Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for the QFX Series

 

These release notes accompany Junos OS Release 20.2R1 for the QFX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

What's New

Learn about new features introduced in the Junos OS main and maintenance releases for QFX Series switches.

Note

The following QFX Series platforms are supported in Release 20.2R1: QFX5100, QFX5110 (32Q and 48S), QFX5120, QFX5200, QFX5210, QFX10002, QFX10002-60C, QFX10008, and QFX10016.

Junos on White Box runs on Accton Edgecore AS7816-64X switches in this release. The software is based on Junos OS running on QFX5210 switches, so release-note items that apply to QFX5210 switches also apply to Junos on White Box.

Authentication, Authorization, and Accounting

  • 802.1X authentication on Layer 3 interfaces (QFX5100, QFX5110, QFX5120, QFX5200, QFX5210, and QFX5220)—Starting in Junos OS Release 20.2R1, 802.1X authentication is supported on Layer 3 interfaces. The 802.1X IEEE standard for port-based network access control authenticates users attached to a LAN port. It blocks all traffic to and from a supplicant (client) at the interface until the supplicant's credentials are presented and matched on the RADIUS authentication server.

    [See 802.1X Authentication.]

Class of Service (CoS)

  • CoS support in EVPN-VXLAN overlay networks (QFX10002, QFX10008, and QFX10016 switches)—Starting with Junos OS Release 20.2R1, QFX10002, QFX10008, and QFX10016 switches support CoS in EVPN-VXLAN overlay networks, namely ingress and egress classification, scheduling, and rewrite rules based on IEEE 802.1p/DSCP code points.

    [See VXLAN Constraints on QFX Series and EX Series Switches.]

EVPN

High Availability (HA) and Resiliency

  • Support for failover configuration synchronization for the ephemeral database (EX Series, MX Series, MX Series Virtual Chassis, PTX Series, and QFX Series)—Starting in Junos OS Release 20.2R1, when you configure the commit synchronize statement at the [edit system] hierarchy level in the static configuration database of an MX Series Virtual Chassis or dual Routing Engine device, the backup Routing Engine will synchronize both the static and ephemeral configuration databases when it synchronizes its configuration with the master Routing Engine. This happens, for example, when a backup Routing Engine is newly inserted, comes back online, or changes mastership. On a dual Routing Engine system, the backup Routing Engine synchronizes both configuration databases with the master Routing Engine. In an MX Series Virtual Chassis, the master Routing Engine on the protocol backup synchronizes both configuration databases with the master Routing Engine on the protocol master.

    [See Understanding the Ephemeral Configuration Database.]

Interfaces and Chassis

  • Support for 100-Gbps and 40-Gbps ports to operate at 10-Gbps or 1-Gbps speed (QFX10002, QFX10008, and QFX10016 switches)—Starting in Junos OS Release 20.2R1, you can use the Mellanox pluggable adapter (model number: MAM1Q00A-QSA) to convert quad-lane based ports to a single-lane based port. The QSA adapter has the QSFP+ form factor with a receptacle for the SFP+ cable connector. Use the QSA adapter to convert a 40GbE or a 100GbE port to a 10GbE or a 1GbE port. You can then plug-in an SFP+ transceiver or an SFP transceiver into the QSA adapter which is inserted into the QSFP+ or QSFP ports of the switch. You can use the commands show chassis hardware and show chassis pic fpc-slot slot-number pic-slot slot-number to view the optics inventory information for the QSFP ports.

    With this adapter, the QSFP Ports on QFX10002, QFX10008 and QFX10016 switches support the following transceiver types— 100-Mbps, 1-Gbps, 10-Gbps SFP+: SR, LR, ER, ZR, CWDM, DAC and T-SFP+.

    Note

    For this adaptor to work on the QSFP+ ports on the QFX10000-36Q line card in the QFX10008, you need to channelize the ports using the CLI command set fpc fpc-slot pic pic-number port port-number port speed 10G.

    [See show chassis hardware and show chassis pic.]

  • Support for multiple speeds and autonegotation (QFX5120-48Y, QFX5110-48S, and QFX5100-48S with JNP-SFPP-10GE-T transceiver)—Starting in Junos OS Release 20.2R1, you can configure your switch to operate at multiple speeds when the JNP-SFPP-10GE-T transceiver is installed.

    On the QFX5110-48S and QFX5100-48S switches, you can configure 100-Mbps, 1-Gbps, and 10-Gbps speeds on the mge-0/0/z port by using the set interfaces mge-0/0/z speed (100m|1g|10g) command. The switch ports operate at the configured speed and they can also switch to a supported lower speed (automatically) with the same transceiver installed, based on peer capability.

    The QFX5120 operates at only two speeds–10 Gbps and 1 Gbps–when this transceiver is installed. By default, the switch comes up with 10-Gbps speed. To operate at 1-Gbps speed, use the set chassis fpc 0 pic 0 port port-number speed 1G command. Due to hardware limitations, you can configure the port-number value only in multiples of four, starting from port 0. You must also configure sets of four consecutive ports (for example, 0-3, 4-7, and so on) to operate at the common speed. After setting 1-Gbps speed, to revert to 10-Gbps speed, simply delete the 1G speed configuration.

    Note

    Only QFX5110-48S and QFX5100-48S switches support the multi-rate Gigabit Ethernet (mge) interface.

    [See speed (Ethernet).]

Juniper Extension Toolkit (JET)

  • Python 3 support for JET (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.2R1, Junos OS can use Python 3 to execute JET scripts. To enable unsigned JET Python applications that support Python 3 to run on devices running Junos OS, use the set system scripts language python3 command.

    [See language (Scripts), Develop Off-Device JET Applications, and Develop On-Device JET Applications.]

Junos Telemetry Interface

  • Network instance (policy) statistics and OpenConfig configuration enhancements on JTI (ACX1100, ACX2100, ACX5448, ACX6360, EX4300, MX240, MX480, MX960, MX10003, PTX10008, PTX10016, QFX5110, and QFX10002)—Junos OS Release 20.2R1 provides enhancements to support the OpenConfig data models openconfig-local-routing.yang and openconfig-network-instance.yang.

    [See Mapping OpenConfig Routing Policy Commands to Junos Configuration and Mapping OpenConfig Network Instance Commands to Junos Operation.]

  • ON-CHANGE BGP peer information statistics support for JTI (MX960, MX2008, MX2010, MX2020, PTX1000, PTX5000, PTX10000, QFX5100, and QFX5200)—Junos OS Release 20.2R1 provides BGP peer sensor support using Junos telemetry interface (JTI) and remote procedure call (gRPC) services or gRPC Network Management Interface (gNMI) services. ON_CHANGE statistics are sent to an outside collector.

    The following resource paths are supported:

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/afi-safis/afi-safi/state/active (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/afi-safis/afi-safi/state/prefixes (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/afi-safis/afi-safi/state/prefixes/received (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/afi-safis/afi-safi/state/prefixes/sent (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/afi-safis/afi-safi/state/prefixes/rejected (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/admin-state (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/established-transitions (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/last-established (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/messages/received/notification (stream)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/messages/received/update (stream)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/messages/sent/notification (stream

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/messages/sent/update (stream)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/session-state (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/supported-capabilities (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/transport/state/local-address (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/transport/state/remote-address (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/transport/state/remote-port (ON_CHANGE)

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

  • EVPN statistics export using JTI (QFX5100, QFX5110, QFX5120, QFX5200, QFX10002-60C, QFX10002, QFX10008, and QFX10016)—Starting in Junos OS Release 20.2R1, you can use Junos telemetry interface (JTI) and using remote procedure call (gRPC) services to export EVPN statistics from devices to an outside collector.

    Use the following sensors to export EVPN statistics:

    • Sensor for instance level statistics (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/)

    • Sensor for route statistics per peer (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/peer/)

    • Sensor for Ethernet segment information (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/ethernet-segment/). This includes EVPN designated forwarder ON_CHANGE leafs esi and designated-forwarder.

    • Sensor for local interface information (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/interfaces/)

    • Sensor for local IRB interface information (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/irb-interfaces/)

    • Sensor for global resource counters and current usage (resource path /junos/evpn/evpn-smet-forwarding/)

    • Sensor for EVPN IP prefix (resource path /junos/evpn/l3-context/)

    • Sensor for EVPN IGMP snooping database (type 6) (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/sg-db/)

    • Sensor for EVPN IGMP join sync (type 7) ad leave sync (type 8) (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/sg-db/sgdb-esi)

    • Sensor to relate selected replicator on AR leaf on QFX5100, QFX5110, QFX5120, and QFX5200 switches (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/assisted-replication/)

    • Sensor for EVPN ON_CHANGE notifications (resource path /network-instances/network-instance[instance-name='name']//protocols/protocol/evpn/ethernet-segment)

    • Sensor for overlay VX-LAN tunnel information (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/vxlan-tunnel-end-point/). This includes VTEP information ON_CHANGE leafs source_ip_address, remote_ip_address, status, mode, nexthop-index, event-type and source-interface.

    • EVPN MAC table information (resource path /network-instances/network-instance[instance-name='name']/mac_db/entries/entry/)

    • Sensor for MAC-IP or ARP-ND table (resource path /network-instances/network-instance[instance-name='name']/macip_db/entries/entry/)

    • Sensor for MAC-IP ON_CHANGE table information (resource path /network-instances/network-instance[name='name']/macip-table-info/). Statistics include leafs learning, aging-time, table-size, proxy-macip, and num-local-entries.

    • Sensor for MAC-IP ON_CHANGE entry information (resource path /network-instances/network-instance[name='name']/macip-table/entries/entry/). Statistics include leafs ip-address, mac-address, vlan-id and vni.

    • Sensor for bridge domain or VLAN information (resource path /network-instances/network-instance[instance-name='name']/bd/)

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface.]

  • CPU statistics support on JTI (MX960, MX2010, MX2020, PTX1000, PTX5000, PTX10000, QFX5100, and QFX5200)—Junos OS Release 20.2R1 supports streaming various CPU statistics and process parameters using remote procedure call (gRPC) or gRPC Network Management Interface (gNMI) services and Junos telemetry interface (JTI). You can stream CPU usage per process (statistics are similar to output from the show system process detail operational mode command), as well as CPU usage per Routing Engine core.

    This feature supports the private data model openconfig-procmon.yang.

    To stream statistics to an outside collector, include the following resource paths in a gRPC or gNMI subscription:

    • Individual process level information (resource path /system/processes/process)

    • Individual Routing Engine core information (resource path /components/component/cpu/)

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

  • Packet Forwarding Engine sensor support with INITIAL_SYNC on JTI (MX960, MX2008, MX2010, MX2020, PTX1000, PTX5000, PTX10000 line of routers, QFX5100, and QFX5200)—Starting in Junos OS Release 20.2R1, you can use Junos telemetry interface (JTI) and gRPC Network Management Interface (gNMI) services to export Packet Forwarding Engine statistics from devices to an outside collector using gNMI submode INITIAL_SYNC. When an external collector sends a subscription request for a sensor with INITIAL_SYNC (gnmi-submode 2), the host sends all supported target leaves (fields) under that resource path at least once to the collector with the current value. This is valuable because:

    • The collector has a complete view of the current state of every field on the device for that sensor path.

    • Event-driven data (ON_CHANGE) is received by the collector at least once before the next event is seen. In this way, the collector is aware of the data state before the next event happens.

    • Packet Forwarding Engine sensors that contain zero counter values (zero-suppressed) that normally do not show up in streamed data are sent, ensuring that all fields from each line card (also referred to as source) are known to the collector.

    Note

    ON_CHANGE data is not available for native (UDP) Packet Forwarding Engine Sensors.

    INITIAL_SYNC submode requires that at least one copy to be sent to the collector; however, sending more than one is acceptable.

    INITIAL_SYNC submode is supported for the following sensors:

    • Sensor for CPU (ukernel) memory (resource path /junos/system/linecard/cpu/memory/)

    • Sensor for firewall filter statistics (resource path /junos/system/linecard/firewall/)

    • Sensor for physical interface traffic (resource path /junos/system/linecard/interface/)

    • Sensor for logical interface traffic (resource path /junos/system/linecard/interface/logical/usage/)

    • Sensor for physical interface queue traffic (resource path /junos/system/linecard/interface/

      queue/
      )

    • Sensor for physical interface traffic except queue statistics (resource path /junos/system/linecard/interface/traffic/)

    • Sensor for NPU memory (resource path /junos/system/linecard/npu/memory/)

    • Sensor for NPU utilization (resource path /junos/system/linecard/npu/utilization/)

    • Sensor for packet statistics (resource path /junos/system/linecard/packet/usage/)

    • Sensor for software-polled queue-monitoring statistics (resource path /junos/system/linecard/qmon-sw/)

    [See Understanding OpenConfig and gRPC and gNMI on Junos Telemetry Interface and Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

Layer 2 Features

  • L2PT support (EX4650 and QFX5120-48Y switches, and QFX5100 and QFX5110 switches and Virtual Chassis)—Starting in Junos OS Release 20.2R1, you can configure Layer 2 protocol tunneling (L2PT) to tunnel any of the following Layer 2 protocols: CDP, E-LMI, GVRP, IEEE 802.1X, IEEE 802.3AH, LACP, LLDP, MMRP, MVRP, STP (including RSTP and MSTP), UDLD, VSTP, and VTP.

    [See Layer 2 Protocol Tunneling.]

Multicast

  • Static multicast route leaking for VRF and virtual router instances (EX4650 and QFX5120-48Y)—Starting with Junos OS Release 20.2R1, you can configure the switch to statically share (leak) IPv4 multicast routes for IGMPv3 (S,G) traffic among different virtual router or virtual routing and forwarding (VRF) instances. You can only leak static multicast routes per group, not per source and group. The destination prefix length must be 32.

    To configure multicast route leaking to the VRF or virtual router instance routing-instance-name, configure the next-table routing-instance-name.inet.0 statement at the [edit routing-instances routing-instance-name routing-options static route destination-prefix/32] hierarchy level.

    [See Understanding Multicast Route Leaking for VRF and Virtual Router Instances.]

  • Multicast-only fast reroute (MoFRR) (EX4650 and QFX5120-48Y)—Starting in Junos OS Release 20.2R1, you can configure MoFRR to minimize multicast packet loss in PIM domains when link failures occur. With MoFRR enabled, the switch maintains primary and backup traffic paths, forwarding traffic from the primary path and dropping traffic from the backup path. If the primary path fails, the switch can quickly start forwarding the backup path stream (which becomes the primary path). The switch creates a new backup path if it detects available alternative paths. MoFRR applies to all multicast (S,G) streams by default, or you can configure a policy for the (S,G) entries where you want MoFRR to apply.

    [See Understanding Multicast-Only Fast Reroute.]

Network Management and Monitoring

  • Python 3 support for YANG scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.2R1, Junos OS uses Python 3 to execute YANG action and translation scripts that are written in Python. Junos OS does not support using Python 2.7 to execute YANG Python scripts as of this release.

    [See Understanding Python Automation Scripts for Devices Running Junos OS.]

  • NETCONF sessions over outbound HTTPS (EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.2R1, the Junos OS with upgraded FreeBSD software image includes a Juniper Extension Toolkit (JET) application that supports establishing a NETCONF session using outbound HTTPS. The JET application establishes a persistent HTTPS connection with a gRPC server over a TLS-encrypted gRPC session and authenticates the NETCONF client using an X.509 digital certificate. A NETCONF session over outbound HTTPS enables you to remotely manage devices that might not be accessible through other protocols, for example, if the device is behind a firewall.

Routing Policy and Firewall Filters

  • Support for MPLS firewall filter on loopback interface (EX4650, QFX5120-32C, and QFX5120-48Y)—Starting with Junos OS Release 20.2R1, you can apply an MPLS firewall filter to a loopback interface on a Label switching router (LSR). For example, you can configure an MPLS packet with ttl=1 along with MPLS qualifiers such as label, exp, and Layer 4 tcp/udp port numbers. Supported actions include accept, discard, and count.

    You configure this feature at the [edit firewall family mpls] hierarchy level. You can only apply a loopback filters on family mpls in the ingress direction.

    [See Overview of MPLS Firewall Filters on Loopback Interface.]

Software Installation and Upgrade

  • Zero touch provisioning (ZTP) with IPv6 support (EX3400, EX4300, QFX5100 and QFX5200 switches, MX-Series routers)—Starting in Junos OS Release 20.2R1, ZTP supports the DHCPv6 client. During the bootstrap process, the device first uses the DHCPv4 client to request for information regarding image and configuration file from the DHCP server. The device checks the DHCPv4 bindings sequentially. If there is a failure with one of the DHCPv4 bindings, the device will continue to check for bindings until provisioning is successful. If there are no DHCPv4 bindings, however, the device will check for DHCPv6 bindings and follow the same process as for DHCPv4 until the device can be provisioned successfully. Both DHCPv4 and DHCPv6 clients are included as part of the default configuration on the device.

    The DHCP server uses DHCPv6 options 59 and 17 and applicable suboptions to exchange ZTP-related information between itself and the DHCP client.

    Note

    Only HTTP and HTTPS transport protocols are supported EX3400, EX4300, QFX5100, and QFX5200 devices.

    Note

    This feature is documented but not supported on EX3400, EX4300, QFX5100 and QFX5200 switches, and MX-Series routers in Junos OS Release 20.2R1.

    [See Zero Touch Provisioning.]

Virtual Chassis

What's Changed

Learn about what changed in Junos OS main and maintenance releases for QFX Series Switches.

General Routing

  • Support for full inheritance paths of configuration groups to be built into the database by default (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting with Junos OS Release 20.2R1, the persist-groups-inheritance option at the [edit system commit] hierarchy level is enabled by default. To disable this option, use no-persist-groups-inheritance.

    [See commit (System).]

Interfaces and Chassis

  • Displaying correct autonegotiation status (QFX5120-48Y)—In Junos OS Release 20.2R1, the show interfaces interface-name <media> <extensive> command displays the autonegotiation status only for the interface that supports autonegotiation. This is applicable when the switch operates at 1-Gbps speed.

    In the earlier Junos Releases, incorrect autonegotiation status was displayed even when the autonegotiation was disabled.

Junos Extension Toolkit

  • PASS keyword required for Python 3 JET applications (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—If you are writing a JET application using Python 3, include the PASS keyword in the Exception block of the script. Otherwise, the application throws an exception when you attempt to run it.

    [See Develop Off-Device JET Applications and Develop On-Device JET Applications.]

  • Updates to IDL for RIB service API bandwidth field (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The IDL for the RouteGateway RIB service API has been updated to document additional rules for the bandwidth field. You must set bandwidth only if a next hop has more than one gateway, and if you set it for one gateway on a next hop, you must set it for all gateways. If you set bandwidth when there is only a single usable gateway, it is ignored. If you set bandwidth for one or more gateways but not all gateways on a next hop, you see the error code BANDWIDTH_USAGE_INVALID.

    [See Juniper EngNet.]

Network Management and Monitoring

  • Junos OS only supports using Python 3 to execute YANG Python scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.2R1, Junos OS uses Python 3 to execute YANG action and translation scripts that are written in Python. In earlier releases, Junos OS uses Python 2.7 to execute these scripts.

    [See Understanding Python Automation Scripts for Devices Running Junos OS.]

Known Limitations

Learn about known limitations in Junos OS Release 20.2R1 for QFX Series Switches. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Class of Service (CoS)

  • On the QFX5100 line of switches, due to major third-party SDK upgrade in Junos OS Release 20.1R1 (from SDK 6.3.7 to 6.5.16), unified ISSU is not supported from any earlier releases to Junos OS Release 20.1 (image : jinstall-qfx-5-*). PR1479439

General Routing

  • In QFX100002, traffic drop during FRR might not be guaranteed to 50ms all the time. PR1486853

  • Observing 100 percent L2 MAC scaling traffic loss in QFX10002-60C platform after loading EVPN-VXLAN collapsed profile configurations. PR1489753

Layer 2 Ethernet Services

  • If configuration or image file name has nonallowed special characters (like #%@) in it, ZTP over HTTP/HTTPS might not work. When HTTP/HTTPS URL is formed to download the file, the URL contains file name in it. HTTP/HTTPS does not expect any special characters in the URL. If special characters are present, the HTTP/HTTPS protocol returns "Bad request". In order to avoid the issue, do not use any nonallowed special characters in the filename. PR1503588

Open Issues

Learn about open issues in Junos OS Release 20.2R1 for QFX Series Switches. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Class of Service (CoS)

  • The priority-based flow control (PFC) feature is not supported on 2-member Virtual Chassis currently because of the hardware limitation. PR1431895

General Routing

  • QFX10000 platform drops the Aruba wireless access point (AP) heartbeat packets. As a result, the Aruba wireless AP cannot work. PR1352805

  • USB upgrade of NOS image is not supported. PR1373900

  • The show chassis fpc command displays an incorrect amount of available memory on a QFX10000 FPCs. PR1394978

  • On QFX10000 Series platform, CPU overuse on PFC might be observed if the adaptive feature is enabled to load-balance for an aggregated Ethernet interface. PR1399369

  • The show chassis fpc reports high CPU utilization in the Steady state. PR1492731

  • With WRL7 on QFX5000 devices there is a possibility in reboot scenario the system going to DB prompt. This is due to a known issue in the QEMU version in WRL7. PR1411826

  • On QFX5110 and QFX5120 platforms, unicast RPF check in strict mode might not work properly. PR1417546

  • IPv6 neighbor solicitation packets for link-local address might be dropped when passing through QFX10002-60C via IRB interface. As a result, hosts inside VLANs could not communicate with each other using link-local addresses. PR1424244

  • The issue occurs because of a PECHIP limitation when underlay is tagged. After de-encapsulation when the inner packet is recirculated it still retains the VLAN tag property from outer header because the outer header was tagged. Thus 4 bytes of inner tag got overwritten in the inner packet and the packet got corrupted, which will result in EGP chksum trap seen in PECHIP. Fixing PECHIP limitation in software has high risk. As a workaround, enable encapsulate-inner-vlan configuration. PR1435864

  • The unified ISSU is not supported on QFX5200 switches and fails from Junos OS Release 17.2X75-D43.2 to some target versions. Also, dcpfe crash might be seen. PR1438690

  • On QFX10000 platforms, in an EVPN-VXLAN (spine-leaf) scenario, the QFX10000 spine switches are configured with VXLAN Layer 3 gateway (utilizing the virtual gateway) on an IRB interface. If you enable and then subsequently remove the VXLAN Layer 3 gateway on this IRB interface on one or some of these spine switches, traffic drop might be observed. As a workaround, configure all virtual gateways with unique IPv4 or IPv6 MAC address. PR1446291

  • On the Junos OS platforms with next-generation Routing Engine installed, the process vehostd might crash without generating a core file and automatic restart of vehostd might fail. The vehostd is a daemon for managing the life cycle of system-critical Junos OS VMs in the system. If the process vehostd gets in crash state, it will impact the management of Junos OS VMs. PR1448413

  • On the QFX5000 line of switches, misleading ISSU logs are printed during the NSSU process even when the box does not perform ISSU. PR1451375

  • Whenever any member in a remote Switch Port Analyzer (RSPAN) VLAN is removed from that VLAN, you must reconfigure the analyzer session for that RSPAN VLAN. PR1452459

  • In overall commit time, the evaluation of mustd constraints is taking 2 seconds more than usual. This is because the persist-group-inheritance feature has been made a default feature in the latest Junos OS releases. Eventually, this feature helps improve the subsequent commit times for scaled configurations significantly. The persist-group-inheritance feature is useful in customer scenarios where groups and nested groups are used extensively. In those scenarios, the group inheritance paths are not built every time, thus subsequent commits are faster. PR1457939

  • VXLAN VNI (multicast learning) scaling on QFX5110 traffic issue is seen from VXLAN tunnel to L2 interface. PR1462548

  • "entPhysicalTable" MIB is not fetching expected data on QFX10002-72Q and QFX10002-36Q platforms. PR1462582

  • On QFX5100 device, interface output counter is double counted for self-generated traffic. PR1462748

  • Dynamic IP-IP tunnels and filter-based IP-IP de-encapsulation filter on loopback interface cannot coexist together. If dynamic IP-IP tunnels were configured earlier, then FPC needs a reboot before it can be used for loopback IP-IP de-encapsulation filter. Also, the loopback interface might contain implicit filters. If these implicit filters get hit, the de-encapsulation filter might not get hit. PR1479613

  • On QFX10002 switches with MC-LAG configurations, traffic drops when you deactivate or activate physical interface trigger. PR1488166

  • When the NETCONF session is established over outbound SSH, the high rate of pushing the configuration to the ephemeral DB might result in outbound SSH connection flap or a memory leak issue. PR1497575

  • On QFX5100, ERPS might not work correctly on branch which as 1473610 fix, due to stp instance programming failure in hardware. PR1500825

  • LLDP packets are not acquired when native-vlan configured is same as tagged vlan-id. PR1504354

  • On QFX5100, fxpc crash might be seen sometimes while installing image through ZTP. PR1508611

High Availability (HA) and Resiliency

  • The QFX5200-32C reboot time is degraded. A flush cache issue is seen because of the reliable SSD disk input/output change made for this platform. PR1511607

Interfaces and Chassis

  • The same IP address could be configured on different logical interfaces from different physical interfaces in the same routing instance (including master routing instance), but only one logical interface was assigned with the identical address after commit. There is no warning during the commit, only syslog messages indicating incorrect configuration. PR1221993

  • Multicast traffic can be flooded for 15 to 20 seconds to both MC-LAG peers, after the following sequence of steps: 1. Disable or enable ICL. 2. Reboot one of MC-LAG peers. 3. Disable or enable a member link of ICL. This results in no traffic loss, and one of the MC-LAG nodes processes duplicate packets during this time period. PR1422473

Layer 2 Ethernet Services

  • If forward-only is set within dhcp-reply in a Juniper Networks device as a DHCP relay agent, the DHCP DECLINE packets that are broadcasted from the DHCP client are dropped and not forwarded to the DHCP server. PR1429456

Layer 2 Features

  • On QFX5120, during new tenant addition, there might be few transient packet drops (2 - 15 packets) for a couple of random intra-VNI traffic streams in an EVPN-VXLAN topology for the existing tenants. The drop is almost negligible and is automatically recovered. PR1455654

  • On QFX5110 and QFX5120 platforms, changing lo0 IP address might sometimes result either in stale entry of IP in mpls_entry table or missing IP entry, which results in traffic drop for VXLAN traffic. PR1472333

Platform and Infrastructure

  • In configurations with IRB interfaces, during times of interface deletion (for example, FPC reboot), the Packet Forwarding Engine might log the error as nh_ucast_change:291Referenced l2ifl not found. This condition should be transient, with the system reconverging on the expected state. PR1054798

  • If interface is newly added as CE interface, existing bum traffic can be looped. Loop prevention features is designed to start working whenever new CE interface is added by configuration. But existing bum traffic can be distributed to new CE interface earlier than enabling of loop prevention feature. PR1493650

Routing Protocols

  • If DDoS protection is disabled on QFX5100 Virtual Chassis and multicast traffic is being sent, the Virtual Chassis might become unstable, with high CPU usage and it might crash eventually, creating FXPC core files. Disabling DDoS protection will disable rate limiting for all host-bound traffic. We do not recommend disabling DDoS protection on the device, because, a high amount of control traffic can overwhelm the system, causing system instability. PR1238875

  • On QFX5100 Virtual Chassis or Virtual Chassis fabric, when the mini-PDT-base configuration is issued, the following error message is seen in the hardware: BRCM_NH-,brcm_nh_bdvlan_ucast_uninstall(), 128:l3 nh 6594 unintsall failed. There is no functionality impact because of this error message. PR1407175

  • BGP route addition and deletion time and BGP, OSPF, and IS-IS link flap convergence time are increased in Junos OS Release 19.4 (forwarding plane). PR1464572

  • With the egress-to-ingress configuration statement, the customer will not be able to configure 2000 scale and the scale is reduced to 1000. PR1514570

Resolved Issues

Learn which issues were resolved in Junos OS main and maintenance releases for QFX Series Switches.

For the most complete and latest information about known Junos OS defects, use the Juniper online Junos Problem Report Search application.

Resolved Issues: 20.2R1

EVPN

  • The ESI of IRB interfaces does not update after autonomous-system number change if the interface is down. PR1482790

  • QFX10002-60C EVPN/VXLAN multicast: The show command issued for the VTEP interface did not show mesh-group id. PR1498052

  • The VXLAN function might be broken due to a timing issue. PR1502357

Class of Service (CoS)

  • Traffic might be forwarded to an incorrect queue when fixed classifier is used. PR1510365

General Routing

  • The following error message is generated while booting: CMQFX: Error requesting SET BOOLEAN, illegal setting 66. PR1385954

  • The configuration statement show chassis errors active detail is not supported for QFK5000 platforms. PR1386255

  • The 10G fiber interfaces might flap frequently when they are connected to other vendor's switch. PR1409448

  • The statement show interface indicates Media type: Fiber on QFX5100-48T running ’-qfx-5e-’ Junos OS image. PR1419732

  • A vmcore is seen on QFX Series Virtual Chassis. PR1421250

  • SFP-LX10 stay down until autonegotiate is disabled. PR1423201

  • The default logical interfaces on channelized physical interfaces might not be created after ISSU/ISSR. PR1439358

  • CRC error might be seen on the VCPs of the QFX5100 Virtual Chassis. PR1449406

  • On QFX5000 no warning or error is shown when dual VLAN tag feature is configured on physical interface. PR1450455

  • Members might stay disconnected from a QFX5120-32C and QFX5120-48T Virtual Chassis after a full-stack reboot. PR1453399

  • Changing the VLAN name associated with access ports might prevent MAC addresses from being learned in an EVPN-VXLAN scenario. PR1454095

  • The cosd crash might be observed if forwarding-class-set is directly applied on the child interface of an aggregated Ethernet interface. PR1455357

  • Telemetry traffic might not be sent out when the telemetry server is reachable through a different routing instance. PR1456282

  • Link up delay and traffic drop might be seen on mixed SP L2/L3 and EP L2 type configurations. PR1456336

  • QFX5110 QSFP-100GBASE-SR4 made by the third party cannot link up. PR1457266

  • An FPC might restart during runtime on the QFX10000 line of devices. PR1464119

  • EPR iCRC errors in QFX10000 platforms might cause protocols to go down. PR1466810

  • A few of DHCP INFORM packets specific to a particular VLAN might be taking the wrong resolve queue. PR1467182

  • Traffic loss might be seen with framing errors or runts if MACsec is configured on EX4600/QFX5100 platforms. PR1469663

  • The speed 10m might not be configured on the GE interface. PR1471216

  • The traffic loss might occur when VTEP source interface is configured in multiple routing instances. PR1471465

  • Egress ACL filter entries will be only 512 in Junos OS Release 19.4R1 on QFX5000. PR1472206

  • The shaping of CoS does not work after reboot. PR1472223

  • DSCP marking might not work as expected if the fixed classifiers are applied to interfaces on QFX5000/EX4600 platforms. PR1472771

  • The detached interface in LAG might process the xSTP BPDUs. PR1473313

  • On QFX5000, the global-mac-table-aging-time statement behavior with multi-homed EVPN-VXLAN ESI. PR1473464

  • ERP might not come up properly when MSTP and ERP are enabled on the same interface. PR1473610

  • The RIPv2 packets forwarded across a L2 circuit connection might be dropped. PR1473685

  • Continuous error log messages might be raised on QFX5000 platforms in EVPN/VXLAN scenario. PR1474545

  • L2 circuit might fail to communicate through VLAN 2 on QFX5000 platforms. PR1474935

  • On QFX Series platforms the system might stop new MAC learning and have impact on Layer 2 traffic forwarding. PR1475005

  • DAC cables are not being properly detected in Packet Forwarding Engine in QFX5200. PR1475249

  • There might be a traffic drop on QFX5110 and QFX5120 switches acting as leaf switches in a multicast environment with VXLAN. PR1475430

  • FPC major error is seen after system boot up or FPC restart. PR1475851

  • QFX Series platforms are exhibiting invalid Packet Forwarding Engine PG counter pairs to copy, src 0xfffff80, dst 0. PR1476829

  • Continuous error logs on the device: prds_ptc_wait_adoption_status: PECHIP[1] PTC[1]: timeout on getting adoption valid bit[8] asserted. PR1477192

  • The default Virtual Chassis MAC persistence timer is incorrectly set to 20 seconds instead of 20 minutes. PR1478905

  • The remaining interface might be still in down state even though the number of channelized interfaces is no more than 5. PR1480480

  • ARP request packets for unknown host might get dropped in remote PE device in EVPN-VXLAN scenario. PR1480776

  • On QFX10000 and QFX5000, in SP style configuration, BUM traffic incorrectly gets blocked, while disabling or enabling a different logical interface. PR1482202

  • On QFX5110, whenever the autonegotation is toggled on the interface, explicitly set the link-mode as well as the speed for the configuration to take effect. PR1484715

  • The dcpfe core file might be seen with non-oversubscribed mode. PR1485854

  • The 10GbE VCP ports will not be active in a QFX5100 Virtual Chassis scenario. PR1486002

  • Virtual Chassis ports might go down in a mixed Virtual Chassis setup of QFX5100-24Q-2P/EX4300 and EX4600/EX4300. PR1489985

  • After ISSU/ISSR, a port using SR4/LR4 optics might not come up. PR1490799

  • BFD sessions start to flap when the firewall filter in the loopback0 is changed. PR1491575

  • Traffic loss could be observed in a mixed Virtual Chassis setup of QFX5100 and EX4300. PR1493258

  • Traffic loss could be seen in a MC-LAG scenario on QFX5120/EX4650. PR1494507

  • SNMP polling for CPU utilization and CPU state of backup Routing Engine does not show in a two-member Virtual Chassis. PR1495384

  • ARP do not get refreshed after timeout on QFX10002-60C. PR1497209

  • Extra carrier transitions are seen on the peer when negative triggers are performed on QFX5100 and QFX5110. PR1497380

  • An lcmd core file might be generated on QFX52100-64C. PR1497947

  • Traffic might get dropped if aggregated Ethernet member interface is deleted and then added or a SFP of the aggregated Ethernet member interface is unplugged/plugged. PR1497993

  • On QFX5210, unexpected behavior is seen for Port LED after upgrade. PR1498175

  • Inter-VNI/VRF and intra-VNI/VRF traffic is dropped between the CE devices when the interfaces connected between TOR and multihomed PE devices are disabled. PR1498863

  • The l2cpd crash might be seen while adding or deleting ERP configuration and then restarting l2cpd. PR1505710

High Availability (HA) and Resiliency

  • Unified ISSU will not be supported for QFX5000 for some versions. PR1472183

Interfaces and Chassis

  • The MC-LAG configuration-consistency ICL-config might fail after committing some changes. PR1459201

  • Executing commit might hang up because dcd process gets stuck. PR1470622

  • Commit error is not thrown when member link is added to multiple aggregation group with different interface specific options. PR1475634

  • MC-LAG consistency check fails if multiple IRB units are configured with the same VRRP group. PR1488681

  • Error message is not getting generated while verifying GRE limitation. PR1495543

Junos Fusion for Enterprise

  • Loop detection might not work on extended ports in Junos fusion scenarios. PR1460209

Layer 2 Ethernet Services

  • EVPN-VXLAN ERB - dhcp relay-source lo0.1 is not used when enabled with anycast legacy IRB. PR1455076

  • Member links state might be asychronized on a connection between PE and CE devices in an EVPN A/A scenario. PR1463791

  • Issues with DHCPv6 relay processing confirm and reply packets. PR1496220

Layer 2 Features

  • MAC learning might not work correctly on QFX5120. PR1441186

  • The LLDP function might fail when a Juniper Networks device connects to a non-Juniper one. PR1462171

  • A few MAC addresses might be missing from the MAC table in software on QFX5000 platform. PR1467466

  • On QFX5120 switches QinQ, the third VLAN tag is not pushed onto the stack and SWAP is being done instead. PR1469149

  • Traffic might be affected if composite next hop is enabled. PR1474142

  • On QFX5200, MAC learning rate is degraded by 88 percent. PR1494072

MPLS

  • Traffic might silently get dropped or discarded on the PE device when the CE device sends traffic to the PE device and the destination is resolved with two LSPs through one upstream interface. PR1475395

  • The traffic might be lost over QFX5100 switch acting as a transit PHP node in the MPLS network. PR1477301

  • BGP session might keep flapping between two directly connected BGP peers because of the incorrect TCP-MSS in use. PR1493431

Platform and Infrastructure

  • The SLAX script might be lost after upgrading software. PR1479803

  • Traceroute monitor with mtr version v.69 shows a false 10 percent loss. PR1493824

Routing Protocols

  • OSPF VRF sessions take a long time to come up when the host table is full and host routes are in LPM table. PR1358289

  • BGP IPv4 or IPv6 convergence and RIB install/delete time degraded in Junos OS Release 19.1R1 and later mainline releases. PR1414121

  • PIM (S,G) joins can cause MSDP to incorrectly announce source-active messages in some cases. PR1443713

  • CRC errors might be seen on QFX5100 Virtual Chassis. PR1444845

  • The core files might occur during adding or removing EVPN Type 5 routing instance. PR1455547

  • [pfe_loadbalance] [pfeloadtag] flows not falling back to single link when inactivity-interval is set higher than IFG. PR1471729

  • Traffic might not be forwarded over ECMP link in EVPN-VXLAN scenario. PR1475819

  • ARP packets are always sent to CPU regardless of whether the storm-control is activated. PR1476708

  • GRE transit traffic is not forwarded in VRRP scenario. PR1477073

  • MUX State in LACP interface does not go to "collecting and distributing" and remains attached after enabling the ae interface. PR1484523

  • FPC might go to "NotPrsnt" state after upgrading with non-QFX5100-24Q image in a Virtual Chassis/Virtual Chassis fabric setup. PR1485612

  • CPU port queue gets full due to excessive pause frames being received on interfaces. This causes control packets from the CPU to all ports to be dropped. PR1487707

  • The BGP route-target family might prevent RR from reflecting L2 VPN and L3 VPN routes. PR1492743

  • The rpd might crash on QFX10000 due to rpd resolver problem of INH. PR1494005

  • Firewall filter might not work in certain conditions under Virtual Chassis setup. PR1497133

  • Traffic drop might be observed after modifying FBF firewall filter. PR1499918

  • Change in x-path output for value "input-updates" in show bgp neighbors. PR1504399

Documentation Updates

There are no errata or changes in Junos OS Release 20.2R1 documentation for the QFX Series Switches.

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network.

Upgrading Software on QFX Series Switches

When upgrading or downgrading Junos OS, always use the jinstall package. Use other packages (such as the jbundle package) only when so instructed by a Juniper Networks support representative. For information about the contents of the jinstall package and details of the installation process, see the Installation and Upgrade Guide and Junos OS Basics in the QFX Series documentation.

If you are not familiar with the download and installation process, follow these steps:

  1. In a browser, go to https://www.juniper.net/support/downloads/junos.html.

    The Junos Platforms Download Software page appears.

  2. In the QFX Series section of the Junos Platforms Download Software page, select the QFX Series platform for which you want to download the software.
  3. Select 20.2 in the Release pull-down list to the right of the Software tab on the Download Software page.
  4. In the Install Package section of the Software tab, select the QFX Series Install Package for the 20.2 release.

    An Alert box appears.

  5. In the Alert box, click the link to the PSN document for details about the software, and click the link to download it.

    A login screen appears.

  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.
  7. Download the software to a local host.
  8. Copy the software to the device or to your internal software distribution site.
  9. Install the new jinstall package on the device.Note

    We recommend that you upgrade all software packages out of band using the console, because in-band connections are lost during the upgrade process.

    Customers in the United States and Canada use the following command:

    user@host> request system software add source/jinstall-host-qfx-5-x86-64-20.2-R1.n-secure-signed.tgz reboot

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the switch.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname (available only for Canada and U.S. version)

    Adding the reboot command reboots the switch after the upgrade is installed. When the reboot is complete, the switch displays the login prompt. The loading process can take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note

After you install a Junos OS Release 20.2 jinstall package, you can issue the request system software rollback command to return to the previously installed software.

Installing the Software on QFX10002-60C Switches

This section explains how to upgrade the software, which includes both the host OS and the Junos OS. This upgrade requires that you use a VM host package—for example, a junos-vmhost-install-x.tgz .

During a software upgrade, the alternate partition of the SSD is upgraded, which will become primary partition after a reboot .If there is a boot failure on the primary SSD, the switch can boot using the snapshot available on the alternate SSD.

Note

The QFX10002-60C switch supports only the 64-bit version of Junos OS.

Note

If you have important files in directories other than /config and /var, copy the files to a secure location before upgrading. The files under /config and /var (except /var/etc) are preserved after the upgrade.

To upgrade the software, you can use the following methods:

If the installation package resides locally on the switch, execute the request vmhost software add <pathname><source> command.

For example:

user@switch> request vmhost software add /var/tmp/junos-vmhost-install-qfx-x86-64-20.2R1.9.tgz

If the Install Package resides remotely from the switch, execute the request vmhost software add <pathname><source> command.

For example:

user@switch> request vmhost software add ftp://ftpserver/directory/junos-vmhost-install-qfx-x86-64-20.2R1.9.tgz

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Installing the Software on QFX10002 Switches

Note

If you are upgrading from a version of software that does not have the FreeBSD 10 kernel (15.1X53-D30, for example), you will need to upgrade from Junos OS Release 15.1X53-D30 to Junos OS Release 15.1X53-D32. After you have installed Junos OS Release 15.1X53-D32, you can upgrade to Junos OS Release 15.1X53-D60 or Junos OS Release 18.3R1.

Note

On the switch, use the force-host option to force-install the latest version of the Host OS. However, by default, if the Host OS version is different from the one that is already installed on the switch, the latest version is installed without using the force-host option.

If the installation package resides locally on the switch, execute the request system software add <pathname><source> reboot command.

For example:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-f-x86-64-20.2R1.n-secure-signed.tgz reboot

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> reboot command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-f-x86-64-20.2R1.n-secure-signed.tgz reboot

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Upgrading Software from Junos OS Release 15.1X53-D3X to Junos OS Release 15.1X53-D60, 15.1X53-D61.7, 15.1X53-D62, and 15.1X53-D63 on QFX10008 and QFX10016 Switches

Note

Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://www.juniper.net/support.

The switch contains two Routing Engines, so you will need to install the software on each Routing Engine (re0 and re1).

If the installation package resides locally on the switch, execute the request system software add <pathname><source> command.

To install the software on re0:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re0

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re0 command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re0

To install the software on re1:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re1

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re1 command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re1

Reboot both Routing Engines.

For example:

user@switch> request system reboot both-routing-engines

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Installing the Software on QFX10008 and QFX10016 Switches

Because the switch has two Routing Engines, perform a Junos OS installation on each Routing Engine separately to avoid disrupting network operation.

Note

Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://www.juniper.net/support.

Warning

If graceful Routing Engine switchover (GRES), nonstop bridging (NSB), or nonstop active routing (NSR) is enabled when you initiate a software installation, the software does not install properly. Make sure you issue the CLI delete chassis redundancy command when prompted. If GRES is enabled, it will be removed with the redundancy command. By default, NSR is disabled. If NSR is enabled, remove the nonstop-routing statement from the [edit routing-options] hierarchy level to disable it.

  1. Log in to the master Routing Engine’s console.

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  2. From the command line, enter configuration mode:

    user@switch> configure
  3. Disable Routing Engine redundancy:

    user@switch# delete chassis redundancy
  4. Disable nonstop-bridging:

    user@switch# delete protocols layer2-control nonstop-bridging
  5. Save the configuration change on both Routing Engines:

    user@switch# commit synchronize
  6. Exit the CLI configuration mode:

    user@switch# exit

    After the switch has been prepared, you first install the new Junos OS release on the backup Routing Engine, while keeping the currently running software version on the master Routing Engine. This enables the master Routing Engine to continue operations, minimizing disruption to your network.

    After making sure that the new software version is running correctly on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the software version on the other Routing Engine.

  7. Log in to the console port on the other Routing Engine (currently the backup).

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  8. Install the new software package using the request system software add command:

    user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-f-x86-64-20.2R1.n-secure-signed.tgz

    For more information about the request system software add command, see the CLI Explorer.

  9. Reboot the switch to start the new software using the request system reboot command:

    user@switch> request system reboot
    Note

    You must reboot the switch to load the new installation of Junos OS on the switch.

    To abort the installation, do not reboot your switch. Instead, finish the installation and then issue the request system software delete <package-name> command. This is your last chance to stop the installation.

    All the software is loaded when you reboot the switch. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.

    While the software is being upgraded, the Routing Engine on which you are performing the installation is not sending traffic.

  10. Log in and issue the show version command to verify the version of the software installed.

    user@switch> show version

    Once the software is installed on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the master Routing Engine software.

  11. Log in to the master Routing Engine console port.

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  12. Transfer routing control to the backup Routing Engine:

    user@switch> request chassis routing-engine master switch

    For more information about the request chassis routing-engine master command, see the CLI Explorer.

  13. Verify that the backup Routing Engine (slot 1) is the master Routing Engine:

    user@switch> show chassis routing-engine
  14. Install the new software package using the request system software add command:

    user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-f-x86-64-20.2R1.n-secure-signed.tgz

    For more information about the request system software add command, see the CLI Explorer.

  15. Reboot the Routing Engine using the request system reboot command:

    user@switch> request system reboot
    Note

    You must reboot to load the new installation of Junos OS on the switch.

    To abort the installation, do not reboot your system. Instead, finish the installation and then issue the request system software delete jinstall <package-name> command. This is your last chance to stop the installation.

    The software is loaded when you reboot the system. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.

    While the software is being upgraded, the Routing Engine on which you are performing the installation does not send traffic.

  16. Log in and issue the show version command to verify the version of the software installed.

  17. Transfer routing control back to the master Routing Engine:

    user@switch> request chassis routing-engine master switch

    For more information about the request chassis routing-engine master command, see the CLI Explorer.

  18. Verify that the master Routing Engine (slot 0) is indeed the master Routing Engine:

    user@switch> show chassis routing-engine

Performing a Unified ISSU

You can use unified ISSU to upgrade the software running on the switch with minimal traffic disruption during the upgrade.

Note

Unified ISSU is supported in Junos OS Release 13.2X51-D15 and later.

Perform the following tasks:

Preparing the Switch for Software Installation

Before you begin software installation using unified ISSU:

  • Ensure that nonstop active routing (NSR), nonstop bridging (NSB), and graceful Routing Engine switchover (GRES) are enabled. NSB and GRES enable NSB-supported Layer 2 protocols to synchronize protocol information between the master and backup Routing Engines.

    To verify that nonstop active routing is enabled:

    Note

    If nonstop active routing is enabled, then graceful Routing Engine switchover is enabled.

    If nonstop active routing is not enabled (Stateful Replication is Disabled), see Configuring Nonstop Active Routing on Switches for information about how to enable it.

  • Enable nonstop bridging (NSB). See Configuring Nonstop Bridging on Switches (CLI Procedure) for information on how to enable it.

  • (Optional) Back up the system software—Junos OS, the active configuration, and log files—on the switch to an external storage device with the request system snapshot command.

Upgrading the Software Using Unified ISSU

This procedure describes how to upgrade the software running on a standalone switch.

To upgrade the switch using unified ISSU:

  1. Download the software package by following the procedure in the Downloading Software Files with a Browser section in Installing Software Packages on QFX Series Devices.

  2. Copy the software package or packages to the switch. We recommend that you copy the file to the /var/tmp directory.

  3. Log in to the console connection. Using a console connection allows you to monitor the progress of the upgrade.

  4. Start the ISSU:

    • On the switch, enter:

      where package-name.tgz is, for example, jinstall-host-qfx-10-f-x86-64-20.1R1.n-secure-signed.tgz.

    Note

    During the upgrade, you cannot access the Junos OS CLI.

    The switch displays status messages similar to the following messages as the upgrade executes:

    Note

    A unified ISSU might stop, instead of abort, if the FPC is at the warm boot stage. Also, any links that go down and up will not be detected during a warm boot of the Packet Forwarding Engine (PFE).

    Note

    If the unified ISSU process stops, you can look at the log files to diagnose the problem. The log files are located at /var/log/vjunos-log.tgz.

  5. Log in after the reboot of the switch completes. To verify that the software has been upgraded, enter the following command:

  6. Ensure that the resilient dual-root partitions feature operates correctly, by copying the new Junos OS image into the alternate root partitions of all of the switches:

    Resilient dual-root partitions allow the switch to boot transparently from the alternate root partition if the system fails to boot from the primary root partition.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 19.3, 19.4, and 20.1 are EEOL releases. You can upgrade from Junos OS Release 19.3 to Release 19.4 or from Junos OS Release 19.3 to Release 20.1.

You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.