Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Documentation Updates


This section lists the errata and changes in Junos OS Release 15.1R7 documentation for the M Series, MX Series, and T Series.

Adaptive Services Interfaces Feature Guide for Routing Devices

  • In the topic “Inline 6rd and 6 to 4 Configuration Guidelines”, the next-to-last bullet should state:

    Bandwidth for traffic from the 6rd tunnel is limited by the available Packet Forwarding Engine bandwidth; bandwidth for traffic to the 6rd tunnel is limited by the internal VRF loopback bandwidth. SI-IFD loopback bandwidth configuration under the [edit chassis] hierarchy has no impact on the 6rd loopback bandwidth.

  • The “Configuring Secured Port Block Allocation”, “port”, and “secured-port-block-allocation” topics should include the following note:


    If you make any configuration changes to a NAT pool that has secured port block allocation configured, you must delete the existing NAT address pool, wait at least 5 seconds, and then configure a new NAT address pool. We also strongly recommend that you perform this procedure if you make any changes to the NAT pool configuration, even if you do not have secured port block allocation configured.

  • The descriptions in the “Options” section of the IPsec protocol statement at the [edit services ipsec-vpn ipsec proposal proposal-name] and [edit services ipsec-vpn rule rule-name term term-name then manual direction direction] hierarchy levels fail to state that the ah and bundle options are not supported on MS-MPCs and MS-MICs on MX Series routers.

Advanced Subscriber Management Provisioning Guide

  • The “Example: Configuring HTTP Redirect Services on the Routing Engine” topic shows an incorrectly formatted redirect URL, The correct format is

Broadband Subscriber Sessions Feature Guide

  • The “enhanced-policer” topic erroneously states that when you commit a configuration that includes this statement, the CLI displays a warning that FPCs must be restarted for it to take effect, and prompts you to proceed with a restart. No such warning or prompt is displayed; instead, a warning message is logged that states that the enhanced policer is enabled on FPCs only after they are restarted.

  • The following topics erroneously include information about the Ignore-DF-Bit VSA (26-70): “RADIUS Attributes and Juniper Networks VSAs Supported by the AAA Service Framework”, “Juniper Networks VSAs Supported by the AAA Service Framework”, and “AAA Access Messages and Supported RADIUS Attributes and Juniper Networks VSAs for Junos OS”. Junos OS does not support VSA 26-70.

    Some versions of the RADIUS dictionary file also erroneously list 26-70 as supported by the Junos OS.

  • The following topics indicate that you can configure an MX Series router to maintain a DHCP subscriber in the event the subscriber interface is deleted:

    • “Subscriber Binding Retention During Interface Delete Events”

    • “Configuring the Router to Maintain DHCP Subscribers During Interface Delete Events”

    • “Verifying and Managing the DHCP Maintain Subscribers Feature”

    • “interface-delete (Subscriber Management or DHCP Client Management)”

    • “maintain-subscriber”

    • “subscriber-management (Subscriber Management)”

    This feature is not supported on MX Series routers running Junos OS Release 15.1R4 or later with enhanced subscriber management enabled.

  • The Broadband Subscriber Sessions Feature Guide did not report the single session DHCP dual-stack feature, which enables the use of only a single session for authentication rather than the three sessions required for the traditional dual-stack configuration. See the description of this feature in New and Changed Features.

Broadband Subscriber VLANs and Interfaces Feature Guide

  • The “show subscribers” topic does not fully describe the vlan-id vlan-id option. This option displays information about active subscribers using a VLAN where the VLAN tag matches the specified VLAN ID. The topic fails to mention that these subscriber VLANs can be either single-tagged or double-tagged. The command output includes information about subscribers using double-tagged VLANs when the inner VLAN tag matches the specified VLAN ID. The command output does not distinguish between these two types of subscribers.

    To display only subscribers where the specified value matches only double-tagged VLANs, use the stacked-vlan-id stacked-vlan-id option to match the outer VLAN tag instead of the vlan-id vlan-id option.

High Availability Feature Guide

  • The following information belongs in the “Nonstop Active Routing Concepts” topic:

    If you have NSR configured, it is never valid to issue the restart routing command in any form on the NSR master Routing Engine. Doing so results in a loss of protocol adjacencies and neighbors and a drop in traffic.

  • The following information belongs in the “Configuring Nonstop Active Routing” topic:

    If the routing protocol process (rpd) on the NSR master Routing Engine crashes, the master Routing Engine simply restarts rpd (with no Routing Engine switchover), which impacts routing protocol adjacencies and neighbors and results in traffic loss. To prevent this negative impact on traffic flow, configure the switchover-on-routing-crash statement at the [edit system] hierarchy level. This configuration forces an NSR Routing Engine switchover if rpd on the master Routing Engine crashes.

  • The "Nonstop Active Routing System Requirements" topic should include the inet-mvpn and inet6-mvpn protocol families for BGP in the list of supported family types. The topic previously documented that NSR supports next-generation MVPN starting with Junos OS 14.1R1, but didn't include the specific names of the next-generation MVPN protocol families in the list.

  • The topic “Improving the Convergence Time for VRRP” failed to include the following information:

    • Disable duplication address detection for IPv6 interfaces—Duplicate address detection is a feature of the Neighbor Discovery Protocol for IPv6. Duplicate address detection is enabled by default and determines whether an address is already in use by another node. When duplicate address detection is enabled, convergence time is high after an IPv6 interface that has been configured for VRRP tracking comes up. To disable duplicate address detection, include the ipv6-duplicate-addr-translation transmits 0 statement at the [edit system internet-options] hierarchy level. To disable duplicate address detection only for a specific interface, include the dad-disable statement at the [edit interfaces interface-name unit logical-unit-number family inet6] hierarchy level.

IPv6 Neighbor Discovery Feature Guide for Routing Devices

  • The Secure Neighbor Discovery Guide for Routing Devices is merged with the IPv6 Neighbor Discovery Feature Guide for Routing Devices. We have consolidated these guides and restructured the content in a linear format. The new seamless guide provides related information in a single location for easy navigation and faster access.

    [See IPv6 Neighbor Discovery Feature Guide for Routing Devices.]

  • The “NDP Cache Protection Overview,” “Configuring NDP Cache Protection,” “Example: Configuring NDP Cache Protection to Prevent Denial-of-Service Attacks,” and “nd-system-cache-limit” topics failed to include the EX Series, M Series, PTX Series, and T Series as supported platforms. These platforms, as well as the MX series, are all supported.

Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices

  • The Options section for the flow-export-rate statement under the hierarchy [edit forwarding-options sampling instance instance-name family inet output inline-jlow] did not include the default value. The default value is:

    Default: 1 for each Packet Forwarding Engine on the FPC to which the sampling instance is applied.

  • The following topics fail to state that for passive monitoring on MX Series routers with MPCs, the pop-all-labels statement at the [edit interfaces interface-name] hierarchy level pops all labels by default, and the required-depth statement is ignored.

    • “pop-all-labels”

    • “required-depth”

    • “Enabling Passive Flow Monitoring”

  • The “Configuring RPM Timestamping” topic failed to mention that RPM timestamping is also supported on the MS-MPCs and MS-MICs on MX Series routers.

  • The description for the max-packets-per-second, maximum-packet-length, and run-length statements at the [edit forwarding-options sampling instance instance-name input] hierarchy level failed to include the following:


    This statement is not supported when you configure inline flow monitoring (by including the inline-jflow statement at the [edit forwarding-options sampling instance instance-name family (inet | inet6) output] hierarchy level).

  • The default value for the ipv6-flow-table-size statement at the [edit chassis fpc slot-number inline-services ipv6 flow-table-size] hierarchy level should state the following:

    “If the number of units is not specified, 1024 flow entries are allocated for IPv6.”

  • The topics “Real-Time Performance Monitoring Services Overview” and “Configuring RPM Probes” failed to state that RPM is not supported on logical systems.

  • The following topics should state that the test-interval statement at the [edit services rpm probe owner test test-name] hierarchy level has a range from 0 through 86400 seconds, and that a value of 0 seconds causes the RPM test to stop after one iteration:

    • “Configuring RPM Probes”

    • “test-interval”

    • “Configuring BGP Neighbor Discovery Through RPM”

MPLS Applications Feature Guide for Routing Devices

  • The "Configuring Miscellaneous LDP Properties," "Configuring the Authentication Key Update Mechanism for BGP and LDP Routing Protocols," "authentication-key-chain (LDP)," and "authentication-key-chain (BGP and BMP)” topics should include the following information: You must also configure the authentication algorithm using the authentication-algorithm algorithm statement. This statement must be included at the [edit protocols (bgp | ldp)] hierarchy level when you configure the authentication-key-chain key-chain statement at the [edit protocols (bgp | ldp)] hierarchy level.

  • The "Path Computation for LSPs on an Overloaded Router" topic should state that when you set the overload bit on a router running IS-IS, only new LSPs are prevented from transiting through the router. Any existing Constrained Path Shortest First (CPSF) LSPs remain active and continue to transit through the router. The documentation incorrectly states that any existing LSPs transiting through the router are also rerouted when you configure the overload bit on an IS-IS router.

    The topic should also include the following information about bypass LSPs: When you set the overload bit on an IS-IS router, new and existing bypass LSPs are recalculated only when a different event triggers a path recalculation. For example, if you set the smart optimize timer with the smart-optimize-timer statement, the bypass LSP is re-routed away from the overloaded router only after the specified time elapses. Otherwise, the bypass LSP continues to transit the overloaded router.

Overview for Routing Devices

  • The "Configuring Automatic Mirroring of the CompactFlash Card on the Hard Disk Drive" and the "mirror-flash-on-disk" topics should not include support for MX5, MX10, and MX40 Universal Routing Platforms. On the MX Series, this feature is supported only on the MX104, MX240, MX480, MX960, MX2010, and MX2020 routers.

Release Notes

  • The release notes for the following Junos OS releases incorrectly included a new feature that reported support for VLAN demux interfaces on MS-DPCs:

    • 15.1R1 Release Notes

    • 15.1R2 Release Notes

    • 15.1R3 Release Notes

    • 15.1R4 Release Notes

    • 15.1R5 Release Notes

    VLAN demux interfaces are not supported on MS-DPCs in Junos OS Release 15.1R1 and later releases. VLAN demux interfaces in those releases require enhanced subscriber management. Enhanced subscriber management does not support MS-DPCs.

Routing Policies, Firewall Filters, and Traffic Policers Feature Guide for Routing Devices

  • The table in the “Firewall Filter Nonterminating Actions” topic failed to mention that we recommend that you do not use the nonterminating firewall filter action next-hop-group with the port-mirror-instance or port-mirror action in the same firewall filter.

Security Services Administration Guide for Routing Devices

  • The “Distributed Denial-of-Service (DDoS) Protection Overview” topic for Routing Devices has been updated to describe the built-in login overload protection mechanism that is available on MX Series routers.

    The login overload protection mechanism (also called a load-throttling mechanism) monitors the incoming subscriber login packets and admits only what the system is capable of handling in accordance with the prevailing load on the system. Packets in excess of what the system can handle are discarded. By shedding this excess load, the system is able to maintain optimal performance and prevent any degradation of login-completion rate under overload conditions. This mechanism uses minimal resources and is enabled by default; no user configuration is required.

    The protection provided by this mechanism is secondary to what distributed denial-of-service (DDoS) protection provides as a first level of defense against high rates of incoming packets. DDoS protection operates on the Packet Forwarding Engine and protects against all packet types of all protocols. In contrast, the login overload protection mechanism is located on the Routing Engine and specifically operates only on incoming connection-initiation packets such as DHCPv4 DHCPDISCOVER, DHCPv6 SOLICIT, and PPPoE PADI packets.

Standards Reference

  • The Supported Network Management Standards topic incorrectly states that Junos OS supports mplsL3VpnIfConfTable as part of compliance with RFC 4382, MPLS/BGP Layer 3 Virtual Private Network (VPN) MIB. Junos OS does not support this table.

Subscriber Management Access Network Guide

  • The “Configuring a Pseudowire Subscriber Logical Interface Device” and “anchor-point (Pseudowire Subscriber Interfaces)” topics have been updated to state that you cannot dynamically change an anchor point that has active pseudowire devices stacked above it. Both topics describe the steps to follow when you must change such an anchor point.

  • The following topics have been updated to reflect a change in recommendation for use of the access-internal statement: “Access and Access-Internal Routes for Subscriber Management”, “Configuring Dynamic Access Routes for Subscriber Management”, “Access (Dynamic Access Routes)“, and “Access-internal (Dynamic Access-Internal Routes)”.

    Starting in Junos OS Release 15.1, we recommend that you use only access routes for framed route support. We recommend that you do not use access-internal routes. If the RADIUS Framed-Route attribute (22) or Framed-IPv6-Route attribute [99] does not specify the next-hop gateway—as is common—the variable representing the next-hop, $junos-framed-route-nexthop, is automatically resolved. If you configure the access-internal statement in the dynamic profile, it is ignored.

Subscriber Management Provisioning Guide

  • The topic “Configuring Address-Assignment Pool Linking" states that when you link multiple address-assignment pools, a secondary pool is used only when the primary address-assignment pool is fully allocated. However, once the router switches to a pool other than the primary, it continues using that pool even when addresses are available again in the primary pool.

  • Support for the packet-triggered subscribers and policy control rule base (PTSP) feature was discontinued starting in Junos OS Release 13.1R1, but this was not reflected in the documentation. Text exclusive to PTSP has been removed from the Broadband Subscriber Sessions Feature Guide. This includes all CLI topics and the following chapters:

    • “Configuring the PTSP Feature to Support Dynamic Subscribers”

    • “Configuring the PTSP Partition to Connect to the External Policy Manager”

    • “Configuring PTSP Services and Rules”

    • “Monitoring and Managing Packet-Triggered Subscribers”

    Topics for other features that refer to PTSP are updated to report the end of support.

  • The Broadband Subscriber Sessions Feature Guide did not report that you can suspend AAA accounting, establish a baseline of accounting statistics, and resume accounting. This feature was introduced in Junos OS Release 15.1R4.

    [See Suspending AAA Accounting and Baselining Accounting Statistics Overview.]

Tunnel and Encryption Services Interfaces

  • The topic “Configuring Tunnel Interfaces on MX Series Routers” incorrectly states that bandwidth rates of 20 gigabits per seconds and 40 gigabits per second require use of a 100-Gigabit Ethernet Modular Port Concentrator and 100-Gigabit CFP MIC. The MPC4E, MPC5E, and MPC6E also support 20 and 40 gigabits per second.

User Access and Authentication Guide for Routing Devices

  • The "Example: DHCP Complete Configuration" and "dchp" topics should not include support for the MX Series Universal Edge 3D Routers. This feature is supported only on the M Series and the T Series.

VPNs Library for Routing Devices

  • The “Routing Instances Overview” topic should include the following instance types: Ethernet VPN (EVPN) and Internet Multicast over MPLS. Use the Ethernet VPN instance type, which is supported on the MX Series only, to connect a group of dispersed customer sites using a Layer 2 virtual bridge. Use the Internet Multicast over MPLS instance type to provide support for ingress replication provider tunnels to carry IP multicast data between routers through an MPLS cloud, using MBGP or next-generation MVPN.

    To configure an EVPN instance type, include the evpn statement at the [edit routing-instances routing-instance-name instance-type] hierarchy level. To configure an Internet Multicast over MPLS instance type, include the mpls-internet-multicast statement at the [edit routing-instances routing-instance-name instance-type] hierarchy level.