Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for the QFX Series

 

These release notes accompany Junos OS Release 20.1R2 for the QFX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

What's New

Learn about new features introduced in the Junos OS main and maintenance releases for QFX Series switches.

Note

The following QFX Series platforms are supported in Release 20.1R2: QFX5100, QFX5110 (32Q and 48S), QFX5120, QFX5200, QFX5200-32CD, QFX5210, QFX10002, QFX10002-60C, QFX10008, and QFX10016.

Junos on White Box runs on Accton Edgecore AS7816-64X switches in this release. The software is based on Junos OS running on QFX5210 switches, so release-note items that apply to QFX5210 switches also apply to Junos on White Box.

What's New in Release 20.1R2

There are no new features or enhancements to existing features for QFX Series in Junos OS Release 20.1R2.

What's New in Release 20.1R1

EVPN

  • Routing traffic between a VXLAN and a Layer 3 logical interface (EX4650 and QFX5120)—Starting in Junos OS Release 20.1R1, EX4650 and QFX5120 switches support the routing of traffic between a Virtual Extensible LAN (VXLAN) and a Layer 3 logical interface. This feature is enabled by default, so you do not need to take any action to enable it.

    Note

    By default, this feature is disabled on QFX5110 switches. To enable the feature on QFX5110 switches, you must perform the configuration described in Understanding How to Configure VXLANs and Layer 3 Logical Interfaces to Interoperate.

    (You can configure the Layer 3 logical interface using the set interfaces interface-name unit logical-unit-number family inet address ip-address/prefix-length or the set interfaces interface-name unit logical-unit-number family inet6 address ipv6-address/prefix-length command.)

High Availability (HA) and Resiliency

  • Inline keepalive packet support for BFD (QFX5110, QFX5120, QFX5200, and QFX5210)—Starting in Junos OS Release 20.1R1, multihop BFD inline keepalive support enables scaling up to 10 inline BFD sessions with 150-millisecond support on both multihop BFD sessions as well as single-hop inline sessions. Multihop BFD session intervals can also be configured to less than 1-second granularity. This enables both faster detection of link failures and recovery. The switch will also send keepalive messages according to the configured interval.

    Note

    This feature only applies for IPv4 multihop BFD sessions and standalone BFD sessions. This feature is not supported for micro BFD implementation.

    [See Understanding Bidirectional Forwarding Detection (BFD).]

Interfaces and Chassis

  • Support for static link protection on aggregated interfaces (EX4650, QFX5120-32C, and QFX5120-48Y)—Starting in Junos OS Release 20.1R1, you can enable link protection on aggregated interfaces for a specified static label-switched path (LSP). You can designate a primary and a backup physical link to support link protection. Egress traffic passes only through the designated primary link. This traffic includes transit traffic and locally generated traffic on the router. When the primary link fails, traffic is routed through the backup link.

    [See link-protection.]

  • Support for new show | display set CLI commands (ACX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.1R1, the following new show commands have been introduced:

    • show | display set explicit—Display explicitly, as a series of commands, all the configurations that the system internally creates when you configure certain statements from the top level of the hierarchy.

    • show | display set relative explicit—Display explicitly, as a series of commands, all the configurations that the system internally creates when you configure certain statements from the current hierarchy level.

    [See show | display set and show | display set relative.]

Junos OS XML, API, and Scripting

  • The jcs:load-configuration template supports loading the rescue configuration (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.1R1, the jcs:load-configuration template supports the rescue parameter to load and commit the rescue configuration on a device. SLAX and XSLT scripts can call the jcs:load-configuration template with the rescue parameter set to "rescue" to replace the active configuration with the rescue configuration.

    [See Changing the Configuration Using SLAX and XSLT Scripts and jcs:load-configuration Template.]

Junos Telemetry Interface

  • gRPC Dial-Out support on JTI (ACX Series, MX Series, PTX Series, and QFX Series)—Junos OS Release 20.1R1 provides remote procedure call (gRPC) dial-out support for telemetry. In this method, the target device (server) initiates a gRPC session with the collector (client) and, when the session is established, streams the telemetry data that is specified by the sensor-group subscription to the collector. This is in contrast to the gRPC network management interface (gNMI) dial-in method, in which the collector initiates a connection to the target device.

    gRPC dial-out provides several benefits as compared to gRPC dial-in, including simplifying access to the target advice and reducing the exposure of target devices to threats outside of their topology.

    To enable export of statistics, include the export-profile and sensor statements at the [edit services analytics] hierarchy level. The export profile must include the reporting rate, the transport service (for example, gRPC), and the format (for example, gbp-gnmi). The sensor configuration should include the name of the collector (the server’s name), the name of the export profile, and the resource path. An example of a resource path is /interfaces/interface[name='fxp0'.

    [See Using gRPC Dial-Out for Secure Telemetry Collection.]

  • gRPC version v1.18.0 with JTI (ACX Series, MX Series, PTX Series, and QFX Series)—Junos OS Release 20.1R1 includes support for remote procedure call (gRPC) services version v1.18.0 with Junos telemetry interface (JTI). This version includes important enhancements for gRPC. In earlier releases, JTI is supported with gRPC version v1.3.0.

    Use gRPC in combination with JTI to stream statistics at configurable intervals from a device to an outside collector.

    [See gRPC Services for Junos Telemetry Interface.]

Multicast

  • PIM with IPv6 multicast traffic (EX4650 and QFX5120-48Y)—Starting in Junos OS Release 20.1R1, EX4650 and QFX5120-48Y switches support Protocol Independent Multicast (PIM) with IPv6 multicast traffic as follows:

    • PIM sparse mode (PIM-SM), PIM dense mode (PIM-DM), and PIM sparse-dense mode (PIM-SDM)

    • PIM any-source multicast (PIM-ASM) and PIM source-specific multicast (PIM-SSM)

    • Static, embedded, and anycast rendezvous points (RPs)

    [See PIM Overview.]

Routing Policy and Firewall Filters

  • Support for flexible-match-mask match condition (EX4650 and QFX-Series)—Starting with Junos OS Release 20.1R1, for EX4650, QFX5120-32C, and QFX5120-48Y switches, the flexible-match-mask match condition in firewall filters is supported for the inet, inet6, and ethernet-switching families. With this feature, you can configure a filter by specifying the length of the match (4 bytes maximum) starting from a Layer 2 or Layer 3 packet offset.

    [See Firewall Filter Flexible Match Conditions.]

Routing Protocols

  • Redistribution of IPv4 routes with IPv6 next hop into BGP (QFX Series)—Starting in Release 20.1R1, devices running Junos OS can forward IPv4 traffic over an IPv6-only network, which generally cannot forward IPv4 traffic. As described in RFC 5549, IPv4 traffic is tunneled from CPE devices to IPv4-over-IPv6 gateways. These gateways are announced to CPE devices through anycast addresses. The gateway devices then create dynamic IPv4-over-IPv6 tunnels to remote CPE devices and advertise IPv4 aggregate routes to steer traffic. Route reflectors with programmable interfaces inject the tunnel information into the network. The route reflectors are connected through IBGP to gateway routers, which advertise the IPv4 addresses of host routes with IPv6 addresses as the next hop.

    To configure a dynamic IPv4-over-IPv6 tunnel, include the dynamic-tunnels statement at the [edit routing-options] hierarchy level.

    [See Understanding Redistribution of IPv4 Routes with IPv6 Next Hop into BGP.]

Software Defined Networking

  • VMware NSX Data Center for vSphere 6.4.5 and 6.4.6 certification (QFX5100 Virtual Chassis)—Starting with Junos OS Release 20.1R1, Juniper Networks certifies QFX5100 Virtual Chassis as a hardware Virtual Extensible LAN (VXLAN) gateway in an Open vSwitch Database (OVSDB) and VXLAN network with a VMware NSX Data Center for vSphere 6.4.5 or 6.4.6 controller.

    [See OVSDB-VXLAN User Guide for QFX Series Switches (VMware NSX).]

Storage and Fibre Channel

  • FIP snooping (EX4650-48Y and QFX5120-48Y)—Starting in Junos OS Release 20.1R1, EX4650-48Y and QFX5120-48Y switches support Fibre Channel over Ethernet (FCoE) Initialization Protocol (FIP) snooping. With FIP snooping enabled on these switches, you prevent unauthorized access and data transmission to a Fibre Channel (FC) network by permitting only those servers that have logged in to the FC network to access the network. You enable FIP snooping on FCoE VLANs when the switch is being used as an FCoE transit switch that connects FC initiators (servers) on the Ethernet network to FCoE forwarders at the FC storage area network (SAN) edge.

    [See Understanding FCoE Transit Switch Functionality and Understanding VN_Port to VN_Port FIP Snooping on an FCoE Transit Switch.]

System Management

  • Support for the Precision Time Protocol (PTP) AES67, SMPTE ST-2059-2, and AES67+SMPTE profiles (QFX10002 )—Starting in Junos OS Release 20.1R1, you can enable the AES67, SMPTE ST-2059-2, and AES67+SMPTE profiles to support video applications for capture (for example, cameras), video edit, and playback to be used in professional broadcast environments. The PTP standard allows multiple video sources to stay in synchronization across various equipment by providing time and frequency synchronization to all devices. These profile support PTP over IPv4 multicast and ordinary and boundary clocks.

    To configure the AES67, SMPTE ST-2059-2, and AES67+SMPTE profiles, enable one of the aes67, smpte, or aes67-smpte statements at the [edit protocols ptp profile-type] hierarchy level.

    [See Understanding the PTP Media Profiles.]

  • Restrict option under NTP configuration is now visible (ACX Series, QFX Series, MX Series, PTX Series, and SRX Series)—Starting in Junos OS Release 20.1R1, the noquery command under the restrict hierarchy is now available and can be configured with a mask address. The noquery command is used to restrict ntpq and ntpdc queries coming from hosts and subnets.

    [See Configuring NTP Access Restrictions for a Specific Address.]

What's Changed

Learn about what changed in Junos OS main and maintenance releases for QFX Series.

What’s Changed in 20.1R2

Interfaces and Chassis

  • Autonegotiation status displayed correctly (QFX5120-48Y)—In Junos OS Release 20.1R2, the show interfaces interface-name <media> <extensive> command displays the autonegotiation status only for the interface that supports autonegotiation. This is applicable when the switch operates at 1-Gbps speed.

    In the earlier Junos OS releases, incorrect autonegotiation status was displayed even when autonegotiation was disabled.

High Availability (HA) and Resiliency

  • IPv6 address in the prefix TIEs displayed correctly—The IPv6 address in the prefix TIEs are displayed correctly in the show rift tie output.

  • Install or activate the RIFT package to include the request rift package activate-as-top-of-fabric option—Install or activate the RIFT package to include the request rift package activate-as-top-of-fabric option. This option is same as the activate option but it adds additional configuration to act as a top-of-fabric node.

Platform and Infrastructure

  • Control plane DDoS protection packet type option for ARP traffic (PTX Series and QFX Series)— Starting in this release, we've renamed the arp-snoop packet type option in the edit system ddos-protection protocols arp protocol group to arp. This packet type option enables you to change the default control plane distributed denial-of-service (DDoS) protection policer parameters for ARP traffic.

    See protocols (DDoS) (PTX Series and QFX Series) protocols (DDoS) (PTX Series and QFX Series).

  • Priority-based flow control (PFC) support (QFX5120-32C)—Starting with Junos OS Release 20.1R2, QFX5120-32C switches support PFC using Differentiated Services code points (DSCP) at Layer 3 for untagged traffic.

Routing Protocols

  • IGMP snooping in EVPN-VXLAN multihoming environments (QFX5110)—In an EVPN-VXLAN multihoming environment on QFX5110 switches, you can now selectively enable IGMP snooping only on those VLANs that might have interested listeners. In earlier releases, you must enable IGMP snooping on all VLANs associated with any configured VXLANs because all the VXLANs share VXLAN tunnel endpoints (VTEPs) between the same multihoming peers and require the same settings. This is no longer a configuration limitation.

What’s Changed in 20.1R1

Class of Service (CoS)

  • We’ve corrected the output of the show class-of-service interface | display xml command. The output is of the following sort: <container> <leaf-1> data </leaf-1><leaf-2>data </leaf-2> <leaf-3> data</leaf-3> <leaf-1> data </leaf-1> <leaf-2> data </leaf-2> <leaf-3> data </leaf-3> </container> will now appear correctly as <container> <leaf-1> data </leaf-1><leaf-2>data </leaf-2> <leaf-3> data</leaf-3></container> <container> <leaf-1> data </leaf-1> <leaf-2> data </leaf-2> <leaf-3> data </leaf-3> </container>.

Interfaces and Chassis

  • Commit error thrown when GRE interface and tunnel source interface are configured in different routing instances (QFX Series)—In Junos OS Release 20.1R1, QFX Series switches do not support configuring the GRE interface and the underlying tunnel source interface in two different routing instances. If you try this configuration, it will result in a commit error with the following error message:

    error: GRE interface (gr-0/0/0.0) and its underlying tunnel source interface are in different routing-instances

    error: configuration check-out failed

    [See Understanding Generic Routing Encapsulation.]

  • Support for 100-Mbps speed using QFX-SFP-1GE-T on QFX5110-48S Switches—Starting in Junos OS release 20.1R1, in addition to 1-Gbps, 10-Gbps, 40-Gbps, 100-Gbps speeds, now you can configure 100-Mbps speed using the set interfaces interface-name speed 100M command. By default, all 48 ports on QFX5110-48S come up with 10-Gbps speed. With QFX-SFP-1GE-T connected, along with 1-Gbps speed, now you can also configure 100-Mpbs on QFX5110-48S switches.

    [See Speed (Ethernet)].

Multicast

  • Multicast Layer 2 transit traffic statistics by multicast source and group (EX4600, EX4650, and the QFX5000 line of switches)—Starting in Junos OS Release 20.1R1, EX4600, EX4650, and the QFX5000 line of switches provide statistics on the packet count for each multicast group and source when passing multicast transit traffic at Layer 2 with IGMP snooping. Run the show multicast snooping route extensive CLI command to see this count in the Statistics: … n packets output field. The other statistics in that output field, kBps and pps, are not available (values displayed there are not valid statistics for multicast traffic at Layer 2). In earlier Junos OS releases, all three values in the Statistics output field for kBps, pps, and packets do not provide valid statistics for multicast traffic at Layer 2.

    [See show multicast snooping route.]

Network Management and Monitoring

  • entPhysicalTable fetched on QFX10002—In Junos OS Release 20.1R1, the MIB data for entPhysicalTable will be fetched on a QFX10002-72Q or QFX10002-36Q switch.

    [See SNMP Explorer.]

Routing Protocol

  • Automatic installation of YANG-based CLI for RIFT protocol (MX Series, QFX Series, and vMX with 64-bit and x86-based servers)—In Rift 1.2 Release, installation of the CLI for RIFT protocol occurs automatically along with the installation of the junos-rift package. In the pre-1.0 releases of the junos-rift package, the RIFT CLI had to be installed separately using request system yang command after installation of the junos-rift package.–

Known Limitations

Learn about known limitations in Junos OS Release 20.1R2 for QFX Series. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Class of Service (CoS)

  • On QFX5100 and EX4600 platforms, due to a major third-party SDK upgrade in Junos OS Release 20.1R1 (from SDK 6.3.7 to 6.5.16), ISSU is not supported from any earlier releases to Junos OS Release 20.1 (image : jinstall-qfx-5-*). PR1479439

EVPN

  • BUM traffic loop happens when a core interface is isolated in a short time period. The loop prevention feature does not work because the CE interface is not flapped with core interface isolation. The Routing Engine sets CE interface down after the BGP hold time has expired, and the Routing Engine sets the CE interface to up after the BGP session is established. The default BGP hold time is 90 seconds. It needs 90 seconds to flap the CE interface. The BUM traffic can be looped till the local bias filter is restored. PR1492784

Infrastructure

  • If Junos OS experiences a file system-related panic, such as 'dup alloc', recovery through the OAM shell might be needed. From the OAM shell, run 'fsck' on the root volume until it is marked clean. Only at this point is it safe to reboot to the normal volume. PR1444941

Layer 2 Ethernet Services

  • In an EVPN multihomed active-active scenario, when LACP is enabled on PE-CE child member links, the LACP force-up feature should not be enabled in conjunction with the EVPN core isolation feature (enabled by default) because it is currently not supported in this scenario as these two features are contradictory in terms of action they take. PR1461581

Layer 2 Features

  • On QFX5000 platforms, you might see the pools exhausted for Table:EGR_DVP_ATTRIBUTE error message when statistics requests exceeded the supported scale because of the limited pool resources used for statistics collection on the hardware. There is no functional impact except for the statistics collection for some hardware counters for which flex counter allocation failed for the time, the limit is exceeded. The statistics counters start functioning normally without manual change when the pool comes back to the normal limit. PR1479826

Platform and Infrastructure

  • Downgrade from a TVP image to a non-TVP image is not supported. However, upgrade from a non-TVP image to a TVP image is supported. PR1345848

  • The 100-Gigabit Ethernet interface goes down after you configure and delete the Ethernet loopback configuration. PR1353734

  • On the QFX10000 line of devices, if an analyzer is configured to mirror traffic of an input aggregated Ethernet interface and a new member is added to the same aggregated Ethernet interface, then the analyzer might not provide sample packets that flow through a newly added child interface. PR1417694

  • During software validation, Junos OS mounts the new image and validates the configuration against the new image. As QFX5000 and QFX10000 platforms are already mounting the maximum four disks during normal execution, Junos OS cannot mount the extra disk for this purpose. Thus QFX currently does not support configuration validation during upgrade on QFX5000, so the syntax error appears when the image installation is triggered with "validation". PR1421378

  • Due to additional hi-gig header, 100% throughput cannot be achieved when packets are forwarded through Virtual Chassis ports. For 64-byte packets, throughput is ~91% and for 1024-byte packets the throughput is ~99%. PR1453709

  • The interface with a new 10G SFP-T on an enable/disable has for a second displays media as Fiber instead of Copper. The present code has brought in 10G copper functionality and this is done without the capability addition to the XE physical interfaces. PR1467509

  • Under the set chassis nssu upgrade-group <xx> fpc configuration command if multiple FPCs are included; then the NSSU fails. The recommendation is to have a single FPC per upgrade group for all the FPCs in the VCF setup. This only affects VCF setup. PR1473624

  • Convergence delay for link-protected MPLS LSP is more than 50 ms. PR1478584

  • [evpn_vxlan] [evpn_instance] Observing 100% L2 MAC scaling traffic loss in QFX10002-60C platform after loading evpn-vxlan collapsed profile configurations. PR1489753

  • On QFX5100, NSSU from an older Junos OS release with QFX5100-VC SDK 6.3.x to a new Junos OS release with Broadcom SDK 6.5.x may not work. As a workaround, a normal upgrade from older release to the new release can be done. PR1496765

Open Issues

Learn about open issues in Junos OS Release 20.1R2 for QFX Series. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Class of Service (CoS)

  • When CPU Q cells (memory) are exhausted, even though the incoming packet rate is less than the allowed bandwidth, you observe DDoS violations. PR1381775

EVPN

  • Bum traffic loop happen when core interface is isolated in short time period. Loop prevention feature does not work because CE interface is not flapped with core interface isolation. Routing Engine sets CE interface down after BGP hold time expired and Routing Engine sets CE interface to up after BGP session established. Default BGP hold time is 90 seconds. It needs 90 seconds to flap CE interface. Bum traffic can be looped till local bias filter is restored. PR1492784

High Availability (HA) and Resiliency

  • An issue was reported for a customer with a Flush Cache issue on the same platform. As it was root-caused to a reliable SSD Disk I/O change to be made for this platform, this caused the added delay observed in the reported issue. PR1511607

Interfaces and Chassis

  • Multicast traffic can be flooded for 15 to 20 seconds to both MC-LAG peers, after the following sequence of steps:

    1. Disable or enable ICL.

    2. Reboot one of MC-LAG peers.

    3. Disable or enable a member link of ICL. This results in no traffic loss, and one of the MC-LAG nodes processes duplicate packets during this time period. PR1422473

  • Flooding of ARP reply unicast packets is seen as a result of an ARP request sent for the device's VRRP MAC address. The ARP reply, which is flooded in the VLAN by the device, has the correct DMAC of the originator of the ARP request. In other words, the ARP reply is flooded but with the correct unicast DMAC. The ARP reply is not broadcast. It is independent of MC-LAG and VRRP scenarios. PR1454764

Layer 2 Ethernet Services

  • If forward-only is set within dhcp-reply in a Juniper Networks device as a DHCP relay agent, the DHCP DECLINE packets that are broadcasted from the DHCP client are dropped and not forwarded to the DHCP server. PR1429456

Layer 2 Features

  • In case of QFX5000 Virtual Chassis/VCF setups, when IGMP snooping is enabled, multicast traffic is forwarded based on IGMP joins/reports. But when the IGMP report times out, traffic should be dropped, instead it is flooded in the VLAN. This happens only in case of QFX5000 Virtual Chassis/VCF, this issue is not seen on stand-alone QFX5000. PR1431893

  • On QFX5000 platforms, you might see the pools exhausted for Table:EGR_DVP_ATTRIBUTE error message when statistics requests exceeded the supported scale because of the limited pool resources used for statistics collection on the hardware. There is no functional impact except for statistics collection for some hardware counters for which flex counter allocation failed for the time, the limit is exceeded. The statistics counters start functioning normally without manual change when the pool comes back to normal limit. PR1479826

  • On QFX5100 switches, FXPC CPU utilization is increased due to high number of active ports after third-party SDK upgrade to 6.5.x from 5.3.x. PR1480132

Platform and Infrastructure

  • On all platforms running Junos OS that support EVPN-MPLS/EVPN-VXLAN, when an existing ESI interface flaps or is added newly to the configuration, sometimes DF (Designated Forwarder) election happens before the local bias feature is enabled and during this time, existing BUM (Broadcast, Unknown unicast, Multicast) traffic might be looped for a short time duration (less than several seconds). PR1493650

  • Port LEDs on the QFX5100 do not work. If a device connects to a port on the QFX5100, the port LED stays unlit. PR1317750

  • QFX10000:Source MAC and TTL values are not updated for routed multicast packets in EVPN-VXLAN. PR1346894

  • QFX10000 platform drops the Aruba wireless access point (AP) heartbeat packets. As a result, the Aruba wireless AP cannot work. PR1352805

  • USB upgrade of NOS image is not supported. PR1373900

  • On Junos OS Release 18.4R1 branch, intermittent traffic loss is observed with RTG streams while flapping the RTG primary interface. PR1388082

  • On QFX5110 and QFX5120 platforms, either unicast RPF in strict mode or ICMP redirect does not work properly. PR1417546

  • On routers and switches running Junos OS, with Link Aggregation Control Protocol (LACP) enabled, deactivating a remote aggregated Ethernet (AE) member link makes the local member link move to LACP detached state and cause traffic drops on that member link. The same scenario occurs when a new member link is added where the other end of that link is not yet configured with LACP. PR1423707

  • When you restart the routing process, if the system is configured with EVPN service, memory of the Layer 2 learning daemon increases by 4000 when you use show system processes extensive | match l2ald. PR1435561

  • Unified ISSU is not supported on QFX5200 switches and fails from Junos OS Release 17.2X75-D43.2 to some target versions. Also, dcpfe crash might be seen. PR1438690

  • QFX5000 platforms support the port qualifier. This will install two entries in Packet Forwarding Engine, one with source-port and second one with destination-port with value as what is specified under the port stanza. PR1440980

  • On QFX10000 platforms, in an EVPN-VXLAN (spine-leaf) scenario, the QFX10000 spine switches are configured with the VXLAN Layer 3 gateway (utilizing the virtual gateway) on an IRB interface. If you enable and then subsequently remove the VXLAN Layer 3 gateway on this IRB interface on one or some of these spine switches, traffic drop might be observed. As a workaround, configure all virtual gateways with unique IPv4 or IPv6 MAC addresses. PR1446291

  • On QFX5000, triggering NSSU on a Virtual Chassis will print ISSU logs as NSSU uses the same state machine as ISSU. There is no functional impact due to this behavior. PR1451375

  • Whenever any member in a remote Switched Port Analyzer (RSPAN) VLAN is removed from that VLAN, you must reconfigure the analyzer session for that RSPAN VLAN. PR1452459

  • In overall commit time, the evaluation of mustd constraints is taking 2 seconds more than usual. This is because the persist-group-inheritance feature has been made a default feature in the latest Junos OS releases. Eventually, this feature helps improve the subsequent commit times for scaled configurations significantly. The persist-group-inheritance feature is useful in customer scenarios where groups and nested groups are used extensively. In those scenarios, the group inheritance paths are not built every time, thus subsequent commits are faster. Because issue is seen only with QFX Series platforms or other low end devices, we can release note commit time degradation behavior only for QFX platforms. PR1457939

  • The VXLAN VNI (multicast learning) scaling on QFX5110 traffic issue is seen from VXLAN tunnel to L2 interface. PR1462548

  • The output of the show chassis environment command can be seen from backup members as well. The issue is common to all QFX Series platforms. PR1474520

  • Interfaces are not detected on some of the ports when you swap the 25-gigabit SFP transceiver and insert a 10-gigabit transceiver. PR1475574

  • On QFX5220 platforms with Junos OS Evolved images, when the lo0 firewall filter (inet/inet6) is used, Layer 3 forwarding traffic might be discarded by the lo0 filter. PR1475620

  • LBCM-L2,pfe_shm_vrf_hw_token_map_add(),4987:MHOP pfe_shm_vrf_hw_token_map_add parameters are wrong error observed after loading baseconfig. PR1480149

  • Instead of disabling ptp0 port, you can delete the ptp0 interface to achieve the same result. PR1487505

  • The delete openconfig-routing-policy [prefix-set-name] CLI command did not work, and it failed with error OC Deletion did not work properly. PR1492561

  • On QFX5100, NSSU from an older Junos OS release with QFX5100-VC SDK 6.3.x to a new Junos OS release with Broadcom SDK 6.5.x may not work. As a workaround, normal upgrade from the older release to the new release can be done. PR1496765

  • Uusers cannot subscribe to any path that ends with "key". PR1553534

  • Domain and VLAN parameters are not as expected while verifying show dot1x interface detail. Expected VoIP but received Data. PR1553596

  • Disruptive switchover (no GRES or NSR configured) can lead to stale PPM (Periodic Packet Management) entries programmed on the new primary Routing Engine, if both GRES and NSR are activated after a disruptive switchover and then a GRES is performed, BFD sessions might flap continuously. PR1518106

  • On a device running Junos OS, in an EVPN scenario, if an interface is in transition status and an ARP request is received on the interface from a host, the device may send out re-arp toward the host, and the host responds to this re-arp and the Junos device sends another re-arp in response to this arp, reply from host. This goes on forever, causing a high rate of ARP packets until the interface comes up. This issue is also applicable to ND/NS in an IPv6 environment. PR1534796

Routing Protocols

  • DCPFE core-files after watchdog trigger caused by the failed MAC deletion notification. The following repeated messages before the core-dump can be an evidence of the problem: BRCM_SALM:brcm_salm_periodic_clear_pending(),125: Failed to delete Pendingentres for unit = 0, tgid = 1, err code = -9 . The fix is present in 17.3R4, 17.4R2, 18.1R3, 18.2R1, 17.3R2-S4, 17.3R3-S1, 15.1X53-D235 and later releases. PR1371092

  • On QFX5100 Virtual Chassis or Virtual Chassis Fabric, when the mini-PDT-base configuration is issued, the following error message is seen in the hardware: BRCM_NH-,brcm_nh_bdvlan_ucast_uninstall(), 128:l3 nh 6594 unintsall failed. There is no functionality impact because of this error message. PR1407175

  • On QFX10000 platforms, if multiple sub-interfaces of the same Aggregated Ethernet (AE) interface are belonged to different routing instances, and these sub-interfaces are configured with the same IP address and configured with separate BFD (Bidirectional Forwarding Detection) sessions, the remaining BFD sessions will flap continuously if one of these BFD sessions is deleted. PR1516556

Virtual Chassis

  • Error messages such as soc_mem_array_sbusdma_read. The ACX5000 SDK can raise false alarms for parity error messages such as soc_mem_array_sbusdma_read are seen. This is a false positive error message. PR1276970

  • On QFX5000 Virtual Chassis, DDoS violations on backup are not reported to the Routing Engine. PR1490552

Resolved Issues

Learn which issues were resolved in Junos OS main and maintenance releases for QFX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper online Junos Problem Report Search application.

Resolved Issues: 20.1R2

Class of Service (CoS)

  • PFC feature is not supported with QFX5120 Virtual Chassis due to chip limitation. PR1431895

  • Traffic might be forwarded to the incorrect queue when a fixed classifier is used. PR1510365

EVPN

  • The ESI of IRB interfaces does not update after autonomous-system number change if the interface is down. PR1482790

  • The l2ald memory leakage might be observed in any EVPN scenario. PR1498023

  • In the EVPN-VXLAN scenario, the l2ald process might crash in a rare condition. PR1501117

  • The VXLAN function might be broken due to a timing issue. PR1502357

  • Unable to create a new VTEP interface. PR1520078

  • ARP table might not be updated in a race condition after performing VMotion or a network loop. PR1521526

Interfaces and Chassis

  • The MC-LAG configuration-consistency ICL configuration might fail after committing some changes. PR1459201

  • Traffic might get dropped as the next hop points to ICL even though the local MC-LAG is up. PR1486919

  • MC-LAG consistency check fails if multiple IRB units are configured with same VRRP group. PR1488681

  • Error message does not get generated while verifying the GRE limitation. PR1495543

  • The dcpfe might crash when the ICL is disabled and then enabled. PR1525234

Layer 2 Ethernet Services

  • Issues with the DHCPv6 relay processing confirm and reply packets are observed. PR1496220

  • The MC-LAG might be down after disabling and then enabling the force-up configuration. PR1500758

  • The aggregated Ethernet interface sometimes might not come up after the switch is rebooted. PR1505523

Layer 2 Features

  • On the QFX5120 switches, the MAC learning might not work correctly. PR1441186

  • On the QFX5120 switches, the third VLAN tag does not get pushed onto the stack. Instead, it gets swapped. PR1469149

  • On the QFX5200 switches, the MAC learning rate is degraded by 88 percent. PR1494072

  • Flow control is enabled in Packet Forwarding Engine irrespective of interface configuration and the fix causes a very small amount of packet loss when a parameter related to an interface such as "interface description" on any port is changed. PR1496766

  • On the QFX5000 switches, traffic imbalance might be observed if hash-params is not configured. PR1514793

  • The MAC address in the hardware table might become out of synchronization between the primary and member in Virtual Chassis after the MAC flaps. PR1521324

MPLS

  • BGP session flaps between two directly connected BGP peers because of the wrong TCP-MSS in use. PR1493431

Platform and Infrastructure

  • Traceroute monitor with MTR version v.69 shows a false 10 percent loss. PR1493824

  • The following error message is generated while booting: CMQFX: Error requesting SET BOOLEAN, illegal setting 66. PR1385954

  • The RIB installation or deletion time consumption is reduced. PR1421250

  • SFP-LX10 stays down until autonegotiation is disabled. PR1423201

  • The default logical interface on the channelized physical interface might not get created after ISSU or ISSR. PR1439358

  • The PMTUD might not work for both IPv4 and IPv6 if the ingress Layer 3 interface is an IRB interface. PR1442587

  • Members might stay disconnected from the QFX5120-32C/QFX5120-48T Virtual Chassis after a full-stack reboot. PR1453399

  • Changing the VLAN name associated with the access ports might prevent the MAC addresses from being learned in the EVPN-VXLAN scenario. PR1454095

  • On the QFX5000 line of switches, the dcpfe process crashes due to the usage of data that is not null getting terminated. PR1454527

  • QFX5110 switch, the interface on QSFP-100GBASE-SR4 switch (made by Avago) cannot link up. PR1457266

  • On the QFX5100 switches, the interface output counter is double-counted for self-generated traffic. PR1462748

  • On the PTX10000 routers, FPCs might restart during runtime. PR1464119

  • On the EX4600 device, traffic loss might be seen with framing errors or runts if MACsec is configured. PR1469663

  • On the EX4600 device, DSCP marking might not work as expected if the fixed classifiers are applied to interfaces. PR1472771

  • ERP might not come up properly when MSTP and ERP are enabled on the same interface. PR1473610

  • On the QFX5000 line of switches, the Layer 2 circuit might fail to communicate through VLAN 2. PR1474935

  • The system might stop new MAC learning and impact the Layer 2 traffic forwarding. PR1475005

  • sFlow does not work correctly if the received traffic goes out of more than one interface. PR1475082

  • FPC major error is observed after the system boots up or the FPC restarts. PR1475851

  • On the QFX10002-36Q/72Q switches, the following continuous error messages are logged on the device on getting adoption valid bit[8] asserted: prds_ptc_wait_adoption_status: PECHIP[1] PTC[1]: timeout. PR1477192

  • Egress port mirroring might not work when the analyzer port and mirrored port belong to a different FPC. PR1477956

  • SNMP Index in Packet Forwarding Engine reports as 0, causing SFLOW to report either IIF or OIF (not both) as 0 in sflow record data at collector. PR1484322

  • VLAN creation failure might be observed with the scaled VLAN and Layer 3 configuration. PR1484964

  • The dcpfe process might generate core files with the non-oversubscribed mode after SDK upgrade. PR1485854

  • The 10GbE VCP ports will not be active in the QFX51XX and EX46XX Virtual Chassis scenario. PR1486002

  • On the QFX5120 Virtual Chassis, the output of the show chassis alarm command displays incorrect PEM status after multiple GRES events. PR1486736

  • QFX5100: If more than one UDF filter/term is configured, then only the first filter/term will be programmed in hardware. This is due to SDK 6.5.16 upgrade. PR1487679

  • The queue statistics are not as expected after configuring the physical interface and logical interface shaping with the transmit rate and scheduler map. PR1488935

  • After ISSU or ISSR, a port using SR4 or LR4 optics might not come up. PR1490799

  • BFD sessions start to flap when the firewall filter in loopback0 is changed. PR1491575

  • Junos OS: High CPU load due to receipt of specific multicast packets on Layer 2 interface (CVE-2020-1668). PR1491905

  • Traffic loss could be observed in mixed Virtual Chassis setup of QFX5100 and EX4300. PR1493258

  • Traffic loss might be seen in an MC-LAG scenario. PR1494507

  • In the QFX5120 line of switches, the SNMP polling for the CPU utilization and state of the breakup-Routing Engine does not show in the two member Virtual Chassis. PR1495384

  • Junos OS: PTX Series and QFX Series: Kernel routing table (KRT) queue stuck after J-Flow sampling of a malformed packet (CVE-2020-1679). PR1495788

  • ARP might not get refreshed after timeout. PR1497209

  • Virtual Chassis is not stable with 100GbE and 40GbE interfaces. PR1497563

  • Outbound SSH connection flap or memory leak issue might be observed when pushing the configuration to the ephemeral database at him high rate. PR1497575

  • On the QFX5210064C switches, the lcmd process generates a core file. PR1497947

  • Traffic might get dropped if the aggregated Ethernet member interface is deleted or added, or an SFP transceiver of the aggregated Ethernet member interface is unplugged or plugged in. PR1497993

  • The request-pfe-execute CLI command takes longer than 5 seconds to get a reply in Junos OS Release 18.4 for QFX5100. PR1498092

  • On the QFX5210 switches, unexpected behavior for port LEDs lights is observed after the upgrade. PR1498175

  • Inter-VNI and intra-VNI or VRF traffic is dropped between the CE devices when the interfaces connected between the TOR and multihomed PE devices are disabled. PR1498863

  • On the QFX5100 and QFX5110 line of switches, the firewall filter might not get applied. PR1499647

  • BFD sessions flap after deactivating or activating the aggregated Ethernet interface or executing GRES. PR1500798

  • On the QFX5000 switches, ERPS might not work correctly. PR1500825

  • The error message mpls_extra NULL might be seen during MPLS route add/change/delete operation. PR1502385

  • The interface becomes physically down after changing to the FEC-none mode. PR1502959

  • LLDP is not acquired when native-vlan-id and tagged VLAN-ID are the same on a port. PR1504354

  • "Media type" in show interface command is displayed as "Fiber" for SFP-10G-T. PR1504630

  • The DMA failure errors might be seen when the cache is full or flushes. PR1504856

  • The l2cpd process might crash if the ERP configuration is added or removed, and the l2cpd process is restarted. PR1505710

  • The archival function might fail in certain conditions. PR1507044

  • The fxpc may crash and restart with an fxpc core file created while installing the image through ZTP. PR1508611

  • Traffic might be affected on the QFX10002, QFX10008, and QFX10016 platform. PR1509220

  • ARP replies might be flooded through the EVPN-VXLAN network as unknown unicast ARP reply. PR1510329

  • The output VLAN push might not work. PR1510629

  • Multicast traffic loss is observed because of few missing multicast routes in the spine node. PR1510794

  • The QFX10000-36Q line card used on QFX10008 and QFX10016 platforms may fail to detect any QSFP. PR1511155

  • In the VXLAN configuration, the firewall filters might not be loaded into the TCAM with the following message due to TCAM overflow after upgrading to Releases 18.1R3-S1, 18.2R1, and later : DFWE ERROR DFW: Cannot program filter. PR1514710

  • The routes update might fail upon the HMC memory issue and traffic impact might be seen. PR1515092

  • The100GbE AOC non-breakout port might be auto-channelized to another speed. PR1515487

  • The MAC learning might not work properly after multiple MTU changes on the access port in the VXLAN scenario. PR1516653

  • The dcpfe (PFE) process might crash due to memory leak. PR1517030

  • The vgd process might generate a core file when the OVSDB server restarts. PR1518807

  • Traffic forwarding might be affected when adding, removing, or modifying the VLAN or VNI configurations such as vlan-id and vni-id, and the ingress-replication configuration. PR1519019

  • Output interface index in an sFlow packet is zero when transit traffic is observed on the IRB interface with VRRP enabled. PR1521732

  • On the QFX10002, QFX10008, and QFX10016 switches, the following error message is observed during specific steps while clearing and loading the scaled configuration again: PRDS_SLU_SAL:jprds_slu_sal_update_lrncnt(),1379: jprds_slu_sal_update_lrncnt call failed. PR1522852

  • Sampling, with the rate limiter command enabled, crosses the sample rate 65,535. PR1525589

  • The MPLS EXP classifier might not work on QFX10000 platforms. PR1531095

  • High rate of ARP or NS packets might be observed between a device that runs Junos OS and host when the device that runs Junos OS receives an ARP or NS packet on an interface in transition. PR1534796

Routing Policy and Firewall Filters

  • The policy configuration might be mismatched between rpd and mgd when deactivate policy-options prefix-list is involved in configuration sequence. PR1523891

Routing Protocols

  • Flows do not fall back to a single link when the inactivity-interval is set higher than the IFG. PR1471729

  • The MUX state in the LACP interface does not go to the Collecting and Distributing state and remains in the Attached state after enabling the aggregated Ethernet interface. PR1484523

  • The FPC process goes to the NotPresent state after upgrading the QFX5100 Virtual Chassis or Virtual Chassis Fan. PR1485612

  • On QFX 5100-48T-6Q with Virtual Chassis or Virtual Chassis fan, system upgrade/ installation might fail. PR1486632

  • CPU port queue gets full due to excessive pause frames being received on interfaces; this causes control packets from the CPU to all ports to be dropped. PR1487707

  • The BGP route target family might prevent the route reflector from reflecting Layer 2 VPN and Layer 3 VPN routes. PR1492743

  • The rpd process generates core files at rt_nh_resolve_add_gen in ../../../../../../../../src/junos/usr.sbin/rpd/lib/rt/rt_resolve_ind.c: with the evpn-dhcp configurations. PR1494005

  • EX4300-MP/EX4600/QFX5000 Series: High CPU load due to receipt of specific layer 2 frames in EVPN-VXLAN deployment. (CVE-2020-1687) & High CPU load due to receipt of specific Layer 2 frames when deployed in a Virtual Chassis configuration (CVE-2020-1689). PR1495890

  • Firewall filter does not work in certain conditions in a Virtual Chassis setup. PR1497133

  • Traffic drop might be observed after modifying the FBF firewall filter. PR1499918

  • Scale of filters with egress-to-ingress command is enabled. PR1514570

  • The rpd might report 100% CPU usage with BGP route damping enabled. PR1514635

  • Firewall "sample" configuration gives the warning as unsupported on QFX10002-36Q and does not work. PR1521763

  • On the QFX5000 line of switches, the fxpc process might crash if the VXLAN interface flaps. PR1528490

User Interface and Configuration

  • The version information under the configuration changes from Junos OS Release 19.1 onward. PR1457602

Resolved Issues: 20.1R1

Class of Service (CoS)

  • Shaping does not work after the reboot if shaping-rate is configured. PR1432078

  • The traffic is placed in the network-control queue on an extended port even if it comes in with a different DSCP marking. PR1433252

  • On QFX5120 switches, when you move unicast traffic to a multicast queue through an MF classifer, the show interface queue command does not display any status. PR1459281

EVPN

  • The rpd might crash with EVPN-related configuration changes in a static VXLAN to MPLS stitching scenario. PR1467309

Forwarding and Sampling

  • Type 1 ESI/AD route might not be generated locally on an EVPN PE device in the all-active mode. PR1464778

General Routing

  • On QFX5100 Virtual Chassis, MacDrainTimeOut and bcm_port_update failed: Internal error is observed. PR1284590

  • The show chassis errors active detail command is not supported on QFX5000 platforms. PR1386255

  • The 10-Gigabit Ethernet fiber interfaces might flap frequently when they are connected to other vendor's switch. PR1409448

  • The optic comes with Tx enabled by default. As the port is administratively disabled, the port is stopped but as the port has not been started, it does not disable Tx. PR1411015

  • Part of routes could not be provided into the Packet Forwarding Engine when both IPv4 and IPv6 are used. PR1412873

  • The show interface command shows Media type: Fiber on QFX5100-48T switches running "QFX 5e Series" image. PR1419732

  • Ports might get incorrectly channelized if they are channelized to 10-Gbps and they are again channelized to 10-Gbps. PR1423496

  • CoS rewrite rules applied under an aggregated Ethernet interface might not take effect after nonstop software upgrade (NSSU). PR1430173

  • The l2cpd process might crash and generate a core file when interfaces flap. PR1431355

  • The FPC might crash when a firewall filter is modified. PR1432116

  • When you plug in an unsupported SFP-T module, the line card might crash. PR1432809

  • BGP neighborship might not come up if the MACsec feature is configured. PR1438143

  • QFX5100 Virtual Chassis does not come up after you replace a Virtual Chassis port fiber connection with a DAC cable. PR1440062

  • MAC addresses learned on RTG might not be aged out after a Virtual Chassis member is rebooted. PR1440574

  • Packet loss might be seen if IPoIP or MPLS-over-UDP dynamic tunnels are configured with ECMP. PR1446132

  • On QFX5100 Virtual Chassis, a cyclic redundancy check (CRC) error might be seen on the Virtual Chassis Port (VCP). PR1449406

  • Except one aggregated Ethernet member link, the other links do not send out sFlow sample packets for ingress traffic. PR1449568

  • The em0 route might be rejected after the em0 interface is disabled and then enabled. PR1449897

  • FPC does not restart immediately after rebooting the system. This might cause packet loss. PR1449977

  • On QFX10000 platforms, CoS classification does not work. PR1450265

  • The l2ald and eventd process are hogging 100 percent after the clear ethernet-switching table command is issued. PR1452738

  • The classifier configuration does not get applied to the interface in an EVPN-VXLAN environment. PR1453512

  • The show chassis led command shows incorrect status. PR1453821

  • On QFX5100 Virtual chassis, VGD process hogs the CPU without the switch-options vtep-source-interface lo0.0 configuration. PR1454014

  • On QFX5110 Virtual Chassis, master FPC might come up in master state again after reboot instead of backup. PR1454343

  • On QFX5000 platform, the dcpfe process crashes because usage of data which is not NULL is terminated. PR1454527

  • On QFX10002-60C EVPN-VXLAN, the MAC+IP count is shown as zero. PR1454603

  • On QFX5120 switches, untagged hosts ARP/NS requests connected on encapsulation ethernet-bridge interface are not being resolved. PR1454804

  • You might not be able to apply a firewall filter to a particular Virtual Chassis or Virtual Chassis Fabric member as TCAM is running out of space. PR1455177

  • In a 16+ member QFX5100 Virtual Chassis Fabric, the FROM column under the show system users command output reports feb0, feb1, feb2, and feb3 for fpc16, fpc17, fpc18, and fpc19, respectively. PR1455201

  • The priority-based flow control (PFC) feature does not work on the QFX10000 line of switches. PR1455309

  • The cosd crash might be observed if the forwarding-class-set is directly applied on the child interface of an aggregated Ethernet interface. PR1455357

  • Link-up delay and traffic drop might be seen on mixed service provider Layer 2/Layer 3 and enterprise style Layer 2 type configurations. PR1456336

  • The Packet Forwarding Engine process might crash after Routing Engine switchover on QFX10000 platforms. PR1457414

  • Overtemperature SNMP trap messages are displayed after an update even though the temperatures are within the system thresholds. PR1457456

  • On QFX5110 switches, port 51 has one LED blinking amber continuously. PR1457516

  • On QFX5210 switches, the LED does not light on port 64 and 65 after the switch is upgraded to Junos OS Release 19.2R1. PR1458514

  • The command show dynamic-tunnels database does not show v6 mapped next-hop flag for 6PE routes that have labels. PR1458634

  • The BPDU packet might be looped between leaf DF switch and non-DF switch and causes traffic blocking. PR1458929

  • On QFX5200 switches, DHCPv6 LDRA relay bounded count is not as expected after DHCP is configured. PR1459499

  • The fxpc process might crash because the BGP IPv6 session flaps. PR1459759

  • The forwarding option is missed in routing instance type. PR1460181

  • The accept-source-mac feature with VXLAN is not working on QFX5000 platforms. PR1460885

  • The statement show forwarding-options enhanced-hash-key is not supported on QFX10000 platforms. PR1462519

  • The entPhysicalTable MIB is not fetching expected data on QFX10002-72Q or QFX10002-36Q platforms. PR1462582

  • The fxpc process might generate core files when changing MTU in a VXLAN scenario with firewall filters applied on QFX5000 platforms. PR1462594

  • On QFX5100 Virtual Chassis or Virtual Chassis Fabric, you observe the BRCM-VIRTUAL,brcm_vxlan_walk_svp(),6916:Failed to find L2-iff for ifl: error while cleaning up EVPN-VXLAN configurations with mini-PDT base configurations. PR1463939

  • On PTX10000, the FPC might restart during runtime. PR1464119

  • On QFX10000 platforms, the interface might not come up on FPC restart. PR1464650

  • QFX5100-24Q: Unable to apply DSCP rewrite to firewall filter to a Layer 3 subinterface (for example, xe-0/0/0.100). PR1464883

  • PEM is not present spontaneously on QFX5210. PR1465183

  • On QFX5100-48T switches, a 10-Gigabit Ethernet interface might not come up or negotiate at speed 1-Gbps when connected with BRCM 10G/GbE 2+2P 57800-t rNDC. PR1465196

  • The QSFP-100G-PSM4 could not be correctly identified on QFX5200 or QFX5110 platforms. PR1465214

  • The physical interface of an aggregated Ethernet might take time to come up after disabling or enabling it. PR1465302

  • Junos OS exhibits inconsistent fan and power supply numbering on White Boxs (-O and -OZ) in Release 19.2R1. PR1465327

  • In a Virtual Chassis scenario, the broadcast and multicast traffic might be dropped over an IRB or a LAG interface. PR1466423

  • BGP open messages with specific types of BGP optional capabilities causing BMP messages not to be encoded correctly when sent to the BMP collector. PR1466477

  • On QFX10000 platforms, EBUF parity interrupt is not seen. PR1466532

  • IPv6 traffic over Layer 3 VPN might fail. PR1466659

  • Slow packet drops might be seen on QFX5000 platforms. PR1466770

  • EPR iCRC errors in QFX10000 platforms might cause protocols to be down. PR1466810

  • A few of the DHCPvX INFORM messages, specific to a particular VLAN, are not receiving any ACK from server. PR1467182

  • Ingress drops to be included at the CLI from interface statistics and added to InDiscards. PR1468033

  • Optics measurements might not be streamed for interfaces of a PIC over JTI. PR1468435

  • MAC address might not be learned on a new extended port after VMotion in a Junos fusion for data center environment. PR1468732

  • QFX5000 platform is looping the IP routed packet through IS-IS or MPLS. PR1469998

  • Incorrect counter values are observed for the arrival rate and peak rate for DDoS commands. PR1470385

  • On QFX5100 and EX4300 mixed-mode Virtual Chassis, unable to configure 10-Mbps speed on the Gigabit Ethernet interface. PR1471216

  • In a VXLAN scenario on QFX10000 platforms, when a VTEP source interface is configured in multiple routing instances, traffic loss might occur. PR1471465

  • On QFX5000 platforms, egress PACL size is half. PR1472206

  • The shaping of CoS does not work after reboot. PR1472223

  • The detached interface in a LAG might process the xSTP BPDUs. PR1473313

  • The RIPv2 packets forwarded across a Layer 2 circuit connection might be dropped. PR1473685

  • On QFX5000 platforms in an EVPN-VXLAN scenario, continuous log messages might be observed. PR1474545

  • Layer 2 circuit might fail to communicate via VLAN 2 on QFX5000 platforms. PR1474935

  • DAC cables are not being properly detected in the Packet Forwarding Engine on QFX5200 switches. PR1475249

  • QFX5000 leaf device might fail to forward the traffic in a multicast environment with VXLAN. PR1475430

  • QFX Series platform generates the invalid PFE PG counter pairs to copy, src 0xfffff80, dst 0 message. PR1476829

  • On QFX10002-36Q and QFX10002-72Q switches, generating continuous prds_ptc_wait_adoption_status: PECHIP[1] PTC[1]: timeout on getting adoption valid bit[8] asserted error logs on the device. PR1477192

  • The remaining interface might be still in downstate even the number of channelized interfaces is no more than five. PR1480480

  • ARP request packets for unknown hosts might get dropped in a remote PE in an EVPN-VXLAN scenario. PR1480776

  • On QFX10000 and QFX5000 Series switches with SP style configuration, BUM traffic incorrectly get blocked, while you disable or enable different logical interfaces. PR1482202

  • After an ISSU or an ISSR, a port using SR4 or LR4 optics might not come up. PR1490799

High Availability (HA) and Resiliency

  • Unified ISSU is not supported on QFX5000 platforms. PR1472183

Interfaces and Chassis

  • VRRPv6 state is flapping with init and idle states after configuring vlan-tagging. PR1445370

  • Traffic might be forwarded to incorrect interfaces in an MC-LAG scenario. PR1465077

  • On a QFX Series platform, VRRPv3 MIBs are not working to poll VRRPv6-related objects. PR1467649

  • Executing commit might become unresponsive due to a stuck dcd process. PR1470622

  • Commit error is not thrown when a member link is added to multiple aggregation groups with different interface-specific options. PR1475634

Junos Fusion Enterprise

  • Loop detection might not work on extended ports in Junos fusion for enterprise scenarios. PR1460209

Junos Fusion Satellite Software

  • In Junos fusion for enterprise, dpd might crash on satellite devices running SNOS. PR1460607

Layer 2 Ethernet Services

  • In an EVPN-VXLAN ERB scenario, dhcp relay-source lo0.1 is not used when enabled with anycast legacy IRB. PR1455076

  • Member links state might be asychronized on a connection between PE and CE devices in an EVPN A/A scenario. PR1463791

Layer 2 Features

  • On QFX5100 switches, storm control configuration might be disabled for the interface. PR1354889

  • Physical layer and MAC/ARP learning might not work for copper base SFP-T transceivers on QFX5100 and QFX5110. PR1437577

  • The LLDP function might fail when a Juniper device connects to a non-Juniper device. PR1462171

  • A few MAC addresses might be missing from the software MAC table on QFX5000 platforms. PR1467466

  • After rebooting, an FXPC core file might be seen when committing the configuration. PR1467763

  • Ingress traffic might be silently dropped if the underlying interface flaps in an EVPN-VXLAN scenario. PR1469596

  • Traffic might be affected if composite next hop is enabled. PR1474142

MPLS

  • On QFX10002 switches, the show mpls static-lsp | display xml command produces invalid XML. PR1469378

  • Traffic might silently dropped and discarded on PE when CE sends traffic to PE and the destination is resolved with two LSPs through one upstream interface. PR1475395

  • MPLS LDP ping or traceroute fails over QFX5100 as transit PHP node. PR1477301

Platform and Infrastructure

  • The stylesheet language alternative syntax (SLAX) script might be lost after upgrading software. PR1479803

Routing Protocols

  • In a scaled setup, when the host table is full and the host entries are installed in the LPM table, OSPF sessions might take more time to come up. PR1358289

  • Invalid VRRP mastership election on QFX5110 Virtual Chassis peers. PR1367439

  • Host-destined packets with filter log action might not reach the Routing Engine if log/syslog is enabled. PR1379718

  • On QFX5100, BGP IPv4 or IPv6 convergence and RIB install or delete time degraded in Junos OS Releases 19.1R1, 19.2R1, 19.3R1, and 19.4R1. PR1414121

  • PIM (S, G) joins can cause MSDP to incorrectly announce source active messages in some cases. PR1443713

  • CRC errors might be seen on QFX5100 Virtual Chassis. PR1444845

  • The core file might be generated when you add or remove EVPN Type-5 routing instance. PR1455547

  • On QFX5000 platforms, egress port for ARP entry in the Packet Forwarding Engine is not modified from the VTEP to the local ESI port, after the device boots up.PR1460688

  • On QFX5100 Virtual Chassis or Virtual Chassis Fabric, the brcm_ipmc_route_counter_delete:3900Multicast stat destroy failed (-10:Operation still running) error is observed after unified ISSU with Mini-PDT base configurations. PR1460791

  • The other querier present interval timer cannot be changed in an IGMP/MLD snooping scenario. PR1461590

  • When IRB is deleted on the Layer 3 gateway, the IRB interface does not get removed from the Packet Forwarding Engine and it results in traffic drop in IRB MAC address. PR1463092

  • The mcsnoopd crash might be seen if one BD/VLAN is configured as part of EVPN and it has any multicast router interfaces (static/dynamic). PR1468737

  • Traffic might not be forwarded over an ECMP link in an EVPN-VXLAN scenario. PR1475819

  • ARP packets are always sent to CPU regardless of whether the storm-control is activated. PR1476708

  • GRE transit traffic is not forwarded in a VRRP scenario. PR1477073

Documentation Updates

This section lists the errata and changes in Junos OS Release 20.1R2 documentation for the QFX Series.

Dynamic Host Configuration Protocol (DHCP)

  • Introducing DHCP User Guide—Starting in Junos OS Release 20.1R1, we are introducing the DHCP User Guide for Junos OS routing, switching, and security platforms. This guide provides basic configuration details for your Junos OS device as DHCP Server, DHCP client, and DHCP relay agent.

    [See DHCP User Guide.]

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network.

Upgrading Software on QFX Series Switches

When upgrading or downgrading Junos OS, always use the jinstall package. Use other packages (such as the jbundle package) only when so instructed by a Juniper Networks support representative. For information about the contents of the jinstall package and details of the installation process, see the Installation and Upgrade Guide and Junos OS Basics in the QFX Series documentation.

If you are not familiar with the download and installation process, follow these steps:

  1. In a browser, go to https://www.juniper.net/support/downloads/junos.html.

    The Junos Platforms Download Software page appears.

  2. In the QFX Series section of the Junos Platforms Download Software page, select the QFX Series platform for which you want to download the software.
  3. Select 20.1 in the Release pull-down list to the right of the Software tab on the Download Software page.
  4. In the Install Package section of the Software tab, select the QFX Series Install Package for the 20.1 release.

    An Alert box appears.

  5. In the Alert box, click the link to the PSN document for details about the software, and click the link to download it.

    A login screen appears.

  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.
  7. Download the software to a local host.
  8. Copy the software to the device or to your internal software distribution site.
  9. Install the new jinstall package on the device.Note

    We recommend that you upgrade all software packages out of band using the console, because in-band connections are lost during the upgrade process.

    Customers in the United States and Canada use the following command:

    user@host> request system software add source/jinstall-host-qfx-5-x86-64-20.1-R2.n-secure-signed.tgz reboot

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the switch.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname (available only for Canada and U.S. version)

    Adding the reboot command reboots the switch after the upgrade is installed. When the reboot is complete, the switch displays the login prompt. The loading process can take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note

After you install a Junos OS Release 20.1 jinstall package, you can issue the request system software rollback command to return to the previously installed software.

Installing the Software on QFX10002-60C Switches

This section explains how to upgrade the software, which includes both the host OS and the Junos OS. This upgrade requires that you use a VM host package—for example, a junos-vmhost-install-x.tgz .

During a software upgrade, the alternate partition of the SSD is upgraded, which will become primary partition after a reboot .If there is a boot failure on the primary SSD, the switch can boot using the snapshot available on the alternate SSD.

Note

The QFX10002-60C switch supports only the 64-bit version of Junos OS.

Note

If you have important files in directories other than /config and /var, copy the files to a secure location before upgrading. The files under /config and /var (except /var/etc) are preserved after the upgrade.

To upgrade the software, you can use the following methods:

If the installation package resides locally on the switch, execute the request vmhost software add <pathname><source> command.

For example:

user@switch> request vmhost software add /var/tmp/junos-vmhost-install-qfx-x86-64-20.1R2.9.tgz

If the Install Package resides remotely from the switch, execute the request vmhost software add <pathname><source> command.

For example:

user@switch> request vmhost software add ftp://ftpserver/directory/junos-vmhost-install-qfx-x86-64-20.1R2.9.tgz

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Installing the Software on QFX10002 Switches

Note

If you are upgrading from a version of software that does not have the FreeBSD 10 kernel (15.1X53-D30, for example), you will need to upgrade from Junos OS Release 15.1X53-D30 to Junos OS Release 15.1X53-D32. After you have installed Junos OS Release 15.1X53-D32, you can upgrade to Junos OS Release 15.1X53-D60 or Junos OS Release 18.3R1.

Note

On the switch, use the force-host option to force-install the latest version of the Host OS. However, by default, if the Host OS version is different from the one that is already installed on the switch, the latest version is installed without using the force-host option.

If the installation package resides locally on the switch, execute the request system software add <pathname><source> reboot command.

For example:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-f-x86-64-20.1R2.n-secure-signed.tgz reboot

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> reboot command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-f-x86-64-20.1R2.n-secure-signed.tgz reboot

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Upgrading Software from Junos OS Release 15.1X53-D3X to Junos OS Release 15.1X53-D60, 15.1X53-D61.7, 15.1X53-D62, and 15.1X53-D63 on QFX10008 and QFX10016 Switches

Note

Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://www.juniper.net/support.

The switch contains two Routing Engines, so you will need to install the software on each Routing Engine (re0 and re1).

If the installation package resides locally on the switch, execute the request system software add <pathname><source> command.

To install the software on re0:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re0

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re0 command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re0

To install the software on re1:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re1

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re1 command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re1

Reboot both Routing Engines.

For example:

user@switch> request system reboot both-routing-engines

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Installing the Software on QFX10008 and QFX10016 Switches

Because the switch has two Routing Engines, perform a Junos OS installation on each Routing Engine separately to avoid disrupting network operation.

Note

Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://www.juniper.net/support.

Warning

If graceful Routing Engine switchover (GRES), nonstop bridging (NSB), or nonstop active routing (NSR) is enabled when you initiate a software installation, the software does not install properly. Make sure you issue the CLI delete chassis redundancy command when prompted. If GRES is enabled, it will be removed with the redundancy command. By default, NSR is disabled. If NSR is enabled, remove the nonstop-routing statement from the [edit routing-options] hierarchy level to disable it.

  1. Log in to the master Routing Engine’s console.

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  2. From the command line, enter configuration mode:

    user@switch> configure
  3. Disable Routing Engine redundancy:

    user@switch# delete chassis redundancy
  4. Disable nonstop-bridging:

    user@switch# delete protocols layer2-control nonstop-bridging
  5. Save the configuration change on both Routing Engines:

    user@switch# commit synchronize
  6. Exit the CLI configuration mode:

    user@switch# exit

    After the switch has been prepared, you first install the new Junos OS release on the backup Routing Engine, while keeping the currently running software version on the master Routing Engine. This enables the master Routing Engine to continue operations, minimizing disruption to your network.

    After making sure that the new software version is running correctly on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the software version on the other Routing Engine.

  7. Log in to the console port on the other Routing Engine (currently the backup).

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  8. Install the new software package using the request system software add command:

    user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-f-x86-64-20.1R2.n-secure-signed.tgz

    For more information about the request system software add command, see the CLI Explorer.

  9. Reboot the switch to start the new software using the request system reboot command:

    user@switch> request system reboot
    Note

    You must reboot the switch to load the new installation of Junos OS on the switch.

    To abort the installation, do not reboot your switch. Instead, finish the installation and then issue the request system software delete <package-name> command. This is your last chance to stop the installation.

    All the software is loaded when you reboot the switch. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.

    While the software is being upgraded, the Routing Engine on which you are performing the installation is not sending traffic.

  10. Log in and issue the show version command to verify the version of the software installed.

    user@switch> show version

    Once the software is installed on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the master Routing Engine software.

  11. Log in to the master Routing Engine console port.

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  12. Transfer routing control to the backup Routing Engine:

    user@switch> request chassis routing-engine master switch

    For more information about the request chassis routing-engine master command, see the CLI Explorer.

  13. Verify that the backup Routing Engine (slot 1) is the master Routing Engine:

    user@switch> show chassis routing-engine
  14. Install the new software package using the request system software add command:

    user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-f-x86-64-20.1R2.n-secure-signed.tgz

    For more information about the request system software add command, see the CLI Explorer.

  15. Reboot the Routing Engine using the request system reboot command:

    user@switch> request system reboot
    Note

    You must reboot to load the new installation of Junos OS on the switch.

    To abort the installation, do not reboot your system. Instead, finish the installation and then issue the request system software delete jinstall <package-name> command. This is your last chance to stop the installation.

    The software is loaded when you reboot the system. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.

    While the software is being upgraded, the Routing Engine on which you are performing the installation does not send traffic.

  16. Log in and issue the show version command to verify the version of the software installed.

  17. Transfer routing control back to the master Routing Engine:

    user@switch> request chassis routing-engine master switch

    For more information about the request chassis routing-engine master command, see the CLI Explorer.

  18. Verify that the master Routing Engine (slot 0) is indeed the master Routing Engine:

    user@switch> show chassis routing-engine

Performing a Unified ISSU

You can use unified ISSU to upgrade the software running on the switch with minimal traffic disruption during the upgrade.

Note

Unified ISSU is supported in Junos OS Release 13.2X51-D15 and later.

Perform the following tasks:

Preparing the Switch for Software Installation

Before you begin software installation using unified ISSU:

  • Ensure that nonstop active routing (NSR), nonstop bridging (NSB), and graceful Routing Engine switchover (GRES) are enabled. NSB and GRES enable NSB-supported Layer 2 protocols to synchronize protocol information between the master and backup Routing Engines.

    To verify that nonstop active routing is enabled:

    Note

    If nonstop active routing is enabled, then graceful Routing Engine switchover is enabled.

    If nonstop active routing is not enabled (Stateful Replication is Disabled), see Configuring Nonstop Active Routing on Switches for information about how to enable it.

  • Enable nonstop bridging (NSB). See Configuring Nonstop Bridging on Switches (CLI Procedure) for information on how to enable it.

  • (Optional) Back up the system software—Junos OS, the active configuration, and log files—on the switch to an external storage device with the request system snapshot command.

Upgrading the Software Using Unified ISSU

This procedure describes how to upgrade the software running on a standalone switch.

To upgrade the switch using unified ISSU:

  1. Download the software package by following the procedure in the Downloading Software Files with a Browser section in Installing Software Packages on QFX Series Devices.

  2. Copy the software package or packages to the switch. We recommend that you copy the file to the /var/tmp directory.

  3. Log in to the console connection. Using a console connection allows you to monitor the progress of the upgrade.

  4. Start the ISSU:

    • On the switch, enter:

      where package-name.tgz is, for example, jinstall-host-qfx-10-f-x86-64-20.1R2.n-secure-signed.tgz.

    Note

    During the upgrade, you cannot access the Junos OS CLI.

    The switch displays status messages similar to the following messages as the upgrade executes:

    Note

    A unified ISSU might stop, instead of abort, if the FPC is at the warm boot stage. Also, any links that go down and up will not be detected during a warm boot of the Packet Forwarding Engine (PFE).

    Note

    If the unified ISSU process stops, you can look at the log files to diagnose the problem. The log files are located at /var/log/vjunos-log.tgz.

  5. Log in after the reboot of the switch completes. To verify that the software has been upgraded, enter the following command:

  6. Ensure that the resilient dual-root partitions feature operates correctly, by copying the new Junos OS image into the alternate root partitions of all of the switches:

    Resilient dual-root partitions allow the switch to boot transparently from the alternate root partition if the system fails to boot from the primary root partition.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2 and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.

You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.