Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

ON THIS PAGE

Junos OS Release Notes for Junos Fusion Enterprise

 

These release notes accompany Junos OS Release 17.2R3 for Junos Fusion Enterprise. Junos Fusion Enterprise is a Junos Fusion that uses EX9200 switches in the aggregation device role. These release notes describe new and changed features, limitations, and known problems in the hardware and software.

Note

For a complete list of all hardware and software requirements for a Junos Fusion Enterprise, including which Juniper Networks devices can function as satellite devices, see Understanding Junos Fusion Enterprise Software and Hardware Requirements in the Junos Fusion Enterprise User Guide.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

New and Changed Features

This section describes the new features and enhancements to existing features in the Junos OS main release and the maintenance releases for Junos Fusion Enterprise.

Note

For more information about the Junos Fusion Enterprise features, see the Junos Fusion Enterprise User Guide.

Release 17.2R3 New and Changed Features

There are no new features or enhancements to existing features for Junos Fusion Enterprise in Junos OS Release 17.2R3.

Release 17.2R2 New and Changed Features

There are no new features or enhancements to existing features for Junos Fusion Enterprise in Junos OS Release 17.2R2.

Release 17.2R1 New and Changed Features

Interfaces and Chassis

  • Half-duplex link support on satellite devices (Junos Fusion Enterprise)—Starting with Junos OS 17.2R1, half-duplex communication is supported on all built-in network copper ports on EX2300, EX3400, and EX4300 satellite devices in a Junos Fusion Enterprise (JFE). Half-duplex is bidirectional communication, but signals can flow in only one direction at a time. Full-duplex communication means that both ends of the communication can send and receive signals at the same time. The built-in network copper ports are configured by default as full-duplex 1-gigabit links with autonegotiation. If the link partner is set to autonegotiate the link, then the link is autonegotiated to full duplex or half-duplex. If the link is not set to autonegotiation, then the satellite-device link defaults to half-duplex unless the interface is explicitly configured for full duplex.

    To explicitly configure full duplex:

    [edit]

    user@aggregation-device# set interfaces interface-name link-mode full-duplex

    To verify a half-duplex setting:

    user@aggregation-device> show interfaces interface-name extensive

    [See Understanding Half-Duplex Links on Satellite Devices in a Junos Fusion Enterprise.]

Layer 2 Features

  • Private VLANs (Junos Fusion Enterprise)—Starting with Junos OS Release 17.2R1, Junos Fusion Enterprise (JFE) supports private VLANs (PVLANs). PVLANs are useful for restricting the flow of broadcast and unknown unicast traffic and for limiting the known communication between known hosts. PVLANs can be used for purposes including: to help ensure the security of service providers sharing a server farm; to provide security to subscribers of various service providers sharing a common metropolitan area network; or to achieve isolation within the same subnet in a very large enterprise network. PVLAN is a standard introduced by RFC 5517 to achieve port or device isolation in a Layer 2 VLAN by partitioning a VLAN broadcast domain (also called a primary VLAN) into smaller subdomains (also called secondary VLANs).

    In a JFE PVLAN topology:

    • Multiple satellite devices can be clustered into a group and cabled into the JFE as a group instead of as individual satellite devices.

    • Aggregation device native ports or satellite device extended ports can act as promiscuous ports, isolated ports, or community VLAN ports.

    • The promiscuous port can be attached to a core switch or router through physical interfaces or aggregated links.

    • PVLANs are supported in dual aggregation device JFEs.

    [See Understanding Private VLANs on a Junos Fusion Enterprise.]

Changes in Behavior and Syntax

There are no changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands in Junos OS Release 17.2R3 for Junos Fusion Enterprise.

Known Behavior

This section lists known behavior, system maximums, and limitations in hardware and software in Junos OS Release 17.2R3 for Junos Fusion Enterprise.

For the most complete and latest information about known Junos OS problems, use the Juniper Networks online Junos Problem Report Search application.

Junos Fusion Enterprise

  • On a Junos Fusion, when using LLDP, the Power via MDI and Extended Power via MDI TLVs are not transmitted. PR1105217

  • In a Junos Fusion Enterprise topology with dual aggregation devices, firewall statistics are not synchronized across the aggregation devices. PR1105612

  • On a Junos Fusion Enterprise, Link Layer Discovery Protocol-Media Endpoint Discovery (LLDP-MED) fast start does not work. PR1171899

  • On a Junos Fusion Enterprise, the show ethernet-switching table CLI command takes a few minutes to show entries when an extended port receives with MAC count set to 150K. PR1117567

  • On a Junos Fusion Enterprise, when the satellite devices of a cluster are rebooted, the output of the CLI command show chassis satellite shows the port state of the cascade ports as Present. PR1175834

  • While applying a loopback filter on aggregation devices in a Junos Fusion Enterprise, Callback Control Protocol (CBCP) packets might be filtered, which might cause CBCP sessions to be dropped and one of the satellite devices in a redundant pair to be in the SplitBrainDn state. To work around this issue, you can add a filter similar to the following to the existing set of loopback filters:

    set firewall family inet filter accept-icl term accept-icl from source-address 10.0.0.0/30
    set firewall family inet filter accept-icl term accept-icl from destination-address 10.0.0.0/30

    PR1183680

  • On a Junos Fusion Enterprise, a loss of connectivity of the link connecting the standalone switch might cause conversion of the switch from Junos OS to SNOS to fail. As a workaround, reboot the standalone switch to restart the conversion process in case of auto-conversion. PR1232798

  • On a Junos Fusion Enterprise, the satellite device might not come online when the systems is converted from cluster to non-cluster mode without accompanying topology changes. As a workaround, ensure the configuration of satellite devices matches the wiring topology: non-cluster devices should not be connected to other clustered devices through default or configured clustering/uplink ports. PR1251790

  • On Junos Fusion Enterprise, when 802.1X is configured in single-secure mode, a firewall counter is created for the default discard term in addition to the configured term. PR1254503

Known Issues

This section lists the known issues in hardware and software in Junos OS Release 17.2R3 for Junos Fusion Enterprise.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Junos Fusion Enterprise

  • On a Junos Fusion, the TCPDUMP command does not capture packets on satellite devices. PR1125568

  • In a Junos Fusion, when a satellite device port is configured with auto-negotiation, and it is operating at a different speed than a link partner device, the port might go back to negotiated speed instead of going down. PR1247353

Resolved Issues

This section lists the issues fixed in the Junos OS main release and the maintenance releases.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 17.2R3

  • Mirrored packets are dropped if the analyzer output extended port is reachable through the ICL link. PR1211123

  • On a Junos Fusion Enterprise with dual aggregation devices, while applying Routing Engine lo0 filters and setting the cascade port down on AD2, the SD goes to ProvSessionDown state on AD2 while it stays online on AD1. PR1275290

  • In a Junos Fusion environment the satellite device displays U-boot on the LCD screen. PR1304784

  • All the 802.1X sessions are removed when the AUTO ICCP link is disabled. PR1307588

  • LACP aggregated Ethernet interfaces go to a down state when performing commit synchronize. PR1314561

  • Packet loss of 2-3 seconds is seen every 5 minutes on Junos Fusion. PR1320254

  • In a Junos Fusion Enterprise deployment, an SCPD core might be seen on an aggregation device when DACL on an 802.1X-enabled port is installed on a single-homed satellite device. PR1328247

  • DHCP security binding entries are not synced after the FPC goes offline and comes back online. PR1332828

  • Issue with 802.1X re-authentication in Junos Fusion Enterprise. PR1345365

  • A satellite device does not recover PoE after the device is offline for more than 10 minutes and rejoins the AD. PR1356478

  • The Fusion satellite device reboots after an automatic POE firmware upgrade. PR1359065

  • The ppm-lite process might generate a core file on the Fusion satellite devices. PR1364265

Resolved Issues: 17.2R2

Junos Fusion Enterprise

  • In dual aggregation device case, when you disable a cascade port, the extended port physical interfaces are marked as being down. PR1232924

  • EX4300 with Junos OS Release 17.1R1 cannot be converted to satellite mode. PR1267767

  • CoS shaping is not happening properly according to the configured shaping rate. PR1268084

  • In a Junos Fusion Enterprise, for show ethernet-switching table, a few entries are stuck in DLR state after l2-learning restart. PR1268619

  • In a Junos Fusion Enterprise, the DHCP snooping entry is deleted after l2ald restart. PR1281824

  • VRRP split-brain state in dual aggregation device Junos Fusion. PR1293030

  • Aggregation devices without a cascade port cannot reach hosts over an ICL link if they are authenticated by 802.1X authentication in a different VLAN than the default (manually assigned) VLAN. PR1298880

  • The 802.1X authentication might fail in a Junos Fusion setup. PR1299532

  • Dot1x might crash in Junos Fusion setup with dual AD. PR1303909

Resolved Issues: 17.2R1

There are no resolved issues for Junos Fusion Enterprise in Junos OS Release 17.2R1.

Documentation Updates

There are no errata or changes in Junos OS Release 17.2R3 for Junos Fusion Enterprise documentation.

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade or downgrade Junos OS and satellite software for a Junos Fusion Enterprise. Upgrading or downgrading Junos OS and satellite software might take several hours, depending on the size and configuration of the Junos Fusion Enterprise topology.

Basic Procedure for Upgrading Junos OS on an Aggregation Device

When upgrading or downgrading Junos OS for an aggregation device, always use the junos-install package. Use other packages (such as the jbundle package) only when so instructed by a Juniper Networks support representative. For information about the contents of the junos-install package and details of the installation process, see the Installation and Upgrade Guide.

Note

Before upgrading, back up the file system and the currently active Junos OS configuration so that you can recover to a known, stable environment in case the upgrade is unsuccessful. Issue the following command:

The installation process rebuilds the file system and completely reinstalls Junos OS. Configuration information from the previous software installation is retained, but the contents of log files might be erased. Stored files on the routing platform, such as configuration templates and shell scripts (the only exceptions are the juniper.conf and ssh files), might be removed. To preserve the stored files, copy them to another system before upgrading or downgrading the routing platform. See the Junos OS Administration Library.

To download and install Junos OS Release 17.2R2:

  1. Using a Web browser, navigate to the Download Software URL on the Juniper Networks webpage:

    https://www.juniper.net/support/downloads/

  2. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.
  3. Select By Technology > Junos Platform > Junos Fusion to find the software that you want to download.
  4. Click the Junos Fusion EX9200 (Enterprise) title to expand the list of supported releases.
  5. Click the release number (the software version that you want to download) from the list.
  6. Select the aggregation device software package for the release.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the routing platform or to your internal software distribution site.
  10. Install the new junos-install package on the aggregation device.Note

    We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

    Customers in the United States and Canada, use the following command:

    user@host> request system software add validate reboot source/package-name

    All other customers, use the following command:

    user@host> request system software add validate reboot source/package-name

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the router.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname (available only for Canada and U.S. version)

    The validate option validates the software package against the current configuration as a prerequisite to adding the software package to ensure that the router reboots successfully. This is the default behavior when the software package being added is a different release.

    Adding the reboot command reboots the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Upgrading an Aggregation Device with Redundant Routing Engines

If the aggregation device has two Routing Engines, perform a Junos OS installation on each Routing Engine separately to minimize disrupting network operations as follows:

  1. Disable graceful Routing Engine switchover (GRES) on the master Routing Engine and save the configuration change to both Routing Engines.

  2. Install the new Junos OS release on the backup Routing Engine while keeping the currently running software version on the master Routing Engine.

  3. After making sure that the new software version is running correctly on the backup Routing Engine, switch over to the backup Routing Engine to activate the new software.

  4. Install the new software on the original master Routing Engine that is now active as the backup Routing Engine.

For the detailed procedure, see the Installation and Upgrade Guide.

Preparing the Switch for Satellite Device Conversion

There are multiple methods to upgrade or downgrade satellite software in your Junos Fusion Enterprise. See Configuring or Expanding a Junos Fusion Enterprise.

For satellite device hardware and software requirements, see Understanding Junos Fusion Enterprise Software and Hardware Requirements.

Use the following command to install Junos OS on a switch before converting it into a satellite device:

user@host> request system software add validate reboot source/package-name
Note

The following conditions must be met before a Junos switch that is running Junos OS Release 17.2R3 can be converted to a satellite device when the action is initiated from the aggregation device:

  • The Junos switch can only be converted to SNOS 3.1 and higher.

  • The Junos switch must be either set to factory-default configuration using the request system zeroize command, or the following command must be included in the configuration: set chassis auto-satellite-conversion.

When the interim installation has completed and the switch is running a version of Junos OS that is compatible with satellite device conversion, perform the following steps:

  1. Log in to the device using the console port.
  2. Clear the device:
    [edit]

    user@satellite-device# request system zeroize
    Note

    The device reboots to complete the procedure for resetting the device.

    If you are not logged in to the device using the console port connection, your connection to the device is lost after you enter the request system zeroize command.

    If you lose connection to the device, log in using the console port.

  3. (EX4300 switches only) After the reboot is complete, convert the built-in 40-Gbps QSFP+ interfaces from Virtual Chassis ports (VCPs) into network ports:
    user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port port-number

    For example, to convert all four built-in 40-Gbps QSFP+ interfaces on an EX4300-24P switch into network ports:

    user@satellite-device>request virtual-chassis vc-port delete pic-slot 1 port 0

    user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port 1

    user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port 2

    user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port 3

    This step is required for the 40-Gbps QSFP+ interfaces that will be used as uplink interfaces in a Junos Fusion topology. Built-in 40-Gbps QSFP+ interfaces on EX4300 switches are configured into VCPs by default, and the default settings are restored after the device is reset.

After this initial preparation, you can use one of three methods to convert your switches into satellite devices—autoconversion, manual conversion, or preconfiguration. See Configuring or Expanding a Junos Fusion Enterprise for detailed configuration steps for each method.

Converting a Satellite Device to a Standalone Switch

In the event that you need to convert a satellite device to a standalone device, you will need to install a new Junos OS software package on the satellite device and remove the satellite device from the Junos Fusion topology. For more information, see Converting a Satellite Device to a Standalone Device.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 16.1, 16.2 and 17.1 are EEOL releases. You can upgrade from Junos OS Release 16.1 to Release 16.2 or even from Junos OS Release 16.1 to Release 17.1. However, you cannot upgrade directly from a non-EEOL release that is more than three releases ahead or behind.

To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information on EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html

Downgrading from Release 17.2

Junos Fusion Enterprise is first supported in Junos OS Release 16.1, although you can downgrade a standalone EX9200 switch to earlier Junos OS releases.

Note

It is not recommended to downgrade the aggregation device from 17.2R1 to 16.1 if there are cluster satellite devices in the setup.

To downgrade a Junos Fusion Enterprise from Junos OS Release 17.2, follow the procedure for upgrading, but replace the 17.2 junos-install package with one that corresponds to the appropriate release.

Note

You cannot downgrade more than three releases.

For more information, see the Installation and Upgrade Guide.

Product Compatibility

Hardware and Software Compatibility

For a complete list of all hardware and software requirements for a Junos Fusion Enterprise, including which Juniper Networks devices function as satellite devices, see Understanding Junos Fusion Enterprise Software and Hardware Requirements in the Junos Fusion Enterprise User Guide.

Hardware Compatibility Tool

For a hardware compatibility matrix for optical interfaces and transceivers supported across all platforms, see the Hardware Compatibility tool.