Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for EX Series Switches

 

These release notes accompany Junos OS Release 20.1R3 for the EX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

What's New

Learn about new features introduced in the Junos OS main and maintenance releases for EX Series switches.

Note

The following EX Series switches are supported in Release 20.1R3: EX2300, EX2300-C, EX3400, EX4300, EX4600-40F, EX4650, EX9200, EX9204, EX9208, EX9214, EX9251, and EX9253.

What’s New in Release 20.1R3

There are no new features or enhancements to existing features for EX Series switches in Junos OS Release 20.1R3.

What’s New in Release 20.1R2

There are no new features or enhancements to existing features for EX Series switches in Junos OS Release 20.1R2.

What’s New in Release 20.1R1

EVPN

  • Routing traffic between a VXLAN and a Layer 3 logical interface (EX4650 and QFX5120)—Starting in Junos OS Release 20.1R1, EX4650 and QFX5120 switches support the routing of traffic between a Virtual Extensible LAN (VXLAN) and a Layer 3 logical interface. (You can configure the Layer 3 logical interface using the set interfaces interface-name unit logical-unit-number family inet address ip-address/prefix-length or the set interfaces interface-name unit logical-unit-number family inet6 address ipv6-address/prefix-length command.) This feature is enabled by default, so you do not need to take any action to enable it.

    Note

    By default, this feature is disabled on QFX5110 switches. To enable the feature on QFX5110 switches, you must perform the configuration described in Understanding How to Configure VXLANs and Layer 3 Logical Interfaces to Interoperate.

Interfaces and Chassis

  • Support for static link protection on aggregated interfaces (EX4650, QFX5120-32C, and QFX5120-48Y)—Starting in Junos OS Release 20.1R1, you can enable link protection on aggregated interfaces for a specified static label-switched path (LSP). You can designate a primary and a backup physical link to support link protection. Egress traffic passes only through the designated primary link. This traffic includes transit traffic and locally generated traffic on the router. When the primary link fails, traffic is routed through the backup link.

    [See link-protection.]

Junos OS XML, API, and Scripting

  • The jcs:load-configuration template supports loading the rescue configuration (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.1R1, the jcs:load-configuration template supports the rescue parameter to load and commit the rescue configuration on a device. SLAX and XSLT scripts can call the jcs:load-configuration template with the rescue parameter set to "rescue" to replace the active configuration with the rescue configuration.

    [See Changing the Configuration Using SLAX and XSLT Scripts and jcs:load-configuration Template.]

Junos Telemetry Interface

  • MPLS and local routing sensor streaming support on JTI (EX2300, EX3400, EX4300, EX4600, and EX9200)—Junos OS Release 20.1R1 provides MPLS constrained-path Label Switched Paths (LSPs), RSVP-Traffic Engineering (RSVP-TE) and local routing statistics using Junos telemetry interface (JTI) and remote procedure call (gRPC) services. Streaming statistics are sent to an outside collector at configurable intervals.

    The following resource paths are supported:

    • Local routing (resource path /local-routes/)

    • MPLS constrained-path LSPs and RSVP-TE (resource path /network-instances/network-instance/mpls/)

    To provision the sensor to export data through gRPC services, use the telemetrySubscribe RPC.

    Streaming telemetry data through gRPC or gNMI also requires the OpenConfig for Junos OS module.

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

  • JTI infrastructure support for (EX2300, EX2300-MP, and EX3400)—Junos OS Release 20.1R1 provides Junos telemetry interface (JTI) infrastructure support for EX2300, EX2300-MP, and EX3400 switches.

Layer 2 Features

  • Q-in-Q support on redundant trunk links using LAGs with link protection (EX4300-MP switches and Virtual Chassis)—Starting in Junos OS Release 20.1R1, Q-in-Q is supported on redundant trunk links (also called “RTGs”) using LAGs with link protection. Redundant trunk links provide a simple solution for network recovery when a trunk port on a switch goes down. In that case, traffic is routed to another trunk port, keeping network convergence time to a minimum.

    Q-in-Q support on redundant trunk links on a LAG with link protection also includes support for the following items:

    • Configuration of flexible VLAN tagging on the same LAG that supports the redundant links configurations

    • Multiple redundant links configurations on one physical interface

    • Multicast convergence

    [See Q-in-Q Support on Redundant Trunk Links Using LAGs with Link Protection.]

Multicast

  • PIM with IPv6 multicast traffic (EX4650 and QFX5120-48Y)—Starting in Junos OS Release 20.1R1, EX4650 and QFX5120-48Y switches support Protocol Independent Multicast (PIM) with IPv6 multicast traffic as follows:

    • PIM sparse mode (PIM-SM), PIM dense mode (PIM-DM), and PIM sparse-dense mode (PIM-SDM)

    • PIM any-source multicast (PIM-ASM) and PIM source-specific multicast (PIM-SSM)

    • Static, embedded, and anycast rendezvous points (RPs)

    [See PIM Overview.]

Routing Policy and Firewall Filters

  • Support for flexible-match-mask match condition (EX4650 and QFX-Series)—Starting with Junos OS Release 20.1R1, for EX4650, QFX5120-32C, and QFX5120-48Y switches, the flexible-match-mask match condition in firewall filters is supported for the inet, inet6, and ethernet-switching families. With this feature, you can configure a filter by specifying the length of the match (4 bytes maximum) starting from a Layer 2 or Layer 3 packet offset.

    [See Firewall Filter Flexible Match Conditions.]

Storage and Fibre Channel

  • FIP snooping (EX4650-48Y and QFX5120-48Y)—Starting in Junos OS Release 20.1R1, EX4650-48Y and QFX5120-48Y switches support Fibre Channel over Ethernet (FCoE) Initialization Protocol (FIP) snooping. With FIP snooping enabled on these switches, you prevent unauthorized access and data transmission to a Fibre Channel (FC) network by permitting only those servers that have logged in to the FC network to access the network. You enable FIP snooping on FCoE VLANs when the switch is being used as an FCoE transit switch that connects FC initiators (servers) on the Ethernet network to FCoE forwarders at the FC storage area network (SAN) edge.

    [See Understanding FCoE Transit Switch Functionality and Understanding VN_Port to VN_Port FIP Snooping on an FCoE Transit Switch.]

System Management

  • Change status LED for network port to chassis beacon light (EX4300-48MP switch and EX4300-48MP Virtual Chassis)—By default, when a network port and its associated link are active, the status LED for that port blinks green 8 times per second. Starting in Junos OS Release 20.1R1, you can use the request chassis beacon command to slow down the current blinking rate to 2 blinks per second. The slower-blinking and steadier green light acts as a beacon that leads you to an EX4300-48MP switch or a particular port in a busy lab.

    Using options with the request chassis beacon command, you can do the following for one or all network port status LEDs on a specified FPC:

    • Turn on the beacon light for:

      • 5 minutes (default)

      • A specified number of minutes (1 through 120)

    • Turn off the beacon light:

      • Immediately

      • After a specified number of minutes (1 through 120)

    After the beacon light is turned off, the blinking rate for the network port’s status LED returns to 8 blinks per second.

    [See request chassis beacon.]

Virtual Chassis

  • Virtual Chassis support for up to four member switches (EX4650)—Starting in Junos OS Release 20.1R1, you can interconnect up to four EX4650-48Y switches into a Virtual Chassis managed as a single device. The Virtual Chassis:

    • Contains only EX4650-48Y switches.

    • Has two member switches in Routing Engine role (master, backup) and the remaining members in linecard role.

    • Supports 100GbE QSFP28 or 40GbE QSFP+ ports on the front panel (ports 48 through 55) as Virtual Chassis ports (VCPs).

    • Supports NSSU.

    A EX4650-48Y Virtual Chassis with two to four members now also supports the following protocol features that were not previously supported on a two-member EX4650-48Y Virtual Chassis:

    • IEEE 802.1X authentication

    • Layer 2 port security features, including IP source guard, IPv6 router advertisement (RA) guard, DHCP, and DHCP snooping

    • MPLS

    • Redundant trunk groups (RTG)

    EX4650-48Y Virtual Chassis has limitations on protocol feature support compared to the standalone switch. The following protocol features are not supported:

    • EVPN-VXLAN

    • Junos telemetry interface (JTI)

    • Multichassis link aggregation (MC-LAG)

    • Priority-based flow control (PFC)

    Configuration and operation are the same as for other EX Series and QFX Series Virtual Chassis.

    [See Virtual Chassis Overview for Switches, 802.1X Authentication, MPLS Overview, DHCP Snooping, Understanding DHCP Snooping (ELS), Understanding IP Source Guard for Port Security on Switches, and Understanding IPv6 Router Advertisement Guard.]

What's Changed

Learn about what changed in Junos OS main and maintenance releases for EX Series.

What’s Changed in Release 20.1R3

EVPN

  • IGMP snooping options has changed hierarchy level—Junos OS has moved the following options from the edit protocols igmp-snooping hierarchy to edit routing-instances evpn protocols igmp-snooping vlan <vlan-name/vlan-all> hierarchy:

    • query-interval

    • query-last-member-interval

    • query-response-interval

    • robust-count

    • evpn-ssm-reports-only

    • immediate-leave

General Routing

  • Configure internal IPsec authentication algorithm (EX Series)—You can configure the algorithm hmac-sha-256-128 at the [edit security ipsec internal security-association manual direction bidirectional authentication algorithm] hierarchy level for internal IP security (IPsec) authentication. In earlier releases, you could configure the algorithm hmac-sha-256-128 for MX series devices only.

Junos XML API and Scripting

  • The jcs:invoke() function supports suppression of root login and logout events in system log files for SLAX commit scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The jcs:invoke() extension function supports the no-login-logout parameter in SLAX commit scripts. If you include the parameter, the function does not generate and log UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages when the script logs in as root to execute the specified remote procedure call (RPC). If you omit the parameter, the function behaves as in earlier releases in which the root UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages are included in system log files.

    [See invoke() Function (SLAX and XSLT).]

  • The jcs:invoke() function supports suppression of root login and logout events in system log files for SLAX event scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The jcs:invoke() extension function supports the no-login-logout parameter in SLAX event scripts. If you include the parameter, the function does not generate and log UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages when the script logs in as root to execute the specified remote procedure call (RPC). If you omit the parameter, the function behaves as in earlier releases in which the root UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages are included in system log files.

    [See invoke() Function (SLAX and XSLT).]

Network Management and Monitoring

  • Support for specifying the YANG modules to advertise in the NETCONF capabilities and supported schema list (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—You can configure devices to emit third-party, standard, and Junos OS native YANG modules in the capabilities exchange of a NETCONF session by configuring the appropriate statements at the [edit system services netconf hello-message yang-module-capabilities] hierarchy level. In addition, you can specify the YANG schemas that the NETCONF server should include in its list of supported schemas by configuring the appropriate statements at the [edit system services netconf netconf-monitoring netconf-state-schemas] hierarchy level.

    [See hello-message and netconf-monitoring..]

Routing Protocols

  • Advertising /32 secondary loopback addresses to traffic engineering database as prefixes (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—We've made changes to export multiple loopback addresses to the lsdist.0 and lsdist.1 routing tables as prefixes. This eliminates the issue of advertising secondary loopback addresses as router IDs instead of prefixes. In earlier releases, we added multiple secondary loopback addresses in the traffic engineering database to the lsdist.0 and lsdist.1 routing tables as part of node characteristics and advertised them as the router ID.

User Interface and Configuration

  • Verbose format option to export JSON configuration data (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The Junos OS CLI exposes the verbose statement at the [edit system export-format json] hierarchy level. We changed the default format to export configuration data in JavaScript Object Notation (JSON) from verbose to ietf starting in Junos OS Release 16.1R1. You can explicitly specify the default export format for JSON configuration data by configuring the appropriate statement at the [edit system export-format json] hierarchy level. Although the verbose statement is exposed in the Junos OS CLI as of the current release, you can configure this statement starting in Junos OS Release 16.1R1.

    [See export-format.]

What’s Changed in Release 20.1R2

There are no changes in behavior and syntax for EX Series in Junos OS Release 20.1R2.

What’s Changed in Release 20.1R1

Class of Service (CoS)

  • We’ve corrected the output of the show class-of-service interface | display xml command. The output is of the following sort: <container> <leaf-1> data </leaf-1><leaf-2>data </leaf-2> <leaf-3> data</leaf-3> <leaf-1> data </leaf-1> <leaf-2> data </leaf-2> <leaf-3> data </leaf-3> </container> will now appear correctly as <container> <leaf-1> data </leaf-1><leaf-2>data </leaf-2> <leaf-3> data</leaf-3></container> <container> <leaf-1> data </leaf-1> <leaf-2> data </leaf-2> <leaf-3> data </leaf-3> </container>.

Interfaces and Chassis

  • Logical Interface is created along with physical Interface by default (EX Series switches, QFX Series switches, MX Series routers)—The logical interface is created on ge, et, xe interfaces along with the physical interface, by default. In earlier Junos OS Releases, by default, only physical interfaces were created. For example, for ge interfaces, earlier when you view the show interfaces command, by default, only the physical interface (ge-0/0/0), was displayed. Now, the logical interface (ge-0/0/0.16386) is also displayed.

Juniper Extension Toolkit (JET)

  • Set the trace log to only show error messages (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series)— You can set the verbosity of the trace log to only show error messages using the error option at the edit system services extension-service traceoptions level hierarchy.

    [See traceoptions (Services).]

Multicast

  • Multicast Layer 2 transit traffic statistics by multicast source and group (EX4600, EX4650, and the QFX5000 line of switches)—Starting in Junos OS Release 20.1R1, EX4600, EX4650, and the QFX5000 line of switches provide statistics on the packet count for each multicast group and source when passing multicast transit traffic at Layer 2 with IGMP snooping. Run the show multicast snooping route extensive CLI command to see this count in the Statistics: … n packets output field. The other statistics in that output field, kBps and pps, are not available (values displayed there are not valid statistics for multicast traffic at Layer 2). In earlier Junos OS releases, all three values in the Statistics output field for kBps, pps, and packets do not provide valid statistics for multicast traffic at Layer 2.

    [See show multicast snooping route.]

Known Limitations

Learn about known limitations in this release for EX Series. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

General Routing

  • The following error message might appear: Failed to complete DFE tuning. This error message has no functional impact and can be ignored. PR1473280

  • In a Q-in-Q environment, if xSTP is enabled on an interface having logical interface with vlan-id-list configured then it will only run on those logical interfaces whose vlan-id range includes native-vlan-id configured and all others will be in discarding state. This might lead to traffic drop. PR1532992

EVPN

  • On the EX4650 device, inter-VNI multicast is not supported in the EVPN-VXLAN edge routing model. PR1517082

Infrastructure

  • File system panic might occur after repeated power loss. PR1444941

  • On EX-4300MP switches, 9000 IPv6 MC routes can be installed. If you try to add more IPv6 MC routes, error messages are seen. PR1493671

Platform and Infrastructure

  • On the EX4300-MP device, ge and mge ports have different color contrasts due to different vendors. PR1470312

Open Issues

Learn about open issues in this release for EX Series. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Infrastructure

  • On EX Series switches, If you configure a large-scale number of firewall filters on some interfaces, the FPC might crash and generate core files. PR1434927

  • On EX 9251 switches, IFDE: Null uint32 set vector, ifd and IFFPC: 'IFD Ether uint32 set' (opcode 151) error message is observed continuously in AD with base configurations. PR1485038

  • On EX4300-MP switches, 9000 IPv6 MC routes can be installed. If you try to add more IPv6 MC routes, error messages are seen. PR1493671

  • A double free vulnerability in the software forwarding interface daemon (sfid) process allows an adjacently-connected attacker to cause a Denial of Service (DoS) by sending a crafted ARP packet to the device. PR1497768

  • The following error message is observed while loading the kernel: GEOM: mmcsd0s.enh: corrupt or invalid GPT detected. PR1549754

  • VLAN translation (vlan mapping) does not work for CFM (0x8902) and EAPOL (0x888e). PR1580129

Interfaces and Chassis

  • After GRES, the VSTP port cost on aggregated Ethernet interfaces might get changed, leading to a topology change. PR1174213

Junos Fusion Provider Edge

  • On Junos fusion system, intermediate traffic drop is sometimes seen between AD and SD when sFlow is enabled on the ingress interface. When sFlow technology is enabled, the original packet is getting corrupted for those packets that hit the sFlow filter This is due to few packets transmitted from the egress of AD1 is short of FCS (4 bytes) + 2 bytes of data, this leads to the drop of the packets. It is seen that the normal data packets are of size 128 bytes while the corrupted packet is 122 bytes. PR1450373

Layer 2 Features

  • GARPs were being sent whenever there was a MAC (fdb) operation (add or delete). This is now updated to send GARP when the interface is up and Layer 3 interface is attached to the VLAN. PR1192520

  • On EX series with third party chip based Packet Forwarding Engine, if MC-LAG is configured, and the ICL interface is a physical interface instead of an aggregated Ethernet interface, after one of the child links in multichassis aggregated Ethernet (MC-AE) interface on one of MC-LAG peers is disabled, the MAC addresses learnt from MC-LAG client device might keep flapping between the ICL interface and MC-AE interface. It could cause traffic drop when MAC addresses are learnt on ICL interface. PR1582473

Layer 2 Ethernet Services

  • If the forward-only is set within dhcp-reply in a device as a DHCP relay agent, the DHCP DECLINE packets that are broadcasted from the DHCP client are dropped and not forwarded to the DHCP server. PR1429456

Platform and Infrastructure

  • When VLAN is added as an action for changing the VLAN in both ingress and egress filters, the filter is not installed. PR1362609

  • On an EX9208 switch, a few xe- interfaces go down with the following error message if_msg_ifd_cmd_tlv_decode ifd xe-0/0/0 #190 down with ASIC Error. PR1377840

  • Unicast RPF in strict mode or ICMP redirect does not work properly. PR1417546

  • A minimal traffic loss of ~100 pps is seen on EX9208 switches when the packets are sent between FPCs. This is due to random drops happening in the fabric. Amount of drop varies on the line rate and occurs less frequently. PR1429714

  • On EX9214 switches, if the MACsec-enabled link flaps after reboot, the following error message is observed: errorlib_set_error_log(): err_id(-1718026239). PR1448368

  • On EX9208 switches, 33 percent degradation in MAC learning rate is seen in Junos OS Release 19.3R1 onwards while comparing with Junos OS Release 18.4R1. PR1450729

  • In overall commit time, the evaluation of mustd constraints is taking two seconds more than usual. This is because the persist-group-inheritance feature has been made as a default feature. Eventually, this feature helps improve the subsequent commit times for scaled configurations significantly. The persist-group-inheritance feature is useful in customer scenarios where groups and nested groups are used extensively. In those scenarios, the group inheritance paths are not built every time, thus subsequent commits are faster. PR1457939

  • On EX4300 switches, when packets entering a port exceed a size of 144 bytes, they might get dropped in very few cases. PR1464365

  • The following message may be seen in chassisd log after rebooting or configuration changing, and so on: re_tvp_builtin_fwinfo_update: Unable to get firmware version. PR1471938

  • The following syslog might be observed: Failed to complete DFE tuning . This message has no functional impact and can be ignored. PR1473280

  • Classifiers binding applied on wildcard gets overwritten by a different classifier type when applied on a single interface. PR1490699

  • While verifying Last-change op-state value through XML, rpc-reply message is inappropriate. PR1492449

  • SNMP POE MIB walk produce withers no results or sometimes result from the master Virtual Chassis whenever the Virtual Chassis is renamed as one. PR1503985

  • On the EX4300-48MP device, the reboot time, FPC uptime, and interface uptime are degraded by 20 percent when compared with Junos OS Releases 19.1R3, 19.2R2, and 19.4R2. PR1514364

  • The MAC addresses might fail aging out under a Virtual Chassis environment where a large number of MAC addresses are learned. This issue was observed with MAC entries 280,000 in the Virtual Chassis devices. PR1558128

  • EX2300 switches show high FPC CPU usage, however the system processes and kernel CPU usage does not add up to the overall FPC usage. This is a cosmetic issue with calculation of FPC CPU usage that has been resolved in newer releases of Junos OS Release 21.1R1 and later. PR1567438

  • Observing traffic drop during unified ISSU due to LAG interface flap. PR1569578

Resolved Issues

Learn which issues were resolved in Junos OS main and maintenance releases for EX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 20.1R3

Forwarding and Sampling

  • The configuration archive transfer-on-commit fails. PR1563641

General Routing

  • DHCP discover packets might be dropped if the DHCP inform packet is received first. PR1542400

High Availability (HA) and Resiliency

  • The ksyncd process generates core files while applying the configuration to logical interfaces. PR1551777

Infrastructure

  • On EX4600 and EX4300 Virtual Chassis or Virtual Chassis fabric, the VSTP configuration device goes unreachable and becomes nonresponsive after commit. PR1520351

  • On EX4300 Virtual Chassis or Virtual Chassis fabric, Observing HEAP malloc(0) detected. PR1546036

  • Traffic related to IRB interface might be dropped when mac-persistence-timer expires. PR1557229

Layer 2 Ethernet Services

  • OSPF and OSPFv3 adjacency uptime is more than expected after NSSU upgrade and outage is higher than the expected. PR1551925

Platform and Infrastructure

  • On EX Series platforms using chipset with SFP+ implemented, interface on the platforms might be in active status when TX or RX connector is removed. As a result, traffic might get droped. PR1495564

  • The DHCP traffic might not be forwarded correctly when DHCP sends unicast packets. PR1512175

  • Packet drops might be seen with all commit events for 1G speed configured interface. PR1524614

  • Traffic loss might be observed on interfaces in a VXLAN environment. PR1524955

  • On EX3400 Virtual Chassis, console access on backup Virtual Chassis member is not allowed. PR1530106

  • The lldp-receive-packet-count is not getting exchanged properly in l2pt operation for LLDP after configuring protocols. PR1532721

  • The LLDP neighborship with the VoIP phones cannot be established. PR1538482

  • On EX3400 and EX2300 switches, the upgrade fails due to the lack of available storage. PR1539293

  • FPC might not be recognized after the power cycle (hard reboot). PR1540107

  • The JNH memory leak could be observed on MPCs or MICs. PR1542882

  • The Slaac-Snoopd child process generates core file upon multiple switchovers on the Routing Engine. PR1543181

  • In every software upgrade, host needs to get upgrade. PR1543890

  • On EX4300-48MP switches with Linux TVP architecture and Junos OS as VM, the Junos CLI outputs do not confirm if the Junos OS and the host kernel are compatible with each other. PR1543901

  • The chip on FPC line card might crash when the system reboots. PR1545455

  • On EX4300 switches, FPC crash upon receipt of specific frames on an interface without L2PT or dot1x configured. PR1545530

  • FPC might not boot-up on EX9214 switches in certain conditions. PR1545838

  • Receipt of specific DHCPv6 packet might cause jdhcpd process to crash and restart. PR1546166

  • Classifier is not programmed in the hardware and error logs might be seen in syslog. PR1548159

  • The targeted-broadcast feature might not work after a reboot. PR1548858

  • The BGP session replication might fail to start after the session crashes on the backup Routing Engine. PR1552603

  • The show pfe route summary hw command shows random high free and Used column for IPv6 LPM (< 64)'routes. PR1552623

  • The action-shutdown statement of storm control does not work for ARP broadcast packets. PR1552815

  • The targeted-broadcast feature might send out duplicate packets. PR1553070

  • Traffic might be dropped when a firewall filter rule uses then vlan as the action. PR1556198

  • On EX4300 switches, script fails while committing the IPSec authentication configuration as the algorithm statement is missing. PR1557216

  • The tunable optics SFP+-10G-T-DWDM-ZR does not work on EX devices. PR1561181

  • On EX3400 Virtual Chassis, SMARTD pollutes syslog every 5 secs after upgrade or system reboot. PR1562396

  • On EX3400VC switches, the DAEMON-7-PVIDB throws syslog messages for every 12 to 14 minutes after you upgrade. PR1563192

  • On EX4650 switches, storm control with IRB interface might not work correctly. PR1564020

  • The Last flapped timestamp for interface fxp0 gets reset every time when monitor traffic interface fxp0 is executed. PR1564323

  • The following internal comment is displayed: Placeholder for QFX platform configuration. PR1567037

  • On all EX9200 switches with EVPN-VXLAN configured, the next hop memory leak in MX Series ASIC happens whenever there is a route churn for remote MAC-IP entries learned bound to the IRB interface in the EVPN-VXLAN routing instance. When the ASIC's next hop memory partition exhausted, the FPC might reboot. PR1571439

  • DHCP packets with source IP as link-local address are dropped on EX4300 switches. PR1576022

Routing Protocols

  • DCPFE crash might be observed while updating VRF for multicast routes during IRB uninit. PR1546745

  • Sending multicast traffic to downstream receiver on MX Series-based Virtual Chassis platforms might fail. PR1555518

Virtual Chassis

  • On EX4600 and EX4300 mixed Virtual Chassis : Error message ex_bcm_pic_eth_uint8_set is seen when changing configuration related to interface. PR1573173

Resolved Issues: 20.1R2

Authentication and Access Control

  • The authd process might have memory leak in 802.1x scenario with the RADIUS authentication. PR1503117

  • On the EX2300-48MP device, the client does not receive the captive-portal success page by downloading the ACL parameter, because of the authentication failure issue. PR1504818

  • The DOT1XD_AUTH_SESSION_DELETED event is not triggered with a single supplicant mode. PR1512724

  • The 802.1x client does not go to the Held state when the authenticated P-VLAN is deleted. PR1516341

EVPN

  • The ESI of IRB interfaces does not get updated after the autonomous-system number changes if the interface is down. PR1482790

  • The l2ald memory leakage might be observed in any EVPN scenario. PR1498023

  • The VXLAN function might be broken due to a timing issue. PR1502357

  • Unable to create a new VTEP interface. PR1520078

General Routing

  • The Virtual Chassis splits after the network topology changes. PR1427075

  • The MAC pause frames keep incrementing in the receive direction if half-duplex mode on 10-Mbps or 100-Mbps speed is configured. PR1452209

  • The FPC process might get disconnected from the EX3400 Virtual Chassis briefly after rebooting or upgrading. PR1467707

  • On the EX4600 device, traffic loss might be seen with framing errors or runts if MACsec is configured. PR1469663

  • On the EX4600 device, the DSCP marking might not work as expected if the fixed classifiers are applied to interfaces. PR1472771

  • ERP might not come up properly when MSTP and ERP are enabled on the same interface. PR1473610

  • On the EX4300 device, the output of the show security macsec statisitics command displays high values incorrectly. PR1476719

  • On the EX2300 device, the SNMP traps are not generated when the MAC addresses limit threshold is reached. PR1482709

  • Incorrect frame length of 132 bytes might be captured in the packet header. PR1487876

  • DHCP binding might fail when the P-VLAN is configured with a firewall to block or allow certain IPv4 packets. PR1490689

  • On the EX2300 device, high CPU load due to the receipt of specific multicast packets on Layer 2 interface is observed. PR1491905

  • On the EX4300 device, traffic loss might be observed in a mixed Virtual Chassis setup. PR1493258

  • On the EX4650 device, traffic loss might be seen in an MC-LAG scenario. PR1494507

  • The authentication session might be terminated if the PEAP request is retransmitted by an authenticator. PR1494712

  • The fxpc process might crash when renumbering the primary member ID value of the EX2300 or EX3400 Virtual Chassis. PR1497523

  • Outbound SSH connection flap or memory leak issue might be observed during a push configuration to an ephemeral database with a high rate. PR1497575

  • Traffic might get dropped if the aggregated Ethernet member interface is deleted or added, or an SFP transceiver of the aggregated Ethernet member interface is unplugged or plugin. PR1497993

  • In some cases, if we have an OSPF session on the IRB over LAG interface with a 40-Gigabit Ethernet port as member, the session gets stuck at restart. PR1498903

  • On the EX4300, EX3400, and EX2300 Virtual Chassis with NSB and xSTP enabled, continuous traffic loss might be observed while performing GRES. PR1500783

  • The mge interface might still stay up while the far end of the link goes down. PR1502467

  • LLDP is not acquired when the native VLAN ID and the tagged VLAN ID are the same on a port. PR1504354

  • The isolated VLAN from RADIUS is not deleted when the interface flaps. PR1506427

  • The output VLAN push might not work. PR1510629

  • LLDP might not work when P-VLAN is configured. PR1511073

  • On the EX4300 device, LACP goes down after a Routing Engine switchover if MACsec is enabled on the LAG members. PR1513319

  • The 100-Mbps SFP-FX transceiver is not supported on a satellite device in the Junos fusion setup. PR1514146

  • 802.1x memory leak is observed. PR1515972

  • The dcpfe process might crash due to memory leak. PR1517030

  • MPPE-Send or Recv-key attribute is not extracted correctly by dot1xd. PR1522469

  • Drops and dropped packets counters in the output value of the show interface extensive command are counted twice. PR1525373

  • On the EX2300 device, the following PoE message is observed: poe_get_dev_class: Failed to get PD class info. PR1536408

  • Traffic impact might be observed on the EVPN-VXLAN scenario due to ARP reply not working properly with native-vlan-id configured. PR1483167

  • IRB MAC does not get programmed in hardware when the MAC persistence timer expires. PR1484440

  • BIND does not sufficiently limit the number of fetches during the referrals processing. PR1512212

  • Memory leakage is observed while processing specific DHCP packets. PR1514145

  • On the EX4300-MP router, ARP learning issue might be observed when configuring the Layer 3 gateway interfaces. PR1514729

High Availability (HA) and Resiliency

  • Kernel generates core file on the backup Routing Engine causing traffic drop if multicast-MAC is configured on the IRB interface. PR1467847

Infrastructure

  • On the EX2300 and EX3400 devices, the kernel might generate core files when deactivating the daemon. PR1483644

  • The fxpc might crash when configuring scaled configuration with 4093 VLANs. PR1493121

  • On the EX4600 device, the IP communication between directly connected interfaces might fail. PR1515689

  • DUT did not receive the LLDP packet from phone. PR1538482

  • On the EX4600 and EX4300 Virtual Chassis or Virtual Chassis Fabric, the VSTP configurations device goes unreachable and becomes nonresponsive after commit. PR1520351

Interfaces and Chassis

  • The following syslog message is observed after MX-VC local or global switchover: scchassisd[ ]: CHASSISD_IPC_WRITE_ERR_NULL_ARGS: FRU has no connection arguments fru_send_msg Global FPC x. PR1428254

  • The MC-LAG configuration-consistency ICL-configuration might fail after committing some changes. PR1459201

  • A stale IP address might be seen after a specific order of configuration changes in the logical-systems scenario. PR1477084

  • Traffic might get dropped as the next hop points to the ICL even though the local MC-LAG is up. PR1486919

Junos Fusion Enterprise

  • The following error message is observed with duplicate ECID values for cluster or extended ports on member ports of the same cluster: jnh_dot1br_ktree_entry_create(1098): Entry Already Exists . PR1408947

  • The SDPD generates core files at vfpc_all_eports_deletion_complete vfpc_dampen_fpc_timer_expiry. PR1454335

Junos Fusion Satellite Software

  • On the EX4300 device, the temperature sensor alarm is seen. PR1466324

Layer 2 Ethernet Services

  • Issues with the DHCPv6 relay processing confirm and reply packets are observed. PR1496220

  • Default-route might not be added to the Juniper OS device configured as the DHCPv4 client device. PR1504931

Layer 2 Features

  • The third VLAN tag does not get pushed onto the stack. Instead, it gets swapped. PR1469149

  • Traffic imbalance might be observed if hash-params is not configured. PR1514793

  • The MAC address in the hardware table might become out of synchronization between the primary devices and the member devices in the Virtual Chassis after the MAC flaps. PR1521324

  • The dcpfe or the FPC process might crash due to the memory leakage during the VLAN addition or deletion operation. PR1505239

MPLS

  • BGP session flaps between two directly connected BGP peers because of the wrong TCP-MSS in use. PR1493431

Platform and Infrastructure

  • MAC learning under bridge-domain stops after the MC-LAG interface flaps. PR1488251

  • The traffic destined to VRRP VIP might be dropped after the IRB interface is disabled on the initial VRRP primary device. PR1491348

  • IPv6 neighbor solicitation packets might be dropped in a transit device. PR1493212

  • Packets get dropped when the next hop is an IRB-over-lt interface. PR1494594

  • On the EX4300 device, NSSU might fail due to a storage issue on the /var/tmp directory. PR1494963

  • On the EX4300 device, high CPU load due to receipt of specific IPv4 packets is observed. PR1495129

  • On the EX4300 device, traffic loss might be seen with framing errors or runts if MACsec is configured. PR1502726

  • On the EX4300 device, the redirected IP traffic is being duplicated. PR1518929

  • LLDP neighborship might not come up on EX4300 non-aggregated Ethernet interfaces. PR1538401

  • Memory leaks in the Packet Forwarding Engine due to the flapping of the 802.1X authenticator port interface. PR1480706

  • Trio-based MPC memory leaks when the IRB interface is mapped to a VPLS instance or a Bridge-Domain. PR1525226

  • On the EX4300-VC devices, the FBF functionality might be broken after rebooting the Virtual Chassis or on modifying the IRB configuration. PR1531838

Routing Protocols

  • The MUX state in the LACP interface does not go to the Collecting and Distributing states and remains in the Attached state after enabling the aggregated Ethernet interface. PR1484523

  • The FPC process goes to the NotPresent state after upgrading the Virtual Chassis or Virtual Chassis Fabric. PR1485612

  • The BGP route target family might prevent the route reflector from reflecting Layer 2 VPN and Layer 3 VPN routes. PR1492743

  • On the EX4300-MP and EX4600 devices, high CPU load due to receipt of specific Layer 2 frames in EVPN-VXLAN deployment. PR1495890

  • Firewall filter does not work in certain conditions under the Virtual Chassis setup. PR1497133

  • The rpd might report 100 percent CPU usage with BGP route damping enabled. PR1514635

  • Packet loss might be observed while verifying traffic from access to core network for IPv4 or IPv6 interfaces. PR1520059

  • The OSPFv3 adjacency should not be established when IPsec authentication is enabled. PR1525870

  • Packets drop might be observed when the multicast MAC with static ARP is configured on one IRB interface. PR1489374

User Interface and Configuration

  • On the EX2300 and EX3400 devices, installing J-Web application package might fail. PR1513612

  • J-Web does not display the correct flow-control status. PR1520246

Virtual Chassis

  • On the EX4650 device, the following error message is observed during booting: kldload: an error occurred while loading the module. PR1527170

Resolved Issues: 20.1R1

Authentication and Access Control

  • On EX4600 and EX4300 switches, MAC entry is missing in the Ethernet switching table for Mac-radius client in server fail scenario when tagged is sent for two client. PR1462479

Class of Service (CoS)

  • Shaping does not work after the reboot if shaping-rate is configured. PR1432078

  • The traffic is placed in network-control queue on an extended port even if it comes in with different DSCP marking. PR1433252

EVPN

  • The rpd might crash after the EVPN-related configuration is changed. PR1467309

Forwarding and Sampling

  • Type 1 ESI/AD route might not be generated locally on the EVPN PE device in the all-active mode. PR1464778

General Routing

  • The l2cpd process might crash and generate a core file when interfaces flap. PR1431355

  • MicroBFD flap is seen when a QSFP transceiver is inserted into other port. PR1435221

  • EX4600 Virtual Chassis does not come up after the Virtual Chassis port fiber connection is replaced with a DAC cable. PR1440062

  • MAC addresses learned on an RTG might not be aged out after a Virtual Chassis member reboots. PR1440574

  • Except one aggregated Ethernet member link, the other links do not send out sFlow sample packets for ingress traffic. PR1449568

  • On EX3400 switches with half-duplex mode on 10-Mbps or 100-Mbps speed at medium traffic egress, traffic flow might stop on the port and MAC pause frames will be incrementing in the receive direction. PR1452209

  • The l2ald and eventd processes are hogging 100 percent after the clear ethernet-switching table command is issued. PR1452738

  • A firewall filter might not be applied in a particular Virtual Chassis or Virtual Chassis Fabric member as TCAM is running out of space. PR1455177

  • Packet drop might be seen after removing and reinserting the SFP transceiver of the 40G uplink module ports. PR1456039

  • Link-up delay and traffic drop might be seen on mixed SP L2/L3 and EP L2 type configurations. PR1456336

  • The syslog timeout connecting to peer database-replication message is generated when the show version detail command is issued. PR1457284

  • Overtemperature SNMP trap messages appear after an update even though the temperature is within the system thresholds. PR1457456

  • The correct VoIP VLAN information in LLDP-MED packets might not be sent after commit if dynamic VoIP VLAN assignment is used. PR1458559

  • The FXPC process might crash due to several BGP IPv6 session flaps. PR1459759

  • On EX2300 and EX3400 switches, storage space limitation leads to image installation failure during phone home. PR1460087

  • MAC addresses learned on redundant trunk group (RTG) might not be aged out after the aging time if the source interface is configured as RTG. PR1461293

  • RTG link is down for nearly 20 seconds when the backup node is rebooting. PR1461554

  • Configuring any combination of VLANs and interfaces under VSTP/MSTP might cause the VSTP/MSTP-related configuration to fail. PR1463251

  • The Virtual Chassis function might be broken after an upgrade on EX2300 and EX3400 devices. PR1463635

  • A few command lines to disable MAC learning are not working. PR1464797

  • The jdhcpd might consume a high CPU and no further subscribers can be brought up if there are more than 4000 DHCP relay clients in the MAC move scenario. PR1465277

  • On EX2300 switches, an FXPC core file is seen after mastership election based on the user's priority. PR1465526

  • The broadcast and multicast traffic might be dropped over an IRB or a LAG interface in a Virtual Chassis scenario. PR1466423

  • The MAC move message might have an incorrect from interface when MAC moves rapidly. PR1467459

  • Optics measurements might not be streamed for interfaces of a PIC over JTI. PR1468435

  • SSH session closes while you check the show configuration | display set command for both local and non-local users. PR1470695

  • EX3400 switch is advertising only 100 Mbps when a speed of 100 Mbps is configured with autonegotiation enabled. PR1471931

  • On EX4600 switches, the shaping of CoS does not work after reboot. PR1472223

  • On EX3400 switches, CoS 802.1p bits rewrite might not happen in Q-in-Q mode. PR1472350

  • The RIPv2 packets forwarded across a Layer 2 circuit connection might be dropped. PR1473685

  • The dhcpd process might crash in a Junos fusion environment. PR1478375

  • MX Series with MPCs/MICs based line-card might crash when there is a bulk route update failure in a corner case. PR1478392

  • TFTP installation from loader prompt might not succeed on EX Series devices. PR1480348

  • In an EVPN-VXLAN scenario, ARP request packets for an unknown host might be dropped in remote PE device. PR1480776

Infrastructure

  • EX2300 switches might stop forwarding traffic or responding to the console. PR1442376

  • On EX4300 switches, the CLI configuration set chassis routing-engine on-disk-failure disk-failure-action (reboot | halt) is not supported. PR1450093

  • EX Series switches might not come up properly after reboot. PR1454950

  • On EX4600 and EX4300 Virtual Chassis, error messages related to soft reset of port due to queue buffers being stuck could be seen. PR1462106

  • Traffic is dropped on an EX4300-48MP device acting as a leaf device in a Layer 2 IP fabric EVPN-VXLAN environment. PR1463318

  • EX3400 switches might reboot because of lack of watchdog patting. PR1469400

  • In an EX2300 Virtual Chassis scenario, continuous dcpfe error messages and eventd process hog might be seen. PR1474808

Interfaces and Chassis

  • VRRPv6 state is flapping with init and idle states after configuring vlan-tagging. PR1445370

  • Traffic might be forwarded to incorrect interfaces in an MC-LAG scenario. PR1465077

  • Executing commit might become unresponsive due to stuck device control process. PR1470622

Junos Fusion Enterprise

  • Loop detection might not work on extended ports in Junos fusion scenarios. PR1460209

Junos Fusion Satellite Software

  • In Junos fusion for enterprise, the dpd crash might be observed on satellite devices running SNOS. PR1460607

Layer 2 Features

  • MAC or ARP learning might not work for copper base SFP-T transceivers on EX4600 switches. PR1437577

  • The Link Layer Discovery Protocol (LLDP) function might fail when a Juniper device connects to a non-Juniper device. PR1462171

  • After rebooting, an FXPC core file might be seen when committing the configuration. PR1467763

  • Traffic might be affected if composite next-hop is enabled. PR1474142

Layer 2 Ethernet Services

  • Member links state might be asynchronized on a connection between PE and CE devices in an EVPN A/A scenario. PR1463791

Platform and Infrastructure

  • NSSU causes traffic loss again after the backup to master transitions. PR1448607

  • In a Virtual Chassis scenario, the IRB traffic might get dropped after master switchover. PR1453025

  • The OSPF neighbor might go down when mDNS/PTP traffic is received at a rate higher than 1400 pps. PR1459210

  • ERP might not revert to IDLE state after reload or reboot of multiple switches. PR1461434

  • On EX4300 Virtual Chassis, traffic loss might be observed longer than 20 seconds when performing NSSU. PR1461983

  • On EX2300 and EX3400 switches, the upgrade might fail as there is not enough space. PR1464808

  • On EX4300 switches, IGMP reports are dropped when mixed enterprise and service provider configuration styles are used. PR1466075

  • On EX4300 switches, an input firewall filter attached to isolated or community VLANs fails to match dot1p bits on the VLAN header. PR1478240

  • Virtual Chassis VRRP peer drops packets destined to the VRRP VIP after IRB is disabled. PR1491348

Routing Protocols

  • Host-destined packets with the filter log action might not reach the Routing Engine if log or syslog is enabled. PR1379718

  • On EX9208 platforms, BGP IPv4 or IPv6 convergence and RIB install or delete time are degraded in Junos OS Releases 19.1R1, 19.2R1, 19.3R1, and 19.4R1. PR1414121

  • The other querier present interval timer cannot be changed in an IGMP/MLD snooping scenario. PR1461590

User Interface and Configuration

  • Problem with access to J-Web after updating from Junos OS Release 18.2R2 to Release 18.2R3. PR1454150

  • Error message umount: unmount of /.mount/var/val/chroot/packages/mnt/jweb-ex32-d2cf6f6b failed: Device busy is seen when Junos OS is upgraded with the validate option. PR1478291

Documentation Updates

This section lists the errata and changes in Junos OS Release 20.1R3 documentation for the EX Series.

Dynamic Host Configuration Protocol (DHCP)

  • Introducing DHCP User Guide—Starting in Junos OS Release 20.1R1, we are introducing the DHCP User Guide for Junos OS routing, switching, and security platforms. This guide provides basic configuration details for your Junos OS device as DHCP Server, DHCP client, and DHCP relay agent.

    [See DHCP User Guide.]

Migration, Upgrade, and Downgrade Instructions

This section contains the upgrade and downgrade support policy for Junos OS for the EX Series. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network. For information about software installation and upgrade, see the Installation and Upgrade Guide.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2, and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.

You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see https://support.juniper.net/support/eol/software/junos/.