I had a quick look at https://apps.juniper.net/feature-explorer/select-software.html?typ=1&swName=Junos%20OS&rel=20.4R3&sid=1179&platform=SRX1500&pid=21901500 for the pfw
Nothing really stands out except maybe:
- LLDP on routed and reth interfaces - https://apps.juniper.net/feature-explorer/feature-info.html?fKey=9785&fn=LLDP%20on%20routed%20and%20reth%20interfaces
We currently have to disable LLDP on the fasw interfaces facing the pfw as the pfw would report the LLDP frames as L2 errors.
fasw-c-eqiad# show protocols lldp port-id-subtype interface-name; interface all; interface xe-0/2/0 { disable; } interface xe-1/2/0 { disable; }
This LLDP improvement could potentially allow us to get rid of that special case, streamlining the config, and implementing the change (testing in prod) is safe to do.
We should also look at the management routers, the same thing was happening, but now that they are all running recent Junos, we can probably drop the LLDP exceptions from the asw switch ports. Looking at drmrs it seems to be working fine.