Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for the QFX Series

 

These release notes accompany Junos OS Release 20.2R3 for the QFX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

What's New

Learn about new features introduced in the Junos OS main and maintenance releases for QFX Series switches.

Note

The following QFX Series platforms are supported in Release 20.2R3: QFX5100, QFX5110 (32Q and 48S), QFX5120, QFX5200, QFX5210, QFX10002, QFX10002-60C, QFX10008, and QFX10016.

Junos on White Box runs on Accton Edgecore AS7816-64X switches in this release. The software is based on Junos OS running on QFX5210 switches, so release-note items that apply to QFX5210 switches also apply to Junos on White Box.

What’s New in Release 20.2R3

There are no new features or enhancements to existing features for QFX Series Junos OS Release 20.2R3.

What’s New in Release 20.2R2

There are no new features or enhancements to existing features for QFX Series Junos OS Release 20.2R2.

What’s New in Release 20.2R1-S1

Flow-Based and Packet-Based Processing

  • Support for user-defined flex hashing for MPLS traffic flows (QFX5210; Accton AS7816 running Junos OS on White Box)—Starting in Junos OS Release 20.2R1-S1, you can configure user-defined flex hashing to load balance MPLS traffic based on TCP or UDP source/destination port information. User-defined flex hashing, which supports protocol versions IPv4 and IPv6, enables you to set byte offsets in packet headers to influence hashing computation. You specify two offsets, each 2 bytes in length, from the first 128 bytes of a packet. Configure the selected bytes to be directly used for hashing or to be used only when the data pattern in these bytes matches with specific values (conditional match). To provide load balancing in spine layers, configure flex hashing and encapsulate the traffic in VXLAN, thus enabling entropy at UDP source ports. At de-encapsulation, configure the no-inner-payload statement to load balance based on the outer UDP header.

    To configure user-defined flex hashing:

    To configure a conditional match (repeat the command below with values for offsets and match data 2-4):

    To enable load balancing on VXLAN transit traffic based on the outer UDP header:

    To troubleshoot, use show forwarding-options enhanced-hash-key.

    Limitations:

    • Use a maximum of two MPLS labels.

    • Use only even values for offset1 and offset2.

    • If you are using conditional matches, configure the conditions before you attach them to the flex-hashing entry.

    • An aggregated Ethernet (AE), or LAG, interface is not supported as an input interface. You can configure input interfaces on LAGs by configuring the same user-defined flex-hashing data and the same conditional-match data on all member interfaces of a LAG interface. Use unique flex-data profile names and unique conditional-data profile names for each member interface—for example:

      • ...enhanced-hash-key conditional-match COND_L1_V6_UDP_SRC_PORT_1...

      • ...enhanced-hash-key conditional-match COND_L1_V6_UDP_SRC_PORT_2...

Software Installation and Upgrade

  • Zero touch provisioning (ZTP) with IPv6 support (EX3400, EX4300, QFX5100 and QFX5200 switches, MX-Series routers)—Starting in Junos OS Release 20.2R1-S1, ZTP supports the DHCPv6 client. During the bootstrap process, the device first uses the DHCPv4 client to request for information regarding image and configuration file from the DHCP server. The device checks the DHCPv4 bindings sequentially. If there is a failure with one of the DHCPv4 bindings, the device will continue to check for bindings until provisioning is successful. If there are no DHCPv4 bindings, however, the device will check for DHCPv6 bindings and follow the same process as for DHCPv4 until the device can be provisioned successfully. Both DHCPv4 and DHCPv6 clients are included as part of the default configuration on the device.

    The DHCP server uses DHCPv6 options 59 and 17 and applicable suboptions to exchange ZTP-related information between itself and the DHCP client.

    Note

    Only HTTP and HTTPS transport protocols are supported on EX3400, EX4300, QFX5100, and QFX5200 devices.

    [See Zero Touch Provisioning.]

What’s New in Release 20.2R1

Hardware

Authentication, Authorization, and Accounting

  • 802.1X authentication on Layer 3 interfaces (QFX5100, QFX5110, QFX5120, QFX5200, QFX5210, and QFX5220)—Starting in Junos OS Release 20.2R1, 802.1X authentication is supported on Layer 3 interfaces. The 802.1X IEEE standard for port-based network access control authenticates users attached to a LAN port. It blocks all traffic to and from a supplicant (client) at the interface until the supplicant's credentials are presented and matched on the RADIUS authentication server.

    [See 802.1X Authentication.]

Class of Service

  • CoS support in EVPN-VXLAN overlay networks (QFX10002, QFX10008, and QFX10016 switches)—Starting with Junos OS Release 20.2R1, QFX10002, QFX10008, and QFX10016 switches support CoS in EVPN-VXLAN overlay networks, namely ingress and egress classification, scheduling, and rewrite rules based on IEEE 802.1p/DSCP code points.

    [See VXLAN Constraints on QFX Series and EX Series Switches.]

EVPN

High Availability (HA) and Resiliency

  • Support for failover configuration synchronization for the ephemeral database (EX Series, MX Series, MX Series Virtual Chassis, PTX Series, and QFX Series)—Starting in Junos OS Release 20.2R1, when you configure the commit synchronize statement at the [edit system] hierarchy level in the static configuration database of an MX Series Virtual Chassis or dual Routing Engine device, the backup Routing Engine will synchronize both the static and ephemeral configuration databases when it synchronizes its configuration with the master Routing Engine. This happens, for example, when a backup Routing Engine is newly inserted, comes back online, or changes roles. On a dual Routing Engine system, the backup Routing Engine synchronizes both configuration databases with the master Routing Engine. In an MX Series Virtual Chassis, the master Routing Engine on the protocol backup synchronizes both configuration databases with the master Routing Engine on the protocol master.

    [See Understanding the Ephemeral Configuration Database.]

Interfaces and Chassis

  • Support for 100-Gbps and 40-Gbps ports to operate at 10-Gbps or 1-Gbps speed (QFX10002, QFX10008, and QFX10016 switches)—Starting in Junos OS Release 20.2R1, you can use the Mellanox pluggable adapter (model number: MAM1Q00A-QSA) to convert quad-lane based ports to a single-lane based port. The QSA adapter has the QSFP+ form factor with a receptacle for the SFP+ cable connector. Use the QSA adapter to convert a 40GbE or a 100GbE port to a 10GbE or a 1GbE port. You can then plug-in an SFP+ transceiver or an SFP transceiver into the QSA adapter which is inserted into the QSFP+ or QSFP ports of the switch. You can use the commands show chassis hardware and show chassis pic fpc-slot slot-number pic-slot slot-number to view the optics inventory information for the QSFP ports.

    With this adapter, the QSFP Ports on QFX10002, QFX10008, and QFX10016 switches support the following transceiver types— 100-Mbps, 1-Gbps, 10-Gbps SFP+: SR, LR, ER, ZR, CWDM, DAC and T-SFP+.

    Note

    For this adapter to work on the QSFP+ ports on the QFX10000-36Q line card in the QFX10008, you need to channelize the ports using the CLI command set fpc fpc-slot pic pic-number port port-number port speed 10G.

    [See show chassis hardware and show chassis pic.]

  • Support for multiple speeds and autonegotiation (QFX5120-48Y, QFX5110-48S, and QFX5100-48S with the JNP-SFPP-10GE-T transceiver)—Starting in Junos OS Release 20.2R1, you can configure your switch to operate at multiple speeds when the JNP-SFPP-10GE-T transceiver is installed.

    On the QFX5110-48S and QFX5100-48S switches, you can configure 100-Mbps, 1-Gbps, and 10-Gbps speeds on the mge-0/0/z port by using the set interfaces mge-0/0/z speed (100m|1g|10g) command. The switch ports operate at the configured speed and they can also switch to a supported lower speed (automatically) with the same transceiver installed, based on peer capability.

    The QFX5120 operates at only two speeds–10 Gbps and 1 Gbps–when this transceiver is installed. By default, the switch comes up with 10-Gbps speed. To operate at 1-Gbps speed, use the set chassis fpc 0 pic 0 port port-number speed 1G command. Due to hardware limitations, you can configure the port-number value only in multiples of four, starting from port 0. You must also configure sets of four consecutive ports (for example, 0-3, 4-7, and so on) to operate at the common speed. After setting 1-Gbps speed, to revert to 10-Gbps speed, simply delete the 1G speed configuration.

    Note

    Only QFX5110-48S and QFX5100-48S switches support the multi-rate Gigabit Ethernet (mge) interface.

    [See speed (Ethernet).]

Juniper Extension Toolkit (JET)

  • Python 3 support for JET (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.2R1, Junos OS can use Python 3 to execute JET scripts. To enable unsigned JET Python applications that support Python 3 to run on devices running Junos OS, use the set system scripts language python3 command.

    [See language (Scripts), Develop Off-Device JET Applications, and Develop On-Device JET Applications.]

Junos Telemetry Interface

  • Network instance (policy) statistics and OpenConfig configuration enhancements on JTI (ACX1100, ACX2100, ACX5448, ACX6360, EX4300, MX240, MX480, MX960, MX10003, PTX10008, PTX10016, QFX5110, and QFX10002)—Junos OS Release 20.2R1 provides enhancements to support the OpenConfig data models openconfig-local-routing.yang and openconfig-network-instance.yang.

    [See Mapping OpenConfig Routing Policy Commands to Junos Configuration and Mapping OpenConfig Network Instance Commands to Junos Operation.]

  • ON-CHANGE BGP peer information statistics support for JTI (MX960, MX2008, MX2010, MX2020, PTX1000, PTX5000, PTX10000, QFX5100, and QFX5200)—Junos OS Release 20.2R1 provides BGP peer sensor support using Junos telemetry interface (JTI) and remote procedure call (gRPC) services or gRPC Network Management Interface (gNMI) services. ON_CHANGE statistics are sent to an outside collector.

    The following resource paths are supported:

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/afi-safis/afi-safi/state/active (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/afi-safis/afi-safi/state/prefixes (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/afi-safis/afi-safi/state/prefixes/received (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/afi-safis/afi-safi/state/prefixes/sent (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/afi-safis/afi-safi/state/prefixes/rejected (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/admin-state (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/established-transitions (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/last-established (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/messages/received/notification (stream)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/messages/received/update (stream)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/messages/sent/notification (stream

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/messages/sent/update (stream)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/session-state (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/supported-capabilities (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/transport/state/local-address (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/transport/state/remote-address (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/transport/state/remote-port (ON_CHANGE)

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

  • EVPN statistics export using JTI (QFX5100, QFX5110, QFX5120, QFX5200, QFX10002-60C, QFX10002, QFX10008, and QFX10016)—Starting in Junos OS Release 20.2R1, you can use Junos telemetry interface (JTI) and using remote procedure call (gRPC) services to export EVPN statistics from devices to an outside collector.

    Use the following sensors to export EVPN statistics:

    • Sensor for instance level statistics (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/)

    • Sensor for route statistics per peer (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/peer/)

    • Sensor for Ethernet segment information (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/ethernet-segment/). This includes EVPN designated forwarder ON_CHANGE leafs esi and designated-forwarder.

    • Sensor for local interface information (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/interfaces/)

    • Sensor for local IRB interface information (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/irb-interfaces/)

    • Sensor for global resource counters and current usage (resource path /junos/evpn/evpn-smet-forwarding/)

    • Sensor for EVPN IP prefix (resource path /junos/evpn/l3-context/)

    • Sensor for EVPN IGMP snooping database (type 6) (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/sg-db/)

    • Sensor for EVPN IGMP join sync (type 7) ad leave sync (type 8) (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/sg-db/sgdb-esi)

    • Sensor to relate selected replicator on AR leaf on QFX5100, QFX5110, QFX5120, and QFX5200 switches (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/assisted-replication/)

    • Sensor for EVPN ON_CHANGE notifications (resource path /network-instances/network-instance[instance-name='name']//protocols/protocol/evpn/ethernet-segment)

    • Sensor for overlay VX-LAN tunnel information (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/vxlan-tunnel-end-point/). This includes VTEP information ON_CHANGE leafs source_ip_address, remote_ip_address, status, mode, nexthop-index, event-type and source-interface.

    • EVPN MAC table information (resource path /network-instances/network-instance[instance-name='name']/mac_db/entries/entry/)

    • Sensor for MAC-IP or ARP-ND table (resource path /network-instances/network-instance[instance-name='name']/macip_db/entries/entry/)

    • Sensor for MAC-IP ON_CHANGE table information (resource path /network-instances/network-instance[name='name']/macip-table-info/). Statistics include leafs learning, aging-time, table-size, proxy-macip, and num-local-entries.

    • Sensor for MAC-IP ON_CHANGE entry information (resource path /network-instances/network-instance[name='name']/macip-table/entries/entry/). Statistics include leafs ip-address, mac-address, vlan-id and vni.

    • Sensor for bridge domain or VLAN information (resource path /network-instances/network-instance[instance-name='name']/bd/)

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface.]

  • CPU statistics support on JTI (MX960, MX2010, MX2020, PTX1000, PTX5000, PTX10000, QFX5100, and QFX5200)—Junos OS Release 20.2R1 supports streaming various CPU statistics and process parameters using remote procedure call (gRPC) or gRPC Network Management Interface (gNMI) services and Junos telemetry interface (JTI). You can stream CPU usage per process (statistics are similar to output from the show system process detail operational mode command), as well as CPU usage per Routing Engine core.

    This feature supports the private data model openconfig-procmon.yang.

    To stream statistics to an outside collector, include the following resource paths in a gRPC or gNMI subscription:

    • Individual process level information (resource path /system/processes/process)

    • Individual Routing Engine core information (resource path /components/component/cpu/)

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

  • Packet Forwarding Engine sensor support with INITIAL_SYNC on JTI (MX960, MX2008, MX2010, MX2020, PTX1000, PTX5000, PTX10000 line of routers, QFX5100, and QFX5200)—Starting in Junos OS Release 20.2R1, you can use Junos telemetry interface (JTI) and gRPC Network Management Interface (gNMI) services to export Packet Forwarding Engine statistics from devices to an outside collector using gNMI submode INITIAL_SYNC. When an external collector sends a subscription request for a sensor with INITIAL_SYNC (gnmi-submode 2), the host sends all supported target leaves (fields) under that resource path at least once to the collector with the current value. This is valuable because:

    • The collector has a complete view of the current state of every field on the device for that sensor path.

    • Event-driven data (ON_CHANGE) is received by the collector at least once before the next event is seen. In this way, the collector is aware of the data state before the next event happens.

    • Packet Forwarding Engine sensors that contain zero counter values (zero-suppressed) that normally do not show up in streamed data are sent, ensuring that all fields from each line card (also referred to as source) are known to the collector.

    Note

    ON_CHANGE data is not available for native (UDP) Packet Forwarding Engine Sensors.

    INITIAL_SYNC submode requires that at least one copy to be sent to the collector; however, sending more than one is acceptable.

    INITIAL_SYNC submode is supported for the following sensors:

    • Sensor for CPU (ukernel) memory (resource path /junos/system/linecard/cpu/memory/)

    • Sensor for firewall filter statistics (resource path /junos/system/linecard/firewall/)

    • Sensor for physical interface traffic (resource path /junos/system/linecard/interface/)

    • Sensor for logical interface traffic (resource path /junos/system/linecard/interface/logical/usage/)

    • Sensor for physical interface queue traffic (resource path /junos/system/linecard/interface/

      queue/
      )

    • Sensor for physical interface traffic except queue statistics (resource path /junos/system/linecard/interface/traffic/)

    • Sensor for NPU memory (resource path /junos/system/linecard/npu/memory/)

    • Sensor for NPU utilization (resource path /junos/system/linecard/npu/utilization/)

    • Sensor for packet statistics (resource path /junos/system/linecard/packet/usage/)

    • Sensor for software-polled queue-monitoring statistics (resource path /junos/system/linecard/qmon-sw/)

    [See Understanding OpenConfig and gRPC and gNMI on Junos Telemetry Interface and Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

Layer 2 Features

  • L2PT support (EX4650 and QFX5120-48Y switches, and QFX5100 and QFX5110 switches and Virtual Chassis)—Starting in Junos OS Release 20.2R1, you can configure Layer 2 protocol tunneling (L2PT) to tunnel any of the following Layer 2 protocols: CDP, E-LMI, GVRP, IEEE 802.1X, IEEE 802.3AH, LACP, LLDP, MMRP, MVRP, STP (including RSTP and MSTP), UDLD, VSTP, and VTP.

    [See Layer 2 Protocol Tunneling.]

Multicast

  • Static multicast route leaking for VRF and virtual router instances (EX4650 and QFX5120-48Y)—Starting with Junos OS Release 20.2R1, you can configure the switch to statically share (leak) IPv4 multicast routes for IGMPv3 (S,G) traffic among different virtual router or virtual routing and forwarding (VRF) instances. You can only leak static multicast routes per group, not per source and group. The destination prefix length must be 32.

    To configure multicast route leaking to the VRF or virtual router instance routing-instance-name, configure the next-table routing-instance-name.inet.0 statement at the [edit routing-instances routing-instance-name routing-options static route destination-prefix/32] hierarchy level.

    [See Understanding Multicast Route Leaking for VRF and Virtual Router Instances.]

  • Multicast-only fast reroute (MoFRR) (EX4650 and QFX5120-48Y)—Starting in Junos OS Release 20.2R1, you can configure MoFRR to minimize multicast packet loss in PIM domains when link failures occur. With MoFRR enabled, the switch maintains primary and backup traffic paths, forwarding traffic from the primary path and dropping traffic from the backup path. If the primary path fails, the switch can quickly start forwarding the backup path stream (which becomes the primary path). The switch creates a new backup path if it detects available alternative paths. MoFRR applies to all multicast (S,G) streams by default, or you can configure a policy for the (S,G) entries where you want MoFRR to apply.

    [See Understanding Multicast-Only Fast Reroute.]

Network Management and Monitoring

  • Python 3 support for YANG scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.2R1, Junos OS uses Python 3 to execute YANG action and translation scripts that are written in Python. Junos OS does not support using Python 2.7 to execute YANG Python scripts as of this release.

    [See Understanding Python Automation Scripts for Devices Running Junos OS.]

  • NETCONF sessions over outbound HTTPS (EX Series, MX Series, PTX1000, PTX3000, PTX5000, PTX10001, PTX10002, PTX10008, PTX10016, QFX Series, SRX1500, SRX4100, SRX4200, SRX4600, SRX5400, SRX5600, SRX5800, and vSRX)—Starting in Junos OS Release 20.2R1, the Junos OS with upgraded FreeBSD software image includes a Juniper Extension Toolkit (JET) application that supports establishing a NETCONF session using outbound HTTPS. The JET application establishes a persistent HTTPS connection with a gRPC server over a TLS-encrypted gRPC session and authenticates the NETCONF client using an X.509 digital certificate. A NETCONF session over outbound HTTPS enables you to remotely manage devices that might not be accessible through other protocols, for example, if the device is behind a firewall.

    [See NETCONF Sessions over Outbound HTTPS.]

Routing Policy and Firewall Filters

  • Support for MPLS firewall filter on loopback interface (EX4650, QFX5120-32C, and QFX5120-48Y)—Starting with Junos OS Release 20.2R1, you can apply an MPLS firewall filter to a loopback interface on a label-switching router (LSR). For example, you can configure an MPLS packet with ttl=1 along with MPLS qualifiers such as label, exp, and Layer 4 tcp/udp port numbers. Supported actions include accept, discard, and count.

    You configure this feature at the [edit firewall family mpls] hierarchy level. You can only apply a loopback filters on family mpls in the ingress direction.

    [See Overview of MPLS Firewall Filters on Loopback Interface.]

Virtual Chassis

  • Virtual Chassis with NSSU support (QFX5120-48T)—Starting in Junos OS Release 20.2R1, you can interconnect two QFX5120-48T switches into a Virtual Chassis that operates as one logical device managed as a single chassis. The Virtual Chassis:

    • Has both switches in Routing Engine role (one master and one backup)

    • Supports 100GbE QSFP28 or 40GbE QSFP+ ports (48 through 53) as Virtual Chassis ports (VCPs)

    • Supports NSSU

    A QFX5120-48T Virtual Chassis supports the same protocols and features as a standalone switch in Junos OS Release 20.2R1 except for the following:

    • EVPN-VXLAN

    • Junos telemetry interface (JTI)

    • Multichassis link aggregation (MC-LAG)

    • Priority-based flow control (PFC)

    Configuration parameters and operation are the same as for other non-mixed QFX Series Virtual Chassis.

    [See Virtual Chassis Overview for Switches.]

  • 802.1X authentication, Layer 2 port security, and MPLS support in a Virtual Chassis (QFX5120-48Y Virtual Chassis)—Starting in Junos OS Release 20.2R1, the following protocol features are supported on a QFX5120-48Y Virtual Chassis:

    • IEEE 802.1X authentication

    • Layer 2 port security features, including IP source guard, IPv6 router advertisement (RA) guard, DHCP, and DHCP snooping

    • MPLS

    Configuration and operation are the same on the Virtual Chassis as on the standalone switch.

    [See 802.1X Authentication, MPLS Overview, DHCP Snooping, Understanding DHCP Snooping (ELS), Understanding IP Source Guard for Port Security on Switches, and Understanding IPv6 Router Advertisement Guard.]

What's Changed

Learn about what changed in Junos OS main and maintenance releases for QFX Series Switches.

What’s Changed in Release 20.2R3

General Routing

  • Support only for manual channelization on QSFP-100G-SR4-T2 optics (QFX5120-48T and QFX5120-32C)— We recommend that you use the active optical cable (AOC) for auto-channelization. The QSFP-100G-SR4-T2 cables do not support auto-channelization. To use the QSFP-100G-SR4-T2 optics with an external breakout cable, you must configure the channelization manually by running the channel-speed statement at the edit chassis fpc slot-number pic pic-number (port port-number | port-range port-range-low port-range-high) hierarchy level.

    [See channel-speed.]

Junos XML API and Scripting

  • The jcs:invoke() function supports suppressing root login and logout events in system log files for SLAX commit scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The jcs:invoke() extension function supports the no-login-logout parameter in Stylesheet Language Alternative Syntax (SLAX) commit scripts. If you include the parameter, the function does not generate and log UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages when the script logs in as root to execute the specified remote procedure call (RPC). If you omit the parameter, the function behaves as in earlier releases where the root UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages are included in system log files.

    [See invoke() Function (SLAX and XSLT).]

  • The jcs:invoke() function supports suppressing root login and logout events in system log files for SLAX event scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The jcs:invoke() extension function supports the no-login-logout parameter in Stylesheet Language Alternative Syntax (SLAX) event scripts. If you include the parameter, the function does not generate and log UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages when the script logs in as root to execute the specified remote procedure call (RPC). If you omit the parameter, the function behaves as in earlier releases in which the root UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages are included in system log files.

    [See invoke() Function (SLAX and XSLT).]

Network Management and Monitoring

  • Changes to <commit> RPC responses in RFC-compliant NETCONF sessions (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—When you configure the rfc-compliant statement at the [edit system services netconf] hierarchy level, the NETCONF server's response for <commit> operations includes the following changes:

    • If a successful <commit> operation returns a response with one or more warnings, the warnings are redirected to the system log file, in addition to being omitted from the response.

    • The NETCONF server response emits the <source-daemon> element as a child of the <error-info> element instead of the <rpc-error> element.

    • If you also configure the flatten-commit-results statement at the [edit system services netconf] hierarchy level, the NETCONF server suppresses any <commit-result> XML subtree in the response and only emits an <ok> or <rpc-error> element.

    [See Configuring RFC-Compliant NETCONF Sessions.]

User Interface and Configuration

  • Verbose format option to export JSON configuration data (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The Junos OS CLI exposes the verbose statement at the [edit system export-format json] hierarchy level. We changed the default format to export configuration data in JavaScript Object Notation (JSON) changed from verbose to ietf starting in Junos OS Release 16.1R1. You can explicitly specify the default export format for JSON configuration data by configuring the appropriate statement at the [edit system export-format json] hierarchy level. Although the verbose statement is exposed in the Junos OS CLI as of the current release, you can configure this statement starting in Junos OS Release 16.1R1.

    [See export-format.]

What’s Changed in Release 20.2R2

Platform and Infrastructure

  • Priority-based flow control (PFC) support (QFX5120-32C)—Starting in Junos OS 20.2R2, we provide support for priority-based flow control (PFC) using Differentiated Services code points (DSCPs) at Layer 3 for untagged traffic.

  • IPv6 address in the prefix TIEs displayed correctly—The IPv6 address in the prefix TIEs are displayed correctly in the show rift tie output.

Routing Protocols

  • Advertising 32 secondary loopback addresses to traffic engineering database as prefixes (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—We've made changes to export multiple loopback addresses to the lsdist.0 and lsdist.1 routing tables as prefixes. This eliminates the issue of advertising secondary loopback addresses as router IDs instead of prefixes. In earlier releases, multiple secondary loopback addresses in the traffic engineering database were added to the lsdist.0 and lsdist.1 routing tables as part of node characteristics and advertised them as the router ID.

  • IGMP snooping in EVPN-VXLAN multihoming environments (QFX5110)— In an EVPN-VXLAN multihoming environment on QFX5110 switches, you can now selectively enable IGMP snooping only on those VLANs that might have interested listeners. In earlier releases, you must enable IGMP snooping on all VLANs associated with any configured VXLANs because all the VXLANs share VXLAN tunnel endpoints (VTEPs) between the same multihoming peers and require the same settings. This is no longer a configuration limitation.

What’s Changed in Release 20.2R1

General Routing

  • Support for full inheritance paths of configuration groups to be built into the database by default (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting with Junos OS Release 20.2R1, the persist-groups-inheritance option at the [edit system commit] hierarchy level is enabled by default. To disable this option, use no-persist-groups-inheritance.

    [See commit (System).]

  • Priority-based flow control (PFC) support (QFX5120-32C)—We provide support for priority-based flow control (PFC) using Differentiated Services code points (DSCPs) at Layer 3 for untagged traffic.

Interfaces and Chassis

  • Autonegotiation status displayed correctly (QFX5120-48Y)—In Junos OS Release 20.2R1, the show interfaces interface-name <media> <extensive> command displays the autonegotiation status only for the interface that supports autonegotiation. This is applicable when the switch operates at 1-Gbps speed.

    In the earlier Junos OS releases, incorrect autonegotiation status was displayed even when autonegotiation was disabled.

Junos Extension Toolkit

  • PASS keyword required for Python 3 JET applications (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—If you are writing a JET application using Python 3, include the PASS keyword in the Exception block of the script. Otherwise, the application throws an exception when you attempt to run it.

    [See Develop Off-Device JET Applications and Develop On-Device JET Applications.]

  • Updates to IDL for RIB service API bandwidth field (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The IDL for the RouteGateway RIB service API has been updated to document additional rules for the bandwidth field. You must set bandwidth only if a next hop has more than one gateway, and if you set it for one gateway on a next hop, you must set it for all gateways. If you set bandwidth when there is only a single usable gateway, it is ignored. If you set bandwidth for one or more gateways but not all gateways on a next hop, you see the error code BANDWIDTH_USAGE_INVALID.

    [See Juniper EngNet.]

Network Management and Monitoring

  • Junos OS only supports using Python 3 to execute YANG Python scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.2R1, Junos OS uses Python 3 to execute YANG action and translation scripts that are written in Python. In earlier releases, Junos OS uses Python 2.7 to execute these scripts.

    [See Understanding Python Automation Scripts for Devices Running Junos OS.]

Routing Protocol

  • IGMP snooping in EVPN-VXLAN multihoming environments (QFX5110)— In an EVPN-VXLAN multihoming environment on QFX5110 switches, you can now selectively enable IGMP snooping only on those VLANs that might have interested listeners. In earlier releases, you must enable IGMP snooping on all VLANs associated with any configured VXLANs because all the VXLANs share VXLAN tunnel endpoints (VTEPs) between the same multihoming peers and require the same settings. This is no longer a configuration limitation.

Known Limitations

Learn about known limitations in Junos OS Release 20.2R3 for QFX Series Switches. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Class of Service (CoS)

  • On the QFX5100 devices, ISSU does not support Junos OS Release 20.1 and later. PR1479439

Layer 2 Features

  • On the QFX5000 devices with storm control, significant difference between the configured rate and actual rate is observed. PR1526906

Layer 2 Ethernet Services

  • If the configuration or image file name has special characters such as #, %, or @, ZTP over HTTP or HTTPS does not work. PR1503588

Platform and Infrastructure

  • After configuring and deleting the Ethernet loopback configuration, the interface goes down and does not come up. PR1353734

  • The QFX5000 device gets stuck in the database prompt state after rebooting. PR1411826

  • On the QFX10000 line of switches, the analyzer does not mirror after adding the child member to an aggregated Ethernet interface. PR1417694

  • On the QFX5120 line of switches, one of the VCP ports of the throughput test result for most of the frame sizes is not close to 100 percent. PR1453709

  • After changing the VLAN name on the trunk interface, the local host MAC learning does not hold for more than 30 seconds. PR1454274

  • On the QFX5120-48T device, convergence delay for the link-protected MPLS LSP is more than 50 minutes. PR1478584

  • On the QFX5120 device, the following error message is observed while performing NSSU: syntax error: request-package-validate message. PR1479753

  • There is no option to upgrade firmware for the backup Routing Engine. PR1479925

  • The output of the show snmp mib walk jnxFruName command has an extra entry for the Routing Engine. PR1483384

  • On the QFX5120 Virtual Chassis, the output of the show chassis alarm command displays incorrect PEM status after multiple GRES events. PR1486736

  • On the QFX10000 devices, traffic drop for more than 50 minutes is observed on bringing down the aggregated Etherent interface. PR1486853

  • A 100 percent Layer 2 MAC scaling traffic loss is observed in the QFX10002-60C switch after loading the EVPN-VXLAN collapsed profile configurations. PR1489753

  • Data corruption might occur while abrupt power cycles are performed. PR1507750

  • Changing the scaled firewall profiles on the fly does not release the TCAM resources as expected. PR1512242

  • On the QFX10000 device, the interface encapsulation ethernet-bridge for EVPN is not supported. PR1538852

  • On the QFX5000 device, microburst absorption is limited. PR1545046

Routing Protocols

  • The multicast route and pim (s,g) are incorrectly populated. PR1483732

  • On QFX5100 devices not running the QFX-5E codes (non TVP architecture), when image with Broadcom SDK upgrade (6.5.X) is installed, the CPU utilization might go up by around 5 percent. PR1534234

  • On the QFX10002 device, the S,G convergence on the remote PE devices are very slow, taking around 30 minutes to converge completely. PR1542675

Open Issues

Learn about open issues in Junos OS Release 20.2R3 for QFX Series Switches. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

EVPN

  • In the ERB scale setup powering up, a leaf might cause ingress traffic loss upto 250 seconds. PR1544204

  • After changing VNID, it takes about 7 minutes for the control plane to populate remote VTEPs in the VLAN. PR1550163

High Availability (HA) and Resiliency

  • On the QFX5200-32C devices, the reboot time is degraded from 205 seconds in Junos OS Release 20.2R1 to 260 seconds in Junos OS Release 20.3R1. PR1511607

Infrastructure

  • The following error message is seen during FTP: ftpd[14105]: bl_init: connect failed for /var/run/blacklistd.sock(No such file or directory). PR1315605

  • Device goes to database prompt with panic: ffs_valloc: dup alloc during powering on of the device. PR1480185

Interfaces and Chassis

  • On the QFX5110 MC-LAG, flooding of the multicast packets for around 16 to 20 seconds is observed after disabling and enabling a member link of ICL after reboot. PR1422473

Layer 2 Features

  • On the QFX5000 Virtual Chassis, multicast traffic gets flooded even when the IGMP report times out. PR1431893

  • New tenant addition and deletion leads to intra-VNI traffic drop for a few milliseconds. PR1455654

  • On QFX5110 and QFX5120 platforms, changing lo0 IP address might sometimes either result in stale entry of IP in mpls_entry table or missing IP entry, which results in traffic drop for VXLAN traffic. PR1472333

Layer 2 Ethernet Services

  • The DHCP decline packets are not forwarded to the DHCP server when forward-only is set within dhcp-reply. PR1429456

  • ZTP not getting activated after returning the device to zero was observed once or twice. PR1529246

Platform and Infrastructure

  • On the QFX5100-48T-6Q devices, port LEDs might not work. PR1317750

  • On the QFX10000 devices, source MAC and TTL values are not updated for routed multicast packets in EVPN-VXLAN. PR1346894

  • The backup Routing Engine might crash after GRES occurs continuously for more than 10 times. PR1348806

  • On the QFX10000 line of switches, the Aruba wireless access point (AP) heartbeat packets get dropped. As a result, the Aruba wireless AP cannot work. PR1352805

  • USB upgrade of network operating system image is not supported. PR1373900

  • Due to the transient hardware condition, single-bit error (SBE) events are corrected and have no operational impact. Those reported events had been disabled to prevent alarms and possibly unnecessary hardware replacements. PR1384435

  • The DRAM and buffer utilization fields are not correct. PR1394978

  • CPU performance might become slow. PR1399369

  • uRPF in the Strict mode does not work. PR1417546

  • The IPv6 communication issue might be observed after passing through the QFX10002-60C devices. PR1424244

  • When spine underlay is tagged and untagged, the inner packet comes over the TYPE-2 tunnel and goes over the TYPE-2 tunnel resulting in IPv4 to silently discard traffic on PECHIP. PR1435864

  • On the QFX5200 line of switches, the ISSU might fail. PR1438690

  • On the QFX5000 devices, the port qualifier is not supported. PR1440980

  • On the QFX10000 line of switches, removal of the EVPN-VXLAN Layer 3 gateway on the IRB interface from the spine switches might cause traffic to be silently discarded. PR1446291

  • The vehostd application fails to generate a minor alarm. PR1448413

  • On the QFX5000 line of switches, misleading ISSU logs are printed during the NSSU process even when the box does not perform ISSU. PR1451375

  • Interface sends mirrored traffic out even after it is removed from the output VLAN. PR1452459

  • 9.51 percent of degradation with commit time and 12 percent of degradation with VLAN commit convergence are observed while comparing 19.4DCB with 19.3DCB. PR1457939

  • storm-control does not rate-limit ARP packets. PR1461958

  • On the QFX5110 line of switches, the VXLAN VNI (mcast) scaling causes traffic issue. PR1462548

  • On the QFX10002-60C line of switches, the Packet Forwarding Engine installation or deletion, and link flap convergence time are reduced in Junos OS Release 19.4 compared to Junos OS Releases 19.3R1 and 19.2R1. PR1464572

  • On the QFX5120-48T devices, finding discrepancy in the output of the show chassis environment pem command can be seen in the backup member as well. PR1474520

  • On the QFX5220 devices, the lo0 firewall filter might affect the Layer 3 forwarding traffic. PR1475620

  • On the QFX10000 devices, the loopback-based filter with decap GRE does not work as expected. PR1479613

  • The output of the app-engin command displays a command that does not display information about the backup member. PR1479900

  • On the QFX5120-48T devices, the JTI exports in the fan state as Online for a failed fan module. PR1480259

  • On the QFX5110 and QFX5120 devices, the ICMP redirect messages are not generated. PR1481020

  • On the QFX5000 device, dcpfe does not come up in an abrupt power-off or power-on situation. PR1481176

  • Disabled interfaces might still transmit power after the device reboots. PR1487554

  • On the QFX5120-48T devices, commit fails on the backup device of the Virtual Chassis while removing storm control with HA configured. Warning messages are also observed as patch removes the statement that is not empty. PR1488847

  • Interface on platforms using Broadcom chipset might have an abnormal status. PR1495564

  • The interfaces on the EX4600-EM-8F device expansion module do not come up on the QFX5100-24Q device with the QFX5E image. PR1502237

  • On the QFX5100 devices, degradation is observed during the system reboot time and FPC online time. PR1513540

  • On the QFX10002-60C devices, degradation during system reboot time is observed. PR1516086

  • The dcpfe process generates the core file after adding IRB in the same routing instance as that of the underlay VTEP interface. PR1519651

  • SNMP trap of power failure might not be sent out. PR1520144

  • Higher token allocation with the arp-enhanced-scale command due to kernel global token leakage is observed. PR1530947

  • The BFD neighborship fails with the EVPN_VXLAN configuration after the Layer 2 learning restarts. PR1538600

  • On the QFX5000 devices, route leaking does not work for the IPv4 routes if mask is less than 16 and for the IPV6 routes if mask is less than 64. PR1538853

  • On the QFX10002-60C devices, ARP or token scale is lower than the QFX10002 and QFX10008 devices that causes the dcpfe process to generate the core file at a high scale. PR1541686

  • On the QFX5000 Virtual Chassis fan, traffic loss might be seen after swapping the primary and backup Routing Engines. PR1544353

  • BD creation fails for few VLANs while switching from the script configuration to profile configuration. PR1545517

  • Need to move WRL7 to RCPL31 for the QFX-10-M and QFX-10-F devices. PR1547565

  • After 12 hours of longevity with events, the Layer 3 traffic with destination to local host is dropped. PR1548740

  • Traffic does not get load-balanced by the QFX10002 device over ESI links with EVPN-VXLAN configured. PR1550305

  • PRBS (psuedorandom binary sequence) test on the QFX5200 device fails for 100GbE interfaces with the default settings. PR1560086

  • On the QFX5100 Virtual Chassis, the following continuous message is observed: agentd-pfe-proxy_telemetry_publisher. PR1566528

  • On the QFX5100 device, the following internal comment is displayed: Placeholder for QFX platform configuration. PR1567037

  • The Packet Forwarding Engine might produce error messages while deleting an interface in configurations with IRB interfaces. PR1054798

  • If the interface is newly added as the CE interface, the existing broadcast, unknown unicast, and multicast (BUM) traffic can be looped. The loop prevention feature is designed to start working whenever a new CE interface is added by configuration. But the existing BUM traffic can be distributed to a new CE interface earlier before enabling the loop prevention feature. PR1493650

Routing Protocols

  • On the QFX5100 Virtual Chassis, instability issues due to disabling DDoS protection is observed. PR1238875

  • On the QFX5100 Virtual Chassis or Virtual Chassis fan, the following error is observed in the hardware with the mini-PDT base configurations: BRCM_NH-,brcm_nh_bdvlan_ucast_uninstall(), 128:l3 nh 6594 unintsall failed. PR1407175

  • The remaining BFD sessions of the aggregated Ethernet interface flap continuously if one of the BFD sessions is deleted. PR1516556

  • The BFD sessions might flap continuously after disruptive switchover followed by GRES. PR1518106

  • BFD for BGP protocol flaps with sub-second timers with certain events performed in the fabric. PR1539085

Virtual Chassis

  • On the QFX5000 Virtual Chassis, the DDoS violations that occur on the backup are not reported to the Routing Engine. PR1490552

Resolved Issues

Learn which issues were resolved in Junos OS main and maintenance releases for QFX Series Switches.

For the most complete and latest information about known Junos OS defects, use the Juniper online Junos Problem Report Search application.

Resolved Issues: 20.2R3

EVPN

  • On the QFX5000 device used on EVPN-VXLAN scenarios, load-balancing traffic (inter VLAN) might not work for multiple ESI-VTEP pairs with the underlay aggregated Ethernet interface between leaf and spines. PR1512253

  • All the ARP reply packets toward some address are flooded across the entire fabric. PR1535515

  • EVPN-VXLAN registers MAC-move counters under system statistics bridge even though there is no actual MAC-move for the multihome clients. PR1538117

  • The l2ald process might generate core file if the EVPN-VXLAN configuration is changed. PR1541904

  • The l2ald daemon might crash when forwarding-options evpn-vxlan shared-tunnels is configured. PR1548502

  • The EVPN-VXLAN MAC-IP aging test fails. PR1562925

Forwarding and Sampling

  • The l2ald process might crash due to next-hop issue in the EVPN-MPLS. PR1548124

Infrastructure

  • The output of the show interfaces extensive command might display 0 temporarily during a race condition when SNMP query is issued. PR1533314

Interfaces and Chassis

  • MAC entry remains as DR after MC-LAG failover. PR1562535

Layer 2 Features

  • Traffic might be forwarded incorrectly on an interface with VXLAN enabled and the hold-time up xxx command statement configured. PR1550918

  • On the QFX5120 devices, packets with VLAN ID 0 are dropped. PR1566850

Platform and Infrastructure

  • On the QFX5000 line of switches, the number of egress ACL filter entries is only 512 in Junos OS Release 19.4R1. PR1472206

  • On the QFX10000 devices, the chassisd process might generate core files on the backup Routing Engine after committing due to CHASSISD_MAIN_THREAD_STALLED for 200 seconds. PR1481143

  • SNMP index in the Packet Forwarding Engine reports as 0, causing sFlow to report either IIF or OIF (not both) as 0 in the sFlow record data at the collector. PR1484322

  • IRB MAC is not be programmed in hardware when the MAC persistence timer expires. PR1484440

  • Slow response might be observed if the show | compare or commit check action in a large-scale configuration environment is committed. PR1500988

  • The output VLAN push might not work. PR1510629

  • On the QFX5000 line of switches, multicast traffic loss is observed due to few multicast routes missing in the spine node. PR1510794

  • The DHCP traffic might not be forwarded correctly while sending the DHCP unicast packets. PR1512175

  • Channelized interfaces might fail to come up. PR1512203

  • In a Virtual Chassis environment, the output of the show chassis forwarding-options command displays incorrect value when num-65-127-prefix value is configured for the FPC that is not local (backup and line card members of the Virtual Chassis). PR1512712

  • On the QFX5100 devices, cprod timeout triggers high CPU utilization. PR1520956

  • The output interface index in the sFLOW packet is zero when the transit traffic is observed on the IRB interface with VRRP enabled. PR1521732

  • On the QFX10000 devices, channelizing the 40GbE port to 10GbE port might bring down another interface. PR1527814

  • Packet loss is observed while validating the policer after restarting the chassis control. PR1531095

  • High rate of ARP or NS packets might be observed between a device that runs Junos OS and host when the device that runs Junos OS receives an ARP or NS packet on an interface in transition. PR1534796

  • The following Packet Forwarding Engine error message is seen: BRCM-VIRTUAL,brcm_virtual_tunnel_port_create() ,489:Failed NW vxlan port token(45) hw-id(7026) status(Entry not found). PR1535555

  • Software recovery or installation using the Bootable USB Flash Drive option might fail. PR1536799

  • On the QFX5100-48T devices, interfaces are not created after channel-speed 10Gbps is applied across ports 48 to 53. PR1538340

  • The Management Ethernet link down alarm is seen while verifying the system alarms in a Virtual Chassis setup. PR1538674

  • ARP request might be dropped in the leaf in the EVPN-VXLAN scenario. PR1539278

  • Not able to take RSI properly due to the authentication error. PR1539654

  • On the QFX5100 Virtual Chassis, the End segment Not Present message is not reported for the ping overlay function with the local host MAC. PR1542226

  • On the QFX5000 devices running EVPN-VXLAN, the Packet Forwarding Engine related error message might be observed: bd_platform_irb_ifl_attach_detach: platform specific irb ifl attach/detach failed (-1). PR1543812

  • The Broadcom chip FPC might crash during system bootup. PR1545455

  • On the QFX10000 devices, traffic might get dropped while changing the configuration to set routing-options forwarding-table no-ecmp-fast-reroute with 128 ECMP entries. PR1547457

  • On the QFX5100 Virtual Chassis, the backup Routing Engine clears the reporting alarm for a PEM failure intermittently for a missing power source. PR1548079

  • The 40GbE interface might be channelized after the Virtual Chassis member restarts. PR1548267

  • Neighbor Solicitation might be dropped from the peer device. PR1550632

  • Interface filter with source-port 0 matches everything instead of just port 0. PR1551305

  • On the QFX5110 and QFX5120 devices, the DHCPv6 traffic received over VTEP might not be forwarded. PR1551710

  • The action-shutdown command of storm control does not work for the ARP broadcast packets. PR1552815

  • The traffic might not be passed because VLAN tag 2 is added while passing through the Virtual Chassis port. PR1555835

  • Traffic might be dropped when a firewall filter rule uses the then vlan action. PR1556198

  • Analyzer might cause traffic storm due to the flapping of the link. PR1557274

  • Licenses for the VRRP, CFM, QINQ, VXLAN, MCLAG, ESI-LAG, LFM/Ethernet-OAM features might incorrectly show as invalid licenses. PR1558017

  • On the QFX5000 devices, the firewall filter might fail to work. PR1558320

  • Amber LEDs are observed for fan modules in the QFX5120 devices after upgrading to Junos OS Release 20.2R1. PR1558407

  • Few IPv6 ARP resolutions might fail after loading the base configurations. PR1560161

  • When configuring the static MAC and static ARP on the EVPN core aggregate interface the underlay next-hop programming might not be updated in the Packet Forwarding Engine. PR1561084

  • On the QFX5110-48S-4C devices, the PTP lock status gets stuck at the Acquiring state instead at the Phase aligned state. PR1561372

  • On the QFX5000 devices, port mirroring might not work as expected. PR1562607

  • On the QFX5120 devices, storm control with IRB interface might not work correctly. PR1564020

Routing Policy and Firewall Filters

  • The policy configuration might be mismatched between the rpd and mgd processes when deactivate policy-options prefix-list is involved in the configuration sequence. PR1523891

Routing Protocols

  • On the QFX 5100-48T-6Q Virtual Chassis or Virtual Chassis fan, the following error message is observed while copying the image to the Virtual Chassis fan member and trying to downgrade the image: rcp for member 14, failed. PR1486632

  • The dcpfe process might crash while updating VRF instances for multicast routes during IRB uninit. PR1546745

  • BGP LU session might flap when the Accumulated Interior Gateway protocol is used. PR1558102

  • On the QFX5110-32Q device, the following syslog error message is observed after loading the NC T5 EVPN-VXLAN configuration: LBCM-L2,pfe_bcm_l2_sp_bridge_port_tpid_set() Config TPID New/Old (8100:8100) Other-Tpid's ba49, 4aa0, 80f. PR1558189

  • The dcpfe process might crash when the size of the Local Bias Filter Bitmap string exceeds 256 characters. PR1568159

Resolved Issues: 20.2R2-S2

  • On the QFX5120-48Y line of switches, amber LED lightsare on continuously displayed on the fan modules even though thereare no fault in the fan after upgrading to Junos OS Release 20.2R1and later. PR1558407

Resolved Issues: 20.2R2

Class of Service (CoS)

  • The PFC feature is not supported with the QFX5120 Virtual Chassis due to chip limitation. PR1431895

  • Traffic might be forwarded to the incorrect queue when a fixed classifier is used. PR1510365

EVPN

  • EVPN-VXLAN core isolation is not working when the system is rebooted or the routing is restarted. PR1461795

  • Unable to create a new VTEP interface. PR1520078

  • ARP table might not be updated after performing VMotion or a network loop. PR1521526

  • All the ARP reply packets towards to some address are flooded across the entire fabric. PR1535515

Infrastructure

  • OID ifOutDiscards reports zero and sometimes shows valid value. PR1522561

Interfaces and Chassis

  • The dcpfe might crash when the ICL is disabled and then enabled. PR1525234

Layer 2 Ethernet Services

  • EX/QFX device sometimes doesn't obtain default-route or route listing gets delayed. PR1504931

  • The aggregated Ethernet interface sometimes might not come up after switch is rebooted. PR1505523

Layer 2 Features

  • Flow control is enabled in PFE irrespective of interface configuration and the fix causes a very small amount of packet loss when a parameter related to an interface such as "interface description" on any port is changed. PR1496766

  • On the QFX5000 line of switches, traffic imbalance might be observed if hash-params is not configured. PR1514793

  • The MAC address in the hardware table might become out of synchronization between the primary and backup in Virtual Chassis after the MAC flaps. PR1521324

Platform and Infrastructure

  • The PMTUD might not work for both IPv4 and IPv6 if the ingress Layer 3 interface is an IRB. PR1442587

  • On the QFX5000 line of switches, the dcpfe process crashes due to the usage of data that is not null getting terminated. PR1454527

  • On the QFX5100 switches, the interface output counter is double counted for self-generated traffic. PR1462748

  • The sFlow could not work correctly if the received traffic goes out of more than one interface. PR1475082

  • Egress port mirroring might not work when the analyzer port and mirrored port belong to a different FPC. PR1477956

  • QFX5100: If more than one UDF filter/term is configured, then only the first filter/term will be programmed in hardware. This is due to SDK 6.5.16 upgrade. PR1487679

  • Junos OS: EX2300 Series: High CPU load due to receipt of specific multicast packets on layer 2 interface (CVE-2020-1668). PR1491905

  • ARP might not get refreshed after timeout. PR1497209

  • Virtual Chassis is not stable with 100-Gigabit Ethernet and 40-Gigabit Ethernet interfaces. PR1497563

  • Outbound SSH connection flaps or memory leaks during the push configuration to ephemeral database with high rate. PR1497575

  • Traffic might get dropped if the aggregated Ethernet member interface is deleted or added, or a SFP of the aggregated Ethernet member interface is unplugged or plugged. PR1497993

  • BFD sessions flap after deactivating or activating the aggregated Ethernet interface or executing GRES. PR1500798

  • On the QFX5000 switches, ERPS might not work correctly. PR1500825

  • The following error message might be observed during MPLS route add, change, or delete operation: mpls_extra NULL. PR1502385

  • The interface becomes physically down after changing to the FEC-none mode. PR1502959

  • LLDP is not acquired when native-vlan-id and tagged VLAN-ID are the same on a port. PR1504354

  • "Media type" in show interface command is displayed as "Fiber" for SFP-10G-T. PR1504630

  • The l2cpd process might crash if the ERP configuration is added or removed, and the l2cpd process is restarted. PR1505710

  • The archival function might fail in certain conditions. PR1507044

  • The fxpc may crash and restart with a fxpc core file created while installing image through ZTP. PR1508611

  • Traffic might be affected on QFX10002/QFX10008/QFX10016 platform. PR1509220

  • ARP replies might be flooded through the EVPN-VXLAN network as unknown unicast ARP reply. PR1510329

  • The output VLAN push might not work. PR1510629

  • On the QFX5000 line of switches, multicast traffic loss is observed due to few multicast routes missing in the spine node. PR1510794

  • The QFX10000-36Q line card used on QFX10008/QFX10016 platforms may fail to detect any QSFP. PR1511155

  • In the VXLAN configuration, the firewall filters might not be loaded into the TCAM with the following message due to TCAM overflow after upgrading to Releases 18.1R3-S1, 18.2R1, and later : DFWE ERROR DFW: Cannot program filter. PR1514710

  • The routes update might fail upon the HMC memory issue and traffic impact might be seen. PR1515092

  • The 100-Gigabit Ethernet AOC non-breakout port might be auto-channelized to other speed. PR1515487

  • The MAC learning might not work properly after multiple MTU changes on the access port in the VXLAN scenario. PR1516653

  • The dcpfe process might crash due to memory leak. PR1517030

  • The vgd process might generate a core file when the OVSDB server restarts. PR1518807

  • Traffic forwarding might be affected when adding, removing, or modifying the VLAN or VNI configurations such as VLAN-ID, VNI-ID, and Ingress-Replication command. PR1519019

  • Output interface index in sFLOW packet are zero when transit traffic are observed on the IRB interface with VRRP enabled. PR1521732

  • On the QFX10002, QFX10008, and QFX10016 line of switches, the following error message is observed during specific steps while clearing and loading the scaled configuration again: PRDS_SLU_SAL:jprds_slu_sal_update_lrncnt(),1379: jprds_slu_sal_update_lrncnt call failed. PR1522852

  • Sampling with the rate limiter command enabled, crosses the sample rate 65535. PR1525589

  • Packet loss is observed while validating the policer after restarting the chassis control. PR1531095

  • High rate of ARP or NS packets might be observed between a device that runs Junos OS and host when the device that runs Junos OS receives an ARP or NS packet on an interface in transition. PR1534796

  • Management Ethernet link down alarm seen while verifying system alarms in Virtual Chassis setup. PR1538674

Routing Protocols

  • On the QFX 5100-48T-6Q Virtual Chassis or Virtual Chassis fan, the following error message is observed while copying image to the Virtual Chassis fan member and trying to downgrade the image: rcp for member 14, failed. PR1486632

  • EX4300-MP/EX4600/QFX5000 Series: High CPU load due to receipt of specific layer 2 frames in EVPN-VXLAN deployment. (CVE-2020-1687) & High CPU load due to receipt of specific layer 2 frames when deployed in a Virtual Chassis configuration (CVE-2020-1689). PR1495890

  • Scale of filters with egress-to-ingress command is enabled. PR1514570

  • The rpd might report 100% CPU usage with BGP route damping enabled. PR1514635

  • Enabling Ipv6 flow based Packet forwarding Engine hashing gives commit error. PR1519018

  • Firewall "sample" configuration gives the warning as unsupported on QFX10002-36q and will not work. PR1521763

  • On the QFX5000 line of switches, the fxpc process might crash if the VXLAN interface flaps. PR1528490

User Interface and Configuration

  • The version information under the configuration changes from Junos OS Release 19.1 onwards. PR1457602

Virtual Chassis

  • On QFX5120 and QFX5210 platforms unexpected storm control events might happen. PR1519893

Resolved Issues: 20.2R1

EVPN

  • The ESI of IRB interfaces does not update after autonomous-system number change if the interface is down. PR1482790

  • QFX10002-60C EVPN-VXLAN multicast: The show command issued for the VTEP interface did not show mesh-group id. PR1498052

  • The VXLAN function might be broken due to a timing issue. PR1502357

Class of Service (CoS)

  • Traffic might be forwarded to an incorrect queue when fixed classifier is used. PR1510365

General Routing

  • The following error message is generated while booting: CMQFX: Error requesting SET BOOLEAN, illegal setting 66. PR1385954

  • The configuration statement show chassis errors active detail is not supported for QFK5000 platforms. PR1386255

  • The 10G fiber interfaces might flap frequently when they are connected to other vendor's switch. PR1409448

  • The statement show interface indicates Media type: Fiber on QFX5100-48T running ’-qfx-5e-’ Junos OS image. PR1419732

  • A vmcore is seen on QFX Series Virtual Chassis. PR1421250

  • SFP-LX10 stay down until autonegotiate is disabled. PR1423201

  • The default logical interfaces on channelized physical interfaces might not be created after ISSU/ISSR. PR1439358

  • CRC error might be seen on the VCPs of the QFX5100 Virtual Chassis. PR1449406

  • On QFX5000 no warning or error is shown when dual VLAN tag feature is configured on physical interface. PR1450455

  • Members might stay disconnected from a QFX5120-32C and QFX5120-48T Virtual Chassis after a full-stack reboot. PR1453399

  • Changing the VLAN name associated with access ports might prevent MAC addresses from being learned in an EVPN-VXLAN scenario. PR1454095

  • The cosd crash might be observed if forwarding-class-set is directly applied on the child interface of an aggregated Ethernet interface. PR1455357

  • Telemetry traffic might not be sent out when the telemetry server is reachable through a different routing instance. PR1456282

  • Link up delay and traffic drop might be seen on mixed SP L2/L3 and EP L2 type configurations. PR1456336

  • QFX5110 QSFP-100GBASE-SR4 made by the third party cannot link up. PR1457266

  • An FPC might restart during runtime on the QFX10000 line of devices. PR1464119

  • EPR iCRC errors in QFX10000 platforms might cause protocols to go down. PR1466810

  • A few of DHCP INFORM packets specific to a particular VLAN might be taking the wrong resolve queue. PR1467182

  • Traffic loss might be seen with framing errors or runts if MACsec is configured on EX4600/QFX5100 platforms. PR1469663

  • The speed 10m might not be configured on the GE interface. PR1471216

  • The traffic loss might occur when VTEP source interface is configured in multiple routing instances. PR1471465

  • Egress ACL filter entries will be only 512 in Junos OS Release 19.4R1 on QFX5000. PR1472206

  • The shaping of CoS does not work after reboot. PR1472223

  • DSCP marking might not work as expected if the fixed classifiers are applied to interfaces on QFX5000/EX4600 platforms. PR1472771

  • The detached interface in LAG might process the xSTP BPDUs. PR1473313

  • On QFX5000, the global-mac-table-aging-time statement behavior with multi-homed EVPN-VXLAN ESI. PR1473464

  • ERP might not come up properly when MSTP and ERP are enabled on the same interface. PR1473610

  • The RIPv2 packets forwarded across a L2 circuit connection might be dropped. PR1473685

  • Continuous error log messages might be raised on QFX5000 platforms in EVPN-VXLAN scenario. PR1474545

  • L2 circuit might fail to communicate through VLAN 2 on QFX5000 platforms. PR1474935

  • On QFX Series platforms the system might stop new MAC learning and have impact on Layer 2 traffic forwarding. PR1475005

  • DAC cables are not being properly detected in Packet Forwarding Engine in QFX5200. PR1475249

  • There might be a traffic drop on QFX5110 and QFX5120 switches acting as leaf switches in a multicast environment with VXLAN. PR1475430

  • FPC major error is seen after system boot up or FPC restart. PR1475851

  • QFX Series platforms are exhibiting invalid Packet Forwarding Engine PG counter pairs to copy, src 0xfffff80, dst 0. PR1476829

  • Continuous error logs on the device: prds_ptc_wait_adoption_status: PECHIP[1] PTC[1]: timeout on getting adoption valid bit[8] asserted. PR1477192

  • The default Virtual Chassis MAC persistence timer is incorrectly set to 20 seconds instead of 20 minutes. PR1478905

  • The remaining interface might be still in down state even though the number of channelized interfaces is no more than 5. PR1480480

  • ARP request packets for unknown host might get dropped in remote PE device in EVPN-VXLAN scenario. PR1480776

  • On QFX10000 and QFX5000, in SP style configuration, BUM traffic incorrectly gets blocked, while disabling or enabling a different logical interface. PR1482202

  • On QFX5110, whenever the autonegotation is toggled on the interface, explicitly set the link-mode as well as the speed for the configuration to take effect. PR1484715

  • The dcpfe core file might be seen with non-oversubscribed mode. PR1485854

  • The 10GbE VCP ports will not be active in a QFX5100 Virtual Chassis scenario. PR1486002

  • Virtual Chassis ports might go down in a mixed Virtual Chassis setup of QFX5100-24Q-2P/EX4300 and EX4600/EX4300. PR1489985

  • After ISSU/ISSR, a port using SR4/LR4 optics might not come up. PR1490799

  • BFD sessions start to flap when the firewall filter in the loopback0 is changed. PR1491575

  • Traffic loss could be observed in a mixed Virtual Chassis setup of QFX5100 and EX4300. PR1493258

  • Traffic loss could be seen in a MC-LAG scenario on QFX5120/EX4650. PR1494507

  • SNMP polling for CPU utilization and CPU state of backup Routing Engine does not show in a two-member Virtual Chassis. PR1495384

  • ARP do not get refreshed after timeout on QFX10002-60C. PR1497209

  • Extra carrier transitions are seen on the peer when negative triggers are performed on QFX5100 and QFX5110. PR1497380

  • An lcmd core file might be generated on QFX52100-64C. PR1497947

  • Traffic might get dropped if aggregated Ethernet member interface is deleted and then added or a SFP of the aggregated Ethernet member interface is unplugged/plugged. PR1497993

  • On QFX5210, unexpected behavior is seen for Port LED after upgrade. PR1498175

  • Inter-VNI/VRF and intra-VNI/VRF traffic is dropped between the CE devices when the interfaces connected between TOR and multihomed PE devices are disabled. PR1498863

  • The l2cpd crash might be seen while adding or deleting ERP configuration and then restarting l2cpd. PR1505710

  • ARP replies might be flooded through the EVPN-VxLAN network as unknown unicast ARP reply. PR1510329

High Availability (HA) and Resiliency

  • Unified ISSU will not be supported for QFX5000 for some versions. PR1472183

Interfaces and Chassis

  • The MC-LAG configuration-consistency ICL-config might fail after committing some changes. PR1459201

  • Executing commit might hang up because dcd process gets stuck. PR1470622

  • Commit error is not thrown when member link is added to multiple aggregation group with different interface specific options. PR1475634

  • MC-LAG consistency check fails if multiple IRB units are configured with the same VRRP group. PR1488681

  • Error message is not getting generated while verifying GRE limitation. PR1495543

Junos Fusion for Enterprise

  • Loop detection might not work on extended ports in Junos fusion scenarios. PR1460209

Layer 2 Ethernet Services

  • EVPN-VXLAN ERB - dhcp relay-source lo0.1 is not used when enabled with anycast legacy IRB. PR1455076

  • Member links state might be asychronized on a connection between PE and CE devices in an EVPN A/A scenario. PR1463791

  • Issues with DHCPv6 relay processing confirm and reply packets. PR1496220

Layer 2 Features

  • MAC learning might not work correctly on QFX5120. PR1441186

  • The LLDP function might fail when a Juniper Networks device connects to a non-Juniper one. PR1462171

  • A few MAC addresses might be missing from the MAC table in software on QFX5000 platform. PR1467466

  • On QFX5120 switches QinQ, the third VLAN tag is not pushed onto the stack and SWAP is being done instead. PR1469149

  • Traffic might be affected if composite next hop is enabled. PR1474142

  • On QFX5200, MAC learning rate is degraded by 88 percent. PR1494072

MPLS

  • Traffic might silently get dropped or discarded on the PE device when the CE device sends traffic to the PE device and the destination is resolved with two LSPs through one upstream interface. PR1475395

  • The traffic might be lost over QFX5100 switch acting as a transit PHP node in the MPLS network. PR1477301

  • BGP session might keep flapping between two directly connected BGP peers because of the incorrect TCP-MSS in use. PR1493431

Platform and Infrastructure

  • The SLAX script might be lost after upgrading software. PR1479803

  • Traceroute monitor with mtr version v.69 shows a false 10 percent loss. PR1493824

Routing Protocols

  • OSPF VRF sessions take a long time to come up when the host table is full and host routes are in LPM table. PR1358289

  • BGP IPv4 or IPv6 convergence and RIB install/delete time degraded in Junos OS Release 19.1R1 and later mainline releases. PR1414121

  • PIM (S,G) joins can cause MSDP to incorrectly announce source-active messages in some cases. PR1443713

  • CRC errors might be seen on QFX5100 Virtual Chassis. PR1444845

  • The core files might occur during adding or removing EVPN Type 5 routing instance. PR1455547

  • [pfe_loadbalance] [pfeloadtag] flows not falling back to single link when inactivity-interval is set higher than IFG. PR1471729

  • Traffic might not be forwarded over ECMP link in EVPN-VXLAN scenario. PR1475819

  • ARP packets are always sent to CPU regardless of whether the storm-control is activated. PR1476708

  • GRE transit traffic is not forwarded in VRRP scenario. PR1477073

  • MUX State in LACP interface does not go to "collecting and distributing" and remains attached after enabling the ae interface. PR1484523

  • FPC might go to "NotPrsnt" state after upgrading with non-QFX5100-24Q image in a Virtual Chassis/Virtual Chassis fabric setup. PR1485612

  • CPU port queue gets full due to excessive pause frames being received on interfaces. This causes control packets from the CPU to all ports to be dropped. PR1487707

  • The BGP route-target family might prevent RR from reflecting L2 VPN and L3 VPN routes. PR1492743

  • The rpd might crash on QFX10000 due to rpd resolver problem of INH. PR1494005

  • Firewall filter might not work in certain conditions under Virtual Chassis setup. PR1497133

  • Traffic drop might be observed after modifying FBF firewall filter. PR1499918

  • Change in x-path output for value "input-updates" in show bgp neighbors. PR1504399

Documentation Updates

There are no errata or changes in Junos OS Release 20.2R3 documentation for the QFX Series Switches.

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network.

Upgrading Software on QFX Series Switches

When upgrading or downgrading Junos OS, always use the jinstall package. Use other packages (such as the jbundle package) only when so instructed by a Juniper Networks support representative. For information about the contents of the jinstall package and details of the installation process, see the Installation and Upgrade Guide and Junos OS Basics in the QFX Series documentation.

If you are not familiar with the download and installation process, follow these steps:

  1. In a browser, go to https://www.juniper.net/support/downloads/junos.html.

    The Junos Platforms Download Software page appears.

  2. In the QFX Series section of the Junos Platforms Download Software page, select the QFX Series platform for which you want to download the software.
  3. Select 20.2 in the Release pull-down list to the right of the Software tab on the Download Software page.
  4. In the Install Package section of the Software tab, select the QFX Series Install Package for the 20.2 release.

    An Alert box appears.

  5. In the Alert box, click the link to the PSN document for details about the software, and click the link to download it.

    A login screen appears.

  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.
  7. Download the software to a local host.
  8. Copy the software to the device or to your internal software distribution site.
  9. Install the new jinstall package on the device.Note

    We recommend that you upgrade all software packages out of band using the console, because in-band connections are lost during the upgrade process.

    Customers in the United States and Canada use the following command:

    user@host> request system software add source/jinstall-host-qfx-5-x86-64-20.2-R3.n-secure-signed.tgz reboot

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the switch.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname (available only for Canada and U.S. version)

    Adding the reboot command reboots the switch after the upgrade is installed. When the reboot is complete, the switch displays the login prompt. The loading process can take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note

After you install a Junos OS Release 20.2 jinstall package, you can issue the request system software rollback command to return to the previously installed software.

Installing the Software on QFX10002-60C Switches

This section explains how to upgrade the software, which includes both the host OS and the Junos OS. This upgrade requires that you use a VM host package—for example, a junos-vmhost-install-x.tgz .

During a software upgrade, the alternate partition of the SSD is upgraded, which will become primary partition after a reboot .If there is a boot failure on the primary SSD, the switch can boot using the snapshot available on the alternate SSD.

Note

The QFX10002-60C switch supports only the 64-bit version of Junos OS.

Note

If you have important files in directories other than /config and /var, copy the files to a secure location before upgrading. The files under /config and /var (except /var/etc) are preserved after the upgrade.

To upgrade the software, you can use the following methods:

If the installation package resides locally on the switch, execute the request vmhost software add <pathname><source> command.

For example:

user@switch> request vmhost software add /var/tmp/junos-vmhost-install-qfx-x86-64-.9.tgz

If the Install Package resides remotely from the switch, execute the request vmhost software add <pathname><source> command.

For example:

user@switch> request vmhost software add ftp://ftpserver/directory/junos-vmhost-install-qfx-x86-64-.9.tgz

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Installing the Software on QFX10002 Switches

Note

If you are upgrading from a version of software that does not have the FreeBSD 10 kernel (15.1X53-D30, for example), you will need to upgrade from Junos OS Release 15.1X53-D30 to Junos OS Release 15.1X53-D32. After you have installed Junos OS Release 15.1X53-D32, you can upgrade to Junos OS Release 15.1X53-D60 or Junos OS Release 18.3R1.

Note

On the switch, use the force-host option to force-install the latest version of the Host OS. However, by default, if the Host OS version is different from the one that is already installed on the switch, the latest version is installed without using the force-host option.

If the installation package resides locally on the switch, execute the request system software add <pathname><source> reboot command.

For example:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-f-x86-64-20.2R3.n-secure-signed.tgz reboot

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> reboot command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-f-x86-64-20.2R3.n-secure-signed.tgz reboot

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Upgrading Software from Junos OS Release 15.1X53-D3X to Junos OS Release 15.1X53-D60, 15.1X53-D61.7, 15.1X53-D62, and 15.1X53-D63 on QFX10008 and QFX10016 Switches

Note

Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://www.juniper.net/support.

The switch contains two Routing Engines, so you will need to install the software on each Routing Engine (re0 and re1).

If the installation package resides locally on the switch, execute the request system software add <pathname><source> command.

To install the software on re0:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re0

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re0 command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re0

To install the software on re1:

user@switch> request system software add /var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re1

If the Install Package resides remotely from the switch, execute the request system software add <pathname><source> re1 command.

For example:

user@switch> request system software add ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re1

Reboot both Routing Engines.

For example:

user@switch> request system reboot both-routing-engines

After the reboot has finished, verify that the new version of software has been properly installed by executing the show version command.

user@switch> show version

Installing the Software on QFX10008 and QFX10016 Switches

Because the switch has two Routing Engines, perform a Junos OS installation on each Routing Engine separately to avoid disrupting network operation.

Note

Before you install the software, back up any critical files in /var/home. For more information regarding how to back up critical files, contact Customer Support at https://www.juniper.net/support.

Warning

If graceful Routing Engine switchover (GRES), nonstop bridging (NSB), or nonstop active routing (NSR) is enabled when you initiate a software installation, the software does not install properly. Make sure you issue the CLI delete chassis redundancy command when prompted. If GRES is enabled, it will be removed with the redundancy command. By default, NSR is disabled. If NSR is enabled, remove the nonstop-routing statement from the [edit routing-options] hierarchy level to disable it.

  1. Log in to the master Routing Engine’s console.

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  2. From the command line, enter configuration mode:

    user@switch> configure
  3. Disable Routing Engine redundancy:

    user@switch# delete chassis redundancy
  4. Disable nonstop-bridging:

    user@switch# delete protocols layer2-control nonstop-bridging
  5. Save the configuration change on both Routing Engines:

    user@switch# commit synchronize
  6. Exit the CLI configuration mode:

    user@switch# exit

    After the switch has been prepared, you first install the new Junos OS release on the backup Routing Engine, while keeping the currently running software version on the master Routing Engine. This enables the master Routing Engine to continue operations, minimizing disruption to your network.

    After making sure that the new software version is running correctly on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the software version on the other Routing Engine.

  7. Log in to the console port on the other Routing Engine (currently the backup).

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  8. Install the new software package using the request system software add command:

    user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-f-x86-64-20.2R3.n-secure-signed.tgz

    For more information about the request system software add command, see the CLI Explorer.

  9. Reboot the switch to start the new software using the request system reboot command:

    user@switch> request system reboot
    Note

    You must reboot the switch to load the new installation of Junos OS on the switch.

    To abort the installation, do not reboot your switch. Instead, finish the installation and then issue the request system software delete <package-name> command. This is your last chance to stop the installation.

    All the software is loaded when you reboot the switch. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.

    While the software is being upgraded, the Routing Engine on which you are performing the installation is not sending traffic.

  10. Log in and issue the show version command to verify the version of the software installed.

    user@switch> show version

    Once the software is installed on the backup Routing Engine, you are ready to switch routing control to the backup Routing Engine, and then upgrade or downgrade the master Routing Engine software.

  11. Log in to the master Routing Engine console port.

    For more information about logging in to the Routing Engine through the console port, see the specific hardware guide for your switch.

  12. Transfer routing control to the backup Routing Engine:

    user@switch> request chassis routing-engine master switch

    For more information about the request chassis routing-engine master command, see the CLI Explorer.

  13. Verify that the backup Routing Engine (slot 1) is the master Routing Engine:

    user@switch> show chassis routing-engine
  14. Install the new software package using the request system software add command:

    user@switch> request system software add validate /var/tmp/jinstall-host-qfx-10-f-x86-64-20.2R3.n-secure-signed.tgz

    For more information about the request system software add command, see the CLI Explorer.

  15. Reboot the Routing Engine using the request system reboot command:

    user@switch> request system reboot
    Note

    You must reboot to load the new installation of Junos OS on the switch.

    To abort the installation, do not reboot your system. Instead, finish the installation and then issue the request system software delete jinstall <package-name> command. This is your last chance to stop the installation.

    The software is loaded when you reboot the system. Installation can take between 5 and 10 minutes. The switch then reboots from the boot device on which the software was just installed. When the reboot is complete, the switch displays the login prompt.

    While the software is being upgraded, the Routing Engine on which you are performing the installation does not send traffic.

  16. Log in and issue the show version command to verify the version of the software installed.

  17. Transfer routing control back to the master Routing Engine:

    user@switch> request chassis routing-engine master switch

    For more information about the request chassis routing-engine master command, see the CLI Explorer.

  18. Verify that the master Routing Engine (slot 0) is indeed the master Routing Engine:

    user@switch> show chassis routing-engine

Performing a Unified ISSU

You can use unified ISSU to upgrade the software running on the switch with minimal traffic disruption during the upgrade.

Note

Unified ISSU is supported in Junos OS Release 13.2X51-D15 and later.

Perform the following tasks:

Preparing the Switch for Software Installation

Before you begin software installation using unified ISSU:

  • Ensure that nonstop active routing (NSR), nonstop bridging (NSB), and graceful Routing Engine switchover (GRES) are enabled. NSB and GRES enable NSB-supported Layer 2 protocols to synchronize protocol information between the master and backup Routing Engines.

    To verify that nonstop active routing is enabled:

    Note

    If nonstop active routing is enabled, then graceful Routing Engine switchover is enabled.

    If nonstop active routing is not enabled (Stateful Replication is Disabled), see Configuring Nonstop Active Routing on Switches for information about how to enable it.

  • Enable nonstop bridging (NSB). See Configuring Nonstop Bridging on Switches (CLI Procedure) for information on how to enable it.

  • (Optional) Back up the system software—Junos OS, the active configuration, and log files—on the switch to an external storage device with the request system snapshot command.

Upgrading the Software Using Unified ISSU

This procedure describes how to upgrade the software running on a standalone switch.

To upgrade the switch using unified ISSU:

  1. Download the software package by following the procedure in the Downloading Software Files with a Browser section in Installing Software Packages on QFX Series Devices.

  2. Copy the software package or packages to the switch. We recommend that you copy the file to the /var/tmp directory.

  3. Log in to the console connection. Using a console connection allows you to monitor the progress of the upgrade.

  4. Start the ISSU:

    • On the switch, enter:

      where package-name.tgz is, for example, jinstall-host-qfx-10-f-x86-64-20.1R2.n-secure-signed.tgz.

    Note

    During the upgrade, you cannot access the Junos OS CLI.

    The switch displays status messages similar to the following messages as the upgrade executes:

    Note

    A unified ISSU might stop, instead of abort, if the FPC is at the warm boot stage. Also, any links that go down and up will not be detected during a warm boot of the Packet Forwarding Engine (PFE).

    Note

    If the unified ISSU process stops, you can look at the log files to diagnose the problem. The log files are located at /var/log/vjunos-log.tgz.

  5. Log in after the reboot of the switch completes. To verify that the software has been upgraded, enter the following command:

  6. Ensure that the resilient dual-root partitions feature operates correctly, by copying the new Junos OS image into the alternate root partitions of all of the switches:

    Resilient dual-root partitions allow the switch to boot transparently from the alternate root partition if the system fails to boot from the primary root partition.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 19.3, 19.4, and 20.1 are EEOL releases. You can upgrade from Junos OS Release 19.3 to Release 19.4 or from Junos OS Release 19.3 to Release 20.1.

You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.