Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for the QFX Series

 

These release notes accompany Junos OS Release 20.1R1 for the QFX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

What's New

Learn about new features introduced in the Junos OS main and maintenance releases for QFX Series switches.

Note

The following QFX Series platforms are supported in Release 20.1R1: QFX5100, QFX5110 (32Q and 48S), QFX5120, QFX5200, QFX5200-32CD, QFX5210, QFX10002, QFX10002-60C, QFX10008, and QFX10016.

Junos on White Box runs on Accton Edgecore AS7816-64X switches in this release. The software is based on Junos OS running on QFX5210 switches, so release-note items that apply to QFX5210 switches also apply to Junos on White Box.

EVPN

  • Routing traffic between a VXLAN and a Layer 3 logical interface (EX4650, QFX5120)—Starting in Junos OS Release 20.1R1, EX4650 and QFX5120 switches support the routing of traffic between a Virtual Extensible LAN (VXLAN) and a Layer 3 logical interface. (You can configure the Layer 3 logical interface using the set interfaces interface-name unit logical-unit-number family inet address ip-address/prefix-length or the set interfaces interface-name unit logical-unit-number family inet6 address ipv6-address/prefix-length command.) This feature is enabled by default, so you do not need to take any action to enable it.

    Note

    By default, this feature is disabled on QFX5110 switches. To enable the feature on QFX5110 switches, you must perform the configuration described in Understanding How to Configure VXLANs and Layer 3 Logical Interfaces to Interoperate.

Interfaces and Chassis

  • Support for static link protection on aggregated interfaces (EX4650, QFX5120-32C, and QFX5120-48Y)—Starting in Junos OS Release 20.1R1, you can enable link protection on aggregated interfaces for a specified static label-switched path (LSP). You can designate a primary and a backup physical link to support link protection. Egress traffic passes only through the designated primary link. This traffic includes transit traffic and locally generated traffic on the router. When the primary link fails, traffic is routed through the backup link.

Junos OS XML, API, and Scripting

  • The jcs:load-configuration template supports loading the rescue configuration (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.1R1, the jcs:load-configuration template supports the rescue parameter to load and commit the rescue configuration on a device. SLAX and XSLT scripts can call the jcs:load-configuration template with the rescue parameter set to "rescue" to replace the active configuration with the rescue configuration.

    [See Changing the Configuration Using SLAX and XSLT Scripts and jcs:load-configuration Template.]

Junos Telemetry Interface

  • gRPC version v1.18.0 supported with JTI (ACX Series, MX Series, PTX Series, QFX Series)—Junos OS Release 20.1R1 includes support for remote procedure call (gRPC) services version v1.18.0 with Junos telemetry interface. Important enhancements for gRPC are included in version v1.18.0. Previously, JTI was supported with gRPC version v1.3.0.

    Use gRPC in combination with JTI to stream statistics at configurable intervals from a device to an outside collector.

    [See gRPC Services for Junos Telemetry Interface.]

Routing Protocols

  • Redistribution of IPv4 routes with IPv6 next hop into BGP (QFX Series)—Starting in Release 20.1R1, Junos OS devices can forward IPv4 traffic over an IPv6-only network, which generally cannot forward IPv4 traffic. As described in RFC 5549, IPv4 traffic is tunneled from CPE devices to IPv4-over-IPv6 gateways. These gateways are announced to CPE devices through anycast addresses. The gateway devices then create dynamic IPv4-over-IPv6 tunnels to remote CPE devices and advertise IPv4 aggregate routes to steer traffic. Route reflectors with programmable interfaces inject the tunnel information into the network. The route reflectors are connected through IBGP to gateway routers, which advertise the IPv4 addresses of host routes with IPv6 addresses as the next hop. Currently the dynamic IPv4-over-IPv6 tunnel feature does not support unified ISSU.

    To configure a dynamic IPv4-over-IPv6 tunnel, include the dynamic-tunnels statement at the [edit routing-options] hierarchy level.

    [See Understanding Redistribution of IPv4 Routes with IPv6 Next Hop into BGP.]

Storage and Fibre Channel

  • FIP snooping (EX4650-48Y and QFX5120-48Y)—Starting in Junos OS Release 20.1R1, EX4650-48Y and QFX5120-48Y switches support Fibre Channel over Ethernet (FCoE) Initialization Protocol (FIP) snooping. With FIP snooping enabled on these switches, you prevent unauthorized access and data transmission to a Fibre Channel (FC) network by permitting only those servers that have logged in to the FC network to access the network. You enable FIP snooping on FCoE VLANs when the switch is being used as an FCoE transit switch that connects FC initiators (servers) on the Ethernet network to FCoE forwarders at the FC storage area network (SAN) edge.

    [See Understanding FCoE Transit Switch Functionality and Understanding VN_Port to VN_Port FIP Snooping on an FCoE Transit Switch.]

System Management

  • Support for the Precision Time Protocol (PTP) AES67, SMPTE ST-2059-2, and AES67+SMPTE profiles (QFX10002 )—Starting in Junos OS Release 20.1R1, you can enable the AES67, SMPTE ST-2059-2, and AES67+SMPTE profiles to support video applications for capture (for example, cameras), video edit, and playback to be used in professional broadcast environments. The PTP standard allows multiple video sources to stay in synchronization across various equipment by providing time and frequency synchronization to all devices. These profile support PTP over IPv4 multicast and ordinary and boundary clocks.

    To configure the AES67, SMPTE ST-2059-2, and AES67+SMPTE profiles, enable one of the aes67, smpte, or aes67-smpte statements at the [edit protocols ptp profile-type] Junos OS CLI hierarchy.

    See [Understanding the PTP Media Profiles.]

What's Changed

Learn about what changed in Junos OS main and maintenance releases for QFX Series.

Multicast

  • Multicast Layer 2 transit traffic statistics by multicast source and group (EX4600, EX4650, and QFX5000 line of switches)—Starting in Junos OS Release 20.1R1, EX4600, EX4650, and the QFX5000 line of switches provide statistics on the packet count for each multicast group and source when passing multicast transit traffic at Layer 2 with IGMP snooping. Run the show multicast snooping route extensive CLI command to see this count in the Statistics: … n packets output field. The other statistics in that output field, kBps and pps, are not available (values displayed there are not valid statistics for multicast traffic at Layer 2). In earlier releases in this release train, all three values in the Statistics output field for kBps, pps, and packets did not provide valid statistics for multicast traffic at Layer 2.

    [See show multicast snooping route.]

Network Management and Monitoring

  • entPhysicalTable fetched on QFX10002—In Junos OS Release 20.1R1, the MIB data for entPhysicalTable will be fetched on a QFX10002-72Q or QFX10002-36Q switch.

    [See SNMP Explorer.]

Known Limitations

Learn about known limitations in Junos OS Release 20.1R1 for QFX Series. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Class of Service (CoS)

  • On QFX5100 platforms, due to major BCM sdk upgrade in 20.1R1 (from sdk 6.3.7 to 6.5.16), ISSU is not supported from any earlier releases to 20.1R1. PR1479439

General Routing

  • Downgrade from a TVP image to a non-TVP image is not supported. Upgrade from a non-TVP image to a TVP image is supported. PR1345848

Infrastructure

  • If Junos OS panics with a file-system-related panic, such as 'dup alloc', recovery through the OAM shell might be needed. From the OAM shell, run fsck on the root volume until it is marked clean. Only at this point, it is safe to reboot to the normal volume. PR1444941

Layer 2 Ethernet Services

  • In EVPN multihomed active-active scenario, when LACP is enabled on PE-CE child member links, LACP force-up feature should not be enabled in conjunction with EVPN core isolation feature (enabled by default) because it is currently not supported in this scenario as these two features are contradictory in terms of action they take. PR1461581

Open Issues

Learn about open issues in Junos OS Release 20.1R1 for QFX Series. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Class of Service (CoS)

  • When CPU Q cells (memory) are exhausted, even though the incoming packet rate is less than allowed BW, you will observe DDOS violations. PR1381775

  • The priority-based flow control (PFC) feature is not supported on QFX5120 2-member Virtual Chassis currently due to BCM limitation. PR1431895

EVPN

  • In Ethernet Virtual Private Network - Virtual Extensible LAN (EVPN-VXLAN) core isolation scenario, the server is multihomed to the leaf devices through link aggregation control protocol (LACP) interfaces. If graceful restart (GR) is enabled, upon system reboot or restart routing on the leaf device, the core isolation will not work. In the system reboot case, the issue results in the leaf device being dropped silently the traffic sent from the server during the time window between LACP coming up and border gateway protocol (BGP) coming up. In the restart routing case, there might be no traffic drop because of the GR. PR1461795

General Routing

  • Intermittent traffic loss is observed with RTG streams while flapping the RTG primary interface. PR1388082

  • On QFX5110 and QFX5120 platforms, uRPF check in strict mode might not work properly. PR1417546

  • On switches running Junos OS with link aggregation control protocol (LACP) enabled, deactivating a remote aggregate Ethernet member link makes the local member link move to LACP detached state. The detached link is then invalidated from the Packet Forwarding Engine aggregated Ethernet-Forwarding table as expected. However, if the device is rebooted with this state, all the member links are enabled in Packet Forwarding Engine aggregated Ethernet-Forwarding table irrespective of LACP states, which result in traffic drop. PR1423707

  • when routing process is restarted, if system is configured with EVPN service, memory of l2 learning daemon increases by 4000 when you use show system processes extensive | match l2ald. PR1435561

  • The time taken to install or delete IPv4 or IPv6 routes into the FIB is slowed down in Junos OS Release 19.3. Analysis shows that rpd learning rates are not degraded but RIB to FIB download rate is degraded. PR1441737

  • On QFX10000 platforms, in an EVPN-VXLAN (spine-leaf) scenario, the QFX10000 spine switches are configured with VXLAN Layer 3 gateway (utilizing the virtual-gateway) on an IRB interface. If you enable and then subsequently remove the VXLAN Layer 3 gateway on this IRB interface on one or some of these spine switches, traffic drop might be observed. As a workaround, configure all virtual-gateways with unique v4 or v6 mac-address. PR1446291

  • Whenever any member in remote switched port analyzer (RSPAN) VLAN is removed from that VLAN, analyzer session for that RSPAN VLAN should be re-configured. PR1452459

  • When all the members of tanzanite Virtual Chassis are rebooted while traffic is running, for a quite period of time (~15 minutes) backup will be disconnected from master as the master-backup socket connection will be down and will be re-established after 15 minutes and backup will join the Virtual Chassis. PR1453399

  • In EVPN-VXLAN with service provider style configuration, if VLAN name associated with access ports is changed, then virtual bridge domain might not be created. This is because bridge domain add notification for the new VLAN comes before bridge domain delete for the old VLAN. Because of this, virtual bridge domain might not be created and MAC learning does not happen. PR1454095

  • On QFX5110 with QSFP-100GBASE-SR4 optics made by Avago cannot linkup. Use the show chassis pic pic-slot 0 fpc-slot 0 command to identify the manufacturer of the optics. PR1457266

  • Overall commit time mostly mustd constraints evaluation takes 2 seconds extra because of persist group inheritance feature made as default in the latest releases. However, this feature helps in improving the next subsequent commit times significantly in case of scaled configuration. Persist-groups-inheritance feature would be useful in customer scenarios where groups and nested groups are used extensively. In those scenarios groups inheritance path will not be built every-time hence subsequent commits would be faster. PR1457939

  • The command show chassis environment o/p can be seen from back up members as well. The issue is common to all QFX platform. PR1474520

  • Interfaces are not detected on some of the ports when we swap the 25g SFPs and insert 10g SFP. PR1475574

  • On QFX5220 platforms, when lo0 firewall filter (inet/inet6) is used, Layer 3 forwarding traffic might be discarded by lo0 filter. PR1475620

Interfaces and Chassis

  • Multicast traffic can be flooded for 15 to 20 seconds to both MC-LAG peers, after the following sequence of steps:

    1. Disable or enable ICL.

    2. Reboot one of MC-LAG peers.

    3. Disable or enable a member link of ICL.

    This will result in no traffic loss, and one of the MC-LAG nodes will be processing duplicate packets during this time period. PR1422473

  • Flooding of ARP reply unicast packets is seen as a result of an ARP request sent for the device's VRRP MAC address. The ARP reply which is flooded in the VLAN by the device has the correct DMAC of the originator of the ARP request. In other words, the ARP reply is flooded but with the correct unicast DMAC. The ARP reply is not broadcasted.PR1454764

Layer 2 Features

  • On QFX5110 and QFX5200 platforms, if storm control enabled on the interfaces along VXLAN configuration, storm control will not get effected with ARP REQ packets coming more than storm control threshold. PR1469837

  • On QFX5000 platforms, you might see pools exhausted for Table:EGR_DVP_ATTRIBUTE error message when stats requests exceeded the supported scale because of the limited pool resources used for stat collection on the hardware. There is no functional impact except for stats collection for some hardware counters for which flex counter allocation failed for the time, the limit is exceeded. Stats counters start functioning normal without manual change when the pool comes back to normal limit. PR1479826

Layer 2 Ethernet Services

  • The DHCP DECLINE packets are not forwarded to the DHCP server when forward-only is set within dhcp-reply. PR1429456

Routing Protocols

  • DCPFE core file is generated after watchdog trigger caused by the failed MAC deletion notification. The following repeated messages before the core file generation can be an evidence of the problem: BRCM_SALM:brcm_salm_periodic_clear_pending(),125: Failed to delete Pendingentres for unit = 0, tgid = 1, err code = -9. PR1371092

  • On QFX5100 Virtual Chassis/Virtual Chassis Fabric , When mini-PDT-base configuration is issued, the following error message is seen in the hardware: BRCM_NH-,brcm_nh_bdvlan_ucast_uninstall(), 128:l3 nh 6594 unintsall failed. There is no functionality impact because of this error message. PR1407175

  • BGP route addition and deletion time and BGP, OSPF and ISIS link flap convergence time is increased in 19.4. PR1464572

  • MUX state of LACP interface does not change sometimes when force-up is configured. PR1484523

Resolved Issues

Learn which issues were resolved in Junos OS main and maintenance releases for QFX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper online Junos Problem Report Search application.

Class of Service (CoS)

  • Shaping does not work after the reboot if shaping-rate is configured. PR1432078

  • The traffic is placed in network-control queue on extended port even if it comes in with different DSCP marking. PR1433252

  • On QFX5120 switches, moving unicast traffic to multicast queue via MF classifer, show interface queue command does not display any status. PR1459281

EVPN

  • The rpd might crash with EVPN-related configuration changes in a static VXLAN to MPLS stitching scenario. PR1467309

Forwarding and Sampling

  • Type 1 ESI/AD route might not be generated locally on EVPN PE in the all-active mode. PR1464778

General Routing

  • On QFX5100 Virtual Chassis, MacDrainTimeOut and bcm_port_update failed: Internal error is observed. PR1284590

  • The show chassis errors active detail command does not support on QFX5000 platforms. PR1386255

  • The 10G fiber interfaces might flap frequently when they are connected to Brocade switch (VDX8770). PR1409448

  • The optic comes with Tx enabled by default. As the port is administratively disabled, the port is stopped but as the port has not been started, it does not disable Tx. PR1411015

  • Part of routes could not be provided into Packet Forwarding Engine when both IPv4 and IPv6 are used. PR1412873

  • The show interface command shows Media type: Fiber on QFX5100-48T switches running "QFX 5e Series" image. PR1419732

  • Ports might get incorrectly channelized if they are channelized to 10-Gbps and they are again channelized to 10-Gbps. PR1423496

  • CoS rewrite rules applied under an aggregated Ethernet interface might not take effect after nonstop software upgrade (NSSU). PR1430173

  • The l2cpd process might crash and generate a core file when interfaces flap. PR1431355

  • The FPC might crash when a firewall filter is modified. PR1432116

  • When you plug-in to unsupported SFP-T module, the line card might crash. PR1432809

  • BGP neighborship might not come up if the MACsec feature is configured. PR1438143

  • QFX5100 Virtual Chassis does not come up after replacing Virtual Chassis port fiber connection with DAC cable. PR1440062

  • MAC addresses learned on RTG might not be aged out after a Virtual Chassis member is rebooted. PR1440574

  • Packet loss might be seen if IPoIP or MPLSoUDP dynamic tunnels is configured with ECMP. PR1446132

  • On QFX5100 Virtual Chassis, cyclic redundancy check (CRC) error might be seen on the Virtual Chassis Port (VCP). PR1449406

  • Except one aggregated Ethernet member link, the other links do not send out sFlow sample packets for ingress traffic. PR1449568

  • The em0 route might be rejected after the em0 interface is disabled and then enabled. PR1449897

  • FPC does not restart immediately after rebooting the system. That might cause packet loss. PR1449977

  • On QFX10000 platforms, CoS classification does not work. PR1450265

  • The l2ald and eventd process are hogging 100 percent after issued the clear ethernet-switching table command. PR1452738

  • The classifier configuration does not get applied to the interface in an EVPN/VXLAN environment. PR1453512

  • The show chassis led command shows incorrect status. PR1453821

  • On QFX5100 Virtual chassis, VGD process hogs the CPU without switch-options vtep-source-interface lo0.0 configuration. PR1454014

  • On QFX5110 Virtual Chassis, master FPC might come up in master state again after reboot instead of backup. PR1454343

  • On QFX5000 platform, the dcpfe process crashes because usage of data which is not NULL is terminated. PR1454527

  • On QFX10002-60C EVPN-VXLAN, MAC+IP count is shown as zero. PR1454603

  • On QFX5120 switches, untagged hosts ARP/NS requests connected on encapsulation ethernet-bridge interface are not being resolved. PR1454804

  • A firewall filter might not be able to be applied in a particular Virtual Chassis or Virtual Chassis Fabric member as TCAM is running out of space. PR1455177

  • In a 16+ member QFX5100 Virtual Chassis Fabric, the FROM column under the show system users output reports feb0/1/2/3 for fpc16/17/18/19 respectively. PR1455201

  • The priority-based flow control (PFC) feature does not work on QFX10000 Series platforms. PR1455309

  • The cosd crash might be observed if the forwarding-class-set is directly applied on the child interface of an aggregated Ethernet interface. PR1455357

  • Link up delay and traffic drop might be seen on mixed service provider Layer 2/Layer 3 and enterprise style Layer 2 type configurations. PR1456336

  • The Packet Forwarding Engine process might crash after Routing Engine switchover on QFX10000 platforms. PR1457414

  • Overtemperature SNMP trap messages are displayed after update even though the temperatures are within the system thresholds. PR1457456

  • On QFX5110 switches, port 51 has one LED blinking amber continuously. PR1457516

  • On QFX5210 switches, LED does not light on port 64 and 65 after upgraded to Junos OS Release 19.2R1. PR1458514

  • Show dynamic-tunnels database does not show v6 mapped next-hop flag for 6PE routes that have labels. PR1458634

  • The BPDU packet might be looped between leaf DF switch and non-DF switch and causes traffic blocking. PR1458929

  • On QFX5200 switches, DHCPv6 LDRA relay bounded count is not as expected after DHCP configured. PR1459499

  • The fxpc process might crash because the BGP IPv6 session flaps. PR1459759

  • The forwarding option is missed in routing instance type. PR1460181

  • The accept-source-mac feature with VXLAN is not working on QFX5000 platforms. PR1460885

  • The statement show forwarding-options enhanced-hash-key is not supported for QFX10000 platform. PR1462519

  • The "entPhysicalTable" MIB is not fetching expected data on QFX10002-72Q / 36Q platforms. PR1462582

  • The fxpc process might generate core files when changing MTU in a VXLAN scenario with firewall filters applied on QFX5000 platforms. PR1462594

  • On QFX5100 Virtual Chassis/Virtual Chassis Fabric, observes BRCM-VIRTUAL,brcm_vxlan_walk_svp(),6916:Failed to find L2-iff for ifl: error while cleanup EVPN-VXLAN configurations with mini-PDT base configurations. PR1463939

  • On PTX10000, the FPC might restart during run time. PR1464119

  • On QFX10000 platforms, the interface might not come up on FPC restart. PR1464650

  • QFX5100-24Q: Unable to apply DSCP rewrite to firewall filter to a Layer 3 subinterface (for example, xe-0/0/0.100). PR1464883

  • PEM is not present spontaneously on QFX5210. PR1465183

  • On QFX5100-48T switches, a 10-Gigabit Ethernet interface might not come up or negotiate at speed 1-Gbps when connected with BRCM 10G/GbE 2+2P 57800-t rNDC. PR1465196

  • The QSFP-100G-PSM4 could not be correctly identified on QFX5200 or QFX5110 platforms. PR1465214

  • The physical interface of aggregated Ethernet might take time to come up after disabling or enabling it. PR1465302

  • Junos exhibits inconsistent fan and power supply numbering on whiteboxs (-O and -OZ) in 19.2R1. PR1465327

  • In Virtual Chassis scenario, the broadcast and multicast traffic might be dropped over IRB or LAG interface. PR1466423

  • BGP open messages with specific types of BGP optional capabilities causing BMP messages not to be encoded correctly when sent to the BMP collector. PR1466477

  • On QFX10000 platforms, EBUF parity interrupt is not seen. PR1466532

  • IPv6 traffic over Layer 3 VPN might fail. PR1466659

  • Slow packet drops might be seen on QFX5000 platforms. PR1466770

  • EPR iCRC errors in QFX10000 Series platforms might cause protocols down. PR1466810

  • Few of DHCPvX INFORM messages, specific to particular VLAN are not receiving any ACK from server. PR1467182

  • Ingress drops to be included at CLI from interface statistics and added to InDiscards. PR1468033

  • Optics measurements might not be streamed for interfaces of a PIC over JTI. PR1468435

  • MAC address might not be learned on a new extended port after VMotion in Junos Fusion Data Center environment. PR1468732

  • QFX5000 platform is looping the IP routed packet through IS-IS or MPLS. PR1469998

  • Incorrect counter values are observed for the arrival rate and peak rate for DDoS commands. PR1470385

  • On QFX5100 and EX4300 mixed-mode Virtual Chassis, unable to configure 10m speed on the Gigabit Ethernet interface. PR1471216

  • In VXLAN scenario on QFX10000 series platforms, when VTEP source interface is configured in multiple routing instances, the traffic loss might occur. PR1471465

  • On QFX5000 platforms, egress PACL size is half. PR1472206

  • The shaping of CoS does not work after reboot. PR1472223

  • The detached interface in LAG might process the xSTP BPDUs. PR1473313

  • The RIPv2 packets forwarded across a Layer 2 circuit connection might be dropped. PR1473685

  • On QFX5000 platforms in EVPN-VXLAN scenario, continuous log messages might be observed. PR1474545

  • Layer 2 circuit might fail to communicate via VLAN 2 on QFX5000 platforms. PR1474935

  • DAC cables are not being properly detected in Packet Forwarding Engine on QFX5200 switches. PR1475249

  • QFX5000 leaf device might fail to forward the traffic in a multicast environment with VxLAN. PR1475430

  • QFX platform generates invalid PFE PG counter pairs to copy, src 0xfffff80, dst 0 file. PR1476829

  • The remaining interface might be still in downstate even the number of channelized interfaces is no more than five. PR1480480

  • ARP request packets for unknown host might get dropped in remote PE in EVPN-VXLAN scenario. PR1480776

High Availability (HA) and Resiliency

  • Unified ISSU does not support for QFX5000 platforms. PR1472183

Interfaces and Chassis

  • VRRP-v6 state is flapping with init and idle states after configuring vlan-tagging. PR1445370

  • The traffic might be forwarded to incorrect interfaces in MC-LAG scenario. PR1465077

  • On QFX platform, vrrpv3mibs are not working to poll VRRP-v6 related objects. PR1467649

  • Executing commit might become unresponsive due to stuck dcd process. PR1470622

  • Commit error is not thrown when member link is added to multiple aggregation group with different interface specific options. PR1475634

Junos Fusion Enterprise

  • Loop detection might not work on extended ports in Junos fusion for enterprise scenarios. PR1460209

Junos Fusion Satellite Software

  • In Junos fusion for enterprise, dpd might crash on satellite devices running SNOS. PR1460607

Layer 2 Features

  • On QFX5100 switches, storm control configuration might be disabled for the interface. PR1354889

  • Physical layer and MAC/ARP learning might not work for copper base SFP-T on QFX5100 and QFX5110. PR1437577

  • The LLDP function might fail when a Juniper device connects to a non-Juniper device. PR1462171

  • Few MAC addresses might be missing from software MAC table on QFX5000 platforms. PR1467466

  • After rebooting, the FXPC core file might be seen when committing the configuration. PR1467763

  • Ingress traffic might be silently dropped if underlying interface flaps in EVPN-VXLAN scenario. PR1469596

  • Traffic might be affected if composite next-hop is enabled. PR1474142

Layer 2 Ethernet Services

  • In an EVPN-VXLAN ERB scenario, dhcp relay-source lo0.1 is not used when enabled with anycast legacy IRB. PR1455076

  • Member links state might be asychronized on a connection between PE and CE in EVPN A/A scenario. PR1463791

Multiprotocol Label Switching (MPLS)

  • On QFX10002 switches, the show mpls static-lsp | display xml command produces INVALID XML. PR1469378

  • MPLS LDP ping or trace route fails over QFX5100 as transit PHP node. PR1477301

Platform and Infrastructure

  • The stylesheet language alternative syntax (SLAX) script might be lost after upgrading software. PR1479803

Routing Protocols

  • In a scaled setup, when the host table is full and the host entries are installed in the LPM table, OSPF sessions might take more time to come up. PR1358289

  • Invalid VRRP mastership election on QFX5110 Virtual Chassis peers. PR1367439

  • Host-destined packets with filter log action might not reach to the Routing Engine if log/syslog is enabled. PR1379718

  • On QFX5100, BGP v4/v6 convergence and RIB install or delete time degraded in Junos OS Releases 19.1R1, 19.2R1, 19.3R1, and 19.4R1. PR1414121

  • On QFX5000 platforms, the traffic with destination UDP port 520 (RIP) or 521 (RIPng) gets dropped. PR1429543

  • PIM (S, G) joins can cause MSDP to incorrectly announce source active messages in some cases. PR1443713

  • CRC errors might be seen on QFX5100 Virtual Chassis. PR1444845

  • The core file might be generated when you add or remove EVPN Type-5 routing instance. PR1455547

  • On QFX5000 platforms, egress port for ARP entry in Packet Forwarding Engine is not modified from VTEP to local ESI port, after device boots up.PR1460688

  • On QFX5100 Virtual Chassis/Virtual Chassis Fabric, the brcm_ipmc_route_counter_delete:3900Multicast stat destroy failed (-10:Operation still running) error observed after unified ISSU with Mini-PDT base configurations. PR1460791

  • The other querier present interval timer cannot be changed in IGMP/MLD snooping scenario. PR1461590

  • When IRB is deleted on the Layer 3 gateway, IRB does not get removed from the Packet Forwarding Engine and result in traffic drop in IRB MAC address. PR1463092

  • The mcsnoopd crash might be seen if one BD/VLAN is configured as part of EVPN and it has any multicast router interfaces (static/dynamic). PR1468737

  • Traffic might not be forwarded over ECMP link in EVPN VXLAN scenario. PR1475819

  • GRE transit traffic does not forward in VRRP scenario. PR1477073

Documentation Updates

There are no errata or changes in Junos OS Release 20.1R1 documentation for the QFX Series.

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network.

Upgrading Software on QFX Series Switches

When upgrading or downgrading Junos OS, always use the jinstall package. Use other packages (such as the jbundle package) only when so instructed by a Juniper Networks support representative. For information about the contents of the jinstall package and details of the installation process, see the Installation and Upgrade Guide and Junos OS Basics in the QFX Series documentation.

If you are not familiar with the download and installation process, follow these steps:

  1. In a browser, go to https://www.juniper.net/support/downloads/junos.html.

    The Junos Platforms Download Software page appears.

  2. In the QFX Series section of the Junos Platforms Download Software page, select the QFX Series platform for which you want to download the software.
  3. Select 20.1 in the Release pull-down list to the right of the Software tab on the Download Software page.
  4. In the Install Package section of the Software tab, select the QFX Series Install Package for the 20.1 release.

    An Alert box appears.

  5. In the Alert box, click the link to the PSN document for details about the software, and click the link to download it.

    A login screen appears.

  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.
  7. Download the software to a local host.
  8. Copy the software to the device or to your internal software distribution site.
  9. Install the new jinstall package on the device.Note

    We recommend that you upgrade all software packages out of band using the console, because in-band connections are lost during the upgrade process.

    Customers in the United States and Canada use the following command:

    user@host> request system software add source/jinstall-host-qfx-5-x86-64-20.1-R1.n-secure-signed.tgz reboot

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the switch.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname (available only for Canada and U.S. version)

    Adding the reboot command reboots the switch after the upgrade is installed. When the reboot is complete, the switch displays the login prompt. The loading process can take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note

After you install a Junos OS Release 20.1 jinstall package, you can issue the request system software rollback command to return to the previously installed software.

Installing the Software on QFX10002-60C Switches

This section explains how to upgrade the software, which includes both the host OS and the Junos OS. This upgrade requires that you use a VM host package—for example, a junos-vmhost-install-x.tgz .

During a software upgrade, the alternate partition of the SSD is upgraded, which will become primary partition after a reboot .If there is a boot failure on the primary SSD, the switch can boot using the snapshot available on the alternate SSD.

Note

The QFX10002-60C switch supports only the 64-bit version of Junos OS.

Note

If you have important files in directories other than /config and /var, copy the files to a secure location before upgrading. The files under /config and /var (except /var/etc) are preserved after the upgrade.

To upgrade the software, you can use the following methods:

If the installation package resides locally on the switch, execute the request vmhost software add <pathname><source> command.

For example:

user@switch> request vmhost software add /var/tmp/junos-vmhost-install-qfx-x86-64-20.1R1.9.tgz

If the Install Package resides remotely from the switch, execute the request vmhost software add <pathname><source> command.

For example:

user@switch> request vmhost software add ftp://ftpserver/directory/junos-vmhost-install-qfx-x86-64-20.1R1.9.tgz

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Installing the Software on QFX10002 Switches

Note

If you are upgrading from a version of software that does not have the FreeBSD 10 kernel (15.1X53-D30, for example), you will need to upgrade from Junos OS Release 15.1X53-D30 to Junos OS Release 15.1X53-D32. After you have installed Junos OS Release 15.1X53-D32, you can upgrade to Junos OS Release 15.1X53-D60 or Junos OS Release 18.3R1.

Note

On the switch, use the force-host option to force-install the latest version of the Host OS. However, by default, if the Host OS version is different from the one that is already installed on the switch, the latest version is installed without using the force-host option.

If the installation package resides locally on the switch, execute the request system software add <pathname><source> reboot command.

For example:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-f-x86-64-20.1R1.n-secure-signed.tgz reboot

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> reboot command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-f-x86-64-20.1R1.n-secure-signed.tgz reboot

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Upgrading Software from Junos OS Release 15.1X53-D3X to Junos OS Release 15.1X53-D60, 15.1X53-D61.7, 15.1X53-D62, and 15.1X53-D63 on QFX10008 and QFX10016 Switches

Note

Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://www.juniper.net/support.

The switch contains two Routing Engines, so you will need to install the software on each Routing Engine (re0 and re1).

If the installation package resides locally on the switch, execute the request system software add <pathname><source> command.

To install the software on re0:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re0

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re0 command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re0

To install the software on re1:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re1

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re1 command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re1

Reboot both Routing Engines.

For example:

user@switch> request system reboot both-routing-engines

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Installing the Software on QFX10008 and QFX10016 Switches

Because the switch has two Routing Engines, perform a Junos OS installation on each Routing Engine separately to avoid disrupting network operation.

Note

Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://www.juniper.net/support.

Warning

If graceful Routing Engine switchover (GRES), nonstop bridging (NSB), or nonstop active routing (NSR) is enabled when you initiate a software installation, the software does not install properly. Make sure you issue the CLI delete chassis redundancy command when prompted. If GRES is enabled, it will be removed with the redundancy command. By default, NSR is disabled. If NSR is enabled, remove the nonstop-routing statement from the [edit routing-options] hierarchy level to disable it.

  1. Log in to the master Routing Engine’s console.

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  2. From the command line, enter configuration mode:

    user@switch> configure
  3. Disable Routing Engine redundancy:

    user@switch# delete chassis redundancy
  4. Disable nonstop-bridging:

    user@switch# delete protocols layer2-control nonstop-bridging
  5. Save the configuration change on both Routing Engines:

    user@switch# commit synchronize
  6. Exit the CLI configuration mode:

    user@switch# exit

    After the switch has been prepared, you first install the new Junos OS release on the backup Routing Engine, while keeping the currently running software version on the master Routing Engine. This enables the master Routing Engine to continue operations, minimizing disruption to your network.

    After making sure that the new software version is running correctly on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the software version on the other Routing Engine.

  7. Log in to the console port on the other Routing Engine (currently the backup).

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  8. Install the new software package using the request system software add command:

    user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-f-x86-64-20.1R1.n-secure-signed.tgz

    For more information about the request system software add command, see the CLI Explorer.

  9. Reboot the switch to start the new software using the request system reboot command:

    user@switch> request system reboot
    Note

    You must reboot the switch to load the new installation of Junos OS on the switch.

    To abort the installation, do not reboot your switch. Instead, finish the installation and then issue the request system software delete <package-name> command. This is your last chance to stop the installation.

    All the software is loaded when you reboot the switch. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.

    While the software is being upgraded, the Routing Engine on which you are performing the installation is not sending traffic.

  10. Log in and issue the show version command to verify the version of the software installed.

    user@switch> show version

    Once the software is installed on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the master Routing Engine software.

  11. Log in to the master Routing Engine console port.

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  12. Transfer routing control to the backup Routing Engine:

    user@switch> request chassis routing-engine master switch

    For more information about the request chassis routing-engine master command, see the CLI Explorer.

  13. Verify that the backup Routing Engine (slot 1) is the master Routing Engine:

    user@switch> show chassis routing-engine
  14. Install the new software package using the request system software add command:

    user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-f-x86-64-20.1R1.n-secure-signed.tgz

    For more information about the request system software add command, see the CLI Explorer.

  15. Reboot the Routing Engine using the request system reboot command:

    user@switch> request system reboot
    Note

    You must reboot to load the new installation of Junos OS on the switch.

    To abort the installation, do not reboot your system. Instead, finish the installation and then issue the request system software delete jinstall <package-name> command. This is your last chance to stop the installation.

    The software is loaded when you reboot the system. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.

    While the software is being upgraded, the Routing Engine on which you are performing the installation does not send traffic.

  16. Log in and issue the show version command to verify the version of the software installed.

  17. Transfer routing control back to the master Routing Engine:

    user@switch> request chassis routing-engine master switch

    For more information about the request chassis routing-engine master command, see the CLI Explorer.

  18. Verify that the master Routing Engine (slot 0) is indeed the master Routing Engine:

    user@switch> show chassis routing-engine

Performing a Unified ISSU

You can use unified ISSU to upgrade the software running on the switch with minimal traffic disruption during the upgrade.

Note

Unified ISSU is supported in Junos OS Release 13.2X51-D15 and later.

Perform the following tasks:

Preparing the Switch for Software Installation

Before you begin software installation using unified ISSU:

  • Ensure that nonstop active routing (NSR), nonstop bridging (NSB), and graceful Routing Engine switchover (GRES) are enabled. NSB and GRES enable NSB-supported Layer 2 protocols to synchronize protocol information between the master and backup Routing Engines.

    To verify that nonstop active routing is enabled:

    Note

    If nonstop active routing is enabled, then graceful Routing Engine switchover is enabled.

    If nonstop active routing is not enabled (Stateful Replication is Disabled), see Configuring Nonstop Active Routing on Switches for information about how to enable it.

  • Enable nonstop bridging (NSB). See Configuring Nonstop Bridging on Switches (CLI Procedure) for information on how to enable it.

  • (Optional) Back up the system software—Junos OS, the active configuration, and log files—on the switch to an external storage device with the request system snapshot command.

Upgrading the Software Using Unified ISSU

This procedure describes how to upgrade the software running on a standalone switch.

To upgrade the switch using unified ISSU:

  1. Download the software package by following the procedure in the Downloading Software Files with a Browser section in Installing Software Packages on QFX Series Devices.

  2. Copy the software package or packages to the switch. We recommend that you copy the file to the /var/tmp directory.

  3. Log in to the console connection. Using a console connection allows you to monitor the progress of the upgrade.

  4. Start the ISSU:

    • On the switch, enter:

      where package-name.tgz is, for example, jinstall-host-qfx-10-f-x86-64-20.1R1.n-secure-signed.tgz.

    Note

    During the upgrade, you cannot access the Junos OS CLI.

    The switch displays status messages similar to the following messages as the upgrade executes:

    Note

    A unified ISSU might stop, instead of abort, if the FPC is at the warm boot stage. Also, any links that go down and up will not be detected during a warm boot of the Packet Forwarding Engine (PFE).

    Note

    If the unified ISSU process stops, you can look at the log files to diagnose the problem. The log files are located at /var/log/vjunos-log.tgz.

  5. Log in after the reboot of the switch completes. To verify that the software has been upgraded, enter the following command:

  6. Ensure that the resilient dual-root partitions feature operates correctly, by copying the new Junos OS image into the alternate root partitions of all of the switches:

    Resilient dual-root partitions allow the switch to boot transparently from the alternate root partition if the system fails to boot from the primary root partition.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2 and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.

You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.