Junos OS Release Notes for the QFX Series
These release notes accompany Junos OS Release 20.1R3 for the QFX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.
You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.
What's New
Learn about new features introduced in the Junos OS main and maintenance releases for QFX Series switches.
The following QFX Series platforms
are supported in Release 20.1R3: QFX5100, QFX5110 (32Q and 48S), QFX5120,
QFX5200, QFX5200-32CD, QFX5210, QFX10002, QFX10002-60C, QFX10008,
and QFX10016.
Junos on White Box runs on Accton Edgecore AS7816-64X switches in this release. The software is based on Junos OS running on QFX5210 switches, so release-note items that apply to QFX5210 switches also apply to Junos on White Box.
What's New in Release 20.1R3
There are no new features or enhancements to existing features for QFX Series in Junos OS Release 20.1R3.
What's New in Release 20.1R2
There are no new features or enhancements to existing features for QFX Series in Junos OS Release 20.1R2.
What's New in Release 20.1R1
EVPN
Routing traffic between a VXLAN and a Layer 3 logical interface (EX4650 and QFX5120)—Starting in Junos OS Release 20.1R1, EX4650 and QFX5120 switches support the routing of traffic between a Virtual Extensible LAN (VXLAN) and a Layer 3 logical interface. This feature is enabled by default, so you do not need to take any action to enable it.
Note By default, this feature is disabled on QFX5110 switches. To enable the feature on QFX5110 switches, you must perform the configuration described in Understanding How to Configure VXLANs and Layer 3 Logical Interfaces to Interoperate.
(You can configure the Layer 3 logical interface using the set interfaces interface-name unit logical-unit-number family inet address ip-address/prefix-length or the set interfaces interface-name unit logical-unit-number family inet6 address ipv6-address/prefix-length command.)
High Availability (HA) and Resiliency
Inline keepalive packet support for BFD (QFX5110, QFX5120, QFX5200, and QFX5210)—Starting in Junos OS Release 20.1R1, multihop BFD inline keepalive support enables scaling up to 10 inline BFD sessions with 150-millisecond support on both multihop BFD sessions as well as single-hop inline sessions. Multihop BFD session intervals can also be configured to less than 1-second granularity. This enables both faster detection of link failures and recovery. The switch will also send keepalive messages according to the configured interval.
Note This feature only applies for IPv4 multihop BFD sessions and standalone BFD sessions. This feature is not supported for micro BFD implementation.
[See Understanding Bidirectional Forwarding Detection (BFD).]
Interfaces and Chassis
Support for new show | display set CLI commands (ACX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.1R1, the following new show commands have been introduced:
show | display set explicit—Display explicitly, as a series of commands, all the configurations that the system internally creates when you configure certain statements from the top level of the hierarchy.
show | display set relative explicit—Display explicitly, as a series of commands, all the configurations that the system internally creates when you configure certain statements from the current hierarchy level.
[See show | display set and show | display set relative.]
Junos OS XML, API, and Scripting
The
jcs:load-configurationtemplate supports loading the rescue configuration (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.1R1, thejcs:load-configurationtemplate supports therescueparameter to load and commit the rescue configuration on a device. SLAX and XSLT scripts can call thejcs:load-configurationtemplate with therescueparameter set to"rescue"to replace the active configuration with the rescue configuration.[See Changing the Configuration Using SLAX and XSLT Scripts and jcs:load-configuration Template.]
Junos Telemetry Interface
gRPC Dial-Out support on JTI (ACX Series, MX Series, PTX Series, and QFX Series)—Junos OS Release 20.1R1 provides remote procedure call (gRPC) dial-out support for telemetry. In this method, the target device (server) initiates a gRPC session with the collector (client) and, when the session is established, streams the telemetry data that is specified by the sensor-group subscription to the collector. This is in contrast to the gRPC network management interface (gNMI) dial-in method, in which the collector initiates a connection to the target device.
gRPC dial-out provides several benefits as compared to gRPC dial-in, including simplifying access to the target advice and reducing the exposure of target devices to threats outside of their topology.
To enable export of statistics, include the export-profile and sensor statements at the [edit services analytics] hierarchy level. The export profile must include the reporting rate, the transport service (for example, gRPC), and the format (for example, gbp-gnmi). The sensor configuration should include the name of the collector (the server’s name), the name of the export profile, and the resource path. An example of a resource path is
/interfaces/interface[name='fxp0'.gRPC version v1.18.0 with JTI (ACX Series, MX Series, PTX Series, and QFX Series)—Junos OS Release 20.1R1 includes support for remote procedure call (gRPC) services version v1.18.0 with Junos telemetry interface (JTI). This version includes important enhancements for gRPC. In earlier releases, JTI is supported with gRPC version v1.3.0.
Use gRPC in combination with JTI to stream statistics at configurable intervals from a device to an outside collector.
Multicast
PIM with IPv6 multicast traffic (EX4650 and QFX5120-48Y)—Starting in Junos OS Release 20.1R1, EX4650 and QFX5120-48Y switches support Protocol Independent Multicast (PIM) with IPv6 multicast traffic as follows:
PIM sparse mode (PIM-SM), PIM dense mode (PIM-DM), and PIM sparse-dense mode (PIM-SDM)
PIM any-source multicast (PIM-ASM) and PIM source-specific multicast (PIM-SSM)
Static, embedded, and anycast rendezvous points (RPs)
[See PIM Overview.]
Routing Policy and Firewall Filters
Support for flexible-match-mask match condition (EX4650 and QFX-Series)—Starting with Junos OS Release 20.1R1, for EX4650, QFX5120-32C, and QFX5120-48Y switches, the flexible-match-mask match condition in firewall filters is supported for the inet, inet6, and ethernet-switching families. With this feature, you can configure a filter by specifying the length of the match (4 bytes maximum) starting from a Layer 2 or Layer 3 packet offset.
Routing Protocols
Redistribution of IPv4 routes with IPv6 next hop into BGP (QFX Series)—Starting in Release 20.1R1, devices running Junos OS can forward IPv4 traffic over an IPv6-only network, which generally cannot forward IPv4 traffic. As described in RFC 5549, IPv4 traffic is tunneled from CPE devices to IPv4-over-IPv6 gateways. These gateways are announced to CPE devices through anycast addresses. The gateway devices then create dynamic IPv4-over-IPv6 tunnels to remote CPE devices and advertise IPv4 aggregate routes to steer traffic. Route reflectors with programmable interfaces inject the tunnel information into the network. The route reflectors are connected through IBGP to gateway routers, which advertise the IPv4 addresses of host routes with IPv6 addresses as the next hop.
To configure a dynamic IPv4-over-IPv6 tunnel, include the dynamic-tunnels statement at the [edit routing-options] hierarchy level.
[See Understanding Redistribution of IPv4 Routes with IPv6 Next Hop into BGP.]
Software Defined Networking
VMware NSX Data Center for vSphere 6.4.5 and 6.4.6 certification (QFX5100 Virtual Chassis)—Starting with Junos OS Release 20.1R1, Juniper Networks certifies QFX5100 Virtual Chassis as a hardware Virtual Extensible LAN (VXLAN) gateway in an Open vSwitch Database (OVSDB) and VXLAN network with a VMware NSX Data Center for vSphere 6.4.5 or 6.4.6 controller.
[See OVSDB-VXLAN User Guide for QFX Series Switches (VMware NSX).]
Storage and Fibre Channel
FIP snooping (EX4650-48Y and QFX5120-48Y)—Starting in Junos OS Release 20.1R1, EX4650-48Y and QFX5120-48Y switches support Fibre Channel over Ethernet (FCoE) Initialization Protocol (FIP) snooping. With FIP snooping enabled on these switches, you prevent unauthorized access and data transmission to a Fibre Channel (FC) network by permitting only those servers that have logged in to the FC network to access the network. You enable FIP snooping on FCoE VLANs when the switch is being used as an FCoE transit switch that connects FC initiators (servers) on the Ethernet network to FCoE forwarders at the FC storage area network (SAN) edge.
[See Understanding FCoE Transit Switch Functionality and Understanding VN_Port to VN_Port FIP Snooping on an FCoE Transit Switch.]
System Management
Support for the Precision Time Protocol (PTP) AES67, SMPTE ST-2059-2, and AES67+SMPTE profiles (QFX10002 )—Starting in Junos OS Release 20.1R1, you can enable the AES67, SMPTE ST-2059-2, and AES67+SMPTE profiles to support video applications for capture (for example, cameras), video edit, and playback to be used in professional broadcast environments. The PTP standard allows multiple video sources to stay in synchronization across various equipment by providing time and frequency synchronization to all devices. These profile support PTP over IPv4 multicast and ordinary and boundary clocks.
To configure the AES67, SMPTE ST-2059-2, and AES67+SMPTE profiles, enable one of the aes67, smpte, or aes67-smpte statements at the [edit protocols ptp profile-type] hierarchy level.
Restrict option under NTP configuration is now visible (ACX Series, QFX Series, MX Series, PTX Series, and SRX Series)—Starting in Junos OS Release 20.1R1, the noquery command under the restrict hierarchy is now available and can be configured with a mask address. The noquery command is used to restrict ntpq and ntpdc queries coming from hosts and subnets.
[See Configuring NTP Access Restrictions for a Specific Address.]
What's Changed
Learn about what changed in Junos OS main and maintenance releases for QFX Series.
What’s Changed in 20.1R3
Junos XML API and Scripting
Refreshing scripts from an HTTPS server requires a certificate (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—When you refresh a local commit, event, op, SNMP, or Juniper Extension Toolkit (JET) script from an HTTPS server, you must specify the certificate (Root CA or self-signed) that the device uses to validate the server's certificate, thus ensuring that the server is authentic. In earlier releases, when you refresh scripts from an HTTPS server, the device does not perform certificate validation.
When you refresh a script using the
request system scripts refresh-fromoperational mode command, include thecert-fileoption and specify the certificate path. Before you refresh a script using theset refreshor setrefresh-fromconfiguration mode command, first configure thecert-filestatement under the hierarchy level where you configure the script. The certificate must be in Privacy-Enhanced Mail (PEM) format.[See request system scripts refresh-from and cert-file.]
The
jcs:invoke()function supports suppression of root login and logout events in system log files for SLAX commit scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Thejcs:invoke()extension function supports theno-login-logoutparameter in SLAX commit scripts. If you include the parameter, the function does not generate and log UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages when the script logs in as root to execute the specified remote procedure call (RPC). If you omit the parameter, the function behaves as in earlier releases in which the root UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages are included in system log files.The
jcs:invoke()function supports suppression of root login and logout events in system log files for SLAX event scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Thejcs:invoke()extension function supports theno-login-logoutparameter in SLAX event scripts. If you include the parameter, the function does not generate and log UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages when the script logs in as root to execute the specified remote procedure call (RPC). If you omit the parameter, the function behaves as in earlier releases in which the root UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages are included in system log files.
Layer 2 Ethernet Services
Link selection support for DHCP (QFX Series)—We?ve introduced link-selection statement at the edit forwarding-options dhcp-relay relay-option-82 hierarchy level, which allows DHCP relay to add suboption 5 to option 82. Suboption 5 allows DHCP proxy clients and relay agents to request an IP address for a specific subnet from a specific IP address range and scope. Earlier to this release, the DHCP relay drops packets during the renewal DHCP process as the DHCP Server uses the leaf's address as a destination to acknowledge DHCP renewal message.
[See relay-option-82.]
MPLS
Disable back-off behavior on PSB2 (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)— We've introduced the cspf-backoff-time statement globally for MPLS and LSP to delay the CSPF by configured number of seconds, on receiving bandwidth unavailable PathErr on PSB2. If the configured value is zero, then the CSPF starts immediately for PSB2, when bandwidth-unavailable PathErr is received. If the statement is not configured, the default exponential back-off occurs.
[See cspf-backoff-time.]
Network Management and Monitoring
Support for specifying the YANG modules to advertise in the NETCONF capabilities and supported schema list (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—You can configure devices to emit third-party, standard, and Junos OS native YANG modules in the capabilities exchange of a NETCONF session by configuring the appropriate statements at the [edit system services netconf hello-message yang-module-capabilities] hierarchy level. In addition, you can specify the YANG schemas that the NETCONF server should include in its list of supported schemas by configuring the appropriate statements at the [edit system services netconf netconf-monitoring netconf-state-schemas] hierarchy level.
[See hello-message and netconf-monitoring.]
Platform and Infrastructure
The
jcs:invoke()function supports suppression of root login and logout events in system log files for SLAX event scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Thejcs:invoke()extension function supports theno-login-logoutparameter in SLAX event scripts. If you include the parameter, the function does not generate and log UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages when the script logs in as root to execute the specified remote procedure call (RPC). If you omit the parameter, the function behaves as in earlier releases in which the root UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages are included in system log files.
Routing Protocols
Advertising 32 secondary loopback addresses to traffic engineering database as prefixes (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—We've made changes to export multiple loopback addresses to the lsdist.0 and lsdist.1 routing tables as prefixes. This eliminates the issue of advertising secondary loopback addresses as router IDs instead of prefixes. In earlier releases, we added multiple secondary loopback addresses in the traffic engineering database to the lsdist.0 and lsdist.1 routing tables as part of node characteristics and advertised them as the router ID.
User Interface and Configuration
Verbose format option to export JSON configuration data (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The Junos OS CLI exposes the verbose statement at the [edit system export-format json] hierarchy level. We changed the default format to export configuration data in JavaScript Object Notation (JSON) from verbose to ietf starting in Junos OS Release 16.1R1. You can explicitly specify the default export format for JSON configuration data by configuring the appropriate statement at the [edit system export-format json] hierarchy level. Although the verbose statement is exposed in the Junos OS CLI as of the current release, you can configure this statement starting in Junos OS Release 16.1R1.
[See export-format.]
What’s Changed in 20.1R2
Interfaces and Chassis
Autonegotiation status displayed correctly (QFX5120-48Y)—In Junos OS Release 20.1R2, the show interfaces interface-name <media> <extensive> command displays the autonegotiation status only for the interface that supports autonegotiation. This is applicable when the switch operates at 1-Gbps speed.
In the earlier Junos OS releases, incorrect autonegotiation status was displayed even when autonegotiation was disabled.
Juniper Extension Toolkit (JET)
Set the trace log to only show error messages (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series)—You can set the verbosity of the trace log to only show error messages using the error option at the edit system services extension-service traceoptions level hierarchy.
[See traceoptions (Services)]
High Availability (HA) and Resiliency
IPv6 address in the prefix TIEs displayed correctly—The IPv6 address in the prefix TIEs are displayed correctly in the show rift tie output.
Install or activate the RIFT package to include the request rift package activate-as-top-of-fabric option—Install or activate the RIFT package to include the request rift package activate-as-top-of-fabric option. This option is same as the activate option but it adds additional configuration to act as a top-of-fabric node.
Platform and Infrastructure
Control plane DDoS protection packet type option for ARP traffic (PTX Series and QFX Series)— Starting in this release, we've renamed the arp-snoop packet type option in the edit system ddos-protection protocols arp protocol group to arp. This packet type option enables you to change the default control plane distributed denial-of-service (DDoS) protection policer parameters for ARP traffic.
See protocols (DDoS) (PTX Series and QFX Series) protocols (DDoS) (PTX Series and QFX Series).
Priority-based flow control (PFC) support (QFX5120-32C)—Starting with Junos OS Release 20.1R2, QFX5120-32C switches support PFC using Differentiated Services code points (DSCP) at Layer 3 for untagged traffic.
Routing Protocols
IGMP snooping in EVPN-VXLAN multihoming environments (QFX5110)—In an EVPN-VXLAN multihoming environment on QFX5110 switches, you can now selectively enable IGMP snooping only on those VLANs that might have interested listeners. In earlier releases, you must enable IGMP snooping on all VLANs associated with any configured VXLANs because all the VXLANs share VXLAN tunnel endpoints (VTEPs) between the same multihoming peers and require the same settings. This is no longer a configuration limitation.
What’s Changed in 20.1R1
Class of Service (CoS)
We’ve corrected the output of the show class-of-service interface | display xml command. The output is of the following sort: <container> <leaf-1> data </leaf-1><leaf-2>data </leaf-2> <leaf-3> data</leaf-3> <leaf-1> data </leaf-1> <leaf-2> data </leaf-2> <leaf-3> data </leaf-3> </container> will now appear correctly as <container> <leaf-1> data </leaf-1><leaf-2>data </leaf-2> <leaf-3> data</leaf-3></container> <container> <leaf-1> data </leaf-1> <leaf-2> data </leaf-2> <leaf-3> data </leaf-3> </container>.
Interfaces and Chassis
Commit error thrown when GRE interface and tunnel source interface are configured in different routing instances (QFX Series)—In Junos OS Release 20.1R1, QFX Series switches do not support configuring the GRE interface and the underlying tunnel source interface in two different routing instances. If you try this configuration, it will result in a commit error with the following error message:
error: GRE interface (gr-0/0/0.0) and its underlying tunnel source interface are in different routing-instances
error: configuration check-out failed
Support for 100-Mbps speed using QFX-SFP-1GE-T on QFX5110-48S Switches—Starting in Junos OS release 20.1R1, in addition to 1-Gbps, 10-Gbps, 40-Gbps, 100-Gbps speeds, now you can configure 100-Mbps speed using the set interfaces interface-name speed 100M command. By default, all 48 ports on QFX5110-48S come up with 10-Gbps speed. With QFX-SFP-1GE-T connected, along with 1-Gbps speed, now you can also configure 100-Mpbs on QFX5110-48S switches.
[See Speed (Ethernet)].
Logical Interface is created along with physical Interface by default (EX Series switches, QFX Series switches, MX Series routers)—The logical interface is created on ge, et, xe interfaces along with the physical interface, by default. In earlier Junos OS Releases, by default, only physical interfaces were created. For example, for ge interfaces, earlier when you view the show interfaces command, by default, only the physical interface (ge-0/0/0), was displayed. Now, the logical interface (ge-0/0/0.16386) is also displayed.
Multicast
Multicast Layer 2 transit traffic statistics by multicast source and group (EX4600, EX4650, and the QFX5000 line of switches)—Starting in Junos OS Release 20.1R1, EX4600, EX4650, and the QFX5000 line of switches provide statistics on the packet count for each multicast group and source when passing multicast transit traffic at Layer 2 with IGMP snooping. Run the show multicast snooping route extensive CLI command to see this count in the Statistics: … n packets output field. The other statistics in that output field, kBps and pps, are not available (values displayed there are not valid statistics for multicast traffic at Layer 2). In earlier Junos OS releases, all three values in the Statistics output field for kBps, pps, and packets do not provide valid statistics for multicast traffic at Layer 2.
Network Management and Monitoring
entPhysicalTable fetched on QFX10002—In Junos OS Release 20.1R1, the MIB data for entPhysicalTable will be fetched on a QFX10002-72Q or QFX10002-36Q switch.
[See SNMP Explorer.]
Routing Protocol
Automatic installation of YANG-based CLI for RIFT protocol (MX Series, QFX Series, and vMX with 64-bit and x86-based servers)—In Rift 1.2 Release, installation of the CLI for RIFT protocol occurs automatically along with the installation of the junos-rift package. In the pre-1.0 releases of the junos-rift package, the RIFT CLI had to be installed separately using request system yang command after installation of the junos-rift package.–
Known Limitations
Learn about known limitations in Junos OS Release 20.1R3 for QFX Series. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
Class of Service (CoS)
On the QFX5100 line of switches, ISSU does not support Junos OS Release 20.1 and later. PR1479439
Traffic might be dropped by the destination device. PR1568333
Infrastructure
File system panic might occur after repeated power loss. PR1444941
Layer 2 Features
On the QFX5000 line of switches, the following error message is reported in the log: fpc0 Pools exhausted for Table:EGR_DVP_ATTRIBUTE_1. PR1479826
Layer 2 Ethernet Services
The LACP force-up and EVPN core isolation features are not supported together. PR1461581
Platform and Infrastructure
Upgrade or downgrade from TVP to non-TVP is not supported. PR1345848
After configuring and deleting the Ethernet loopback configuration, the interface goes down and does not come up. PR1353734
On the QFX10000 line of switches, the analyzer does not mirror after adding the child member to an aggregated Ethernet interface. PR1417694
The following error message is observed while performing NSSU: syntax error: request-package-validate message. PR1421378
On the QFX5120 line of switches, one of the VCP ports of the throughput test result for most of the frame sizes is not close to 100 percent. PR1453709
The show interfaces xe-a/b/c statement on a disabled or enabled configuration change displays fiber intermittently. PR1467509
NSSU upgrade fails when there are multiple fpcs in the chassis NSSU upgrade group. PR1473624
On the QFX5120-48T line of switches, convergence delay for the link-protected MPLS LSP is more than 50 minutes. PR1478584
Observed 100 percent Layer 2 MAC scaling traffic loss in the QFX10002-60C line of switches after loading the EVPN-VXLAN collapsed profile configurations. PR1489753
On the QFX5100 Virtual Chassis or Virtual Chassis fan, NSSU from the older Junos OS Release with Broadcom SDK 6.3.x to new Junos OS Release with Broadcom SDK 6.5.x might not work. PR1496765
Routing Protocols
On the QFX5100 line of switches that does not run the QFX-5E codes (non TVP architecture), when image with Broadcom SDK upgrade (6.5.X) is installed, the CPU utilization might go up by around 5 percent. PR1534234
Open Issues
Learn about open issues in Junos OS Release 20.1R3 for QFX Series. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
Class of Service (CoS)
DDoS violation on the QFX5200 line of switches is observed even after the received protocol packets are less than 10PPS. PR1381775
EVPN
On the QFX10002 line of switches, the core link flaps and the BUM traffic loops. PR1492784
The MAC address of the end-host gets wrongly programmed in the forwarding table after ESI failover. PR1584595
High Availability (HA) and Resiliency
On the QFX5200-32C line of switches, the reboot time is degraded from 205 seconds in Junos OS Release 20.2R1 to 260 seconds in Junos OS Release 20.3. PR1511607
Infrastructure
The following error message is observed during FTP: ftpd[14105]: bl_init: connect failed for
/var/run/blacklistd.sock(No such file or directory). PR1315605
Interfaces and Chassis
On the QFX5110 MC-LAG, flooding of the multicast packets for around 16 to 20 seconds is observed after disabling and enabling a member link of ICL after reboot. PR1422473
ARP reply unicast packets might be flooded to all the interfaces in VLAN. PR1454764
Layer 2 Features
On the QFX5000 Virtual Chassis, multicast traffic gets flooded even when the IGMP report times out. PR1431893
On the QFX5000 line of switches, the following error message is reported in the log: fpc0 Pools exhausted for Table:EGR_DVP_ATTRIBUTE_1. PR1479826
On the QFX5100 line of switches, fxpc CPU utilization is increased after the Broadcom SDK upgrade to 6.5.x from 5.3.x. PR1480132
Traffic does not get load balanced by the QFX5000 line of devices over the ESI links with EVPN-VXLAN configured. PR1551543
MAC addresses learnt from the MC-LAG client device might keep flapping between the ICL interface and MC-AE interface after one child link in the MC-AE interface is disabled. PR1582473
On the QFX5100 line of switches, traffic might be dropped in the Packet Forwarding Engine after change related to TPID when made in the dcd. PR1477156
Layer 2 Ethernet Services
The DHCP DECLINE packets are not forwarded to the DHCP server when forward-only is set within dhcp-reply. PR1429456
Platform and Infrastructure
On the QFX5100-48T-6Q line of switches, the port LEDs might not work. PR1317750
On the QFX10000 line of switches, the source MAC and TTL values do not get updated for the routed multicast packets in EVPN-VXLAN. PR1346894
The backup Routing Engine might crash after GRES occurs continuously for more than 10 times. PR1348806
On the QFX10000 line of switches, the Aruba wireless access point (AP) heartbeat packets get dropped. As a result, the Aruba wireless AP cannot work. PR1352805
USB upgrade of NOS image is not supported. PR1373900
Due to the transient hardware condition, the single-bit error (SBE) events are corrected and have no operational impact. Those reported events had been disabled to prevent alarms and possibly unnecessary hardware replacements. PR1384435
On Junos OS Release 18.4R1, intermittent traffic loss is observed with the RTG streams while flapping the RTG primary interface. PR1388082
Unicast RPF in either the Strict mode or ICMP redirect does not work. PR1417546
Memory leak is observed on the process l2ald when the rpd process is restarted. PR1435561
On the QFX5200 line of switches, the ISSU might fail. PR1438690
On the QFX5000 devices, the port qualifier is not supported. PR1440980
On the QFX10000 line of switches, removal of the EVPN-VXLAN Layer 3 gateway on the IRB interface from the spine switches might cause traffic to be silently discarded. PR1446291
On the QFX5000 line of switches, misleading ISSU logs are printed during the NSSU process even when the box does not perform ISSU. PR1451375
Interface still sends mirrored traffic out even after it is removed from the RSPAN VLAN output.PR1452459
Degradation of 9.51 percent with commit time and degradation of 12 percent with VLAN commit convergence are observed while comparing Junos OS Release 19.4DCB with Junos OS Release 19.3DCB. PR1457939
On the QFX5110 line of switches, the VXLAN VNI (mcast) scaling causes traffic issue. PR1462548
On the QFX5120-48T line of switches, finding discrepancy in the output of the show chassis environment pem command is observed in the backup member. PR1474520
Interfaces are not detected on some of the ports when the 25-Gigabit Ethernet SFP is swapped and 10-Gigabit Ethernet SFP is inserted. PR1475574
On the QFX5220 line of switches, the lo0 firewall filter might affect the Layer 3 forwarding traffic. PR1475620
The pfe_shm_vrf_hw_token_map_add parameters are wrongly displayed as error message after loading base configuration. PR1480149
On the QFX5100 Virtual Chassis or Virtual Chassis fan, NSSU from older Junos OS Release with Broadcom SDK 6.3.x to new Junos OS Release with Broadcom SDK 6.5.x might not work. PR1496765
The QFX5110-48S-4c line of switches might have high 1 PPS output measurement error. PR1498739
Kernel crash might occur after NSSU while performing GRES. PR1533874
On the QFX5000 Virtual Chassis fan, traffic loss might be seen after swapping the primary and backup Routing Engines. PR1544353
Need to move WRL7 to RCPL31 for the QFX-10-M and QFX-10-F line of switches. PR1547565
Few LLDP sensor subscription do not work. PR1553534
The MAC addresses learned in a Virtual Chassis might fail due to aging out in the MAC scaling environment. PR1558128
While mapping analyzers to the channelized port, mirror might not work properly. PR1580473
If the interface is newly added as the CE interface, the existing broadcast, unknown unicast, and multicast (BUM) traffic are looped. The loop prevention feature is designed to start working whenever a new CE interface is added by configuration. However, the existing BUM traffic arebe distributed to a new CE interface earlier before enabling the loop prevention feature. PR1493650
Filter counter statistics verification fails when the received packets gets doubled. PR1590009
On the QFX5100-48F-6Q switches, traffic loss is observed after de-activating and activating VLANs with VXLAN configurations. PR1592421
On the QFX10000 line of swtiches, the active flows are not exported as expected. PR1442503
The Layer 2 multicast traffic received on the VCP (Virtual Chassis port) ports might be dropped if igmp-snooping and STP/VSTP are enabled. PR1553159
Upon the receipt of specific sequences of genuine packets destined to the device, the kernel crashes and restarts (vmcore). PR1557881
The VCF might become unstable. PR1559172
MAC addresses might not be relearned successfully after the MAC address age timeouts. PR1567723
EVPN VXLAN CE interface with RSTP configured might cause LACP or BFD issues. PR1572504
The WAN port links might not get brought down immediately during some abnormal type of line card reboot. PR1577315
The Routing Engine kernel might crash due to logical child interface of the aggregated interface adding failure in the Junos kernel. PR1592456
The existing ECMP route traffic might be dropped if you configure a static ECMP route with the same number of next hops as the existing ECMP route. PR1594573
Routing Protocols
The dcpfe process generates core file after watchdog trigger caused by the failed MAC deletion notification. PR1371092
On the QFX-5100 Virtual Chassis or Virtual Chassis Fan, the following error is observed in the hardware with the mini-PDT base configurations: BRCM_NH-,brcm_nh_bdvlan_ucast_uninstall(), 128:l3 nh 6594 unintsall failed. PR1407175
The remaining BFD sessions of the aggregated Ethernet interface flap continuously if one of the BFD sessions is deleted. PR1516556
The BFD sessions might flap continuously after disruptive switchover followed by GRES. PR1518106
The rpd process might crash if next-hop self is used without using extended-nexthop and if the routing table has IPv4 routes with IPv6 nexthops. PR1582506
The multi-hop BFD session might flap if you execute the RSI (Request Support Information) collection command. PR1589765
User Interface and Configuration
The configuration under groups stanza is not inherited properly. PR1529989
Virtual Chassis
On the QFX5000 Virtual Chassis, the DDoS violations that occur on the backup are not reported to the Routing Engine. PR1490552
Resolved Issues
Learn which issues were resolved in Junos OS main and maintenance releases for QFX Series.
For the most complete and latest information about known Junos OS defects, use the Juniper online Junos Problem Report Search application.
Resolved Issues: 20.1R3
Class of Service (CoS)
Unable to configure policer with bandwidth-limit greater than 50G. PR1575049
The buffer allocation for VCP ports might not get released in the Packet Forwarding Engine after physically moving the port location. PR1581187
EVPN
Traffic might not get load balanced for multiple ESI/VTEP pairs with the underlay aggregated Ethernet interface between leaf and spine. PR1512253
All the ARP reply packets toward some address are flooded across the entire fabric. PR1535515
EVPN-VXLAN registers MAC-move counters under system statistics bridge even though there is no actual MAC-move for the multi-homed clients. PR1538117
Policy with mac-filter-list might not work if you make changes that are unrelated to that policy and commit the changes in the EVPN scenario. PR1567623
Forwarding and Sampling
The l2ald process might crash due to next-hop issue in the EVPN-MPLS. PR1548124
Configuration archive transfer-on-commit fails on Junos OS Release 18.2R3-S6.5. PR1563641
Interfaces and Chassis
The logical interface might flap after the addition or deletion of the native VLAN configuration. PR1539991
MAC address entry issue might be observed after the MC-LAG interface. PR1562535
Traffic loss might occur when you deactivate and activate member links of the ICL or ICCP interface. PR1542840
New added MC-LAGs does not come up after the Routing Engine switchovers. PR1583547
Junos XML API and Scripting
The /var/run/scripts/ directory might be missing during bootup or upgrading the image. PR1543950
Layer 2 Features
The dcpfe process might crash when the logical child interface continuously attaches and detaches. PR1543169
Traffic might be forwarded incorrectly on an interface with VXLAN enabled and the hold-time up xxx statement configured. PR1550918
On the QFX5120 line of switches, packets with VLAN ID 0 are dropped. PR1566850
On the QFX5000 line of switches, software forwarded VXLAN decapsulated packets contains illegal length. PR1574435
On the QFX5110-32Q line of switches, LACP does not come up in the Non-Oversubscribed mode for a set of ports. PR1563171
In the OVSDB VXLAN scenario, inner VLAN tag 8 gets added unexpectedly into the encapsulated Ethernet header. PR1531319
Traffic loop might occur in an MC-LAG scenario. PR1533301
MAC programming issue occurs after deleting the IRB Layer 3 interface configuration from a VLAN configuration. PR1546179
Packets received on a port that is in the LACP Detached and Broadcom STP Blocked states might get forwarded. PR1553570
LACP gets into the Detached state when you delete VLAN on the aggregate interface configured on the SP style. PR1555862
Traffic forwarding for VLAN 2 might not be correct when you remove a VLAN member from the ESI interface. PR1570446
The dcpfe process crashes in the VXLAN scenario. PR1571170
On the QFX5000 line of switches, DF might not forward the BUM traffic. PR1575976
Traffic drop might occur on the aggregated Ethernet interface. PR1585320
Layer 2 Ethernet Services
DHCP packet drop might be observed when the DHCP relay is configured on a leaf device. PR1554992
The DHCP client becomes offline for 120 seconds after the DHCP client sends the DHCPINFORM message in the DHCP relay scenario. PR1575740
DHCP relay drops packets during the DHCP renewal process. PR1576417
Network Management and Monitoring
Slow memory leakage might occur for the snmpd process. PR1575790
Platform and Infrastructure
On the QFX10000 line of switches, the chassisd process might generate core files on the backup Routing Engine after commit for 200 seconds due to the following error message: CHASSISD_MAIN_THREAD_STALLED. PR1481143
The SNMP index in the Packet Forwarding Engine reports as 0, causing sFlow to report either IIF or OIF (not both) as 0 in the sFlow record data at the collector. PR1484322
On the QFX5000 line of switches, multicast traffic loss is observed due to few multicast routes missing in the spine node. PR1510794
The DHCP traffic might not be forwarded correctly when DHCP sends unicast packets. PR1512175
Channelized interfaces might fail to come up. PR1512203
The output of the show chassis forwarding-options command displays incorrect display issue, Virtual Chassis environment, and configured num-65-127-prefix values. PR1512712
On the QFX5100 line of switches, the cprod process timeout triggers high CPU utilization. PR1520956
Packet drops might be seen with all commit events with 1G speed configured interface. PR1524614
Traffic loss might be observed on the interfaces in a VXLAN environment. PR1524955
On the QFX100002 line of switches, the firewall log incorrectly gets populated from the Packet Forwarding Engine. PR1533814
The dcpfe process might crash and cause FPC to restart due to the traffic burst. PR1534340
High rate of ARP or NS packets might be observed between a device that runs Junos OS and host when the device that runs Junos OS receives an ARP or NS packet on an interface in transition. PR1534796
The following Packet Forwarding Engine error message is observed in the BRCM-VIRTUAL: brcm_virtual_tunnel_port_create() ,489: Failed NW vxlan port token(45) hw-id(7026) status(Entry not found). PR1535555
On the QFX5100-48T line of switches, interfaces are not created after 10G channel-speed is applied across the 48 to 53 ports. PR1538340
ARP request might be dropped in a leaf device in a EVPN-VXLAN scenario. PR1539278
The rpd memory leak might be observed on the backup Routing Engine due to the flapping of the link. PR1539601
Unable to take RSI properly due to the authentication error. PR1539654
FPC might not be recognized after power cycle (hard reboot). PR1540107
The Packet Forwarding Engine might crash in the MPLS IPv6-tunneling scenario when the next hop changes. PR1540793
The chip on FPC line card might crash when the system reboots. PR1545455
OSPFv3 session might keep flapping and OSPFv3 hellos might be dropped in the host-path. PR1547032
On the QFX5100 Virtual Chassis, the backup Routing Engines clear the reporting alarm for a PEM failure intermittently for a missing power source. PR1548079
The 40G interface might be channelized after restarting the Virtual Chassis member. PR1548267
The Neighbor Solicitation might be dropped from the peer device. PR1550632
The interface filter with source-port 0 matches everything instead of port 0. PR1551305
The action-shutdown statement of storm control does not work for ARP broadcast packets. PR1552815
Traffic might not pass due to the addition of the VLAN tag 2 while passing through the Virtual Chassis port. PR1555835
Traffic might be dropped when a firewall filter rule uses then vlan as the action. PR1556198
Traffic storm might be caused by analyzer due to link flapping. PR1557274
On the QFX5000 line of switches, the firewall filter might fail to work. PR1558320
On the QFX5120 line of switches, amber LEDs are displayed for the fan modules after upgrading to Junos OS Release 20.2R1. PR1558407
Few IPv6 ARP ND fails after loading the base configurations. PR1560161
When configuring the static MAC and static ARP on the EVPN core aggregate interface the underlay next hop programming might not be updated in the Packet Forwarding Engine. PR1561084
The tunable optics SFP+-10G-T-DWDM-ZR does not work. PR1561181
PTP lock status gets stuck at the Acquiring state instead of the Phase Aligned state. PR1561372
On the QFX5000 line of switches, port mirroring might not work as expected. PR1562607
On the QFX5120 line of switches, storm control with IRB interface might not work correctly. PR1564020
On the QFX5100 line of switches, the following internal comment is displayed: Placeholder for QFX platform configuration. PR1567037
On the QFX10002 line of switches, discrepancy in inet.1 vs Packet Forwarding Engine reported multicast routes. PR1567353
On the QFX10000 line of switches, the firewall log is incorrectly populating from the Packet Forwarding Engine for IPv6 traffic. PR1569120
On the QFX10008 chassis, the dcpfe process generates a core file. PR1572889
On the QFX10000 line of switches, a high rate of 802.3X pause frames are sent out of the Interfaces. PR1575280
The dcpfe process crashes while checking virtual tunnel-nh packet status. PR1580114
On the QFX5120-32C line of switches, the following error is observed: kern.ipc.maxpipekva exceeded; see tuning error. PR1581192
In the QFX10002-72Q line of switches, SNMP walk jnxOperatingEntry displays only two PSU even if four PSU are installed. PR1555852
On the QFX5200 line of switches, the PRBS (Pseudo Random Binary Sequence) test fails for 100GbE interfaces with the default settings. PR1560086
On the QFX10000 line of switches, the firewall filter logs are incorrectly populated the protocol 8847 entries. PR1582780
When deleted aggregated Ethernet member(s) are not getting deleted (mirror trunk group) in the hardware for the analyzer input aggregated Ethernet. PR1589579
The LCMD process might consume memory until all of the free memory available to VMHOST gets exhausted. PR1555386
The dcpfe process might crash after committing the EVPN-VXLAN profile configuration and ARP resolution might fail causing traffic issues. PR1561588
FPC might crash in a scaled-firewall configuration. PR1586817
On the QFX10002 and QFX10008 line of switches, there might be traffic loss after FPC or system reboots. PR1487913
The fxpc process might crash in an EVPN-VXLAN scenario. PR1504778
On the QFX5110 with QSFP+40GE-IR4 line of switches, the unicast connectivity might break. PR1517601
On the QFX5000 line of switches, the ECMP hash function might not take effect and the load balancing might not work. PR1523844
On the QFX10000 line of switches, an enhancement to enable watchdog petting log on line cards is required. PR1527535
The rpd process might crash due to memory leakage. PR1528550
On the QFX5110-32Q line of switches, ports from 20 to 27 might flap when you insert the QSPF-40G transceiver into port 29 to 31. PR1535216
On the QFX10000 line of switches, the Denial of Service (DoS) occurs upon receipt of DVMRP packets received on multi-homing ESI in VXLAN. PR1539194
The commit full command might cause the guest VM to crash. PR1539434
The aggregated Ethernet interface might flap after changing interface configurations. PR1542270
Traffic loops if logical child interface gets added in the case of multihomed SP style in EVPN or VXLAN. PR1543966
On the QFX10000 line of switches, the dcpfe process might crash. PR1546572
On the QFX5000 line of switches, the static MAC on an interface might not work. PR1546655
On the QFX10000 line of switches, ARP might not get resolved on the agrregated Ethernet interface. PR1546712
LACP timeout issue might occur while polling for QSFP diagnostics. PR1549121
The traffic are not load balanced properly in the EVPN overlay-ecmp setup. PR1550020
The dcpfe process might crash due to chip SDK fault. PR1552645
Traffic loss might occur on a VXLAN enabled VLAN. PR1554600
The VGA might be down when you configure the IRB interface with multi VGA addresses. PR1555338
Timestamp discrepancy might occur in the IPFIX packet flows exported. PR1558131
The subscriber management infrastructure daemon (smid) process might get stuck at hundred percent. PR1559402
On the QFX10000-60S-6Q line of switches, the line card takes more than 15 minutes to boot up after triggering the panic or watchdog reboot. PR1559725
The VXLAN queue DDos violation and RARP packets flood might occur if receiving the RARP packets more than the supported DDoS bandwidth. PR1560243
Sampled memory leak might occur when the analyzer is in the Down state. PR1564790
Traffic loss might occur in the MC-LAG scenario. PR1565287
The DF (Designated Forwarder) might not forward traffic. PR1567752
On the QFX10002-60 line of switches, shutting down of one port causes another port to shutdown. PR1568294
The BFD session flaps between the leaf and core during the spine reboot that causes other protocols to flap. PR1568615
The dcpfe process might crash if the Type-5 tunnel fails to install for EVPN-VXLAN. PR1570136
On the QFX10008 and QFX10016 line of switches, traffic loss might occur due to faulty FPC. PR1574779
Port mirroring might not work when the analyzer output is a trunk interface. PR1575129
On the QFX5000 line of switches, analyzer does not work. PR1576327
The IS-IS packet might be corrupted on the provider edge device over the Layer 2 circuit tunnel. PR1580047
The DHCP packets might get dropped if you apply the dyn-dhcpv4_v6_trap dynamic filter on the interface. PR1580352
Multiple crashes with toe_interrupt_errors error message might occur. PR1593025
Routing Policy and Firewall Filters
The policy configuration might be mismatched between the rpd and mgd process when deactivate policy-options prefix-list is involved in the configuration sequence. PR1523891
Routing Protocols
On the QFX 5100-48T-6Q Virtual Chassis or Virtual Chassis fan, the following error message is observed while copying the image to the Virtual Chassis fan member and trying to downgrade the image: rcp for member 14, failed. PR1486632
Traffic might be silently discarded when the BGP route gets deleted, which is part of multipath. PR1514966
The dcpfe process might crash while updating VRF for multicast routes during IRB uninit. PR1546745
The BGP LU session might flap with AIGP-used scenario. PR1558102
On the QFX5110-32Q lien of switches, the following syslog error message is observed after loading the NC T5 EVPN VXLAN configuration: BCM-L2,pfe_bcm_l2_sp_bridge_port_tpid_set() Config TPID New/Old (8100:8100) Other-Tpid's ba49, 4aa0, 80f. PR1558189
The dcpfe process might crash when the size of the Local Bias Filter Bitmap string exceeds 256 characters. PR1568159
The GRE egress traffic might not be forwarded between the different routing-instances. PR1573411
The rpd crash might be observed after committing with static group 224.0.0.0 configured. PR1586631
The dcpfe process might crash when any interface flaps. PR1579736
Traffic might not be forwarding over the ECMP links in the EVPN VXLAN scenario. PR1533925
The BFD sessions over IRB interface gets stuck in the Init state with FRR errors. PR1541851
Multicast traffic with TTL 1 sent across VCP gets dropped. PR1543763
BFD on the Layer 3 sub-interface of the ESI aggregated Ethernet interface might flap when an upstream underlay or overlay BGP flaps. PR1544982
The rpd memory leak might occur in the BGP scenario. PR1547273
On the QFX5000 line of switches, continuous traffic destined to a device configured with MC-LAG, that leads to nodes losing their control connection impacts traffic. PR1552877
A filter could not be installed if the filter has a large scaled number of terms. PR1555337
There might be traffic loss when the GRE interface flaps. PR1566428
Memory leakage might occur in the MSDP scenario. PR1571906
With IGMP snooping implemented, unexpected jitter issues might cause traffic loss. PR1583207
Resolved Issues: 20.1R2
Class of Service (CoS)
PFC feature is not supported with QFX5120 Virtual Chassis due to chip limitation. PR1431895
Traffic might be forwarded to the incorrect queue when a fixed classifier is used. PR1510365
EVPN
The ESI of IRB interfaces does not update after autonomous-system number change if the interface is down. PR1482790
The l2ald memory leakage might be observed in any EVPN scenario. PR1498023
In the EVPN-VXLAN scenario, the l2ald process might crash in a rare condition. PR1501117
The VXLAN function might be broken due to a timing issue. PR1502357
Unable to create a new VTEP interface. PR1520078
ARP table might not be updated in a race condition after performing VMotion or a network loop. PR1521526
Interfaces and Chassis
The MC-LAG configuration-consistency ICL configuration might fail after committing some changes. PR1459201
Traffic might get dropped as the next hop points to ICL even though the local MC-LAG is up. PR1486919
MC-LAG consistency check fails if multiple IRB units are configured with same VRRP group. PR1488681
Error message does not get generated while verifying the GRE limitation. PR1495543
The dcpfe might crash when the ICL is disabled and then enabled. PR1525234
Layer 2 Ethernet Services
Issues with the DHCPv6 relay processing confirm and reply packets are observed. PR1496220
The MC-LAG might be down after disabling and then enabling the force-up configuration. PR1500758
The aggregated Ethernet interface sometimes might not come up after the switch is rebooted. PR1505523
Layer 2 Features
On the QFX5120 switches, the MAC learning might not work correctly. PR1441186
On the QFX5120 switches, the third VLAN tag does not get pushed onto the stack. Instead, it gets swapped. PR1469149
On the QFX5200 switches, the MAC learning rate is degraded by 88 percent. PR1494072
Flow control is enabled in Packet Forwarding Engine irrespective of interface configuration and the fix causes a very small amount of packet loss when a parameter related to an interface such as "interface description" on any port is changed. PR1496766
On the QFX5000 switches, traffic imbalance might be observed if hash-params is not configured. PR1514793
The MAC address in the hardware table might become out of synchronization between the primary and member in Virtual Chassis after the MAC flaps. PR1521324
MPLS
BGP session flaps between two directly connected BGP peers because of the wrong TCP-MSS in use. PR1493431
Platform and Infrastructure
Traceroute monitor with MTR version v.69 shows a false 10 percent loss. PR1493824
The following error message is generated while booting: CMQFX: Error requesting SET BOOLEAN, illegal setting 66. PR1385954
The RIB installation or deletion time consumption is reduced. PR1421250
SFP-LX10 stays down until autonegotiation is disabled. PR1423201
The default logical interface on the channelized physical interface might not get created after ISSU or ISSR. PR1439358
The PMTUD might not work for both IPv4 and IPv6 if the ingress Layer 3 interface is an IRB interface. PR1442587
Members might stay disconnected from the QFX5120-32C/QFX5120-48T Virtual Chassis after a full-stack reboot. PR1453399
Changing the VLAN name associated with the access ports might prevent the MAC addresses from being learned in the EVPN-VXLAN scenario. PR1454095
On the QFX5000 line of switches, the dcpfe process crashes due to the usage of data that is not null getting terminated. PR1454527
QFX5110 switch, the interface on QSFP-100GBASE-SR4 switch (made by Avago) cannot link up. PR1457266
On the QFX5100 switches, the interface output counter is double-counted for self-generated traffic. PR1462748
On the PTX10000 routers, FPCs might restart during runtime. PR1464119
On the EX4600 device, traffic loss might be seen with framing errors or runts if MACsec is configured. PR1469663
On the EX4600 device, DSCP marking might not work as expected if the fixed classifiers are applied to interfaces. PR1472771
ERP might not come up properly when MSTP and ERP are enabled on the same interface. PR1473610
On the QFX5000 line of switches, the Layer 2 circuit might fail to communicate through VLAN 2. PR1474935
The system might stop new MAC learning and impact the Layer 2 traffic forwarding. PR1475005
sFlow does not work correctly if the received traffic goes out of more than one interface. PR1475082
FPC major error is observed after the system boots up or the FPC restarts. PR1475851
On the QFX10002-36Q/72Q switches, the following continuous error messages are logged on the device on getting adoption valid bit[8] asserted: prds_ptc_wait_adoption_status: PECHIP[1] PTC[1]: timeout. PR1477192
Egress port mirroring might not work when the analyzer port and mirrored port belong to a different FPC. PR1477956
SNMP Index in Packet Forwarding Engine reports as 0, causing SFLOW to report either IIF or OIF (not both) as 0 in sflow record data at collector. PR1484322
VLAN creation failure might be observed with the scaled VLAN and Layer 3 configuration. PR1484964
The dcpfe process might generate core files with the non-oversubscribed mode after SDK upgrade. PR1485854
The 10GbE VCP ports will not be active in the QFX51XX and EX46XX Virtual Chassis scenario. PR1486002
On the QFX5120 Virtual Chassis, the output of the show chassis alarm command displays incorrect PEM status after multiple GRES events. PR1486736
QFX5100: If more than one UDF filter/term is configured, then only the first filter/term will be programmed in hardware. This is due to SDK 6.5.16 upgrade. PR1487679
The queue statistics are not as expected after configuring the physical interface and logical interface shaping with the transmit rate and scheduler map. PR1488935
After ISSU or ISSR, a port using SR4 or LR4 optics might not come up. PR1490799
BFD sessions start to flap when the firewall filter in loopback0 is changed. PR1491575
Junos OS: High CPU load due to receipt of specific multicast packets on Layer 2 interface (CVE-2020-1668). PR1491905
Traffic loss could be observed in mixed Virtual Chassis setup of QFX5100 and EX4300. PR1493258
Traffic loss might be seen in an MC-LAG scenario. PR1494507
In the QFX5120 line of switches, the SNMP polling for the CPU utilization and state of the breakup-Routing Engine does not show in the two member Virtual Chassis. PR1495384
Junos OS: PTX Series and QFX Series: Kernel routing table (KRT) queue stuck after J-Flow sampling of a malformed packet (CVE-2020-1679). PR1495788
ARP might not get refreshed after timeout. PR1497209
Virtual Chassis is not stable with 100GbE and 40GbE interfaces. PR1497563
Outbound SSH connection flap or memory leak issue might be observed when pushing the configuration to the ephemeral database at him high rate. PR1497575
On the QFX5210064C switches, the lcmd process generates a core file. PR1497947
Traffic might get dropped if the aggregated Ethernet member interface is deleted or added, or an SFP transceiver of the aggregated Ethernet member interface is unplugged or plugged in. PR1497993
The request-pfe-execute CLI command takes longer than 5 seconds to get a reply in Junos OS Release 18.4 for QFX5100. PR1498092
On the QFX5210 switches, unexpected behavior for port LEDs lights is observed after the upgrade. PR1498175
Inter-VNI and intra-VNI or VRF traffic is dropped between the CE devices when the interfaces connected between the TOR and multihomed PE devices are disabled. PR1498863
On the QFX5100 and QFX5110 line of switches, the firewall filter might not get applied. PR1499647
BFD sessions flap after deactivating or activating the aggregated Ethernet interface or executing GRES. PR1500798
On the QFX5000 switches, ERPS might not work correctly. PR1500825
The error message mpls_extra NULL might be seen during MPLS route add/change/delete operation. PR1502385
The interface becomes physically down after changing to the FEC-none mode. PR1502959
LLDP is not acquired when native-vlan-id and tagged VLAN-ID are the same on a port. PR1504354
"Media type" in show interface command is displayed as "Fiber" for SFP-10G-T. PR1504630
The DMA failure errors might be seen when the cache is full or flushes. PR1504856
The l2cpd process might crash if the ERP configuration is added or removed, and the l2cpd process is restarted. PR1505710
The archival function might fail in certain conditions. PR1507044
The fxpc may crash and restart with an fxpc core file created while installing the image through ZTP. PR1508611
Traffic might be affected on the QFX10002, QFX10008, and QFX10016 platform. PR1509220
ARP replies might be flooded through the EVPN-VXLAN network as unknown unicast ARP reply. PR1510329
The output VLAN push might not work. PR1510629
Multicast traffic loss is observed because of few missing multicast routes in the spine node. PR1510794
The QFX10000-36Q line card used on QFX10008 and QFX10016 platforms may fail to detect any QSFP. PR1511155
In the VXLAN configuration, the firewall filters might not be loaded into the TCAM with the following message due to TCAM overflow after upgrading to Releases 18.1R3-S1, 18.2R1, and later : DFWE ERROR DFW: Cannot program filter. PR1514710
The routes update might fail upon the HMC memory issue and traffic impact might be seen. PR1515092
The100GbE AOC non-breakout port might be auto-channelized to another speed. PR1515487
The MAC learning might not work properly after multiple MTU changes on the access port in the VXLAN scenario. PR1516653
The dcpfe (PFE) process might crash due to memory leak. PR1517030
The vgd process might generate a core file when the OVSDB server restarts. PR1518807
Traffic forwarding might be affected when adding, removing, or modifying the VLAN or VNI configurations such as vlan-id and vni-id, and the ingress-replication configuration. PR1519019
Output interface index in an sFlow packet is zero when transit traffic is observed on the IRB interface with VRRP enabled. PR1521732
On the QFX10002, QFX10008, and QFX10016 switches, the following error message is observed during specific steps while clearing and loading the scaled configuration again: PRDS_SLU_SAL:jprds_slu_sal_update_lrncnt(),1379: jprds_slu_sal_update_lrncnt call failed. PR1522852
Sampling, with the rate limiter command enabled, crosses the sample rate 65,535. PR1525589
The MPLS EXP classifier might not work on QFX10000 platforms. PR1531095
High rate of ARP or NS packets might be observed between a device that runs Junos OS and host when the device that runs Junos OS receives an ARP or NS packet on an interface in transition. PR1534796
Routing Policy and Firewall Filters
The policy configuration might be mismatched between rpd and mgd when deactivate policy-options prefix-list is involved in configuration sequence. PR1523891
Routing Protocols
Flows do not fall back to a single link when the inactivity-interval is set higher than the IFG. PR1471729
The MUX state in the LACP interface does not go to the Collecting and Distributing state and remains in the Attached state after enabling the aggregated Ethernet interface. PR1484523
The FPC process goes to the NotPresent state after upgrading the QFX5100 Virtual Chassis or Virtual Chassis Fan. PR1485612
On QFX 5100-48T-6Q with Virtual Chassis or Virtual Chassis fan, system upgrade/ installation might fail. PR1486632
CPU port queue gets full due to excessive pause frames being received on interfaces; this causes control packets from the CPU to all ports to be dropped. PR1487707
The BGP route target family might prevent the route reflector from reflecting Layer 2 VPN and Layer 3 VPN routes. PR1492743
The rpd process generates core files at rt_nh_resolve_add_gen in
../../../../../../../../src/junos/usr.sbin/rpd/lib/rt/rt_resolve_ind.c:with the evpn-dhcp configurations. PR1494005EX4300-MP/EX4600/QFX5000 Series: High CPU load due to receipt of specific layer 2 frames in EVPN-VXLAN deployment. (CVE-2020-1687) & High CPU load due to receipt of specific Layer 2 frames when deployed in a Virtual Chassis configuration (CVE-2020-1689). PR1495890
Firewall filter does not work in certain conditions in a Virtual Chassis setup. PR1497133
Traffic drop might be observed after modifying the FBF firewall filter. PR1499918
Scale of filters with egress-to-ingress command is enabled. PR1514570
The rpd might report 100% CPU usage with BGP route damping enabled. PR1514635
Firewall "sample" configuration gives the warning as unsupported on QFX10002-36Q and does not work. PR1521763
On the QFX5000 line of switches, the fxpc process might crash if the VXLAN interface flaps. PR1528490
User Interface and Configuration
The version information under the configuration changes from Junos OS Release 19.1 onward. PR1457602
Resolved Issues: 20.1R1
Class of Service (CoS)
Shaping does not work after the reboot if shaping-rate is configured. PR1432078
The traffic is placed in the network-control queue on an extended port even if it comes in with a different DSCP marking. PR1433252
On QFX5120 switches, when you move unicast traffic to a multicast queue through an MF classifer, the show interface queue command does not display any status. PR1459281
EVPN
The rpd might crash with EVPN-related configuration changes in a static VXLAN to MPLS stitching scenario. PR1467309
Forwarding and Sampling
Type 1 ESI/AD route might not be generated locally on an EVPN PE device in the all-active mode. PR1464778
General Routing
On QFX5100 Virtual Chassis, MacDrainTimeOut and bcm_port_update failed: Internal error is observed. PR1284590
The show chassis errors active detail command is not supported on QFX5000 platforms. PR1386255
The 10-Gigabit Ethernet fiber interfaces might flap frequently when they are connected to other vendor's switch. PR1409448
The optic comes with Tx enabled by default. As the port is administratively disabled, the port is stopped but as the port has not been started, it does not disable Tx. PR1411015
Part of routes could not be provided into the Packet Forwarding Engine when both IPv4 and IPv6 are used. PR1412873
The show interface command shows Media type: Fiber on QFX5100-48T switches running "QFX 5e Series" image. PR1419732
Ports might get incorrectly channelized if they are channelized to 10-Gbps and they are again channelized to 10-Gbps. PR1423496
CoS rewrite rules applied under an aggregated Ethernet interface might not take effect after nonstop software upgrade (NSSU). PR1430173
The l2cpd process might crash and generate a core file when interfaces flap. PR1431355
The FPC might crash when a firewall filter is modified. PR1432116
When you plug in an unsupported SFP-T module, the line card might crash. PR1432809
BGP neighborship might not come up if the MACsec feature is configured. PR1438143
QFX5100 Virtual Chassis does not come up after you replace a Virtual Chassis port fiber connection with a DAC cable. PR1440062
MAC addresses learned on RTG might not be aged out after a Virtual Chassis member is rebooted. PR1440574
Packet loss might be seen if IPoIP or MPLS-over-UDP dynamic tunnels are configured with ECMP. PR1446132
On QFX5100 Virtual Chassis, a cyclic redundancy check (CRC) error might be seen on the Virtual Chassis Port (VCP). PR1449406
Except one aggregated Ethernet member link, the other links do not send out sFlow sample packets for ingress traffic. PR1449568
The em0 route might be rejected after the em0 interface is disabled and then enabled. PR1449897
FPC does not restart immediately after rebooting the system. This might cause packet loss. PR1449977
On QFX10000 platforms, CoS classification does not work. PR1450265
The l2ald and eventd process are hogging 100 percent after the clear ethernet-switching table command is issued. PR1452738
The classifier configuration does not get applied to the interface in an EVPN-VXLAN environment. PR1453512
The show chassis led command shows incorrect status. PR1453821
On QFX5100 Virtual chassis, VGD process hogs the CPU without the switch-options vtep-source-interface lo0.0 configuration. PR1454014
On QFX5110 Virtual Chassis, master FPC might come up in master state again after reboot instead of backup. PR1454343
On QFX5000 platform, the dcpfe process crashes because usage of data which is not NULL is terminated. PR1454527
On QFX10002-60C EVPN-VXLAN, the MAC+IP count is shown as zero. PR1454603
On QFX5120 switches, untagged hosts ARP/NS requests connected on encapsulation ethernet-bridge interface are not being resolved. PR1454804
You might not be able to apply a firewall filter to a particular Virtual Chassis or Virtual Chassis Fabric member as TCAM is running out of space. PR1455177
In a 16+ member QFX5100 Virtual Chassis Fabric, the FROM column under the show system users command output reports feb0, feb1, feb2, and feb3 for fpc16, fpc17, fpc18, and fpc19, respectively. PR1455201
The priority-based flow control (PFC) feature does not work on the QFX10000 line of switches. PR1455309
The cosd crash might be observed if the forwarding-class-set is directly applied on the child interface of an aggregated Ethernet interface. PR1455357
Link-up delay and traffic drop might be seen on mixed service provider Layer 2/Layer 3 and enterprise style Layer 2 type configurations. PR1456336
The Packet Forwarding Engine process might crash after Routing Engine switchover on QFX10000 platforms. PR1457414
Overtemperature SNMP trap messages are displayed after an update even though the temperatures are within the system thresholds. PR1457456
On QFX5110 switches, port 51 has one LED blinking amber continuously. PR1457516
On QFX5210 switches, the LED does not light on port 64 and 65 after the switch is upgraded to Junos OS Release 19.2R1. PR1458514
The command show dynamic-tunnels database does not show v6 mapped next-hop flag for 6PE routes that have labels. PR1458634
The BPDU packet might be looped between leaf DF switch and non-DF switch and causes traffic blocking. PR1458929
On QFX5200 switches, DHCPv6 LDRA relay bounded count is not as expected after DHCP is configured. PR1459499
The fxpc process might crash because the BGP IPv6 session flaps. PR1459759
The forwarding option is missed in routing instance type. PR1460181
The accept-source-mac feature with VXLAN is not working on QFX5000 platforms. PR1460885
The statement show forwarding-options enhanced-hash-key is not supported on QFX10000 platforms. PR1462519
The entPhysicalTable MIB is not fetching expected data on QFX10002-72Q or QFX10002-36Q platforms. PR1462582
The fxpc process might generate core files when changing MTU in a VXLAN scenario with firewall filters applied on QFX5000 platforms. PR1462594
On QFX5100 Virtual Chassis or Virtual Chassis Fabric, you observe the BRCM-VIRTUAL,brcm_vxlan_walk_svp(),6916:Failed to find L2-iff for ifl: error while cleaning up EVPN-VXLAN configurations with mini-PDT base configurations. PR1463939
On PTX10000, the FPC might restart during runtime. PR1464119
On QFX10000 platforms, the interface might not come up on FPC restart. PR1464650
QFX5100-24Q: Unable to apply DSCP rewrite to firewall filter to a Layer 3 subinterface (for example, xe-0/0/0.100). PR1464883
PEM is not present spontaneously on QFX5210. PR1465183
On QFX5100-48T switches, a 10-Gigabit Ethernet interface might not come up or negotiate at speed 1-Gbps when connected with BRCM 10G/GbE 2+2P 57800-t rNDC. PR1465196
The QSFP-100G-PSM4 could not be correctly identified on QFX5200 or QFX5110 platforms. PR1465214
The physical interface of an aggregated Ethernet might take time to come up after disabling or enabling it. PR1465302
Junos OS exhibits inconsistent fan and power supply numbering on White Boxs (-O and -OZ) in Release 19.2R1. PR1465327
In a Virtual Chassis scenario, the broadcast and multicast traffic might be dropped over an IRB or a LAG interface. PR1466423
BGP open messages with specific types of BGP optional capabilities causing BMP messages not to be encoded correctly when sent to the BMP collector. PR1466477
On QFX10000 platforms, EBUF parity interrupt is not seen. PR1466532
IPv6 traffic over Layer 3 VPN might fail. PR1466659
Slow packet drops might be seen on QFX5000 platforms. PR1466770
EPR iCRC errors in QFX10000 platforms might cause protocols to be down. PR1466810
A few of the DHCPvX INFORM messages, specific to a particular VLAN, are not receiving any ACK from server. PR1467182
Ingress drops to be included at the CLI from interface statistics and added to InDiscards. PR1468033
Optics measurements might not be streamed for interfaces of a PIC over JTI. PR1468435
MAC address might not be learned on a new extended port after VMotion in a Junos fusion for data center environment. PR1468732
QFX5000 platform is looping the IP routed packet through IS-IS or MPLS. PR1469998
Incorrect counter values are observed for the arrival rate and peak rate for DDoS commands. PR1470385
On QFX5100 and EX4300 mixed-mode Virtual Chassis, unable to configure 10-Mbps speed on the Gigabit Ethernet interface. PR1471216
In a VXLAN scenario on QFX10000 platforms, when a VTEP source interface is configured in multiple routing instances, traffic loss might occur. PR1471465
On QFX5000 platforms, egress PACL size is half. PR1472206
The shaping of CoS does not work after reboot. PR1472223
The detached interface in a LAG might process the xSTP BPDUs. PR1473313
The RIPv2 packets forwarded across a Layer 2 circuit connection might be dropped. PR1473685
On QFX5000 platforms in an EVPN-VXLAN scenario, continuous log messages might be observed. PR1474545
Layer 2 circuit might fail to communicate via VLAN 2 on QFX5000 platforms. PR1474935
DAC cables are not being properly detected in the Packet Forwarding Engine on QFX5200 switches. PR1475249
QFX5000 leaf device might fail to forward the traffic in a multicast environment with VXLAN. PR1475430
QFX Series platform generates the invalid PFE PG counter pairs to copy, src 0xfffff80, dst 0 message. PR1476829
On QFX10002-36Q and QFX10002-72Q switches, generating continuous prds_ptc_wait_adoption_status: PECHIP[1] PTC[1]: timeout on getting adoption valid bit[8] asserted error logs on the device. PR1477192
The remaining interface might be still in downstate even the number of channelized interfaces is no more than five. PR1480480
ARP request packets for unknown hosts might get dropped in a remote PE in an EVPN-VXLAN scenario. PR1480776
On QFX10000 and QFX5000 Series switches with SP style configuration, BUM traffic incorrectly get blocked, while you disable or enable different logical interfaces. PR1482202
After an ISSU or an ISSR, a port using SR4 or LR4 optics might not come up. PR1490799
High Availability (HA) and Resiliency
Unified ISSU is not supported on QFX5000 platforms. PR1472183
Interfaces and Chassis
VRRPv6 state is flapping with init and idle states after configuring vlan-tagging. PR1445370
Traffic might be forwarded to incorrect interfaces in an MC-LAG scenario. PR1465077
On a QFX Series platform, VRRPv3 MIBs are not working to poll VRRPv6-related objects. PR1467649
Executing commit might become unresponsive due to a stuck dcd process. PR1470622
Commit error is not thrown when a member link is added to multiple aggregation groups with different interface-specific options. PR1475634
Junos Fusion Enterprise
Loop detection might not work on extended ports in Junos fusion for enterprise scenarios. PR1460209
Junos Fusion Satellite Software
In Junos fusion for enterprise, dpd might crash on satellite devices running SNOS. PR1460607
Layer 2 Ethernet Services
In an EVPN-VXLAN ERB scenario, dhcp relay-source lo0.1 is not used when enabled with anycast legacy IRB. PR1455076
Member links state might be asychronized on a connection between PE and CE devices in an EVPN A/A scenario. PR1463791
Layer 2 Features
On QFX5100 switches, storm control configuration might be disabled for the interface. PR1354889
Physical layer and MAC/ARP learning might not work for copper base SFP-T transceivers on QFX5100 and QFX5110. PR1437577
The LLDP function might fail when a Juniper device connects to a non-Juniper device. PR1462171
A few MAC addresses might be missing from the software MAC table on QFX5000 platforms. PR1467466
After rebooting, an FXPC core file might be seen when committing the configuration. PR1467763
Ingress traffic might be silently dropped if the underlying interface flaps in an EVPN-VXLAN scenario. PR1469596
Traffic might be affected if composite next hop is enabled. PR1474142
MPLS
On QFX10002 switches, the show mpls static-lsp | display xml command produces invalid XML. PR1469378
Traffic might silently dropped and discarded on PE when CE sends traffic to PE and the destination is resolved with two LSPs through one upstream interface. PR1475395
MPLS LDP ping or traceroute fails over QFX5100 as transit PHP node. PR1477301
Platform and Infrastructure
The stylesheet language alternative syntax (SLAX) script might be lost after upgrading software. PR1479803
Routing Protocols
In a scaled setup, when the host table is full and the host entries are installed in the LPM table, OSPF sessions might take more time to come up. PR1358289
Invalid VRRP mastership election on QFX5110 Virtual Chassis peers. PR1367439
Host-destined packets with filter log action might not reach the Routing Engine if log/syslog is enabled. PR1379718
On QFX5100, BGP IPv4 or IPv6 convergence and RIB install or delete time degraded in Junos OS Releases 19.1R1, 19.2R1, 19.3R1, and 19.4R1. PR1414121
PIM (S, G) joins can cause MSDP to incorrectly announce source active messages in some cases. PR1443713
CRC errors might be seen on QFX5100 Virtual Chassis. PR1444845
The core file might be generated when you add or remove EVPN Type-5 routing instance. PR1455547
On QFX5000 platforms, egress port for ARP entry in the Packet Forwarding Engine is not modified from the VTEP to the local ESI port, after the device boots up.PR1460688
On QFX5100 Virtual Chassis or Virtual Chassis Fabric, the brcm_ipmc_route_counter_delete:3900Multicast stat destroy failed (-10:Operation still running) error is observed after unified ISSU with Mini-PDT base configurations. PR1460791
The other querier present interval timer cannot be changed in an IGMP/MLD snooping scenario. PR1461590
When IRB is deleted on the Layer 3 gateway, the IRB interface does not get removed from the Packet Forwarding Engine and it results in traffic drop in IRB MAC address. PR1463092
The mcsnoopd crash might be seen if one BD/VLAN is configured as part of EVPN and it has any multicast router interfaces (static/dynamic). PR1468737
Traffic might not be forwarded over an ECMP link in an EVPN-VXLAN scenario. PR1475819
ARP packets are always sent to CPU regardless of whether the storm-control is activated. PR1476708
GRE transit traffic is not forwarded in a VRRP scenario. PR1477073
Documentation Updates
This section lists the errata and changes in Junos OS Release 20.1R3 documentation for the QFX Series.
Dynamic Host Configuration Protocol (DHCP)
Introducing DHCP User Guide—Starting in Junos OS Release 20.1R1, we are introducing the DHCP User Guide for Junos OS routing, switching, and security platforms. This guide provides basic configuration details for your Junos OS device as DHCP Server, DHCP client, and DHCP relay agent.
[See DHCP User Guide.]
Migration, Upgrade, and Downgrade Instructions
This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network.
Upgrading Software on QFX Series Switches
When upgrading or downgrading Junos OS, always use the jinstall package. Use other packages (such as the jbundle package) only when so instructed by a Juniper Networks support representative. For information about the contents of the jinstall package and details of the installation process, see the Installation and Upgrade Guide and Junos OS Basics in the QFX Series documentation.
If you are not familiar with the download and installation process, follow these steps:
- In a browser, go to https://www.juniper.net/support/downloads/junos.html.
The Junos Platforms Download Software page appears.
- In the QFX Series section of the Junos Platforms Download Software page, select the QFX Series platform for which you want to download the software.
- Select 20.1 in the Release pull-down list to the right of the Software tab on the Download Software page.
- In the Install Package section of the Software tab, select
the QFX Series Install Package for the 20.1 release.
An Alert box appears.
- In the Alert box, click the link to the PSN document for
details about the software, and click the link to download it.
A login screen appears.
- Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.
- Download the software to a local host.
- Copy the software to the device or to your internal software distribution site.
- Install the new jinstall package on the device.
Note We recommend that you upgrade all software packages out of band using the console, because in-band connections are lost during the upgrade process.
Customers in the United States and Canada use the following command:
user@host> request system software add source/jinstall-host-qfx-5-x86-64-20.1-R2.n-secure-signed.tgz rebootReplace source with one of the following values:
/pathname—For a software package that is installed from a local directory on the switch.For software packages that are downloaded and installed from a remote location:
ftp://hostname/pathnamehttp://hostname/pathnamescp://hostname/pathname(available only for Canada and U.S. version)
Adding the reboot command reboots the switch after the upgrade is installed. When the reboot is complete, the switch displays the login prompt. The loading process can take 5 to 10 minutes.
Rebooting occurs only if the upgrade is successful.
After you install a Junos OS Release 20.1 jinstall package, you can issue the request system software rollback command to return to the previously installed software.
Installing the Software on QFX10002-60C Switches
This section explains how to upgrade the software, which includes
both the host OS and the Junos OS. This upgrade requires that you
use a VM host package—for example, a junos-vmhost-install-x.tgz .
During a software upgrade, the alternate partition of the SSD is upgraded, which will become primary partition after a reboot .If there is a boot failure on the primary SSD, the switch can boot using the snapshot available on the alternate SSD.
The QFX10002-60C switch supports only the 64-bit version of Junos OS.
If you have important files in directories other than /config and /var, copy the files to a secure location before upgrading. The files under /config and /var (except /var/etc) are preserved after the upgrade.
To upgrade the software, you can use the following methods:
If the installation package resides locally on the switch, execute the request vmhost software add <pathname><source> command.
For example:
user@switch> request vmhost software add /var/tmp/junos-vmhost-install-qfx-x86-64-20.1R3.9.tgzIf the Install Package resides remotely from the switch, execute the request vmhost software add <pathname><source> command.
For example:
user@switch> request vmhost software add ftp://ftpserver/directory/junos-vmhost-install-qfx-x86-64-20.1R3.9.tgzAfter the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.
user@switch> show versionInstalling the Software on QFX10002 Switches
If you are upgrading from a version of software that does not have the FreeBSD 10 kernel (15.1X53-D30, for example), you will need to upgrade from Junos OS Release 15.1X53-D30 to Junos OS Release 15.1X53-D32. After you have installed Junos OS Release 15.1X53-D32, you can upgrade to Junos OS Release 15.1X53-D60 or Junos OS Release 18.3R1.
On the switch, use the force-host option to force-install the latest version of the Host OS. However, by default, if the Host OS version is different from the one that is already installed on the switch, the latest version is installed without using the force-host option.
If the installation package resides locally on the switch, execute the request system software add <pathname><source> reboot command.
For example:
user@switch> request system software add /var/tmp/jinstall-host-qfx-10-f-x86-64-20.1R3.n-secure-signed.tgz
rebootIf the Install Package resides remotely from the switch, execute the request system software add <pathname><source> reboot command.
For example:
user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-f-x86-64-20.1R3.n-secure-signed.tgz
rebootAfter the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.
user@switch> show versionUpgrading Software from Junos OS Release 15.1X53-D3X to Junos OS Release 15.1X53-D60, 15.1X53-D61.7, 15.1X53-D62, and 15.1X53-D63 on QFX10008 and QFX10016 Switches
Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://www.juniper.net/support.
The switch contains two Routing Engines, so you will need to install the software on each Routing Engine (re0 and re1).
If the installation package resides locally on the switch, execute the request system software add <pathname><source> command.
To install the software on re0:
user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz
re0If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re0 command.
For example:
user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz
re0To install the software on re1:
user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz
re1If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re1 command.
For example:
user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz
re1Reboot both Routing Engines.
For example:
user@switch> request system reboot both-routing-enginesAfter the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.
user@switch> show versionInstalling the Software on QFX10008 and QFX10016 Switches
Because the switch has two Routing Engines, perform a Junos OS installation on each Routing Engine separately to avoid disrupting network operation.
Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://www.juniper.net/support.
If graceful Routing Engine switchover (GRES), nonstop bridging (NSB), or nonstop active routing (NSR) is enabled when you initiate a software installation, the software does not install properly. Make sure you issue the CLI delete chassis redundancy command when prompted. If GRES is enabled, it will be removed with the redundancy command. By default, NSR is disabled. If NSR is enabled, remove the nonstop-routing statement from the [edit routing-options] hierarchy level to disable it.
Log in to the master Routing Engine’s console.
For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.
From the command line, enter configuration mode:
user@switch> configureDisable Routing Engine redundancy:
user@switch# delete chassis redundancyDisable nonstop-bridging:
user@switch# delete protocols layer2-control nonstop-bridgingSave the configuration change on both Routing Engines:
user@switch# commit synchronizeExit the CLI configuration mode:
user@switch# exitAfter the switch has been prepared, you first install the new Junos OS release on the backup Routing Engine, while keeping the currently running software version on the master Routing Engine. This enables the master Routing Engine to continue operations, minimizing disruption to your network.
After making sure that the new software version is running correctly on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the software version on the other Routing Engine.
Log in to the console port on the other Routing Engine (currently the backup).
For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.
Install the new software package using the request system software add command:
user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-f-x86-64-20.1R3.n-secure-signed.tgzFor more information about the request system software add command, see the CLI Explorer.
Reboot the switch to start the new software using the request system reboot command:
user@switch> request system rebootNote You must reboot the switch to load the new installation of Junos OS on the switch.
To abort the installation, do not reboot your switch. Instead, finish the installation and then issue the request system software delete <package-name> command. This is your last chance to stop the installation.
All the software is loaded when you reboot the switch. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.
While the software is being upgraded, the Routing Engine on which you are performing the installation is not sending traffic.
Log in and issue the show version command to verify the version of the software installed.
user@switch> show versionOnce the software is installed on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the master Routing Engine software.
Log in to the master Routing Engine console port.
For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.
Transfer routing control to the backup Routing Engine:
user@switch> request chassis routing-engine master switchFor more information about the request chassis routing-engine master command, see the CLI Explorer.
Verify that the backup Routing Engine (slot 1) is the master Routing Engine:
user@switch> show chassis routing-engineRouting Engine status:
Slot 0:
Current state Backup
Election priority Master (default)
Routing Engine status:
Slot 1:
Current state Master
Election priority Backup (default)Install the new software package using the request system software add command:
user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-f-x86-64-20.1R3.n-secure-signed.tgzFor more information about the request system software add command, see the CLI Explorer.
Reboot the Routing Engine using the request system reboot command:
user@switch> request system rebootNote You must reboot to load the new installation of Junos OS on the switch.
To abort the installation, do not reboot your system. Instead, finish the installation and then issue the request system software delete jinstall <package-name> command. This is your last chance to stop the installation.
The software is loaded when you reboot the system. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.
While the software is being upgraded, the Routing Engine on which you are performing the installation does not send traffic.
Log in and issue the show version command to verify the version of the software installed.
Transfer routing control back to the master Routing Engine:
user@switch> request chassis routing-engine master switchFor more information about the request chassis routing-engine master command, see the CLI Explorer.
Verify that the master Routing Engine (slot 0) is indeed the master Routing Engine:
user@switch> show chassis routing-engineRouting Engine status:
Slot 0:
Current state Master
Election priority Master (default)
outing Engine status:
Slot 1:
Current state Backup
Election priority Backup (default)
Performing a Unified ISSU
You can use unified ISSU to upgrade the software running on the switch with minimal traffic disruption during the upgrade.
Unified ISSU is supported in Junos OS Release 13.2X51-D15 and later.
Perform the following tasks:
Preparing the Switch for Software Installation
Before you begin software installation using unified ISSU:
Ensure that nonstop active routing (NSR), nonstop bridging (NSB), and graceful Routing Engine switchover (GRES) are enabled. NSB and GRES enable NSB-supported Layer 2 protocols to synchronize protocol information between the master and backup Routing Engines.
To verify that nonstop active routing is enabled:
Note If nonstop active routing is enabled, then graceful Routing Engine switchover is enabled.
user@switch> show task replication Stateful Replication: Enabled RE mode: MasterIf nonstop active routing is not enabled (Stateful Replication is Disabled), see Configuring Nonstop Active Routing on Switches for information about how to enable it.
Enable nonstop bridging (NSB). See Configuring Nonstop Bridging on Switches (CLI Procedure) for information on how to enable it.
(Optional) Back up the system software—Junos OS, the active configuration, and log files—on the switch to an external storage device with the request system snapshot command.
Upgrading the Software Using Unified ISSU
This procedure describes how to upgrade the software running on a standalone switch.
To upgrade the switch using unified ISSU:
Download the software package by following the procedure in the Downloading Software Files with a Browser section in Installing Software Packages on QFX Series Devices.
Copy the software package or packages to the switch. We recommend that you copy the file to the /var/tmp directory.
Log in to the console connection. Using a console connection allows you to monitor the progress of the upgrade.
Start the ISSU:
On the switch, enter:
user@switch> request system software in-service-upgrade /var/tmp/package-name.tgzwhere package-name.tgz is, for example, jinstall-host-qfx-10-f-x86-64-20.1R3.n-secure-signed.tgz.
Note During the upgrade, you cannot access the Junos OS CLI.
The switch displays status messages similar to the following messages as the upgrade executes:
warning: Do NOT use /user during ISSU. Changes to /user during ISSU may get lost! ISSU: Validating Image ISSU: Preparing Backup RE Prepare for ISSU ISSU: Backup RE Prepare Done Extracting jinstall-host-qfx-5-f-x86-64-18.3R1.n-secure-signed.tgz ... Install jinstall-host-qfx-5-f-x86-64-19.2R1.n-secure-signed.tgz completed Spawning the backup RE Spawn backup RE, index 0 successful GRES in progress GRES done in 0 seconds Waiting for backup RE switchover ready GRES operational Copying home directories Copying home directories successful Initiating Chassis In-Service-Upgrade Chassis ISSU Started ISSU: Preparing Daemons ISSU: Daemons Ready for ISSU ISSU: Starting Upgrade for FRUs ISSU: FPC Warm Booting ISSU: FPC Warm Booted ISSU: Preparing for Switchover ISSU: Ready for Switchover Checking In-Service-Upgrade status Item Status Reason FPC 0 Online (ISSU) Send ISSU done to chassisd on backup RE Chassis ISSU Completed ISSU: IDLE Initiate em0 device handoff
Note A unified ISSU might stop, instead of abort, if the FPC is at the warm boot stage. Also, any links that go down and up will not be detected during a warm boot of the Packet Forwarding Engine (PFE).
Note If the unified ISSU process stops, you can look at the log files to diagnose the problem. The log files are located at /var/log/vjunos-log.tgz.
Log in after the reboot of the switch completes. To verify that the software has been upgraded, enter the following command:
user@switch> show versionEnsure that the resilient dual-root partitions feature operates correctly, by copying the new Junos OS image into the alternate root partitions of all of the switches:
user@switch> request system snapshot slice alternateResilient dual-root partitions allow the switch to boot transparently from the alternate root partition if the system fails to boot from the primary root partition.
Upgrade and Downgrade Support Policy for Junos OS Releases
Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.
You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2 and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.
You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.
For more information about EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.