Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

ON THIS PAGE

Junos OS Release Notes for the QFX Series

 

These release notes accompany Junos OS Release 20.2R2 for the QFX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

What's New

Learn about new features introduced in the Junos OS main and maintenance releases for QFX Series switches.

Note

The following QFX Series platforms are supported in Release 20.2R1: QFX5100, QFX5110 (32Q and 48S), QFX5120, QFX5200, QFX5210, QFX10002, QFX10002-60C, QFX10008, and QFX10016.

Junos on White Box runs on Accton Edgecore AS7816-64X switches in this release. The software is based on Junos OS running on QFX5210 switches, so release-note items that apply to QFX5210 switches also apply to Junos on White Box.

What’s New in Release 20.2R2

There are no new features or enhancements to existing features for QFX Series Junos OS Release 20.2R2.

What’s New in Release 20.2R1-S1

Flow-Based and Packet-Based Processing

  • Support for user-defined flex hashing for MPLS traffic flows (QFX5210; Accton AS7816 running Junos OS on White Box)—Starting in Junos OS Release 20.2R1-S1, you can configure user-defined flex hashing to load balance MPLS traffic based on TCP or UDP source/destination port information. User-defined flex hashing, which supports protocol versions IPv4 and IPv6, enables you to set byte offsets in packet headers to influence hashing computation. You specify two offsets, each 2 bytes in length, from the first 128 bytes of a packet. Configure the selected bytes to be directly used for hashing or to be used only when the data pattern in these bytes matches with specific values (conditional match). To provide load balancing in spine layers, configure flex hashing and encapsulate the traffic in VXLAN, thus enabling entropy at UDP source ports. At de-encapsulation, configure the no-inner-payload statement to load balance based on the outer UDP header.

    To configure user-defined flex hashing:

    To configure a conditional match (repeat the command below with values for offsets and match data 2-4):

    To enable load balancing on VXLAN transit traffic based on the outer UDP header:

    To troubleshoot, use show forwarding-options enhanced-hash-key.

    Limitations:

    • Use a maximum of two MPLS labels.

    • Use only even values for offset1 and offset2.

    • If you are using conditional matches, configure the conditions before you attach them to the flex-hashing entry.

    • An aggregated Ethernet (AE), or LAG, interface is not supported as an input interface. You can configure input interfaces on LAGs by configuring the same user-defined flex-hashing data and the same conditional-match data on all member interfaces of a LAG interface. Use unique flex-data profile names and unique conditional-data profile names for each member interface—for example:

      • ...enhanced-hash-key conditional-match COND_L1_V6_UDP_SRC_PORT_1...

      • ...enhanced-hash-key conditional-match COND_L1_V6_UDP_SRC_PORT_2...

Software Installation and Upgrade

  • Zero touch provisioning (ZTP) with IPv6 support (EX3400, EX4300, QFX5100 and QFX5200 switches, MX-Series routers)—Starting in Junos OS Release 20.2R1-S1, ZTP supports the DHCPv6 client. During the bootstrap process, the device first uses the DHCPv4 client to request for information regarding image and configuration file from the DHCP server. The device checks the DHCPv4 bindings sequentially. If there is a failure with one of the DHCPv4 bindings, the device will continue to check for bindings until provisioning is successful. If there are no DHCPv4 bindings, however, the device will check for DHCPv6 bindings and follow the same process as for DHCPv4 until the device can be provisioned successfully. Both DHCPv4 and DHCPv6 clients are included as part of the default configuration on the device.

    The DHCP server uses DHCPv6 options 59 and 17 and applicable suboptions to exchange ZTP-related information between itself and the DHCP client.

    Note

    Only HTTP and HTTPS transport protocols are supported on EX3400, EX4300, QFX5100, and QFX5200 devices.

    [See Zero Touch Provisioning.]

What’s New in Release 20.2R1

Hardware

Authentication, Authorization, and Accounting

  • 802.1X authentication on Layer 3 interfaces (QFX5100, QFX5110, QFX5120, QFX5200, QFX5210, and QFX5220)—Starting in Junos OS Release 20.2R1, 802.1X authentication is supported on Layer 3 interfaces. The 802.1X IEEE standard for port-based network access control authenticates users attached to a LAN port. It blocks all traffic to and from a supplicant (client) at the interface until the supplicant's credentials are presented and matched on the RADIUS authentication server.

    [See 802.1X Authentication.]

Class of Service

  • CoS support in EVPN-VXLAN overlay networks (QFX10002, QFX10008, and QFX10016 switches)—Starting with Junos OS Release 20.2R1, QFX10002, QFX10008, and QFX10016 switches support CoS in EVPN-VXLAN overlay networks, namely ingress and egress classification, scheduling, and rewrite rules based on IEEE 802.1p/DSCP code points.

    [See VXLAN Constraints on QFX Series and EX Series Switches.]

EVPN

High Availability (HA) and Resiliency

  • Support for failover configuration synchronization for the ephemeral database (EX Series, MX Series, MX Series Virtual Chassis, PTX Series, and QFX Series)—Starting in Junos OS Release 20.2R1, when you configure the commit synchronize statement at the [edit system] hierarchy level in the static configuration database of an MX Series Virtual Chassis or dual Routing Engine device, the backup Routing Engine will synchronize both the static and ephemeral configuration databases when it synchronizes its configuration with the master Routing Engine. This happens, for example, when a backup Routing Engine is newly inserted, comes back online, or changes roles. On a dual Routing Engine system, the backup Routing Engine synchronizes both configuration databases with the master Routing Engine. In an MX Series Virtual Chassis, the master Routing Engine on the protocol backup synchronizes both configuration databases with the master Routing Engine on the protocol master.

    [See Understanding the Ephemeral Configuration Database.]

Interfaces and Chassis

  • Support for 100-Gbps and 40-Gbps ports to operate at 10-Gbps or 1-Gbps speed (QFX10002, QFX10008, and QFX10016 switches)—Starting in Junos OS Release 20.2R1, you can use the Mellanox pluggable adapter (model number: MAM1Q00A-QSA) to convert quad-lane based ports to a single-lane based port. The QSA adapter has the QSFP+ form factor with a receptacle for the SFP+ cable connector. Use the QSA adapter to convert a 40GbE or a 100GbE port to a 10GbE or a 1GbE port. You can then plug-in an SFP+ transceiver or an SFP transceiver into the QSA adapter which is inserted into the QSFP+ or QSFP ports of the switch. You can use the commands show chassis hardware and show chassis pic fpc-slot slot-number pic-slot slot-number to view the optics inventory information for the QSFP ports.

    With this adapter, the QSFP Ports on QFX10002, QFX10008, and QFX10016 switches support the following transceiver types— 100-Mbps, 1-Gbps, 10-Gbps SFP+: SR, LR, ER, ZR, CWDM, DAC and T-SFP+.

    Note

    For this adapter to work on the QSFP+ ports on the QFX10000-36Q line card in the QFX10008, you need to channelize the ports using the CLI command set fpc fpc-slot pic pic-number port port-number port speed 10G.

    [See show chassis hardware and show chassis pic.]

  • Support for multiple speeds and autonegotiation (QFX5120-48Y, QFX5110-48S, and QFX5100-48S with the JNP-SFPP-10GE-T transceiver)—Starting in Junos OS Release 20.2R1, you can configure your switch to operate at multiple speeds when the JNP-SFPP-10GE-T transceiver is installed.

    On the QFX5110-48S and QFX5100-48S switches, you can configure 100-Mbps, 1-Gbps, and 10-Gbps speeds on the mge-0/0/z port by using the set interfaces mge-0/0/z speed (100m|1g|10g) command. The switch ports operate at the configured speed and they can also switch to a supported lower speed (automatically) with the same transceiver installed, based on peer capability.

    The QFX5120 operates at only two speeds–10 Gbps and 1 Gbps–when this transceiver is installed. By default, the switch comes up with 10-Gbps speed. To operate at 1-Gbps speed, use the set chassis fpc 0 pic 0 port port-number speed 1G command. Due to hardware limitations, you can configure the port-number value only in multiples of four, starting from port 0. You must also configure sets of four consecutive ports (for example, 0-3, 4-7, and so on) to operate at the common speed. After setting 1-Gbps speed, to revert to 10-Gbps speed, simply delete the 1G speed configuration.

    Note

    Only QFX5110-48S and QFX5100-48S switches support the multi-rate Gigabit Ethernet (mge) interface.

    [See speed (Ethernet).]

Juniper Extension Toolkit (JET)

  • Python 3 support for JET (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.2R1, Junos OS can use Python 3 to execute JET scripts. To enable unsigned JET Python applications that support Python 3 to run on devices running Junos OS, use the set system scripts language python3 command.

    [See language (Scripts), Develop Off-Device JET Applications, and Develop On-Device JET Applications.]

Junos Telemetry Interface

  • Network instance (policy) statistics and OpenConfig configuration enhancements on JTI (ACX1100, ACX2100, ACX5448, ACX6360, EX4300, MX240, MX480, MX960, MX10003, PTX10008, PTX10016, QFX5110, and QFX10002)—Junos OS Release 20.2R1 provides enhancements to support the OpenConfig data models openconfig-local-routing.yang and openconfig-network-instance.yang.

    [See Mapping OpenConfig Routing Policy Commands to Junos Configuration and Mapping OpenConfig Network Instance Commands to Junos Operation.]

  • ON-CHANGE BGP peer information statistics support for JTI (MX960, MX2008, MX2010, MX2020, PTX1000, PTX5000, PTX10000, QFX5100, and QFX5200)—Junos OS Release 20.2R1 provides BGP peer sensor support using Junos telemetry interface (JTI) and remote procedure call (gRPC) services or gRPC Network Management Interface (gNMI) services. ON_CHANGE statistics are sent to an outside collector.

    The following resource paths are supported:

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/afi-safis/afi-safi/state/active (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/afi-safis/afi-safi/state/prefixes (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/afi-safis/afi-safi/state/prefixes/received (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/afi-safis/afi-safi/state/prefixes/sent (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/afi-safis/afi-safi/state/prefixes/rejected (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/admin-state (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/established-transitions (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/last-established (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/messages/received/notification (stream)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/messages/received/update (stream)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/messages/sent/notification (stream

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/messages/sent/update (stream)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/session-state (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/supported-capabilities (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/transport/state/local-address (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/transport/state/remote-address (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/transport/state/remote-port (ON_CHANGE)

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

  • EVPN statistics export using JTI (QFX5100, QFX5110, QFX5120, QFX5200, QFX10002-60C, QFX10002, QFX10008, and QFX10016)—Starting in Junos OS Release 20.2R1, you can use Junos telemetry interface (JTI) and using remote procedure call (gRPC) services to export EVPN statistics from devices to an outside collector.

    Use the following sensors to export EVPN statistics:

    • Sensor for instance level statistics (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/)

    • Sensor for route statistics per peer (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/peer/)

    • Sensor for Ethernet segment information (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/ethernet-segment/). This includes EVPN designated forwarder ON_CHANGE leafs esi and designated-forwarder.

    • Sensor for local interface information (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/interfaces/)

    • Sensor for local IRB interface information (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/irb-interfaces/)

    • Sensor for global resource counters and current usage (resource path /junos/evpn/evpn-smet-forwarding/)

    • Sensor for EVPN IP prefix (resource path /junos/evpn/l3-context/)

    • Sensor for EVPN IGMP snooping database (type 6) (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/sg-db/)

    • Sensor for EVPN IGMP join sync (type 7) ad leave sync (type 8) (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/sg-db/sgdb-esi)

    • Sensor to relate selected replicator on AR leaf on QFX5100, QFX5110, QFX5120, and QFX5200 switches (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/assisted-replication/)

    • Sensor for EVPN ON_CHANGE notifications (resource path /network-instances/network-instance[instance-name='name']//protocols/protocol/evpn/ethernet-segment)

    • Sensor for overlay VX-LAN tunnel information (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/vxlan-tunnel-end-point/). This includes VTEP information ON_CHANGE leafs source_ip_address, remote_ip_address, status, mode, nexthop-index, event-type and source-interface.

    • EVPN MAC table information (resource path /network-instances/network-instance[instance-name='name']/mac_db/entries/entry/)

    • Sensor for MAC-IP or ARP-ND table (resource path /network-instances/network-instance[instance-name='name']/macip_db/entries/entry/)

    • Sensor for MAC-IP ON_CHANGE table information (resource path /network-instances/network-instance[name='name']/macip-table-info/). Statistics include leafs learning, aging-time, table-size, proxy-macip, and num-local-entries.

    • Sensor for MAC-IP ON_CHANGE entry information (resource path /network-instances/network-instance[name='name']/macip-table/entries/entry/). Statistics include leafs ip-address, mac-address, vlan-id and vni.

    • Sensor for bridge domain or VLAN information (resource path /network-instances/network-instance[instance-name='name']/bd/)

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface.]

  • CPU statistics support on JTI (MX960, MX2010, MX2020, PTX1000, PTX5000, PTX10000, QFX5100, and QFX5200)—Junos OS Release 20.2R1 supports streaming various CPU statistics and process parameters using remote procedure call (gRPC) or gRPC Network Management Interface (gNMI) services and Junos telemetry interface (JTI). You can stream CPU usage per process (statistics are similar to output from the show system process detail operational mode command), as well as CPU usage per Routing Engine core.

    This feature supports the private data model openconfig-procmon.yang.

    To stream statistics to an outside collector, include the following resource paths in a gRPC or gNMI subscription:

    • Individual process level information (resource path /system/processes/process)

    • Individual Routing Engine core information (resource path /components/component/cpu/)

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

  • Packet Forwarding Engine sensor support with INITIAL_SYNC on JTI (MX960, MX2008, MX2010, MX2020, PTX1000, PTX5000, PTX10000 line of routers, QFX5100, and QFX5200)—Starting in Junos OS Release 20.2R1, you can use Junos telemetry interface (JTI) and gRPC Network Management Interface (gNMI) services to export Packet Forwarding Engine statistics from devices to an outside collector using gNMI submode INITIAL_SYNC. When an external collector sends a subscription request for a sensor with INITIAL_SYNC (gnmi-submode 2), the host sends all supported target leaves (fields) under that resource path at least once to the collector with the current value. This is valuable because:

    • The collector has a complete view of the current state of every field on the device for that sensor path.

    • Event-driven data (ON_CHANGE) is received by the collector at least once before the next event is seen. In this way, the collector is aware of the data state before the next event happens.

    • Packet Forwarding Engine sensors that contain zero counter values (zero-suppressed) that normally do not show up in streamed data are sent, ensuring that all fields from each line card (also referred to as source) are known to the collector.

    Note

    ON_CHANGE data is not available for native (UDP) Packet Forwarding Engine Sensors.

    INITIAL_SYNC submode requires that at least one copy to be sent to the collector; however, sending more than one is acceptable.

    INITIAL_SYNC submode is supported for the following sensors:

    • Sensor for CPU (ukernel) memory (resource path /junos/system/linecard/cpu/memory/)

    • Sensor for firewall filter statistics (resource path /junos/system/linecard/firewall/)

    • Sensor for physical interface traffic (resource path /junos/system/linecard/interface/)

    • Sensor for logical interface traffic (resource path /junos/system/linecard/interface/logical/usage/)

    • Sensor for physical interface queue traffic (resource path /junos/system/linecard/interface/

      queue/      )

    • Sensor for physical interface traffic except queue statistics (resource path /junos/system/linecard/interface/traffic/)

    • Sensor for NPU memory (resource path /junos/system/linecard/npu/memory/)

    • Sensor for NPU utilization (resource path /junos/system/linecard/npu/utilization/)

    • Sensor for packet statistics (resource path /junos/system/linecard/packet/usage/)

    • Sensor for software-polled queue-monitoring statistics (resource path /junos/system/linecard/qmon-sw/)

    [See Understanding OpenConfig and gRPC and gNMI on Junos Telemetry Interface and Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

Layer 2 Features

  • L2PT support (EX4650 and QFX5120-48Y switches, and QFX5100 and QFX5110 switches and Virtual Chassis)—Starting in Junos OS Release 20.2R1, you can configure Layer 2 protocol tunneling (L2PT) to tunnel any of the following Layer 2 protocols: CDP, E-LMI, GVRP, IEEE 802.1X, IEEE 802.3AH, LACP, LLDP, MMRP, MVRP, STP (including RSTP and MSTP), UDLD, VSTP, and VTP.

    [See Layer 2 Protocol Tunneling.]

Multicast

  • Static multicast route leaking for VRF and virtual router instances (EX4650 and QFX5120-48Y)—Starting with Junos OS Release 20.2R1, you can configure the switch to statically share (leak) IPv4 multicast routes for IGMPv3 (S,G) traffic among different virtual router or virtual routing and forwarding (VRF) instances. You can only leak static multicast routes per group, not per source and group. The destination prefix length must be 32.

    To configure multicast route leaking to the VRF or virtual router instance routing-instance-name, configure the next-table routing-instance-name.inet.0 statement at the [edit routing-instances routing-instance-name routing-options static route destination-prefix/32] hierarchy level.

    [See Understanding Multicast Route Leaking for VRF and Virtual Router Instances.]

  • Multicast-only fast reroute (MoFRR) (EX4650 and QFX5120-48Y)—Starting in Junos OS Release 20.2R1, you can configure MoFRR to minimize multicast packet loss in PIM domains when link failures occur. With MoFRR enabled, the switch maintains primary and backup traffic paths, forwarding traffic from the primary path and dropping traffic from the backup path. If the primary path fails, the switch can quickly start forwarding the backup path stream (which becomes the primary path). The switch creates a new backup path if it detects available alternative paths. MoFRR applies to all multicast (S,G) streams by default, or you can configure a policy for the (S,G) entries where you want MoFRR to apply.

    [See Understanding Multicast-Only Fast Reroute.]

Network Management and Monitoring

  • Python 3 support for YANG scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.2R1, Junos OS uses Python 3 to execute YANG action and translation scripts that are written in Python. Junos OS does not support using Python 2.7 to execute YANG Python scripts as of this release.

    [See Understanding Python Automation Scripts for Devices Running Junos OS.]

  • NETCONF sessions over outbound HTTPS (EX Series, MX Series, PTX1000, PTX3000, PTX5000, PTX10001, PTX10002, PTX10008, PTX10016, QFX Series, SRX1500, SRX4100, SRX4200, SRX4600, SRX5400, SRX5600, SRX5800, and vSRX)—Starting in Junos OS Release 20.2R1, the Junos OS with upgraded FreeBSD software image includes a Juniper Extension Toolkit (JET) application that supports establishing a NETCONF session using outbound HTTPS. The JET application establishes a persistent HTTPS connection with a gRPC server over a TLS-encrypted gRPC session and authenticates the NETCONF client using an X.509 digital certificate. A NETCONF session over outbound HTTPS enables you to remotely manage devices that might not be accessible through other protocols, for example, if the device is behind a firewall.

    [See NETCONF Sessions over Outbound HTTPS.]

Routing Policy and Firewall Filters

  • Support for MPLS firewall filter on loopback interface (EX4650, QFX5120-32C, and QFX5120-48Y)—Starting with Junos OS Release 20.2R1, you can apply an MPLS firewall filter to a loopback interface on a label-switching router (LSR). For example, you can configure an MPLS packet with ttl=1 along with MPLS qualifiers such as label, exp, and Layer 4 tcp/udp port numbers. Supported actions include accept, discard, and count.

    You configure this feature at the [edit firewall family mpls] hierarchy level. You can only apply a loopback filters on family mpls in the ingress direction.

    [See Overview of MPLS Firewall Filters on Loopback Interface.]

Virtual Chassis

  • Virtual Chassis with NSSU support (QFX5120-48T)—Starting in Junos OS Release 20.2R1, you can interconnect two QFX5120-48T switches into a Virtual Chassis that operates as one logical device managed as a single chassis. The Virtual Chassis:

    • Has both switches in Routing Engine role (one master and one backup)

    • Supports 100GbE QSFP28 or 40GbE QSFP+ ports (48 through 53) as Virtual Chassis ports (VCPs)

    • Supports NSSU

    A QFX5120-48T Virtual Chassis supports the same protocols and features as a standalone switch in Junos OS Release 20.2R1 except for the following:

    • EVPN-VXLAN

    • Junos telemetry interface (JTI)

    • Multichassis link aggregation (MC-LAG)

    • Priority-based flow control (PFC)

    Configuration parameters and operation are the same as for other non-mixed QFX Series Virtual Chassis.

    [See Virtual Chassis Overview for Switches.]

  • 802.1X authentication, Layer 2 port security, and MPLS support in a Virtual Chassis (QFX5120-48Y Virtual Chassis)—Starting in Junos OS Release 20.2R1, the following protocol features are supported on a QFX5120-48Y Virtual Chassis:

    • IEEE 802.1X authentication

    • Layer 2 port security features, including IP source guard, IPv6 router advertisement (RA) guard, DHCP, and DHCP snooping

    • MPLS

    Configuration and operation are the same on the Virtual Chassis as on the standalone switch.

    [See 802.1X Authentication, MPLS Overview, DHCP Snooping, Understanding DHCP Snooping (ELS), Understanding IP Source Guard for Port Security on Switches, and Understanding IPv6 Router Advertisement Guard.]

What's Changed

Learn about what changed in Junos OS main and maintenance releases for QFX Series Switches.

What’s Changed in Release 20.2R2

Platform and Infrastructure

  • Control plane DDoS protection packet type option for ARP traffic (PTX Series and QFX Series)— Starting in this release, the arp-snoop packet type option in the edit system ddos-protection protocols arp protocol group is renamed simply arp. This packet type option enables you to change default control plane DDoS protection policer parameters for ARP traffic. After this change, the edit system ddos-protection protocols arp protocol group includes aggregate, arp, and unclassified packet type options.

    See protocols (DDoS) (PTX Series and QFX Series). protocols (DDoS) (PTX Series and QFX Series).

  • Priority-based flow control (PFC) support (QFX5120-32C)—QFX5120-32C switches support priority-based flow control (PFC) using Differentiated Services code points (DSCP) at Layer 3 for untagged traffic.

What’s Changed in Release 20.2R1

General Routing

  • Support for full inheritance paths of configuration groups to be built into the database by default (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting with Junos OS Release 20.2R1, the persist-groups-inheritance option at the [edit system commit] hierarchy level is enabled by default. To disable this option, use no-persist-groups-inheritance.

    [See commit (System).]

Interfaces and Chassis

  • Autonegotiation status displayed correctly (QFX5120-48Y)—In Junos OS Release 20.2R1, the show interfaces interface-name <media> <extensive> command displays the autonegotiation status only for the interface that supports autonegotiation. This is applicable when the switch operates at 1-Gbps speed.

    In the earlier Junos OS releases, incorrect autonegotiation status was displayed even when autonegotiation was disabled.

Junos Extension Toolkit

  • PASS keyword required for Python 3 JET applications (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—If you are writing a JET application using Python 3, include the PASS keyword in the Exception block of the script. Otherwise, the application throws an exception when you attempt to run it.

    [See Develop Off-Device JET Applications and Develop On-Device JET Applications.]

  • Updates to IDL for RIB service API bandwidth field (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The IDL for the RouteGateway RIB service API has been updated to document additional rules for the bandwidth field. You must set bandwidth only if a next hop has more than one gateway, and if you set it for one gateway on a next hop, you must set it for all gateways. If you set bandwidth when there is only a single usable gateway, it is ignored. If you set bandwidth for one or more gateways but not all gateways on a next hop, you see the error code BANDWIDTH_USAGE_INVALID.

    [See Juniper EngNet.]

Network Management and Monitoring

  • Junos OS only supports using Python 3 to execute YANG Python scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.2R1, Junos OS uses Python 3 to execute YANG action and translation scripts that are written in Python. In earlier releases, Junos OS uses Python 2.7 to execute these scripts.

    [See Understanding Python Automation Scripts for Devices Running Junos OS.]

Known Limitations

Learn about known limitations in Junos OS Release 20.2R2 for QFX Series Switches. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Class of Service (CoS)

  • On QFX5100 and EX4600 platforms, due to major third-party SDK upgrade in Junos OS Release 20.1R1 (from SDK 6.3.7 to 6.5.16), unified ISSU is not supported from any earlier releases to Junos OS Release 20.1 (image : jinstall-qfx-5-*). PR1479439

Layer 2 Ethernet Services

  • If config/image file name has non allowed special characters (such as #%@) in it, ZTP over http/https won't work. When http/https url is formed to download the file, the url contains file name in it. Http/Https protocol does not expect any special characters in the URL. If special characters are present the http/https protocol returns "Bad request". In order to avoid the issue please don't use any non allowed special characters in the file name. PR1503588

Platform and Infrastructure

  • The 100-Gigabit Ethernet interface goes down after you configure and delete the Ethernet loopback configuration. PR1353734

  • With WRL7 on QFX5000 devices there is a possibility in reboot scenario the system going to DB prompt. This is due to a known issue in the QEMU version in WRL7. As of now there is no plan to update WRL version on QFX5000. PR1411826

  • On the QFX10000 line of devices, if an analyzer is configured to mirror traffic of an input aggregated Ethernet interface and a new member is added to the same aggregated Ethernet interface, then the analyzer might not provide sample packets that flow through a newly added child interface. PR1417694

  • Due to additional hi-gig header 100% throughput can not be achieved when packets are forwarded through VC Ports. For 64 byte packets throughput is ~91% and for 1024 byte packets throughput is ~99%. PR1453709

  • Convergence delay for link-protected MPLS LSP is more than 50ms. PR1478584

  • During software validation Junos mounts the new image and validates the configuration against the new image. Since the TVP-based QFX platforms (QFX-5000 and QFX-10000 are already mounting the maximum 4 disks during normal execution it cannot mount the extra disk for this purpose. Thus QFX currently does not support configuration validation during upgrade on QFX5000 which is why the syntax error appears when the image installation is triggered with "validation". PR1479753

  • QFX: No option to upgrade firmware for the backup Routing Engine. PR1479925

  • On a standalone device, the output of show snmp mib walk jnxFruName looks like the following. The second line is printed without any Routing Engine number which is correct because there is only 1 Routing Engine. jnxFruName.9.1.0.0 = Routing Engine 0 jnxFruName.9.2.0.0 = Routing Engine For the Virtual Chassis setup, both the Routing Engine are displayed with their numbers: jnxFruName.9.1.0.0 = Routing Engine 0 jnxFruName.9.2.0.0 = Routing Engine 1. PR1483384

  • On QFX5000 platforms with Virtual Chassis setup, after performing multiple GRES events and PEM inserted/removed multiple times on any member of QFX5000 Virtual Chassis setup, the show chassis alarms CLI command output might show incorrect PEM status for Virtual Chassis members. Due to this issue, alarm status might be shown as not powered/not present. PR1486736

  • In QFX10002, traffic drop during FRR may not be guaranteed to 50ms all the time. PR1486853

  • [evpn_vxlan] [evpn_instance] Observing 100% L2 MAC scaling traffic loss in QFX10002-60C platform after loading evpn-vxlan collapsed profile configurations PR1489753

  • Abrupt power cycles is a disruptive action for storage device. There can be I/O events happening at any point of time and software will be unaware with a sudden power cycle and that could lead to file corruption. So, Recommendation is to halt first and then power cycle. PR1507750

  • Interface encapsulation ethernet-bridge for EVPN is not supported on QFX10000. PR1538852

Open Issues

Learn about open issues in Junos OS Release 20.2R2 for QFX Series Switches. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

EVPN

  • Clearing MAC routes results in triggering corresponding MAC+IP refresh requests. And if there is no response received for these requests, MAC+IP routes are deleted along with MAC route. At times, these MAC+IP refresh triggers (rearp) is not issued causing MAC+IP routes to stay even though MAC routes are deleted and Customer Edge device is not reachable. In such cases, MAC+IP clear can be issued for those MACs and clear those MAC+IP routes. PR1526642

High Availability (HA) and Resiliency

  • An issue was reported for a customer with a Flush Cache issue on the same platform. As it was Root-Caused to a reliable SSD Disk I/O change to be made for this platform, this caused the added delay observed in the reported issue. PR1511607

Infrastructure

  • Device goes to db prompt with panic: ffs_valloc: dup alloc during powering on of the device, It is recommeded to run "fsck" since this is caused due to FS mount failure. PR1480185

Interfaces and Chassis

  • Multicast traffic can be flooded for 15 to 20 seconds to both MC-LAG peers, after the following sequence of steps:

    1. Disable or enable ICL.

    2. Reboot one of MC-LAG peers.

    3. Disable or enable a member link of ICL. This results in no traffic loss, and one of the MC-LAG nodes processes duplicate packets during this time period. PR1422473

Layer 2 Ethernet Services

  • If forward-only is set within dhcp-reply in a Juniper Networks device as a DHCP relay agent, the DHCP DECLINE packets that are broadcast from the DHCP client are dropped and not forwarded to the DHCP server. PR1429456

Layer 2 Features

  • In case of QFX5000 Virtual Chassis/VCF setups, when IGMP snooping is enabled, multicast traffic is forwarded based on IGMP joins/reports. But when the IGMP report times out, traffic should be dropped instead it will be flooded in the VLAN. This happens only in case of QFX5000 Virtual Chassis/VCF, this issue is not seen on stand-alone QFX5000. PR1431893

  • On QFX5120, during new tenant addition, there may be few transient packet drops (2 - 15 packets) for couple of random intra-vni traffic streams in a EVPN-VXLAN topology for the existing tenants. The drop is almost negligible and is auto recovered. PR1455654

  • On QFX5110 and QFX5120 platforms, changing lo0 IP address might sometimes either result in stale entry of IP in mpls_entry table or missing IP entry, which results in traffic drop for VXLAN traffic. PR1472333

Platform and Infrastructure

  • In configurations with IRB interfaces, during times of interface deletion (for example, FPC reboot), the Packet Forwarding Engine might log the following error message: nh_ucast_change:291Referenced l2ifl not found. This condition should be transient with the system reconverging on the expected state. PR1054798

  • On all Junos platforms that support EVPN-MPLS/EVPN-VXLAN, when an existing ESI interface flaps or added newly to the configuration, sometimes DF (Designated Forwarder) election happens before local bias feature is enabled and during this time, existing Broadcast, Unknown unicast, Multicast (BUM) traffic might be looped for a short time duration (less than several seconds). PR1493650

  • Port LEDs on the QFX5100 do not work. If a device connects to a port on the QFX5100, the port LED stays unlit. PR1317750

  • QFX10000 platform drops the Aruba wireless access point (AP) heartbeat packets. As a result, the Aruba wireless AP cannot work. PR1352805

  • USB upgrade of NOS image is not supported. PR1373900

  • The show chassis fpc command displays an incorrect amount of available memory on a QFX's FPCs. PR1394978

  • On PTX/QFX10000 series platform, the CPU overuse on PFC may be observed if the adaptive feature is enabled to load-balance for an AE interface. PR1399369

  • On QFX5110 and QFX5120 platforms, either unicast RPF in strict mode or ICMP redirect does not work properly. PR1417546

  • IPv6 neighbor solicitation packets for link-local address might be dropped when passing through QFX10002-60C through IRB interface. As a result, hosts inside VLANs could not communicate with each other using link-local addresses. PR1424244

  • The issue in the current PR is because of PECHIP limitation when underlay is tagged. After Decap when inner packet is recirculated it still retains the vlan tag property from outer header since outer header was tagged. Thus 4 bytes of inner tag got overwritten in inner packet and packet got corrupted which will result in EGP chksum trap seen in PECHIP. Fixing PECHIP limitation in software has high risk. It will be accommodated in future release. A workaround is provided to enable the encapsulate-inner-vlan statement. PR1435864

  • The unified ISSU is not supported on QFX5200 switches and fails from Junos OS Release 17.2X75-D43.2 to some target versions. Also, dcpfe crash might be seen. PR1438690

  • On QFX5000 platforms, we will be able to support the port qualifier. This will install 2 entries in Packet Forwarding Engine, one with source-port and second one with destination-port with value as what is specified under port stanza. PR1440980

  • On QFX10000 platforms, in an EVPN-VXLAN (spine-leaf) scenario, the QFX10000 spine switches are configured with VXLAN Layer 3 gateway (utilizing the virtual gateway) on an IRB interface. If you enable and then subsequently remove the VXLAN Layer 3 gateway on this IRB interface on one or some of these spine switches, traffic drop might be observed. As a workaround, configure all virtual gateways with unique IPv4 or IPv6 MAC address. PR1446291

  • On the Junos platforms with NG-RE installed, the process vehostd may crash without core file and automatic restart of vehostd may fail. The vehostd is a daemon for managing the lifecycle of system-critical Junos VMs in the system. If the process vehostd gets in crash state, it will impact the management of Junos VMs. PR1448413

  • On QFX5000, triggering NSSU on a Virtual Chassis will print unified ISSU logs as NSSU uses the same state machine as ISSU. There is no functional impact due to this behavior. PR1451375

  • Whenever any member in a Remote Switched Port Analyzer (RSPAN) VLAN is removed from that VLAN, you must reconfigure the analyzer session for that RSPAN VLAN. PR1452459

  • After changing the vlan name on trunk interface while port is receiving continuous traffic for that vlan, local host mac learning will be hold for more than 30 seconds. In case of trunk port, when vlan name is changed, bridge domain entry is deleted from hardware and new entry gets installed in hardware. In meantime when new entry is yet to be installed in hardware, port keeps receiving traffic for that vlan and learn source MAC and notifies to Packet Forwarding Engine with old bridge domain id. Packet Forwarding Engine sw upon receiving this mac drops it as bridge domain and port mapping will not be present in software which is a must criteria for a source MAC received on an bridge domain. Once Packet Forwarding Engine drops the MAC, upper layers (L2ALD) does not get this MAC info and aging thread marks the hash index in hardware as stale. Until that hash index is not cleared in hardware, same Source MAC cannot be learnt on the same hash index. Ageing thread periodically scans one MAC table out of 4 tables at a time in intervals of 10 seconds and checks for stale entries and clear the hardware hash stale entry, and this time is almost 40-50 seconds based on the number of Packet Forwarding Engine chips in a FPC. In case of Access port, default bridge domain is installed in hardware to receive untagged traffic and does not get deleted while changing vlan name associated to that access port. So this issue is not seen for access port. PR1454274

  • In overall commit time, the evaluation of mustd constraints is taking 2 seconds more than usual. This is because the persist-group-inheritance feature has been made a default feature in the latest Junos OS releases. Eventually, this feature helps improve the subsequent commit times for scaled configurations significantly. The persist-group-inheritance feature is useful in customer scenarios where groups and nested groups are used extensively. In those scenarios, the group inheritance paths are not built every time, thus subsequent commits are faster. PR1457939

  • vxlan vni (multicast learning) scaling on QFX5110 traffic issue is seen from Vxlan tunnel to L2 interface. PR1462548

  • BGP route addition and deletion time and BGP, OSPF, and IS-IS link flap convergence time are increased in Junos OS Release 19.4 (forwarding plane). PR1464572

  • The output of the show chassis environment command can be seen from backup members as well. The issue is common to all QFX Series platforms. PR1474520

  • Dynamic IPoIP tunnels and filter based IPoIP decap filter on loopback interface can not co-exist together. If Dynamic IPoIP tunnels was configured earlier, then FPC needs a reboot before it can be used for loopback IPoIP decap filter. Also loopback interface might contain implicit filter, if these implicit filter is get hit then decap filter might not get hit. PR1479613

  • app-engin CLI show cmds not showing information for the back up member. PR1479900

  • Instead of the FAN status, FPC status is checked and updated in JTI. PR1480259

  • Redirects are used when a router believes a packet is being routed sub optimally and it would like to inform the sending host that it should forward subsequent packets to that same destination through a different gateway. For QFX5110 and QFX5120, ICMP redirect message won't be generated in such cases. PR1481020

  • The dcpfe process did not come up in some instances when the QFX5120 was abruptly powered off and powered on, power-cycle of the device or host reboot will recover the device. PR1481176

  • On QFX series platforms running Junos VM instance (not including QFX10000 series platforms), the laser signal may still be transmitted on the disabled interfaces with QSFP/QSFP28 optics after device reboot. PR1487554

  • Commit fails on backup device of QFX5120-48T VC while removing Storm Control with HA configured, warning seen as patch removes statement that is not empty. PR1488847

  • After repeated deletion and addition of logical switch on NSX-V setup along with ovsdb configured, ping between VM to baremetal server fails intermittently. (only on few iterations out of the total number of iterations). PR1506097

  • An issue was reported for a customer with a Flush Cache issue on the same platform. As it was Root-Caused to a reliable SSD Disk I/O change to be made for this platform, this caused the added delay observed in the reported issue. The previous cache mode was writethrough which is prone to errors due to the ASYNC nature of writes. In "writethrough" host cache is not bypassed and in case failure occurs when transferring data from host cache to storage device the guest[ in our case Junos VM] is not aware and going forward the host may return various errors causing stability issues. Many side effects can be seen. PR1513540

  • Disruptive switchover (no GRES or NSR configured) can lead to stale PPM (Periodic Packet Management) entries programmed on the new master Routing Engine, if both GRES and NSR are activated after disruptive switchover and then a GRES switchover is performed, BFD sessions might flap continuously. PR1518106

  • Release note for Junos OS Release 20.2R2. As per current analysis traffic over multicast gre is not converging till 120 seconds. PR1536886

  • On QFX5000, route leaking does not work for IPv4 routes if mask is less than /16 and for IPv6 routes if mask is less than /64. PR1538853

Routing Protocols

  • If ddos protection is disabled on QFX5000 Virtual Chassis and high rate of CPU bound traffic is being sent, Virtual Chassis may become unstable, with high CPU usage and it may crash eventually, creating FXPC core files. Disabling ddos protection will disable rate limiting for all hostbound traffic. This is not recommended setting on the device since high amount of control traffic can overwhelm the system causing system instability. PR1238875

  • On QFX5100 Virtual Chassis or Virtual Chassis Fabric, when the mini-PDT-base configuration is issued, the following error message is seen in the hardware: BRCM_NH-,brcm_nh_bdvlan_ucast_uninstall(), 128:l3 nh 6594 unintsall failed. There is no functionality impact because of this error message. PR1407175

  • On QFX5100-Virtual Chassis, traffic loss is observed in BGP streams while doing the triggers GRES and Reboot with base configurations. PR1508133

  • On QFX10000 platforms, if multiple sub-interfaces of the same Aggregated Ethernet (AE) interface are belonged to different routing instances, and these sub-interfaces are configured with the same IP address and configured with separate Bidirectional Forwarding Detection (BFD) sessions, the remaining BFD sessions will flap continuously if one of these BFD sessions is deleted. PR1516556

  • With EVPN-VXLAN configuration, when restart of l2-learning command is executed, BFD sessions on IRB interface might not come up. PR1538600

Virtual Chassis

  • ACX5000 reports false parity error messages such as soc_mem_array_sbusdma_read. The ACX5000 SDK can raise false alarms for parity error messages such as soc_mem_array_sbusdma_read. This is a false positive error message. PR1276970

  • On QFX5000 Virtual Chassis, DDoS violations happened on backup are not reported to Routing Engine.PR1490552

Resolved Issues

Learn which issues were resolved in Junos OS main and maintenance releases for QFX Series Switches.

For the most complete and latest information about known Junos OS defects, use the Juniper online Junos Problem Report Search application.

Resolved Issues: 20.2R2

Class of Service (CoS)

  • PFC feature is not supported with QFX5120 Virtual Chassis due to chip limitation. PR1431895

  • Traffic might be forwarded to the incorrect queue when a fixed classifier is used. PR1510365

EVPN

  • EVPN-VXLAN core isolation is not working when the system is rebooted or the routing is restarted. PR1461795

  • Unable to create a new VTEP interface. PR1520078

Infrastructure

  • OID ifOutDiscards reports zero and sometimes shows valid value. PR1522561

Layer 2 Features

  • On the QFX5000 line of switches, traffic imbalance might be observed if hash-params is not configured. PR1514793

  • The MAC address in the hardware table might become out of synchronization between the master and member in Virtual Chassis after the MAC. flaps. PR1521324

Platform and Infrastructure

  • The PMTUD might not work for both IPv4 and IPv6 if the ingress Layer 3 interface is an IRB. PR1442587

  • On the QFX5000 line of switches, the dcpfe process crashes due to the usage of data that is not null getting terminated. PR1454527

  • On the QFX5100 switches, the interface output counter is double counted for self-generated traffic. PR1462748

  • The sFlow could not work correctly if the received traffic goes out of more than one interface. PR1475082

  • Egress port mirroring might not work when the analyzer port and mirrored port belong to a different FPC. PR1477956

  • QFX5100: If more than one UDF filter/term is configured, then only the first filter/term will be programmed in hardware. This is due to SDK 6.5.16 upgrade. PR1487679

  • Junos OS: EX2300 Series: High CPU load due to receipt of specific multicast packets on layer 2 interface (CVE-2020-1668). PR1491905

  • ARP might not get refreshed after timeout. PR1497209

  • Virtual Chassis is not stable with 100-Gigabit Ethernet and 40-Gigabit Ethernet interfaces. PR1497563

  • Outbound SSH connection flaps or memory leaks during the push configuration to ephemeral database with high rate. PR1497575

  • Traffic might get dropped if the aggregated Ethernet member interface is deleted or added, or a SFP of the aggregated Ethernet member interface is unplugged or plugged. PR1497993

  • BFD sessions flap after deactivating or activating the aggregated Ethernet interface or executing GRES. PR1500798

  • On the QFX5000 switches, ERPS might not work correctly. PR1500825

  • The interface becomes physically down after changing to the FEC-none mode. PR1502959

  • LLDP is not acquired when native-vlan-id and tagged VLAN-ID are the same on a port. PR1504354

  • "Media type" in show interface command is displayed as "Fiber" for SFP-10G-T. PR1504630

  • The l2cpd process might crash if the ERP configuration is added or removed, and the l2cpd process is restarted. PR1505710

  • The archival function might fail in certain conditions. PR1507044

  • The fxpc may crash and restart with a fxpc core file created while installing image through ZTP. PR1508611

  • Traffic might be affected on QFX10002/QFX10008/QFX10016 platform. PR1509220

  • ARP replies might be flooded through the EVPN-VXLAN network as unknown unicast ARP reply. PR1510329

  • The output VLAN push might not work. PR1510629

  • On the QFX5000 line of switches, multicast traffic loss is observed due to few multicast routes missing in the spine node. PR1510794

  • The QFX10000-36Q line card used on QFX10008/QFX10016 platforms may fail to detect any QSFP. PR1511155

  • In the VXLAN configuration, the firewall filters might not be loaded into the TCAM with the following message due to TCAM overflow after upgrading to Releases 18.1R3-S1, 18.2R1, and later : DFWE ERROR DFW: Cannot program filter. PR1514710

  • The routes update might fail upon the HMC memory issue and traffic impact might be seen. PR1515092

  • The 100-Gigabit Ethernet AOC non-breakout port might be auto-channelized to other speed. PR1515487

  • The MAC learning might not work properly after multiple MTU changes on the access port in the VXLAN scenario. PR1516653

  • The vgd process might generate a core file when the OVSDB server restarts. PR1518807

  • Traffic forwarding might be affected when adding, removing, or modifying the VLAN or VNI configurations such as VLAN-ID, VNI-ID, and Ingress-Replication command. PR1519019

  • Output interface index in sFLOW packet are zero when transit traffic are observed on the IRB interface with VRRP enabled. PR1521732

  • On the QFX10002, QFX10008, and QFX10016 line of switches, the following error message is observed during specific steps while clearing and loading the scaled configuration again: PRDS_SLU_SAL:jprds_slu_sal_update_lrncnt(),1379: jprds_slu_sal_update_lrncnt call failed. PR1522852

  • Sampling with the rate limiter command enabled, crosses the sample rate 65535. PR1525589

  • Packet loss is observed while validating the policer after restarting the chassis control. PR1531095

  • High rate of ARP or NS packets might be observed between a device that runs Junos OS and host when the device that runs Junos OS receives an ARP or NS packet on an interface in transition. PR1534796

  • Management Ethernet link down alarm seen while verifying system alarms in Virtual Chassis setup. PR1538674

Layer 2 Ethernet Services

  • The aggregated Ethernet interface sometimes might not come up after switch is rebooted. PR1505523

Routing Protocols

  • On the QFX 5100-48T-6Q Virtual Chassis or Virtual Chassis fan, the following error message is observed while copying image to the Virtual Chassis fan member and trying to downgrade the image: rcp for member 14, failed. PR1486632

  • EX4300-MP/EX4600/QFX5000 Series: High CPU load due to receipt of specific layer 2 frames in EVPN-VXLAN deployment. (CVE-2020-1687) & High CPU load due to receipt of specific layer 2 frames when deployed in a Virtual Chassis configuration (CVE-2020-1689). PR1495890

  • Scale of filters with egress-to-ingress command is enabled. PR1514570

  • The rpd might report 100% CPU usage with BGP route damping enabled. PR1514635

  • Enabling Ipv6 flow based Packet forwarding Engine hashing gives commit error. PR1519018

  • Firewall "sample" configuration gives the warning as unsupported on QFX10002-36q and will not work. PR1521763

  • On the QFX5000 line of switches, the fxpc process might crash if the VXLAN interface flaps. PR1528490

User Interface and Configuration

  • The version information under the configuration changes from Junos OS Release 19.1 onwards. PR1457602

Resolved Issues: 20.2R1

EVPN

  • The ESI of IRB interfaces does not update after autonomous-system number change if the interface is down. PR1482790

  • QFX10002-60C EVPN/VXLAN multicast: The show command issued for the VTEP interface did not show mesh-group id. PR1498052

  • The VXLAN function might be broken due to a timing issue. PR1502357

Class of Service (CoS)

  • Traffic might be forwarded to an incorrect queue when fixed classifier is used. PR1510365

General Routing

  • The following error message is generated while booting: CMQFX: Error requesting SET BOOLEAN, illegal setting 66. PR1385954

  • The configuration statement show chassis errors active detail is not supported for QFK5000 platforms. PR1386255

  • The 10G fiber interfaces might flap frequently when they are connected to other vendor's switch. PR1409448

  • The statement show interface indicates Media type: Fiber on QFX5100-48T running ’-qfx-5e-’ Junos OS image. PR1419732

  • A vmcore is seen on QFX Series Virtual Chassis. PR1421250

  • SFP-LX10 stay down until autonegotiate is disabled. PR1423201

  • The default logical interfaces on channelized physical interfaces might not be created after ISSU/ISSR. PR1439358

  • CRC error might be seen on the VCPs of the QFX5100 Virtual Chassis. PR1449406

  • On QFX5000 no warning or error is shown when dual VLAN tag feature is configured on physical interface. PR1450455

  • Members might stay disconnected from a QFX5120-32C and QFX5120-48T Virtual Chassis after a full-stack reboot. PR1453399

  • Changing the VLAN name associated with access ports might prevent MAC addresses from being learned in an EVPN-VXLAN scenario. PR1454095

  • The cosd crash might be observed if forwarding-class-set is directly applied on the child interface of an aggregated Ethernet interface. PR1455357

  • Telemetry traffic might not be sent out when the telemetry server is reachable through a different routing instance. PR1456282

  • Link up delay and traffic drop might be seen on mixed SP L2/L3 and EP L2 type configurations. PR1456336

  • QFX5110 QSFP-100GBASE-SR4 made by the third party cannot link up. PR1457266

  • An FPC might restart during runtime on the QFX10000 line of devices. PR1464119

  • EPR iCRC errors in QFX10000 platforms might cause protocols to go down. PR1466810

  • A few of DHCP INFORM packets specific to a particular VLAN might be taking the wrong resolve queue. PR1467182

  • Traffic loss might be seen with framing errors or runts if MACsec is configured on EX4600/QFX5100 platforms. PR1469663

  • The speed 10m might not be configured on the GE interface. PR1471216

  • The traffic loss might occur when VTEP source interface is configured in multiple routing instances. PR1471465

  • Egress ACL filter entries will be only 512 in Junos OS Release 19.4R1 on QFX5000. PR1472206

  • The shaping of CoS does not work after reboot. PR1472223

  • DSCP marking might not work as expected if the fixed classifiers are applied to interfaces on QFX5000/EX4600 platforms. PR1472771

  • The detached interface in LAG might process the xSTP BPDUs. PR1473313

  • On QFX5000, the global-mac-table-aging-time statement behavior with multi-homed EVPN-VXLAN ESI. PR1473464

  • ERP might not come up properly when MSTP and ERP are enabled on the same interface. PR1473610

  • The RIPv2 packets forwarded across a L2 circuit connection might be dropped. PR1473685

  • Continuous error log messages might be raised on QFX5000 platforms in EVPN/VXLAN scenario. PR1474545

  • L2 circuit might fail to communicate through VLAN 2 on QFX5000 platforms. PR1474935

  • On QFX Series platforms the system might stop new MAC learning and have impact on Layer 2 traffic forwarding. PR1475005

  • DAC cables are not being properly detected in Packet Forwarding Engine in QFX5200. PR1475249

  • There might be a traffic drop on QFX5110 and QFX5120 switches acting as leaf switches in a multicast environment with VXLAN. PR1475430

  • FPC major error is seen after system boot up or FPC restart. PR1475851

  • QFX Series platforms are exhibiting invalid Packet Forwarding Engine PG counter pairs to copy, src 0xfffff80, dst 0. PR1476829

  • Continuous error logs on the device: prds_ptc_wait_adoption_status: PECHIP[1] PTC[1]: timeout on getting adoption valid bit[8] asserted. PR1477192

  • The default Virtual Chassis MAC persistence timer is incorrectly set to 20 seconds instead of 20 minutes. PR1478905

  • The remaining interface might be still in down state even though the number of channelized interfaces is no more than 5. PR1480480

  • ARP request packets for unknown host might get dropped in remote PE device in EVPN-VXLAN scenario. PR1480776

  • On QFX10000 and QFX5000, in SP style configuration, BUM traffic incorrectly gets blocked, while disabling or enabling a different logical interface. PR1482202

  • On QFX5110, whenever the autonegotation is toggled on the interface, explicitly set the link-mode as well as the speed for the configuration to take effect. PR1484715

  • The dcpfe core file might be seen with non-oversubscribed mode. PR1485854

  • The 10GbE VCP ports will not be active in a QFX5100 Virtual Chassis scenario. PR1486002

  • Virtual Chassis ports might go down in a mixed Virtual Chassis setup of QFX5100-24Q-2P/EX4300 and EX4600/EX4300. PR1489985

  • After ISSU/ISSR, a port using SR4/LR4 optics might not come up. PR1490799

  • BFD sessions start to flap when the firewall filter in the loopback0 is changed. PR1491575

  • Traffic loss could be observed in a mixed Virtual Chassis setup of QFX5100 and EX4300. PR1493258

  • Traffic loss could be seen in a MC-LAG scenario on QFX5120/EX4650. PR1494507

  • SNMP polling for CPU utilization and CPU state of backup Routing Engine does not show in a two-member Virtual Chassis. PR1495384

  • ARP do not get refreshed after timeout on QFX10002-60C. PR1497209

  • Extra carrier transitions are seen on the peer when negative triggers are performed on QFX5100 and QFX5110. PR1497380

  • An lcmd core file might be generated on QFX52100-64C. PR1497947

  • Traffic might get dropped if aggregated Ethernet member interface is deleted and then added or a SFP of the aggregated Ethernet member interface is unplugged/plugged. PR1497993

  • On QFX5210, unexpected behavior is seen for Port LED after upgrade. PR1498175

  • Inter-VNI/VRF and intra-VNI/VRF traffic is dropped between the CE devices when the interfaces connected between TOR and multihomed PE devices are disabled. PR1498863

  • The l2cpd crash might be seen while adding or deleting ERP configuration and then restarting l2cpd. PR1505710

  • ARP replies might be flooded through the EVPN-VxLAN network as unknown unicast ARP reply. PR1510329

High Availability (HA) and Resiliency

  • Unified ISSU will not be supported for QFX5000 for some versions. PR1472183

Interfaces and Chassis

  • The MC-LAG configuration-consistency ICL-config might fail after committing some changes. PR1459201

  • Executing commit might hang up because dcd process gets stuck. PR1470622

  • Commit error is not thrown when member link is added to multiple aggregation group with different interface specific options. PR1475634

  • MC-LAG consistency check fails if multiple IRB units are configured with the same VRRP group. PR1488681

  • Error message is not getting generated while verifying GRE limitation. PR1495543

Junos Fusion for Enterprise

  • Loop detection might not work on extended ports in Junos fusion scenarios. PR1460209

Layer 2 Ethernet Services

  • EVPN-VXLAN ERB - dhcp relay-source lo0.1 is not used when enabled with anycast legacy IRB. PR1455076

  • Member links state might be asychronized on a connection between PE and CE devices in an EVPN A/A scenario. PR1463791

  • Issues with DHCPv6 relay processing confirm and reply packets. PR1496220

Layer 2 Features

  • MAC learning might not work correctly on QFX5120. PR1441186

  • The LLDP function might fail when a Juniper Networks device connects to a non-Juniper one. PR1462171

  • A few MAC addresses might be missing from the MAC table in software on QFX5000 platform. PR1467466

  • On QFX5120 switches QinQ, the third VLAN tag is not pushed onto the stack and SWAP is being done instead. PR1469149

  • Traffic might be affected if composite next hop is enabled. PR1474142

  • On QFX5200, MAC learning rate is degraded by 88 percent. PR1494072

MPLS

  • Traffic might silently get dropped or discarded on the PE device when the CE device sends traffic to the PE device and the destination is resolved with two LSPs through one upstream interface. PR1475395

  • The traffic might be lost over QFX5100 switch acting as a transit PHP node in the MPLS network. PR1477301

  • BGP session might keep flapping between two directly connected BGP peers because of the incorrect TCP-MSS in use. PR1493431

Platform and Infrastructure

  • The SLAX script might be lost after upgrading software. PR1479803

  • Traceroute monitor with mtr version v.69 shows a false 10 percent loss. PR1493824

Routing Protocols

  • OSPF VRF sessions take a long time to come up when the host table is full and host routes are in LPM table. PR1358289

  • BGP IPv4 or IPv6 convergence and RIB install/delete time degraded in Junos OS Release 19.1R1 and later mainline releases. PR1414121

  • PIM (S,G) joins can cause MSDP to incorrectly announce source-active messages in some cases. PR1443713

  • CRC errors might be seen on QFX5100 Virtual Chassis. PR1444845

  • The core files might occur during adding or removing EVPN Type 5 routing instance. PR1455547

  • [pfe_loadbalance] [pfeloadtag] flows not falling back to single link when inactivity-interval is set higher than IFG. PR1471729

  • Traffic might not be forwarded over ECMP link in EVPN-VXLAN scenario. PR1475819

  • ARP packets are always sent to CPU regardless of whether the storm-control is activated. PR1476708

  • GRE transit traffic is not forwarded in VRRP scenario. PR1477073

  • MUX State in LACP interface does not go to "collecting and distributing" and remains attached after enabling the ae interface. PR1484523

  • FPC might go to "NotPrsnt" state after upgrading with non-QFX5100-24Q image in a Virtual Chassis/Virtual Chassis fabric setup. PR1485612

  • CPU port queue gets full due to excessive pause frames being received on interfaces. This causes control packets from the CPU to all ports to be dropped. PR1487707

  • The BGP route-target family might prevent RR from reflecting L2 VPN and L3 VPN routes. PR1492743

  • The rpd might crash on QFX10000 due to rpd resolver problem of INH. PR1494005

  • Firewall filter might not work in certain conditions under Virtual Chassis setup. PR1497133

  • Traffic drop might be observed after modifying FBF firewall filter. PR1499918

  • Change in x-path output for value "input-updates" in show bgp neighbors. PR1504399

Documentation Updates

There are no errata or changes in Junos OS Release 20.2R2 documentation for the QFX Series Switches.

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network.

Upgrading Software on QFX Series Switches

When upgrading or downgrading Junos OS, always use the jinstall package. Use other packages (such as the jbundle package) only when so instructed by a Juniper Networks support representative. For information about the contents of the jinstall package and details of the installation process, see the Installation and Upgrade Guide and Junos OS Basics in the QFX Series documentation.

If you are not familiar with the download and installation process, follow these steps:

  1. In a browser, go to https://www.juniper.net/support/downloads/junos.html.

    The Junos Platforms Download Software page appears.

  2. In the QFX Series section of the Junos Platforms Download Software page, select the QFX Series platform for which you want to download the software.
  3. Select 20.2 in the Release pull-down list to the right of the Software tab on the Download Software page.
  4. In the Install Package section of the Software tab, select the QFX Series Install Package for the 20.2 release.

    An Alert box appears.

  5. In the Alert box, click the link to the PSN document for details about the software, and click the link to download it.

    A login screen appears.

  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.
  7. Download the software to a local host.
  8. Copy the software to the device or to your internal software distribution site.
  9. Install the new jinstall package on the device.Note

    We recommend that you upgrade all software packages out of band using the console, because in-band connections are lost during the upgrade process.

    Customers in the United States and Canada use the following command:

    user@host> request system software add source/jinstall-host-qfx-5-x86-64-20.2-R2.n-secure-signed.tgz reboot

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the switch.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname (available only for Canada and U.S. version)

    Adding the reboot command reboots the switch after the upgrade is installed. When the reboot is complete, the switch displays the login prompt. The loading process can take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note

After you install a Junos OS Release 20.2 jinstall package, you can issue the request system software rollback command to return to the previously installed software.

Installing the Software on QFX10002-60C Switches

This section explains how to upgrade the software, which includes both the host OS and the Junos OS. This upgrade requires that you use a VM host package—for example, a junos-vmhost-install-x.tgz .

During a software upgrade, the alternate partition of the SSD is upgraded, which will become primary partition after a reboot .If there is a boot failure on the primary SSD, the switch can boot using the snapshot available on the alternate SSD.

Note

The QFX10002-60C switch supports only the 64-bit version of Junos OS.

Note

If you have important files in directories other than /config and /var, copy the files to a secure location before upgrading. The files under /config and /var (except /var/etc) are preserved after the upgrade.

To upgrade the software, you can use the following methods:

If the installation package resides locally on the switch, execute the request vmhost software add <pathname><source> command.

For example:

user@switch> request vmhost software add /var/tmp/junos-vmhost-install-qfx-x86-64-20.2R2.9.tgz

If the Install Package resides remotely from the switch, execute the request vmhost software add <pathname><source> command.

For example:

user@switch> request vmhost software add ftp://ftpserver/directory/junos-vmhost-install-qfx-x86-64-20.2R2.9.tgz

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Installing the Software on QFX10002 Switches

Note

If you are upgrading from a version of software that does not have the FreeBSD 10 kernel (15.1X53-D30, for example), you will need to upgrade from Junos OS Release 15.1X53-D30 to Junos OS Release 15.1X53-D32. After you have installed Junos OS Release 15.1X53-D32, you can upgrade to Junos OS Release 15.1X53-D60 or Junos OS Release 18.3R1.

Note

On the switch, use the force-host option to force-install the latest version of the Host OS. However, by default, if the Host OS version is different from the one that is already installed on the switch, the latest version is installed without using the force-host option.

If the installation package resides locally on the switch, execute the request system software add <pathname><source> reboot command.

For example:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-f-x86-64-20.2R2.n-secure-signed.tgz reboot

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> reboot command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-f-x86-64-20.2R2.n-secure-signed.tgz reboot

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Upgrading Software from Junos OS Release 15.1X53-D3X to Junos OS Release 15.1X53-D60, 15.1X53-D61.7, 15.1X53-D62, and 15.1X53-D63 on QFX10008 and QFX10016 Switches

Note

Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://www.juniper.net/support.

The switch contains two Routing Engines, so you will need to install the software on each Routing Engine (re0 and re1).

If the installation package resides locally on the switch, execute the request system software add <pathname><source> command.

To install the software on re0:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re0

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re0 command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re0

To install the software on re1:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re1

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re1 command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re1

Reboot both Routing Engines.

For example:

user@switch> request system reboot both-routing-engines

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Installing the Software on QFX10008 and QFX10016 Switches

Because the switch has two Routing Engines, perform a Junos OS installation on each Routing Engine separately to avoid disrupting network operation.

Note

Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://www.juniper.net/support.

Warning

If graceful Routing Engine switchover (GRES), nonstop bridging (NSB), or nonstop active routing (NSR) is enabled when you initiate a software installation, the software does not install properly. Make sure you issue the CLI delete chassis redundancy command when prompted. If GRES is enabled, it will be removed with the redundancy command. By default, NSR is disabled. If NSR is enabled, remove the nonstop-routing statement from the [edit routing-options] hierarchy level to disable it.

  1. Log in to the master Routing Engine’s console.

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  2. From the command line, enter configuration mode:

    user@switch> configure

  3. Disable Routing Engine redundancy:

    user@switch# delete chassis redundancy

  4. Disable nonstop-bridging:

    user@switch# delete protocols layer2-control nonstop-bridging

  5. Save the configuration change on both Routing Engines:

    user@switch# commit synchronize

  6. Exit the CLI configuration mode:

    user@switch# exit

    After the switch has been prepared, you first install the new Junos OS release on the backup Routing Engine, while keeping the currently running software version on the master Routing Engine. This enables the master Routing Engine to continue operations, minimizing disruption to your network.

    After making sure that the new software version is running correctly on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the software version on the other Routing Engine.

  7. Log in to the console port on the other Routing Engine (currently the backup).

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  8. Install the new software package using the request system software add command:

    user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-f-x86-64-20.2R2.n-secure-signed.tgz

    For more information about the request system software add command, see the CLI Explorer.

  9. Reboot the switch to start the new software using the request system reboot command:

    user@switch> request system reboot
    Note

    You must reboot the switch to load the new installation of Junos OS on the switch.

    To abort the installation, do not reboot your switch. Instead, finish the installation and then issue the request system software delete <package-name> command. This is your last chance to stop the installation.

    All the software is loaded when you reboot the switch. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.

    While the software is being upgraded, the Routing Engine on which you are performing the installation is not sending traffic.

  10. Log in and issue the show version command to verify the version of the software installed.

    user@switch> show version

    Once the software is installed on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the master Routing Engine software.

  11. Log in to the master Routing Engine console port.

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  12. Transfer routing control to the backup Routing Engine:

    user@switch> request chassis routing-engine master switch

    For more information about the request chassis routing-engine master command, see the CLI Explorer.

  13. Verify that the backup Routing Engine (slot 1) is the master Routing Engine:

    user@switch> show chassis routing-engine

  14. Install the new software package using the request system software add command:

    user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-f-x86-64-20.2R2.n-secure-signed.tgz

    For more information about the request system software add command, see the CLI Explorer.

  15. Reboot the Routing Engine using the request system reboot command:

    user@switch> request system reboot
    Note

    You must reboot to load the new installation of Junos OS on the switch.

    To abort the installation, do not reboot your system. Instead, finish the installation and then issue the request system software delete jinstall <package-name> command. This is your last chance to stop the installation.

    The software is loaded when you reboot the system. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.

    While the software is being upgraded, the Routing Engine on which you are performing the installation does not send traffic.

  16. Log in and issue the show version command to verify the version of the software installed.

  17. Transfer routing control back to the master Routing Engine:

    user@switch> request chassis routing-engine master switch

    For more information about the request chassis routing-engine master command, see the CLI Explorer.

  18. Verify that the master Routing Engine (slot 0) is indeed the master Routing Engine:

    user@switch> show chassis routing-engine

Performing a Unified ISSU

You can use unified ISSU to upgrade the software running on the switch with minimal traffic disruption during the upgrade.

Note

Unified ISSU is supported in Junos OS Release 13.2X51-D15 and later.

Perform the following tasks:

Preparing the Switch for Software Installation

Before you begin software installation using unified ISSU:

  • Ensure that nonstop active routing (NSR), nonstop bridging (NSB), and graceful Routing Engine switchover (GRES) are enabled. NSB and GRES enable NSB-supported Layer 2 protocols to synchronize protocol information between the master and backup Routing Engines.

    To verify that nonstop active routing is enabled:

    Note

    If nonstop active routing is enabled, then graceful Routing Engine switchover is enabled.

    If nonstop active routing is not enabled (Stateful Replication is Disabled), see Configuring Nonstop Active Routing on Switches for information about how to enable it.

  • Enable nonstop bridging (NSB). See Configuring Nonstop Bridging on Switches (CLI Procedure) for information on how to enable it.

  • (Optional) Back up the system software—Junos OS, the active configuration, and log files—on the switch to an external storage device with the request system snapshot command.

Upgrading the Software Using Unified ISSU

This procedure describes how to upgrade the software running on a standalone switch.

To upgrade the switch using unified ISSU:

  1. Download the software package by following the procedure in the Downloading Software Files with a Browser section in Installing Software Packages on QFX Series Devices.

  2. Copy the software package or packages to the switch. We recommend that you copy the file to the /var/tmp directory.

  3. Log in to the console connection. Using a console connection allows you to monitor the progress of the upgrade.

  4. Start the ISSU:

    • On the switch, enter:

      where package-name.tgz is, for example, jinstall-host-qfx-10-f-x86-64-20.1R2.n-secure-signed.tgz.

    Note

    During the upgrade, you cannot access the Junos OS CLI.

    The switch displays status messages similar to the following messages as the upgrade executes:

    Note

    A unified ISSU might stop, instead of abort, if the FPC is at the warm boot stage. Also, any links that go down and up will not be detected during a warm boot of the Packet Forwarding Engine (PFE).

    Note

    If the unified ISSU process stops, you can look at the log files to diagnose the problem. The log files are located at /var/log/vjunos-log.tgz.

  5. Log in after the reboot of the switch completes. To verify that the software has been upgraded, enter the following command:

  6. Ensure that the resilient dual-root partitions feature operates correctly, by copying the new Junos OS image into the alternate root partitions of all of the switches:

    Resilient dual-root partitions allow the switch to boot transparently from the alternate root partition if the system fails to boot from the primary root partition.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 19.3, 19.4, and 20.1 are EEOL releases. You can upgrade from Junos OS Release 19.3 to Release 19.4 or from Junos OS Release 19.3 to Release 20.1.

You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.