Junos OS Release Notes for EX Series Switches
These release notes accompany Junos OS Release 20.1R3 for the EX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.
You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.
What's New
Learn about new features introduced in the Junos OS main and maintenance releases for EX Series switches.
The following EX Series switches are supported in Release 20.1R3: EX2300, EX2300-C, EX3400, EX4300, EX4600-40F, EX4650, EX9200, EX9204, EX9208, EX9214, EX9251, and EX9253.
What’s New in Release 20.1R3
There are no new features or enhancements to existing features for EX Series switches in Junos OS Release 20.1R3.
What’s New in Release 20.1R2
There are no new features or enhancements to existing features for EX Series switches in Junos OS Release 20.1R2.
What’s New in Release 20.1R1
EVPN
Routing traffic between a VXLAN and a Layer 3 logical interface (EX4650 and QFX5120)—Starting in Junos OS Release 20.1R1, EX4650 and QFX5120 switches support the routing of traffic between a Virtual Extensible LAN (VXLAN) and a Layer 3 logical interface. (You can configure the Layer 3 logical interface using the set interfaces interface-name unit logical-unit-number family inet address ip-address/prefix-length or the set interfaces interface-name unit logical-unit-number family inet6 address ipv6-address/prefix-length command.) This feature is enabled by default, so you do not need to take any action to enable it.
Note By default, this feature is disabled on QFX5110 switches. To enable the feature on QFX5110 switches, you must perform the configuration described in Understanding How to Configure VXLANs and Layer 3 Logical Interfaces to Interoperate.
Interfaces and Chassis
Support for static link protection on aggregated interfaces (EX4650, QFX5120-32C, and QFX5120-48Y)—Starting in Junos OS Release 20.1R1, you can enable link protection on aggregated interfaces for a specified static label-switched path (LSP). You can designate a primary and a backup physical link to support link protection. Egress traffic passes only through the designated primary link. This traffic includes transit traffic and locally generated traffic on the router. When the primary link fails, traffic is routed through the backup link.
[See link-protection.]
Junos OS XML, API, and Scripting
The
jcs:load-configuration
template supports loading the rescue configuration (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.1R1, thejcs:load-configuration
template supports therescue
parameter to load and commit the rescue configuration on a device. SLAX and XSLT scripts can call thejcs:load-configuration
template with therescue
parameter set to"rescue"
to replace the active configuration with the rescue configuration.[See Changing the Configuration Using SLAX and XSLT Scripts and jcs:load-configuration Template.]
Junos Telemetry Interface
MPLS and local routing sensor streaming support on JTI (EX2300, EX3400, EX4300, EX4600, and EX9200)—Junos OS Release 20.1R1 provides MPLS constrained-path Label Switched Paths (LSPs), RSVP-Traffic Engineering (RSVP-TE) and local routing statistics using Junos telemetry interface (JTI) and remote procedure call (gRPC) services. Streaming statistics are sent to an outside collector at configurable intervals.
The following resource paths are supported:
Local routing (resource path
/local-routes/
)MPLS constrained-path LSPs and RSVP-TE (resource path
/network-instances/network-instance/mpls/
)
To provision the sensor to export data through gRPC services, use the telemetrySubscribe RPC.
Streaming telemetry data through gRPC or gNMI also requires the OpenConfig for Junos OS module.
[See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]
JTI infrastructure support for (EX2300, EX2300-MP, and EX3400)—Junos OS Release 20.1R1 provides Junos telemetry interface (JTI) infrastructure support for EX2300, EX2300-MP, and EX3400 switches.
Layer 2 Features
Q-in-Q support on redundant trunk links using LAGs with link protection (EX4300-MP switches and Virtual Chassis)—Starting in Junos OS Release 20.1R1, Q-in-Q is supported on redundant trunk links (also called “RTGs”) using LAGs with link protection. Redundant trunk links provide a simple solution for network recovery when a trunk port on a switch goes down. In that case, traffic is routed to another trunk port, keeping network convergence time to a minimum.
Q-in-Q support on redundant trunk links on a LAG with link protection also includes support for the following items:
Configuration of flexible VLAN tagging on the same LAG that supports the redundant links configurations
Multiple redundant links configurations on one physical interface
Multicast convergence
[See Q-in-Q Support on Redundant Trunk Links Using LAGs with Link Protection.]
Multicast
PIM with IPv6 multicast traffic (EX4650 and QFX5120-48Y)—Starting in Junos OS Release 20.1R1, EX4650 and QFX5120-48Y switches support Protocol Independent Multicast (PIM) with IPv6 multicast traffic as follows:
PIM sparse mode (PIM-SM), PIM dense mode (PIM-DM), and PIM sparse-dense mode (PIM-SDM)
PIM any-source multicast (PIM-ASM) and PIM source-specific multicast (PIM-SSM)
Static, embedded, and anycast rendezvous points (RPs)
[See PIM Overview.]
Routing Policy and Firewall Filters
Support for flexible-match-mask match condition (EX4650 and QFX-Series)—Starting with Junos OS Release 20.1R1, for EX4650, QFX5120-32C, and QFX5120-48Y switches, the flexible-match-mask match condition in firewall filters is supported for the inet, inet6, and ethernet-switching families. With this feature, you can configure a filter by specifying the length of the match (4 bytes maximum) starting from a Layer 2 or Layer 3 packet offset.
Storage and Fibre Channel
FIP snooping (EX4650-48Y and QFX5120-48Y)—Starting in Junos OS Release 20.1R1, EX4650-48Y and QFX5120-48Y switches support Fibre Channel over Ethernet (FCoE) Initialization Protocol (FIP) snooping. With FIP snooping enabled on these switches, you prevent unauthorized access and data transmission to a Fibre Channel (FC) network by permitting only those servers that have logged in to the FC network to access the network. You enable FIP snooping on FCoE VLANs when the switch is being used as an FCoE transit switch that connects FC initiators (servers) on the Ethernet network to FCoE forwarders at the FC storage area network (SAN) edge.
[See Understanding FCoE Transit Switch Functionality and Understanding VN_Port to VN_Port FIP Snooping on an FCoE Transit Switch.]
System Management
Change status LED for network port to chassis beacon light (EX4300-48MP switch and EX4300-48MP Virtual Chassis)—By default, when a network port and its associated link are active, the status LED for that port blinks green 8 times per second. Starting in Junos OS Release 20.1R1, you can use the request chassis beacon command to slow down the current blinking rate to 2 blinks per second. The slower-blinking and steadier green light acts as a beacon that leads you to an EX4300-48MP switch or a particular port in a busy lab.
Using options with the request chassis beacon command, you can do the following for one or all network port status LEDs on a specified FPC:
Turn on the beacon light for:
5 minutes (default)
A specified number of minutes (1 through 120)
Turn off the beacon light:
Immediately
After a specified number of minutes (1 through 120)
After the beacon light is turned off, the blinking rate for the network port’s status LED returns to 8 blinks per second.
[See request chassis beacon.]
Virtual Chassis
Virtual Chassis support for up to four member switches (EX4650)—Starting in Junos OS Release 20.1R1, you can interconnect up to four EX4650-48Y switches into a Virtual Chassis managed as a single device. The Virtual Chassis:
Contains only EX4650-48Y switches.
Has two member switches in Routing Engine role (master, backup) and the remaining members in linecard role.
Supports 100GbE QSFP28 or 40GbE QSFP+ ports on the front panel (ports 48 through 55) as Virtual Chassis ports (VCPs).
Supports NSSU.
A EX4650-48Y Virtual Chassis with two to four members now also supports the following protocol features that were not previously supported on a two-member EX4650-48Y Virtual Chassis:
IEEE 802.1X authentication
Layer 2 port security features, including IP source guard, IPv6 router advertisement (RA) guard, DHCP, and DHCP snooping
MPLS
Redundant trunk groups (RTG)
EX4650-48Y Virtual Chassis has limitations on protocol feature support compared to the standalone switch. The following protocol features are not supported:
EVPN-VXLAN
Junos telemetry interface (JTI)
Multichassis link aggregation (MC-LAG)
Priority-based flow control (PFC)
Configuration and operation are the same as for other EX Series and QFX Series Virtual Chassis.
[See Virtual Chassis Overview for Switches, 802.1X Authentication, MPLS Overview, DHCP Snooping, Understanding DHCP Snooping (ELS), Understanding IP Source Guard for Port Security on Switches, and Understanding IPv6 Router Advertisement Guard.]
What's Changed
Learn about what changed in Junos OS main and maintenance releases for EX Series.
What’s Changed in Release 20.1R3
EVPN
IGMP snooping options has changed hierarchy level—Junos OS has moved the following options from the edit protocols igmp-snooping hierarchy to edit routing-instances evpn protocols igmp-snooping vlan <vlan-name/vlan-all> hierarchy:
query-interval
query-last-member-interval
query-response-interval
robust-count
evpn-ssm-reports-only
immediate-leave
General Routing
Configure internal IPsec authentication algorithm (EX Series)—You can configure the algorithm hmac-sha-256-128 at the [edit security ipsec internal security-association manual direction bidirectional authentication algorithm] hierarchy level for internal IP security (IPsec) authentication. In earlier releases, you could configure the algorithm hmac-sha-256-128 for MX series devices only.
Junos XML API and Scripting
The
jcs:invoke()
function supports suppression of root login and logout events in system log files for SLAX commit scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Thejcs:invoke()
extension function supports theno-login-logout
parameter in SLAX commit scripts. If you include the parameter, the function does not generate and log UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages when the script logs in as root to execute the specified remote procedure call (RPC). If you omit the parameter, the function behaves as in earlier releases in which the root UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages are included in system log files.The
jcs:invoke()
function supports suppression of root login and logout events in system log files for SLAX event scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Thejcs:invoke()
extension function supports theno-login-logout
parameter in SLAX event scripts. If you include the parameter, the function does not generate and log UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages when the script logs in as root to execute the specified remote procedure call (RPC). If you omit the parameter, the function behaves as in earlier releases in which the root UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages are included in system log files.
MPLS
Disable back-off behavior on PSB2 (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)— We've introduced the cspf-backoff-time statement globally for MPLS and LSP to delay the CSPF by configured number of seconds, on receiving bandwidth unavailable PathErr on PSB2. If the configured value is zero, then the CSPF starts immediately for PSB2, when bandwidth-unavailable PathErr is received. If the statement is not configured, the default exponential back-off occurs.
[See cspf-backoff-time.]
Network Management and Monitoring
Support for specifying the YANG modules to advertise in the NETCONF capabilities and supported schema list (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—You can configure devices to emit third-party, standard, and Junos OS native YANG modules in the capabilities exchange of a NETCONF session by configuring the appropriate statements at the [edit system services netconf hello-message yang-module-capabilities] hierarchy level. In addition, you can specify the YANG schemas that the NETCONF server should include in its list of supported schemas by configuring the appropriate statements at the [edit system services netconf netconf-monitoring netconf-state-schemas] hierarchy level.
[See hello-message and netconf-monitoring..]
Change in OID ifHighSpeed—Now, the object identifier (OID) ifHighSpeed displays the negotiated speed once negotiation is completed. If the speed is not negotiated, ifHighSpeed displays the actual maximum speed of the interface. In earlier releases, ifHighSpeed always displayed the actual speed of the interface.
Routing Protocols
Advertising /32 secondary loopback addresses to traffic engineering database as prefixes (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—We've made changes to export multiple loopback addresses to the lsdist.0 and lsdist.1 routing tables as prefixes. This eliminates the issue of advertising secondary loopback addresses as router IDs instead of prefixes. In earlier releases, we added multiple secondary loopback addresses in the traffic engineering database to the lsdist.0 and lsdist.1 routing tables as part of node characteristics and advertised them as the router ID.
User Interface and Configuration
Verbose format option to export JSON configuration data (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The Junos OS CLI exposes the verbose statement at the [edit system export-format json] hierarchy level. We changed the default format to export configuration data in JavaScript Object Notation (JSON) from verbose to ietf starting in Junos OS Release 16.1R1. You can explicitly specify the default export format for JSON configuration data by configuring the appropriate statement at the [edit system export-format json] hierarchy level. Although the verbose statement is exposed in the Junos OS CLI as of the current release, you can configure this statement starting in Junos OS Release 16.1R1.
[See export-format.]
What’s Changed in Release 20.1R2
General Routing
Loading of the default configurations in a RIFT package causes the following changes:
1. Output of the show rift node status command displays the node ID in hexadecimal number even though the node ID is configured in decimal, hexadecimal, or octal number.
2. Some of the DDoS default configurations change because of the DDoS protection interferes with the RIFT BFD operation.
Updates to ON-CHANGE and periodic dynamic subscriber interface metadata sensors (MX Series routers and EX9200 line of switches)—We've made the following updates to the /junos/system/subscriber-management/dynamic-interfaces/interfaces/meta-data/interface[sid='sid-value']/ sensor:
Notifications are sent when subscribers log in on either IP demux or VLAN demux interfaces. In earlier releases, login notifications are sent only for IP demux logins.
The
interface-set
end path has been added to the logical interface metadata. The interface-set field appears in both ON-CHANGE and periodic notifications. In earlier releases, this field is not included in the sensor metadata or notifications.
High Availability (HA) and Resiliency
IPv6 address in the prefix TIEs displayed correctly—The IPv6 address in the prefix TIEs are displayed correctly in the show rift tie output.
Install or activate the RIFT package to include the request rift package activate-as-top-of-fabric option—Install or activate the RIFT package to include the request rift package activate-as-top-of-fabric option. This option is same as the activate option but it adds additional configuration to act as a top-of-fabric node.
Juniper Extension Toolkit (JET)
Set the trace log to only show error messages (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series)— You can set the verbosity of the trace log to only show error messages using the error option at the edit system services extension-service traceoptions level hierarchy.
Junos Telemetry Interface (JTI)
LLDP ON_CHANGE statistics support with JTI (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series)—Enhanced telemetry ON_CHANGE event support provides the following LLDP attributes:
- When LLDP is enabled on interfaces, LLDP interface counters are notified along with other interface-level attributes.
- ON_CHANGE event reports LLDP neighbor age and custom TLVs, as well as when a neighbor is initially discovered
[See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]
Subscriber Management and Services
Command to view summary information for resource monitor (MX Series routers and EX9200 line of switches)—You can use the show system resource-monitor command to view statistics about the use of memory resources for all line cards or for a specific line card in the device. The command also displays information about the status of load throttling, which manages how much memory is used before the device acts to reduce consumption.
[See show system resource-monitor and Resource Monitoring for Subscriber Management and Services.]
What’s Changed in Release 20.1R1
Interfaces and Chassis
Logical Interface is created along with physical Interface by default (EX Series switches, QFX Series switches, MX Series routers)—The logical interface is created on ge, et, xe interfaces along with the physical interface, by default. In earlier Junos OS Releases, by default, only physical interfaces were created. For example, for ge interfaces, earlier when you view the show interfaces command, by default, only the physical interface (ge-0/0/0), was displayed. Now, the logical interface (ge-0/0/0.16386) is also displayed.
Juniper Extension Toolkit (JET)
Set the trace log to only show error messages (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series)— You can set the verbosity of the trace log to only show error messages using the error option at the edit system services extension-service traceoptions level hierarchy.
[See traceoptions (Services).]
Multicast
Multicast Layer 2 transit traffic statistics by multicast source and group (EX4600, EX4650, and the QFX5000 line of switches)—Starting in Junos OS Release 20.1R1, EX4600, EX4650, and the QFX5000 line of switches provide statistics on the packet count for each multicast group and source when passing multicast transit traffic at Layer 2 with IGMP snooping. Run the show multicast snooping route extensive CLI command to see this count in the Statistics: … n packets output field. The other statistics in that output field, kBps and pps, are not available (values displayed there are not valid statistics for multicast traffic at Layer 2). In earlier Junos OS releases, all three values in the Statistics output field for kBps, pps, and packets do not provide valid statistics for multicast traffic at Layer 2.
Known Limitations
Learn about known limitations in this release for EX Series. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
General Routing
The following error message might appear: Failed to complete DFE tuning. This error message has no functional impact and can be ignored. PR1473280
In a Q-in-Q environment, if xSTP is enabled on an interface having logical interface with vlan-id-list configured then it will only run on those logical interfaces whose vlan-id range includes native-vlan-id configured and all others will be in discarding state. This might lead to traffic drop. PR1532992
EVPN
On the EX4650 device, inter-VNI multicast is not supported in the EVPN-VXLAN edge routing model. PR1517082
Infrastructure
File system panic might occur after repeated power loss. PR1444941
On EX-4300MP switches, 9000 IPv6 MC routes can be installed. If you try to add more IPv6 MC routes, error messages are seen. PR1493671
Platform and Infrastructure
On the EX4300-MP device, ge and mge ports have different color contrasts due to different vendors. PR1470312
Open Issues
Learn about open issues in this release for EX Series. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
Infrastructure
On EX Series switches, If you configure a large-scale number of firewall filters on some interfaces, the FPC might crash and generate core files. PR1434927
On EX 9251 switches, IFDE: Null uint32 set vector, ifd and IFFPC: 'IFD Ether uint32 set' (opcode 151) error message is observed continuously in AD with base configurations. PR1485038
On EX4300-MP switches, 9000 IPv6 MC routes can be installed. If you try to add more IPv6 MC routes, error messages are seen. PR1493671
A double free vulnerability in the software forwarding interface daemon (sfid) process allows an adjacently-connected attacker to cause a Denial of Service (DoS) by sending a crafted ARP packet to the device. PR1497768
The following error message is observed while loading the kernel: GEOM: mmcsd0s.enh: corrupt or invalid GPT detected. PR1549754
VLAN translation (vlan mapping) does not work for CFM (0x8902) and EAPOL (0x888e). PR1580129
Interfaces and Chassis
After GRES, the VSTP port cost on aggregated Ethernet interfaces might get changed, leading to a topology change. PR1174213
Junos Fusion Provider Edge
On Junos fusion system, intermediate traffic drop is sometimes seen between AD and SD when sFlow is enabled on the ingress interface. When sFlow technology is enabled, the original packet is getting corrupted for those packets that hit the sFlow filter This is due to few packets transmitted from the egress of AD1 is short of FCS (4 bytes) + 2 bytes of data, this leads to the drop of the packets. It is seen that the normal data packets are of size 128 bytes while the corrupted packet is 122 bytes. PR1450373
Layer 2 Features
GARPs were being sent whenever there was a MAC (fdb) operation (add or delete). This is now updated to send GARP when the interface is up and Layer 3 interface is attached to the VLAN. PR1192520
On EX series with third party chip based Packet Forwarding Engine, if MC-LAG is configured, and the ICL interface is a physical interface instead of an aggregated Ethernet interface, after one of the child links in multichassis aggregated Ethernet (MC-AE) interface on one of MC-LAG peers is disabled, the MAC addresses learnt from MC-LAG client device might keep flapping between the ICL interface and MC-AE interface. It could cause traffic drop when MAC addresses are learnt on ICL interface. PR1582473
Layer 2 Ethernet Services
If the forward-only is set within dhcp-reply in a device as a DHCP relay agent, the DHCP DECLINE packets that are broadcasted from the DHCP client are dropped and not forwarded to the DHCP server. PR1429456
Platform and Infrastructure
In a message queuing telemetry transport (MQTT) scenario, the memory leakage (about 4000 memory leakage every 30 seconds) might be seen. However, on long run, this uses high memory which can indirectly impact other daemons running. PR1324531
When VLAN is added as an action for changing the VLAN in both ingress and egress filters, the filter is not installed. PR1362609
On an EX9208 switch, a few xe- interfaces go down with the following error message if_msg_ifd_cmd_tlv_decode ifd xe-0/0/0 #190 down with ASIC Error. PR1377840
Unicast RPF in strict mode or ICMP redirect does not work properly. PR1417546
A minimal traffic loss of ~100 pps is seen on EX9208 switches when the packets are sent between FPCs. This is due to random drops happening in the fabric. Amount of drop varies on the line rate and occurs less frequently. PR1429714
On EX9214 switches, if the MACsec-enabled link flaps after reboot, the following error message is observed: errorlib_set_error_log(): err_id(-1718026239). PR1448368
On EX9208 switches, 33 percent degradation in MAC learning rate is seen in Junos OS Release 19.3R1 onwards while comparing with Junos OS Release 18.4R1. PR1450729
In overall commit time, the evaluation of mustd constraints is taking two seconds more than usual. This is because the persist-group-inheritance feature has been made as a default feature. Eventually, this feature helps improve the subsequent commit times for scaled configurations significantly. The persist-group-inheritance feature is useful in customer scenarios where groups and nested groups are used extensively. In those scenarios, the group inheritance paths are not built every time, thus subsequent commits are faster. PR1457939
On EX4300 switches, when packets entering a port exceed a size of 144 bytes, they might get dropped in very few cases. PR1464365
The following message may be seen in chassisd log after rebooting or configuration changing, and so on: re_tvp_builtin_fwinfo_update: Unable to get firmware version. PR1471938
The following syslog might be observed: Failed to complete DFE tuning . This message has no functional impact and can be ignored. PR1473280
Classifiers binding applied on wildcard gets overwritten by a different classifier type when applied on a single interface. PR1490699
While verifying Last-change op-state value through XML, rpc-reply message is inappropriate. PR1492449
SNMP POE MIB walk produce withers no results or sometimes result from the master Virtual Chassis whenever the Virtual Chassis is renamed as one. PR1503985
On the EX4300-48MP device, the reboot time, FPC uptime, and interface uptime are degraded by 20 percent when compared with Junos OS Releases 19.1R3, 19.2R2, and 19.4R2. PR1514364
The MAC addresses might fail aging out under a Virtual Chassis environment where a large number of MAC addresses are learned. This issue was observed with MAC entries 280,000 in the Virtual Chassis devices. PR1558128
EX2300 switches show high FPC CPU usage, however the system processes and kernel CPU usage does not add up to the overall FPC usage. This is a cosmetic issue with calculation of FPC CPU usage that has been resolved in newer releases of Junos OS Release 21.1R1 and later. PR1567438
Observing traffic drop during unified ISSU due to LAG interface flap. PR1569578
FPC core is generated at dfw_term_cc_list_loop_init , dfw_term_cc_detect_loop , dfw_term_filter_process. This issue might be seen only in back to back GRES in about more than 40 to 50 iterations. No workaround available and FPC gets restarted. PR1579182
Virtual Chassis
On EX4300 Virtual Chassis platform, the virtual chassis ports might go down after the image upgrade. This issue is seen in a scenario when QSFP+-40G-SR4, QSFP+-40G-LR4, or QSFP+40GE-LX4 is used as VCP. PR1579430
Resolved Issues
Learn which issues were resolved in Junos OS main and maintenance releases for EX Series.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
Resolved Issues: 20.1R3
Forwarding and Sampling
The configuration archive transfer-on-commit fails. PR1563641
General Routing
DHCP discover packets might be dropped if the DHCP inform packet is received first. PR1542400
High Availability (HA) and Resiliency
The ksyncd process generates core files while applying the configuration to logical interfaces. PR1551777
Infrastructure
On EX4600 and EX4300 Virtual Chassis or Virtual Chassis fabric, the VSTP configuration device goes unreachable and becomes nonresponsive after commit. PR1520351
On EX4300 Virtual Chassis or Virtual Chassis fabric, Observing HEAP malloc(0) detected. PR1546036
Traffic related to IRB interface might be dropped when mac-persistence-timer expires. PR1557229
Interfaces and Chassis
MC-AE interfaces might go down if same VRRP group-id is configured on multiple IRB units. PR1575779
Layer 2 Ethernet Services
OSPF and OSPFv3 adjacency uptime is more than expected after NSSU upgrade and outage is higher than the expected. PR1551925
Platform and Infrastructure
On EX Series platforms using chipset with SFP+ implemented, interface on the platforms might be in active status when TX or RX connector is removed. As a result, traffic might get droped. PR1495564
A master Routing Engine reconnect might be seen on EX4300-48MP platform. PR1499771
The DHCP traffic might not be forwarded correctly when DHCP sends unicast packets. PR1512175
Packet drops might be seen with all commit events for 1G speed configured interface. PR1524614
Traffic loss might be observed on interfaces in a VXLAN environment. PR1524955
On EX3400 Virtual Chassis, console access on backup Virtual Chassis member is not allowed. PR1530106
The lldp-receive-packet-count is not getting exchanged properly in l2pt operation for LLDP after configuring protocols. PR1532721
The LLDP neighborship with the VoIP phones cannot be established. PR1538482
On EX3400 and EX2300 switches, the upgrade fails due to the lack of available storage. PR1539293
FPC might not be recognized after the power cycle (hard reboot). PR1540107
The core dump files might be seen after the GRES or reboot. PR1541752
The JNH memory leak could be observed on MPCs or MICs. PR1542882
The Slaac-Snoopd child process generates core file upon multiple switchovers on the Routing Engine. PR1543181
In every software upgrade, host needs to get upgrade. PR1543890
On EX4300-48MP switches with Linux TVP architecture and Junos OS as VM, the Junos CLI outputs do not confirm if the Junos OS and the host kernel are compatible with each other. PR1543901
The chip on FPC line card might crash when the system reboots. PR1545455
On EX4300 switches, FPC crash upon receipt of specific frames on an interface without L2PT or dot1x configured. PR1545530
FPC might not boot-up on EX9214 switches in certain conditions. PR1545838
Receipt of specific DHCPv6 packet might cause jdhcpd process to crash and restart. PR1546166
Classifier is not programmed in the hardware and error logs might be seen in syslog. PR1548159
The targeted-broadcast feature might not work after a reboot. PR1548858
The BGP session replication might fail to start after the session crashes on the backup Routing Engine. PR1552603
The show pfe route summary hw command shows random high free and Used column for IPv6 LPM (< 64)'routes. PR1552623
The action-shutdown statement of storm control does not work for ARP broadcast packets. PR1552815
The targeted-broadcast feature might send out duplicate packets. PR1553070
Traffic might be dropped when a firewall filter rule uses then vlan as the action. PR1556198
On EX4300 switches, script fails while committing the IPSec authentication configuration as the algorithm statement is missing. PR1557216
The tunable optics SFP+-10G-T-DWDM-ZR does not work on EX devices. PR1561181
On EX3400 Virtual Chassis, SMARTD pollutes syslog every 5 secs after upgrade or system reboot. PR1562396
On EX3400VC switches, the DAEMON-7-PVIDB throws syslog messages for every 12 to 14 minutes after you upgrade. PR1563192
On EX4650 switches, storm control with IRB interface might not work correctly. PR1564020
The Last flapped timestamp for interface fxp0 gets reset every time when monitor traffic interface fxp0 is executed. PR1564323
The following internal comment is displayed: Placeholder for QFX platform configuration. PR1567037
PFEX might crash when soft error recovery feature is enabled on Packet Forwarding Engine. PR1567515
On all EX9200 switches with EVPN-VXLAN configured, the next hop memory leak in MX Series ASIC happens whenever there is a route churn for remote MAC-IP entries learned bound to the IRB interface in the EVPN-VXLAN routing instance. When the ASIC's next hop memory partition exhausted, the FPC might reboot. PR1571439
DHCP packets with source IP as link-local address are dropped on EX4300 switches. PR1576022
The LLDP packet might loss on the EX-4300MP platform if LLDP is configured on the management interface. PR1591387
Routing Protocols
DCPFE crash might be observed while updating VRF for multicast routes during IRB uninit. PR1546745
Sending multicast traffic to downstream receiver on MX Series-based Virtual Chassis platforms might fail. PR1555518
The untagged packets might not work on EX Series platforms. PR1568533
Virtual Chassis
On EX4600 and EX4300 mixed Virtual Chassis : Error message ex_bcm_pic_eth_uint8_set is seen when changing configuration related to interface. PR1573173
Resolved Issues: 20.1R2
Authentication and Access Control
The authd process might have memory leak in 802.1x scenario with the RADIUS authentication. PR1503117
On the EX2300-48MP device, the client does not receive the captive-portal success page by downloading the ACL parameter, because of the authentication failure issue. PR1504818
The DOT1XD_AUTH_SESSION_DELETED event is not triggered with a single supplicant mode. PR1512724
The 802.1x client does not go to the Held state when the authenticated P-VLAN is deleted. PR1516341
EVPN
The ESI of IRB interfaces does not get updated after the autonomous-system number changes if the interface is down. PR1482790
The l2ald memory leakage might be observed in any EVPN scenario. PR1498023
The VXLAN function might be broken due to a timing issue. PR1502357
Unable to create a new VTEP interface. PR1520078
General Routing
The Virtual Chassis splits after the network topology changes. PR1427075
The MAC pause frames keep incrementing in the receive direction if half-duplex mode on 10-Mbps or 100-Mbps speed is configured. PR1452209
The FPC process might get disconnected from the EX3400 Virtual Chassis briefly after rebooting or upgrading. PR1467707
On the EX4600 device, traffic loss might be seen with framing errors or runts if MACsec is configured. PR1469663
On the EX4600 device, the DSCP marking might not work as expected if the fixed classifiers are applied to interfaces. PR1472771
ERP might not come up properly when MSTP and ERP are enabled on the same interface. PR1473610
On the EX4300 device, the output of the show security macsec statisitics command displays high values incorrectly. PR1476719
On the EX2300 device, the SNMP traps are not generated when the MAC addresses limit threshold is reached. PR1482709
Incorrect frame length of 132 bytes might be captured in the packet header. PR1487876
DHCP binding might fail when the P-VLAN is configured with a firewall to block or allow certain IPv4 packets. PR1490689
On the EX2300 device, high CPU load due to the receipt of specific multicast packets on Layer 2 interface is observed. PR1491905
On the EX4300 device, traffic loss might be observed in a mixed Virtual Chassis setup. PR1493258
On the EX4650 device, traffic loss might be seen in an MC-LAG scenario. PR1494507
The authentication session might be terminated if the PEAP request is retransmitted by an authenticator. PR1494712
The fxpc process might crash when renumbering the primary member ID value of the EX2300 or EX3400 Virtual Chassis. PR1497523
Outbound SSH connection flap or memory leak issue might be observed during a push configuration to an ephemeral database with a high rate. PR1497575
Traffic might get dropped if the aggregated Ethernet member interface is deleted or added, or an SFP transceiver of the aggregated Ethernet member interface is unplugged or plugin. PR1497993
In some cases, if we have an OSPF session on the IRB over LAG interface with a 40-Gigabit Ethernet port as member, the session gets stuck at restart. PR1498903
On the EX4300, EX3400, and EX2300 Virtual Chassis with NSB and xSTP enabled, continuous traffic loss might be observed while performing GRES. PR1500783
The mge interface might still stay up while the far end of the link goes down. PR1502467
LLDP is not acquired when the native VLAN ID and the tagged VLAN ID are the same on a port. PR1504354
The isolated VLAN from RADIUS is not deleted when the interface flaps. PR1506427
The output VLAN push might not work. PR1510629
LLDP might not work when P-VLAN is configured. PR1511073
On the EX4300 device, LACP goes down after a Routing Engine switchover if MACsec is enabled on the LAG members. PR1513319
The 100-Mbps SFP-FX transceiver is not supported on a satellite device in the Junos fusion setup. PR1514146
802.1x memory leak is observed. PR1515972
The dcpfe process might crash due to memory leak. PR1517030
MPPE-Send or Recv-key attribute is not extracted correctly by dot1xd. PR1522469
Drops and dropped packets counters in the output value of the show interface extensive command are counted twice. PR1525373
On the EX2300 device, the following PoE message is observed: poe_get_dev_class: Failed to get PD class info. PR1536408
Traffic impact might be observed on the EVPN-VXLAN scenario due to ARP reply not working properly with native-vlan-id configured. PR1483167
IRB MAC does not get programmed in hardware when the MAC persistence timer expires. PR1484440
BIND does not sufficiently limit the number of fetches during the referrals processing. PR1512212
Memory leakage is observed while processing specific DHCP packets. PR1514145
On the EX4300-MP router, ARP learning issue might be observed when configuring the Layer 3 gateway interfaces. PR1514729
High Availability (HA) and Resiliency
Kernel generates core file on the backup Routing Engine causing traffic drop if multicast-MAC is configured on the IRB interface. PR1467847
Infrastructure
On the EX2300 and EX3400 devices, the kernel might generate core files when deactivating the daemon. PR1483644
The fxpc might crash when configuring scaled configuration with 4093 VLANs. PR1493121
On the EX4600 device, the IP communication between directly connected interfaces might fail. PR1515689
DUT did not receive the LLDP packet from phone. PR1538482
On the EX4600 and EX4300 Virtual Chassis or Virtual Chassis Fabric, the VSTP configurations device goes unreachable and becomes nonresponsive after commit. PR1520351
Interfaces and Chassis
The following syslog message is observed after MX-VC local or global switchover: scchassisd[ ]: CHASSISD_IPC_WRITE_ERR_NULL_ARGS: FRU has no connection arguments fru_send_msg Global FPC x. PR1428254
The MC-LAG configuration-consistency ICL-configuration might fail after committing some changes. PR1459201
A stale IP address might be seen after a specific order of configuration changes in the logical-systems scenario. PR1477084
Traffic might get dropped as the next hop points to the ICL even though the local MC-LAG is up. PR1486919
Junos Fusion Enterprise
The following error message is observed with duplicate ECID values for cluster or extended ports on member ports of the same cluster: jnh_dot1br_ktree_entry_create(1098): Entry Already Exists . PR1408947
The SDPD generates core files at
vfpc_all_eports_deletion_complete vfpc_dampen_fpc_timer_expiry
. PR1454335
Junos Fusion Satellite Software
On the EX4300 device, the temperature sensor alarm is seen. PR1466324
Layer 2 Ethernet Services
Issues with the DHCPv6 relay processing confirm and reply packets are observed. PR1496220
Default-route might not be added to the Juniper OS device configured as the DHCPv4 client device. PR1504931
Layer 2 Features
The third VLAN tag does not get pushed onto the stack. Instead, it gets swapped. PR1469149
Traffic imbalance might be observed if hash-params is not configured. PR1514793
The MAC address in the hardware table might become out of synchronization between the primary devices and the member devices in the Virtual Chassis after the MAC flaps. PR1521324
The dcpfe or the FPC process might crash due to the memory leakage during the VLAN addition or deletion operation. PR1505239
MPLS
BGP session flaps between two directly connected BGP peers because of the wrong TCP-MSS in use. PR1493431
Platform and Infrastructure
MAC learning under bridge-domain stops after the MC-LAG interface flaps. PR1488251
The traffic destined to VRRP VIP might be dropped after the IRB interface is disabled on the initial VRRP primary device. PR1491348
IPv6 neighbor solicitation packets might be dropped in a transit device. PR1493212
Packets get dropped when the next hop is an IRB-over-lt interface. PR1494594
On the EX4300 device, NSSU might fail due to a storage issue on the
/var/tmp
directory. PR1494963On the EX4300 device, high CPU load due to receipt of specific IPv4 packets is observed. PR1495129
On the EX4300 device, traffic loss might be seen with framing errors or runts if MACsec is configured. PR1502726
On the EX4300 device, the redirected IP traffic is being duplicated. PR1518929
LLDP neighborship might not come up on EX4300 non-aggregated Ethernet interfaces. PR1538401
Memory leaks in the Packet Forwarding Engine due to the flapping of the 802.1X authenticator port interface. PR1480706
Trio-based MPC memory leaks when the IRB interface is mapped to a VPLS instance or a Bridge-Domain. PR1525226
On the EX4300-VC devices, the FBF functionality might be broken after rebooting the Virtual Chassis or on modifying the IRB configuration. PR1531838
Routing Protocols
The MUX state in the LACP interface does not go to the Collecting and Distributing states and remains in the Attached state after enabling the aggregated Ethernet interface. PR1484523
The FPC process goes to the NotPresent state after upgrading the Virtual Chassis or Virtual Chassis Fabric. PR1485612
The BGP route target family might prevent the route reflector from reflecting Layer 2 VPN and Layer 3 VPN routes. PR1492743
On the EX4300-MP and EX4600 devices, high CPU load due to receipt of specific Layer 2 frames in EVPN-VXLAN deployment. PR1495890
Firewall filter does not work in certain conditions under the Virtual Chassis setup. PR1497133
The rpd might report 100 percent CPU usage with BGP route damping enabled. PR1514635
Packet loss might be observed while verifying traffic from access to core network for IPv4 or IPv6 interfaces. PR1520059
The OSPFv3 adjacency should not be established when IPsec authentication is enabled. PR1525870
Packets drop might be observed when the multicast MAC with static ARP is configured on one IRB interface. PR1489374
User Interface and Configuration
On the EX2300 and EX3400 devices, installing J-Web application package might fail. PR1513612
J-Web does not display the correct flow-control status. PR1520246
Virtual Chassis
On the EX4650 device, the following error message is observed during booting: kldload: an error occurred while loading the module. PR1527170
Resolved Issues: 20.1R1
Authentication and Access Control
On EX4600 and EX4300 switches, MAC entry is missing in the Ethernet switching table for Mac-radius client in server fail scenario when tagged is sent for two client. PR1462479
Class of Service (CoS)
Shaping does not work after the reboot if shaping-rate is configured. PR1432078
The traffic is placed in network-control queue on an extended port even if it comes in with different DSCP marking. PR1433252
EVPN
The rpd might crash after the EVPN-related configuration is changed. PR1467309
Forwarding and Sampling
Type 1 ESI/AD route might not be generated locally on the EVPN PE device in the all-active mode. PR1464778
General Routing
The l2cpd process might crash and generate a core file when interfaces flap. PR1431355
MicroBFD flap is seen when a QSFP transceiver is inserted into other port. PR1435221
EX4600 Virtual Chassis does not come up after the Virtual Chassis port fiber connection is replaced with a DAC cable. PR1440062
MAC addresses learned on an RTG might not be aged out after a Virtual Chassis member reboots. PR1440574
Except one aggregated Ethernet member link, the other links do not send out sFlow sample packets for ingress traffic. PR1449568
On EX3400 switches with half-duplex mode on 10-Mbps or 100-Mbps speed at medium traffic egress, traffic flow might stop on the port and MAC pause frames will be incrementing in the receive direction. PR1452209
The l2ald and eventd processes are hogging 100 percent after the clear ethernet-switching table command is issued. PR1452738
A firewall filter might not be applied in a particular Virtual Chassis or Virtual Chassis Fabric member as TCAM is running out of space. PR1455177
Packet drop might be seen after removing and reinserting the SFP transceiver of the 40G uplink module ports. PR1456039
Link-up delay and traffic drop might be seen on mixed SP L2/L3 and EP L2 type configurations. PR1456336
The syslog timeout connecting to peer database-replication message is generated when the show version detail command is issued. PR1457284
Overtemperature SNMP trap messages appear after an update even though the temperature is within the system thresholds. PR1457456
The correct VoIP VLAN information in LLDP-MED packets might not be sent after commit if dynamic VoIP VLAN assignment is used. PR1458559
The FXPC process might crash due to several BGP IPv6 session flaps. PR1459759
On EX2300 and EX3400 switches, storage space limitation leads to image installation failure during phone home. PR1460087
MAC addresses learned on redundant trunk group (RTG) might not be aged out after the aging time if the source interface is configured as RTG. PR1461293
RTG link is down for nearly 20 seconds when the backup node is rebooting. PR1461554
Configuring any combination of VLANs and interfaces under VSTP/MSTP might cause the VSTP/MSTP-related configuration to fail. PR1463251
The Virtual Chassis function might be broken after an upgrade on EX2300 and EX3400 devices. PR1463635
A few command lines to disable MAC learning are not working. PR1464797
The jdhcpd might consume a high CPU and no further subscribers can be brought up if there are more than 4000 DHCP relay clients in the MAC move scenario. PR1465277
On EX2300 switches, an FXPC core file is seen after mastership election based on the user's priority. PR1465526
The broadcast and multicast traffic might be dropped over an IRB or a LAG interface in a Virtual Chassis scenario. PR1466423
The MAC move message might have an incorrect from interface when MAC moves rapidly. PR1467459
Optics measurements might not be streamed for interfaces of a PIC over JTI. PR1468435
SSH session closes while you check the show configuration | display set command for both local and non-local users. PR1470695
EX3400 switch is advertising only 100 Mbps when a speed of 100 Mbps is configured with autonegotiation enabled. PR1471931
On EX4600 switches, the shaping of CoS does not work after reboot. PR1472223
On EX3400 switches, CoS 802.1p bits rewrite might not happen in Q-in-Q mode. PR1472350
The RIPv2 packets forwarded across a Layer 2 circuit connection might be dropped. PR1473685
The dhcpd process might crash in a Junos fusion environment. PR1478375
MX Series with MPCs/MICs based line-card might crash when there is a bulk route update failure in a corner case. PR1478392
TFTP installation from loader prompt might not succeed on EX Series devices. PR1480348
In an EVPN-VXLAN scenario, ARP request packets for an unknown host might be dropped in remote PE device. PR1480776
Infrastructure
EX2300 switches might stop forwarding traffic or responding to the console. PR1442376
On EX4300 switches, the CLI configuration set chassis routing-engine on-disk-failure disk-failure-action (reboot | halt) is not supported. PR1450093
EX Series switches might not come up properly after reboot. PR1454950
On EX4600 and EX4300 Virtual Chassis, error messages related to soft reset of port due to queue buffers being stuck could be seen. PR1462106
Traffic is dropped on an EX4300-48MP device acting as a leaf device in a Layer 2 IP fabric EVPN-VXLAN environment. PR1463318
EX3400 switches might reboot because of lack of watchdog patting. PR1469400
In an EX2300 Virtual Chassis scenario, continuous dcpfe error messages and eventd process hog might be seen. PR1474808
Interfaces and Chassis
VRRPv6 state is flapping with init and idle states after configuring vlan-tagging. PR1445370
Traffic might be forwarded to incorrect interfaces in an MC-LAG scenario. PR1465077
Executing commit might become unresponsive due to stuck device control process. PR1470622
Junos Fusion Enterprise
Loop detection might not work on extended ports in Junos fusion scenarios. PR1460209
Junos Fusion Satellite Software
In Junos fusion for enterprise, the dpd crash might be observed on satellite devices running SNOS. PR1460607
Layer 2 Features
MAC or ARP learning might not work for copper base SFP-T transceivers on EX4600 switches. PR1437577
The Link Layer Discovery Protocol (LLDP) function might fail when a Juniper device connects to a non-Juniper device. PR1462171
After rebooting, an FXPC core file might be seen when committing the configuration. PR1467763
Traffic might be affected if composite next-hop is enabled. PR1474142
Layer 2 Ethernet Services
Member links state might be asynchronized on a connection between PE and CE devices in an EVPN A/A scenario. PR1463791
Platform and Infrastructure
NSSU causes traffic loss again after the backup to master transitions. PR1448607
In a Virtual Chassis scenario, the IRB traffic might get dropped after master switchover. PR1453025
The OSPF neighbor might go down when mDNS/PTP traffic is received at a rate higher than 1400 pps. PR1459210
ERP might not revert to IDLE state after reload or reboot of multiple switches. PR1461434
On EX4300 Virtual Chassis, traffic loss might be observed longer than 20 seconds when performing NSSU. PR1461983
On EX2300 and EX3400 switches, the upgrade might fail as there is not enough space. PR1464808
On EX4300 switches, IGMP reports are dropped when mixed enterprise and service provider configuration styles are used. PR1466075
On EX4300 switches, an input firewall filter attached to isolated or community VLANs fails to match dot1p bits on the VLAN header. PR1478240
Virtual Chassis VRRP peer drops packets destined to the VRRP VIP after IRB is disabled. PR1491348
Routing Protocols
Host-destined packets with the filter log action might not reach the Routing Engine if log or syslog is enabled. PR1379718
On EX9208 platforms, BGP IPv4 or IPv6 convergence and RIB install or delete time are degraded in Junos OS Releases 19.1R1, 19.2R1, 19.3R1, and 19.4R1. PR1414121
The other querier present interval timer cannot be changed in an IGMP/MLD snooping scenario. PR1461590
User Interface and Configuration
Problem with access to J-Web after updating from Junos OS Release 18.2R2 to Release 18.2R3. PR1454150
Error message umount: unmount of /.mount/var/val/chroot/packages/mnt/jweb-ex32-d2cf6f6b failed: Device busy is seen when Junos OS is upgraded with the validate option. PR1478291
Documentation Updates
This section lists the errata and changes in Junos OS Release 20.1R3 documentation for the EX Series.
Dynamic Host Configuration Protocol (DHCP)
Introducing DHCP User Guide—Starting in Junos OS Release 20.1R1, we are introducing the DHCP User Guide for Junos OS routing, switching, and security platforms. This guide provides basic configuration details for your Junos OS device as DHCP Server, DHCP client, and DHCP relay agent.
[See DHCP User Guide.]
Migration, Upgrade, and Downgrade Instructions
This section contains the upgrade and downgrade support policy for Junos OS for the EX Series. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network. For information about software installation and upgrade, see the Installation and Upgrade Guide.
Upgrade and Downgrade Support Policy for Junos OS Releases
Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.
You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2, and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.
You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.
For more information about EEOL releases and to review a list of EEOL releases, see https://support.juniper.net/support/eol/software/junos/.