Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for the QFX Series

 

These release notes accompany Junos OS Release 18.4R1 for the QFX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

New and Changed Features

This section describes the new features for the QFX Series switches in Junos OS Release 18.4R1.

Note

The following QFX Series platforms are supported in Release 18.4R1: QFX5100, QFX5110, QFX5120, QFX5200, QFX5210, QFX10002, QFX10008, and QFX10016. Junos on White Box is also supported in Release 18.4R1.

Authentication, Authorization, and Accounting (AAA)

  • Support for password change policy enhancement (QFX Series)—Starting in Junos OS Release 18.4R1, the Junos OS password change policy for local user accounts is enhanced to comply with additional password policies. As part of the policy improvement, you can configure the following:

    • maximum-lifetime-value—The maximum duration of a password. The password expires after the maximum is reached.

    • minimum-lifetime-value—The minimum duration of a password. You cannot change the password until the minimum duration is reached.

    [See password.]

Class of Service (CoS)

  • Class of service support on VXLAN interfaces (QFX10000)—Starting with Junos OS 18.4R1, standard class of service (CoS) features-–classifiers, rewrite rules, and schedulers-–are supported on VXLAN interfaces on the QFX10000 line of switches.

    [See Understanding CoS on OVSDB-Managed VXLAN Interfaces.]

  • Class of service support on VXLAN interfaces (QFX5100)—Starting with Junos OS 18.4R1, standard class of service (CoS) features - classifiers, rewrite rules, and schedulers - are supported on VXLAN interfaces on QFX5100 switches.

    [See Understanding CoS on OVSDB-Managed VXLAN Interfaces.]

EVPNs

  • Support for graceful restart on EVPN-VXLAN (QFX Series)—Starting in Junos OS Release 18.4R1, Junos OS supports graceful restart on EVPN-VXLAN on EX9200 and QFX Series switches and MX Series routers. Graceful restart allows the device to recover from a routing process restart or Routing Engine switchover without nonstop active routing (NSR) enabled.

    [See NSR and Unified ISSU Support for EVPN Overview.]

  • Selective multicast forwarding and SMET support in EVPN-VXLAN (QFX10002, QFX10008, and QFX10016)—Starting in Junos OS Release 18.4R1, Junos OS supports selective multicast forwarding in a centrally EVPN-VXLAN network. Devices on a bridge domain with IGMP snooping enabled will monitor traffic on the access interfaces and selective forwarding towards the core. Devices that support selective multicast forwarding replicate and forward multicast traffic only to other interested devices. This feature is supported on a centrally-routed spine-and-leaf topology on QFX 10000 switches where the network can consist of a mix of SMET supported and non-SMET supported devices. This is achieved because the ingress devices can flood multicast traffic to the non-SMET capable devices while selectively forwarding the traffic among SMET capable devices. The ingress device can determine whether a device on the EVPN network is capable of supporting SMET by the presence or absences of the multicast flag community in a EVPN type 3 route message and will forward the traffic accordingly. Thus, the data center fabric can be upgraded in phases without disrupting existing multicast operations.

    [See Selective Multicast Forwarding .]

  • Support for VMTO for ingress traffic (QFX Series)—Starting in Junos OS Release 18.4R1, you can configure a leaf or spine device that is configured as a Layer 3 gateway to support virtual machine traffic optimization (VMTO) for ingress traffic. VMTO eliminates the unnecessary ingress routing to default gateways when a virtual machine is moved from one data center to another.

    To enable VMTO, configure remote-ip-host routes at the [edit routing-instances routing-instance-name protocols evpn] hierarchy level. You can also filter out the unwanted routes by configuring an import policy under the remote-ip-host routes option.

    [See Configuring EVPN Routing Instances.]

  • Support for multihomed proxy advertisement (QFX Series)—Starting in Junos OS Release 18.4R1, Junos OS now provides enhanced support to proxy advertise the MAC address and IP route entry from all leaf devices that are multihomed to a CE device. This can prevent traffic loss when one of the connection to the leaf device fails. To support the multihomed proxy advertisement, all multihomed PE devices should have the same multihomed proxy advertisement bit value. The multihomed proxy advertisement feature is enabled by default, and Junos OS uses the default multihomed proxy advertisement bit value of 0x20.

    [See EVPN Multihoming Overview.]

  • Layer 2 and 3 families, encapsulation types, and VXLAN on the same physical interface (QFX5100, QFX5110, and QFX5200 switches)—You can configure and commit the following on a physical interface of a QFX5100, QFX5110, or QFX5200 switch in an EVPN-VXLAN environment:

    • Layer 2 bridging (family ethernet-switching) on any logical interface unit number (unit 0 and any nonzero unit number).

    • VXLAN on any logical interface unit number (unit 0 and any nonzero unit number).

    • Layer 2 bridging (family ethernet-switching and encapsulation vlan-bridge) on different logical interfaces (unit 0 and any nonzero unit number).

    • Layer 3 IPv4 routing (family inet) and VXLAN on different logical interfaces (unit 0 and any nonzero unit number).

    For these configurations to be successfully committed and to work properly, you must specify the encapsulation flexible-ethernet-services configuration statement at the physical interface level—for example, set interfaces xe-0/0/5 encapsulation flexible-ethernet-services.

    This feature was previously introduced in Junos OS Release 18.1R3.

    [See Understanding Flexible Ethernet Services Support With EVPN-VXLAN.]

  • Automatically generated Ethernet segment identifiers in EVPN-VXLAN and EVPN-MPLS networks (MX240, MX480, QFX5100, and QFX5110)—Starting in Junos OS Release 18.4R1, you can configure aggregated Ethernet interfaces and aggregated Ethernet logical interfaces to automatically derive Ethernet segment identifiers (ESIs) from the Link Aggregation Control Protocol (LACP) configuration. This feature is supported in the following environments:

    • On Juniper Networks devices that are multihomed in active-active mode in an EVPN-VXLAN overlay network.

    • On Juniper Networks devices that are multihomed in active-standby or active-active mode in an EVPN-MPLS overlay network.

    [See Understanding Automatically Generated and Assigned ESIs in EVPN Networks.]

  • MAC filtering, storm control, and port mirroring support in EVPN-VXLAN overlay networks (QFX5100 and QFX5110 switches)—QFX5100 and QFX5110 switches support the following features in an EVPN-VXLAN overlay network:

    • MAC filtering

    • Storm control

    • Port mirroring and analyzers

    [See MAC Filtering, Storm Control, and Port Mirroring Support on EVPN-VXLAN Interfaces. ]

  • MAC filtering and storm control support in EVPN-VXLAN overlay networks (QFX10002 and QFX10008 switches)—QFX10002 and QFX10008 switches support the following features in an EVPN-VXLAN overlay network:

    • MAC filtering

    • Storm control

    [See MAC Filtering, Storm Control, and Port Mirroring Support on EVPN-VXLAN Interfaces. ]

  • IPv6 data traffic support through an EVPN-VXLAN overlay network (QFX10000 and QFX5110 switches)—Starting with Junos OS Release 18.4R1, QFX10000 and QFX5110 switches that function as Layer 3 VXLAN gateways can route IPv6 data traffic through an EVPN-VXLAN overlay network. With this feature enabled, Layer 2 or 3 data packets from one IPv6 host to another IPv6 host are encapsulated with an IPv4 outer header and transported over the IPv4 underlay network. The Layer 3 VXLAN gateways in the EVPN-VXLAN overlay network learn the IPv6 routes through the exchange of EVPN type-2 and type-5 routes.

    This feature was previously introduced in Junos OS Release 15.1X53-D30 on QFX10000 switches.

    [See Routing IPv6 Data Traffic through an EVPN-VXLAN Network With an IPv4 Underlay.]

High Availability (HA) and Resiliency

  • VRRP scale improvements per aggregated Ethernet bundle (QFX Series)—Starting in Junos OS Release 18.4R1, you can configure up to 4000 active VRRP sessions per aggregated Ethernet bundle on QFX Series routers. To configure VRRP support, include the vrrp-group statement at the [edit interfaces interface-name unit logical-unit-number family inet address ip-address] hierarchy level.

    [See Understanding VRRP]

Junos on White Box

Operation, Administration, and Maintenance (OAM)

  • Connectivity fault management (CFM) support (QFX5200 and QFX5210)—IEEE 802.1ag CFM provides fault isolation and detection over large Layer 2 networks that may span several service provider networks. You can configure CFM to monitor, isolate, and verify faults in these interconnected provider bridge networks. Starting in Junos OS Release 18.4R1, Junos OS provides CFM support on QFX5200 and QFX5210.

    CFM support on QFX5200 and QFX5210 has the following limitations:

    • CFM support is provided via software using filters. This can impact scaling.

    • Inline Packet Forwarding Engine mode is not supported. In Inline PFE mode, you can delegate periodic packet management (PPM) processing to the Packet Forwarding Engine which results in faster packet handling. The CCM interval supported is 10 milliseconds.

    • Performance monitoring (ITU-T Y.1731 Ethernet Service OAM) is not supported.

    • CCM interval of less than 1 second is not supported.

    • CFM is not supported on routed interfaces and aggregated Ethernet (lag) interfaces.

    • MIP half function, to divide the MIP functionality into two unidirectional segments to improve network coverage, is not supported.

    • Up MEP is not supported.

    • Total number of CFM sessions supported is 20.

    [See Understanding Ethernet OAM Connectivity Fault Management for Switches.]

System Management

  • Passive Monitoring support (QFX10000 switches)— Starting with Junos OS Release 18.4R1, you can enable passive monitoring on the switch to passively capture traffic from monitoring interfaces. Passive monitoring provides filtering capabilities for monitoring ingress and egress traffic at the Internet point of presence (PoP) where security networks are attached. With passive monitoring, the switch does not route packets from the monitored interface or run any routing protocols related to those interfaces. It only receives traffic flows, collects intercepted traffic, and exports it to monitoring tools like IDS servers and packet analyzers, or other devices such as routers or end node hosts. To enable this feature, include the passive-monitor-mode statement at the [edit interface] hierarchy level. This feature was previously supported in an "X" release of Junos OS.

    See [Understanding Passive Monitoring on QFX10000 Switches.]

  • IPv6 support added to Precision Time Protocol (PTP) G.8275.2) enhanced profile (QFX5110 and QFX5200 switches)— Starting with Junos OS Release 18.4R1, the G.8275.2 enhanced profile supports IPv6 transport.

    To configure the G.8275.2 enhanced profile, enable the g.8275.2.enh statement at the [edit protocols ptp profile-type] Junos OS CLI hierarchy.

    To configure IPv6 transport, enable the ipv6 statement at the [edit protocols ptp master interface interface-name unicast-mode transport] and [edit protocols ptp slave interface interface-name unicast-mode transport] Junos OS CLI hierarchies.

VPNs

  • Support to control traceroute over Layer 3 VPN (QFX Series)—Starting in Junos OS Release 18.4R1, in a Layer 3 VPN topology with vrf-table-label configured and multiple customer edge (CE) routers configured in the same VPN routing and forwarding (VRF) routing instance, when traceroute is performed to a remote provider edge (PE) router for a CE-facing network, the ICMP time exceeded packet determines the correct IP address as the source address.

    To control the traceroute over Layer 3 VPN topology with vrf-table-label configured and multiple CE routers configured in the same VRF, you can configure allow-l3vpn-traceroute-src-select at the[edit system] hierarchy level that determines the correct IP source address by reviewing the destination routing instance and destination IP address.

    [See allow-l3vpn-traceroute-src-select.]

Changes in Behavior and Syntax

This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands from Junos OS Release 18.4R1 for the QFX Series.

Interfaces and Chassis

  • Change in default action for fatal errors (QFX10002, QFX10008, and QFX10016 switches)—Starting in Junos OS Release 18.4R1, by default, for all fatal errors on the QFX10000 line of switches, Junos OS raises an alarm and disables all Packet Forwarding Engine interfaces that raised the error. (The feature described above is documented but not supported on QFX10002, QFX10008, and QFX10016 switches in Junos OS Release 18.4R1.)

    [See show chassis fpc errors.]

  • Support for creating layer 2 logical interface independently (QFX Series)—In Junos OS Releases 18.4R1, 18.4R2, and later, QFX Series switches support creating layer 2 logical interface independent of layer 2 routing instance type. That is, you can configure and commit the layer 2 logical interfaces separately and add the interface to bridge-domain or Ethernet VPN (EVPN) routing instance separately. Note that the layer 2 logical interfaces works fine only when the interface is added to bridge domain or EVPN routing instance.

    In the earlier Junos OS releases, when an layer 2 logical interface configuration (units with encapsulation vlan-bridge configuration) is used, then the logical interface must be added as part of a bridge-domain or EVPN routing instance for the commit to succeed.

Network Management and Monitoring

  • The NETCONF server omits warnings in RPC replies when the rfc-compliant statement is configured and the operation returns <ok/> (QFX Series)—Starting in Junos OS Release 18.4R1, when you configure the rfc-compliant statement at the [edit system services netconf] hierarchy level to enforce certain behaviors by the NETCONF server, the server must not return an RPC reply that encloses both an <rpc-error> element and an <ok/> element. If the operation is successful, but the server reply would enclose one or more <rpc-error> elements of severity warning in addition to the <ok/> element, then the warnings are omitted. In earlier releases, or when the rfc-compliant statement is not configured, the NETCONF server might issue an RPC reply that encloses both an <rpc-error> element of severity warning and an <ok/> element.

Known Behavior

This section lists known behavior, system maximums, and limitations in hardware and software in Junos OS Release 18.4R1 for the QFX Series.

For the most complete and latest information about known Junos OS problems, use the Juniper Networks online Junos Problem Report Search application.

Class of Service (CoS)

  • On QFX5120 switches, if the CoS configurations are modified when egress traffic shaped at very low rate (less than 50 Mbps), packets might get stuck in the MMU buffers permanently. It might cause ingress or egress traffic drops. When low rate shapers (less than 50 Mbps) are applied on egress queues, it is suggested to deactivate shaping before any CoS modification or ensure traffic is stopped before doing CoS modification. PR1367432

General Routing

  • Port LEDs on QFX5100 do not work. If a device connects to a port on QFX5100, the port LED stays unlit. PR1317750

  • Based on the memory availability, the QFX10002 can scale up to 300 remote PE devices with a total of 600 tunnels. To avoid exceeding memory,we recommend that you do not go beyond this scale. PR1329243

  • When the sFlow collector can be reached only through the Routing Engine, because of heavy traffic, large samples can cause the Routing Engine CPU to become busy. PR1332337

  • Hardware watchdog does not work on QFX10008 and QFX10002-60C/PTX10002-60C. PR1343131

  • When a VLAN is added as an action for changing the VLAN in both ingress and egress filters, the filter will not be installed. PR1362609

  • A few error messages related to function rt_mesh_group_add_check() will be seen during reboot and are harmless. PR1365049

  • Autochannelization is not supported for 40GBASE-BXSR, QSFP+40GE-LX4, QSFP-100G-PSM4, and 100GBASE-BXSR optics. PR1366103

  • When the egress-to-ingress option is enabled to use ingress TCAM for the egress filters, it is expected that the egress counters will count the packets on the ingress side as well. PR1369048

  • Error logs are expected when routes pointing to the target next hop, which in turn points to the HOLD next hop. These error logs are present for short time. Later, when the next hop changes from HOLD next hop to valid next hop, unilist next hops will be walked again and updated with the appropriate weight and reroute counters. and no more error logs will be seen. PR1387559

  • On Junos OS Release 18.4R1, an intermittent traffic loss is observed with RTG streams while flapping the RTG primary interface. PR1388082

MPLS

  • There will not be any warning message about a Packet Forwarding Engine restart when MPLS tunnel extend configuration is deleted. PR1394722

Routing Protocols

  • On QFX5120 platforms, 254 neighbors and 200,000 routes can be scaled for IS-ISv4. Beyond 200,000 routes with 254 neighbour, adjacency flaps and traffic drop will be seen. PR1368106

Virtual Chassis

  • A Virtual Chassis internal loop might happen at a node coming up from a reboot. During nonstop software upgrade (NSSU) on a QFX5100 Virtual Chassis, a minimal traffic disruption or traffic loop (greater than 2s) might occur. PR1347902

Known Issues

This section lists the known issues in hardware and software for the QFX Series switches in Junos OS Release 18.4R1.

For the most complete and latest information about known Junos OS problems, use the Juniper Networks online Junos Problem Report Search application.

EVPN

  • When an end system identifier (ESI) (all member links) is disabled, the traffic to other ESI also get impacted. As a result, you can observe a drop of 0.1 to 0.4 second. PR1215510

  • Mac-move-shutdown stops working if a “physical loop” is introduced continuously in quick succession of 10 minutes. The issue is not seen every time but can occur only if physical loop is introduced at least four times. If the loops span a long period, the issue is not seen. A test is performed to check the overall impact on basic features. There is no issue seen on basic learning or major impact on any protocol. This is a negative scenario, but it is unlikely to occur in a customer network where the multiple loops occur within a short time span. PR1284315

  • In EVPN scenarios, rpd might crash and generate a core file due to a memory allocation problem. PR1369705

  • At times, when l2ald is restarted, a race condition occurs where VTEP notification comes in from the kernel before lo0. As a result, l2ald is unable to process the VTEP add request and gets stuck in an indefinite loop. PR1384022

General Routing

  • The Layer 3 multicast traffic does not converge to 100 percentage and continuous drops are observed after bringing down/up the downstream interface or while an FPC comes online after FPC restart. This happens with multicast replication for 1000 VLAN or IRBs. PR1161485

  • Interface uptime has increased by 8 seconds from Junos OS Release 17.4R1 to Junos OS Release 18.1R1. Also, SDK upgrades across releases can impact the parameters such as login prompt appear time, FPC up time, and interface up time after switch reboot. PR1324374

  • On the QFX10002-60C, filter operation with log action is not supported for protocols other than Layer 2, IPv4, and IPv6. The following message is seen in firewall logs: Protocol 0 not recognized. PR1325437

  • On the QFX5100 line of switches, in some cases, CoS configuration is not applied appropriately in the Packet Forwarding Engine, leading to unexpected egress traffic drop on some interfaces. PR1329141

  • BFD session over aggregated Ethernet flaps when a member link carrying the BFD Tx flaps. PR1333307

  • On QFX10002, QFX10008, and QFX10016, ND is incorrectly working on IRB/Layer 3 interface with discard filter. PR1338067

  • On the QFX10000 platforms, NETCONF SSH TCP port 830 traffic is hitting host the path and unclassified queue, causing DDoS violations in the unclassified queue. The following log appears DDOS_PROTOCOL_VIOLATION_SET: Warning: Host-bound traffic for protocol/exception. PR1345744

  • On the QFX10000 line of switches, in a DDoS scenario, incorrect DDoS counter values and syslog messages might be seen after manually clearing statistics for a specific protocol. PR1351212

  • The 100-Gigabit Ethernet interface goes down after you configure and delete the Ethernet loopback configuration. PR1353734

  • When MC-LAG is configured with force-up enabled on MCLAG nodes, the LACP admin key should not match the key of the access or CE device. PR1362346

  • On the QFX5000 line of switches, if lcmd is restarted, a chassisd core file will be generated with traffic drop for few seconds. PR1363652

  • On the QFX52100 a filter with a routing instance applied to family inet logical interface (IFL) causes traffic to be discarded on unrelated interfaces. PR1364020

  • The time lapse between interface-down interrupt detection to FRR callback is approximately 148 ms on the QFX5120 platform, though the in-place update FRR programming completes in 1 ms. The minimum FRR time achieved with this limitation is approximately 150 ms and maximum is approximately 275 ms. PR1364244

  • On QFX Series platforms with multicast FHR, when DUT is rendezvous point (RP), some groups are not receiving traffic. PR1365683

  • On the QFX5200, an error might be encountered when upgrading from Junos OS Release 15.1X53-D230.3 (the image with enhanced automation support [flex]) to an Junos OS Release 18.1R1.9 image without the enhanced automation. PR1366080

  • The statement pm4x25_line_side_phymod_interfa might throw the error ERROR: u=0 p=81 interface type 16 not supported by internal SERDES for this speed 50000. This error message is seen when channelization is detected in the Junos OS Release 18.1R3. PR1366137

  • On the QFX10000 line of switches, with EVPN-VXLAN, the following error is seen: expr_nh_fwd_get_egress_install_mask:nh type Indirect of nh_id: # is invalid. PR1367121

  • Dedicated minimum buffers are reserved for some queues according to the Junos OS working model. These buffers are always available to those queues irrespective of the traffic pattern throughout the system. After "clearing stat", these values are visible. There is no functional impact, because this is a cosmetic or minor issue. PR1367978

  • If both the local and remote ends are auto-channelized and the local port QSFP is removed, then the 100G interface does not come up on port 62 after removing SFP on port 30, which is channelized. PR1370887

  • Changing the bridge domain name breaks the communication for that particular bridge domain. PR1371495

  • MAC learning does not happen after restart of the l2-learning daemon for interfaces on backup. Traffic still gets forwarded. PR1372220

  • USB upgrade of NOS image is not supported. PR1373900

  • On the QFX5110, the Ethernet switching flood group shows incorrect information. PR1374436

  • On the QFX10000 platform, the Packet Forwarding Engine might get wedged if there are too many interfaces (for example, more than 35) with the physical or operational state changing to down, and for which the LACP force-up parameter is enabled, while the administration state is still up. PR1376366

  • In Junos OS Release 18.1R3, when one 50-Gigabit Ethernet port is taken down using the ifconfig command, the other one also goes down. PR1376389

  • On the QFX5000 line of switches, in an EVPN-VxLAN scenario, ARP or NDP proxy might not work as expected if ARP or NDP suppression is enabled. PR1382483

  • When reading back next hops from the kernel, the rpd could set an incorrect flag on the next hop, which could potentially affect next-hop installation for composite next hops. PR1383426

  • Last reboot reason is not correct if the device is rebooted because of power cycle. Last reboot reason is displayed as Junos OS reboot even if the device gets rebooted because of power cycling. PR1383693

  • In Junos OS Release 18.1R3, ifOutMulticastPkts , ifInBroadcastPkts, and ifOutBroadcastPkts show incorrect value. PR1384069

  • On QFX10008 and QFX10016 platforms, traffic loss might be observed because of switch modular failure on the Control Board (CB). This failure further causes all SIBs to be marked as faulty and causes FPCs to restart until Routing Engine switchover occurs. PR1384870

  • In an EVPN-VXLAN environment, the spine EVPN routes might be stuck in a hidden state with the next hop as unusable after FPC1 is offline in the spine. Traffic drop might be observed. When FPC1 is brought online, some nodes are not reachable from FPC1 until routing is restarted. PR1386147

  • The show chassis errors active detail command does not support QFK5000 platform. It will be hidden and taken care in other opened scopes. PR1386255

  • With inline-BFD configured on the QFX10000 line of switches, BFD sessions might flap continuously. PR1389569

  • On QFX5100 platforms, if the size of the configuration is huge when upgraded from a lower release to a higher one, the FPC might crash. PR1389872

  • Re-ARP request is sent without VLAN-ID. PR1390794

  • sdk-vmmd might consistently write to the memory. PR1393044

  • Filter criteria ether-type, ip-precedence, tcp-flags are not working on family Ethernet switching filter applied on EVPN-VXLAN CE interface. PR1394377

  • An l2ald core file might be seen when l2-learning traceoptions are enabled. This occurs because of a race condition when the l2ald log file is getting rotated and simultaneously l2ald tries to write a new trace log message. PR1394380

  • You might see that the memory DRAM indicates 1953. Per example1, this is incorrect. The memory DRAM is fixed by other internal fix and you can see that the memory DRAM indicates 16384. But, this triggers the other issue in which the buffer indicates a high value like 91 percent. Per example2, this is a display issue.

    Example1: user@host> show chassis fpc Temp CPU Utilization (%) CPU Utilization (%) Memory Utilization (%) Slot State (C) Total Interrupt 1min 5min 15min DRAM (MB) Heap Buffer 0 Online 33 9 0 8 8 8 1953 15 32 ~~~~ ~~ {master:0} user@host>

    Example2: user@host> show chassis fpc Temp CPU Utilization (%) CPU Utilization (%) Memory Utilization (%) Slot State (C) Total Interrupt 1min 5min 15min DRAM (MB) Heap Buffer 0 Online 26 12 0 11 11 9 16384 26 91PR1394978

  • MPLS configuration changes or topology changes might result in the tunnel initiator clear messages in the syslog. PR1396014

  • When GRES/NSR is enabled on a QFX5100 (single Routing Engine), DHCP subscribers fails to bind. PR1396470

  • Layer 2 multicast and broadcast convergence is high while deleting and adding back the scale configurations of VLANS and VXLAN. PR1399002

  • Layer 3 gateway is not supported on QFX5110 with SP style of configuration in Junos OS Release 18.1R3-S2 and Junos OS Release 18.4R1. PR1399131

  • When a Packet Forwarding Engine is restarted with scaled EVPN-VXLAN configuration, the Packet Forwarding Engine might be crashed during the restart process. PR1403305

Infrastructure

  • The following messages are seen during FTP: ftpd[14105]: bl_init: connect failed for /var/run/blacklistd.sock (No such file or directory). PR1315605

Layer 2 Features

  • The Targeted-broadcast forward-only command does not broadcast the traffic. PR1359031

  • If an aggregated Ethernet interface is configured with LACP, flexible-vlan-tagging, and native-vlan-id, then after deleting the native-vlan-id option, the LACP state will be in detached state. PR1385409

  • On QFX5000 switches, underlay IRB is not supported in Junos OS Release 18.1R3-S2. PR1389511

  • Neighbor advertisement received is not forwarded over VTEP with ECMP underlay. PR1405723

MPLS

  • On QFX5100 switches, a ping from the CE to the PE (LHR) lo0 interface does not go through with explicit-null (RSVP). PR1145437

  • There could be some lingering RSVP state that would keep some labeled routes programmed in the Packet Forwarding Engine longer than they should be. This RSVP state will eventually expire and then delete the RSVP MPLS routes from FIB. However, traffic loss is not anticipated because of this lingering state or the corresponding label routes in the FIB. In the worst case, in a network where there is persistent link flapping going on, this lingering state could interfere with the LSP scale being achieved. PR1331976

  • Statistics of transit traffic do not increment LSP statistics signaled by RSVP-TE. PR1362936

Routing Protocols

  • In MC-LAG setup, when status-control standby is rebooting and status-control active is down, and if ICCP session-establishment timer is configured less than or equal to the init-delay-timer on status-control standby, then mcae status of status-control standby might not come as active until the peer node is up. To avoid this, during these cases, ICCP session-establishment timer should be configured greater than init-delay-timer with preferably 100s or more. PR1348648

  • On QFX Series platforms, in a corner scenario with a Virtual Chassis setup, if storm control configuration is enabled on interfaces and multicast traffic ingresses on the interfaces, some storm control error logs might be observed on these interfaces. It is only seen in one customer setup and not reproducible in a local setup. Also, it is just a logging issue and has no traffic impact. PR1355607

  • In a scaled setup, when the host table is full and the host entries are installed in the LPM table, OSPF sessions might take more time to come up. PR1358289

  • On the QFX5120, when the UFT profile is configured with lpm-profile prefix-65-127-disable and lpm-profile, the command output for show pfe route summary hw will show different scale values for the IPv4 and IPv6 LPM routes rather than the supported scale. Supported scale is as follows: lpm-profile prefix-65-127-disable IPv4 <= /32 IPv6 <= /64 IPv6 > /64 Enabled 351K (360,000 approx) 168K (172,000 approx) 0k Disabled 168K (172,000 approx) 64K (65524 approx) 64K (65524 approx). PR1366579

  • On a QFX5120 with UFT configuration num-65-127-prefix-4, when scaled greater than 64 prefix IPv6 routes, the command show pfe route inet6 hw lpm output will show only the single IPv6 entry but not the scaled entries. PR1369320

  • In an LDP network with gradual deployment of segment routing LDP mapping server feature), the rpd process might crash after executing and committing the configuration related to mapping-server-entry prefix-segments and prefix-segment-ranges with the maximum number of entries exceeded (16 for Junos OS Release 17.4 and 64 for Junos OS Release 17.4R2 and later). PR1379558

  • The show evpn igmp-snooping database output command has some lines removed that are misleading. PR1391406

  • When a MOLEX QSFP+ DAC cable is connected to the QFX5210, the link will not come up. A DCPFE core file is generated, and the fxpc process will not come up. PR1397158

  • On QFX5110 and QFX5200 switches, the non-collapsed EVPN-VXLAN dcfpe core file is seen at brcm_pkt_tx_flush, l2alm_mac_ip_timer_handle_expiry_event_loc, after random event. PR1397205

Software Installation and Upgrade

  • If the device is booted into single-user mode (recovery mode), and any change in configuration is made (such as setting the root password), then the commit might fail. PR1368986

Resolved Issues

This section lists the issues fixed for the QFX Series switches inJunos OS Release 18.4R1 for QFX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper online Junos Problem Report Search application.

EVPN

  • The QFX10000 might drop transited traffic coming from the MPLS network to VXLAN-EVPN. PR1360159

  • Proxy ARP might not work as expected in an EVPN environment. PR1368911

  • QFX10000 or import default IPv6 route to VRF causes infinite entries to get created in evpn ip-prefix-database and become unstable. PR1369166

  • VTEP's MAC address might not be learned in the Ethernet switching table. PR1371995

General Routing

  • After clearing the QFX5100 is treating 40G AOC uplink as 4x10g breakout with auto-channelization enabled. PR1317872

  • Status LED on the chassis does not show up on QFX10002-60c. PR1332991

  • AI-script does not get auto-upgrade unless it is manually done after a Junos OS upgrade. PR1337028

  • On QFX5100 platforms, LR4 QSFP can take up to 15 minutes to come up after a Virtual Chassis reboot. PR1337340

  • QFX5100 40G port has an interoperability issue with some other vendors. PR1349664

  • ARP learning might fail after changing the interface MAC address. PR1353241

  • On EVPN-VXLAN, the VXLAN traffic might be lost in EVPN type 2 and type 5 scenario. PR1355773

  • The QFX5120-48Y cannot match on user-vlan-id for tunnel terminated packets. PR1358669

  • On the QFX10000 line of switches, packets will be dropped when virtual-gateway-address is configured on an IRB interface associated with a non-vxlan VLAN. PR1360646

  • FEC is incorrectly displayed on QFX10002-36Q and QFX5110. PR1360948

  • VME interface might be unreachable after link flap of em0 on master FPC. PR1362437

  • Traffic might not be forwarded when the member link of the aggregated Ethernet interface is added or deleted. PR1362653

  • A 1G interface might stop working when autonegotiation is off by default. PR1362977

  • The following log messages are seen: kernel: tcp_timer_keep: Dropping socket connection. PR1363186

  • On QFX10008 and QFX10016 platforms, MPLS exp rewrite might not work for IPv6 and IPv4 traffic. PR1364391

  • Traffic loss is observed when unified ISSU is performed with aggregated Ethernet interfaces configured with LACP protocol. PR1365316

  • Root password recovery process does not work. PR1365740

  • The l2cpd process might crash when configuring MVRP with private VLAN and RSTP interface all. PR1365937

  • QFX5110-5100 VCF / 1G link does not come up. PR1366218

  • The tagged traffic is dropped in the untagged EVPN/VXLAN scenario. PR1366336

  • On QFX10002-60C and QFX10000-30C platforms, some interfaces do not come up during initialization after a reboot. PR1368203

  • On QFX Series switches, IS-IS adjacency with Cisco might go down. PR1368913

  • The commit or commit check might fail due to the error cannot have lsp-cleanup-timer without lsp-provisioning. PR1368992

  • In certain routing topologies with sFlow configured, sampled packets might be duplicated and sFlow records are not sent to the collector. PR1370464

  • The first 2 characters out of 14 of AS7816-64 serial number are truncated. PR1371126

  • For Junos OS Release 18.1R1 and earlier releases, the USB image installation on QFX5210-64C, AMI bios upgrade needs to be done. PR1371199

  • On the QFX10000 line of switches, before the Junos OS Release 17.3R3 code, the maximum number of ESI logical interfaces was 4000 in the Packet Forwarding Engine. PR1371414

  • On QFX5100, the IPv6 routed packet will be transmitted though VRRP state in transition to master. PR1372163

  • Packets might be dropped after deleting a filter from an interface. PR1372957

  • MAC refresh packet might not be sent out from the new primary link after RTG failover. PR1372999

  • TPI-50840 BUM traffic received on 5110 is not flooded to all remote VTEPs. PR1373093

  • BOOTP packets might be dropped if BOOTP support is not enabled at the global level. PR1373807

  • LLDP might stop fully working between a QFX10000 line switch and a non-Juniper Network device. PR1374321

  • On QFX5110, Ethernet switching flood group shows incorrect information. PR1374436

  • Only the loopback interface is supported under VRF routing instances. PR1375130

  • Packet Forwarding Engine wedge might be observed if there are interfaces going to down state. PR1376366

  • The same address family (subnet logical interface or IRB logical interface, but not both) needs to be configured for establishing VTEPs. PR1376996

  • The autonegotiation interface might go down if the opposite device supports only 10/100M autonegotiation. PR1377298

  • The autonegotiation interface might go down if the opposite device supports only 10/100M autonegotiation. PR1377447

  • Deleting an IRB interface might affect other IRB interfaces if the same custom MAC address is configured. PR1379002

  • LOC and Diag system LED's on the front panel are not defined yet. PR1380459

  • L3VPN traffic might be dropped due to one core-facing interface being down. PR1380783

  • A QFX5xxx Packet Forwarding Engine might show DISCARD next-hop for overlay-bgp-lo0-ip in a spine-and-leaf topology. PR1380795

  • Virtual Chassis master is copying /var/db/ovsdatabase to backup every 10 seconds, which causes a high write IO and shortens the SSD lifetime in Open vSwitch Database (OVSDB) environment. PR1381888

  • EVPN-VXLAN ARP/NDP proxy is not working. PR1382483

  • The Packet Forwarding Engine might crash if the GRE destination IP is resolved over another GRE tunnel. PR1382727

  • The functionality under the license "JUNOS-FP-C2" might take effect even it does not get installed properly. PR1383274

  • The 'force-host' upgrade is required for QFX5110-48S-4C in Junos OS Release 18.4 if the PTP over IPv6 G.8275.2 feature configured. PR1384073

  • The Layer 3 interface might stop pinging directly connected link address after deleting Layer 2 on a physical interface. PR1384144

  • On QFX5110 platforms, SFPP-10G-DT-ZRC2 and SFPP-10G-CT50-ZR transceivers might not be tunable and remain 1550.10nm by default in the hardware. PR1384524

  • Port-mirroring-instance or analyzer-based mirroring does not work with input as VLAN ingress when VLAN is mapped to VXLAN. PR1384732

  • All 1G SFP copper and 1G fiber optic links remain up on QFX10008 after all SIBs/FPCs are offline. PR1385062

  • The IPv6 packet might not be routed when IPv6 packet is encapsulated over IPv4 GRE tunnel on QFX10000. PR1385723

  • CPSM daemon memory leak occurs in VMHOST. PR1387903

  • On the QFX10000 line of switches, MAC learning might stop working on some LAG interfaces after frequent MAC moves. PR1389411

  • FPC might crash on QFX5100 platforms in a large-scale scenario. PR1389872

  • The vmcore might be seen when routing changes are made on the peer spine in an EVPN-VXLAN scenario. PR1390573

  • The smid core file is seen during sanity script execution on QFX5100. PR1391909

  • The l2ald core file is seen when a Layer 2 learning traceoptions were enabled. PR1394380

  • DRAM and buffer utilization fields are not correct for QFX10000 platforms. PR1394978

  • DOT1XD core file is found at pnac_bd_create pnac_bdm_handler knl_async_receive_and_process. PR1395384

  • On QFX5110 Virtual Chassis, after Routing Engine switchover, LACP will be brought down on the peer device and never recover automatically. PR1395943

  • The Juniper Extension Toolkit (JET) or Junos Telemetry Interface (JTI) is not used, because of a bug in the GRPC stack which is used by jsd and na-grpcd daemons. PR1398398

Interfaces and Chassis

  • Stating in Junos OS 17.2R1, on QFX Series products, the CLI allows you to configure more logical interfaces than the limit of 2048 logical interfaces on the LAG interface. PR1361689

  • On QFX5200 MC-LAG parse_remove_ifl_from_routing_inst() ERROR : No route inst on et-0/0/16.16386, error is seen after restarting l2cpd daemon. PR1373927

Layer 2 Features

  • On QFX5100, storm control profile is missing for interfaces in hardware. PR1354889

  • LACP packets are getting dropped with native-vlan-id configured after reboot. PR1361054

  • QFX5000 the Virtual Chassis acting as EVPN-VXLAN ARP proxy might cause ARP resolution to fail. PR1365699

  • Hashing does not work for the IPv6 packet encapsulated in VXLAN scenario. PR1368258

  • When native-vlan-id is configured for aggregated Ethernet interface, the LACP session to the multihomed server goes down. PR1369424

  • DHCP discover packets might be dropped if VXLAN is configured. PR1377521

  • Packets might be dropped on AD in a Junos Fusion Data Center environment. PR1377841

  • The dcpfe process might crash while changing MTU of physical ports for GRE. PR1384517

  • The LACP might be in detached state when deleting native-vlan-id on aggregated Ethernet interface with flexible-vlan-tagging configured. PR1385409

  • On QFX5000 line switches, if EVPN-TYPE 5 routes are present, when doing "restart routing" or a BGP session to a neighbor device flaps, the dcpfe core file might be seen. PR1387360

  • On QFX5000, EVPN-VXLAN failed to forward the IPv6 NS packet from remote VTEP to local host. PR1387519

  • The dcpfe process might crash after VXLAN overlay ping. PR1388103

  • RTG MAC refresh packets will be sent out from non-RTG ports if the RTG interface belonging to the Virtual Chassis master flaps. PR1389695

  • Cisco Discovery Protocol (CDP) packets are not forwarded by QFX10000 line switches. PR1389829

MPLS

  • LSP might not be established properly between QFX5000 line switch and other devices. PR1351055

  • NO-propogate-TTL acts on MPLS swap operation. PR1366804

  • LSP with auto-bandwidth enabled goes down during HMC error condition. PR1374102

  • LSP "statistics" and "auto-bandwidth" functionality might not take effect with single-hop LSPs. PR1390445

Network Management and Monitoring

  • For QFX5110, the returned SNMP values of module temperature-HighAlarmThreshold, LowAlarmThreshold, and HighWarningThreshold are not as same as the one shown in the CLI. PR1369030

Platform and Infrastructure

  • When chassis control restart is done with aggregated Ethernet and CoS rewrite configuration, the Platform failed to bind rewrite messages might be seen in the syslog. PR1315437

  • When Junos OS next hop index allocation fails, the private index space get exhausted through the incoming ARP requests to the management interface. PR1360039

  • Forwarding is broken after adding protocol EVPN extended-vlan-id. PR1368802

  • Traffic is silently dropped or discarded with indirect next hop and load balancing. PR1376057

  • LSI binding is missing upon nd6 entry refresh after Layer 2 logical interface flap. PR1380590

  • IRB interface does not turn down when master of Virtual Chassis is rebooted or stopped. PR1381272

Routing Protocols

  • On QFX5100 platforms, the parity errors in Layer 3 IPv4 table in the Packet Forwarding Engine memory might cause traffic to be silently dropped and discarded. PR1364657

  • On QFX5120 platforms, the command output for the configuration statement show pfe route summary hw shows different scale values for the IPv4 and IPv6 lpm routes rather than the supported scale. PR1366579

  • The dcpfe might crash and all interfaces flap. PR1369011

  • When ecmp-resilient-hash is configured for the existing ECMP route, the update to the next hop in hardware fails. PR1387713

  • The show evpn igmp-snooping database extensive command output needs to be modified as per the SMET functionality. PR1391406

User Interface and Configuration

  • Adding or deleting the VLAN member starting with a VLAN-ID number might cause many errors. PR1362535

Documentation Updates

There are no documentation errata or changes for the QFX Series switches in Junos OS Release 18.4R1.

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network.

Upgrading Software on QFX Series Switches

When upgrading or downgrading Junos OS, always use the jinstall package. Use other packages (such as the jbundle package) only when so instructed by a Juniper Networks support representative. For information about the contents of the jinstall package and details of the installation process, see the Installation and Upgrade Guide and Junos OS Basics in the QFX Series documentation.

If you are not familiar with the download and installation process, follow these steps:

  1. In a browser, go to https://www.juniper.net/support/downloads/junos.html.

    The Junos Platforms Download Software page appears.

  2. In the QFX Series section of the Junos Platforms Download Software page, select the QFX Series platform for which you want to download the software.
  3. Select 18.4 in the Release pull-down list to the right of the Software tab on the Download Software page.
  4. In the Install Package section of the Software tab, select the QFX Series Install Package for the 18.4 release.

    An Alert box appears.

  5. In the Alert box, click the link to the PSN document for details about the software, and click the link to download it.

    A login screen appears.

  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.
  7. Download the software to a local host.
  8. Copy the software to the device or to your internal software distribution site.
  9. Install the new jinstall package on the device.Note

    We recommend that you upgrade all software packages out of band using the console, because in-band connections are lost during the upgrade process.

    Customers in the United States and Canada use the following command:

    user@host> request system software add source/jinstall-host-qfx-5-x86-64-18.4-R1.n-secure-signed.tgz reboot

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the switch.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname (available only for Canada and U.S. version)

    Adding the reboot command reboots the switch after the upgrade is installed. When the reboot is complete, the switch displays the login prompt. The loading process can take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note

After you install a Junos OS Release 18.4 jinstall package, you can issue the request system software rollback command to return to the previously installed software.

Installing the Software on QFX10002-60C Switches

This section explains how to upgrade the software, which includes both the host OS and the Junos OS. This upgrade requires that you use a VM host package—for example, a junos-vmhost-install-x.tgz .

During a software upgrade, the alternate partition of the SSD is upgraded, which will become primary partition after a reboot .If there is a boot failure on the primary SSD, the switch can boot using the snapshot available on the alternate SSD.

Note

The QFX10002-60C switch supports only the 64-bit version of Junos OS.

Note

If you have important files in directories other than /config and /var, copy the files to a secure location before upgrading. The files under /config and /var (except /var/etc) are preserved after the upgrade.

To upgrade the software, you can use the following methods:

If the installation package resides locally on the switch, execute the request vmhost software add <pathname><source> command.

For example:

user@switch> request vmhost software add /var/tmp/junos-vmhost-install-qfx-x86-64-18.4R1.9.tgz

If the Install Package resides remotely from the switch, execute the request vmhost software add <pathname><source> command.

For example:

user@switch> request vmhost software add ftp://ftpserver/directory/junos-vmhost-install-qfx-x86-64-18.4R1.9.tgz

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Installing the Software on QFX10002 Switches

Note

If you are upgrading from a version of software that does not have the FreeBSD 10 kernel (15.1X53-D30, for example), you will need to upgrade from Junos OS Release 15.1X53-D30 to Junos OS Release 15.1X53-D32. After you have installed Junos OS Release 15.1X53-D32, you can upgrade to Junos OS Release 15.1X53-D60 or Junos OS Release 18.4R1.

Note

On the switch, use the force-host option to force-install the latest version of the Host OS. However, by default, if the Host OS version is different from the one that is already installed on the switch, the latest version is installed without using the force-host option.

If the installation package resides locally on the switch, execute the request system software add <pathname><source> reboot command.

For example:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-f-x86-64-18.4R1.n-secure-signed.tgz reboot

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> reboot command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-f-x86-64-18.4R1.n-secure-signed.tgz reboot

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Upgrading Software from Junos OS Release 15.1X53-D3X to Junos OS Release 15.1X53-D60, 15.1X53-D61.7, 15.1X53-D62, and 15.1X53-D63 on QFX10008 and QFX10016 Switches

Note

Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://www.juniper.net/support.

The switch contains two Routing Engines, so you will need to install the software on each Routing Engine (re0 and re1).

If the installation package resides locally on the switch, execute the request system software add <pathname><source> command.

To install the software on re0:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re0

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re0 command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re0

To install the software on re1:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re1

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re1 command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re1

Reboot both Routing Engines.

For example:

user@switch> request system reboot both-routing-engines

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Installing the Software on QFX10008 and QFX10016 Switches

Because the switch has two Routing Engines, perform a Junos OS installation on each Routing Engine separately to avoid disrupting network operation.

Note

Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://www.juniper.net/support.

Warning

If graceful Routing Engine switchover (GRES), nonstop bridging (NSB), or nonstop active routing (NSR) is enabled when you initiate a software installation, the software does not install properly. Make sure you issue the CLI delete chassis redundancy command when prompted. If GRES is enabled, it will be removed with the redundancy command. By default, NSR is disabled. If NSR is enabled, remove the nonstop-routing statement from the [edit routing-options] hierarchy level to disable it.

  1. Log in to the master Routing Engine’s console.

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  2. From the command line, enter configuration mode:

    user@switch> configure
  3. Disable Routing Engine redundancy:

    user@switch# delete chassis redundancy
  4. Disable nonstop-bridging:

    user@switch# delete protocols layer2-control nonstop-bridging
  5. Save the configuration change on both Routing Engines:

    user@switch# commit synchronize
  6. Exit the CLI configuration mode:

    user@switch# exit

    After the switch has been prepared, you first install the new Junos OS release on the backup Routing Engine, while keeping the currently running software version on the master Routing Engine. This enables the master Routing Engine to continue operations, minimizing disruption to your network.

    After making sure that the new software version is running correctly on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the software version on the other Routing Engine.

  7. Log in to the console port on the other Routing Engine (currently the backup).

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  8. Install the new software package using the request system software add command:

    user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-f-x86-64-18.4R1.n-secure-signed.tgz

    For more information about the request system software add command, see the CLI Explorer.

  9. Reboot the switch to start the new software using the request system reboot command:

    user@switch> request system reboot
    Note

    You must reboot the switch to load the new installation of Junos OS on the switch.

    To abort the installation, do not reboot your switch. Instead, finish the installation and then issue the request system software delete <package-name> command. This is your last chance to stop the installation.

    All the software is loaded when you reboot the switch. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.

    While the software is being upgraded, the Routing Engine on which you are performing the installation is not sending traffic.

  10. Log in and issue the show version command to verify the version of the software installed.

    user@switch> show version

    Once the software is installed on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the master Routing Engine software.

  11. Log in to the master Routing Engine console port.

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  12. Transfer routing control to the backup Routing Engine:

    user@switch> request chassis routing-engine master switch

    For more information about the request chassis routing-engine master command, see the CLI Explorer.

  13. Verify that the backup Routing Engine (slot 1) is the master Routing Engine:

    user@switch> show chassis routing-engine
  14. Install the new software package using the request system software add command:

    user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-f-x86-64-18.4R1.n-secure-signed.tgz

    For more information about the request system software add command, see the CLI Explorer.

  15. Reboot the Routing Engine using the request system reboot command:

    user@switch> request system reboot
    Note

    You must reboot to load the new installation of Junos OS on the switch.

    To abort the installation, do not reboot your system. Instead, finish the installation and then issue the request system software delete jinstall <package-name> command. This is your last chance to stop the installation.

    The software is loaded when you reboot the system. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.

    While the software is being upgraded, the Routing Engine on which you are performing the installation does not send traffic.

  16. Log in and issue the show version command to verify the version of the software installed.

  17. Transfer routing control back to the master Routing Engine:

    user@switch> request chassis routing-engine master switch

    For more information about the request chassis routing-engine master command, see the CLI Explorer.

  18. Verify that the master Routing Engine (slot 0) is indeed the master Routing Engine:

    user@switch> show chassis routing-engine

Performing a Unified ISSU

You can use unified ISSU to upgrade the software running on the switch with minimal traffic disruption during the upgrade.

Note

Unified ISSU is supported in Junos OS Release 13.2X51-D15 and later.

Perform the following tasks:

Preparing the Switch for Software Installation

Before you begin software installation using unified ISSU:

  • Ensure that nonstop active routing (NSR), nonstop bridging (NSB), and graceful Routing Engine switchover (GRES) are enabled. NSB and GRES enable NSB-supported Layer 2 protocols to synchronize protocol information between the master and backup Routing Engines.

    To verify that nonstop active routing is enabled:

    Note

    If nonstop active routing is enabled, then graceful Routing Engine switchover is enabled.

    If nonstop active routing is not enabled (Stateful Replication is Disabled), see Configuring Nonstop Active Routing on Switches for information about how to enable it.

  • Enable nonstop bridging (NSB). See Configuring Nonstop Bridging on Switches (CLI Procedure) for information on how to enable it.

  • (Optional) Back up the system software—Junos OS, the active configuration, and log files—on the switch to an external storage device with the request system snapshot command.

Upgrading the Software Using Unified ISSU

This procedure describes how to upgrade the software running on a standalone switch.

To upgrade the switch using unified ISSU:

  1. Download the software package by following the procedure in the Downloading Software Files with a Browser section in Installing Software Packages on QFX Series Devices.

  2. Copy the software package or packages to the switch. We recommend that you copy the file to the /var/tmp directory.

  3. Log in to the console connection. Using a console connection allows you to monitor the progress of the upgrade.

  4. Start the ISSU:

    • On the switch, enter:

      where package-name.tgz is, for example, jinstall-host-qfx-10-f-x86-64-18.4R1.n-secure-signed.tgz.

    Note

    During the upgrade, you cannot access the Junos OS CLI.

    The switch displays status messages similar to the following messages as the upgrade executes:

    Note

    A unified ISSU might stop, instead of abort, if the FPC is at the warm boot stage. Also, any links that go down and up will not be detected during a warm boot of the Packet Forwarding Engine (PFE).

    Note

    If the unified ISSU process stops, you can look at the log files to diagnose the problem. The log files are located at /var/log/vjunos-log.tgz.

  5. Log in after the reboot of the switch completes. To verify that the software has been upgraded, enter the following command:

  6. Ensure that the resilient dual-root partitions feature operates correctly, by copying the new Junos OS image into the alternate root partitions of all of the switches:

    Resilient dual-root partitions allow the switch to boot transparently from the alternate root partition if the system fails to boot from the primary root partition.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2 and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.

You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.

Product Compatibility

Hardware Compatibility

To obtain information about the components that are supported on the devices, and the special compatibility guidelines with the release, see the Hardware Guide for the product.

To determine the features supported on QFX Series switches in this release, use the Juniper Networks Feature Explorer, a Web-based application that helps you to explore and compare Junos OS feature information to find the right software release and hardware platform for your network. Find Feature Explorer at https://apps.juniper.net/feature-explorer/.

Hardware Compatibility Tool

For a hardware compatibility matrix for optical interfaces and transceivers supported across all platforms, see the Hardware Compatibility tool.