Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Preparing for Software Installation and Upgrade

 

Before you install or upgrade Junos OS, you must ensure some basic checks such as sufficient disk space availability and backing up configurations in place.

Reinstalling Junos OS

Checklist for Reinstalling Junos OS

Table 1 provides links and commands for reinstalling Junos OS.

Table 1: Checklist for Reinstalling Junos OS

Tasks

Command or Action

Before You Reinstall Junos OS
  1. Log the Software Version Information

show version | save filename

  1. Log the Hardware Version Information

show chassis hardware | save filename

  1. Log the Chassis Environment Information

show chassis environment | save filename

  1. Log the System Boot-Message Information

show system boot-messages | save filename

  1. Log the Active Configuration

show configuration | save filename

  1. Log the Interfaces on the Router

show interface terse | save filename

  1. Log the BGP, IS-IS, and OSPF Adjacency Information

show bgp summary | save filename

show isis adjacency brief | save filename

show ospf neighbor brief | save filename

  1. Log the System Storage Information

show system storage | save filename

  1. Back Up the Currently Running and Active File System

request system snapshot

Reinstall Junos OS

Insert the floppy and reboot the system.

Reconfigure Junos OS
  1. Configure Host Names, Domain Names, and IP Addresses

Log in as root.

Start the CLI.

Enter configuration mode: configure

set system host-name host-name

set system domain-name domain-name

set interfaces fxp0 unit 0 family inet address address/prefix-length

set system backup-router address

set system name-server address

  1. Protecting Network Security by Configuring the Root Password

set system root-authentication plain-text-password

set system root-authentication encrypted-password password

set system root-authentication ssh-rsa key

commit

exit

  1. Check Network Connectivity

ping address

  1. Copy Backup Configurations to the Router

file copy var/tmp

configure

[edit]

load merge /config/filename
or load replace /config/filename

[edit]

commit

After You Reinstall Junos OS
  1. Compare Information Logged Before and After the Reinstall

show version | save filename

show chassis hardware | save filename

show chassis environment | save filename

show system boot-messages | save filename

show configuration | save filename

show interfaces terse | save filename

show bgp summary

show isis adjacency brief

show ospf neighbor brief
| save filename

show system storage | save filename

  1. Back Up the New Software

request system snapshot

Log the Software Version Information

Purpose

The purpose of this action is to log the Junos OS version information.

Action

Use the following Junos OS CLI operational mode command:

Sample Output

Meaning

The sample output shows the hostname, router model, and the different Junos OS packages, processes, and documents.

Log the Hardware Version Information

Purpose

You should log hardware version information in the rare event that a router cannot successfully reboot and you cannot obtain the Routing Engine serial number. The Routing Engine serial number is necessary for Juniper Networks Technical Assistance Center (JTAC) to issue a return to manufacturing authorization (RMA). Without the Routing Engine serial number, an onsite technician must be dispatched to issue the RMA.

Action

To log the router chassis hardware version information, use the following Junos OS CLI operational mode command:

Sample Output

The output for the M-series routers varies depending on the chassis components of each router. All routers have a chassis, midplanes or backplanes, power supplies, and Flexible PIC Concentrators (FPCs). Refer to the hardware guides for information about the different chassis components.

Meaning

The sample output shows the hardware inventory for an M160 router with a chassis serial number of 101. For each component, the output shows the version number, part number, serial number, and description.

Log the Chassis Environment Information

Action

To log the router chassis environment information, use the following Junos OS CLI operational mode command:

Sample Output

The following example shows output from the show chassis environment command for an M5 router:

Meaning

The sample output shows the environmental information about the router chassis, including the temperature and information about the fans, power supplies, and Routing Engine.

Log the System Boot-Message Information

Action

To log the system boot-message information, use the following Junos OS CLI operational mode command:

Sample Output

Meaning

The sample output shows the initial messages generated by the system kernel upon boot. This is the content of the /var/run/dmesg.boot file.

Log the Active Configuration

Action

To log the active configuration on the router, use the following Junos OS CLI operational mode command:

Sample Output

Meaning

The sample output shows the configuration currently running on the router, which is the last committed configuration.

Log the Interfaces on the Router

Action

To log the interfaces on the router, use the following Junos OS CLI operational mode command:

Sample Output

Meaning

The sample output displays summary information about the physical and logical interfaces on the router.

Log the BGP, IS-IS, and OSPF Adjacency Information

Purpose

The following commands log useful information about Border Gateway Protocol (BGP), Intermediate System-to-Intermediate System (IS-IS), and Open Shortest Path First (OSPF) protocols. If you have other protocols installed, such as Multiprotocol Label Switching (MPLS), Resource Reservation Protocol (RSVP), or Protocol Independent Multicast (PIM), you also might log summary information for them.

Action

To log the protocol peer information, use the following Junos OS CLI operational mode commands:

Sample Output 1

Sample Output 2

Sample Output 3

Meaning

Sample output 1 displays summary information about BGP and its neighbors. Sample output 2 displays information about IS-IS neighbors. Sample output 3 displays information about all OSPF neighbors.

Log the System Storage Information

Action

To log the system storage statistics for the amount of free disk space in the router’s file system, use the following Junos OS CLI operational mode command:

Sample Output

user@host> show system storage | save test

Meaning

The sample output displays statistics about the amount of free disk space in the router’s file system. Values are displayed in 1024-byte (1-KB) blocks.

Validating the Configuration Image Before Upgrading or Downgrading the Software

If you upgrade or downgrade the Junos OS image on a switch that supports configuration image validation (see Feature Explorer for feature support per EX Series switch), the system validates that the existing configuration is compatible with the new image before the actual upgrade or downgrade commences.

Benefits of image validation—If validation fails, the new image is not loaded, and an error message provides information about the failure. If you upgrade or downgrade the software on a system that does not support validation, configuration incompatibilities between the existing and new image or insufficient memory to load the new image might cause the system to lose its current configuration or go offline.

Here are some validation guidelines to keep in mind:

  • Validation is set to on by default. You do not need to configure it or issue any command to start it on a switch that supports image validation. You can disable validation (the procedure is given below) and then re-enable it.

  • Validation slows down the upgrade or downgrade process by as much as 7 minutes.

  • Image validation is supported only on the jinstall package.

  • If you invoke validation from an image that does not support validation, the new image is loaded but validation does not occur.

  • Validation does not work in a downgrade to an image that does not support validation if your system is configured for graceful routing switchover (GRES) or if you run image loading without nonstop software upgrade (NSSU). See the procedure below for steps to use validation in this type of scenario.

To disable validation, re-enable or invoke validation manually, or use validation when downgrading to an image that does not support it:

  • To disable validation, issue request system software add image-name reboot no-validate command.
  • To re-enable or invoke validation manually, choose one of the following methods:
  • To use validation when downgrading to an image that does not support it, choose one of the following methods:
    • Remove the graceful-switchover configuration and then issue the request system software add image-name reboot command.

    • Use NSSU by issuing the request system software nonstop-upgrade image-name command.

Ensuring Sufficient Disk Space for Junos OS Upgrades on SRX Devices

Before you begin upgrading Junos OS on an SRX Series device, perform the following tasks:

Verifying Available Disk Space on SRX Series Devices

The amount of free disk space necessary to upgrade a device with a new version of Junos OS can vary from one release to another. Check the Junos OS software version you are installing to determine the free disk space requirements.

If the amount of free disk space on a device is insufficient for installing Junos OS, you might receive a warning similar to the following messages, that the /var filesystem is low on free disk space:

WARNING: The /var filesystem is low on free disk space.

WARNING: This package requires 1075136k free, but there is only 666502k available.

To determine the amount of free disk space on the device, issue the show system storage detail command. The command output displays statistics about the amount of free disk space in the device file systems.

A sample of the show system storage detail command output is shown below:

user> show system storage detail

Cleaning Up the System File Storage Space

When the system file storage space on the device is full, rebooting the device does not solve the problem. The following error message is displayed during a typical operation on the device after the file storage space is full.

You can clean up the file storage on the device by deleting system files using the request system storage cleanup command as shown in following procedure:

  1. Request to delete system files on the device.

    The list of files to be deleted is displayed.

  2. Enter the option yes to proceed with deleting of the files.

Verifying Junos OS and Boot Loader Software Versions on an EX Series Switch

Before or after upgrading or downgrading Junos OS, you might need to verify the Junos OS version. You might also need to verify the boot loader software version if you are upgrading to or downgrading from a release that supports resilient dual-root partitions (Junos OS Release 10.4R3 and later).

This topic includes:

Verifying the Number of Partitions and File System Mountings

Purpose

Between Junos OS Release 10.4R2 and Release 10.4R3, upgrades were made to further increase resiliency of root partitions, which required reformatting the disk from three partitions to four partitions. If your switch is running Release 10.4R2 or earlier, it has three partitions, and if it is running Release 10.4R3 or later, it has four partitions.

Action

Verify how many partitions the disk has, as well as where each file system is mounted, by using the following command:

user@switch> show system storage

Meaning

The presence of the partition name containing s4d indicates that there is a fourth slice. If this were a three-slice partition scheme, in place of s1a, s3e, s3d, and s4d, you would see s1a, s1f, s2a, s2f, s3d, and s3e, and you would not see s4d.

Verifying the Loader Software Version

Purpose

For the special case of upgrading from Junos OS Release 10.4R2 or earlier to Release 10.4R3 or later, you must upgrade the loader software.

Action

For EX Series switches except EX8200 switches:

user@switch> show chassis firmware

For EX8200 switches:

user@switch> show chassis firmware

Meaning

For EX Series switches other than EX8200 switches, with Junos OS Release 10.4R3 or later installed:

  • If there is version information following the timestamp for U-Boot (1.0.0 in the preceding example), then the loader software does not require upgrading.

  • If there is no version number following the timestamp for U-boot, then the loader software requires upgrading.

Note

If the software version is Release 10.4R2 or earlier, no version number is displayed following the timestamp for U-boot, regardless of the loader software version installed. If you do not know whether you have installed the new loader software, we recommend that you upgrade the loader software when you upgrade the software version.

For EX8200 switches, if the version number following the timestamp for U-Boot is earlier than 3.5.0, you must upgrade the loader software when you upgrade the software version.

Verifying Which Root Partition Is Active

Purpose

Switches running Release 10.4R3 or later have resilient dual-root partition functionality, which includes the ability to boot transparently from the inactive partition if the system fails to boot from the primary root partition.

You can verify which root partition is active using the following command:

Action

Meaning

The Currently booted from: field shows which root partition is active.

Verifying the Junos OS Version in Each Root Partition

Purpose

Each switch contains two root partitions. We recommend that you copy the same Junos OS version in each partition when you upgrade. In Junos OS Release 10.4R2 and earlier, you might choose to have different Junos OS release versions in each partition. You might have different versions during a software upgrade and before you have finished verifying the new software installation. To enable a smooth reboot if corruption is found in the primary root file system, ensure that the identical Junos OS images are in each root partition. For Release 10.4R2 and earlier, you must manually reboot the switch from the backup root partition. However, for Release 10.4R3 and later, the switch reboots automatically from the backup root partition if it fails to reboot from the active root partition.

Action

Verify whether both root partitions contain the same image by using the following command:

user@switch> show system snapshot media internal

Meaning

The command shows which Junos OS version is installed on each media partition. Verify that the same version is installed on both partitions.

Downloading Software

Downloading Software Using a Browser

You download the software package you need from the Juniper Networks Downloads page at https://support.juniper.net/support/downloads/.

Note

To access the download section, you must have a service contract and an access account. If you need help obtaining an account, complete the registration form at the Juniper Networks website: https://userregistration.juniper.net/entitlement/setupAccountInfo.do.

To download the software image:

  1. Using a Web browser, navigate to https://support.juniper.net/support/downloads/.

    The Download Results page appears.

  2. Find the software package that you want to download and click the item in the Downloads column.

    A login screen appears.

  3. Log in with your username and password.

  4. On the Download Software page that appears, the following options are available:

    • If you want to download the software on your local host, click the CLICK HERE link and save the file to your system. If you want to place the file on a remote system, you must make sure that the file can be accessible by the router, switch, or services gateway by using HTTP, FTP, or SCP. Proceed with the installation. See Downloading Software Using the Command-Line Interface for more details.

    • If you want to download the software on your device, use the following procedure to download and install the software on the device.

      1. Click Copy to copy the generated URL to the clipboard.

        Note

        The URL string generated remains active only for 15 minutes.

      2. Log in to your device.

      3. In operational mode, enter the file copy “URLdestination command.

        In the command, paste the copied URL string (for URL) and then enter /var/tmp (as the destination on your hard disk).

        Example:

        Note

        Ensure that the URL string is enclosed within quotation marks. Also ensure that there is sufficient free space available on the device.

        The software image is downloaded on your device.

      4. (Optional) Validate the software image by using the request system software validate package-name command.

        Example:

        For more details, see request system software validate.

      5. Install the software by using the request system software add package-name command.

        Example:

        Your software is installed on the device.

Downloading Software Using the Command-Line Interface

Download the software package you need from the Juniper Networks Downloads page athttps://support.juniper.net/support/downloads/, and place the package on a local system. You can then transfer the downloaded package to the device using either the router or switch command-line interface, or the local system command-line interface.

Note

To access the download section, you must have a service contract and an access account. If you need help obtaining an account, complete the registration form at the Juniper Networks website: https://userregistration.juniper.net/entitlement/setupAccountInfo.do.

Before you transfer the software package, ensure that the FTP service is enabled on the device.

Enable the FTP service using the set system services ftp command:

To transfer the software package using the device command-line interface:

  1. From the router or switch command line, initiate an FTP session with the local system (host) where the package is located by using the ftp command:

    host is the hostname or address of the local system.

  2. Log in with your customer support–supplied username and password:

    After your credentials are validated, the FTP session opens.

  3. Navigate to the software package location on the local system, and transfer the package by using the get command:

    Following is an example of an installation-package name: junos-install-mx-x86-32-17.3R1.10.tgz

  4. Close the FTP session by using the bye command:

To transfer the package by using the local system command-line interface:

  1. From the local system command line, initiate an FTP session with the device using the ftp command:

    host is the hostname or address of the router or switch.

  2. Log in with your customer support–supplied username and password:

    After your credentials are validated, the FTP session opens.

  3. Navigate to the software package location on the local system, and transfer the package by using the put command:

    Following is an example of an installation-package name: junos-install-mx-x86-32-17.3R1.10.tgz

  4. Close the FTP session by using the bye command:

Downloading Software Using Download Manager (SRX Series Only)

This download manager feature facilitates download of large files over low-bandwidth links. It enables you to download large Junos OS packages over low-bandwidth/flaky links so that the system can be upgraded. This feature allows you to download multiple files while monitoring their status and progress individually. It takes automatic action when required and displays status information when requested.

The download manager is supported on SRX300, SRX320, SRX340, and SRX345 devices.

Be aware of the following considerations when using the download manager:

  • When no download limit is specified for a specific download or for all downloads, a download uses all available network bandwidth.

  • Because the download limit that you set indicates an average bandwidth limit, it is possible that certain bursts might exceed the specified limit.

  • When a download from an HTTP server fails, the server returns an HTML page. Occasionally, the error page is not recognized as an error page and is downloaded in place of the Junos image file.

  • Remote server logins and passwords are stored by the download manager for the duration of a download. To encrypt these credentials provided along with the login keyword, define an encryption key with the request system set-encryption-key command. Any changes to encryption settings while download is in progress can cause the download to fail.

  • A download command issued on a particular node in a chassis cluster takes place only on that node and is not propagated to the other nodes in the cluster. Downloads on different nodes are completely independent of each other. In the event of a failover, a download continues only if the server remains reachable from the node from which the command was issued. If the server is no longer reachable on that node, the download stops and returns an error.

Note

The download manager supports only the FTP and HTTP protocols.

The download manager acts as a substitute for the FTP utility. You can use the download manager CLI commands for all the functions where you previously used the FTP utility.

Before you begin, you must have the following:

  • An FTP or HTTP server with a Junos OS image

  • A server that is reachable from the device being upgraded

To download the Junos OS image to your device:

  1. Use the request system download start command (set a bandwidth limit, if required). The file is saved to the /var/tmp directory on your device.

    You can continue to use the device while the download runs in the background.

  2. To verify that the file has been downloaded, use the show system download command. The command displays the state as "completed" when the downloaded file is ready to be installed.
  3. To install the downloaded image file from the /var/tmp directory, use the request system software add command.
  4. If you encounter any problem with a download, use the show system download id command to obtain details about the download.

Table 2 lists the output fields for the show system download command. Use this information to diagnose problems. Output fields are listed in the approximate order in which they appear.

Table 2: show system download Output Fields

Output Field

Description

Status

State of the download.

Creation Time

Time the start command was issued.

Scheduled Time

Time the download was scheduled to start.

Start Time

Time the download actually started (if it has already started).

Retry Time

Time for next retry (if the download is in the error state).

Error Count

Number of times an error was encountered by this download.

Retries Left

Number of times the system will retry the download automatically before stopping.

Most Recent Error

Message indicating the cause of the most recent error.

Reinstall Junos OS

Action

To reinstall Junos OS, follow these steps:

  1. Insert the removable medium (boot floppy) into the router.

  2. Reboot the router, either by power-cycling it or by issuing the request system reboot command from the CLI.

  3. At the following prompt, type y:

    The router copies the software from the removable medium onto your system, occasionally displaying status messages. This can take up to 10 minutes.

  4. Remove the removable medium when prompted.

    The router reboots from the primary boot device on which the software is installed. When the reboot is complete, the router displays the login prompt.

Reconfigure Junos OS

After you have reinstalled the software, you must copy the router’s configuration files back to the router. (You also can configure the router from scratch, as described in Junos System Basics Configuration Guide) However, before you can copy the configuration files, you must establish network connectivity.

To reconfigure the software, follow these steps:

  1. Configure Host Names, Domain Names, and IP Addresses

  2. Protecting Network Security by Configuring the Root Password

  3. Check Network Connectivity



Configure Host Names, Domain Names, and IP Addresses

To configure the machine name, domain name, and various addresses, follow these steps:

  1. Log in as root. There is no password.

  2. Start the CLI:

  3. Enter configuration mode:

  4. Configure the name of the machine. If the name includes spaces, enclose the entire name in quotation marks (" "):

  5. Configure the machine’s domain name:

  6. Configure the IP address and prefix length for the router’s management Ethernet interface:

  7. Configure the IP address of a default router. This system is called the backup router because it is used only while the routing protocol process is not running.

  8. Configure the IP address of a Domain Name Server (DNS) server:



Protecting Network Security by Configuring the Root Password

Configuring the root password on your Junos OS-enabled router helps prevent unauthorized users from making changes to your network. The root user (also referred to as superuser) has unrestricted access and full permissions within the system, so it is crucial to protect these functions by setting a strong password when setting up a new router.

After a new router is initially powered on, you log in as the user root with no password. Junos OS requires configuration of the root password before it accepts a commit operation. On a new device, the root password must always be a part of the configuration submitted with your initial commit.

To set the root password, you have a few options as shown in Step 1 of the following procedure.

  • Enter a plain-text password that Junos OS encrypts.

  • Enter a password that is already encrypted.

  • Enter a secure shell (ssh) public key string.

The most secure options of these three are using an already encrypted password or an ssh public key string. Pre-encrypting your password or using a ssh public key string means the plain-text version of your password will never be transferred over the internet, protecting it from being intercepted by a man-in-the-middle attack.

Best Practice

Optionally, instead of configuring the root password at the [edit system] hierarchy level, you can use a configuration group to strengthen security.

To set the root password:

  1. Use one of these methods to configure the root password:
    • To enter a plain-text password that the system encrypts for you:

      If you use a plain-text password, Junos OS displays the password as an encrypted string so that users viewing the configuration cannot see it. As you enter the password in plain text, Junos OS encrypts it immediately. You do not have to configure Junos OS to encrypt the password as in some other systems. Plain-text passwords are hidden and marked as ## SECRET-DATA in the configuration.

    • To enter a password that is already encrypted:

      Caution

      Do not use the encrypted-password option unless the password is already encrypted, and you are entering the encrypted version of the password.

      If you accidentally configure the encrypted-password option with a plain-text password or with blank quotation marks (" "), you will not be able to log in to the device as root, and you will need to complete the root password recovery process.

    • To enter an ssh public key string:

  2. If you used a configuration group, apply it with the command set apply-groups, replacing <group name> with the configuration group name.
  3. Commit the changes.


Check Network Connectivity

Purpose

Establish that the router has network connectivity.

Action

To check that the router has network connectivity, issue a ping command to a system on the network:

If there is no response, verify that there is a route to the address using the show route command. If the address is outside your fxp0 subnet, add a static route. Once the backup configuration is loaded and committed, the static route is no longer needed and should be deleted.