Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for ACX Series

 

These release notes accompany Junos OS Release 16.1R7 for the ACX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

New and Changed Features

This section describes the new features and enhancements to existing features in the Junos OS main release and the maintenance releases for ACX Series Universal Metro Routers.

Release 16.1R7 New and Changed Features

There are no new features or enhancements to existing features for ACX Series Universal Metro Routers in Junos OS Release 16.1R7.

Release 16.1R6 New and Changed Features

There are no new features or enhancements to existing features for ACX Series Universal Metro Routers in Junos OS Release 16.1R6.

Release 16.1R5 New and Changed Features

There are no new features or enhancements to existing features for ACX Series Universal Metro Routers in Junos OS Release 16.1R5.

Release 16.1R4 New and Changed Features

There are no new features or enhancements to existing features for ACX Series Universal Metro Routers in Junos OS Release 16.1R4.

Release 16.1R3 New and Changed Features

There are no new features or enhancements to existing features for ACX Series Universal Metro Routers in Junos OS Release 16.1R3.

Release 16.1R2 New and Changed Features

This section describes the new features or enhancements to existing features for ACX Series Universal Metro Routers in Junos OS Release 16.1R2.

Hardware

  • ACX4000 Universal Access Router—Starting in Junos OS Release 16.1R2, Junos OS supports the ACX4000 router. These routers enable a wide range of business and residential applications and services, including microwave cell site aggregation, MSO mobile backhaul service cell site deployment, and service provider or operator cell site deployment.

    The ACX4000 router supports use of either four RJ-45 ports or four Gigabit Ethernet SFP transceivers. The ACX4000 router contains two PoE ports and four ports that accept transceivers. The two ports labeled GE support Gigabit Ethernet SFP transceivers. The two ports labeled XE support Gigabit Ethernet SFP transceivers and 10-Gigabit Ethernet SFP+ transceivers. The router has two dedicated slots for MICs. [See the ACX4000 Universal Access Router MIC Guide]

Class of Service

  • Class of service for PPP and MLPPP interfaces (ACX Series)—Starting in Junos OS Release 16.1R2, ACX Series Universal Metro Routers support class-of-service (CoS) functionalities on PPP and MLPPP interfaces. Up to four forwarding classes and four queues are supported per logical interface for PPP and MLPPP packets.

    The following restrictions apply when you configure CoS on PPP and MLPPP interfaces on ACX Series routers:

    • For interfaces with PPP encapsulation, you can configure interfaces to support only the IPv4, Internet Protocol Control Protocol (IPCP), PPP Challenge Handshake Authentication Protocol (CHAP), and Password Authentication Protocol (PAP) applications.

    • Drop timeout is not supported.

    • Loss of traffic occurs during a change of scheduling configuration; you cannot modify scheduling attributes instantaneously.

    • Buffer size is calculated in terms of number of packets, with 256 bytes considered as the average packet size.

    • Only two loss priority levels, namely low and high, are supported.

  • Support for MLPPP encapsulation (ACX Series)—Starting in Junos OS Release 16.1R2, you configure multilink bundles as logical units or channels on the link services interface lsq-0/0/0. With MLPPP, multilink bundles are configured as logical units on lsq-0/0/0—for example, lsq-0/0/0.0 and lsq-0/0/0.1. After creating multilink bundles, you add constituent links to the bundle.

    MLPPP is supported on ACX1000, ACX2000, and ACX2100 routers, and with Channelized OC3/STM1 (Multi-Rate) MICs with SFP and 16-port Channelized E1/T1 Circuit Emulation MIC on ACX4000 routers. With multilink PPP bundles, you can use the PPP Challenge Handshake Authentication Protocol (CHAP) and Password Authentication Protocol (PAP) for secure transmission over the PPP interfaces.

    To configure MLPPP encapsulation, include the encapsulation multilink-ppp statement at the [edit interfaces lsq-fpc/pic/port unit logical-unit-number] hierarchy level. To aggregate T1 links into a an MLPPP bundle, include the bundle statement at the [edit interfaces t1-fpc/pic/port unit logical-unit-number family mlppp] hierarchy level.

  • Support for configuring the shared buffer size (ACX Series)—Starting in Junos OS Release 16.1R2, ACX Series Universal Metro Routers enable you to control the amount of shared packet buffer a given queue can consume. Using this feature, you can ensure that important queues have a higher chance of using the shared buffers than not so important queues. To achieve this, you can configure lower values for the shared-buffer maximum CLI statement for the not so important queues, and higher values for the shared-buffer maximum CLI statement for the important queues.

    You can explicitly configure the shared-buffer maximum CLI statement at the [edit class-of-service] hierarchy level.

    Note

    The default value for shared-buffer maximum is 66%.

Firewall Filters

  • Support for hierarchical policers (ACX Series)—Starting in Junos OS Release 16.1R2, ACX Series Universal Metro Routers support two-level ingress hierarchical policing. With single-level policers, you cannot administer the method used with which the committed information rate (CIR) and the excess information rate (EIR) values specified in the bandwidth profile are shared across different flows. For example, in a certain network deployment, you might want an equal or even distribution of CIR across the individual flows. In such a scenario, you cannot accomplish this requirement using single-level policers; you need to configure aggregate or hierarchical policers.

    Aggregate policers operate in peak, guarantee, and hybrid modes. You can configure an aggregate policer by including the aggregate-policer aggregate-policer-name statement at the [edit firewall policer policer-name if-exceeding] hierarchy level. You can specify the mode of the aggregate policer by including the aggregate-sharing-mode [guarantee | peak | hybrid] statement at the [edit firewall policer policer-name if-exceeding aggregate-policer aggregate-policer-name] hierarchy level.

  • Enhancement to support additional firewall filter match capabilities (ACX Series)—Starting in Junos OS Release 16.1R2, ACX Series router support additional match capabilities at the [edit firewall family ccc filter] and [edit firewall family inet filter] hierarchy levels.

    The existing firewalls do not support Layer 2, Layer 3, and Layer 4 fields at the [edit firewall family ccc filter] hierarchy level. With additional matching fields, ACX Series routers support all the available Layer 2, Layer 3, and Layer 4 fields on the user-to-network interface side (ethernet-ccc/vlan-ccc).

    At the [edit firewall family inet filter] hierarchy level, the fragment-flags match field has been removed to accommodate the following Layer 2 and Layer 3 fields (see Table 1):

    Table 1: Fields Added to the [edit firewall family inet filter] Hierarchy Level

    Field

    Description

    first-fragment

    Matches if packet is the first fragment

    is-fragment

    Matches if packet is a fragment

    The scale for inet and ccc in the firewall family filter has been reduced from 250 hardware entries to 122 hardware entries.

Interfaces and Chassis

  • Support for Channelized OC3/STM1 (Multi-Rate) Circuit Emulation MIC with SFP (ACX4000)—Starting in Junos OS Release 16.1R2, ACX4000 Universal Metro Routers support the Channelized OC3/STM1 (Multi-Rate) Circuit Emulation MIC with SFP (model number ACX-MIC-4COC3-1COC12CE).

    The key features supported are:

    • Structure-Agnostic TDM over Packet (SAToP)

    • Pseudowire Emulation Edge to Edge (PWE3) control word for use over an MPLS packet-switched network (PSN)

  • Support for 6-port Gigabit Ethernet Copper/SFP MIC (ACX4000)—Starting in Junos OS Release 16.1R2, ACX4000 Universal Metro Routers support the 6-port Gigabit Ethernet Copper/SFP MIC. The 6-port Gigabit Ethernet Copper/SFP MIC features six tri-speed (10/100/1000 Mbps) Ethernet ports. Each port can be configured to operate in either RJ–45 or SFP mode and can support PoE.

  • Support for chassis management (ACX4000)—Starting in Junos OS Release 16.1R2, ACX4000 Universal Metro Routers support the following CLI operational mode commands:

    Show commands:

    • show chassis alarms

    • show chassis craft-interface

    • show chassis environment

    • show chassis environment pem

    • show chassis fan

    • show chassis firmware

    • show chassis fpc pic-status

    • show chassis hardware (clei-models | detail | extensive | models)

    • show chassis mac-addresses

    • show chassis pic fpc-slot fpc-slot pic-slot pic slot

    • show chassis routing-engine

    Restart command:

    • restart chassis-control (gracefully | immediately | soft)

    Request commands:

    • request chassis feb restart slot slot-number

    • request chassis mic mic-slot mic-slot fpc-slot fpc-slot (offline | online)

    • request chassis pic offline fpc-slot fpc-slot pic-slot pic-slot

  • User-defined alarms (ACX Series)—Starting in Junos OS Release 16.1R2, on an ACX Series router, the alarm contact port (labeled ALARM) provides four user-defined input ports and two user-defined output ports. Whenever a system condition occurs—such as a rise in temperature, and depending on the configuration—the input or output port is activated.

    To view the alarm relay information, issue the show chassis craft-interface command from the Junos OS command-line interface.

  • Support for Ethernet synthetic loss measurement (ACX Series)—Starting in Junos OS Release 16.1R2, you can trigger on-demand and proactive Operations, Administration, and Maintenance (OAM) for measurement of statistical counter values corresponding to ingress and egress synthetic frames. Frame loss is calculated using synthetic frames instead of data traffic. These counters maintain a count of transmitted and received synthetic frames and frame loss between a pair of maintenance association end points (MEPs).

    The Junos OS implementation of Ethernet synthetic loss measurement (ETH-SLM) is fully compliant with ITU-T Recommendation Y.1731. Junos OS maintains various counters for ETH-SLM PDUs, which can be retrieved at any time for sessions that are initiated by a certain MEP. You can clear all the ETH-SLM statistics and PDU counters.

  • Support for Network Address Translation (ACX Series)—Starting in Junos OS Release 16.1R2, ACX Series Universal Metro Routers support Network Address Translation (NAT). NAT is a method for modifying or translating network address information in packet headers. Either or both source and destination addresses in a packet may be translated. NAT can include the translation of port numbers as well as IP addresses. ACX Series routers support only source NAT for IPv4 packets. Static and destination NAT types are currently not supported on the ACX Series routers.

    Note

    In ACX Series routers, NAT is supported only on the ACX1100 AC-powered router.

  • Support for inline service interface (ACX Series)—Starting in Junos OS Release 16.1R2, ACX Series Universal Metro Routers support the inline service interface. An inline service interface is a virtual physical interface that resides on the Packet Forwarding Engine. The si- interface makes it possible to provide NAT services without a special services PIC.

    To configure inline NAT, you define the service interface as type si- (service-inline) interface. You must also reserve adequate bandwidth for the inline interface. This enables you to configure both interface or next-hop service sets used for NAT.

    Note

    In ACX Series routers, you can configure only one inline services physical interface as an anchor interface for NAT sessions: si-0/0/0.

  • Support for IPsec (ACX Series)—Starting in Junos OS Release 16.1R2, you can configure IPsec on ACX Series Universal Metro Routers. The IPsec architecture provides a security suite for the IP version 4 (IPv4) network layer. The suite provides functionality such as authentication of origin, data integrity, confidentiality, replay protection, and nonrepudiation of source. In addition to IPsec, Junos OS also supports the Internet Key Exchange (IKE), which defines mechanisms for key generation and exchange, and manages security associations. IPsec also defines a security association and key management framework that can be used with any network layer protocol. The security association specifies what protection policy to apply to traffic between two IP-layer entities. IPsec provides secure tunnels between two peers.

    Note

    IPsec is supported only on the ACX1100 AC-powered router and is limited to 100 Mbps maximum throughput.

  • Support for ATM OAM F4 and F5 cells (ACX Series)—Starting in Junos OS Release 16.1R2, ACX Series routers provide Asynchronous Transfer Mode (ATM) support for the following Operations, Administration, and Maintenance (OAM) fault management cell types:

    • F4 alarm indication signal (AIS) (end-to-end)

    • F4 remote defect indication (RDI) (end-to-end)

    • F4 loopback (end-to-end)

    • F5 AIS

    • F5 RDI

    • F5 loopback

    ATM OAM is supported on ACX1000, ACX2000, and ACX2100 routers, and on 16-port Channelized E1/T1 Circuit Emulation MICs on ACX4000 routers.

    Junos OS supports the following methods of processing OAM cells that traverse through pseudowires with circuit cross-connect (CCC) encapsulation:

    • Virtual path (VP) pseudowires (CCC encapsulation)

    • Port pseudowires (CCC encapsulation)

    • Virtual circuit (VC) pseudowires (CCC encapsulation)

    For ATM pseudowires, the F4 flow cell is used to manage the virtual path (VP) level. On ACX Series routers with ATM pseudowires (CCC encapsulation), you can configure OAM F4 cell flows to identify and report virtual path connection (VPC) defects and failures. Junos OS supports three types of OAM F4 cells in end-to-end F4 flows:

    • Virtual path AIS

    • Virtual path RDI

    • Virtual path loopback

    For OAM F4 and F5 cells, IP termination is not supported. Also, Junos OS does not support segment F4 flows, VPC continuity check, or VP performance management functions.

    For OAM F4 cells, on each VP, you can configure an interval during which to transmit loopback cells by including the oam-period statement at the [edit interfaces interface-name atm-options vpi vpi-identifier] hierarchy level. To modify OAM liveness values on a VP, include the oam-liveness statement at the [edit interfaces interface-name atm-options vpi vpi-identifier] hierarchy level.

  • Support for CESoPSN on Channelized OC3/STM1 (Multi-Rate) Circuit Emulation MIC with SFP (ACX Series)—Starting in Junos OS Release 16.1R2, you can configure structure-aware TDM CESoPSN on the Channelized OC3/STM1 (Multi-Rate) Circuit Emulation MIC with SFP (model number: ACX-MIC-4COC3-1COC12CE) on ACX Series routers. This rate-selectable MIC can be configured as four OC3/STM1 ports or one OC12/STM4 port.

  • Support for Point-to-Point Protocol encapsulation (ACX Series)—Starting in Junos OS Release 16.1R2, you can configure Point-to-Point Protocol (PPP) encapsulation on physical interfaces on ACX Series routers. PPP provides a standard method for transporting multiprotocol datagrams over a point-to-point link. PPP uses the High-Speed Data Link Control (HDLC) protocol for its physical interface and provides a packet-oriented interface for the network-layer protocols.

    PPP is supported on the following MICs on ACX Series routers:

    • On ACX1000 routers with 8-port built-in T1/E1 TDM MICs.

    • On ACX2000 and ACX2100 routers with 16-port built-in T1/E1 TDM MICs.

    • On ACX4000 routers with 16-port Channelized E1/T1 Circuit Emulation MICs.

    On ACX Series routers, E1, T1, and NxDS0 interfaces support PPP encapsulation.

  • Support for Ethernet link aggregation (ACX Series)—Starting in Junos OS Release 16.1R2, ACX Series Universal Metro Routers support Ethernet link aggregation for Layer 2 bridging. Ethernet link aggregation is a mechanism for increasing the bandwidth of Ethernet links linearly and improving the links' resiliency by bundling or combining multiple full-duplex, same-speed, point-to-point Ethernet links into a single virtual link. The virtual link interface is referred to as a link aggregation group (LAG) or an aggregated Ethernet interface. The LAG balances traffic across the member links within an aggregated Ethernet interface and effectively increases the uplink bandwidth. Another advantage of link aggregation is increased availability because the LAG is composed of multiple member links. If one member link fails, the LAG continues to carry traffic over the remaining links.

  • 16-port Channelized E1/T1 Circuit Emulation MIC (ACX4000)—Starting in Junos OS Release 16.1R2, ACX4000 Universal Metro Routers support the 16-port Channelized E1/T1 Circuit Emulation MIC (model number ACX-MIC-16CHE1-T1-CE).

    The key features supported on this MIC are:

    • Structure-Agnostic TDM over Packet (SAToP)

    • ATM encapsulation—Only the following ATM encapsulations are supported on this MIC:

      • ATM CCC cell relay

      • ATM CCC VC multiplex

    • ATM pseudowires

    • ATM quality-of-service (QoS) features—traffic shaping, scheduling, and policing

    • ATM Operation, Administration, and Maintenance

    • ATM (IMA) protocol at the T1/E1 level with up to 16 IMA (Inverse Multiplexing for ATM) groups. Each group can have one to eight IMA links.

  • Support for PIM and IGMP in global domain (ACX Series)—Starting in Junos OS Release 16.1R2, ACX Series Universal Metro Routers support Protocol Independent Multicast (PIM) and Internet Group Management Protocol (IGMP) messages for multicast data delivery. ACX Series routers are used as a leaf in the multicast distribution tree so that subscribers in the global domain can directly connect to the ACX Series routers through IPv4 interfaces. ACX Series routers can also be used as a branch point in the tree so that they are connected to other downstream ACX Series or MX Series routers and send multicast data according to the membership established through the PIM or IGMP messaging.

    Note

    ACX Series routers support only sparse mode. Dense mode on ACX Series is supported only for control multicast groups for autodiscovery of rendezvous point (auto-RP).

    You can configure IGMP on the subscriber-facing interfaces to receive IGMP control packets from subscribers, which in turn triggers the PIM messages to be sent out of the network-facing interface toward the rendezvous point (RP).

    Note

    ACX Series routers do not support IPv6 interfaces for multicast data delivery and RP functionality.

  • Support for dying-gasp PDU generation (ACX Series)—Starting in Junos OS Release 16.1R2, ACX Series Universal Metro Routers support the generation of dying-gasp protocol data units (PDUs). Dying gasp refers to an unrecoverable condition such as a power failure. In this condition, the local peer informs the remote peer about the failure state. When the remote peer receives a dying-gasp PDU, it takes an action corresponding to the action profile configured with the link-adjacency-loss event.

    ACX Series routers can generate and receive dying-gasp packets. When LFM is configured on an interface, a dying-gasp PDU is generated for the interface under the following failure conditions:

    • Power failure

    • Packet Forwarding Engine panic or a crash

  • Support for logical tunnels (ACX Series)—Starting in Junos OS Release 16.1R2, ACX Series Universal Metro Routers support logical tunnels. Logical tunnel (lt-) interfaces provide quite different services depending on the host router. On ACX Series routers, logical tunnel interfaces enable you to connect a bridge domain and a pseudowire.

    To create tunnel interfaces, an FPC and the corresponding Packet Forwarding Engine on an ACX Series router must be configured to be used for tunneling services at the [edit chassis] hierarchy level. The amount of bandwidth reserved for tunnel services must also be configured.

    To create logical tunnel interfaces and the bandwidth in gigabits per second to reserve for tunnel services, include the tunnel-services bandwidth (1g | 10g) statement at the [edit chassis fpc slot-number pic number] hierarchy level.

  • Support for PPP encapsulation on Channelized OC3/STM1 (Multi-Rate) Circuit Emulation MIC with SFP (ACX Series)—Starting in Junos OS Release 16.1R2, on ACX4000 routers, you can configure Point-to-Point Protocol (PPP) encapsulation on physical interfaces on Channelized OC3/STM1 (Multi-Rate) Circuit Emulation MIC with SFP. PPP provides a standard method for transporting multiprotocol datagrams over a point-to-point link. PPP uses the High-Speed Data Link Control (HDLC) protocol for its physical interfaces and provides a packet-oriented interface for the network-layer protocols.

    On ACX Series routers, E1, T1, and NxDS0 interfaces support PPP encapsulation.

    IP class of service (CoS) is not supported on PPP interfaces. All the traffic is sent to the best effort queue (queue 0) and CoS code points are not processed. Also, fixed classifiers are not supported. PPP is supported only for IPv4 networks.

  • Support for dual-rate SFP+ modules (ACX Series)—Starting in Junos OS Release 16.1R2, ACX2000, ACX2100, and ACX4000 routers support the dual-rate SFP+ optic modules. These modules operate at either 1 Gbps or 10 Gbps speeds. When you plug in the module to the small form-factor pluggable plus (SFP+) slot, the module can be set at either 1 Gbps or 10 Gpbs.

    ACX Series routers use the 2-port 10-Gigabit Ethernet (LAN) SFP+ MIC in the following two combinations:

    • 2-port 10-Gigabit Ethernet (LAN) SFP+ uses BCM84728 PHY on ACX 2100/ACX4000 routers.

    • 2-port 10-Gigabit Ethernet (LAN) SFP+ uses BCM8728/8747 on ACX2000 routers.

    To configure an xe port in 1-Gigabit Ethernet mode , use the set interfaces xe-x/y/z speed 1g statement. To configure an xe port in 10-Gigabit Ethernet mode, use the set interfaces xe-x/y/z speed 10g statement. The default speed mode is 1-Gigabit Ethernet mode.

  • Support for inverse multiplexing for ATM (IMA) on Channelized OC3/STM1 (Multi-Rate) Circuit Emulation MIC with SFP (ACX Series)—Starting in Junos OS Release 16.1R2, you can configure inverse multiplexing for ATM (IMA) on the Channelized OC3/STM1 (Multi-Rate) Circuit Emulation MIC with SFP (model number: ACX-MIC-4COC3-1COC12CE) on ACX Series routers. You can configure four OC3/STM1 ports or one OC12/STM4 port on this rate-selectable MIC.

  • Support for TDR for diagnosing cable faults (ACX Series)—Starting in Junos OS Release 16.1R2, ACX Series Universal Metro Routers support Time Domain Reflectometry (TDR), which is a technology used for diagnosing copper cable states. This technique can be used to determine whether cabling is at fault when you cannot establish a link. TDR detects the defects by sending a signal through a cable, and reflecting it from the end of the cable. Open circuits, short circuits, sharp bends, and other defects in the cable reflect the signal back at different amplitudes, depending on the severity of the defect. TDR diagnostics is supported only on copper interfaces and not on fiber interfaces.

    TDR provides the following capabilities that you can use to effectively identify and correct cable problems:

    • Display detailed information about the status of a twisted-pair cable, such as cable pair being open or short-circuited.

    • Determine the distance in meters at which open or short-circuit is detected.

    • Detect whether or not the twisted pairs are swapped.

    • Identify the polarity status of the twisted pair.

    • Determine any downshift in the connection speed.

Installation

  • Support for USB autoinstallation from XML file (ACX Series routers)—Starting in Junos OS Release 16.1R2, ACX Series Universal Metro Routers support USB autoinstallation using the configuration file in XML format. The USB-based autoinstallation process overrides the network-based autoinstallation process. If the ACX Series router detects a USB Disk-on-Key device containing a valid configuration file during autoinstallation, the router uses the configuration file on Disk-on-Key instead of fetching the configuration from the network.

  • Support for hybrid mode of autoinstallation—Starting in Junos OS Release 16.1R2, ACX Series Universal Metro Routers support hybrid mode of autoinstallation. The autoinstallation mechanism allows the router to configure itself out-of-the-box with no manual intervention, using the configuration available on the network, locally through a removable media, or using a combination of both. ACX Series routers support the retrieval of partial configuration from an external USB storage device plugged into the router’s USB port during the autoinstallation process. In turn, this partial configuration facilitates the network mode of autoinstallation to retrieve the complete configuration file from the network. This method is called hybrid mode of autoinstallation.

Layer 2 Features

  • Support for Layer 2 security (ACX Series)—Starting in Junos OS Release 16.1R2, ACX Series routers support bridge family firewall filters. These family filters can be configured at the logical interface level and can be scaled up to 124 terms for ingress traffic, and 126 terms for egress traffic.

  • Support for Ethernet Local Management Interface protocol (ACX Series)—Starting in Junos OS Release 16.1R2, the Ethernet Local Management Interface (E-LMI) protocol on ACX Series Universal Metro Routers supports Layer 2 circuit and Layer 2 VPN Ethernet virtual connection (EVC) types.

    Junos OS for ACX Series Universal Metro Routers supports E-LMI only on provider edge (PE) routers.

  • Support for Layer 2 control protocols and Layer 2 protocol tunneling (ACX Series)—Starting in Junos OS Release 16.1R2, you can configure spanning tree protocols to prevent Layer 2 loops in a bridge domain. Layer 2 control protocols for ACX Series Universal Metro Routers include the Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), Multiple Spanning Tree Protocol (MSTP), VLAN Spanning Tree Protocol (VSTP), and Link Layer Discovery Protocol (LLDP). ACX Series routers can support up to 128 STP instances, which includes all instances of VSTP, MSTP, RSTP, and STP.

    Layer 2 protocol tunneling (L2PT) is supported on ACX Series routers. L2PT allows Layer 2 protocol data units (PDUs) to be tunneled through a network. L2PT can be configured on a port on a customer-edge router by using MAC rewrite configuration. MAC rewrite is supported for STP, Cisco Discovery Protocol (CDP), VLAN Trunk Protocol (VTP), IEEE 802.1X, IEEE 802.3ah, Ethernet Local Management Interface (E-LMI), Link Aggregation Control Protocol (LACP), Link Layer Discovery Protocol (LLDP), Multiple MAC Registration Protocol (MMRP), and Multiple VLAN Registration Protocol (MVRP) packets.

  • Support for Layer 2 bridging (ACX Series)—Starting in Junos OS Release 16.1R2, ACX Series Universal Metro Routers support Layer 2 bridging and Q-in-Q tunneling. A bridge domain is created by adding a set of Layer 2 logical interfaces in a bridge domain to represent a broadcast domain. Layer 2 logical interfaces are created by defining one or more logical units on a physical interface with encapsulation as ethernet-bridge or vlan-bridge. All the member ports of the bridge domain participate in Layer 2 learning and forwarding. You can configure one or more bridge domains to perform Layer 2 bridging. You can optionally disable learning on a bridge domain.

    Note

    ACX Series routers do not support the creation of bridge domains by using access and trunk ports.

    On ACX Series routers, you can configure E-LAN and E-LINE services on bridge domains. When you configure E-LAN and E-LINE services by using a bridge domain without a vlan-id statement, the bridge domain should explicitly be normalized by an input VLAN map to a service VLAN ID and TPID. Explicit normalization is required when a logical interface’s outer VLAN ID and TPID are not the same as the service VLAN ID and TPID of the service being configured.

  • Support for IEEE 802.1ad classifier (ACX Series)—Starting in Junos OS Release 16.1R2, ACX Series Universal Metro Routers support the IEEE 802.1ad classifier. Rewrite rules at the physical interface level support the IEEE 802.1ad bit value. The IEEE 802.1ad classifier uses IEEE 802.1p and DEI bits together. On logical interfaces, only fixed classifiers are supported.

    You can configure either IEEE 802.1p or IEEE 802.1ad classifiers at the physical interface level. You can define the following features:

    • IEEE 802.1ad classifiers (inner or outer)

    • IEEE 802.1ad rewrites (outer)

    Note

    You cannot configure both IEEE 802.1p and IEEE 802.1ad classifiers together at the physical interface level.

    ACX Series routers support the IEEE 802.1ad classifier and rewrite along with the existing class-of-service features for Layer 2 interfaces.

  • Support for OAM with Layer 2 bridging as a transport mechanism (ACX Series)—Starting in Junos OS Release 16.1R2, ACX Series Universal Metro Routers support the following OAM features that use Layer 2 bridging as a transport mechanism:

    • IEEE 802.3ah LFM—IEEE 802.3ah link fault management (LFM) operates at the physical interface level and the packets are sent using Layer 2 bridging as a transport mechanism.

    • Dying-gasp packets—Dying-gasp PDU generation operates at the physical interface level. Dying-gasp packets are sent through the IEEE 802.3ah LFM-enabled interfaces.

    • IEEE 802.1ag and ITU-T Y.1731 protocols on down MEPs—IEEE 802.1ag configuration fault management (CFM) and ITU-T Y.1731 performance-monitoring OAM protocols, which are used for end-to-end Ethernet services, are supported only on down maintenance association end points (MEPs). The ITU-T Y.1731 protocol supports delay measurement on down MEPs but does not support loss measurement on down MEPs.

  • Support for storm control (ACX Series)—Starting in Junos OS Release 16.1R2, storm control is supported on ACX Series routers. Storm control is only applicable at the IFD level for ACX Series. When a traffic storm is seen on the interface configured for storm control, the default action is to drop the packets exceeding the configured bandwidth. No event is generated as part of this. Storm control is not enabled on the interface by default.

  • Support for RFC 2544-based benchmarking tests (ACX Series)—Starting in Junos OS Release 16.1R2, ACX Series Universal Metro Routers support RFC 2544-based benchmarking tests for E-LINE and ELAN services configured using bridge domains. RFC 2544 defines a series of tests that can be used to describe the performance characteristics of network interconnecting devices. RFC 2544 test methodology can be applied to a single device under test, or to a network service (set of devices working together to provide end-to-end service). When applied to a service, the RFC 2544 test results can characterize the service-level agreement parameters.

    RFC 2544 tests are performed by transmitting test packets from a device that functions as the generator or the initiator. These packets are sent to a device that functions as the reflector, which receives and returns the packets back to the initiator.

    ACX Series routers support RFC 2544 tests to measure throughput, latency, frame loss rate, and back-to-back frames.

    With embedded RFC 2544, an ACX Series router can be configured as an initiator and reflector.

    • You can configure RFC 2544 tests on the following underlying services:

      • Between two IPv4 endpoints.

      • Between two user-to-network interfaces (UNIs) of Ethernet Virtual Connection (EVC), Ethernet Private Line (EPL, also called E-LINE), Ethernet Virtual Private Line (EVPL), and EVC (EPL, EVPL).

  • Support for IEEE 802.1ag and ITU-T Y.1731 OAM protocols on up MEPs (ACX Series)—Starting in Junos OS Release 16.1R2, ACX Series Universal Metro Routers support IEEE 802.1ag configuration fault management (CFM) and ITU-T Y.1731 performance-monitoring OAM protocols on up maintenance association end points (MEPs). CFM OAM protocol is supported on link aggregation group (LAG) or aggregated Ethernet (AE) interfaces. The ITU-T Y.1731 protocol supports delay measurement on up MEPs but does not support loss measurement on up MEPs.

    Note

    ACX Series routers do not support the ITU-T Y.1731 OAM protocol on AE interfaces.

  • Support for Ethernet alarm indication signal (ACX Series)—Starting in Junos OS Release 16.1R2, ACX Series Universal Metro Routers support ITU-T Y.1731 Ethernet alarm indication signal function (ETH-AIS) to provide fault management for service providers. ETH-AIS enables you to suppress alarms when a fault condition is detected. Using ETH-AIS, an administrator can differentiate between faults at the customer level and faults at the provider level. When a fault condition is detected, a maintenance end point (MEP) generates ETH-AIS packets to the configured client levels for a specified duration until the fault condition is cleared. Any MEP configured to generate ETH-AIS packets signals to a level higher than its own. A MEP receiving ETH-AIS recognizes that the fault is at a lower level and then suppresses alarms at the current level that the MEP is in.

    ACX Series routers support ETH-AIS PDU generation for server MEPs on the basis of the following defect conditions:

    • Loss of connectivity (physical link loss detection)

    • Layer 2 circuit or Layer 2 VPN down

  • Support for Ethernet ring protection switching (ACX Series)—Starting in Junos OS Release 16.1R2, you can configure Ethernet ring protection switching (ERPS) on ACX Series routers to achieve high reliability and network stability. The basic idea of an Ethernet ring is to use one specific link, called the ring protection link (RPL), to protect the whole ring. Links in the ring will never form loops that fatally affect the network operation and services availability.

    ACX Series routers support multiple Ethernet ring instances that share the physical ring. Each instance has its own control channel and a specific data channel. Each ring instance can take a different path to achieve load balancing in the physical ring. When no data channel is specified, ERP operates only on the VLAN ID associated with the control channel. G.8032 open rings are supported.

    ACX Series routers do not support aggregate Ethernet–based rings.

    To configure Ethernet ring protection switching, include the protection-ring statement at the [edit protocols] hierarchy level.

  • Support for integrated routing and bridging (ACX Series)—Starting in Junos OS Release 16.1R2, ACX Series Universal Metro Routers support integrated routing and bridging (IRB) functionality. IRB provides routing capability on a bridge domain. To enable this functionality, you need to configure an IRB interface as a routing interface in a bridge domain and then configure a Layer 3 protocol such as an IP or ISO on the IRB interface.

    ACX Series routers support IRB for routing IPv4 packets. IPv6 and MPLS packets are not supported.

  • Support for IGMP snooping (ACX Series)—Starting in Junos OS Release 16.1R2, ACX Series routers support IGMP snooping functionality. IGMP snooping functions by snooping at the IGMP packets received by the switch interfaces and building a multicast database similar to what a multicast router builds in a Layer 3 network. Using this database, the switch can forward multicast traffic only to the downstream interfaces of interested receivers. This technique allows more efficient use of network bandwidth, particularly for IPTV applications. You configure IGMP snooping for each bridge on the router.

  • Support for unicast reverse path forwarding (ACX Series)—Starting in Junos OS Release 16.1R2, ACX Series Universal Metro Routers support unicast reverse path forwarding. For interfaces that carry IPv4 or IPv6 traffic, you can reduce the impact of denial-of-service (DoS) attacks by configuring unicast reverse path forwarding (RPF). Unicast RPF helps determine the source of attacks and rejects packets from unexpected source addresses on interfaces where unicast RPF is enabled.

    Reverse path forwarding is not supported on the interfaces that you configure as tunnel sources. This limitation affects only the transit packets exiting the tunnel.

    To configure unicast reverse path forwarding, issue the rpf-check statement at the [edit interfaces interface-name unit logical-unit-number family inet] hierarchy level. RPF fail filters are not supported on ACX Series routers. The RPF check to be used when routing is asymmetrical is not supported.

  • Support for disabling local switching in bridge domains (ACX Series)—Starting in Junos OS Release 16.1R2, in a bridge domain, when a frame is received from a customer edge (CE) interface, it is flooded to the other CE interfaces and all of the provider edge (PE) interfaces if the destination MAC address is not learned or if the frame is either broadcast or multicast.

    To prevent CE devices from communicating directly, include the no-local-switching statement at the [edit bridge-domains bridge-domain-name] hierarchy level. Configure the logical interfaces in the bridge domain as core-facing (PE interfaces) by including the core-facing statement at the [edit interfaces interface-name unit logical-unit-number family family] hierarchy level to specify that the VLAN is physically connected to a core-facing ISP router and ensure that the network does not improperly treat the interface as a client interface. When local switching is disabled, traffic from one CE interface is not forwarded to another CE interface.

  • Support for hierarchical VPLS (ACX Series)—Starting in Junos OS Release 16.1R2,, hierarchical LDP-based VPLS requires a full mesh of tunnel LSPs between all the PE routers that participate in the VPLS service. Using hierarchical connectivity reduces signaling and replication overhead to facilitate large-scale deployments. In a typical IPTV solution, IPTV sources are in the public domain and the subscribers are in the private VPN domain.

    For an efficient delivery of multicast data from the IPTV source to the set-top boxes or to subscribers in the private domain using the access devices (ACX Series routers in this case), P2MP LSPs and MVPN are necessary. Because VPLS and MVPN are not supported on ACX Series routers, an alternative approach is used to achieve hierarchical VPLS (HPVLS) capabilities. The subscriber devices are connected to a VPLS or a Layer 3 VPN domain on the ACX Series (access) router and they are configured to import the multicast routes. The support for PIM snooping in Layer 3 interfaces, IGMP snooping in Layer 2 networks, IRB interfaces, and logical tunnel interfaces enables HVPLS support.

Management

  • Support for real-time performance monitoring (ACX Series)—Starting in Junos OS Release 16.1R2, ACX Universal Metro Routers support real-time performance monitoring. Real-time performance monitoring (RPM) allows you to perform service-level monitoring. When RPM is configured on a router, the router calculates network performance based on packet response time, jitter, and packet loss. You can configure these values to be gathered by HTTP, Internet Control Message Protocol (ICMP), TCP, and UDP requests. The router gathers RPM statistics by sending out probes to a specified probe target, identified by an IP address. When the target receives a probe, it generates responses that are received by the router. You set the probe options in the test test-name statement at the [edit services rpm probe owner] hierarchy level. You use the show services rpm probe-results command to view the results of the most recent RPM probes.

    Note

    Packet Forwarding Engine timestamping is available only for ICMP probes and for UDP probes with the destination port set to UDP_ECHO port (7).

  • Support for Virtual Router Redundancy Protocol version 2 (ACX Series)—Starting in Junos OS Release 16.1R2, ACX Series Universal Metro Routers support Virtual Router Redundancy Protocol (VRRP) version 2 configuration. VRRP enables hosts on a LAN to make use of redundant routers on that LAN without requiring more than the static configuration of a single default route on the hosts. Routers running VRRP share the IP address corresponding to the default route configured on the hosts. At any time, one of the routers running VRRP is the master (active) and the others are backups. If the master fails, one of the backup routers becomes the new master router, providing a virtual default router and enabling traffic on the LAN to be routed without relying on a single router. Using VRRP, a backup router can take over a failed default router within a few seconds. This is done with minimum VRRP traffic and without any interaction with the hosts.

  • Support for DHCP client and DHCP server (ACX Series)—Starting in Junos OS Release 16.1R2, ACX Series Universal Metro Routers can be enabled to function as a DHCP client and an extended DHCP local server. An extended DHCP local server provides an IP address and other configuration information in response to a client request in the form of an address-lease offer. An ACX Series router configured as a DHCP client can obtain its TCP/IP settings and the IP address from a DHCP local server.

  • Support for preserving DHCP server subscriber information (ACX Series)—Starting in Junos OS Release 16.1R2, ACX Series Universal Metro Routers preserve DHCP server subscriber binding information. ACX Series router functioning as a DHCP server stores the subscriber binding information to a file and when the router reboots, the subscriber information is read from the file and restored.

  • Support for DHCP client, DHCP server, and DHCP relay on Aggregated Ethernet (ACX Series)—Starting in Junos OS Release 16.1R2, ACX Series routers support DHCP client, DHCP server, and DHCP relay configurations on Aggregated Ethernet interfaces.

  • Support for Two-Way Active Measurement Protocol (ACX Series)—Starting in Junos OS Release 16.1R2, ACX Series Universal Metro Routers support Two-Way Active Measurement Protocol (TWAMP). TWAMP provides a method for measuring round-trip IP performance between two devices in a network. ACX Series routers support only the reflector side of TWAMP.

Routing

  • Support for ECMP flow-based forwarding (ACX Series)—Starting in Junos OS Release 16.1R2, ACX Series Universal Metro Routers support equal-cost multipath (ECMP) flow-based forwarding. An ECMP set is formed when the routing table contains multiple next-hop addresses for the same destination with equal cost. If there is an ECMP set for the active route, Junos OS uses a hash algorithm to choose one of the next-hop addresses in the ECMP set to install in the forwarding table. You can configure Junos OS so that multiple next-hop entries in an ECMP set are installed in the forwarding table. On ACX Series routers, per-flow load balancing can be performed to spread traffic across multiple paths between the routers.

    ECMP flow-based forwarding is supported for IPv4, IPv6, and MPLS packets.

Security

  • Support for IP and MAC address validation (ACX Series)—Starting in Junos OS Release 16.1R2, ACX Series Universal Metro Routers support IP and MAC address validation. This feature enables the ACX Series router to validate that received packets contain a trusted IP source and an Ethernet MAC source address. Configuring MAC address validation can provide additional validation when subscribers access billable services. MAC address validation provides additional security by enabling the router to drop packets that do not match, such as packets with spoofed addresses.

  • Support for unattended boot mode (ACX Series)—Starting in Junos OS Release 16.1R2, ACX Series Universal Metro Routers support unattended boot mode. Unattended boot mode feature blocks any known methods to get access to the router from CPU reset until the Junos OS login prompt, thereby preventing a user from making any unauthorized changes on the router such as viewing, modifying, or deleting configuration information.

Subscriber Access Management

  • Support for DHCP relay agent (ACX Series)—Starting in Junos OS Release 16.1R2, you can configure extended DHCP relay options on an ACX Series router and enable the router to function as a DHCP relay agent. A DHCP relay agent forwards DHCP request and reply packets between a DHCP client and a DHCP server that might or might not reside in the same IP subnet.

    To configure the DHCP relay agent on the router for IPv4 packets, include the dhcp-relay statement at the [edit forwarding-options] hierarchy level. You can also include the dhcp-relay statement at the [edit routing-instances routing-instance-name forwarding-options] and the [edit routing-instances routing-instance-name protocols vrf] hierarchy levels.

Timing and Synchronization

  • Support for PTP over Ethernet (ACX Series)—Starting in Junos OS Release 16.1R2, Precision Time Protocol (PTP) is supported over IEEE 802.3 or Ethernet links on ACX Series routers. This functionality is supported in compliance with the IEEE 1588-2008 specification. PTP over Ethernet enables effective implementation of packet-based technology that enables the operator to deliver synchronization services on packet-based mobile backhaul networks that are configured in Ethernet rings. Deployment of PTP at every hop in an Ethernet ring using the Ethernet encapsulation method enables robust, redundant, and high-performance topologies to be created that enable a highly-precise time and phase synchronization to be obtained.

  • PTP slave performance metrics (ACX Series)—Starting in Junos OS Release 16.1R2, Precision Time Protocol (PTP) slave devices are used to provide frequency and time distribution throughout large networks. On ACX Series routers, PTP slave devices calculate performance metrics based on standard PTP timing messages. These performance metrics include both inbound and outbound packet delay and jitter between the PTP slave and master. Metrics are exported every 15 minutes to Junos Space. Performance metrics are also stored locally on the ACX Series router and can be accessed with the show ptp performance-monitor [short-term | long-term] command.

  • Support for hybrid mode (ACX Series)—Starting in Junos OS Release 16.1R2, ACX Series Universal Metro Routers support hybrid mode, which is a combined operation of Synchronous Ethernet and Precision Time Protocol (PTP). In hybrid mode, the synchronous Ethernet equipment clock (EEC) on the router derives the frequency from Synchronous Ethernet and the phase and time of day from PTP. Time synchronization includes both phase synchronization and frequency synchronization.

    Synchronous Ethernet supports hop-by-hop frequency transfer, where all interfaces on the trail must support Synchronous Ethernet. PTP (also known as IEEE 1588v2) synchronizes clocks between nodes in a network, thereby enabling the distribution of an accurate clock over a packet-switched network.

    To configure the router in hybrid mode, you must configure Synchronous Ethernet options at the [edit chassis synchronization] hierarchy level and configure PTP options at the [edit protocols ptp] hierarchy level. Configure hybrid mode options by including the hybrid statement at the [edit protocols ptp slave] hierarchy level.

Release 16.1R1 New and Changed Features

This section describes the new features or enhancements to existing features for ACX Series Universal Metro Routers in Junos OS Release 16.1R1.

Management

  • YANG module that defines Junos OS operational commands (ACX Series)—Starting in Junos OS Release 16.1R1, Juniper Networks provides the juniper-command YANG module, which represents the operational command hierarchy and collective group of modules that define the remote procedure calls (RPCs) for Junos OS operational mode commands. You can download Juniper Networks YANG modules from the website, or you can generate the modules by using the show system schema format yang module juniper-command operational command on the local device. The juniper-command module is bound to the namespace URI http://yang.juniper.net/yang/1.1/jrpc and uses the prefix jrpc.

  • YANG module that defines CLI formatting for RPC output (ACX Series)—Starting in Junos OS Release 16.1R1, Juniper Networks provides the junos-extension-odl YANG module. The module contains definitions for Junos OS Output Definition Language (ODL) statements, which determine the CLI formatting for RPC output when you execute the operational command corresponding to that RPC in the CLI or when you request the RPC output in text format. You can use statements in the junos-extension-odl module in custom RPCs to convert the XML output into a more logical and human-readable representation of the data. The junos-extension-odl module is bound to the namespace URI http://yang.juniper.net/yang/1.1/jodl and uses the prefix junos-odl.

Software Installation and Upgrade

  • Limited encryption Junos image (“Junos Limited”) created for customers in Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia (ACX1100)—Starting in Junos OS Release 16.1R1, customers in the Eurasian Customs Union (currently comprised of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) should use the “Junos Limited” image for ACX1100 routers instead of the “Junos Worldwide” image. The “Junos Limited” image does not have data-plane encryption and is intended only for countries in the Eurasian Customs Union because these countries have import restrictions on software containing data plane encryption. Unlike the “Junos Worldwide” image, the “Junos Limited” image supports control plane encryption through Secure Shell (SSH) and Secure Sockets Layer (SSL), thus allowing secure management of the system.

    Note

    The limited encryption Junos image (“Junos Limited”) is to be used by customers in Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia.

User Interface and Configuration

  • Support for JSON format for configuration data (ACX Series)–Starting in Junos OS Release 16.1R1, you can configure devices running Junos OS using configuration data in JavaScript Object Notation (JSON) format in addition to the existing text, Junos XML, and Junos OS set command formats. You can load configuration data in JSON format in the Junos OS CLI by using the load (merge | override | update) json command or from within a NETCONF or Junos XML protocol session by using the <load-configuration format="json"> operation. You can load JSON configuration data either from an existing file or as a data stream. Configuration data that is provided as a data stream must be enclosed in a <configuration-json> element.

Changes in Default Behavior and Syntax

This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands from Junos OS Release 16.1R7 for the ACX Series Universal Metro Routers.

Interfaces and Chassis

  • Connectivity fault management MEPs on Layer 2 circuits and Layer 2 VPNs—On interfaces configured on ACX Series routers, you no longer need to configure the no-control-word statement at either the [edit protocols l2circuit neighbor neighbor-id interface interface-name] or the [edit routing-instances routing-instance-name protocols l2vpn] hierarchy level for Layer 2 circuits and Layer 2 VPNs over which you are running CFM maintenance association end points (MEPs). This configuration is not needed because ACX Series routers support the control word for CFM MEPs. The control word is enabled by default.

  • In the output of the show interfaces command under the MAC Statistics section, any packet whose size exceeds the configured MTU size is considered an oversized frame and the value displayed in the Oversized frames field is incremented. The value displayed in the Jabber frames field is incremented when a bad CRC frame size is between 1518 bytes and the configured MTU size.

  • Support for chained composite next hop in Layer 3 VPNs—Next-hop chaining (also known as chained composite next hop) is a composition function that concatenates the partial rewrite strings associated with individual next hops to form a larger rewrite string that is added to a packet. To configure the router to accept up to one million Layer 3 VPN route updates with unique inner VPN labels, include the l3vpn statement at the [edit routing-options forwarding-table chained-composite-next-hop ingress] hierarchy level. The l3vpn statement is disabled by default.

Management

  • Support for status deprecated statement in YANG modules (ACX Series)—Starting in Junos OS Release 16.1R2, Juniper Networks YANG modules include the status deprecated statement to indicate configuration statements, commands, and options that are deprecated.

System Logging

  • Support for system log message: UI_SKIP_SYNC_OTHER_RE (ACX Series)—Starting with Junos OS Release 16.1R1, configuration synchronization with a remote Routing Engine is skipped when the configuration is already in sync with another Routing Engine with database revision.

    Note

    This system log message is generated when the graceful Routing Engine switchover feature is enabled.

    This system log message reports an event, not an error, and has notice as Severity and LOG_AUTH as Facility.

    [See Understanding Graceful Routing Engine Switchover in the Junos OS.]

User Interface and Configuration

  • The output-file-name option for show system schema command is deprecated (ACX Series)—Starting in Junos OS Release 16.1R1, the output-file-name option for the show system schema operational command is deprecated. To direct the output to a file, use the output-directory option and specify the directory. By default, the filename for the output file uses the module name as the filename base and the format as the filename extension. If you also include the module-name option in the command, the specified module name is used for both the name of the generated module and for the filename base for the output file.

  • New default implementation for serialization for JSON configuration data (ACX Series)—Starting in Junos OS Release 16.1R1, the default implementation for serialization for configuration data emitted in JavaScript Object Notation (JSON) has changed. The new default is as defined in Internet drafts draft-ietf-netmod-yang-json-09, JSON Encoding of Data Modeled with YANG, and draft-ietf-netmod-yang-metadata-06, Defining and Using Metadata with YANG.

Known Behavior

There are no known limitations in Junos OS Release 16.1R7 for the ACX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Known Issues

This section lists the known issues in hardware and software in Junos OS Release 16.1R7 for the ACX Series Universal Metro Routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Class of Service

  • When the rewrite-rules statement is configured with the dscp or the inet-precedence options at the [edit class-of-service interfaces] hierarchy level, the expectation is that the DiffServ code point (DSCP) or IPv4 precedence rewrite rules take effect only on IP packets. However, in addition to the IP packets, the DSCP or IPv4 rewrite takes effect on the IP header inside the Ethernet pseudowire payload as well. This is not applicable for the ACX4000 router. PR664062

  • In an ACX4000 router, whenever the scheduling and shaping parameters of a port or any of its queues are changed, the entire scheduling configuration on the port is erased and the new configuration is applied. During the time when such a configuration change is taking place, the traffic pattern does not adhere to user parameters. It is recommended that the scheduling configurations are done much earlier before live traffic. PR840313

  • The VLAN packet loss priority (PLP) is incorrectly set when untagged VLAN frames are received on the ingress interface with DSCP or IP precedence classification enabled and the NNI (egress) interface does not contain IEEE 802.1p rewrite rules. PR949524

CoS limitations on PPP and MLPPP interfaces

The following are the common limitations on PPP and MLPPP interfaces:

  • Traffic loss is observed when a CoS configuration is changed.

  • Scheduling and shaping feature is based on CIR-EIR model and not based on weighted fair queuing (WFQ) model.

  • The minimum transmit rate is 32 Kbps and the minimum supported rate difference between transmit rate and shaping rate is 32 Kbps.

  • Buffer size is calculated based on the average packet size of 256 bytes.

  • Low and High are the only loss priority levels supported.

  • The mapping between forwarding class and queue is fixed as follows:

    • best-effort is queue 0

    • expedited-forwarding is queue 1

    • assured-forwarding is queue 2

    • network-control is queue 3

The following are the specific CoS limitations on MLPPP interfaces:

  • Percentage rate configuration is not supported for shaping and scheduling. Rate configuration is only supported in terms of bits per second.

  • Buffer size is calculated based on a single member link (T1/E1) speed and is not based on the number of member links in a bundle.

  • Supports only transmit-rate exact configuration without fragmentation-map. Shaping and priority will not be supported without fragmentation-map.

  • If fragmentation-map is configured, shaping is supported on a forwarding class with different priorities. If two or more forwarding classes are configured with the same priority, then only transmit-rate exact is supported for the respective forwarding class.

  • Supports only one-to-one mapping between a forwarding class and a multiclass. A forwarding class can only send traffic corresponding to one multiclass.

The following is the specific CoS limitation on PPP interfaces:

  • The distribution of excess rate between two or more queues of same priority happens on a first-come first-served basis. The shaping rate configured on the respective queue remains valid.

Firewall Filters

  • In ACX Series routers, the following Layer 2 control protocols packet are not matched (with the match-all term) by using the bridge family firewall filter applied on a Layer 2 interface:

    • Slow-Protocol/LACP MAC (01:80:c2:00:00:02)

    • E-LMI MAC ((01:80:c2:00:00:07)

    • IS-IS L2 MAC (01:80:c2:00:00:14/09:00:2B:00:00:14)

    • STP BPDU (01:80:c2:00:00:00)

    • VSTP BPDU (01:00:0C:CC:CC:CD)

    • LLDP/PTP (01:80:c2:00:00:0E)

    When layer rewrite is configured:

    • VTP/CDP (01:00:0C:CC:CC:CC)

    • L2PT RW MAC (01:00:0C:CD:CD:D0)

    • MMRP (01:80:C2:00:00:20)

    • MVRP (01:80:C2:00:00:21)

    As a workaround, to match the Layer 2 control packet flows with a bridge family filter term, you must explicitly specify the destination MAC match (along with other MAC matches) in the firewall filter term and in the match term. PR879105

  • In ACX Series routers, a firewall filter cannot be applied to a logical interface configured with vlan-id-list or vlan-range. As a workaround, you can configure the interface-specific statement, which can be applied to the bridge, inet, or mpls family firewall filter. PR889182

  • In ACX Series routers, packet drops in the egress interface queue are also counted as input packet rejects under the Filter statistics section in the output of the show interface input-interfaces extensive command when the command is run on the ingress interface. PR612441

  • When the statistics statement is configured on a logical interface—for example, [edit interface name-X unit unit-Y ]; the (policer | count | three-color-policer) statements are configured in a firewall filter for the family any—for example, [edit firewall family any filter filter-XYZ term term-T then] hierarchy level; and the configured filter-XYZ is specified in the output statement of the logical interface at the [edit interface name-X unit unit-Y filter] hierarchy level, the counters from the configuration of another firewall family filter on the logical interface do not work. PR678847

  • The policing rate can be incorrect if the following configurations are applied together:

    • The policer or three-color-policer statement configured in a firewall filter—for example, filter-XYZ at the [edit firewall family any filter filter-XYZ term term-T then] hierarchy level, and filter-XYZ is specified as an ingress or egress firewall filter on a logical interface—for example, interface-X unit-Y at the [edit interface interface-X unit unit-Y filter (input|output) filter-XYZ] hierarchy level.

    • The policer or three-color-policer statement configured in a firewall filter—for example, filter-ABC at the [edit firewall family name-XX filter filter-ABC term term-T then] hierarchy level, and filter-ABC is configured as an ingress or egress firewall filter on a family of the same logical interface interface-X unit-Y at the [edit interface interface-X unit unit-Y family name-XX filter (input|output) filter-ABC] hierarchy level.

    Note

    If one of these configurations is applied independently, then the correct policer rate can be observed.

    PR678950

Interfaces and Chassis

  • Egress maximum transmission unit (MTU) check value of an interface is different for tagged and untagged packets. If an interface is configured with CLI MTU value as x, then the following would be the checks depending on outgoing packet type:

    • Egress MTU value for unatagged packet = x − 4

    • Egress MTU value for single-tagged packet = x

    • Egress MTU value for double-tagged packet = x + 4

    Note

    The ingress MTU check is the same for all incoming packet types.

    There is no workaround available. PR891770

  • In ACX Series routers, when STP is configured on an interface, the detailed interface traffic statistics show command output does not show statistics information but displays the message Dropped traffic statistics due to STP State. However, the drop counters are updated. There is no workaround available. PR810936

  • When the differential-delay number option is configured in the ima-group-option statement at the [edit interfaces at-fpc/pic/ima-group-no] hierarchy level, with a value less than 10, some of the member links might not come up and the group might remain down, resulting in traffic loss. A workaround is to keep the differential delay value above 10 for all IMA bundles. PR726279

  • The ACX Series routers support logical interface statistics, but do not support the address family statistics. PR725809

  • BERT error insertion and bit counters are not supported by the IDT82P2288 framer. PR726894

  • All 4x supported TPIDs cannot be configured on different logical interfaces of a physical interface. Only one TPID can be configured on all logical interfaces of a physical interface. But different physical interfaces can have different TPIDs. As a workaround, use TPID rewrite. PR738890

  • The ACX Series routers do not support logical interface statistics for logical interfaces with vlan-list or vlan-range configured. PR810973

  • CFM up-MEP session (to monitor pseudowire service) does not come up when the output VLAN map is configured as push on an AC logical interface. This is due to a hardware limitation in the ACX4000 router. PR832503

  • For ATM interfaces with atm-ccc-cell-relay and atm-ccc-vc-mux encapsulation types configured, and with shaping profile configured on the interfaces, traffic drop is observed when the configured shaping profile is changed. This problem occurs with 16-port Channelized E1/T1 Circuit Emulation MICs on ACX4000 routers. As a workaround, you must stop the traffic on the Layer 2 circuit before changing any of the traffic shaping profile parameters. PR817335

  • In the case of normalized bridge domain, with double-tagged aggregated Ethernet interface as ingress, the classification based on inner tag does not work for the ACX4000. To do classification based on inner tag, configure the bridge domain with explicit normalization and configure input and output VLAN map to match the behavior. PR869715

  • The MAC counter behavior of 10-Gigabit Ethernet is different compared to 1-Gigabit Ethernet.

    On 1-Gigabit Ethernet interfaces, if the packet size is greater than 1518 bytes, irrespective of whether the packet is tagged or untagged, the Oversized counter gets incremented. If the packet has a CRC error, then the Jabber counter gets incremented.

    On 10-Gigabit Ethernet interfaces, if the packet is size is greater than 1518 bytes and the packet is untagged, then the Oversized counter gets incremented. If the packet has a CRC error, then the Jabber counter gets incremented.

    If the packet is tagged (TPID is 0x8100), then the Oversized counter is incremented only if the packet size is greater than 1522 bytes (1518 + 4 bytes for the tag). The Jabber counter is incremented only if the packet size is greater than 1522 bytes and the packet has a CRC error.

    The packet is considered as tagged if the outer TPID is 0x8100. Packets with other TPIDs values (for example, 0x88a8, 0x9100, or 0x9200) are considered as untagged for the counter. There is no workaround available. PR940569

  • Layer 2 RFC 2544 benchmarking test cannot be configured to generate dual-tagged frames when the UNI interface is configured for the QnQ service. This occurs when the input VLAN map push is configured on the UNI interface. There is no workaround available. PR946832

  • After running RFC 2544 tests, PTP stops working when the tests are performed on the same router. A workaround is to reboot FEB after running the RFC 2544 tests. PR944200

  • When an ACX1100 router with AC power is configured as PTP slave or boundary clock, the router does not achieve PTP accuracy within the specification (1.5 us), even if the PTP achieves the state Phase Aligned. PR942664

  • Layer 2 RFC 2544 benchmark test fails for packet sizes 9104 and 9136 when the test bandwidth is less than 10-MB and the NNI interface link speed is 10-MB. This behavior is also seen when the 10-MB policer or shaper is configured on the NNI interface. The issue will not be seen if the egress queue is configured with sufficient queue buffers. PR939622

  • Limitations on logical tunnel interfaces—The following limitations apply when you configure logical tunnel (LT) interfaces in ACX Series Universal Metro Routers:

    • ACX router supports a total of two LT interfaces in a system, one of bandwidth 1G and another of bandwidth 10G.

    • The bandwidth configured on the LT interface is shared between upstream and downstream traffic on that interface. The effective available bandwidth for the service is half the configured bandwidth.

    • Supported encapsulations on LT interface are ethernet-bridge, ethernet-ccc, vlan-bridge, and vlan-ccc.

    • Total number of LT logical interfaces supported on a router is 30.

    • If an LT interface with bandwidth 1 Gbps is configured and port-mirroring is also configured on the router, then LT physical interface statistics may not be accurate for that LT interface.

    • Default classifiers are not available on the LT interface if a non-Ethernet PIC is used to create the LT interface.

    • LT interfaces do not support protocol configuration.

Integrated Routing and Bridging

The following are the limitations on integrated routing and bridging (IRB) for ACX Series Universal Metro Routers.

At the IRB device level, the following limitations apply:

  • Behavior aggregate (BA) classifiers are not supported

  • Statistics are not supported

On an IRB logical interface, the following limitations apply:

  • Statistics and Layer 2 policers are not supported

  • Only inet and iso families are supported

On an IRB logical interface family inet, the following limitations apply:

  • Policer, rpf-check, and dhcp-client are not supported

When firewall is applied on an IRB logical interface family inet, the following limitations apply:

  • Default (global) filters are not supported

  • Supports only accept, forwarding-class, and loss-priority actions

  • Supports only input filters

Interface Limitations—IRB configurations supports a maximum of 1000 logical interfaces on a box.

Class-of-Service Limitations—The following are CoS limitations for IRB:

  • Maximum of 16 fixed classifiers are supported. Each classifier consumes two filter entries and is shared with RFC 2544 sessions. Total number of shared filter entries is 32.

  • Maximum of 64 multifield filter classifiers are supported. Each classifier takes two filter entries. Total of 128 entries are shared between family inet based classifiers on IRB and normal Layer 3 logical interfaces.

  • Maximum 24 forwarding class and loss priority combinations can be rewritten. Each rewrite rule takes single entry from egress filters. Total of 128 entries are shared by rewrite-rules and all other output firewall filters.

  • IRB rewrite is supported only on the ACX4000 Series router.

Firewall Limitations—The following are the firewall limitations for IRB:

  • IRB supports only family inet filters.

  • Only interface-specific and physical-interface specific filters are supported.

  • Only forwarding-class and loss-priority actions are supported, other actions are not supported.

Layer 2 Services

Limitations on Layer 2 bridging

The following Layer 2 bridging limitations apply for ACX Series Universal Metro Routers:

  • A bridge domain cannot have two or more logical interfaces that belong to the same physical interface.

  • A bridge domain with dual VLAN ID tag is not supported.

  • The following input VLAN map functions are not supported because the bridge domain should have a valid service VLAN ID after normalization:

    • pop-pop on double-tagged logical interface.

    • pop on a single-tagged logical interface.

    • VLAN map with VLAN ID value set to 0.

  • swap-push and pop-swap VLAN map functions are not supported.

  • The maximum number of supported input VLAN maps with TPID swap is 64.

  • MAC learning cannot be disabled at the logical interface level.

  • MAC limit per logical interface cannot be configured.

  • All STP ports on a bridge domain must belong to the same MST (multiple spanning tree) instance.

  • If a logical interface is configured with Ethernet bridge encapsulation with push-push as the input VLAN map, normalization does not work when single-tagged or double-tagged frames are received on the logical port. Untagged frames received on the logical interface are normalized and forwarded correctly.

  • On a priority-tagged logical interface with the output VLAN map function pop, egress VLAN filter check does not work.

  • Output VLAN map function push cannot work on a dual-tagged frame egressing a logical interface.

  • In a bridge domain configured with vlan-id statement, when a dual-tagged frame enters a non-dual-tagged logical interface and exits a dual-tagged logical interface, the VLAN tags are not translated correctly at egress.

Limitations on integrated routing and bridging

The following integrated routing and bridging (IRB) limitations apply for ACX Series Universal Metro Routers:

At the IRB device level, the following limitations apply:

  • Behavior aggregate (BA) classifiers are not supported

  • Statistics are not supported

On an IRB logical interface, the following limitations apply:

  • Statistics and Layer 2 policers are not supported

  • Only inet and iso families are supported

On an IRB logical interface family inet, the following limitations apply:

  • Policer, rpf-check, and dhcp-client are not supported

When firewall is applied on an IRB logical interface family inet, the following limitations apply:

  • Default (global) filters are not supported

  • Supports only accept, forwarding-class, and loss-priority actions

  • Supports only input filters

MPLS Applications

  • The scaling numbers for pseudowires and MPLS label routes published for the ACX Series routers are valid only when the protocols adopt graceful restart. In case of non-graceful restart, the scaling numbers would become half of the published numbers. PR683581

Network Management

  • In a connectivity fault management (CFM) up-mep session, when a remote-mep error is detected, the local-mep does not set the RDI bit in the transmitted continuity check messages (CCM). This problem is not seen in ACX4000 routers and in down-mep sessions. There is no workaround available. PR864247

  • The ACX Series routers do not support the configuration of RPM probes to a routing instance along with the configuration of the hardware-timestamp statement at the [edit services rpm probe owner test test-name] hierarchy level. PR846379

Statistics

  • ACX Series routers do not support route statistics per next hop and per flow for unicast and multicast traffic. Only interface-level statistics are supported.

  • The show multicast statistics command is not supported on ACX Series routers. PR954273

Timing and Synchronization

  • When you use the replace pattern command to toggle from a secure slave to an automatic slave or vice versa in the PTP configuration of a boundary clock, the external slave goes into a freerun state. The workaround is to use the delete and set commands instead of the replace pattern command. PR733276

  • In a boundary clock mode, if the upstream master is in ACQUIRING state, the downstream slave toggles from ACQUIRING to FREERUN state if more than one slave is configured. This behavior is random and intermittent. PR1210349

Resolved Issues

This section lists the issues fixed in the Junos OS main release and the maintenance releases.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues:16.1R7

There are no resolved issues in Junos OS Release 16.1R7 for ACX Series.

Resolved Issues:16.1R6

Interfaces and Chassis

  • On ACX Series router, the show snmp mib walk jnxOperatingState CLI command output displayed CB status as down. PR1191995

Documentation Updates

There are no errata changes in Junos OS Release 16.1R7 for ACX Series documentation.

Migration, Upgrade, and Downgrade Instructions

This section contains the upgrade and downgrade support policy for Junos OS for the ACX Series Universal Metro Routers. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network.

For information about software installation and upgrade, see the Installation and Upgrade Guide.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 14.1, 14.2, 15.1 and 16.1 are EEOL releases. You can upgrade from Junos OS Release 14.1 to Release 15.1 or from Junos OS Release 15.1 to Release 16.2. However, you cannot upgrade directly from a non-EEOL release that is more than three releases ahead or behind.

To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.

Product Compatibility

Hardware Compatibility

To obtain information about the components that are supported on the devices, and the special compatibility guidelines with the release, see the Hardware Guide for the product.

To determine the features supported on ACX Series routers in this release, use the Juniper Networks Feature Explorer, a Web-based application that helps you to explore and compare Junos OS feature information to find the right software release and hardware platform for your network. Find Feature Explorer at https://pathfinder.juniper.net/feature-explorer/.