Software Installation and Upgrade Overview (Junos OS)

A Juniper Networks device is delivered with Junos OS preinstalled. As new features and software fixes become available, you must upgrade your software to use them. Before the upgrade, back up the configuration files.

Software Installation and Upgrade Overview (Junos OS)

A Juniper Networks device is delivered with Junos OS preinstalled. When you power on the device, it starts (boots) using the installed software. As new features and software fixes become available, you must upgrade your software to use them.

You upgrade (or downgrade) the version of the operating system on a device by copying a software installation package to your device or other system on your local network and then using the CLI to install the new software on the device. You then reboot the device, which boots from the newly installed software.

Before installing software, back up the system, select the software installation package you require, and download it from the Juniper Networks downloads page. If you encounter any difficulties during software installation, you can use the recovery installation procedure to install the operating system on the device. After a successful upgrade, back up the new existing configuration to a secondary device.

The first step is to determine which version of software to upgrade to. For more information about software versions, see Junos Software Versions - Suggested Releases to Consider and Evaluate.

Note:

Before installing software on a device that has one or more custom YANG data models added to it, back up and remove the configuration data corresponding to the custom YANG data models from the active configuration. For more information see Managing YANG Packages and Configurations During a Software Upgrade or Downgrade.

To understand more about Junos OS Software Licensing, see the Juniper Licensing Guide. Please refer to the product Data Sheets accessible from Products & Services for details, or contact your Juniper Account Team or Juniper Partner.

For features on EX Series Switches that require license, see Understanding Software Licenses for EX Series Switches
For features on M Series Routers that require license, see Software Features That Require Licenses on M Series Routers Only
For features on M Series, MX Series, and T Series Routers that require license, see Software Features That Require Licenses on M Series, MX Series, and T Series Routers
For features on MX Series Routers that require license, see Software Features That Require Licenses on MX Series Routers Only
For features on QFX Series Switches that require license, see Software Features That Require Licenses on the QFX Series.
For features on SRX Series Firewalls that require license, see Software Feature Licenses for SRX Series Devices.

The following subsections introduce the overall considerations in installing the software:

Types of Junos OS Installation
Backing Up the Current System’s Files
Determining Software Installation Package
Connecting to the Console
Validating the Installation Package with the Current Configuration
Dual-Root and Single-Root Partitioning (SRX Series Only)

Types of Junos OS Installation

The three types of installations used to upgrade or downgrade your device are standard installation, category change, and recovery. The standard installation is the standard method of upgrading and downgrading the software. Use a category change installation when you are moving from one software category to another; for example, if you are changing the device from using the standard Junos OS to the Junos-FIPS category. Perform a recovery installation when the software on the device is damaged or otherwise unable to accommodate a software upgrade or downgrade.

`Standard Installation`	A standard installation is the typical method used to upgrade or downgrade software on the server. This method uses the installation package that matches the installation package already installed on the system. For information on the different installation packages available, see Junos OS Installation Package Names.
`Category Change Installation`	The category change installation process is used to move from one category of Junos OS to another on the same router; for example, moving from a Junos OS standard installation on a router to a Junos-FIPS installation. When moving from one installation category to another, you need to be aware of the restrictions regarding this change. Note: Juniper Networks does not support using the `request system software rollback` command to restore a different installation category on the device. When installing a different Junos OS category on a device, once the installation is complete, you should execute a `request system snapshot` command to delete the backup installation from the system.
`Recovery Installation`	A recovery installation is performed to repair a device with damaged software or a condition that prevents the upgrade, downgrade, or change in installation category of the software.

Backing Up the Current System’s Files

Creating a backup of the current system on your device has the following advantages:

The device can boot from a backup and come back online in case of failure or corruption of the primary boot device in the event of power failure during an upgrade.
Your active configuration files and log files are retained.
The device can recover from a known, stable environment in case of an unsuccessful upgrade.

During a successful upgrade, the upgrade package completely reinstalls the existing operating system. It retains only the juniper.conf and SSH files. Other information is removed. Therefore, you should back up your existing configuration in case you need to return to it after running the installation program.

You can create copies of the software running on a device using the system snapshot feature. The system snapshot feature takes a “snapshot” of the files currently used to run the device—the complete contents of the /config and /var directories, which include the running software, the active configuration, and the rescue configuration—and copies all of these files into an alternate (internal, meaning internal flash, or an external, meaning USB flash) memory source. You can then use this snapshot to boot the device at the next boot up or as a backup boot option. When the backup is completed, the existing and backup software installations are identical.

Note:

Snapshots taken with the request system snapshot command in a Junos OS with upgraded FreeBSD system are not the same as those snapshots taken with the request system snapshot command in a Junos OS (as in legacy Junos OS) system. To back up your Junos OS with upgraded FreeBSD system devices, use the request system snapshot recovery command.

When the correct snapshot command is issued, the /root file system is backed up to /altroot, and /config is backed up to /altconfig. The /root and /config file systems are on the devices’s CompactFlash card, and the /altroot and /altconfig file systems are on the devices’s hard disk or or solid-state drive (SSD).

Determining Software Installation Package

All software releases are delivered in signed packages that contain digital signatures to ensure official Juniper Networks software. To see which software packages are currently running on the device and to get information about these packages, use the show version operational mode command at the top level of the command-line interface (CLI).

Note:

The show version command does not show the software edition installed, only the release number of the software.

You can either download software to the /var/tmp directory of your device, or install it directly from the downloads page.

For more information about signed software packages, see the Junos OS Installation Package Names.

Connecting to the Console

We recommend that you upgrade all individual software packages using an out-of-band connection from the console or management Ethernet interface, because in-band connections can be lost during the upgrade process.

Console ports allow root access to the Junos operating system (Junos OS) devices through a terminal or laptop interface, regardless of the state of the Junos OS device, unless it is completely powered off. By connecting to the console port, you can access the root level of the Junos OS device without using the network to which the device might or might not be connected. This creates a secondary path to the Junos OS device without relying on the network.

Using the terminal interface provides a technician sitting in a Network Operations Center a long distance away the ability to restore a Junos OS device or perform an initialization configuration securely, using a modem, even if the primary network has failed. Without a connection to the console port, a technician would have to visit the site to perform repairs or initialization. A remote connection to the Junos OS device through a modem requires the cable and connector (provided in the device accessory box), plus a DB-9 to DB-25 (or similar) adapter for your modem, which you must purchase separately. For more information about connecting to the console port, see the administration guide for your particular device.

To configure the device initially, you must connect a terminal or laptop computer to the device through the console port, as shown in Figure 1.

Figure 1: Connecting to the Console Port on a Juniper Networks Device

Validating the Installation Package with the Current Configuration

When you upgrade or downgrade software, we recommend that you include the validate option with the request system software add command to check that the candidate software is compatible with the current configuration. By default, when you add a package with a different release number, the validation check is done automatically.

Direct validation of the running configuration does not work for upgrading to Junos OS with upgraded FreeBSD from Junos OS based on older versions of the FreeBSD kernel. Therefore, when upgrading or downgrading between Junos OS and Junos OS with upgraded FreeBSD, you might have to validate on a different host.

If you do not want to validate when upgrading, you must specify the no-validate option.

Dual-Root and Single-Root Partitioning (SRX Series Only)

SRX Series Firewalls that ship from the factory with Junos OS Release 10.0 or later are formatted with the dual-root partitioning scheme.

Note:

Junos OS Release 12.1X45 and later do not support single-root partitioning.

Note:

SRX100, SRX110, SRX210, SRX220, and SRX240 devices with 2 GB RAM cannot be upgraded to any Junos OS 12.1X46 Release after 12.1X46-D65. Attempting to upgrade to this release on devices with 2 GB RAM will trigger the following error: ERROR: Unsupported platform for 12.1X46 releases after 12.1X46-D65

Existing SRX Series Firewalls that are running Junos OS Release 9.6 or earlier use the single-root partitioning scheme. While upgrading these devices to Junos OS Release 10.0 or later, you can choose to format the storage media with dual-root partitioning (strongly recommended) or retain the existing single-root partitioning.

Certain Junos OS upgrade methods format the internal media before installation, whereas other methods do not. To install Junos OS Release 10.0 or later with the dual-root partitioning scheme, you must use an upgrade method that formats the internal media before installation.

Note:

If you are upgrading to Junos OS Release 10.0 without transitioning to dual-root partitioning, use the conventional CLI and J-Web user interface installation methods.

These upgrade methods format the internal media before installation:

Installation from the boot loader using a TFTP server
Installation from the boot loader using a USB storage device
Installation from the CLI using the partition option (available in Junos OS Release 10.0)
Installation using the J-Web user interface

These upgrade methods retain the existing partitioning scheme:

Installation using the CLI
Installation using the J-Web user interface

CAUTION:

Upgrade methods that format the internal media before installation wipe out the existing contents of the media. Only the current configuration is preserved. Any important data must be backed up before starting the process.

Note:

Once the media has been formatted with the dual-root partitioning scheme, you can use conventional CLI or J-Web user interface installation methods, which retain the existing partitioning and contents of the media, for subsequent upgrades.

Junos OS Installation Package Names

The installation package is used to upgrade or downgrade from one release to another. When installed, the installation package completely reinstalls the software, rebuilds the Junos OS file system, and can erase system logs and other auxiliary information from the previous installation. The installation package does, however, retain the configuration files from the previous installation.

A Junos OS installation package can have one of the following general patterns:

prefix-platform-product-architecture-application-binary-interface-release-edition.extension (for installing with the request system software add command)
prefix-media-media-keyword-platform-architecture-application-binary-interface-release-edition.extension (for images installed from the USB drive or the loader prompt)
prefix-flex-release-edition.extension (for enhanced automation variants of Junos OS)

Table 1: Descriptions of Junos OS Package Name Fields
Field Name	Description
`prefix`	Package name prefix. Different products use different prefixes. These prefixes are explained later in this chapter.
host	Host is included in the package name when the platform is Linux based; this prefix indicates the image includes the host software as well as Junos OS.
media `media-keyword`	A media keyword is included in the package name when the software image cannot be installed using the `request system software add` command. Values for the media keyword include the following: `usb` for images you install from a USB drive `net` for images you install from the loader prompt
`platform`	(Optional) Name of the product series, such as `mx` or `ptx`.
`product`	(Optional) Model number or product variant, such as `5e` for the QFX Series switches.
`architecture`	(Optional) CPU architecture of the platform. For example, `x86` for Intel CPUs or `arm` for Advanced RISC Machines CPUs.
`application-binary-interface`	(Included when `architecture` is part of the name.) Indicates the “word length” of the CPU architecture. Values include 32 for 32-bit architectures and 64 for 64-bit architectures.
`release`	Release number. The format of the release number is explained later in this chapter.
`edition`	Edition of the software package. Software editions are explained later in this chapter.

The software is delivered in signed packages that contain digital signatures, Secure Hash Algorithm (SHA-1), and Message Digest 5 (MD5) checksums. A package is installed only if the checksum within it matches the hash recorded in its corresponding file. Which checksum is used depends on the software version:

Digital signatures are used when you upgrade or downgrade between Junos OS Release 7.0 and a later version.
The SHA-1 checksum is used when you upgrade or downgrade between Junos OS Release 6.4 and a later version.
The MD5 checksum is used when you upgrade or downgrade between Junos OS Release 6.3 or earlier and a later version.

Starting in 2015, the word signed appears less frequently after the edition in the filename. But you might still see it in software installation packages. Whether signed appears or not, all Junos OS images from Junos OS Release 15.1 on are signed for validation.

Extensions are tgz, gz, img, iso, etc.

Junos OS Installation Packages Prefixes
Junos OS Release Numbers
Junos OS Editions

Junos OS Installation Packages Prefixes

The first part of the installation package filename is a combination of a standard prefix and product designation. Table 2 lists a variety of Junos OS package name prefixes.

Starting in Junos OS Release 15.1, certain hardware platforms run a Junos OS based on an upgraded FreeBSD kernel, greater than FreeBSD 10.x (hereafter called Junos OS with upgraded FreeBSD). Table 2 also indicates the prefixes used for the different platforms running Junos OS with upgraded FreesBSD. For more information about upgrading or downgrading to Junos OS with upgraded FreeBSD, see Upgrading and Downgrading to Junos with Upgraded FreeBSD.

Except where indicated in the table, you install these packages using the request system software add CLI command.

Table 2: Installation Package Prefixes
Installation Package Prefix	Description
jinstall*	Junos OS for M Series, MX Series, T Series, TX Matrix, and TX Matrix Plus routers.
jinstall64*	64-bit Junos OS for the JCS1200 Route Reflector, TX Matrix Plus routers with 3D SIBs, and PTX Series Packet Transport Routers.
jinstall-ex*	Junos OS for the EX Series Ethernet Switch portfolio.
jinstall-host-acx5k*	Junos OS with upgraded FreeBSD for the ACX5000 Series routers, which are Linux based; this prefix indicates the image includes the host as well as Junos OS. For example, jinstall-host-acx5k-17.2R1.13-signed.tgz.
jinstall-host-ex*	Junos OS with upgraded FreeBSD for EX4600, which is Linux based; this prefix indicates the image includes the host as well as Junos OS. For example, jinstall-host-ex-4600-17.2R1.13-signed.tgz.
jinstall-host-nfx-2*	Junos OS with upgraded FreeBSD for NFX2xx platforms that are Linux based; this prefix indicates the image includes the host software and Junos OS. For example, jinstall-host-nfx-2-flex-x86-32-17.2R1.13-secure-signed.tgz. See Junos OS Releases Supported on NFX Series Hardware for a list of which platforms use the nfx-2 package.
jinstall-host-nfx-3*	Junos OS with upgraded FreeBSD for NFX platforms that are Linux based; this prefix indicates the image includes the host software and Junos OS. For example, jinstall-host-nfx-3-x86-64-22.4R1.10-secure-signed.tgz. See Junos OS Releases Supported on NFX Series Hardware for a list of which platforms use the nfx-3 package.
jinstall-host-ocx*	Junos OS with upgraded FreeBSD for OCX platforms that are Linux based; this prefix indicates the image includes the host software as well as Junos OS.
jinstall-host-ptx*	Junos OS with upgraded FreeBSD for PTX platforms that are Linux based; this prefix indicates the image includes the host software as well as Junos OS.
jinstall-host-qfx*	Junos OS with upgraded FreeBSD for QFX platforms that are Linux based; this prefix indicates the image includes the host software as well as Junos OS. For example, jinstall-host-qfx-5e-x86-64-17.2R1.13.tgz.tgz is a package name for Junos OS on the QFX5100.
jinstall-ocx-flex*	OCX Series switches.
jinstall-ppc*	Junos OS for the ACX Series, MX5, MX10, MX40, MX80, and MX104 routers.
junos-arm*	Junos OS with Upgraded FreeBSD for EX2300 and EX3400 switches. For example, junos-arm-32-15.1X53-D50.2.tgz.
junos-arm-media-`media-keyword`*	Junos OS with Upgraded FreeBSD for EX2300 and EX3400 switches. You install these images using a method other than the `request system software add` command at the CLI prompt, such as installing from a USB drive or a loader prompt. The media keyword can be one of the following: `usb` for images you install from a USB drive `net` for images you install from the loader prompt For example, junos-install-media-usb-arm-32-15.1X53-D50.2.img or junos-install-media-net-arm-32-15.1X53-D50.2.tgz.
junos-install*	Junos OS with upgraded FreeBSD for EX4100, EX9200, and MX Series routers and SRX Series Firewalls that support Junos OS with upgraded FreeBSD. For example, junos-install-ex-arm-64-22.2R1.3.tgz for EX4100, junos-install-ex92xx-x86-64-17.2R1.13.tgz for EX9200, junos-install-mx-x86-32-15.1R1.9.tgz for MX Series routers, and junos-install-srx5000-x86-64-17.3R1.9.tgz for SRX5400, SRX5600, or SRX5800.
junos-install-media-`media-keyword`*	Junos OS with upgraded FreeBSD for EX4100, EX9200, and MX Series routers and SRX Series Firewalls that support Junos OS with upgraded FreeBSD. You install these images using a method other than the `request system software add` command at the CLI prompt, such as installing from a USB drive or a loader prompt. The media keyword can be one of the following: `usb` for images you install from a USB drive `net` for images you install from the loader prompt `pxe` for images you install using the Preboot Execution Environment (PXE) on the SRX1500, SRX4600, SRX5400, SRX5600, and SRX5800 For example, junos-install-media-usb-mx-x86-32-15.1R1.9.tgz for an MX Series router, junos-install-media-usb-ex-arm-64-22.2R1.3.tgz for EX4100, junos-install-media-usb-ex92xx-17.2R1.13.img.gz for EX9200, and junos-install-media-usb-srx5000-x86-64-17.3R1.9.img.gz for SRX5400, SRX5600, and SRX5800.
junos-srx1k3k*	Junos OS for SRX1400, SRX3400 and SRX3600.
junos-srx5000*	Junos OS for SRX5400, SRX5600, and SRX5800.
junos-srxentedge*	Junos OS for SRX1500.
junos-srxhe-x86*	Junos OS for SRX4600.
junos-srxmr*	Junos OS for SRX4100 and SRX4200.
junos-srxsme*	Junos OS for SRX300, SRX320, SRX340, SRX345, SRX380, and SRX550M.
junos-vmhost-install*	Junos OS with upgraded FreeBSD for devices that use VM Host. You use the `request vmhost software add` CLI command to install these images. For more information about VM Host installation, see Installing, Upgrading, Backing Up, and Recovery of VM Host.
junos-vmhost-install-media-`media-keyword`*	Junos OS with upgraded FreeBSD for devices that use VM Host. You install these images using the Preboot Execution Environment (PXE) boot server or the USB drive, and not the `request vmhost software add` CLI command. The media keyword can be one of the following: `usb` for images you install from a USB drive `net` for images you install from the Preboot Execution Environment (PXE) boot server For more information about this installation method, see Copying VM Host Installation Package to the PXE Boot Server or Creating an Emergency Boot Device for Routing Engines with VM Host Support.

Junos OS Release Numbers

The release number represents a particular revision of the software that runs on a Juniper Networks routing platform, for example, Junos OS Release 14.1,14.2, 15.1, or 17.1. Each release has certain new features that complement the software processes that support Internet routing protocols, control the device’s interfaces and the device chassis itself, and allow device system management. On the Juniper Networks Support web page, you download software for a particular release number.

In this example, we dissect the format of the software release number to show what it indicates. The generalized format is as follows:

Given the format of

m.nZb.s

The software release number 17.2R1.13, for example, maps to this format as follows:

m is the main release number of the product, for example, 17.
n is the minor release number of the product, for example, 2.
Z is the type of software release, for example, R for FRS or maintenance release.

For types of software releases, see Table 3.
b is the build number of the product, for example, 1, indicating the FRS rather than a maintenance release..
s is the spin number of the product, for example, 13.

Table 3: Software Release Types
Release Type	Description
R	First revenue ship (FRS) or maintenance release software. R1 is FRS. R2 onward are maintenance releases.
F	Feature velocity release. Feature velocity releases are only in Junos OS Release 15.1.
B	Beta release software.
I	Internal release software. These are private software releases for verifying fixes.
S	Service release software, which are released to customers to solve a specific problem—this release will be maintained along with the life span of the underlying release. The service release number is added after the R number, for example, 14.2R3-S4.4. Here S4 represents the 4th service release on top of 14.2R3 and is the 4th re-spin.
X	Special (eXception) release software. X releases follow a numbering system that differs from the standard release numbering. Starting with Junos OS Release 12.1X44-D10, SRX Series Firewalls follow a special naming convention for Junos OS releases. For more information, refer to the Knowledge Base article KB30092 at https://kb.juniper.net/InfoCenter/index?page=home.

Note:

Prior to Junos OS Release 11.4, the software release number format for service releases was same as other releases. For example, 10.4S4.2 represented the 4th service release and 2nd re-spin of 10.4.

Junos OS Editions

Editions show up in the installation package name after the release number string and before signed.

In releases earlier than Junos OS Release 15.1, installation packages came in several major software package categories or editions, such as domestic, worldwide, or Federal Information Processing Standard (FIPS). For those still using packages with names including these terms, here is what they indicate:

domestic—Junos OS for customers in the United States and Canada and for all other customers with a valid encryption agreement. This edition includes high-encryption capabilities such as IPsec and SSH for data leaving the router or switch. Later images use a null, or empty, edition field for this category.
limited—Junos OS for all other customers. This edition does not include any high-encryption capabilities for data leaving the router or switch. Sometimes referred to as the Export edition, starting in Junos OS Release 15.1R1, this category is is renamed to the limited edition.
fips—Junos OS that provides advanced network security for customers who need software tools to configure a network of Juniper Networks routers and switches in a Federal Information Processing Standards (FIPS) 140-2 environment. For more information about Junos-FIPS, see FIPS 140-2 Security Compliance. In later images, FIPS, instead of being a separate edition, is an option you select on installation.

Starting with Junos OS 15.1, a simplified edition scheme was started:

Junos OS with a null (empty) edition field is the standard image for Junos OS.
limited—Version has no cryptographic support and is intended for countries in the Eurasian Customs Union (EACU). These countries have import restrictions on software containing data-plane encryption.

Boot Sequence on Devices with Routing Engines (Junos OS)

Juniper Networks devices start using the installed Junos OS. Bootable copies of Junos OS are stored in various locations: the internal flash disk, the hard drive, the removable media. The following subsections discuss the order of locations checked for a valid bootable operating system.

Boot Order for Devices
Booting from an Alternate Boot Device

Boot Order for Devices

Information about the boot order for the various devices with Routing Engines is given in this section in alphabetical order of the device families.

Note:

For information about which Routing Engines are supported by each device, see https://www.juniper.net/documentation/en_US/release-independent/ junos/topics/reference/general/routing-engine-m-mx-t-series-support-by-chassis.html.

The ACX Series routers attempt to boot from the storage media in the following order:

USB storage media device
Dual, internal NAND flash device (first da0s1, then da0s2)

The router attempts to boot from the storage media in the following order:

MX80 routers attempt to boot from the storage media in the following order:

USB media emergency boot device
Dual, internal NAND flash device (first da0, then da1)

MX104 routers attempt to boot from the storage media in the following order:

USB storage media device
Internal NAND flash device (da0)

The M Series and MX Series with a Routing Engine that has a solid-state drive (SSD) attempt to boot from the storage media in the following order:

USB media emergency boot device (if present)
CompactFlash card
Solid-state drive (SSD) in the SSD slot 1 or SSD slot 2 (if present)

The M Series and MX Series (except for the MX80 routers and the MX104 routers) routers with a Routing Engine that has a hard disk attempt to boot from the storage media in the following order:

Removable media emergency boot device, such as a PC Card (if present)
CompactFlash card (if present)
Hard disk

The PTX Series Packet Transport Routers attempt to boot from the storage media in the following order:

USB media emergency boot device
CompactFlash card
Solid-state drive (SSD) in the Disk 1 slot (if present)
Storage media available on the LAN

The T Series and TX Matrix routers with a Routing Engine that has a hard disk attempt to boot from the storage media in the following order:

Removable media emergency boot device, such as a PC Card (if present)
CompactFlash card (if present)
Hard disk

The T Series routers with a Routing Engine that has a solid-state drive (SSD), and TX Matrix Plus routers attempt to boot from the storage media in the following order:

USB media emergency boot device
CompactFlash card (if present)
Solid-state drive (SSD) in the Disk 1 slot (if present)

Note:
The Disk 2 slot is not currently supported.
Storage media available on the LAN

Booting from an Alternate Boot Device

Note:

Do not insert an emergency boot device during normal operations. The router does not operate normally when it is booted from an emergency boot device.

If the router boots from an alternate boot device, Junos OS displays a message indicating this when you log in to the router. For example, the following message shows that the software booted from the hard disk (/dev/ad1s1a):

This situation results when the router detects a problem with the primary boot device—usually the CompactFlash card—that prevents it from booting, and consequently boots from the alternate boot device (the hard disk drive). When this happens, the primary boot device is removed from the list of candidate boot devices. The problem is usually a serious hardware error. We recommend you contact the Juniper Networks Technical Assistance Center (JTAC).

Note:

On MX104 routers, if the router boots from an alternate boot device, Junos OS does not display any message indicating this when you log in to the router.

When the router boots from the alternate boot device, the software and configuration are only as current as the most recent request system snapshot command. However, if the mirror-flash-on-disk command was enabled, then the hard disk drive contains a synchronized, mirror image of the compact flash drive and therefore the current software and configuration.

Change History Table

Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.

Release

Description

12.1X46

12.1X45-D10

Junos OS Release 12.1X45 and later do not support single-root partitioning

ON THIS PAGE

Software Installation and Upgrade Overview (Junos OS)