Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Changes in Behavior and Syntax

 

This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands from Junos OS Release 17.1R2 for MX Series routers.

Interfaces and Chassis

  • Support for maximum queues configuration on MPC7E, MPC8E, and MPC9E (MX Series)—Starting in Junos OS 17.1R1, you can configure the maximum number of queues per MPC on MPC7E, MPC8E, and MPC9E. By default, these MPCs operate in per port queuing mode.

    You can use the set chassis fpc slot-number max-queues queues-per-line-card command to configure number of queues per MPC. The possible values for queues-per-line-card are 8k, 16k, 32k, 64k, 128k, 256k, 512k, or 1M.

    Per-unit scheduling and hierarchical queuing on MPC7E, MPC8E, and MPC9E are licensed features.

    You cannot configure the max-queues and the flexible-queuing-mode statements at the same time. You use the flexi-queuing-mode statement to configure a maximum of 32,000 queues per MPC.

    If the max-queues statement is not configured, which is the default mode, the MPC starts with a message similar to the following:

    FPC 0 supports only port based queuing. A license is required for per-VLAN and hierarchical features.

    If the max-queues statement is configured and the value is less than or equal to 32,000, the MPC starts with a message similar to the following:

    FPC 0 supports port based queuing and is configured in 16384 queue mode. A limited per-VLAN queuing license is required for per VLAN and hierarchical queuing features.

    If the max-queues statement is configured and the value is greater than 32,000, the MPC starts with a message similar to the following:

    FPC 0 supports port based queuing and is configured in 524288 queue mode. A full scale per-VLAN queuing license is required for per VLAN and hierarchical queuing features.

    [See Understanding Hierarchical Scheduling for MIC and MPC Interfaces

    and Flexible Queuing Mode Overview.]

  • Changes to show interfaces interface-name extensive output (MX Series)—Starting in Junos OS Release 15.1R7, 16.1R5, 16.2R2, and 17.1R2, the MAC Control Frames field of the show interface interface-name extensive command for a specified 10-Gigabit Ethernet interface displays a value of zero. In previous releases, the value for this field was calculated. Because of continuous traffic and as a result of the calculations, the value displayed for this field changed continuously.

Junos OS XML API and Scripting

  • XML output change for show subscribers summary port command (MX Series)—Starting in Junos OS Release 17.1R1, the display format changed for the show subscribers summary port command to make parsing the output easier. The output is displayed as in the following example:

    user@host> show subscribers summary port | display xml

    In earlier releases, that output is displayed as in the following example:

    user@host> show subscribers summary port | display xml

LDP

  • Importing IS-IS tag value into LDP (MX Series)—Starting in Junos OS Release 17.1R1, when a tag value is assigned to an IS-IS route, the IS-IS tag value is imported and used by LDP while installing the route in the inet.3 and mpls.0 routing tables if the track-igp-metric command is configured. This enables policy configuration to be applied on the inet.3 and mpls.0 routing tables based on the imported tag value.

Management

  • Enhancement to Junos Telemetry Interface (MX Series)—Starting with Junos OS Release 17.1R1, Junos Telemetry Interface data streamed through gRPC no longer includes the phrase oc-path in the prefix field. For example, a physical interface sensor streaming data for interface et-0/0/0:0 now displays the following output: str_value:/interfaces/interface[name='et-0/0/0:0']/.

  • Enhancement to NPU memory sensors for Junos Telemetry Interface (MX Series)—Starting with Junos OS Release 17.1R2, the path used to subscribe to telemetry data for network processing unit (NPU) memory and NPU memory utilization through gRPC has changed. The new path is /components/component[name="FPC<fpc-id>:NPU<npu-id>"]/

    [See Guidelines for gRPC Sensors.]

MPLS

  • Representation for OSPF DR node—Up until version -10 of the BGP-LS draft, the OSPF DR node representation was ambiguous. One could represent DR node as 'AdvertisingRouterId-InterfaceIpAddress' or 'InterfaceIpAddress-1'. Junos OS used to follow 'InterfaceIpAddress-1' format. Starting with version '-11' of the BGP-LS draft, the representation for OSPF DR node must be 'AdvertisingRouterId-InterfaceIpaddress'. Junos OS now follows the latest format.

  • PPPoE subscribers do not bind over ps interfaces (MX Series)—Starting with Junos OS Release 17.1R1, the termination of single, multiple, and dual-tagged service delimited VLANs are transported over a single Ethernet CCC pseudowire using ps virtual port devices. This feature provides scaled Layer 3 service application at the pseudowire head-end termination appliance. This behavior is as an extension and evolution for ethernet pseudowire that is described in RFC 4448.

  • New field for LSP ping egress interface failure (MX Series)—Starting in Junos OS 17.1R1, if an LSP ping is started and the chosen egress interface fails, pings are still sent to the failed interface and then dropped. The ping must be manually stopped and restarted to select a working interface to the destination (if one exists). To help detect this ping situation, a new field, Packets dropped due to ifl down, has been added to the output of the show system statistics mpls command.

    [See <url href=https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/show-system-statistics-mpls.html>show system statistics mpls </url>]

Network Management and Monitoring

  • SNMP syslog messages changed (MX Series)—Starting in Junos OS Release 17.1R1, two misleading SNMP syslog messages have been rewritten to accurately describe the event:

    • OLD --AgentX master agent failed to respond to ping. Attempting to re-register

      NEW –- AgentX master agent failed to respond to ping, triggering cleanup!

    • OLD –- NET-SNMP version %s AgentX subagent connected

      NEW --- NET-SNMP version %s AgentX subagent Open-Sent!

    [See the MIB Explorer.]

  • MIB buffer overruns only be counted under ifOutDiscard (MX Series)—The change done via PR 1140400 introduced a CVBC where qdrops (buffer overruns) were counted under ifOutErrors along with ifOutDiscards. This is against RFC 2863 where buffer overruns should only be counted under ifOutDiscards and not under ifOutErrors. In Junos OS Release 17.1R1, this is now fixed.

  • Hard-coded RFC 3635 MIB OIDs updated (MX Series)—In Junos OS Release 17.1R2, the following RFC 3635 MIB OIDs have been updated as default values:

    • dot3StatsFCSErrors and dot3HCStatsFCSErrors, framing errors

    • dot3StatsInternalMacReceiveErrors and dot3HCStatsInternalMacReceiveErrors, MAC statistics: Total errors (Receive)

    • dot3StatsSymbolErrors and dot3HCStatsSymbolErrors, code violations

    • dot3ControlFunctionsSupported, flow control

    • dot3PauseAdminMode, flow control

    • dot3PauseOperMode, auto-negotiation

    [See the SNMP Explorer.]

  • Enhancement to SMNPv3 traps for contextName field (MX Series)—Starting in Junos OS Release 17.1R2, the contextName field in SNMPv3 traps generated from a non-default routing instance, is populated with the same routing-instance information as is given in SNMPv2 traps. SNMPv2 traps provide the routing-instance information as context in the form of context@community. This information gives the network monitoring system (NMS) the origin of the trap, which is information it might need. But in SNMPv3, until now, the contextName field was empty. For traps originating from a default routing instance, this field is still empty, which now indicates that the origin of the trap is the default routing instance.

    [See SNMP MIB Explorer.]

  • Update to SNMP support of apply-path statement (MX Series)—In Junos OS Release 17.1R2, SNMP implementation for the apply-path configuration statement supports only two lists:

    • apply-path "policy-options prefix-list <list-name> <*>"

      This configuration has been supported from day 1.

    • apply-path "access radius-server <*>"

      This configuration is supported as of this release.

  • Juniper MIBs Loading Errors Fixed (MX Series)—In junos OS Release 17.1R1, duplicated entries and errors while loading MIBs on ManageEngine MIB browser are fixed for the following MIB files:

    • jnx-gen-set.mib

    • jnx-ifotn.mib

    • jnx-optics.mib

    [See MIB Explorer.]

Operation, Administration, and Maintenance (OAM)

  • Change in behavior of the Ethernet OAM CFM process (MX Series)—When you deactivate the connectivity fault management (CFM) protocol, the CFM process (cfmd) stops. When you activate CFM protocol, cfmd starts.

    In releases before Junos OS Release 16.1R1, when you deactivate the CFM protocol, the CFM process continues to run.

Routing Protocols

  • Optimization of link-state packets (LSPs) flooding in IS-IS (MX Series)—Starting in Junos OS Release 17.1R1, flooding of LSPs in IS-IS no longer occurs as a result of the commitment of configuration changes unrelated to IS-IS. Now, when the router is not in the restart state, every time a new LSP is generated after a CLI commit, the contents of the new LSP are compared to the contents of the existing LSP already installed in the link-state database (LSDB) between Intermediate Systems. When the contents of the two LSPs do not match, the system does not process the new LSP or install it in the LSDB, and consequently does not flood it through the IS-IS network. The new behavior does not affect the rebuilding of LSPs after they refresh in the LSDB. No configuration is required to invoke the new behavior.

    In earlier releases, IS-IS generates new LSPs even when the configuration changes are not related to IS-IS. Because the new LSPs are flooded across the network and synchronized in the LSDB, this flooding process is time-consuming and CPU intensive in a scaled network environment.

  • Range of flow route rate-limit modified (MX Series)—Starting with Junos OS Release 17.1R1, the range of flow route rate-limit has changed from [9600..1000000000000] to [0..1000000000000]. Earlier Junos OS releases had range restrictions for flow route rate-limit at the [edit routing-options flow route flow then] hierarchy level. Junos OS can now accept any configured rate-limit value. If the rate limit is set in the range of 0 through 999, the Packet Forwarding Engine discards the packets. For configured rate limit value between 1000 and 1000000000000, Junos OS sets the corresponding value in kbps as the rate limit.

  • Change in default behavior of router capability (MX Series)—In Junos OS Release 17.1R1 and later releases, the router capability TLV distribution flag (S-bit), which controls IS-IS advertisements, will be reset, so that the segment-routing-capable sub-TLV is propagated throughout the IS-IS level and not advertised across IS-IS level boundaries.

  • Support for configuring higher PDU size for IS-IS hello packets (MX Series)—Starting with Junos OS Release 17.1R1, you can configure the maximum protocol data unit (PDU) size of an IS-IS hello packet to up to 16000 bytes. You can achieve the maximum PDU size by configuring the max-hello-size configuration statement at [edit protocol isis interface interface-name] hierarchy and [edit protocol isis] hierarchy and by configuring the hello-padding strict configuration at the[edit protocol isis] hierarchy. The max-hello-size statement configured at the interface level has a higher precedence than the configuration at the [protocol isis] instance level.

    Note

    The maximum hello-size configuration at the [protocol isis] instance level must be less than or equal to the max-hello-size at the interface International Organization for Standardization (ISO) maximum transmission unit (MTU) level and not the interface MTU.

    Previously, you could configure the max-hello-size configuration statement only at [edit protocol isis] hierarchy and the maximum size of IS-IS hello packets that were supported was 1492 bytes.

  • Weighted ECMP supports IS-IS SPRING next hops (MX Series)—Starting in Junos OS Release 17.1R1, one hop weighted ECMP feature supports iS-IS SPRING based next hops. Currently weighted ECMP for SPRING routes does not support multiple next hop addresses.

Security

  • Packet types added for DDoS protection L2TP policers (MX Series routers with MPCs, T4000 routers with FPC5)—Starting in Junos OS Release 17.1R1, the following eight packet types have been added to the DDoS protection L2TP protocol group to provide flexibility in controlling L2TP packets:

    cdn

    scccn

    hello

    sccrq

    iccn

    stopccn

    icrq

    unclassified

    Previously, no individual packet types were available for this protocol group and all L2TP packets were policed the same based on the aggregate policer value. The default values for the bandwidth and burst policers for all packet types is 20,000 pps. The default recover-time is 300 seconds for each of the L2TP packet types.

    [See protocols (DDoS).]

Services Applications

  • Deprecated security IDP statements (MX Series)—In Junos Release 17.1R1 and later releases, [edit security idp] configuration statements are deprecated for the MX Series routers.

  • Device discovery with device-initiated connection (MX Series)—In Junos OS Release 17.1R1 and later releases, when you configure statements and options under the [system services ssh] hierarchy and commit the configuration, make sure that the system reaches a stable state before you commit any outbound-ssh configurations.

    You use the device discovery feature in the Devices workspace to add devices to Junos Space Network Management Platform. By default, Junos Space manages devices by initiating and maintaining a connection to the device.

    [See Device Discovery Overview.]

  • Change in enforcement of maintenance mode for changes to PCC action profiles (MX Series)—Starting with Junos OS Release 17.1R1, a commit error occurs when you change the logging-rule or steering statements at the [edit unified-edge pcef pcc-action-profiles profile-name] hierarchy level if the TDF gateway is not in maintenance mode. Prior to Junos OS Release 17.1R1, a commit error was not displayed.

Subscriber Management and Services

  • Changes to the test aaa authd-lite user, test aaa dhcp user, and test aaa ppp user commands (MX Series)—Starting in Junos OS Release 17.1R1, the following changes have been made to the test aaa user commands:

    • The Virtual Router Name and Routing Instance fields became the Virtual Router Name (LS:RI) field.

    • The Redirect VR Name field was renamed to Redirect VR Name (LS:RI).

    • The Attributes area in the CLI output header section was renamed to User Attributes.

    • The IGMP field was renamed to IGMP Enable.

    • The IGMP Immediate Leave and the MLD Immediate Leave default values changed from disabled to <not set>.

    • The Chargeable user identity value changed from an integer to a string.

    • The Virtual Router Name field was added to the display for the DHCP client.

    • The commands display only attributes that are supported by Junos OS; these attributes appear even when their values are not set. The Virtual Router Name (LS:RI) field matches the Juniper Networks Virtual-Router VSA (26-1), if present; otherwise, the field displays default:default. The displayed value for all other attributes that are not received is <not set>.

      [See test aaa authd-lite user, test aaa dhcp user, and test aaa ppp user.]

  • interfaces statement restored for ESSM subscriber secure policy (MX Series)—Starting in Junos OS Release 17.1R1, the interfaces statement was undeprecated at the [edit services radius-flow-tap] hierarchy level. When you use subscriber secure policies to mirror ESSM interfaces, you must configure the virtual tunnel (vt) interfaces that are used to send the mirrored packets to a mediation device. In some earlier releases, this statement was erroneously deprecated and hidden.

    [See interfaces (Subscriber Secure Policy).]

  • New option to display all pending accounting stops (MX Series)—Starting in Junos OS Release 17.1R1, the brief option is added to the show accounting pending-accounting-stops command. This option displays the current count of pending RADIUS accounting stop messages for subscribers, services, and total combined stops. The output is displayed as follows:

    user@host> show accounting pending-accounting-stops brief

    [See show accounting pending-accounting-stops brief.]

  • Change to DHCP option 82 suboptions support to differentiate duplicate clients (MX Series)—Starting in Junos OS Release 17.1R2, only the ACI (suboption 1) and ARI (suboption 2) values from the option 82 information are considered when this information is used to identify unique clients in a subnet. Other suboptions, such as Vendor-Specific (suboption 9), are ignored.

  • Change in display of IPv6 Interface Address field by the show subscribers extensive command (MX Series)—Starting in Junos OS 17.1R2, the show subscribers extensive command displays the IPv6 Interface Address field only when the dynamic profile includes the $junos-ipv6-address predefined variable.

    In earlier releases, the command always displays this field, even when the variable is not in the profile. In this case, the field shows the value of the first address from the Framed-IPv6-Prefix attribute (97).

  • Traffic shaping and L2TP tunnel switches (MX Series)—Starting in Junos OS Release 17.1R1, when a dynamic profile attaches a statically configured firewall filter to an L2TP tunnel switch (LTS) session, the filter polices traffic from the LTS (acting as a LAC) to the ultimate endpoint LNS, in addition to the previously supported traffic from the LAC to the LTS (acting as an LNS). In previous releases, the firewall filter applied to only the traffic from the LAC to the LTS.

  • Default L2TP resynchronization method changed and statement deprecated (MX Series)—Starting in Junos OS Release 17.1R2, the default resynchronization method for L2TP peers in the event of a control connection failure is changed to silent failover. In earlier releases, the default method is failover-protocol-fall-back-to-silent-failover. The silent failover method is preferred because it does not keep tunnels open without traffic flow, waiting for the failed peer to recover and resynchronize. You can use the new failover-resync statement at the edit services l2tp tunnel hierarchy level to specify either failover protocol or silent failover as the resynchronization method.

    Because silent failover is now the default, the disable-failover-protocol statement is no longer needed and has been deprecated. If you upgrade to this release with a configuration that includes this statement, it is supported, but the CLI notifies you it is deprecated.

  • IPv6 Link Local Addresses Assigned to Underlying Static Demux Interfaces (MX Series)—Starting in Junos OS Release 17.1R2, when you are using Router Advertisement for IPv6 subscribers on dynamic demux interfaces that run over underlying static demux interfaces, configure the software to use the same link-local address for both interfaces. In this case, the link-local address for the underlying interface should be based the MAC address of the underlying interface. The following statement causes the system to assign an address using the 64-bit Extended Unique Identifier (EUI-64) as described in RFC 2373:

System Management

  • Peers option not supported in batch configuration mode— Starting in Junos OS Release 17.1R1, the peers option at the [edit system commit] hierarchy level is not supported in batch configuration mode.

User Interface and Configuration

  • Integers in configuration data in JSON format are displayed without quotation marks (MX Series)—Starting in Junos OS Release 17.1R1, integers in Junos OS configuration data emitted in JavaScript Object Notation (JSON) format are not enclosed in quotation marks. Prior to Junos OS Release 17.1R1, integers in JSON configuration data were treated as strings and enclosed in quotation marks.

  • Changes to the show system schema module juniper-command output directory (MX Series)—Starting in Junos OS Release 17.1R1, when you issue the show system schema module juniper-command operational command in the Junos OS CLI, the device places the generated output files in the current working directory, which defaults to the user’s home directory. Prior to Junos OS Release 17.1R1, the generated output files are placed in the /var/tmp directory.

  • SLAX scripts included as part of the Junos OS image (MX Series)—In Junos OS Release 17.1R1 and later releases, the Stylesheet Language Alternative Syntax (SLAX) scripts services-oids-ev-policy.slax, services-oids.slax, and utils.slax are included as part of the Junos OS image and automatically copied to the required location on the router when you install Junos OS.

VPNs

  • EVPN E-tree extended community (MX Series)—In Junos OS Releases 17.1R2, and later releases, the E-tree leaf indication bit and leaf label in EVPN E-tree extended community follows the E-tree Extended Community as defined in the E-TREE Support in EVPN & PBB-EVPN IET IETF draft. A mixed network environment with routers running versions of Junos OS without this fix and routers with this fix would encounter unexpected forwarding behavior. Junos OS Release 16.1R4 has the incorrect label indication bit and leaf label encoding.

  • EVPN extended community and ISID using standard IANA value (MX Series)—Starting in Junos OS Release 17.1R2, the router MAC extended community and service identifier (ISID) sub-type values have been corrected to use the Internet Assigned Numbers Authority (IANA) standardized value. In Junos OS Release 17.1R1, when you configure EVPN extended community using a pure type 5 routing mode with VXLAN encapsulation, you might encounter routing issues with the router from another vendor.

  • Support for ping on a virtual gateway address (MX Series)—In Junos OS Release 17.1R2, Junos supports pinging an IPv4 or IPv6 address on the preferred virtual gateway interface. To set up support for ping, you must include both the virtual-gateway-accept-data and the preferred statements at the [edit interfaces irb unit] hierarchy of the preferred virtual gateway. This enables the interface on the preferred virtual gateway to accept all packets for the virtual IP address, including ping packets.