Understanding what licenses you need to enable extra software features on your EX and QFX switches

In a previous blog we have discussed the topic of how Juniper has changed their practice and offers more products of their portfolio with separated software and hardware.

Click here to check out the previous blog about licenses

Even though this hasn’t been applied completely to their switching series, namely EX and first generation QFX switches, there are quite a few licenses options a customer can purchase in time, implementing Juniper famous “pay-as-you-grow” solutions for expanding and developing their networks.

Let’s begin with EX series

Juniper’s EX portfolio can offer variety of solutions including access switches that deliver fixed 1GbE and multigigabit configurations to the enterprise network, 10GbE aggregation switches for high-density enterprise campus deployments and flexible modular core switches for mission-critical deployments. Most of the EX switches are offering full set of L2 and L3 capabilities as part of the base software but to enable some extra features one must install separate licenses.

To summarize there are 3 types of licenses that can be ordered with the EX switches:

Enhanced feature license (EFL)

Type of features EX Series Licenses part number
Bidirectional Forwarding Detection (BFD) EX2200, EX2300, EX3300, EX3400, EX4300 For 12-port EX switches
Connectivity fault management (IEEE 802.1ag) EX2200 EX4300 For 24-port EX switches
IGMP (Internet Group Management Protocol) version 1 (IGMPv1), IGMPv2, and IGMPv3/ EX2200 & EX2300 EX3300 EX3400 EX4300 For 48-port EX switches
IPv6 routing protocols: Multicast Listener Discovery version 1 and 2 (MLD v1/v2), OSPFv3, PIM multicast, VRRPv3 EX2300 EX3300 EX3400 For EX4300
EX4300-24-EFL EX4300-32F-EFL
Multicast Source Discovery protocol (MSDP) EX2300 EX3400 EX4300  
RIPng (RIPng is for RIP IPv6) EX2300 EX3400 EX4300  
OSPFv1/v2 (with four active interfaces) EX2200 & EX2300 EX3300 EX3400 EX4300  
Protocol Independent Multicast (PIM) dense mode, PIM source-specific mode, PIM sparse mode EX2200 & EX2300 EX3300 EX3400 EX4300  
Q-in-Q tunneling (IEEE 802.1ad) EX2200 EX3300  
Unicast reverse-path forwarding (RPF) EX3300 EX3400  
Real-time performance monitoring (RPM EX2200 EX2300 EX3300 EX3400 EX4300  
Virtual Router EX2200 EX3300 EX3400 EX4300  
Virtual Router Redundancy Protocol (VRRP) EX2200 & EX2300 EX3300 EX3400 EX4300  

Advanced Feature Licenses (AFL)

Type of features EX Series Licenses part number
Border Gateway Protocol (BGP) and multiprotocol BGP (MBGP) EX3300, EX3400, EX4300, EX4600, EX3200, EX4200, EX4500, EX4550, EX8200, EX9200, EX9250, EX6200 For 24-port switches EX-24-AFL
IPv6 routing protocols: IPv6 BGP and IPv6 for MBGP EX3300, EX3200, EX4200, EX4500, EX4550, EX8200, EX9200, EX9250, EX6200 For 48-port switches
Virtual routing and forwarding (VRF) BGP EX3300  
Intermediate System-to-Intermediate System (IS-IS) EX3400, EX4300, EX4600, EX3200, EX4200, EX4500, EX4550, EX8200, EX9200, EX9250, EX6200   EX4300-24-AFL EX4300-32F-AFL EX4300-48-AFL
Multiprotocol Label Switching (MPLS) EX4600 EX4550-AFL
Virtual Extensible LAN (VXLAN) EX4600 EX4600-AFL
Ethernet VPN available only on EX9200 & EX9250 EX6210-AFL
Logical systems available only on EX9200 EX8208-AFL
MPLS with RSVP-based label-switched paths (LSPs)   Starting with Junos OS Release 17.3R1, you can enable up to 200 RSVP-TE sessions in the EX9200 EX9204-AFL
MPLS-based circuit cross-connects (CCCs) available only on EX4200 and EX4550 EX9251-AFL
Open vSwitch Database (OVSDB) available only on EX9200  
Virtual Extensible LAN (VXLAN) available only on EX9200 and EX9250 EX9253-AFL
  • Media Access Contol Security (MACSec) is a security technology that provides secure communication for almost all types of traffic on Ethernet links. MACSec is standardized in IEEE 802.1AE that gives point-to-point security between directly-connected nodes and is capable of identifying and preventing most security threats. A feature license is required (EX-QFX-MACSEC-ACC) to configure MACsec on EX Series and QFX series switches, with the exception of the QFX10000-6C-DWDM and QFX10000-30C-M line cards.

We continue with the QFX series, which are access and top-of-rack 10/25/40/100GbE Layer 2 and Layer 3 switches, which are a perfect solution for dynamic data center environments. We will dig into QFX5100-48S/T as these were one of our most popular switches in the past few months.

QFX5100-48 is a L3 managed switch with 48x 1GbE/10 GbE (fiber or copper) ports and 6×40 GbE QSFP+  with 1.44Tbps throughput and 1.08 Bpps data rate and up to 288 000 MAC address. These switches come with number of features like zero-touch provisioning ZTP, automatic rollback, basic Ipv6, Python scripting, layer 2 getaway services for networking automation and Plug-and-Play operations, Virtual Router, Unicast reserve-path (RPF), IGMPv1/v2/v3 but they require the advanced edge license QFX-JSL-EDGE-ADV1 to enable features like:

Premium Features Advanced features
Ethernet VPN MPLS-based CCC
IpV6 for BGP/MBGP RSVP-based LSP
IS-IS Segment routing
IS-IS for IpV6  

Another useful features implemented in the QFX series is the Virtual Chassis Fabric (VCF) technology.

The VCF allows the interconnection of multiple switches into a spine-and-leaf fabric architecture and manages all of them as a single device. Supported switches in VCF are QFX5100, QFX5110, EX4300, QFX3600 and QFX3500. The Licenses required for VCF is QFX-VCF-LIC

An important note to mention here is all of the devices in the VCF have to be updated to the same Junos OS that support VCF and if QFX5100 switches are running Junos image “qfx-5” they need to be upgraded to “qfx-5e” to be able to use the QFX-VCF-LIC.

Hopefully we were able to shine some more light on the maze of licenses. But if you are still unsure or just want to double check feel free to give us a call or send us an email. We are always happy to help out!