[j-nsp] EX3400 experiences / software recommendation

Chris Lee chris at datachaos.com.au
Wed Dec 6 03:56:13 EST 2017 

On Wed, Dec 6, 2017 at 6:32 PM, Gert Doering <gert at greenie.muc.de> wrote:

> On Tue, Dec 05, 2017 at 09:07:25PM +0100, Gert Doering wrote:
> > quick question about the EX3400 series... is one of you using them in
> > earnest, and can recommend a software version?
>
> Thanks for your feedback - and I find this interesting, that all replies
> I got was "we use D56 and it is fine".
>
> > One of my customers was sold four of them, and we see "funny things"
> > (like, switch ports only forwarding ARP packets but no IP, bunch of
> > copper GE ports going down and back up simultaneously with nobody
> > near the box, untypical things in logs...) and "common wisdom" hints
> > at "you want a more recent software version".
>
> I found PR1282438 in the meantime, fixed in D57 - which matches one of
> the funny explosions we saw.  Configured new VLAN, removed other VLAN
> from some trunks at the same commit, and afterwards the switches acted
> up extremely weird until I gave up and reloaded...
>

We've got around 22x EX3400's running D55.5.. we use Space and Network
Director however to deploy port profiles, and had no end of trouble
initially with the schema in Space for D55.5 where we couldn't deploy a
port profile in Network Director which had PoE set to enabled. From memory
this also impacted the EX2300's which run the same code base.

Eventually JTAC issued us a new schema file to import in Space and it's
been good since, however last I tried upgrading an EX3400 switch to D56 I
found the same issue in Space being unable to deploy a port profile with
PoE so rolled back to D55.5

I just read about PR1282438 last week also and it sounds very concerning,
the weird thing being, touch wood, I can't recall encountering this in
production yet and have done a lot of VLAN changes! The only thing I can
think of is whether deploying a VLAN change through Network Director where
I do the bulk of changes hasn't trigged this bug yet? Can't think that I've
done a manual VLAN edit/deploy in the CLI post the initial config.

But otherwise so far D55.5 has been reasonably stable for us (again, touch
wood!)

Either way I'm tempted to stage a switch with D57 and have a crack at
upgrading it and checking if I have any schema/port profile deployment
issues in Space... and then I know our Space/ND install also could probably
do with some updates as well, but having spent the first 3 months of this
year working with JTAC on squashing the port profile duplication bugs we
hit during the last upgrade I haven't been in any great hurry to move
forward on that front either.

Cheers,
Chris

More information about the juniper-nsp mailing list