Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for the QFX Series

 

These release notes accompany Junos OS Release 20.1R3 for the QFX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

What's New

Learn about new features introduced in the Junos OS main and maintenance releases for QFX Series switches.

Note

The following QFX Series platforms are supported in Release 20.1R3: QFX5100, QFX5110 (32Q and 48S), QFX5120, QFX5200, QFX5200-32CD, QFX5210, QFX10002, QFX10002-60C, QFX10008, and QFX10016.

Junos on White Box runs on Accton Edgecore AS7816-64X switches in this release. The software is based on Junos OS running on QFX5210 switches, so release-note items that apply to QFX5210 switches also apply to Junos on White Box.

What's New in Release 20.1R3

There are no new features or enhancements to existing features for QFX Series in Junos OS Release 20.1R3.

What's New in Release 20.1R2

There are no new features or enhancements to existing features for QFX Series in Junos OS Release 20.1R2.

What's New in Release 20.1R1

EVPN

  • Routing traffic between a VXLAN and a Layer 3 logical interface (EX4650 and QFX5120)—Starting in Junos OS Release 20.1R1, EX4650 and QFX5120 switches support the routing of traffic between a Virtual Extensible LAN (VXLAN) and a Layer 3 logical interface. This feature is enabled by default, so you do not need to take any action to enable it.

    Note

    By default, this feature is disabled on QFX5110 switches. To enable the feature on QFX5110 switches, you must perform the configuration described in Understanding How to Configure VXLANs and Layer 3 Logical Interfaces to Interoperate.

    (You can configure the Layer 3 logical interface using the set interfaces interface-name unit logical-unit-number family inet address ip-address/prefix-length or the set interfaces interface-name unit logical-unit-number family inet6 address ipv6-address/prefix-length command.)

High Availability (HA) and Resiliency

  • Inline keepalive packet support for BFD (QFX5110, QFX5120, QFX5200, and QFX5210)—Starting in Junos OS Release 20.1R1, multihop BFD inline keepalive support enables scaling up to 10 inline BFD sessions with 150-millisecond support on both multihop BFD sessions as well as single-hop inline sessions. Multihop BFD session intervals can also be configured to less than 1-second granularity. This enables both faster detection of link failures and recovery. The switch will also send keepalive messages according to the configured interval.

    Note

    This feature only applies for IPv4 multihop BFD sessions and standalone BFD sessions. This feature is not supported for micro BFD implementation.

    [See Understanding Bidirectional Forwarding Detection (BFD).]

Interfaces and Chassis

  • Support for new show | display set CLI commands (ACX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.1R1, the following new show commands have been introduced:

    • show | display set explicit—Display explicitly, as a series of commands, all the configurations that the system internally creates when you configure certain statements from the top level of the hierarchy.

    • show | display set relative explicit—Display explicitly, as a series of commands, all the configurations that the system internally creates when you configure certain statements from the current hierarchy level.

    [See show | display set and show | display set relative.]

Junos OS XML, API, and Scripting

  • The jcs:load-configuration template supports loading the rescue configuration (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.1R1, the jcs:load-configuration template supports the rescue parameter to load and commit the rescue configuration on a device. SLAX and XSLT scripts can call the jcs:load-configuration template with the rescue parameter set to "rescue" to replace the active configuration with the rescue configuration.

    [See Changing the Configuration Using SLAX and XSLT Scripts and jcs:load-configuration Template.]

Junos Telemetry Interface

  • gRPC Dial-Out support on JTI (ACX Series, MX Series, PTX Series, and QFX Series)—Junos OS Release 20.1R1 provides remote procedure call (gRPC) dial-out support for telemetry. In this method, the target device (server) initiates a gRPC session with the collector (client) and, when the session is established, streams the telemetry data that is specified by the sensor-group subscription to the collector. This is in contrast to the gRPC network management interface (gNMI) dial-in method, in which the collector initiates a connection to the target device.

    gRPC dial-out provides several benefits as compared to gRPC dial-in, including simplifying access to the target advice and reducing the exposure of target devices to threats outside of their topology.

    To enable export of statistics, include the export-profile and sensor statements at the [edit services analytics] hierarchy level. The export profile must include the reporting rate, the transport service (for example, gRPC), and the format (for example, gbp-gnmi). The sensor configuration should include the name of the collector (the server’s name), the name of the export profile, and the resource path. An example of a resource path is /interfaces/interface[name='fxp0'.

    [See Using gRPC Dial-Out for Secure Telemetry Collection.]

  • gRPC version v1.18.0 with JTI (ACX Series, MX Series, PTX Series, and QFX Series)—Junos OS Release 20.1R1 includes support for remote procedure call (gRPC) services version v1.18.0 with Junos telemetry interface (JTI). This version includes important enhancements for gRPC. In earlier releases, JTI is supported with gRPC version v1.3.0.

    Use gRPC in combination with JTI to stream statistics at configurable intervals from a device to an outside collector.

    [See gRPC Services for Junos Telemetry Interface.]

Multicast

  • PIM with IPv6 multicast traffic (EX4650 and QFX5120-48Y)—Starting in Junos OS Release 20.1R1, EX4650 and QFX5120-48Y switches support Protocol Independent Multicast (PIM) with IPv6 multicast traffic as follows:

    • PIM sparse mode (PIM-SM), PIM dense mode (PIM-DM), and PIM sparse-dense mode (PIM-SDM)

    • PIM any-source multicast (PIM-ASM) and PIM source-specific multicast (PIM-SSM)

    • Static, embedded, and anycast rendezvous points (RPs)

    [See PIM Overview.]

Routing Policy and Firewall Filters

  • Support for flexible-match-mask match condition (EX4650 and QFX-Series)—Starting with Junos OS Release 20.1R1, for EX4650, QFX5120-32C, and QFX5120-48Y switches, the flexible-match-mask match condition in firewall filters is supported for the inet, inet6, and ethernet-switching families. With this feature, you can configure a filter by specifying the length of the match (4 bytes maximum) starting from a Layer 2 or Layer 3 packet offset.

    [See Firewall Filter Flexible Match Conditions.]

Routing Protocols

  • Redistribution of IPv4 routes with IPv6 next hop into BGP (QFX Series)—Starting in Release 20.1R1, devices running Junos OS can forward IPv4 traffic over an IPv6-only network, which generally cannot forward IPv4 traffic. As described in RFC 5549, IPv4 traffic is tunneled from CPE devices to IPv4-over-IPv6 gateways. These gateways are announced to CPE devices through anycast addresses. The gateway devices then create dynamic IPv4-over-IPv6 tunnels to remote CPE devices and advertise IPv4 aggregate routes to steer traffic. Route reflectors with programmable interfaces inject the tunnel information into the network. The route reflectors are connected through IBGP to gateway routers, which advertise the IPv4 addresses of host routes with IPv6 addresses as the next hop.

    To configure a dynamic IPv4-over-IPv6 tunnel, include the dynamic-tunnels statement at the [edit routing-options] hierarchy level.

    [See Understanding Redistribution of IPv4 Routes with IPv6 Next Hop into BGP.]

Software Defined Networking

  • VMware NSX Data Center for vSphere 6.4.5 and 6.4.6 certification (QFX5100 Virtual Chassis)—Starting with Junos OS Release 20.1R1, Juniper Networks certifies QFX5100 Virtual Chassis as a hardware Virtual Extensible LAN (VXLAN) gateway in an Open vSwitch Database (OVSDB) and VXLAN network with a VMware NSX Data Center for vSphere 6.4.5 or 6.4.6 controller.

    [See OVSDB-VXLAN User Guide for QFX Series Switches (VMware NSX).]

Storage and Fibre Channel

  • FIP snooping (EX4650-48Y and QFX5120-48Y)—Starting in Junos OS Release 20.1R1, EX4650-48Y and QFX5120-48Y switches support Fibre Channel over Ethernet (FCoE) Initialization Protocol (FIP) snooping. With FIP snooping enabled on these switches, you prevent unauthorized access and data transmission to a Fibre Channel (FC) network by permitting only those servers that have logged in to the FC network to access the network. You enable FIP snooping on FCoE VLANs when the switch is being used as an FCoE transit switch that connects FC initiators (servers) on the Ethernet network to FCoE forwarders at the FC storage area network (SAN) edge.

    [See Understanding FCoE Transit Switch Functionality and Understanding VN_Port to VN_Port FIP Snooping on an FCoE Transit Switch.]

System Management

  • Support for the Precision Time Protocol (PTP) AES67, SMPTE ST-2059-2, and AES67+SMPTE profiles (QFX10002 )—Starting in Junos OS Release 20.1R1, you can enable the AES67, SMPTE ST-2059-2, and AES67+SMPTE profiles to support video applications for capture (for example, cameras), video edit, and playback to be used in professional broadcast environments. The PTP standard allows multiple video sources to stay in synchronization across various equipment by providing time and frequency synchronization to all devices. These profile support PTP over IPv4 multicast and ordinary and boundary clocks.

    To configure the AES67, SMPTE ST-2059-2, and AES67+SMPTE profiles, enable one of the aes67, smpte, or aes67-smpte statements at the [edit protocols ptp profile-type] hierarchy level.

    [See Understanding the PTP Media Profiles.]

  • Restrict option under NTP configuration is now visible (ACX Series, QFX Series, MX Series, PTX Series, and SRX Series)—Starting in Junos OS Release 20.1R1, the noquery command under the restrict hierarchy is now available and can be configured with a mask address. The noquery command is used to restrict ntpq and ntpdc queries coming from hosts and subnets.

    [See Configuring NTP Access Restrictions for a Specific Address.]

What's Changed

Learn about what changed in Junos OS main and maintenance releases for QFX Series.

What’s Changed in 20.1R3

Junos XML API and Scripting

  • Refreshing scripts from an HTTPS server requires a certificate (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—When you refresh a local commit, event, op, SNMP, or Juniper Extension Toolkit (JET) script from an HTTPS server, you must specify the certificate (Root CA or self-signed) that the device uses to validate the server's certificate, thus ensuring that the server is authentic. In earlier releases, when you refresh scripts from an HTTPS server, the device does not perform certificate validation.

    When you refresh a script using the request system scripts refresh-from operational mode command, include the cert-file option and specify the certificate path. Before you refresh a script using the set refresh or set refresh-from configuration mode command, first configure the cert-file statement under the hierarchy level where you configure the script. The certificate must be in Privacy-Enhanced Mail (PEM) format.

    [See request system scripts refresh-from and cert-file.]

  • The jcs:invoke() function supports suppression of root login and logout events in system log files for SLAX commit scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The jcs:invoke() extension function supports the no-login-logout parameter in SLAX commit scripts. If you include the parameter, the function does not generate and log UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages when the script logs in as root to execute the specified remote procedure call (RPC). If you omit the parameter, the function behaves as in earlier releases in which the root UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages are included in system log files.

    [See invoke() Function (SLAX and XSLT).]

  • The jcs:invoke() function supports suppression of root login and logout events in system log files for SLAX event scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The jcs:invoke() extension function supports the no-login-logout parameter in SLAX event scripts. If you include the parameter, the function does not generate and log UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages when the script logs in as root to execute the specified remote procedure call (RPC). If you omit the parameter, the function behaves as in earlier releases in which the root UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages are included in system log files.

    [See invoke() Function (SLAX and XSLT).]

Layer 2 Ethernet Services

  • Link selection support for DHCP (QFX Series)—We?ve introduced link-selection statement at the edit forwarding-options dhcp-relay relay-option-82 hierarchy level, which allows DHCP relay to add suboption 5 to option 82. Suboption 5 allows DHCP proxy clients and relay agents to request an IP address for a specific subnet from a specific IP address range and scope. Earlier to this release, the DHCP relay drops packets during the renewal DHCP process as the DHCP Server uses the leaf's address as a destination to acknowledge DHCP renewal message.

    [See relay-option-82.]

MPLS

  • Disable back-off behavior on PSB2 (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)— We've introduced the cspf-backoff-time statement globally for MPLS and LSP to delay the CSPF by configured number of seconds, on receiving bandwidth unavailable PathErr on PSB2. If the configured value is zero, then the CSPF starts immediately for PSB2, when bandwidth-unavailable PathErr is received. If the statement is not configured, the default exponential back-off occurs.

    [See cspf-backoff-time.]

Network Management and Monitoring

  • Support for specifying the YANG modules to advertise in the NETCONF capabilities and supported schema list (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—You can configure devices to emit third-party, standard, and Junos OS native YANG modules in the capabilities exchange of a NETCONF session by configuring the appropriate statements at the [edit system services netconf hello-message yang-module-capabilities] hierarchy level. In addition, you can specify the YANG schemas that the NETCONF server should include in its list of supported schemas by configuring the appropriate statements at the [edit system services netconf netconf-monitoring netconf-state-schemas] hierarchy level.

    [See hello-message and netconf-monitoring.]

Platform and Infrastructure

  • The jcs:invoke() function supports suppression of root login and logout events in system log files for SLAX event scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The jcs:invoke() extension function supports the no-login-logout parameter in SLAX event scripts. If you include the parameter, the function does not generate and log UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages when the script logs in as root to execute the specified remote procedure call (RPC). If you omit the parameter, the function behaves as in earlier releases in which the root UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages are included in system log files.

    [See invoke() Function (SLAX and XSLT)

Routing Protocols

  • Advertising 32 secondary loopback addresses to traffic engineering database as prefixes (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—We've made changes to export multiple loopback addresses to the lsdist.0 and lsdist.1 routing tables as prefixes. This eliminates the issue of advertising secondary loopback addresses as router IDs instead of prefixes. In earlier releases, we added multiple secondary loopback addresses in the traffic engineering database to the lsdist.0 and lsdist.1 routing tables as part of node characteristics and advertised them as the router ID.

User Interface and Configuration

  • Verbose format option to export JSON configuration data (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The Junos OS CLI exposes the verbose statement at the [edit system export-format json] hierarchy level. We changed the default format to export configuration data in JavaScript Object Notation (JSON) from verbose to ietf starting in Junos OS Release 16.1R1. You can explicitly specify the default export format for JSON configuration data by configuring the appropriate statement at the [edit system export-format json] hierarchy level. Although the verbose statement is exposed in the Junos OS CLI as of the current release, you can configure this statement starting in Junos OS Release 16.1R1.

    [See export-format.]

What’s Changed in 20.1R2

Interfaces and Chassis

  • Autonegotiation status displayed correctly (QFX5120-48Y)—In Junos OS Release 20.1R2, the show interfaces interface-name <media> <extensive> command displays the autonegotiation status only for the interface that supports autonegotiation. This is applicable when the switch operates at 1-Gbps speed.

    In the earlier Junos OS releases, incorrect autonegotiation status was displayed even when autonegotiation was disabled.

Juniper Extension Toolkit (JET)

  • Set the trace log to only show error messages (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series)—You can set the verbosity of the trace log to only show error messages using the error option at the edit system services extension-service traceoptions level hierarchy.

    [See traceoptions (Services)]

High Availability (HA) and Resiliency

  • IPv6 address in the prefix TIEs displayed correctly—The IPv6 address in the prefix TIEs are displayed correctly in the show rift tie output.

  • Install or activate the RIFT package to include the request rift package activate-as-top-of-fabric option—Install or activate the RIFT package to include the request rift package activate-as-top-of-fabric option. This option is same as the activate option but it adds additional configuration to act as a top-of-fabric node.

Platform and Infrastructure

  • Control plane DDoS protection packet type option for ARP traffic (PTX Series and QFX Series)— Starting in this release, we've renamed the arp-snoop packet type option in the edit system ddos-protection protocols arp protocol group to arp. This packet type option enables you to change the default control plane distributed denial-of-service (DDoS) protection policer parameters for ARP traffic.

    See protocols (DDoS) (PTX Series and QFX Series) protocols (DDoS) (PTX Series and QFX Series).

  • Priority-based flow control (PFC) support (QFX5120-32C)—Starting with Junos OS Release 20.1R2, QFX5120-32C switches support PFC using Differentiated Services code points (DSCP) at Layer 3 for untagged traffic.

Routing Protocols

  • IGMP snooping in EVPN-VXLAN multihoming environments (QFX5110)—In an EVPN-VXLAN multihoming environment on QFX5110 switches, you can now selectively enable IGMP snooping only on those VLANs that might have interested listeners. In earlier releases, you must enable IGMP snooping on all VLANs associated with any configured VXLANs because all the VXLANs share VXLAN tunnel endpoints (VTEPs) between the same multihoming peers and require the same settings. This is no longer a configuration limitation.

What’s Changed in 20.1R1

Class of Service (CoS)

  • We’ve corrected the output of the show class-of-service interface | display xml command. The output is of the following sort: <container> <leaf-1> data </leaf-1><leaf-2>data </leaf-2> <leaf-3> data</leaf-3> <leaf-1> data </leaf-1> <leaf-2> data </leaf-2> <leaf-3> data </leaf-3> </container> will now appear correctly as <container> <leaf-1> data </leaf-1><leaf-2>data </leaf-2> <leaf-3> data</leaf-3></container> <container> <leaf-1> data </leaf-1> <leaf-2> data </leaf-2> <leaf-3> data </leaf-3> </container>.

Interfaces and Chassis

  • Commit error thrown when GRE interface and tunnel source interface are configured in different routing instances (QFX Series)—In Junos OS Release 20.1R1, QFX Series switches do not support configuring the GRE interface and the underlying tunnel source interface in two different routing instances. If you try this configuration, it will result in a commit error with the following error message:

    error: GRE interface (gr-0/0/0.0) and its underlying tunnel source interface are in different routing-instances

    error: configuration check-out failed

    [See Understanding Generic Routing Encapsulation.]

  • Support for 100-Mbps speed using QFX-SFP-1GE-T on QFX5110-48S Switches—Starting in Junos OS release 20.1R1, in addition to 1-Gbps, 10-Gbps, 40-Gbps, 100-Gbps speeds, now you can configure 100-Mbps speed using the set interfaces interface-name speed 100M command. By default, all 48 ports on QFX5110-48S come up with 10-Gbps speed. With QFX-SFP-1GE-T connected, along with 1-Gbps speed, now you can also configure 100-Mpbs on QFX5110-48S switches.

    [See Speed (Ethernet)].

  • Logical Interface is created along with physical Interface by default (EX Series switches, QFX Series switches, MX Series routers)—The logical interface is created on ge, et, xe interfaces along with the physical interface, by default. In earlier Junos OS Releases, by default, only physical interfaces were created. For example, for ge interfaces, earlier when you view the show interfaces command, by default, only the physical interface (ge-0/0/0), was displayed. Now, the logical interface (ge-0/0/0.16386) is also displayed.

Multicast

  • Multicast Layer 2 transit traffic statistics by multicast source and group (EX4600, EX4650, and the QFX5000 line of switches)—Starting in Junos OS Release 20.1R1, EX4600, EX4650, and the QFX5000 line of switches provide statistics on the packet count for each multicast group and source when passing multicast transit traffic at Layer 2 with IGMP snooping. Run the show multicast snooping route extensive CLI command to see this count in the Statistics: … n packets output field. The other statistics in that output field, kBps and pps, are not available (values displayed there are not valid statistics for multicast traffic at Layer 2). In earlier Junos OS releases, all three values in the Statistics output field for kBps, pps, and packets do not provide valid statistics for multicast traffic at Layer 2.

    [See show multicast snooping route.]

Network Management and Monitoring

  • entPhysicalTable fetched on QFX10002—In Junos OS Release 20.1R1, the MIB data for entPhysicalTable will be fetched on a QFX10002-72Q or QFX10002-36Q switch.

    [See SNMP Explorer.]

Routing Protocol

  • Automatic installation of YANG-based CLI for RIFT protocol (MX Series, QFX Series, and vMX with 64-bit and x86-based servers)—In Rift 1.2 Release, installation of the CLI for RIFT protocol occurs automatically along with the installation of the junos-rift package. In the pre-1.0 releases of the junos-rift package, the RIFT CLI had to be installed separately using request system yang command after installation of the junos-rift package.–

Known Limitations

Learn about known limitations in Junos OS Release 20.1R3 for QFX Series. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Class of Service (CoS)

  • On the QFX5100 line of switches, ISSU does not support Junos OS Release 20.1 and later. PR1479439

  • Traffic might be dropped by the destination device. PR1568333

Infrastructure

  • File system panic might occur after repeated power loss. PR1444941

Layer 2 Features

  • On the QFX5000 line of switches, the following error message is reported in the log: fpc0 Pools exhausted for Table:EGR_DVP_ATTRIBUTE_1. PR1479826

Layer 2 Ethernet Services

  • The LACP force-up and EVPN core isolation features are not supported together. PR1461581

Platform and Infrastructure

  • Upgrade or downgrade from TVP to non-TVP is not supported. PR1345848

  • After configuring and deleting the Ethernet loopback configuration, the interface goes down and does not come up. PR1353734

  • On the QFX10000 line of switches, the analyzer does not mirror after adding the child member to an aggregated Ethernet interface. PR1417694

  • The following error message is observed while performing NSSU: syntax error: request-package-validate message. PR1421378

  • On the QFX5120 line of switches, one of the VCP ports of the throughput test result for most of the frame sizes is not close to 100 percent. PR1453709

  • The show interfaces xe-a/b/c statement on a disabled or enabled configuration change displays fiber intermittently. PR1467509

  • NSSU upgrade fails when there are multiple fpcs in the chassis NSSU upgrade group. PR1473624

  • On the QFX5120-48T line of switches, convergence delay for the link-protected MPLS LSP is more than 50 minutes. PR1478584

  • Observed 100 percent Layer 2 MAC scaling traffic loss in the QFX10002-60C line of switches after loading the EVPN-VXLAN collapsed profile configurations. PR1489753

  • On the QFX5100 Virtual Chassis or Virtual Chassis fan, NSSU from the older Junos OS Release with Broadcom SDK 6.3.x to new Junos OS Release with Broadcom SDK 6.5.x might not work. PR1496765

Routing Protocols

  • On the QFX5100 line of switches that does not run the QFX-5E codes (non TVP architecture), when image with Broadcom SDK upgrade (6.5.X) is installed, the CPU utilization might go up by around 5 percent. PR1534234

Open Issues

Learn about open issues in Junos OS Release 20.1R3 for QFX Series. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Class of Service (CoS)

  • DDoS violation on the QFX5200 line of switches is observed even after the received protocol packets are less than 10PPS. PR1381775

EVPN

  • On the QFX10002 line of switches, the core link flaps and the BUM traffic loops. PR1492784

  • The MAC address of the end-host gets wrongly programmed in the forwarding table after ESI failover. PR1584595

High Availability (HA) and Resiliency

  • On the QFX5200-32C line of switches, the reboot time is degraded from 205 seconds in Junos OS Release 20.2R1 to 260 seconds in Junos OS Release 20.3. PR1511607

Infrastructure

  • The following error message is observed during FTP: ftpd[14105]: bl_init: connect failed for /var/run/blacklistd.sock (No such file or directory). PR1315605

Interfaces and Chassis

  • On the QFX5110 MC-LAG, flooding of the multicast packets for around 16 to 20 seconds is observed after disabling and enabling a member link of ICL after reboot. PR1422473

  • ARP reply unicast packets might be flooded to all the interfaces in VLAN. PR1454764

Layer 2 Features

  • On the QFX5000 Virtual Chassis, multicast traffic gets flooded even when the IGMP report times out. PR1431893

  • On the QFX5000 line of switches, the following error message is reported in the log: fpc0 Pools exhausted for Table:EGR_DVP_ATTRIBUTE_1. PR1479826

  • On the QFX5100 line of switches, fxpc CPU utilization is increased after the Broadcom SDK upgrade to 6.5.x from 5.3.x. PR1480132

  • Traffic does not get load balanced by the QFX5000 line of devices over the ESI links with EVPN-VXLAN configured. PR1551543

  • MAC addresses learnt from the MC-LAG client device might keep flapping between the ICL interface and MC-AE interface after one child link in the MC-AE interface is disabled. PR1582473

  • On the QFX5100 line of switches, traffic might be dropped in the Packet Forwarding Engine after change related to TPID when made in the dcd. PR1477156

Layer 2 Ethernet Services

  • The DHCP DECLINE packets are not forwarded to the DHCP server when forward-only is set within dhcp-reply. PR1429456

Platform and Infrastructure

  • On the QFX5100-48T-6Q line of switches, the port LEDs might not work. PR1317750

  • On the QFX10000 line of switches, the source MAC and TTL values do not get updated for the routed multicast packets in EVPN-VXLAN. PR1346894

  • The backup Routing Engine might crash after GRES occurs continuously for more than 10 times. PR1348806

  • On the QFX10000 line of switches, the Aruba wireless access point (AP) heartbeat packets get dropped. As a result, the Aruba wireless AP cannot work. PR1352805

  • USB upgrade of NOS image is not supported. PR1373900

  • Due to the transient hardware condition, the single-bit error (SBE) events are corrected and have no operational impact. Those reported events had been disabled to prevent alarms and possibly unnecessary hardware replacements. PR1384435

  • On Junos OS Release 18.4R1, intermittent traffic loss is observed with the RTG streams while flapping the RTG primary interface. PR1388082

  • Unicast RPF in either the Strict mode or ICMP redirect does not work. PR1417546

  • Memory leak is observed on the process l2ald when the rpd process is restarted. PR1435561

  • On the QFX5200 line of switches, the ISSU might fail. PR1438690

  • On the QFX5000 devices, the port qualifier is not supported. PR1440980

  • On the QFX10000 line of switches, removal of the EVPN-VXLAN Layer 3 gateway on the IRB interface from the spine switches might cause traffic to be silently discarded. PR1446291

  • On the QFX5000 line of switches, misleading ISSU logs are printed during the NSSU process even when the box does not perform ISSU. PR1451375

  • Interface still sends mirrored traffic out even after it is removed from the RSPAN VLAN output.PR1452459

  • Degradation of 9.51 percent with commit time and degradation of 12 percent with VLAN commit convergence are observed while comparing Junos OS Release 19.4DCB with Junos OS Release 19.3DCB. PR1457939

  • On the QFX5110 line of switches, the VXLAN VNI (mcast) scaling causes traffic issue. PR1462548

  • On the QFX5120-48T line of switches, finding discrepancy in the output of the show chassis environment pem command is observed in the backup member. PR1474520

  • Interfaces are not detected on some of the ports when the 25-Gigabit Ethernet SFP is swapped and 10-Gigabit Ethernet SFP is inserted. PR1475574

  • On the QFX5220 line of switches, the lo0 firewall filter might affect the Layer 3 forwarding traffic. PR1475620

  • The pfe_shm_vrf_hw_token_map_add parameters are wrongly displayed as error message after loading base configuration. PR1480149

  • On the QFX5100 Virtual Chassis or Virtual Chassis fan, NSSU from older Junos OS Release with Broadcom SDK 6.3.x to new Junos OS Release with Broadcom SDK 6.5.x might not work. PR1496765

  • The QFX5110-48S-4c line of switches might have high 1 PPS output measurement error. PR1498739

  • Kernel crash might occur after NSSU while performing GRES. PR1533874

  • On the QFX5000 Virtual Chassis fan, traffic loss might be seen after swapping the primary and backup Routing Engines. PR1544353

  • Need to move WRL7 to RCPL31 for the QFX-10-M and QFX-10-F line of switches. PR1547565

  • Few LLDP sensor subscription do not work. PR1553534

  • The MAC addresses learned in a Virtual Chassis might fail due to aging out in the MAC scaling environment. PR1558128

  • While mapping analyzers to the channelized port, mirror might not work properly. PR1580473

  • If the interface is newly added as the CE interface, the existing broadcast, unknown unicast, and multicast (BUM) traffic are looped. The loop prevention feature is designed to start working whenever a new CE interface is added by configuration. However, the existing BUM traffic arebe distributed to a new CE interface earlier before enabling the loop prevention feature. PR1493650

  • Filter counter statistics verification fails when the received packets gets doubled. PR1590009

  • On the QFX5100-48F-6Q switches, traffic loss is observed after de-activating and activating VLANs with VXLAN configurations. PR1592421

  • On the QFX10000 line of swtiches, the active flows are not exported as expected. PR1442503

  • The Layer 2 multicast traffic received on the VCP (Virtual Chassis port) ports might be dropped if igmp-snooping and STP/VSTP are enabled. PR1553159

  • Upon the receipt of specific sequences of genuine packets destined to the device, the kernel crashes and restarts (vmcore). PR1557881

  • The VCF might become unstable. PR1559172

  • MAC addresses might not be relearned successfully after the MAC address age timeouts. PR1567723

  • EVPN VXLAN CE interface with RSTP configured might cause LACP or BFD issues. PR1572504

  • The WAN port links might not get brought down immediately during some abnormal type of line card reboot. PR1577315

  • The Routing Engine kernel might crash due to logical child interface of the aggregated interface adding failure in the Junos kernel. PR1592456

  • The existing ECMP route traffic might be dropped if you configure a static ECMP route with the same number of next hops as the existing ECMP route. PR1594573

Routing Protocols

  • The dcpfe process generates core file after watchdog trigger caused by the failed MAC deletion notification. PR1371092

  • On the QFX-5100 Virtual Chassis or Virtual Chassis Fan, the following error is observed in the hardware with the mini-PDT base configurations: BRCM_NH-,brcm_nh_bdvlan_ucast_uninstall(), 128:l3 nh 6594 unintsall failed. PR1407175

  • The remaining BFD sessions of the aggregated Ethernet interface flap continuously if one of the BFD sessions is deleted. PR1516556

  • The BFD sessions might flap continuously after disruptive switchover followed by GRES. PR1518106

  • The rpd process might crash if next-hop self is used without using extended-nexthop and if the routing table has IPv4 routes with IPv6 nexthops. PR1582506

  • The multi-hop BFD session might flap if you execute the RSI (Request Support Information) collection command. PR1589765

User Interface and Configuration

  • The configuration under groups stanza is not inherited properly. PR1529989

Virtual Chassis

  • On the QFX5000 Virtual Chassis, the DDoS violations that occur on the backup are not reported to the Routing Engine. PR1490552

Resolved Issues

Learn which issues were resolved in Junos OS main and maintenance releases for QFX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper online Junos Problem Report Search application.

Resolved Issues: 20.1R3

Class of Service (CoS)

  • Unable to configure policer with bandwidth-limit greater than 50G. PR1575049

  • The buffer allocation for VCP ports might not get released in the Packet Forwarding Engine after physically moving the port location. PR1581187

EVPN

  • Traffic might not get load balanced for multiple ESI/VTEP pairs with the underlay aggregated Ethernet interface between leaf and spine. PR1512253

  • All the ARP reply packets toward some address are flooded across the entire fabric. PR1535515

  • EVPN-VXLAN registers MAC-move counters under system statistics bridge even though there is no actual MAC-move for the multi-homed clients. PR1538117

  • Policy with mac-filter-list might not work if you make changes that are unrelated to that policy and commit the changes in the EVPN scenario. PR1567623

Forwarding and Sampling

  • The l2ald process might crash due to next-hop issue in the EVPN-MPLS. PR1548124

  • Configuration archive transfer-on-commit fails on Junos OS Release 18.2R3-S6.5. PR1563641

Interfaces and Chassis

  • The logical interface might flap after the addition or deletion of the native VLAN configuration. PR1539991

  • MAC address entry issue might be observed after the MC-LAG interface. PR1562535

  • Traffic loss might occur when you deactivate and activate member links of the ICL or ICCP interface. PR1542840

  • New added MC-LAGs does not come up after the Routing Engine switchovers. PR1583547

Junos XML API and Scripting

  • The /var/run/scripts/ directory might be missing during bootup or upgrading the image. PR1543950

Layer 2 Features

  • The dcpfe process might crash when the logical child interface continuously attaches and detaches. PR1543169

  • Traffic might be forwarded incorrectly on an interface with VXLAN enabled and the hold-time up xxx statement configured. PR1550918

  • On the QFX5120 line of switches, packets with VLAN ID 0 are dropped. PR1566850

  • On the QFX5000 line of switches, software forwarded VXLAN decapsulated packets contains illegal length. PR1574435

  • On the QFX5110-32Q line of switches, LACP does not come up in the Non-Oversubscribed mode for a set of ports. PR1563171

  • In the OVSDB VXLAN scenario, inner VLAN tag 8 gets added unexpectedly into the encapsulated Ethernet header. PR1531319

  • Traffic loop might occur in an MC-LAG scenario. PR1533301

  • MAC programming issue occurs after deleting the IRB Layer 3 interface configuration from a VLAN configuration. PR1546179

  • Packets received on a port that is in the LACP Detached and Broadcom STP Blocked states might get forwarded. PR1553570

  • LACP gets into the Detached state when you delete VLAN on the aggregate interface configured on the SP style. PR1555862

  • Traffic forwarding for VLAN 2 might not be correct when you remove a VLAN member from the ESI interface. PR1570446

  • The dcpfe process crashes in the VXLAN scenario. PR1571170

  • On the QFX5000 line of switches, DF might not forward the BUM traffic. PR1575976

  • Traffic drop might occur on the aggregated Ethernet interface. PR1585320

Layer 2 Ethernet Services

  • DHCP packet drop might be observed when the DHCP relay is configured on a leaf device. PR1554992

  • The DHCP client becomes offline for 120 seconds after the DHCP client sends the DHCPINFORM message in the DHCP relay scenario. PR1575740

  • DHCP relay drops packets during the DHCP renewal process. PR1576417

Network Management and Monitoring

  • Slow memory leakage might occur for the snmpd process. PR1575790

Platform and Infrastructure

  • On the QFX10000 line of switches, the chassisd process might generate core files on the backup Routing Engine after commit for 200 seconds due to the following error message: CHASSISD_MAIN_THREAD_STALLED. PR1481143

  • The SNMP index in the Packet Forwarding Engine reports as 0, causing sFlow to report either IIF or OIF (not both) as 0 in the sFlow record data at the collector. PR1484322

  • On the QFX5000 line of switches, multicast traffic loss is observed due to few multicast routes missing in the spine node. PR1510794

  • The DHCP traffic might not be forwarded correctly when DHCP sends unicast packets. PR1512175

  • Channelized interfaces might fail to come up. PR1512203

  • The output of the show chassis forwarding-options command displays incorrect display issue, Virtual Chassis environment, and configured num-65-127-prefix values. PR1512712

  • On the QFX5100 line of switches, the cprod process timeout triggers high CPU utilization. PR1520956

  • Packet drops might be seen with all commit events with 1G speed configured interface. PR1524614

  • Traffic loss might be observed on the interfaces in a VXLAN environment. PR1524955

  • On the QFX100002 line of switches, the firewall log incorrectly gets populated from the Packet Forwarding Engine. PR1533814

  • The dcpfe process might crash and cause FPC to restart due to the traffic burst. PR1534340

  • High rate of ARP or NS packets might be observed between a device that runs Junos OS and host when the device that runs Junos OS receives an ARP or NS packet on an interface in transition. PR1534796

  • The following Packet Forwarding Engine error message is observed in the BRCM-VIRTUAL: brcm_virtual_tunnel_port_create() ,489: Failed NW vxlan port token(45) hw-id(7026) status(Entry not found). PR1535555

  • On the QFX5100-48T line of switches, interfaces are not created after 10G channel-speed is applied across the 48 to 53 ports. PR1538340

  • ARP request might be dropped in a leaf device in a EVPN-VXLAN scenario. PR1539278

  • The rpd memory leak might be observed on the backup Routing Engine due to the flapping of the link. PR1539601

  • Unable to take RSI properly due to the authentication error. PR1539654

  • FPC might not be recognized after power cycle (hard reboot). PR1540107

  • The Packet Forwarding Engine might crash in the MPLS IPv6-tunneling scenario when the next hop changes. PR1540793

  • The chip on FPC line card might crash when the system reboots. PR1545455

  • OSPFv3 session might keep flapping and OSPFv3 hellos might be dropped in the host-path. PR1547032

  • On the QFX5100 Virtual Chassis, the backup Routing Engines clear the reporting alarm for a PEM failure intermittently for a missing power source. PR1548079

  • The 40G interface might be channelized after restarting the Virtual Chassis member. PR1548267

  • The Neighbor Solicitation might be dropped from the peer device. PR1550632

  • The interface filter with source-port 0 matches everything instead of port 0. PR1551305

  • The action-shutdown statement of storm control does not work for ARP broadcast packets. PR1552815

  • Traffic might not pass due to the addition of the VLAN tag 2 while passing through the Virtual Chassis port. PR1555835

  • Traffic might be dropped when a firewall filter rule uses then vlan as the action. PR1556198

  • Traffic storm might be caused by analyzer due to link flapping. PR1557274

  • On the QFX5000 line of switches, the firewall filter might fail to work. PR1558320

  • On the QFX5120 line of switches, amber LEDs are displayed for the fan modules after upgrading to Junos OS Release 20.2R1. PR1558407

  • Few IPv6 ARP ND fails after loading the base configurations. PR1560161

  • When configuring the static MAC and static ARP on the EVPN core aggregate interface the underlay next hop programming might not be updated in the Packet Forwarding Engine. PR1561084

  • The tunable optics SFP+-10G-T-DWDM-ZR does not work. PR1561181

  • PTP lock status gets stuck at the Acquiring state instead of the Phase Aligned state. PR1561372

  • On the QFX5000 line of switches, port mirroring might not work as expected. PR1562607

  • On the QFX5120 line of switches, storm control with IRB interface might not work correctly. PR1564020

  • On the QFX5100 line of switches, the following internal comment is displayed: Placeholder for QFX platform configuration. PR1567037

  • On the QFX10002 line of switches, discrepancy in inet.1 vs Packet Forwarding Engine reported multicast routes. PR1567353

  • On the QFX10000 line of switches, the firewall log is incorrectly populating from the Packet Forwarding Engine for IPv6 traffic. PR1569120

  • On the QFX10008 chassis, the dcpfe process generates a core file. PR1572889

  • On the QFX10000 line of switches, a high rate of 802.3X pause frames are sent out of the Interfaces. PR1575280

  • The dcpfe process crashes while checking virtual tunnel-nh packet status. PR1580114

  • On the QFX5120-32C line of switches, the following error is observed: kern.ipc.maxpipekva exceeded; see tuning error. PR1581192

  • In the QFX10002-72Q line of switches, SNMP walk jnxOperatingEntry displays only two PSU even if four PSU are installed. PR1555852

  • On the QFX5200 line of switches, the PRBS (Pseudo Random Binary Sequence) test fails for 100GbE interfaces with the default settings. PR1560086

  • On the QFX10000 line of switches, the firewall filter logs are incorrectly populated the protocol 8847 entries. PR1582780

  • When deleted aggregated Ethernet member(s) are not getting deleted (mirror trunk group) in the hardware for the analyzer input aggregated Ethernet. PR1589579

  • The LCMD process might consume memory until all of the free memory available to VMHOST gets exhausted. PR1555386

  • The dcpfe process might crash after committing the EVPN-VXLAN profile configuration and ARP resolution might fail causing traffic issues. PR1561588

  • FPC might crash in a scaled-firewall configuration. PR1586817

  • On the QFX10002 and QFX10008 line of switches, there might be traffic loss after FPC or system reboots. PR1487913

  • The fxpc process might crash in an EVPN-VXLAN scenario. PR1504778

  • On the QFX5110 with QSFP+40GE-IR4 line of switches, the unicast connectivity might break. PR1517601

  • On the QFX5000 line of switches, the ECMP hash function might not take effect and the load balancing might not work. PR1523844

  • On the QFX10000 line of switches, an enhancement to enable watchdog petting log on line cards is required. PR1527535

  • The rpd process might crash due to memory leakage. PR1528550

  • On the QFX5110-32Q line of switches, ports from 20 to 27 might flap when you insert the QSPF-40G transceiver into port 29 to 31. PR1535216

  • On the QFX10000 line of switches, the Denial of Service (DoS) occurs upon receipt of DVMRP packets received on multi-homing ESI in VXLAN. PR1539194

  • The commit full command might cause the guest VM to crash. PR1539434

  • The aggregated Ethernet interface might flap after changing interface configurations. PR1542270

  • Traffic loops if logical child interface gets added in the case of multihomed SP style in EVPN or VXLAN. PR1543966

  • On the QFX10000 line of switches, the dcpfe process might crash. PR1546572

  • On the QFX5000 line of switches, the static MAC on an interface might not work. PR1546655

  • On the QFX10000 line of switches, ARP might not get resolved on the agrregated Ethernet interface. PR1546712

  • LACP timeout issue might occur while polling for QSFP diagnostics. PR1549121

  • The traffic are not load balanced properly in the EVPN overlay-ecmp setup. PR1550020

  • The dcpfe process might crash due to chip SDK fault. PR1552645

  • Traffic loss might occur on a VXLAN enabled VLAN. PR1554600

  • The VGA might be down when you configure the IRB interface with multi VGA addresses. PR1555338

  • Timestamp discrepancy might occur in the IPFIX packet flows exported. PR1558131

  • The subscriber management infrastructure daemon (smid) process might get stuck at hundred percent. PR1559402

  • On the QFX10000-60S-6Q line of switches, the line card takes more than 15 minutes to boot up after triggering the panic or watchdog reboot. PR1559725

  • The VXLAN queue DDos violation and RARP packets flood might occur if receiving the RARP packets more than the supported DDoS bandwidth. PR1560243

  • Sampled memory leak might occur when the analyzer is in the Down state. PR1564790

  • Traffic loss might occur in the MC-LAG scenario. PR1565287

  • The DF (Designated Forwarder) might not forward traffic. PR1567752

  • On the QFX10002-60 line of switches, shutting down of one port causes another port to shutdown. PR1568294

  • The BFD session flaps between the leaf and core during the spine reboot that causes other protocols to flap. PR1568615

  • The dcpfe process might crash if the Type-5 tunnel fails to install for EVPN-VXLAN. PR1570136

  • On the QFX10008 and QFX10016 line of switches, traffic loss might occur due to faulty FPC. PR1574779

  • Port mirroring might not work when the analyzer output is a trunk interface. PR1575129

  • On the QFX5000 line of switches, analyzer does not work. PR1576327

  • The IS-IS packet might be corrupted on the provider edge device over the Layer 2 circuit tunnel. PR1580047

  • The DHCP packets might get dropped if you apply the dyn-dhcpv4_v6_trap dynamic filter on the interface. PR1580352

  • Multiple crashes with toe_interrupt_errors error message might occur. PR1593025

Routing Policy and Firewall Filters

  • The policy configuration might be mismatched between the rpd and mgd process when deactivate policy-options prefix-list is involved in the configuration sequence. PR1523891

Routing Protocols

  • On the QFX 5100-48T-6Q Virtual Chassis or Virtual Chassis fan, the following error message is observed while copying the image to the Virtual Chassis fan member and trying to downgrade the image: rcp for member 14, failed. PR1486632

  • Traffic might be silently discarded when the BGP route gets deleted, which is part of multipath. PR1514966

  • The dcpfe process might crash while updating VRF for multicast routes during IRB uninit. PR1546745

  • The BGP LU session might flap with AIGP-used scenario. PR1558102

  • On the QFX5110-32Q lien of switches, the following syslog error message is observed after loading the NC T5 EVPN VXLAN configuration: BCM-L2,pfe_bcm_l2_sp_bridge_port_tpid_set() Config TPID New/Old (8100:8100) Other-Tpid's ba49, 4aa0, 80f. PR1558189

  • The dcpfe process might crash when the size of the Local Bias Filter Bitmap string exceeds 256 characters. PR1568159

  • The GRE egress traffic might not be forwarded between the different routing-instances. PR1573411

  • The rpd crash might be observed after committing with static group 224.0.0.0 configured. PR1586631

  • The dcpfe process might crash when any interface flaps. PR1579736

  • Traffic might not be forwarding over the ECMP links in the EVPN VXLAN scenario. PR1533925

  • The BFD sessions over IRB interface gets stuck in the Init state with FRR errors. PR1541851

  • Multicast traffic with TTL 1 sent across VCP gets dropped. PR1543763

  • BFD on the Layer 3 sub-interface of the ESI aggregated Ethernet interface might flap when an upstream underlay or overlay BGP flaps. PR1544982

  • The rpd memory leak might occur in the BGP scenario. PR1547273

  • On the QFX5000 line of switches, continuous traffic destined to a device configured with MC-LAG, that leads to nodes losing their control connection impacts traffic. PR1552877

  • A filter could not be installed if the filter has a large scaled number of terms. PR1555337

  • There might be traffic loss when the GRE interface flaps. PR1566428

  • Memory leakage might occur in the MSDP scenario. PR1571906

  • With IGMP snooping implemented, unexpected jitter issues might cause traffic loss. PR1583207

Resolved Issues: 20.1R2

Class of Service (CoS)

  • PFC feature is not supported with QFX5120 Virtual Chassis due to chip limitation. PR1431895

  • Traffic might be forwarded to the incorrect queue when a fixed classifier is used. PR1510365

EVPN

  • The ESI of IRB interfaces does not update after autonomous-system number change if the interface is down. PR1482790

  • The l2ald memory leakage might be observed in any EVPN scenario. PR1498023

  • In the EVPN-VXLAN scenario, the l2ald process might crash in a rare condition. PR1501117

  • The VXLAN function might be broken due to a timing issue. PR1502357

  • Unable to create a new VTEP interface. PR1520078

  • ARP table might not be updated in a race condition after performing VMotion or a network loop. PR1521526

Interfaces and Chassis

  • The MC-LAG configuration-consistency ICL configuration might fail after committing some changes. PR1459201

  • Traffic might get dropped as the next hop points to ICL even though the local MC-LAG is up. PR1486919

  • MC-LAG consistency check fails if multiple IRB units are configured with same VRRP group. PR1488681

  • Error message does not get generated while verifying the GRE limitation. PR1495543

  • The dcpfe might crash when the ICL is disabled and then enabled. PR1525234

Layer 2 Ethernet Services

  • Issues with the DHCPv6 relay processing confirm and reply packets are observed. PR1496220

  • The MC-LAG might be down after disabling and then enabling the force-up configuration. PR1500758

  • The aggregated Ethernet interface sometimes might not come up after the switch is rebooted. PR1505523

Layer 2 Features

  • On the QFX5120 switches, the MAC learning might not work correctly. PR1441186

  • On the QFX5120 switches, the third VLAN tag does not get pushed onto the stack. Instead, it gets swapped. PR1469149

  • On the QFX5200 switches, the MAC learning rate is degraded by 88 percent. PR1494072

  • Flow control is enabled in Packet Forwarding Engine irrespective of interface configuration and the fix causes a very small amount of packet loss when a parameter related to an interface such as "interface description" on any port is changed. PR1496766

  • On the QFX5000 switches, traffic imbalance might be observed if hash-params is not configured. PR1514793

  • The MAC address in the hardware table might become out of synchronization between the primary and member in Virtual Chassis after the MAC flaps. PR1521324

MPLS

  • BGP session flaps between two directly connected BGP peers because of the wrong TCP-MSS in use. PR1493431

Platform and Infrastructure

  • Traceroute monitor with MTR version v.69 shows a false 10 percent loss. PR1493824

  • The following error message is generated while booting: CMQFX: Error requesting SET BOOLEAN, illegal setting 66. PR1385954

  • The RIB installation or deletion time consumption is reduced. PR1421250

  • SFP-LX10 stays down until autonegotiation is disabled. PR1423201

  • The default logical interface on the channelized physical interface might not get created after ISSU or ISSR. PR1439358

  • The PMTUD might not work for both IPv4 and IPv6 if the ingress Layer 3 interface is an IRB interface. PR1442587

  • Members might stay disconnected from the QFX5120-32C/QFX5120-48T Virtual Chassis after a full-stack reboot. PR1453399

  • Changing the VLAN name associated with the access ports might prevent the MAC addresses from being learned in the EVPN-VXLAN scenario. PR1454095

  • On the QFX5000 line of switches, the dcpfe process crashes due to the usage of data that is not null getting terminated. PR1454527

  • QFX5110 switch, the interface on QSFP-100GBASE-SR4 switch (made by Avago) cannot link up. PR1457266

  • On the QFX5100 switches, the interface output counter is double-counted for self-generated traffic. PR1462748

  • On the PTX10000 routers, FPCs might restart during runtime. PR1464119

  • On the EX4600 device, traffic loss might be seen with framing errors or runts if MACsec is configured. PR1469663

  • On the EX4600 device, DSCP marking might not work as expected if the fixed classifiers are applied to interfaces. PR1472771

  • ERP might not come up properly when MSTP and ERP are enabled on the same interface. PR1473610

  • On the QFX5000 line of switches, the Layer 2 circuit might fail to communicate through VLAN 2. PR1474935

  • The system might stop new MAC learning and impact the Layer 2 traffic forwarding. PR1475005

  • sFlow does not work correctly if the received traffic goes out of more than one interface. PR1475082

  • FPC major error is observed after the system boots up or the FPC restarts. PR1475851

  • On the QFX10002-36Q/72Q switches, the following continuous error messages are logged on the device on getting adoption valid bit[8] asserted: prds_ptc_wait_adoption_status: PECHIP[1] PTC[1]: timeout. PR1477192

  • Egress port mirroring might not work when the analyzer port and mirrored port belong to a different FPC. PR1477956

  • SNMP Index in Packet Forwarding Engine reports as 0, causing SFLOW to report either IIF or OIF (not both) as 0 in sflow record data at collector. PR1484322

  • VLAN creation failure might be observed with the scaled VLAN and Layer 3 configuration. PR1484964

  • The dcpfe process might generate core files with the non-oversubscribed mode after SDK upgrade. PR1485854

  • The 10GbE VCP ports will not be active in the QFX51XX and EX46XX Virtual Chassis scenario. PR1486002

  • On the QFX5120 Virtual Chassis, the output of the show chassis alarm command displays incorrect PEM status after multiple GRES events. PR1486736

  • QFX5100: If more than one UDF filter/term is configured, then only the first filter/term will be programmed in hardware. This is due to SDK 6.5.16 upgrade. PR1487679

  • The queue statistics are not as expected after configuring the physical interface and logical interface shaping with the transmit rate and scheduler map. PR1488935

  • After ISSU or ISSR, a port using SR4 or LR4 optics might not come up. PR1490799

  • BFD sessions start to flap when the firewall filter in loopback0 is changed. PR1491575

  • Junos OS: High CPU load due to receipt of specific multicast packets on Layer 2 interface (CVE-2020-1668). PR1491905

  • Traffic loss could be observed in mixed Virtual Chassis setup of QFX5100 and EX4300. PR1493258

  • Traffic loss might be seen in an MC-LAG scenario. PR1494507

  • In the QFX5120 line of switches, the SNMP polling for the CPU utilization and state of the breakup-Routing Engine does not show in the two member Virtual Chassis. PR1495384

  • Junos OS: PTX Series and QFX Series: Kernel routing table (KRT) queue stuck after J-Flow sampling of a malformed packet (CVE-2020-1679). PR1495788

  • ARP might not get refreshed after timeout. PR1497209

  • Virtual Chassis is not stable with 100GbE and 40GbE interfaces. PR1497563

  • Outbound SSH connection flap or memory leak issue might be observed when pushing the configuration to the ephemeral database at him high rate. PR1497575

  • On the QFX5210064C switches, the lcmd process generates a core file. PR1497947

  • Traffic might get dropped if the aggregated Ethernet member interface is deleted or added, or an SFP transceiver of the aggregated Ethernet member interface is unplugged or plugged in. PR1497993

  • The request-pfe-execute CLI command takes longer than 5 seconds to get a reply in Junos OS Release 18.4 for QFX5100. PR1498092

  • On the QFX5210 switches, unexpected behavior for port LEDs lights is observed after the upgrade. PR1498175

  • Inter-VNI and intra-VNI or VRF traffic is dropped between the CE devices when the interfaces connected between the TOR and multihomed PE devices are disabled. PR1498863

  • On the QFX5100 and QFX5110 line of switches, the firewall filter might not get applied. PR1499647

  • BFD sessions flap after deactivating or activating the aggregated Ethernet interface or executing GRES. PR1500798

  • On the QFX5000 switches, ERPS might not work correctly. PR1500825

  • The error message mpls_extra NULL might be seen during MPLS route add/change/delete operation. PR1502385

  • The interface becomes physically down after changing to the FEC-none mode. PR1502959

  • LLDP is not acquired when native-vlan-id and tagged VLAN-ID are the same on a port. PR1504354

  • "Media type" in show interface command is displayed as "Fiber" for SFP-10G-T. PR1504630

  • The DMA failure errors might be seen when the cache is full or flushes. PR1504856

  • The l2cpd process might crash if the ERP configuration is added or removed, and the l2cpd process is restarted. PR1505710

  • The archival function might fail in certain conditions. PR1507044

  • The fxpc may crash and restart with an fxpc core file created while installing the image through ZTP. PR1508611

  • Traffic might be affected on the QFX10002, QFX10008, and QFX10016 platform. PR1509220

  • ARP replies might be flooded through the EVPN-VXLAN network as unknown unicast ARP reply. PR1510329

  • The output VLAN push might not work. PR1510629

  • Multicast traffic loss is observed because of few missing multicast routes in the spine node. PR1510794

  • The QFX10000-36Q line card used on QFX10008 and QFX10016 platforms may fail to detect any QSFP. PR1511155

  • In the VXLAN configuration, the firewall filters might not be loaded into the TCAM with the following message due to TCAM overflow after upgrading to Releases 18.1R3-S1, 18.2R1, and later : DFWE ERROR DFW: Cannot program filter. PR1514710

  • The routes update might fail upon the HMC memory issue and traffic impact might be seen. PR1515092

  • The100GbE AOC non-breakout port might be auto-channelized to another speed. PR1515487

  • The MAC learning might not work properly after multiple MTU changes on the access port in the VXLAN scenario. PR1516653

  • The dcpfe (PFE) process might crash due to memory leak. PR1517030

  • The vgd process might generate a core file when the OVSDB server restarts. PR1518807

  • Traffic forwarding might be affected when adding, removing, or modifying the VLAN or VNI configurations such as vlan-id and vni-id, and the ingress-replication configuration. PR1519019

  • Output interface index in an sFlow packet is zero when transit traffic is observed on the IRB interface with VRRP enabled. PR1521732

  • On the QFX10002, QFX10008, and QFX10016 switches, the following error message is observed during specific steps while clearing and loading the scaled configuration again: PRDS_SLU_SAL:jprds_slu_sal_update_lrncnt(),1379: jprds_slu_sal_update_lrncnt call failed. PR1522852

  • Sampling, with the rate limiter command enabled, crosses the sample rate 65,535. PR1525589

  • The MPLS EXP classifier might not work on QFX10000 platforms. PR1531095

  • High rate of ARP or NS packets might be observed between a device that runs Junos OS and host when the device that runs Junos OS receives an ARP or NS packet on an interface in transition. PR1534796

Routing Policy and Firewall Filters

  • The policy configuration might be mismatched between rpd and mgd when deactivate policy-options prefix-list is involved in configuration sequence. PR1523891

Routing Protocols

  • Flows do not fall back to a single link when the inactivity-interval is set higher than the IFG. PR1471729

  • The MUX state in the LACP interface does not go to the Collecting and Distributing state and remains in the Attached state after enabling the aggregated Ethernet interface. PR1484523

  • The FPC process goes to the NotPresent state after upgrading the QFX5100 Virtual Chassis or Virtual Chassis Fan. PR1485612

  • On QFX 5100-48T-6Q with Virtual Chassis or Virtual Chassis fan, system upgrade/ installation might fail. PR1486632

  • CPU port queue gets full due to excessive pause frames being received on interfaces; this causes control packets from the CPU to all ports to be dropped. PR1487707

  • The BGP route target family might prevent the route reflector from reflecting Layer 2 VPN and Layer 3 VPN routes. PR1492743

  • The rpd process generates core files at rt_nh_resolve_add_gen in ../../../../../../../../src/junos/usr.sbin/rpd/lib/rt/rt_resolve_ind.c: with the evpn-dhcp configurations. PR1494005

  • EX4300-MP/EX4600/QFX5000 Series: High CPU load due to receipt of specific layer 2 frames in EVPN-VXLAN deployment. (CVE-2020-1687) & High CPU load due to receipt of specific Layer 2 frames when deployed in a Virtual Chassis configuration (CVE-2020-1689). PR1495890

  • Firewall filter does not work in certain conditions in a Virtual Chassis setup. PR1497133

  • Traffic drop might be observed after modifying the FBF firewall filter. PR1499918

  • Scale of filters with egress-to-ingress command is enabled. PR1514570

  • The rpd might report 100% CPU usage with BGP route damping enabled. PR1514635

  • Firewall "sample" configuration gives the warning as unsupported on QFX10002-36Q and does not work. PR1521763

  • On the QFX5000 line of switches, the fxpc process might crash if the VXLAN interface flaps. PR1528490

User Interface and Configuration

  • The version information under the configuration changes from Junos OS Release 19.1 onward. PR1457602

Resolved Issues: 20.1R1

Class of Service (CoS)

  • Shaping does not work after the reboot if shaping-rate is configured. PR1432078

  • The traffic is placed in the network-control queue on an extended port even if it comes in with a different DSCP marking. PR1433252

  • On QFX5120 switches, when you move unicast traffic to a multicast queue through an MF classifer, the show interface queue command does not display any status. PR1459281

EVPN

  • The rpd might crash with EVPN-related configuration changes in a static VXLAN to MPLS stitching scenario. PR1467309

Forwarding and Sampling

  • Type 1 ESI/AD route might not be generated locally on an EVPN PE device in the all-active mode. PR1464778

General Routing

  • On QFX5100 Virtual Chassis, MacDrainTimeOut and bcm_port_update failed: Internal error is observed. PR1284590

  • The show chassis errors active detail command is not supported on QFX5000 platforms. PR1386255

  • The 10-Gigabit Ethernet fiber interfaces might flap frequently when they are connected to other vendor's switch. PR1409448

  • The optic comes with Tx enabled by default. As the port is administratively disabled, the port is stopped but as the port has not been started, it does not disable Tx. PR1411015

  • Part of routes could not be provided into the Packet Forwarding Engine when both IPv4 and IPv6 are used. PR1412873

  • The show interface command shows Media type: Fiber on QFX5100-48T switches running "QFX 5e Series" image. PR1419732

  • Ports might get incorrectly channelized if they are channelized to 10-Gbps and they are again channelized to 10-Gbps. PR1423496

  • CoS rewrite rules applied under an aggregated Ethernet interface might not take effect after nonstop software upgrade (NSSU). PR1430173

  • The l2cpd process might crash and generate a core file when interfaces flap. PR1431355

  • The FPC might crash when a firewall filter is modified. PR1432116

  • When you plug in an unsupported SFP-T module, the line card might crash. PR1432809

  • BGP neighborship might not come up if the MACsec feature is configured. PR1438143

  • QFX5100 Virtual Chassis does not come up after you replace a Virtual Chassis port fiber connection with a DAC cable. PR1440062

  • MAC addresses learned on RTG might not be aged out after a Virtual Chassis member is rebooted. PR1440574

  • Packet loss might be seen if IPoIP or MPLS-over-UDP dynamic tunnels are configured with ECMP. PR1446132

  • On QFX5100 Virtual Chassis, a cyclic redundancy check (CRC) error might be seen on the Virtual Chassis Port (VCP). PR1449406

  • Except one aggregated Ethernet member link, the other links do not send out sFlow sample packets for ingress traffic. PR1449568

  • The em0 route might be rejected after the em0 interface is disabled and then enabled. PR1449897

  • FPC does not restart immediately after rebooting the system. This might cause packet loss. PR1449977

  • On QFX10000 platforms, CoS classification does not work. PR1450265

  • The l2ald and eventd process are hogging 100 percent after the clear ethernet-switching table command is issued. PR1452738

  • The classifier configuration does not get applied to the interface in an EVPN-VXLAN environment. PR1453512

  • The show chassis led command shows incorrect status. PR1453821

  • On QFX5100 Virtual chassis, VGD process hogs the CPU without the switch-options vtep-source-interface lo0.0 configuration. PR1454014

  • On QFX5110 Virtual Chassis, master FPC might come up in master state again after reboot instead of backup. PR1454343

  • On QFX5000 platform, the dcpfe process crashes because usage of data which is not NULL is terminated. PR1454527

  • On QFX10002-60C EVPN-VXLAN, the MAC+IP count is shown as zero. PR1454603

  • On QFX5120 switches, untagged hosts ARP/NS requests connected on encapsulation ethernet-bridge interface are not being resolved. PR1454804

  • You might not be able to apply a firewall filter to a particular Virtual Chassis or Virtual Chassis Fabric member as TCAM is running out of space. PR1455177

  • In a 16+ member QFX5100 Virtual Chassis Fabric, the FROM column under the show system users command output reports feb0, feb1, feb2, and feb3 for fpc16, fpc17, fpc18, and fpc19, respectively. PR1455201

  • The priority-based flow control (PFC) feature does not work on the QFX10000 line of switches. PR1455309

  • The cosd crash might be observed if the forwarding-class-set is directly applied on the child interface of an aggregated Ethernet interface. PR1455357

  • Link-up delay and traffic drop might be seen on mixed service provider Layer 2/Layer 3 and enterprise style Layer 2 type configurations. PR1456336

  • The Packet Forwarding Engine process might crash after Routing Engine switchover on QFX10000 platforms. PR1457414

  • Overtemperature SNMP trap messages are displayed after an update even though the temperatures are within the system thresholds. PR1457456

  • On QFX5110 switches, port 51 has one LED blinking amber continuously. PR1457516

  • On QFX5210 switches, the LED does not light on port 64 and 65 after the switch is upgraded to Junos OS Release 19.2R1. PR1458514

  • The command show dynamic-tunnels database does not show v6 mapped next-hop flag for 6PE routes that have labels. PR1458634

  • The BPDU packet might be looped between leaf DF switch and non-DF switch and causes traffic blocking. PR1458929

  • On QFX5200 switches, DHCPv6 LDRA relay bounded count is not as expected after DHCP is configured. PR1459499

  • The fxpc process might crash because the BGP IPv6 session flaps. PR1459759

  • The forwarding option is missed in routing instance type. PR1460181

  • The accept-source-mac feature with VXLAN is not working on QFX5000 platforms. PR1460885

  • The statement show forwarding-options enhanced-hash-key is not supported on QFX10000 platforms. PR1462519

  • The entPhysicalTable MIB is not fetching expected data on QFX10002-72Q or QFX10002-36Q platforms. PR1462582

  • The fxpc process might generate core files when changing MTU in a VXLAN scenario with firewall filters applied on QFX5000 platforms. PR1462594

  • On QFX5100 Virtual Chassis or Virtual Chassis Fabric, you observe the BRCM-VIRTUAL,brcm_vxlan_walk_svp(),6916:Failed to find L2-iff for ifl: error while cleaning up EVPN-VXLAN configurations with mini-PDT base configurations. PR1463939

  • On PTX10000, the FPC might restart during runtime. PR1464119

  • On QFX10000 platforms, the interface might not come up on FPC restart. PR1464650

  • QFX5100-24Q: Unable to apply DSCP rewrite to firewall filter to a Layer 3 subinterface (for example, xe-0/0/0.100). PR1464883

  • PEM is not present spontaneously on QFX5210. PR1465183

  • On QFX5100-48T switches, a 10-Gigabit Ethernet interface might not come up or negotiate at speed 1-Gbps when connected with BRCM 10G/GbE 2+2P 57800-t rNDC. PR1465196

  • The QSFP-100G-PSM4 could not be correctly identified on QFX5200 or QFX5110 platforms. PR1465214

  • The physical interface of an aggregated Ethernet might take time to come up after disabling or enabling it. PR1465302

  • Junos OS exhibits inconsistent fan and power supply numbering on White Boxs (-O and -OZ) in Release 19.2R1. PR1465327

  • In a Virtual Chassis scenario, the broadcast and multicast traffic might be dropped over an IRB or a LAG interface. PR1466423

  • BGP open messages with specific types of BGP optional capabilities causing BMP messages not to be encoded correctly when sent to the BMP collector. PR1466477

  • On QFX10000 platforms, EBUF parity interrupt is not seen. PR1466532

  • IPv6 traffic over Layer 3 VPN might fail. PR1466659

  • Slow packet drops might be seen on QFX5000 platforms. PR1466770

  • EPR iCRC errors in QFX10000 platforms might cause protocols to be down. PR1466810

  • A few of the DHCPvX INFORM messages, specific to a particular VLAN, are not receiving any ACK from server. PR1467182

  • Ingress drops to be included at the CLI from interface statistics and added to InDiscards. PR1468033

  • Optics measurements might not be streamed for interfaces of a PIC over JTI. PR1468435

  • MAC address might not be learned on a new extended port after VMotion in a Junos fusion for data center environment. PR1468732

  • QFX5000 platform is looping the IP routed packet through IS-IS or MPLS. PR1469998

  • Incorrect counter values are observed for the arrival rate and peak rate for DDoS commands. PR1470385

  • On QFX5100 and EX4300 mixed-mode Virtual Chassis, unable to configure 10-Mbps speed on the Gigabit Ethernet interface. PR1471216

  • In a VXLAN scenario on QFX10000 platforms, when a VTEP source interface is configured in multiple routing instances, traffic loss might occur. PR1471465

  • On QFX5000 platforms, egress PACL size is half. PR1472206

  • The shaping of CoS does not work after reboot. PR1472223

  • The detached interface in a LAG might process the xSTP BPDUs. PR1473313

  • The RIPv2 packets forwarded across a Layer 2 circuit connection might be dropped. PR1473685

  • On QFX5000 platforms in an EVPN-VXLAN scenario, continuous log messages might be observed. PR1474545

  • Layer 2 circuit might fail to communicate via VLAN 2 on QFX5000 platforms. PR1474935

  • DAC cables are not being properly detected in the Packet Forwarding Engine on QFX5200 switches. PR1475249

  • QFX5000 leaf device might fail to forward the traffic in a multicast environment with VXLAN. PR1475430

  • QFX Series platform generates the invalid PFE PG counter pairs to copy, src 0xfffff80, dst 0 message. PR1476829

  • On QFX10002-36Q and QFX10002-72Q switches, generating continuous prds_ptc_wait_adoption_status: PECHIP[1] PTC[1]: timeout on getting adoption valid bit[8] asserted error logs on the device. PR1477192

  • The remaining interface might be still in downstate even the number of channelized interfaces is no more than five. PR1480480

  • ARP request packets for unknown hosts might get dropped in a remote PE in an EVPN-VXLAN scenario. PR1480776

  • On QFX10000 and QFX5000 Series switches with SP style configuration, BUM traffic incorrectly get blocked, while you disable or enable different logical interfaces. PR1482202

  • After an ISSU or an ISSR, a port using SR4 or LR4 optics might not come up. PR1490799

High Availability (HA) and Resiliency

  • Unified ISSU is not supported on QFX5000 platforms. PR1472183

Interfaces and Chassis

  • VRRPv6 state is flapping with init and idle states after configuring vlan-tagging. PR1445370

  • Traffic might be forwarded to incorrect interfaces in an MC-LAG scenario. PR1465077

  • On a QFX Series platform, VRRPv3 MIBs are not working to poll VRRPv6-related objects. PR1467649

  • Executing commit might become unresponsive due to a stuck dcd process. PR1470622

  • Commit error is not thrown when a member link is added to multiple aggregation groups with different interface-specific options. PR1475634

Junos Fusion Enterprise

  • Loop detection might not work on extended ports in Junos fusion for enterprise scenarios. PR1460209

Junos Fusion Satellite Software

  • In Junos fusion for enterprise, dpd might crash on satellite devices running SNOS. PR1460607

Layer 2 Ethernet Services

  • In an EVPN-VXLAN ERB scenario, dhcp relay-source lo0.1 is not used when enabled with anycast legacy IRB. PR1455076

  • Member links state might be asychronized on a connection between PE and CE devices in an EVPN A/A scenario. PR1463791

Layer 2 Features

  • On QFX5100 switches, storm control configuration might be disabled for the interface. PR1354889

  • Physical layer and MAC/ARP learning might not work for copper base SFP-T transceivers on QFX5100 and QFX5110. PR1437577

  • The LLDP function might fail when a Juniper device connects to a non-Juniper device. PR1462171

  • A few MAC addresses might be missing from the software MAC table on QFX5000 platforms. PR1467466

  • After rebooting, an FXPC core file might be seen when committing the configuration. PR1467763

  • Ingress traffic might be silently dropped if the underlying interface flaps in an EVPN-VXLAN scenario. PR1469596

  • Traffic might be affected if composite next hop is enabled. PR1474142

MPLS

  • On QFX10002 switches, the show mpls static-lsp | display xml command produces invalid XML. PR1469378

  • Traffic might silently dropped and discarded on PE when CE sends traffic to PE and the destination is resolved with two LSPs through one upstream interface. PR1475395

  • MPLS LDP ping or traceroute fails over QFX5100 as transit PHP node. PR1477301

Platform and Infrastructure

  • The stylesheet language alternative syntax (SLAX) script might be lost after upgrading software. PR1479803

Routing Protocols

  • In a scaled setup, when the host table is full and the host entries are installed in the LPM table, OSPF sessions might take more time to come up. PR1358289

  • Invalid VRRP mastership election on QFX5110 Virtual Chassis peers. PR1367439

  • Host-destined packets with filter log action might not reach the Routing Engine if log/syslog is enabled. PR1379718

  • On QFX5100, BGP IPv4 or IPv6 convergence and RIB install or delete time degraded in Junos OS Releases 19.1R1, 19.2R1, 19.3R1, and 19.4R1. PR1414121

  • PIM (S, G) joins can cause MSDP to incorrectly announce source active messages in some cases. PR1443713

  • CRC errors might be seen on QFX5100 Virtual Chassis. PR1444845

  • The core file might be generated when you add or remove EVPN Type-5 routing instance. PR1455547

  • On QFX5000 platforms, egress port for ARP entry in the Packet Forwarding Engine is not modified from the VTEP to the local ESI port, after the device boots up.PR1460688

  • On QFX5100 Virtual Chassis or Virtual Chassis Fabric, the brcm_ipmc_route_counter_delete:3900Multicast stat destroy failed (-10:Operation still running) error is observed after unified ISSU with Mini-PDT base configurations. PR1460791

  • The other querier present interval timer cannot be changed in an IGMP/MLD snooping scenario. PR1461590

  • When IRB is deleted on the Layer 3 gateway, the IRB interface does not get removed from the Packet Forwarding Engine and it results in traffic drop in IRB MAC address. PR1463092

  • The mcsnoopd crash might be seen if one BD/VLAN is configured as part of EVPN and it has any multicast router interfaces (static/dynamic). PR1468737

  • Traffic might not be forwarded over an ECMP link in an EVPN-VXLAN scenario. PR1475819

  • ARP packets are always sent to CPU regardless of whether the storm-control is activated. PR1476708

  • GRE transit traffic is not forwarded in a VRRP scenario. PR1477073

Documentation Updates

This section lists the errata and changes in Junos OS Release 20.1R3 documentation for the QFX Series.

Dynamic Host Configuration Protocol (DHCP)

  • Introducing DHCP User Guide—Starting in Junos OS Release 20.1R1, we are introducing the DHCP User Guide for Junos OS routing, switching, and security platforms. This guide provides basic configuration details for your Junos OS device as DHCP Server, DHCP client, and DHCP relay agent.

    [See DHCP User Guide.]

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network.

Upgrading Software on QFX Series Switches

When upgrading or downgrading Junos OS, always use the jinstall package. Use other packages (such as the jbundle package) only when so instructed by a Juniper Networks support representative. For information about the contents of the jinstall package and details of the installation process, see the Installation and Upgrade Guide and Junos OS Basics in the QFX Series documentation.

If you are not familiar with the download and installation process, follow these steps:

  1. In a browser, go to https://www.juniper.net/support/downloads/junos.html.

    The Junos Platforms Download Software page appears.

  2. In the QFX Series section of the Junos Platforms Download Software page, select the QFX Series platform for which you want to download the software.
  3. Select 20.1 in the Release pull-down list to the right of the Software tab on the Download Software page.
  4. In the Install Package section of the Software tab, select the QFX Series Install Package for the 20.1 release.

    An Alert box appears.

  5. In the Alert box, click the link to the PSN document for details about the software, and click the link to download it.

    A login screen appears.

  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.
  7. Download the software to a local host.
  8. Copy the software to the device or to your internal software distribution site.
  9. Install the new jinstall package on the device.Note

    We recommend that you upgrade all software packages out of band using the console, because in-band connections are lost during the upgrade process.

    Customers in the United States and Canada use the following command:

    user@host> request system software add source/jinstall-host-qfx-5-x86-64-20.1-R2.n-secure-signed.tgz reboot

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the switch.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname (available only for Canada and U.S. version)

    Adding the reboot command reboots the switch after the upgrade is installed. When the reboot is complete, the switch displays the login prompt. The loading process can take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note

After you install a Junos OS Release 20.1 jinstall package, you can issue the request system software rollback command to return to the previously installed software.

Installing the Software on QFX10002-60C Switches

This section explains how to upgrade the software, which includes both the host OS and the Junos OS. This upgrade requires that you use a VM host package—for example, a junos-vmhost-install-x.tgz .

During a software upgrade, the alternate partition of the SSD is upgraded, which will become primary partition after a reboot .If there is a boot failure on the primary SSD, the switch can boot using the snapshot available on the alternate SSD.

Note

The QFX10002-60C switch supports only the 64-bit version of Junos OS.

Note

If you have important files in directories other than /config and /var, copy the files to a secure location before upgrading. The files under /config and /var (except /var/etc) are preserved after the upgrade.

To upgrade the software, you can use the following methods:

If the installation package resides locally on the switch, execute the request vmhost software add <pathname><source> command.

For example:

user@switch> request vmhost software add /var/tmp/junos-vmhost-install-qfx-x86-64-20.1R3.9.tgz

If the Install Package resides remotely from the switch, execute the request vmhost software add <pathname><source> command.

For example:

user@switch> request vmhost software add ftp://ftpserver/directory/junos-vmhost-install-qfx-x86-64-20.1R3.9.tgz

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Installing the Software on QFX10002 Switches

Note

If you are upgrading from a version of software that does not have the FreeBSD 10 kernel (15.1X53-D30, for example), you will need to upgrade from Junos OS Release 15.1X53-D30 to Junos OS Release 15.1X53-D32. After you have installed Junos OS Release 15.1X53-D32, you can upgrade to Junos OS Release 15.1X53-D60 or Junos OS Release 18.3R1.

Note

On the switch, use the force-host option to force-install the latest version of the Host OS. However, by default, if the Host OS version is different from the one that is already installed on the switch, the latest version is installed without using the force-host option.

If the installation package resides locally on the switch, execute the request system software add <pathname><source> reboot command.

For example:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-f-x86-64-20.1R3.n-secure-signed.tgz reboot

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> reboot command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-f-x86-64-20.1R3.n-secure-signed.tgz reboot

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Upgrading Software from Junos OS Release 15.1X53-D3X to Junos OS Release 15.1X53-D60, 15.1X53-D61.7, 15.1X53-D62, and 15.1X53-D63 on QFX10008 and QFX10016 Switches

Note

Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://www.juniper.net/support.

The switch contains two Routing Engines, so you will need to install the software on each Routing Engine (re0 and re1).

If the installation package resides locally on the switch, execute the request system software add <pathname><source> command.

To install the software on re0:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re0

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re0 command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re0

To install the software on re1:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re1

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re1 command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re1

Reboot both Routing Engines.

For example:

user@switch> request system reboot both-routing-engines

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Installing the Software on QFX10008 and QFX10016 Switches

Because the switch has two Routing Engines, perform a Junos OS installation on each Routing Engine separately to avoid disrupting network operation.

Note

Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://www.juniper.net/support.

Warning

If graceful Routing Engine switchover (GRES), nonstop bridging (NSB), or nonstop active routing (NSR) is enabled when you initiate a software installation, the software does not install properly. Make sure you issue the CLI delete chassis redundancy command when prompted. If GRES is enabled, it will be removed with the redundancy command. By default, NSR is disabled. If NSR is enabled, remove the nonstop-routing statement from the [edit routing-options] hierarchy level to disable it.

  1. Log in to the master Routing Engine’s console.

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  2. From the command line, enter configuration mode:

    user@switch> configure
  3. Disable Routing Engine redundancy:

    user@switch# delete chassis redundancy
  4. Disable nonstop-bridging:

    user@switch# delete protocols layer2-control nonstop-bridging
  5. Save the configuration change on both Routing Engines:

    user@switch# commit synchronize
  6. Exit the CLI configuration mode:

    user@switch# exit

    After the switch has been prepared, you first install the new Junos OS release on the backup Routing Engine, while keeping the currently running software version on the master Routing Engine. This enables the master Routing Engine to continue operations, minimizing disruption to your network.

    After making sure that the new software version is running correctly on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the software version on the other Routing Engine.

  7. Log in to the console port on the other Routing Engine (currently the backup).

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  8. Install the new software package using the request system software add command:

    user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-f-x86-64-20.1R3.n-secure-signed.tgz

    For more information about the request system software add command, see the CLI Explorer.

  9. Reboot the switch to start the new software using the request system reboot command:

    user@switch> request system reboot
    Note

    You must reboot the switch to load the new installation of Junos OS on the switch.

    To abort the installation, do not reboot your switch. Instead, finish the installation and then issue the request system software delete <package-name> command. This is your last chance to stop the installation.

    All the software is loaded when you reboot the switch. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.

    While the software is being upgraded, the Routing Engine on which you are performing the installation is not sending traffic.

  10. Log in and issue the show version command to verify the version of the software installed.

    user@switch> show version

    Once the software is installed on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the master Routing Engine software.

  11. Log in to the master Routing Engine console port.

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  12. Transfer routing control to the backup Routing Engine:

    user@switch> request chassis routing-engine master switch

    For more information about the request chassis routing-engine master command, see the CLI Explorer.

  13. Verify that the backup Routing Engine (slot 1) is the master Routing Engine:

    user@switch> show chassis routing-engine
  14. Install the new software package using the request system software add command:

    user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-f-x86-64-20.1R3.n-secure-signed.tgz

    For more information about the request system software add command, see the CLI Explorer.

  15. Reboot the Routing Engine using the request system reboot command:

    user@switch> request system reboot
    Note

    You must reboot to load the new installation of Junos OS on the switch.

    To abort the installation, do not reboot your system. Instead, finish the installation and then issue the request system software delete jinstall <package-name> command. This is your last chance to stop the installation.

    The software is loaded when you reboot the system. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.

    While the software is being upgraded, the Routing Engine on which you are performing the installation does not send traffic.

  16. Log in and issue the show version command to verify the version of the software installed.

  17. Transfer routing control back to the master Routing Engine:

    user@switch> request chassis routing-engine master switch

    For more information about the request chassis routing-engine master command, see the CLI Explorer.

  18. Verify that the master Routing Engine (slot 0) is indeed the master Routing Engine:

    user@switch> show chassis routing-engine

Performing a Unified ISSU

You can use unified ISSU to upgrade the software running on the switch with minimal traffic disruption during the upgrade.

Note

Unified ISSU is supported in Junos OS Release 13.2X51-D15 and later.

Perform the following tasks:

Preparing the Switch for Software Installation

Before you begin software installation using unified ISSU:

  • Ensure that nonstop active routing (NSR), nonstop bridging (NSB), and graceful Routing Engine switchover (GRES) are enabled. NSB and GRES enable NSB-supported Layer 2 protocols to synchronize protocol information between the master and backup Routing Engines.

    To verify that nonstop active routing is enabled:

    Note

    If nonstop active routing is enabled, then graceful Routing Engine switchover is enabled.

    If nonstop active routing is not enabled (Stateful Replication is Disabled), see Configuring Nonstop Active Routing on Switches for information about how to enable it.

  • Enable nonstop bridging (NSB). See Configuring Nonstop Bridging on Switches (CLI Procedure) for information on how to enable it.

  • (Optional) Back up the system software—Junos OS, the active configuration, and log files—on the switch to an external storage device with the request system snapshot command.

Upgrading the Software Using Unified ISSU

This procedure describes how to upgrade the software running on a standalone switch.

To upgrade the switch using unified ISSU:

  1. Download the software package by following the procedure in the Downloading Software Files with a Browser section in Installing Software Packages on QFX Series Devices.

  2. Copy the software package or packages to the switch. We recommend that you copy the file to the /var/tmp directory.

  3. Log in to the console connection. Using a console connection allows you to monitor the progress of the upgrade.

  4. Start the ISSU:

    • On the switch, enter:

      where package-name.tgz is, for example, jinstall-host-qfx-10-f-x86-64-20.1R3.n-secure-signed.tgz.

    Note

    During the upgrade, you cannot access the Junos OS CLI.

    The switch displays status messages similar to the following messages as the upgrade executes:

    Note

    A unified ISSU might stop, instead of abort, if the FPC is at the warm boot stage. Also, any links that go down and up will not be detected during a warm boot of the Packet Forwarding Engine (PFE).

    Note

    If the unified ISSU process stops, you can look at the log files to diagnose the problem. The log files are located at /var/log/vjunos-log.tgz.

  5. Log in after the reboot of the switch completes. To verify that the software has been upgraded, enter the following command:

  6. Ensure that the resilient dual-root partitions feature operates correctly, by copying the new Junos OS image into the alternate root partitions of all of the switches:

    Resilient dual-root partitions allow the switch to boot transparently from the alternate root partition if the system fails to boot from the primary root partition.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2 and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.

You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.