Release Notes 11.3R4 - Juniper Networks

Junos ® OS 11.3 Release Notes 

Release 11.3R4 

13 January 2012 

Revision 5 

These release notes accompany Release 11.3R4 of the Junos OS. They describe device 

documentation and known problems with the software for EX Series Ethernet Switches, 

QFX Series, and Common Platform Features. 

For the latest, most complete information about outstanding and resolved issues with 

the Junos OS software, see the Juniper Networks online software defect search application 

at http://www.juniper.net/prsearch. 

You can also find these release notes on the Juniper Networks Junos OS Documentation 

Web page, which is located at http://www.juniper.net/techpubs/software/junos/. 

Contents Junos OS Release Notes for EX Series Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 

Copyright © 2012, Juniper Networks, Inc. 

New Features in Junos OS Release 11.3 for EX Series Switches . . . . . . . . . . . . . 4 

Resilient Dual-Root Partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 

Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 

Ethernet Switching and Spanning Trees . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 

Fibre Channel over Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 

High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 

Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 

Layer 2 and Layer 3 Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 

MPLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 

Multicast Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 

Virtual Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 

Changes in Default Behavior and Syntax in Junos OS Release 11.3 for EX 

Series Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 

Ethernet Switching and Spanning Trees . . . . . . . . . . . . . . . . . . . . . . . . . . 10 

Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 

Software Installation and Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 

Limitations in Junos OS Release 11.3 for EX Series Switches . . . . . . . . . . . . . . . 11 


Firewall Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 

Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 

Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 

Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 

J-Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 

1

Junos OS 11.3 Software Release Notes 

2 

Management and RMON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 


Virtual Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 

Outstanding Issues in Junos OS Release 11.3 for EX Series Switches . . . . . . . 16 

Access Control and Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 


Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 

J-Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 

Layer 2 and Layer 3 Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 

Management and RMON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 

Power over Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 

Resolved Issues in Junos OS Release 11.3 for EX Series Switches . . . . . . . . . . 20 

Issues Resolved in Release 11.3R1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 

Issues Resolved in Release 11.3R2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 


Issues Resolved in Release 11.3R4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 

Changes to and Errata in Documentation for Junos OS Release 11.3 for EX 

Series Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 

Changes to the Junos OS for EX Series Switches Documentation . . . . . 39 

Errata . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 

Upgrade and Downgrade Instructions for Junos OS Release 11.3 for EX Series 

Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 

Upgrading from Junos OS Release 10.4R3 or Later . . . . . . . . . . . . . . . . . . 41 

Upgrading from Junos OS Release 10.4R2 or Earlier . . . . . . . . . . . . . . . . 43 

Downgrading to Junos OS Release 10.4R2 or Earlier . . . . . . . . . . . . . . . . 56 

Upgrade Policy for Junos OS Extended End Of Life Releases . . . . . . . . . 56 

Upgrading or Downgrading from Junos OS Release 9.4R1 for EX Series 

Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 

Upgrading from Junos OS Release 9.3R1 to Release 11.3 for EX Series 

Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 

Upgrading EX Series Switches Using NSSU . . . . . . . . . . . . . . . . . . . . . . . 57 

Junos OS Release Notes for the QFX Series . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 

New Features in Junos OS Release 11.3 for the QFX Series . . . . . . . . . . . . . . . 60 

Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 



Network Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 

Changes in Default Behavior and Syntax in Junos OS Release 11.3 for the 

QFX Series . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 

Traffic Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 

Limitations in Junos OS Release 11.3 for the QFX Series . . . . . . . . . . . . . . . . . 65 

Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 


Outstanding Issues in Junos OS Release 11.3 for the QFX Series . . . . . . . . . . . 67 

Configuration and File Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 

Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 

Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 

Junos OS Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 


Copyright © 2012, Juniper Networks, Inc.


Multicast Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 

Network Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 

Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 

Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 


Resolved Issues in Junos OS Release 11.3 for the QFX Series . . . . . . . . . . . . . . 71 


Issues Resolved in Release 11.3R4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 



Errata in Documentation for Junos OS Release 11.3 for the QFX Series . . . . . . 77 

Standards Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78 

Upgrade and Downgrade Instructions for Junos OS Release 11.3 for the QFX 

Series . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78 

Procedure for Upgrading CoS from Junos OS Release 11.1 or Release 11.2 

to Release 11.3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78 

Basic Procedure for Upgrading to Junos OS Release 11.3 . . . . . . . . . . . . . 79 

Upgrade and Downgrade Support Policy for Junos OS Extended End 

of Life Software Releases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 

Junos OS Release Notes for Juniper Networks Common Platform Features . . . . . 83 

Unsupported Features in Junos OS Release 11.3 for Common Platform 

Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 

High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 

Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 

Network Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 

Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 

Subscriber Access Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 

VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 

Issues in Junos OS Release 11.3 for Common Platform Features . . . . . . . . . . 86 

Current Software Release . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 

Previous Releases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 

Junos OS Documentation and Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 

Documentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 

Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 

Revision History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 

3


Junos OS Release Notes for EX Series Switches 

• New Features in Junos OS Release 11.3 for EX Series Switches on page 4 

• Changes in Default Behavior and Syntax in Junos OS Release 11.3 for EX Series 

Switches on page 10 

• Limitations in Junos OS Release 11.3 for EX Series Switches on page 11 

• Outstanding Issues in Junos OS Release 11.3 for EX Series Switches on page 16 

• Resolved Issues in Junos OS Release 11.3 for EX Series Switches on page 20 

• Changes to and Errata in Documentation for Junos OS Release 11.3 for EX Series 


• Upgrade and Downgrade Instructions for Junos OS Release 11.3 for EX Series 


New Features in Junos OS Release 11.3 for EX Series Switches 

4 

This section describes new features in Release 11.3 of the Junos operating system (Junos 

OS) for EX Series switches. 

NOTE: If you are upgrading from Release 10.4R2 or earlier, you must install 

new loader software as part of the upgrade process. This special software 

upgrade takes a little more time to complete than a standard upgrade. See 

“Upgrade and Downgrade Instructions for Junos OS Release 11.3 for EX Series 

Switches” on page 41 for instructions. 

Not all EX Series software features are supported on all EX Series switches in the current 

release. For a list of all EX Series software features and their platform support, see EX 

Series Switch Software Features Overview. 

New features are described on the following pages: 

• Resilient Dual-Root Partitions on page 5 

• Hardware on page 5 

• Ethernet Switching and Spanning Trees on page 8 

• Fibre Channel over Ethernet on page 8 

• High Availability on page 8 

• Infrastructure on page 8 

• Layer 2 and Layer 3 Protocols on page 9 

• MPLS on page 9 

• Multicast Protocols on page 9 

• Virtual Chassis on page 10 


Resilient Dual-Root Partitions 

• Resilient dual-root partitioning—Resilient dual-root partitioning, introduced on EX 

Series switches with Junos OS Release 10.4R3, provides additional resiliency to switches 

in the following ways: 

• Allows the switch to boot transparently from the second root partition if the system 

fails to boot from the primary root partition. 

• Provides separation of the root Junos OS file system from rest of the file system. If 

corruption of the /var file system occurs (which is more likely than corruption of the 

root file system because of the greater frequency of read and write operations), the 

root file system is insulated from the corruption. 

This new feature incorporates some enhancements that entail additional steps and 

require additional time when you upgrade from a release that does not support resilient 

dual-root partitions (that is, from Release 10.4R2 or earlier) to one that does. When 

upgrading from a release that supports resilient dual-root partitions, these additional 

steps are not required. 

For detailed upgrade instructions, see “Upgrade and Downgrade Instructions for Junos 

OS Release 11.3 for EX Series Switches” on page 41. [See Understanding Resilient 

Dual-Root Partitions on Switches.] 

Hardware 


• DC power supply support on EX2200 switches—EX2200 switches now support DC 

power supplies. [See EX2200 Switch Models.] 

• EX2200-C switch—The EX2200-C switch is a 12-port, compact, fanless, 

fixed-configuration switch. There are two models: EX2200-C-12T-2G (no Power over 

Ethernet (PoE)) and EX2200-C-12P-2G (PoE+ on all ports). Each EX2200-C switch 

has two dual-purpose uplink ports. You can configure a dual-purpose uplink port to 

operate either as a 10/100/1000 port or as an SFP module port, but not both at the 

same time. 

EX2200-C switches support the following optical transceivers: 

• EX-SFP-1FE-FX (100BASE-FX, 2 km) 

• EX-SFP-1GE-LH (1000BASE-LH or 1000BASE-ZX, 70 km) 

• EX-SFP-1GE-LX (1000BASE-LX, 10 km) 

• EX-SFP-1GE-SX (1000BASE-SX, 220 m, 275 m, 500 m, or 550 m) 

EX2200-C switches do not support switch connection and configuration through the 

J-Web interface. 

[See EX2200 Switch Hardware Documentation.] 


• EX3300 switch—The EX3300 switch is a fixed-configuration switch that is available 

in six models—24-port or 48-port models with either all ports equipped for Power over 

Ethernet (PoE) or none of the ports equipped for PoE. All EX3300 models provide 

network ports that have 10/100/1000BASE-T Gigabit Ethernet connectors and uplink 

5


6 

ports that support 10-gigabit small form-factor pluggable (SFP+) transceivers for use 

with fiber connections. You can connect individual EX3300 switches together to form 

one unit and manage the unit as a single chassis, called a Virtual Chassis. You can 

include up to six member switches in the Virtual Chassis. 

EX3300 switches support the following SFP+ optical transceivers: 

• EX-SFP-10GE-LR (10GBASE-LR, 10 km) 

• EX-SFP-10GE-LRM (10GBASE-LRM, 220 m) 

• EX-SFP-10GE-SR (10GBASE-SR, 26 m, 33 m, 66 m, 82 m, 300 m) 

• EX-SFP-10GE-USR (10GBASE-SR, 10 m, 30 m, 100 m) 

EX3300 switches support the following SFP optical transceivers: 


• EX-SFP-1GE-SX (1000BASE-SX, 220 m, 275 m, 500 m, 550 m) 

EX3300 switches support the following SFP+ direct attach cables: 

• EX-SFP-10GE-DAC-1m (1 m) 

• EX-SFP-10GE-DAC-7m (7 m) 

EX3300 switches do not support switch connection and configuration through the 


[See EX3300 Hardware Documentation.] 

• EX6210 switch—The EX6210 switch is a 10-slot, high-density, high-performance, 

cost-effective modular solution for enterprise campus, data center access, and 

high-density wiring-closet deployments. 

The EX6210 switch is supported on Junos OS Release 11.3R2 and later. 

This switch has fully redundant Switch Fabric and Routing Engine (SRE) modules. 

Each SRE module houses four 10-Gigabit Ethernet SFP+ uplink ports. EX6210 switches 

support the following redundant and load-sharing power supplies: 

• 2500 W AC power supply 

• 2100 W DC power supply 

EX6210 switches have a single fan tray that contains six redundant fans and provides 

front-to-back chassis cooling. 

EX6210 switches support two types of line cards: 

• 48-port 10/100/1000B-T RJ-45 

• 48-port 10/100/1000B-T PoE+ RJ-45 

EX6200 switches support the following optical transceivers: 

• EX-SFP-10GE-USR (10GBASE-USR, 10 m, 30 m, 100 m) 

• EX-SFP-10GE-ER (10GBASE-ER, 40 km) 



• EX-SFP-10GE-LR (10GBASE-LR, 10 km) 

• EX-SFP-10GE-LRM (10GBASE-LRM, 220 m) 

• EX-SFP-10GE-SR (10GBASE-SR, 26 m, 33 m, 66 m, 82 m, 300 m 

EX6210 switches do not support switch connection and configuration through the 


[See EX6210 Hardware Documentation.] 

• New optical transceiver support for EX6200 Series switches at Release 

11.3R4—Support for the following transceivers on EX6200 Series switches has been 

added at Release 11.3R4: 

• EX-SFP-1GE-LH (1000BASE-LR or 1000BASE-ZX, 70 km) 


• EX-SFP-1GE-LX40K (1000BASE-ZX, 40 km) 

• EX-SFP-1GE-SX (1000BASE-SX, 220 m, 275 m, 500 m, 550 m) 

• EX-SFP-1GE-T (1000BASE-T, 100 m) 


• XRE200 External Routing Engine support for Virtual Chassis Control Interface 

modules—The XRE200 External Routing Engine now supports a 4-port 1000BASE-X 

Gigabit Ethernet SFP Virtual Chassis Control Interface (VCCI) module. You can use 

the SFP ports on this VCCI module to extend the Virtual Chassis port (VCP) connections 

within an EX8200 Virtual Chassis over long distances. [See Virtual Chassis Control 

Interface (VCCI) Modules in an XRE200 External Routing Engine.] 

7


8 

Ethernet Switching and Spanning Trees 

• Support for input (ingress) counting on routed VLAN interfaces (RVIs) on EX8200 

switches—You can now configure the RVI input counters by including the 

ingress-counting statement at the [edit vlans vlan-name l3-interface 

vlan.logical-interface-number] hierarchy level on EX8200 switches. To view the ingress 

counters, use the show interfaces vlan command. In the output, see the Traffic Statistics 

values for Input Bytes, Output Bytes, Input Packets, and Output Packets. [See 

ingress-counting and show interfaces vlan.] 

Fibre Channel over Ethernet 

• EX4500 switch support for DCBX—EX4500 switches now support the Data Center 

Bridging Capability Exchange protocol (DCBX). DCBX advertises the local capability 

and administrative state for priority-based flow control (PFC), detects the PFC 

capabilities of DCB peers, and automatically enables or disables PFC on an interface 

depending on whether the PFC configuration of the DCB peer is compatible with the 

PFC configuration on the switch interface. [See Understanding Data Center Bridging 

Capability Exchange Protocol for EX Series Switches.] 

High Availability 

• Nonstop bridging for LACP on EX8200 switches and EX8200 Virtual 

Chassis—Nonstop bridging (NSB) for Link Aggregation Control Protocol (LACP) is now 

supported on EX8200 switches and EX8200 Virtual Chassis. You can now configure 

NSB to enable transparent switchover between the master and backup Routing Engines 

without having to restart LACP. [See Understanding Nonstop Bridging on EX Series 

Switches.] 

• Nonstop bridging for LLDP and LLDP-MED on EX4200 Virtual Chassis, EX4500 

Virtual Chassis, EX8200 switches, and EX8200 Virtual Chassis—Nonstop bridging 

(NSB) for Link Layer Discovery Protocol (LLDP) and Link Layer Discovery 

Protocol–Media Endpoint Discovery (LLDP-MED) is now supported on EX4200 Virtual 

Chassis, EX4500 Virtual Chassis, EX8200 switches, and EX8200 Virtual Chassis. You 

can now configure NSB to enable transparent switchover between the master and 

backup Routing Engines without having to restart LLDP and LLDP-MED. [See 

Understanding Nonstop Bridging on EX Series Switches.] 

• Nonstop bridging for spanning-tree protocols on EX4200 Virtual Chassis and EX8200 

switches—Nonstop bridging (NSB) for all spanning-tree protocols is now supported 

on EX4200 Virtual Chassis and EX8200 switches with dual Routing Engines. You can 

now configure NSB to enable transparent switchover between the master and backup 

Routing Engines without having to restart the spanning-tree protocol. [See 

Understanding Nonstop Bridging on EX Series Switches.] 

Infrastructure 

• EX2200 switch added software support—EX2200 switches now support 

authentication fallback, captive portal authentication (Layer 2 and Layer 3 interfaces), 

configuring firewall filters on the management Ethernet interface (me0), and Multiple 


VLAN Registration Protocol (MVRP). [See Understanding Server Fail Fallback and 

Authentication on EX Series Switches, Example: Setting Up Captive Portal Authentication 

on an EX Series Switch, Firewall Filters for EX Series Switches Overview, and Understanding 

Multiple VLAN Registration Protocol (MVRP) on EX Series Switches.] 

• Nonstop active routing for OSPFv2 with BFD, RIP, BGP, or IS-IS, and nonstop active 

routing for IGMP with BFD on EX6200 switches—Nonstop active routing (NSR) for 

OSPFv2 with BFD, RIP, BGP, IS-IS, and IGMP is now supported on EX6200 switches. 

You can now configure NSR to enable transparent switchover between the master 

and backup Routing Engines without having to restart OSPFv2 with BFD, RIP, BGP, or 

IS-IS, or IGMP with BFD. NSR supports RIP versions 1 and 2 and IGMP versions 1, 2, and 

3 with BFD on EX6200 switches. [See Understanding Nonstop Active Routing on EX Series 

Switches.] 

• Nonstop active routing for OSPFv3 and RIP—Nonstop active routing (NSR) for OSPFv3 

and all versions of RIP is supported on EX8200 Virtual Chassis. You can configure 

nonstop active routing to enable transparent switchover of the external Routing Engines 

without having to restart OSPFv3 or RIP. [See Understanding Nonstop Active Routing on 

EX Series Switches.] 

Layer 2 and Layer 3 Protocols 

• Routed multicast traffic on virtual routing and forwarding (VRF) instances—Routed 

multicast traffic is now supported on all VRF instances, not just the default instance. 

[See Understanding Virtual Routing Instances on EX Series Switches]. 

MPLS 


• Layer 2 VPN CCC and Layer 2 circuit CCC on VLAN-encapsulated interfaces—Layer 

2 virtual private network (VPN) circuit cross-connect (CCC) and Layer 2 circuit CCC 

on VLAN-encapsulated interfaces are supported on EX8200 switches. [See 

Understanding Using MPLS-Based Layer 2 and Layer 3 VPNs on EX Series Switches.] 

Multicast Protocols 

• GRES support for IGMP snooping—Graceful Routing Engine switchover (GRES) now 

supports all versions of IGMP snooping on EX4200 Virtual Chassis, EX8200 switches, 

and EX8200 Virtual Chassis. GRES can now sync the IGMP snooping state between 

master and backup Routing Engines to enable transparent switchover of IGMP snooping. 

GRES supports all versions of IGMP snooping. [See High Availability Features for EX 

Series Switches Overview.] 

• MVR on EX2200 switches—Multicast VLAN registration (MVR) is now supported on 

EX2200 switches. With MVR, multicast traffic can be shared between source VLANs 

and subscriber VLANs. [See Understanding Multicast VLAN Registration on EX Series 

Switches.] 


9


Related 

Documentation 

Virtual Chassis 

• EX4500 Virtual Chassis configuration in the J-Web interface—You can now configure 

EX4500 Virtual Chassis in the J-Web interface. [See Configuring an EX4200 Virtual 

Chassis (J-Web Procedure).] 

• MAC address assignment enhancement for Virtual Chassis interfaces—Layer 2 

• 

network interfaces that are part of a Virtual Chassis are now automatically assigned 

unique MAC addresses. Assigning a unique MAC address for each Layer 2 interface in 

a Virtual Chassis helps ensure that functions that require unique MAC address 

differentiation—such as redundant trunk groups (RTGs), Link Aggregation Control 

Protocol (LACP), and general monitoring functions—can work correctly. This feature 

is supported on EX4200 Virtual Chassis, EX4500 Virtual Chassis, and EX8200 Virtual 

Chassis. [See Understanding MAC Address Assignment in an EX Series Switch and 

Understanding MAC Address Assignment on a Virtual Chassis.] 

Changes in Default Behavior and Syntax in Junos OS Release 11.3 for EX Series Switches 

on page 10 






• Upgrade and Downgrade Instructions for Junos OS Release 11.3 for EX Series Switches 

on page 41 

Changes in Default Behavior and Syntax in Junos OS Release 11.3 for EX Series Switches 

10 

This section lists the changes in default behavior and syntax in Junos OS Release 11.3 for 

EX Series switches. 


• EX Series switches no longer support GVRP. 

• On switches running Junos OS releases earlier than Junos OS Release 11.3, protocol 

data units (PDUs) sent and received by Multiple VLAN Registration Protocol (MVRP) 

contained an extra byte that was used internally by Junos OS programmers. This extra 

byte in the PDUs prevented MVRP from conforming to the IEEE 802.1ak standard. This 

extra byte was removed in Release 11.3 to make MVRP compatible with the standard. 

If all switches in your network are running Release 11.3, you will see no change in 

operation regarding MVRP and there are no steps you need to take to continue using 

MVRP. If your network is running only Release 11.2 or earlier, you also do not need to 

do anything to continue using MVRP. 

Only if your network is running a mix of Release 11.3 and earlier releases of Junos OS 

(for example, Releases 10.4, 11.1, or 11.2) do you need to take steps to make your switches 

compatible when using MVRP. In such cases, execute the set protocols mvrp 


Related 

Documentation 

add-attribute-length-in-pdu command and commit that change on each switch running 

Junos OS Release 11.3 to add the extra byte to generated PDUs. Doing this makes Junos 

OS Release 11.3 MVRP compatible with MVRP in earlier releases. 

Hardware 

• If you configure an SFP uplink module to operate in 1-gigabit mode by including the 

sfpplus statement at the [edit chassis fpc slotpic pic-number] hierarchy of the 

configuration, the configuration has no effect and no warning or error message is 

displayed. The sfpplus statement configures the operating mode for SFP+ uplink 

modules only, in Junos OS Releases 10.4R2 and later. 

Software Installation and Upgrade 

• For EX Series switches, sFlow technology and routing policy have been removed from 

• 

the extended feature license (EFL). An EFL is now required only for the following 

features: Q-in-Q tunneling, BFD liveness detection, connectivity fault management 

(CFM), IGMP, MSDP, OSPFv2, PIM and PIM sparse mode, real-time performance 

monitoring (RPM), service VLANs (S-VLANs), unicast reverse-path forwarding (RPF), 

virtual routers, and VRRP. 

New Features in Junos OS Release 11.3 for EX Series Switches on page 4 







on page 41 

Limitations in Junos OS Release 11.3 for EX Series Switches 


This section lists the limitations in Junos OS Release 11.3 for EX Series switches. If the 

limitation is associated with an item in our bug database, the description is followed by 

the bug tracking number. 

For the most complete and latest information about known Junos OS defects, use the 

Juniper online Junos Problem Report Search application at 

http://www.juniper.net/prsearch. 


11


12 


• On EX Series switches, only dynamically learned routes can be imported from one 

routing table group to another. [This is a known software limitation.] 

Firewall Filters 

• On EX3200 and EX4200 switches, when a very large number of firewall filters are 

included in the configuration, it might take a long time, possibly as long as a few minutes, 

for the egress filter rules to be installed. [PR/468806: This is a known software 

limitation.] 

• On EX3300 switches, if you add and delete filters with a large number of terms (on 

the order of 1000 or more) in the same commit operation, not all the filters are installed. 

As a workaround, add filters in one commit operation, and delete filters in a separate 

commit operation. [PR/581982: This is a known software limitation.] 

• On EX8200 switches, if you configure an implicit or explicit discard action as the last 

term in an IPv6 firewall filter on a loopback (lo0) interface, all the control traffic from 

the loopback interface is dropped. To prevent this, you must configure an explicit accept 

action. [This is a known software limitation.] 

Hardware 

• On 40-port SFP+ line cards for EX8200 switches, the LEDs on the left of the network 

ports do not blink to indicate that there is link activity if you set the speed of the network 

ports to 10/100/1000 Mbps. However, if you set the speed to 10 Gbps, the LEDs blink. 

[PR/502178: This is a known limitation.] 


• Do not use nonstop software upgrade (NSSU) to upgrade the software on an EX8200 

switch from Junos OS Release 10.4 to Release 11.1 or later if you have configured the 

PIM, IGMP, or MLD protocols on the switch. If you attempt to use NSSU, your switch 

might be left in a nonfunctional state from which it is difficult to recover. If you have 

these multicast protocols configured, use the request system software add command 

to upgrade the software on an EX8200 switch from Release 10.4 to Release 11.1 or 

later. [This is a known software limitation.] 

• On EX Series switches, the show snmp mib walk etherMIB command does not display 

any output, even though etherMIB is supported. This occurs because the values are 

not populated at the module level—they are populated at the table level only. You can 

issue show snmp mib walk dot3StatsTable, show snmp mib walk dot3PauseTable, and 

show snmp mib walk dot3ControlTable commands to display the output at the table 

level. [PR/442373: This is a known software limitation.] 

• Momentary loss of an inter-Routing Engine IPC message might trigger the alarm that 

displays the message “Loss of communication with Backup RE”. However, no 

functionality is affected. [PR/477943: This is a known software limitation.] 


• On EX4500 switches, the maintenance menu is not disabled even if you include the 

lcd maintenance-menu disable statement in the configuration. [PR/551546: This is a 

known software limitation.] 

• When you enable the filter-id attribute on the RADIUS server for a particular client, 

none of the required 802.1X authentication rules are installed in the IPv6 database. 

Therefore, IPv6 traffic on the authenticated interface is not filtered; only IPv4 traffic is 

filtered on that interface. [PR/560381: This is a known software limitation.] 

• Distributed periodic packet management (PPM) of Bidirectional Forwarding Detection 

(BFD) protocol traffic is not supported for virtual routing instances. As a workaround, 

use the centralized PPM model by disabling distributed PPM with the command set 

routing-options ppm no-delegate-processing. [PR/580774: This is a known software 

limitation.] 

• On EX8200 switches, if OAM link-fault management (LFM) is configured on a member 

of a VLAN on which Q-in-Q tunneling is also enabled, OAM PDUs cannot be transmitted 

to the Routing Engine. [PR/583053: This is a known software limitation.] 

• If you have configured sFlow technology on an EX8200 switch that you are upgrading 

from Junos OS Release 10.4 or Release 11.1 using nonstop software upgrade (NSSU), 

disable sFlow technology before you perform the upgrade. Once the upgrade is 

complete, you can reenable sFlow technology. If you do not disable sFlow technology 

before you perform the upgrade with NSSU, sFlow technology will not work properly 

after the upgrade. Using NSSU to upgrade from Release 11.2 or later to a later release 

has no impact on sFlow technology functionality. [PR/587138: This is a known software 

limitation.] 

• When you reconfigure the maximum transmission unit (MTU) value of a next hop more 

than eight times without restarting the switch, the interface uses the maximum value 

of the eight previously configured values as the next MTU value. [PR/590106: This is 

a known software limitation.] 

• On EX8208 and EX8216 switches that have two Routing Engines, one Routing Engine 

cannot be running Junos OS Release 10.4 or later while the other one is running Release 

10.3 or earlier. Ensure that both Routing Engines in a single switch run either Release 

10.4 or later or Release 10.3 or earlier. [PR/604378: This is a known software limitation.] 

Interfaces 


• EX Series switches do not support IPv6 interface statistics. Therefore, all values in the 

output of the show snmp mib walk ipv6IfStatsTable command always display a count 

of 0. [PR/480651: This is a known software limitation.] 

• On EX8216 switches, a link might go down momentarily when an interface is added to 

a LAG. [PR/510176: This is a known software limitation.] 


• On EX Series switches, if you clear LAG interface statistics while the LAG is down, then 

bring up the LAG and pass traffic without checking for statistics, and finally bring the 

LAG interface down and check interface statistics again, the statistics might be 

inaccurate. As a workaround, use the show interfaces interface-name command to 

13


14 

check LAG interface statistics before bringing down the interface. [PR/542018: This is 


• On EX6210 switches, the power on and power off options for the set chassis fpc 

command are not supported for the slots in which a Switch Fabric and Routing Engine 

(SRE) module is installed (slots 4 and 5). To disable the uplink ports on the SRE 

modules, use the set interfaces interface-namedisable command. [PR/598928: This 

is a known software limitation.] 

J-Web Interface 

• EX2200-C, EX3300, and EX6210 switches do not support switch connection and 

configuration through the J-Web interface. [This is a known software limitation.] 

• If four or more EX8200-40XS line cards are inserted in an EX8208 or EX8216 switch, 

the Support Information page (Maintain Customer Support > Support Information) 

in the J-Web interface might fail to load because the configuration might be larger than 

the maximum size of 5 MB. The error message "Configuration too large to handle" is 

displayed. [PR/552549: This is a known software limitation.] 

• The J-Web interface does not support role-based access control—it supports only 

users in the super-user authorization class. Therefore, a user who is not in the super-user 

class, such as a user with view-only permission, is able to launch the J-Web interface 

and configure everything, but the configurations fail on the committing, and the switch 

displays access permission errors. [PR/604595: This is a known software limitation.] 

Management and RMON 

• On EX Series switches, an SNMP query fails when the SNMP index size of a table is 

greater than 128 bytes, because the Net SNMP tool does not support SNMP index sizes 

greater than 128 bytes. [PR/441789: This is a known software limitation.] 

• When MVRP is configured on a trunk interface, you cannot configure connectivity fault 

management (CFM) on that interface. [PR/540218: This is a known software limitation.] 


• MLD snooping of IPv6 multicast traffic is not supported. Layer 2 multicast traffic is 

always flooded on the VLAN. [This is a known software limitation.] 


• On an EX4500 Virtual Chassis, if you issue the ping command to the IPv6 address of 

the virtual management Ethernet (VME) interface, the ping fails. [PR/518314: This is 


• The automatic software update feature is not supported on EX4500 switches that 

are members of a Virtual Chassis. [PR/541084: This is a known software limitation.] 

• When an EX4500 switch becomes a member of a Virtual Chassis, it is assigned a 

member ID. If that member ID is a nonzero value, then if that member switch is 

downgraded to a software image that does not support Virtual Chassis, you cannot 

change the member ID to 0. A standalone EX4500 switch must have a member ID of 


Related 

Documentation 

0. The workaround is to convert the EX4500 Virtual Chassis member switch to a 

standalone EX4500 switch and then downgrade the software to an earlier release, as 

follows: 


1. Disconnect all Virtual Chassis cables from the member to be downgraded. 

2. Convert the member switch to a standalone EX4500 switch by issuing the request 

virtual-chassis reactivate command. 

3. Renumber the member ID of the standalone switch to 0 by issuing the request 

virtual-chassis renumber command. 

4. Downgrade the software to the earlier release. 

[PR/547590: This is a known software limitation.] 

• When you add a new member switch to an existing EX4200 Virtual Chassis, EX4500 

• 

Virtual Chassis, or mixed EX4200 and EX4500 Virtual Chassis in a ring topology, a 

member switch that was already part of the Virtual Chassis might become 

nonoperational for several seconds, after which it will return to the operational state 

with no user intervention. Network traffic to the member switch is dropped during the 

downtime. To avoid this issue, follow this procedure: 

1. Cable one dedicated or user-configured Virtual Chassis port (VCP) on the new 

member switch to the existing Virtual Chassis. 

2. Power on the new member switch. 

3. Wait for the new switch to become operational in the Virtual Chassis. Monitor the 

show virtual-chassis command output to confirm the new switch is recognized by 

the Virtual Chassis and is in the Prsnt state. 

4. Cable the other dedicated or user-configured VCP on the new member switch to 

the Virtual Chassis. 

[PR/591404: This is a known software limitation.] 


• Changes in Default Behavior and Syntax in Junos OS Release 11.3 for EX Series Switches 

on page 10 






on page 41 


15


Outstanding Issues in Junos OS Release 11.3 for EX Series Switches 

16 

The following are outstanding issues in Junos OS Release 11.3R4 for EX Series switches. 

The identifier following the description is the tracking number in our bug database. 




NOTE: Other software issues that are common to both EX Series switches 

and M, MX, and T Series routers are listed in “Issues in Junos OS Release 11.3 

for Common Platform Features” on page 86. 

Access Control and Port Security 

• The show lldp neighbors command displays the interface description instead of the 

interface name. [PR/602442] 


• If the bridge priority of a VLAN Spanning Tree Protocol (VSTP) root bridge is changed 

such that this bridge will become a nonroot bridge, the transition might take more than 

2 minutes, and you might see a loop during the transition. [PR/661691] 

• If you apply a large number of VLAN tags (approximately 1000 tags) and commit the 

configuration after applying each individual tag, an mgd core file might be created. 

[PR/680841] 

• On EX Series and QFX Series switches, if you reconfigure a trunk port to access mode 

(and if you perform the necessary dependent configurations to delete all but one of 

the VLANs), or if you reconfigure an access port to trunk mode, VLAN Spanning Tree 

Protocol (VSTP) instances might not converge properly, resulting in the formation of 

a loop. As a workaround, delete the VSTP configuration before reconfiguring the ports. 

[PR/668449] 


• On EX8208 switches, when a line card that has no interface configurations and is not 

connected to any device is taken offline using the request chassis fpc-slot slot-number 

offline command, the Bidirectional Forwarding Detection process (bfd) starts and 

stops repeatedly. The same bfd process behavior occurs on a line card that is connected 

to a Layer 3 domain when another line card that is on the same switch and is connected 

to a Layer 2 domain is taken offline. [PR/548225] 

• The number of users reported by the show system users command does not include 

Web users. [PR/572822] 

• On EX Series switches, the request system snapshot command includes the as-primary 

option. [PR/603204] 



• On switches on which a large number of VLAN interfaces are configured, BFD sessions 

might go down and come back up on routed VLAN interfaces (RVIs) during a graceful 

Routing Engine switchover (GRES) operation. [PR/612642] 

• Packet loss of about 2 percent to 5 percent might occur for traffic destined to MAC 

addresses that begin with 03: or 09:. [PR/658631] 

• The /var/log/wtmp file might become excessively large, and thus the switch might 

run out of disk space on the /var partition. As a workaround, use the request system 

storage cleanup command, or manually delete and re-create the /var/log/wtmp file 

from the shell. [PR/681369] 

• When you run the commit check command, the word operation in the command output 

might be misspelled. [PR/704910] 

• On EX2200, EX3300, and EX6200 switches, and on EX8200 Virtual Chassis, NetBIOS 

snooping does not work. [PR/706588] 


• In the J-Web interface, you cannot commit some configuration changes in the Ports 

Configuration page or the VLAN Configuration page because of the following limitations 

for port-mirroring ports and port-mirroring VLANs: 

• A port configured as the output port for an analyzer cannot be a member of any 

VLAN other than the default VLAN. 

• A VLAN configured to receive analyzer output can be associated with only one 

interface. 

[PR/400814] 

• In the J-Web interface, the Ethernet Switching Monitor page (Monitor > Switching > 

Ethernet Switching) might not display monitoring details if there are more than 13,000 

MAC entries on the switch. [PR/425693] 

• In the J-Web interface, in the Port Security Configuration page, you are required to 

configure action when you configure MAC limit even though configuring an action value 

is not mandatory in the CLI. [PR/434836] 

• In the J-Web interface, in the OSPF Global Settings table in the OSPF Configuration 

page, the Global Information table in the BGP Configuration page, or the Add Interface 

window in the LACP Configuration page, if you try to change the position of columns 

using the drag-and-drop method, only the column header moves to the new position 

instead of the entire column. [PR/465030] 

• When a large number of static routes is configured and you have navigated to pages 

other than page 1 in the Route Information table on the Static Routing monitoring page 

in the J-Web interface (Monitor > Routing > Route Information), changing the Route 

Table to query other routes refreshes the page but does not return to page 1. For 

example, if you run a query from page 3 and the new query returns very few results, 

the Results table continues to display page 3 and shows no results. To view the results, 

navigate to page 1 manually. [PR/476338] 


17


18 

• In the J-Web interface for EX4500 switches, the Port Configuration page (Configure 

> Interfaces > Ports), the Port Security Configuration page (Configure > Security > 

Port Security), and the Filters Configuration page (Configure > Security > Filters) 

display features that are not supported on EX4500 switches. [PR/525671] 

• When you use an HTTPS connection in the Microsoft Internet Explorer browser to save 

a report from the following pages in the J-Web interface, the error message “Internet 

Explorer was not able to open the Internet site” is displayed on the pages: 

• Files page (Maintain > Files) 

• History page (Maintain > Config Management > History) 

• Port Troubleshooting page (Troubleshoot > Troubleshoot > Troubleshoot Port) 

• Static Routing page (Monitor > Routing > Route Information) 

• Support Information page (Maintain > Customer Support > Support Information) 

• View Events page (Monitor > Events and Alarms > View Events) 

[PR/542887] 

• When you open a J-Web session using HTTPS, then enter a username and password 

and click on the Login button, the J-Web interface takes 20 seconds longer to launch 

and load the Dashboard page than it does if you use HTTP. [PR/549934] 

• In the J-Web interface, the link status might not be displayed correctly on the Port 

Configuration page or the LACP (Link Aggregation Control Protocol) Configuration 

page if the Commit Options preference is set to "single commit" (the Validate 

configuration changes option). [PR/566462] 

• If you have accessed the J-Web interface using an HTTPS connection through the 

Microsoft Internet Explorer Web browser, you might not be able to download and save 

reports from some pages on the Monitor, Maintain, and Troubleshoot tabs. Some 

affected pages are at these locations: 

• Maintain > Files > Log Files > Download 

• Maintain > Config Management > History 

• Maintain > Customer Support > Support Information > Generate Report 

• Troubleshoot > Troubleshoot Port > Generate Report 

• Monitor > Events and Alarms > View Events > Generate Report 

• Monitor > Routing > Route Information > Generate Report 

As a workaround, you can use the Mozilla Firefox Web browser to download and save 

reports using an HTTPS connection. [PR/566581] 

• In the J-Web interface, the report generated from the Events page (Monitor > Events 

and Alarms > View Events) does not show the description for the first four to five 

events. As a workaround, view the description from the Events page or from the Junos 

OS CLI. [PR/661752] 


• In the J-Web interface, on the Port Troubleshooting page (Troubleshoot > Troubleshoot 

> Troubleshoot Port), when you click on the help button in the Troubleshoot Port 

Wizard, an incorrect help page is displayed. [PR/664158] 

• In the J-Web interface, you cannot associate a filter name that contains spaces to a 

VLAN on the VLAN Configuration page (Configure > Switching > VLAN). As a 

workaround, go to the Filters Configuration page (Configure > Security > Filters), click 

the filter name to be associated, and then click Edit. In the popup window, use the 

Association tab to associate a VLAN to the filter. [PR/677145] 

• If you have created dynamic VLANs by enabling MVRP from the CLI, in the J-Web 

interface, the following J-Web options do not work with dynamic VLANs and static 

VLANs: 


• On the Port Configuration page (Configure > Interface > Ports)—Port profile (select 

the interface, click Edit, and select Port Role) or the VLAN option (select the interface, 

click Edit, and select VLAN Options). 

• VLAN option on the Link Aggregation page (Configure > Interface > Link 

Aggregation)—Select the aggregated interface, click Edit, and click VLAN. 

• On the 802.1X Configuration page (Configure > Security > 802.1x)—VLAN assignment 

in the exclusion list (click Exclusion List and select VLAN Assignment) or the move 

to guest VLAN option (select the port, click Edit, select 802.1X Configuration, and 

click the Authentication tab). 

• Port security configuration (Configure > Security > Port Security). 

• On the Port Mirroring Configuration page (Configure > Security > Port 

Mirroring)—Analyzer VLAN or ingress or egress VLAN (click Add or Edit and then 

add or edit the VLAN). 

[PR/669188] 

• In the J-Web interface, on the Redundant Trunk Group (RTG) Configuration page 

(Configure > Switching > RTG), the Commit option is not enabled. As a workaround, 

select the Validate and commit configuration change option before modifying the 

configuration. [PR/677220] 

• In the J-Web interface, the tooltip for Fan Image might not load in the dashboard. As 

a workaround, view the fan status on the Chassis Information page (Monitor > System 

View > Chassis Information). [PR/677922] 

• In the J-Web interface, HTTPS access might work with an invalid certificate. As a 

workaround, after you change the certificate issue the restart web-management 

command to restart the J-Web interface. [PR/700135] 

• On EX4500 Virtual Chassis, if you use the CLI to switch from virtual-chassis mode to 

intraconnect mode, the J-Web dashboard might not list all the Virtual Chassis hardware 

components and the image of the master and backup switch chassis might not be 

visible after an autorefresh occurs. [PR/702924] 


19


Related 

Documentation 


• When a BGP interface is flapping quickly, BGP might unnecessarily withdraw prefixes 

even when a good route to that prefix still exists. [PR/677191] 


• The connectivity-fault management (CFM) process (cfmd) might create a core file. 

[PR/597302] 

• When you create a static ARP entry for an interface and then issue the show snmp mib 

walk command, the static ARP entry is incorrectly identified in the command output 

as a dynamic entry (3) rather than a static entry (4). [PR/662290] 

• sFlow technology does not support IPv6 collectors, source IP addresses, or agent IDs. 

In Junos OS releases previous to this one, configuration of these features was not 

blocked. If your configuration includes any of these features, you must remove them 

before upgrading to this Junos OS release. [PR/659922] 

Power over Ethernet 

• On EX2200-C switches, two problems might occur when devices powered by Power 

• 

over Ethernet (PoE) are connected to the switch and the switch reboots. The first 

problem occurs when PoE is enabled on the switch interfaces. The powered devices 

connected to those interfaces draw power while the switch is rebooting, and then after 

the switch stabilizes, the powered devices reboot twice. The second problem occurs 

when PoE is disabled on the switch interfaces. The powered devices connected to 

those interfaces draw power while the switch is rebooting, and then after the switch 

stabilizes, the powered devices reboot twice and then shut down. As a workaround, if 

you do not want the powered devices to reboot, connect them to the interfaces after 

the switch has stabilized after its reboot. [PR/675971] 



on page 10 






on page 41 

Resolved Issues in Junos OS Release 11.3 for EX Series Switches 

20 

The following are the issues that have been resolved in Junos OS Release 11.3 for EX 

Series switches. The identifier following the descriptions is the tracking number in our 

bug database. 






NOTE: Other software issues that are common to both EX Series switches 

and M, MX, and T Series routers are listed in “Issues in Junos OS Release 11.3 

for Common Platform Features” on page 86. 

• Issues Resolved in Release 11.3R1 on page 21 



• Issues Resolved in Release 11.3R4 on page 37 

Issues Resolved in Release 11.3R1 

The following issues have been resolved since Junos OS Release 11.2. The identifier 

following the description is the tracking number in our bug database. 


• On EX4200 or EX8200 switches that are connected to a Dell PowerConnect switch, 

if you enable LLDP between the switches, the output of the show lldp neighbor 

command does not display remote interface information for the PowerConnect switch. 

[PR/533399: This issue has been resolved.] 

• On EX Series switches, configuring 802.1X (dot1x) might generate a core file when 

VLANs are being configured. [PR/553166: This issue has been resolved.] 

• In 802.1X (dot1x) single-secure mode, when the supplicant switches from server-fail 

authentication to RADIUS authentication on a VLAN, traffic might be dropped. As a 

workaround, issue the clear dot1x firewall command. [PR/561754: This issue has been 

resolved.] 

• On EX Series switches, DHCP relay does not add the proper prefixes for priority-tagged 

frames, so these packets are dropped on interfaces on which LLDP-MED is not enabled. 


• When an EX Series switch receives an LLDP PDU with a 0-byte TLV information string, 

it treats the PDU as an error and discards all information received on that interface. 

According to the IEEE standard, a TLV information string can be 0 bytes. [PR/572818: 

This issue has been resolved.] 

• If storm control is enabled, the Link Aggregation Control Protocol (LACP) might stop 

and then restart when Layer 2 packets are sent at a high rate of speed. As a workaround, 

disable storm control for all multicast traffic on aggregated Ethernet interfaces by 

issuing the command set ethernet-switching-options storm-control interface 

interface-name no-multicast. [PR/575560: This issue has been resolved.] 

• In 802.1X authentication, voice traffic might be dropped after a VLAN expires. 



21


22 

• When DHCP snooping is enabled, after an IP address is dynamically assigned to a 

device, when the device sends DHCPINFORM packets to obtain other DHCP parameters, 

the switch blocks these packets. [PR/580068: This issue has been resolved.] 

• The 802.1X process (dot1xd) might crash, making it impossible for switch users to 

connect to the network. [PR/587531: This issue has been resolved.] 

• When the username for 802.1X (dot1x) authentication exceeds 50 characters, Junos 

OS truncates the username field. [PR/588063: This issue has been resolved.] 

• EX Series switches might send EAP packets on interfaces on which 802.1X (dot1x) is 

not enabled. [PR/594644: This issue has been resolved.] 

• On EX8200 switches, multiple core files might be created by the LLDP process (lldpd), 

the packet management process (ppmd), and the switch forwarding process (sfid) 

after you upgrade the switches. [PR/599846: This issue has been resolved.] 

• In LLDP-MED packets, the LCI Length for Civic Addresses is not present. [PR/600233: 


• On EX Series switches, the authentication process (authd) and the 802.1X process 

(dot1x) might use excessive amounts of memory, and authd and dot1x core files might 

be created. This does not affect the operation of the switch. As a workaround, disable 

the statistics configuration under the [edit access profile] configuration hierarchy. 


• If you configure MAC RADIUS authentication by including the mac-radius statement 

at the [edit protocols dot1x authenticator interface interface-name] hierarchy level, and 

if user or MAC addresses continuously fail authentication, a dot1x core file might be 

created. [PR/602468: This issue has been resolved.] 

• If you have configured 802.1X (dot1x) on an interface, then removed the 802.1X 

configuration, 802.1X filters configured on that interface are not deleted. [PR/662196: 


Device Security 

• If you configure storm control with the action shutdown, after you reboot the switch, 

storm control is not enabled on all the ports on which it is configured. [PR/605468: 



• If you modify the MSTP configuration and VLAN membership for an interface, that 

modification could result in an inconsistent MSTP membership for that interface. As 

a workaround, restart the Ethernet switching process (eswd) after making the 

configuration changes. [PR/525507: This issue has been resolved.] 

• If the switching table is flooded with MAC address entries, an Ethernet switching process 

(eswd) core file might be created. [PR/537883: This issue has been resolved.] 

• When the primary redundant trunk group (RTG) interface is disabled, causing an RTG 

switchover, MAC entries on the upstream switches are refreshed. However, when the 

primary RTG link is enabled, the MAC entries are not refreshed on the upstream switches. 



• After configuring STP, if you undo the configuration, switch operation might slow down 

significantly, with the software forwarding process (sfid) consuming more than 90 

percent of the CPU memory. [PR/574285: This issue has been resolved.] 

• On EX8200 switches, you might not be able to configure private VLANs across the 

switch. [PR/599729: This issue has been resolved.] 

• VSTP virtual bridges are not supported. [PR/605973: This issue has been resolved.] 

• On EX8200 switches, a Q-in-Q service VLAN might not be removed when a packet 

enters through a trunk port and exits from an access port. [PR/660247: This issue has 

been resolved.] 

• When BPDUs are forwarded to the best-effort queue instead of to the control queue, 

MSTP might not converge. [PR/665376: This issue has been resolved.] 


• When you configure a firewall filter for the ethernet-switching family, a pfem core file 

might be created. [PR/580454:This issue has been resolved.] 

• When the filter name, term name, and counter name in an 802.1X firewall filter are 

long, a Packet Forwarding Engine (pfem) core file might be created when you activate 

the filter. [PR/592709: This issue has been resolved.] 

• On EX4500 switches, you cannot commit an inbound VLAN-based filter or a 

router-based firewall filter that includes counter as one of the actions. This problem 

does not apply to Layer 2 port-based firewall filters. [PR/597899: This issue has been 

resolved.] 

Hardware 


• On EX4500 switches, the show chassis environment power-supply-unit command does 

not display values for the input voltage, the output voltage, and the output current. 


• On EX8200 switches in which a 40-port SFP+ line card is installed, packets might be 

dropped when the line card is configured to run at full line rate. [PR/577988: This issue 

has been resolved.] 

• If you set a custom chassis display message with the set chassis display message 

command, the message might remain on the LCD panel indefinitely even though you 

did not include the permanent option in your command. [PR/579234: This issue has 


• The EPROMs of SFP+ electrical loopbacks might get corrupted. [PR/580116: This issue 


• The power capacity statistics displayed by the show chassis power-budget-statistics 

command are incorrect. [PR/588745: This issue has been resolved.] 

• On EX8200 switches, some SFP and SFP+ line cards do not operate properly. 



23


24 

• On EX8200 switches, if autonegotiation is disabled on SFP ports that are connected 

to a link partner on which autonegotiation is disabled, it might take a long time for the 

link to come up. [PR/601574: This issue has been resolved.] 

• On EX4500 switches, you might not be able to clear firewall filter counters. 


• On an EX8200-40XS line card, if you insert an SFP module and then disable 

autonegotiation on the 40XS port, the link does not come up. [PR/609413: This issue 


• When certain SFPs that are not attached to optical cables are inserted into an EX 

Series switch, the switch does not generate low-power warnings or alarms. The 

transceivers that exhibit this behavior have these vendor (Opnext) part numbers: 

TRS2000EN-S201 (10G-SR), TRS2000EN-S211 (10G-SR), and TRS5020EN-S201 

(10G-LR). Use the show chassis pic fpc-slot fpc-number pic-slot pic-number command 

to display the vendor part numbers of the transceivers in your switch. [PR/613153:This 

issue has been resolved.] 

• When the switch temperature exceeds its threshold, alarms for EX-PFE2 Packet 

Forwarding Engines might not be raised. The functionality of the switch is not affected. 

[PR/614354:This issue has been resolved.] 


• On EX3200 and EX4200 switches that are configured with a factory default 

configuration, if you use the set date command to change the date, the switches accept 

the date but display the message "date: connect: Can't assign requested address". 


• The show chassis routing-engine command might erroneously show an uptime of 14,700 

days. [PR/537224: This issue has been resolved.] 

• When you include wildcards in a routing policy filter that also includes Classless 

Interdomain Routing (CIDR) addresses or that maps IPv4 addresses to IPv6 addresses, 

the forwarding process (pfem) might stop operating. [PR/544518: This issue has been 

resolved.] 

• If neither an intraconnect module nor a Virtual Chassis module is installed in EX4500 

switches, the switch boots but is not fully functional. Traffic loss can occur during 

packet forwarding. The result of the resolution of this issue is that the switch will not 

boot unless one of those modules is installed. [PR/544628: This issue has been 

resolved.] 

• While the switch is performing a nonstop software upgrade (NSSU) operation using 

FTP, the software image remains in the /var/tmp/...transferring.file directory and is not 

removed after the upgrade completes. [PR/546543: This issue has been resolved.] 

• On EX4200 switches, when the mode on an SFP+ uplink module is changed from 10g 

to 1g or from 1g to 10g, the switch does not learn MAC addresses until it is rebooted. 


• When the switch is running under a high traffic load, it might stop operating and a 

Packet Forwarding Engine (pfem) core file might be created. [PR/576409: This issue 




• On EX2200 switches, the software forwarding process (sfid) might deadlock, with the 

result that traffic is blocked and MAC addresses cannot be learned. As a workaround, 

reboot the switch. [PR/579725: This issue has been resolved.] 

• On EX8200 switches, when you are upgrading the line cards, the nonstop software 

upgrade (NSSU) process might abort. The system generates a core file when this 

happens. [PR/580494: This issue has been resolved.] 

• On EX8200 switches, all FPCs might go offline after a graceful Routing Engine 

switchover (GRES) operation, and the switch then displays the message "Chassis 

connection dropped." [PR/584491: This issue has been resolved.] 

• On EX2200 switches, if you configure the dhcp-option82 statement, the switch might 

stop operating and a software forwarding process (sfid) core file might be created. 


• When you reboot an EX Series switch running Junos OS Release 10.4R3 or later, the 

switch might take up to 6 minutes to become operational. [PR/589457: This issue has 


• On EX4500 switches, configuring the log-out-on-disconnect statement has no effect. 


• On EX4500 switches, the system-generated MAC addresses for all interfaces in PIC 

slot 2 (that is, interfaces in the right-hand uplink module) are identical. [PR/590922: 


• If the switch receives three or more soft resets within 30 seconds, Junos OS shuts down 

the switch. [PR/590977: This issue has been resolved.] 

• On EX8200 Virtual Chassis, VLANs might not be able to connect to each other. 


• Boot sequencing was not disabled by default. As a fix, the new boot sequencing 

environment variable (boot.btsq.disable) enables transparent rebooting for resilient 

dual-root partitions. In Junos OS Releases 10.4R3 and 11.1R1, you must reset this 

environment variable. It is disabled by default in newer loader software packages. 

Junos OS automatically sets this variable for Junos OS versions that support resilient 

dual-root partitions. [PR/592913: This issue has been resolved.] 

• The Junos OS kernel does not support the Freescale MPC8544 PCI host controller, 

which is on EX2200, EX3200, and EX4200 switches. [PR/594880: This issue has been 

resolved.] 

• On EX8200 switches, if a jloader-ex package earlier than version 3.5.0 is mounted on 

the switch and version 3.5.0 of the package is mounted during an installation, the earlier 

jloader-ex package is used to select the uboot and loader binaries, and the existing 

binaries instead of the new binaries are burned to the boot flash memory. As a result, 

the new jloader-ex package, version 3.5.0, is not installed. [PR/595514: This issue has 


• On EX8200 switches or on XRE200 External Routing Engines, after routing and traffic 

recover from a graceful Routing Engine switchover (GRES) operation, a core file might 

be created after the Ethernet switching process (eswd) is restarted or after a line card 

is taken offline. [PR/596013: This issue has been resolved.] 


25


26 

• If you move a host to a port associated with a different DHCP pool than the one with 

which it was originally associated, the Preboot Execution Environment (PXE) boot 

process might fail. [PR/596152: This issue has been resolved.] 

• If SNMP is running on the switch, the Ethernet switching process (eswd) might stop 

operating and a core file might be created on the switch. [PR/596305: This issue has 


• On EX8200 switches, if you change the power line input for a 2000 W AC power supply 

from high voltage to low voltage, or vice versa, power management might not correctly 

reflect the changed power supply capacity in its power budget. To avoid this problem, 

follow this procedure when you change the power supply input voltage: 

1. Disconnect the power supply from the existing power source. 

2. Wait until the output of the show chassis environment psu command shows the 

power supply to be offline. 

3. Connect the power supply to the new power source. 


• On EX8200 switches, the software forwarding process (sfid) might repeatedly stop 

operating on the line cards. [PR/597870: This issue has been resolved.] 

• When you upgrade an EX Series switch whose configuration contains a firewall filter 

that includes only noncontiguous masks in the term's match condition, the switch 

might fail to start and a Packet Forwarding Engine (pfem) core file might be created. 

As a workaround, do not configure only noncontiguous masks. [PR/598333: This issue 


• The Junos XML management protocol RPC command creates 

two copies of packages in the /var/tmp directory but does not remove the master copy 

once it copies it to incoming-package.tgz. [PR/598827: This issue has been resolved.] 

• On EX8200 switches, after the switching table has been cleared multiple times and 

after the routed VLAN interfaces (RVIs) go down and come back up multiple times, 

the switch stops learning ARP replies on some of the RVIs. [PR/598889: This issue 


• If you use nonstop software upgrade (NSSU) to upgrade from Junos OS Release 11.1 

to Release 11.2 or later, NetBIOS snooping might not work correctly after the upgrade. 

If NetBIOS snooping is configured on an EX Series switch that you are upgrading from 

Junos OS Release 11.1 using nonstop software upgrade (NSSU), disable NetBIOS 

snooping before you perform the upgrade. Once the upgrade is complete, reenable 

NetBIOS snooping. If you have configured NetBIOS snooping on an EX8200 switch 

that you are upgrading from Junos OS Release 11.1 to Release 11.2 or later using nonstop 

software upgrade (NSSU), disable NetBIOS snooping before you perform the upgrade. 

Once the upgrade is complete, you can reenable NetBIOS snooping. If you do not 

disable NetBIOS snooping before you perform the upgrade with NSSU, NetBIOS 

snooping will not work properly after the upgrade. Using NSSU to upgrade from Release 

11.2 or later to a later release has no impact on NetBIOS snooping functionality. 




• During a graceful Routing Engine switchover (GRES) restart operation, if the master 

Routing Engine loses power, there might be a 30-second timeout in forwarding. 


• On EX2200, EX3200, EX4200, and EX4500 switches, if the switch has been up for 

more than 25 days, the show chassis routing-engine command displays the wrong 

uptime. [PR/602211: This issue has been resolved.] 

• The switch might create a software forwarding process (sfid) core file for no apparent 

reason. [PR/603926: This issue has been resolved.] 

• During a graceful Routing Engine switchover (GRES) operation on a switch on which 

PIM is configured, a routing protocol process (rpd) core file might be created. 


• On EX2200 switches, if parity errors occur, the switch might stop forwarding traffic. 


• When you commit an IPv6 configuration, the switch might display the db> prompt. 


• On EX4500 switches, a cfmd core file might be created. [PR/607188: This issue has 


• In rare instances, a file system inconsistency might exist if you shut down an EX Series 

switch ungracefully. The result is a system panic, and a vmcore file is created. As a 

workaround, use the nand-mediack utility for checking bad blocks in the NAND flash 

memory. Review KB20570 

(http://kb.juniper.net/InfoCenter/index?page=content=KB20570) from the Juniper 

Technical Assistance Center for instructions about how to use this utility. [PR/609798: 


• When you upgrade Junos OS, traffic might not flow between two directly connected 

interfaces. [PR/661131: This issue has been resolved.] 

• If you have configured port 1 on the SFP uplink module, the system log files might show 

an error and might get full within a few minutes. [PR/661426] 

• If you remove or change interfaces soon after completing a nonstop software upgrade 

(NSSU) operation, the multicast snooping process (mcsnoopd) might create a core 

file. [PR/662065: This issue has been resolved.] 

• If you delete a VLAN that has no VLAN ID, firewall filters might stop operating properly. 


• When DHCP unicast packets are processed on a server for the first time, the processing 

time might slow down, which might prevent the DHCP lease from getting renewed. 



27


28 

Interfaces 

• On EX2200, EX3200, EX4200, and EX4500 switches, although an interface is not 

created if you do not install any transceiver in a fiber port, the show chassis lcd or show 

chassis led command might show that an interface exists, showing its LED status as 

Off. For 10-Gigabit Ethernet interfaces on EX4500 switches, the output of these 

commands might show the interface prefix as ge- instead of xe-. As a workaround, 

issue the show interfaces terse command to check whether a transceiver is actually 

installed and to display the xe- interface prefix to verify the interface's 10-Gigabit 

Ethernet capability. [PR/568301: This issue has been resolved.] 

• If you rename the member range within an interface range, you cannot commit the 

configuration. [PR/572209: This issue has been resolved.] 

• On EX4500 switches, if more than 14 ports in the switch are subscribed to a 10-gigabit 

full-duplex rate of traffic, the switch might not be able to achieve a 10-gigabit wire rate 

for 64-byte and 128-byte packets. There is no impact on performance if the number 

of ports actively involved in 10-gigabit wire-rate traffic is 14 or fewer or if the packet 

size is greater than 150 bytes. [PR/573319: This issue has been resolved.] 

• When an interface’s status changes, the syslog message "KERN-1-GENCFG: op 8 (CoS) 

failed; err 5 (Invalid)" might appear in the system log (syslog) file. [PR/576027: This 


• On aggregated Ethernet interfaces, the values for the actual and calculated packet 

load-balancing performance differ. [PR/587223: This issue has been resolved.] 

• It is not possible to debug the Junos OS kernel during the bootup process. To fix this 

issue, support for issuing the boot -d option from the loader has been added. 


• During a reboot of an EX8200 switch, the links on the interfaces of neighboring devices 

might go up and down repeatedly even though the interfaces on the EX8200 switch 

that connect to those interfaces on neighboring devices have not yet been initialized. 


• On EX4200 switches, if autonegotiation is enabled on an SFP interface and if this 

interface is connected to a link partner on which autonegotiation is disabled, the 

interface might not establish a connection with its partner. As a workaround, use the 

same configuration on both sides of the connection: either enable autonegotiation on 

both sides or disable it on both sides. [PR/593126: This issue has been resolved.] 

• If you use a wildcard character when configuring an interface range, an Ethernet 

switching process (eswd) core file might be created. [PR/599555: This issue has been 

resolved.] 

• A physical interface might not shut down even after the interface’s configured hold 

time expires. [PR/602113: This issue has been resolved.] 

• VRRP interfaces might not converge. [PR/602121: This issue has been resolved.] 

• When you are upgrading Junos OS, if you have enabled VSTP for all VLANs, an Ethernet 

switching process (eswd) core file might be created. [PR/602341: This issue has been 

resolved.] 



• If you use the restart vrrp command to restart VRRP, a ppmd core file might be created. 


• On EX Series switches, a LAG interface might not come up when the primary interface 

is disabled and link protection is enabled. [PR/603194: This issue has been resolved.] 


• In the J-Web interface, the dashboard does not display the uplink ports or uplink module 

ports unless transceivers are plugged into the ports. [PR/477549:This issue has been 

resolved.] 

• In the J-Web interface, the software Upload and Install Package option might not display 

a warning message when there are pending changes to be committed. [PR/514853: 


• In the J-Web interface, the support information help link does not redirect to the Juniper 

Customer Support site. As a workaround, go to the Table of Contents of the help system 

and select Registering the EX Series Switch with the J-Web Interface. [PR/552634: 


• In the J-Web interface, the Configure Schedulers page (Configure > Class of Service 

> Schedulers) shows the exact, exact-percent, and exact-remainder options in the 

Add/Edit window in the Transmit Rate list, even though these options are not supported 

on EX Series switches. [PR/590490: This issue has been resolved.] 

• In the J-Web interface, if the switch is configured as a Virtual Chassis and has more 

than one uplink module connection, the total number of ports that the dashboard lists 

as being underutilized is incorrect. [PR/591080: This issue has been resolved.] 

• In the J-Web interface on EX8216 switches, the FPC number of an inserted line card 

might not be listed under Ports for FPC on the Ports Monitoring page (Monitor > 

Interfaces). As a workaround, select the all option under Ports for FPC to display all 

the interfaces, including those for line cards. PR/593623: This issue as been resolved.] 

• In the J-Web interface, you cannot disable an IPv4 or IPv6 address on the Port 

Configuration page (Configure > Interfaces > Ports). [PR/600080: This issue has 


• In the J-Web interface, in the Link Layer Discovery Protocol (LLDP) Configuration page 

(Configure > Switching > LLDP), the Details of Port field does not show the proper 

values for the Neighbor list and Neighbor count. [PR/600232: This issue has been 

resolved.] 

• On EX2200 switches, J-Web Web management does not start. [PR/603062: This 



• In the J-Web interface, when you open the Static Routing Configuration page (Configure 

> Routing > Static Routing) and click Edit to edit an IPv6 static route, the J-Web 

interface displays the page for editing IPv4 addresses. As a workaround, use the CLI 

to edit the IPv6 addresses. [PR/660613: This issue has been resolved.] 

• On EX8200 Virtual Chassis that include an EX8216 switch in which an EX8200-40XS 

line card is installed in slot 2, 3, or 4, the J-Web interface does not populate the line 

card’s interfaces images in the expanded view of the dashboard. As a workaround, 

29


30 

install the line card in a slot other than one of these three. [PR/662231: This issue has 



• If you reboot an EX Series switch on which Layer 2, Layer 3, and multicast protocols 

are configured, the Bidirectional Forwarding Detection protocol (BFD) might start and 

stop when multiple duplicate PPM entries are created on the Routing Engine. 


• If you configure a Layer 2 link aggregation group (LAG) interface with storm control 

such that the interface shuts down as the result of a traffic storm, and if you then 

modify the LAG configuration to Layer 3 and back to Layer 2, the LAG interface never 

shuts down even if the traffic storm continues. [PR/578412: This issue has been 

resolved.] 

• The routing protocol process (rpd) might create a core file when you include the 

traceoptions statement at the [edit routing-options] hierarchy level. As a workaround, 

disable the traceoptions—for example, by configuring the flag normal option. 



• When the polling interval on an interface is changed from the default value of 0 to 

another value through the inclusion of the polling-interval configuration statement, an 

sFlow technology core file might be created. [PR/561414: This issue has been resolved.] 

• With sFlow monitoring, if you enable both an ingress sFlow collector and an egress 

sFlow collector on an interface, the traffic bandwidth usage shown in the Traffic Sentinel 

sFlow collector might be incorrect. [PR/590040: This issue has been resolved.] 

• When you mirror packets to an analyzer, the output might contain incorrect VLAN tags. 


• The dot1qVlanStaticUntaggedPorts MIB reports incorrect values for voice VLANs. 


• When you use the snmpwalk application to get information about switch interfaces, 

it returns information about incorrect interfaces. [PR/664940: This issue has been 

resolved.] 


• On EX8200 switches, when IGMP snooping is enabled on an interface, the IPv6 

multicast Layer 2 control frame is not forwarded to other interfaces in the same VLAN. 


• The system log (syslog) files might fill up with the message "snp_igmp_io_flood: relay 

failed". These messages are informational only. They indicate that the system corrected 

itself from a condition in which it would have flooded an IGMP packet of unknown type 

out of the same port it was received on. [PR/564675: This issue has been resolved.] 

• When virtual routing and forwarding (VRF) and multicast are configured on a switch 

on which IGMP snooping is not enabled, an IGMP snooping (mcsnoop) core file might 

be created. [PR/601034: This issue has been resolved.] 




• On EX8200 Virtual Chassis, IGMP snooping static receivers are removed when they 

receive a Leave message. [PR/518091: This issue has been resolved.] 

• On EX8200 Virtual Chassis, ECMP might not work for links between Virtual Chassis. 


• On EX8200 Virtual Chassis, if you issue the request system reboot slice alternate 

command, the Routing Engine might not reboot. [PR/535401: This issue has been 

resolved.] 

• On EX4200 Virtual Chassis on which VSTP is configured, VSTP might experience 

unexpected topology changes. [PR/541091: This issue has been resolved.] 

• When the Virtual Chassis backup switch is rebooted, a redundant trunk group (RTG) 

failover might occur incorrectly, with RTC from the Virtual Chassis master primary link 

erroneously switching to the secondary link of the Virtual Chassis backup. [PR/562398: 


• Upgrading the Junos OS image on an individual member of an EX8200 Virtual Chassis 

does not work. As a workaround, upgrade the Junos OS image for the entire Virtual 

Chassis. In addition, upgrading the Junos OS image of an EX8200 Virtual Chassis from 

an XRE200 External Routing Engine that is in the linecard role or the backup role does 

not work. As a workaround, upgrade the software image from the master external 

Routing Engine. [PR/574137: This issue has been resolved.] 

• On EX4200 Virtual Chassis, the next-hop information in the forwarding table is not 

cleared when a Virtual Chassis switchover occurs. [PR/576098: This issue has been 

resolved.] 

• On an EX8200 Virtual Chassis on which NSR is enabled, during an XRE200 External 

Routing Engine switchover, Layer 3 routing protocols might stop and restart repeatedly, 

leading to traffic loss. [PR/581492: This issue has been resolved.] 

• A large number of MAC pause frames might stall a Virtual Chassis member's IPC 

connection, causing the member to lose its connection to the Virtual Chassis. 


• When you halt a member of an EX4200 Virtual Chassis, the link on an uplink module 

port configured as a VCP might not be brought down. [PR/582996: This issue has 


• On a Virtual Chassis that is configured with a private VLAN (PVLAN) and a link 

aggregation group (LAG), if the Virtual Chassis loses one of its members, traffic flow 

might not resume properly across the remaining LAG members, resulting in traffic loss. 



• EX4200 Virtual Chassis members might not reboot and might create a Virtual Chassis 

control process (vccpd) core file. [PR/588466: This issue has been resolved.] 

• On EX4200 switches, VRRPv3 advertisements are not forwarded on a Layer 2 VLAN 

on which IGMP snooping is enabled. [PR/588712: This issue has been resolved.] 

• On an EX8200 Virtual Chassis, during a nonstop software upgrade (NSSU), one or 

more internal NSSU states might not be cleared on a master Routing Engine. This 

31


32 

might prevent some CLI commands from executing. [PR/592476: This issue has been 

resolved.] 

• On EX4200 Virtual Chassis, high-priority packets are not sent properly from line cards 

to the master. [PR/593840: This issue has been resolved.] 

• On EX8200 Virtual Chassis, after you upgrade Junos OS using the request system 

software add and request system reboot commands, the CPU load is very high on both 

the master and backup XRE200 External Routing Engines. The CPU load recovers to 

normal after 10 minutes or after you reboot the master switch. [PR/596374: This issue 


• If you assign the linecard role to member IDs 8 or 9, the kernel might crash and the 

XRE200 External Routing Engine might reboot continuously. As specified in the EX8200 

Virtual Chassis documentation, assign the linecard role only to member IDs 0 through 

7. [PR/600125: This issue has been resolved.] 

• On EX8200 Virtual Chassis, the chassis control process (chassisd) on the master 

member might restart in the following scenarios: 

• If the Virtual Chassis does not have a member ID 8 or 9, and any member reboots 

or the Virtual Chassis is split 

• If the Virtual Chassis has member IDs 8 and 9, and member 8 or 9 reboots 

Because of this issue, NSSU does not work. [PR/600218: This issue has been resolved.] 

• On EX4200 Virtual Chassis, it might take 20 minutes or longer to distribute the Junos 

OS image bundle in a 10-member Virtual Chassis. As a workaround, use the no-validate 

option to improve the performance. [PR/604270: This issue has been resolved.] 

• On EX8200 Virtual Chassis running a Junos OS image with resilient dual-root 

partitioning, when the kernel synchronization process (ksyncd) on the backup Routing 

Engines fails or when the master and backup Routing Engines are out of sync, both 

conditions that create a ksyncd core file, it might take more than 12 minutes for the 

core file to be created. During this time, the Virtual Chassis is highly unstable: the 

Routing Engine CPU is at 100 percent; all control protocols, such as BFD, IS-IS, and 

OSPF, are constantly stopping and restarting; and the CLI prompt is not displayed after 

you type a CLI command. This issue does not occur with nonresilient dual-root 

partitioning Junos OS images. [PR/609061: This issue has been resolved.] 

• On EX8200 Virtual Chassis, the output resource errors on the bme0 interface might 

increment continuously even after you reboot the interface. [PR/611243: This issue has 


• On EX8200 Virtual Chassis, GRE-tunneled traffic is not being transmitted across the 

chassis. For possible workarounds, contact JTAC. [PR/669513: This issue has been 

resolved.] 

• In Virtual Chassis composed of both EX4200 and EX4500 switches, you cannot 

configure PoE. [PR/671980: This issue has been resolved.] 




The following issues have been resolved since Junos OS Release 11.3R1. The identifier 



• RSTP might process BPDUs that do not comply with the IEEE standard, which might 

lead to unintended spanning-tree convergence behavior. [PR/683829: This issue has 



• Layer 3 next-hop entries might remain queued in the kernel of the backup Routing 

Engine and might never be installed in the forwarding table. [PR/670799: This issue 


• A memory leak might occur, as evidenced by "jt_nh_multiple_init() returned error code 

"(No memory:3)!" system log (syslog) messages. This leak disrupts traffic forwarding. 


• On EX4500 switches, ICMPv6 packets might transit the Routing Engine even though 

IPv6 is not configured. [PR/682953: This issue has been resolved.] 

• When the same firewall filter and Layer 3 classifier is applied to two Layer 3 interfaces, 

a Packet Forwarding Engine (pfem) core file might be created. [PR/683747: This issue 



33


34 

Interfaces 

• The Ethernet interfaces in a link aggregation group (LAG) might all have the same MAC 

address as the parent aggregated Ethernet (ae-) interface. [PR/681385: This issue has 



• If the password has been removed from the authentication-order statement and the 

external authentication server (TACACS+ or RADIUS) is down, you might not be able 

to log in to the J-Web interface. [PR/599613: This issue has been resolved.] 


• If a router or switch acting as both an autonomous system boundary router (ASBR) 

and an area border router (ABR) is reachable through both a backbone area and a stub 

area, and if the advertisement through stub area advertising has a higher metric than 

the advertisement through the backbone area, the external routes might be installed 

incorrectly in the routing table. The routing table entry incorrectly shows that the next 

hop is through the stub area. [PR/610813: This issue has been resolved.] 


• If interfaces go up and down frequently, a memory leak might occur and cfmd and 

mcsnoopd core files might be created. [PR/688356: This issue has been resolved.] 


• On EX8200 Virtual Chassis, if the topology is formed such that ingress multicast traffic 

is routed first to the rendezvous point (RP) and then returns to the Virtual Chassis for 

egress via Layer 2 multicast, the multicast traffic is forwarded only to receivers 

connected to the Virtual Chassis member in which the returned multicast traffic is 

received. Multicast traffic is not forwarded to other receivers in other Virtual Chassis 

members. [PR/666355: This issue has been resolved.] 







• When you reboot or upgrade the software on a switch that has an active client connect 

to an 802.1X interface, a VLAN core file might be created. [PR/686513: This issue has 



• For two-rate, three-color policers, the egress traffic might not flow at the configured 

peak information rate (PIR). [PR/687564: This issue has been resolved.] 


• On EX8200 Virtual Chassis, NSSU might get stuck when you upgrade FPCs one by 

one. As a workaround, configure upgrade groups for groups of FPCs, which you can 

upgrade simultaneously, with minimal traffic loss. [PR/669764: This issue has been 

resolved.] 

• When you perform a nonstop software upgrade (NSSU) operation on an EX8200 

Virtual Chassis, if you do not include the reboot option when you request the NSSU to 

have the switch perform an automatic reboot, the upgrade might hang indefinitely 

after the Junos OS images have been pushed to the master Routing Engine. 



• The system log (syslog) files contain the message “Juniper syscall not available.” These 

messages are harmless, and you can ignore them. [PR/519153: This issue has been 

resolved.] 

• The system log (syslog) file might contain the following message: “/var: filesystem 

full.” [PR/600145: This issue has been resolved.] 

• On an EX4200 switch, when you disable a Q-in-Q interface on which you have 

configured a large number (more than 500) of VLAN swap rules, control traffic might 

be affected for about 10 minutes. During this time, the forwarding process (pfem) can 

consume up to 98 percent of the CPU. The system resumes its normal state after the 

forwarding process completes its processing. [PR/678792: This issue has been 

resolved.] 


• The system log (syslog) files might contain storm-control–related messages even 

when storm control is not configured. [PR/679231: This issue has been resolved.] 

• On EX3300 switches, when you load the factory default settings, the last two ports of 

the uplink ports are configured as Virtual Chassis ports (VCPs). If you convert these 

ports to normal network ports, they might not pass traffic. As a workaround, reboot 

the switch after converting the ports. [PR/685300: This issue has been resolved.] 

• When you configure VLAN ID translation when using Q-in-Q tunneling, if you apply a 

tricolor marking (TCM) policer to the Q-in-Q interface, a Packet Forwarding Engine 

(pfem) core file might be created. [PR/688438: This issue has been resolved.] 

• In an EX8200 Virtual Chassis that is configured with an implicit deny statement and 

that has VCCP traffic flowing through 10-Gigabit Ethernet ports configured as Virtual 

35


36 

Chassis ports (VCPs), if you apply a loopback filter, the FPCs (line cards) of member 

0 and member 1 can lose contact with master Routing Engine. [PR/688983: This issue 


• You might not be able to commit a configuration on an XRE200 External Routing 

Engine, and the switch might display the error "could not save to juniper.save+". 


• An EX4200 switch might stop forwarding traffic, and a Packet Forwarding Engine 

(pfem) core file might be created. [PR/691504: This issue has been resolved.] 

• On EX4500 switches, the LCD panel might not list the ADM (administrative status) or 

DPX (duplex) options in the Idle menu. Also, when you press Enter to cycle through 

the status LED modes, you might not be able to cycle through them. [PR/692341: This 


• On EX4200 switches, if you connect and then disconnect the cable to the port on which 

the Bidirectional Forwarding Detection (BFD) protocol is running, a software forwarding 

process (sfid) core file might created. [PR/694150: This issue has been resolved.] 

• When you configure a syslog action in a firewall filter on the me0 interface, an EX2200 

switch might crash when you commit the configuration. [PR/694602: This issue has 


• On EX3200 and EX4200 switches, transmit FIFO queue overruns might cause the 

switch to stop working. [PR/695071: This issue has been resolved.] 

• Approximately every 300 seconds, a multicast route entry might be deleted and added 

back again, resulting in a traffic loss of about 1-3 seconds. [PR/698129: This issue has 



• On EX4200 switches, if you specify the source-address statement when configuring a 

system log file, the switch might not send the correct source IP address to the syslog 

server after the switch reboots. [PR/608724: This issue has been resolved.] 

• On EX4500 switches, you cannot configure BGP on the BGP Configuration page 

(Configure > Routing > BGP). [PR/699308: This issue has been resolved.] 


• When EX4200 and EX4500 switches are interconnected into the same Virtual Chassis 

to form a mixed EX4200 and EX4500 Virtual Chassis, the switches might fail to form 

a Virtual Chassis. [PR/681072: This issue has been resolved.] 

• On an XRE200 External Routing Engine, the rescue configuration might not get 

synchronized with the backup XRE200 External Routing Engine. [PR/687797: This 


• In an EX4200 Virtual Chassis, if a member other than the master reboots from the 

backup partition, the system alarm "Host # Boot from backup root" should clear when 

that member is rebooted from the active partition. However, the master retains the 

alarm until it is rebooted or until the mastership switches. [PR/694256: This issue has 



Issues Resolved in Release 11.3R4 




• When the switch is performing 802.1X (dot1x) authentication using MAC RADIUS, you 

might see the following message in the system log (syslog) file: "kmem type temp 

using 57344K, exceeding limit 57344K". [PR/697815: This issue has been resolved.] 

• When you add a new VLAN on a switch on which you have also configured loopback 

and other IPv4 firewall filters, a Packet Forwarding Engine (pfem) core file might be 

created that contains the message "No space available in tcam". [PR/701779: This 


• When you enable LLDP-MED autonegotiation on an EX Series switch, the 

autonegotiation bit in LLDP-MED packet is set to not-supported, which might cause IP 

phones to discard LLDP-MED packets received from the switch. [PR/708752: This 



• On EX Series switches, when you remove a VLAN that has a VLAN ID and then add the 

same VLAN ID but with a different VLAN name, the Ethernet switching process (eswd) 

might create a core file. [PR/668210: This issue has been resolved.] 

• When the same MAC address is learned on both the primary and community VLANS, 

an Ethernet switching process (eswd) core file might be created. [PR/693942: This 


• EX Series switches might not learn the MAC addresses of directly connected devices. 


• On EX4500 switches with an interface in loopback mode, BPDUs might be processed 

instead of being dropped as expected, generating topology change notifications (TCNs). 

As a workaround, disable the interface that is in loopback mode. [PR/698077: This 


• If the egress interface is a trunk interface, frames that exceed 9216 bytes might not be 

fragmented. [PR/705905: This issue has been resolved.] 

Hardware 


• For Opnext SFPs with Juniper part number 740-021308 and types SFP+ 10GE-SR, 

SFP+ 10GE-LR, or SFP+ 10GE-ER, when the low-power threshold is crossed, the 

power-low warning alarm is not set on extra-scale (ES) and Power over Ethernet (PoE) 

line cards. [PR/683732: This issue has been resolved.] 


• After you upgrade Junos OS, an sfid core file might be created. [PR/691958: This issue 



37


38 

Related 

Documentation 

• On EX8200 switches that have IPv6 and IPv4 configured on routing instances, when 

many interfaces go down and come back up repeatedly, the next-hop programming 

for some routes might fail, which can cause disruptions in traffic. [PR/701985: This 


Interfaces 

• EX Series switches do not show the control packet counters in both directions on the 

logical units of aggregated Ethernet (ae) interfaces. [PR/693202: This issue has been 

resolved.] 

• Interfaces might not come up, and the system log (syslog) file might contain the 

message "DCD_CONFIG_WRITE_FAILED: configuration write failed for an RT ADD: 

Cannot allocate memory". [PR/697300: This issue has been resolved.] 

• When you configure the member interfaces of an aggregated Ethernet interface before 

you configure the aggregated Ethernet (aex) device using set commands from the CLI, 

the aggregated Ethernet interface does not receive MAC updates. As a workaround, 

configure the aggregated Ethernet interface first, then configure the member interfaces. 



• In the J-Web interface, if you discard any available MIB profile, file, or predefined object 

from accounting-options on the Point and Click CLI Configuration page (Configure > 

CLI Tools > Point and Click CLI), the J-Web session times out. As a workaround, perform 

the same operation from the CLI. [PR/689261: This issue has been resolved.] 

• In the J-Web interface, the dashboard is not displayed. [PR/700274: This issue has 



• EX Series switches might not send jnxMIMst traps. [PR/707141: This issue has been 

resolved.] 


• On XRE200 External Routing Engines, the output of the show chassis hardware 

• 

command might contain duplicate Routing Engine inventory information for members 

8 and 9. [PR/663272: This issue has been resolved.] 



on page 10 







on page 41 

Changes to and Errata in Documentation for Junos OS Release 11.3 for EX Series Switches 

• Changes to the Junos OS for EX Series Switches Documentation on page 39 

• Errata on page 39 

Changes to the Junos OS for EX Series Switches Documentation 

This section lists changes that have been made to the Junos OS for EX Series switches 

documentation. 


• The Firewall Filter Match Conditions and Actions for EX Series Switches document has 

been split into two new documents: 

• The Descriptions of Firewall Filter Match Conditions for EX Series Switches document 

describes match conditions, actions, and action modifiers. 

• The Platform Support for Firewall Filter Match Conditions on EX Series Switches 

Errata 


document details support per switch type, including bind points, for match conditions, 

actions, and action modifiers for IPv4 and IPv6 ingress and egress traffic. 

This section lists outstanding issues with the documentation for Junos OS Release 11.3 

for EX Series switches. 

Changes to and Errata in Documentation for Junos OS Release 11.3 for EX Series Switches 


• When you enable DHCP-relay functionality on a switch and you configure tracing with 

the set forwarding-options helpers traceoptions command, no DHCP-relay–related 

messages are logged. As a workaround, configure tracing with the traceoptions 

statement at the [edit system services dhcp] hierarchy level. For example, the following 

commands log DHCP-relay-related messages to the file dhcp.log: 

set system services dhcp traceoptions file dhcp.log 

set system services dhcp traceoptions level all 

set system services dhcp traceoptions flag all 

[This issue was being tracked by PR/679781.] 

39


40 

Class of Service 

• On EX Series switches, you cannot configure a scheduler map on an individual interface 

that is a member of a link aggregation group (LAG). Instead, you must configure the 

scheduler map on the LAG itself (that is, on the aggregated Ethernet (ae) interface). 


Hardware 

• The documentation does not list the following transceivers, which are supported for 

EX6200 switches as of Release 11.3R4: 

• EX-SFP-1GE-LH 

• EX-SFP-1GE-LX 

• EX-SFP-1GE-LX40K 

• EX-SFP-1GE-SX 

• EX-SFP-1GE-T 


• The Managing Programs and Processes Using Junos OS Operational Mode Commands 

topic implies that damage to the file system might occur if you do not gracefully shut 

down Junos OS before powering off the router—notice, however, that this implication 

does not apply to EX Series switches that are running Junos OS Release 10.4R3 or later. 

Graceful shutdown is not required for switches running Release 10.4R3 or later because 

these releases include the resilient dual-root partitioning feature, which prevents file 

corruption if the switches do not shut down gracefully. 

Interfaces 

• The documentation for configuring autonegotiation on Ethernet interfaces on EX Series 

switches neglects to state that you cannot disable autonegotiation on Tri-State copper 

Ethernet interfaces that are manually configured for 1-Gbps link speed. If you configure 

an interface for 1-Gbps link speed and no autonegotiation, you can commit the 

configuration without an error. However, on copper interfaces, this configuration is 

ignored as invalid and autonegotiation is enabled by default. To correct the configuration 

and disable autonegotiation: 

1. Delete the no-auto-negotiation statement and commit the configuration. 

2. Set the interface speed with the speed statement to 10 or 100 Mbps, set the 

no-auto-negotiation statement, and commit the configuration. 

• The documentation for configuring physical interfaces on EX Series switches does not 

cover the supported hold-time configuration statement, which is used to dampen 

interface transitions. For information about the hold-time configuration statement, see 

Damping Interface Transitions. 


Related 

Documentation 


• In the J-Web interface, you cannot configure interface ranges and interface groups. 



• The Junos OS 11.3 Release Notes for 11.3R1, 11.3R2, and 11.3R3 incorrectly state that routed 

• 

multicast traffic is supported only on the default virtual routing and forwarding (VRF) 

instance. This limitation was removed in Release 11.3R1—routed multicast traffic is 

supported on all VRF instances in Release 11.3R1or later. 



on page 10 





on page 41 

Upgrade and Downgrade Instructions for Junos OS Release 11.3 for EX Series Switches 


This section discusses the following topics: 

• Upgrading from Junos OS Release 10.4R3 or Later on page 41 

• Upgrading from Junos OS Release 10.4R2 or Earlier on page 43 

• Downgrading to Junos OS Release 10.4R2 or Earlier on page 56 

• Upgrade Policy for Junos OS Extended End Of Life Releases on page 56 

• Upgrading or Downgrading from Junos OS Release 9.4R1 for EX Series 


• Upgrading from Junos OS Release 9.3R1 to Release 11.3 for EX Series 



• Upgrading EX Series Switches Using NSSU on page 57 

Upgrading from Junos OS Release 10.4R3 or Later 

You can use this procedure to upgrade Junos OS on a standalone EX Series switch with 

a single Routing Engine. You can also use it to upgrade all members of a Virtual Chassis 

or a single member of a Virtual Chassis. To upgrade software on a standalone EX6200 

switch or EX8200 switch with dual Routing Engines, see Installing Software on an EX 

Series Switch with Redundant Routing Engines (CLI Procedure). 

On EX8200 switches and EX8200 Virtual Chassis, you can also use nonstop software 

upgrade (NSSU) to perform the upgrade. For more information, see “Upgrading EX Series 

Switches Using NSSU” on page 57. 

41


42 

To install software upgrades on a switch with a single Routing Engine or on a Virtual 

Chassis: 

1. Download the software package as described in Downloading Software Packages from 

Juniper Networks. 

2. (Optional) Back up the current software configuration to a second storage option. 

See the Junos OS Installation and Upgrade Guide for instructions. 

3. (Optional) Copy the software package to the switch. We recommend that you use 

FTP to copy the file to the /var/tmp directory. 

This step is optional because Junos OS can also be upgraded when the software 

image is stored at a remote location. 

4. Install the new package on the switch: 

user@switch> request system software add package 

Replace package with one of the following paths: 

• For a software package in a local directory on the switch—/var/tmp/package.tgz. 

• For a software package on a remote server: 

• ftp://hostname/pathname/package.tgz 

• http://hostname/pathname/package.tgz 

where package.tgz is, for example, jinstall-ex-4200-11.3R1.8-domestic-signed.tgz. 

To install software packages on all the switches in a mixed EX4200 and EX4500 

Virtual Chassis, use the set option to specify both the EX4200 package and the 

EX4500 package: 

user@switch> request system software add set [package package] 

Include the optional member option to install the software package on only one 

member of a Virtual Chassis: 

user@switch> request system software add package member member-id 

Other members of the Virtual Chassis are not affected. To install the software on all 

members of the Virtual Chassis, do not include the member option. 

NOTE: To abort the installation, do not reboot your device; instead, finish 

the installation and then issue the request system software delete 

package.tgz command, where package.tgz is, for example, 

jinstall-ex-8200-11.3R1.8-domestic-signed.tgz. This is your last chance to 

stop the installation. 

5. Reboot to start the new software (to reboot a single member, use the member option): 


user@switch> request system reboot 

6. After the reboot has completed, log in and verify that the new version of the software 

is properly installed: 

user@switch> show version 

Upgrading from Junos OS Release 10.4R2 or Earlier 

Upgrading to Junos OS Release 11.3 from Release 10.4R2 or earlier is more complex than 

previous upgrade procedures as a result of the introduction of resilient dual-root partitions 

in Release 10.4R3. This new feature incorporates some enhancements that add additional 

steps when you upgrade from a release that does not support resilient dual-root partitions 

to one that does. Once you are running a release that supports resilient dual-root 

partitions, such as Release 11.3, future upgrades will not require these additional steps. 

The following points summarize the differences between this upgrade and previous 

upgrades: 


• The disk partitions are automatically reformatted to four partitions during the reboot 

of the switch that completes the Junos OS upgrade. The reformat increases the reboot 

time for EX8200 switches by 10 to 25 minutes per Routing Engine. For other switches, 

the increase in boot time is 5 to 10 minutes. 

• The configuration files in /config are saved in volatile memory before the reformat and 

then restored after the reformat—however, the files in /var are not saved and are lost 

after the upgrade. 


NOTE: We recommend that you copy your data files to external media 

using the request system snapshot command before you perform the 

upgrade. Files in the /var directory, such as log files and user /home 

directories, are not saved. In addition, a power failure during the reboot 

could cause the configuration files to be lost. 

• You must upgrade the loader software. You upgrade the loader software by installing 

the loader software package from the CLI. 

NOTE: To obtain the loader software package: see the Download Software 

page at http://www.juniper.net/support/products/junos/dom/. Click on the 

version, then the Software tab, then the name of the software install 

package. In the pop-up Alert box, click on the link to the PSN document. 

On switches other than the EX8200 switches, upgrading the loader software does not 

significantly increase the upgrade time because you can complete the upgrade of both 

Junos OS and the loader software with a single reboot. 

On EX8200 switches, upgrading the loader software requires an additional reboot per 

Routing Engine because of the way the loader software is stored in the flash memory. 

On EX8200 switches only, you can verify that the loader software requires upgrading 

43


44 

before you perform the upgrade—if the loader software does not need upgrading, the 

additional reboot per Routing Engine is not required. 

NOTE: If you upgrade to Release 11.3 and do not upgrade the loader 

software, the switch will come up and will function normally. However, if 

the switch cannot boot from the active root partition, it will not be able to 

transparently boot from the alternate root partition. 

Table 1 on page 44 lists the installation packages required to upgrade the loader 

software. 

Table 1: Required Installation Packages for Upgrading the Loader Software 

Platform 

EX2200 switch 

EX3200 switch 

EX4200 switch 

EX4500 switch 

EX8200 switch 

XRE200 External Routing Engine 

Installation Package 

jloader-ex-2200-11.3build-signed.tgz 





The loader software does not need to be upgraded. 

• When you upgrade to a release that supports resilient dual-root partitions from one 

that does not, the upgrade process automatically copies the contents of the primary 

root partition to the alternate root partition at the end of the upgrade process. Because 

the resilient dual-root partitions feature enables the switch to boot transparently from 

the alternate root partition, we recommend that you use the request system snapshot 

command to copy the contents of the primary root partition to the alternate root 

partition after all future Junos OS upgrades. 



NOTE: If you upgrade the loader software in a separate step after you upgrade 

Junos OS, users might see the following message when they log in to the 

switch: 

At least one package installed on this device has limited support 

This message can be safely ignored. 

You can permanently remove this message by deleting the loader software 

package and rebooting the system. For example, on an EX4200 switch: 

user@switch> request system software delete jloader-ex-3242 

Unmounted /packages/mnt/jloader-ex-3242-11.3 ... 


Reboot the system ? [yes,no] (no) yes 

The following pages include more detailed instructions for performing a software upgrade 

from Release 10.4R2 or earlier: 

• Determining Whether the Loader Software Needs Upgrading on EX8200 Switches 

and EX8200 Virtual Chassis on page 45 

• Installing the Loader Software and Junos OS on EX2200, EX3200, Standalone EX4200, 

and Standalone EX4500 Switches on page 47 

• Upgrading the Loader Software and Junos OS on EX4200 Virtual Chassis on page 48 

• Upgrading the Loader Software on EX4500 Virtual Chassis and Mixed EX4200 and 

EX4500 Virtual Chassis on page 49 

• Upgrading Junos OS and the Loader Software on Standalone EX8200 


• Upgrading Junos OS and the Loader Software on EX8200 Virtual Chassis on page 53 

Determining Whether the Loader Software Needs Upgrading on EX8200 Switches and 

EX8200 Virtual Chassis 

Before you begin the software upgrade on an EX8200 switch or an EX8200 Virtual 

Chassis, determine whether the loader software needs upgrading. It is possible that a 

switch running a Junos OS release earlier than Release 10.4R3 has a version of the loader 

software installed that supports resilient dual-root partitions. For example, the switch 

might have been shipped from the factory with a Junos OS release earlier than Release 

10.4R3 but with a version of the loader software that supports resilient dual-root partitions. 

Or the switch might have been downgraded from a Junos OS release that supports 

resilient dual-root partitions but still retain a version of the loader software that supports 

resilient dual-root partitions. 


NOTE: This procedure is available only on EX8200 switches. On all other 

switches, you must upgrade your loader software. 

45


46 

To determine whether the loader software needs upgrading: 

1. Determine the version of the loader software: 

user@switch> show chassis firmware 

Part Type Version 

FPC 6 U-Boot U-Boot 1.1.6 (Jan 13 2009 - 06:55:22) 2.3.0 

loader FreeBSD/PowerPC U-Boot bootstrap loader 2.2 

FPC 7 U-Boot U-Boot 1.1.6 (Jan 13 2009 - 06:55:22) 2.3.0 


Routing Engine 0 U-Boot U-Boot 1.1.6 (Mar 11 2011 - 04:29:01) 3.5.0 




NOTE: On an EX8200 Virtual Chassis, you cannot execute this command 

on the master external Routing Engine. The command must be executed 

on each member switch: 

1. From the master external Routing Engine, start a shell session on the 

member switch. For example: 

user@external-routing-engine> request session member 0 

2. Enter the CLI and execute the show chassis firmware command. 

3. Repeat these steps for the other member switch. 

The loader software version appears after the timestamp for U-Boot 1.1.6. In the 

preceding example, the version is 3.5.0. (Ignore the 1.1.6 version information in U-Boot 

1.1.6—it does not indicate whether or not the version of the loader software supports 

resilient dual-root partitioning.) 

2. If the loader software version is 3.5.0 or later on EX8200 switches, your loader software 

does not need upgrading to support resilient dual-root partitioning. To upgrade to 

Release 11.3, install Junos OS, following the standard installation procedures. See 

“Upgrading from Junos OS Release 10.4R3 or Later” on page 41. 

3. If the loader software version is earlier than 3.5.0, you must upgrade your loader 

software. Follow the instructions in “Upgrading Junos OS and the Loader Software 

on Standalone EX8200 Switches” on page 51 or “Upgrading Junos OS and the Loader 

Software on EX8200 Virtual Chassis” on page 53. 



Installing the Loader Software and Junos OS on EX2200, EX3200, Standalone EX4200, 

and Standalone EX4500 Switches 

To upgrade the loader software and Junos OS on EX2200, EX3200, standalone EX4200, 

and standalone EX4500 switches: 

1. Download the loader software package and the Junos OS package from the Juniper 

Networks website as described in Downloading Software Packages from Juniper 

Networks. Place the software packages on an internal software distribution site or in 

a local directory on the switch. We recommend using /var/tmp as the local directory 

on the switch. 

NOTE: To obtain the loader software package, see the Download Software 




2. Install the loader package: 



• For a software package in the /var/tmp directory on the 

switch—/var/tmp/package.tgz 




where package.tgz is, for example, jloader-ex-3242-11.3build-signed.tgz. 

3. Install the Junos OS package, following the same procedure you used to install the 

loader software package. 

4. Reboot the switch: 




If you are monitoring the reboot from the console, you see messages similar to the 

following during the partition reformat: 

Disk needs to be formatted in order to proceed 

Saving the configuration in memory before formatting the disk 

FILE SYSTEM CLEAN; SKIPPING CHECKS 

clean, 31543 free (10 frags, 3953 blocks, 0.0% fragmentation) 

32+0 records in 

32+0 records out 

16384 bytes transferred in 0.033161 secs (494075 bytes/sec) 

******* Working on device /dev/da0 ******* 

. 

. 

47


48 

. 

Restoring configuration 

5. Verify that the loader software has been upgraded: 



FPC 0 uboot U-Boot 1.1.6 (Mar 28 2011 - 04:09:20) 

1.0.0 

loader FreeBSD/PowerPC U-Boot bootstrap loader 

2.4 

The U-Boot version that follows the date information must be 1.0.0 or later. 

6. Verify that Junos OS has been upgraded: 


Upgrading the Loader Software and Junos OS on EX4200 Virtual Chassis 

You perform the upgrade of the loader software and Junos OS on an EX4200 Virtual 

Chassis from the Virtual Chassis master switch. The master switch pushes the installation 

packages to all the Virtual Chassis members. You can also upgrade the loader software 

and Junos OS on a single member switch from the master switch. 

To upgrade the loader software and Junos OS: 




a local directory on the master switch. We recommend using /var/tmp as the local 

directory on the master switch. 





2. Log in to the master of the Virtual Chassis. 

3. Install the loader software package: 

• To install the package on all members of the Virtual Chassis: 


• To install the package on a single member of the Virtual Chassis: 











4. Install the Junos OS package, following the same procedure you used to install the 

loader software package. 

5. Reboot the Virtual Chassis (to reboot a single member, use the member option): 



If you are monitoring the reboot from the console, you see messages similar to the 

following during the disk reformat: 

Disk needs to be formatted in order to proceed 

Saving the configuration in memory before formatting the disk 

FILE SYSTEM CLEAN; SKIPPING CHECKS 

clean, 31543 free (10 frags, 3953 blocks, 0.0% fragmentation) 

32+0 records in 

32+0 records out 

16384 bytes transferred in 0.033161 secs (494075 bytes/sec) 

******* Working on device /dev/da0 ******* 

. 

. 

. 

Restoring configuration 

6. Verify that the new version of the loader software is on all members of the Virtual 

Chassis: 



fpc0: 

-------------------------------------------------------------------------- 


FPC 0 uboot U-Boot 1.1.6 (Mar 11 2011 - 04:29:01) 1.0.0 





7. Verify that the new Junos OS release is on all members of the Virtual Chassis: 


Upgrading the Loader Software on EX4500 Virtual Chassis and Mixed EX4200 and 

EX4500 Virtual Chassis 

To create an EX4500 Virtual Chassis or a mixed EX4200 and EX4500 Virtual Chassis, 

you must upgrade Junos OS on the member switches to Release 11.1 or later before you 

form the Virtual Chassis. For instructions on how to upgrade Junos OS and the loader 

software on the member switches before they are part of the Virtual Chassis, see 

“Installing the Loader Software and Junos OS on EX2200, EX3200, Standalone EX4200, 

and Standalone EX4500 Switches” on page 47. 

49


50 

If you did not upgrade the loader software on one or more of the member switches before 

you formed the Virtual Chassis, you can use the following procedure to upgrade the loader 

software on member switches after the Virtual Chassis is formed. 

To upgrade the loader software: 

1. Download the loader software package from the Juniper Networks website as 

described in Downloading Software Packages from Juniper Networks. Place the software 

packages on an internal software distribution site or in a local directory on the master 

switch. We recommend using /var/tmp as the local directory on the master switch. 





For a mixed EX4200 and EX4500 Virtual Chassis, you must download the loader 

packages for both switches. 

2. Log in to the master of the Virtual Chassis. 

3. Install the loader software package: 

• To install the package on all members of an EX4500 Virtual Chassis: 


• To install the package on all members of a mixed EX4200 and EX4500 Virtual 

Chassis: 

user@switch> request system software add set [ex4200-package ex4500-package] 

• To install the package on a single member of the Virtual Chassis: 


4. Reboot the Virtual Chassis (to reboot a single member, use the member option): 



5. Verify that the correct version of the loader software is on all members of the Virtual 

Chassis: 

root@switch> show chassis firmware 

fpc0: 

-------------------------------------------------------------------------- 









Upgrading Junos OS and the Loader Software on Standalone EX8200 Switches 

NOTE: On EX8200 switches, you must upgrade Junos OS before you can 

upgrade the loader software. 

The loader software for an EX8200 Routing Engine resides in two flash memory banks. 

At any time, one bank acts as the primary bank and the Routing Engine boots from it. 

The other bank is the backup bank—if the Routing Engine cannot boot from the primary 

bank, it boots from the backup bank. When you upgrade the loader software, the upgraded 

software is installed in the backup bank, which then becomes the new primary bank. 

Thus the primary and backup banks alternate each time you upgrade the loader software, 

with the primary bank containing the most recently installed version of the software and 

the backup bank containing the previous version. 

To upgrade the loader software on an EX8200 Routing Engine, you must perform the 

upgrade twice: once for each bank. Each upgrade requires a reboot of the Routing Engine. 

NOTE: If you do not upgrade the loader software in both banks and the 

Routing Engine boots from the previous version of the loader software in the 

backup bank, the Routing Engine can no longer boot transparently from the 

alternate root partition if it cannot boot from the primary root partition. 

For an EX8200 switch with redundant Routing Engines, you must upgrade the loader 

software on both Routing Engines. You can upgrade the loader software on a Routing 

Engine only when it is master. 

Ensure that graceful Routing Engine switchover (GRES) and nonstop active routing (NSR) 

are disabled before you begin the upgrade. 

To upgrade the master Routing Engine on a switch with redundant Routing Engines or 

to upgrade the Routing Engine on a switch with a single Routing Engine: 

1. Download and install the Junos OS package on each Routing Engine as described in 

Installing Software on an EX Series Switch with Redundant Routing Engines (CLI 

Procedure) or Installing Software on an EX Series Switch with a Single Routing Engine 

(CLI Procedure). 


2. Download the loader software package from the Juniper Networks website and place 

the software package on an internal software distribution site or in a local directory 

on the switch. We recommend using /var/tmp as the local directory on the switch. 





51


52 

3. Log in to the switch and enter the shell. We recommend using a console connection. 

4. Determine the primary bank and the version of the loader software in the bank: 

% kenv | grep boot.primary.bank 

boot.primary.bank="0" 

% kenv | grep boot.ver 

boot.ver="2.4.0" 

5. Enter the CLI and install the loader package: 









6. Upgrade the firmware: 

user@switch> request system firmware upgrade scb 

Firmware upgrade initiated.... 

Please wait for ~2mins for upgrade to complete.... 

7. After waiting for a couple of minutes, reboot the Routing Engine: 



8. Enter the shell and verify that the previous backup bank is now the primary bank and 

that it contains the upgraded loader software: 

% kenv | grep boot.primary.bank 

boot.primary.bank="1" 

% kenv | grep boot.ver 

boot.ver="3.5.0" 

9. To install the loader software in the current backup bank, repeat Step 4 through Step 

8. 

NOTE: If you installed the loader software package from /var/tmp, you 

will need to copy the loader software package to /var/tmp again before 

you can repeat Step 4 through Step 8 because it is removed after each 

installation. 

10. (Optional) The following message might be displayed when a user logs in to the 

system: 

--- JUNOS 11.3R1.9 built 2011-03-19 22:06:32 UTC 

At least one package installed on this device has limited support. 

Run 'file show /etc/notices/unsupported.txt' for details.. 



This message can be safely ignored. It appears as a result of upgrading the loader 

software after you upgrade Junos OS. 

You can permanently remove this message by removing the loader software package 

and rebooting the system: 


user@switch> request system software delete jloader-ex-8200 

Unmounted /packages/mnt/jloader-ex-8200-11.3 ... 



To upgrade the backup Routing Engine on a switch with redundant Routing Engines: 

1. Log in to the backup Routing Engine. We recommend using a console connection. 

2. Perform a master switchover so that the backup Routing Engine becomes the master: 

user@switch> request chassis routing-engine master switch 

warning: Traffic will be interrupted while the PFE is re-initialized 

Toggle mastership between routing engines ? [yes,no] (no) yes 

Resolving mastership... 

Complete. The local routing engine becomes the master. 

3. Follow the same procedure for upgrading the loader software that you used for the 

original master Routing Engine (Step 3 through Step 10). When you reboot the Routing 

Engine after upgrading the loader software in the first bank, mastership returns to the 

original master Routing Engine. You will need to perform another master switchover 

before you can upgrade the loader software in the second bank. 

Upgrading Junos OS and the Loader Software on EX8200 Virtual Chassis 

To upgrade an EX8200 Virtual Chassis, you must upgrade the loader software on each 

Routing Engine of each member switch. The loader software on the external Routing 

Engines does not need to be upgraded. 

As described in “Upgrading Junos OS and the Loader Software on Standalone EX8200 

Switches” on page 51, the loader software for a Routing Engine resides in two flash 

memory banks and both banks must be upgraded with the new loader software. 

53


54 

To upgrade the loader software and Junos OS: 




a local directory on the master external Routing Engine. We recommend using /var/tmp 

as the local directory. 





2. Log in to the master external Routing Engine. 

3. Install the Junos OS package: 

user@external-routing-engine> request system software add package 







where package.tgz is, for example, jinstall-ex-xre200-11.3R1.8-domestic-signed.tgz. 

4. Reboot the Virtual Chassis: 

user@external-routing-engine> request system reboot 


5. After the reboot completes, verify that Junos OS has been upgraded on all members: 

user@external-routing-engine> show version 

6. Install the loader package: 

user@external-routing-engine> request system software add package 

Replace package with the path to the loader package. 

The package is pushed to each member switch from the master external Routing 

Engine. 

7. Upgrade the loader software in the current backup banks on both Routing Engines on 

a member switch (member 0 is used in the command examples): 

a. Enter the CLI and log in to the member switch: 


b. Upgrade the firmware in the backup bank on the master Routing Engine: 






c. Wait a couple of minutes and then reboot the Routing Engine: 



d. Upgrade the firmware in the current backup bank of the backup Routing Engine 

(now the master) by repeating Step a through Step c. 

Because the loader software has been upgraded in the backup banks, they now 

become the primary banks. 

8. After the reboots of the Routing Engines complete, log in to the member switch again 

and verify that the loader software has been upgraded in the primary banks: 




FPC 1 U-Boot U-Boot 1.1.6 (Mar 25 2009 - 06:13:12) 2.4.0 


FPC 5 U-Boot U-Boot 1.1.6 (Nov 5 2008 - 09:16:00) 






The U-Boot version that appears after the build date and time must be 3.5.0 or later. 

9. Upgrade the loader software in the new backup banks on both Routing Engines on 

the member switch: 

a. Upgrade the firmware in the backup bank on the master Routing Engine: 




b. Perform a master switchover to make the backup Routing Engine the master 

Routing Engine: 


user@switch> request chassis routing-engine master switch 

Toggle mastership between routing engines ? [yes,no] (no) yes 

You are returned to the master external Routing Engine after the master switchover. 

c. Log back in to the member switch: 


d. Upgrade the firmware in the backup bank on the new master Routing Engine: 




55


56 

e. Verify that the loader software has been upgraded in the new primary banks on 

both Routing Engines: 



FPC 1 U-Boot U-Boot 1.1.6 (Mar 25 2009 - 06:13:12) 2.4.0 


FPC 5 U-Boot U-Boot 1.1.6 (Nov 5 2008 - 09:16:00) 






f. Exit to the master external Routing Engine. 

10. Upgrade the loader software on the other member switch in the Virtual Chassis by 

repeating Step 7 through Step 9. 

Downgrading to Junos OS Release 10.4R2 or Earlier 

When you downgrade to a Junos OS release that does not support resilient dual-root 

partitions (Release 10.4R2 or earlier), the downgrade process automatically: 

• Reformats the disk from four partitions to three partitions during the reboot of the 

switch that completes the Junos OS downgrade. The reformat causes a one-time 

increase in boot time—10 to 25 additional minutes per Routing Engine for EX8200 

switches; 5 to 10 additional minutes for other switches. 

• Disables the boot-sequencing function of the loader software. With the boot-sequencing 

function disabled, the loader software behaves as it did before resilient dual-root 

partitions were introduced. The loader software itself is not downgraded—there is no 

need to downgrade it. 

To downgrade to Release 10.4R2 or earlier: 

1. Use the request system snapshot command to save your data files to external media 

before you perform the downgrade. 

2. Install Junos OS. 

NOTE: Files in the /config directory are saved and restored during the 

downgrade process. However, files in the /var directory, such as log files 

and user /home directories, are not saved. In addition, a power failure 

during the reboot could cause the configuration files to be lost. 

Upgrade Policy for Junos OS Extended End Of Life Releases 

A direct upgrade and downgrade path is now available for Junos OS Extended End of 

Life (EEOL) releases. You can upgrade directly from one EEOL release to the next release 

even though EEOL releases frequently occur in increments beyond three releases. The 

current upgrade and downgrade policy for a non-EEOL release is that you can upgrade 


or downgrade only by up to three releases at a time. The +3 policy remains unchanged 

for non-EEOL releases but includes a direct upgrade and downgrade path for EEOL to 

next EEOL releases. 

It is important to note that you can upgrade or downgrade only to the EEOL release that 

occurs directly before or after the currently installed EEOL release. For example, Junos 

OS Releases 8.5, 9.3, and 10.0 are EEOL releases. You can upgrade from Junos OS Release 

8.5 to Junos OS Release 10.0 only by first upgrading to Junos OS Release 9.3. This policy 

also applies to downgrades where you cannot skip an EEOL release but must target the 

EEOL release occurring directly before the currently installed EEOL release. 

For more information on EEOL releases and to review a list of EEOL releases, see 

http://www.juniper.net/support/eol/junos.html . 

Upgrading or Downgrading from Junos OS Release 9.4R1 for EX Series Switches 

The ARP aging time configuration in the system configuration stanza in Junos OS Release 

9.4R1 is incompatible with the ARP aging time configuration in Junos OS Release 9.3R1 

or earlier and Junos OS Release 9.4R2 or later. If you have configured system arp 

aging-timer aging-time on EX Series switches running Junos OS Release 9.4R1 and upgrade 

to Junos OS Release 9.4R2 or later or downgrade to Junos OS Release 9.3R1 or earlier, 

the switch will display configuration errors on booting up after the upgrade or downgrade. 

As a workaround, delete the arp aging-timer aging-time configuration in the system 

configuration stanza and reapply the configuration after you complete the upgrade or 

downgrade. 


The format of the file in which the EX4200 Virtual Chassis topology information is stored 

was changed in Junos OS Release 9.4. When you downgrade Junos OS Release 9.4 or 

later running on EX4200 switches in a Virtual Chassis to Junos OS Release 9.3 or earlier, 

make topology changes, and then upgrade to Junos OS Release 9.4 or later, the topology 

changes you made using Junos OS Release 9.3 or earlier are not retained. The switch 

restores the last topology change you made using Junos OS Release 9.4. 

Upgrading from Junos OS Release 9.3R1 to Release 11.3 for EX Series Switches 

If you are upgrading from Junos OS Release 9.3R1 and have voice over IP (VoIP) enabled 

on a private VLAN (PVLAN), you must remove this configuration before upgrading, to 

prevent upgrade problems. VoIP on PVLAN interfaces is not supported in releases later 

than Junos OS Release 9.3R1. 


Upgrading EX Series Switches Using NSSU 

You can use nonstop software upgrade (NSSU) to upgrade Junos OS releases on EX8200 

standalone switches and EX8200 Virtual Chassis. For instructions on how to perform an 

upgrade using NSSU, see Upgrading Software on an EX8200 Standalone Switch Using 

Nonstop Software Upgrade (CLI Procedure) or Upgrading Software on an EX8200 Virtual 

Chassis Using Nonstop Software Upgrade (CLI Procedure). 

Table 2 on page 58 details NSSU support per Junos OS release and provides pointers to 

any known issues for particular upgrade scenarios. 

57


Table 2: Using NSSU to Upgrade Junos OS on EX8200 Switches and EX8200 Virtual Chassis 

Switch 

Platform 

EX8200 

standalone 

switch 

EX8200 

Virtual 

Chassis 

58 

Upgrade from 

Release x.x 

10.4R1 or 10.4R2 

10.4R3 or later 


11.2R1 

11.2R2 



11.1R1, 11.1R2, or 

11.1R3 

11.1R4 


11.2R1 

11.2R2 


Upgrade to 

Release 

10.4R4 or 

Later 

Not 

supported 

Supported 

– 

– 

– 

– 

Not 

supported 

– 

– 

– 

– 

– 

– 

Upgrade to 

Release 11.1R4 

or Later 

Not supported 

Supported 

Supported 

– 

– 

– 

Not supported 

Not 

recommended 

Not 

recommended 

– 

– 

– 

– 

Upgrade to 


Not supported 

Supported 

Supported 

Supported 

– 

– 

Not supported 

Not 

recommended 

Supported 

Supported 

Supported 

– 

– 

Upgrade to 


Not supported 

Supported 

Supported 

Supported 

Supported 

– 

Not supported 

Not 

recommended 

Supported 

Supported 

Supported 

Supported 

– 

Upgrade to 

Release 11.3R1 or 

later 

Not supported 

Supported 

Supported 

Supported 

Supported 

Supported 

Not supported 

Not recommended 

Supported 

Supported 

Supported 

Supported 

Supported 

On an EX8200 Virtual Chassis, an NSSU operation can be performed only if you have 

configured the XRE200 External Routing Engine member ID to be 8 or 9. 

NOTE: Do not use nonstop software upgrade (NSSU) to upgrade the software 

on an EX8200 switch from Junos OS Release 10.4 if you have configured the 

IGMP, MLD, or PIM protocols on the switch. If you attempt to use NSSU, your 

switch might be left in a nonfunctional state from which it is difficult to 

recover. If you have these multicast protocols configured, upgrade the 

software on the EX8200 switch from Release 10.4 by following the 

instructions in Installing Software on an EX8200 Switch with Redundant Routing 

Engines (CLI Procedure). This issue does not apply to upgrades from Release 

11.1 or later. 


Related 

Documentation 


• 

NOTE: If you are using NSSU to upgrade the software on an EX8200 switch 

from Junos OS Release 10.4 or Release 11.1 and sFlow technology is enabled, 

disable sFlow technology before you perform the upgrade using NSSU. After 

the upgrade is complete, you can reenable sFlow technology. If you do not 

disable sFlow technology before you perform the upgrade with NSSU, sFlow 

technology will not work properly. This issue does not affect upgrades from 

Release 11.2 or later. 

NOTE: If you are using NSSU to upgrade the software on an EX8200 switch 

from Junos OS Release 11.1 and NetBIOS snooping is enabled, disable NetBIOS 

snooping before you perform the upgrade using NSSU. After the upgrade is 

complete, you can reenable NetBIOS snooping. If you do not disable NetBIOS 

snooping before you perform the upgrade with NSSU, NetBIOS snooping will 

not work properly. This issue does not affect upgrades from Release 11.2 or 

later. 



on page 10 







59


Junos OS Release Notes for the QFX Series 

• New Features in Junos OS Release 11.3 for the QFX Series on page 60 

• Changes in Default Behavior and Syntax in Junos OS Release 11.3 for the QFX 

Series on page 62 

• Limitations in Junos OS Release 11.3 for the QFX Series on page 65 

• Outstanding Issues in Junos OS Release 11.3 for the QFX Series on page 67 

• Resolved Issues in Junos OS Release 11.3 for the QFX Series on page 71 

• Errata in Documentation for Junos OS Release 11.3 for the QFX Series on page 77 

• Upgrade and Downgrade Instructions for Junos OS Release 11.3 for the QFX 

Series on page 78 

New Features in Junos OS Release 11.3 for the QFX Series 

60 

To view the entire set of software information in PDF format, see the Complete Software 

Guide for Junos OS for the QFX Series, Release 11.3. 

• Interfaces on page 60 

• Layer 2 and Layer 3 Protocols on page 60 

• Multicast Protocols on page 61 

• Network Management on page 61 

Interfaces 

• Enhanced LAG capabilities (QFX3500 switches)—Enable you to use multiple network 

cables and ports in parallel to increase link speed and redundancy. The expanded 

support for link aggregation (LAG) on QFX3500 switches now lets you to support up 

to 32 members in a LAG bundle. You can specify the members of a LAG at the [edit 

interfaces ether-options 802.3ad] hierarchy level. 


• Border Gateway Protocol (QFX3500 switches)—Border Gateway Protocol (BGP) is 

an exterior gateway protocol (EGP) for routing traffic between autonomous systems 

(ASs). You can configure BGP at the [edit protocols bgp] hierarchy level. 

• Open Shortest Path First (QFX3500 switches)—The IPv4 Open Shortest Path First 

protocol is an interior gateway protocol (IGP) for routing traffic within an autonomous 

system (AS). QFX3500 switches support OSPFv1 and OSPFv2. You can configure 

OSPF at the [edit protocols ospf] hierarchy level. 

• Dynamic Host Control Protocol relay agent (QFX3500 switches)—Enables a switch 

to relay a DHCP request broadcast by a locally attached host to a DHCP server. To 

enable DHCP relay, include the bootp statement at the [edit forwarding-options helpers] 


hierarchy level and the dhcp-option82 statement at the [edit ethernet-switching-options 

secure-access-port vlan] hierarchy level. 

• Virtual Router Redundancy Protocol (QFX3500 switches)—Enables you to provide 

alternative gateways for end hosts that are configured with static default routes. You 

can implement VRRP to provide a highly available default path to a gateway without 

needing to configure dynamic routing or router discovery protocols on end hosts. To 

configure VRRP, include the vrrp-group statement at the [edit interfaces unit family 

inet address] hierarchy level and the vrrp statement at the [edit protocols] hierarchy 

level. 


• Protocol Independent Multicast sparse mode (QFX3500 switches)—Enables efficient 

routing to multicast groups with receivers sparsely spread over multiple networks. To 

configure PIM sparse mode, include the pim statement at the [edit protocols] hierarchy 

level. 


Network Management 

• sFlow technology (QFX3500 switches)—sFlow technology is a monitoring technology 

for high-speed switched or routed networks. You can configure sFlow technology to 

monitor traffic continuously at wire speed on all interfaces simultaneously. sFlow 

technology also collects samples of network packets, which can provide you with 

visibility into network traffic information. The QFX3500 switches support the sFlow 

standard, which is described in RFC 3176, InMon Corporation's sFlow: A Method for 

Monitoring Traffic in Switches and Routed Networks. You configure sFlow monitoring 

at the [edit protocols sflow] hierarchy level. sFlow operational commands include show 

sflow and clear sflow collector statistics. 

• Uplink failure detection (QFX3500 switches)—Extends support for this existing EX 

Series switch feature to QFX Series switches. Uplink failure detection enables a switch 

to detect link failures on uplink interfaces and to propagate this information to downlink 

interfaces, so that servers connected to those downlink interfaces can switch over to 

secondary interfaces. 

New Features in Junos OS Release 11.3 for the QFX Series 

Uplink failure detection supports network adapter teaming and provides network 

redundancy. In network adapter teaming, all of the network interface cards (NICs) on 

a server are configured in a primary or secondary relationship and share the same IP 

address. When the primary link goes down, the server transparently shifts the connection 

to the secondary link. With uplink failure detection, the switch monitors uplink interfaces 

for link failures. When it detects a failure, it disables the downlink interfaces. When the 

server detects a disabled downlink interface, it switches over to the secondary link to 

ensure traffic is not dropped but sent over the secondary path instead. 

When configuring uplink failure detection, you add an uplink interface and a 

corresponding downlink interface as a pair into a failure detection group. To add uplink 

interfaces to the group, include the link-to-monitor interface-name statement at the 

[edit protocols uplink-failure-detection group group-name] hierarchy level. To add 

downlink interfaces to the group, include the link-to-disable interface-name statement 

at the [edit protocols uplink-failure-detection group group-name] hierarchy level. 

61


Related 

Documentation 

• 

For more information about configuring uplink failure detection, see Configuring 

Interfaces for Uplink Failure Detection. 

Changes in Default Behavior and Syntax in Junos OS Release 11.3 for the QFX Series 

on page 62 





• Upgrade and Downgrade Instructions for Junos OS Release 11.3 for the QFX Series on 

page 78 


62 

Traffic Management 

• In Junos OS Release 11.3, the class-of-service (CoS) implementation on QFX3500 

switches differs significantly from that in previous releases. For full information about 

these changes, see Overview of CoS Changes Introduced in Junos OS Release 11.3. A 

summary of the changes is included below. 

NOTE: To upgrade to Junos OS Release 11.3, we recommend that you 

remove your CoS configuration before you upgrade the switch to Junos OS 

Release 11.3, then upgrade the switch, modify your CoS configuration based 

on the revised guidelines, and then reapply the CoS configuration after the 

software upgrade. 


The CoS changes and configuration recommendations for Junos OS Release 11.3 are 

as follows: 

• The default IEEE unicast classifiers have been updated with the following mappings 

for forwarding class, queue, and priority as shown in Table 3 on page 63. 

Table 3: IEEE Unicast Classifiers for Junos OS Release 11.3 

Code Point 

000 

001 

010 

011 

100 

101 

110 

111 

Forwarding Class 

best-effort 

best-effort 

best-effort 

fcoe 

no-loss 

best-effort 

network-control 

network-control 

Loss Priority 

• Default schedulers contain the following changes, as shown in Table 4 on page 63: 

• All IEEE 802.1p priorities map to a single multidestination forwarding class. 

• The default transmit rates have been changed (see “Bandwidth” column in Table 

4 on page 63). 

• The default forwarding classes have changed. Instead of eight classes, there are 

now five: fcoe, no-loss (guaranteed delivery for TCP lossless traffic), best-effort 

low 

low 

low 

low 

low 

low 

low 

low 

(be), network-control (nc), and multicast best-effort (mcast). 

Table 4: Default Schedulers for Junos OS Release 11.3 

Forwarding Class 

best-effort (be) 

fcoe 

no-loss 

network-control (nc) 

multicast-best-effort (mcast) 



Priority/Queue 

Low/0 

Low/3 

Low/4 

Low/7 

Low/8 

Bandwidth 

5% 

35% 

35% 

5% 

20% 

63


64 

• There is now one multidestination default forwarding class. (In Junos OS Release 11.2 

and earlier, there were four default multidestination forwarding classes.) 

• The excess-rate statement is no longer supported. You must remove it from your 

CoS configuration used in Junos OS Release 11.2 and earlier in order to upgrade to 

Junos OS Release 11.3. 

NOTE: The CoS process does not start if the excess-rate statement exists 

in your configuration. 

• The transmit-rate statement is not allowed in forwarding classes that have strict-high 

priority queues, and the guaranteed-rate statement is not allowed in forwarding class 

sets (fc-sets) that have strict-high priority queues. 

• If you wish to configure strict-high priority queues, you can include them only in one 

fc-set. The switch issues a commit error if you exceed this limit. 

• Strict-high priority queues cannot be included in an fc-set set that also contains 

other queues that are not strict-high priority (even if ETS is not required). The switch 

issues a commit error if you break this rule. 

NOTE: You must remove mixed priority queues from your CoS 

configuration used in Junos OS Release 11.2 and earlier in order to upgrade 

to Junos OS Release 11.3. The CoS process does not start if mixed priority 

queues are included in the same fc-set. 

• Strict-high priority is not allowed in multidestination queues and fc-sets. 

• The high priority option has been removed from the scheduler configuration (only 

low and strict-high priorities are now supported in Junos OS Release 11.3). 

• Remove strict priority queues from your configuration. 

• Avoid configuring the transmit-rate option as an exact rate. Instead, configure the 

transmit-rate as a percentage. 

• If you included default multidestination forwarding classes for a switch running Junos 

OS Release 11.2 and earlier, you need to reclassify all these forwarding classes into 

a single multidestination forwarding class. 


Related 

Documentation 

• 

NOTE: Summary—On QFX3500 switches, when you upgrade Junos OS on 

the switch to Release 11.3, if the existing CoS configuration specifies any 

of the parameters listed below, the CoS process might not start: 

1. If you configure strict-high priority and low priority queues in the same 

fc-set 

2. If you configure multidestination queues with strict-high priority 

3. If you configure the transmit-rate option for strict-high priority queues 

or the guaranteed-rate option for fc-sets that contain strict-high priority 

queues 

4. If you configure a scheduler using the excess-rate option 

5. If you configure a scheduler with high priority 

Also, if the existing CoS configuration includes default multicast forwarding 

classes such as mcast-be, mcast-af, mcast-ef or mcast-nc at the [edit 

class-of-service (classifiers | rewrite-rules | schedulers)] hierarchy level, the 

system might not come up after you upgrade Junos OS on the switch to 


To avoid upgrade issues with CoS, deactivate the CoS configuration before 

you upgrade to Junos OS Release 11.3. After the upgrade, remove the 

multidestination and strict priority queues, and delete the excess-rate 

statement from the CoS configuration. If desired, configure the 

multidestination and strict-high priority features using the Junos OS 

Release 11.3 configuration rules. Activate the CoS configuration and commit 

the modified CoS configuration. 

New Features in Junos OS Release 11.3 for the QFX Series on page 60 






page 78 

Limitations in Junos OS Release 11.3 for the QFX Series 


Limitations in Junos OS Release 11.3 for the QFX Series 

This section lists the limitations in Junos OS Release 11.3 for the QFX Series. 

65


66 

Related 

Documentation 

Storage 

• A Fibre Channel fabric supports a maximum of four Fibre Channel over Ethernet (FCoE) 

VLAN interfaces. 

• The maximum number of logins for each FCoE node (ENode) is 32. (Each ENode can 

log in to a particular fabric up to 32 times. An ENode can log in to more than one fabric 

and have 32 logins to each fabric.) 

• The maximum number of FCoE sessions for the switch, which equals the total number 

of fabric login (FLOGI) sessions plus the total number of fabric discovery (FDISC) 

sessions, depends on how you configure the ports in a specified FC fabric. If you 

configure the ports as FCoE trusted, the maximum number of FCoE sessions (ENode 

to FCF sessions) the system can support is 3000. If the ports are not FCoE trusted, the 

maximum number of FCoE sessions is 376. 

• When you configure FIP snooping filters, if the filters consume more space than is 

available in the ternary content-addressable memory (TCAM), the configuration commit 

operation succeeds even though the filters are not actually implemented in the 

configuration. Because the commit operation checks syntax but does not check 

available resources, it appears as if the FIP snooping filters are configured, but they 

are not. The only indication of this issue is that the switch generates a system log 

message that the TCAM is full. You must check the system log to find out if a TCAM 

full message has been logged if you suspect that the filters have not been implemented. 

• You cannot use a fixed classifier to map FCoE traffic to an interface. The FCoE 

application time length value (TLV) carries the FCoE priority-based flow control (PFC) 

information when you use an explicit IEEE 802.1p classifier to map FCoE traffic to an 

interface. You cannot use a fixed classifier to map FCoE traffic to an interface because 

untagged traffic will be classified in the FCoE forwarding class, but FCoE traffic must 

have a priority tag (FCoE traffic cannot be untagged). 

For example, the following configuration is supported: 

[edit class-of-service] 

user@switch# set congestion notification profile fcoe-cnp input ieee-802.1 code-point 

011 pfc 

user@switch# set interfaces xe-0/0/24 unit 0 classifiers ieee-802.1 fcoe 

For example, the following fixed classifier configuration is not supported: 

[edit class-of-service] 

user@switch# set interfaces xe-0/0/24 unit 0 forwarding-class fcoe 


• Classifiers are not supported on Layer 3 logical interfaces; therefore, classifiers cannot 

• 

be applied to routed VLAN interfaces (RVIs). You can apply classifiers to Layer 2 logical 

interfaces. 



• Changes in Default Behavior and Syntax in Junos OS Release 11.3 for the QFX Series 

on page 62 





page 78 

Outstanding Issues in Junos OS Release 11.3 for the QFX Series 

The following issues are outstanding in Junos OS Release 11.3R4. The identifier following 

the description is the tracking number in our bug database. 



at http://www.juniper.net/prsearch . 

NOTE: Some issues that apply to EX Series switches may apply to the QFX 

Series as well. If you have an issue but cannot locate it in this section, see the 

“Outstanding Issues in Junos OS Release 11.3 for the EX Series” section in the 

Juniper Networks Junos 11.3 OS Release Notes. 

• Configuration and File Management 

• Hardware 

• Interfaces 

• Junos OS Basics 

• Layer 2 and Layer 3 Protocols 

• Multicast Protocols 

• Network Management 

• Routing Protocols 

• Storage 

• Traffic Management 

Configuration and File Management 

• On QFX3500 switches with STP configured, the show ethernet-switching interfaces 

ae0 command incorrectly shows an LACP-enabled aggregated Ethernet interface as 

being “Blocked by STP” instead of being operationally down. [PR/676448] 

Hardware 



• On QFX3500 switches, if the ambient temperature decreases to below 10 degrees C 

after a link is established, you may see transmission failure on ports 0 through 5, and 

67


68 

42 through 47 if those ports were configured with QFX-SFP-DAC-5M cables. The 

workaround is to use 1M or 3M DAC cable or SFP+ optical fiber cable on those ports if 

you expect ambient temperature to drop below 10 degrees C. [PR/570748] 

• On QFX3500 switches, the show chassis environment and show chassis hardware 

commands show installed but unpowered PSUs as absent rather than present. 

[PR/580026] 

Interfaces 

• On QFX3500 switches, when you enable or disable a member interface of a link 

aggregation group (LAG), some packets might be dropped. [PR/552445] 

• On QFX3500 switches, if you change the family of an interface by using the load override 

command, the interface might not be configured properly and might drop traffic as a 

result. To prevent this from occurring, use separate operations to delete the original 

family and configure the new family. For example, you might perform the following 

steps: 

1. Delete family ethernet-switching from an interface. 

2. Commit the change. 

3. Configure family inet for the same interface. 

4. Commit the change. 

[PR/668600] 

• On QFX3500 switches, if you use passive direct attach copper (DAC) cables for ports 

6 through 41, you configure 10-Gigabit Ethernet (xe-) interfaces directly or as part of 

an aggregated Ethernet (ae-) bundle, and the remote end of the link is down, either 

interface type might take awhile to be declared down in the output of the show 

interfaces command. As a workaround, upgrade your microboot firmware to version 1.1.2. 

[PR/681577] 

Junos OS Basics 

• On QFX3500 switches, the value of the ifInErrors field in the sFlow datagram for an 

interface does not match the value of the Input errors field in the output of the show 

interfaces extensive command for the same interface. [PR/603525] 

• On QFX3500 switches, momentary loss of Layer 3 unicast traffic might occur when 

traffic is switched from the default route to the longest prefix match (LPM) route. 

[PR/607695] 

• On QFX3500 switches, when you configure storm control bandwidth, the value you 

configure is rounded off internally to the closest multiple of 64 Kbps, and the 

rounded-off value represents the bandwidth that is actually enforced. For example, if 

you configure a bandwidth limit of 150 Kbps, storm control enforces a bandwidth limit 

of 128 Kbps. [PR/682928] 

• On QFX3500 switches, if traffic is dropped by a firewall filter, sampling of the traffic 

might not occur as expected. [PR/687670] 




• On QFX3500 switches, if you configure the VLAN Spanning Tree Protocol (VSTP) on 

an Ethernet interface and change the port mode from trunk to access, the output of 

the show spanning-tree statistics interface command displays zero BPDUs received. 

[PR/541649] 

• On QFX3500 switches, when you enable Protocol Independent Multicast (PIM) 

bootstrap router (BSR) functionality after a multicast rendezvous point (RP) failover 

occurs, some PIM routes are not resolved. As a result, stale routes may appear in the 

IP multicast (IPMC) table. [PR/666994] 

• On QFX3500 switches, if traffic is flowing from tens of thousands of different MAC 

addresses and you issue the clear ethernet-switching table command, the switches 

can take more than 30 minutes to complete MAC learning. [PR/683515] 

• On QFX3500 switches, if you make several simultaneous changes to VLANs and an 

associated routed VLAN interface (RVI) and then issue a commit operation, ARP 

resolution might fail on the RVI interface. [PR/692103] 


• If a QFX3500 switch acting as a Protocol Independent Multicast (PIM) rendezvous 

point (RP) router is on the same LAN as the PIM designated router and last-hop router, 

and IGMP snooping is enabled on the PIM interfaces, there might be an error in the 

multicast forwarding cache entry on the RP. If this occurs, you see that the RP interface 

type is PIMD (PIM-Decapsulator) when you enter the show interfaces command for 

the PIM interface. In this situation, multicast traffic is still forwarded correctly. 

[PR/681734] 

• On QFX3500 switches, if you enter the clear igmp-snooping membership vlan vlan 

command for a VLAN that does not exist, you see an error message that begins with 

a meaningless number that you should ignore. [PR/683996] 


• On QFX3500 switches, even if you configure an egress sampling rate for sFlow 

monitoring, the switch uses the ingress sampling rate instead. [PR/686002] 

Routing Protocols 

• On QFX3500 switches, if you include the from interface interface-name statement at 

the [edit firewall family inet filter filter-name term term-name] hierarchy level, the 

interface firewall filter match conditions intended for routed VLAN interfaces (RVIs) 

do not take effect. [PR/589292] 


• On QFX3500 switches, if you apply a single-rate two-color policer with more than 128 

terms in a firewall filter, the output of the show firewall command displays incorrect 

data for the single-rate two-color policer associated with the firewall filter. [PR/667201] 

69


70 

Related 

Documentation 

• On QFX3500 switches, if you enable IGMP snooping, some unregistered multicast 

MAC addresses in the 03- and 09- ranges might not be permitted and might cause 

some interoperability issues. [PR/691943] 

Storage 

• On QFX3500 switches, if you configure a CoS priority group with the strict-high priority, 

the ETS feature output of the show dcbx neighbors interface command displays the 

percentage guaranteed bandwidth for the priority group as 0 instead of indicating that 

the priority group does not have a specific guaranteed bandwidth. [PR/664096] 

• On QFX3500 switches, when FIP snooping is enabled on a port and the switch is 

connected to a Fibre Channel over Ethernet (FCoE) device on that port, Link Layer 

Discovery Protocol (LLDP) is not successfully initiated on the link. To allow the link to 

initiate LLDP, disable the Port and Protocol VLAN ID type, length, and value (TLV). 

[PR/669097] 

• On all QFX Series products, DCBX is required on Ethernet interfaces for FCoE, ETS, and 

other features to function properly. However, DCBX is not enabled by default on all 

Ethernet interfaces, so some of these features might not work properly. As a 

workaround, enable DCBX on all interfaces by including the interface all statement at 

the [edit protocols dcbx] hierarchy level. [PR/709685] 


• The actual output rate is different than the expected output rate for no-loss and FCoE 

forwarding classes. When you configure a minimum guaranteed queue bandwidth 

(transmit rate) and enable priority-based flow control (PFC) on no-loss and FCoE 

queues, if the traffic consists of jumbo frames (frame size of 9216 bytes), the no-loss 

and FCoE queues might receive more or less bandwidth than expected. This is because 

the queue buffer stores fewer jumbo frames, and the transmit queue can be underrun 

when PFC temporarily stops the flow of frames. [PR/659621] 

• When a priority group (forwarding class set) that contains FCoE and no-loss queues 

(forwarding classes) uses the same egress port as a priority group that contains 

strict-high priority queues, if you add or delete the maximum bandwidth configuration 

(shaping rate) on the priority group with the strict-high priority queues, the FCoE and 

no-loss queues experience packet loss during the configuration change. [PR/666158] 

• On QFX Series products, if you configure the queue 3 fcoe statement at the [edit 

• 

class-of-service forwarding-classes] hierarchy level on a switch running Junos OS 

Release 11.1 or 11.2, and then upgrade to Junos OS Release 11.3, the converged network 

adapter (CNA) interface might fail to connect to the Fibre Channel fabric. As a 

workaround, replace the queue 3 fcoe statement with the class fcoe queue-num 3 

statement in your forwarding class configuration. [PR/684372] 



on page 62 






page 78 

Resolved Issues in Junos OS Release 11.3 for the QFX Series 


The following issues have been resolved in Junos OS Release 11.3 in the specified 

maintenance releases listed in this topic. 



at http://www.juniper.net/prsearch . 

NOTE: Some issues that apply to EX Series switches may apply to the QFX 

Series as well. If you are looking for a resolved issue but cannot locate it in 

this section, see the “Resolved Issues in Junos OS Release 11.3 for the EX 

Series” section in the Junos OS 11.3 Release Notes. 


• Issues Resolved in Release 11.3R4 on page 72 





The following issues have been resolved since Junos OS Release 11.3R4. The identifier 


71


72 

Interfaces 

• On QFX3500 switches, if you connect a direct attach copper (DAC) cable made by a 

vendor other than Juniper Networks, the link might not activate. [PR/707371: This issue 



• On QFX3500 switches, if you configure a backup static route with a higher preference 

value and the primary link loses its connection, the switchover time to the backup link 

might take longer than expected. [PR/704106: This issue has been resolved.] 

Platform and Infrastructure 

• On QFX3500 switches, if you define a VLAN but do not issue the commit command, 

and then try to apply the VLAN to an interface, configuration mode might stop operating. 



• On QFX3500 switches, if you apply a firewall filter to the lo0 loopback interface, the 

switch might not be able to generate a local ARP for the destination addresses of 

transit traffic. [PR/693441: This issue has been resolved.] 

Storage 

• On QFX3500 switches, if you initiate a large number of simultaneous FCoE login 

attempts, the Fibre Channel process might stop operating. [PR/699664: This issue 


Issues Resolved in Release 11.3R4 




Interfaces 

• On QFX3500 switches, if you connect a direct attach copper (DAC) cable made by a 

vendor other than Juniper Networks, the link might not activate. [PR/707371: This issue 



• On QFX3500 switches, if you configure a backup static route with a higher preference 

value and the primary link loses its connection, the switchover time to the backup link 

might take longer than expected. [PR/704106: This issue has been resolved.] 






• On QFX3500 switches, if you apply a firewall filter to the lo0 loopback interface, the 

switch might not be able to generate a local ARP for the destination addresses of 

transit traffic. [PR/693441: This issue has been resolved.] 

Storage 



attempts, the Fibre Channel process might stop operating. [PR/699664: This issue 






73


74 

Interfaces 

• When you use a QSFP+ to 4 SFP+ copper breakout cable on QFX3500 switches, the 

LA (Link/Activity) LED for the QSFP+ port blinks based only on the link activity of the 

lowest-numbered 10-Gigabit Ethernet port of the four ports. The correct behavior is 

for the LED to blink if any of the four ports has activity. [PR/683897: This issue has 



• On QFX3500 switches, if you enable Ethernet switching and IGMP snooping and 

connect the switch to other vendors' equipment that uses HSRP, HSRP does not work. 

The proprietary HSRP MAC address is interpreted by the QFX3500 switch as an 

unknown MAC address, and IGMP snooping drops the frame. As a workaround, disable 

IGMP snooping (at minimum, for the specific VLANs) to allow HSRP to establish a 

neighbor relationship with the active and standby routers. [PR/688719: This issue has 






Storage 

• On QFX3500 switches, IGMP snooping is enabled by default on all VLANs. The FCoE 

CNAs normally use untagged packets that the switch maps to the native VLAN. If the 

switch is acting as an FCoE transit switch and IGMP snooping is enabled on the native 

VLAN, then FIP VLAN discovery messages do not receive responses from the FCF. 

Although this is a Juniper Networks issue, different CNAs have different behaviors when 

this occurs. The FIP VLAN discovery failure does not affect CNAs that listen to the FCF’s 

discovery advertisements and send a unicast discovery solicitation directly to the FCF 

if no response to the discovery advertisement is received. Other CNAs might remain in 

a pending state if FIP VLAN discovery fails, and they do not connect with or log in to 

the FCF. Our testing suggests that the issue is more likely to prevent FCoE operation 

with some vendors’ CNAs, whereas other vendors’ CNAs might work even when the 

issue is present. 

In addition, IGMP snooping always should be manually disabled on FCoE VLANs. 

Protocol restrictions regarding FCoE VLANs are a best practice. However, this issue 

might prevent FIP discovery from succeeding if IGMP snooping inadvertently remains 

enabled on an FCoE VLAN. 

As a workaround: 

• Disable IGMP snooping on the native VLAN by issuing the following configuration 

mode command at the [edit] hierarchy level: 

user@switch# set protocols igmp-snooping vlan vlan-name disable 

• Disable IGMP snooping on the FCoE VLAN: 

user@switch# set protocols igmp-snooping vlan vlan-name disable 


Although this issue has been resolved, as a best practice, do not enable IGMP snooping 

on an FCoE VLAN. [PR/556174: This issue has been resolved.] 


attempts, the Fibre Channel process (fcd) might stop operating. [PR/699664: This 



• The maximum amount of bandwidth available on an xe port is 10 Gbps. The maximum 

bandwidth configuration for a queue (the shaping rate configured in the scheduler 

mapped to the queue forwarding class) or for a priority group (the shaping rate 

configured in the traffic control profile mapped to the forwarding class set) should not 

be greater than the total port bandwidth. If you set a shaping rate that is greater than 

10 Gbps for a queue or for a priority group, the shaping rate is invalid. However, if you 

configure an invalid shaping rate, the switch does not perform the proper commit check, 

and the invalid configuration commit operation succeeds. [PR/684041: This issue has 





Hardware 

• When you use a copper transceiver in an access port on QFX3500 switches, the LA 

(Link/Activity) LED for that port remains unlit when the link is established. [PR/685781: 


• When you use a QSFP+ to 4 SFP+ copper breakout cable on QFX3500 switches, if you 

disable one or more of the four 10-Gigabit Ethernet ports and issue the show chassis 

lcd command, the STATUS LED field in the command output is Off for each disabled 

port. The correct behavior is for the status to be Green, which indicates that a transceiver 

is installed in a port. [PR/683900: This issue has been resolved.] 

Interfaces 


• On QFX3500 switches, when you change the MTU of a LAG interface, the following 

error message is generated: 

ifd speed not found for interface ae62. So only default configuration will be active for 

this interface 

This has no impact on the operation of the switch. [PR/684288: This issue has been 

resolved.] 


• On QFX3500 switches, if you add a new link aggregation (LAG) member to an existing 

LAG bundle and there are more than 16 members, traffic might loop back to the source 

for 125 ms. [PR/612133: This issue has been resolved.] 

• Values for the ifDirection field in sFlow datagrams are incorrect for Gigabit Ethernet 

(ge) interfaces. [PR/674257: This issue has been resolved.] 


75


76 


• On QFX3500 switches, if you configure multiple equal-cost paths across multiple link 

aggregated (LAG) interfaces, the traffic might not be load-balanced across all member 

links in each LAG. [PR/677913: This issue has been resolved.] 

• On QFX3500 switches, IGMP group-specific queries might be sent to all ports in a 

VLAN rather than to interested ports only. When this issue is fixed, IGMP group-specific 

queries without the router alert option are flooded to interested members only, and 

IGMP group-specific queries with the router alert option are flooded to all ports in the 

VLAN. [PR/684738: This issue has been resolved.] 

Storage 

• On QFX3500 switches, you cannot disable a logical Fibre Channel interface by including 

the disable statement at the [edit interfaces fc-0/0/0.0] hierarchy level. If you want 

to disable a Fibre Channel interface, disable the physical interface by including the 

disable statement at the [edit interfaces fc-0/0/0] hierarchy level. [PR/607215: This 


• On QFX3500 switches, configuring a forwarding class set with two forwarding classes 

that are mapped to the same queue but have different schedulers causes a failure in 

the Packet Forwarding Engine. Do not configure two different schedulers for the same 

queue on a port. This configuration is not supported and is not valid. [PR/676457: This 



• On QFX3500 switches, when a congestion notification profile is attached to any port 

in the range xe-0/0/35 through xe-0/0/47 and xe-0/1/0 through xe-0/1/15, and the 

system reboots, the interfaces to which the congestion notification profile is applied 

are not determined. The system configuration persists and shows that the congestion 

notification profiles are still attached to the correct interfaces, but in the hardware that 

might not be true. 

After a system reboot, to ensure that congestion notification profiles are attached to 

the correct interfaces for interfaces xe-0/0/35 through xe-0/0/47 and xe-0/1/0 through 

xe-0/1/15, deactivate the congestion notification profile configuration on the affected 

interfaces, or deactivate the class-of-service configuration on the entire system and 

commit the changes. Then reactivate the configuration and commit the changes. 

For example, to deactivate and then activate the congestion notification profile 

configuration on interface xe-0/0/35: 

user@switch# deactivate class-of-service interfaces xe-0/0/35 

congestion-notification-profile 

user@switch# commit 

user@switch# activate class-of-service interfaces xe-0/0/35 

congestion-notification-profile 


Repeat this procedure for each affected interface. 

To deactivate and then activate the class-of-service configuration on the switch: 


Related 

Documentation 

user@switch# deactivate class-of-service 


user@switch# activate class-of-service 



• The binding of a forwarding class set (fc-set) to an interface is invalid under the 

• 

following two conditions: 

1. The sum of the guaranteed rates (fc-set minimum guaranteed bandwidth) of the 

traffic control profiles associated with the interface exceeds the interface speed. 

This invalid configuration causes the switch to attempt to guarantee a larger amount 

of bandwidth to the fc-set than the amount available on the port. 

2. The sum of the transmit rates (queue minimum guaranteed bandwidth) of the 

schedulers associated with a traffic control profile exceeds the traffic control profile 

guaranteed rate. This invalid configuration causes the switch to attempt to guarantee 

a larger amount of bandwidth to the queues than the amount of guaranteed 

bandwidth available to the fc-set (priority group) to which the queues belong. 

If either of these invalid configurations is not rejected during the commit operation, the 

switch should install the default scheduler on the interface and generate a system log 

message. However, when the system is rebooted with one of these invalid 

configurations, the invalid configuration is installed. As a workaround, deactivate the 

class-of-service configuration, commit the change, activate the class-of-service 

configuration, and commit the change. For example: 








on page 62 




page 78 

Errata in Documentation for Junos OS Release 11.3 for the QFX Series 


Errata in Documentation for Junos OS Release 11.3 for the QFX Series 

This section lists outstanding issues with the documentation. 

77


Related 

Documentation 

Standards Support 

• In addition to the standards listed in the Standards Supported by the Junos OS document, 

• 

the QFX Series supports RFC 1591 Domain Name System Structure and Delegation. 



on page 62 





page 78 

Upgrade and Downgrade Instructions for Junos OS Release 11.3 for the QFX Series 

78 

This section discusses the following topics: 

• Procedure for Upgrading CoS from Junos OS Release 11.1 or Release 11.2 to 

Release 11.3 on page 78 

• Basic Procedure for Upgrading to Junos OS Release 11.3 on page 79 

• Upgrade and Downgrade Support Policy for Junos OS Extended End of Life Software 

Releases on page 81 

Procedure for Upgrading CoS from Junos OS Release 11.1 or Release 11.2 to 

Release 11.3 

Before you upgrade to Junos OS Release 11.3, you must deactivate the CoS configuration 

on the QFX3500 switch if the CoS configuration uses the excess-rate option, strict-high, 

or high priority queues, or any of the default multidestination forwarding classes. For full 

information about this topic, see Overview of CoS Upgrade Requirements (Junos OS Release 

11.1 or 11.2 to a Later Release). A summary of the upgrade steps is included below. 

After you upgrade to Junos OS Release 11.3, modify the CoS configuration on the QFX3500 

switch to conform to the Release 11.3 CoS requirements. Then activate the CoS 

configuration and commit the changes: 

1. Deactivate the CoS configuration. 


2. Upgrade to Junos OS Release 11.3. 

3. Make the following changes to the CoS configuration: 

• Remove the excess-rate option from the CoS configuration if you have used it at 

the [edit class-of-service schedulers] or [edit class-of-service traffic-control-profiles] 

hierarchy level. 



• Remove the default multidestination forwarding classes (mcast-be, mcast-af, 

mcast-ef, and mcast-nc) if you have used them at the [edit class-of-service 

schedulers], [edit class-of-service rewrite-rules], or [edit class-of-service classifiers] 

hierarchy level. Alternatively, you can change the mapping of the multidestination 

traffic to use the new default multidestination forwarding class (mcast). 

4. If desired, configure strict-high priority queues in accordance with the 

Junos OS Release 11.3 strict-high priority queue rules, and map multidestination traffic 

to the default multidestination forwarding class (mcast). 

5. Activate the CoS configuration. 


6. Commit the CoS configuration. 


NOTE: If you have configured the transmit-rate option for any queues at the 

[edit class-of-service schedulers] hierarchy level, if the rate is configured as 

an exact rate in Mbps, we recommend that you reconfigure the transmit-rate 

option as a percentage. This is because the scheduler converts exact rates 

to percentages, and when the exact rate is below 1 Gbps, some granularity 

may be lost in the conversion. You can avoid this potential issue by specifying 

the transmit-rate option as a percentage. 

Basic Procedure for Upgrading to Junos OS Release 11.3 

When upgrading Junos OS, always use the jinstall package. Use other packages (such 

as the jbundle package) only when so instructed by a Juniper Networks support 

representative. For information about the contents of the jinstall package and details of 

the installation process, see the Junos OS Installation and Upgrade Guide and the Junos OS 

Basics section of the Complete Software Guide for Junos OS for the QFX Series. 

NOTE: You cannot upgrade by more than three releases at a time. For 

example, if your routing device is running Junos OS Release 11.1, you can 

upgrade to Junos OS Release 11.3 but not to Junos OS Release 12.1. As a 

workaround, first upgrade to Junos OS Release 11.3 and then upgrade to 


79


80 

NOTE: In some cases, when you downgrade the QFX3500 switch to an earlier 

software version, the switch might not operate properly. As a workaround, 

choose one of the following options when downgrading: 

1. Issue the request system software add command to downgrade to the 

following software versions or later: 

• Junos OS Release 11.1R5 



2. Include the no-validate option when you issue the request system software 

add command during a downgrade to a software version earlier than the 

ones listed in option #1. 

The download and installation process for Junos OS Release 11.3 is the same as for 

previous Junos OS releases. 

If you are not familiar with the download and installation process, follow these steps: 

1. Using a Web browser, navigate to the Junos Canada & U.S. software download URL 

on the Juniper Networks Web page: 

https://www.juniper.net/support/products/junos/dom/ (customers in the United States 

and Canada) 

2. Select 11.3 (the number of the software version that you want to download) from the 

Current Releases section. 

3. Select the Software tab. 

4. In the Install Package section of the Software tab, select the QFX Series Switch 

Install Package for the 11.3R4.2 release. 

5. Log in to the Juniper Networks authentication system using the username (generally 

your e-mail address) and password supplied by Juniper Networks representatives. 

6. Download the software to a local host. 

7. Copy the software to the device or to your internal software distribution site. 

8. Install the new jinstall package on the device. 

NOTE: We recommend that you upgrade all software packages out of 

band using the console, because in-band connections are lost during the 

upgrade process. 

Customers in the United States and Canada use the following command: 

user@host> request system software add validate reboot 

source/jinstall-qfx-11.3R4.2-domestic-signed.tgz 


Related 

Documentation 


Replace source with one of the following values: 

• /pathname—For a software package that is installed from a local directory on the 

switch. 

• For software packages that are downloaded and installed from a remote location: 

• ftp://hostname/pathname 

• http://hostname/pathname 

• scp://hostname/pathname (available only for Canada and U.S. version) 

The validate option validates the software package against the current configuration 

as a prerequisite to adding the software package to ensure that the switch reboots 

successfully. This is the default behavior when the software package being added is 

a different release. 

Adding the reboot command reboots the switch after the upgrade is validated and 

installed. When the reboot is complete, the switch displays the login prompt. The 

loading process can take 5 to 10 minutes. 

Rebooting occurs only if the upgrade is successful. 

NOTE: After you install a Junos OS Release 11.3 jinstall package, you cannot 

issue the request system software rollback command to return to the previously 

installed software. Instead you must issue the request system software add 

validate command and specify the jinstall package that corresponds to the 

previously installed software. 

Upgrade and Downgrade Support Policy for Junos OS Extended End of Life 

Software Releases 

Support for upgrades and downgrades that span more than three Junos OS releases at 

a time is not provided, except for releases that are designated as Extended End-of-Life 

(EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can 

upgrade directly from one EEOL release to the next EEOL release even though EEOL 

releases generally occur in increments beyond three releases. You can upgrade or 

downgrade to the EEOL release that occurs directly before or after the currently installed 

EEOL release, or to two EEOL releases before or after. However, you cannot upgrade 

directly from a non-EEOL release that is more than three releases ahead or behind. 

To upgrade or downgrade from a non-EEOL release to a release more than three releases 

before or after, first upgrade to the next EEOL release and then upgrade or downgrade 

from that EEOL release to your target release. For more information on EEOL releases 

and to review a list of EEOL releases, see Junos Software Release Dates and Milestones. 

• 



on page 62 


81


82 






Junos OS Release Notes for Juniper Networks Common Platform Features 

• Unsupported Features in Junos OS Release 11.3 for Common Platform 

Features on page 83 

• Issues in Junos OS Release 11.3 for Common Platform Features on page 86 

Unsupported Features in Junos OS Release 11.3 for Common Platform Features 


The following features are visible but not supported in Junos OS Release 11.3. 


• Restart-signaling support for OSPF graceful restart—Junos OS Release 11.3 extends 

the OSPF graceful restart support to technologies described in RFC 4811, RFC 4812, 

and RFC 4813, and introduces the restart-signaling option for the OSPF graceful restart. 

The restart-signaling option enables routers to inform their neighbors about the restart 

status after a graceful restart and to keep the adjacencies active after a graceful restart 

event. Junos OS Release 11.3 introduces two new statements, graceful-restart-type 

standard | restart-signaling and restart-signaling-helper-disable, at the [edit protocols 

ospf] and [edit routing-instance routing-instance protocols ospf graceful-restart] hierarchy 

levels to help you choose the graceful restart mode. You can use the 

restart-signaling-helper-disable statement to disable the helper mode for restart 

signaling–based OSPF graceful restart. By default, the standard graceful restart mode 

is configured. Similarly, the helper mode is enabled, by default, for the standard and 

restart-signaling modes. 

[High Availability] 

• Enhancements to nonstop active routing for Protocol Independent Multicast—Junos 

OS Release 11.3 extends the nonstop active routing support for Protocol Independent 

Multicast (PIM) to cover the following features that were previously not supported or 

incompatible with nonstop active routing support for PIM : 

• Policy features such as neighbor policy, bootstrap router export and import policies, 

scope policy, flow maps, and reverse path forwarding (RPF) check policies. 

• Upstream assert synchronization 

• PIM join load balancing 

[High Availability] 

Interfaces and Chassis 

Junos OS Release Notes for Juniper Networks Common Platform Features 

• Support for RSVP-signaled point-to-multipoint LSPs extended to logical systems 

(M Series, T Series, and MX Series routers)—The following topologies are supported: 

• A single logical system in a physical router. The logical system is one node in an 

RSVP-signaled point-to-multipoint label-switched path (LSP). 

• Multiple logical systems in a physical router, with each logical system acting as a 

label-switching router (LSR). The multiple logical systems can be unconnected, 

83


84 

connected to each other internally with logical tunnel (lt) interfaces, or connected 

to each other externally with back-to-back connections. 

• One RSVP-signaled point-to-multipoint LSP, with some nodes being logical systems 

and other nodes being physical routers. 

[Network Configuration Example: Configuring RSVP-Signaled Point-to-Multipoint LSPs 

on Logical Systems] 

• Support for forwarding structured system log messages to a remote system log 

server—The structured-data configuration option is added at the [system syslog host] 

hierarchy level. This addition enables the forwarding of system log messages in IETF 

format to a remote system log server, and allows the use of a centralized system log 

server to receive structured messages. 


• Enhanced support for IS-IS MIB—Starting in Release 11.3, Junos OS supports all tables 

and notifications defined in standard IS-IS MIB (as defined in RFC 4444). However, 

versions of Junos OS earlier than Release 11.3 support only a subset of the IS-IS MIB 

defined in Internet draft draft-ietf-isis-wg-mib-07.txt. 

• Enhancements to the jnxOperatingCPU object—Junos OS Release 11.3 introduces the 

following three MIB objects to enhance the CPU utilization reporting over SNMP: 

• jnxOperating1MinAvgCPU—Indicates the average utilization of CPU during the last 

minute. 


5-minute period. 


15-minute period. 

All these objects return a zero value if the data is not available or is not applicable. 

[ SNMP MIBs and Traps Reference ] 



• Frequent BGP keepalive messages and short BGP hold time—Enables BGP sessions 

to send keepalive messages as frequently as every three seconds with a hold time as 

short as 9 seconds. The hold time is three times the interval at which keepalive 

messages are sent. The hold time is the maximum number of seconds allowed to 

elapse between successive keepalive or update messages that BGP receives from a 

peer. When establishing a BGP connection with the local routing device, a peer sends 

an open message, which contains a hold-time value. BGP on the local routing device 

uses the smaller of either the local hold-time value or the peer’s hold-time value 

received in the open message as the hold time for the BGP connection between the 

two peers. Frequent keepalive messages and short hold times might be desirable in 

large-scale deployments with many active sessions. Note that if scheduler slip 

messages occur, the routing device can continue to send keepalive messages. Keepalive 

message generation is performed in a dedicated kernel thread. To configure the hold 

time, include the hold-time and precision-timers statements at the [edit protocols bgp] 

hierarchy level. When you include the precision-timers statement, you can set the hold 

time to a minimum of 9 seconds. Otherwise, the minimum hold time is 20 seconds. 

Subscriber Access Management 

• Junos OS subscriber management scaling values (M120, M320, and MX Series 

routers)—A spreadsheet is available online that lists scaling values supported for Junos 

OS subscriber management beginning with Junos OS Release 10.1. Access the Subscriber 

Management Scaling Values (XLS) spreadsheet from the Downloads box at 

http://www.juniper.net/techpubs/en_US/junosrelease-number/information-products 

/pathway-pages/subscriber-access/index.html. Substitute release-number with the 

number of the latest Junos OS release in the URL. For example, ...en_us/junos11.1/.... 

[Subscriber Management Scaling] 

VPNs 


• Advertise multiple paths to a destination (M Series, MX Series, and T Series routers) 

for internal BGP (IBGP)—For IPv4 unicast (family inet unicast) routes only, you can 

enable an IBGP peer to advertise multiple exit points to reach a destination. The 

configuration provides fault tolerance, load balancing, and graceful maintenance 

operations. 

To set the number of paths to send to a neighbor, include the add-path send path-count 

number statement at the [edit protocols bgp group group-name neighbor address family 

inet unicast] hierarchy level. 

To enable a peer to receive multiple paths, include the add-path receive statement at 

the [edit protocols bgp group group-name family inet unicast] hierarchy level. 

To apply a policy that allows a BGP peer to send multiple paths for only specific routes, 

include the add-path send prefix-policy policy-name statement at the [edit protocols 

bgp group group-name neighbor address family inet unicast] hierarchy level. 

To configure the policy, use the policy-options hierarchy level, as you normally would. 

For example: 

Unsupported Features in Junos OS Release 11.3 for Common Platform Features 

85


Related 

Documentation 

• 

user@host# set policy-options policy-statement allow_199 from route-filter 199.1.1.1/32 

exact 

user@host# set policy-options policy-statement allow_199 then accept 

Issues in Junos OS Release 11.3 for Common Platform Features on page 86 

Issues in Junos OS Release 11.3 for Common Platform Features 

86 

The current software release is Release 11.3R4. 

• Current Software Release on page 86 

• Previous Releases on page 89 

Current Software Release 

Resolved Issues in Junos OS Release 11.3R4 for M Series, MX Series, and T Series Routers 



Forwarding and Sampling 

• When committing a configurations, where a firewall filter contains multiple 'next term' 

actions, the firewall compiler process (dfwc) could crash and dump core. [PR/706863: 



• Error condition in decoding of routing socket message was not handled correctly 

resulting in memory corruption, possible memory leak and/or router crash. The fix is 

to handle the error code from decoder and pass it to the callers. [PR/659752: This 


• The bug currently has only manifested itself in the compat32 layer (i.e. 32-bit 

applications, 64-bit kernel) in relation to umtx_op system calls to perform 

UMTX_OP_LOCK operations, and even then is subject to timing dependencies for it to 

occur. Since 64-bit kernel started shipping in 10.4, customers from 10.4 onwards running 

in this hybrid/compat mode may hit this problem. [PR/682294: This issue has been 

resolved.] 

Layer 2 Ethernet Services 

• A hardware fault on a MX FPC could result result in fabric cells being sent to inactive 

fabric destinations. These cells are than stored in the fabric consuming all the memory. 

In this state the fabric can't process additional fabric cells resulting in packet loss. 


• Communication problem between, I2C controller and Fan Tray. [PR/606130: This issue 



MPLS Applications 

• Backup RE may crash during an LSP flap scenario when the old indexed nexthop has 

not been deleted yet and an add for new indexed nexthop with same properties is 

received. [PR/589555: This issue has been resolved.] 

• After an auto-bandwidth adjustment occurs, where the bandwidth of an LSP is 

increased, the warning message "RPD_RSVP_INCORRECT_FLOWSPEC: Bandwidth in 

PATH Tspec greater than RESV flowspec" might be erroneously logged. This problem 

is cosmetic, and does not affect traffic forwarding or auto-bandwidth functionality. 


• command is showing IP addresses instead of resolving 

them in FQDN [PR/694620: This issue has been resolved.] 

• When LSP switches from primary->secondary-primary path, the Max Avg counter 

might show up incorrect higher value when compared to actual LSP bandwidth. As 

the result of this, on the next adjust interval, LSP would be signalled with incorrect high 

last Max avg counter value. This issue will be seen only with secondary LSP configured. 


• When family mpls is removed but family inet remains on an interface, the aggregate 

nexthop may go into discard state on the PFE. The aggregate nexthop in discard state 

will cause packet loss for any routes associated with that nexthop. Here are the two 

ways to remove family mpls but not family inet from an interface: - deactivate interfaces 

unit family mpls - set interfaces unit family 

mpls maximum-labels [PR/698169: This issue has been resolved.] 

• After 9.3R3, customer may see unwanted mpls lsp convergence even there is no 

optimize-timer configured. Seems to be fast-reroute related issue. (still under 

investigation) [PR/699273: This issue has been resolved.] 

Multicast 


• With Junos version 10.0 or higher performing ISSU software upgrade, multicast resolve 

routes for ipv6 or ipv6 routes might not be installed properly in all FPCs. Multicast 

traffic will not be forwarded anymore. The following syslog message will indicate the 

problem. RT: Failed prefix change IPv4:0 - 224/4 (unknown prefix) RT: Failed prefix 

change IPv6:0 - ff00::/8 (change failed) To recover from this condition FPC reporting 

the above syslog messages needs to get restarted. [PR/559108: This issue has been 

resolved.] 



• On TXP Platforms if LCC's master Routing Engine (RE) panics,the backup RE will gain 

mastership and FPCs belonging to the LCC might not be able to reconnect to the new 

master RE in time. This may cause the FPCs to reset and not restart properly for a long 

time till the live kernel core dump on the SFC Master RE is finished. The following syslog 

messages will be reported on the LCC: lcc0-fpc0 PFEMAN: %PFE-3: trying master 

connection, attempt 1200 to 0x1000001 For a possible workaround please contact 

JTAC Organization. [PR/659782: This issue has been resolved.] 

87


88 

• The first two IPv6 ping requests don't follow the specified ping interval and are sent 

within same second. This problem is fixed with this PR. [PR/669065: This issue has 



• For router-advertisement over PPPoE, advertisements sent with 00:00:00:00:00:00 

as the link layer address are causing Cisco CPE devices to complain about an invalid 

LLA. For that we should suppress transmitting the link layer address when the length 

is 0 as part of the advertisement since this indicates that the option is not valid. 


• After a nsr ospf sham links may go down. Restart routing to reactivate. [PR/693719: 


• When activate pim on a routing-instance vrf, The vrf.inet6.1 table should be created, 

but in rare cases the table fails to be created. If this happens, IPv6 multicast routes are 

NOT able to flash into krt to install in kernel. [PR/695113: This issue has been resolved.] 

• Scheduler slips can occur when FPC's containing physical interfaces with thousands 

of logical interfaces are taken offline or online. [PR/701021: This issue has been 

resolved.] 

• For a BGP session with bgp damping enabled after a flap the received prefixes are not 

reported correctly in show bgp summary and show bgp neighbour commands. 


Services Applications 

• There was SNMP data collection problem and it is fixed. [PR/689249: This issue has 


• In some circumstances after power off/on Routing-Engine some MS-DPC core can be 

seen in system due to PFE trying to connect to Routing-Engine after disconnection. 


User Interface and Configuration 

• In the J-Web interface, if you discard any available MIB profile, file, or predefined object 

from "accounting-options" on the Point and Click CLI Configuration page (Configure 

> CLI Tools > Point and Click CLI), the J-Web session times out. As a workaround, 

perform the same operation from the CLI. [PR/689261: This issue has been resolved.] 

VPLS 

• In very rare situations the deletion of VPLS IFF , can lead to panic on the backup RE 


• VPLS routing table reference count have to be decremented on removal. [PR/674009: 


• When multiple VPLS instances are configured using manually-defined mesh-groups 

and some without defining mesh-groups, "show vpls connections" may not display 

some of them. [PR/709061: This issue has been resolved.] 


VPNs 


• Under NG-MVPN scenario, if the provider tunnels are shared by multiple routing 

instances. When a "clear bgp neighbor" is issued on the PE that is the egress for the 

provider tunnel, not all provider-tunnels recover. Some LSPs stay is down state (state 

is UP on the egress but down on the ingress of the LSP). [PR/687998: This issue has 


• RPD went high to ~94% when upgrading from pre-10.2 to 10.2R1 or higher. The CPU 

utilization for user is high as well ~95%. From the taks accouning it looks like L2VC is 

stuck on something as the user time for this task keeps incresing over time. The high 

cpu sticks with the master RE on a master switchover. [11:01]user@router> show task 

accounting | no-more [11:01]Task accounting is enabled. [11:01] [11:01]Task Started 

User Time System Time Longest Run [11:01]Scheduler 3148 0.029 0.000 0.000 

[11:01]RSVP 335 0.041 0.000 0.000 [11:01]L3_BANCO_SUDAMER_D-OSPF 42 

0.000 0.000 0.000 [11:01]Common L2 VC 292 27.325 0.132 0.099 From the rtsockmon 

it looks like prefixes are added and deleted continuously. However another router on 

same code with and similar prefix flap does not show high rpd cpu. [10:42]% rtsockmon 

-t [10:42] sender flag type op [10:42][10:42:43] kernel P route add inet 10.247.134.10 

tid=46 plen=32 type=dest flags=0x0 nh=hold nhflags=0x1 nhidx=8208 altfwdnhidx=0 

filtidx=0 [10:42][10:42:43] kernel P nexthop add inet 10.247.134.10 nh=hold flags=0x1 

idx=8208 ifidx=1138 filteridx=0 [10:42][10:42:47] kernel P route delete inet 10.247.134.10 

tid=46 plen=32 type=dest flags=0x180 nh=hold nhflags=0x1 nhidx=8208 

altfwdnhidx=0 filtidx=0 [10:42][10:42:47] kernel P nexthop delete inet 10.247.134.10 

nh=hold flags=0x5 idx=8208 ifidx=1138 filteridx=0 [10:42][10:42:53] kernel P route 

add inet 10.247.134.10 tid=46 plen=32 type=dest flags=0x0 nh=hold nhflags=0x1 

nhidx=14187 altfwdnhidx=0 filtidx=0 [10:42][10:42:53] kernel P nexthop add inet 

10.247.134.10 nh=hold flags=0x1 idx=14187 ifidx=1138 filteridx=0 [10:42][10:42:57] 

kernel P route delete inet 10.247.134.10 tid=46 plen=32 type=dest flags=0x180 nh=hold 

nhflags=0x1 nhidx=14187 altfwdnhidx=0 filtidx=0 [10:42][10:42:57] kernel P nexthop 

delete inet 10.247.134.10 nh=hold flags=0x5 idx=14187 ifidx=1138 filteridx=0 Problem 

is a consequence of the routing-instance's length mismatch between mib2d (35 

characters) and rpd (longer). Customer is currently making use of instances whose 

names are longer than 35 characters: [PR/689502: This issue has been resolved.] 

• After a routing engine switchover, l2vpn address family routes may not be advertised 

by BGP. [PR/707743: This issue has been resolved.] 

Previous Releases 



• Certain mis-configuration causes check-out fail w/o proper reason. [PR/597801: This 




• Kernel core during upgrade. [PR/687671: This issue has been resolved] 

89


90 

• On MX Series routers, the error message “/kernel: Unlist request: unilist(nh index = 

1048575) found on the rnhlist_deleted_root patnode” appears continuously. 

[PR/667046: This issue has been resolved] 

• After a unified ISSU from Junos OS Release 10.0 to 10.4, the sampling feature does 

not function. The sampled process responsible for sampling no longer receives the 

data from the Packet Forwarding Engine. [PR/681271: This issue has been resolved] 


• On the ATM PIC cbr shaping rate configuration, specify a value in cells per second by 

entering a decimal number followed by the abbreviation c; values expressed in cells 

per second are converted to bits per second by means of the formula 1 cps = 384 bps. 

The cell rate configuration was removed from JUNOS releases from 10.1R1 and later 

which built between 23-Jan-2010 and 15-Sep-2011. As workaround, use bits per second 

(bps) configuration to specify the ATM cbr shaping rate. The cell rate configuration 

has been added back from below JUNOS releases and later: 10.4R8, 10.4S7, 11.1R6, 

11.2R3, 11.3R3 and 11.4R1. [PR/685558: This issue has been resolved] 

• On the M120 router, when the no-vrf-propagate-ttl statement is set or deleted, the 

FEB might reboot and dump a core. [PR/691466: This issue has been resolved] 

• When an interface enabled for OAM goes down, the message "first cells dropped at 

cif" is added to the system log file. [PR559492: This issue has been resolved] 


• When LFA link Protection is configured for IGP with LDP-IGP Synchronization enabled, 

if LSP(LDP) routes are installed in inet.0, after LDP session is cleared, the LDP session 

is not able to bring up. [PR/600181: This issue has been resolved] 

• In a Next Generation MVPN scenario, a kernel memory buffer may get corrupted when 

the router receives a bootstrap or auto-RP message whose packet size exceeds 204 

bytes. The memory corruption will cause the Junos kernel to crash every time such a 

packet is received. This problem will only be encountered in a Next-Gen MVPN scenarios 

that use Ingress Replication as the P-tunnel type and has Auto-RP or Bootstrap as the 

group-to-RP mapping mechanism. [PR/681963: This issue has been resolved] 

• When an IP route directly resolves over an LSP or the LSP route is also installed in 

inet.0 table, then the LSP statistics may incorrectly contribute to the bypass LSP 

statistics, even when packets are not being forwarded on the bypass LSP. [PR/682966: 

This issue has been resolved] 

• Under certain circumstances, the automatic bandwidth timer smearing function does 

not space out the timer interval evenly. Also, the interval between the timers are not 

equal. [PR/606051: This issue has been resolved] 


Multicast 


• With Junos version 10.0 or higher performing ISSU software upgrade, multicast resolve 

routes for ipv6 or ipv6 routes might not be installed properly in all FPCs. Multicast 

traffic will not be forwarded anymore. The following syslog message will indicate the 

problem. RT: Failed prefix change IPv4:0 - 224/4 (unknown prefix) RT: Failed prefix 

change IPv6:0 - ff00::/8 (change failed) To recover from this condition FPC reporting 

the above syslog messages needs to get restarted. [PR/559108: This issue has been 

resolved] 


• Mib2d may core when interfaces are created and deleted at very fast rate on scaled 

setup. [PR/602812: This issue has been resolved] 

• The cause of the snmpd core in this PR is a result of the fix that went into PR/607704. 

Junos release 10.4R6 only is exposed to this issue at this time. [PR/674874: This issue 

has been resolved] 

• When an SNMP MIB walk is performed for ipv6IfNetToMediaState without any IPv6 

configuration on the router, the error message "MIB2D_SYSCTL_FAILURE: 

ipv6_n2m_update_sysctl_info: sysctl getting kernel MD6 data failed: Bad address" 

appears. [PR/612585: This issue has been resolved] 


• "commit at" with commit scripts sometimes may lockup CLI. [PR/537074: This issue 

has been resolved] 


• The time stamp of the messages in firewall log is showing incorrect values. The system 

time and time stamp in log messages are not affected. If NTP server is configured, the 

issue does not happen. [PR/661768: This issue has been resolved] 

• Under some rare scenario, it is possible for a DPC to fail to come online after being 

inserted or restarted. The logs will then show the message: "PFEMAN resync in progress" 

every 10 seconds. This is caused by a race condition on the routing-engine when it 

initially tries to download the configuration and routes to the DPC, and eventually 

causes the DPC to stay in dormant state. [PR/609644: This issue has been resolved] 

• MPC might crash when aggregate interface configured due to invalid child members 

installed at PFE side. [PR/695225: This issue has been resolved] 

• Failure to handle transient low memory conditions in the kernel. Fix involves retry the 

operation rather than asserting. [PR/687618: This issue has been resolved] 

91


92 


• When deleting a static route from a VRF instance the operator should avoid issuing a 

show route next-hop detail command for the newly deleted route 

for a period of 3 minutes. This ensures adequate time for even a highly scaled system 

to completely free all data structures associated with the deleted route and avoids 

the RPD crash documented in PR 605798. [PR/605798: This issue has been resolved] 

• Issue happens with NSR switchover or ISSU update due to different indirect nh is 

allocetd on new master. The cnh code needs to handle refcount of cnh properly when 

change from old cnh to new cnh if new cnh already exists on patricia tree. [PR/612182: 


• fbf route with qualified-next-hop and nexthop interface will installed route table 

wrongly. [PR/670339: This issue has been resolved] 

• "show bgp summary" displays the wrong data regarding the active routes. A route can 

be active but not reported by the above command. [PR/680080: This issue has been 

resolved] 

• When sham-link is activated the exported static route is erroneously treated as vpn 

route received via BGP. It resulted in that exported static route shows up in the database 

with DN bit set. [PR/686947: This issue has been resolved] 

• It was not releasing the link for file , so code changes has been done for the same. 

[PR/687959: This issue has been resolved] 

• RPD may crash with BGP multipath configured if the route list includes BGP multipath 

routes along with non BGP routes for same destinations. [PR/688763: This issue has 

been resolved] 

• If "forwarding-options sampling" or "routing-options route-record" is configured, stale 

routes may appear and persist in the routing table in holddown state. Those routes are 

not active and do not affect forwarding, but they do consume memory and if left will 

lead to the memory footprint of RPD increasing over time. For mpls routes it will also 

effect PFE and Kernel memory since the next-hops are not deleted till the route is 

deleted within RPD. JUNOS version 10.4R7 and 11.2R3 are effected. [PR/688820: This 

issue has been resolved] 

• If bgp "keep all" is configured, and "multipath" is enabled under "routing-options" of 

a vrf, and there exists multiple equal cost bgp vpn routes for the same destination in 

bgp.l3vpn table, when this new vrf is added to the config, rpd may core due to a delayed 

bgp reconfig job in a scaled config. [PR/691170: This issue has been resolved] 

• When 10-Gigabit Ethernet interfaces flap frequently, a routing protocol process (rpd) 

core file might be created. [PR/691170: This issue has been resolved] 

• RPD might take long time to bring up an OSPF neighbor to FULL state when there are 

large number of OSPF neighbors with large size of OSPF LSA database. [PR/692239: 


• Under some circumstances where a BGP router that has been configured with family 

route-target the router may fail to send some VPN routes. This will most typically 

happen for a PE router in a scaled configured that has received the default RT-Constrain 

route, 0:0:0/0. [PR/692940: This issue has been resolved] 



• When family route-target is used on a PE and one or more peers that it is configured 

on do not negotiate RT-Constrain (RFC 4684), the PE will generate a default RTC 

route of 0:0:0/96. This default route is not appropriate for non-transit BGP hosts. By 

default, a BGP non-transit PE will discard VPN routes that do not have matching local 

route-target communities. If at a later time a VRF is configured with a route-target that 

it had previously discarded VPN routes for, the attached BGP neighbors will not re-send 

the appropriate VPN routes. This is due to the fact that the attached BGP neighbor 

had a matching default RTC route and thinks it has already sent the associated VPN 

routes. [PR/695918: This issue has been resolved] 

• Changes to martian addresses (RFC5735 that obsoletes RFC3330), that are not present 

in Junos martians default settings. PSN-2011-10-393. [PR/698121: This issue has been 

resolved] 

• The routing protocol process crashes when the default-lsa option is configured in an 

NSSA under a routing instance, which also receives a default route from another VPN 

instance. [PR/606075: This issue has been resolved] 

• The routing protocol process might crash after a graceful Routing Engine switchover 

in a Layer 3 VPN with external or internal BGP multipath that contains a composite 

next hop as a component next hop. [PR/665996: This issue has been resolved] 

• After a BGP session flap, the output of the show bgp summary command might not 

display the correct number of "Active routes" for VPN routing instances. [PR/673830: 


• The ipMRouteInterfaceTable MIB walk does not display PIM SM interfaces. [PR/678051: 


• The output of the show pim statistics inet6 command includes fields that are not 

necessary for IPv6 multicast. [PR/682938: This issue has been resolved] 

• When a PIM is used between downstream PEs in an MVPN environment, the 

nondesignated PE router receives multicast traffic from a designated router on a 

downstream port. When reverse path forwarding occurs, faulty results are returned 

and the router always attempts to build the local multicast route table causing memory 

leaks in the routing protocol process. When the memory leak is large enough, the routing 

protocol process might crash and dump core files. [PR/685111: This issue has been 

resolved] 


• The RE(s) will crash with a trap with the backtrace 

bcopy/if_pfe_ttp_output/if_pfe_ae_ttp_output. if_pfe_ttp_output may not appear in 

the backtrace. The configuration includes dhcp, pppoe/vlan, or demux/ae. [PR/682735: 


• A panic occurs in rnh_index_alloc on the backup RE because the index is already 

allocated. In the syslog or kernel message buffer, a message similar to the following 

may be seen: "rnh_cont_request: demux0.14 (3353) Got nhid=120882 but already 

have child nhid=118652 for cifl ge-0/1/5.32767 (3349)". [PR/682967: This issue has 



93


94 

• CLI "show interface as0 extensive " does not show the sonet child member links stats 

part of aggregated bundle. This effects the monitoring & management of bandwidth 

concerns on the as bundle links. [PR/677553: This issue has been resolved.] 

• With IPv6 and PPPoE, DHCP, or other demux configured, an assertion panic can occur 

in in6_ether_iffconfig(). [PR/686350: This issue has been resolved.] 

• Adding configuration from "load set terminal" for restricted user may not allowed even 

for authorized configuration hierarchies. "load merge terminal" on the other hand does 

not have this issue. [PR/678664: This issue has been resolved.] 

• Add constraint to [ system login user full-name ] to not allow newline (\n) 

characters. [PR/690013: This issue has been resolved.] 

• Jweb does not work on the multi-core Routing Engines which have 64-bit JUNOS. 


• Right click option to Navigate to Chassis info or System info in Chassis view is not 

working properly. Instead operator is expected to navigate to respective page by clicking 

on that page itself from Monitor page instead of using right click option. [PR/684849: 


VPLS 

• With non-stop routing and a large number of LDP-based virtual-private LAN service 

configured, the routing process might crash during a routing-engine switchover event. 


• On certain topology, a core link flap might result in VPLS in RD state w/ 

pseudowire-status-tlv config. This is a timing issue and may not occur every time on 

every topology. [PR/687375: This issue has been resolved.] 

VPNs 

• The routing protocol process dumps core files during a P-PIM process after the default 

MDT switches to a data MDT. [PR/669365: This issue has been resolved.] 







• A replication error might occur when a user route with a local next hop is propagated 

to the backup Routing Engine before the corresponding IFA is replicated. [PR/559458: 



• When a burst of fragmented ICMP packets are received, the chassis loses connection 

to the FEB and FPC. The chassisd process connection to the FRU is terminated, and 

the FEB and FPC reboot. Also, administrative connections to the FEB or FPCs is blocked. 

This causes a permanent interruption to traffic forwarding. Reboot the router to restore 

administrative connectivity to the FEB or FPC. [PR/562421: This issue has been 

resolved.] 


• In Junos OS Release 10.2 and later, when SNMP queries on statistics-related OIDs 

associated with JUNIPER-DOM-MIB occur, the mib2d process size increases and 

ultimately reaches the maximum size permitted due to a memory leak in the MIB. When 

the maximum process size permitted is reached, a system log message “/kernel: Process 

(pid,mib2d) attempted to exceed RLIMIT_DATA: attempted 512016 KB Max 512000 

KB” is added. [PR/608206: This issue has been resolved.] 


• On MX80 routers, the jnxMac snmp query has an incorrect MAC OID. [PR/608029: 


• The dynamically allocated memory gets corrupted when the Layer 2 data length 

changes in the receiving next hop. [PR/670710: This issue has been resolved.] 


• BGP PMTU does not work correctly and causes session flaps as very high values of 

MSS are negotiated. [PR/608970: This issue has been resolved.] 

• If a router acting both as an autonomous system boundary router (ASBR) and an area 

border router (ABR) is reachable by means of a backbone area and a stub area, and if 

the advertisement through the stub area has a higher metric, then the external routes 

get incorrectly installed in the routing table with a next hop through the stub area. 


• The OSPF process begins the OSPF database exchange process with multiple 

adjacencies at the same time that might require a longer time to synchronize the OSPF 

database. [PR/614357: This issue has been resolved.] 

• If a routing protocol process is configured such that there are more than 2048 internal 

routing tables, the SNMP query for jnxBgpM2PrefixCounters causes the routing protocol 

process to crash. As a workaround, scale the configuration to limit the number of 

internal routing tables, or avoid any queries to the PrefixCounters. [PR/678859: This 



95


96 

• BGP sometimes uses the wrong martian table to verify that the protocol next hop is 

not a martian address. Thus some BGP routes are hidden while the others are active 

in the inet.0 interface. [PR/682323: This issue has been resolved.] 

• On multihop BFD with nonstop active routing scenarios, the BFD session might 

eventually flap during graceful Routing Engine switchover events. [PR/613612: This 


• An Aggregated Ethernet interface bounces during a virtual circuit mastership transition 

when LACP fast periodic is configured. The bounce leads to loss of PPP sessions. As 

a workaround, configure LACP periodic slow instead of fast. [PR/660350: This issue 



• The user privileges changes intermittently for a few super user accounts. [PR/677916: 





Class of Service 

• When more than 10 member links are added to an Aggregate bundle, the cosd process 

might crash and restart due to a memory corruption. [PR/613422: This issue has been 

resolved.] 

• The packets received by the IQE PIC might be classified incorrectly. This issue occurs 

when logical interfaces on the same IQE PIC that have two families (out of family inet, 

inet6, or mpls) is configured. When one of the families is deleted from a logical interface 

or set of logical interfaces with a particular Layer 2 encapsulation, the incoming packets 

are classified incorrectly the next time a family is deleted from a logical interface with 

a different Layer 2 encapsulation on the same PIC. [PR/605040: This issue has been 

resolved.] 


• In Junos OS Release 10.1 and later, the SNMP MIB walk for jnxFWCounter does not 

work. [PR/551857: This issue has been resolved.] 

• In rare situations where VPLS IFF is deleted, the backup Routing Engine might panic. 


• When subscribers with more than one service session exist, the pfed process might 

dump core files while sending interim requests. [PR/555338: This issue has been 

resolved.] 

• The backup Routing Engine might crash during an label-switched path flap, when an 

old indexed next-hop is not deleted and a new indexed next-hop with the same 

properties is received. [PR/589555: This issue has been resolved.] 

• When a neighbor frequently fails to answer IPv6 neighbor solicitation messages or 

does so with delay, there is a potential race condition where the neighbor entry can be 



marked reachable in the cache but have no MAC address. As a consequence, the transit 

traffic going to this neighbor will be sent with a random destination MAC and be flooded 

by any switch in the middle to all devices on the LAN for a duration equal to the 

reachability timeout (30 seconds approximately). [PR/608439: This issue has been 

resolved.] 

• On Trio platform, the MPC might crash when the instance-type option is configured 

with virtual switch, and IRB is configured under bridge domain in VPLS. This issue might 

also occur when the IRB is configured over VPLS virtual tunnel. [PR/610808: This issue 


• The pfed process crashes when a memory that has been freed is accessed. This freed 

memory is accessed when some debug counters are updated during a status response 

processing code. The crash occurs only if this freed memory is set to NULL or is reused. 


• The firewall does not block an SSH activity that is performed using an IPv6 address. 


• Memory leaks occur in the Packet Forwarding Engine request allocation for a few kernel 

drivers. [PR/614599: This issue has been resolved.] 

• When a firewall filter configuration is removed from interfaces that contain port 

mirroring, the system log entry “jtree memory free using incorrect value 4 correct 0“ or 

a combination of "Multiple Free :jt_mem_free" entries might be reported from the DPCs 

or FEBs. This issue occurs only if the mirror-once option is configured under the 

port-mirroring statement. As a workaround, remove the mirror-once option and use 

different port mirroring instances when ingress and egress port mirroring is performed. 


• Packets might be dropped when a firewall filter is configured on an IRB interface with 

an action for DSCP marking. [PR/661706: This issue has been resolved.] 

• Under certain error conditions, the statistics infrastructure can leak memory. If the error 

is repeated, then the mib2d process might exhaust all of its allocated memory, crash, 

and then restart with a refreshed memory. This error does not interrupt service and the 

process recovers without any manual intervention. [PR/672274: This issue has been 

resolved.] 


97


98 

General Routing 

• When the RD value of a routing instance is changed, the if-route-exists condition that 

matches a specific route within a routing table in that routing instance within a policy 

might get stuck with a false evaluation. This might lead to the main policy failing, 

resulting in an incorrect behavior of that policy. [PR/674616: This issue has been 

resolved.] 


• A unified in-service software upgrade (unified ISSU) with host-bound traffic greater 

than 5 Kbps causes the host path to be stuck. The IQ2 PICs and Enhanced IQ2 PICs 

remain offline after an unified ISSU under such traffic conditions. [PR/559882: This 


• After a unified in-service software upgrade (unified ISSU) of M Series routers with XFP 

on cFPC, the output of the show chassis pic and show interfaces diagnostics optics 

commands provide an invalid information for the XFP. [PR/567490: This issue has 


• When an MFR, MLPPP, or MT interface is brought down, or an inet6 family is deleted, 

a PFEMAN socket shutdown and a kernel crash might occur. [PR/609484: This issue 


• On MX Series routers running Junos OS Release 10.2 or later, after repeated execution 

of the show interface interface-name command, the command might stop working and 

not be able to collect the statistics from the Packet Forwarding Engine. When this issue 

occurs: 

• The pfed process takes up to 100% CPU resources and stays pegged at a high value. 

• The process size of the pfed process reaches its maximum permitted size. 

• The show interface statistics command fails. 

• The SNMP requests fails. 

One or more of the following system log messages might be reported: 

/kernel: Process (84954,ifinfo) attempted to exceed RLIMIT_DATA: attempted 

131888 KB Max 131072 KB 

/kernel: Process (86084,bdbrepd) attempted to exceed RLIMIT_DATA: attempted 

132048 KB Max 131072 KB 

/kernel: Process (1811,pfed) attempted to exceed RLIMIT_DATA: attempted 

131084 KB Max 131072 KB 

/kernel: Process (1811,pfed) has exceeded 85% of RLIMIT_DATA: used 117944 

KB Max 131072 KB 

init: database-replication (PID 86084) exited with status=1 

pfed: rtslib: ERROR Failed to allocate new block of size 16384 

pfed: rtslib: ERROR Allocation Failure for (16384) bytes 

When this issue occurs, if SNMP requests that are serviced by the pfed process are 

made, the error message “mib2d[1810]: MIB2D_RTSLIB_READ_FAILURE: 



check_rtsock_rc: failed in reading ifls: 0 (Invalid argument)” from the mib2d process 

appears. [PR/610238: This issue has been resolved.] 

• There are no log messages that indicate high levels of utilization of the /mfs file system. 



• The error messages “attributesif_pfe_mfr_copy_options_to_ifl: IFD rlsq0:38: Couldn't 

get the multilink PIC attributes” are logged during an RLSQ hot-standby. [PR/516109: 


• No error messages are displayed when incorrect values are passed to the show oam 

ethernet connectivity-fault-management interfaces value extensive command. 


• On MX Series 3D Universal Edge Routers, if a logical interface is part of a logical interface 

set that has the scheduler-map statement configured, and if the logical interface has 

no output traffic control profile, the scheduler-map field in the output of the show 

class-of-service interface command is incorrect. [PR/591801: This issue has been 

resolved.] 

• The output of the show interface interface-set queue command does not display the 

results for Enhanced IQ2 interfaces. Additionally, the command times out without any 

output on M320 routers. [PR/595991: This issue has been resolved.] 

• The MX80 routers dump core files after an upgrade to Junos OS Release 11.2, and when 

the mode active-active option is enabled at the [aggregated-ethernet-options mc-ae] 

hierarchy level. [PR/601497: This issue has been resolved.] 

• A faulty PIC might cause the FPC to restart after dumping core files. [PR/605690: This 


• The memory used for logical interface messages are not freed on IDL interfaces. 


• When an fxp0 interface is configured to use 100 Mbps speed on a full duplex link mode, 

the interface appears as administratively down after a reboot. [PR/606703: This issue 


• On MX Series routers, when an RX fiber is taken offline, it might take up to 7.5 seconds 

for the router to report the link fault through remote fault detection to its link neighbor. 


• When a 1-port 10-Gigabit Ethernet PIC is taken offline and back online continuously, 

the FPC crashes due to memory issues. [PR/608214: This issue has been resolved.] 

• The chassisd process on the master Routing Engine utilizes about 99% of the CPU 

resources when a new backup Routing Engine is inserted. There is no mastership from 

both the Routing Engines and all active packet forwarding engines are lost. To recover 

from this state, halt the new backup Routing Engine and restart the chassisd process 

on the previous master Routing Engine. [PR/612048: This issue has been resolved.] 

• On a 64-bit kernel running processes in 32-bit mode, the select system call in the kernel 

does not handle descriptor set sizes in multiples of 4 byte words. [PR/613721: This 



99


100 

• The ATM2 PIC stops forwarding traffic after a unified in-service software upgrade. 


• When a router acts as a transit router (not LAC or LNS) and port mirroring is enabled 

on the ports sending and receiving this L2TP transit traffic, the traffic received from 

the access side port is not mirrored properly. However, the L2TP transit traffic exiting 

the router on egress either toward the core or access side is mirrored properly. 


• A file system leak in /mfs causes the /mfs file system to fill up gradually. This in turn 

leads to the RAM getting fully utilized. Due to this, the software uses up the swap space 

causing a slowdown. [PR/614576: This issue has been resolved.] 

• On M120 routers, when an FEB switches over because of an FEB software crash, the 

control connection between the Routing Engine and the IQ2/IQ2E PIC might be lost. 

This might result in a traffic blackhole on the logical interfaces added on the PIC after 

the FEB switchover. [PR/658689: This issue has been resolved.] 

• Under certain conditions where a 100-Gigabit Ethernet PIC is reset, the PIC reverts 

from a configured vlan-steering mode to the default sa-multicast mode. [PR/659681: 


• The MPC card might crash when transient errors in a particular memory block are 

detected by interrupt handlers before they are cleared. [PR/661509: This issue has 


• A 4-port 10-Gigabit Ethernet PIC with XFP might flap when a failover occurs on the 

transmission side. For example, if a failover in transmission takes 10 ms and interface 

damping is configured as 50 ms, the interface flaps. [PR/662124: This issue has been 

resolved.] 

• When an MX80 router chassis is connected to a Cisco router and automatic negotiation 

is enabled, the output of the show interface command displays the working speed of 

the link instead of the maximum speed. [PR/662605: This issue has been resolved.] 

• DCD_CONFIG_WRITE_FAILED and "group exceeded" errors appear on MLFR interfaces 

after a configuration change due to improper cleanup of counters. [PR/668087: This 


• During a graceful Routing Engine switchover (GRES), the new master Routing Engine 

might send flood next hops to Packet Forwarding Engines in static mode, resulting in 

the Packet Forwarding Engine dumping core files, under the following conditions: 

1. GRES and the enhanced-ip option are configured on the router and the router has 

created flood next hops. 

2. A new configuration that disables both GRES and the enhanced-ip option is 

committed on the master Routing Engine. 

3. The master Routing Engine is rebooted. 

4. GRES is performed. 

To prevent this issue from occurring, reboot both Routing Engines after the configuration 

is committed. [PR/668766: This issue has been resolved.] 


• On M Series and T Series routers with Enhanced IQE PICs, the router might crash if a 

precedence rewrite rule results in all the zeros being configured to the classifier table 

and a unified in-service software upgrade is performed. [PR/674274: This issue has 


• When both inverse-arp and frame-relay-ether-type options are configured on the same 

interface, the router fails to pass the configuration check and the configuration is not 

committed. [PR/674774: This issue has been resolved.] 

• On an MX960 router, the FPC might not come back up after an upgrade to Junos OS 

Release 10.4R6, 11.1R3, and 11.2R1 with an error message "No power". This issue occurs 

due to a power miscalculation and is observed when all the following conditions are 

met: 


• The MX960 router is used with high capacity AC PEMs. 

• One of the high capacity AC PEMs in a zone has only one feed connected. 

• The router boots up to the above Junos OS Releases. 


• On routers running 64-bit Junos OS, connections to the FPCs might get closed and 

reopened, and the FPC might restart depending on which connection is reset. This is 

caused when the current system uptime is incorrectly compared to the time when the 

last TCP segment is received on the socket. The issue might first occur after 24 days 

and 20 hours of system uptime, and then at intervals of 49 days and 16 hours. The 

following message logs are added: 

fpc1 PPMAN disconnected; Remote side closed 

fpc1 L2ALM: %PFE-3: Master closed connection 

fpc1 L2ALM: %PFE-3: Master socket closed, 0x435e6330 

fpc1 L2ALM disconnected; L2ALM socket closed abruptly 

fpc1 CLKSYNC: %PFE-3: Master closed connection 

fpc1 CLKSYNC: %PFE-3: Master socket closed, 0x42e82a30 

fpc1 CLKSYNC disconnected; CLKSYNC socket closed abruptly 

fpc1 CMLC: %PFE-3: Master closed connection 

chassisd[1387]: %DAEMON-3-CHASSISD_IPC_CONNECTION_DROPPED: Dropped IPC 

connection for FPC 1 

chassisd[1387]: %DAEMON-5-CHASSISD_IFDEV_DETACH_FPC: ifdev_detach_fpc(1) 



101


102 

Layer 2 Ethernet Services 

• The jdhcpd process might crash when the dhcp-relay configuration includes traceoptions 

for the database flag (or the all flag, which also includes the database flag) and the 

general configuration involves bridge domains with IRB interfaces. Any other dhcp-relay 

traceoptions flag can be used safely. [PR/661778: This issue has been resolved.] 


• With Junos OS Release 10.4 and later, if a failure occurs on the current active path 

while waiting to switch over to an MBB path, the MBB timer is cancelled and the MBB 

path is used immediately. [PR/586079: This issue has been resolved.] 

• When a router acting as a transit node for a node-link protected label-switched path 

sends RESV messages on a restored link without receiving a PATH message from the 

ingress router, the ingress router might set RSVPErr messages that causes a 

label-switched path teardown and traffic drops. [PR/591301: This issue has been 

resolved.] 

• During MBB, when the sender traffic speculation (Tspec) and the reservation flow 

speculation does not match, the output of the show RSVP interface command might 

not reflect the correct reserved bandwidth. [PR/601036: This issue has been resolved.] 

• When the no-cspf option is configured, the RSVP tunnel does not come back up after 

the label-switched path connectivity recovers. [PR/611686: This issue has been 

resolved.] 

• Junos OS does not handle the MPLS echo-reply packet correctly with multipath type 

0. [PR/662814: This issue has been resolved.] 

• The routing protocol process dumps core files during automatic bandwidth adjustment 

of label-switched paths that went down and are in a process of coming up. 


• On MX960 routers, the output of the show rsvp neighbor command displays negative 

values in the MsgRcvd field. [PR/666224: This issue has been resolved.] 

• When LDP Signaling for VPLS is used, the U bit does not follow RFC 4762 in the MAC 

Address Withdrawal MAC list TLV (0x0404). [PR/669275: This issue has been 

resolved.] 

• The MPLS automatic bandwidth does not update the maxbw variable correctly during 

a switchover process. [PR/671734: This issue has been resolved.] 

• When a link that carries a large number of label-switched paths on a router acting as 

PLR goes down, the backup label-switched paths on the PLR might also go down due 

to the backup label-switched paths timing out. [PR/672511: This issue has been 

resolved.] 




• The monitor traffic interface command that is configured to match an ARP does not 

match any ARP information. [PR/585728: This issue has been resolved.] 

• In some cases where SNMP bulk packets are handled, and the backend handler times 

out, the snmpd process might crash. [PR/607704: This issue has been resolved.] 

• When SNMPv3 is used and the notify type is set to inform instead of trap, the response 

messages from the trap collector causes the following error log 

“alidate_interface_access: socket failure: interface index not found (0)” to be displayed. 

This is only a cosmetic issue. [PR/660989: This issue has been resolved.] 

• The eventd process dumps core files under certain policy configurations. [PR/663871: 



• When an interface with IPv6 address has the rpf-check option enabled, and any IPv6 

address is configured on a management interface, the IPv6 link local connectivity gets 

affected on the interface that has the rpf-check option enabled. Also, all protocols the 

uses the link local address goes down or gets stuck. There is no workaround. [PR/546115: 


• On an enhanced CFEB with TCC and per-packet load-balance configured in a Layer 2 

circuit, the Packet Forwarding Engine might drop packets. [PR/575784: This issue has 


• A power drop on the VCSEL channels might cause HSL2 CRC errors. This might result 

in the SIB going into a fault check state. [PR/589103: This issue has been resolved.] 

• On MX Series routers with DPCs, M320 routers with Enhanced 3 FPCs, and M7i, M10i, 

and M120 routers with enhanced CFEBs, the IMQ might get stuck in a state that causes 

traffic drops in the queue. [PR/594606: This issue has been resolved.] 

• Under certain circumstances where multicast VRF is configured, when a change such 

as activating or deactivating a new routing instance is performed, logs related to jtree 

might get freed multiple times. This might result in the DPCs crashing without generating 

a core file. [PR/603821: This issue has been resovled.] 

• The IRB MTU calculation is incorrect for IPv4 traffic when the IRB interface uses VPLS 

on the MPCs. [PR/606555: This issue has been resolved.] 

• The FPC might crash when the firewall filter has a large number of lines in the 

configuration and the show filter index command is used. [PR/607269: This issue has 


• On MX80 routers, the jnxMac snmp query has an incorrect MAC OID. [PR/608029: 


• A transient error in one of the PPE memories might result in an LMEM data error. When 

this issue occurs, the following messages are logged: 


fpc4 LU 0 PPE_0 Errors lmem data error 0x00000042 

fpc4 PPE PPE HW Fault Trap: Count 757685325, PC 6115, 0x6115: 

handle_gauge_init_qsys_mq1_mq2 

103


104 

Although this issue does not indicate that a hard fault exists in the system, packets 

with this error is dropped. To recover from this issue, reboot the MPC. [PR/614054: 


• An error condition in the routing socket message might lead to memory corruption, 

possible memory leak, and/or a router crash. [PR/659752: This issue has been resolved.] 

• On TX Matrix Plus routers, if an LCC's master Routing Engine panics, the backup Routing 

Engine gains mastership and the FPCs that belong to the LCC might not be able to 

reconnect to the new master Routing Engine in time. This might cause the FPCs to 

reset and not restart properly for a long time until the live kernel core dump on the SFC 

master Routing Engine is finished. The system log message “lcc0-fpc0 PFEMAN: 

%PFE-3: trying master connection, attempt 1200 to 0x1000001” is reported on the 

LCC. [PR/659782: This issue has been resolved.] 

• The dynamically allocated memory gets corrupted when the Layer 2 data length 

changes in the receiving next hop. [PR/670710: This issue has been resolved.] 

• In a rare condition where an SRAM parity error stays uncorrected on an FPC, the FPC 

might crash when a cprod command is used. [PR/670754: This issue has been resolved.] 

• A jtree memory corruption might occur due to some memory double free issue on MLFR 

interfaces. [PR/671123: This issue has been resolved.] 

• On platforms that support the Junos Trio chipset, the MPC might crash and restart if 

the interface policer bind makes it to the Packet Forwarding Engine before the interface 

policer consistent message. This issue might occur in the following scenarios: 

• During boot time, if only one interface is configured and the default ARP policer 

(17000) is bound to this interface. 

• When an interface policer is configured and attached to an interface in the same 

commit. 

As a workaround, bring all the MPCs online without configuring any interfaces and 

enable the interfaces after the MPC is online. [PR/676725: This issue has been resolved.] 


• The message "cannot perform nh operation ADDANDGET" is logged after each unilist 

flap. This is a cosmetic error and does not affect functionality. [PR/591773: This issue 


• When PIM auto-rp is configured under logical systems, the routing protocol process 

and the kernel might crash. [PR/595564: This issue has been resolved.] 

• The routing protocol process crashes a few minutes after some of the iBGP neighbors 

are deleted from the configuration. [PR/606952: This issue has been resolved.] 

• On MX80 routers and MPC-3D cards, jflow sampling might not work when it is enabled 

using the interface configuration. [PR/660126: This issue has been resolved.] 

• When the accept-remote-nexthop option is enabled and the import policy to change 

next hop to self is used for EBGP sessions, the routing protocol process might crash. 




• With graceful Routing Engine switchover and nonstop active routing configured, some 

BGP sessions might stay in an idle state on the backup Routing Engine. [PR/660732: 


• During router advertisements over PPPoE, any advertisement sent with 

00:00:00:00:00:00 as the link layer address might cause an invalid LLA message in 

Cisco CPE devices. To resolve this issue, suppress the link layer address trasmission 

when the length is 0 as part of the advertisement since this indicates that the option 

is not valid. [PR/661286: This issue has been resolved.] 

• The Routing Engine might crash when multiple VRRP groups are configured on an 

interface. [PR/668657: This issue has been resolved.] 

• In a scaled environment, the restart routing command might cause the KRT queue (the 

internal communications within the system) to stall due to “Device busy” errors. This 

might result in system instability that can only be cleared by rebooting the system. 


Services Applications 

• When the Layer 2 Tunneling Protocol process restarts, the corresponding kernel data 

structures are not removed. When a restarted process finds these configuration-related 

kernel entries, the process considers this to be an error. [PR/441395: This issue has 


• The NAT64 to ICMP time expire packet might not be translated correctly for packets 

sourced from the intermediate node in traceroute. [PR/597036: This issue has been 

resolved.] 

• The application service provider integrated PIC on an M7i rouer does not boot up due 

to an issue in the Packet Forwarding Engine microkernel scheduler. [PR/614393: This 


• On MX240 routers, huge interleaved RSTP length packets might be discarded. 


• When a sampling configuration is deleted and added again, the jflow configuration 

does not get deleted from the PIC, and gets added twice with a different template ID. 


• Some jflow v9 records might contain invalid values on MX Series routers with 

Multiservices DPC and physical interfaces hosted on enhanced DPC-R/Q/EQ types. 


• Established IPsec and IKE SAs get deleted when an IPsec service set is added or 

removed. [PR/665912: This issue has been resolved.] 

• A duplicate SPI from the peer might get rejected during the Internet Key Exchange 

negotiation. [PR/667178: This issue has been resolved.] 

• When Endpoint Independent Mapping and Address Pooling Paired features are enabled 

independently on the same NAT pool, but in different NAT rules, the Multiservices DPC 

might crash. As a workaround, do not enable these two features separately in multiple 

rules. [PR/678962: This issue has been resolved.] 


105


106 

Software Installation 

• During an unified in-service software upgrade (unified ISSU) from a Junos OS later 

release to 11.2R1 on all platforms that support unified ISSU, kernel panic might occur. 


Subscriber Access Management 

• Both radius-flow-tap and a firewall filter that has a system log action cannot be 

configured on the router at the same time. [PR/573333] 

• When both Dynamic Host Configuration Protocol and Point-to-Point Protocol are 

configured to run on the same BNG, a database corruption might occur. This issue 

occurs when interfaces are repeatedly created and removed in rapid succession. 


• On a Trio MPC, VPLS flooding is disrupted due to aggregated Ethernet next hop weights 

being set incorrectly. The disruption occurs under the following circumstances: 

1. The configuration is performed on a Trio MPC on an MX Series router. 

2. A VPLS routing instance configuration is commited where the VPLS routing instance 

is inactive and an aggregated Ethernet logical interface is disabled and in the 

deactivated state. 

3. The aggregated Ethernet logical interface is subsequently activated and the disabled 

configuration is deleted. 

As a workaround, deactivate and then activate the aggregated Ethernet logical interface. 


• The accounting attribute 41 (acct-delay-time) is missing from the accounting start, 

interim, and stop messages as the VSA does not exist in the RADIUS accounting 

requests from MX Series routers to the RADIUS server. [PR/607520: This issue has 


• If a graceful Routing Engine switchover (GRES) is performed while subscribers are 

logging in to the router, some subscriber sessions can remain in the initialization state. 

Even though the erroneous sessions cannot be removed, the subscribers can properly 

log in to the network. [PR/610641: This issue has been resolved.] 

• Repeated and rapid login and logout of very large numbers of subscribers in an L2TP 

networking environment might result in the L2TP process failing. [PR/659370: This 


• For configurations with more than 32,000 PPP subscribers, it is recommended to 

configure the keepalive interval to no less than 75 seconds to avoid subscriber 

termination due to "no keepalive" errors. [PR/661837: This issue has been resolved.] 

• When auto-configured, single-tagged VLANs are created on Trio MPCs, the initial 

auto-configuration operates properly for the VLAN interfaces. However, subsequent 

VLAN auto-configuration attempts on previously auto-configured, single-tagged VLAN 

IDs can result in the VLAN interfaces failing. Deactivate and reactivate the Ethernet 

device to resolve the error condition. However, deactivating the Ethernet device also 


esults in deactivating all other interfaces on the device, along with any current DHCP 

or PPPoE subscribers. [PR/662722: This issue has been resolved.] 

• PPPoE generates numerous "NACK received for profile request...Cannot access SDB 

session update info retry FALSE" messages when scaling to 64,000 dynamic PPPoE 

clients with static VLANs. Resources consumed by message generation slows 

processing and causes session failures due to timeouts. [PR/667088: This issue has 


• When subscriber entries are created and deleted continuously while graceful Routing 

Engine switchover (GRES) operations are performed repetitively for 70 hours or longer, 

the router might generate an authentication process (authd) core file. [PR/668172: 


• The authd process generates malformed packets to the RADIUS server when the 

ADSL-Forum VSA and DSLForum-Access-Loop-Encapsulation attributes are used. 


• When a router is running a large scale broadband access configuration during a graceful 

Routing Engine switchover, failures might occur due to lack of resources if the router 

is recovering core files associated with the firewall process (dfwd). However, the router 

recovers and resumes operation without intervention. [PR/668974: This issue has 


• When a framed-ip-mask attribute is passed from the RADIUS server using local address 

pools, the address protection during a master switch and/or a graceful Routing Engine 

switchover fails to protect the addresses in use. [PR/673252: This issue has been 

resolved.] 


• Received events are not filtered by the value specified in the attributes-match option. 


• The jptspd process requires the PPR to have policies set to update only the username. 


VPNs 


• Under certain circumstances, adding and deleting an extranet instance in an MVPN 

might result in a KRT queue build-up. [PR/422765: This issue has been resolved.] 

• When a large configuration consisting of hundreds or more pseudowires is merged to 

a router that is running, or when a large configuration consisting of hundreds of 

pseudowires is loaded on the router, the MIB information of some logical interfaces 

might be missing. [PR/513585: This issue has been resolved.] 

• The routing protocol process might crash in an NG-MVPN environment when a p-tunnel 

next hop is an IPv6 address. [PR/581634: This issue has been resolved.] 

• In MVPN environment on Trio platform, if a routing instance is added on a P router, a 

PIM neighborship is established between the remote upstream PE router and the 

downstream P router. However, the MVPN might go down. [PR/609446: This issue 



107


Related 

Documentation 

• The routing protocol process might dump core files when VPLS is configured and active 

while VPLS traces are enabled. As a workaround, disable VPLS traces. [PR/610744: 


• In a multicast VPN enviroment, the routing protocol process dumps core files when 

the default-vpn-source option is configured and the mtrace command is executed. 


• When a PIM-DM is used with NGEN MVPNs and multi-homed PEs, and when the PE-CE 

link goes down, the source address that was previously reachable in the local VRF gets 

located across the core through another PE. The multicast forwarding state for this 

source do not update correctly causing loss of traffic. [PR/614441: This issue has been 

resolved.] 

• The routing protocol process crashes when the set routing-instances noris-vpls protocols 

vpls mac-flush any-interface command is used. The following error message appears: 

mx01 init: routing (PID 1466) terminated by signal number 6. Core dumped! 

mx01 bfdd[1401]: BFDD_TRAP_MHOP_STATE_DOWN: local discriminator: 6, new 

state: down, peer addr: 

mx01 init: routing (PID 1854) started 


• The routing protocol process might crash when ingress replication is used as a provider 

tunnel with multicast VPNs. [PR/661154: This issue has been resolved.] 

• When family route-target is configured and configuration for protocol BGP is removed 

and configured repeatedly, the BGP might fail to generate and advertise the local VRF 

RT-Constrain NLRI to the peers that have negotiated family route-target. This might 

lead to a VPN connection loss as the remote BGP peer do not receive the expected 

RT-Constrain routes and hence do not respond to those associated VPN routes that 

have matching route-target extended communities. [PR/666819: This issue has been 

resolved.] 

• On MX80 routers, the octets of the multicast group of an MBGP MVPN route is printed 

in reverser order on the output of the show route table VPN-A.mvpn.0 command. 


• When the mplsVpnVrf MIB is polled and a large number of interfaces exist on the DUT, 

• 

high CPU usage, schedule slips, and bounced peers might occur. As a workaround, 

avoid polling the tables containing the mplsVpnScalars and mplsVpnVrfTable interface 

counters. [PR/673186: This issue has been resolved.] 

Unsupported Features in Junos OS Release 11.3 for Common Platform Features on 

page 83 

Junos OS Documentation and Release Notes 

108 

For a list of related Junos OS documentation, see 

http://www.juniper.net/techpubs/software/junos/ . 


Documentation Feedback 

If the information in the latest release notes differs from the information in the 

documentation, follow the Junos OS Release Notes. 

To obtain the most current version of all Juniper Networks ® technical documentation, 

see the product documentation page on the Juniper Networks website at 

http://www.juniper.net/techpubs/ . 

Juniper Networks supports a technical book program to publish books by Juniper Networks 

engineers and subject matter experts with book publishers around the world. These 

books go beyond the technical documentation to explore the nuances of network 

architecture, deployment, and administration using the Junos operating system (Junos 

OS) and Juniper Networks devices. In addition, the Juniper Networks Technical Library, 

published in conjunction with O'Reilly Media, explores improving network security, 

reliability, and availability using Junos OS configuration techniques. All the books are for 

sale at technical bookstores and book outlets around the world. The current list can be 

viewed at http://www.juniper.net/books . 

We encourage you to provide feedback, comments, and suggestions so that we can 

improve the documentation. You can send your comments to 

techpubs-comments@juniper.net, or fill out the documentation feedback form at 

https://www.juniper.net/cgi-bin/docbugreport/. If you are using e-mail, be sure to include 

the following information with your comments: 

• Document name 

• Document part number 

• Page number 

• Software release version 

Requesting Technical Support 


Technical product support is available through the Juniper Networks Technical Assistance 

Center (JTAC). If you are a customer with an active J-Care or JNASC support contract, 

or are covered under warranty, and need postsales technical support, you can access 

our tools and resources online or open a case with JTAC. 

• JTAC policies—For a complete understanding of our JTAC procedures and policies, 

review the JTAC User Guide located at 

http://www.juniper.net/customers/support/downloads/710059.pdf. 

• Product warranties—For product warranty information, visit 

http://www.juniper.net/support/warranty/. 

• JTAC Hours of Operation —The JTAC centers have resources available 24 hours a day, 

7 days a week, 365 days a year. 

Self-Help Online Tools and Resources 

Documentation Feedback 

109


110 

For quick and easy problem resolution, Juniper Networks has designed an online 

self-service portal called the Customer Support Center (CSC) that provides you with the 

following features: 

• Find CSC offerings: http://www.juniper.net/customers/support/ 

• Search for known bugs: http://www2.juniper.net/kb/ 

• Find product documentation: http://www.juniper.net/techpubs/ 

• Find solutions and answer questions using our Knowledge Base: http://kb.juniper.net/ 

• Download the latest versions of software and review release notes: 

http://www.juniper.net/customers/csc/software/ 

• Search technical bulletins for relevant hardware and software notifications: 

https://www.juniper.net/alerts/ 

• Join and participate in the Juniper Networks Community Forum: 

http://www.juniper.net/company/communities/ 

• Open a case online in the CSC Case Management tool: http://www.juniper.net/cm/ 

To verify service entitlement by product serial number, use our Serial Number Entitlement 

(SNE) Tool located at https://tools.juniper.net/SerialNumberEntitlementSearch/. 

Opening a Case with JTAC 

You can open a case with JTAC on the Web or by telephone. 

• Use the Case Management tool in the CSC at http://www.juniper.net/cm/ . 

• Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico). 

For international or direct-dial options in countries without toll-free numbers, visit us at 

http://www.juniper.net/support/requesting-support.html. 

If you are reporting a hardware or software problem, issue the following command from 

the CLI before contacting support: 

user@host> request support information | save filename 

To provide a core file to Juniper Networks for analysis, compress the file with the gzip 

utility, rename the file to include your company name, and copy it to 

ftp.juniper.net:pub/incoming. Then send the filename, along with software version 

information (the output of the show version command) and the configuration, to 

support@juniper.net. For documentation issues, fill out the bug report form located at 

https://www.juniper.net/cgi-bin/docbugreport/. 


Revision History 

13January 2012—Revision 5, Junos OS 11.3 R4 

05 January 2012—Revision 4, Junos OS 11.3 R4 

23 November 2011—Revision 3, Junos OS 11.3 R3 

7 October 2011—Revision 2, Junos OS 11.3 R2 

Copyright © 2012, Juniper Networks, Inc. All rights reserved. 

01 September 2011—Revision 1, Junos OS 11.3 R1 

Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United 

States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other 

trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. 

Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, 

transfer, or otherwise revise this publication without notice. 

Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that are 

owned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312, 

6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785. 


Requesting Technical Support 

111

Release Notes 11.3R4 - Juniper Networks

Create successful ePaper yourself

Delete template?

Save as template?