Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for PTX Series

 

These release notes accompany Junos OS Release 20.4R3 for the PTX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

What's New

Learn about new features introduced in Junos OS Release 20.4R3 for the PTX Series.

What’s New in Release 20.4R3

There are no new features or enhancements to existing features for PTX Series routers in Junos OS Release 20.4R3.

What’s New in Release 20.4R2

There are no new features or enhancements to existing features for PTX Series routers in Junos OS Release 20.4R2.

What’s New in Release 20.4R1

Junos OS XML, API, and Scripting

  • Support for Certificate Authority Chain Profile (EX2300, EX3400, EX4300, MX240, MX480, MX960, PTX-5000, VMX, vSRX and QFX5200)—Starting in Junos OS Release 20.4R1, you can configure intermediate Certificate Authority (CA) chain profile certificate and perform https REST API request using mutual and server authentications.

    To configure intermediate ca-chain certificate, configure ca-chain ca-chain statement at the [edit system services rest https] hierarchy level.

  • Start time option for interval-based internal events that trigger event policies (EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.4R1, when you create an interval-based internal event for triggering event policies, you can specify the start date and time for the initial event. To specify a start time, configure the start-time option along with the time-interval option at the [edit event-options generate-event] hierarchy level.

    [See Generating Internal Events to Trigger Event Policies.]

Junos Telemetry Interface

  • JTI support for inline Junos Traffic Vision sensors with gRPC services (MX Series and PTX Series)—Junos OS Release 20.4R1 supports inline Jflow sensors for FPC3 and MPC 1 through 9. This feature enables you to monitor inline Junos Traffic Vision (previously known as Jflow) service statistics on a router and to export statistics to an outside collector at configurable intervals using remote procedure call (gRPC) services.

    Use the resource path /junos/system/linecard/services/inline-jflow/ in a subscription to export statistics.

    You can view statistics in the collector output under /components/. The collector component ID in the statistics output will include the FPC slot number for which inline Junos Traffic Vision statistics are exported. For example, inline Jflow statistics for FPC 0 will be under component id 0, and inline Jflow statistics for FPC 1 will be under component id 1.

    Inline Junos Traffic Vision statistics are slightly different, depending on the routing platform.

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

  • Enhancing debug information for JTI (PTX5000)—Starting in Junos OS Release 20.4R1, debug commands supporting Junos telemetry interface (JTI) are enhanced to better support JTI.

    The show network-agent statistics (brief | detail) command output now includes:

    • Average latency values per sensor, which helps to check the latency of any given sensor on the device.

    • Approximate circular buffer usage per sensor, which provides an early alert if drops are likely for any specific sensor.

    • Time of subscription, which helps to correlate statistics information from the provisioning logs that are taken over a period of multiple subscriptions.

    The show extension-service request-response clients (brief | detail) command output now includes:

    • The username for which the session was authenticated in a remote procedure call (gRPC) session. If not authenticated, the username field displays as no authentication. This helps to identify which users have requested programmable operations.

    • Login time of the gRPC client, which helps determine how long this client has been active.

    [See show network-agent statistics and show extension-service request-response clients.]

  • JTI support for persistent active gRPC sessions between collector and server during an SSL certificate update (ACX Series, MX Series, and PTX Series)—Junos OS Release 20.4R1 supports persistent active remote procedure call (gRPC) sessions between the collector (client) and server during an SSL certificate update.

    For secure channel authentication, the TLS protocol is used to maintain a secure channel between the collector and the server. TLS uses the server certificate and the client certificate to authenticate each other and send encrypted messages over the network. When an SSL certificate is updated, existing gRPC sessions are abruptly terminated, forcing the collector to initiate a new gRPC connection and subscribe to sensors again.

    To avoid this problem, you can enable persistent active gRPC sessions by configuring hot-reloading at the [edit system services extension-service request-response grpc ssl] hierarchy level. After you enable this feature, gRPC sessions will remain active even when authentication certificates are updated.

    After the certificate is updated, any new gRPC session will use the updated certificate.

    [See gRPC Services for Junos Telemetry Interface and ssl.]

  • BGP neighbor telemetry with sharding (MX Series, PTX Series, and QFX Series)—Starting in Junos OS Release 20.4R1, BGP neighbor telemetry with sharding (multi-threading) is supported.

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

  • LACP sensors for actor partner states on JTI (MX Series and PTX Series)—Starting in Junos OS Release 20.4R1, you can use Junos telemetry interface (JTI) and gRPC Network Management Interface (gNMI) services to export LACP actor partner states (also known as LACP port states). When a subscription is configured, ON_CHANGE or periodic streaming statistics are sent from devices to an outside collector.

    You can subscribe to /lacpd/ to collect all statistics or include the following resource paths individually in a subscription:

    • /lacpd/ae/member/partner_collecting

    • /lacpd/ae/member/partner_synchronization

    • /lacpd/ae/member/partner_timeout

    • /lacpd/ae/member/partner_aggregatable

    • /lacpd/ae/member/partner_distributing

    • /junos/system/linecard/interface/traffic/

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

  • Juniper Resiliency Interface for exception reporting and null route detection (ACX Series, PTX Series, and MX Series)—Starting in Junos OS Release 20.4R1, you can use Juniper Resiliency Interface to detect and reduce Mean Time to Repair (MTTR) first-order network issues. Juniper Resiliency Interface uses a push model for data reporting from the entities in the system which encounter packet drops. This automates the workflow for detecting, reporting, and mitigating adverse exceptions.

    To collect kernel routing table and routing protocol process exceptions, configure the set system resiliency exceptions statement at the [edit] hierarchy level to specify exception reporting based on kernel exceptions, and routing exceptions.

    You can display exceptions from a remote collector by means of remote procedure call (gRPC) services or gRPC network management interface (gNMI) services. Display on-box exceptions by accessing the /var/log file or the database at /var/db/ResiliencyExceptions.db. No Junos operational mode commands display these exceptions.

MPLS

  • Support for optimizing auto-bandwidth adjustments for MPLS LSPs (MX Series and PTX Series)—Starting in Junos OS Release 20.4R1, you can configure faster auto-bandwidth adjustment for MPLS LSPs under overflow or underflow conditions. This feature decreases the minimum allowed adjust-threshold-overflow-limit and adjust-interval to 150 seconds when adjust-threshold-overflow-limit and adjust-threshold-underflow-limit cross the configured threshold values. In releases earlier than Junos OS Evolved Release 20.4R1, the adjust-interval is 300 seconds under overflow or underflow conditions.

    You can configure faster in-place LSP bandwidth update that avoids signaling of a new LSP instance as part of make-before-break. To configure faster in-place LSP bandwidth update, include the in-place-lsp-bandwidth-update configuration statement at the [edit protocols mpls label-switched-path lsp-name] hierarchy level.

    You can also configure RSVP interfaces to support subscription percentage per priority. To configure subscription percentage per priority, include the subscription priority priority percent value configuration statement at the [edit protocols rsvp interface interface-name] hierarchy level.

    [See Configuring Optimized Auto-bandwidth Adjustments for MPLS LSPs.]

  • Re-engineering of SR-TE (MX Series, PTX Series)—Starting with Junos OS Release 20.4R1, you can incorporate the following features to enhance the debugging capability of segment routing traffic-engineering (SR-TE):

    • rib-group import functionality.

    • Display of SR-TE routes installed from various tunnel sources using the show spring-traffic-engineering command.

    • Template map for BGP SR-TE tunnels.

    • Compute profile in template with distributed Constrained Shortest Path First (CSPF) for dynamic SR-TE tunnels.

    • 6PE (IPv6 over IPv4 SR-TE tunnel)

    • no-chained-composite-next-hop option

    [See source-packet-routing and show spring-traffic-engineering.]

  • Support for express segments to establish end-to-end segment routing path (MX Series and PTX Series)—Starting in Junos OS Release 20.4R1, express segments can be used to establish end-to-end TE paths between interconnected TE networks. Express segments (also known as virtual TE links) are generated dynamically through policies matching the underlay LSPs. Express segments and the corresponding abstracted topology (required by RFC7926) is generated with policies.

    To apply a policy, include the policy policy-name statement at the [edit protocols express-segment traffic-engineering] hierarchy level.

    To configure express segment, include the express-segment statement under the [edit protocols] hierarchy level.

    [See How to Establish End-to-End Segment Routing Paths Using Express Segments.]

Network Management and Monitoring

  • Configuration retrieval using the configuration revision identifier (EX3400, EX4300, MX204, MX240, MX480, MX960, MX2020, PTX3000, PTX10008, QFX5100, QFX10002-60C, SRX5800, vMX, and vSRX)—Starting in Junos OS Release 20.4R1, you can use the configuration revision identifier feature to view the configuration for a specific revision. This configuration database revision can be viewed with the CLI command show system configuration revision.

    [See show system configuration revision.]

  • Junos XML protocol operations support loading and comparing configurations using the configuration revision identifier (EX3400, EX4300, MX204, MX240, MX480, MX960, MX2020, PTX3000, PTX10008, QFX5100, QFX10002-60C, SRX5800, vMX, and vSRX)—Starting in Junos OS Release 20.4R1, the Junos XML management protocol operations support loading and comparing configurations by referencing the configuration revision identifier of a committed configuration. You can execute the <load-configuration> operation with the configuration-revision attribute to load the configuration with the given revision identifier into the candidate configuration. Additionally, you can compare the candidate or active configuration to a previously committed configuration by referencing the configuration revision identifier for the comparison configuration. The <get-configuration> operation supports the compare="configuration-revision" and configuration-revision attributes to perform the comparison.

    [See <get-configuration> and <load-configuration>.]

Routing Policy and Firewall Filters

  • Support for route’s next-hop weight in policy match condition (MX Series, PTX Series, and QFX Series)—Starting in Junos OS Release 20.4R1, a route with multiple next-hop paths can use the weight associated with a path to identify primary and backup paths. The path with the lowest weight is used as the primary path, and any paths with higher weights are treated as backup paths. You can use the next-hop weight as a match condition in export policies to redistribute IGP and BGP routes based on whether the primary or backup paths are active.

    Configure this match condition using the [edit policy-options policy-statement policy-name term term-name from] statement.

    [See policy-statement and show policy.]

  • Unicast RPF support for IPv4 and IPv6 (PTX10004)—Starting in Junos OS Release 20.4R1, PTX10004 devices support unicast reverse-path-forwarding (uRPF) for both IPv4 and IPv6 traffic flows. uRPF helps protect against DoS and DDoS attacks by verifying the unicast source address of packets arriving on a protected interface. Packets that are not from a valid path can be discarded. You can enable RPF checking for a given interface from the [edit interfaces name unit number family inet | inet6 rpf-check] hierarchy level, and create a discard rule at the [edit firewall filter name term default then reject] hierarchy level.

    [See Example: Configuring Unicast Reverse-Path-Forwarding Check.]

Routing Protocols

  • Support for multiple single-hop EBGP sessions on different links using the same IPv6 link-local address (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—Starting in Junos OS Release 20.4R1, you are no longer required to have unique peer addresses for Juniper devices for every EBGP session. You can now enable single-hop EBGP sessions on different links over multiple directly connected peers that use the same IPv6 link-local address.

    In earlier Junos OS Releases, BGP peers could be configured with link-local addresses, but multiple BGP peers could not be configured to use the same link-local address on different interfaces.

    [See Configure Multiple Single-Hop EBGP Sessions on Different Links Using the Same Link-Local Address (IPv6).]

  • Support for IS-IS flood-reflector interfaces (PTX1000, QFX10002, QFX10008)—Starting in Junos OS Release 20.4R1, we support the IS-IS flood reflector feature that offers better scalability for a Level 2 topology. Flood reflectors enable the creation of topologies where Level 1 areas provide transit forwarding for Level 2 destinations within a Level 2 topology.

    The flexible tunnel interfaces (FTI) are designated as flood-reflector interfaces. To enable the flood reflector on an FTI, include the flood-reflector statement at the [edit protocols isis interface interface name level level number hierarchy level.

    You can configure the interface to be either the reflector or the client. To enable the reflector, you can use the flood-reflector reflector cluster-id statement at the [edit protocols isis level level number] hierarchy level.

    To enable the flood reflector client, include the flood-reflector client statement at the [edit protocols isis level level number hierarchy level.

    Note

    You can configure the flood reflector feature on FTIs at Level 2 only.

    [See How to Configure Flood-Reflector Interfaces in IS-IS Networks.]

  • Support for BGP Labeled Unicast prefix SID (MX Series and PTX Series)—Starting in Junos OS 20.4R1, BGP labeled unicast can carry segment routing global block label range and index information through the prefix segment attribute. With this feature we support segment routing using the BGP labeled unicast prefix segments and the MPLS data plane in medium to large scaled data centers. The controller directs the server to assign a stack- of labels to an incoming packet based on the available network state information. The assigned label stack avoids congested paths and steers the packet through a best available path.

    To configure and advertise the SRGB label range specifically for BGP include the source-packet-routing srgb start-label start-label index-range index-rante and advertise-srgb configuration statements at the [edit protocols bgp] hierarchy level.

    To advertise prefix SIDs to external BGP peers, include the advertise-prefix-sid configuration statement at the [edit protocols bgp] hierarchy level. You can configure this statement globally or for specific BGP groups or BGP neighbors.

    [See srgb.]

  • Support for relaxing BGP router ID format from /32 to a nonzero ID per RFC6286 ( MX204, NFX Series, PTX5000, QFX Series, and vRR)—Starting in Junos OS Release 20.4R1, you can establish a BGP connection using a BGP identifier that is a 4-octet, unsigned, nonzero integer and it needs to be unique only within the autonomous system (AS) per RFC 6286. In earlier releases, the BGP ID of a BGP speaker was required to be a valid IPv4 host address assigned to the BGP speaker.

    To enable this feature, use the bgp-identifier identifier group bgp group name bgp-identifier identifier neighbor peer address bgp-identifier identifier configuration statement at the [edit protocols bgp] hierarchy level.

    [See router-id]

  • IPv6 support in TED (MX Series, PTX Series)—Starting in Junos OS Release 20.4R1, you can configure IS-IS traffic engineering to store IPv6 information in the traffic engineering database (TED) in addition to IPv4 addresses. BGP-LS distributes this information as routes from the TED to the lsdist.0 routing table using the TED import policies. These routes are advertised to BGP-TE peers as network layer reachability information (NLRI) with IPv6 router ID type, length, and value (TLV).

    With this enhancement, you can benefit from obtaining the complete network topology in the TED.

    [See Link-State Distribution Using BGP Overview.]

Software Installation and Upgrade

  • ZTP with DHCPv6 client support (EX3400, EX4300, PTX1000, PTX5000, PTX10002-60C, PTX10008, QFX5100, QFX5200, QFX10002, and QFX10002-60C)—Starting in Junos OS Release 20.4R1, zero touch supports the DHCPv6 client. During the bootstrap process, the device first uses the DHCPv4 client to request for information regarding image and configuration file from the DHCP server. The device checks the DHCPv4 bindings sequentially. If one of the DHCPv4 bindings fails, the device continues to check for bindings until provisioning is successful. However, if there are no DHCPv4 bindings, the device checks for DHCPv6 bindings and follows the same process as for DHCPv4 until the device can be provisioned successfully. Both DHCPv4 and DHCPv6 clients are included as part of the default configuration on the device.

    The DHCP server uses DHCPv6 options 59 and 17 and applicable suboptions to exchange ZTP-related information between itself and the DHCP client.

    Note

    ZTP supports only HTTP and HTTPS transport protocols.

    [See Zero Touch Provisioning.]

System Logging

  • Support for time averaged watermark (MX Series, PTX Series, and QFX Series)—Starting in Junos OS Release 20.4R1, you can capture steady state data of routing and forwarding (RIB/FIB) table routes using the time-averaged-watermark-interval configuration statement at the [edit routing-options] hierarchy level. Time averaged watermark is calculated whenever the time averaged interval is changed from CLI. Time averaged watermark is logged in syslog if the logs are enabled in the system at LOG_NOTICE level. The default time averaged watermark interval is 1 day. You can see the timed averaged watermark using the existing show route summary command.

    [See routing-options and show route summary.]

What's Changed

Learn about what changed in this release for PTX Series.

What’s Changed in Release 20.4R3

General Routing

  • SSH session connection limit and rate limit per connection (PTX Series and QFX Series)—We have introduced SSH connection-limit and rate-limit options at the edit system services ssh hierarchy levels to enable SSH connection limit and rate limit per connection. The default connection limit value is 75 connections and there is no default value associated with rate limit.

Network Management and Monitoring

  • Enhancement to the snmp mib walk command (PTX Series, QFX Series, EX Series, MX Series, SRX Series)— The ipv6IfOperStatus field displays the current operational state of the interface. The noIfIdentifier(3) state indicates that no valid Interface Identifier is assigned to the interface. This state usually indicates that the link-local interface address failed Duplicate Address Detection. When you specify the 'Duplicate Address Detected' error flag on the interface, the new value (noIfIdentifier(3)) is displayed. Previously, the snmp mib walk command did not display the new value (noIfIdIdentifier(3)).

  • Changes in contextEngineID for SNMPv3 INFORMS (PTX Series, QFX Series, ACX Series, EX Series, MX Series, and SRX Series— Now the contextEngineID of SNMPv3 INFORMS is set to the local engine-id of Junos devices. In earlier releases, the contextEngineID of SNMPv3 INFORMS was set to remote engine-id.

    [See SNMP MIBs and Traps Supported by Junos OS.]

  • The configuration accepts only defined identity values for nodes of type identityref in YANG data models (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—If you configure a statement that has type identityref in the corresponding YANG data model, the device accepts only defined identity values (as defined by an identity statement) as valid input. In earlier releases, the device also accepts values that are not defined identity values.

What's Changed in Release 20.4R2

General Routing

  • Secure boot disabled alarm is raised (PTX10008)—The Secure boot disabled alarm is raised when the system boots with secure boot disabled in bios.

Interfaces and Chassis

  • Warning message when taking an FPC offline—PTX10003-80C and PTX10003-160C devices do not support the request chassis fpc slot slot-number online command. The only way to bring up an FPC (MPC) that is offline is by rebooting the chassis. So, when you take an FPC offline by using the request chassis fpc slot slot-number offline command, the screen displays the following message. 'Warning : FPC slot cannot be made online using a CLI command. You need to perform router reboot using "request system reboot" to online the FPC slot Do you wish to continue ? yes,no (no).'

    [See request chassis fpc.]

Junos XML API and Scripting

  • The jcs:invoke() function supports suppression of root login and logout events in system log files for SLAX commit scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The jcs:invoke() extension function supports the no-login-logout parameter in SLAX commit scripts. If you include the parameter, the function does not generate and log UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages when the script logs in as root to execute the specified remote procedure call (RPC). If you omit the parameter, the function behaves as in earlier releases in which the root UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages are included in system log files.

    [See invoke() Function (SLAX and XSLT).]

  • The jcs:invoke() function supports suppression of root login and logout events in system log files for SLAX event scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The jcs:invoke() extension function supports the no-login-logout parameter in SLAX event scripts. If you include the parameter, the function does not generate and log UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages when the script logs in as root to execute the specified remote procedure call (RPC). If you omit the parameter, the function behaves as in earlier releases in which the root UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages are included in system log files.

    [See invoke() Function (SLAX and XSLT).]

What's Changed in Release 20.4R1

Class of Service (CoS)

  • We’ve corrected the output of the show class-of-service interface | display xml command. The output is of the following sort: <container> <leaf-1> data </leaf-1><leaf-2>data </leaf-2> <leaf-3> data</leaf-3> <leaf-1> data </leaf-1> <leaf-2> data </leaf-2> <leaf-3> data </leaf-3> </container> will now appear correctly as <container> <leaf-1> data </leaf-1><leaf-2>data </leaf-2> <leaf-3> data</leaf-3></container> <container> <leaf-1> data </leaf-1> <leaf-2> data </leaf-2> <leaf-3> data </leaf-3> </container>.

General Routing

  • Control plane DDoS protection packet type option for ARP traffic (PTX Series and QFX Series)— Starting in this release, we've renamed the arp-snoop packet type option in the edit system ddos-protection protocols arp protocol group to arp. This packet type option enables you to change the default control plane distributed denial of service (DDoS) protection policer parameters for ARP traffic.

    [See protocols (DDoS) (PTX Series and QFX Series).]

  • Support for unicast ARP request on table entry expiration—You can configure the device to send a unicast ARP request instead of the default broadcast request when an ARP table entry is about to expire. The retry requests are unicast at intervals of 5 seconds. Without this option, the retry requests are broadcast at intervals of 800 milliseconds. This behavior reduces ARP overall broadcast traffic. It also supports the use case where access nodes are configured not to forward broadcast ARP requests toward customer CPEs for security reasons and instead translate ARP broadcasts to unicast requests. To confirm whether this is configured, you can issue the following command: show configuration system arp | grep unicast-mode-on-expire.

    [See arp.]

MPLS

  • The show mpls lsp extensivel and show mpls lsp detail commands display next hop gateway LSPid—When you use the show mpls lsp extensivel and show mpls lsp detail commands, you'll see next hop gateway LSPid in the output as well.

Network Management and Monitoring

  • Warning changed for configuration statements that correspond to deviate not-supported nodes in YANG data models (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—If you configure a statement corresponding to a YANG data model node that defines the deviate not-supported statement, the Junos OS configuration annotates that statement with the comment Warning: statement ignored: unsupported platform. In earlier releases, the warning is Warning: 'statement' is deprecated.

User Interface and Configuration

  • Verbose format option for exporting JSON configuration data (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The Junos OS CLI exposes the verbose statement at the edit system export-format json hierarchy level. The default format for exporting configuration data in JSON changed from verbose format to ietf format starting in Junos OS Release 16.1R1. You can explicitly specify the default export format for JSON configuration data by configuring the appropriate statement at the edit system export-format json hierarchy level. Although the verbose statement is exposed in the Junos OS CLI as of the current release, you can configure this statement starting in Junos OS Release 16.1R1.

    [See export-format.]

Known Limitations

Learn about known limitations in this release for PTX Series Routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

General Routing

  • During reconfigurations or link events at the physical interface level, pe.ipw.misc_int.status:iq_disabled interrupts can be seen. These do not indicate impact to traffic. PR1476553

  • When counter sample is enabled, it's trying to fetch the IFD stats for sflow enabled interfaces using rtsock msgs to kernel. This blocks call and wait for the reply of earlier request and sends a new request only after receive the reply of first one. So, FPC is occupied when this request was made and couldn?t reply on time and hence the scheduler slip will occur. So, if you set the pooling interval 0, then this message will not come like the below command:

    set protocols sflow polling-interval 0

    set protocols sflow interfaces <intf-name> polling-interval 0 This is only required if the polling interval is set at the interface level. PR1517076

  • This is about the address selection for IPv6 trace-route. In case of IPv4, the address marked with primary flag gets selected. In case of IPv6, the address from the head of the address list gets selected as per the design.Changing it similar to IPV4 could cause other behavioural changes which is not suggested. PR1518978

  • Route resolution over BGP-LU labels with default composite-next-hop knob is not supported on PTX1K and QFX10K. Workaround: set routing-options forwarding-table chained-composite-next-hop transit no-labeled-bgp, commit PR1544277

  • On PTX10008, end-to-end traffic is not flowing for ethernet-switching in enterprise style. PR1583219

Routing Protocols

  • Due to a race condition between route re-convergence and the BGP-PIC version up message to the Packet Forwarding Engine, after a remote transit router reboot, certain BGP routes might reuse stale LDP next hops and cause packet discard at the transit router during the route re-convergence window. PR1495435

Open Issues

Learn about open issues in this release 20.4R3 for PTX Series Routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

General Routing

  • On PTX platforms, some non-fatal interrupts (for example, CM cache or AQD interrupts) are logged as fatal interrupts. The following log messages will be shown on CM parity interrupt: fpc0 TQCHIP 0: CM parity Fatal interrupt,Interrupt status:0x10 fpc0 CMSNG: Fatal ASIC error, chip TQ fpc0 TQCHIP 0: CM cache parity Fatal interrupt has occurred 181 time(s) in 180010 msecs TQCHIP 0: CM cache parity Fatal interrupt has occurred 181 time(s) in 180005 msecs. PR1089955

  • On the PTX Platform with FPC-PTX-P1-A or FPC2-PTX-P1A, you might encounter a single event upset (SEU) event that might cause a linked-list corruption of the TQCHIP. The following syslog message gets reported: Jan 9 08:16:47.295 router fpc0 TQCHIP1: Fatal error pqt_min_free_cnt is zero Jan 9 08:16:47.295 router fpc0 CMSNG: Fatal ASIC error, chip TQ Jan 9 08:16:47.295 router fpc0 TQ Chip::FATAL ERROR!! from PQT free count is zero jan 9 08:16:47.380 router alarmd[2427]: Alarm set: FPC color=RED, class=CHASSIS, reason=FPC 0 Fatal Errors - TQ Chip Error code: 0x50002 Jan 9 08:16:47.380 router craftd[2051]: Fatal alarm set, FPC 0 Fatal Errors - TQ Chip Error code: 0x50002 The Junos OS Chassis Management error handling detects such a condition, raises an alarm, and disables the affected Packet Forwarding Engine entity. To recover this Packet Forwarding Engine entity, restart the FPC. Contact your Juniper support representative if the issue persists even after the FPC restarts. PR1254415

  • When CFP2-DCO-T-WDM-1 is plugged in a PTX Series PIC, after FPC restarts, the carrier frequency offset TCA is raised even when TCA is not enabled. PR1301471

  • On 30-port MACsec-enabled line card (LC1101-M-30C, LC1101-M-30Q, and LC1101-M-96X) of the PTX10008 chassis, when the exclude-protocol lacp statement configured at the [edit security macsec connectivity-association connectivity-association-name] hierarchy level is deleted or deactivated, the LACP protocol's Mux State shown under the output of CLI command show lacp interface, might remain as attached or detached and might not change to distributing state. PR1331412

  • The log of SMART ATA Error Log Structure error: invalid SMART checksum" might be seen on FPC with WINTEC mSata SSD. PR1354070

  • Due to transient hardware condition, single-bit error (SBE) events are corrected and have no operational impact. Reporting of those events had been disabled to prevent alarms and possibly unnecessary hardware replacements. This change applies to all platforms using Hybrid Memory Controller (HMC). PR1384435

  • The telemetry statistics might not account correctly for the traffic on SR-TE policies (both byte count and packet count) on PTX series devices. This is a sensor-related issue. PR1413680

  • On the PTX3000 routers, the firewall counter for lo0 does not increment. PR1420560

  • On PTX series platforms, if a firewall filter with multiple match conditions is configured on interfaces which are Up and the firewall filter is modified (either a new action is added or the condition is added or removed etc.), the FPC might crash and restart. It might affect the service and traffic. PR1432116

  • Memory leaks are expected in this release. PR1438358

  • This is a timing issue during the sxe interface bring up (w.r.t i40e driver). This can be recovered by rebooting the complete board. PR1442249

  • On the PTX10001with NGRE platforms, the vmhost disk usage might keep increasing due to no log rotation for resild log and temperature sensor information was incorrectly written into resild log, resulting in resild log file size continuously increasing. PR1480217

  • The SNMP index for bundle interface might become zero in Packet Forwarding Engine after restarting the FPC. This could cause the sflow records to have either input interface value (IIF) or output interface value (OIF) as 0 value. PR1484322

  • When executing show interfaces ae<> extensive CLI on PTX1000, sometimes the aggregated Ethernet member link stats might be missing in the output. The issue is momentary issue and does not happen all the time. If run into the issue, please execute show interfaces ae<> extensive CLI again. PR1519218

  • Flapping might be observed on channelized ports of PTX Series routers during ZTP, when one of the port is disabled on the supporting device. PR1534614

  • SFlow reports incorrect "Extended Router Data" for traffic going over non-default VRF. PR1537190

  • The output VLAN is not reported correctly in the extended switch data for IPIP transit traffic when you configure both dynamic tunnel and FTI as backups. PR1537648

  • The socket to sflowd closed error comes up when the ukern socket to sflowd daemon (server) is closed. The error is rectified by itself as the client successfully reestablishes the connection in the subsequent attempts. When these errors are consistent, it indicates a communication issue between sflowd and the sFlow running on the FPC. PR1538863

  • When we run continuous sync (show interfaces aex extensive) and async(SNMP polling) queries on aggregated Ethernet interface in parallel, we may observe spikes in aggregated Ethernet interface framing errors counter in between correct values. PR1539537

  • On PTX platforms, when Inline Jflow is configured and high sampling rate (more than 4000 per second) is set, high CPU utilization may be observed and this might result in relevant impacts on traffic analysis and billing. PR1569229

  • When firewall is configured with both discard and port-mirror as actions in the same term, mirrored packet will be corrupted (will have two Layer 2 headers). PR1576914

  • On PTX Series routers and QFX Series switches, the traffic from TACACS port 49 might not be classified into a proper DDoS queue. When the issue happens, it might cause the unclassified traffic to get dropped when the CPU utilization is very high. PR1578579

  • On PTX platforms with vlan-ccc configured, if it acts as a provider edge device and forwards the ISIS packet between CEs over the layer 2 circuit tunnel, the ISIS packet might be corrupted. In this case, the ISIS adjacency might not be formed. PR1580047

  • On PTX10008, end-to-end traffic is not flowing for ethernet-switching in EP Style. PR1583219

    The command show chassis clocks is handled by chassisd daemon on legacy platforms. On PTX10008, however, chassisd is not a running daemon. Hence the previously observed output: error: the chassis-control subsystem is not running. PR1583715

  • ISIS over Layer 2 circuit will not come up if the encapsulation is translation cross-connect. PR1590387

  • When LLDP is used and interfaces are flapping on PTX platforms, memory leaks might be observed and it will cause the l2cpd process to crash. PR1608699

  • On PTX1000 platforms, ARP resolution failure with IRB configuration results in packet drop. PR1612205

  • In the PTX5000 with behavior aggregate (BA) classification scenario, the COS queue-num 3 is applied to TTL packets by default. If the IEEE-802.1ad classifier is configured for the packets which are mapped to the CoS output queue-num 3 (The Packet Forwarding Engine internal hostbound queue classification code-points=1100), in a very rare case, if some TTL expired packets are passed via the other interfaces which are also mapped to the same hostbound queue (in this case, queue 3), the packets will be dropped by Packet Forwarding Engine because of some TTL expiry packets in the same queue. PR1584042

  • Failed to get pechip handle for chip 0 and prds_encap_sample_flood_lpbk_desc_install: Egress NH descriptor install OK for Flabel 7808 errors are seen during restart. PR1585594

  • On PTX5000 and PTX10003 platforms, higher latency than configured or default value might be observed in the traffic passing through the device. This issue is seen as the VOQ (Virtual output queue) size is not correctly set in ASIC. PR1588514

  • On Junos platforms with Telemetry implemented, the jsd (JET service process) crashes might occur if tracing is enabled for libgrpc while the collector continues to flap. PR1589103

  • On PTX3000 and PTX5000 platforms, if a 40G or 100G interface flaps, the interface might stay down even after disabling or enabling it. PR1589170

  • Upon frequent inetflow route changes, Heap Memory of the FPC will get leaked on PTX platforms. Once running out of memory resources, FPC might restart along with a core file. Syslog emergency messages will get recorded once crossing the 90 percent threshold. The current FPC Heap Utilization can be validated via the show chassis fpc command. PR1589133

Layer 2 Ethernet Services

  • It was observed rarely that issuing a request system zeroize did not trigger ZTP. A simple workaround is to reinitiate ZTP. PR1529246

MPLS

  • At high scale, LSP setup rate will be relatively slower in IPinIP networks. PR1457992

  • In the case of the LDP route with multiple next-hops, the last NH weight in table mpls.0 is not set properly when the total number of LDP NHs is multiple of 8 + 1, e.g., 9, 17. This might lead to some backup route active as the primary path, which might result in a traffic loop. PR1582037

Network Management and Monitoring

  • On PTX10008 platforms, syslog does not log information on IPv4 after upgrade. PR1611504

Platform and Infrastructure

  • A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). Please refer to JSA11200 for more information. PR1557881

  • On PTX series platforms running Junos, traffic loss might be observed in a scaled firewall filter configuration setup due to FPC crash. When the issue occurs, a core file is generated which could be checked using the CLI command show system core-dumps. user@router> show system core-dumps -rw-r--r-- 1 root wheel 89322187 /var/crash/core-NGMPC0.gz.core.0 ----> Core file PR1586817

Routing Protocols

  • The ssh connection limit on PTX5000 platform will be ignored. == ssh {#### Warning: statement ignored: unsupported platform (PTX5000)##connection-limit 3; } ==. PR1559305

  • In BGP Resource Public Key Infrastructure (RPKI) scenario, if the session record-lifetime is configured less than the hold-time, the record-lifetime for route validation (RV) might expire while the session is still up, which will cause the rpd crash. PR1585321

  • In BGP multipath scenario, if an interface for a single hop EBGP peer goes down, the rpd might crash on the backup Routing Engine. If NSR switchover is performed, the rpd crash might be observed on the newly primary Routing Engine, hence there may be traffic impact. PR1589141

User Interface and Configuration

  • When a user tries to deactivate the mpls related configuration, The commit fails on backup Routing Engine. PR1519367

  • On PTX platforms, the default routing policy might not be changed back after it is changed to network-services enhanced mode. PR1587174

Resolved Issues

This section lists the issues fixed in the Junos OS main release and the maintenance releases for the PTX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 20.4R3

General Routing

  • The kernel crash might happen if NSR is enabled. PR1545143

  • Packet drop might happen on the aggregated Ethernet bundle which have the single child member only. PR1551736

  • The device might run out of service post GRES or unified ISSU. PR1558958

  • Traffic drop might be seen in 128 or more way ECMP paths after FPC restart. PR1559528

  • The request system software delete CLI command is improved to add new option archived to delete all old software versions except current and rollback. PR1566173

  • Another port will also shutdown after shutting down one port on PTX10002-60C or QFX10002-60C. PR1568294

  • LLDP out-of-bounds read vulnerability in l2cpd. PR1569312

  • Upgrading PTX1000 with unified SSDs (2x32G SSD) might result in boot loop in certain scenario. PR1571275

  • The gRPC sessions hang in CLOSED state. PR1571999

  • Channelized ports on PTX10002 platforms might drop traffic. PR1575742

  • On the PTX5000 platform, traffic loss might be observed. PR1578511

  • TACACS traffic might be dropped. PR1578579

  • BFD sessions might flap during traffic spikes on PTX platforms. PR1578599

  • Authentication might fail if the password contains special characters. PR1580003

  • The IS-IS packet might be corrupted on the provider edge device over the layer 2 circuit tunnel. PR1580047

  • PTX Series routers might drop traffic. PR1580211

  • The FEC91 mode might not get enabled automatically for QSFP28-SR4 SFP used on WAN interface. PR1582200

  • Junos telemetry Interfaces: Missing Leaves - Transceiver/state.PR1583076

  • The packets might be dropped by Packet Forwarding Engine of PTX5000 after changing the queue of IEEE-802.1ad classifier on FPC-PTX-P1-A or FPC2-PTX-P1A. PR1584042

  • On Junos OS PTX Series platforms, FPC resource usage increases when certain packets are processed which are being VXLAN encapsulated (CVE-2021-31361). PR1584197

  • JDI-RCT: T/PTX: Failed to get pechip handle for chip 0 and prds_encap_sample_flood_lpbk_desc_install: Egress NH descriptor install OK for Flabel 7808 errors are seen bringup.PR1585594

  • The na-grpc process crash might be seen and existing telemetry connections will be disconnected. PR1587956

  • There might be higher latency in traffic flow than configured or default value. PR1588514

  • The jsd process crash might be seen in a rare condition in a telemetry scenario. PR1589103

  • On Junos OS PTX Series platforms, an FPC heap memory leak will be triggered by certain Flowspec route operations which might lead to an FPC crash (CVE-2021-31367). PR1589133

  • The 40G and 100G interface might stay down after link flaps on PTX3000 and PTX5000. PR1589170

  • The L2cpd-agent might go unresponsive after starting telemetry service. PR1592473

  • CRC errors increase continuously after interface flap. PR1600768

  • Traffic blackhole might be seen due to the RS Fatal error on FPC-PTX-P1-A/FPC2-PTX-P1A/FPC-SFF-PTX-P1-A/FPC-SFF-PTX-T. PR1600935

  • The layer 2 circuit packets with destination MAC address 01:00:0c:cc:cc:cd may get punted. PR1601360

  • On PTX platforms, link flaps might be observed momentarily. PR1606008

Forwarding and Sampling

  • Junos OS: User-defined ARP Policer isn't applied on aggregated Ethernet interface until firewall process is restarted (CVE-2021-0289). PR1528403

General Routing

  • Node name should not be attached to the system hostname under LLDP. PR1593991

MPLS

  • Sub-optimal routing issues might be seen in the case of LDP route with multiple next-hops. PR1582037

  • The LDP replication session might not get synchronized when dual-transport is enabled. PR1598174

  • VPLS connection might get down if configuration statement dual-transport is configured. PR1601854

Multicast

  • Multicast traffic in MVPN setup might be blackholed on some PTX platforms acting as transit LSR. PR1555274

  • FPC might crash in a multicast scenario. PR1569957

Platform and Infrastructure

  • Junos OS: Upon receipt of specific sequences of genuine packets destined to the device the kernel will crash and restart (vmcore) (CVE-2021-0283, CVE-2021-0284). PR1557881

  • FPC might crash in a scaled firewall configuration. PR1586817

Routing Protocols

  • Route validation states might flip between VALID/INVALID/UNKNOWN in some corner case. PR1556656

  • BGP session carrying VPNv4 prefix with IPv6 next-hop might be dropped. PR1580578

  • Process rpd crash might be seen in certain IS-IS scenario. PR1583484

  • The rpd crash might be seen when BGP RPKI session record-lifetime is configured less than the hold-time. PR1585321

  • The rpd might crash in BGP multipath scenario if interface for a single hop EBGP peer goes down. PR1589141

Resolved Issues: 20.4R2

Forwarding and Sampling

  • The l2ald process might crash due to next-hop issue in the EVPN-MPLS. PR1548124

General Routing

  • Aggregate Ethernet interfaces do not display member links' statistic. PR1505596

  • Error messages "t6e_dfe_tuning_state:et-6/0/0 - Failed to dfe tuning count 10" might be seen after links flap PR1512919

  • The chassisd memory leak might cause traffic loss PR1537194

  • The kernel crash might happen if NSR is enabled. PR1545143

  • On the PTX10K platforms, traffic might get dropped when the set routing-options forwarding-table no-ecmp-fast-reroute configuration is changed to 128 ECMP entries. PR1547457

  • The rpd crash might be seen when BGP service route is resolved over color-only SRTE policy PR1550736

  • The interface filter with source-port 0 matches everything instead of port 0. PR1551305

  • Packet drop might happen on the AE bundle which have the single child member only. PR1551736

  • There might be traffic drop when default EXP classifier maps traffic to FC with no schedulers. PR1554266

  • The LCMD process might consume memory until all of the free memory available to VMHOST gets exhausted. PR1555386

  • The micro BFD session might flap with DDoS policer. PR1557782

  • EVO System - after recovering from restart routing immediately, object-info anomalies is observed on rpdagent PR1561812

  • An enhancement to enable watchdog petting log on PTX10K Line Cards PR1561980

  • Junos OS: Upon receipt of specific packets BFD sessions might flap due to DDoS policer implementation in Packet Forwarding Engine. PR1564807

  • Improve 'request system software delete' CLI command to add new option "archived" to delete all old software versions except current and rollback PR1566173

  • gRPC session hanging in CLOSED state. PR1571999

  • [LDP] [MPLS] JUNOS:JDI_FT_REGRESSION:PLATFORM:ROUTING:LDP: Higher Traffic loss observed after Link Flap with LDP. PR1578511

  • BFD sessions might flap during traffic spikes on PTX platforms. PR1578599

  • [BGP] [URPF] JUNOS:JDI_FT_REGRESSION:PLATFORM:ROUTING:URPF: Traffic dropped at PFE with uRPF config PR1580211

Infrastructure

  • The kernel crash with core file might be seen if churn happens for a flood composite next hop. PR1548545

Layer 2 Ethernet Services

  • The copying of files to the RCB over WAN ports is slow PR1496895

MPLS

  • Traffic loss might be observed due to rpd crash in MPLS scenario PR1528460

  • MPLS-LIB memory leak might be seen in SR scenario. PR1556495

  • Traffic sent over an LSP may be dropped if two consecutive PLRs along the LSP perform local repair and bypass protecting the second PLR fails. PR1566101

MPLS

  • FPC might crash in a multicast scenario. PR1569957

Network Management and Monitoring

  • The mib2d process crashes and generates a core file on backup Routing Engine. PR1557384

Platform and Infrastructure

  • The BGP session replication might fail to start after the session crashes on the backup Routing Engine. PR1552603

Routing Policy and Firewall Filters

  • Generate route goes to hidden state when protect core knob is enabled PR1562867

Routing Protocols

  • Traffic might be silently discarded when the BGP route getting deleted which is part of multipath PR1514966

  • The rpd memory leak might be seen in the BGP scenario. PR1547273

  • The BGP session might not come up if extended-nexthop is enabled by default on the other vendor remote peer. PR1555288

  • The rpd might restart after interface flap if layer2-map. PR1557710

  • BGP LU session flap might be seen with AIGP used scenario PR1558102

  • Traffic loss might occur for stitched traffic from SR towards LDP if no-eligible-backup is configured. PR1558565

  • The ppmd memory leak may cause traffic loss. PR1561850

VPNs

  • The rpd might crash during a race condition under BGP multipath scenario. PR1567918

Resolved Issues: 20.4R1

General Routing

  • On PTX10008 and PTX5000 routers, the output of the show filter index number counter command shows value as zero. PR1420057

  • On PTX10016 routers, after device reboot, the FPC takes a long time to come up and hence MKA sessions establishment is delayed. The error message Frame 08: sp = 0x48d222b8, pc = 0x10fad3bc , blaze fpc2 SCHED: Thread 59 (PFE Manager) ran for 2177 ms without yielding is observed. PR1477585

  • On PTX10016 routers, if aggregated Ethernet member or interface flow control is in disabled state, then it does not enable its own. PR1478715

  • The Layer 2 VPN might flap and the CE device facing interface cannot restore the TX optical laser power even if the Layer 2 VPN is in the Up status under the asynchronous-notification. PR1486181

  • In IP-in-IP, end-to-end (CE device to CE device) traceroute is not working as expected. PR1488379

  • Dynamic tunnels traceoptions does not offer state tracing and causes JTASK_SCHED_SLIP with single underlay route bounce. PR1493236

  • FPC ukern core file is not transferred to Routing Engine in a scaled setup. PR1500418

  • The error message mpls_extra NULL might be seen during add, change, and delete of MPLS route. PR1502385

  • The packetio crashes during the initialization and this might result in a second reboot. PR1505150

  • ERO update by the controller for branch LSP might cause issues. PR1508412

  • BIND does not sufficiently limit the number of fetches performed when processing referrals. PR1512212

  • The routes update might fail upon the HMC memory issue and traffic impact might be seen. PR1515092

  • On PTX5000 and PTX3000 routers, the FPC E might get stuck when the packet is switched internally between FPC connected port towards Routing Engine connected ports. PR1519673

  • Sampling with the rate limiter statement enabled crosses the sample rate of 65535. PR1525589

  • Running SNMP MIB walk and executing show interfaces command might cause the picd to crash. PR1533766

  • The error message expr_dfw_action_topo_connect_anh:1434 expr_dfw_action_topo_connect_anh:eda_anh_discard is FALSE for nh-id 568 - return is observed in PTX1000 routers. PR1540064

  • The Packet Forwarding Engine might crash in MPLS IPv6-tunneling scenario when the next hop changes. PR1540793

  • Traffic might drop silently after swapping an FPC type 3 card with an FPC type 1 card in the same slot on a PTX3000 router. PR1547790

Infrastructure

  • Interface drop counters might display 0 during a race condition and voq statistics are also polled simultaneously. PR1537960

Interfaces and Chassis

  • The error message Request failed: OID not increasing: ieee8021CfmStackServiceSelectorType is observed. PR1517046

  • EOAM IEEE802.3ah link discovery state is Down instead of Active Send Local after deactivating interfaces. PR1532979

  • Logs are not being written in /var/log/messages on certain PTX Series platforms. PR1551374

MPLS

  • The SNMP trap is sent with incorrect OID jnxSpSvcSetZoneEntered. PR1517667

Network Management and Monitoring

  • The SNMP MIB ifInErrors [OID 1.3.6.1.2.1.2.2.1.14] reports wrong values. PR1534286

  • The syslog messages might not be sent with correct port. PR1545829

Routing Protocols

  • The show dynamic-tunnels database command does not show the statistics for the first time and fetches the traffic statistics the second time. PR1445705

  • The ppmd process crashes after configuring S-BFD responder on the PTX Series routers with the RE-DUO-2600 Routing Engine. PR1477525

  • The rpd process might report 100 percent CPU usage with the BGP route damping enabled. PR1514635

Documentation Updates

There are no errata or changes in Junos OS Release 20.4R3 documentation for PTX Series Routers.

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS for the PTX Series. Upgrading or downgrading Junos OS might take several hours, depending on the size and configuration of the network.

Basic Procedure for Upgrading to Release 20.4

When upgrading or downgrading Junos OS, use the jinstall package. For information about the contents of the jinstall package and details of the installation process, see the Installation and Upgrade Guide. Use other packages, such as the jbundle package, only when so instructed by a Juniper Networks support representative.

Note

Back up the file system and the currently active Junos OS configuration before upgrading Junos OS. This allows you to recover to a known, stable environment if the upgrade is unsuccessful. Issue the following command:

Note

The installation process rebuilds the file system and completely reinstalls Junos OS. Configuration information from the previous software installation is retained, but the contents of log files might be erased. Stored files on the router, such as configuration templates and shell scripts (the only exceptions are the juniper.conf and ssh files), might be removed. To preserve the stored files, copy them to another system before upgrading or downgrading the routing platform. For more information, see the Installation and Upgrade Guide.

Note

We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

To download and install Junos OS Release 20.4R3:

  1. Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:

    https://support.juniper.net/support/downloads/

  2. Select the name of the Junos OS platform for the software that you want to download.
  3. Select the release number (the number of the software version that you want to download) from the Release drop-down list to the right of the Download Software page.
  4. Select the Software tab.
  5. In the Install Package section of the Software tab, select the software package for the release.
  6. Log in to the Juniper Networks authentication system by using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the routing platform or to your internal software distribution site.
  10. Install the new jinstall package on the router.Note

    We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

    All customers except the customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:

    user@host> request system software add validate reboot source/junos-install-ptx-x86-64-20.4R2.9.tgz

    Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (limited encryption Junos OS package):

    user@host> request system software add validate reboot source/junos-install-ptx-x86-64-20.4R2.9-limited.tgz

    Replace the source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the router.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname

    The validate option validates the software package against the current configuration as a prerequisite to adding the software package to ensure that the router reboots successfully. This is the default behavior when the software package being added is a different release.

    Adding the reboot command reboots the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note

You need to install the Junos OS software package and host software package on the routers with the RE-PTX-X8 Routing Engine. For upgrading the host OS on this router with VM Host support, use the junos-vmhost-install-x.tgz image and specify the name of the regular package in the request vmhost software add command. For more information, see the VM Host Installation topic in the Installation and Upgrade Guide.

Note

After you install a Junos OS Release 20.4 jinstall package, you cannot return to the previously installed software by issuing the request system software rollback command. Instead, you must issue the request system software add validate command and specify the jinstall package that corresponds to the previously installed software.

Note

Most of the existing request system commands are not supported on routers with RE-PTX-X8 Routing Engines. See the VM Host Software Administrative Commands in the Installation and Upgrade Guide.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 19.2, 19.3, and 19.4 are EEOL releases. You can upgrade from Junos OS Release 19.2 to Release 19.3 or from Junos OS Release 19.2 to Release 19.4. However, you cannot upgrade directly from a non-EEOL release that is more than three releases ahead or behind.

To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see https://support.juniper.net/support/eol/software/junos/.

Upgrading a Router with Redundant Routing Engines

If the router has two Routing Engines, perform a Junos OS installation on each Routing Engine separately to avoid disrupting network operation as follows:

  1. Disable graceful Routing Engine switchover (GRES) on the master Routing Engine and save the configuration change to both Routing Engines.

  2. Install the new Junos OS release on the backup Routing Engine while keeping the currently running software version on the master Routing Engine.

  3. After making sure that the new software version is running correctly on the backup Routing Engine, switch over to the backup Routing Engine to activate the new software.

  4. Install the new software on the original master Routing Engine that is now active as the backup Routing Engine.

For the detailed procedure, see the Installation and Upgrade Guide.