Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for EX Series

 

These release notes accompany Junos OS Release 20.2R1 for the EX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

What's New

Learn about new features introduced in this release for EX Series Switches.

Note

The following EX Series switches are supported in Release 20.2R1: EX2300, EX2300-C, EX3400, EX4300, EX4600, EX4650, EX9200, EX9204, EX9208, EX9214, EX9251, and EX9253.

Authentication, Authorization, and Accounting

  • Retain the authentication session based on DHCP or SLAAC snooping entries (EX2300, EX3400, and EX4300)—Starting in Junos OS Release 20.2R1, you can configure the authenticator to check for a DHCP, DHCPv6, or SLAAC snooping entry before terminating the authentication session when the MAC address ages out. If a snooping entry is present, the authentication session for the end device with that MAC address remains active. This ensures that the end device will be reachable even if the MAC address ages out.

    [See Authentication Session Timeouts.]

EVPN

  • 802.1X authentication with EVPN-VXLAN (EX4300-48MP and EX4300-48MP Virtual Chassis)—Starting in Junos OS Release 20.2R1, EX4300-48MP switches that act as access switches can use 802.1X authentication to protect an EVPN-VXLAN network from unauthorized end devices. EX4300-48MP switches support the following 802.1X authentication features on access and trunk ports:

    • Access ports: single, single-secure, and multiple supplicant modes

    • Trunk ports: single and single-secure supplicant modes

    • Guest VLAN

    • Server fail

    • Server reject

    • Dynamic VLAN

    • Dynamic firewall filters

    • RADIUS accounting

    • Port bounce with Change of Authorization (CoA) requests

    • MAC RADIUS client authentication

    • Central Web Authentication (CWA) with redirect URL

    • Captive portal client authentication

    • Flexible authentication with fallback scenarios

    [See 802.1X Authentication.]

  • Support for firewall filtering on EVPN-VXLAN traffic (EX4300-MP)—Starting with Junos OS Release 20.2R1, you can configure firewall filters and policers on the VXLAN traffic in an EVPN network (EVPN-VXLAN traffic). You set the rules that the devices uses to accept or discard packets by defining the terms for a firewall filter. For filters that you would apply to a port or VLAN, configure firewall filters at the [edit firewall family ethernet-switching] hierarchy level. For filters that you would apply to an IRB interface, configure firewall filters at the [edit firewall family inet] hierarchy level. After a firewall filter is defined, you can then apply it at an interface.

    [See Firewall Filtering and Policing Support for EVPN-VXLAN.]

  • Noncolored SR-TE LSPs with EVPN-MPLS (ACX5448, EX9200, MX Series, and vMX)—Starting in Junos OS Release 20.2R1, ACX5448, EX9200, MX Series, and vMX routers support noncolored static segment routing-traffic engineered (SR-TE) label-switched paths (LSPs) with an EVPN-MPLS core network and the following Layer 2 services running at the edges of the network:

    • E-LAN

    • EVPN-ETREE

    • EVPN-VPWS with E-Line

    Without color, all LSPs resolve using a BGP next hop only.

    The Juniper Networks routers support noncolored SR-TE LSPs in an EVPN-MPLS core network with the following configurations:

    • EVPN running in a virtual switch routing instance

    • Multihoming in active/active and active/standby modes

    The Juniper Networks routers also support noncolored SR-TE LSPs when functioning as a Data Center Interconnect (DCI) device that handles EVPN Type 5 routes.

    [See Static Segment Routing Label Switched Path.]

  • MAC filtering, storm control, and port mirroring support in EVPN-VXLAN overlay networks (EX4300-48MP)—Starting with Junos OS Release 20.2R1, EX4300-48MP switches support the following features in an EVPN-VXLAN overlay network:

    • MAC filtering

    • Storm control

    • Port mirroring and analyzers

    [See MAC Filtering, Storm Control, and Port Mirroring Support in an EVPN-VXLAN Environment.]

  • Layer 2 and 3 families, encapsulation types, and VXLAN on the same physical interface (EX4600)—Starting in Junos OS Release 20.2R1, you can configure and successfully commit the following on a physical interface of an EX4600 switch in an EVPN-VXLAN environment:

    • Layer 2 bridging (family ethernet-switching) on any logical interface unit number (unit 0 and any nonzero unit number).

    • VXLAN on any logical interface unit number (unit 0 and any nonzero unit number).

    • Layer 2 bridging (family ethernet-switching and encapsulation vlan-bridge) on different logical interfaces (unit 0 and any nonzero unit number).

    • Layer 3 IPv4 routing (family inet) and VXLAN on different logical interfaces (unit 0 and any nonzero unit number).

    For these configurations to be successfully committed and work properly, you must specify the encapsulation flexible-ethernet-services configuration statements at the physical interface level—for example, set interfaces xe-0 /0/5 encapsulation flexible-ethernet-services.

    [See Understanding Flexible Ethernet Services Support With EVPN-VXLAN.]

High Availability (HA) and Resiliency

  • Support for failover configuration synchronization for the ephemeral database (EX Series, MX Series, MX Series Virtual Chassis, PTX Series, and QFX Series)—Starting in Junos OS Release 20.2R1, when you configure the commit synchronize statement at the [edit system] hierarchy level in the static configuration database of an MX Series Virtual Chassis or dual Routing Engine device, the backup Routing Engine will synchronize both the static and ephemeral configuration databases when it synchronizes its configuration with the master Routing Engine. This happens, for example, when a backup Routing Engine is newly inserted, comes back online, or changes mastership. On a dual Routing Engine system, the backup Routing Engine synchronizes both configuration databases with the master Routing Engine. In an MX Series Virtual Chassis, the master Routing Engine on the protocol backup synchronizes both configuration databases with the master Routing Engine on the protocol master.

    [See Understanding the Ephemeral Configuration Database.]

Juniper Extension Toolkit (JET)

  • Python 3 support for JET (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.2R1, Junos OS can use Python 3 to execute JET scripts. To enable unsigned JET Python applications that support Python 3 to run on devices running Junos OS, use the set system scripts language python3 command.

    [See language (Scripts), Develop Off-Device JET Applications, and Develop On-Device JET Applications.]

Junos OS XML, API, and Scripting

  • Support for Rest API (EX2300, EX2300-MP, EX3400, EX4300, EX4300-MP, EX4600, EX4650, and EX9200)—Starting in Release 20.2R1, Junos OS supports the REST API on EX2300, EX2300-MP, EX3400, EX4300, EX4300-MP, EX4600, EX4650, and EX9200 switches. The REST API enables you to securely connect to the Junos OS devices, execute remote procedure calls (RPC) commands, use REST API explorer GUI to conveniently experiment with any of the REST APIs, and use a variety of formatting and display options including JavaScript Object Notation (JSON).

    [See REST API Guide.]

Junos Telemetry Interface

  • Network instance (policy) statistics and OpenConfig configuration enhancements on JTI (ACX1100, ACX2100, ACX5448, ACX6360, EX4300, MX240, MX480, MX960, MX10003, PTX10008, PTX10016, QFX5110, and QFX10002)—Junos OS Release 20.2R1 provides enhancements to support the OpenConfig data models openconfig-local-routing.yang and openconfig-network-instance.yang.

    [See Mapping OpenConfig Routing Policy Commands to Junos Configuration and Mapping OpenConfig Network Instance Commands to Junos Operation.]

  • Support for OpenConfig configuration model version 4.0.1 for BGP with JTI (EX2300, EX3400, EX4300, EX4600, and EX9200)— Junos OS Release 20.2R1 provides support for the OpenConfig version 4.0.1 data models openconfig-bgp-neighbor.yang and openconfig-bgp-policy.yang using Junos telemetry interface (JTI) and remote procedure call (gRPC) services. Using JTI and gRPC services, you can stream telemetry statistics to an outside collector.

    The following major resource paths are supported with gRPC and JTI:

    • /network-instances/network-instance/protocols/protocol/bgp/global/

    • /network-instances/network-instance/protocols/protocol/bgp/global/afi-safis/afi-safi/

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/

    • /network-instances/network-instance/protocols/protocol/bgp/peer-groups/peer-group/

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface and OpenConfig Data Model Version.]

  • Support for OpenConfig configuration model version 1.0.0 for local routing with JTI (EX2300, EX3400, EX4300, EX4600, and EX9200)— Junos OS Release 20.2R1 provides support for the OpenConfig version 1.0.0 data model openconfig-local-routing.yang using Junos telemetry interface (JTI) and remote procedure call (gRPC) services. Using JTI and gRPC services, you can stream telemetry statistics to an outside collector.

    The following major resource paths are supported with gRPC and JTI:

    • /local-routes/static-routes/static/

    • /local-routes/local-aggregates/aggregate/

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface and OpenConfig Data Model Version.]

  • Packet Forwarding Engine and Routing Engine sensor support with JTI (EX2300, EX2300-MP, and EX3400)—Starting in Junos OS Release 20.2R1, you can use Junos telemetry interface (JTI) with remote procedure call (gRPC) services to export Packet Forwarding Engine statistics and Routing Engine statistics from EX2300, EX2300-MP, and EX3400 switches to an outside collector. These statistics can also be exported through UDP (native) sensors.

    Supported Packet Forwarding Engine sensors are:

    • Sensor for CPU (ukernel) memory (resource path /junos/system/linecard/cpu/memory/)

    • Sensor for firewall filter statistics (resource path /junos/system/linecard/firewall/)

    • Sensor for physical interface traffic (resource path /junos/system/linecard/interface/)

    • Sensor for logical interface traffic (resource path /junos/system/linecard/interface/logical/usage/). Not supported on EX2300 or 2300-MP switches.

    • Sensor for software-polled queue-monitoring statistics (resource path /junos/system/linecard/qmon-sw/). Not supported on EX2300 or 2300-MP switches.

    Supported Routing Engine sensors are:

    • Sensor for LACP state export (resource path /lacp/)

    • Sensor for chassis environmentals export (resource path /junos/system/components/component/)

    • Sensor for chassis components export (resource path /components/)

    • Sensor for LLDP statistics export (resource path /lldp/interfaces/interface[name='name’]/)

    • Sensor for BGP peer information export (resource path /network-instances/network-instance/protocols/protocol/bgp/). Not supported on EX2300 or 2300-MP switches.

    • Sensor for RPD task memory utilization export (resource path /junos/task-memory-information/)

    • Sensor network discovery ARP table state (resource path /arp-information/)

    • Sensor for network discovery NDP table state (resource path /nd6-information/)

    [See Understanding OpenConfig and gRPC and gNMI on Junos Telemetry Interface, sensor (Junos Telemetry Interface), and Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface.]

Layer 2 Features

  • L2PT support (EX4650 and QFX5120-48Y switches, and QFX5100 and QFX5110 switches and Virtual Chassis)—Starting in Junos OS Release 20.2R1, you can configure Layer 2 protocol tunneling (L2PT) to tunnel any of the following Layer 2 protocols: CDP, E-LMI, GVRP, IEEE 802.1X, IEEE 802.3AH, LACP, LLDP, MMRP, MVRP, STP (including RSTP and MSTP), UDLD, VSTP, and VTP.

    [See Layer 2 Protocol Tunneling.]

Multicast

  • Static multicast route leaking for VRF and virtual router instances (EX4650 and QFX5120-48Y)—Starting with Junos OS Release 20.2R1, you can configure the switch to statically share (leak) IPv4 multicast routes for IGMPv3 (S,G) traffic among different virtual router or virtual routing and forwarding (VRF) instances. You can only leak static multicast routes per group, not per source and group. The destination prefix length must be 32.

    To configure multicast route leaking to the VRF or virtual router instance routing-instance-name, configure the next-table routing-instance-name.inet.0 statement at the [edit routing-instances routing-instance-name routing-options static route destination-prefix/32] hierarchy level.

    [See Understanding Multicast Route Leaking for VRF and Virtual Router Instances.]

  • Multicast-only fast reroute (MoFRR) (EX4650 and QFX5120-48Y)—Starting in Junos OS Release 20.2R1, you can configure MoFRR to minimize multicast packet loss in PIM domains when link failures occur. With MoFRR enabled, the switch maintains primary and backup traffic paths, forwarding traffic from the primary path and dropping traffic from the backup path. If the primary path fails, the switch can quickly start forwarding the backup path stream (which becomes the primary path). The switch creates a new backup path if it detects available alternative paths. MoFRR applies to all multicast (S,G) streams by default, or you can configure a policy for the (S,G) entries where you want MoFRR to apply.

    [See Understanding Multicast-Only Fast Reroute.]

Network Management and Monitoring

  • Python 3 support for YANG scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.2R1, Junos OS uses Python 3 to execute YANG action and translation scripts that are written in Python. Junos OS does not support using Python 2.7 to execute YANG Python scripts as of this release.

    [See Understanding Python Automation Scripts for Devices Running Junos OS.]

  • NETCONF sessions over outbound HTTPS (EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.2R1, the Junos OS with upgraded FreeBSD software image includes a Juniper Extension Toolkit (JET) application that supports establishing a NETCONF session using outbound HTTPS. The JET application establishes a persistent HTTPS connection with a gRPC server over a TLS-encrypted gRPC session and authenticates the NETCONF client using an X.509 digital certificate. A NETCONF session over outbound HTTPS enables you to remotely manage devices that might not be accessible through other protocols, for example, if the device is behind a firewall.

Routing Policy and Firewall Filters

  • Support for MPLS firewall filter on loopback interface (EX4650, QFX5120-32C, and QFX5120-48Y)—Starting with Junos OS Release 20.2R1, you can apply an MPLS firewall filter to a loopback interface on a Label switching router (LSR). For example, you can configure an MPLS packet with ttl=1 along with MPLS qualifiers such as label, exp, and Layer 4 tcp/udp port numbers. Supported actions include accept, discard, and count.

    You configure this feature at the [edit firewall family mpls] hierarchy level. You can only apply a loopback filters on family mpls in the ingress direction.

    [See Overview of MPLS Firewall Filters on Loopback Interface.]

Routing Protocols

  • Support for Layer 2 circuit, Layer 2 VPN, and VPLS services with BGP labeled unicast (MX Series, EX9204, EX9208, EX9214, EX9251, and EX9253 devices)—Starting with Junos OS Release 20.2R1, MX Series, EX9204, EX9208, EX9214, EX9251, and EX9253 devices support BGP PIC Edge protection for Layer 2 circuit, Layer 2 VPN, and VPLS (BGP VPLS, LDP VPLS and FEC 129 VPLS) services with BGP labeled unicast as the transport protocol. BGP PIC Edge using the BGP labeled unicast transport protocol helps to protect traffic failures over border nodes (ABR and ASBR) in multi-domain networks. Multi-domain networks are typically used in metro-aggregation and mobile backhaul networks designs.

    A prerequisite for BGP PIC Edge protection is to program the Packet Forwarding Engine (PFE) with expanded next-hop hierarchy.

    To enable BGP PIC Edge protection, use the following CLI configuration statements:

    • Expand next-hop hierarchy for BGP labeled unicast family:

    • BGP PIC for MPLS load balance nexthops:

    • Fast convergence for Layer 2 circuit and LDP VPLS:

    • Fast convergence for Layer 2 VPN, BGP VPLS, and FEC129:

    [See Load Balancing for a BGP Session.]

Software Installation and Upgrade

  • Zero touch provisioning (ZTP) with IPv6 support (EX3400, EX4300, QFX5100 and QFX5200 switches, MX-Series routers)—Starting in Junos OS Release 20.2R1, ZTP supports the DHCPv6 client. During the bootstrap process, the device first uses the DHCPv4 client to request for information regarding image and configuration file from the DHCP server. The device checks the DHCPv4 bindings sequentially. If there is a failure with one of the DHCPv4 bindings, the device will continue to check for bindings until provisioning is successful. If there are no DHCPv4 bindings, however, the device will check for DHCPv6 bindings and follow the same process as for DHCPv4 until the device can be provisioned successfully. Both DHCPv4 and DHCPv6 clients are included as part of the default configuration on the device.

    The DHCP server uses DHCPv6 options 59 and 17 and applicable suboptions to exchange ZTP-related information between itself and the DHCP client.

    Note

    Only HTTP and HTTPS transport protocols are supported EX3400, EX4300, QFX5100, and QFX5200 devices.

    Note

    This feature is documented but not supported on EX3400, EX4300, QFX5100 and QFX5200 switches, and MX-Series routers in Junos OS Release 20.2R1.

    [See Zero Touch Provisioning.]

What's Changed

Learn about what changed in this release for EX Series Switches.

General Routing

  • Support for full inheritance paths of configuration groups to be built into the database by default (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting with Junos OS Release 20.2R1, the persist-groups-inheritance option at the [edit system commit] hierarchy level is enabled by default. To disable this option, use no-persist-groups-inheritance.

    [See commit (System).]

Juniper Extension Toolkit (JET)

  • PASS keyword required for Python 3 JET applications (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—If you are writing a JET application using Python 3, include the PASS keyword in the Exception block of the script. Otherwise, the application throws an exception when you attempt to run it.

    [See Develop Off-Device JET Applications and Develop On-Device JET Applications.]

  • Updates to IDL for RIB service API bandwidth field (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The IDL for the RouteGateway RIB service API has been updated to document additional rules for the bandwidth field. You must set bandwidth only if a next hop has more than one gateway, and if you set it for one gateway on a next hop, you must set it for all gateways. If you set bandwidth when there is only a single usable gateway, it is ignored. If you set bandwidth for one or more gateways but not all gateways on a next hop, you see the error code BANDWIDTH_USAGE_INVALID.

    [See Juniper EngNet.]

Network Management and Monitoring

  • Junos OS only supports using Python 3 to execute YANG Python scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.2R1, Junos OS uses Python 3 to execute YANG action and translation scripts that are written in Python. In earlier releases, Junos OS uses Python 2.7 to execute these scripts.

    [See Understanding Python Automation Scripts for Devices Running Junos OS.]

Known Limitations

Learn about known limitations in this release for EX Series. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Infrastructure

  • Depending on the actual traffic pattern and the order in which the MACs are learned, the actual MAC DB scale may vary. This is due to the way the MACs are internally stored in the hardware. PR1485319

  • On EX-4300MP, 9000 IPv6 MC routes can be installed. If you try to add more IPv6 MC routes, error messages will be seen. PR1493671

Open Issues

Learn about open issues in Junos OS Release 20.2R1 for EX Series switches. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Authentication and Access Control

  • When a 802.1X session terminates, an event denoting the same was not logged in single supplicant mode. As fix, a new event DOT1XD_USR_SESSION_DISCONNECTED is logged consistently whenever a session terminates irrespective of supplicant mode. DOT1XD_AUTH_SESSION_DELETED events still get generated too but only for multiple and single-secure supplicant modes (as per design). PR1512724

Infrastructure

  • qmon-sw sensor is not supported in EX3400. PR1506710

Interfaces and Chassis

  • On GRES, VSTP port cost on aggregated Ethernet interfaces might get changed, leading to topology change. PR1174213

  • The same IP address could be configured on different logical interfaces from different physical interfaces in the same routing instance (including master routing instance), but only one logical interface was assigned with the identical address after commit. There was no warning during the commit, only syslog messages indicating incorrect configuration. PR1221993

Layer 2 Features

  • GARPs were being sent whenever there was a MAC (fdb) operation (add or delete). This is now updated to send GARP when the interface is up and l3 interface attached to the VLAN. PR1192520

Layer 2 Ethernet Services

  • If forward-only is set within dhcp-reply in a Juniper Networks device as a DHCP relay agent, the DHCP DECLINE packets that are broadcast from the DHCP client are dropped and not forwarded to the DHCP server. PR1429456

  • In a DHCP relay scenario, if the device (DHCP relay) receives a request packet with option 50 where the requested IP address matches the IP address of an existing subscriber session, such request packet would be dropped. In such a case, the subscriber might need more time to get IP address assigned. The subscriber might also remain in this state until its lease expires if it has previously bound with the address in the option 50. PR1435039

  • Sometimes image upgrade through ZTP may fail due to not having enough space on EX3400. Below kb article talks about how to free up the space : KB31198. PR1515013

Platform and Infrastructure

  • EX3400/EX2300 upgrade may fail due to space and the system generates the following messages: /usr/libexec/ui/package: /var/tmp/mchassis-install.tgz: no such filePR1440122

  • On EX9208 switches, 33 percent degradation in MAC learning rate is seen in Junos OS Release 19.3R1 while comparing with Junos OS Release 18.4R1. PR1450729

  • On EX4300 platforms configured with ERP, after multiple devices reboot/restart at the same time, ERP might not revert back to the IDLE state. This issue might be seen in situations where the ERP node-id is not configured manually and after the restart, the default node-id (switch base MAC address) might get reset to 00:00:00:00:00:00, effectively causing multiple devices to have the same node-id. PR1461434

  • On MX series platforms, when a route's next-hop is an IRB interface with lt- as the underlying L2 interface, it is not getting programmed on PFE, resulting in packet drop. PR1494594

  • Chassis connection dropped often in AD-2 while when dot1x clients connect/disconnect. The issue is seen when dot1x clients connect/disconnect. PR1513274

  • After GRES, interfaces may flap due to which DHCP bindings may be lost. PR1515234

  • Craftd messages are generated on MX10003 and MX204 platforms. These platforms do not have a craft interface. Hence these errors are expected, and can safely be ignored. When Craftd daemon tries to open the device, it fails with a junk char in the fatal error message because the error no is not mapped to a string in the kernel code. The following messages are seen: Feb 20 01:49:38 MX craftd[xxxx]: craftd detected platform mx10002 Feb 20 01:49:38 MX craftd[xxxx]: LIBJSNMP_SA_IPC_REG_ROWS: ns_subagent_register_mibs: registering 1 rows Feb 20 01:49:38 MX craftd[xxxx]: fatal error, failed to open smb device: ,JÎÈ"" PR1359929

  • On an EX9208 switch, a few xe- interfaces are going down with the error if_msg_ifd_cmd_tlv_decode ifd xe-0/0/0 #190 down with ASIC Error. PR1377840

  • Unicast RPF check in strict mode might not work properly. PR1417546

  • On the EX9214 device, if the MACsec-enabled link flaps after reboot, the error errorlib_set_error_log(): err_id(-1718026239) is observed. PR1448368

  • In overall commit time, the evaluation of mustd constraints is taking 2 seconds more than usual. This is because the persist-group-inheritance feature has been made a default feature in the latest Junos OS releases. Eventually, this feature helps improve the subsequent commit times for scaled configurations significantly. The persist-group-inheritance feature is useful in customer scenarios where groups and nested groups are used extensively. In those scenarios, the group inheritance paths are not built every time, thus subsequent commits are faster. This issue is seen only with a QFX platform or other low end devices. PR1457939

  • On EX4300 switches, when packets entering a port exceed a size of 144 bytes, they might get dropped in very few cases. PR1464365

  • While verifying Last-change op-state value through XML, rpc-reply message is inappropriate. PR1492449

  • When the NETCONF session is established over outbound ssh, the high rate of pushing the configuration to the ephemeral DB might result in flapping of the outbound SSH connection or a or memory leak issue. PR1497575

  • EX4300-48MP-EX4300-VC: This issue is very rarely seen and is Virtual Chassis specific. For the issue to get triggered, the Lag IRB interface where OSPF is stuck should be present in the Standby switch. The problem state is recovered by rebooting the master and switch is not seen again. PR1498903

  • LLDP packets are not acquired when native-vlan configured is same as tagged vlan-id. PR1504354

Routing Protocols

  • ECDSA256+SHA256 is not used for software integrity checking. PR1504211

Resolved Issues

This section lists the issues fixed in Junos OS Release 20.2R1 for EX Series switches.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Authentication and Access Control

  • EX2300-48MP: Client did not receive captive-portal success page by downloading the ACL parameter as Authentication failed. PR1504818

EVPN

  • The ESI of IRB interfaces does not get updated after an autonomous-system number change if the interface is down. PR1482790

  • The VXLAN function might be broken due to a timing issue after the change in PR 1495098. PR1502357

Infrastructure

  • Kernel core files might be observed if you deactivate the daemon on EX2300/EX3400 platforms. PR1483644

Interfaces and Chassis

  • The MC-LAG configuration-consistency ICL configuration might fail after committing some changes. PR1459201

  • Executing commit might hang up due to a stuck dcd process. PR1470622

  • A stale IP address might be seen after a specific order of configuration changes under a logical-systems scenario. PR1477084

Junos Fusion Enterprise

  • SDPD core files found: vfpc_all_eports_deletion_complete vfpc_dampen_fpc_timer_expiry. PR1454335

  • Loop detection might not work on extended ports in Junos fusion scenarios. PR1460209

Junos Fusion Satellite Software

  • Temperature sensor alarm is seen on EX4300 in a Junos fusion scenario. PR1466324

Layer 2 Features

  • The LLDP function might fail when a Juniper device connects to a non-Juniper one. PR1462171

  • EX4650/QFX5120: QinQ: The third VLAN tag is not pushed onto the stack and SWAP is being done instead. PR1469149

  • Traffic might be affected if composite next hop is enabled. PR1474142

Layer 2 Ethernet Services

  • Member links state might be asychronized on a connection between PE and CE devices in an EVPN active/active scenario. PR1463791

  • Issues with DHCPv6 relay processing Confirm and Reply packets. PR1496220

MPLS

  • BGP session might keep flapping between two directly connected BGP peers because of the wrong TCP-MSS in use. PR1493431

Platform and Infrastructure

  • The IRB traffic might get dropped after mastership switchover. PR1453025

  • The switch might not be able to learn MAC addresses with dot1x and interface-mac-limit configured. PR1470424

  • EX4300: Input firewall filter attached to isolated or community VLANs not matching 802.1p bits on the VLAN header. PR1478240

  • MAC learning under bridge-domain stops after an MC-LAG interface flap. PR1488251

  • The NSSU upgrade might fail on EX4300 switches due to a storage issue in the /var/tmp directory. PR1494963

  • Traffic loss might be seen with framing errors or runts if MACsec is configured on EX4300. PR1502726

  • The MAC Pause frames will be incrementing in the Receive direction if half-duplex mode on 10-Mbps or 100-Mbps speed is configured. PR1452209

  • Link up delay and traffic drop might be seen on mixed SP L2/L3 and EP L2 type configurations. PR1456336

  • MAC addresses learned on RTG may not be aged out after the aging time. PR1461293

  • RTG link faces nearly 20 seconds down during backup node rebooting. PR1461554

  • The jdhcpd process might consume high CPU and no further subscribers can be brought up if there are more than 4000 DHCP relay clients in the MAC move scenario. PR1465277

  • FPCs might get disconnected from the EX3400 Virtual Chassis briefly after a reboot or an upgrade. PR1467707

  • Traffic loss might be seen with framing errors or runts if MACsec is configured on EX4600 or QFX5100 platforms. PR1469663

  • SSH session closes while checking for the show configuration | display set command for both local and nonlocal users. PR1470695

  • The shaping of CoS does not work after reboot. PR1472223

  • CoS 802.1p bits rewrite might not happen in Q-in-Q mode. PR1472350

  • DSCP marking might not work as expected if the fixed classifiers are applied to interfaces on QFX5000 or EX4600 platforms. PR1472771

  • ERP might not come up properly when MSTP and ERP are enabled on the same interface. PR1473610

  • The RIPv2 packets forwarded across a Layer 2 circuit connection might be dropped. PR1473685

  • On EX4300, the output of show security macsec statisitics shows high values incorrectly. PR1476719

  • EX3400 me0 interface might remain down. PR1477165

  • The dhcpd process may crash in a Junos fusion environment. PR1478375

  • Trio based linecard might crash when there is bulk route update failure in a corner case. PR1478392

  • TFTP installation from loader prompt may not succeed on the EX Series devices. PR1480348

  • ARP request packets for an unknown host might get dropped in remote PE in EVPN-VXLAN scenario. PR1480776

  • On EX2300 switches, SNMP traps are not generated when the MAC addresses limit threshold is reached. PR1482709

  • Virtual Chassis ports might go down in a mixed Virtual Chassis setup of QFX5100-24Q-2P/EX4300 and EX4600/EX4300. PR1489985

  • DHCP binding fails while you verify DHCPv4 snooping functionality with P-VLAN with a firewall to block or allow certain IPv4 packets. PR1490689

  • Traffic loss could be observed in a mixed-Virtual Chassis setup of QFX5100 and EX4300. PR1493258

  • Traffic loss could be seen in an MC-LAG scenario on QFX5120 and EX4650. PR1494507

  • Traffic might get dropped if AE member interface is deleted/added or a SFP of the AE member interface is unplugged/plugged. PR1497993

Routing Protocols

  • BGP IPv4/IPv6 convergence and RIB install and delete time is degraded in Junos OS Releases 19.1R1, 19.2R1, 19.3R1, and 19.4R1. PR1414121

  • MUX State in LACP interface does not go to collecting and distributing and remains attached after enabling the ae interface. PR1484523

  • FPC might go to "NotPrsnt" state after upgrading with non-TVP image in VC/VCF setup. PR1485612

  • The BGP route-target family might prevent RR from reflecting Layer 2 VPN and Layer 3 VPN routes. PR1492743

  • Firewall filter could not work in certain conditions in an Virtual Chassis setup. PR1497133

User Interface and Configuration

  • umount: unmount of /.mount/var/val/chroot/packages/mnt/jweb-ex32-d2cf6f6b failed: Device busy message is seen when Junos OS is upgraded with the validate option. PR1478291

Documentation Updates

There are no errata or changes in Junos OS Release 20.2R1 documentation for EX Series switches.

Migration, Upgrade, and Downgrade Instructions

This section contains the upgrade and downgrade support policy for Junos OS for EX Series switches. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network. For information about software installation and upgrade, see the Installation and Upgrade Guide.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 19.3, 19.4, and 20.1 are EEOL releases. You can upgrade from Junos OS Release 19.3 to Release 19.4 or from Junos OS Release 19.3 to Release 20.1.

You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see https://support.juniper.net/support/eol/software/junos/.