Unable to Pass Untagged Traffic from SRX via QinQ on EX4300-32F: A Junos Upgrade Conundrum

The Juniper Networks EX4300-32F switch is a popular choice among network administrators due to its high-performance and feature-rich capabilities. However, a recent issue has been reported by some users who have upgraded their Junos operating system to version 21.4R3-S8.5. Specifically, they are unable to pass untagged traffic from their SRX firewall via QinQ (also known as 802.1ad) on the EX4300-32F switch. In this article, we will delve into the details of this issue, explore possible causes, and provide solutions to resolve this problem.

Understanding QinQ and Untagged Traffic

Before we dive into the issue, let’s first understand what QinQ and untagged traffic are. QinQ is a networking standard that allows multiple VLANs to be nested inside each other, providing a way to extend VLANs across multiple switches. Untagged traffic, on the other hand, refers to network traffic that does not have a VLAN tag associated with it.

In a typical network setup, untagged traffic is sent to a default VLAN, which is usually VLAN 1. However, when QinQ is enabled, the default VLAN is not used, and untagged traffic is instead sent to the VLAN specified in the QinQ configuration.

The Issue: Unable to Pass Untagged Traffic

After upgrading to Junos version 21.4R3-S8.5, some users have reported that their EX4300-32F switch is unable to pass untagged traffic from their SRX firewall via QinQ. This means that any untagged traffic sent from the SRX firewall is not being forwarded to the correct VLAN, resulting in network connectivity issues.

The issue is not limited to a specific configuration or setup, as multiple users have reported the same problem with different network topologies. This suggests that the issue is related to the Junos operating system itself, rather than a configuration error.

Possible Causes

After researching the issue, we have identified several possible causes that may be contributing to the problem:

• Junos Bug: It’s possible that the issue is caused by a bug in the Junos operating system. Juniper Networks regularly releases patches and updates to fix bugs and improve performance, but sometimes these updates can introduce new issues.
• QinQ Configuration: The QinQ configuration on the EX4300-32F switch may be incorrect or incomplete, causing the switch to drop untagged traffic.
• VLAN Configuration: The VLAN configuration on the EX4300-32F switch may be incorrect, causing the switch to forward untagged traffic to the wrong VLAN.
• SRX Firewall Configuration: The SRX firewall configuration may be incorrect, causing it to send untagged traffic to the wrong VLAN or IP address.

Solutions

To resolve the issue, we recommend trying the following solutions:

• Check Junos Version: Verify that the EX4300-32F switch is running the latest version of Junos. If not, upgrade to the latest version to ensure that any known bugs are fixed.
• Verify QinQ Configuration: Check the QinQ configuration on the EX4300-32F switch to ensure that it is correct and complete. Make sure that the VLANs are properly configured and that the QinQ tunnel is enabled.
• Verify VLAN Configuration: Check the VLAN configuration on the EX4300-32F switch to ensure that it is correct. Make sure that the VLANs are properly configured and that the switch is forwarding traffic to the correct VLAN.
• Verify SRX Firewall Configuration: Check the SRX firewall configuration to ensure that it is sending untagged traffic to the correct VLAN or IP address.
• Disable QinQ: If none of the above solutions work, try disabling QinQ on the EX4300-32F switch to see if the issue persists. If the issue goes away, it may indicate a problem with the QinQ configuration or the Junos operating system.

Conclusion

The issue of being unable to pass untagged traffic from SRX via QinQ on EX4300-32F switches running Junos version 21.4R3-S8.5 is a complex problem that requires careful troubleshooting and analysis. By understanding the possible causes and trying the recommended solutions, network administrators should be able to resolve the issue and restore network connectivity.

It’s also important to note that Juniper Networks regularly releases updates and patches to fix bugs and improve performance. If the issue persists after trying the recommended solutions, it may be worth contacting Juniper Networks support for further assistance.

Recommendations

To avoid similar issues in the future, we recommend the following:

• Regularly Update Junos: Regularly update the Junos operating system to ensure that any known bugs are fixed and that the switch has the latest features and security patches.
• Verify Configurations: Verify all configurations, including QinQ, VLAN, and SRX firewall configurations, to ensure that they are correct and complete.
• Test Network Connectivity: Regularly test network connectivity to ensure that all devices can communicate with each other correctly.
• Monitor Network Performance: Monitor network performance to detect any issues early on and take corrective action before they become major problems.

By following these recommendations, network administrators can help ensure that their network is running smoothly and that any issues are quickly identified and resolved.