed below, the CoS process might not start:<br />
1. If you configure strict-high priority and low priority queues in the same<br />
fc-set<br />
2. If you configure multidestination queues with strict-high priority<br />
3. If you configure the transmit-rate option for strict-high priority queues<br />
or the guaranteed-rate option for fc-sets that contain strict-high priority<br />
queues<br />
4. If you configure a scheduler using the excess-rate option<br />
5. If you configure a scheduler with high priority<br />
Also, if the existing CoS configuration includes default multicast forwarding<br />
classes such as mcast-be, mcast-af, mcast-ef or mcast-nc at the [edit<br />
class-of-service (classifiers | rewrite-rules | schedulers)] hierarchy level, the<br />
system might not come up after you upgrade Junos OS on the switch to<br />
Junos OS <strong>Release</strong> 11.3.<br />
To avoid upgrade issues with CoS, deactivate the CoS configuration before<br />
you upgrade to Junos OS <strong>Release</strong> 11.3. After the upgrade, remove the<br />
multidestination and strict priority queues, and delete the excess-rate<br />
statement from the CoS configuration. If desired, configure the<br />
multidestination and strict-high priority features using the Junos OS<br />
<strong>Release</strong> 11.3 configuration rules. Activate the CoS configuration and commit<br />
the modified CoS configuration.<br />
New Features in Junos OS <strong>Release</strong> 11.3 for the QFX Series on page 60<br />
• Limitations in Junos OS <strong>Release</strong> 11.3 for the QFX Series on page 65<br />
• Outstanding Issues in Junos OS <strong>Release</strong> 11.3 for the QFX Series on page 67<br />
• Resolved Issues in Junos OS <strong>Release</strong> 11.3 for the QFX Series on page 71<br />
• Errata in Documentation for Junos OS <strong>Release</strong> 11.3 for the QFX Series on page 77<br />
• Upgrade and Downgrade Instructions for Junos OS <strong>Release</strong> 11.3 for the QFX Series on<br />
page 78<br />
Limitations in Junos OS <strong>Release</strong> 11.3 for the QFX Series<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
Limitations in Junos OS <strong>Release</strong> 11.3 for the QFX Series<br />
This section lists the limitations in Junos OS <strong>Release</strong> 11.3 for the QFX Series.<br />
65
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
66<br />
Related<br />
Documentation<br />
Storage<br />
• A Fibre Channel fabric supports a maximum of four Fibre Channel over Ethernet (FCoE)<br />
VLAN interfaces.<br />
• The maximum number of logins for each FCoE node (ENode) is 32. (Each ENode can<br />
log in to a particular fabric up to 32 times. An ENode can log in to more than one fabric<br />
and have 32 logins to each fabric.)<br />
• The maximum number of FCoE sessions for the switch, which equals the total number<br />
of fabric login (FLOGI) sessions plus the total number of fabric discovery (FDISC)<br />
sessions, depends on how you configure the ports in a specified FC fabric. If you<br />
configure the ports as FCoE trusted, the maximum number of FCoE sessions (ENode<br />
to FCF sessions) the system can support is 3000. If the ports are not FCoE trusted, the<br />
maximum number of FCoE sessions is 376.<br />
• When you configure FIP snooping filters, if the filters consume more space than is<br />
available in the ternary content-addressable memory (TCAM), the configuration commit<br />
operation succeeds even though the filters are not actually implemented in the<br />
configuration. Because the commit operation checks syntax but does not check<br />
available resources, it appears as if the FIP snooping filters are configured, but they<br />
are not. The only indication of this issue is that the switch generates a system log<br />
message that the TCAM is full. You must check the system log to find out if a TCAM<br />
full message has been logged if you suspect that the filters have not been implemented.<br />
• You cannot use a fixed classifier to map FCoE traffic to an interface. The FCoE<br />
application time length value (TLV) carries the FCoE priority-based flow control (PFC)<br />
information when you use an explicit IEEE 802.1p classifier to map FCoE traffic to an<br />
interface. You cannot use a fixed classifier to map FCoE traffic to an interface because<br />
untagged traffic will be classified in the FCoE forwarding class, but FCoE traffic must<br />
have a priority tag (FCoE traffic cannot be untagged).<br />
For example, the following configuration is supported:<br />
[edit class-of-service]<br />
user@switch# set congestion notification profile fcoe-cnp input ieee-802.1 code-point<br />
011 pfc<br />
user@switch# set interfaces xe-0/0/24 unit 0 classifiers ieee-802.1 fcoe<br />
For example, the following fixed classifier configuration is not supported:<br />
[edit class-of-service]<br />
user@switch# set interfaces xe-0/0/24 unit 0 forwarding-class fcoe<br />
Traffic Management<br />
• Classifiers are not supported on Layer 3 logical interfaces; therefore, classifiers cannot<br />
•<br />
be applied to routed VLAN interfaces (RVIs). You can apply classifiers to Layer 2 logical<br />
interfaces.<br />
New Features in Junos OS <strong>Release</strong> 11.3 for the QFX Series on page 60<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
• Changes in Default Behavior and Syntax in Junos OS <strong>Release</strong> 11.3 for the QFX Series<br />
on page 62<br />
• Outstanding Issues in Junos OS <strong>Release</strong> 11.3 for the QFX Series on page 67<br />
• Resolved Issues in Junos OS <strong>Release</strong> 11.3 for the QFX Series on page 71<br />
• Errata in Documentation for Junos OS <strong>Release</strong> 11.3 for the QFX Series on page 77<br />
• Upgrade and Downgrade Instructions for Junos OS <strong>Release</strong> 11.3 for the QFX Series on<br />
page 78<br />
Outstanding Issues in Junos OS <strong>Release</strong> 11.3 for the QFX Series<br />
The following issues are outstanding in Junos OS <strong>Release</strong> <strong>11.3R4</strong>. The identifier following<br />
the description is the tracking number in our bug database.<br />
For the latest, most complete information about outstanding and resolved issues with<br />
the Junos OS software, see the <strong>Juniper</strong> <strong>Networks</strong> online software defect search application<br />
at http://www.juniper.net/prsearch .<br />
NOTE: Some issues that apply to EX Series switches may apply to the QFX<br />
Series as well. If you have an issue but cannot locate it in this section, see the<br />
“Outstanding Issues in Junos OS <strong>Release</strong> 11.3 for the EX Series” section in the<br />
<strong>Juniper</strong> <strong>Networks</strong> Junos 11.3 OS <strong>Release</strong> <strong>Notes</strong>.<br />
• Configuration and File Management<br />
• Hardware<br />
• Interfaces<br />
• Junos OS Basics<br />
• Layer 2 and Layer 3 Protocols<br />
• Multicast Protocols<br />
• Network Management<br />
• Routing Protocols<br />
• Storage<br />
• Traffic Management<br />
Configuration and File Management<br />
• On QFX3500 switches with STP configured, the show ethernet-switching interfaces<br />
ae0 command incorrectly shows an LACP-enabled aggregated Ethernet interface as<br />
being “Blocked by STP” instead of being operationally down. [PR/676448]<br />
Hardware<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
Outstanding Issues in Junos OS <strong>Release</strong> 11.3 for the QFX Series<br />
• On QFX3500 switches, if the ambient temperature decreases to below 10 degrees C<br />
after a link is established, you may see transmission failure on ports 0 through 5, and<br />
67
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
68<br />
42 through 47 if those ports were configured with QFX-SFP-DAC-5M cables. The<br />
workaround is to use 1M or 3M DAC cable or SFP+ optical fiber cable on those ports if<br />
you expect ambient temperature to drop below 10 degrees C. [PR/570748]<br />
• On QFX3500 switches, the show chassis environment and show chassis hardware<br />
commands show installed but unpowered PSUs as absent rather than present.<br />
[PR/580026]<br />
Interfaces<br />
• On QFX3500 switches, when you enable or disable a member interface of a link<br />
aggregation group (LAG), some packets might be dropped. [PR/552445]<br />
• On QFX3500 switches, if you change the family of an interface by using the load override<br />
command, the interface might not be configured properly and might drop traffic as a<br />
result. To prevent this from occurring, use separate operations to delete the original<br />
family and configure the new family. For example, you might perform the following<br />
steps:<br />
1. Delete family ethernet-switching from an interface.<br />
2. Commit the change.<br />
3. Configure family inet for the same interface.<br />
4. Commit the change.<br />
[PR/668600]<br />
• On QFX3500 switches, if you use passive direct attach copper (DAC) cables for ports<br />
6 through 41, you configure 10-Gigabit Ethernet (xe-) interfaces directly or as part of<br />
an aggregated Ethernet (ae-) bundle, and the remote end of the link is down, either<br />
interface type might take awhile to be declared down in the output of the show<br />
interfaces command. As a workaround, upgrade your microboot firmware to version 1.1.2.<br />
[PR/681577]<br />
Junos OS Basics<br />
• On QFX3500 switches, the value of the ifInErrors field in the sFlow datagram for an<br />
interface does not match the value of the Input errors field in the output of the show<br />
interfaces extensive command for the same interface. [PR/603525]<br />
• On QFX3500 switches, momentary loss of Layer 3 unicast traffic might occur when<br />
traffic is switched from the default route to the longest prefix match (LPM) route.<br />
[PR/607695]<br />
• On QFX3500 switches, when you configure storm control bandwidth, the value you<br />
configure is rounded off internally to the closest multiple of 64 Kbps, and the<br />
rounded-off value represents the bandwidth that is actually enforced. For example, if<br />
you configure a bandwidth limit of 150 Kbps, storm control enforces a bandwidth limit<br />
of 128 Kbps. [PR/682928]<br />
• On QFX3500 switches, if traffic is dropped by a firewall filter, sampling of the traffic<br />
might not occur as expected. [PR/687670]<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
Layer 2 and Layer 3 Protocols<br />
• On QFX3500 switches, if you configure the VLAN Spanning Tree Protocol (VSTP) on<br />
an Ethernet interface and change the port mode from trunk to access, the output of<br />
the show spanning-tree statistics interface command displays zero BPDUs received.<br />
[PR/541649]<br />
• On QFX3500 switches, when you enable Protocol Independent Multicast (PIM)<br />
bootstrap router (BSR) functionality after a multicast rendezvous point (RP) failover<br />
occurs, some PIM routes are not resolved. As a result, stale routes may appear in the<br />
IP multicast (IPMC) table. [PR/666994]<br />
• On QFX3500 switches, if traffic is flowing from tens of thousands of different MAC<br />
addresses and you issue the clear ethernet-switching table command, the switches<br />
can take more than 30 minutes to complete MAC learning. [PR/683515]<br />
• On QFX3500 switches, if you make several simultaneous changes to VLANs and an<br />
associated routed VLAN interface (RVI) and then issue a commit operation, ARP<br />
resolution might fail on the RVI interface. [PR/692103]<br />
Multicast Protocols<br />
• If a QFX3500 switch acting as a Protocol Independent Multicast (PIM) rendezvous<br />
point (RP) router is on the same LAN as the PIM designated router and last-hop router,<br />
and IGMP snooping is enabled on the PIM interfaces, there might be an error in the<br />
multicast forwarding cache entry on the RP. If this occurs, you see that the RP interface<br />
type is PIMD (PIM-Decapsulator) when you enter the show interfaces command for<br />
the PIM interface. In this situation, multicast traffic is still forwarded correctly.<br />
[PR/681734]<br />
• On QFX3500 switches, if you enter the clear igmp-snooping membership vlan vlan<br />
command for a VLAN that does not exist, you see an error message that begins with<br />
a meaningless number that you should ignore. [PR/683996]<br />
Network Management<br />
• On QFX3500 switches, even if you configure an egress sampling rate for sFlow<br />
monitoring, the switch uses the ingress sampling rate instead. [PR/686002]<br />
Routing Protocols<br />
• On QFX3500 switches, if you include the from interface interface-name statement at<br />
the [edit firewall family inet filter filter-name term term-name] hierarchy level, the<br />
interface firewall filter match conditions intended for routed VLAN interfaces (RVIs)<br />
do not take effect. [PR/589292]<br />
Outstanding Issues in Junos OS <strong>Release</strong> 11.3 for the QFX Series<br />
• On QFX3500 switches, if you apply a single-rate two-color policer with more than 128<br />
terms in a firewall filter, the output of the show firewall command displays incorrect<br />
data for the single-rate two-color policer associated with the firewall filter. [PR/667201]<br />
69
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
70<br />
Related<br />
Documentation<br />
• On QFX3500 switches, if you enable IGMP snooping, some unregistered multicast<br />
MAC addresses in the 03- and 09- ranges might not be permitted and might cause<br />
some interoperability issues. [PR/691943]<br />
Storage<br />
• On QFX3500 switches, if you configure a CoS priority group with the strict-high priority,<br />
the ETS feature output of the show dcbx neighbors interface command displays the<br />
percentage guaranteed bandwidth for the priority group as 0 instead of indicating that<br />
the priority group does not have a specific guaranteed bandwidth. [PR/664096]<br />
• On QFX3500 switches, when FIP snooping is enabled on a port and the switch is<br />
connected to a Fibre Channel over Ethernet (FCoE) device on that port, Link Layer<br />
Discovery Protocol (LLDP) is not successfully initiated on the link. To allow the link to<br />
initiate LLDP, disable the Port and Protocol VLAN ID type, length, and value (TLV).<br />
[PR/669097]<br />
• On all QFX Series products, DCBX is required on Ethernet interfaces for FCoE, ETS, and<br />
other features to function properly. However, DCBX is not enabled by default on all<br />
Ethernet interfaces, so some of these features might not work properly. As a<br />
workaround, enable DCBX on all interfaces by including the interface all statement at<br />
the [edit protocols dcbx] hierarchy level. [PR/709685]<br />
Traffic Management<br />
• The actual output rate is different than the expected output rate for no-loss and FCoE<br />
forwarding classes. When you configure a minimum guaranteed queue bandwidth<br />
(transmit rate) and enable priority-based flow control (PFC) on no-loss and FCoE<br />
queues, if the traffic consists of jumbo frames (frame size of 9216 bytes), the no-loss<br />
and FCoE queues might receive more or less bandwidth than expected. This is because<br />
the queue buffer stores fewer jumbo frames, and the transmit queue can be underrun<br />
when PFC temporarily stops the flow of frames. [PR/659621]<br />
• When a priority group (forwarding class set) that contains FCoE and no-loss queues<br />
(forwarding classes) uses the same egress port as a priority group that contains<br />
strict-high priority queues, if you add or delete the maximum bandwidth configuration<br />
(shaping rate) on the priority group with the strict-high priority queues, the FCoE and<br />
no-loss queues experience packet loss during the configuration change. [PR/666158]<br />
• On QFX Series products, if you configure the queue 3 fcoe statement at the [edit<br />
•<br />
class-of-service forwarding-classes] hierarchy level on a switch running Junos OS<br />
<strong>Release</strong> 11.1 or 11.2, and then upgrade to Junos OS <strong>Release</strong> 11.3, the converged network<br />
adapter (CNA) interface might fail to connect to the Fibre Channel fabric. As a<br />
workaround, replace the queue 3 fcoe statement with the class fcoe queue-num 3<br />
statement in your forwarding class configuration. [PR/684372]<br />
New Features in Junos OS <strong>Release</strong> 11.3 for the QFX Series on page 60<br />
• Changes in Default Behavior and Syntax in Junos OS <strong>Release</strong> 11.3 for the QFX Series<br />
on page 62<br />
• Limitations in Junos OS <strong>Release</strong> 11.3 for the QFX Series on page 65<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
• Resolved Issues in Junos OS <strong>Release</strong> 11.3 for the QFX Series on page 71<br />
• Errata in Documentation for Junos OS <strong>Release</strong> 11.3 for the QFX Series on page 77<br />
• Upgrade and Downgrade Instructions for Junos OS <strong>Release</strong> 11.3 for the QFX Series on<br />
page 78<br />
Resolved Issues in Junos OS <strong>Release</strong> 11.3 for the QFX Series<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
The following issues have been resolved in Junos OS <strong>Release</strong> 11.3 in the specified<br />
maintenance releases listed in this topic.<br />
For the latest, most complete information about outstanding and resolved issues with<br />
the Junos OS software, see the <strong>Juniper</strong> <strong>Networks</strong> online software defect search application<br />
at http://www.juniper.net/prsearch .<br />
NOTE: Some issues that apply to EX Series switches may apply to the QFX<br />
Series as well. If you are looking for a resolved issue but cannot locate it in<br />
this section, see the “Resolved Issues in Junos OS <strong>Release</strong> 11.3 for the EX<br />
Series” section in the Junos OS 11.3 <strong>Release</strong> <strong>Notes</strong>.<br />
• Issues Resolved in <strong>Release</strong> 11.3R5 on page 71<br />
• Issues Resolved in <strong>Release</strong> <strong>11.3R4</strong> on page 72<br />
• Issues Resolved in <strong>Release</strong> 11.3R3 on page 73<br />
• Issues Resolved in <strong>Release</strong> 11.3R2 on page 75<br />
Issues Resolved in <strong>Release</strong> 11.3R5<br />
Resolved Issues in Junos OS <strong>Release</strong> 11.3 for the QFX Series<br />
The following issues have been resolved since Junos OS <strong>Release</strong> <strong>11.3R4</strong>. The identifier<br />
following the description is the tracking number in our bug database.<br />
71
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
72<br />
Interfaces<br />
• On QFX3500 switches, if you connect a direct attach copper (DAC) cable made by a<br />
vendor other than <strong>Juniper</strong> <strong>Networks</strong>, the link might not activate. [PR/707371: This issue<br />
has been resolved.]<br />
Junos OS Basics<br />
• On QFX3500 switches, if you configure a backup static route with a higher preference<br />
value and the primary link loses its connection, the switchover time to the backup link<br />
might take longer than expected. [PR/704106: This issue has been resolved.]<br />
Platform and Infrastructure<br />
• On QFX3500 switches, if you define a VLAN but do not issue the commit command,<br />
and then try to apply the VLAN to an interface, configuration mode might stop operating.<br />
[PR/701250: This issue has been resolved.]<br />
Routing Protocols<br />
• On QFX3500 switches, if you apply a firewall filter to the lo0 loopback interface, the<br />
switch might not be able to generate a local ARP for the destination addresses of<br />
transit traffic. [PR/693441: This issue has been resolved.]<br />
Storage<br />
• On QFX3500 switches, if you initiate a large number of simultaneous FCoE login<br />
attempts, the Fibre Channel process might stop operating. [PR/699664: This issue<br />
has been resolved.]<br />
Issues Resolved in <strong>Release</strong> <strong>11.3R4</strong><br />
The following issues have been resolved since Junos OS <strong>Release</strong> 11.3R3. The identifier<br />
following the description is the tracking number in our bug database.<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Interfaces<br />
• On QFX3500 switches, if you connect a direct attach copper (DAC) cable made by a<br />
vendor other than <strong>Juniper</strong> <strong>Networks</strong>, the link might not activate. [PR/707371: This issue<br />
has been resolved.]<br />
Junos OS Basics<br />
• On QFX3500 switches, if you configure a backup static route with a higher preference<br />
value and the primary link loses its connection, the switchover time to the backup link<br />
might take longer than expected. [PR/704106: This issue has been resolved.]<br />
Platform and Infrastructure<br />
• On QFX3500 switches, if you define a VLAN but do not issue the commit command,<br />
and then try to apply the VLAN to an interface, configuration mode might stop operating.<br />
[PR/701250: This issue has been resolved.]<br />
Routing Protocols<br />
• On QFX3500 switches, if you apply a firewall filter to the lo0 loopback interface, the<br />
switch might not be able to generate a local ARP for the destination addresses of<br />
transit traffic. [PR/693441: This issue has been resolved.]<br />
Storage<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
• On QFX3500 switches, if you initiate a large number of simultaneous FCoE login<br />
attempts, the Fibre Channel process might stop operating. [PR/699664: This issue<br />
has been resolved.]<br />
Issues Resolved in <strong>Release</strong> 11.3R3<br />
Resolved Issues in Junos OS <strong>Release</strong> 11.3 for the QFX Series<br />
The following issues have been resolved since Junos OS <strong>Release</strong> 11.3R2. The identifier<br />
following the description is the tracking number in our bug database.<br />
73
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
74<br />
Interfaces<br />
• When you use a QSFP+ to 4 SFP+ copper breakout cable on QFX3500 switches, the<br />
LA (Link/Activity) LED for the QSFP+ port blinks based only on the link activity of the<br />
lowest-numbered 10-Gigabit Ethernet port of the four ports. The correct behavior is<br />
for the LED to blink if any of the four ports has activity. [PR/683897: This issue has<br />
been resolved.]<br />
Junos OS Basics<br />
• On QFX3500 switches, if you enable Ethernet switching and IGMP snooping and<br />
connect the switch to other vendors' equipment that uses HSRP, HSRP does not work.<br />
The proprietary HSRP MAC address is interpreted by the QFX3500 switch as an<br />
unknown MAC address, and IGMP snooping drops the frame. As a workaround, disable<br />
IGMP snooping (at minimum, for the specific VLANs) to allow HSRP to establish a<br />
neighbor relationship with the active and standby routers. [PR/688719: This issue has<br />
been resolved.]<br />
Platform and Infrastructure<br />
• On QFX3500 switches, if you define a VLAN but do not issue the commit command,<br />
and then try to apply the VLAN to an interface, configuration mode might stop operating.<br />
[PR/701250: This issue has been resolved.]<br />
Storage<br />
• On QFX3500 switches, IGMP snooping is enabled by default on all VLANs. The FCoE<br />
CNAs normally use untagged packets that the switch maps to the native VLAN. If the<br />
switch is acting as an FCoE transit switch and IGMP snooping is enabled on the native<br />
VLAN, then FIP VLAN discovery messages do not receive responses from the FCF.<br />
Although this is a <strong>Juniper</strong> <strong>Networks</strong> issue, different CNAs have different behaviors when<br />
this occurs. The FIP VLAN discovery failure does not affect CNAs that listen to the FCF’s<br />
discovery advertisements and send a unicast discovery solicitation directly to the FCF<br />
if no response to the discovery advertisement is received. Other CNAs might remain in<br />
a pending state if FIP VLAN discovery fails, and they do not connect with or log in to<br />
the FCF. Our testing suggests that the issue is more likely to prevent FCoE operation<br />
with some vendors’ CNAs, whereas other vendors’ CNAs might work even when the<br />
issue is present.<br />
In addition, IGMP snooping always should be manually disabled on FCoE VLANs.<br />
Protocol restrictions regarding FCoE VLANs are a best practice. However, this issue<br />
might prevent FIP discovery from succeeding if IGMP snooping inadvertently remains<br />
enabled on an FCoE VLAN.<br />
As a workaround:<br />
• Disable IGMP snooping on the native VLAN by issuing the following configuration<br />
mode command at the [edit] hierarchy level:<br />
user@switch# set protocols igmp-snooping vlan vlan-name disable<br />
• Disable IGMP snooping on the FCoE VLAN:<br />
user@switch# set protocols igmp-snooping vlan vlan-name disable<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Although this issue has been resolved, as a best practice, do not enable IGMP snooping<br />
on an FCoE VLAN. [PR/556174: This issue has been resolved.]<br />
• On QFX3500 switches, if you initiate a large number of simultaneous FCoE login<br />
attempts, the Fibre Channel process (fcd) might stop operating. [PR/699664: This<br />
issue has been resolved.]<br />
Traffic Management<br />
• The maximum amount of bandwidth available on an xe port is 10 Gbps. The maximum<br />
bandwidth configuration for a queue (the shaping rate configured in the scheduler<br />
mapped to the queue forwarding class) or for a priority group (the shaping rate<br />
configured in the traffic control profile mapped to the forwarding class set) should not<br />
be greater than the total port bandwidth. If you set a shaping rate that is greater than<br />
10 Gbps for a queue or for a priority group, the shaping rate is invalid. However, if you<br />
configure an invalid shaping rate, the switch does not perform the proper commit check,<br />
and the invalid configuration commit operation succeeds. [PR/684041: This issue has<br />
been resolved.]<br />
Issues Resolved in <strong>Release</strong> 11.3R2<br />
The following issues have been resolved since Junos OS <strong>Release</strong> 11.3R1. The identifier<br />
following the description is the tracking number in our bug database.<br />
Hardware<br />
• When you use a copper transceiver in an access port on QFX3500 switches, the LA<br />
(Link/Activity) LED for that port remains unlit when the link is established. [PR/685781:<br />
This issue has been resolved.]<br />
• When you use a QSFP+ to 4 SFP+ copper breakout cable on QFX3500 switches, if you<br />
disable one or more of the four 10-Gigabit Ethernet ports and issue the show chassis<br />
lcd command, the STATUS LED field in the command output is Off for each disabled<br />
port. The correct behavior is for the status to be Green, which indicates that a transceiver<br />
is installed in a port. [PR/683900: This issue has been resolved.]<br />
Interfaces<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
• On QFX3500 switches, when you change the MTU of a LAG interface, the following<br />
error message is generated:<br />
ifd speed not found for interface ae62. So only default configuration will be active for<br />
this interface<br />
This has no impact on the operation of the switch. [PR/684288: This issue has been<br />
resolved.]<br />
Junos OS Basics<br />
• On QFX3500 switches, if you add a new link aggregation (LAG) member to an existing<br />
LAG bundle and there are more than 16 members, traffic might loop back to the source<br />
for 125 ms. [PR/612133: This issue has been resolved.]<br />
• Values for the ifDirection field in sFlow datagrams are incorrect for Gigabit Ethernet<br />
(ge) interfaces. [PR/674257: This issue has been resolved.]<br />
Resolved Issues in Junos OS <strong>Release</strong> 11.3 for the QFX Series<br />
75
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
76<br />
Layer 2 and Layer 3 Protocols<br />
• On QFX3500 switches, if you configure multiple equal-cost paths across multiple link<br />
aggregated (LAG) interfaces, the traffic might not be load-balanced across all member<br />
links in each LAG. [PR/677913: This issue has been resolved.]<br />
• On QFX3500 switches, IGMP group-specific queries might be sent to all ports in a<br />
VLAN rather than to interested ports only. When this issue is fixed, IGMP group-specific<br />
queries without the router alert option are flooded to interested members only, and<br />
IGMP group-specific queries with the router alert option are flooded to all ports in the<br />
VLAN. [PR/684738: This issue has been resolved.]<br />
Storage<br />
• On QFX3500 switches, you cannot disable a logical Fibre Channel interface by including<br />
the disable statement at the [edit interfaces fc-0/0/0.0] hierarchy level. If you want<br />
to disable a Fibre Channel interface, disable the physical interface by including the<br />
disable statement at the [edit interfaces fc-0/0/0] hierarchy level. [PR/607215: This<br />
issue has been resolved.]<br />
• On QFX3500 switches, configuring a forwarding class set with two forwarding classes<br />
that are mapped to the same queue but have different schedulers causes a failure in<br />
the Packet Forwarding Engine. Do not configure two different schedulers for the same<br />
queue on a port. This configuration is not supported and is not valid. [PR/676457: This<br />
issue has been resolved.]<br />
Traffic Management<br />
• On QFX3500 switches, when a congestion notification profile is attached to any port<br />
in the range xe-0/0/35 through xe-0/0/47 and xe-0/1/0 through xe-0/1/15, and the<br />
system reboots, the interfaces to which the congestion notification profile is applied<br />
are not determined. The system configuration persists and shows that the congestion<br />
notification profiles are still attached to the correct interfaces, but in the hardware that<br />
might not be true.<br />
After a system reboot, to ensure that congestion notification profiles are attached to<br />
the correct interfaces for interfaces xe-0/0/35 through xe-0/0/47 and xe-0/1/0 through<br />
xe-0/1/15, deactivate the congestion notification profile configuration on the affected<br />
interfaces, or deactivate the class-of-service configuration on the entire system and<br />
commit the changes. Then reactivate the configuration and commit the changes.<br />
For example, to deactivate and then activate the congestion notification profile<br />
configuration on interface xe-0/0/35:<br />
user@switch# deactivate class-of-service interfaces xe-0/0/35<br />
congestion-notification-profile<br />
user@switch# commit<br />
user@switch# activate class-of-service interfaces xe-0/0/35<br />
congestion-notification-profile<br />
user@switch# commit<br />
Repeat this procedure for each affected interface.<br />
To deactivate and then activate the class-of-service configuration on the switch:<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Related<br />
Documentation<br />
user@switch# deactivate class-of-service<br />
user@switch# commit<br />
user@switch# activate class-of-service<br />
user@switch# commit<br />
[PR/680000: This issue has been resolved.]<br />
• The binding of a forwarding class set (fc-set) to an interface is invalid under the<br />
•<br />
following two conditions:<br />
1. The sum of the guaranteed rates (fc-set minimum guaranteed bandwidth) of the<br />
traffic control profiles associated with the interface exceeds the interface speed.<br />
This invalid configuration causes the switch to attempt to guarantee a larger amount<br />
of bandwidth to the fc-set than the amount available on the port.<br />
2. The sum of the transmit rates (queue minimum guaranteed bandwidth) of the<br />
schedulers associated with a traffic control profile exceeds the traffic control profile<br />
guaranteed rate. This invalid configuration causes the switch to attempt to guarantee<br />
a larger amount of bandwidth to the queues than the amount of guaranteed<br />
bandwidth available to the fc-set (priority group) to which the queues belong.<br />
If either of these invalid configurations is not rejected during the commit operation, the<br />
switch should install the default scheduler on the interface and generate a system log<br />
message. However, when the system is rebooted with one of these invalid<br />
configurations, the invalid configuration is installed. As a workaround, deactivate the<br />
class-of-service configuration, commit the change, activate the class-of-service<br />
configuration, and commit the change. For example:<br />
user@switch# deactivate class-of-service<br />
user@switch# commit<br />
user@switch# activate class-of-service<br />
user@switch# commit<br />
[PR/684092: This issue has been resolved.]<br />
New Features in Junos OS <strong>Release</strong> 11.3 for the QFX Series on page 60<br />
• Changes in Default Behavior and Syntax in Junos OS <strong>Release</strong> 11.3 for the QFX Series<br />
on page 62<br />
• Limitations in Junos OS <strong>Release</strong> 11.3 for the QFX Series on page 65<br />
• Outstanding Issues in Junos OS <strong>Release</strong> 11.3 for the QFX Series on page 67<br />
• Upgrade and Downgrade Instructions for Junos OS <strong>Release</strong> 11.3 for the QFX Series on<br />
page 78<br />
Errata in Documentation for Junos OS <strong>Release</strong> 11.3 for the QFX Series<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
Errata in Documentation for Junos OS <strong>Release</strong> 11.3 for the QFX Series<br />
This section lists outstanding issues with the documentation.<br />
77
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
Related<br />
Documentation<br />
Standards Support<br />
• In addition to the standards listed in the Standards Supported by the Junos OS document,<br />
•<br />
the QFX Series supports RFC 1591 Domain Name System Structure and Delegation.<br />
New Features in Junos OS <strong>Release</strong> 11.3 for the QFX Series on page 60<br />
• Changes in Default Behavior and Syntax in Junos OS <strong>Release</strong> 11.3 for the QFX Series<br />
on page 62<br />
• Limitations in Junos OS <strong>Release</strong> 11.3 for the QFX Series on page 65<br />
• Outstanding Issues in Junos OS <strong>Release</strong> 11.3 for the QFX Series on page 67<br />
• Resolved Issues in Junos OS <strong>Release</strong> 11.3 for the QFX Series on page 71<br />
• Upgrade and Downgrade Instructions for Junos OS <strong>Release</strong> 11.3 for the QFX Series on<br />
page 78<br />
Upgrade and Downgrade Instructions for Junos OS <strong>Release</strong> 11.3 for the QFX Series<br />
78<br />
This section discusses the following topics:<br />
• Procedure for Upgrading CoS from Junos OS <strong>Release</strong> 11.1 or <strong>Release</strong> 11.2 to<br />
<strong>Release</strong> 11.3 on page 78<br />
• Basic Procedure for Upgrading to Junos OS <strong>Release</strong> 11.3 on page 79<br />
• Upgrade and Downgrade Support Policy for Junos OS Extended End of Life Software<br />
<strong>Release</strong>s on page 81<br />
Procedure for Upgrading CoS from Junos OS <strong>Release</strong> 11.1 or <strong>Release</strong> 11.2 to<br />
<strong>Release</strong> 11.3<br />
Before you upgrade to Junos OS <strong>Release</strong> 11.3, you must deactivate the CoS configuration<br />
on the QFX3500 switch if the CoS configuration uses the excess-rate option, strict-high,<br />
or high priority queues, or any of the default multidestination forwarding classes. For full<br />
information about this topic, see Overview of CoS Upgrade Requirements (Junos OS <strong>Release</strong><br />
11.1 or 11.2 to a Later <strong>Release</strong>). A summary of the upgrade steps is included below.<br />
After you upgrade to Junos OS <strong>Release</strong> 11.3, modify the CoS configuration on the QFX3500<br />
switch to conform to the <strong>Release</strong> 11.3 CoS requirements. Then activate the CoS<br />
configuration and commit the changes:<br />
1. Deactivate the CoS configuration.<br />
user@switch# deactivate class-of-service<br />
2. Upgrade to Junos OS <strong>Release</strong> 11.3.<br />
3. Make the following changes to the CoS configuration:<br />
• Remove the excess-rate option from the CoS configuration if you have used it at<br />
the [edit class-of-service schedulers] or [edit class-of-service traffic-control-profiles]<br />
hierarchy level.<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
• Remove the default multidestination forwarding classes (mcast-be, mcast-af,<br />
mcast-ef, and mcast-nc) if you have used them at the [edit class-of-service<br />
schedulers], [edit class-of-service rewrite-rules], or [edit class-of-service classifiers]<br />
hierarchy level. Alternatively, you can change the mapping of the multidestination<br />
traffic to use the new default multidestination forwarding class (mcast).<br />
4. If desired, configure strict-high priority queues in accordance with the<br />
Junos OS <strong>Release</strong> 11.3 strict-high priority queue rules, and map multidestination traffic<br />
to the default multidestination forwarding class (mcast).<br />
5. Activate the CoS configuration.<br />
user@switch# activate class-of-service<br />
6. Commit the CoS configuration.<br />
Upgrade and Downgrade Instructions for Junos OS <strong>Release</strong> 11.3 for the QFX Series<br />
NOTE: If you have configured the transmit-rate option for any queues at the<br />
[edit class-of-service schedulers] hierarchy level, if the rate is configured as<br />
an exact rate in Mbps, we recommend that you reconfigure the transmit-rate<br />
option as a percentage. This is because the scheduler converts exact rates<br />
to percentages, and when the exact rate is below 1 Gbps, some granularity<br />
may be lost in the conversion. You can avoid this potential issue by specifying<br />
the transmit-rate option as a percentage.<br />
Basic Procedure for Upgrading to Junos OS <strong>Release</strong> 11.3<br />
When upgrading Junos OS, always use the jinstall package. Use other packages (such<br />
as the jbundle package) only when so instructed by a <strong>Juniper</strong> <strong>Networks</strong> support<br />
representative. For information about the contents of the jinstall package and details of<br />
the installation process, see the Junos OS Installation and Upgrade Guide and the Junos OS<br />
Basics section of the Complete Software Guide for Junos OS for the QFX Series.<br />
NOTE: You cannot upgrade by more than three releases at a time. For<br />
example, if your routing device is running Junos OS <strong>Release</strong> 11.1, you can<br />
upgrade to Junos OS <strong>Release</strong> 11.3 but not to Junos OS <strong>Release</strong> 12.1. As a<br />
workaround, first upgrade to Junos OS <strong>Release</strong> 11.3 and then upgrade to<br />
Junos OS <strong>Release</strong> 12.1.<br />
79
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
80<br />
NOTE: In some cases, when you downgrade the QFX3500 switch to an earlier<br />
software version, the switch might not operate properly. As a workaround,<br />
choose one of the following options when downgrading:<br />
1. Issue the request system software add command to downgrade to the<br />
following software versions or later:<br />
• Junos OS <strong>Release</strong> 11.1R5<br />
• Junos OS <strong>Release</strong> 11.2R2<br />
• Junos OS <strong>Release</strong> 11.3R1<br />
2. Include the no-validate option when you issue the request system software<br />
add command during a downgrade to a software version earlier than the<br />
ones listed in option #1.<br />
The download and installation process for Junos OS <strong>Release</strong> 11.3 is the same as for<br />
previous Junos OS releases.<br />
If you are not familiar with the download and installation process, follow these steps:<br />
1. Using a Web browser, navigate to the Junos Canada & U.S. software download URL<br />
on the <strong>Juniper</strong> <strong>Networks</strong> Web page:<br />
https://www.juniper.net/support/products/junos/dom/ (customers in the United States<br />
and Canada)<br />
2. Select 11.3 (the number of the software version that you want to download) from the<br />
Current <strong>Release</strong>s section.<br />
3. Select the Software tab.<br />
4. In the Install Package section of the Software tab, select the QFX Series Switch<br />
Install Package for the <strong>11.3R4</strong>.2 release.<br />
5. Log in to the <strong>Juniper</strong> <strong>Networks</strong> authentication system using the username (generally<br />
your e-mail address) and password supplied by <strong>Juniper</strong> <strong>Networks</strong> representatives.<br />
6. Download the software to a local host.<br />
7. Copy the software to the device or to your internal software distribution site.<br />
8. Install the new jinstall package on the device.<br />
NOTE: We recommend that you upgrade all software packages out of<br />
band using the console, because in-band connections are lost during the<br />
upgrade process.<br />
Customers in the United States and Canada use the following command:<br />
user@host> request system software add validate reboot<br />
source/jinstall-qfx-<strong>11.3R4</strong>.2-domestic-signed.tgz<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Related<br />
Documentation<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
Replace source with one of the following values:<br />
• /pathname—For a software package that is installed from a local directory on the<br />
switch.<br />
• For software packages that are downloaded and installed from a remote location:<br />
• ftp://hostname/pathname<br />
• http://hostname/pathname<br />
• scp://hostname/pathname (available only for Canada and U.S. version)<br />
The validate option validates the software package against the current configuration<br />
as a prerequisite to adding the software package to ensure that the switch reboots<br />
successfully. This is the default behavior when the software package being added is<br />
a different release.<br />
Adding the reboot command reboots the switch after the upgrade is validated and<br />
installed. When the reboot is complete, the switch displays the login prompt. The<br />
loading process can take 5 to 10 minutes.<br />
Rebooting occurs only if the upgrade is successful.<br />
NOTE: After you install a Junos OS <strong>Release</strong> 11.3 jinstall package, you cannot<br />
issue the request system software rollback command to return to the previously<br />
installed software. Instead you must issue the request system software add<br />
validate command and specify the jinstall package that corresponds to the<br />
previously installed software.<br />
Upgrade and Downgrade Support Policy for Junos OS Extended End of Life<br />
Software <strong>Release</strong>s<br />
Support for upgrades and downgrades that span more than three Junos OS releases at<br />
a time is not provided, except for releases that are designated as Extended End-of-Life<br />
(EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can<br />
upgrade directly from one EEOL release to the next EEOL release even though EEOL<br />
releases generally occur in increments beyond three releases. You can upgrade or<br />
downgrade to the EEOL release that occurs directly before or after the currently installed<br />
EEOL release, or to two EEOL releases before or after. However, you cannot upgrade<br />
directly from a non-EEOL release that is more than three releases ahead or behind.<br />
To upgrade or downgrade from a non-EEOL release to a release more than three releases<br />
before or after, first upgrade to the next EEOL release and then upgrade or downgrade<br />
from that EEOL release to your target release. For more information on EEOL releases<br />
and to review a list of EEOL releases, see Junos Software <strong>Release</strong> Dates and Milestones.<br />
•<br />
New Features in Junos OS <strong>Release</strong> 11.3 for the QFX Series on page 60<br />
• Changes in Default Behavior and Syntax in Junos OS <strong>Release</strong> 11.3 for the QFX Series<br />
on page 62<br />
Upgrade and Downgrade Instructions for Junos OS <strong>Release</strong> 11.3 for the QFX Series<br />
81
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
82<br />
• Limitations in Junos OS <strong>Release</strong> 11.3 for the QFX Series on page 65<br />
• Outstanding Issues in Junos OS <strong>Release</strong> 11.3 for the QFX Series on page 67<br />
• Resolved Issues in Junos OS <strong>Release</strong> 11.3 for the QFX Series on page 71<br />
• Errata in Documentation for Junos OS <strong>Release</strong> 11.3 for the QFX Series on page 77<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Junos OS <strong>Release</strong> <strong>Notes</strong> for <strong>Juniper</strong> <strong>Networks</strong> Common Platform Features<br />
• Unsupported Features in Junos OS <strong>Release</strong> 11.3 for Common Platform<br />
Features on page 83<br />
• Issues in Junos OS <strong>Release</strong> 11.3 for Common Platform Features on page 86<br />
Unsupported Features in Junos OS <strong>Release</strong> 11.3 for Common Platform Features<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
The following features are visible but not supported in Junos OS <strong>Release</strong> 11.3.<br />
High Availability<br />
• Restart-signaling support for OSPF graceful restart—Junos OS <strong>Release</strong> 11.3 extends<br />
the OSPF graceful restart support to technologies described in RFC 4811, RFC 4812,<br />
and RFC 4813, and introduces the restart-signaling option for the OSPF graceful restart.<br />
The restart-signaling option enables routers to inform their neighbors about the restart<br />
status after a graceful restart and to keep the adjacencies active after a graceful restart<br />
event. Junos OS <strong>Release</strong> 11.3 introduces two new statements, graceful-restart-type<br />
standard | restart-signaling and restart-signaling-helper-disable, at the [edit protocols<br />
ospf] and [edit routing-instance routing-instance protocols ospf graceful-restart] hierarchy<br />
levels to help you choose the graceful restart mode. You can use the<br />
restart-signaling-helper-disable statement to disable the helper mode for restart<br />
signaling–based OSPF graceful restart. By default, the standard graceful restart mode<br />
is configured. Similarly, the helper mode is enabled, by default, for the standard and<br />
restart-signaling modes.<br />
[High Availability]<br />
• Enhancements to nonstop active routing for Protocol Independent Multicast—Junos<br />
OS <strong>Release</strong> 11.3 extends the nonstop active routing support for Protocol Independent<br />
Multicast (PIM) to cover the following features that were previously not supported or<br />
incompatible with nonstop active routing support for PIM :<br />
• Policy features such as neighbor policy, bootstrap router export and import policies,<br />
scope policy, flow maps, and reverse path forwarding (RPF) check policies.<br />
• Upstream assert synchronization<br />
• PIM join load balancing<br />
[High Availability]<br />
Interfaces and Chassis<br />
Junos OS <strong>Release</strong> <strong>Notes</strong> for <strong>Juniper</strong> <strong>Networks</strong> Common Platform Features<br />
• Support for RSVP-signaled point-to-multipoint LSPs extended to logical systems<br />
(M Series, T Series, and MX Series routers)—The following topologies are supported:<br />
• A single logical system in a physical router. The logical system is one node in an<br />
RSVP-signaled point-to-multipoint label-switched path (LSP).<br />
• Multiple logical systems in a physical router, with each logical system acting as a<br />
label-switching router (LSR). The multiple logical systems can be unconnected,<br />
83
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
84<br />
connected to each other internally with logical tunnel (lt) interfaces, or connected<br />
to each other externally with back-to-back connections.<br />
• One RSVP-signaled point-to-multipoint LSP, with some nodes being logical systems<br />
and other nodes being physical routers.<br />
[Network Configuration Example: Configuring RSVP-Signaled Point-to-Multipoint LSPs<br />
on Logical Systems]<br />
• Support for forwarding structured system log messages to a remote system log<br />
server—The structured-data configuration option is added at the [system syslog host]<br />
hierarchy level. This addition enables the forwarding of system log messages in IETF<br />
format to a remote system log server, and allows the use of a centralized system log<br />
server to receive structured messages.<br />
Network Management<br />
• Enhanced support for IS-IS MIB—Starting in <strong>Release</strong> 11.3, Junos OS supports all tables<br />
and notifications defined in standard IS-IS MIB (as defined in RFC 4444). However,<br />
versions of Junos OS earlier than <strong>Release</strong> 11.3 support only a subset of the IS-IS MIB<br />
defined in Internet draft draft-ietf-isis-wg-mib-07.txt.<br />
• Enhancements to the jnxOperatingCPU object—Junos OS <strong>Release</strong> 11.3 introduces the<br />
following three MIB objects to enhance the CPU utilization reporting over SNMP:<br />
• jnxOperating1MinAvgCPU—Indicates the average utilization of CPU during the last<br />
minute.<br />
• jnxOperating5MinAvgCPU—Indicates the average utilization of CPU during the last<br />
5-minute period.<br />
• jnxOperating15MinAvgCPU—Indicates the average utilization of CPU during the last<br />
15-minute period.<br />
All these objects return a zero value if the data is not available or is not applicable.<br />
[ SNMP MIBs and Traps Reference ]<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Routing Protocols<br />
• Frequent BGP keepalive messages and short BGP hold time—Enables BGP sessions<br />
to send keepalive messages as frequently as every three seconds with a hold time as<br />
short as 9 seconds. The hold time is three times the interval at which keepalive<br />
messages are sent. The hold time is the maximum number of seconds allowed to<br />
elapse between successive keepalive or update messages that BGP receives from a<br />
peer. When establishing a BGP connection with the local routing device, a peer sends<br />
an open message, which contains a hold-time value. BGP on the local routing device<br />
uses the smaller of either the local hold-time value or the peer’s hold-time value<br />
received in the open message as the hold time for the BGP connection between the<br />
two peers. Frequent keepalive messages and short hold times might be desirable in<br />
large-scale deployments with many active sessions. Note that if scheduler slip<br />
messages occur, the routing device can continue to send keepalive messages. Keepalive<br />
message generation is performed in a dedicated kernel thread. To configure the hold<br />
time, include the hold-time and precision-timers statements at the [edit protocols bgp]<br />
hierarchy level. When you include the precision-timers statement, you can set the hold<br />
time to a minimum of 9 seconds. Otherwise, the minimum hold time is 20 seconds.<br />
Subscriber Access Management<br />
• Junos OS subscriber management scaling values (M120, M320, and MX Series<br />
routers)—A spreadsheet is available online that lists scaling values supported for Junos<br />
OS subscriber management beginning with Junos OS <strong>Release</strong> 10.1. Access the Subscriber<br />
Management Scaling Values (XLS) spreadsheet from the Downloads box at<br />
http://www.juniper.net/techpubs/en_US/junosrelease-number/information-products<br />
/pathway-pages/subscriber-access/index.html. Substitute release-number with the<br />
number of the latest Junos OS release in the URL. For example, ...en_us/junos11.1/....<br />
[Subscriber Management Scaling]<br />
VPNs<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
• Advertise multiple paths to a destination (M Series, MX Series, and T Series routers)<br />
for internal BGP (IBGP)—For IPv4 unicast (family inet unicast) routes only, you can<br />
enable an IBGP peer to advertise multiple exit points to reach a destination. The<br />
configuration provides fault tolerance, load balancing, and graceful maintenance<br />
operations.<br />
To set the number of paths to send to a neighbor, include the add-path send path-count<br />
number statement at the [edit protocols bgp group group-name neighbor address family<br />
inet unicast] hierarchy level.<br />
To enable a peer to receive multiple paths, include the add-path receive statement at<br />
the [edit protocols bgp group group-name family inet unicast] hierarchy level.<br />
To apply a policy that allows a BGP peer to send multiple paths for only specific routes,<br />
include the add-path send prefix-policy policy-name statement at the [edit protocols<br />
bgp group group-name neighbor address family inet unicast] hierarchy level.<br />
To configure the policy, use the policy-options hierarchy level, as you normally would.<br />
For example:<br />
Unsupported Features in Junos OS <strong>Release</strong> 11.3 for Common Platform Features<br />
85
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
Related<br />
Documentation<br />
•<br />
user@host# set policy-options policy-statement allow_199 from route-filter 199.1.1.1/32<br />
exact<br />
user@host# set policy-options policy-statement allow_199 then accept<br />
Issues in Junos OS <strong>Release</strong> 11.3 for Common Platform Features on page 86<br />
Issues in Junos OS <strong>Release</strong> 11.3 for Common Platform Features<br />
86<br />
The current software release is <strong>Release</strong> <strong>11.3R4</strong>.<br />
• Current Software <strong>Release</strong> on page 86<br />
• Previous <strong>Release</strong>s on page 89<br />
Current Software <strong>Release</strong><br />
Resolved Issues in Junos OS <strong>Release</strong> <strong>11.3R4</strong> for M Series, MX Series, and T Series Routers<br />
The following issues have been resolved since Junos OS <strong>Release</strong> 11.2R3. The identifier<br />
following the description is the tracking number in our bug database.<br />
Forwarding and Sampling<br />
• When committing a configurations, where a firewall filter contains multiple 'next term'<br />
actions, the firewall compiler process (dfwc) could crash and dump core. [PR/706863:<br />
This issue has been resolved.]<br />
Infrastructure<br />
• Error condition in decoding of routing socket message was not handled correctly<br />
resulting in memory corruption, possible memory leak and/or router crash. The fix is<br />
to handle the error code from decoder and pass it to the callers. [PR/659752: This<br />
issue has been resolved.]<br />
• The bug currently has only manifested itself in the compat32 layer (i.e. 32-bit<br />
applications, 64-bit kernel) in relation to umtx_op system calls to perform<br />
UMTX_OP_LOCK operations, and even then is subject to timing dependencies for it to<br />
occur. Since 64-bit kernel started shipping in 10.4, customers from 10.4 onwards running<br />
in this hybrid/compat mode may hit this problem. [PR/682294: This issue has been<br />
resolved.]<br />
Layer 2 Ethernet Services<br />
• A hardware fault on a MX FPC could result result in fabric cells being sent to inactive<br />
fabric destinations. These cells are than stored in the fabric consuming all the memory.<br />
In this state the fabric can't process additional fabric cells resulting in packet loss.<br />
[PR/517451: This issue has been resolved.]<br />
• Communication problem between, I2C controller and Fan Tray. [PR/606130: This issue<br />
has been resolved.]<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
MPLS Applications<br />
• Backup RE may crash during an LSP flap scenario when the old indexed nexthop has<br />
not been deleted yet and an add for new indexed nexthop with same properties is<br />
received. [PR/589555: This issue has been resolved.]<br />
• After an auto-bandwidth adjustment occurs, where the bandwidth of an LSP is<br />
increased, the warning message "RPD_RSVP_INCORRECT_FLOWSPEC: Bandwidth in<br />
PATH Tspec greater than RESV flowspec" might be erroneously logged. This problem<br />
is cosmetic, and does not affect traffic forwarding or auto-bandwidth functionality.<br />
[PR/684361: This issue has been resolved.]<br />
• command is showing IP addresses instead of resolving<br />
them in FQDN [PR/694620: This issue has been resolved.]<br />
• When LSP switches from primary->secondary-primary path, the Max Avg counter<br />
might show up incorrect higher value when compared to actual LSP bandwidth. As<br />
the result of this, on the next adjust interval, LSP would be signalled with incorrect high<br />
last Max avg counter value. This issue will be seen only with secondary LSP configured.<br />
[PR/695154: This issue has been resolved.]<br />
• When family mpls is removed but family inet remains on an interface, the aggregate<br />
nexthop may go into discard state on the PFE. The aggregate nexthop in discard state<br />
will cause packet loss for any routes associated with that nexthop. Here are the two<br />
ways to remove family mpls but not family inet from an interface: - deactivate interfaces<br />
unit family mpls - set interfaces unit family<br />
mpls maximum-labels [PR/698169: This issue has been resolved.]<br />
• After 9.3R3, customer may see unwanted mpls lsp convergence even there is no<br />
optimize-timer configured. Seems to be fast-reroute related issue. (still under<br />
investigation) [PR/699273: This issue has been resolved.]<br />
Multicast<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
• With Junos version 10.0 or higher performing ISSU software upgrade, multicast resolve<br />
routes for ipv6 or ipv6 routes might not be installed properly in all FPCs. Multicast<br />
traffic will not be forwarded anymore. The following syslog message will indicate the<br />
problem. RT: Failed prefix change IPv4:0 - 224/4 (unknown prefix) RT: Failed prefix<br />
change IPv6:0 - ff00::/8 (change failed) To recover from this condition FPC reporting<br />
the above syslog messages needs to get restarted. [PR/559108: This issue has been<br />
resolved.]<br />
Platform and Infrastructure<br />
Issues in Junos OS <strong>Release</strong> 11.3 for Common Platform Features<br />
• On TXP Platforms if LCC's master Routing Engine (RE) panics,the backup RE will gain<br />
mastership and FPCs belonging to the LCC might not be able to reconnect to the new<br />
master RE in time. This may cause the FPCs to reset and not restart properly for a long<br />
time till the live kernel core dump on the SFC Master RE is finished. The following syslog<br />
messages will be reported on the LCC: lcc0-fpc0 PFEMAN: %PFE-3: trying master<br />
connection, attempt 1200 to 0x1000001 For a possible workaround please contact<br />
JTAC Organization. [PR/659782: This issue has been resolved.]<br />
87
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
88<br />
• The first two IPv6 ping requests don't follow the specified ping interval and are sent<br />
within same second. This problem is fixed with this PR. [PR/669065: This issue has<br />
been resolved.]<br />
Routing Protocols<br />
• For router-advertisement over PPPoE, advertisements sent with 00:00:00:00:00:00<br />
as the link layer address are causing Cisco CPE devices to complain about an invalid<br />
LLA. For that we should suppress transmitting the link layer address when the length<br />
is 0 as part of the advertisement since this indicates that the option is not valid.<br />
[PR/661286: This issue has been resolved.]<br />
• After a nsr ospf sham links may go down. Restart routing to reactivate. [PR/693719:<br />
This issue has been resolved.]<br />
• When activate pim on a routing-instance vrf, The vrf.inet6.1 table should be created,<br />
but in rare cases the table fails to be created. If this happens, IPv6 multicast routes are<br />
NOT able to flash into krt to install in kernel. [PR/695113: This issue has been resolved.]<br />
• Scheduler slips can occur when FPC's containing physical interfaces with thousands<br />
of logical interfaces are taken offline or online. [PR/701021: This issue has been<br />
resolved.]<br />
• For a BGP session with bgp damping enabled after a flap the received prefixes are not<br />
reported correctly in show bgp summary and show bgp neighbour commands.<br />
[PR/706324: This issue has been resolved.]<br />
Services Applications<br />
• There was SNMP data collection problem and it is fixed. [PR/689249: This issue has<br />
been resolved.]<br />
• In some circumstances after power off/on Routing-Engine some MS-DPC core can be<br />
seen in system due to PFE trying to connect to Routing-Engine after disconnection.<br />
[PR/698226: This issue has been resolved.]<br />
User Interface and Configuration<br />
• In the J-Web interface, if you discard any available MIB profile, file, or predefined object<br />
from "accounting-options" on the Point and Click CLI Configuration page (Configure<br />
> CLI Tools > Point and Click CLI), the J-Web session times out. As a workaround,<br />
perform the same operation from the CLI. [PR/689261: This issue has been resolved.]<br />
VPLS<br />
• In very rare situations the deletion of VPLS IFF , can lead to panic on the backup RE<br />
[PR/552240: This issue has been resolved.]<br />
• VPLS routing table reference count have to be decremented on removal. [PR/674009:<br />
This issue has been resolved.]<br />
• When multiple VPLS instances are configured using manually-defined mesh-groups<br />
and some without defining mesh-groups, "show vpls connections" may not display<br />
some of them. [PR/709061: This issue has been resolved.]<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
VPNs<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
• Under NG-MVPN scenario, if the provider tunnels are shared by multiple routing<br />
instances. When a "clear bgp neighbor" is issued on the PE that is the egress for the<br />
provider tunnel, not all provider-tunnels recover. Some LSPs stay is down state (state<br />
is UP on the egress but down on the ingress of the LSP). [PR/687998: This issue has<br />
been resolved.]<br />
• RPD went high to ~94% when upgrading from pre-10.2 to 10.2R1 or higher. The CPU<br />
utilization for user is high as well ~95%. From the taks accouning it looks like L2VC is<br />
stuck on something as the user time for this task keeps incresing over time. The high<br />
cpu sticks with the master RE on a master switchover. [11:01]user@router> show task<br />
accounting | no-more [11:01]Task accounting is enabled. [11:01] [11:01]Task Started<br />
User Time System Time Longest Run [11:01]Scheduler 3148 0.029 0.000 0.000<br />
[11:01]RSVP 335 0.041 0.000 0.000 [11:01]L3_BANCO_SUDAMER_D-OSPF 42<br />
0.000 0.000 0.000 [11:01]Common L2 VC 292 27.325 0.132 0.099 From the rtsockmon<br />
it looks like prefixes are added and deleted continuously. However another router on<br />
same code with and similar prefix flap does not show high rpd cpu. [10:42]% rtsockmon<br />
-t [10:42] sender flag type op [10:42][10:42:43] kernel P route add inet 10.247.134.10<br />
tid=46 plen=32 type=dest flags=0x0 nh=hold nhflags=0x1 nhidx=8208 altfwdnhidx=0<br />
filtidx=0 [10:42][10:42:43] kernel P nexthop add inet 10.247.134.10 nh=hold flags=0x1<br />
idx=8208 ifidx=1138 filteridx=0 [10:42][10:42:47] kernel P route delete inet 10.247.134.10<br />
tid=46 plen=32 type=dest flags=0x180 nh=hold nhflags=0x1 nhidx=8208<br />
altfwdnhidx=0 filtidx=0 [10:42][10:42:47] kernel P nexthop delete inet 10.247.134.10<br />
nh=hold flags=0x5 idx=8208 ifidx=1138 filteridx=0 [10:42][10:42:53] kernel P route<br />
add inet 10.247.134.10 tid=46 plen=32 type=dest flags=0x0 nh=hold nhflags=0x1<br />
nhidx=14187 altfwdnhidx=0 filtidx=0 [10:42][10:42:53] kernel P nexthop add inet<br />
10.247.134.10 nh=hold flags=0x1 idx=14187 ifidx=1138 filteridx=0 [10:42][10:42:57]<br />
kernel P route delete inet 10.247.134.10 tid=46 plen=32 type=dest flags=0x180 nh=hold<br />
nhflags=0x1 nhidx=14187 altfwdnhidx=0 filtidx=0 [10:42][10:42:57] kernel P nexthop<br />
delete inet 10.247.134.10 nh=hold flags=0x5 idx=14187 ifidx=1138 filteridx=0 Problem<br />
is a consequence of the routing-instance's length mismatch between mib2d (35<br />
characters) and rpd (longer). Customer is currently making use of instances whose<br />
names are longer than 35 characters: [PR/689502: This issue has been resolved.]<br />
• After a routing engine switchover, l2vpn address family routes may not be advertised<br />
by BGP. [PR/707743: This issue has been resolved.]<br />
Previous <strong>Release</strong>s<br />
<strong>Release</strong> 11.3R3<br />
Forwarding and Sampling<br />
• Certain mis-configuration causes check-out fail w/o proper reason. [PR/597801: This<br />
issue has been resolved.]<br />
High Availability<br />
Issues in Junos OS <strong>Release</strong> 11.3 for Common Platform Features<br />
• Kernel core during upgrade. [PR/687671: This issue has been resolved]<br />
89
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
90<br />
• On MX Series routers, the error message “/kernel: Unlist request: unilist(nh index =<br />
1048575) found on the rnhlist_deleted_root patnode” appears continuously.<br />
[PR/667046: This issue has been resolved]<br />
• After a unified ISSU from Junos OS <strong>Release</strong> 10.0 to 10.4, the sampling feature does<br />
not function. The sampled process responsible for sampling no longer receives the<br />
data from the Packet Forwarding Engine. [PR/681271: This issue has been resolved]<br />
Interfaces and Chassis<br />
• On the ATM PIC cbr shaping rate configuration, specify a value in cells per second by<br />
entering a decimal number followed by the abbreviation c; values expressed in cells<br />
per second are converted to bits per second by means of the formula 1 cps = 384 bps.<br />
The cell rate configuration was removed from JUNOS releases from 10.1R1 and later<br />
which built between 23-Jan-2010 and 15-Sep-2011. As workaround, use bits per second<br />
(bps) configuration to specify the ATM cbr shaping rate. The cell rate configuration<br />
has been added back from below JUNOS releases and later: 10.4R8, 10.4S7, 11.1R6,<br />
11.2R3, 11.3R3 and 11.4R1. [PR/685558: This issue has been resolved]<br />
• On the M120 router, when the no-vrf-propagate-ttl statement is set or deleted, the<br />
FEB might reboot and dump a core. [PR/691466: This issue has been resolved]<br />
• When an interface enabled for OAM goes down, the message "first cells dropped at<br />
cif" is added to the system log file. [PR559492: This issue has been resolved]<br />
MPLS Applications<br />
• When LFA link Protection is configured for IGP with LDP-IGP Synchronization enabled,<br />
if LSP(LDP) routes are installed in inet.0, after LDP session is cleared, the LDP session<br />
is not able to bring up. [PR/600181: This issue has been resolved]<br />
• In a Next Generation MVPN scenario, a kernel memory buffer may get corrupted when<br />
the router receives a bootstrap or auto-RP message whose packet size exceeds 204<br />
bytes. The memory corruption will cause the Junos kernel to crash every time such a<br />
packet is received. This problem will only be encountered in a Next-Gen MVPN scenarios<br />
that use Ingress Replication as the P-tunnel type and has Auto-RP or Bootstrap as the<br />
group-to-RP mapping mechanism. [PR/681963: This issue has been resolved]<br />
• When an IP route directly resolves over an LSP or the LSP route is also installed in<br />
inet.0 table, then the LSP statistics may incorrectly contribute to the bypass LSP<br />
statistics, even when packets are not being forwarded on the bypass LSP. [PR/682966:<br />
This issue has been resolved]<br />
• Under certain circumstances, the automatic bandwidth timer smearing function does<br />
not space out the timer interval evenly. Also, the interval between the timers are not<br />
equal. [PR/606051: This issue has been resolved]<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Multicast<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
• With Junos version 10.0 or higher performing ISSU software upgrade, multicast resolve<br />
routes for ipv6 or ipv6 routes might not be installed properly in all FPCs. Multicast<br />
traffic will not be forwarded anymore. The following syslog message will indicate the<br />
problem. RT: Failed prefix change IPv4:0 - 224/4 (unknown prefix) RT: Failed prefix<br />
change IPv6:0 - ff00::/8 (change failed) To recover from this condition FPC reporting<br />
the above syslog messages needs to get restarted. [PR/559108: This issue has been<br />
resolved]<br />
Network Management<br />
• Mib2d may core when interfaces are created and deleted at very fast rate on scaled<br />
setup. [PR/602812: This issue has been resolved]<br />
• The cause of the snmpd core in this PR is a result of the fix that went into PR/607704.<br />
Junos release 10.4R6 only is exposed to this issue at this time. [PR/674874: This issue<br />
has been resolved]<br />
• When an SNMP MIB walk is performed for ipv6IfNetToMediaState without any IPv6<br />
configuration on the router, the error message "MIB2D_SYSCTL_FAILURE:<br />
ipv6_n2m_update_sysctl_info: sysctl getting kernel MD6 data failed: Bad address"<br />
appears. [PR/612585: This issue has been resolved]<br />
Platform and Infrastructure<br />
• "commit at" with commit scripts sometimes may lockup CLI. [PR/537074: This issue<br />
has been resolved]<br />
Issues in Junos OS <strong>Release</strong> 11.3 for Common Platform Features<br />
• The time stamp of the messages in firewall log is showing incorrect values. The system<br />
time and time stamp in log messages are not affected. If NTP server is configured, the<br />
issue does not happen. [PR/661768: This issue has been resolved]<br />
• Under some rare scenario, it is possible for a DPC to fail to come online after being<br />
inserted or restarted. The logs will then show the message: "PFEMAN resync in progress"<br />
every 10 seconds. This is caused by a race condition on the routing-engine when it<br />
initially tries to download the configuration and routes to the DPC, and eventually<br />
causes the DPC to stay in dormant state. [PR/609644: This issue has been resolved]<br />
• MPC might crash when aggregate interface configured due to invalid child members<br />
installed at PFE side. [PR/695225: This issue has been resolved]<br />
• Failure to handle transient low memory conditions in the kernel. Fix involves retry the<br />
operation rather than asserting. [PR/687618: This issue has been resolved]<br />
91
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
92<br />
Routing Protocols<br />
• When deleting a static route from a VRF instance the operator should avoid issuing a<br />
show route next-hop detail command for the newly deleted route<br />
for a period of 3 minutes. This ensures adequate time for even a highly scaled system<br />
to completely free all data structures associated with the deleted route and avoids<br />
the RPD crash documented in PR 605798. [PR/605798: This issue has been resolved]<br />
• Issue happens with NSR switchover or ISSU update due to different indirect nh is<br />
allocetd on new master. The cnh code needs to handle refcount of cnh properly when<br />
change from old cnh to new cnh if new cnh already exists on patricia tree. [PR/612182:<br />
This issue has been resolved]<br />
• fbf route with qualified-next-hop and nexthop interface will installed route table<br />
wrongly. [PR/670339: This issue has been resolved]<br />
• "show bgp summary" displays the wrong data regarding the active routes. A route can<br />
be active but not reported by the above command. [PR/680080: This issue has been<br />
resolved]<br />
• When sham-link is activated the exported static route is erroneously treated as vpn<br />
route received via BGP. It resulted in that exported static route shows up in the database<br />
with DN bit set. [PR/686947: This issue has been resolved]<br />
• It was not releasing the link for file , so code changes has been done for the same.<br />
[PR/687959: This issue has been resolved]<br />
• RPD may crash with BGP multipath configured if the route list includes BGP multipath<br />
routes along with non BGP routes for same destinations. [PR/688763: This issue has<br />
been resolved]<br />
• If "forwarding-options sampling" or "routing-options route-record" is configured, stale<br />
routes may appear and persist in the routing table in holddown state. Those routes are<br />
not active and do not affect forwarding, but they do consume memory and if left will<br />
lead to the memory footprint of RPD increasing over time. For mpls routes it will also<br />
effect PFE and Kernel memory since the next-hops are not deleted till the route is<br />
deleted within RPD. JUNOS version 10.4R7 and 11.2R3 are effected. [PR/688820: This<br />
issue has been resolved]<br />
• If bgp "keep all" is configured, and "multipath" is enabled under "routing-options" of<br />
a vrf, and there exists multiple equal cost bgp vpn routes for the same destination in<br />
bgp.l3vpn table, when this new vrf is added to the config, rpd may core due to a delayed<br />
bgp reconfig job in a scaled config. [PR/691170: This issue has been resolved]<br />
• When 10-Gigabit Ethernet interfaces flap frequently, a routing protocol process (rpd)<br />
core file might be created. [PR/691170: This issue has been resolved]<br />
• RPD might take long time to bring up an OSPF neighbor to FULL state when there are<br />
large number of OSPF neighbors with large size of OSPF LSA database. [PR/692239:<br />
This issue has been resolved]<br />
• Under some circumstances where a BGP router that has been configured with family<br />
route-target the router may fail to send some VPN routes. This will most typically<br />
happen for a PE router in a scaled configured that has received the default RT-Constrain<br />
route, 0:0:0/0. [PR/692940: This issue has been resolved]<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
• When family route-target is used on a PE and one or more peers that it is configured<br />
on do not negotiate RT-Constrain (RFC 4684), the PE will generate a default RTC<br />
route of 0:0:0/96. This default route is not appropriate for non-transit BGP hosts. By<br />
default, a BGP non-transit PE will discard VPN routes that do not have matching local<br />
route-target communities. If at a later time a VRF is configured with a route-target that<br />
it had previously discarded VPN routes for, the attached BGP neighbors will not re-send<br />
the appropriate VPN routes. This is due to the fact that the attached BGP neighbor<br />
had a matching default RTC route and thinks it has already sent the associated VPN<br />
routes. [PR/695918: This issue has been resolved]<br />
• Changes to martian addresses (RFC5735 that obsoletes RFC3330), that are not present<br />
in Junos martians default settings. PSN-2011-10-393. [PR/698121: This issue has been<br />
resolved]<br />
• The routing protocol process crashes when the default-lsa option is configured in an<br />
NSSA under a routing instance, which also receives a default route from another VPN<br />
instance. [PR/606075: This issue has been resolved]<br />
• The routing protocol process might crash after a graceful Routing Engine switchover<br />
in a Layer 3 VPN with external or internal BGP multipath that contains a composite<br />
next hop as a component next hop. [PR/665996: This issue has been resolved]<br />
• After a BGP session flap, the output of the show bgp summary command might not<br />
display the correct number of "Active routes" for VPN routing instances. [PR/673830:<br />
This issue has been resolved]<br />
• The ipMRouteInterfaceTable MIB walk does not display PIM SM interfaces. [PR/678051:<br />
This issue has been resolved]<br />
• The output of the show pim statistics inet6 command includes fields that are not<br />
necessary for IPv6 multicast. [PR/682938: This issue has been resolved]<br />
• When a PIM is used between downstream PEs in an MVPN environment, the<br />
nondesignated PE router receives multicast traffic from a designated router on a<br />
downstream port. When reverse path forwarding occurs, faulty results are returned<br />
and the router always attempts to build the local multicast route table causing memory<br />
leaks in the routing protocol process. When the memory leak is large enough, the routing<br />
protocol process might crash and dump core files. [PR/685111: This issue has been<br />
resolved]<br />
User Interface and Configuration<br />
• The RE(s) will crash with a trap with the backtrace<br />
bcopy/if_pfe_ttp_output/if_pfe_ae_ttp_output. if_pfe_ttp_output may not appear in<br />
the backtrace. The configuration includes dhcp, pppoe/vlan, or demux/ae. [PR/682735:<br />
This issue has been resolved.]<br />
• A panic occurs in rnh_index_alloc on the backup RE because the index is already<br />
allocated. In the syslog or kernel message buffer, a message similar to the following<br />
may be seen: "rnh_cont_request: demux0.14 (3353) Got nhid=120882 but already<br />
have child nhid=118652 for cifl ge-0/1/5.32767 (3349)". [PR/682967: This issue has<br />
been resolved.]<br />
Issues in Junos OS <strong>Release</strong> 11.3 for Common Platform Features<br />
93
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
94<br />
• CLI "show interface as0 extensive " does not show the sonet child member links stats<br />
part of aggregated bundle. This effects the monitoring & management of bandwidth<br />
concerns on the as bundle links. [PR/677553: This issue has been resolved.]<br />
• With IPv6 and PPPoE, DHCP, or other demux configured, an assertion panic can occur<br />
in in6_ether_iffconfig(). [PR/686350: This issue has been resolved.]<br />
• Adding configuration from "load set terminal" for restricted user may not allowed even<br />
for authorized configuration hierarchies. "load merge terminal" on the other hand does<br />
not have this issue. [PR/678664: This issue has been resolved.]<br />
• Add constraint to [ system login user full-name ] to not allow newline (\n)<br />
characters. [PR/690013: This issue has been resolved.]<br />
• Jweb does not work on the multi-core Routing Engines which have 64-bit JUNOS.<br />
[PR/692444: This issue has been resolved.]<br />
• Right click option to Navigate to Chassis info or System info in Chassis view is not<br />
working properly. Instead operator is expected to navigate to respective page by clicking<br />
on that page itself from Monitor page instead of using right click option. [PR/684849:<br />
This issue has been resolved.]<br />
VPLS<br />
• With non-stop routing and a large number of LDP-based virtual-private LAN service<br />
configured, the routing process might crash during a routing-engine switchover event.<br />
[PR/610594: This issue has been resolved.]<br />
• On certain topology, a core link flap might result in VPLS in RD state w/<br />
pseudowire-status-tlv config. This is a timing issue and may not occur every time on<br />
every topology. [PR/687375: This issue has been resolved.]<br />
VPNs<br />
• The routing protocol process dumps core files during a P-PIM process after the default<br />
MDT switches to a data MDT. [PR/669365: This issue has been resolved.]<br />
<strong>Release</strong> 11.3R2<br />
The following issues have been resolved since Junos OS <strong>Release</strong> 11.3R2. The identifier<br />
following the description is the tracking number in our bug database.<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
High Availability<br />
• A replication error might occur when a user route with a local next hop is propagated<br />
to the backup Routing Engine before the corresponding IFA is replicated. [PR/559458:<br />
This issue has been resolved.]<br />
Interfaces and Chassis<br />
• When a burst of fragmented ICMP packets are received, the chassis loses connection<br />
to the FEB and FPC. The chassisd process connection to the FRU is terminated, and<br />
the FEB and FPC reboot. Also, administrative connections to the FEB or FPCs is blocked.<br />
This causes a permanent interruption to traffic forwarding. Reboot the router to restore<br />
administrative connectivity to the FEB or FPC. [PR/562421: This issue has been<br />
resolved.]<br />
Network Management<br />
• In Junos OS <strong>Release</strong> 10.2 and later, when SNMP queries on statistics-related OIDs<br />
associated with JUNIPER-DOM-MIB occur, the mib2d process size increases and<br />
ultimately reaches the maximum size permitted due to a memory leak in the MIB. When<br />
the maximum process size permitted is reached, a system log message “/kernel: Process<br />
(pid,mib2d) attempted to exceed RLIMIT_DATA: attempted 512016 KB Max 512000<br />
KB” is added. [PR/608206: This issue has been resolved.]<br />
Platform and Infrastructure<br />
• On MX80 routers, the jnxMac snmp query has an incorrect MAC OID. [PR/608029:<br />
This issue has been resolved.]<br />
• The dynamically allocated memory gets corrupted when the Layer 2 data length<br />
changes in the receiving next hop. [PR/670710: This issue has been resolved.]<br />
Routing Protocols<br />
• BGP PMTU does not work correctly and causes session flaps as very high values of<br />
MSS are negotiated. [PR/608970: This issue has been resolved.]<br />
• If a router acting both as an autonomous system boundary router (ASBR) and an area<br />
border router (ABR) is reachable by means of a backbone area and a stub area, and if<br />
the advertisement through the stub area has a higher metric, then the external routes<br />
get incorrectly installed in the routing table with a next hop through the stub area.<br />
[PR/610813: This issue has been resolved.]<br />
• The OSPF process begins the OSPF database exchange process with multiple<br />
adjacencies at the same time that might require a longer time to synchronize the OSPF<br />
database. [PR/614357: This issue has been resolved.]<br />
• If a routing protocol process is configured such that there are more than 2048 internal<br />
routing tables, the SNMP query for jnxBgpM2PrefixCounters causes the routing protocol<br />
process to crash. As a workaround, scale the configuration to limit the number of<br />
internal routing tables, or avoid any queries to the PrefixCounters. [PR/678859: This<br />
issue has been resolved.]<br />
Issues in Junos OS <strong>Release</strong> 11.3 for Common Platform Features<br />
95
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
96<br />
• BGP sometimes uses the wrong martian table to verify that the protocol next hop is<br />
not a martian address. Thus some BGP routes are hidden while the others are active<br />
in the inet.0 interface. [PR/682323: This issue has been resolved.]<br />
• On multihop BFD with nonstop active routing scenarios, the BFD session might<br />
eventually flap during graceful Routing Engine switchover events. [PR/613612: This<br />
issue has been resolved.]<br />
• An Aggregated Ethernet interface bounces during a virtual circuit mastership transition<br />
when LACP fast periodic is configured. The bounce leads to loss of PPP sessions. As<br />
a workaround, configure LACP periodic slow instead of fast. [PR/660350: This issue<br />
has been resolved.]<br />
User Interface and Configuration<br />
• The user privileges changes intermittently for a few super user accounts. [PR/677916:<br />
This issue has been resolved.]<br />
<strong>Release</strong> 11.3R1<br />
The following issues have been resolved since Junos OS <strong>Release</strong> 11.2R2. The identifier<br />
following the description is the tracking number in our bug database.<br />
Class of Service<br />
• When more than 10 member links are added to an Aggregate bundle, the cosd process<br />
might crash and restart due to a memory corruption. [PR/613422: This issue has been<br />
resolved.]<br />
• The packets received by the IQE PIC might be classified incorrectly. This issue occurs<br />
when logical interfaces on the same IQE PIC that have two families (out of family inet,<br />
inet6, or mpls) is configured. When one of the families is deleted from a logical interface<br />
or set of logical interfaces with a particular Layer 2 encapsulation, the incoming packets<br />
are classified incorrectly the next time a family is deleted from a logical interface with<br />
a different Layer 2 encapsulation on the same PIC. [PR/605040: This issue has been<br />
resolved.]<br />
Forwarding and Sampling<br />
• In Junos OS <strong>Release</strong> 10.1 and later, the SNMP MIB walk for jnxFWCounter does not<br />
work. [PR/551857: This issue has been resolved.]<br />
• In rare situations where VPLS IFF is deleted, the backup Routing Engine might panic.<br />
[PR/552240: This issue has been resolved.]<br />
• When subscribers with more than one service session exist, the pfed process might<br />
dump core files while sending interim requests. [PR/555338: This issue has been<br />
resolved.]<br />
• The backup Routing Engine might crash during an label-switched path flap, when an<br />
old indexed next-hop is not deleted and a new indexed next-hop with the same<br />
properties is received. [PR/589555: This issue has been resolved.]<br />
• When a neighbor frequently fails to answer IPv6 neighbor solicitation messages or<br />
does so with delay, there is a potential race condition where the neighbor entry can be<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
marked reachable in the cache but have no MAC address. As a consequence, the transit<br />
traffic going to this neighbor will be sent with a random destination MAC and be flooded<br />
by any switch in the middle to all devices on the LAN for a duration equal to the<br />
reachability timeout (30 seconds approximately). [PR/608439: This issue has been<br />
resolved.]<br />
• On Trio platform, the MPC might crash when the instance-type option is configured<br />
with virtual switch, and IRB is configured under bridge domain in VPLS. This issue might<br />
also occur when the IRB is configured over VPLS virtual tunnel. [PR/610808: This issue<br />
has been resolved.]<br />
• The pfed process crashes when a memory that has been freed is accessed. This freed<br />
memory is accessed when some debug counters are updated during a status response<br />
processing code. The crash occurs only if this freed memory is set to NULL or is reused.<br />
[PR/612271: This issue has been resolved.]<br />
• The firewall does not block an SSH activity that is performed using an IPv6 address.<br />
[PR/613501: This issue has been resolved.]<br />
• Memory leaks occur in the Packet Forwarding Engine request allocation for a few kernel<br />
drivers. [PR/614599: This issue has been resolved.]<br />
• When a firewall filter configuration is removed from interfaces that contain port<br />
mirroring, the system log entry “jtree memory free using incorrect value 4 correct 0“ or<br />
a combination of "Multiple Free :jt_mem_free" entries might be reported from the DPCs<br />
or FEBs. This issue occurs only if the mirror-once option is configured under the<br />
port-mirroring statement. As a workaround, remove the mirror-once option and use<br />
different port mirroring instances when ingress and egress port mirroring is performed.<br />
[PR/659316: This issue has been resolved.]<br />
• Packets might be dropped when a firewall filter is configured on an IRB interface with<br />
an action for DSCP marking. [PR/661706: This issue has been resolved.]<br />
• Under certain error conditions, the statistics infrastructure can leak memory. If the error<br />
is repeated, then the mib2d process might exhaust all of its allocated memory, crash,<br />
and then restart with a refreshed memory. This error does not interrupt service and the<br />
process recovers without any manual intervention. [PR/672274: This issue has been<br />
resolved.]<br />
Issues in Junos OS <strong>Release</strong> 11.3 for Common Platform Features<br />
97
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
98<br />
General Routing<br />
• When the RD value of a routing instance is changed, the if-route-exists condition that<br />
matches a specific route within a routing table in that routing instance within a policy<br />
might get stuck with a false evaluation. This might lead to the main policy failing,<br />
resulting in an incorrect behavior of that policy. [PR/674616: This issue has been<br />
resolved.]<br />
High Availability<br />
• A unified in-service software upgrade (unified ISSU) with host-bound traffic greater<br />
than 5 Kbps causes the host path to be stuck. The IQ2 PICs and Enhanced IQ2 PICs<br />
remain offline after an unified ISSU under such traffic conditions. [PR/559882: This<br />
issue has been resolved.]<br />
• After a unified in-service software upgrade (unified ISSU) of M Series routers with XFP<br />
on cFPC, the output of the show chassis pic and show interfaces diagnostics optics<br />
commands provide an invalid information for the XFP. [PR/567490: This issue has<br />
been resolved.]<br />
• When an MFR, MLPPP, or MT interface is brought down, or an inet6 family is deleted,<br />
a PFEMAN socket shutdown and a kernel crash might occur. [PR/609484: This issue<br />
has been resolved.]<br />
• On MX Series routers running Junos OS <strong>Release</strong> 10.2 or later, after repeated execution<br />
of the show interface interface-name command, the command might stop working and<br />
not be able to collect the statistics from the Packet Forwarding Engine. When this issue<br />
occurs:<br />
• The pfed process takes up to 100% CPU resources and stays pegged at a high value.<br />
• The process size of the pfed process reaches its maximum permitted size.<br />
• The show interface statistics command fails.<br />
• The SNMP requests fails.<br />
One or more of the following system log messages might be reported:<br />
/kernel: Process (84954,ifinfo) attempted to exceed RLIMIT_DATA: attempted<br />
131888 KB Max 131072 KB<br />
/kernel: Process (86084,bdbrepd) attempted to exceed RLIMIT_DATA: attempted<br />
132048 KB Max 131072 KB<br />
/kernel: Process (1811,pfed) attempted to exceed RLIMIT_DATA: attempted<br />
131084 KB Max 131072 KB<br />
/kernel: Process (1811,pfed) has exceeded 85% of RLIMIT_DATA: used 117944<br />
KB Max 131072 KB<br />
init: database-replication (PID 86084) exited with status=1<br />
pfed: rtslib: ERROR Failed to allocate new block of size 16384<br />
pfed: rtslib: ERROR Allocation Failure for (16384) bytes<br />
When this issue occurs, if SNMP requests that are serviced by the pfed process are<br />
made, the error message “mib2d[1810]: MIB2D_RTSLIB_READ_FAILURE:<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
check_rtsock_rc: failed in reading ifls: 0 (Invalid argument)” from the mib2d process<br />
appears. [PR/610238: This issue has been resolved.]<br />
• There are no log messages that indicate high levels of utilization of the /mfs file system.<br />
[PR/658588: This issue has been resolved.]<br />
Interfaces and Chassis<br />
• The error messages “attributesif_pfe_mfr_copy_options_to_ifl: IFD rlsq0:38: Couldn't<br />
get the multilink PIC attributes” are logged during an RLSQ hot-standby. [PR/516109:<br />
This issue has been resolved.]<br />
• No error messages are displayed when incorrect values are passed to the show oam<br />
ethernet connectivity-fault-management interfaces value extensive command.<br />
[PR/589689: This issue has been resolved.]<br />
• On MX Series 3D Universal Edge Routers, if a logical interface is part of a logical interface<br />
set that has the scheduler-map statement configured, and if the logical interface has<br />
no output traffic control profile, the scheduler-map field in the output of the show<br />
class-of-service interface command is incorrect. [PR/591801: This issue has been<br />
resolved.]<br />
• The output of the show interface interface-set queue command does not display the<br />
results for Enhanced IQ2 interfaces. Additionally, the command times out without any<br />
output on M320 routers. [PR/595991: This issue has been resolved.]<br />
• The MX80 routers dump core files after an upgrade to Junos OS <strong>Release</strong> 11.2, and when<br />
the mode active-active option is enabled at the [aggregated-ethernet-options mc-ae]<br />
hierarchy level. [PR/601497: This issue has been resolved.]<br />
• A faulty PIC might cause the FPC to restart after dumping core files. [PR/605690: This<br />
issue has been resolved.]<br />
• The memory used for logical interface messages are not freed on IDL interfaces.<br />
[PR/606645: This issue has been resolved.]<br />
• When an fxp0 interface is configured to use 100 Mbps speed on a full duplex link mode,<br />
the interface appears as administratively down after a reboot. [PR/606703: This issue<br />
has been resolved.]<br />
• On MX Series routers, when an RX fiber is taken offline, it might take up to 7.5 seconds<br />
for the router to report the link fault through remote fault detection to its link neighbor.<br />
[PR/607424: This issue has been resolved.]<br />
• When a 1-port 10-Gigabit Ethernet PIC is taken offline and back online continuously,<br />
the FPC crashes due to memory issues. [PR/608214: This issue has been resolved.]<br />
• The chassisd process on the master Routing Engine utilizes about 99% of the CPU<br />
resources when a new backup Routing Engine is inserted. There is no mastership from<br />
both the Routing Engines and all active packet forwarding engines are lost. To recover<br />
from this state, halt the new backup Routing Engine and restart the chassisd process<br />
on the previous master Routing Engine. [PR/612048: This issue has been resolved.]<br />
• On a 64-bit kernel running processes in 32-bit mode, the select system call in the kernel<br />
does not handle descriptor set sizes in multiples of 4 byte words. [PR/613721: This<br />
issue has been resolved.]<br />
Issues in Junos OS <strong>Release</strong> 11.3 for Common Platform Features<br />
99
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
100<br />
• The ATM2 PIC stops forwarding traffic after a unified in-service software upgrade.<br />
[PR/613881: This issue has been resolved.]<br />
• When a router acts as a transit router (not LAC or LNS) and port mirroring is enabled<br />
on the ports sending and receiving this L2TP transit traffic, the traffic received from<br />
the access side port is not mirrored properly. However, the L2TP transit traffic exiting<br />
the router on egress either toward the core or access side is mirrored properly.<br />
[PR/614155: This issue has been resolved.]<br />
• A file system leak in /mfs causes the /mfs file system to fill up gradually. This in turn<br />
leads to the RAM getting fully utilized. Due to this, the software uses up the swap space<br />
causing a slowdown. [PR/614576: This issue has been resolved.]<br />
• On M120 routers, when an FEB switches over because of an FEB software crash, the<br />
control connection between the Routing Engine and the IQ2/IQ2E PIC might be lost.<br />
This might result in a traffic blackhole on the logical interfaces added on the PIC after<br />
the FEB switchover. [PR/658689: This issue has been resolved.]<br />
• Under certain conditions where a 100-Gigabit Ethernet PIC is reset, the PIC reverts<br />
from a configured vlan-steering mode to the default sa-multicast mode. [PR/659681:<br />
This issue has been resolved.]<br />
• The MPC card might crash when transient errors in a particular memory block are<br />
detected by interrupt handlers before they are cleared. [PR/661509: This issue has<br />
been resolved.]<br />
• A 4-port 10-Gigabit Ethernet PIC with XFP might flap when a failover occurs on the<br />
transmission side. For example, if a failover in transmission takes 10 ms and interface<br />
damping is configured as 50 ms, the interface flaps. [PR/662124: This issue has been<br />
resolved.]<br />
• When an MX80 router chassis is connected to a Cisco router and automatic negotiation<br />
is enabled, the output of the show interface command displays the working speed of<br />
the link instead of the maximum speed. [PR/662605: This issue has been resolved.]<br />
• DCD_CONFIG_WRITE_FAILED and "group exceeded" errors appear on MLFR interfaces<br />
after a configuration change due to improper cleanup of counters. [PR/668087: This<br />
issue has been resolved.]<br />
• During a graceful Routing Engine switchover (GRES), the new master Routing Engine<br />
might send flood next hops to Packet Forwarding Engines in static mode, resulting in<br />
the Packet Forwarding Engine dumping core files, under the following conditions:<br />
1. GRES and the enhanced-ip option are configured on the router and the router has<br />
created flood next hops.<br />
2. A new configuration that disables both GRES and the enhanced-ip option is<br />
committed on the master Routing Engine.<br />
3. The master Routing Engine is rebooted.<br />
4. GRES is performed.<br />
To prevent this issue from occurring, reboot both Routing Engines after the configuration<br />
is committed. [PR/668766: This issue has been resolved.]<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
• On M Series and T Series routers with Enhanced IQE PICs, the router might crash if a<br />
precedence rewrite rule results in all the zeros being configured to the classifier table<br />
and a unified in-service software upgrade is performed. [PR/674274: This issue has<br />
been resolved.]<br />
• When both inverse-arp and frame-relay-ether-type options are configured on the same<br />
interface, the router fails to pass the configuration check and the configuration is not<br />
committed. [PR/674774: This issue has been resolved.]<br />
• On an MX960 router, the FPC might not come back up after an upgrade to Junos OS<br />
<strong>Release</strong> 10.4R6, 11.1R3, and 11.2R1 with an error message "No power". This issue occurs<br />
due to a power miscalculation and is observed when all the following conditions are<br />
met:<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
• The MX960 router is used with high capacity AC PEMs.<br />
• One of the high capacity AC PEMs in a zone has only one feed connected.<br />
• The router boots up to the above Junos OS <strong>Release</strong>s.<br />
[PR/676322: This issue has been resolved.]<br />
• On routers running 64-bit Junos OS, connections to the FPCs might get closed and<br />
reopened, and the FPC might restart depending on which connection is reset. This is<br />
caused when the current system uptime is incorrectly compared to the time when the<br />
last TCP segment is received on the socket. The issue might first occur after 24 days<br />
and 20 hours of system uptime, and then at intervals of 49 days and 16 hours. The<br />
following message logs are added:<br />
fpc1 PPMAN disconnected; Remote side closed<br />
fpc1 L2ALM: %PFE-3: Master closed connection<br />
fpc1 L2ALM: %PFE-3: Master socket closed, 0x435e6330<br />
fpc1 L2ALM disconnected; L2ALM socket closed abruptly<br />
fpc1 CLKSYNC: %PFE-3: Master closed connection<br />
fpc1 CLKSYNC: %PFE-3: Master socket closed, 0x42e82a30<br />
fpc1 CLKSYNC disconnected; CLKSYNC socket closed abruptly<br />
fpc1 CMLC: %PFE-3: Master closed connection<br />
chassisd[1387]: %DAEMON-3-CHASSISD_IPC_CONNECTION_DROPPED: Dropped IPC<br />
connection for FPC 1<br />
chassisd[1387]: %DAEMON-5-CHASSISD_IFDEV_DETACH_FPC: ifdev_detach_fpc(1)<br />
[PR/678053: This issue has been resolved.]<br />
Issues in Junos OS <strong>Release</strong> 11.3 for Common Platform Features<br />
101
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
102<br />
Layer 2 Ethernet Services<br />
• The jdhcpd process might crash when the dhcp-relay configuration includes traceoptions<br />
for the database flag (or the all flag, which also includes the database flag) and the<br />
general configuration involves bridge domains with IRB interfaces. Any other dhcp-relay<br />
traceoptions flag can be used safely. [PR/661778: This issue has been resolved.]<br />
MPLS Applications<br />
• With Junos OS <strong>Release</strong> 10.4 and later, if a failure occurs on the current active path<br />
while waiting to switch over to an MBB path, the MBB timer is cancelled and the MBB<br />
path is used immediately. [PR/586079: This issue has been resolved.]<br />
• When a router acting as a transit node for a node-link protected label-switched path<br />
sends RESV messages on a restored link without receiving a PATH message from the<br />
ingress router, the ingress router might set RSVPErr messages that causes a<br />
label-switched path teardown and traffic drops. [PR/591301: This issue has been<br />
resolved.]<br />
• During MBB, when the sender traffic speculation (Tspec) and the reservation flow<br />
speculation does not match, the output of the show RSVP interface command might<br />
not reflect the correct reserved bandwidth. [PR/601036: This issue has been resolved.]<br />
• When the no-cspf option is configured, the RSVP tunnel does not come back up after<br />
the label-switched path connectivity recovers. [PR/611686: This issue has been<br />
resolved.]<br />
• Junos OS does not handle the MPLS echo-reply packet correctly with multipath type<br />
0. [PR/662814: This issue has been resolved.]<br />
• The routing protocol process dumps core files during automatic bandwidth adjustment<br />
of label-switched paths that went down and are in a process of coming up.<br />
[PR/665584: This issue has been resolved.]<br />
• On MX960 routers, the output of the show rsvp neighbor command displays negative<br />
values in the MsgRcvd field. [PR/666224: This issue has been resolved.]<br />
• When LDP Signaling for VPLS is used, the U bit does not follow RFC 4762 in the MAC<br />
Address Withdrawal MAC list TLV (0x0404). [PR/669275: This issue has been<br />
resolved.]<br />
• The MPLS automatic bandwidth does not update the maxbw variable correctly during<br />
a switchover process. [PR/671734: This issue has been resolved.]<br />
• When a link that carries a large number of label-switched paths on a router acting as<br />
PLR goes down, the backup label-switched paths on the PLR might also go down due<br />
to the backup label-switched paths timing out. [PR/672511: This issue has been<br />
resolved.]<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
Network Management<br />
• The monitor traffic interface command that is configured to match an ARP does not<br />
match any ARP information. [PR/585728: This issue has been resolved.]<br />
• In some cases where SNMP bulk packets are handled, and the backend handler times<br />
out, the snmpd process might crash. [PR/607704: This issue has been resolved.]<br />
• When SNMPv3 is used and the notify type is set to inform instead of trap, the response<br />
messages from the trap collector causes the following error log<br />
“alidate_interface_access: socket failure: interface index not found (0)” to be displayed.<br />
This is only a cosmetic issue. [PR/660989: This issue has been resolved.]<br />
• The eventd process dumps core files under certain policy configurations. [PR/663871:<br />
This issue has been resolved.]<br />
Platform and Infrastructure<br />
• When an interface with IPv6 address has the rpf-check option enabled, and any IPv6<br />
address is configured on a management interface, the IPv6 link local connectivity gets<br />
affected on the interface that has the rpf-check option enabled. Also, all protocols the<br />
uses the link local address goes down or gets stuck. There is no workaround. [PR/546115:<br />
This issue has been resolved.]<br />
• On an enhanced CFEB with TCC and per-packet load-balance configured in a Layer 2<br />
circuit, the Packet Forwarding Engine might drop packets. [PR/575784: This issue has<br />
been resolved.]<br />
• A power drop on the VCSEL channels might cause HSL2 CRC errors. This might result<br />
in the SIB going into a fault check state. [PR/589103: This issue has been resolved.]<br />
• On MX Series routers with DPCs, M320 routers with Enhanced 3 FPCs, and M7i, M10i,<br />
and M120 routers with enhanced CFEBs, the IMQ might get stuck in a state that causes<br />
traffic drops in the queue. [PR/594606: This issue has been resolved.]<br />
• Under certain circumstances where multicast VRF is configured, when a change such<br />
as activating or deactivating a new routing instance is performed, logs related to jtree<br />
might get freed multiple times. This might result in the DPCs crashing without generating<br />
a core file. [PR/603821: This issue has been resovled.]<br />
• The IRB MTU calculation is incorrect for IPv4 traffic when the IRB interface uses VPLS<br />
on the MPCs. [PR/606555: This issue has been resolved.]<br />
• The FPC might crash when the firewall filter has a large number of lines in the<br />
configuration and the show filter index command is used. [PR/607269: This issue has<br />
been resolved.]<br />
• On MX80 routers, the jnxMac snmp query has an incorrect MAC OID. [PR/608029:<br />
This issue has been resolved.]<br />
• A transient error in one of the PPE memories might result in an LMEM data error. When<br />
this issue occurs, the following messages are logged:<br />
Issues in Junos OS <strong>Release</strong> 11.3 for Common Platform Features<br />
fpc4 LU 0 PPE_0 Errors lmem data error 0x00000042<br />
fpc4 PPE PPE HW Fault Trap: Count 757685325, PC 6115, 0x6115:<br />
handle_gauge_init_qsys_mq1_mq2<br />
103
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
104<br />
Although this issue does not indicate that a hard fault exists in the system, packets<br />
with this error is dropped. To recover from this issue, reboot the MPC. [PR/614054:<br />
This issue has been resolved.]<br />
• An error condition in the routing socket message might lead to memory corruption,<br />
possible memory leak, and/or a router crash. [PR/659752: This issue has been resolved.]<br />
• On TX Matrix Plus routers, if an LCC's master Routing Engine panics, the backup Routing<br />
Engine gains mastership and the FPCs that belong to the LCC might not be able to<br />
reconnect to the new master Routing Engine in time. This might cause the FPCs to<br />
reset and not restart properly for a long time until the live kernel core dump on the SFC<br />
master Routing Engine is finished. The system log message “lcc0-fpc0 PFEMAN:<br />
%PFE-3: trying master connection, attempt 1200 to 0x1000001” is reported on the<br />
LCC. [PR/659782: This issue has been resolved.]<br />
• The dynamically allocated memory gets corrupted when the Layer 2 data length<br />
changes in the receiving next hop. [PR/670710: This issue has been resolved.]<br />
• In a rare condition where an SRAM parity error stays uncorrected on an FPC, the FPC<br />
might crash when a cprod command is used. [PR/670754: This issue has been resolved.]<br />
• A jtree memory corruption might occur due to some memory double free issue on MLFR<br />
interfaces. [PR/671123: This issue has been resolved.]<br />
• On platforms that support the Junos Trio chipset, the MPC might crash and restart if<br />
the interface policer bind makes it to the Packet Forwarding Engine before the interface<br />
policer consistent message. This issue might occur in the following scenarios:<br />
• During boot time, if only one interface is configured and the default ARP policer<br />
(17000) is bound to this interface.<br />
• When an interface policer is configured and attached to an interface in the same<br />
commit.<br />
As a workaround, bring all the MPCs online without configuring any interfaces and<br />
enable the interfaces after the MPC is online. [PR/676725: This issue has been resolved.]<br />
Routing Protocols<br />
• The message "cannot perform nh operation ADDANDGET" is logged after each unilist<br />
flap. This is a cosmetic error and does not affect functionality. [PR/591773: This issue<br />
has been resolved.]<br />
• When PIM auto-rp is configured under logical systems, the routing protocol process<br />
and the kernel might crash. [PR/595564: This issue has been resolved.]<br />
• The routing protocol process crashes a few minutes after some of the iBGP neighbors<br />
are deleted from the configuration. [PR/606952: This issue has been resolved.]<br />
• On MX80 routers and MPC-3D cards, jflow sampling might not work when it is enabled<br />
using the interface configuration. [PR/660126: This issue has been resolved.]<br />
• When the accept-remote-nexthop option is enabled and the import policy to change<br />
next hop to self is used for EBGP sessions, the routing protocol process might crash.<br />
[PR/660194: This issue has been resolved.]<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
• With graceful Routing Engine switchover and nonstop active routing configured, some<br />
BGP sessions might stay in an idle state on the backup Routing Engine. [PR/660732:<br />
This issue has been resolved.]<br />
• During router advertisements over PPPoE, any advertisement sent with<br />
00:00:00:00:00:00 as the link layer address might cause an invalid LLA message in<br />
Cisco CPE devices. To resolve this issue, suppress the link layer address trasmission<br />
when the length is 0 as part of the advertisement since this indicates that the option<br />
is not valid. [PR/661286: This issue has been resolved.]<br />
• The Routing Engine might crash when multiple VRRP groups are configured on an<br />
interface. [PR/668657: This issue has been resolved.]<br />
• In a scaled environment, the restart routing command might cause the KRT queue (the<br />
internal communications within the system) to stall due to “Device busy” errors. This<br />
might result in system instability that can only be cleared by rebooting the system.<br />
[PR/670808: This issue has been resolved.]<br />
Services Applications<br />
• When the Layer 2 Tunneling Protocol process restarts, the corresponding kernel data<br />
structures are not removed. When a restarted process finds these configuration-related<br />
kernel entries, the process considers this to be an error. [PR/441395: This issue has<br />
been resolved.]<br />
• The NAT64 to ICMP time expire packet might not be translated correctly for packets<br />
sourced from the intermediate node in traceroute. [PR/597036: This issue has been<br />
resolved.]<br />
• The application service provider integrated PIC on an M7i rouer does not boot up due<br />
to an issue in the Packet Forwarding Engine microkernel scheduler. [PR/614393: This<br />
issue has been resolved.]<br />
• On MX240 routers, huge interleaved RSTP length packets might be discarded.<br />
[PR/660644: This issue has been resolved.]<br />
• When a sampling configuration is deleted and added again, the jflow configuration<br />
does not get deleted from the PIC, and gets added twice with a different template ID.<br />
[PR/661726: This issue has been resolved.]<br />
• Some jflow v9 records might contain invalid values on MX Series routers with<br />
Multiservices DPC and physical interfaces hosted on enhanced DPC-R/Q/EQ types.<br />
[PR/662440: This issue has been resolved.]<br />
• Established IPsec and IKE SAs get deleted when an IPsec service set is added or<br />
removed. [PR/665912: This issue has been resolved.]<br />
• A duplicate SPI from the peer might get rejected during the Internet Key Exchange<br />
negotiation. [PR/667178: This issue has been resolved.]<br />
• When Endpoint Independent Mapping and Address Pooling Paired features are enabled<br />
independently on the same NAT pool, but in different NAT rules, the Multiservices DPC<br />
might crash. As a workaround, do not enable these two features separately in multiple<br />
rules. [PR/678962: This issue has been resolved.]<br />
Issues in Junos OS <strong>Release</strong> 11.3 for Common Platform Features<br />
105
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
106<br />
Software Installation<br />
• During an unified in-service software upgrade (unified ISSU) from a Junos OS later<br />
release to 11.2R1 on all platforms that support unified ISSU, kernel panic might occur.<br />
[PR/604050: This issue has been resolved.]<br />
Subscriber Access Management<br />
• Both radius-flow-tap and a firewall filter that has a system log action cannot be<br />
configured on the router at the same time. [PR/573333]<br />
• When both Dynamic Host Configuration Protocol and Point-to-Point Protocol are<br />
configured to run on the same BNG, a database corruption might occur. This issue<br />
occurs when interfaces are repeatedly created and removed in rapid succession.<br />
[PR/577289: This issue has been resolved.]<br />
• On a Trio MPC, VPLS flooding is disrupted due to aggregated Ethernet next hop weights<br />
being set incorrectly. The disruption occurs under the following circumstances:<br />
1. The configuration is performed on a Trio MPC on an MX Series router.<br />
2. A VPLS routing instance configuration is commited where the VPLS routing instance<br />
is inactive and an aggregated Ethernet logical interface is disabled and in the<br />
deactivated state.<br />
3. The aggregated Ethernet logical interface is subsequently activated and the disabled<br />
configuration is deleted.<br />
As a workaround, deactivate and then activate the aggregated Ethernet logical interface.<br />
[PR/589416: This issue has been resolved.]<br />
• The accounting attribute 41 (acct-delay-time) is missing from the accounting start,<br />
interim, and stop messages as the VSA does not exist in the RADIUS accounting<br />
requests from MX Series routers to the RADIUS server. [PR/607520: This issue has<br />
been resolved.]<br />
• If a graceful Routing Engine switchover (GRES) is performed while subscribers are<br />
logging in to the router, some subscriber sessions can remain in the initialization state.<br />
Even though the erroneous sessions cannot be removed, the subscribers can properly<br />
log in to the network. [PR/610641: This issue has been resolved.]<br />
• Repeated and rapid login and logout of very large numbers of subscribers in an L2TP<br />
networking environment might result in the L2TP process failing. [PR/659370: This<br />
issue has been resolved.]<br />
• For configurations with more than 32,000 PPP subscribers, it is recommended to<br />
configure the keepalive interval to no less than 75 seconds to avoid subscriber<br />
termination due to "no keepalive" errors. [PR/661837: This issue has been resolved.]<br />
• When auto-configured, single-tagged VLANs are created on Trio MPCs, the initial<br />
auto-configuration operates properly for the VLAN interfaces. However, subsequent<br />
VLAN auto-configuration attempts on previously auto-configured, single-tagged VLAN<br />
IDs can result in the VLAN interfaces failing. Deactivate and reactivate the Ethernet<br />
device to resolve the error condition. However, deactivating the Ethernet device also<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
esults in deactivating all other interfaces on the device, along with any current DHCP<br />
or PPPoE subscribers. [PR/662722: This issue has been resolved.]<br />
• PPPoE generates numerous "NACK received for profile request...Cannot access SDB<br />
session update info retry FALSE" messages when scaling to 64,000 dynamic PPPoE<br />
clients with static VLANs. Resources consumed by message generation slows<br />
processing and causes session failures due to timeouts. [PR/667088: This issue has<br />
been resolved.]<br />
• When subscriber entries are created and deleted continuously while graceful Routing<br />
Engine switchover (GRES) operations are performed repetitively for 70 hours or longer,<br />
the router might generate an authentication process (authd) core file. [PR/668172:<br />
This issue has been resolved.]<br />
• The authd process generates malformed packets to the RADIUS server when the<br />
ADSL-Forum VSA and DSLForum-Access-Loop-Encapsulation attributes are used.<br />
[PR/668701: This issue has been resolved.]<br />
• When a router is running a large scale broadband access configuration during a graceful<br />
Routing Engine switchover, failures might occur due to lack of resources if the router<br />
is recovering core files associated with the firewall process (dfwd). However, the router<br />
recovers and resumes operation without intervention. [PR/668974: This issue has<br />
been resolved.]<br />
• When a framed-ip-mask attribute is passed from the RADIUS server using local address<br />
pools, the address protection during a master switch and/or a graceful Routing Engine<br />
switchover fails to protect the addresses in use. [PR/673252: This issue has been<br />
resolved.]<br />
User Interface and Configuration<br />
• Received events are not filtered by the value specified in the attributes-match option.<br />
[PR/613907: This issue has been resolved.]<br />
• The jptspd process requires the PPR to have policies set to update only the username.<br />
[PR/665181: This issue has been resolved.]<br />
VPNs<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
• Under certain circumstances, adding and deleting an extranet instance in an MVPN<br />
might result in a KRT queue build-up. [PR/422765: This issue has been resolved.]<br />
• When a large configuration consisting of hundreds or more pseudowires is merged to<br />
a router that is running, or when a large configuration consisting of hundreds of<br />
pseudowires is loaded on the router, the MIB information of some logical interfaces<br />
might be missing. [PR/513585: This issue has been resolved.]<br />
• The routing protocol process might crash in an NG-MVPN environment when a p-tunnel<br />
next hop is an IPv6 address. [PR/581634: This issue has been resolved.]<br />
• In MVPN environment on Trio platform, if a routing instance is added on a P router, a<br />
PIM neighborship is established between the remote upstream PE router and the<br />
downstream P router. However, the MVPN might go down. [PR/609446: This issue<br />
has been resolved.]<br />
Issues in Junos OS <strong>Release</strong> 11.3 for Common Platform Features<br />
107
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
Related<br />
Documentation<br />
• The routing protocol process might dump core files when VPLS is configured and active<br />
while VPLS traces are enabled. As a workaround, disable VPLS traces. [PR/610744:<br />
This issue has been resolved.]<br />
• In a multicast VPN enviroment, the routing protocol process dumps core files when<br />
the default-vpn-source option is configured and the mtrace command is executed.<br />
[PR/613754: This issue has been resolved.]<br />
• When a PIM-DM is used with NGEN MVPNs and multi-homed PEs, and when the PE-CE<br />
link goes down, the source address that was previously reachable in the local VRF gets<br />
located across the core through another PE. The multicast forwarding state for this<br />
source do not update correctly causing loss of traffic. [PR/614441: This issue has been<br />
resolved.]<br />
• The routing protocol process crashes when the set routing-instances noris-vpls protocols<br />
vpls mac-flush any-interface command is used. The following error message appears:<br />
mx01 init: routing (PID 1466) terminated by signal number 6. Core dumped!<br />
mx01 bfdd[1401]: BFDD_TRAP_MHOP_STATE_DOWN: local discriminator: 6, new<br />
state: down, peer addr: <br />
mx01 init: routing (PID 1854) started<br />
[PR/659842: This issue has been resolved.]<br />
• The routing protocol process might crash when ingress replication is used as a provider<br />
tunnel with multicast VPNs. [PR/661154: This issue has been resolved.]<br />
• When family route-target is configured and configuration for protocol BGP is removed<br />
and configured repeatedly, the BGP might fail to generate and advertise the local VRF<br />
RT-Constrain NLRI to the peers that have negotiated family route-target. This might<br />
lead to a VPN connection loss as the remote BGP peer do not receive the expected<br />
RT-Constrain routes and hence do not respond to those associated VPN routes that<br />
have matching route-target extended communities. [PR/666819: This issue has been<br />
resolved.]<br />
• On MX80 routers, the octets of the multicast group of an MBGP MVPN route is printed<br />
in reverser order on the output of the show route table VPN-A.mvpn.0 command.<br />
[PR/670194: This issue has been resolved.]<br />
• When the mplsVpnVrf MIB is polled and a large number of interfaces exist on the DUT,<br />
•<br />
high CPU usage, schedule slips, and bounced peers might occur. As a workaround,<br />
avoid polling the tables containing the mplsVpnScalars and mplsVpnVrfTable interface<br />
counters. [PR/673186: This issue has been resolved.]<br />
Unsupported Features in Junos OS <strong>Release</strong> 11.3 for Common Platform Features on<br />
page 83<br />
Junos OS Documentation and <strong>Release</strong> <strong>Notes</strong><br />
108<br />
For a list of related Junos OS documentation, see<br />
http://www.juniper.net/techpubs/software/junos/ .<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Documentation Feedback<br />
If the information in the latest release notes differs from the information in the<br />
documentation, follow the Junos OS <strong>Release</strong> <strong>Notes</strong>.<br />
To obtain the most current version of all <strong>Juniper</strong> <strong>Networks</strong> ® technical documentation,<br />
see the product documentation page on the <strong>Juniper</strong> <strong>Networks</strong> website at<br />
http://www.juniper.net/techpubs/ .<br />
<strong>Juniper</strong> <strong>Networks</strong> supports a technical book program to publish books by <strong>Juniper</strong> <strong>Networks</strong><br />
engineers and subject matter experts with book publishers around the world. These<br />
books go beyond the technical documentation to explore the nuances of network<br />
architecture, deployment, and administration using the Junos operating system (Junos<br />
OS) and <strong>Juniper</strong> <strong>Networks</strong> devices. In addition, the <strong>Juniper</strong> <strong>Networks</strong> Technical Library,<br />
published in conjunction with O'Reilly Media, explores improving network security,<br />
reliability, and availability using Junos OS configuration techniques. All the books are for<br />
sale at technical bookstores and book outlets around the world. The current list can be<br />
viewed at http://www.juniper.net/books .<br />
We encourage you to provide feedback, comments, and suggestions so that we can<br />
improve the documentation. You can send your comments to<br />
techpubs-comments@juniper.net, or fill out the documentation feedback form at<br />
https://www.juniper.net/cgi-bin/docbugreport/. If you are using e-mail, be sure to include<br />
the following information with your comments:<br />
• Document name<br />
• Document part number<br />
• Page number<br />
• Software release version<br />
Requesting Technical Support<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
Technical product support is available through the <strong>Juniper</strong> <strong>Networks</strong> Technical Assistance<br />
Center (JTAC). If you are a customer with an active J-Care or JNASC support contract,<br />
or are covered under warranty, and need postsales technical support, you can access<br />
our tools and resources online or open a case with JTAC.<br />
• JTAC policies—For a complete understanding of our JTAC procedures and policies,<br />
review the JTAC User Guide located at<br />
http://www.juniper.net/customers/support/downloads/710059.pdf.<br />
• Product warranties—For product warranty information, visit<br />
http://www.juniper.net/support/warranty/.<br />
• JTAC Hours of Operation —The JTAC centers have resources available 24 hours a day,<br />
7 days a week, 365 days a year.<br />
Self-Help Online Tools and Resources<br />
Documentation Feedback<br />
109
Junos OS 11.3 Software <strong>Release</strong> <strong>Notes</strong><br />
110<br />
For quick and easy problem resolution, <strong>Juniper</strong> <strong>Networks</strong> has designed an online<br />
self-service portal called the Customer Support Center (CSC) that provides you with the<br />
following features:<br />
• Find CSC offerings: http://www.juniper.net/customers/support/<br />
• Search for known bugs: http://www2.juniper.net/kb/<br />
• Find product documentation: http://www.juniper.net/techpubs/<br />
• Find solutions and answer questions using our Knowledge Base: http://kb.juniper.net/<br />
• Download the latest versions of software and review release notes:<br />
http://www.juniper.net/customers/csc/software/<br />
• Search technical bulletins for relevant hardware and software notifications:<br />
https://www.juniper.net/alerts/<br />
• Join and participate in the <strong>Juniper</strong> <strong>Networks</strong> Community Forum:<br />
http://www.juniper.net/company/communities/<br />
• Open a case online in the CSC Case Management tool: http://www.juniper.net/cm/<br />
To verify service entitlement by product serial number, use our Serial Number Entitlement<br />
(SNE) Tool located at https://tools.juniper.net/SerialNumberEntitlementSearch/.<br />
Opening a Case with JTAC<br />
You can open a case with JTAC on the Web or by telephone.<br />
• Use the Case Management tool in the CSC at http://www.juniper.net/cm/ .<br />
• Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).<br />
For international or direct-dial options in countries without toll-free numbers, visit us at<br />
http://www.juniper.net/support/requesting-support.html.<br />
If you are reporting a hardware or software problem, issue the following command from<br />
the CLI before contacting support:<br />
user@host> request support information | save filename<br />
To provide a core file to <strong>Juniper</strong> <strong>Networks</strong> for analysis, compress the file with the gzip<br />
utility, rename the file to include your company name, and copy it to<br />
ftp.juniper.net:pub/incoming. Then send the filename, along with software version<br />
information (the output of the show version command) and the configuration, to<br />
support@juniper.net. For documentation issues, fill out the bug report form located at<br />
https://www.juniper.net/cgi-bin/docbugreport/.<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.
Revision History<br />
13January 2012—Revision 5, Junos OS 11.3 R4<br />
05 January 2012—Revision 4, Junos OS 11.3 R4<br />
23 November 2011—Revision 3, Junos OS 11.3 R3<br />
7 October 2011—Revision 2, Junos OS 11.3 R2<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc. All rights reserved.<br />
01 September 2011—Revision 1, Junos OS 11.3 R1<br />
<strong>Juniper</strong> <strong>Networks</strong>, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of <strong>Juniper</strong> <strong>Networks</strong>, Inc. in the United<br />
States and other countries. The <strong>Juniper</strong> <strong>Networks</strong> Logo, the Junos logo, and JunosE are trademarks of <strong>Juniper</strong> <strong>Networks</strong>, Inc. All other<br />
trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.<br />
<strong>Juniper</strong> <strong>Networks</strong> assumes no responsibility for any inaccuracies in this document. <strong>Juniper</strong> <strong>Networks</strong> reserves the right to change, modify,<br />
transfer, or otherwise revise this publication without notice.<br />
Products made or sold by <strong>Juniper</strong> <strong>Networks</strong> or components thereof might be covered by one or more of the following patents that are<br />
owned by or licensed to <strong>Juniper</strong> <strong>Networks</strong>: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312,<br />
6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785.<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
Requesting Technical Support<br />
111