Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for EX Series

 

These release notes accompany Junos OS Release 20.3R3 for the EX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

What's New

Learn about new features introduced in Junos OS main and maintenance releases for EX Series Switches.

Note

The following EX Series switches are supported in Release 20.3R3: EX4300, EX4600, EX4650, EX9200, EX9204, EX9208, EX9214, EX9251, and EX9253.

What’s New in Release 20.3R3

There are no new features or enhancements to existing features for EX Series Switches in Junos OS Release 20.3R3.

What’s New in Release 20.3R2

There are no new features or enhancements to existing features for EX Series Switches in Junos OS Release 20.3R2.

What’s New in Release 20.3R1

Hardware

  • Support for the QSFPP-4X10GE-SR and JNP-QSFP-4X10GE-LR transceivers (EX4650)—Starting in Junos OS Release 20.3R1, EX4650 switches support the QSFPP-4X10GE-SR and JNP-QSFP-4X10GE-LR transceivers.

    [See the Hardware Compatibility Tool (HCT) for details.]

  • New EX9200-15C fixed-configuration line card and EX9200-SF3 switch fabric module (EX9204, EX9208, and EX9214)—In Junos OS Release 20.3R1, we introduce the EX9200-15C line card. The EX9200-15C is supported on EX9204, EX9208, and EX9214 switches. The EX9200-15C supports the following:

    • Line-rate throughput of up to 1.5 Tbps

    • Fifteen network ports that can be configured for 100-Gbps, 40-Gbps, 25-Gbps, or 10-Gbps speeds (breakout cables are used for 25-Gbps and 10-Gbps speeds)

    Note

    For the EX9200-15C line card to be operational, you must install the EX9200-SF3 Switch Fabric module (SF module) in the switch. [See EX9200 Line Cards.]

    The EX9200-SF3 is an enhanced Switch Fabric module supported on EX9204, EX9208, and EX9214 switches. The EX9200-SF3 supports a pluggable Routing Engine and provides a control plane and data plane interconnect to each line card slot. In a redundant configuration, the EX9200-SF3 provides fabric bandwidth of up to 1 Tbps per slot. In a non-redundant configuration, the EX9200-SF3 provides fabric bandwidth of up to 1 Tbps per slot (four fabric planes) and 1.5 Tbps per slot fabric bandwidth when all six fabric planes are used (with EX9200-15C line cards).

    The following Routing Engines are supported on the EX9200-SF3: EX9200-RE2 and EX9200-RE. The EX9200-SF3 interoperates with the following existing line cards: EX9200-MPC, EX9200-12QS, EX9200-32XS, and EX9200-40XS. The EX9200-SF3 does not interoperate with any previous generation Switch Fabric modules (EX9200-SF or EX9200-SF2). The EX9200-SF3 does not interoperate with the following line cards: EX9200-2C-8XS, EX9200-4QS, EX9200-6QS, and EX9200-40 1-Gigabit line cards (EX9200-40T, EX9200-40F, and EX9200-40F-M). For the EX9200-15C line card to be operational, you must install the EX9200-SF3 Switch Fabric module (SF module) in the switch. [See EX9200 Host Subsystem.]

    To install the EX9200 line card and perform initial software configuration, routine maintenance, and troubleshooting, see EX9204 Switch Hardware Guide, EX9208 Switch Hardware Guide, and EX9214 Switch Hardware Guide.

    Table 2 summarizes the EX9200-15C features supported in Junos OS Release 20.3R1.

    Table 2: Features Supported by the EX9200-15C

    Feature

    Description

    Class of service (CoS)

    EVPN

    • Support for NDP and Proxy ARP. Junos OS supports proxy Address Resolution Protocol (ARP) and Network Discovery Protocol (NDP).

    Firewalls and policers

    • Support for CCC and Layer 3 firewall forwarding. [See CCC Overview.]

    • Support for advanced Layer 2 features:

    • Support for firewall forwarding. The following traffic policers are fully supported: GRE tunnels, including encapsulation (family any), de-encapsulation, GRE-in-UDP over IPv6, and the following sub-options: sample, forwarding class, interface group, and no-ttl-decrement.

      • Input and output filter chains

      • Actions, including policy-map filters, do-not-fragment, and prefix

      • Layer 2 policers

      • Policer overhead adjustment

      • Hierarchical policers

      • Shared bandwidth

      • Percentages

      • Logical interfaces

      [See Traffic Policer Types.]

    Junos telemetry interface

    • JTI for FPC and optics support. Junos telemetry interface (JTI) supports streaming of Flexible PIC Concentrator (FPC) and optics statistics for the router using remote procedure calls (gRPC). gRPC is a protocol for configuration and retrieval of state information. The following base resource paths are supported:

      • /junos/system/cmerror/configuration/

      • /junos/system/cmerror/counters/

      • /junos/system/linecard/environment/

      • /junos/system/linecard/optics/

      • /junos/system/linecard/optics/optics-diag[if-name =])

      • /junos/system/linecard/optics/optics-diag/if-name

      • /junos/system/linecard/optics/optics-diag/snmp-if-index

      • /junos/system/linecard/optics/lane[lane_number=]/

      [See Guidelines for gRPC Sensors (Junos Telemetry Interface).]

    Layer 2 features

    Layer 3 features

    • Support for Layer 3 forwarding. Junos OS supports the following Layer 3 features on the EX9200-15C:

      • BGP (Multipath/v4-v6 labelled unicast)

      • Bidirectional Forwarding Detection (excluding micro BFD and BFD sessions with authentication)

      • IPv4 (forwarding and options)

      • IPv6 (forwarding and route accounting)

      • Load balancing (ECMP and FRR)

      • L2VPN, CCC, and L2 Circuit

      • MPLS (Push/Pop/Swap, LDP, RSVP-Aggregate, RSVP TE Admin Groups, RSVP-TE, OAM, LSP/VPN ping, Trace Route, Auto Bandwidth, and MPLS-FRR Link node protection.

      • OSPF (node-link-protection and node-link-degradation)

      • Protocols (ISIS, OSPF, OSPF V3 for V6, BGP + BGP-v6, BGP LU, BGP-LS, BGP optimal-route-reflection (ORR), BFD (Centralized), Micro BFD (Centralized), ICMP and ICMPv6 error handling, and LLDP)

      • Routing Instance Logical System VRF

      • Tunnel (Generic Routing Encapsulation (GRE), Logical Tunnel (LT), and Virtual Tunnel (VT))

    MPLS

    • Support for static LSP and LDP features. The MPLS features supported are:

      • Keepalive support for GRE interfaces

      • LDP downstream on demand

      • Static, RSVP, and LDP LSPs

      • Layer 2 Circuit and Layer 2 VPN with or without control word

      • Layer 3 VPN with chain-composite-nexthop

      • Layer 3 VPN with vrf-table-label

      • MPLS link protection, node protection, and FRR

      • P2MP LSP traceroute

      • Statistics for P2MP LSPs

      • LSPs: statistics, ping and traceroute, TTL knobs (no-propagate-ttl and no-decrement-ttl), and point-to-multipoint LSP support for multicast VPNs.

      • Static LSPs: revert timer, statistics, traceoptions, support for bypass of static LSPs, support at the ingress device, and support at the transit device.

      [See MPLS Applications User Guide.]

    Multicast

    Network management and monitoring

    • Port mirroring support for families inet, inet6, and ethernet-switching, configured at the [edit forwarding-options port-mirroring] hierarchy level. [See Understanding Port Mirroring and Analyzers.]

    • Support for link fault management (LFM). You can configure IEEE 802.3ah link fault management on EX9200-15C switches. You can configure OAM LFM on point-to-point Ethernet links that are connected directly or through Ethernet repeaters, and on aggregated Ethernet interfaces. The LFM status of individual links determines the LFM status of the aggregated Ethernet interface. You can also configure the following supported LFM features:

      • Discovery and link monitoring

      • Distributed LFM

      • Remote fault detection and remote loopback

      [See OAM Link Fault Management.]

    • Support for Junos OS management and software features on the EX9200-15C:

      • Chef, Puppet, SYSLOG, Authentication, authorization, and accounting (AAA), Stylesheet Language Alternative syntaX (SLAX), SNMP, COMMIT, User Interface, Management process or daemon (MGD) Infrastructure, NETCONF, JUNOScript, Google Network Management Interface (gNMI) for Junos Telemetry Interface, YANG, and JET APIs

    • Support for hyper mode and non hyper mode features. [See Understanding the Hyper Mode Feature on Enhanced MPCs for MX Series Routers and EX9200 Switches.]

    Port security

    Services applications

    System management

    • Support for the Display Common Language Equipment Identifier (CLEI) barcode and model number for orderable field-replaceable units (FRUs). [See show chassis hardware.]

    To view the hardware compatibility matrix for optical interfaces, transceivers, and DACs supported across all platforms, see the Hardware Compatibility Tool.

Class of Service (CoS)

  • CoS support on EVPN VXLAN (EX4300 Multigigabit)—Starting with Junos OS Release 20.3R1, EX4300 Multigigabit switches support defining classifiers and rewrite rules on leaf (initiation and terminations) and spine nodes for EXPN VXLANs.

    [See CoS Support on EVPN VXLANs.]

EVPN

  • Color-based mapping of EVPN-MPLS and EVPN services over SR-TE (ACX5448, EX9200, MX Series, and vMX)—Starting in Junos OS Release 20.3R1, you can specify a color attribute along with an IP protocol next hop. The color attribute adds another dimension to the resolution of transport tunnels over static colored and BGP segment routing traffic-engineered (SR-TE) label-switched paths (LSPs). This type of resolution is known as the color-IP protocol next-hop resolution. With the color-IP protocol next-hop resolution, you must configure a resolution map and apply it to EVPN-MPLS and EVPN services, which includes E-Line, E-LAN and E-Tree. With this feature, you can enable color-based traffic steering of EVPN-MPLS and EVPN services.

    [See Segment Routing LSP Configuration.]

Junos OS XML, API, and Scripting

  • Support for REST API over nondefault virtual routing and forwarding (VRF) instance (EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.3R1, you can execute Junos OS operational commands using the REST API over a nondefault VRF instance. The nondefault VRF instance can be a user-defined instance or the management instance, mgmt_junos.

    The REST API allows you to execute Junos OS operational commands over HTTP(S). If you don’t specify a routing instance, REST API requests are sent over the default routing instance. Use a nondefault VRF instance to improve security and make it easier to troubleshoot.

    Use the routing-instance routing-instance statement at the [edit system services rest] hierarchy level to specify a nondefault VRF instance for REST API requests.

    [See Management Interface in a Nondefault Instance and rest.]

Junos Telemetry Interface

  • EVPN statistics export using JTI (MX240, MX480, MX960, MX2008, MX2010, MX2020, MX10003, MX10008, MX10016, and vMXrouters, EX4300, EX4600, EX4650, EX9200, EX9204, EX9208, EX9214, EX9251, and EX9253 switches)—Starting in Junos OS Release 20.3R1, you can use Junos telemetry interface (JTI) an remote procedure call (gRPC) services to export EVPN statistics from devices to an outside collector.

    Use the following sensors to export EVPN statistics:

    • Sensor for instance level statistics (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/)

    • Sensor for route statistics per peer (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/peer/)

    • Sensor for Ethernet segment information (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/ethernet-segment/). This includes EVPN designated forwarder ON_CHANGE leafs esi and designated-forwarder.

    • Sensor for local interface information (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/interfaces/)

    • Sensor for local IRB interface information (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/irb-interfaces/)

    • Sensor for global resource counters and current usage (resource path /junos/evpn/evpn-smet-forwarding/)

    • Sensor for EVPN IP prefix (resource path /junos/evpn/l3-context/)

    • Sensor for EVPN IGMP snooping database (type 6) (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/sg-db/)

    • Sensor for EVPN IGMP join sync (type 7) ad leave sync (type 8) (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/sg-db/sgdb-esi)

    • Sensor to relate selected replicator on AR leaf on QFX5100, QFX5110, QFX5120, and QFX5200 switches (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/assisted-replication/)

    • Sensor for EVPN ON_CHANGE notifications (resource path /network-instances/network-instance[instance-name='name']//protocols/protocol/evpn/ethernet-segment)

    • Sensor for overlay VX-LAN tunnel information (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/vxlan-tunnel-end-point/). This includes VTEP information ON_CHANGE leafs source_ip_address, remote_ip_address, status, mode, nexthop-index, event-type and source-interface.

    • EVPN MAC table information (resource path /network-instances/network-instance[instance-name='name']/mac_db/entries/entry/)

    • Sensor for MAC-IP or ARP-ND table (resource path /network-instances/network-instance[instance-name='name']/macip_db/entries/entry/)

    • Sensor for MAC-IP ON_CHANGE table information (resource path /network-instances/network-instance[name='name']/macip-table-info/). Statistics include leafs learning, aging-time, table-size, proxy-macip, and num-local-entries.

    • Sensor for MAC-IP ON_CHANGE entry information (resource path /network-instances/network-instance[name='name']/macip-table/entries/entry/). Statistics include leafs ip-address, mac-address, vlan-id and vni.

    • Sensor for bridge domain or VLAN information (resource path /network-instances/network-instance[instance-name='name']/bd/)

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

MPLS

  • Support for static LSP and LDP features (EX9200)—Starting in Junos OS Release 20.3R1, the following MPLS features are supported:

    • Keepalive support for GRE interfaces

    • LDP downstream on demand

    • Static, RSVP, and LDP LSPs

    • Layer 2 Circuit and Layer 2 VPN with or without control word

    • Layer 3 VPN with chain-composite-nexthop

    • Layer 3 VPN with vrf-table-label

    • MPLS link protection, node protection and FRR

    • P2MP LSP traceroute

    • Statistics for P2MP LSPs

    • LSPs:

      • Statistics

      • Ping and traceroute

      • TTL knobs: no-propagate-ttl and no-decrement-ttl

      • Point-to-multipoint LSP support for multicast VPNs

    • Static LSPs:

      • Revert timer

      • Statistics

      • Traceoptions

      • Support for bypass of static LSPs

      • Support at the ingress device

      • Support at the transit device

Network Management and Monitoring

  • Probe command to query the status of the probed interfaces (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.3R1, you can use the probe command to query the status of the probed interface. The proxy interface resides on the same node as the probed interface, or it can reside on a node to which the probed interface is directly connected.

    The Probe command helps to capture the interface details such as probe packet statistics, and interface state (active/inactive), irrespective of whether the network family address configured is IPv4 or IPv6 on the probed interfaces.

    To enable the probe command, configure the extended-echo statement under the [edit system] hierarchy.

    [See Using the Probe command.]

  • Enhancements to sessions over outbound HTTPS (EX Series, MX Series, PTX1000, PTX3000, PTX5000, PTX10001, PTX10002, PTX10008, PTX10016, QFX Series, SRX1500, SRX4100, SRX4200, SRX4600, SRX5600, SRX5800, and vSRX)—Starting in Junos OS Release 20.3R1, devices running Junos OS with upgraded FreeBSD support the following enhancements to sessions over outbound HTTPS:

    • Connecting to multiple outbound HTTPS clients by configuring one or more clients at the [edit system services outbound-https] hierarchy level

    • Configuring multiple backup gRPC servers for a given outbound HTTPS client

    • Establishing a csh session

    • Establishing multiple, concurrent NETCONF and csh sessions between the device running Junos OS and an outbound HTTPS client

    • Configuring a shared secret that the outbound HTTPS client uses to authenticate the device running Junos OS

    • Authenticating the client using certificate chains in addition to self-signed certificates

    [See NETCONF and Shell Sessions over Outbound HTTPS.]

open-config

Routing Policy and Firewall Filters

  • Loopback firewall filter scale optimization (EX4650 and QFX5120-48Y)—Starting with Junos OS Release 20.3R1, you can configure up to 768 loopback filter terms for IPv6, and up to 1152 terms for IPv4. To do so, you configure an ingress firewall filter, apply it to the loopback interface, and then enable the loopback-firewall-optimization statement at the [edit chassis] hierarchy level (this triggers the Packet Forwarding Engine to restart).

    The switches do not support terms that include a reserved multicast destination, for example 224.0.0.x/24, and terms with a time-to-live (TTL) of 0/1. You need to configure a separate filter for these terms. So, for example, to count OSPF packets on the loopback interface, you would create a separate filter with terms for the protocol (OSPF) to count packets destined to a reserved multicast address (such as 224.0. 0.6).

    [See Planning the Number of Firewall Filters to Create.]

Software Installation and Upgrade

  • Support for phone-home client (EX4300 Virtual Chassis)—Starting in Junos OS Release 20.3R1, the phone-home client (PHC) can securely provision a Virtual Chassis without requiring user interaction. You only need to:

    • Ensure that the Virtual Chassis members have the factory-default configuration.

    • Interconnect the member switches using dedicated or default-configured Virtual Chassis ports.

    • Connect the Virtual Chassis management port or any network port to the network.

    • Power on the Virtual Chassis members.

    PHC automatically starts up on the Virtual Chassis and connects to the phone-home server (PHS). The PHS responds with bootstrapping information, including the Virtual Chassis topology, software image, and configuration. PHC upgrades each Virtual Chassis member with the new image and applies the configuration, and the Virtual Chassis is ready to go.

    [See Provision a Virtual Chassis Using the Phone-Home Client.]

What's Changed

Learn about what changed in Junos OS main and maintenance releases for EX Series Switches.

What’s Changed in Release 20.3R3

Junos OS XML API and Scripting

  • Refreshing scripts from an HTTPS server requires a certificate (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—When you refresh a local commit, event, op, SNMP, or Juniper Extension Toolkit (JET) script from an HTTPS server, you must specify the certificate (Root CA or self-signed) that the device uses to validate the server's certificate, thus ensuring that the server is authentic. In earlier releases, when you refresh scripts from an HTTPS server, the device does not perform certificate validation.

    When you refresh a script using the request system scripts refresh-from operational mode command, include the cert-file option and specify the certificate path. Before you refresh a script using the set refresh or set refresh-from configuration mode command, first configure the cert-file statement under the hierarchy level where you configure the script. The certificate must be in Privacy-Enhanced Mail (PEM) format.

    [See request system scripts refresh-from and cert-file.]

Software Licensing

  • License key format (QFX5120-32C, QFX5120-48Y, and QFX5200)—When you are upgrading from Junos OS release 20.3R1 to Junos OS release 20.3R2 or later releases, you need new license keys to use the features on the listed devices. Contact Customer Care to exchange license keys for Junos OS releases 20.3R2 or later.

What’s Changed in Release 20.3R2

Junos XML API and Scripting

  • The jcs:invoke() function supports suppressing root login and logout events in system log files for SLAX commit scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The jcs:invoke() extension function supports the no-login-logout parameter in SLAX commit scripts. If you include the parameter, the function does not generate and log UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages when the script logs in as root to execute the specified RPC. If you omit the parameter, the function behaves as in earlier releases in which the root UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages are logged in system log files.

    [See invoke() Function (SLAX and XSLT).]

  • The jcs:invoke() function supports suppressing root login and logout events in system log files for SLAX event scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The jcs:invoke() extension function supports the no-login-logout parameter in SLAX event scripts. If you include the parameter, the function does not generate and log UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages when the script logs in as root to execute the specified RPC. If you omit the parameter, the function behaves as in earlier releases in which the root UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages are logged in system log files.

    [See invoke() Function (SLAX and XSLT).]

MPLS

  • The show mpls lsp extensive and show mpls lsp detail commands display next-hop gateway LSPid— When you use the show mpls lsp extensive and show mpls lsp detail commands, you'll see next-hop gateway LSPid in the output.

Platform and Infrastructure

  • Configure internal IPsec authentication algorithm (EX Series)—You can configure the algorithm hmac-sha-256-128 at the [edit security ipsec internal security-association manual direction bidirectional authentication algorithm] hierarchy level for internal IP security (IPsec) authentication. Earlier to this release, you can configure the algorithm hmac-sha-256-128 for MX series devices only.

Software Licensing

  • License key format (QFX5120-32C, QFX5120-48Y, and QFX5200)—When you are upgrading from Junos OS release 20.3R1 to Junos OS release 20.3R2 or later releases, you need new license keys to use the features on the listed devices. Contact Customer Care to exchange license keys for Junos OS releases 20.3R2 or later.

User Interface and Configuration

  • Verbose format option to export JSON configuration data (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The Junos OS CLI exposes the verbose statement at the edit system export-format json hierarchy level. The default format to export configuration data in JSON changed from verbose format to ietf format starting in Junos OS Release 16.1R1. You can explicitly specify the default export format for JSON configuration data by configuring the appropriate statement at the edit system export-format json hierarchy level. Although the verbose statement is exposed in the Junos OS CLI as of the current release, you can configure this statement starting in Junos OS Release 16.1R1.

    [See export-format..]

What’s Changed in Release 20.3R1

Class of Service (CoS)

  • We've corrected the output of the "show class-of-service interface | display xml" command. Output of the following sort: <container> <leaf-1> data <leaf-2> data <leaf-3> data <leaf-1> data <leaf-2> data <leaf-3> data will now appear correctly as: <container> <leaf-1> data <leaf-2> data <leaf-3> data <container> <leaf-1> data <leaf-2> data <leaf-3> data.

Junos OS, XML, API, and Scripting

  • Changes to Junos XML RPC request tag names (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—We've updated the Junos XML request tag name for some operational RPCs to ensure consistency across the Junos XML API. Devices running Junos OS still accept the old request tag names, but we recommend that you use the new names going forward. The changes include:

    • Most, but not all, request tag names that start with show replace show with get in the name.

    • Uppercase characters are converted to lowercase.

    [See Junos XML API Explorer - Operational Tags.]

Routing Protocols

  • Advertising /32 secondary loopback addresses to Traffic Engineering Database (TED) as prefixes (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—In Junos OS Release, multiple loopback addresses export into lsdist.0 and lsdist.1 routing tables as prefixes. This eliminates the issue of advertising secondary loopback addresses as router-ids instead of prefixes. In earlier Junos OS releases, multiple secondary loopback addresses in TED were added into lsdist.0 and lsdist.1 routing tables as part of node characteristics and advertised them as the router-id.

Subscriber Management and Services

  • Command to view summary information for resource monitor (EX9200 line of Ethernet switches and MX Series routers)—The show system resource-monitor command enables you to view many statistics about the use of memory resources for all line cards or for a specific line card in the device. It also displays information about the status of load throttling, which manages how much memory is used before the device acts to reduce consumption.

    [See show system resource-monitor and Resource Monitoring for Subscriber Management and Services.

Known Limitations

Learn about known limitations in this release for EX Series. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

General Routing

  • Junos OS can hang trying to acquire the SMP IPI lock while rebooting when it is running as a VM on Linux and QEMU hypervisor. Device can be recovered using power-cycle of the device. PR1385970

EVPN

  • Partial traffic down with breaking links between the leaf are observed. PR1480847

Infrastructure

  • On an EX4300-MP device, 9000 IPv6 MC routes can be installed. If more IPv6 MC routes are added, error messages are displayed. PR1493671

  • Traffic load balancing with static ECMP hashing are observed. PR1516883

Platform and Infrastructure

  • On the EX9208 device, the status of the channels are displayed as up even though the peer end is down with different speed being configured. The LED light also turns green in color. PR1530061

  • On the EX9208 device, the interface does not come up with the DAC BO cables. PR1530465

  • On the EX9208 device, the LED behavior are not consistent across AOC, DAC, LX4, and 4x10G IR when the port is in the admin-down state. PR1532930

  • On the EX4300 device, complete traffic drop is observed when the MSTP edge port is configured over the access and QinQ ports. PR1532992

Open Issues

Learn about open issues in this release for EX Series switches. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

General Routing

  • When VLAN is added as an action for changing the VLAN in both ingress and egress filters, the filter is not installed. PR1362609

  • On the EX9214 device, the following error message are observed after reboot and MACsec-enabled link flaps: errorlib_set_error_log(): err_id(-1718026239). PR1448368

  • On BCM Packet Forwarding Engine based EX platforms frame higher than MTU+4 and lesser then MTU+8 bytes, with invalid FCS/code error/IEEE length check error, is treated as Jabber frame. PR1487709

  • On the MPC10 line card, the following error message is observed on the Routing Engine 1 after GRES from the Routing Engine 0 to Routing Engine 1: user.err aftd-trio: ( [Error] L2ALIPC : L2AL IPC client failed to connect to l2ald).PR1491384

  • On the EX4300, when running the command, show pfe filter hw filter-name the command fails to retrieve the Packet Forwarding Engine programming details of the filter. PR1495712

  • SNMP POE MIB walk produce wither no results or some times result from the master Virtual Chassis whenever one of the Virtual Chassis is renamed. PR1503985

  • When a VLAN member is specified as a string, the 'IF_MSG_IFL_VADDR' TLV is not generated with the VLAN infoformation, and the TRIO afttriostream is not updated with the nativevlanId and nativevlanenable flags. Thus, the packet is are still treated as untagged, and when it reaches the trunk egress interface, it is dropped because the trunk interface does not allow untagged traffic to pass through. The issue is specific to platforms with ZT line cards, including EX9200-SF3 and EX9200-15C. Workaround: Functionally will work if the interface-vlan-members statement contains only numeral value for VLANs. The VLAN members with input as a string is not supported in this release. PR1506403

  • On the EX4300-48MP device, 35 second delay is added in reboot time. PR1514364

  • On EX4650 platform, the phc daemon might crash while committing the phone-home client configuration. PR1522862

  • On the Legacy EX series platform, when adding or removing Micro BFD LAG configuration, a kernel crash might happen. The kernel crash might cause unexpected Routing Engine reboot or switchover, and even result in traffic loss until the Routing Engine is restored. PR1524490

  • In rare cases of power related failures on the FPC, Fabric Healing will detect and try to heal this fault condition by performing an offline or online FPC event. If the same FPC fails again within a 10-minute period, fabric auto-healing attempt is considered failing and the FPC will get off-lined to avoid further operational impact. If during the power offline event, the faulty FPC gets disconnected ungracefully due to the hardware power fault, the FPC might attempt an on-lined request again after 5 minutes. There might be traffic impact due to this issue. PR1556558

  • When dot1x server-fail-voip vlan-name is configured, ensure that both server-fail-voip vlan-name and voip vlan are configured using vlan name and not by using vlan-id. PR1561323

  • If a license key has ONLY features that are not applicable on the platform (unknown features), the license key is rejected. If key has one or more platform applicable features (known features) along with unknown features, license key addition is successful with the following warning for the unknown features: warning: JUNOS322716389: Ignoring unknown feature note that this has been fixed to allow all valid legacy licenses (even keys with only unknown features) in all other releases as per scopes.PR1562700

  • On EX and EX-VC platforms, if post routing engine switchover, MAC address is configured to IRB interface (for ex: set interface irb.500 mac 00:11:22:33:44:55) on new primary Routing Engine, then the new primary Routing Engine might crash or go into DB mode. PR1565213

  • EX2300 shows high FPC CPU usage, however, the system processes and kernel CPU usage doesn't add up to the overall FPC usage. This is due to a cosmetic issue with calculation of FPC CPU usage that has been resolved. PR1567438

  • Observing traffic drop during ISSU due to LAG interface flap. PR1569578

  • BUM traffic replication over VTEP is sending out more packets than expected and there seems to be a loop also in the topology. PR1570689

  • A new virtual chassis (VC) member might join into VC as unexpected, if service image version on the VC member is different from the ones running on VC primary device. When this issue happens, the new VC member cannot forward packets. This issue affects EX platforms only. PR1576774

  • On EX2300 and EX4650, if the system is upgraded from 20.2 or earlier release to 20.3 or later release, either using phone-home feature or when the system is in factory default state, the upgrade will fail with phone-home crash. PR1601722

  • There is a remote possibility that during many reboots, the Junos VM goes into a state where NMI is needed to continue the reboot. There is no workaround for this and a subsequent reboot does not seem to hit this issue. PR1601867

  • On the EX4300MP, DCPFE core will be seen with mac based vlan scale configuration after interface flap. PR1578859

Authentication and Access Control

  • In all Junos platforms with LLDP and VOIP feature enabled on access VLAN port scenario, VOIP phone might fail to work if the alphabetical order of the data VLAN name is greater than the alphabetical order of the VOIP VLAN name. For example, the Data VLAN name is C123 while the VOIP VLAN name is A123, so port vlan-id TLV will be populated as VOIP VLAN ID in LLDP packets instead of the expected Data VLAN ID. PR1482275

EVPN

  • After a reboot during recovery process the ESI LAGs come up before the BGP sessions and routes/ARP entries are not synced PR1487112

  • On all Junos and Junos Evolved platforms with EVPN-VxLAN scenario, the number of MAC-IP binding counters might reach the limit when MAC-IP is moved between interfaces. Since MAC-IP counters are not decremented when entry is deleted due to this defect, repeated moves will result in a limit (default value is 1024) that will be reached even though there are fewer entries. Meanwhile, traffic loss could be seen. PR1591264

  • On all Junos platforms traffic loss might be seen if aggregated Ethernet bundle interface with ESI is disabled on primary Routing Engine followed by a Routing Engine switchover. PR1597300

Forwarding and Sampling

  • fast-lookup-filterwith match not supported in FLT Hardware might cause traffic drop. PR1573350

Infrastructure

  • On EX Series switches except EX4300, EX4600, and EX9200, an interface is configured for single vlan or multiple vlans, if all these vlans of this interface have igmp-snooping enabled, then this interface will drop HSRPv2 (Hot Standby Router Protocol for IPv6) packets. But if some vlans do not have igmp-snooping enabled, then this interface is working fine. PR1232403

  • On EX Series switches, if you are configuring a large-scale number of firewall filters on some interfaces, the FPC might crash and generate core files. PR1434927

  • The following error message is observed continuously in AD with base configurations: IFDE: Null uint32 set vector, ifd and IFFPC: 'IFD Ether uint32 set' (opcode 151) failed. PR1485038

  • A double free vulnerability in the software forwarding interface daemon (sfid) process of Juniper Networks Junos OS allows an adjacently-connected attacker to cause a Denial of Service (DoS) by sending a crafted ARP packet to the device. Please refer https://kb.juniper.net/JSA11162 for more information. PR1497768

  • On EX platforms, traffic drop might be observed after a restart of the pfem process due to the stale route entry in TCAM (Ternary Content Addressable Memory). PR1517497

  • Unable to verify jais-7.0R3-THIN.0.tgz in the EX4600 device due to space issue. PR1548668

  • User while loading the kernel would see the message GEOM: mmcsd0s.enh: corrupt or invalid GPT detected. PR1549754

  • When receives a unicast EAPOL (0x888e) with vlan588 tag at ae1 in this example, the packet is forwarded to ae0 without changing the vlanID to 3054. set vlans vlan588 vlan-id 588. set vlans vlan588 interface ae1.0. set vlans vlan588 interface ae0.0 mapping 3054 swap. PR1580129

Layer 2 Features

  • GARPs were being sent whenever there was a MAC (fdb) operation (add or delete). This is now updated to send GARP when the interface is up and l3 interface attached to the VLAN. PR1192520

  • On EX4600 platforms, if a change related to TPID is made in the Device Control Daemon, traffic might be dropped in Packet Forwarding Engine due to failure on Layer 2 learning or interfaces flapping. PR1477156

Network Management and Monitoring

  • hrProcessorLoad is not supported on EX4300 and still shows up in the snmp walk. PR1508364

Platform and Infrastructure

  • On the EX9200 device, 33 percent degradation with MAC learning rate is observed in Junos OS Release 19.3R1 compared to Junos OS Release 18.4R1. PR1450729

  • When the DHCP relay mode is configured as no-snoop, we are observing the offer gets dropped due to incorrect ASIC programing. PR1530160

  • This issue might be seen only in back-to-back GRES in about more than 40 to 50 iterations. No workaround available and FPC gets restarted. PR1579182

  • On EX4300 platforms, when a firewall filter for broadcast traffic with discard action policer is applied to the loopback interface, all broadcast packets (including Layer 2 forwarding packets, such as DHCP discover packets) that match this filter rule might be dropped. PR1597548

  • On EX4300 platforms with both enterprise style and service provider style configurations, an interface with enterprise style IFL and flexible-vlan-tagging configured, VLAN tagged traffic might be dropped due to incorrect programming in the system. PR1598251

User Interface and Configuration

  • This PR removes Adobe Flash dependent elements from J-Web for EX and MX Series devices. For MX Series Routers, J-Web previously contained Flash elements on the following pages: Monitor-Interfaces Monitor-System view-Process Details Monitor-Routing-OSPF Information For EX Series Switches, J-Web previously contained Flash elements on the following pages: Monitor-Interfaces Monitor-System view-Process Details Monitor-Switching-IGMP Snooping Monitor-Virtual Chassis Monitor-POE Monitor-Security-Port Security Monitor-Routing-OSPF Information Monitor-Service-DHCP -Server Monitor-Service-DHCP -Relay. PR1553176

  • The issue is seen on EX-series VC only which can be avoided with a simple workaround as to providing a valid package during upgrade command. PR1557628

Resolved Issues

Learn which issues were resolved in Junos OS main and maintenance releases for EX Series switches.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 20.3R3

General Routing

  • re_tvp_builtin_fwinfo_update: Unable to get firmware version message is seen in chassisd. PR1471938

  • The OSPF neighborship gets stuck in the Start state after configuring the EVPN-VXLAN. PR1519244

  • Traffic loss might be observed on interfaces in a VXLAN environment. PR1524955

  • The JNH memory might leak on the Trio-based line cards. PR1542882

  • On EX4300-48MP line of switches with Linux TVP architecture and Junos OS as VM, the Junos CLI outputs do not confirm if the Junos OS and the host kernel are compatible with each other. PR1543901

  • In EX2300, high EVENTD CPU utilization upon receiving LLMNR and MDNS traffic.PR1544549

  • The device might be out of service after configuring the em1 or em2 interface. PR1544864

  • FPC(s) might not boot-up on EX9214 in a certain condition. PR1545838

  • Classifier is not programmed in the hardware and error logs might be seen in syslog. PR1548159

  • Two Routing Engines might lose communication if they have different Junos OS versions on EX series.PR1550594

  • OIR of CBs might result in major errors and the Packet Forwarding Engine disable action halted traffic forwarding on the FPCs. PR1554145

  • Traffic might be dropped when a firewall filter rule uses the then VLAN action. PR1556198

  • On the EX4300 device, script fails while committing the IPSEC authentication configuration due to the missing algorithm statement. PR1557216

  • The MAC addresses learned in a Virtual Chassis might fail, aging out in MAC scaling environment. PR1558128

  • BGP NSR, RPD core seen after Routing Engine switchover. PR1558814

  • Some transmitting packets might get dropped due to the disable-pfe action is not invoked when the fabric self-ping failure is detected. PR1558899

  • The tunable optics SFP+-10G-T-DWDM-ZR doesn't work on EX devices. PR1561181

  • EX3400VC - SMARTD pollutes syslog every 5 seconds after upgrade or system reboot. PR1562396

  • On EX3400VC line of switches, the DAEMON-7-PVIDB throws syslog messages for every 12 to 14 minutes after you upgrade to Junos OS Release 19.1R3-S3. PR1563192

  • The client authentication fails after GRES. PR1563431

  • The JWeb upgrade might fail on EX2300 and EX3400. PR1563906

  • On EX4650 platforms, storm controlwith IRB interface might not work correctly.PR1564020

  • The Packet Forwarding Engine telemetry data might not be streamed out. PR1566528

  • On the EX4600 device, the following internal comment is displayed Placeholder for QFX platform configuration. PR1567037

  • The DF (Designated Forwarder) might not forward traffic. PR1567752

  • Packet loss might be observed when sample based action is used in firewall filter. PR1571399

  • Port-mirroring might not work when the analyzer output is a trunk interface. PR1575129

  • Protocol convergence between end nodes might fail when L2PT is enabled on transit switch. PR1576715

  • MVR configuration cannot be configured on EX2300-C switches. PR1577905

  • The fxpc process might crash on EX platforms. PR1578421

  • Random/silent reboot might be seen on EX2300-24MP and EX2300-48MP platforms. PR1579576

  • The voice VLAN might not get assigned to the access interface. PR1582115

  • The l2ald crash if a specific naming format is applied between a vlan-range and a single vlan. PR1583092

  • DSCP Rewriting might fail to work on EX2300. PR1586341

  • The SNMP trap for MAC notifications might not be generated when an interface is added explicitly under switch-options. PR1587610

  • The rpd crash might be observed on the router running a scaled setup. PR1588439

  • Packet loss could be observed on dynamically assigning VoIP vlan. PR1589678

  • Traffic loss might be observed for interface configured in subnet 137.63.0.0/16. PR1590040

  • The LLDP packet might loss on the EX-4300MP platform if configuring LLDP on the management interface. PR1591387

  • Storm control profile might not be applied on EX2300 platforms. PR1594353

Class of Service (CoS)

  • The buffer allocation for VCP ports might not get released in Packet Forwarding Engine after physically moving the port location. PR1581187

Forwarding and Sampling

  • The configuration archive transfer-on-commit fails on Junos OS Release 18.2R3-S6.5. PR1563641

High Availability (HA) and Resiliency

  • The ksyncd core might be observed while applying the configuration to Interface Logical.PR1551777

Infrastructure

  • On observing the EX 4300 VC/VCF setup HEAP malloc(0) is detected. PR1546036

  • The vme/me0 management interface cannot process any incoming packets. PR1552952

  • Traffic related to IRB interface might be dropped when mac-persistence-timer expires. PR1557229

  • Some MAC addresses might not be aged out on EX4300 platforms. PR1579293

Interfaces and Chassis

  • MC-AE interfaces might go down if the same VRRP group-id is configured on multiple IRB units. PR1575779

  • On EX2300, EX3400, and EX4300 platforms, the aggregated Ethernet interface might flap if gigether-options is configured under a member interface of an aggregated Ethernet interface. PR1576533

  • VRRP incorrect advertisement threshold values are seen on vrrp groups when VRRP is configured on EX2300 boxes. PR1584499

Layer 2 Features

  • MAC addresses learnt from MC-LAG client device might flap between the ICL interface and MC-AE interface after one child link in MC-AE interface is disabled. PR1582473

Layer 2 Ethernet Services

  • aggregated Ethernet interface flap might be seen during Nonstop software upgrade. PR1551925

  • The DHCP client will be offline for 120 seconds after sending the DHCPINFORM message in the DHCP relay scenario. PR1575740

MPLS

  • Incorrect EXP bit change might be seen in certain conditions under MPLS scenario. PR1555797

Platform and Infrastructure

  • On Ex3400 VC, console access on backup VC member is not allowed. PR1530106

  • Packets transiting via multicast-based VXLAN VTEP interface might be dropped post FPC restart. PR1536364

  • The BGP session replication might fail to start after the session crashes on the backup Routing Engine. PR1552603

  • The targeted-broadcast feature might send out duplicate packets. PR1553070

  • The traffic might be dropped on Layer-3 LAG after rebooting or halting any member of EX4300 VC. PR1556124

  • Junos OS: Upon receipt of specific sequences of genuine packets destined to the device the kernel will crash and restart (vmcore) (CVE-2021-0283, CVE-2021-0284). PR1557881

  • The LLDP neighbor advertisement on EX4300 might send the wrong 802.3 power format with TLV length 7 instead of length 12. PR1563105

  • Last flapped, timestamp for interface fxp0 gets reset every time monitor traffic interface fxp0 is executed. PR1564323

  • PFEX might crash when soft error recovery feature is enabled on Packet Forwarding Engine.PR1567515

  • On all EX9200 platforms with EVPN-VXLAN configured, the next-hop memory leak in MX Series ASIC happens whenever there is a route churn for remote MAC-IP entries learned bound to the IRB interface in EVPN-VXLAN routing instance. When the ASIC's next-hop memory partition exhausted the FPC might reboot. PR1571439

  • Introduce two new major CMERRORs for XM chip-based line card to stabilize the running device. PR1574631

  • DHCP packets with source IP as link-local address are dropped in EX4300. PR1576022

  • Firewall filter is not programmed correctly and traffic would drop without warning. PR1586433

  • On EX4300 platforms, the Egress RACL firewall filter might not get programmed correctly.PR1595797

Routing Protocols

  • The ppmd memory leak might cause traffic loss. PR1561850

  • The rpd process might crash if there are more routes changed during the commit-sync processing window. PR1565814

  • The untagged packets might not work on EX Series platforms. PR1568533

Virtual Chassis

  • EX4600 and EX4300 mixed VC, Error message ex_bcm_pic_eth_uint8_set is seen when changing configuration related to interface. PR1573173

  • EX4300 VCP might not come up after upgrade when 40GE-LX4 optics is used. PR1579430

Resolved Issues: 20.3R2

Forwarding and Sampling

  • Configuration archive transfer-on-commit fails on Junos OS Release 18.2R3-S6.5. PR1563641

General Routing

  • The DHCP discover packet might be dropped if DHCP inform packet is received first. PR1542400

Infrastructure

  • On the EX4600 and EX4300 Virtual Chassis or Virtual Chassis Fabric, the VSTP configurations device becomes unreachable and nonresponsive after commit. PR1520351

  • Traffic related to IRB interface might be dropped when mac-persistence-timer expires. PR1557229

Layer 2 Features

  • The MAC address in the hardware table might become out of synchronization between the primary device and member in the Virtual Chassis after the MAC flaps. PR1521324

Platform and Infrastructure

  • IRB MAC is not programmed in hardware when the MAC persistence timer expires. PR1484440

  • While verifying the Last-change op-state value through XML, the rpc-reply message is inappropriate. PR1492449

  • The mge interface might still stay up while the far end of the link goes down. PR1502467

  • The output VLAN push might not work. PR1510629

  • On the EX9200 devices, the Trio-based MPC memory leaks when an IRB interface is mapped to a VPLS instance or a Bridge-Domain. PR1525226

  • On the EX4300 device, script fails while committing the IPSEC authentication configuration due to the missing algorithm statement. PR1557216

  • The DHCP traffic might not be forwarded correctly when DHCP sends unicast packets. PR1512175

  • The EX4300-48MP device might go out of service during a software upgrade operation. PR1526493

  • On the EX2300 device, the following PoE message is observed: poe_get_dev_class: Failed to get PD class info. PR1536408

  • On the EX3400 and EX2300 switches, the upgrade fails due to the lack of available storage. PR1539293

  • The Slaac-Snoopd child process generates core file upon multiple switchovers on the Routing Engine. PR1543181

  • On the EX9200 device, SF3 Fabric OIR issues is observed with Junos OS Release 23.1R1.8. PR1555727

  • Traffic might be dropped when a firewall filter rule uses the then VLAN action. PR1556198

  • The client authentication fails after GRES. PR1563431

  • DHCP binding does not happen after GRES. PR1515234

  • The FBF functionality on the EX4300 Virtual Chassis might be broken if the Virtual Chassis reboots or the IRB configuration is modified. PR1531838

  • On the EX4300 device, the LLDP neighborship might not come up with the non-aggregated Ethernet interfaces. PR1538401

  • The targeted-broadcast feature might not work after a reboot. PR1548858

  • The BGP session replication might fail to start after the session crashes on the backup Routing Engine. PR1552603

  • The l2cpd process might crash if the ERP is deleted after the switchover. PR1517458

  • Traffic loss might be observed on interfaces in a VXLAN environment. PR1524955

  • The lldp-receive-packet-count are not exchanged properly in the l2pt operation for LLDP after configuring protocols. PR1532721

  • In every software upgrade, host must be upgraded. PR1543890

  • The Broadcom chip FPC might crash during the system booting. PR1545455

  • The output of the show pfe route summary hardware command displays random high free and used column for the IPv6 LPM(< 64' routes. PR1552623

  • The action-shutdown statement of storm control does not work for the ARP broadcast packets. PR1552815

  • The targeted-broadcast feature might send out duplicate packets. PR1553070

  • FPC might not be recognized after power cycle (hard reboot). PR1540107

  • The JNH memory might leak on the Trio-based line cards. PR1542882

Routing Protocols

  • The OSPF neighborship gets stuck in the Start state after configuring the EVPN-VXLAN. PR1519244

  • The OSPFv3 adjacency should not be established when IPsec authentication is enabled. PR1525870

  • Sending multicast traffic to downstream receiver on a Trio based Virtual Chassis platforms might fail. PR1555518

  • The dcpfe process might crash while updating VRF for multicast routes during IRB uninit. PR1546745

User Interface and Configuration

  • The license errors might be returned on the backup Routing Engine when you try to commit configuration. PR1543037

Resolved Issues: 20.3R1

Authentication and Access Control

  • The client does not receive the captive-portal success page by downloading the ACL parameter, because the authentication failed. PR1504818

  • The DOT1XD_AUTH_SESSION_DELETED event is not triggered with a single supplicant mode. PR1512724

  • The dot1x client will not be moved to the hold state when the authenticated P-VLAN is deleted. PR1516341

EVPN

  • The VXLAN function might be broken because of a timing issue. PR1502357

  • Unable to create a new VTEP interface. PR1520078

General Routing

  • Constant memory leak might lead to FPC memory exhaustion. PR1381527

  • Virtual Chassis split after network topology changed. PR1427075

  • On the EX4600 device, traffic loss might be seen with framing errors or runts if MACsec is configured. PR1469663

  • On the EX4600 switches, the DSCP marking might not work as expected if the fixed classifiers are applied to interfaces. PR1472771

  • On EX4300, the output of "show security macsec statisitics" shows high values incorrectly. PR1476719

  • DHCP binding fails when the P-VLAN is configured with a firewall to block or allow certain IPv4 packets. PR1490689

  • Traffic loss might be observed in a mixed-Virtual Chassis setup of QFX5100 and EX4300. PR1493258

  • On the EX4650 switch, traffic loss might be seen under an MC-LAG scenario. PR1494507

  • Authentication session might be terminated if the PEAP request is retransmitted by the authenticator. PR1494712

  • Outbound SSH connection flap or memory leak issue might be observed during the high rate of pushing configuration to the ephemeral database. PR1497575

  • Traffic might get dropped if the aggregated Ethernet member interface is deleted and then added, or an SFP transceiver of the aggregated Ethernet member interface is unplugged or plugged in. PR1497993

  • In some cases, if we have an OSPF session on the IRB over LAG interface with a 40-Gigabit Ethernet port as member, the session gets stuck when restarted. PR1498903

  • Firewall filter might not get applied on EX4600. PR1499647

  • On the EX4300 Virtual Chassis with NSB and xSTP enabled, continuous traffic loss might be observed while performing GRES. PR1500783

  • LLDP is not acquired when native VLAN-ID and tagged VLAN-ID are the same on a port. PR1504354

  • The isolated VLAN from RADIUS is not deleted when the interface flaps. PR1506427

  • LLDP might not work when P-VLAN is configured on EX Series Virtual Chassis. PR1511073

  • Traffic might not flow according to the configured policer parameters. PR1512433

  • 802.1X memory leak is observed. PR1515972

  • MPPE-Send/Recv-key attribute is not extracted correctly by dot1xd. PR1522469

  • "Drops" and "Dropped packets" counters in the output of "show interface extensive" command are double counting. PR1525373

  • EX4300-MP device might go out-of-service during a software upgrade operation. PR1526493

Infrastructure

  • The fxpc might crash when configuring scaled configuration with 4093 VLANs. PR1493121

  • The IP communication between directly connected interfaces on EX4600 might fail. PR1515689

  • OID ifOutDiscards reports zero and sometime shows a valid value. PR1522561

Interfaces and Chassis

  • A stale IP address might be seen after a specific order of configuration changes under logical-systems scenario. PR1477084

  • Traffic might drop because the next hop points to ICL even when the local MC-LAG is up. PR1486919

Layer 2 Ethernet Services

  • Issues with DHCPv6 relay processing confirm and reply packets are observed. PR1496220

Layer 2 Features

  • On EX4650, the third VLAN tag is not pushed onto the stack and SWAP is being done instead. PR1469149

  • Traffic imbalance might be observed on EX4600 and QFX5000 switches when "hash-params" is not configured. PR1514793

  • MAC address in the hardware table might not synhronize between the master and the member in Virtual Chassis after MAC flap. PR1521324

MPLS

  • BGP session might keep flapping between two directly connected BGP peers because of the incorrect TCP-MSS in use. PR1493431

Platform and Infrastructure

  • IPv6 neighbor solicitation packets might be dropped in a transit device. PR1493212

  • Packets get dropped when the next hop is IRB over the LT interface. PR1494594

  • NSSU might fail on the EX4300 switches, because of a storage issue in the /var/tmp directory. PR1494963

  • Traffic loss might be seen with framing errors or runts if MACsec is configured on the EX4300 switch. PR1502726

Routing Protocols

  • The FPC process goes into the “NotPrsnt” state after upgrading the QFX5100 VC/VCF setup. PR1485612

  • The BGP route-target family might prevent the route reflector from reflecting Layer 2 VPN and Layer 3 VPN routes. PR1492743

  • Firewall filter could not work in certain conditions under a Virtual Chassis setup. PR1497133

  • Packet loss might be observed for stream bLock:irb_lacp_tr_ospf while verifying traffic from access to core network for IPv4 or IPv6 interfaces. PR1520059

User Interface and Configuration

  • J-Web does not display the correct flow-control status on EX Series devices. PR1520246

Virtual Chassis

  • On the EX4650 device, a kldload error is observed while loading the module during booting. PR1527170

Documentation Updates

There are no errata or changes in Junos OS Release 20.3R3 documentation for EX Series switches.

Migration, Upgrade, and Downgrade Instructions

This section contains the upgrade and downgrade support policy for Junos OS for EX Series switches. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network. For information about software installation and upgrade, see the Installation and Upgrade Guide.

Upgrade and Downgrade Support Policy for Junos OS Releases

We have two types of releases, EOL and EEOL:

  • End of Life (EOL) releases have engineering support for twenty four months after the first general availability date and customer support for an additional six more months.

  • • Extended End of Life (EEOL) releases have engineering support for thirty six months after the first general availability date and customer support for an additional six more months.

For both EOL and EEOL releases, you can upgrade to the next three subsequent releases or downgrade to the previous three releases. For example, you can upgrade from 19.2 to the next three releases – 19.3, 19.4 and 20.1 or downgrade to the previous three releases – 19.1, 18.4 and 18.3.

For EEOL releases only, you have an additional option - you can upgrade directly from one EEOL release to the next two subsequent EEOL releases, even if the target release is beyond the next three releases. Likewise, you can downgrade directly from one EEOL release to the previous two EEOL releases, even if the target release is beyond the previous three releases. For example, 19.2 is an EEOL release. Hence, you can upgrade from 19.2 to the next two EEOL releases – 19.3 and 19.4 or downgrade to the previous two EEOL releases – 19.1 and 18.4.4.

Release Type

End of Engineering (EOE)

End of Support (EOS)

Upgrade and Downgrade to subsequent 3 releases

Upgrade and Downgrade to subsequent 2 EEOL releases

End of Life (EOL)

24 months

End of Engineering + 6 months

Yes

No

Extended End of Life (EEOL)

36 months

End of Engineering + 6 months

Yes

Yes

For more information about EOL and EEOL releases, see https://www.juniper.net/support/eol/junos.html.

For information about software installation and upgrade, see the Installation and Upgrade Guide.