Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for the QFX Series

 

These release notes accompany Junos OS Release 19.2R3 for the QFX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

What's New

Learn about new features introduced in the Junos OS main and maintenance releases for QFX Series.

Note

The following QFX Series platforms are supported in Release 19.2R3: QFX5100, QFX5110 (32Q and 48S), QFX5120, QFX5200, QFX5200-32CD, QFX5210, QFX10002, QFX10002-60C, QFX10008, and QFX10016.

Junos on White Box runs on Accton Edgecore AS7816-64X switches in this release. The software is based on Junos OS running on QFX5210 switches, so release-note items that apply to QFX5210 switches also apply to Junos on White Box.

What’s New in Release 19.2R3

There are no new features or enhancements to existing features for QFX Series in Junos OS Release 19.2R3.

What’s New in Release 19.2R2

Routing Protocols

  • Option to pause BGP multipath computation during BGP peering churn (MX Series, PTX Series, and QFX Series)—Starting in Junos OS Release 19.2R2, you can choose to defer multipath computation for all families during a BGP peering churn. In very large-scale network deployments during BGP peering churn there is a temporary spike in multipath computation, which takes a toll on the Packet Forwarding Engine resources. This feature allows you to pause the multipath computation and to resume after the peering churn settles down. Note that if there is no BGP peering churn, then multipath computation is not paused.

    To enable the pause option for BGP multipath computation during BGP peering churn, include the pause computation statement at the [edit protocols BGP multipath] hierarchy level.

What's New in Release 19.2R1-S1

EVPN

  • Overlay load balancing in an EVPN-VXLAN network (QFX5200 and QFX5210 switches)—Starting in Junos OS Release 19.2R1-S1, QFX5200 and QFX5210 switches that function as leaf or spine devices in an EVPN-VXLAN network (centrally-routed and edge-routed bridging overlays) support load balancing among different virtual tunnel endpoints (VTEPs). We support overlay load balancing in the following use cases:

    • A leaf device is multihomed to multiple spine devices.

    • A host is multihomed to multiple leaf devices.

    In both use cases, each multihomed physical, aggregated Ethernet, or logical interface is configured with an Ethernet segment identifier (ESI). Overlay load balancing supports a maximum of 255 ESIs. If you exceed this maximum (for example, you configure 256 ESIs), traffic destined for the 256th ESI is flooded to the VLAN associated with the ESI.

    To enable overlay load balancing, enter the vxlan-overlay-load-balance configuration statement at the [edit forwarding-options] hierarchy level.

    [See the EVPN User Guide.]

Routing Protocols

  • Decouple RSVP for IGP-TE (MX Series, PTX Series, ACX Series, QFX Series, SRX Series, and EX Series)—Starting in Junos OS Release 19.2R1-S1, device can advertise selective traffic-engineering attributes such as admin-color and maximum-bandwidth, without enabling RSVP, for segment routing and interior gateway protocol (IGP) deployments.

What's New in Release 19.2R1

Hardware

  • 5.5 KW Power Supplies (QFX10000 switches)—Starting in Junos OS Release 19.2R1, QFX10000 modular chassis adds two 5.5 KW power supplies. The JNP10K-PWR-AC2 power supply supports AC, high-voltage alternating current (HVAC), DC, or high-voltage direct current (HVDC). The JNP10K-PWR-DC2 provides a 5.5 KW upgrade for DC users. Two new ordering SKUs are available for the QFX10008 switch: QFX10008-BASE-H and QFX10008-REDUND-H.

    The JNP10K-PWR-AC2 takes AC input and provides DC output of 12.3 VDC, 5000 W with a single feed and 5500 W with a dual feed. For AC systems, the operating input voltage is 180 to 305 VAC and for DC systems, the operating input voltage is 190 to 410 VDC.

    The JNP10K-PWR-DC2 power supply provides two power supplies in a single housing that accepts either 60 A or 80 A using four redundant input power feeds. PS_0 and PS_1 each have redundant input feeds: A0 and/or B0 for PS_0 and A1 and/or B1 for PS_1. The input is configured using a set of dip switches on the power supply faceplate. The output is dependent on the settings of these dip switches.

    [See QFX10008 System Overview.}

EVPN

  • EVPN-VXLAN support (QFX10002-60C switches)—Starting in Junos OS Release 19.2R1, the QFX10002-60C switch can function as a Layer 2 or Layer 3 VXLAN gateway in both EVPN-VXLAN centrally-routed and edge-routed bridging overlays (EVPN-VXLAN topologies with two-layer and collapsed IP fabrics). In these roles, the switch supports the following features:

    • Enterprise style of Layer 2 interface configuration

    • Active/active multihoming

    • Default routing instance

    • Multiple routing instances of type virtual switch, and VLAN-aware service on the virtual switch routing instance

    • Pure type-5 routes

    • Proxy ARP use and ARP suppression, and proxy NDP use and NDP suppression on an IRB interface

    • ESIs on physical and aggregated Ethernet interfaces

    • OSPF, IS-IS, BGP, and static routing on IRB interfaces

    • DHCP relay

    • IPv6 support for user data traffic

    • EVPN-VXLAN with MPLS as transport layer

    • MAC mobility

    [See EVPN User Guide.]

  • Unicast VXLAN with MC-LAG (QFX5120 switches)—Instead of EVPN providing remote VXLAN tunnel endpoint (remote VTEP) reachability information, starting in Junos OS Release 19.2R1, Junos OS supports the static configuration of remote VTEPs on QFX5120 switches in a network that also includes the following elements:

    • Endpoints multihomed to a pair of QFX5120 switches, each of which functions as Layer 2 VXLAN gateways or leaf devices, and as MC-LAG peers

    • Spine devices functioning as Layer 3 devices that handle the QFX5120 switches’ IPv4 traffic

    In this environment, the QFX5120 switches also support the configuration of ingress node replication, which enables the replication of Layer 2 BUM traffic. In fact, when you configure ingress node replication, other multicast features are disabled.

Interfaces and Chassis

  • Domain Name System (DNS) is VRF aware (QFX Series)—Starting in Junos OS Release 19.2R1, when the management-instance statement is configured at the [edit system] hierarchy level, you can use the non-default management routing instance mgmt_junos as the routing instance through which the DNS name server is reachable. To specify the routing instance mgmt_junos, configure our new configuration statement routing-instance mgmt_junos, at the [edit system name-server server-ip] hierarchy level.

    [See Management Interface in a Nondefault Instance, Configuring a DNS Name Server for Resolving a Hostname into Addresses, name-server, and show host.]

  • Uplink failure detection debounce interval (QFX5100, QFX5110, QFX5120, QFX5200, and QFX5210 switches)—Starting with Junos OS Release 19.2R1, you can configure the debounce interval, which is an amount of time, in seconds, that elapses before the downlink interfaces are brought up after corresponding state change of the uplink interfaces. In the absence of a debounce interval configuration, the downlink interfaces are brought up immediately after a state change of the uplink interfaces, which might introduce unnecessary state changes of the downlink interfaces, as well as unnecessary failovers on the servers connected to these ports.

    You can configure the debounce-interval statement at the [edit protocols uplink-failure-detection group group-name] hierarchy level.

    [See Uplink Failure Detection.]

Junos OS XML, API, and Scripting

  • Automation script library additions and upgrades (QFX Series)—Starting in Junos OS Release 19.2R1, devices running Junos OS that support the Python extensions package include new and upgraded Python modules. Python automation scripts can leverage new on-box Python modules, including the requests, chardet, and urllib3 modules, as well as upgraded versions of the idna, ipaddress, and six modules. The Requests library provides additional methods for supporting initial deployments as well as for performing routine monitoring and configuration changes on devices running Junos OS.

    [See Overview of Python Modules Available on Devices Running Junos OS and Using the Requests Library for Python on Devices Running Junos OS.]

Junos Telemetry Interface

  • Sensor level statistics support on Junos Telemetry Interface (JTI) (MX960, MX2008, MX2010, MX2020, PTX5000, PTX1000, and PTX10000 routers and QFX5100 and QFX5200 switches)—Starting with Junos OS Release 19.2R1, you can issue the Junos operational mode command show network-agent statistics to provide more information on a per-sensor level for statistics being streamed to an outside collector by means of remote procedure calls (gRPC) and JTI. Only sensors exported with gRPC are supported. The command does not support UDP-based sensors.

    [See show network-agent statistics and Understanding OpenConfig and gRPC on Junos Telemetry Interface.]

  • ONCE mode supported using gNMI services and JTI (QFX Series)—Starting in Junos OS Release 19.2R1, you can include the "ONCE" mode with the Subcribe RPC when subscribing to gRPC Network Management Interface (gNMI) services to export statistics for telemetry monitoring and management using Junos telemetry interface (JTI). ONCE mode ensures that the collector is only streamed telemetry information one time at initial connection establishment? .

    The subscribe RPC and subscription parameters are defined in the gnmi.proto file.

    Streaming telemetry data through gNMI also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support JTI.

    [See Understanding OpenCOnfig and gRPC on Junos Telemetry Interface.]

  • Packet Forwarding Engine statistics export using gNMI and JTI (QFX5100 and QFX5200 switches)—Starting in Junos OS Release 19.2R1, you can stream Packet Forwarding Engine statistics to an outside collector using gRPC Management Interface (gNMI) version 0.7.0 and Junos telemetry interface (JTI). Prior to this, these statistics were exported using OpenConfig gRPC and UDP protocol buffer (gpb) format. OpenConfig gRPC and gNMI are both protocols used to modify and retrieve configurations as well as export telemetry streams from a device in order to manage and monitor it

    To provision Packet Forwarding Engine sensors to export data through gNMI, use the subscribe RPC defined in the gnmi.proto to specify request parameters. This RPC already supports Routing Engine statistics to be exported by means of gNMI. Now, Packet Forwarding Engine sensors will also stream KV pairs in gNMI format for a majority of Packet Forwarding Engine sensors.

    Streaming telemetry data through gNMI also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the JTI.

    [See Guidelines for gRPC Sensors (Junos Telemetry Interface) and Understanding OpenCOnfig and gRPC on Junos Telemetry Interface.]

  • gNMI support extended for JTI (QFX5110, QFX5120, QFX5200, and QFX5210 switches)—Starting in Junos OS Release 19.2R1, Junos telemetry interface (JTI) sensor support extends the ability to configure the following resource paths that use gRPC for export to also use gRPC Management Interface (gNMI) for export. gNMI is a protocol for configuration and retrieval of state information.

    JTI supports the following resource paths:

    • /components/component/properties/property/state/value

    • /components/component/state/

    • /interfaces/interface/state/

    • /interfaces/interface/subinterfaces/subinterface/state/

    To provision the sensor to export data through gNMI, use the Subscribe RPC defined in the gnmi.proto to specify request parameters. Streaming telemetry data through gNMI also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the JTI.

    [See Guidelines for gRPC Sensors (Junos Telemetry Interface).]

  • gNMI support for Routing Engine statistics for JTI (QFX5100, QFX5110, QFX5120, QFX5200, and QFX5210 switches)—Starting in Junos OS Release 19.2R1, Junos telemetry interface (JTI) supports the export of Routing Engine sensors using gRPC Management Interface (gNMI). gNMI is a protocol for configuration and retrieval of state information.

    You can use gNMI to export the following statistics:

    • LACP state export (resource path /lacp/interfaces/interface[name='ae1']/members/member/)

    • LLDP statistics (resource path /lldp/interfaces/interface[name='xe-0/0/9']/)

    • BGP peer information (for example, resource path /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/)

    • RSVP interface statistics (resource path /junos/rsvp-interface-information/)

    • RPD task memory utilization (resource path /junos/task-memory-information/)

    • LSP event export (resource path /junos/task-memory-information/)

    To provision the sensor to export data through gNMI, use the telemetrySubcribe RPC to specify telemetry parameters. Streaming telemetry data through gNMI also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the Junos Telemetry Interface (JTI).

    [See Guidelines for gRPC Sensors (Junos Telemetry Interface).]

  • gNMI support for Packet Forwarding Engine sensors for JTI (QFX5200 switches)—Starting in Junos OS Release 19.2R1, Junos telemetry interface (JTI) supports the export of Packet Forwarding Engine sensors using gRPC Management Interface (gNMI). gNMI is a protocol for configuration and retrieval of state information.

    You can stream the following statistics using gNMI for export:

    • Congestion and latency monitoring (resource path /junos/system/linecard/qmon-sw/)

    • Logical interface usage (resource path /junos/system/linecard/interface/logical/usage)

    • Filter statistics (resource path /junos/system/linecard/firewall/)

    • Physical interface statistics (resource path /junos/system/linecard/interface)

    • LSP statistics (resource path /junos/services/label-switched-path/usage/)

    • NPU and line-card statistics (resource path /junos/system/linecard/cpu/memory/)

    To provision the sensor to export data through gNMI, use the Subscribe RPC defined in the gnmi.proto to specify request parameters. Streaming telemetry data through gNMI also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the JTI.

    [See Guidelines for gRPC Sensors (Junos Telemetry Interface).]

  • gNMI support for Routing Engine statistics for JTI (QFX5200 switches)—Starting in Junos OS Release 19.2R1, Junos telemetry interface (JTI) supports export of Routing Engine sensors using gRPC Management Interface (gNMI). gNMI is a protocol for configuration and retrieval of state information. Both streaming and ON_CHANGE export is supported using gNMI.

    Export the following statistics using gNMI:

    • Network discovery, ARP table state (resource path /arp-information/)

    • Network discovery, NDP table state (resource paths /nd6-information/ and /ipv6-ra/)

    To provision the sensor to export data through gNMI, use the Subscribe RPC defined in the gnmi.proto to specify request parameters. Streaming telemetry data through gNMI also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the JTI.

    [See Guidelines for gRPC Sensors (Junos Telemetry Interface).]

  • Specify Routing Instance for JTI (ACX Series, MX Series, PTX Series, and QFX Series)—Starting in Junos OS Release 19.2R1, you can specify the routing instance to use for remote procedure call (gRPC) services. Include the routing-instance instance-name at the [edit system services extension-service request-response grpc] hierarchy level. The routing instance name specified should match the name of the existing routing instance, such as a name configured under the [routing-instances] hierarchy level or mgmt_junos if system management-instance is configured (the dedicated management routing instance).

    Configuring the routing instance lets you choose the VRF for gRPC services. When the routing instance is not configured, the default behavior is that all gRPC-related services are available through the management fxp0/em0) interface.

MPLS

  • Support for MPLS firewall filter on loopback interface (QFX5100, QFX5110, QFX5200, QFX5210)—Starting with Junos OS Release 19.2R1, you can apply an MPLS firewall filter to a loopback interface on a label-switching router (LSR). For example, you can configure an MPLS packet with ttl=1 along with MPLS qualifiers, such as label, exp, and Layer 4 tcp/udp port numbers. Supported actions include accept, discard, and count. You configure this feature at the [edit firewall family mpls] hierarchy level. You can only apply a loopback filters on family mpls in the ingress direction.

    [See Overview of MPLS Firewall Filters on Loopback Interface.]

  • Support for IS-IS segment routing (QFX10002-60C)—Starting in Junos OS Release 19.2R1, you can use IS-IS segment routing through MPLS. Currently, label advertisements are supported for IS-IS only. IS-IS creates an adjacency segment per adjacency, per level, and per address family (one each for IPv4 and IPv6). Junos OS IS-IS implementation allocates node segment label blocks in accordance with the IS-IS protocol extensions for supporting segment routing node segments. It provides a mechanism to the network operator to provision an IPv4 or IPv6 address family node segment index. To configure segment routing, use the following configuration statements at the [edit protocols isis] hierarchy level:

    • source-packet-routing—Enable the source packet routing feature.

    • node-segment—Enable source packet routing at all levels.

    • use-source-packet-routing—Enable use of source packet routing node segment labels for computing backup paths for normal IPv4 or IPv6 IS-IS prefixes and for primary IS-IS source packet routing node segments.

    • no-advertise-adjacency-segment—Disable advertising of the adjacency segment on all levels for a specific interface.

    [See Understanding Source Packet Routing in Networking (SPRING).]

Network Management and Monitoring

  • Support for displaying valid user input in the CLI for command options and configuration statements in custom YANG data models (QFX Series)—Starting in Junos OS Release 19.2R1, the CLI displays the set of possible values for a given command option or configuration statement in a custom YANG data model when you include the action-expand extension statement in the option or statement definition and reference a script that handles the logic. The action-expand statement must include the script child statement, which defines the Python action script that is invoked when a user requests context-sensitive help in the CLI for the value of that option or statement.

    [See Displaying Valid Command Option and Configuration Statement Values in the CLI for Custom YANG Modules.]

  • Remote port mirroring and remote port mirroring to an IP address (QFX10002-60C switch)—Starting with Junos OS Release 19.2R1, use port mirroring to copy packets entering or exiting a port or entering a VLAN and send the copies to a VLAN for remote monitoring. You can also send mirrored packets to an IP address over a Layer 3 network (for example, if there is no Layer 2 connectivity to the analyzer device). Use port mirroring to send traffic to applications that analyze traffic for purposes such as monitoring compliance, enforcing policies, detecting intrusions, monitoring and predicting traffic patterns, correlating events, and so on.

    [See Understanding Port Mirroring.]

Routing Policy and Firewall Filters

  • Support for interface, forwarding-class, and loss priority match conditions on egress interfaces (QFX10002-36Q, QFX10002-72Q, QFX10002-60C, QFX10008, QFX10016)—Starting with Junos OS Release 19.2R1, you can apply the interface ,forwarding-class, and loss-priority firewall filter match conditions in the egress direction on IPv4 and IPv6 interfaces. You configure the match conditions at the [edit firewall] hierarchy level. This feature was previously supported in an "X" release of Junos OS.

    [See Firewall Filter Match Conditions and Actions (QFX10000).]

  • Loopback firewall filter scale optimization (QFX5120)—Starting with Junos OS Release 19.2R1, you can increase the number of ingress firewall filters on the loopback interface from 384 to 768. To do this, you configure an ingress firewall filter, apply it to the loopback interface, and then use the loopback-firewall-optimization command at the [edit chassis] hierarchy level] to enable optimization. When you configure the loopback filter, you must explicitly specify the terms for reserved multicast destination and ttl exception packets for this feature to work properly. Enabling or disabling optimization causes the PFE process to restart. This flaps the interfaces, meaning they go up and down, so traffic drops are expected.

    [See Planning the Number of Firewall Filters to Create.]

Routing Protocols

  • Support for 512 ECMP next hops for BGP (QFX10000 switches)—Starting with Junos OS Release 19.2R1, you can configure a maximum of 512 equal-cost multipath (ECMP) next hops for external BGP peers. (Previously, the maximum number supported was 128.) Having the ability to configure up to 512 ECMP next hops allows you to increase the number of direct BGP peer connections with the QFX10000 switches, thus improving latency and optimizing data flow. Optionally, you can configure those ECMP paths to use consistent load balancing (consistent hashing).

    Note

    This feature applies only to routes for external BGP peers. It does not apply to MPLS routes.

    [See Understanding Configuration of Up to 512 Equal-Cost Paths With Optional Consistent Load Balancing.]

  • Support for export of BGP Local RIB through BGP Monitoring Protocol (BMP) (QFX Series)—Starting in Junos OS Release 19.2R1, BMP is enhanced to support monitoring of local RIB (loc-rib) policy. The loc-rib policy is added to RIB types under the bmp route-monitoring statement.

    [See: Understanding the BGP Monitoring Protocol.]

Software Installation and Upgrade

  • The curl binary is packaged and made available on all Junos OS variants (QFX Series)—The curl binary is a command-line utility, used from the shell, that you can use to perform operations over several transport protocols, including the following: dict, file, ftp, gopher, http, imap, pop3, rtsp, smtp, telnet, tftp. The features enabled on Junos OS are curl version 7.59, libcurl version 7.59.

  • In-service software upgrade (ISSU) and in-service software reboot (ISSR) (QFX5200 switches)—Starting with Junos OS Release 19.2R1, you can perform an in-service software upgrade (ISSU) to upgrade between two different Junos OS releases with minimal data and control-plane traffic impact. You can also perform an in-service software reboot (ISSR), which enables you to reset the software state of the system with minimal disruption in data and control traffic.

    You can perform an ISSU by issuing the request system software in-service-upgrade package-name command.

    You can perform an ISSR by issuing the request system reboot in-service command.

    [See Understanding In-Service Software Upgrade (ISSU).]

System Management

  • Support for transferring accounting statistics files and router configuration archives using HTTP URL (QFX Series)—Starting in Junos OS Release 19.2R1, you can transfer accounting statistics files and router configuration archives to remote servers by using an HTTP URL. In addition to SCP and FTP, the following HTTP URL will be supported under the archive-sites statement:

    http://username@host:url-path password password

    • To transfer accounting statistics files, configure archive-sites under [edit accounting-options file <filename>] hierarchy.

    • To transfer router configuration archival, configure archive-sites under edit system archival configuration hierarchy.

    • To view the statistics of transfer attempted, succeeded, and failed, use the show accounting server statistics archival-transfer command.

    • To clear the statistics of transfer attempted, succeeded, and failed, use the clear accounting server statistics archival-transfer command.

    [See archive-sites, Backing Up Configurations to an Archive Site, show accounting server statistics archival-transfer, and clear accounting server statistics archival-transfer.]

What's Changed

Learn about what changed in Junos OS main and maintenance releases for QFX Series.

What’s Changed in Release 19.2R3

Class of Service

  • Priority-based flow control (PFC) support (QFX5120-32C)—Starting with JunosOS 19.2R3, QFX5120-32C switches support priority-based flow control (PFC) using Differentiated Services code points (DSCP) at Layer 3 for untagged traffic.

EVPN

  • IGMP snooping in EVPN-VXLAN multihoming environments (QFX5110)—In an EVPN-VXLAN multihoming environment on QFX5110 switches, you can now selectively enable IGMP snooping only on those VLANs that might have interested listeners. In earlier releases, you must enable IGMP snooping on all VLANs associated with any configured VXLANs because all the VXLANs share VXLAN tunnel endpoints (VTEPs) between the same multihoming peers and require the same settings. This is no longer a configuration limitation.

Interfaces and Chassis

  • Autonegotiation status displayed correctly (QFX5120-48Y)—In Junos OS Release 19.2R3, the show interfaces interface-name <media> <extensive> command displays the autonegotiation status only for the interface that supports autonegotiation. This is applicable when the switch operates at 1-Gbps speed.

    In the earlier Junos OS releases, incorrect autonegotiation status was displayed even when autonegotiation was disabled.

What’s Changed in Release 19.2R2

General Routing

  • Support for full inheritance paths of configuration groups to be built into the database by default (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting with Junos OS Release 19.2R2, the persist-groups-inheritance option at the [edit system commit] hierarchy level is enabled by default. To disable this option, use no-persist-groups-inheritance.

    [See commit (System).]

Interfaces and Chassis

  • Support for creating Layer 2 logical interfaces independently (ACX Series, EX Series, MX Series, PTX Series, and QFX Series)—In Junos OS Releases 18.4R1, 18.4R2, 19.1R1, 19.1R2, 19.2R2, and later, QFX Series switches support creating Layer 2 logical interfaces independent of the Layer 2 routing-instance type. That is, you can configure and commit the Layer 2 logical interfaces separately and add the interfaces to the bridge domain or Ethernet VPN (EVPN) routing instance separately. Note that the Layer 2 logical interfaces work fine only when they are added to the bridge domain or EVPN routing instance.

    In earlier Junos OS releases, when you use a Layer 2 logical interface configuration (units with encapsulation vlan-bridge configuration), then you must add the logical interface as part of a bridge domain or EVPN routing instance for the commit to succeed.

  • Logical Interface is created along with physical Interface by default (QFX Series switches)—In Junos OS Release 19.2R2 and later, logical interface is created on ge, et, xe interfaces along with the physical interface, by default. In earlier Junos OS Releases, by default, only physical interfaces are created.

    For example, for ge interfaces, earlier when you view the show interfaces command, by default, only the physical interface (ge-0/0/0), is displayed. Now, the logical interface (ge-0/0/0.16386) is also displayed.

Layer 2 Features

  • New statement input-native-vlan-push (EX2300, EX3400, EX4600, EX4650, and the QFX5000 line of switches)—From Junos OS Release 19.2R2, the configuration statement input-native-vlan-push at the [edit interfaces interface-name] hierarchy level is introduced. You can use this statement in a Q-in-Q tunneling configuration to enable or disable whether the switch inserts a native VLAN identifier in untagged frames received on the C-VLAN interface, when the configuration statement input-vlan-map with a push operation is configured.

    [See input-native-vlan-push.]

Management

  • entPhysicalTable fetched on QFX10002—In Junos OS Release 19.2R2, the MIB data for entPhysicalTable will be fetched on a QFX10002-72Q or QFX10002-36Q switch.

    [See SNMP Explorer.]

Multicast

  • Multicast Layer 2 transit traffic statistics by multicast source and group (EX4600, EX4650, and the QFX5000 line of switches)—Starting in Junos OS Release 19.2R2, EX4600, EX4650, and the QFX5000 line of switches provide statistics on the packet count for each multicast group and source when passing multicast transit traffic at Layer 2 with IGMP snooping. Run the show multicast snooping route extensive CLI command to see this count in the Statistics: … n packets output field. The other statistics in that output field, kBps and pps, are not available (values displayed there are not valid statistics for multicast traffic at Layer 2). In earlier releases, all three values in the Statistics output field for kBps, pps, and packets did not provide valid statistics for multicast traffic at Layer 2.

    [See show multicast snooping route.]

Routing Protocols

  • XML RPC equivalent included for the show bgp output-scheduler | display xml rpc CLI command (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 19.2R2, we have included an XML RPC equivalent for the show bgp output-scheduler | display xml rpc CLI command. In Junos OS releases before Release 19.2R2, the show bgp output-scheduler | display xml rpc CLI command does not have an XML RPC equivalent.

    [See show bgp output-scheduler.]

Software-Defined Networking

  • Increase in the maximum value of delegation-cleanup-timeout (QFX Series)—You can now configure a maximum of 2,147,483,647 seconds as the delegation cleanup time for a Path Computation Client (PCC). This extends the time taken by the PCC to retain the last provided path over a PCEP session from the last session down time.

    With the increase in maximum value of delegation-cleanup-timeout from 600 to 2,147,483,647 seconds, you can benefit during a Path Computation Element (PCE) failover, or other network issues that might disrupt the PCEP session with the main active stateful PCE.

    [See delegation-cleanup-timeout.]

What’s Changed in Release 19.2R1

EVPN

  • Support for disabling automatic ESI generation (MX Series and QFX Series)—Starting with Junos OS Release 19.2R1, Junos OS supports disabling the automatic ESI generation for virtual gateway addresses. We recommend that you disable the automatic ESI generation for EVPN networks with edge-routed bridging to improve performance. To disable automatic ESI generation, include the no-auto-virtual-gateway-esi statement at the [edit interfaces name irb unit logical-unit-number] hierarchy level.

Interfaces and Chassis

  • The resilient-hash statement is no longer available under aggregated-ether-options (QFX5200 and QFX5210 switches)—Starting in Junos OS Release 19.2R1, the resilient-hash statement is no longer available at the [edit interfaces aex aggregated-ether-options] hierarchy level. Resilient hashing is not supported on LAGs on QFX5200 and QFX5210.

    [See aggregated-ether-options.]

  • Logical interfaces created along with physical interfaces by default (QFX10000 and QFX5000 switches)—On the QFX10000 line of switches, logical interfaces are created along with the physical et-, sxe-, xe-, and channelized xe- interfaces. In earlier releases, only physical interfaces are created.

    On the QFX5000 line of switches, by default, logical interfaces are created on channelized xe- interfaces. In earlier releases, logical interfaces are not created by default on channelized xe- interfaces (xe-0/0/0:1, xe-0/0/0:2, and so on), but they are created on et-, sxe-, and nonchannelized xe- interfaces.

  • Health check for power supplies (QFX10008)—Starting in Junos OS Release 19.2R1, on the QFX10008 switches, the show chassis environment pem command displays the health check information about the DC or AC Power supplies. For any power supply that does not support health check, the status is shown as Unsupported. The system starts health check of a power supply only if the power consumption exceeds 7 KW.

    [See show chassis environment pem]

  • Deprecation of the [edit fabric protocols bgp] hierarchy level (QFX Series)—Starting in Junos OS Release 19.2R1 and later, the [edit fabric protocols bgp] hierarchy level is deprecated.

Network Management and Monitoring

  • The show system schema command and <get-yang-schema> RPC require specifying an output directory (QFX Series)—Starting in Junos OS Release 19.2R1, when you issue the show system schema operational mode command in the CLI or execute the <get-yang-schema> RPC in a remote session to retrieve schema files, you must specify the directory in which to generate the output files by including the output-directory command option in the CLI or the <output-directory> element in the RPC. In earlier releases, you can omit the output-directory argument when requesting a single module to display the module in standard output.

  • Custom YANG RPC support for input parameters of type empty (QFX Series)—Starting in Junos OS Release 19.2R1, custom YANG RPCs support input parameters of type empty when executing the RPC’s command in the Junos OS CLI, and the value passed to the action script is the parameter name. In earlier releases, input parameters of type empty are supported only when you execute the RPC in a NETCONF or Junos OS XML protocol session, and the value passed to the action script is the string 'none'.

    [See Creating Action Scripts for YANG RPCs on Devices Running Junos OS.]

Services Applications

  • Commit check for incomplete tunnel encapsulation configuration on flexible tunnel interface (FTI) (QFX Series)—Tunnel encapsulation configuration is mandatory for FTI interfaces. In Junos OS Release 19.2R1, when you try to commit any incomplete tunnel encapsulation configuration on an FTI, the CLI displays a commit error message.

Security

  • Firewall warning message (QFX5000 switches)—Starting in 19.2R1, a warning message is displayed whenever a firewall term includes log or syslog with the accept filter action.

Known Limitations

This section lists known limitations and system maximums in hardware and software in Junos OS Release 19.2R3 for the QFX Series.

For the most complete and latest information about known Junos OS problems, use the Juniper Networks online Junos Problem Report Search application.

EVPN

  • Commit is blocked for VLAN-ID none with EVPN routing-instance and without routing-instance. PR1287557

Layer 2 Features

  • Targeted-broadcast forward-only does not broadcast the traffic. PR1359031

  • On the QFX5000 switches, the following message is reported in logs: fpc0 Pools exhausted for Table:EGR_DVP_ATTRIBUTE_1. PR1479826

Platform and Infrastructure

  • On the QFX10016 switches, high interrupt for swi1: netis and irq272: vir with IPv4 or IPv6 unicast traffic, and telnet or ssh to the box do not work. PR1332337

  • Media type displays as fiber for DAC. PR1336416

  • After configuring and deleting the Ethernet loopback configuration, the interface goes down and does not come up. PR1353734

  • Scaled VLAN configuration removal might cause high fxpc usage. PR1363896

  • With 288000 MAC scale, the Routing Engine command output displays the learned scale entries after a delay of around 60 seconds. PR1367538

  • The following error message is displayed in the error log in the vty mode: nh_unilist_update_weight:2541NH: Failed to inc re-route counters for nh. PR1387559

  • The mgmt port speed displays as 1 Gbps with peer interface speed set to 100 Mbps or 10 Mbps. PR1401382

  • On the QFX5120-32C switches after the USB and PXE upgrade, the system boots from USB and PXE respectively and not from SSD. PR1404717

  • Traffic issues are observed with FEC Scaling. PR1406107

  • On the QFX5000 switches, the packets per second and bytes per second statistics for GRE interface are not supported. PR1419321

  • GRE logical interface statistics might get reset when the ECMP child members get changed. PR1421069

  • The following error message is observed while performing NSSU: syntax error: request-package-validate message. PR1421378

  • VLAN does not get deleted in the hardware on disabling IRB, leading to ARP getting refreshed even though IRB is disabled. PR1421382

  • The QFX5200 switch goes into amnesiac mode after downgrading from Junos OS Release 19.2 to 17.2X75-D42. PR1427984

  • Memory spike or leakage is observed after the image upgrades to 19.2R1.8 in a mixed mode Virtual Chassis. PR1464062

  • On the QFX10002-60C switches, 100 percent of Layer 2 MAC scaling traffic loss is observed after loading the EVPN-VXLAN collapsed profile configurations. PR1489753

Routing Protocols

  • Maximum number of MPLS tunnels supported is max_mpls_tunnels - 1, as one label is reserved for explicit-null case. PR1418733

  • On the QFX5120-48Y switches, the show firewall output gets stuck for around 1 minute when IPv6 lo filter is removed and reapplied. PR1428087

Open Issues

This section lists the open issues in hardware and software in Junos OS Release 19.2R3 for the QFX Series switches.

For the most complete and latest information about open Junos OS problems, use the Juniper Networks online Junos Problem Report Search application.

EVPN

  • On the QFX5110 switches, after restarting l2ald, traffic duplication for Layer 2 intrapod traffic is observed and it is not converged. PR1384022

  • EVPN-VXLAN core isolation does not work upon system reboot or restart routing. PR1461795

Infrastructure

  • The ftp error message is observed. PR1315605

Interfaces and Chassis

  • On the QFX5110 MCLAG switches, flooding of multicast packets for around 16-20 seconds is observed after disabling and enabling a member link of ICL after reboot. PR1422473

Layer 2 Features

  • Adding one more subinterface Logical interface to an existing interface causes 20-50 milliseconds traffic drop on the existing logical interface. PR1367488

  • Q-in-Q might malfunction if vlan-id-lists are configured. PR1395312

Platform and Infrastructure

  • Configurations with IRB interfaces might produce Packet Forwarding Engine error messages during the interface deletions. PR1054798

  • On the QFX10000 switches, traffic does not cover upto 100 percent after performing interface unshut even though all the joins gets reinstalled during VLAN replication with more than 2000 VLAN or 2000 IRB in the system.

  • Port LEDs do not work on the QFX5100 switch in QFX5110-QFX5100 mixed mode Virtual Chassis. PR1317750

  • In some cases, filter operation with log action gets logged with Protocol 0 not recognized in the firewall logs. PR1325437

  • BFD session over an aggregated Ethernet flaps when the member link carrying the BFD transformation flaps. PR1333307

  • The media type is displayed as fiber for DAC. PR1336416

  • Backup Routing Engine might crash after multiple continuous GRES. PR1348806

  • The QFX10000 switch drops the Aruba wireless AP heartbeat packets. PR1352805

  • The mib2d process generates core file in mib2d_write_snmpidx at snmpidx_sync.c on both ADs while bringing up the base traffic profile. PR1354452

  • Filter action to change VLAN does not work. PR1362609

  • The following error messages are observed when channelization is deleted in the AS7816-64X product: [Err] 0:_pm4x25_line_side_phymod_interface_get: [Wed Jun 13 08:22:45.845 LOG: Err] ERROR: u=0 p=81 interface type 16 not supported by internal SERDES for this speed 50000. PR1366137

  • On the QFX1000 switches, expr_nh_fwd_get_egress_install_mask:nh type indirect of nh_id: # is invalid. PR1367121

  • On the QFX5200 Virtual Chassis, request virtual-chassis vc-port diagnostics optics followed by show virtual-chassis vc-port diagnostics optics does not display information from members apart from the master. PR1372114

  • USB upgrade of NOS image is not supported. PR1373900

  • On the QFX5110 Virtual Chassis, auto configured VCP links might not come up if the existing member, which is connected through auto configured VCP is removed and added back. PR1375913

  • On the QFX5110 switches, the FEC error count does not get updated. PR1382803

  • MLD snooping as MLD membership information gets overwritten to only the latest receiver if the stream group is the same with different source MLD version 2. PR1386440

  • On the QFX5100 Virtual Chassis or Virtual Chassis fan, intermittent traffic loss is observed with RTG streams while flapping the RTG primary interface with the Mini-PDT base configurations. PR1388082

  • On the QFX5000, the DCPFE does not come up in some instances of abrupt power-off or power-on. PR1393554

  • Layer 2 multicast/broadcast convergence is high while deleting and adding the scale configurations of VLANs and VXLAN back. PR1399002

  • DCPFE crashes at expr_l2_common_bd_ifbd_attach(). PR1401215

  • On the QFX10002 switches, traffic drop is observed with the MSTP configuration (65 instances and 64 interfaces with 3840 VLANs). PR1408943

  • The following error message is observed after multiple triggers: JTASK_IO_CONNECT_FAILED. PR1408995

  • Intermittently chassis alarms might not be raised after the power-cycle of the device. PR1413981

  • On the QFX5110 and QFX5120, uRPF in strict mode does not work. PR1417546

  • On the QFX10000, analyzer does not mirror after adding the child member to an aggregated Ethernet interface. PR1417694

  • IP fragmentation over GRE tunnel on the QFX5000 switches is not supported. PR1420803

  • MC-LAG MAC address synchronization does not occur for the local MACs when a new primary Lo0 IP is added and removed. PR1424013

  • During switchover with LACP link protection configuration, 10 seconds of packet loss is observed. PR1431034

  • The l2ald memory leakage is observed when the VTEP or overlay BGP session flaps. PR1435561

  • On the QFX5200 switches, ISSU might fail. PR1438690

  • The dcpfe process crashes during ISSU at ..bcm_esw_field_entry_reinstall (unit=0, entry=2609). PR1440288

  • On the QFX5000 switches, port qualifier must be added. PR1440980

  • After running the ISSR system back to back, the system is left with 2 VMs. PR1442490

  • On the QFX10000 switches, removal of the EVPN-VXLAN Layer 3 Gateway on the IRB interface from the spine switches might silently discard the traffic. PR1446291

  • The interface still sends mirrored traffic out even after it is removed from the output VLAN. PR1452459

  • On the QFX5110 switches, VXLAN VNI (mcast) scaling traffic issue is observed. PR1462548

  • System might stop new MAC learning and impact the Layer 2 traffic forwarding. PR1475005

  • On the QFX10002-60C switches with MSTP scale that has 2 interfaces, 64 instances, and 3840 VLANs in which each MSTI is associated with 60 VLANs, traffic loss is observed. PR1491161

  • On the QFX5000 switches with VXLAN enabled, the ARP request might get dropped if the storm control is configured. PR1515254

Routing Protocols

  • On the QFX5100 switches, the FXPC process generates core file after reconfiguring the IS-IS overload bit. PR1123116

  • On the QFX5100 Virtual Chassis or Virtual Chassis fan, the following error message is observed: Error BRCM_NH-,brcm_nh_bdvlan_ucast_uninstall(),128:l3 nh 6594 unintsall failed in h/w with Mini-PDT base configurations. PR1407175

  • On the QFX5110 switches, the following error message is observed after rebooting the node: MCLAG: L2_L3_INTF_OPS_ERROR. PR1435314

  • On the QFX5100 Virtual Chassis or Virtual Chassis fan, traffic loss on multiple traffic streams after reboot and interface flapping of the Virtual Chassis node are observed. PR1500508

  • The RIP policy with multiple next hop does not work. PR1515725

Virtual Chassis

  • On the QFX5000 Virtual Chassis, the DDoS violations that occur on backup are not reported to the Routing Engine. PR1490552

Resolved Issues

Learn which issues were resolved in Junos OS main and maintenance releases for QFX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper online Junos Problem Report Search application.

Resolved Issues: 19.2R3

Class of Service (CoS)

  • Traffic might be forwarded to the wrong queue when a fixed classifier is used. PR1510365

EVPN

  • The ESI of IRB interfaces does not get updated after the autonomous-system number change if the interface is down. PR1482790

  • The l2ald memory leak might be observed in any EVPN scenario. PR1498023

  • The VXLAN function might be broken due to a timing issue. PR1502357

Interfaces and Chassis

  • MC-LAG consistency check fails if multiple IRB units are configured with same VRRP group. PR1488681

Layer 2 Features

  • The FPC goes down when 100-Gigabit Ethernet link comes up on the network port of the QFX5110-48S switches. PR1499422

Layer 2 Ethernet Services

  • Issues with DHCPv6 relay processing confirm and reply packets are observed. PR1496220

  • The MC-LAG might become down after disabling and then enabling the force-up. PR1500758

MPLS

  • BGP session might keep flapping between two directly connected BGP peers because of the wrong TCP MSS (maximum segment size) in use. PR1493431

Platform and Infrastructure

  • Traceroute monitor with MTR version v.69 shows a false 10 percent loss. PR1493824

  • ARP replies might be flooded through the EVPN-VXLAN network as unknown unicast ARP reply. PR1510329

  • BFD sessions flap after deactivating or activating the aggregated Ethernet interface or executing GRES. PR1500798

  • Virtual Chassis is not stable with 100-Gigabits Ethernet as well as 40-Gigabits Ethernet interface. PR1497563

  • The following error message is generated at booting up: CMQFX: Error requesting SET BOOLEAN, illegal setting 66. PR1385954

  • A VM might generate a core file. PR1421250

  • SFP-LX10 stays down until auto negotiate is disabled. PR1423201

  • The PMTUD might not work for both IPv4 and IPv6 if the ingress Layer 3 interface is an IRB. PR1442587

  • On the QFX10000 switches, the show forwarding-options enhanced-hash-key statement does not work. PR1462519

  • On the QFX5100 switches, the interface output counter is double counted for self-generated traffic. PR1462748

  • On the QFX5100 switches, traffic loss might be seen with framing errors or runts if MACsec is configured. PR1469663

  • On the QFX5000 switches, the DSCP marking might not work as expected if the fixed classifiers are applied to interfaces. PR1472771

  • ERP might not come up properly when MSTP and ERP are enabled on the same interface. PR1473610

  • The sFlow could not work correctly if the received traffic goes out of more than one interface. PR1475082

  • The FPC major error is observed after the system boots up or restarts. PR1475851

  • Egress port mirroring might not work when the analyzer port and mirrored port belong to a different FPC. PR1477956

  • BFD sessions start to flap when the firewall filter in the loopback0 is changed. PR1491575

  • On the QFX5120 switches, traffic loss could be seen under MC-LAG scenario. PR1494507

  • ARP might not get refreshed after timeout. PR1497209

  • Outbound SSH connection flap or memory leakage issue might be observed while pushing configuration to the ephemeral database with a high rate. PR1497575

  • On the QFX5210064C switches, the lcmd process generates a core file. PR1497947

  • Traffic might get dropped if an aggregated Ethernet member interface is deleted or added, or an SFP of the aggregated Ethernet member interface is unplugged or plugged. PR1497993

  • On the QFX5210 switches, unexpected behavior for port LEDs lights is observed after the upgrade. PR1498175

  • On the QFX10002 and QFX10008 switches, the inter-VNI and intra-VNI, or VRF traffic is dropped between CE devices when the interfaces are connected between top of rack and multihomed with disabled PE devices. PR1498863

  • On the QFX5000 switches, ERPS might not work correctly. PR1500825

  • LLDP is not acquired when native-vlan-id and tagged VLAN-ID are the same on a port. PR1504354

  • The l2cpd crash might be seen if the ERP configuration is added or removed, and l2cpd is restarted. PR1505710

Routing Protocols

  • The BGP route-target family might prevent RR from reflecting Layer 2 VPN and Layer 3 VPN routes. PR1492743

  • On the QFX10000 switches, the rpd process might crash due to rpd resolver problem of INH. PR1494005

  • Traffic drop might be observed after modifying FBF firewall filter. PR1499918

  • Scale of filters with egress-to-ingress command is enabled. PR1514570

User Interface and Configuration

  • The version information under configuration changes from Junos OS Release 19.1. PR1457602

Resolved Issues: 19.2R2

Class of Service (CoS)

  • Shaping does not work after the reboot if shaping-rate is configured. PR1432078

  • The traffic is placed in the network-control queue on the extended port even if it comes in with different DSCP marking. PR1433252

  • When you move a unicast traffic to a multicast queue through the MF classifier, the show interface queue <> statement does not display any statistics on the QFX5120-32C. PR1459281

EVPN

  • Unexpected next-hop operation error from kernel to l2ald in a Layer 2 gateway is observed during the MAC movement operation. PR1430764

  • The VXLAN function might not work due to a timing issue. PR1502357

  • ARP table and Ethernet switching table become asynchronous if the EVPN ESI link flaps multiple times. PR1435306

  • The multihomed mac-ip table entry might not be cleaned when the host MAC is deleted from the MAC table. PR1436712

  • ESI configured on a single-homed 25-Gigabit Ethernet port might not work. PR1438227

  • When you use no-arp-suppression, an ARP request might not be sent out when an ARP entry ages out. PR1441464

  • The MAC and IP entries might not get cleared after issuing the clear command. PR1446957

  • On the QFX5100 line of switches, when there is a VXLAN with VLAN-ID of 2, ARP does not get resolved. PR1453865

  • An ARP request or NS might be sent back to the local segment by the DF router. PR1459830

  • The rpd might crash after changing the EVPN-related configuration. PR1467309

Forwarding and Sampling

  • The dfwd might generate core files and commit error when you apply a firewall filter with the then traffic-class or then dscp action. PR1452435

  • You might observe memory leakage with the l2ald process. PR1455034

  • Type 1 ESI/AD route might not be generated locally on the EVPN PE devices in the all-active mode. PR1464778

High Availability and Resiliency

  • The QFX5000 line of switches for some versions does not support ISSU. PR1472183

Interfaces and Chassis

  • The VRRP IPv6 state might flap between init and idle states after configuring vlan-tagging. PR1445370

  • On the QFX10000 line of switches, the ARP entries might not be synchronized between the MC-LAG devices. PR1449806

  • The traffic might be forwarded to the wrong interfaces in an MC-LAG scenario. PR1465077

  • The vrrpv3mibs does not poll the VRRPv6-related objects. PR1467649

  • If the dcd process becomes nonresponsive, executing commit might not work. PR1470622

  • Commit error does not thrown an error when a member link is added to the multiple aggregation group with different interface-specific options. PR1475634

Junos Fusion for Enterprise

  • Loop detection might not work on the extended ports. PR1460209

Junos Fusion for Provider Edge

  • On the QFX10000 line of switches, the support for Junos fusion is deprecated. PR1448245

Junos Fusion Satellite Software

  • The dpd crash might occur on the satellite devices in Junos fusion for enterprise. PR1460607

Layer 2 Features

  • Storm control configuration might be disabled for the interface. PR1354889

  • On the QFX5000 line of switches, you can configure the hash function. PR1397229

  • Packet loss might be observed when one of the spine switches fails or reboots. PR1421672

  • Ethernet Ring Protection Switching nodes might not converge to an Idle state after the recovery or reboot fails. PR1431262

  • On the QFX5100 line of switches, the interface driver might not be initialized correctly, which causes errors when the system halts. PR1434687

  • On the QFX5100 and QFX5200 line of switches, the transit DHCPv6 packets might get dropped. PR1436415

  • On the QFX5100 and QFX5110 line of switches, the physical layer and MAC/ARP learning might not work for copper base SFP-T. PR1437577

  • On the QFX5120 line of switches, the MAC learning might not work correctly. PR1441186

  • The operational status of the interface in the hardware and software might be out of synchronization in an EVPN setup with the arp-proxy feature enable. PR1442310

  • The traffic leaving the QFX5000 line of switches might not be load-balanced properly over the aggregated Ethernet interfaces. PR1448488

  • Unequal LAG hashing might occur. PR1455161

  • The LLDP function might fail when a device running Junos OS connects to another device that does not run Junos OS. PR1462171

  • On the QFX5000 line of switches, a few MAC addresses might be missed from the MAC table. PR1467466

  • The fxpc might generate core files when you commit the configuration all together. PR1467763

  • In the EVPN-VXLAN scenario, the ingress traffic might discard the traffic silently if the underlying interfaces flap. PR1469596

  • Traffic might get affected if the composite next hop is enabled. PR1474142

Layer 2 Ethernet Services

  • LACP PDU might be looped toward the peer MC-LAG nodes. PR1379022

  • The DHCP DECLINE packets are not forwarded to the DHCP server when forward-only is set within dhcp-reply. PR1429456

  • The relay-source command is applicable for the forward-only subscribers as well. PR1455076

MPLS

  • On the QFX5110 line of switches, the Layer 2 circuit traffic might discard the traffic silently at the EVPN SPINE/MPLS LSP TRANSIT device if the VXLAN access interface flaps on the remote PE node. PR1435504

  • On the QFX5000 line of switches, packet loss might occur when the ECMP resilient-hash is enabled. PR1442033

  • The QFX5120 line of switches might drop the tunnel-encapsulated packets if the switch acts as a transit device. PR1447128

  • On the QFX10002 line of switches, the show mpls static-lsp | display xml command produces invalid XML. PR1469378

  • Traffic might be silently discarded on the PE devices when the CE devices sends traffic to the PE devices and the destination is resolved with two LSPs through one upstream interface. PR1475395

  • The traffic might get lost over the QFX5100 line of switches acting as a transit PHP node in the MPLS network. PR1477301

Platform and Infrastructure

  • The default VC MAC persistence timer is incorrectly set to 20 seconds instead of 20 minutes. PR1478905

  • On the QFX5210 line of switches, unexpected behavior are observed on the port LED lights post the upgrade. PR1498175

  • On the QFX5100 line of switches, traffic loss might be observed with framing errors or runts if MACsec is configured. PR1469663

  • The host generated packets might get dropped in the EVPN-VXLAN scenario due to the reject route policy in Packet Forwarding Engine. PR1451559

  • ERP might not come up properly when MSTP and ERP are enabled on the same interface. PR1473610

  • FPC major error is displayed after system reboot or FPC restart. PR1475851

  • Kernel memory leak in the virtual-memory occurs because of the flapping interface. PR1407000

  • Certain QFX Series devices are vulnerable to the Etherleak memory disclosure in the Ethernet padding data (CVE-2017-2304). PR1063645

  • Packet drops, replication failure, or ksyncd crash might be observed on the logical system of a Junos OS device after the Routing Engine switchover. PR1427842

  • REST API process becomes nonresponsive when a number of requests come at a high rate. PR1449987

  • The SLAX script might get lost after upgrading the software. PR1479803

  • On the QFX5100-VC line of switches, the following error message is observed: MacDrainTimeOut and bcm_port_update failed: Internal error. PR1284590

  • On the QFX10002-60C line of switches, commit must be denied when mixed Layer 2 and Layer 3 or Layer 4 match conditions are configured on a Layer 2 filter. PR1326715

  • On the QFX5100 line of switches, LR4 QSFP might take up to 15 minutes to come up after the VC reboots. PR1337340

  • On the QFX10000 line of switches, the show forwarding-options enhanced-hash-key statement does not work. PR1462519

  • Telemetry traffic might not be sent out when the telemetry server is reachable through different routing-instance. PR1456282

  • When powering off an individual FPC, the other FPC Packet Forwarding Engine might go offline too. PR1344395

  • On the QFX5100 and QFX5200 Virtual Chassis platform, the backup member switch might fail to become the master switch after switchover. PR1372521

  • The new CLI command enables the copying of the Open vSwitch Database (OVSDB) to RAM on the Virtual Chassis backup Routing Engine instead of SSD. PR1382522

  • Static default route with the next-table inet.0 does not work. PR1383419

  • The following error message is generated while booting up: CMQFX: Error requesting SET BOOLEAN, illegal setting 66. PR1385954

  • QSFP-100GBASE-SR4/LR4 might take longer time to come up after disabling or rebooting the interface. PR1402127

  • On the QFX10000 line of switches, the ping over loopback might not work over TYPE 5 tunnel. PR1405786

  • The QFX5200 or QFX5100 line of switches might not be able to send out control plane traffic to the peering device. PR1406242

  • On the QFX10000 line of switches, no inner VLAN tag is added even with input-vlan-map push configured. PR1407347

  • On the QFX5100-96S line of switches, fan failure alarms might be seen after upgrading to Junos OS Release 17.3R1 and later. PR1408380

  • The 10-Gigabit Ethernet fiber interfaces might flap frequently when they are connected to other vendor switches. PR1409448

  • The optic comes with Tx enabled by default. As the port is administratively disabled, the port is stopped but as the port has not been started, it does not disable Tx. PR1411015

  • Storm control does not shut down the mc-ae interface. PR1411338

  • Part of the routes are not be provided into the Packet Forwarding Engine when both IPv4 and IPv6 are used. PR1412873

  • Traffic loss might be observed after the NSSU operation. PR1418889

  • The show interface statement indicates Media type: Fiber on the QFX5100-48T line of switches that runs the QFX 5e Series image. PR1419732

  • DHCP bindings for the clients might fail when the QFX5000 line of switches acting as the DHCP local server with Layer 2 channelizes the interface. PR1421110

  • IPv6 multicast traffic received on one VC member might be dropped when exiting on another VC member if MLD snooping is enabled. PR1423310

  • Ports might get incorrectly channelized if they are 10-Gigabit Ethernet already and they are channelized to 10-Gigabit Ethernet again. PR1423496

  • On the QFX5000 and QFX10000 line of switches, packet drops might be seen for the traffic that has to go over the TYPE-5 overlay tunnel. PR1423928

  • The host-bound traffic might be dropped after committing change configuration related to the prefix-list. PR1426539

  • The dcpfe or Packet Forwarding Engine might not start on the AS7816-64X and QFX5000 Series devices. PR1426737

  • On the QFX5210 line of switches, the received LLDP frames on em0 are not displayed in the LLDP neighbor output. PR1426753

  • Rebooting or halting of the Virtual Chassis member might cause traffic on the RTG link to be down for about 30 seconds. PR1427500

  • On the QFX5100-VCF line of switches, rollback for uncommitted configuration takes 1 hour. PR1427632

  • The dcpfe process might crash and restart in a MC-LAG scenario when the ARP/NDP next hop is changed. PR1427994

  • The jumbo frame size packets are dropped when the maximum MTU is configured. PR1428094

  • The licenses that are used to flag ovsdb on the show system license statement are not flagged even though ovsdb is configured and working. PR1428207

  • The l2ald crash is observed after dot1x gets deleted when dot1x and PVLAN (private VLAN) are enabled simultaneously. PR1428469

  • The global-mac-limit and global-mac-ip-limit might allow more entries than the configured values. PR1428572

  • On the QFX10008 line of switches, after the Routing Engine switchover, the LED status is not set for the missing fan tray. PR1429309

  • On the QFX10000 line of switches with an EVPN-VXLAN scenario, the DHCP-relay might not work. PR1429506

  • On the QFX5110 line of switches with an EVPN-VXLAN scenario, the DHCP-relay might not work. PR1429536

  • CoS rewrite rules applied under an aggregated Ethernet interface might not get affected after NSSU. PR1430173

  • On the QFX10000 line of stitches, traffic impact might be seen with the interface hold-down timer configured. PR1430722

  • The l2cpd process might crash and generate a core file when the interface flaps. PR1431355

  • The following error on a specific Packet Forwarding Engine might cause complete service impact: SIB Link Error. PR1431592

  • On the QFX1000 line of switches, the dcpfe might crash on all line cards in a scaled setup. PR1431735

  • All ingress traffic might be dropped on 100m fixed speed port with no-auto-negotiation enabled. PR1431885

  • On the QFX5110 and QFX5120 line of switches, the optical power of interface might gradually reduce the optical power for almost 3 minutes after issuing the request system reboot at now statement. PR1431900

  • On the QFX10000 line of switches, the Layer 2 traffic drops with an interface MTU lower than 270 bytes. PR1431902

  • The FPC might crash when a firewall filter is modified. PR1432116

  • Outer VLAN tag might not be pushed in the egress VXLAN traffic toward the host for a Q-in-Q scenario. PR1432703

  • Line card might crash due to the plug-in of the unsupported SFP-T module. PR1432809

  • On the QFX10000 line of switches using the LC1105 line card, traffic loss might be observed. PR1433300

  • The VC Mezz temp and QIC sensor fails. PR1433525

  • Traffic drop might occur during the filter change operation. PR1433648

  • Layer 3 filters applied to the PVLAN IRB interface might not work after ISSU. PR1434941

  • Traffic drops might be seen when the MACsec session key rolls over between the primary and fallback for more than 10 times. PR1435277

  • On the QFX5100-VC line of switches, there might be approximately 1 to 5 minutes traffic loss during NSSU with the LACP link protection configuration. PR1435519

  • On the QFX10000 line of switches, the SIB or FPC Link error alarms might be observed due to a single CRC. PR1435705

  • The mc-ae interface might get stuck in the Waiting state in a dual mc-ae scenario. PR1435874

  • Traffic drop might occur when SXE interface is used. PR1435963

  • DHCP discover packets sent to IP addresses in the same subnet as the IRB interface causes the QFX5110 line of switches to send incorrect traffic, out of the dhcp-snooping enabled interfaces. PR1436436

  • The unknown SNMP trap (1.3.6.1.4.1.2636.3.69.1.0.0.1) is sent when you restart the QFX5110 line of switches. PR1436968

  • The FPC might crash if both the aggregated Ethernet bundle flaps on the local device and the configuration change on the peer device occur at the same time. PR1437295

  • In the QFX5110, QFX5200, and QFX5210 line of switches, there is no jnxFruOK SNMP trap message when you disconnect the power cable and then connect it back. PR1437709

  • The Routing Engine switchover does not work as expected while the SSD failure occurs. PR1437745

  • The BGP neighborship might not come up if the MACsec feature is configured. PR1438143

  • The DHCP snooping table might be cleared for VLAN ID 1 after adding a new VLAN ID. PR1438351

  • On the QFX5210 line of switches, the port LED turns red when the cable is connected. PR1438359

  • Interfaces configured with flexible-vlan-tagging might lose connectivity. PR1439073

  • The xSTP recognizes 1-Gigabit Ethernet SFP-T optic interface as LAN type resulting in a slow STP convergence. PR1439095

  • LACP state might get stuck in the Attached state after disabling the peer active members. PR1439268

  • The default logical interface on the channelized IFD might not be created after ISSU/ISSR. PR1439358

  • The VC of the QFX5100 line of switches might not come up after replacing the VC port fiber connection with the DAC cable. PR1440062

  • MAC addresses learned on RTG might not get aged out after the Virtual Chassis member reboots. PR1440574

  • Traffic drop might be seen after disabling and enabling the mc-ae interface in a MC-LAG scenario. PR1440732

  • Interface match conditions of firewall filter might not work on egress direction with the IRB over an aggregated Ethernet. PR1441230

  • The Layer 3 communication might break on an interface that is configured with flexible-ethernet-services. PR1441690

  • On the QFX5110 line of switches, the flow control does not work as expected on the 100-Gigabits Ethernet interface. PR1442522

  • The PMTUD might not work for both IPv4 and IPv6 if the ingress Layer 3 interface is an IRB. PR1442587

  • The DHCPv6 client might fail to get an IP address. PR1442867

  • When a line card reboots, the MC-LAG might not get programmed after the line card comes back online. PR1444100

  • On the QFX5200 line of switches, the following error message is observed when you change the UFT profile in the FPC logs: DCBCM[bcore_init]: ioctl call failed ret:0. PR1445855

  • On the QFX10008 line of switches, you might observe traffic impact when you use the JSRV interface. PR1445939

  • CoS classifier might not work as expected. PR1445960

  • Long IPv6 addresses are not displayed fully on the IPv6 neighbor table. PR1447115

  • Unicast ARP requests are not replied with the no-arp-trap option. PR1448071

  • Rebooting of the QFX5120-48Y line of switches using the request system reboot statement does not take the physical links offline immediately. PR1448102

  • On the QFX10000 line of switches with QSFP28 100G AOC, 740-065632 and QSFP+ 40G, or 740-043308 transceiver, the port LED remains green after disconnecting one end. PR1448121

  • The process vehostd might crash without generating a core file and the automatic restart of the vehostd might fail. PR1448413

  • On the VCPs of the QFX5100 VC line of switches, the CRC error might be observed. PR1449406

  • Except for one aggregated Ethernet member link, the other links do not send out sFlow sample packets for the ingress traffic. PR1449568

  • On the QFX10008 line of switches, the FPC0 generates core files after running the Packet Forwarding Engine show cos sched-usage command. PR1449645

  • The em0 route might be rejected after the em0 interface is disabled and then enabled again. PR1449897

  • FPC does not restart immediately after rebooting the system, which causes packet loss. PR1449977

  • On the QFX10000 line of switches, the CoS classification does not work. PR1450265

  • On the QFX5000 line of switches, when the dual VLAN tag feature is configured on the physical interface, no error message is displayed. PR1450455

  • Tunneling encapsulated packets are dropped on the Layer 3 VPN MPLS PE-CE interface. PR1451032

  • The DHCP snooping static binding does not get affected after deleting and readding the entries. PR1451688

  • FPC might generate core files after changing the PTP/SyncE configuration. PR1451950

  • On the QFX10008 line of switches, the Packet Forwarding Engine show cos scheds-per-pfe and show cos pfe-scheduler-ifds commands restart to forward planes. PR1452013

  • Vgd might generate core files when tunnel gets deleted twice. PR1452149

  • There might be an interface reachability issue on AS7816. PR1452433

  • The l2ald and eventd are consumed 100 percent after committing the clear ethernet-switching table statement. PR1452738

  • DHCP offer packet with the unicast flag set gets dropped by the QFX10000 line of switches in a VXLAN multihomed setup using anycast IP. PR1452870

  • Configuration change in the VLAN all option might affect the per-VLAN configuration. PR1453505

  • The classifier configuration does not get applied to the interface in an EVPN-VXLAN environment. PR1453512

  • The show chassis led statement shows wrong status. PR1453821

  • VGD process consumes the CPU when switch-options vtep-source-interface lo0.0 is not configured. PR1454014

  • In the EVPN-VXLAN scenario, changing the VLAN name associated with the access ports might prevent the MAC addresses from being learned. PR1454095

  • Master FPC might come up in the Master state again after the reboot instead of backup. PR1454343

  • On the QFX5000 line of switches, dcpfe might crash when data that is not correctly NULL terminated is processed. PR1454527

  • On the QFX10002-60C line of switches with EVPN-VXLAN, the MAC+IP count is displayed as 0. PR1454603

  • The untagged ARP/NS requests might not be resolved when the host is connected on the encapsulation ethernet-bridge interface. PR1454804

  • A firewall filter might not be applied in a particular VC/VCF member as the TCAM space runs out. PR1455177

  • In a 16 and more member of the QFX5100 VCF, the FROM column under the show system users output reports feb0/1/2/3 for fpc16/17/18/19, respectively. PR1455201

  • On the QFX10000 line of switches, the PFC feature does not work. PR1455309

  • The cosd crash might be observed if the forwarding-class-set is directly applied on the child interface of an aggregated Ethernet interface. PR1455357

  • Link up delay and traffic drop might be observed on the mixed SP Layer 2 or Layer 3, and EP Layer 2 type configurations. PR1456336

  • The laser from the 10-Gigabits Ethernet SFP+ interface still remains on when the interface is disabled or the device is rebooted. PR1456742

  • The QFX5110 line of switches, the interface on the QSFP-100GBASE-SR4 made by Avago vendor cannot be linked up. PR1457266

  • On the QFX10000 line of switches, the Packet Forwarding Engine process might crash after the Routing Engine switchover. PR1457414

  • Over-temperature SNMP trap messages are displayed after update even though the temperatures are within the system thresholds. PR1457456

  • On the QFX5110 line of switches, the PTP uses port 52 and port 53 but it does not have any FPGA register address. PR1457516

  • Dual tag Q-in-Q does not work with EVPN-VXLAN. PR1458206

  • On the QFX5210 line of switches, the LED does not light on the port 64 and port 65 after upgrading to Junos OS Release 19.2R1. PR1458514

  • The BPDU packet might be looped between leaf DF switch and non-DF switch that causes traffic blocking. PR1458929

  • On the QFX5000 line of switches, the lightweight DHCPv6 relay agent functionality might be broken. PR1459499

  • The fxpc process might crash due to several BGP IPv6 session flaps. PR1459759

  • The forwarding option is missed in the routing-instance type. PR1460181

  • On the QFX5000 line of switches, the accept-source-mac feature with VXLAN does not work. PR1460885

  • On the QFX10002-72Q or QFX10002-36Q line of switches, the entPhysicalTable MIB does not fetch the expected data. PR1462582

  • On the on QFX5000 line of switches, the fxpc process might generate core file when you change MTU in a VXLAN scenario with firewall filters applied. PR1462594

  • While cleaning up EVPN-VXLAN configurations with Mini-PDT base configurations, the following error message is observed: Error BRCM-VIRTUAL,brcm_vxlan_walk_svp(),6916:Failed to find L2-iff for ifl. PR1463939

  • On the QFX10000 line of switches, FPC might restart during run-time. PR1464119

  • On the QFX5000 line of switches, the dcpfe might crash when you change the firewall filter. PR1464352

  • On the QFX10000 line of switches, the interface might not come up when FPC restarts. PR1464650

  • On the QFX5100-48S line of switches, when you try to apply a firewall filter that contains a then dscp action to a Layer 3 inet subinterface, an error is displayed when you try to commit. Applying the same filter to an IRB interface succeeds as does applying the same filter to a Layer 3 subinterface. PR1464883

  • On the QFX5210 line of switches, PEM is not present spontaneously. PR1465183

  • A 10-Gigabits Ethernet interface might not come up on the QFX5100-48T line of switches or negotiate at speed 1-Gigabits Ethernet when connected with the Broadcom 57800-T daughter card. PR1465196

  • On the QFX5110 or QFX5200 line of switches, the QSFP-100G-PSM4 modules are not correctly identified. PR1465214

  • The physical interface of the aggregated Ethernet interface might take time to come up after disabling or enabling the physical interface. PR1465302

  • The numbering on the AS7816-64X platform changes from 0 to 1 and 1 to 0. The fan numbering also changes from 0,1,2,3 to 3,2,1,0. PR1465327

  • The broadcast and multicast traffic might be dropped over the IRB or LAG interface. PR1466423

  • BGP BMP messages are sent to the BMP collector with BGP optional capabilities truncated. As a result, the BMP collector does not register the correct information exchanged during BGP session establishment. PR1466477

  • On the QFX10000 line of switches, the EBUF parity interrupt is not observed. PR1466532

  • IPv6 traffic might get dropped in the Layer 3 VPN network. PR1466659

  • On the QFX5000 line of switches, slow packet drops might be observed. PR1466770

  • On the QFX10000 line of switches, the following error message might be observed that causes the protocols to go down: EPR iCRC. PR1466810

  • A few of the DHCPvX inform messages specific to a particular VLAN do not receive any acknowledgment from the server. PR1467182

  • Ingress drops must be included at the CLI command from the interface statistics and added to InDiscards. PR1468033

  • Optics measurements might not be streamed for interfaces of a PIC over JTI. PR1468435

  • MAC address might not be learned on a new extended port after VMotion in the Junos fusion for data center environment. PR1468732

  • If continuous interface flaps occur at ingress or egress of the PE devices, the IP routed packets might be looped on the MPLS PHP node. PR1469998

  • Incorrect counter values are displayed for the arrival rate and peak rate for the DDoS commands. PR1470385

  • The speed 10m might not be configured on the Gigabit Ethernet interface. PR1471216

  • Traffic loss might occur when the VTEP source interface is configured in the multiple routing instances. PR1471465

  • The shaping of CoS does not work after reboot. PR1472223

  • The detached interface in LAG might process the xSTP BPDUs. PR1473313

  • The l2ald crash might be seen when around 16,000 VLAN-IDs share the same VXLAN tunnel and Packet Forwarding Engine is rebooted. PR1473521

  • The RIPv2 packets forwarded across a Layer 2 circuit connection might be dropped. PR1473685

  • On the QFX5000 line of switches in a EVPN-VXLAN scenario, continuous error log messages might be raised. PR1474545

  • On the QFX5000 line of switches, the Layer 2 circuit might fail to communicate through VLAN 2. PR1474935

  • On the QFX10000 line of switches, the MACsec traffic over Layer 2 circuit might not work after upgrading from Junos OS Release 15.1 and later. PR1475089

  • The DAC cables are not being properly detected in the Packet Forwarding Engine in the QFX5200 line of switches on Junos OS Release 18.4R2-S2.4. PR1475249

  • On the QFX5110 or QFX5120 line of switches, there might be traffic drop acting as a leaf switch in a multicast environment with VXLAN. PR1475430

  • The QFX Series devices exhibit invalid Packet Forwarding Engine PG counter pairs to copy src 0xfffff80, dst 0. PR1476829

  • On the QFX10002-36Q or QFX10002-72Q line of switches, the following continuos error logs on the device are observed: prds_ptc_wait_adoption_status: PECHIP[1] PTC[1]: timeout on getting adoption valid bit[8] asserted. PR1477192

  • The remaining interface might be still in the Down state even though the number of channelized interfaces is no more than 5. PR1480480

  • The ARP request packets for the unknown host might get dropped in the remote PE devices in the EVPN-VXLAN scenario. PR1480776

  • VLAN creation failure might be observed with scaled VLAN and Layer 3 configuration. PR1484964

  • The BFD sessions start to flap when the firewall filter in the loopback0 is changed. PR1491575

Routing Protocols

  • Some storm control error logs might be observed. PR1355607

  • The OSPF VRF sessions take a long time to come up when the host table is full and host routes are in the LPM table. PR1358289

  • Invalid VRRP mastership election on the QFX5110-VC peers is observed. PR1367439

  • Value added in the Hexa after an unknown Ext-Community gets reset to 0. PR1371448

  • Host-destined packets with filter log action might not reach the Routing Engine if the log or syslog is enabled. PR1379718

  • The IRB transit traffic might not be counted for the EVPN or VXLAN traffic. PR1383680

  • On the QFX5100 line of switches, the BGP v4 or BGP v6 convergences, and the RIB installs or deletes time degraded in Junos OS Releases 19.1R1, 19.2R1, and later. PR1414121

  • On the QFX5000 line of switches, the same traffic flow might be forwarded to different ECMP next hops. PR1422324

  • The BGP multipath multiple-as statement does not work. PR1430899

  • On the QFX5100 line of switches, the fxpc might generate core files during the reboot of device. PR1432023

  • Ping fails over Type-5 tunnel on the IRB interfaces under the EVPN-VXLAN scenario. PR1433918

  • The IPv4 fragmented packets might be broken if the PTP transparent clock is configured. PR1437943

  • The bandwidth value of the DDoS-protection might cause packet loss after the device reboots. PR1440847

  • Traffic might be dropped after the Q-in-Q enabled interface is flapped or a change is made to the vlan-id-list. PR1441402

  • On the QFX5210 line of switches, the firewall filter DSCP Action Modifier does not work when the firewall filter is mapped to IRB. PR1441444

  • The rpd process might crash in an inter-AS option B Layer 3 VPN scenario if CNHs is used. PR1442291

  • The IPv6 connectivity between the MC-LAG peers might fail when multiple IRB interfaces are present. PR1443507

  • PIM (S,G) joins cause MSDP to incorrectly announce source active messages. PR1443713

  • On the QFX5100 Virtual Chassis, the CRC errors might be observed. PR1444845

  • Loopback address exported into other VRF instance might not work. PR1449410

  • MPLS LDP might still use stale MAC of the neighbor even though the neighbor of the LDP MAC changes. PR1451217

  • Core files might be generated during addition or removal of the EVPN Type-5 routing instance. PR1455547

  • A few seconds of traffic drop might be observed on the existing receivers when another receiver joins or leaves. PR1457228

  • The egress interface in the Packet Forwarding Engine for some end-hosts might not be correct on the Layer 3 gateway switch after it is rebooted. PR1460688

  • The other querier present interval timer cannot be changed in the IGMP/MLD snooping scenario. PR1461590

  • When deleting IRB on the Layer 3 gateway, IRB does not get removed from the Packet Forwarding Engine and discards the traffic silently to the IRB MAC address. PR1463092

  • The mcsnoopd crash might be observed if one BD/VLAN is configured as a part of EVPN and if it has any multicast router interfaces (static/dynamic). PR1468737

  • Traffic might not be forwarded over the ECMP link in the EVPN-VXLAN scenario. PR1475819

  • ARP packets are always sent to the CPU regardless of whether the storm-control is activated. PR1476708

  • GRE transit traffic does not get forwarded in the VRRP scenario. PR1477073

  • MUX state in the LACP interface does not go to the collecting and distributing state and remains attached after enabling the aggregated Ethernet interface. PR1484523

  • The following multicast statistics related errors are observed during ISSU: brcm_ipmc_route_counter_delete:3900Multicast stat destroy failed (-10:Operation still running) y". PR1460791

  • The routing protocol process (rpd) crashes while processing a specific BGP update information. PR1448425

  • Receipt of certain genuine BGP packets from any BGP speaker causes rpd to crash. PR1497721

User Interface and Configuration

  • Switch might be unable to commit baseline configuration after returning to zero. PR1426341

Resolved Issues: 19.2R1

Authentication and Access Control

  • Without configuring anything related to dot1x, the syslog dot1xd[2192]: task_connect: task PNACAUTH./var/run/authd_control addr /var/run/authd_control: Connection refused is generated repeatedly. PR1406965

Class of Service (CoS)

  • Error message STUCK_BUFF : port_sp not empty for port 35 sp 1 pkts:1. PR1346452

EVPN

  • The rpd process might crash with EVPN type-3 route churn. PR1394803

  • EVPN routes might show Route Label: 0 in addition to the real label. PR1405695

  • The rpd might crash after an NSR switchover in an EVPN scenario. PR1408749

  • ARP entry is still pointing to the failed VTEP after the PE-CE link fails for a multihomed remote ESI. PR1420294

  • Multicast MAC addresses being learned in the Ethernet switching table with VXLAN through an ARP packet in a pure L2 configuration. PR1420764

  • The device might proxy the ARP probe packets in an EVPN environment. PR1427109

  • Extra incorrect MAC move might be seen when the host moves continuously between the different ESIs. PR1429821

  • ESI is configured on a single-homed 25-gigabit port might not work. PR1438227

General Routing

  • The 1-gigabit copper module interface shows Link-mode: Half-duplex on the QFX10000 line of devices. PR1286709

  • Interface flap on 100GBASE-LR4 is seen during an unified ISSU. PR1353415

  • On QFX5120 switches, the convergence delay between PE1 and P router link is more than the expected delay value. PR1364244

  • RIPv2 update packets might not be sent when IGMP snooping is enabled. PR1375332

  • The overlay-ecmp configuration might not work as expected on QFX5110 in an EVPN-VXLAN environment. PR1380084

  • There is an inconsistency in applying a scheduler map with excess-rate on the physical interface and the aggregated Ethernet interface. PR1380294

  • Traffic get silently dropped and discarded When the FPC is taken offline in an MC-LAG scenario. PR1381446

  • Last reboot reason is incorrect if the device is rebooted because of power cycling. PR1383693

  • Disable reporting of correctable single-bit error on Hybrid Memory Cube (HMC) and prevent the major alarm. PR1384435

  • The configuration statement show chassis errors active detail is not supported on QFX5000 platforms. PR1386255

  • The rpd and KRT queue get stuck in a VRF scenario. PR1386475

  • ARP received on an SP-style interface is not sent to all RVTEPs in case of QFX5100 Virtual Chassis only; the normal BUM traffic works fine. PR1388811

  • The input rate (in pps) do not increase on EX2300-MP uplink ports when the packet is a pure L2 packet such as non-etherII or non-EtherSnap. PR1389908

  • 10-gigabit copper link flapping might happen during a TISSU operation of QFX5100-48T switches. PR1393628

  • BRCM_NH-,brcm_bcm_mpls_tunnel_initiator_clear(),226:bcm_mpls_tunnel_initiator_get failed intf = 4 failure error logs might seen in syslog. PR1396014

  • On QFX5110 Fan LED turns amber randomly. PR1398349

  • The interrupt process consumes high CPU because of the intr{swi4: clock (0)} on QFX5100-48t-6Q running a QFX5100 Series image and Junos OS Release 18.x code. PR1398632

  • The DHCPv6 relay packets are dropped when both the UDP source and destination ports are 547. PR1399067

  • CPU hog might be observed on the QFX10000 line of switches. PR1399369

  • The DHCPv6 relay-reply packet might be dropped by the DHCP relay. PR1399683

  • PEM I2C failure alarm might be shown incorrectly as failed. PR1400380

  • MAC limit with persistent MAC is not working after reboot. PR1400507

  • On QFX5120-32C error logs for flex counter are seen with GRE configuration. PR1400515

  • Only one Packet Forwarding Engine might be disabled on FPC with multiple Packet Forwarding Engines in error/wedge condition. PR1400716

  • File permissions are changed for /var/db/scripts files after reboot. PR1402852

  • The DHCP discover packets are forwarded out of an interface incorrectly if DHCP snooping is configured on that interface. PR1403528

  • The VRRP VIP might not work when it is configured on the LAG interface. PR1404822

  • Commit warning message is seen on QFX5100 switches. PR1405138

  • Executing the request system configuration rescue save command might fail with error messages. PR1405189

  • DHCP does not work for some clients in dual Junos fusion aggregated device setup on extended ports (EP). PR1405495

  • VXLAN transit traffic over tagged underlay L3 interface and underlay IRB interface gets dropped because of the hardware limitation. PR1406282

  • The ARP request might not be resolved successfully if arp-suppression is enabled and vlan-id-list is configured on the QFX10000 node. PR1407059

  • The DHCP discover packets might be dropped over VXLAN tunnel if DHCP relay is enabled for other VXLAN or VLANs. PR1408161

  • MAC address movement might not happen in flexible Ethernet services mode when family inet/inet6 and vlan-bridge are configured on the same physical interface. PR1408230

  • Fan failure alarms might be seen on QFX5100-96S after upgrading to Junos OS Release 17.3R1. PR1408380

  • Restarting the line card on QFX10008 and QFX10016 with MC-LAG enhanced-convergence might cause intra-VLAN traffic to get silently dropped and discarded. PR1409631

  • The FPC might crash and might not come up if the interface number or next hop is set to maximum value under vxlan-routing on QFX Series platforms. PR1409949

  • LLDP memory leak when IEEE dcbx packet is received in auto-negotiation mode followed by another dcbx packet with none of ieee_dcbx TLVs present. PR1410239

  • On EX2300-24P, error message dc-pfe: BRCM_NH-,brcm_nh_resolve_get_nexthop(),346:Failed to find if family. PR1410717

  • Fix jfirmware support to upgrade primary BIOS from a system booted from secondary BIOS. PR1411603

  • Traffic loss might be observed after VXLAN configuration change. PR1411858

  • The spfe on satellite device in Junos fusion setup might crash and it might cause the satellite device to go offline. PR1412279

  • PEM alarm for a backup FPC will remain on the master FPC though the backup FPC is detached from Virtual Chassis. PR1412429

  • Junos PCC might reject PCUpdate or PCCreate message if there is a metric type other than type 2. PR1412659

  • On QFX5000 line of switches, the EVPN/VXLAN mutlicast next-hop limit is 4000. PR1414213

  • VC ports using DAC might not establish a link on QFX5200. PR1414492

  • DC output information is missing in the show chassis environment pem output for whitebox. PR1414703

  • VXLAN encapsulation next hop (VENH) does not get installed during BGP flap or restart routing. PR1415450

  • FEC change from FEC91 to NONE does not take effect on 100-gigabit Ethernet interfaces with QSFP-100GBASE-SR4 optics. PR1416376

  • Two instances of Junos OS are running after an upgrade to Junos OS Release 18.1R3-S3.7. PR1416585

  • On restarting routing, the dcpfe might generate a core file at nh_composite_change. PR1416925

  • ERSPAN traffic does not tag when output interface is trunk port. PR1418162

  • Traffic loss might be seen on the aggregated Ethernet interface on QFX10000 platforms. PR1418396

  • Rebooting QFX5200-48Y using request system reboot does not take physical links offline immediately. PR1419465

  • On QFX5120-48Y or QFX5120-32C, 100-gigabit PSM4 optics connected ports went down randomly. PR1419826

  • Ping fails over type-5 tunnel on IRB interfaces under EVPN-VXLAN scenario. PR1420785

  • Error messages might be seen on QFX10000 platforms during DFE tuning. PR1421075

  • On QFX5120-32C, DHCP binding on client might fail when QFX5120-32C acting as DHCP server is seen only for channelized port. PR1421110

  • ETS configuration does not apply on non cascade ports when the AD is rebooted. PR1421429

  • BFD might get stuck in slow mode on QFX10002, QFX10008, and QFX10016 platforms. PR1422789

  • QFX5100-48T 10-Gbps interface might be auto negotiated at 1-Gbps speed instead of 10-Gbps. PR1422958

  • The interface cannot get up when the remote-connected interface only supports 100M in QFX5100 VC setup. PR1423171

  • BUM traffic coming over IRB underlay interface gets dropped on destination VTEP in a PIM-based VXLAN. PR1423705

  • Traffic drops when an FPC reboots with aggregated Ethernet member links deactivated by a remote device. PR1423707

  • Ping over EVPN type-5 route to QFX10000 does not work. PR1423928

  • All interfaces will be down and the dcpfe might crash if SFP-T is inserted in a QFX5210. PR1424090

  • IPv6 neighbor solicitation packets for link-local address are dropped when passing through QFX10002-60C. PR1424244

  • QFX5120 QSFP-100G-PSM4 interfaces are undetected and come back up as channelized interfaces. PR1424647

  • All interfaces creation fails after NSSU. PR1425716

  • Heap memory leak might be seen on QFX10000 platforms. PR1427090

  • On QFX5120-48Y, the interfaces with the QSFP-100GBASE-ER4L optics do not come up in Junos OS Release 18.3R1-S2.1. PR1428113

  • The configuration statement show chassis emvironment shows Input0 and Input1. PR1428690

  • The l2ald process crashes and generates a core file when the number of VXLAN HW IFBDS exceeds the maximum limit of 16,382. PR1428936

  • An interface on a QFX Series switch does not come up after the transceiver is replaced with one having different speed. PR1430115

  • When the IRB interface is trying to broadcast an ARP request, the ARP request might not go out of the chip because of the SDK bug, which might lead to ARP failure in QFX5120. PR1430327

  • On QFX Series switches, the Validation of meta data files failed message is seen on the hypervisor. PR1431111

  • Transit DHCPv6 packets might be dropped on QFX5000 platforms. PR1436415

Interfaces and Chassis

  • Changing the value of mac-table-size to default might lead all FPCs to reboot. PR1386768

  • Missing mandatory ICCP configuration statement redundancy-group-id-list produces a misleading error message. PR1402606

  • EVPN aggregated Ethernet interface flap followed by a commit. PR1425339

Junos Fusion Satellite Software

  • Extended port (EP) LAG might go down on the satellite devices (SDs) if the related cascade port (CP) links to an aggregation device (AD) goes down. PR1397992

Layer 2 Ethernet Services

  • The malfunction of the core isolation feature in EVPN-VXLAN scenarios causes traffic to get silently dropped and discarded. PR1417729

Layer 2 Features

  • On the QFX Series switches, the error message Failed with error (-7) while deleting the trunk 1 on the device 0 is seen. PR1393276

  • On the QFX5110-48S switch, the FPC goes down when 100-Gigabits Ethernet link comes up. PR1499422

  • On the QFX5000 line of switches, symmetric hash is observed. PR1397229

  • On the QFX5000 line of switches, dcpfe process crash might be observed during restart of the Packet Forwarding Engine on a system with scaled EVPN/VXLAN configuration. PR1403305

  • On the QFX Series EVPN-VXLAN, the unicast IPv6 NS message gets flooded on L3GW. Both IPv4 and IPv6 traffic gets dropped on L2SW. PR1405814

  • The IPv6 NS/NA packets received over VTEP from an ESI host are incorrectly flooded back to the host. PR1405820

  • IGMP-snooping on EVPN-VXLAN might impact OSPF hello packets flooding after a VTEP leaf reboot. PR1406502

  • With cut through configuration enabled after the device is rebooted, cut through mode is disabled on the channelized interfaces in releases before Junos OS Release 19.1R1. PR1407706

  • The QFX5110 Virtual Chassis generates DDoS messages of different protocols on inserting a 1-gigabit or 10-gigabit SFP transceiver or after forming a VCP connection. PR1410649

  • With arp-suppression enabled, QFX5000 might not forward IPv6 router solicitations or advertisements packets. PR1414496

Network Management and Monitoring

  • The chassisd might crash and restart after the AGENTX session timeout between master (snmpd) and subagent times out. PR1396967

  • Log files might not get compressed during the upgrade. PR1414303

Routing Protocols

  • Host-destined packets with filter log action might reach the Routing Engine. PR1379718

  • BUM packets might get looped if EVPN multihoming interfaces flap. PR1387063

  • EVPN-VXLAN NON-COLLAPSED AUTONEG errors and flush operation failed errors are seen after the device is power cycled. PR1394866

  • On the QFX5110 and QFX5200 line of switches EVPN-VXLAN non-collapsed state, the dcfpe process generates a core file at brcm_pkt_tx_flush, l2alm_mac_ip_timer_handle_expiry_event_loc after a random event. PR1397205

  • The FPC or dcpfe process might crash because of the interface flapping. PR1408428

  • The rpd crashes on static route configuration for multicast source. PR1408443

  • The ERACL firewall group operates in double wide mode for QFX5110 in Junos OS Release 19.1R1. PR1408670

  • Host-generated ICMPv6 RA packets might be dropped on the backup member of Virtual Chassis if igmp-snooping is configured. PR1413543

  • The QFX Series switches might not install all IRB MAC addresses in the initialization. PR1416025

  • After an IRB logical interface is deleted, MAC entry for the IRB interface is deleted for the IRB hardware address; as a result, packets destined to other IRB logical interfaces where MAC is not configured are impacted. PR1424284

Spanning Tree Protocols

  • The l2cpd might crash if the VSTP traceoptions and VSTP VLAN all commands are configured. PR1407469

Documentation Updates

This section lists the errata and changes in Junos OS Release 19.2R3 for the QFX Series switches documentation.

Installation and Upgrade guide

  • Veriexec explained (QFX Series)—Verified Exec (also known as veriexec) is a file-signing and verification scheme that protects the Junos operating system (OS) against unauthorized software and activity that might compromise the integrity of your device. Originally developed for the NetBSD OS, veriexec was adapted for Junos OS and enabled by default from Junos OS Release 7.5 onward.

    [See Veriexec Overview.]

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network.

Upgrading Software on QFX Series Switches

When upgrading or downgrading Junos OS, always use the jinstall package. Use other packages (such as the jbundle package) only when so instructed by a Juniper Networks support representative. For information about the contents of the jinstall package and details of the installation process, see the Installation and Upgrade Guide and Junos OS Basics in the QFX Series documentation.

If you are not familiar with the download and installation process, follow these steps:

  1. In a browser, go to https://www.juniper.net/support/downloads/junos.html.

    The Junos Platforms Download Software page appears.

  2. In the QFX Series section of the Junos Platforms Download Software page, select the QFX Series platform for which you want to download the software.
  3. Select 19.2 in the Release pull-down list to the right of the Software tab on the Download Software page.
  4. In the Install Package section of the Software tab, select the QFX Series Install Package for the 19.2 release.

    An Alert box appears.

  5. In the Alert box, click the link to the PSN document for details about the software, and click the link to download it.

    A login screen appears.

  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.
  7. Download the software to a local host.
  8. Copy the software to the device or to your internal software distribution site.
  9. Install the new jinstall package on the device.Note

    We recommend that you upgrade all software packages out of band using the console, because in-band connections are lost during the upgrade process.

    Customers in the United States and Canada use the following command:

    user@host> request system software add source/jinstall-host-qfx-5-x86-64-19.2-R3.n-secure-signed.tgz reboot

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the switch.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname (available only for Canada and U.S. version)

    Adding the reboot command reboots the switch after the upgrade is installed. When the reboot is complete, the switch displays the login prompt. The loading process can take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note

After you install a Junos OS Release 19.2jinstall package, you can issue the request system software rollback command to return to the previously installed software.

Installing the Software on QFX10002-60C Switches

This section explains how to upgrade the software, which includes both the host OS and the Junos OS. This upgrade requires that you use a VM host package—for example, a junos-vmhost-install-x.tgz .

During a software upgrade, the alternate partition of the SSD is upgraded, which will become primary partition after a reboot .If there is a boot failure on the primary SSD, the switch can boot using the snapshot available on the alternate SSD.

Note

The QFX10002-60C switch supports only the 64-bit version of Junos OS.

Note

If you have important files in directories other than /config and /var, copy the files to a secure location before upgrading. The files under /config and /var (except /var/etc) are preserved after the upgrade.

To upgrade the software, you can use the following methods:

If the installation package resides locally on the switch, execute the request vmhost software add <pathname><source> command.

For example:

user@switch> request vmhost software add /var/tmp/junos-vmhost-install-qfx-x86-64-19.2R3.9.tgz

If the Install Package resides remotely from the switch, execute the request vmhost software add <pathname><source> command.

For example:

user@switch> request vmhost software add ftp://ftpserver/directory/junos-vmhost-install-qfx-x86-64-19.2R3.9.tgz

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Installing the Software on QFX10002 Switches

Note

If you are upgrading from a version of software that does not have the FreeBSD 10 kernel (15.1X53-D30, for example), you will need to upgrade from Junos OS Release 15.1X53-D30 to Junos OS Release 15.1X53-D32. After you have installed Junos OS Release 15.1X53-D32, you can upgrade to Junos OS Release 15.1X53-D60 or Junos OS Release 18.3R1.

Note

On the switch, use the force-host option to force-install the latest version of the Host OS. However, by default, if the Host OS version is different from the one that is already installed on the switch, the latest version is installed without using the force-host option.

If the installation package resides locally on the switch, execute the request system software add <pathname><source> reboot command.

For example:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-f-x86-64-19.2R3.n-secure-signed.tgz reboot

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> reboot command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-f-x86-64-19.2R3.n-secure-signed.tgz reboot

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Upgrading Software from Junos OS Release 15.1X53-D3X to Junos OS Release 15.1X53-D60, 15.1X53-D61.7, 15.1X53-D62, and 15.1X53-D63 on QFX10008 and QFX10016 Switches

Note

Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://www.juniper.net/support.

The switch contains two Routing Engines, so you will need to install the software on each Routing Engine (re0 and re1).

If the installation package resides locally on the switch, execute the request system software add <pathname><source> command.

To install the software on re0:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re0

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re0 command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re0

To install the software on re1:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re1

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re1 command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re1

Reboot both Routing Engines.

For example:

user@switch> request system reboot both-routing-engines

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Installing the Software on QFX10008 and QFX10016 Switches

Because the switch has two Routing Engines, perform a Junos OS installation on each Routing Engine separately to avoid disrupting network operation.

Note

Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://www.juniper.net/support.

Warning

If graceful Routing Engine switchover (GRES), nonstop bridging (NSB), or nonstop active routing (NSR) is enabled when you initiate a software installation, the software does not install properly. Make sure you issue the CLI delete chassis redundancy command when prompted. If GRES is enabled, it will be removed with the redundancy command. By default, NSR is disabled. If NSR is enabled, remove the nonstop-routing statement from the [edit routing-options] hierarchy level to disable it.

  1. Log in to the master Routing Engine’s console.

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  2. From the command line, enter configuration mode:

    user@switch> configure
  3. Disable Routing Engine redundancy:

    user@switch# delete chassis redundancy
  4. Disable nonstop-bridging:

    user@switch# delete protocols layer2-control nonstop-bridging
  5. Save the configuration change on both Routing Engines:

    user@switch# commit synchronize
  6. Exit the CLI configuration mode:

    user@switch# exit

    After the switch has been prepared, you first install the new Junos OS release on the backup Routing Engine, while keeping the currently running software version on the master Routing Engine. This enables the master Routing Engine to continue operations, minimizing disruption to your network.

    After making sure that the new software version is running correctly on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the software version on the other Routing Engine.

  7. Log in to the console port on the other Routing Engine (currently the backup).

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  8. Install the new software package using the request system software add command:

    user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-f-x86-64-19.2R3.n-secure-signed.tgz

    For more information about the request system software add command, see the CLI Explorer.

  9. Reboot the switch to start the new software using the request system reboot command:

    user@switch> request system reboot
    Note

    You must reboot the switch to load the new installation of Junos OS on the switch.

    To abort the installation, do not reboot your switch. Instead, finish the installation and then issue the request system software delete <package-name> command. This is your last chance to stop the installation.

    All the software is loaded when you reboot the switch. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.

    While the software is being upgraded, the Routing Engine on which you are performing the installation is not sending traffic.

  10. Log in and issue the show version command to verify the version of the software installed.

    user@switch> show version

    Once the software is installed on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the master Routing Engine software.

  11. Log in to the master Routing Engine console port.

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  12. Transfer routing control to the backup Routing Engine:

    user@switch> request chassis routing-engine master switch

    For more information about the request chassis routing-engine master command, see the CLI Explorer.

  13. Verify that the backup Routing Engine (slot 1) is the master Routing Engine:

    user@switch> show chassis routing-engine
  14. Install the new software package using the request system software add command:

    user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-f-x86-64-19.2R3.n-secure-signed.tgz

    For more information about the request system software add command, see the CLI Explorer.

  15. Reboot the Routing Engine using the request system reboot command:

    user@switch> request system reboot
    Note

    You must reboot to load the new installation of Junos OS on the switch.

    To abort the installation, do not reboot your system. Instead, finish the installation and then issue the request system software delete jinstall <package-name> command. This is your last chance to stop the installation.

    The software is loaded when you reboot the system. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.

    While the software is being upgraded, the Routing Engine on which you are performing the installation does not send traffic.

  16. Log in and issue the show version command to verify the version of the software installed.

  17. Transfer routing control back to the master Routing Engine:

    user@switch> request chassis routing-engine master switch

    For more information about the request chassis routing-engine master command, see the CLI Explorer.

  18. Verify that the master Routing Engine (slot 0) is indeed the master Routing Engine:

    user@switch> show chassis routing-engine

Performing a Unified ISSU

You can use unified ISSU to upgrade the software running on the switch with minimal traffic disruption during the upgrade.

Note

Unified ISSU is supported in Junos OS Release 13.2X51-D15 and later.

Perform the following tasks:

Preparing the Switch for Software Installation

Before you begin software installation using unified ISSU:

  • Ensure that nonstop active routing (NSR), nonstop bridging (NSB), and graceful Routing Engine switchover (GRES) are enabled. NSB and GRES enable NSB-supported Layer 2 protocols to synchronize protocol information between the master and backup Routing Engines.

    To verify that nonstop active routing is enabled:

    Note

    If nonstop active routing is enabled, then graceful Routing Engine switchover is enabled.

    If nonstop active routing is not enabled (Stateful Replication is Disabled), see Configuring Nonstop Active Routing on Switches for information about how to enable it.

  • Enable nonstop bridging (NSB). See Configuring Nonstop Bridging on Switches (CLI Procedure) for information on how to enable it.

  • (Optional) Back up the system software—Junos OS, the active configuration, and log files—on the switch to an external storage device with the request system snapshot command.

Upgrading the Software Using Unified ISSU

This procedure describes how to upgrade the software running on a standalone switch.

To upgrade the switch using unified ISSU:

  1. Download the software package by following the procedure in the Downloading Software Files with a Browser section in Installing Software Packages on QFX Series Devices.

  2. Copy the software package or packages to the switch. We recommend that you copy the file to the /var/tmp directory.

  3. Log in to the console connection. Using a console connection allows you to monitor the progress of the upgrade.

  4. Start the ISSU:

    • On the switch, enter:

      where package-name.tgz is, for example, jinstall-host-qfx-10-f-x86-64-18.3R1.n-secure-signed.tgz.

    Note

    During the upgrade, you cannot access the Junos OS CLI.

    The switch displays status messages similar to the following messages as the upgrade executes:

    Note

    A unified ISSU might stop, instead of abort, if the FPC is at the warm boot stage. Also, any links that go down and up will not be detected during a warm boot of the Packet Forwarding Engine (PFE).

    Note

    If the unified ISSU process stops, you can look at the log files to diagnose the problem. The log files are located at /var/log/vjunos-log.tgz.

  5. Log in after the reboot of the switch completes. To verify that the software has been upgraded, enter the following command:

  6. Ensure that the resilient dual-root partitions feature operates correctly, by copying the new Junos OS image into the alternate root partitions of all of the switches:

    Resilient dual-root partitions allow the switch to boot transparently from the alternate root partition if the system fails to boot from the primary root partition.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2 and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.

You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.

Release History Table
Release
Description
Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support JTI.
Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the JTI.
Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the JTI.
Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the Junos Telemetry Interface (JTI).
Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the JTI.
Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the JTI.