Migration, Upgrade, and Downgrade Instructions
This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network.
Upgrade and Downgrade Scripts for Address Book Configuration
Beginning with Junos OS Release 12.1, you can configure address books under the [security] hierarchy and attach security zones to them (zone-attached configuration). In Junos OS Release 11.1 and earlier, address books were defined under the [security zones] hierarchy (zone-defined configuration).
You can either define all address books under the [security] hierarchy in a zone-attached configuration format or under the [security zones] hierarchy in a zone-defined configuration format; the CLI displays an error and fails to commit the configuration if you configure both configuration formats on one system.
Juniper Networks provides Junos operation scripts that allow you to work in either of the address book configuration formats (see Figure 1).
About Upgrade and Downgrade Scripts
After downloading Junos OS Release 12.1, you have the following options for configuring the address book feature:
Use the default address book configuration—You can configure address books using the zone-defined configuration format, which is available by default. For information on how to configure zone-defined address books, see the Junos OS Release 11.1 documentation.
Use the upgrade script—You can run the upgrade script available on the Juniper Networks support site to configure address books using the new zone-attached configuration format. When upgrading, the system uses the zone names to create address books. For example, addresses in the trust zone are created in an address book named trust-address-book and are attached to the trust zone. IP prefixes used in NAT rules remain unaffected.
After upgrading to the zone-attached address book configuration:
You cannot configure address books using the zone-defined address book configuration format; the CLI displays an error and fails to commit.
You cannot configure address books using the J-Web interface.
For information on how to configure zone-attached address books, see the Junos OS Release 12.1 documentation.
Use the downgrade script—After upgrading to the zone-attached configuration, if you want to revert to the zone-defined configuration, use the downgrade script available on the Juniper Networks support site. For information on how to configure zone-defined address books, see the Junos OS Release 11.1 documentation.
Before running the downgrade script, make sure to revert any configuration that uses addresses from the global address book.
Running Upgrade and Downgrade Scripts
The following restrictions apply to the address book upgrade and downgrade scripts:
The scripts cannot run unless the configuration on your system has been committed. Thus, if the zone-defined address book and zone-attached address book configurations are present on your system at the same time, the scripts will not run.
The scripts cannot run when the global address book exists on your system.
If you upgrade your device to Junos OS Release 12.1 and configure logical systems, the master logical system retains any previously configured zone-defined address book configuration. The master administrator can run the address book upgrade script to convert the existing zone-defined configuration to the zone-attached configuration. The upgrade script converts all zone-defined configurations in the master logical system and user logical systems.
You cannot run the downgrade script on logical systems.
For information about implementing and executing Junos operation scripts, see the Junos OS Configuration and Operations Automation Guide.
Upgrade and Downgrade Support Policy for Junos OS Releases and Extended End-Of-Life Releases
Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.
You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after.
For example, Junos OS Releases 12.3X48, 15.1X49, 17.3 and 17.4 are EEOL releases. You can upgrade from Junos OS Release 15.1X49 to Release 17.3 or from Junos OS Release 15.1X49 to Release 17.4. However, you cannot upgrade directly from a non-EEOL release that is more than three releases ahead or behind.
Upgrade from Junos OS Release 17.4 to successive Junos OS Release, is supported. However, you cannot upgrade directly from a non-EEOL release that is more than three releases ahead or behind.
To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.
For more information about EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.
For information about software installation and upgrade, see the Installation and Upgrade Guide for Security Devices.
For information about ISSU, see the Chassis Cluster Feature Guide for Security Devices.