Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for MX Series 5G Universal Routing Platforms

 

These release notes accompany Junos OS Release 17.2R3 for the MX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

New and Changed Features

This section describes the new features and enhancements to existing features in Junos OS main release and the maintenance releases for MX Series.

Release 17.2R3 New and Changed Features

Interfaces and Chassis

  • Enhancement to increase the threshold of corrected single-bit errors (MPC7E, MPC8E, MPC9E on MX Series)—In Junos OS Release 17.2R3, the threshold of corrected single-bit error is increased from 32 to 1024, and the alarm severity is changed from Major to Minor for those error messages. There is no operational impact upon corrected single bit errors. Also, a log message is added to display how many single-bit errors have been corrected between the reported events as follows:

    EA[0:0]: HMCIF Rx: Link0: Corrected single bit errordetected in HMC 0 - Total count 25

    EA[0:0]: HMCIF Rx: Link0: Corrected single bit errordetected in HMC 0 - Total count 26

    [See Alarm Overview.]

Restoration Procedures Failure

  • Device recovery mode introduced in Junos OS with upgraded FreeBSD (MX Series)—In Junos OS Release 17.2R3, for devices running Junos OS with upgraded FreeBSD, provided you have saved a rescue configuration on the device, there is an automatic device recovery mode that goes into action should the system go into amnesiac mode. The new process is for the system to automatically retry to boot with the saved rescue configuration. In this circumstance, the system displays a banner "Device is in recovery mode” in the CLI (in both the operational and configuration modes). Previously, there was no automatic process to recover from amnesiac mode. A user with load and commit permission had to log in using the console and fix the issue in the configuration before the system would reboot.

    [See Saving a Rescue Configuration File.]

Subscriber Management and Services

  • Controlling search behavior for address allocation from linked pools (MX Series)—Starting in Junos OS Release 17.2R3, you can use the linked-pool-aggregation statement at the [edit access] hierarchy level to change how addresses are allocated from linked IP address pools. When you configure the statement, addresses can be assigned from a later pool in the chain before an earlier pool is depleted. When the statement is not configured, IP addresses are assigned contiguously, so that all addresses are allocated from the matching pool and then the first pool in the chain before addresses are assigned from a linked pool.

    [See Configuring Address-Assignment Pool Linking.]

Release 17.2R2 New and Changed Features

Multicast

  • Improved multicast performance using distributed IGMP (MX Series)—Starting in Junos OS Release 17.2R2, you can improve multicast performance by using the distributed Internet Group Management Protocol (IGMP). Distributed IGMP moves IGMP processing from the Routing Engine to the Packet Forwarding Engine. When you configure distributed IGMP, join and leave events are processed across multiple Modular Port Concentrators (MPCs) on the Packet Forwarding Engine. Instead of being processed through a centralized routing protocol process (rpd) on the Routing Engine, this improves performance and decreases join and leave latency.

    For distributed IGMP to function properly, you must configure enhanced IP network services by including the enhanced-ip statement at the [edit chassis network-services] hierarchy level. To enable distributed IGMP on static interfaces, include the distributed statement at the [edit protocols igmp interface interface-name] hierarchy level. To enable distributed IGMP on dynamic interfaces, include the distributed statement at the [edit dynamic-profiles profile-name protocols igmp interface $junos-interface-name] hierarchy level.

    You can optionally configure specific multicast groups to join statically by including the distributed option at one of the following hierarchy levels:

    • [edit protocols pim static]

    • [edit protocols pim static group multicast-group-address]

    • [edit protocols pim static group multicast-group-address source source-address]

    [See Understanding IGMP.]

Services Applications

  • Support for disabling the filtering of HTTP traffic with an embedded IP address belonging to a blacklisted domain (MX Series router)—Starting in Junos OS Release 17.2R2, you can disable the filtering of HTTP traffic that contains an embedded IP address belonging to a blacklisted domain name. To disable the filtering, include the disable-url-filtering statement at the [edit services url-filter profile profile-name template template-name] hierarchy level when you are configuring URL filtering. However, if the embedded IP address is explicitly identified in the blacklisted URL database, the traffic is still filtered.

    [See Configuring URL Filtering.]

  • Maximum number of RPM probes increased (MX Series routers)—Starting in Junos OS Release 17.2R2, you can configure the maximum allowed number of concurrent real-time performance monitoring (RPM) probes on an MX Series router to be as high as 2000. In Junos OS Release 17.2R1 and earlier, you can configure the maximum number to be as high as 500.

    [See Limiting the Number of Concurrent RPM Probes.]

Subscriber Management and Services

  • Support for excluding tunnel attributes from RADIUS Access-Request messages (MX Series)—Starting in Junos OS Release 17.2R2, you can use the exclude statement at the [edit access profile profile-name radius attribute] hierarchy level to exclude the following tunnel attributes from RADIUS Access-Request messages in addition to the previously supported Accounting-Start and Accounting-Stop messages:

    • acct-tunnel-connection—RADIUS attribute 68, Acct-Tunnel-Connection

    • tunnel-assignment-id—RADIUS attribute 82, Tunnel-Assignment-Id

    • tunnel-client-auth-id—RADIUS attribute 90, Tunnel-Client-Auth-Id

    • tunnel-client-endpoint—RADIUS attribute 66, Tunnel-Client-Endpoint

    • tunnel-medium-type—RADIUS attribute 65, Tunnel-Medium-Type

    • tunnel-server-auth-id—RADIUS attribute 91, Tunnel-Server-Auth-Id

    • tunnel-server-endpoint—RADIUS attribute 67, Tunnel-Server-Endpoint

    • tunnel-type—RADIUS attribute 64, Tunnel-Type

Release 17.2R1 New and Changed Features

Hardware

  • RE-S-X6-64G-LT Routing Engine and REMX2K-X8-64G-LT CB-RE Routing Engines(MX Series)—Starting with Junos OS release 17.2R1, MX Series Routers support the following new Routing Engine and CB-RE:

    • RE-S-X6-64G-LT Routing Engine

    • REMX2K-X8-64G-LT CB-RE

    [See MX240 Routing Engine Description, MX480 Routing Engine Description, MX960 Routing Engine Description, and MX2000 Host Subsystem Description.]

    Note

    The Routing Engines are equipped with limited encryption support only. The Junos Limited image does not have data plane encryption and is intended only for countries in the Eurasian Customs Union because these countries have import restrictions on software containing data plane encryption. See Junos OS Editions.

  • Junos OS support for MX2008 routers—In Junos OS Release 15.1F7 and 17.2R1, Junos OS supports the MX2008 Universal Routing Platform (model number: CHAS-MX2008). The MX2008 router is a 10-slot half-rack chassis with increased port density, but uses less space and consumes less power. Additionally, with the MX2008, you can scale bandwidth up to 1.6 Tbps per slot by using a chassis that is approximately half a rack in size.

    The MX2008 router is an Ethernet-optimized edge router that provides both switching and carrier-class Ethernet routing. The router enables a wide range of business and residential applications and services, including high-speed transport and VPN services, next-generation broadband multiplay services, and high-volume Internet data center networking.

Class of Service (CoS)

  • Support for user-configurable traffic class map (MX Series routers with MPCs) — Beginning with Junos OS Release 17.2R1, MX Series routers with MPCs support a user-configurable input priority map, known as a traffic-class-map, that enables you to prioritize and classify input traffic entering a Packet Forwarding Engine during ingress oversubscription. You can define traffic class maps for a packet based on DSCP, IP precedence, MPLS EXP, IEEE 802.1p, and IEEE 802.1ad CoS values and associate these CoS values with real-time, network-control, and best-effort traffic classes.

    [See Managing Ingress Oversubscription at the PFE.]

  • CoS-based forwarding support for up to 16 forwarding classes (MX Series and PTX Series)— Beginning with Junos OS Release 17.2R1, MX Series routers with MPCs or MS-DPCs, vMX, PTX3000 routers, PTX5000 routers, and VPTX support configuring CoS-based forwarding (CBF) for up to 16 forwarding classes. All other platforms support CBF for up to 8 forwarding classes. To support up to 16 forwarding classes for CBF on MX routers, enable enhanced-ip at the [edit chassis network-services] hierarchy level.

    [See Forwarding Policy Options Overview.]

  • Propagating CoS shaping rate adjustments that are based on multicast traffic (MX Series)—Starting in Junos OS Release 17.2R1, you can set up CoS shaping rate adjustments that are based on multicast traffic to be propagated to the parent in the scheduler hierarchy. For service providers that are using interface sets to deliver services such as voice and data and multicast VLANs (M-VLANs) to deliver broadcast television, you can set up CoS so that when a subscriber begins receiving multicast traffic, the shaping rate of the subscriber interface is adjusted to account for the multicast traffic. You can now set up the CoS multicast adjustment to be propagated from the subscriber interface to the interface set, which is the parent in the scheduler hierarchy. This feature prevents oversubscription of the multicast replicator, such as a PON, which can result in dropped traffic and service disruption.

    [See Using Hierarchical CoS to Adjust Shaping Rates Based on Multicast Traffic.]

EVPNs

  • Support for ARP proxy and suppressing of ARP flooding with EVPN (MX Series routers with MPCs)—Starting in Junos OS Release 17.2R1, a provider edge (PE) router can function as an Address Resolution Protocol (ARP) proxy with EVPN configured. The ARP proxy/suppression capability is enabled by default. For EVPN instances with IRB interfaces ARP flooding will be suppressed. To disable proxy and suppression of ARP flooding, include the no-arp-suppression statement at the [edit bridge-domains bridge-domain-name] hierarchy level.

    [See EVPN Proxy ARP and ARP Suppression and Network Discovery Protocol and Network Discovery Protocol Suppression.]

  • NSR and unified ISSU support for EVPN-VPWS and PBB-EVPN—Starting in Junos OS Release 17.2R1, Junos OS supports NSR and unified ISSU on VPWS with EVPN and provider backbone bridging (PBB) EVPN. NSR and GRES enable the routing system to switch over from a primary Routing Engine to a backup Routing Engine while continuing to forward packets.

    Unified ISSU enables you to upgrade between two different Junos OS releases with no disruption on the control plane and with minimal disruption of traffic. Unified ISSU upgrade is only supported by dual Routing Engine platforms. Unified ISSU requires both GRES and NSR to be enabled.

    To enable GRES, include the graceful-switchover statement at the [edit chassis redundancy] hierarchy level.

    To enable NSR, include the nonstop-routing statement at the [edit routing-options] hierarchy level and the commit synchronize statement at the [edit system] hierarchy level.

    [See Overview of VPWS with EVPN Signaling Mechanisms and Provider Backbone Bridging (PBB) and EVPN Integration for Data Center Interconnect Overview.]

  • Unified ISSU support for EVPN and VXLAN—Starting in Junos OS Release 17.2R1, Junos OS supports Unified ISSU on EVPN and VXLAN. Unified ISSU enables you to upgrade between two different Junos OS releases with no disruption on the control plane and with minimal disruption of traffic. Unified ISSU upgrade is only supported by dual Routing Engine platforms. Unified ISSU requires both GRES and NSR to be enabled.

    To enable GRES, include the graceful-switchover statement at the [edit chassis redundancy] hierarchy level.

    To enable NSR, include the nonstop-routing statement at the [edit routing-options] hierarchy level and the commit synchronize statement at the [edit system] hierarchy level.

    [See NSR and Unified ISSU Support for EVPN Overview and PIM NSR and Unified ISSU Support for VXLAN Overview.]

  • Support for EVPN E-Tree service—Starting in Release 17.2R1, Junos OS enables you to configure Ethernet VPN E-Tree service. The EVPN E-Tree feature implements E-Tree service as defined by the Metro Ethernet Forum (MEF) in draft-sajassi-l2vpn-evpn-etree-03. The E-Tree service is a rooted-multipoint service that is supported only with EVPN over MPLS in the core. In an EVPN E-Tree service, each customer edge (CE) device attached to the EVPN E-Tree service needs to be designated as either root or leaf. If an interface is not configured for a role, it is assigned the role of “root” by default.

    The service adheres to the following forwarding rules:

    • A leaf can send or receive traffic only from a root.

    • A root can send traffic to another root or any of the leaf devices.

    • A leaf or root can be connected to provider edge (PE) devices in single homing mode or multihoming mode.

    To configure an Ethernet VPN E-Tree service, use set evpn-etree at the edit routing-instances <routing-instance_name> protocols evpn hierarchy level.

    To configure an interface as leaf, use set etree-ac-role leaf at the [edit interfaces <interface-name> unit <interface-unit-number>] hierarchy level.

    To configure an interface as root, use set etree-ac-role root at the [edit interfaces <interface-name> unit <interface-unit-number>] hierarchy level.

    [See EVPN-ETREE Overview.]

  • Interconnecting data center networks over WAN (MX Series)—Starting in Junos OS Release 17.2R1, you can interconnect data center networks running Ethernet VPN (EVPN) with Virtual Extensible LAN (VXLAN) encapsulation through a WAN running MPLS-based EVPN. This feature enables you to:

    • Connect data center edge routers over MPLS-based EVPN WAN for data center interconnections.

    • Interconnect EVPN-VXLAN and EVPN-MPLS using logical tunnel (lt-) interface on data center edge routers.

    [See EVPN-VXLAN Data Center Interconnect Through EVPN-MPLS WAN Overview.]

  • Integrating PBB with EVPN (MX Series with MPCs and MICs)—Starting in Junos OS Release 17.2R1, the integration of provider backbone bridging (PBB) with Ethernet VPN (EVPN) is supported. With PBB-EVPN, the control plane learning across the core is significantly reduced, allowing a huge number of Layer 2 services, such as data center connectivity, to transit the network in a simplified manner.

    In a PBB-EVPN network, the backbone core bridge (BCB) device in the PBB core is replaced with MPLS, while retaining the service scaling properties of the PBB backbone edge bridge (BEB). The B-component (provider routing instance) is signaled using EVPN BGP signaling and encapsulated inside MPLS using provider edge (PE) and provider (P) devices. Thus, PBB-EVPN combines the vast scaling property of PBB with the simplicity of a traditional basic MPLS core network, resulting in significant reduction in the amount of network-wide state information, as opposed to regular PBB.

    [See Provider Backbone Bridging (PBB) and EVPN Integration Overview.]

  • NSR and unified ISSU support for EVPN-ETREE—Starting in Junos OS Release 17.2R1, Junos OS supports NSR and unified ISSU for EVPN-ETREE services. NSR and GRES enables the routing system to switch over from a primary Routing Engine to a backup Routing Engine while continuing to forward packets.

    Unified ISSU enables you to upgrade between two different Junos OS releases with no disruption on the control plane and with minimal disruption of traffic. Unified ISSU upgrade is only supported by dual Routing Engine platforms. Unified ISSU requires both GRES and NSR to be enabled.

    To enable GRES, include the graceful-switchover statement at the [edit chassis redundancy] hierarchy level.

    To enable NSR, include the nonstop-routing statement at the [edit routing-options] hierarchy level and the commit synchronize statement at the [edit system] hierarchy level.

    [See EVPN-ETREE Overview.]

  • MAC pinning support for PBB-EVPN (MX Series with MPCs)—Starting in Junos OS Release 17.2R1, the MAC pinning feature is enabled on provider backbone bridging (PBB) and Ethernet VPN (EVPN) integration, including customer edge (CE) interfaces and EVPN over PBB core in both all-active or single-active mode.

    To configure MAC pining for PBB-EVPN, include the mac-pinning statement at the [edit routing-instances pbbn protocols evpn], where pbbn is the PBB routing instance over backbone port (B-component). With this configuration, the dynamically learned MAC addresses in the PBB I-component (customer routing instance) bridge domain over CE interfaces, as well as PBB-MPLS core interfaces, are pinned. This prevents MAC move on duplicate MAC detection, avoiding loop creation in a network. The duplicate MAC addresses are blocked, and data is dropped if traffic is received on any interface other than the interface on which it is pinned.

    [See PBB-EVPN MAC Pinning Overview.]

Forwarding and Sampling

  • Support for multiple server instances under a given interface. (MX Series)—Starting in Junos OS Release 17.2R1, you can specify multiple Domain Name System (DNS), Trivial File Transfer Protocol (TFTP), or BOOTP servers instances under a given helper port interface. The same packet, with the originator IP address and port requests, is forwarded to the different configured servers; the payload of the UDP packet is not modified.

    [See DNS, Port, and TFTP Service Servers.]

  • Improved load balancing for L2TP data transit traffic (MX Series)—Starting in Junos OS Release 17.2, L2TP load balancing can occur on a per-tunnel basis, or within the same tunnel, on a per-session basis, for better distribution of packets. To enable this feature, enable the l2tp-tunnel-session-identifier command at the [edit forwarding-options hash-key family inet] hierarchy level.

    [See l2tp-tunnel-session-identifier.]

General Routing

  • Support for PTP, Synchronous Ethernet, and hybrid mode over link aggregation group (MX104, MX240, MX480, MX960, MX2010)—Starting in Junos OS Release 17.2R1, the MPC5E, MPC6E, MPC3E NG, and MPC2E NG MPCs support Precision Time Protocol (PTP), Synchronous Ethernet, and hybrid mode over a link aggregation group (LAG).

    Link aggregation is a mechanism of combining multiple physical links into a single virtual link to achieve linear increase in bandwidth and to provide redundancy in case a link fails. The virtual link is referred to as an aggregated Ethernet interface or a LAG.

  • OpenConfig: BGP routing table - Support for operational state model (MX Series)—Starting in Junos OS 17.2R1, the OpenConfig BGP RIB routing table supports local-rib for IPV4 and IPV6. The Openconfig-rib-bgp.yang model supports five logical RIBs per address family. There are five tables for IPv4 routes and five tables for IPv6 routes.

  • Support for PTP over Ethernet, hybrid mode, and G.8275.1 profile (MPC6E, MPC2E NG, MPC3E NG MPCs)—Starting in Junos OS Release 17.2R1, MPC6E, MPC2E NG, and MPC3E NG MPCs support the following features:

    • PTP over Ethernet— PTP over Ethernet enables effective implementation of packet-based technology that enables the operator to deliver synchronization services on packet-based mobile backhaul networks. PTP over Ethernet uses multicast addresses for communication of PTP messages between the slave clock and the master clock.

    • Hybrid mode— In hybrid mode, the synchronous Ethernet equipment clock (EEC) derives the frequency from Synchronous Ethernet and the phase and time of day from PTP.

    • G.8275.1 profile— G.8275.1 is a PTP profile for applications that require accurate phase and time synchronization. It supports the architecture defined in ITU-T G.8275 to enable the distribution of phase and time with full timing support and is based on the second version of PTP defined in IEEE 1588. You can configure the G.8275.1 profile by including the profile-type g.8275.1 statement at the [edit protocols ptp] hierarchy level.

    Note

    PHY timestamping is supported on MPC2E NG and MPC3E NG only with MIC-3D-20GE-SFP-E.

    [See Precision Time Protocol Overview].

  • Enhancements to Precision Time Protocol feature (MX104)—Starting in Junos OS Release 17.2R1, the Precision Timing Protocol (PTP) feature in MX104 routers has been enhanced with the following changes:

    • After PTP is phase-aligned, if the system up time is less than 30 minutes and the PTP source is lost before 30 minutes, the PTP state will be moved to freerun. On the other hand, if the system up time is more than 30 minutes and the PTP source is lost, the PTP state will move to holdover.

    • If PTP is never phase-aligned and PTP source is lost, the PTP state shall move to freerun.

    • While operating in PTP Hybrid mode, the state of PTP will be in holdover for 8 days after a PTP clock source is lost but a valid high stratum SyncE source is present.

    • PTP state will transition to holdover irrespective of the current state of acquiring or phase aligned as long as PTP was phase-aligned once and system uptime was more than 30 minutes.

  • New command to display upstream and downstream clock information (MX104)—Starting with Junos OS Release 17.2R1, a new show command, show ptp all-master-clock, , is introduced to display all the upstream master information and clock advertised to downstream. This command is supported only on MX104 routers.

  • OpenConfig: Supporting for the BGP model in Junos OS (MX Series)—Starting in Junos OS 17.2R1, the configuration leaf devices defined in the openconfig-bgp.yang and openconfig-bgp-multiprotocol.yang files are supported.

High Availability (HA) and Resiliency

  • Warm standby mode for routing protocols process (MX Series)—Starting in Junos OS Release 17.2R1, you can set the routing protocol process (rpd) mode to warm-standby by using the set routing-options warm-standby command. Warm standby mode helps the backup Routing Engine stay synchronized with the master Routing Engine, allowing for faster Routing Engine switchover during GRES.

    [See warm-standby.]

  • Support for unified ISSU on MX Series routers and MX Series Virtual Chassis with MPC3E-3D-NG, MPC3E-3D-NG-Q, MPC2E-3D-NG, MPC2E-3D-NG-Q, and MPC5E (MX240, MX480, MX960, MX2010, and MX2020)—Starting with Release 17.2R1, Junos OS supports unified ISSU on MX Series routers and MX Series Virtual Chassis with MPC3E-3D-NG, MPC3E-3D-NG-Q, MPC2E-3D-NG, MPC2E-3D-NG-Q, and MPC5E.

    Unified ISSU is supported on MPC5E with the following MICs in non-OTN mode:

    • 3X40GE QSFPP

    • 12X10GE-SFPP OTN

    • 1X100GE-CFP2

    • 2X10GE SFPP OTN

    Note

    Unified ISSU is not supported on MPC3E-3D-NG, MPC3E-3D-NG-Q, MPC2E-3D-NG, and MPC2E-3D-NG-Q with the following MICs:

    • MS-MIC-16G

    • MIC-3D-8DS3-E3

    • MIC-3D-1OC192-XFP

    Unified ISSU enables you to upgrade between two different Junos OS releases with no disruption on the control plane and with minimal disruption of traffic.

  • Kernel synchronization performance and debugging enhancements (MX Series)—Starting in Junos OS Release 17.2R1, the kernel synchronization process (ksyncd) uses multithreading for increased performance, and you can use new CLI commands for ksyncd debugging and recovery. Use the set system kernel-replication no-multithreading command to run ksyncd in single thread mode for debugging purposes. Use the set system kernel-replication system-reboot recovery-failure command to configure the automatic reboot of a standby Routing Engine after receiving a ksyncd initialization error.

    [See kernel-replication.]

Interfaces and Chassis

  • Software feature support on the MX2008—In Junos OS Release 15.1F7 and 17.2R1, the MX2008 router supports all software features that are supported by other MX Series routers in Junos OS Release 15.1F6.

    The following key Junos OS features are supported:

    • Basic Layer 2 features including Layer 2 Ethernet OAM and virtual private LAN service (VPLS)

    • Class of service (CoS)

    • Firewall filters and policers

    • Integrated routing and bridging (IRB)

    • Interoperability with existing MPCs (excluding the Application Services Modular Carrier Card, or AS-MCC)

    • Layer 2 protocols

    • Layer 2 VPNs, Layer 2 circuits, and Layer 3 VPNs

    • Layer 3 routing protocols and MPLS

    • Layer 3 services supported on MS-MIC and MS-MPC (for example, CGNAT, IP Security, inline active flow monitoring) and inline services

    • Multicast forwarding

    • Port mirroring

    • Spanning-tree protocols, such as STP, MSTP, RSTP, and VSTP

    • Synchronous Ethernet and Precision Time Protocol (IEEE 1588)

    • Tunneling

    • Graceful Routing Engine Switchover (GRES) and Non Stop Routing (NSR)

    MPCs and MICs supported on MX2008 routers—The MX2008 router (model number: CHAS-MX2008) supports all the MPCs (excluding AS-MCC) and MICs that are supported by the MX2000 line of routers.

    MPCs native to the MX2000 line of routers (MPC6E, MPC8E, and MPC9E) are supported without an adapter card, but other MPCs (MS-MPC, MPC1, MPC2, MPC3, MPC4, MPC5, MPC7, MPC2E-NG, MPC3E-NG, and all variants) are supported with an adapter card.

    Note

    MX2008 routers do not support the Application Services Modular Carrier Card (AS-MCC).

    [See MPCs Supported by MX240, MX480, MX960, MX2010, and MX2020 Routers.]

    Support for centralized clocking on MX2008 routers—In Junos OS Release 15.1F7 and 17.2R1, the MX2008 router (model number: CHAS-MX2008) uses the centralized Stratum 3 clock module on the Routing and Control Board (RCB) to lock onto Synchronous Ethernet and distribute the frequency to the entire chassis. Supported features include:

    • Clock monitoring, filtering, and holdover

    • Hitless transition from a distributed to a centralized clocking mode

    • Distribution of the selected chassis clock source to downstream network elements by using supported line interfaces

    You can view the centralized clock module information by using the show chassis synchronization clock-module command.

    Note

    The MX2008 supports Precision Time Protocol (PTP) in distributed mode.

    Junos OS support for FRU management of MX2008 routers—In Junos OS Release 15.1F7 and 17.2R1, Junos OS supports the MX2008 router (model number: CHAS-MX2008). The Junos OS chassis management software for the MX2008 routers provides enhanced environmental monitoring and field-replaceable unit (FRU) control.

    The MX2008 host subsystem consists of two Routing and Control Boards, or RCBs (model number REMX2008-X8-64G). The RCB is an integrated board and a single FRU that provides Routing Engine and Control Board functionality and supports virtualization. The router contains 8 SFBs (fabric cards, model number: MX2008-SFB2) that provides 7+1 redundancy. The router supports a maximum of 10 MPCs including adapter cards, and up to 20 MICS—a maximum of two MICs can be installed in each MPC.

    The chassis contains nine power supply modules (PSMs) and two power distribution modules (PDMs) for the power feeds. Each PSM delivers 2500 W of power, and provides 8+1 redundancy. The two PDMs provide feed redundancy, with each PDM connected to primary and backup feeds separately.

    The MX2008 cooling system contains two fan trays, with six fans in each. The fan trays can be installed at or removed from the back of the chassis, which allows the space in the front to be used for cable management. The MX2008 supports temperature thresholds for each temperature sensor, which enables the router to precisely control the cooling, raise alarms, and shut down a FRU.

    [See Junos OS for MX Series 5G Universal Routing Platforms.]

  • Limited encryption Junos OS image and boot restriction (MX Series)—Starting with Junos OS Release 17.2R1, the MX240, MX480, MX960, MX2010, and MX2020 routers with the Routing Engines RE-S-X6-64G-LT and RE-MX2K-X8-64G-LT support only Junos Limited image. The Junos Limited image does not have data plane encryption and is intended only for countries in the Eurasian Customs Union because these countries have import restrictions on software containing data plane encryption. Unlike the Junos Worldwide image, the Junos Limited image supports control plane encryption through Secure Shell (SSH) and Secure Sockets Layer (SSL), thus allowing secure management of the system. The Routing Engines are restricted to boot only the Junos Limited image.

  • Enhancement to ambient-temperature statement (MX Series)—In Junos OS Release 15.1F4 and later, the default ambient temperature is set at 40° C on MX480, MX960, MX2010, and MX2020 Universal Routing Platforms. You can override ambient temperature by setting the temperature at 55° C or 25° C.

    When a router restarts, the system adjusts the power allocation or the provisioned power for the line cards on the basis of the configured ambient temperature. If enough power is not available, a minor chassis alarm is raised. However, the chassis continues to run with the configured ambient temperature. You can configure a new higher ambient temperature only after you make more power available by adding new power supply modules or by taking a few line cards offline. By using the provisioned power that is saved by configuring a lower ambient temperature, you can bring more hardware components online.

  • Reordering of MAC addresses after a Routing Engine switchover—In Junos OS Release 14.2 and later, if you configure multiple aggregated Ethernet interfaces, the MAC address of the aggregated Ethernet interfaces displayed in the show interfaces ae number command output might get reordered after a Routing Engine switchover or restart.

    As a workaround, you can configure static MAC addresses for aggregated Ethernet interfaces. Any external dependency, such as filtering of the MAC addresses that are assigned before the reboot, becomes invalid if the MAC address changes.

Layer 2 VPN

  • Support for FEC128 and FEC129 in the same routing instance (MX Series)—Starting in Release 17.2R1, Junos OS supports the configuration of forwarding equivalency class (FEC) 128 mesh groups in a FEC 129 VPN instance. You can configure a FEC 129 VPLS instance to support both BGP autodiscovery as defined in FEC 129 as well as statically configured Label Distribution Protocol (LDP) neighbors as defined by FEC 128. This allows a router to use a common MAC table to forward traffic between a FEC 128 LDP VPLS domain and a FEC 129 domain.

    [See show vpls connections (with FEC128 and FEC129 in the same routing-instance).]

Management

  • Support for fabric statistics sensor for Junos Telemetry Interface (MX Series)—Starting with Junos OS Release 17.2R1, you can export fabric statistics through the Junos Telemetry Interface. The types of fabric statistics you can export include those for Packet Forwarding Engine pairs, Flexible PIC Concentrators, and Control Boards and Switch Fabric Boards. To enable a sensor to export fabric statistics include the resource /junos/system/linecard/fabric/ statement at the [edit services analytics sensor sensor-name] hierarchy level. Only UDP streaming is supported. gRPC streaming is not supported.

    [See Configuring a Junos Telemetry interface Sensor (CLI Procedure).]

  • Support for LSP events and properties sensor for Junos Telemetry Interface (MX Series)—Starting with Junos OS Release 17.2R1, you can export statistics for LSP events and properties through the Junos Telemetry Interface. Only gRPC streaming for this sensor is supported. You can export statistics for ingress point-to-point LSPs, point-to-multipoint LSPs, bypass LSPs, and dynamically created LSPs. To export data through gRPC, use the /mpls/lsps/ or /mpls/signal-protocols/ set of OpenConfig subscription paths. Use the telemetrySubscribe RPC to specify telemetry parameters and provision the sensor. If your device is running a version of the Junos OS with an upgraded FreeBSD kernel, you must download the Junos Network Agent software package, which provides the interfaces to manage gRPC subscriptions. Streaming telemetry data through gRPC also requires you to download the OpenConfig for Junos OS module and YANG models.

    [See Guidelines for gRPC Sensors.]

  • Support for gRPC streaming for Junos Telemetry Interface firewall filter statistics (MX Series)—Starting with Junos OS Release 17.2R1, you can use gRPC interfaces to provision sensors to subscribe to and receive firewall filter telemetry data. Hierarchical policer statistics are also collected. Use the /junos/firewall/firewall-stats/ path to provision a sensor for firewall filter statistics. If your Juniper Networks device is running a version of Junos OS with the upgraded FreeBSD kernel, you must download the Junos Network Agent package, which provides the interfaces to manage gRPC subscriptions. Streaming telemetry data through gRPC also requires you to download the OpenConfig for Junos OS module and YANG models. OpenConfig paths are used to define telemetry parameters for data streamed through gRPC. This functionality was previously introduced in Junos OS Release 16.1R4.

    [See Guidelines for gRPC Sensors.]

  • Support for queue statistics for logical interface sensors for Junos Telemetry Interface (MX Series)—Starting with Junos OS Release 17.2R1, logical interface sensors also collect egress and ingress queue statistics. Both UDP and gRPC streaming are supported. Queue statistics, including for per-unit queuing and hierarchical queuing, are exported when a queuing structure is configured on a logical interface. To provision a logical interfaces statistics sensor for UDP streaming, include the resource /junos/system/linecard/interface/logical/usage/ statement at the [edit services analytics sensor sensor-name] hierarchy level. To provision a sensor for gRPC streaming, include the following resource /interfaces/interface[name='interface-name']/subinterfaces/ in the subscription path. Use the telemetrySubscribe RPC to define telemetry parameters for gRPC streaming. If your Juniper Networks device is running a version of Junos OS with the upgraded FreeBSD kernel, you must download the Junos Network Agent package, which provides the interfaces to manage gRPC subscriptions.

    [See Overview of the Junos Telemetry Interface.]

  • Support for routing protocol processes task memory utilization sensor for Junos Telemetry Interface (MX Series)—Starting with Junos OS Release 17.2R1, you can stream telemetry data through gRPC for routing protocol process (rpd) task memory usage. Include the /junos/task-memory-information/ path to provision a sensor to stream data through gRPC. UDP streaming for this sensor is not supported. If your Juniper Networks device is running a version of Junos OS with the upgraded FreeBSD kernel, you must download the Junos Network Agent package, which provides the interfaces to manage gRPC subscriptions. Streaming telemetry data through gRPC also requires you to download the OpenConfig for Junos OS module and YANG models. OpenConfig paths are used to define telemetry parameters for data streamed through gRPC. This functionality was previously introduced in Junos OS Release 16.1R3.

    [See Guidelines for gRPC Sensors.]

  • Support for LSP statistics for Junos Telemetry Interface (MX Series)—Starting with Junos OS Release 17.2R1, you can stream telemetry data for LSPs through UDP and gRPC. To provision an LSP statistics sensor for UDP streaming, include the resource /junos/services/label-switched-path/usage/ statement at the [edit services analytics sensor sensor-name] hierarchy level. Use the mpls/lsps/constrained-path/tunnels/tunnel/ path to provision a sensor for streaming LSP statistics through gRPC. If your Juniper Networks device is running a version of Junos OS with the upgraded FreeBSD kernel, you must download the Junos Network Agent package, which provides the interfaces to manage gRPC subscriptions. For both UDP and gRPC streaming, you must also configure the sensor-based-stats statement at the [edit protocols mpls] hierarchy level. Additionally, MX Series routers should operate in enhanced mode. Support for the LSP statistics sensor was previously introduced in Junos OS Release 15.1F6 and Junos OS Release 16.1R4.

    [See Overview of the Junos Telemetry Interface.]

  • Support for device family and release in Junos OS YANG modules (MX Series)—Starting in Junos OS Release 17.2R1, Junos OS YANG modules are specific to a device family, and each module’s namespace includes the module name, device family, and Junos OS release string. Furthermore, each juniper-command module uses its own unique module name as the module’s prefix. Device families include junos, junos-es, junos-ex, and junos-qfx.

    [See Understanding Junos OS YANG Modules.]

MPLS

  • Support for MPLS label types with scale optimization (MX Series)—Starting in Junos OS Release 17.2R1, you can configure the enhanced-ip command, which is supported on platforms using Modular Port Concentrators (MPCs) equipped with Junos Trio chipsets. You can separate the MPLS labels used for different label spaces which provides more flexibility and scalability. The table space in vrf-table-label is also increased to at least 16,000, if the platform can support the scale.

    For Junos OS Release 17.1 and earlier, MPLS label space was divided into various predefined segments, under label-space command, which served different purposes or applications. Due to various restrictions imposed by older platforms with limited capability, the segment allocation was platform dependent and fixed label space.

  • SPRING-TE support in PCEP implementation (MX Series)—Starting in Junos OS Release 17.2R1, the traffic engineering (TE) capabilities of Source Packet Routing in Networking (SPRING) are supported in Path Computation Element Protocol (PCEP) sessions for the label-switched paths (LSPs) initiated by a Path Computation Element (PCE). Tunnel routes are created in the inet.3 routing table of the Path Computation Client (PCC) corresponding to the SPRING-TE LSPs. Similar to any other tunnel route, the SPRING-TE tunnel routes can be used for resolving indirect next hops for plain IP and service traffic.

    To configure SPRING-TE for PCEP:

    • Enable external path computing for MPLS and SPRING-TE at the [edit protocols] hierarchy level.

    • Enable spring capability for the PCE at the [edit protocols pcep pce pce] hierarchy level.

    [See Support of SPRING-TE for the Path Computation Element Protocol Overview.]

  • Support for empty and loose EROs for PCE-controlled LSPs (MX Series)—Starting in Junos OS Release 17.2R1, for PCE-initiated and PCC-delegated label-switched paths (LSPs), two Constrained Shortest Path First computation types are introduced for computing constrained paths locally and externally. With this, a Path Computation Client (PCC) can accept an LSP path, or Explicit Route Object (ERO), that includes loose next hops (loose ERO) or does not include a path at all (empty ERO), in addition to strict EROs.

    With this enhancement, the existing Junos OS constrained path computation behavior and performance are leveraged, along with the other benefits of external path computing.

    [See PCE-Controlled LSP ERO.]

  • IPv6 support for static egress LSPs (MX Series)—Starting in Junos OS Release 17.2R1, static LSPs on the egress router can be configured with IPv6 as the next-hop address for forwarding IPv6 traffic. Previously, only IPv4 static LSPs were supported. The IPv6 static LSPs share the same transit, bypass, and static LSP features of IPv4 static LSPs.

    A commit failure occurs when the next-hop address and destination address of the static LSP do not belong to the same address family (IPv4 or IPv6).

    [See next-hop (Protocols MPLS) and resolution.]

  • Scaling optimization of pseudowire service logical interfaces (MX Series)—Starting in Junos OS Release 17.2R1, the scaling limit for pseudowire service logical interface is increased from 256 to 2000 per Modular Port Concentrator (MPC) and from 2000 to 7000 per device. MX Series routers with Junos Trio based line cards help to imitate and leverage functionality of an Ethernet interface.

    Note
    • Pseudowire service logical interface is supported by MPC with Junos Trio chipset only.

    • A commit check is performed when you issue the commit command at configuration mode. Commit check fails when the scaling limit exceeds the value of 2000 per Flexible PIC Concentrator (FPC) and 7000 per device.

Network Management and Monitoring

  • MIB enhancement for jnxPPPoESubIfTable and jnxSubscriberTable tables (MX Series)—Starting in Junos OS Release 17.2R1, you can correlate information between the jnxPPPoESubIfTable and jnxSubscriberTable tables. Prior to Junos OS Release 17.2R1, you could not correlate information between the two tables because they are indexed differently. Now, the jnxPPPoESubIfTable can provide a subscriber session ID, which corresponds to each PPPoE session. This ID can be used to correlate information in the jnxSubscriberTable. Additionally, the physical interface and underlying interface names for a subscriber session are now available in the jnxSubscriberTable.

  • New indicators for the jnxLEDState MIB (MX960, MX2020, and MX2010 routers)—In Junos OS Release 17.2R1, MPC7E, MPC8E, and MPC9E include the following indicators for the jnxLEDState MIB object in the jnxLEDEntry MIB table:

    • off—Offline, not running

    • blinkingGreen—Entering state of ok, good, normally working

  • Support for kernel features on MPC7E, MPC8E, and MPC9E line cards (MX Series)—In Junos OS Release 17.2R1, MPC7E, MPC8E, and MPC9E support the following features:

    • Addressing the IPv6 NDP DoS issue —You can address the IPv6 Neighbor Discovery Protocol (NDP) denial-of-service (DoS) issue at the Routing Engine by using NDP inspection or protection to prioritize NDP activities on the Routing Engine.

    • Maximum period for autogeneration of keepalives by the kernel using precision timer feature—Precision timers in the kernel automatically generate keepalives on behalf of BGP for a specified maximum period of time after a switchover event from standby to master.

    • IPv6 support for traceroute with AS number lookup—IPv6 is supported for traceroute with the as-number-lookup option. Traceroute is an application used to display a list of routers between the device and a specified destination host.

    • Targeted aggregated Ethernet distribution—You can direct traffic through specified links of a logical interface of an aggregate Ethernet bundle that is configured without link protection. By configuring targeted aggregated Ethernet distribution, you can create distribution lists consisting of specific child member links.

    • Reduction in the number of IPCs between master agent and subagent- The SNMP GetBulk requests are converted to AgentX GetNext for the repetitions specified in the request. This might result in several inter-process communication (IPCs) between the master agent snmpd and subagent AgentX in proportion to the number of max-repetitions specified in the GetBulk request. The number of IPCs between the master agent and subagent can be reduced by translating GetBulk requests with a high max-repetitions count to a single request between the master agent snmp and the subagent AgentX.

    • l3-level liveness detection mechanism for child links of ethernet LAG interface.

    • Match-string functionality for efficient syslog message filtering.

  • Support for features on MPC7E, MPC8E, and MPC9E line cards (MX Series)—In Junos OS Release 17.2R1, MPC7E, MPC8E, and MPC9E support the following features:

    • LDP in an IPv6 network only, and in an IPv6 or IPv4 dual-stack network.

    • The IS-IS protocol can restrict flooding of LSAs to control sharing of routes between multiple level-2 metro ring networks.

    • For routers operating in enhanced IP Network Services mode, you can configure a threshold that triggers fast failover in next-generation MVPNs with hot-root standby on the basis of aggregate flow rate.

    • Control word feature for LDP VPLS and FEC 129 VPLS.

    • You can specify route prefix priority of high or low through the existing import policy in protocols. Through priority, you can control the order in which the routes get updated from LDP/OSPF to RPD, and RPD to kernel.

    • RSVP with traffic engineering (RSVP-TE) protocol extensions for fast reroute (FRR) facility protection to allow greater scalability of LSPs and faster convergence times.

    • The Junos OS implementation of MPLS RSVP-TE is scaled to enhance the usability, visibility, configuration, and troubleshooting of label-switched paths (LSPs).

    • Tables and objects defined in RFC 5132, IP Multicast MIB, except the ipMcastZoneTable table.

    • Agent Capabilities MIB provides information about the implementation characteristics of an Agent subsystem in a network management system.

    • You can prioritize BGP route updates by using output queues.

    • Flow-aware transport (FAT) label for BGP-signaled pseudowires such as Layer 2 VPN and VPLS.

    • The NLRI format available for BGP VPN multicast is changing from the existing format of SAFI 128 to SAFI 129 as defined in RFC 6514.

    • You can use the import-labeled-routes statement at the [edit routing-instances routing-instance-name protocols vpls] hierarchy level to specify one or more nondefault routing instances where you want MPLS pseudowire labeled routes to be leaked from the mpls.0 path routing table in the master routing instance.

    • You can configure BGP-ORR with IS-IS as the interior gateway protocol (IGP) on a route reflector to advertise the best path to the BGP-ORR client groups by using the shortest IGP metric from a client's perspective, instead of the route reflector's view.

  • RPM timestamping extension on MPC7E, MPC8E, and MPC9E line cards (MX Series)—In Junos OS Release 17.2R1, MPC7E, MPC8E, and MPC9E support timestamping of RPM probes in the Packet Forwarding Engine host processer. You can enable this feature by including the hardware-timestamp statement at the [edit services rpm probe probe-name test test-name] hierarchy level.

    [See hardware-timestamp.]

    Support for RPM probes with IPv6 sources and destinations on MPC7E, MPC8E, and MPC9E line cards (MX Series)—In Junos OS Release 17.2R1, the RPM client router (the router or switch that originates the RPM probes) can send probe packets to the RPM probe server (the device that receives the RPM probes) that contains an IPv6 address. To specify the destination IPv6 address used for the probes, include the target (url ipv6-url | address ipv6-address) statement at the [edit services rpm probe owner test test-name] hierarchy level. You can also define the RPM client or the source that sends RPM probes to contain an IPv6 address. To specify the IPv6 protocol-related settings and the source IPv6 address of the client from which the RPM probes are sent, include the inet6-options source-address ipv6-address statement at the [edit services rpm probe owner test test-name] hierarchy level.

    [See probe-type.]

  • SNMP support for monitoring tunnel statistics (MX Series)—Starting in Junos OS Release 17.2R1, SNMP MIB jnxTunnelStat supports monitoring of tunnel statistics for IPV4 over IPV6 tunnels. This is a new enterprise-specific MIB, Tunnel Stats MIB, that currently displays three counters: tunnel count in rpd, tunnel count in Kernel, and tunnel count in the Packet Forwarding Engine. This MIB can be extended to support other tunnel statistics. The MIB is defined in jnx-tunnel-stats.txt. This MIB is attached to jnxMibs.

Operation, Administration, and Maintenance (OAM)

  • Support for Ethernet OAM features on MPC7E, MPC8E, and MPC9E (MX Series)---Starting in Release 17.2R1, Junos OS supports the following Ethernet OAM features on MPC7E, MPC8E, and MPC9E:

    • IEEE 802.3ah standard for OAM

    • IEEE 802.1ag standard for OAM

    • Technical Specification MEF-36-compliant performance monitoring

    • Configuration of multiple maintenance endpoints (MEPs) for a single combination of maintenance association and maintenance domain IDs for interfaces belonging to a particular VPLS service or bridge domain.

  • Enhanced scale support for MIPs and MEPs per chassis (MX Series routers with MPCs)—Starting in Junos OS Release 17.2R1, Junos OS supports 32000 maintenance intermediate points (MIPs) and maintenance association end points (MEPs) each per chassis for bridge domain and VPLS domain interfaces. Increasing the number of MIPs and MEPs per chassis for specific domains enables effective Ethernet OAM deployment in scaling networks. To increase the number of MIPs and MEPs supported per chassis, enable enhanced connectivity fault management (CFM) by using the enhanced-cfm-mode command. To support enhanced CFM, configure the network services mode on the router as enhanced-ip. If you do not configure the network services mode, then Junos OS supports only 8000 MIPs and MEPs each per chassis.

Routing Policy and Firewall Filters

  • Support for Packet Forwarding Engine features on MPC7E, MPC8E, and MPC9E line cards (MX Series)—In Junos OS Release 16.1R4 and 17.2R1, MPC7E, MPC8E, and MPC9E support the following features:

    • Protection against label spoofing or errant label injection across ASBRs—You can use regular BGP implicit and explicit export policies to restrict VPN ASBR peer route advertisement to a given routing instance.

    • Policer overhead adjustment at the interface level—The policer overhead adjustment for ingress and egress policers is defined on a per IFL/direction granularity in order to address MEF CE 2.0 requirements to the bandwidth profile.

    • Configuration support to improve MC-LAG Layer 2 and Layer 3 convergence—You can configure multichassis link aggregation (MC-LAG) interfaces to improve Layer 2 and Layer 3 convergence time to subsecond values when a multichassis aggregated Ethernet link goes down or comes up in a bridge domain.

    • Support for packet-marking schemes on a per-customer basis—A packet-marking scheme, called policy map, enables you to define rewrite rules on a per-customer basis.

    • MPLS encapsulated payload load-balancing—Configure the zero-control-word option to indicate the start of an Ethernet frame in an MPLS Ethernet pseudowire payload.

    • Latency fairness optimized multicast—You can reduce latency in the multicast packet delivery by optimizing multicast packets sent to the Packet Forwarding Engines.

Routing Protocols

  • Support for BGP link-state distribution with SPRING extensions (MX Series)—Starting in Junos OS Release 17.2R1, BGP link-state extensions export source packet routing in networking (SPRING) topology information to software-defined networking controllers. Controllers can get the topology information by either being a part of an interior gateway protocol (IGP) domain or through BGP link-state distribution. BGP link-state distribution is supported on inter-domain networks and provides a scalable mechanism to export the topology information. This feature benefits networks that are moving to SPRING but also have RSVP deployed, and continue to use both SPRING and RSVP in their networks.

    [See Link-State Distribution Using BGP Overview.]

  • Support for SRGB in SPRING for IS-IS (MX Series in enhanced IP Mode)—Starting with Junos OS Release 17.2R1, you can configure the segment routing global block (SRGB) range label used by source packet routing in networking (SPRING). Currently Junos OS allows you to configure only node segment indices. The value of the start label depends on the dynamic label available in the system. The labels from this SRGB range are used for SPRING in the IS-IS domain. The labels advertised are more predictable and deterministic across the segment routing domain.

    • To configure the starting index value of the SRGB label block, use the start-label start-label-block-value statement at the [edit protocols isis source-packet-routing srgb] hierarchy level.

    • To configure the index range of the SRGB label block, use the index-range value statement at the [edit protocols isis source-packet-routing srgb] hierarchy level.

    [See source-packet-routing]

  • Support for anycast and prefix segments in SPRING for IS-IS protocols (MX Series)—Starting in Junos OS Release 17.2R1, there is support for anycast segment identifiers (SIDs) and prefix SIDs in source packet routing in networking (SPRING). Currently there is support for node segments in Junos OS supports node segments for IPv4 and IPv6 when they are explicitly configured under the [edit protocols isis source-packet-routing node-segments] hierarchy. Now you can provision prefix SIDs along with node SIDs to prefixes that are advertised in IS-IS protocols through policy configuration. Anycast SID is a prefix segment that identifies a set of routers. You can configure explicit-NULL flag on all prefix SID advertisements and configure shortcut for SPRING routes using family inet-mpls or family inet6-mpls .

    [See Support for SRGB, Anycast, and Prefix Segments in SPRING for IS-IS Protocol]

  • FIB scaling and performance enhancements (MX Series)—Starting in Junos OS Release 17.2R1, the Packet Forwarding Engine is enhanced to scale and support a higher number of routes in the forwarding information base (FIB), also known as forwarding table. However, during graceful Routing Engine switchover (GRES), when there are ten million IPv4 routes in the forwarding table, there is traffic loss. This traffic loss is not seen when a routing protocol process (rpd) runs in warm standby mode. We currently do not support unified ISSU and NSR at this scale.

  • Support for unique AS path count (MX Series)—Starting with Junos OS Release 17.2R1, you can configure a routing policy to determine the number of unique autonomous systems (ASs) present in the AS path. The unique AS path count helps determine whether a given AS is present in the AS path multiple times, typically as prepended ASs. In earlier Junos releases it was not possible to implement this counting behavior using the as-path regular expression policy. This feature permits the user to configure a policy based on the number of AS hops between the route originator and receiver. This feature ignores ASs in the as-path that are confederation ASs, such as confed_seq and confed_set.

    To configure AS path count, include the as-path-unique-count count (equal | orhigher | orlower) configuration statement at the [edit policy-options policy-statement policy_name from] hierarchy level.

  • TCP IP network stack parallelization for virtual Route Reflector devices—Starting in Junos OS Release 17.2R1, you can enable TCP IP network stack parallelization on virtual Route Reflector (vRR) devices by using the set system enable network-stack parallel-mode command. Network stack parallelization can help increase performance for TCP protocol users, depending on application behavior.

    [See Understanding Virtual Route Reflector.]

  • Optimization of rpd resolver module (MX Series)—Starting in Junos OS Release 17.2R1, the resolver module of the routing protocol process (rpd) is optimized to increase the throughput of inbound processing flow, accelerating the learning rate of the routing information base (RIB) and the forwarding information base (FIB), also known as routing table and forwarding table, respectively.

    This enhancement makes the rpd CPU-efficient, and benefits networks with high scale internal BGP (IBGP) routes in the inet.0 and inet6.0 routing tables, internal BGP multipath routes, high RSVP equal-cost multipath routes, and virtual route reflector deployments where a forwarding state is not built.

    [See BGP Route Resolution Overview.]

Services Applications

  • Inline video monitoring for IPv4-over-MPLS flows (MX Series)—Starting in Junos OS Release 17.2R1, MX Series routers support the inline video monitoring of IPv4-over-MPLS flows to measure media delivery index (MDI) metrics. MDI information enables you to identify devices that are causing excessive jitter or packet loss for streaming video applications.

    [See Configuring Inline Video Monitoring].

  • Configurable interval and threshold values for IKEv2 dead peer detection (MX Series with MS-MPCs and MS-MICs)—Starting in Junos OS Release 17.2R1, you can set the dead peer detection (DPD) interval and threshold options in IPsec rules for IKEv2 security associations. The interval is the amount of time that the peer waits for traffic from its destination peer before sending a DPD request packet, and the threshold is the maximum number of unsuccessful DPD requests to be sent before the peer is considered unavailable.

    [See Configuring IPsec Rules.]

  • Introducing the Junos OS URL filtering feature (MX Series)—Starting in Junos OS Release 17.2R1, you can use URL filtering to filter which Web content is accessible to users based on a set of criteria or template. Blacklisted URLs are maintained in a URL database file. These URLs are resolved by the URL filtering process (url-filterd) on the Routing Engine to a list of IP addresses that are downloaded to the URL Filter Plugin (jservices-urlf), which is added to the Multiservices PIC management process (mspmand) running on the service PIC.

  • Support for inline 6rd and 6to4 (MX2020)—Starting in Junos OS Release 17.2R1, you can also configure inline IPv6 rapid deployment (6rd) or IPv6 to IPv4 (6to4) on an MX2020 router on MPC7Es, MPC8Es, and MPC9Es. You can use the inline capability to avoid the cost of using services PICs for required tunneling, encapsulation, and de-encapsulation processes. Anycast is supported for 6to4 using next-hop service interfaces. Hairpinning is also supported for traffic between 6rd domains.

    [See Configuring Inline 6rd, show services inline softwire statistics, and clear services inline softwire statistics.]

  • Support for Junos Traffic Vision for multiple flow collectors for inline flow monitoring on MX Series routers—Starting in Junos OS Release 17.2R1, you can export flow records generated by inline flow monitoring to four collectors under a family with the same source IP address. The Packet Forwarding Engine can export the flow record, flow record template, option data, and, option data template packet to all configured collectors. You can configure the multiple collectors at the [edit forwarding-options sampling instance instance name] hierarchy level.

    Note

    You cannot change the source IP address for collectors under the same family. Also, the template mapped across collectors under a family should be same.

    [See Inline Sampling Overview]

  • Support for H.323 gatekeeper mode for NAT64 on MS-MPC and MS-MIC (MX Series routers)—Starting in Junos OS Release 17.2R1, H.323 gatekeeper mode is supported in NAT-64 rules in addition to NAPT-44 rules and IPv4 and IPv6 stateful firewall rules. H.323 is a legacy VoIP protocol.

    [See ALG Descriptions.]

  • IPsec cleanup when local gateway address, MS-MPC, or MS-MIC goes down (MX Series router)—Starting in Junos OS Release 17.2R1, you can enable an IPsec tunnel’s service set to stop sending IKE triggers when the tunnel’s local gateway IP address goes down or the MS-MIC or MS-MPC being used in the tunnel’s service set goes down. In addition, when the local gateway IP address goes down, the IKE and IPsec security associations (SAs) are cleared for next-hop service sets, and go to the Not Installed state for interface-style service sets. The SAs that have the Not Installed state are deleted when the local gateway IP address comes back up.

    [See Configuring IPsec Service Sets.]

  • Support for AMS warm standby on MS-MPC and MS-MIC (MX Series routers)—Starting in Junos OS Release 17.2R1, you can use the same services interface as the backup in multiple aggregated multiservices (AMS) interfaces, resulting in an N:1 warm standby option for MS-MPCs and MS-MICs. Each warm standby AMS interface contains two members. One member is the service interface you want to protect, called the primary interface, and the other member is the secondary (backup) interface. You can use the same secondary member interface in multiple warm standby AMS interfaces.

    [See Configuring Warm Standby for Services Interfaces.]

  • Vendor-specific logging and reporting function templates—Starting in Junos OS Release 17.2R1, you see a warning message when committing the configuration of a vendor-specific template for the logging and reporting function (LRF) if you do not identify the vendor with the vendor-support statement at the [edit services lrf profile profile-name] hierarchy level. For Junos OS Release 17.2R1, this restriction only applies to an IBM-specific template.

    [See Configuring an LRF Profile for Subscribers.]

  • Exchanging data more efficiently using TCP Fast Open (MX Series)—Starting in Junos OS Release 17.2, there is an update to TCP, TCP Fast Open (TFO), that significantly improves overall network latency for short Web transfers. The key component of TFO is the TFO cookie, which is a Message Authentication Code (MAC) tag generated by the server. The client requests a TFO cookie in one regular TCP connection, and then uses it for future TCP connections to exchange data during, instead of after, the three-way handshake, saving up to one full round-trip time (RTT) over standard TCP. TFO support is for MS-MPC and MS-MIC.

  • FlowTapLite support for circuit cross connect traffic (MX Series routers)—Starting in Junos OS Release 17.2R1, FlowTapLite sampling of circuit cross connect (CCC) traffic is supported. FlowTapLite is a lighter version of Junos Packet Vision, which lets you capture packet flows on the basis of dynamic filtering criteria. While Junos Packet Vision requires a services PIC, FlowTapLite functionality resides in the Packet Forwarding Engine.

    [See Configuring FlowTapLite.]

Software-Defined Networking (SDN)

  • BFD in a VMware NSX Environment with OVSDB and VXLAN (MX Series)—Within a Virtual Extensible LAN (VXLAN) managed by the Open vSwitch Database (OVSDB) protocol, by default, Layer 2 broadcast, unknown unicast, and multicast (BUM) traffic is replicated and forwarded by one or more software virtual tunnel endpoints (VTEPs) or service nodes in the same VXLAN. (The software VTEPs and service nodes are collectively referred to as replicators.)

    Starting in Junos OS Release 17.2R1, a Juniper Networks switch or Virtual Chassis that functions as a hardware VTEP in a VMware NSX environment uses the Bidirectional Forwarding Detection (BFD) protocol to prevent the forwarding of BUM packets to a non-functional replicator.

    This feature is supported on MX Series routers and enables them to be provisioned in the following ways:

    • MX Series router acting as DCI and Layer 2 gateway to translate VLAN traffic coming from an EVPN (a remote data center) to VXLAN traffic

    • MX Series router acting as DCI to connect different OVSDB domains through EVPN

    • MX Series router acting as a layer 3 gateway to route between an VXLAN domain

    By exchanging BFD control messages with replicators at regular intervals, the hardware VTEP can monitor the replicators to ensure that they are functioning and are, therefore, reachable. Upon receipt of a BUM packet on an OVSDB-managed interface, the hardware VTEP can choose one of the functioning replicators to handle the packet.

    Feature Explorer family: Software Defined Networking (SDN)

  • Support for Junos node slicing—Starting in Junos OS Release 17.2R1, Junos node slicing is supported. Junos node slicing allows a single MX Series router to be partitioned to appear as multiple, independent routers. Each partition has its own Junos OS control plane, which runs as a virtual machine (VM), and a dedicated set of line cards. Each partition is called a guest network function (GNF).

    The MX Series router functions as the base system (BSYS). The BSYS owns all the physical components of the router, including the line cards and the switching fabric. The BSYS assigns line cards to GNFs.

    The Juniper Device Manager (JDM) software orchestrates GNF VMs.

    In JDM, a GNF VM is referred to as a virtual network function (VNF).

    A GNF thus comprises a VNF and a set of line cards.

    JDM and VNFs are hosted on a pair of external industry standard x86 servers.

    To set up Junos node slicing, you need an MX960 or MX2020 router and two x86 servers. The server host operating system must be Red Hat Enterprise Linux 7.2 or Ubuntu 16.04 LTS.

Subscriber Management and Services

  • PIM support for enhanced subscriber management (MX Series)—Starting in Junos OS Release 17.2R1, MX Series routers support the Protocol Independent Multicast (PIM) protocol for enhanced subscriber management. You can use the protocols pim command at the [edit dynamic-profiles profile-name] hierarchy level to enable PIM for subscribers within the specified profile. To selectively disable PIM for an individual subscriber, use the PIM-enable RADIUS vendor-specific attribute and set the integer value to 0.

    The routing-services and protocols pim commands under the [edit dynamic-profiles profile-name] hierarchy level are mutually exclusive and should not be configured together in the same client dynamic profile.

    [See PIM Overview.]

  • DHCPv6 support for MAC address in usernames (MX Series)—Starting in Junos OS Release 17.2R1, you can configure the client MAC address to be included in the client username for authentication for both the DHCPv6 local server and the DHCPv6 relay agent. In earlier releases, the MAC address is supported only for DHCPv4 client usernames.

    [See Creating Unique Usernames for DHCP Clients.]

  • Support for mapping VLAN session termination cause (MX Series)—Starting in Junos OS Release 17.2R1, new internal identifiers indicate the reasons that autoconfd initiates termination of individual VLAN out-of-band subscriber sessions. In earlier releases, the termination cause for a VLAN session is always 6 (administrative reset) and cannot be modified.

    The session termination causes map to default code values that are reported in the RADIUS Acct-Terminate-Cause attribute (49) in Acct-Stop messages for the service. You can use the new vlan option with the terminate-code aaa statement at the [edit access] hierarchy level to remap any of the new termination causes to any number in the range 1 through 4,294,967,295.

    You can use the new vlan option with the show network-access aaa terminate-code vlan command to display only the VLAN termination causes and their current code values.

    [See Understanding Session Termination Causes and RADIUS Termination Cause Codes.]

  • Subscriber termination supported in dynamic-bridged GRE tunnels (MX Series)—Starting in Junos OS Release 17.2R1, dynamic-bridged generic routing encapsulation (GRE) tunnels are created and terminated at the broadband network gateway (BNG) to support the MX Series deployed as a Wi-Fi access gateway model. Dynamic Host Configuration Protocol (DHCP) subscribers are transported through GRE tunnels as either VLAN-tagged or untagged. Subscriber services such as authentication, authorization, and accounting (AAA); address assignment; and class of service (CoS) are supported for individual DHCP subscribers within the GRE tunnels.

    [See Wi-Fi Access Gateway Overview.]

  • Support for per-subscriber application-aware policy control (MX Series with MS-MPCs)—Starting in Junos OS Release 17.2R1, the MS-MPC supports per-subscriber application-aware policy control based on Layer 7 application identification information for the IP flow (for example, YouTube) or Layer 3 and Layer 4 information for the IP flow (for example, the source and destination IP address). Subscriber application-aware policy actions can include:

    • Redirecting HTTP traffic to another URL or IP address

    • Steering with a routing instance

    • Setting the forwarding class

    • Setting the maximum bit rate

    • Setting the gating status to blocked or allowed

    • Setting the allowed burst size

    • Logging data for subscriber application-aware data sessions and sending that data in an IP Flow Information Export (IPFIX) format to an external log collector, using UDP-based transport.

    [See Understanding Application-Aware Policy Control for Subscriber Management.]

  • New Junos OS predefined variables (MX Series)—Starting in Junos OS Release 17.2R1, new Juniper Networks predefined variables are available for service sets, service filters, PCEF profiles, and PCC rules in dynamic profiles. These new predefined variables include:

    • $junos-input-ipv6-service-filter

    • $junos-input-ipv6-service-set

    • $junos-input-service-filter

    • $junos-input-service-set

    • $junos-output-ipv6-service-filter

    • $junos-output-ipv6-service-set

    • $junos-output-service-filter

    • $junos-output-service-set

    • $junos-pcef-profile

    • $junos-pcef-rule

    [See Junos OS Predefined Variables.]

  • Reduced time to provision business services with ESSM and increased business services scale (MX Series)—Starting in Junos Release 17.2R1, Enhanced Subscriber Services Manager (ESSM) can both load and commit configurations into an ephemeral configuration database through an operation (op) script. The ephemeral configuration database is an alternate database that provides a configuration layer separate from both the static configuration database and the configuration layers of other client applications. The ephemeral commit model enables devices running Junos OS to simultaneously commit and merge changes from multiple clients and execute the commits with significantly greater throughput than when committing data to the static configuration database.

    Before you commit a configuration, you must validate the op script. Committing to the ephemeral database does not perform a commit check; committing an invalid configuration might result in unexpected behavior.

  • ANCP agent adjustment of downstream data rate and overhead for SDSL, VDSL, and VDSL2 subscriber lines (MX Series)—Starting in Junos OS Release 17.2R1, you can configure the ANCP agent to provide two independent, adjusted values to CoS for downstream subscriber traffic on frame mode DSL types (SDSL, VDSL, and VDSL2), enabling CoS to more accurately adjust the effective shaping rate for the downstream subscriber traffic. You can specify a percentage value that is applied to the actual, unadjusted data rate received in ANCP Port Up messages. You can also specify a number of bytes that is added to or subtracted from the frame overhead for the traffic.

    [See Traffic Rate Reporting and Adjustment by the ANCP Agent.]

  • Extended support for service-accounting, service-filter-hit, and force-premium firewall match conditions and actions (MX Series)—Starting in Junos OS Release 17.2R1, the service-filter-hit firewall match condition and the service-filter-hit, force-premium, service-accounting, and service-accounting-deferred firewall actions are extended to the family any filter on MX Series routers. This means that the filter match conditions and actions can apply to any logical interface independent of protocol. This support is in addition to existing support on the family inet and family inet6 filters. Filter precedence is also supported for family any, which with the service-filter-hit facilitates filter chaining for service filters.

    [See Firewall Filter Terminating and Nonterminating Actions for Protocol-Independent Traffic in Dynamic Service Profiles.]

  • Prevent DHCPv6 and ICMPv6 control packets from affecting idle timeouts (MX Series)—Starting in Junos OS Release 17.2R1, you can use the terminating filter action exclude-accounting to exclude all DHCPv6 and ICMPv6 control traffic from being considered for idle-timeout detection for tunneled subscribers at the LAC.

    Include this term at the [edit firewall family inet6 filter filter-name term term-name then] hierarchy level. Apply the filter in the dynamic profile as an input and output filter.

    In earlier releases, DHCPv6 and ICMPv6 control traffic prevents the idle timeout from ever expiring, leading to incorrect detection of idle periods. When connections are charged based on the time the call is connected, this can result in high call charges.

    [See Firewall Filter Terminating Actions.]

  • Support for parameterized filters for protocol-independent packets (MX Series)—Starting in Junos OS Release 17.2R1, you can use family any for parameterized firewall filters in dynamic service profiles. You can also specify a precedence order for family any filters when they are attached to a dynamic logical interface. Parameterization enables you to create basic or boilerplate filters under a dynamic profile and have specific values for certain attributes provided only when the dynamic session is activated.

    [See Parameterized Filter Nonterminating and Terminating Actions and Modifiers.]

  • Support for inline IP reassembly on an L2TP connection—Starting in Junos OS Release 17.2R1, you can now configure the service interfaces on MX Series routers with MPC7E-MRATE, MPC7E-10G, MPC8E, and MPC9E to support inline IP packet reassembly on a Layer 2 Tunneling Protocol (L2TP) connection. The IP packet is fragmented over an L2TP connection when the packet size exceeds the maximum transmission unit (MTU) defined for the connection. Depending on the direction of the traffic flow, the fragmentation can occur either at the L2TP access concentrator (LAC) or at the L2TP network server (LNS),and reassembly occurs at the peer interface. (In an L2TP connection, a LAC is a peer interface for the LNS and vice versa.)

    You can configure the service interfaces on the LAC or on the LNS to reassemble the fragmented packets inline before they can be further processed on the network. On a router running Junos OS, a service set is used to define the reassembly rules on the service interface. The service set is then assigned to the L2TP service at the [edit services l2tp] hierarchy level to configure IP reassembly for L2TP fragments.

    You can view the reassembly statistics by using the show services inline ip-reassembly statistics <fpc fpc-slot | pfe pfe-slot> command.

    [See IP Packet Fragment Reassembly for L2TP Overview.]

  • Support for converged services for Routing Engine-based captive portal (MX Series)—Starting in Junos OS Release 17.2R1, you can configure converged services at the [edit dynamic-profiles http-redirect-converged] hierarchy level. CPCD rules can also be configured under the dynamic profiles stanza to achieve parameterization of the rules. This mechanism provides additional flexibility to customize the different rules on a per-subscriber basis through service attachment.

    [See Subscriber Management HTTP redirect.]

  • Support for converged services for MS-MPCs and MS-MICs based captive portal (MX Series)—Starting in Junos OS Release 17.2R1, you can configure converged services for MS-MPCs and MS-MICs. You can configure captive portal content delivery (CPCD) profiles for MS-MICs and MS-MPCs by including the service interface ms-fpc/pic/port statement at the [edit service-set service set name captive-portal-content-delivery-profile profile name interface-service] hierarchy level.

    [See Subscriber Management HTTP redirect.]

  • Support for service activation through dynamic profiles at subscriber and underlying interfaces (MX Series)—Starting in Junos OS Release 17.2R1, service activation can now dynamically apply a full range of CoS parameters to subscriber and underlying (for example, SVLAN) interfaces through dynamic profiles. Dynamic profiles support the attachment of classifiers, traffic control profiles, scheduler maps, and rewrite rules at the [dynamic-profiles profile-name class-of-service interfaces interface-name unit logical-unit-number] hierarchy level.

    [See Subscriber Interfaces That Provide Initial CoS Parameters Dynamically Obtained from RADIUS.]

  • Enhanced subscriber management support for external BGP on LNS interfaces (MX Series)—Starting in Junos OS Release 17.2R1, when enhanced subscriber management is enabled and only for LNS subscribers, you can statically provision a subscriber’s client IP address as the BGP neighbor IP address with the existing neighbor statement at the [edit protocols bgp group] hierarchy level. This is the same method supported in legacy subscriber management; however, as for all routing protocols in enhanced subscriber management, you must also configure the existing routing-services statement at the [edit dynamic-profiles profile-name interfaces interface-name unit logical-unit-number] hierarchy level.

    [See neighbor (Protocols BGP) and routing-services (Enhanced Subscriber Management).]

  • Increased business services scale (MX Series)—Starting in Junos Release 17.2R1, Enhanced Subscriber Services Manager (ESSM) can support up to 1000 business services per subscriber PPP session and up to 8000 business services per chassis. All combinations of subscribers and services are supported within those limits; for example, 8 subscribers with 1000 services each, 100 subscribers with 80 services each, and so on.

  • Support for bulk CoA (MX Series)—Starting with Junos OS release 17.2R1, bulk change of authorization CoA is supported for RADIUS-based subscriber services. The two new Radius VSAs introduced are:

    • 26-194 (Bulk-CoA-Transaction-Id)

    • 26-195 (Bulk-CoA-Identifier)

    This functionality enables accumulation of a series of CoA requests (bulk-CoA) and commits all of them together, in bulk, automatically.

    [See AAA Subscriber Access Radius VSA.]

  • Rapid drain mode for DHCP address pools and lease timer enhancements (MX Series)—Starting in Junos OS Release 17.2R1, you can configure the DHCP local server to stop allocating addresses from a local pool and gracefully terminate subscribers that are using addresses from that pool. When a DHCP subscriber attempts to renew the IP address from a pool configured for active drain, the DHCP local server replies with a NAK to the subscriber’s T1 renewal messages, forcing a renegotiation, at which time the server allocates a new IP address from an alternative address pool that is not configured for active drain.

    Also, you can now configure the duration for T1 (renewal) and T2 (rebinding) timers for inet and inet6 in seconds. In earlier releases, you can configure the duration of these timers only as percentages. You must use either seconds or percentages for both T1 and T2 for a given pool and address family; you cannot mix the units.

    [See Configuring DHCP Local Address Pool Rapid Drain and DHCP Lease Timers.]

  • Traffic throughput improvements for MPC5 and MPC6 cards (MX Series)—Starting in Junos OS Release 17.2R1, you can configure the host-prefix-only statement on the underlying demux interface for static or dynamic VLANs to improve datapath performance for DHCPv4 access models. This statement has the following requirements:

    • All the DHCPv4 subscribers using the underlying interface must be brought up using a 32-bit host prefix.

    • You must configure the demux-source inet statement. You must not configure demux-source inet6 or demux-source [inet inet6].

    [See host-prefix-only.]

  • New dynamic variable to create interface sets for a passive optical network (PON) (MX Series)—Starting in Junos OS Release 17.2R1, you can use the predefined variable $junos-pon-id-interface-set-name to extract a portion of the DHCPv4 (Option 82, suboption 2) or DHCPv6 (Option 37) agent remote ID string inserted by the optical line terminal (OLT). The OLT must format the string with a pipe symbol (|) as the delimiter between substrings. The substring consists of the characters following the last delimiter in the agent remote ID string. The contents of the substring are determined by the customer, but can include the name and port of the OLT accessed by the CPE optical network terminal (ONT). After extraction, this substring is used as the name of an interface set and as an identifier to discriminate among individual customer circuits to be aggregated into the interface set.

    [See Extracting an Option 82 or Option 37 Substring to Create an Interface Set.]

  • Changes to reporting the effective shaping rate to the LNS (MX Series)—Starting in Junos OS Release 17.2R1, the methods have changed for deriving the Tx and Rx connect speeds sent by the LAC to the LNS:

    • The actual method is deprecated.

    • The service-profile method is added to derive the value for the Tx speed from the actual CoS rate that is enforced on the L3 node based on the local policy. The upstream (Rx) speed is the value configured in the dynamic service profile with the report-ingress-shaping-rate statement. If this statement is not configured, the Rx speed follows the fallback procedure.

    • The static method, previously deprecated in Junos OS Release 15.1 is undeprecated.

    [See Subscriber Access Line Information Forwarding by the LAC Overview, Transmission of Tx Connect-Speed and Rx Connect-Speeds from LAC to LNS, and Configuring the LAC to Report Access Line Information to the LNS.]

  • Support for passing Framed-Route attributes from a RADIUS server. (MX Series)—Starting in Junos OS Release 17.2, for routers running enhanced subscriber management, tagged subscriber host routes from a RADIUS server can be passively imported to the routing table and thus advertised by BGP. The following attributes are included: tag, metric, and preference. To view the attributes, use the show system subscriber-management route prefix command.

    [See show system subscriber-management route prefix.]

  • MLPPP support for LNS and PPPoE subscribers (MX Series)—Starting in Junos OS Release 17.2, Multilink PPP (MLPPP) support is provided for static and dynamic LNS (L2TP network server) and PPPoE (Point-to-Point Protocol over Ethernet) terminated and tunneled subscribers running on MX Series with access-facing MPC2 slots. The following features are supported:

    • Mixed mode for customers with both MLPPP and single link PPP subscribers

    • Fragmentation-maps for both static and dynamic inline service si interfaces

    • Coexistence support for member-link IFL and the bundle IFL on different lookup engines

    • Link fragmentation and interleaving (LFI) for a single-link bundle

    • Fragment reordering optimization

  • Targeted distribution of subscriber traffic over aggregated Ethernet—Starting in Junos OS Release 17.2R1, for a demux configuration whose underlying interface is an aggregated Ethernet interface, Junos OS provides targeted distribution of subscriber traffic while also allowing subscriber traffic redundancy. This ensures equal distribution of bandwidth and CoS resources among subscribers.

    Service providers can now:

    • Provide DPC and port redundancy for subscriber traffic.

    • Apply per-subscriber hierarchical QoS and firewall filters on subscriber traffic over LAG.

    Note

    The “targeted-distribution” feature needs to be defined on all levels of the profile that require targeted functionality. For example, if you have targeted distribution enabled on dvlan profile and you have dynamic client profile. If targeted distribution is required on dynamic client profile, then you have to enable it.

    To set targeted distribution in the demux logical interfaces configuration, use the targeted-distribution statement at the [edit interfaces demux0 unit logical-unit-number] hierarchy level.

    To schedule an automatic periodic rebalance on an aggregated Ethernet bundle, use the rebalance-periodic start-time <hh:mm> interval <hours> option at the [edit interfaces aenumber aggregated-ether-options targeted-options] hierarchy level.

    To provide module redundancy for demux subscribers on aggregated Ethernet bundles configured with targeted distribution, set the logical-interface-fpc-redundancy option at the [edit interfaces aenumber aggregated-ether-options targeted-options] hierarchy level.

    To configure rebalance subscriber granularity, use the logical-interface-fpc-redundancy rebalance-subscriber-granularity <rebalance-subscriber-granularity> option or logical-interface-chassis-redundancy rebalance-subscriber-granularity <rebalance-subscriber-granularity> option at the [edit interfaces ae<number> aggregated-ether-options targeted-options] hierarchy level.

    To manually rebalance the subscribers on an aggregated Ethernet bundle with targeted distribution enabled, use the request interface rebalance <interface-name> command.

    To display status information about the distribution of subscribers on different links in an aggregated Ethernet bundle, use the show interfaces targeting aex command.

    To view status information about the specified demux interface, use show interfaces demux0.<logical-interface-number> command.

    To set targeted distribution in the VLAN logical interface configuration, use the targeted-distribution statement at the [edit interfaces interface-set <interface-set name> demux0 unit logical-unit-number] hierarchy level.

  • Configurable grace period for unresponsive RADIUS servers (MX Series)—Starting in Junos OS Release 17.2R1, you can use the timeout-grace statement at the [edit access radius-options] hierarchy level to configure a grace period that determines when an unresponsive RADIUS authentication server is marked as down or unreachable. When the server fails to respond to any of the attempts made for an authentication request, it times out, the time is noted, and the grace period begins. If the server is unresponsive for subsequent authentication requests, the grace period is checked each time the server times out. When the check determines that the grace period has expired, the server is marked as down or unreachable.

    In earlier releases, the grace period is 10 seconds and is not configurable.

    [See Configuring a Timeout Grace Period to Specify When RADIUS Servers Are Considered Down or Unreachable.]

  • ANCP agent adjustment of cell overhead for ADSL, ADSL2, and ADSL2+ subscriber lines (MX Series)—Starting in Junos OS Release 17.2R1, you can configure the ANCP agent to adjust the value it reports to CoS for downstream subscriber traffic on cell-mode DSL types (ADSL, ADSL2, and ADSL2+). The adjusted values enable CoS to more accurately adjust the effective shaping rate for the downstream subscriber traffic.

    Use the following statements to specify number of bytes that are added to or subtracted from the cell overhead for the traffic: adsl-bytes, adsl2-bytes, or adsl2-plus-bytes. Use the show ancp cos command to view the adjustment configuration and the last updated values sent to CoS. The show class-of-service interface interface-name command displays the adjusted overhead values CoS has received from the ANCP agent.

    [See Configuring the ANCP Agent to Report Traffic Rates to CoS.]

Virtual Chassis

  • VCP link hashing enhancements(MX Series)—Starting in Junos OS Release 17.2R1, you can use Virtual Chasiss port (VCP) link hashing more effectively. All links are equally utilized no matter how many VCP links are configured. This results in better load balancing and better utilization of VCP links under heavy traffic.

    [See Guidelines for Configuring Virtual Chassis Ports.]

  • Support for MX Series Virtual Chassis environment (MX Series Routers)—Starting with Junos OS Release 17.2R1, MX240, MX480, and MX960 routers with the Routing Engine RE-S-X6-64G support the MX Series Virtual Chassis environment.

Changes in Behavior and Syntax

This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands from Junos OS Release 17.2R3 for MX Series.

Class of Service (CoS)

  • Support for 48 classifiers per family (MX Series)—Starting with Junos OS Release 17.2R2, you can configure up to 48 classifiers per family at the [edit class-of-service classifiers] hierarchy level. In earlier releases, you could only configure up to 32 classifiers per family.

    [See CoS Features and Limitations on MX Series Routers.]

EVPNs

  • EVPN E-Tree extended community—Starting in Junos OS Releases 16.1R5, 17.1R2, 17.2R1 and later releases, the E-Tree leaf indication bit and leaf label in the EVPN E-Tree extended community follows the guidelines defined in the E-TREE Support in EVPN & PBB-EVPN IET IETF draft. A mixed network environment with routers running versions of Junos OS without this fix and routers with this fix would encounter unexpected forwarding behavior. Previous versions of Junos OS have the incorrect label indication bit and leaf label encoding. Previous versions of Junos OS, including Release 16.1R4, had the incorrect label indication bit and leaf label encoding.

  • EVPN extended community and ISID using standard IANA value—Starting in Junos OS Release 17.2R1, the router MAC extended community and service identifier (ISID) sub-type values have been corrected to use the Internet Assigned Numbers Authority (IANA) standardized value. In Junos OS Release 17.1R1, when you configure EVPN extended community using a pure type 5 routing mode with VXLAN encapsulation, you might encounter routing issues with the router from another vendor.

  • Changes in the output of show route table command—Starting in Junos OS Release 17.2R3, the output for show route table no longer displays the loopback address as the route distinguisher for MAC address virtual routing and forwarding (MAC-VRF) routing instances route entries. Instead, the output now displays the route distinguisher for the evpn and virtual switch instance type.

  • Support for LSP on EVPN-MPLS—Starting in Junos OS Release 17.2R3, Junos OS supports the mapping of EVPN traffic to specific label-switched paths (LSPs). Prior to this release, the traffic policies mapping extended community to specific LSPs did not work properly.

Forwarding and Sampling

  • If a Packet Forwarding Engine (PFE) of an FPC is affected due to fabric path wedge errors, then as part of fabric hardening actions, the affected Packet Forwarding Engine is disabled and the associated fabric also goes offline. Fabric stream wedge occurs when the ASIC of the FPC is in the stuck state, and the ingress Packet Forwarding Engine fails to send traffic to the destination Packet Forwarding Engine. When the Packet Forwarding Engine is wedged, the fabric of the Packet Forwarding Engine goes offline. The output of show chassis fabric fpcs and show chassis fabric plane commands show a new state for the Packet Forwarding Engine as Fabric Disabled.

    You can use the request chassis fabric pfe pfe-number fpc-number offline command to offline any Packet Forwarding Engine. There is no online option for this statement. To bring the Packet Forwarding Engine back online, you must restart the FPC.

General Routing

  • Support for deletion of static routes when the BFD session goes down (MX Series)—Starting with Junos OS 17.2R2, the default behavior of the static route at the [edit routing-options static static-route bfd-admin-down] hierarchy level is active. So, the static routes are deleted when the BFD receives a session-down message.

High Availability (HA) and Resiliency

  • In Graceful Routing Engine Switchover (GRES) configuration, use only vmhost reboot command on MX2008 routers—In Junos OS Release 17.2R1, you must use the vmhost reboot command instead of the request system reboot command on MX2008.

Interfaces and Chassis

  • Support for maximum queues configuration on MPC7E, MPC8E, and MPC9E (MX Series)—You can configure the maximum number of queues per MPC on MPC7E, MPC8E, and MPC9E. By default, these MPCs operate in per-port queuing mode.

    You can use the set chassis fpc slot-number max-queues queues-per-line-card command to configure the number of queues per MPC. The possible values for queues-per-line-card are 8k, 16k, 32k, 64k, 128k, 256k, 512k, or 1M.

    Per-unit scheduling and hierarchical queuing on MPC7E, MPC8E, and MPC9E are licensed features.

    You cannot configure the max-queues and the flexible-queuing-mode statements at the same time. You use the flexi-queuing-mode statement to configure a maximum of 32,000 queues per MPC.

    If the max-queues statement is not configured, which is the default mode, the MPC starts with a message similar to the following:

    FPC 0 supports only port based queuing. A license is required for per-VLAN and hierarchical features.

    If the max-queues statement is configured and the value is less than or equal to 32,000, the MPC starts with a message similar to the following:

    FPC 0 supports port based queuing and is configured in 16384 queue mode. A limited per-VLAN queuing license is required for per VLAN and hierarchical queuing features.

    If the max-queues statement is configured and the value is greater than 32,000, the MPC starts with a message similar to the following:

    FPC 0 supports port based queuing and is configured in 524288 queue mode. A full scale per-VLAN queuing license is required for per VLAN and hierarchical queuing features.

    [See Understanding Hierarchical Scheduling for MIC and MPC Interfaces

    and Flexible Queuing Mode Overview.]

  • Changes to show interfaces interface-name extensive Output—Starting in Junos OS Releases 15.1R7, 16.1R5, 16.2R2, 17.1R2, and 17.2R1, the MAC Control Frames field of the show interface interface-name extensive command for a specified 10-Gigabit Ethernet interface displays a value of zero. In previous releases, the value for this field was calculated. Because of continuous traffic and as a result of the calculations, the value displayed for this field changed continuously.

  • Displaying accurate value of estimated BER in show interfaces (10-Gigabit Ethernet) command—During autorecovery, when the show interfaces command for 10-Gigabit Ethernet interface is executed, the Estimated BER field displays Recovery Under Progress instead of <= 1E-16, as the estimated BER is not known during autorecovery.

    Before:

    After:

    [See show interfaces (10-Gigabit Ethernet).]

  • Aggregate Ethernet IFL (logical interface) targeted distribution feature now provides four level of prioritization—Starting in Junos OS Release 17.2R1, the aggregate Ethernet logical interface targeted distribution feature supports four levels of prioritization. If you configure all three distribution lists-–primary, backup, and standby---then Junos OS will not implicitly add member interfaces to these distribution lists. That is, if any member interface is not defined in either of the configured lists, then it will be assigned a weight higher than the standby list weight and thus will be used only when all the interfaces in all three configured lists are down. This provides four levels of prioritization.

    Previously, traffic would fail over to the standby links when both primary and backup links failed.

  • Deprecated maximum transmission unit configuration option for virtual tunnel interfaces—In Junos OS Release 17.2R2, you cannot configure the maximum transmission unit (MTU) size for virtual tunnel (vt) interfaces because the mtu bytes option is deprecated for vt interfaces. Junos OS sets the MTU size for vt interfaces by default to unlimited.

  • Recovery of PICs that are stuck because of prolonged flow controls (MS-MIC, MS-MPC, MS-DPC, MS-PIC 100, MS-PIC 400, and MS-PIC 500)—If interfaces on an MS-PIC, MS-MIC, MS-MPC, or MS-DPC are in stuck state because of prolonged flow control, Junos OS restarts the service PICs to recover them from this state. However, if you want the PICs to remain in stuck state until you manually restart the PICs, configure the new option up-on-flow-control for the flow-control-options statement at the [edit interfaces mo-fpc/pic/port multiservice-options] hierarchy level.

IP Tunneling

  • Deprecated no-path-mtu-discovery configuration option for ipip6 tunnels—Starting in Junos OS Release 17.2R1, the no-path-mtu-discovery configuration statement in the [edit interfaces ip-fpc/pic/port unit logical-unit-number tunnel] and [edit interfaces gr-fpc/pic/port unit logical-unit-number tunnel] hierarchies is no longer available for ipip6 tunnels.

Management

  • Changes to the rfc-compliant configuration statement (MX Series)—Starting in Junos OS Release 17.2R1, Junos OS YANG modules are specific to a device family, and each module’s namespace includes the module name, device family, and Junos OS release string. If you configure the rfc-compliant statement at the [edit system services netconf] hierarchy level and request configuration data in a NETCONF session on a device running Junos OS Release 17.2R1 or later, the NETCONF server sets the default namespace for the <configuration> element in the RPC reply to the same namespace as in the corresponding YANG model.

    [See Configuring RFC-Compliant NETCONF Sessions and rfc-compliant.]

  • Enhancement to the Junos Telemetry Interface (MX Series)—Starting in Junos OS Release 17.2R1, the values displayed in the oper-status field for data streamed through gRPC for the physical interfaces sensor have changed.

    The following values are now displayed to indicate the operational status of an interface:

    • operational status up—UP

    • operational status down—DOWN

    • operational status unknown—UNKNOWN

  • Junos OS YANG module namespace and prefix changes (MX Series)—Starting in Junos OS Release 17.2R1, Junos OS YANG modules are specific to a device family, and each module’s namespace includes the module name, device family, and Junos OS release string. Furthermore, each juniper-command module uses its own unique module name as the module’s prefix. In earlier releases, Junos OS YANG modules used only a unique identifier to differentiate the namespace for each module, and the prefix for all juniper-command modules was jrpc.

    Device families include junos, junos-es, junos-ex, and junos-qfx. The Junos OS YANG extension modules, junos-extension and junos-extension-odl, use the junos device family identifier in the namespace, but the modules are common to all device families.

    [See Understanding Junos OS YANG Modules.]

  • Enhancement to NPU memory sensors for Junos Telemetry Interface (MX Series)—Starting with Junos OS Release 17.2R1, the path used to subscribe to telemetry data for network processing unit (NPU) memory and NPU memory utilization through gRPC has changed. The new path is /components/component[name="FPC<fpc-id>:NPU<npu-id>"]/

    [See Guidelines for gRPC Sensors.]

MPLS

  • Bandwidth underflow sample on LSPs (MX Series)—Starting in Junos OS Release 16.1R5 and 17.2R2, all zero value bandwidth samples are considered as underflow samples, except for the zero value samples that arrive after an LSP comes up for the first time, and the zero value samples that arrive first after a Routing Engine switchover.

  • Prior to Junos OS Release 17.2R1, incoming MPLS labels from the following ranges can be used for static VPLS LSI-based services (Range-R1) and non-LSI-based services (Range-R2), by default:

    • Range-R1: [29696 to 41983]

    • Range-R2: [1000000 to 1048575]

    Starting with Junos OS Release 17.2R1 and subsequent releases, any device operating in an enhanced-IP mode cannot use the range R1 for default assignment of incoming static VPLS LSI-based labels. However, range R2 works the same on releases prior to 17.2R1 and subsequent Junos OS Releases.

  • Starting in Junos OS Release 16.1R4-S8, 16.1R6-S2, 16.1R7, 16.2R3, 17.1R3, and 17.2R3, the previously hidden configuration statement, session, can be configured at the [edit protocols ldp] hierarchy level. This statement enables you to configure the LDP session parameters by specifying the session destination address.

    [See session.]

  • Support for inet.0 and inet.3 labeled unicast BGP route for protocol LDP (MX Series)--- Starting in Junos OS Release 17.2R3, LDP egress policy is supported on both inet.0 and inet.3 routing Information bases (RIBs) also known as routing table for labeled unicast BGP routes. If a routing policy is configured with a specific (inet.0 and inet.3) RIB, the egress policy is applied on the specified RIB. If no RIB is specified and a prefix is present on both inet.0 and inet.3 RIBs for labeled unicast BGP routes, then inet.3 RIB is preferred. However, prior to Junos OS Release 12.3R1 and starting with Junos OS Release 16.1R1, LDP egress policy is always preferred on inet.0 RIB and support for inet.3 RIB egress policy for labeled unicast BGP routes was disabled. In Junos OS Release 12.3R1 and later releases up to Junos Release 16.1R1, LDP egress policy was supported in inet.3 RIBs, in addition to inet.0 RIBs, for labeled-unicast BGP routes.

  • Disable M-LDP from using RSVP-TE LSPs for tunneling—Starting in Junos OS Release 12.3R1, Junos OS provides support for Multipoint LDP (M-LDP) for Targeted LDP (T-LDP) sessions with unicast replication, in addition to link sessions. As a result, the current default behavior of M-LDP over RSVP tunneling is similar to unicast LDP.

    However, because T-LDP is chosen over LDP and link sessions to signal point-to-multipoint LSPs, you can enable LDP natively throughout the network, so the point-to-multipoint LSPs take the LDP paths.

    [See p2mp (Protocols LDP).]

  • Loss of traffic over bypass MPLS LSPs—If RSVP link or node protection is enabled along with global RSVP authentication, there is loss of traffic over bypass MPLS LSPs at the time of local repair, when the point of local repair (PLR) and the merge point devices have different versions of the Junos OS software installed on them. That is, one device is running a release prior to Junos OS Release 16.1, and the other device is running a release starting with Junos OS Release 16.1R4-S12.

Network Management and Monitoring

  • Hard-coded RFC 3635 MIB OIDs updated (MX Series)—Starting in Junos OS Release 17.2R1, the following RFC 3635 MIB OIDs have been updated as default values:

    • dot3StatsFCSErrors and dot3HCStatsFCSErrors, framing errors

    • dot3StatsInternalMacReceiveErrors and dot3HCStatsInternalMacReceiveErrors, MAC statistics: Total errors (Receive)

    • dot3StatsSymbolErrors and dot3HCStatsSymbolErrors, code violations

    • dot3ControlFunctionsSupported, flow control

    • dot3PauseAdminMode, flow control

    • dot3PauseOperMode, auto-negotiation

  • MIB buffer overruns can only be counted under ifOutDiscard (MX Series)---The change done for PR 1140400 introduced a customer-visible behavior change (CVBC) in which qdrops (buffer overruns) were counted under ifOutErrors along with ifOutDiscards. This is against RFC 2863, in which buffer overruns should only be counted under ifOutDiscards and not under ifOutErrors. In Junos OS Release 17.2R1, this is now fixed.

  • Update to SNMP support of apply-path statement (MX Series)---In Junos OS Release 17.2R1, SNMP implementation for the apply-path configuration statement supports only two lists:

    • apply-path "policy-options prefix-list <list-name> <*>"

      This configuration has been supported from day 1.

    • apply-path "access radius-server <*>"

      This configuration is supported as of this release.

  • Enhancement to SMNPv3 traps for contextName field (MX Series)—Starting in Junos OS Release 17.2R1, the contextName field in SNMPv3 traps generated from a non-default routing instance is populated with the same routing-instance information as is given in SNMPv2 traps. SNMPv2 traps provide the routing-instance information as context in the form of context@community. This information gives the network monitoring system (NMS) the origin of the trap, which is information it might need. But in SNMPv3, until now, the contextName field was empty. For traps originating from a default routing instance, this field is still empty, which now indicates that the origin of the trap is the default routing instance.

  • SNMP syslog messages changed (MX Series)—In Junos OS Release 17.2R1, two misleading SNMP syslog messages have been rewritten to accurately describe the event:

    • OLD - AgentX master agent failed to respond to ping. Attempting to re-register

      NEW - AgentX master agent failed to respond to ping, triggering cleanup!

    • OLD - NET-SNMP version %s AgentX subagent connected

      NEW - NET-SNMP version %s AgentX subagent Open-Sent!

    [See the MIB Explorer.]

  • Change in default log level setting (MX Series)—In Junos OS Release, 17.2R3, the following changes were made in default logging levels:

    Before this change:

    • SNMP_TRAP_LINK_UP was LOG_INFO for both the physical (IFD) and logical (IFL) interfaces.

    • SNMP_TRAP_LINK_DOWN was LOG_WARNING for both the physical (IFD) and logical (IFL) interfaces.

    After this change:

    • IFD LinkUp -> LOG_NOTICE (since this is an important message but less frequent)

    • IFL LinkUp -> LOG_INFO (no change)

    • IFD and IFL LinkDown -> LOG_WARNING (no change)

    See the MIB Explorer.

  • Need to reconfigure SNMPv3 configuration after upgrade (MX Series)—In Junos OS Release 17.2R2, you might need to reconfigure SNMPv3 after upgrading from an earlier release to this release. This is necessary only if you are using SNMPv3 and if the engine ID is based on the MAC address because the engine ID is changed. It used to be that customers had to reconfigure SNMPv3 every time after a reboot. This problem was fixed. If you upgrade, you must still reconfigure SNMPv3, but only once—if you have already reconfigured SNMPv3 in an earlier release, you do not need to reconfigure SNMPv3 again. To reconfigure SNMP v3, use the delete snmp v3 command, commit, and then reconfigure SNMPv3 parameters.

    [See Configuring the Local Engine ID.]

  • A decrease in the MPLS label-switched path (LSP) statistics pauses the SNMP MIB mplsLspInfoAggrOctets count for one MPLS statistics gathering interval. In such cases, the mplsLspInfoAggrOctets value is updated only after completing one more interval of the MPLS statistics gathering.

Routing Protocols

  • IPv6 neighbor reachability stale time range modified—Starting with Junos OS Release 17.2R1, the stale time range of IPv6 neighbor reachability confirmation has changed from [1..1200] to [1..18000]. You can configure nd6-stale-time of upto 5 hours at the [edit interfaces interface-name unit logical-unit-number family inet6] hierarchy level.

  • Range of flow route rate-limit modified—Starting with Junos OS Release 17.2R1, the range of flow route rate-limit is modified from [9600..1000000000000] to [0..1000000000000]. The following rate limits trigger the following actions:

    Rate limit

    Actions

    0

    discard

    1-999

    0 kbps

    1000-1000000000000

    corresponding value in kbps

  • Syslog error message RPD_ISIS_PREFIX_SID_CNFLCT to resolve conflicting prefix segment advertisement (MX Series)—Starting in Junos OS Release 17.2R2, the RPD_ISIS_PREFIX_SID_CNFLCT syslog error message is emitted only when the prefix segment advertisement from the remote node is conflicting with an advertisement from the self node. This conflict happens because the same prefix segment index is assigned on different IP addresses or different prefix segment indexes are assigned to the same IP address. To rectify this conflict, identify the remote node in the network originating the conflicting prefix segment advertisement and change the prefix segment index on the local node or on the remote node.

    [See Example: Configuring Anycast and Prefix Segments in SPRING for IS-IS].

  • New option to force routers running Junos OS to advertise a zero-length next-hop address in BGP routes for flowspec families—Beginning with Junos OS Release 17.2R1, you can force routers running Junos OS to advertise flow route updates with a zero-length next-hop address even when a valid next-hop address is present in the local routing table. This option provides backward-compatibility with earlier Junos OS releases that flap BGP sessions on receiving a nonzero-length next-hop address. Junos OS assigns a Fictitious type next-hop to flowspec routes received with a zero-length next-hop address. To advertise zero-length next-hop addresses, configure this new option, strip-nexthop, at the [edit protocols bgp family (inet | inet-vpn | inet6 | inet6-vpn) flow] hierarchy level.

    When strip-nexthop is not configured, Junos OS advertises a nonzero-length next-hop address (if one exists) for flowspec family routes just as it does for other address families.

    [See strip-nexthop.]

  • Format of session up time modified in show bfd session detail output—Starting in Junos OS 17.2R1, the output of show bfd session detail includes the seconds in the session up time field. In earlier Junos OS releases, the session up time was displayed as 1w1d hh:mm; the seconds were omitted when the up time was more than 24 hours. The modified format of the session up time is 1w1d hh:mm:ss.

    [See show bfd session.]

  • Changes to the stitch label operation of transit static LSPs (MX Series)—Starting in Junos OS Release 17.1R1, 17.1R2, and 17.2, when configuring transit static LSPs with label operation as stitch, the configured next-hop can only be a valid IP address and not an interface name.The stitch next-hop option at the [edit protocols mpls static-label-switched-path lsp-name transit incoming-lable] hierarchy level has changed from:

    to:

Services Applications

  • Change in behavior of IKE negotiation (MX Series)—Starting in Junos OS Release 17.2R1, when you commit an IPsec configuration that includes establish-tunnels immediately at the [edit services ipsec-vpn] hierarchy level, the service set might take up to 30 seconds to initiate IKE negotiations.

Software-Defined Networking

  • The output of the show mpls lsp ingress locally-provisioned command is expected to display only label-switched paths (LSPs) that have been provisioned locally by the Path Computation Client (PCC). However, the locally-provisioned option was displaying all the LSPs, instead.

    Starting in Junos OS Release 17.2R3, the locally-provisioned option in the show mpls lsp ingress command is behaving as expected.

Software Installation and Upgrade

  • ZTP is supported on MX Series PPC platforms (MX Series)—As of Junos OS Release 17.2R3, Zero Touch Provisioning (ZTP) is supported on MX Series PPC platforms (which are MX5, MX10, MX40, MX80, and MX104 routers). Before the fix, the ZTP process did not start to load image and configuration for MX Series PPC routers.

    [See Junos OS Installation Package Names.]

Subscriber Management and Services

  • Changes to flat-file accounting statistics collection when a service deactivation fails (MX Series)—Starting in Junos OS Release 17.2, the collection of accounting statistics when an ESSM service is deactivated has changed. When the deactivation is initiated by a Change of Authorization (CoA) message, essmd sends a stop request to the accounting daemon (pfed), which writes the stop record and marks the statistics values at that time as a new baseline value.

    When the commit for the new configuration succeeds, the logical interface on which the service was deactivated is deleted.

    When the commit fails, the service is restored rather than deactivated and the logical interface is not deleted. In this case, essmd requests the accounting daemon (pfed) to resume flat-file accounting for the service. The accounting daemon (pfed) writes an accounting start record, then resumes writing interim accounting records, where the interim statistics equal the current value minus the baseline value.

    In earlier releases, if the service deactivation fails and the service is restored on the logical interface, no interim accounting statistics are collected for the interval since the stop record was written, resulting in inaccurate values.

  • DNS servers displayed by the show subscribers extensive command (MX Series)—Starting in Junos OS 17.2, the display of DHCP domain name servers (DNS) by the show subscribers extensive command has changed. When DNS addresses are configured at multiple levels, the command displays only the preferred address according to this order of precedence: RADIUS > access profile > global access. The command does not display DNS addresses configured as DHCP local pool attributes.

    DNS addresses from RADIUS appear in the following fields: Primary DNS Address, Secondary DNS Address, IPv6 Primary DNS Address, IPv6 Secondary DNS Address.

    DNS addresses from the access profile or the global access configuration appear in the following fields: Domain name server inet, Domain name server inet6.

    In earlier releases, the command displays only DHCP DNS addresses provided by RADIUS.

  • Change in display of IPv6 Interface Address field by the show subscribers extensive command (MX Series)—Starting in Junos OS 17.2R1, the show subscribers extensive command displays the IPv6 Interface Address field only when the dynamic profile includes the $junos-ipv6-address predefined variable.

    In earlier releases, the command always displays this field, even when the variable is not in the profile. In this case, the field shows the value of the first address from the Framed-IPv6-Prefix attribute (97).

    [See show subscribers.]

  • Change to DHCP option 82 suboptions support to differentiate duplicate clients (MX Series)—Starting in Junos OS Release 17.2R1, only the ACI (suboption 1) and ARI (suboption 2) values from the option 82 information are considered when this information is used to identify unique clients in a subnet. Other suboptions, such as Vendor-Specific (suboption 9), are ignored.

    [See DHCPv4 Duplicate Client In Subnet Overview.]

  • Default L2TP resynchronization method changed and statement deprecated (MX Series)—Starting in Junos OS Release 17.2R1, the default resynchronization method for L2TP peers in the event of a control connection failure is changed to silent failover. In earlier releases, the default method is failover-protocol-fall-back-to-silent-failover. The silent failover method is preferred because it does not keep tunnels open without traffic flow, waiting for the failed peer to recover and resynchronize. You can use the new failover-resync statement at the edit services l2tp tunnel hierarchy level to specify either failover protocol or silent failover as the resynchronization method.

    Because silent failover is now the default, the disable-failover-protocol statement is no longer needed and has been deprecated. If you upgrade to this release with a configuration that includes this statement, it is supported, but the CLI notifies you it is deprecated.

    [See L2TP Failover and Peer Resynchronization.]

  • IPv6 link local addresses assigned to underlying static demux interfaces (MX Series)—Starting in Junos OS Release 17.2R2, when you are using router advertisement for IPv6 subscribers on dynamic demux interfaces that run over underlying static demux interfaces, configure the software to use the same link-local address for both interfaces. In this case, the link-local address for the underlying interface should be based the MAC address of the underlying interface. The following statement causes the system to assign an address using the 64-bit extended unique identifier (EUI-64) as described in RFC 2373:

  • Source-specific multicast (SSM) CLI changes for dynamic IGMP and dynamic MLD (MX Series)—Starting in Junos OS Release 17.2R2, the ssm-map ssm-map-name statement at the [edit dynamic-profiles profile-name protocols (igmp | mld) interface interface-name] hierarchy level is deprecated and is no longer supported. Instead, you define an SSM map policy with the policy-statement statement at the [edit policy-options] hierarchy level. Apply the policy for dynamic IGMP or dynamic MLD with the ssm-map-policy ssm-map-policy-name statement at the [edit dynamic-profiles profile-name protocols (igmp | mld) interface interface-name] hierarchy level.

    If you upgrade from a release that does not support enhanced subscriber management (any release earlier than Junos OS Release 15.1R4) with a configuration that includes ssm-map, the configuration is allowed. However, the configuration has no effect and subscribers cannot log in.

  • Memory mapping statement removed for Enhanced Subscriber Management (MX Series)— In Junos OS Release 17.2R3, use the following command when configuring database memory for Enhanced Subscriber Management:

    set system configuration-database max-db-size

    CLI support for the set configuration-database virtual-memory-mapping process-set subscriber-management command has been removed to avoid confusion. Using the command for subscriber management now results in the following error message:

    WARNING: system configuration-database virtual-memory-mapping not supported. error: configuration check-out failed.

    [See Interface Configuring Junos OS Enhanced Subscriber Management for an example of how to use the max-db-size command.]

  • Change to ICRQ message inclusion of the ANCP Access Line Type AVP (MX Series)—Starting in Junos OS Release 17.2R3, the ICRQ message includes the ANCP Access Line Type AVP (145) when the received ANCP Port Up message includes a DSL-type of 0 (OTHER). In earlier releases, the AVP is not sent when the value is 0.

  • Support for IPv6 all-routers address in nondefault routing instance (MX Series)—Starting in Junos OS Release 17.2R3, the well-known IPv6 all-routers multicast address, FF02::2, is supported in nondefault routing instances. In earlier releases it is supported only for the default routing instance; consequently IPv6 router solicitation packets are dropped in nondefault routing instances.

  • Correction to CLI for L2TP tunnel keepalives (MX Series)—Starting in Junos OS Release 17.2R3, the CLI correctly limits to 3600 seconds the maximum duration that you can enter for the hello interval of an L2TP tunnel group. In earlier releases, the CLI allows you to enter a value up to 65,535, even though only 3600 is supported.

    [See hello-interval (L2TP).]

  • Wildcard supported for show subscribers agent-circuit-identifier command (MX Series)—Starting in Junos OS Release 17.2R3, you can specify either the complete ACI string or a substring when you issue the show subscribers agent-circuit-identifier command. To specify a substring, you must enter characters that form the beginning of the string, followed by an asterisk (*) as a wildcard to substitute for the remainder of the string. The wildcard can be used only at the end of the specified substring; for example:

    In earlier releases, starting with Junos OS Release 14.1, the command requires you to specify the complete ACI string to display the correct results. In Junos OS Release 13.3, you can successfully specify a substring of the ACI without a wildcard.

  • DHCPv6 lease renewal for separate IA renew requests (MX Series)—Starting in Junos OS Release 17.2R3, the jdhcpd process handles the second renew request differently in the situation where the DHCPv6 client CPE device does both of the following:

    • Initiates negotiation for both the IA_NA and IA_PD address types in a single solicit message.

    • Sends separate lease renew requests for the IA_NA and the IA_PD and the renew requests are received back-to-back.

    [See Using DHCPv6 IA_NA with DHCPv6 Prefix Delegation Overview.]

User Interface and Configuration

  • Enhancements to the show chassis fpc errors command to display the PFE enable or disable status (MX Series)—The show chassis fpc errors command output is enhanced to include information about the state of the Packet Forwarding Engine (PFE).

    user@host> show chassis fpc errors
  • Junos OS prohibits configuring ephemeral configuration database instances that use the name default (MX Series)—Starting in Junos OS Release 17.2R3, user-defined instances of the ephemeral configuration database, which are configured using the instance instance-name statement at the [edit system configuration-database ephemeral] hierarchy level, do not support configuring the name default.

VPNs

  • Support for ping on a virtual gateway address—Starting in Junos OS Release 17.2R2, Junos OS supports pinging an IPv4 or IPv6 address on the preferred virtual gateway interface. To set up support for ping, you must include both the virtual-gateway-accept-data and the preferred statements at the [edit interfaces irb unit] hierarchy of the preferred virtual gateway. This enables the interface on the preferred virtual gateway to accept all packets for the virtual IP address, including ping packets.

Known Behavior

This section contains the known behavior, system maximums, and limitations in hardware and software in Junos OS Release 17.2R3 for MX Series..

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Flow-Based and Packet-Based Processing

  • To avoid dropped packets, Juniper Networks recommends that you configure the maximum-packet-length equal to or greater than the IP header. For IPv4, set the maximum length to at least 20, and for IPv6, set the maximum length to at least 40.

General Routing

  • Multiprotocol extensions capability code in notification message—Starting in Junos OS Release 17.2R1, when a BGP speaker terminates a peering session, because the peer does not support Multiprotocols Extensions for BGP-4, it sends a notification message that contains the multiprotocol extensions capability as per the standard. In earlier releases, the BGP peer sends a notification message that contains internal code for unsupported NLRIs.

  • On a Junos OS based platform, sometimes FPC might get stuck in offline state with the reason Restarted by CLI command after restarting the FPC immediately after restarting chassisd. This is because of the fact that it takes some time for the system to stabilize after chassisd restarts. Though chassisd provides the FPC status and accepts the commands, on the back-end device, it is doing many initializations. Therefore, wait until all the PIC status are also available before issuing any command that makes FPC online, offline, and restart. PR1275530

High Availability (HA) and Resiliency

  • Residual and baseline statistics loss from ISSU (MX Series)—Using unified ISSU to upgrade to Junos OS Release 17.2R1 or later will result in a loss of residual and baseline statistics for interfaces, interface set specific statistics, and BBE subscriber service statistics because of an update to the statistics database.

    [See Unified ISSU System Requirements.]

  • ISSU restrictions—Unified ISSU is not supported for upgrading Junos OS 17.2R1 to 17.2R2.

Interfaces and Chassis

  • An additional commit is required when reusing Virtual IP on an interface as an interface address (MX Series)—When you reuse a virtual IP address on an interface as an interface address, you must first delete the virtual IP address configuration and commit the configuration. You must then add the interface address configuration in a subsequent commit.

  • Previously, the same IP address could be configured on different logical interfaces from different physical interfaces in the same routing instance (including master routing instance). But only one logical interface is assigned with the identical address after commit. During commit, only syslog messages indicating incorrect configuration are seen and no warnings. PR1221993

  • 1. Delay Measurement support for 5-port 100G DWDM PIC and 5-port 100G DWDM MIC is *ONE TIME Delay Measurement*. This means that customers intending to measure Delay 2 points should ensure that link is up on both sides and then conduct this test one time. The result value is valid one time once the test is finished. The test result on CLI is not valid after one time measurement as the old result might show up on Routing Engine CLI. 2. Remote-loop-enable should be configured first on remote end. 3. Each time a customer wants to verify this, test has to be *repeated*. 4. Processing delays in each mode are different: HGFEC [For 5-port 100G DWDM MIC] being highest, SDFEC in the interim and GFEC being least for the same cable length. 5. In summary, any breakage in transmit/receive path during the delay measurement test will hinder delay measurement. This is true for all FEC modes - GFEC, SDFEC, HGFEC. 6. Currently SNMP walk is not available for delay measurement. PR1233917

Network Management and Monitoring

  • SNMP traps for certain interfaces in Admin Down state (MX Series)—SNMP traps are generated when an interface that supports the Digital Optical Monitoring (DOM) MIB is placed in an administrative down state. This behavior informs the operator of any interface fault, alarm, or threshold condition.

  • The MIB2D_RTSLIB_READ_FAILURE: rtslib_iflm_snmp_pointchange syslog message occurs during configuration restore. This is because the mib-process sends requests to the kernel to update SNMP ifIndex for the interfaces that it is learning. If this interface is deleted from the kernel, the syslog message is generated. This interface learning by mib-process occur later once the kernel sends the ADD notification for these interfaces. There is no system impact caused by this syslog message during the configuration scenario. PR1279488

Services Applications

  • Broadband-edge platforms do not support service-set integration with dynamic profiles when the service set is representing a carrier-grade NAT configuration. As a workaround, you can use next-hop service set configurations and routing options to steer traffic to a multiservices (ms) interface where NAT functionality can be exercised. The following configuration snippet shows the basics of statically configuring the multiservices interface next hop and a next-hop service set. Traffic on which the service is applied is forced to the interface inside the network by configuring that interface as the next hop. This configuration does not show other routing-options or NAT configurations relevant to your network.

    [See Configuring Service Sets to be Applied to Services Interfaces.]

Software-Defined Networking (SDN)

  • When the BSYS master Routing Engine is rebooted or shut down, the JDM-to-JDM communication, including the commit sync operation, fails. To work around this issue, commit the JDM configurations on server0 and server1 separately.

  • If the GNF console remains idle for a long duration (for example, more than 10 minutes), the console might stop responding.

  • Pings to the peer JDM might fail even when the connection status is shown to be up. Also, the show server connections command might show JDM-to-JDM ping failure issues. These ping failure issues occur when connections from the Control Board to the servers are mapped incorrectly at the JDM. Correct the mapping by verifying the connections.

  • The JDM operational command show virtual-network-functions might sometimes show the value of the Liveness field as Down even when the GNF is up and reachable.

  • The GNF VM’s fxp0 interface might get slower and stop forwarding packets occasionally. When this occurs, disable the fxp0 interfaces and enable it again.

Software Installation and Upgrade

  • Unified ISSU with active BBE subscribers using advanced services supported only to 17.2R3 and later 17.2 releases—If you have active broadband edge subscribers that are using advanced services, you cannot perform a successful unified in-service software upgrade (ISSU) to a Junos OS 17.2 release earlier than 17.2R3. If you perform an ISSU to a 17.2 release earlier than 17.2R3, the advanced services PCC rules are not attached to subscribers.

  • Unified ISSU not supported with an active RPM configuration—If you have an active real-time performance monitoring (RPM) configuration, you cannot perform a successful unified in-service software upgrade (ISSU) to a Junos OS 17.2 release. The warning ISSU is not supported for RPM configuration appears.

Subscriber Management and Services

  • The all option is not intended to be used as a means to perform a bulk logout of L2TP subscribers. We recommend that you do not use the all option with the clear services l2tp destination, clear services l2tp session, or clear services l2tp tunnel statements in a production environment. Instead of clearing all subscribers at once, consider clearing subscribers in smaller group, based on interface, tunnel, or destination end point.

User Interface and Configuration

  • Modification to configurable link degrade threshold values (MX Series)—Starting with Junos OS Releases 15.1F7 and 16.1R1, the values of the user-configurable link degrade thresholds have to be configured according to the following guidelines:

    • set threshold value must be greater than warning set threshold value

    • set threshold value must be greater than clear threshold value

    • warning set threshold value must be greater than warning clear threshold value

    If the threshold values are not configured according to these guidelines, the configuration fails and a Commit Error message is displayed.

Known Issues

This section lists the known issues in hardware and software in Junos OS Release 17.2R3 for MX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Class of Service (CoS)

  • In Junos OS Release 17.2R2, when a cascade port is configured, CoS resources are allocated to it and the corresponding CoS parameters applied on extended ports are scaled. This is done irrespective of the cascade port. If a configured cascade port goes down, nothing is done. PR1262320

  • In Junos OS Release 17.2, the egress rate limit at the extended port does not work properly if you have a rate limit configuration applied at the extended port physical interface level by using the traffic-control-profile-remaining and also at some of the extended port logical interfaces by using an explicit traffic-control-profile in hierarchical-scheduler mode. PR1271719

  • In certain scenarios of congestion, traffic might be dropped due to non-Juniper Networks optics and generate an alarm. PR1378392

EVPN

  • Routing instances of type evpn configured with a VLAN ID advertises MAC (type 2) routes with the VLAN value in the Ethernet tag field of the MAC route. Advertising MAC routes with a nonzero VLAN is incompatible with the EVPN VLAN-based service type. To enable interoperability between a Junos OS routing instance of type evpn and a remote EVPN device operating in VLAN-based mode, the Junos OS routing instance must be configured with vlan-id none so that the Ethernet tag in advertised MAC routes is set to zero. PR945247

  • A provider edge (PE) device running EVPN IRB with IGP configured in a VRF associated with the EVPN instance is unable to establish an IGP adjacency with a customer edge (CE) device attached to a remote PE device. The IGP instance running in the VRF on the PE device might be able to discover the IGP instance running on the remote CE device through broadcast or multicast traffic, but will be unable to send unicast traffic directly to the remote CE device. PR977945

  • On MX Series routers, when an instance type is changed from VPLS to EVPN, and in the same commit an interface is added to the EVPN instance, the newly added EVPN interface might not be able to come up. PR1016797

  • The Layer 2 address learning process (l2ald) might generate a core file in a scaled Layer 2 setup, including bridge-domain, VPLS, EVPN, and so on. The l2ald generates a core file after a kernel page fault. In most cases, the issue recovers after the l2ald core file is generated. In a few cases, the process might need a manual restart to recover. Logs: /kernel: %KERN-3-BAD_PAGE_FAULT: pid 69719 (l2ald), uid 0: pc 0x88beb5ce got a read fault at 0x6ca, x86 fault flags = 0x4 /kernel: %KERN-6: pid 69719 (l2ald), uid 0: exited on signal 11 (core dumped) init: %AUTH-3: l2-learning (PID 69719) terminated by signal number 11. Core dumped!. PR1142719

  • In an EVPN scenario with static MAC configured in the EVPN instance, the remote EVPN instance can detect the MAC route information. However, after deactivating and activating the static MAC in the EVPN instance, and then checking the MAC route information in the remote EVPN instance, no such MAC route is found in the EVPN route table. PR1193754

  • In scaled-up EVPN VPWS configurations (approximately 8000 EVPN VPWS), during Routing Engine switchover, rpd scheduler slip messages might be seen. PR1225153

  • When the ESI configuration on an interface is changed from all-active to single-active, and back to all-active, the EVPN split horizon label is not allocated and is shown as 0. PR1307056

  • PBB EVPN cannot flood traffic towards a core layer. Traffic recovers by performing "restart l2-learning". In addition to this, there is a limitation in PBB EVPN active/active (A/A) unicast traffic forwarding. If entropy in the traffic is not sufficient, then uneven load balancing causes a problem on MH peer A/A routers. This causes a drop for return traffic. These issues are applicable to MAC-in-MAC private network-to-network (PNN)-EVPN and does not affect any other scenario. PR1323503

  • When an EVPN PE device (RR) is configured as single home without ESI, EVPN BGP routes from table bgp.evpn.0 might leak into the default EVPN table (__default_evpn__.evpn.0) causing label leak. Such a leak might lead to all label exhaustion and, as a result, the routing protocol process (rpd) generates a core file. PR1333944

  • When an EVPN route is filtered by using the CLI command show route evpn-ethernet-tag-id, it looks for route in all routing tables including inet.0. The EVPN route is not present in inet.0 and the non-evpn route will not have the Ethernet tag, which might result in the rpd process crash. PR1337506

  • In Junos OS platform, the l2ald daemon might crash when MAC address is processing. The MAC learning process might impact during the period of l2ald crash. The l2ald recovers itself. PR1347606

  • When EVPN is configured with class-of-service-based forwarding (CBF), traffic might be lost for the CBF services. PR1374211

Forwarding and Sampling

  • When a policing filter is applied to an active LSP carrying traffic, the LSP resignals and drops traffic for approximately two seconds. It can take up to 30 seconds for the LSP to come up under either of the following conditions:

    • Creation of the policing filter and its application to the LSP through configuration occurs in the same commit sequence.

    • Load override of a configuration file that has a policing filter and policing filter application to the LSP is followed by a commit. PR1160669

  • When the push-backup-to-master statement is configured under the accounting-options file section, the corresponding accounting files need to be pushed to the master Routing Engine from the standby Routing Engine. But because of a software defect, the following issues are observed.

    • The files are getting pushed from the standby Routing Engine to the master Routing Engine irrespective of whether the push-backup-to-master statement is configured or not.

    • The files are not getting pushed from the standby Routing Engine to the master Routing Engine if the backup option is configured as master-only. PR1236618

  • After the show firewall command is executed, the dfwinfo: tvptest:dfwlib_owner_create tvp driven policer_byte_count support 0 message is seen in message logs. This message is a cosmetic issue and it can be ignored safely. This message can be seen with the following sample configuration: set interfaces ge-0/0/0 unit 0 family inet filter input test_filter, set interfaces ge-0/0/0 unit 0 family inet address 100.100.100.1/24, set firewall family inet filter test_filter term policer then policer policer_test, set firewall policer policer_test if-exceeding bandwidth-limit 100m, set firewall policer policer_test if-exceeding burst-size-limit 125k, and set firewall policer policer_test then loss-priority low. PR1248134

  • FreeBSD 10.x based Junos OS is not supported on 32-bit Routing Engines in Junos OS Release 17.1R1. PR1252662

  • In some stress test conditions, the sampled process crashes and generates a core file when connecting to L2BSA and EVPN subscribers aggressively. PR1293237

  • The Junos OS allows the same filter names under different families to be committed. Effective committing without giving a commit error might cause the filter criteria at the [edit firewall family inet] hierarchy level not to be applied on an interface. PR1344506

  • On MX960, MX480, MX240, and MX80 routers with EVPN configured, if RSVP and CoS-based forwarding (CBF) are configured, the remote media access control (MAC) address might not be added to the EVPN instance forwarding table, that causes a drop in the traffic. PR1353555

  • Whenever bridge firewall filter is configured and accounting is enabled on it, the filter counter is not written to the accounting file. PR1392550

  • On Junos Fusion, ingress policing on SD is broken. When the statement set interfaces layer2-policer input-policer <policer-name> is executed, the ingress policing on AD and SD is not supported. Error is seen where traffic is not getting policied after locally switched for VLAN 100 and 101 while verifying selective local-switching functionality with 4000 VLANs. PR1395217

General Routing

  • DC-PEMs of MX104 systems might suddenly restart because of high temperature protection and might trigger a system restart. The DC-PEM temperature sensors were not monitored by the fan system algorithm, causing high temperature conditions under certain environmental conditions. MX104 with AC-PEMs are not exposed. PR1064039

  • On MX Series routers with MS-MPC or MS-MIC, memory leak can be seen with jnx_msp_jbuf_small_oc object, upon sending millions of Point-to-Point Tunneling Protocol (PPTP) control connections (3 through 5 million) at higher cells per second (cps) (greater than 150,000 cps). This issue is not seen with up to 50,000 control connections at 10,000 through 30,000 cps. PR1087561

  • On MX104 routers, when using snmpbulkget or snmpbulkwalk on chassisd related component such as jnxOperatingEntry, high CPU usage and slow response for the chassisd process might be seen because of a hardware limitation, which might also lead to query timeout on the SNMP client. In addition, the issue might not be seen when you use SNMP query for interface statistics. As a workaround, use snmpget or snmpwalk instead of snmpbulkget or snmpbulkwalk and include the -t30 option when performing a SNMP query—for example, "snmpget -v2c -c XX -t30". Alternatively, use the "-t30" option with snmpbulkget or snmpbulkwalk—for example, "snmpbulkget -v2c -c XX -t30". PR1103870

  • The SIP session fails when the IPv4 SIP client in the public network initiates a SIP call with the IPv6 SIP client in the private network. PR1139008

  • Source-prefix filtering and protocol filtering of the carrier-grade NAT sessions provide incorrect filtering results. For example, show services sessions extensive protocol udp source-prefix <0:7000::2> displays incorrect filtering output of the sessions. PR1179922

  • Chef for Junos OS supports additional resources to enable easier configuration of networking devices. These are available in the form of netdev resources 10-Gigabit Ethernet (xe) interface. The netdev resource developed for interface configuration determines that speed is a configurable parameter that is supported on a Gigabit Ethernet interface but not on an 10-Gigabit Ethernet (xe) interface. Therefore, the netdev interface resource cannot be used to configure an xe interface because of this limitation. PR1181475

  • Junos OS might improperly bind Packet Forwarding Engine ukernel application sockets after a unified ISSU because of a bug in IP >TNP fallback logic. Because of that bug, threads running on the ukernel that relay on UDP sockets can experience connectivity issues with the host, which in turn can lead to various problems. For instance, a Simple Network Time Protocol (SNTP) client might fail to synchronize time, which in turn might lead to other problems such as failure in adjacency formation for HMAC authenticated protocols. PR1188087

  • As described in RFC7130, when LACP is used and considers the member link to be ready to forward traffic, the member link must not be used by the load balancer until all the micro-BFD sessions of the particular member link are in the up state. PR1192161

  • SMID daemon has stopped responding to the management requests after a jl2tpd (L2TP process) crash on an MX960 BNG. PR1205546

  • Various common situations lead to different views of forwarding information between kernel and Packet Forwarding Engines. For example, fpc7 KERNEL/PFE APP=NH OUT OF SYNC: error code 3 REASON: NH add received for an logical interface that does not exist ERROR-SPECIFIC INFO: nh_id=562 , type = Hold, ifl index 334 does not exist TYPE-SPECIFIC INFO: none. Any service impact in MPC2 and MPC3 type cards is not seen. PR1205593

  • This is a rare race condition in which multiple interrupts are not handled properly on MX Series platforms with MPC7E, MPC8E, MPC9E, and PTX Series platforms with FPC3-PTX-U2/FPC3-PTX-U3, which might generate a core file. It is difficult to reproduce. The interrupt code is optimized to avoid the unnecessary call to prevent the issue. PR1208536

  • In certain interface-scaling scenarios, during configuration commit or rollback, you might see an fpcx error message about a problem with fpcx list_get_head list. You can safely ignore this message because the issue is triggered by the FPGA mechanism on DPC cards for logical interface mapping (ifl_map). Between the deletion of a physical interface and the monitoring event, the FPGA monitor mechanism checks through the stored logical interfaces. While the mechanism tries to find the family of a recently deleted logical interface that was not cleaned from the logical interface map, harmless messages might populate the log file. PR1210877

  • The PTP master streams on IP and Ethernet are not supported simultaneously. PR1217427

  • A unified ISSU cannot be performed from a Junos OS Release with NPU image size less than 60 MB to a Junos OS Release with NPU image size greater than 60 MB. PR1222540

  • The following MICs in MPC2E-NG and MPC3E-NG are those that do not support timestamping at the physical layer (Layer 1): MIC-3D-4XGE-XFP, MIC3-3D-10XGE-SFPP, MIC-3D-2XGE-XFP, and MIC-3D-20GE-SFP. The packet time error can be greater than +/– 100 seconds in these MICs. PR1226080

  • When a configuration that turns the Packet Forwarding Engine off line and another configuration that brings the Packet Forwarding Engine back online are committed in quick succession, there could be RE-PFE out of synchronization errors logged in syslog. Most of the time these are benign errors, but sometimes they might result in Packet Forwarding Engine crashes. PR1232178

  • OSPF is used as routing protocol between the clients and dynamic endpoint (DEP) router with TD configured. The OSPF protocol traffic brings up IPsec on spokes and the DEP router. The IPsec SAs are distributed on the DEP router. The neighbor state between the OSPF peers move to full, but after that it does not stay in that state. The states changes to init, 2-way, ex-start, and to full again. As a result, the data traffic between the routers drops. Thus tunnel distribution with protocol traffic is not supported. PR1232277

  • When a virtual switch type is changed from IRB type to regular bridge, interfaces under the OpenFlow protocol are removed. The OpenFlow process (daemon) fails to program any flows. PR1234141

  • The subinfo core file might be generated or the subscriber database might get stuck on the router with subscriber services during subscriber log in or the log out or any subscriber database access activity in a scaled environment. In a few scenarios, this issue might happen with or without generating a core file, where the subscriber database might get stuck resulting in the following error: show subscribers client-type pppoe Invalid argument: smid registration failed. PR1234746

  • Sometimes, when PPPoE subscribers log in and log out from Junos OS Release 16.1, the following messages are generated: user@devcie> show log messages | match authd authd[5208]: sdb_app_access_line_entry_read_by_uifl: uifl key 'demux0.xxxxxxxx': snapshot failed (-7) authd[5208]: sdb_app_access_line_entry_read: uifl key 'demux0.xxxxxxxx': read failed These messages indicate that authd daemon for subscriber authentication is attempting to read private data for an underlying interface which no longer exists (-7 = SDB_DATA_NOT_FOUND). These messages, which indicate that the authd process is asking the SDB for records that do not exist, have no impact and can be safely ignored. PR1236211

  • On MX Series with routing protocol process (rpd) in ASYNC mode, if the distributed IGMP is configured, the rpd process might crash, generating a core file. PR1238333

  • The measured noise-transfer gain is around –40 dB, which is higher than the standard metric. PR1240054

  • The following MICs in MPC2E-NG and MPC3E-NG are those that do not support timestamping at the physical layer (Layer 1): MIC-3D-4XGE-XFP, MIC3-3D-10XGE-SFPP, MIC-3D-2XGE-XFP, and MIC-3D-20GE-SFP. The packet 2Way/T1/T4 time error can be upto +/–450 nanoseconds in these MICs. PR1243646

  • Following MICs in MPC2E-NG/MPC3E-NG are those that do not support timestamping at the physical layer (Layer 1): MIC-3D-4XGE-XFP, MIC3-3D-10XGE-SFPP, MIC-3D-2XGE-XFP, and MIC-3D-20GE-SFP. The packet dynamic time error might be greater than 40 nanoseconds for LF and 70 nanoseconds for HF. PR1243871

  • When a certain route or next hop has been created by an application, it is assumed that it can propagate to the rest of the system. The kernal routing table (KRT) asynchronously picks up this state for propagation. There is no reverse indication to the application, if there was an error in propagating the state. The system is supposed to eventually reconcile. So, if SPRING-TE produces a <route, next hop> pair that looks legal from the application standpoint, but the KRT is not able to download it to the kernel because the kernel rejects the next hop, the <route, next hop> pair get stuck in the routing protocol process (rpd). In the meantime, the previous version of the route (L-IS-IS in this case) that was downloaded still lingers in the kernel and the Packet Forwarding Engine. PR1253778

  • On MX Series routers with the XM chipset (for example, on the MPCs MPC3E, MPC4E, MPC5E, MPC6E, MPC2E-NG, and MPC3E-NG), the MPC might reboot after unified ISSU completion. PR1256145

  • If there are two logical interfaces with the same VLAN ID on the logical tunnel (lt) interface, the bbe-smgd process crashes continuously. The issue is specific to Junos OS Release 15.1F5. PR1257931

  • The 1PPS TE/cTE performance metric can be as high as +/-550 nanoseconds in MPC2E and MPC3E NG QoS/3D 20x 1GE(LAN)-E, SFP with no PHY-Timestamp and non-hybrid mode. PR1263235

  • On an MX Series Virtual Chassis system in a scaled subscriber management scenario, if a unified ISSU is performed while the BGP protocol sessions are active and such BGP sessions are clients of BFD, then these BGP sessions might go down and come back up again, causing traffic loss. PR1265407

  • If the dynamic VLAN profile does not have interface family (IFF) configuration (for example, family PPPoE or family inet), but has firewall filter configuration, firewall filter indexes are not released after the dynamic VLAN is removed. This eventually leads to the depletion of the available firewall filter indexes. PR1265973

  • Sometimes l2cpd core files are generated when LLDP neighbors are cleared. PR1270180

  • A vMX router does not detect interface link state correctly in SR-IOV mode with i40e driver. PR1271902

  • If template-referesh-rate and option-refresh-rate are configured with both packets and seconds interval configuration options for inline flow monitoring, the packets interval configuration does not work. PR1274206

  • The show storm_cntl halp database on FPC shell might cause an FPC crash. PR1127870

  • Performance of X710 NIC is lower compared to that of 82599 NIC. A 40G line rate can be achieved at 512-byte packet size for X710 NIC as compared to 256 bytes for 82,599 NIC. PR1281366

  • PPPoE cannot dial in because of all padi dropped as "unknown iif" when an aggregated Ethernet configuration is deactivated or activated. PR1291515

  • With OSPF and BGP route in the same subnet in inet.0 table, if the protocol next hop of the BGP aggregate route falls within the defined destination for the dynamic tunnel, there might be a recursive lookup within the Packet Forwarding Engine. PR1292425

  • IPsec operations are optimized for smaller packet size (up to 1900 bytes approximately) on routers with MS-MPC and MS-MIC, thus yielding higher throughput and lower latency for more common network deployments. Customers might see slightly higher latency if there are jumbo packets in the network. PR1307867

  • FPC crash is observed when a route has unilist next hops, which contain primary or backup paths, while interfaces related to unilist members go down when set protocol rsvp load-balance bandwidth is configured. PR1315228

  • Making changes in services traffic-load-balance instance for one instance can lead to a refresh of the existing instances. PR1318184

  • When an MX Series router with 100-megabit SFP transceiver is used on MIC-3D-20GE-SFP-E and MIC-3D-20GE-SFP-EH, the transceiver might not work if it is not from Fiberxon or Avago. PR1344208

  • When the MIC is removed from the MPC, the MPC might crash. PR1350098

  • During stress conditions, error log messages regarding route add, change, and delete might be incorrect. PR1350713

  • When an ephemeral DB instance is configured, if committing changes which are unrelated to IGMP/MLD (such as set interfaces ge-0/0/1.0 description), and the number of ephemeral commits reaches the ephemeral DB maximum size, an ephemeral DB purge might happen. Then it would purge all the commits and roll over. On this purge the mgd gives all the applications a FULL COMMIT view. And on this FULL COMMIT view, IGMP/MLD deletes all configurations and adds them back again. This might cause PIM to prune the groups on those interfaces and send join messages again. Finally, multicast traffic flapping and drop might be seen. PR1352499

  • The ipv4-flow-table-size is used to configure the size of the IPv4 flow table in units of 256000 entries. However, in inline J-Flow scenario, if the statement ipv6-extended-attrib is configured, changing the flow table configuration or clearing the flow entries might lead to the condition in which even though the ipv4-flow-table-size has been changed to a number larger than 149, the maximum number of IPv4 flows still remains at 37,372,900. PR1355095

  • On MX Series routers with MPC2E NG and MPC3E NG line cards, if the inline service interfaces are not configured with the explicit bandwidth value (for example, 1 Gbps or 10 Gbps), the default bandwidth value (100 Gbps) will be used. Therefore, only the first two inline service interfaces can be served by available hardware resources. The third and fourth inline interfaces will be not able to send out packets. PR1355168

  • When you use the show agent sensors verbose FPC VTY command on the MPC7E, the FPC might crash. PR1366249

  • The interface optic output could be nonzero value even when the port has been administratively disabled. For example, the port xe-1/0/0 has been disabled: user@router> show configuration interfaces xe-1/0/0 disable. However, the optic output value is nonzero value: user@router> show interfaces diagnostics optics xe-1/0/0 Physical interface: xe-1/0/0 Laser bias current : 6.590 mA Laser output power : 0.4940 mW / -3.06 dBm <-=== output value is not zero Module temperature : 41 degrees C / 106 degrees F Laser rx power : 0.6477 mW / -1.89 dBm. PR1376574

  • Domain name is not reported as part of the LLDP sysname in the show lldp neighbor command. PR1383295

  • During the Zero Touch Provisioning (ZTP) process, the default route is being cleaned up by code. Because of this, if a static default route is configured in the initial configuration (configuration file downloaded from the file server for ZTP), the route will fail to work. This might lead to ZTP failure or device access issue after ZTP. PR1387724

  • On MX2020, MX2010, and MX2008 platforms with SFB2 cards installed, if a newer generation of MPC (for example, MPC type 3, 4, 5, 6, 7, 8 or 9) is installed into a slot that had MPC 3D 16x10GE MPC type 1 or MPC type 2 previously installed, the available fabric bandwidth to the new MPC card would be rate-limited due to residual programming on the fabric planes. Traffic impact is observed during peak utilization. PR1388780

  • In a scaled environment with 32000 subscribers, if the command show subscriber extensive is issued from the CLI, and left sitting at the -(more)- prompt, any subsequent CLI session that requests show subscriber extensive content will see a delay up to 40 seconds before the prompt is returned. PR1390762

High Availability (HA) and Resiliency

  • The following error is seen: error: not enough space in /var on re1. As a workaround, the space available in /var should be twice the size of the target image. This is the basic requirement for unified ISSU to proceed. PR1354069

Infrastructure

  • The /var/run is in storage file system but it should be in memory file system. PR1198395

  • The configuration command set system ports console log-out-on-disconnect logs the user out from the console and closes the console connection. If the configuration command set system syslog console any warning is used with the earlier configuration and when there is no active Telnet connection to the console, the process tries to open the console and hangs as it waits for a serial connect, which is received only by connecting to the console through Telnet. As a workaround, remove the later configuration by using set system syslog console any warning, which solves the issue. PR1230657

  • The syslog messages are observed when one of the following CLI commands is executed: system syslog file messages kernel any or system syslog file messages any any. These syslog messages do not indicate any functionality breakage or impact. If you need to enable “anyany”, then you need to skip these logs with an appropriate match condition. PR1239651

  • Sometimes OSPF flapping during unified ISSU is observed starting in Junos OS Release 16.2R2 to Junos OS Release 17.2R3. PR1371879

Interfaces and Chassis

  • During a configuration change and reuse of the VIP address on an interface, you must stop the configuration, perform a commit, and then add the interface address configuration at the next commit. PR1191371

  • In a VPLS multihoming scenario, CFM packets are forwarded over the standby PE device link, resulting in duplicate packets or a loop between the active and standby link. PR1253542

  • Out of sequence packets are seen with the LSQ interface. PR1258258

  • In Junos OS BNG solutions, after commit event, when the configuration contains duplicate vlan-id configured on aggregated and demux interfaces, Junos OS MX Series routers might go into db prompt mode generating a kernel core file. PR1274038

  • Upgrading Junos OS Release 14.2R5 and later maintenance releases and Junos OS Release 16.1 and later mainline releases with CFM configuration might cause cfmd to crash after the upgrade. This is because of the old version of /var/db/cfm.db. PR1281073

  • In a subscriber management scenario with dynamic demultiplexing (DEMUX) interfaces configured, in the case when subscribers belonging to one aggregated Ethernet interface are migrated to a newly configured aggregated Ethernet interface, subscribers might fail to access the device after deleting the old aggregated Ethernet configuration. PR1322678

  • On MX Series routers, the bbe-smgd reports some error logs because jpppd sent out a Link Control Protocol (LCP) config-reject message, but the bbe-smgd misses such messages are sent in the Tx direction. It has no service impact. PR1378912

  • If channelized interface coc1 is configured and FPC restart is performed, then a core file might be generated and DCD restart can be seen. In case of all other interfaces core file is not generated and normal behavior is seen. PR1387962

J-Web

  • In Junos OS, an integer signedness error occurs in GD Graphics Library (CVE-2016-3074), which results in a heap overflow when compressed data is processed. See https://kb.juniper.net/JSA10798 for more information. PR1218092

Layer 2 Ethernet Services

  • When MSTP is configured under a routing instance, both the primary and standby VPLS pseudowires get stuck in ST state because of a bug in the software. PR1206106

  • After changing the underlying physical interface for a static VLAN demux interface, the NAS-Port-ID formed is based on the previous physical interface. PR1255377

  • MX Series routers might display the false positive CB alarm PMBus Device Fail. PR1298612

Layer 2 Features

  • On MX Series routers with MPC or MIC, with scaled VPLS instances configured to use the label-switched interfaces (LSIs) (for example, 102 instances), if the core-facing interface on the PE router flaps (for example, multiple OSPF flaps, sometimes over a period of 2 days), in a rare scenario, VPLS traffic for one instance might be sent out to another instance with an incorrect LSI MPLS label. PR1013295

  • A device running Junos OS with VPLS routing instances configured on one or more interfaces might be susceptible to a buffer memory (mbuf) leak when source and destination MAC addresses of Ethernet frames with the EtherType field of IPv6 (0x86DD) are flooded into the VPLS instance. The Ethernet frames must be injected directly into a connected interface, limiting exposure to directly connected adjacent networks. See https://kb.juniper.net/JSA10750 for more information. PR1132568

  • If the router is working as a VPLS PE device, because MAC ages every 5 minutes, the VPLS unicast traffic is flooded as unknown unicast every 5 minutes. PR1148971

  • On routers running Junos OS with GRES enabled, if VPLS is configured with a dynamic profile association, some traffic loss is observed when the Routing Engine switches from master to standby. This traffic loss is due to a change in the underlying database that handles the dynamic profile sessions. As a result, the VPLS connection is destroyed and re-created after a Routing Engine switchover. PR1220171

MPLS

  • When using the mpls traffic-engineering bgp-igp-both-ribs configuration statement with LDP and RSVP both enabled, CSPF for interdomain RSVP LSPs cannot find the exit area border router (ABR) when there are two or more such ABRs. This causes interdomain RSVP LSPs to break. RSVP LSPs within the same area are not affected. As a workaround, you can either run only RSVP on OSPF ABRs or IS-IS Layer 1 or Layer 2 routers and switch RSVP off on the other OSPF area 0/IS-IS Layer 2 routers, or avoid LDP completely and use only RSVP. PR1048560

  • This issue occurs when GRES is performed between the master and backup Routing Engines of different memory capabilities. For example, one Routing Engine has only enough memory to run the routing protocol process (rpd) only in 32-bit mode while the other is capable of running the rpd in 64-bit mode. The situation could be caused by using Junos OS Release 13.3 or later with the configuration statement auto-64-bit configured, or by using Junos OS Release 15.1 or later even without the configuration statement. Under these conditions, the rpd on the new master Routing Engine might crash. As a workaround, this issue can be avoided by using the CLI command set system processes routing force-32-bit. PR1141728

  • When minimum-bandwidth and bandwidth statements are both configured, the bandwidth selection of the LSP is inconsistent. PR1142443

  • When Flow-Label (FL) is enabled for PW, the OAM packets are not sent with Flow-Label because rpd is not aware of the Flow-Label values assigned by the Packet Forwarding Engine software. Hence, the packets get dropped by Packet Forwarding Engine at the tail-end PE device. PR1217566

  • In a CE-CE setup, traffic loss might be observed over the secondary LSP when the primary LSP fails over. PR1240892

  • A new configuration, protocols mpls traffic-engineering bgp-igp-both-ribs, in the routing instance is required to make cOC work. PR1252043

  • Because of the current way of calculating bandwidth, you see a minimal discrepancy between MPLS statistics and the adjusted bandwidth reported. The algorithm will be enhanced so that both values match. PR1259500

  • The throughput measurement might be inaccurate when doing performance measurement is performed on an MPLS label-switched path. PR1274822

  • With non-stop-routing (NSR), when the routing protocol process (rpd) on the master Routing Engine restarts, the rpd on the backup Routing Engine might also restart. PR1282369

  • In case of CSPF-disabled LSPs, if the primary path ERO is changed to an unreachable strict hop, sometimes the primary path stays up with the old ERO. The LSP does not switch to standby secondary. PR1284138

  • If there are some LSPs for which a router has made link protection available, and when an FPC restart causes primary link failure, a core file might be generated. PR1317536

  • The Packet Forwarding Engines on MX Series platforms follow a certain conversion logic to convert MPLS-VPN labels to certain channel values and then back to MPLS-VPN labels. VPN labels with values 0x7FFFF and above ( 52,4287 and above) are affected by this conversion logic. PR1323496

  • If inet address is not configured for the gr- interface, the gr- interface borrows the address from the loopback interface. Starting in Junos OS Release 16.1R1, the RSVP creates a node-neighbor by default. There are duplicate neighbors with the same IP address because the gr- interface is borrowing an address from the loopback interface. The RSVP path lookup might fail because it gets confused by the node neighbor presence. So, the RSVP LSP might not come up when it goes through the gr- interface, which is borrowing an address from the loopback interface. PR1340950

  • Executing a restart chassisd in an MX Series Virtual Chassis router with the following elements configured might result in a core file:

    • IGP OSPF/OSPF3 (area 0, LFA) IS-IS (level 2, LFA) LDP synchronization IPv4 and IPv6

    • IBGP dual, redundant route reflection IPv4 and IPv6

    • MPLS LDP (IGP synchronization, track IGP metric) RSVP (node link protection, adaptive, auto bandwidth, refresh reduction)

    • L3VPN OSPF OSPF3 BGPv4 BGPv6 RIPv2 static MBGP NGEN-MVPN l3vpn cnh with ext space any-to-any hub and spoke MPLS access Ethernet access multicast extranet per vpn and per prefix labels SRX Series-based network address translation SRX based firewall

    • Direct Internet access EBGP

    • CoS BA/MF classification policing/shaping queuing/scheduling hierarchical queuing/shaping/scheduling 8 traffic classes

    • BFD/OAM/CFM liveness detection

    • Load-balancing L2 aggregated Ethernet IP equal-cost multipath MPLS equal cost multipath.

    • High availability GRES/NSR ISSU fabric redundancy tail-end protection BGP prefix-independent convergence edge

    • Security loopback filter ARP policers control plane traffic policers URPF check with all feasible paths ttl filtering J-Flow/ipfix export-only SRX Series-based DDoS. PR1352227

  • Traceroute MPLS from Juniper to Huawei routers does not work as expected due to unsupported TLV. PR1363641

  • If RSVP is disabled and reenabled globally, and in a rare situation, the new RSVP task tries to access a memory allocated by the old RSVP task during a particular RSVP Path State Control Block (PSB) changed path, then the rpd might crash. PR1366243

  • When RSVP link or node protection is deployed and RSVP authentication is used, if the Point of Local Repair (PLR) router and the Merge Point (MP) router run different versions of Junos OS software during local repair, that is, one a >= 16.1 release and the other a < 16.1 release, the RSVP authentication errors might occur for the bypass MPLS Label Switched Path (LSP) and cause traffic loss. PR1370182

  • With static label-switched path (LSP) for MPLS configured with next hop, the next hop might get stuck in dead state when changing the network mask. As a result, the IP address remains unchanged for the outgoing interface through which the LSP next hop is reachable. As a workaround to avoid this issue, do the following: (1) delete the previous IP address first, then commit; (2) if the system is busy, wait a while; and (3) configure the same IP address with a different network mask, then commit. PR1372630

Platform and Infrastructure

  • FPC reports the following errors and the FPC is not able to connect any subscriber: Pkt Xfer:** WEDGE DETECTED IN PFE 0 TOE host packet transfer: %PFE-0: reason code 0x1. Also, the MQ FI might be wedged and the following log can be seen: Apr 11 12:09:11.945 2013 NSK-BBAR3 fpc7 MQCHIP(0) FI Reorder cell timeout Apr 11 12:09:11.945 2013 NSK-BBAR3 fpc7 MQCHIP(0) FI Enqueuing error, type 1 seq 404 stream 0 Apr 11 12:09:11.945 2013 NSK-BBAR3 fpc7 MQCHIP(0) MALLOC Pre-Q Reference Count underflow - decrement below zero. PR873217

  • Starting in Junos OS Release 13.1R1 and later, if no-fast-sync is used in configure-private mode, the commit operation might throw errors after the configuration statement is executed under choice (such as protocol [ ospf pim tcp ] ) is added or deleted. Also, the configuration statement is executed under choice (such as protocol [ ospf pim tcp ]) is added or deleted, the whole hierarchy is shown as changed when using the show configuration | compare command. PR1042512

  • In configurations with IRB interfaces, during times of interface deletion (for example, FPC reboot), the Packet Forwarding Engine might log errors stating nh_ucast_change:291Referenced l2ifl not found. This condition should be transient, with the system reconverging on the expected state. PR1054798

  • After changing an outer VLAN tag, the logical interface gets programmed with an incorrect STP state (discarding), so the traffic gets dropped. PR1121564

  • The Junos OS key attribute, which is emitted in the XML format of the configuration, will not be emitted in the JSON format of the configuration. PR1195928

  • The Junos Continuity Software (JAM) might append to the regular format of a Junos OS release, causing PyEZ to fail. PR1240640

  • Because of transient hardware events, the fabric stream might report CPQ1: Queue underrun indication - Queue <q> continuously. For such events, all fabric traffic is queued until the Packet Forwarding Engine completes reporting the error, resulting in a high amount of fabric drops. PR1265385

  • When certain hardware transient failures occur on an MQ-chip-based MPC, traffic might be dropped on the MPC, and syslog errors Link sanity checks and Cell underflow are reported. There is no major alarm or self-healing mechanism for this condition. PR1265548

  • This issue occurs when 120 bridge domains (among a total of 1000 bridge domains) have 10-Gigabit Ethernet (xe) or Gigabit Ethernet links toward the downstream switch and LAG bundles as uplinks towards upstream routers. The xe/ge link is part of the physical loop in the topology. Spanning tree protocols such as VSTP, RSTP, and MSTP are used to avoid loops. Some MAC addresses are not learned on router when LAG bundles that are part of such bridge domains are flapped and other events such as spanning tree root bridge occur. PR1275544

  • With unified ISSU, momentary traffic loss is expected. In EVPN E-Tree, in addition to traffic loss, the known unicast frames can be flooded for around 30 seconds during the unified ISSU before all forwarding states are restored. This issue does not affect BUM traffic. As a workaround, nonstop bridging (NSB) can be configured at the [set protocols layer2-control nonstop-bridging] hierarchy level. This reduces traffic flood to around 10 seconds in a moderate setup. PR1275621

  • The jlaunchd commit-batch is thrashing and does not restart. PR1284271

  • The operational command show igmp statistics with no filter does not display the aggregated JOIN/LEAVE/ QUERY statistics from subscribers with the distributed statement in the igmp/ mld stanza of the dynamic profile. PR1289415

  • Every load override increases the refcount by 1 and after it reaches the maximum value (65,535), the mgd crashes and the session gets terminated. But there is no impact for a new session. PR1313158

  • When chassis control is restarted with an aggregated Ethernet and CoS rewrite configuration, Platform failed to bind rewrite messages might be seen in syslog. The issue is specific to aggregated Ethernet interfaces when restart chassis control is done. A timing issue might occur when logical interface deletion is delayed because of the high scale. When logical interfaces come up again after restart, they have different indexes. The issue is only applicable when aggregated Ethernet interfaces are present. PR1315437

  • On MX Series routers with MPC1E, MPC2E, MPC3D with 16 port 10 Gigabit Ethernet ports, MPC3E, MPC4E, or T4000 with Type 5 FPC, if the interface is configured with the input-vlan-map option, then the traffic with more than 2 VLAN tags might be incorrectly rewritten and sent out. As a result, the traffic drops. PR1321122

  • On all platforms, with dual Routing Engines and GRES enabled, if executing switchover, the firewall filter's state might be incorrect and an FPC core file might be seen. PR1324819

  • In a Layer 3 VPN topology, traceroute to a remote PE device for a CE-facing network sees the ICMP TTL expired reply with a source address of only one of the many CE-facing networks. In Junos OS Releases 15.1R5, 16.1R3, 16.2R1, and later releases, there is a kernel sysctl value, icmp.traceroute_l3vpn. Setting this to one will change the behavior to select an address based on the destination specified in the traceroute command. PR1358376

  • Traffic traversing an IRB is not tagged with a VLAN if the packets goes through an additional routing instance. PR1377526

Routing Policy and Firewall Filters

  • The set metric multiplier policy command had the potential to generate negative values given user-permitted inputs. This might result in values less than 0 being interpreted by rpd as a very large number, leading to unexpected metric values in many protocols. However, replication of this issue might require an unusual configuration and is not normally considered a problematic condition. PR1349462

Routing Protocols

  • When you configure damping globally and use the import policy to prevent damping for specific routes, and a peer sends a new route that has the local interface address as the next hop, the route is added to the routing table with default damping parameters, even though the import policy has a nondefault setting. As a result, damping settings do not change appropriately when the route attributes change. PR51975

  • Continuous soft core files might be generated due to the bgp-path-selection code. The routing protocol process (rpd) forks a child process and the child process asserts to produce a core file. The problem is with route ordering and it is automatically corrected after the soft assert core file is collected, without any impact to the traffic or service. PR815146

  • In rare cases, rpd might generate a core file with error rt_notbest_sanity: Path selection failure on .... The core is “soft”, which means there should be no impact to traffic or routing protocols. PR946415

  • With Shared Risk Link Group (SRLG) enabled under corner conditions, after the clear isis database command is executed, the rpd might crash because the IS-IS database tree gets corrupted. PR1152940

  • When LDP is deactivated, in a rare case, the result of remote loop free alternate (RLFA) might be computed to go through deactivated LDP node. The situation is self-recovered in the next shortest-path-first (SPF) calculation. PR1202392

  • JTASK_SCHED_SLIP for rpd might be seen on doing restart routing or OSPF protocol disable with scaled BGP routes in the MX104 router. PR1203979

  • In the context of a large number of configured VPNs, routes changing in the midst of a BGP path-selection configuration change can sometimes generate an rpd core file. This core file has been seen with the removal of the always-compare-med option. PR1213131

  • When an aggregation gateway running Junos OS uses an IPv6 address as the next hop for IPv4 aggregates announced to downstream devices, it might attract traffic prematurely before Packet Forwarding Engines are programmed with more specific IPv4 routes. This happens when the IPv6 address is advertised in the BGP inet6-labeled-unicast family. PR1220235

  • When you try to qualify Junos OS Release 16.1X60-D40 on MX960 for BNG/Subscriber Management functionalities, the routing protocol process (rpd) utilization goes up to 100 percent displaying the following output: {master} user@host> show system processes extensive | no-more last pid: 76128; load averages: 1.51, 1.46, 1.68 up 6+04:38:02 14:32:44 198 processes: 2 running, 195 sleeping, 1 waiting Mem: 1415M Active, 5284M Inact, 2441M Wired, 2088M Buf, 6752M Free Swap: 8192M Total, 8192M Free PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND 10 root 4 155 ki31 0K 64K RUN 3 509.5H 304.10% idle 5207 root 4 20 0 3017M 2140M kqread 0 23.0H 100.00% rpd 4925 root 2 -26 r26 556M 47060K nanslp 1 511:02 5.08% chassisd 5185 root 1 20 0 698M 176M select 2 139:31 0.20% authd 5002 root 1 20 0 455M 7464K select 1 32:43 0.10% license-check 11 root 30 -72 - 0K 480K WAIT 255 888:28 0.00% intr 52981 root 1 35 15 459M 10360K select 1 469:19 0.00% sampled. The following system log show messages are displayed: Dec 7 03:36:56.615 2016 lab31 rpd[5474]: RPD_KRT_Q_RETRIES: route table add: Resource temporarily unavailable Dec 7 03:36:56.615 2016 lab31 rpd[5474]: RPD_SYSTEM: Get index for rt table failed: Resource temporarily unavailable Dec 7 03:36:56.615 2016 lab31 rpd[5474]: RPD_KRT_Q_RETRIES: route table add: Resource temporarily unavailable Dec 7 03:36:56.615 2016 lab31 rpd[5474]: RPD_SYSTEM: Get index for rt table failed: Resource temporarily unavailable Dec 7 03:36:56.615 2016 lab31 rpd[5474]: RPD_KRT_Q_RETRIES: route table add: Resource temporarily unavailable. PR1240273

  • BGP NSR replication starts after a delay in certain cases. PR1256965

  • Performance degradation occurs during the computation of LFA and remote LFAs. This has no impact on functionality. PR1264564

  • The BMP session sends both peer down events as well as route withdrawals when a peer monitoring is disabled through a configuration event. After that commit, only the peer down events are sent. PR1265783

  • When route-distinguisher-id is configured and a VRF with a route distinguisher is automatically assigned with the auto-rd featureconfigured, the MX Series BNG allows the configuration to be committed, but after the commit the rpd process crashes. PR1278582

  • The backup Routing Engine scheduler slips when a Cisco Rosen7 PE device has MDT-SAFI is enabled; however, the MDT-SAFI update does not include the route-target extended community attribute, NSR is enabled, policies are set to import or export the inet-mdt table, but Rosen is not configured. PR1295712

  • In Junos OS, the rpd might crash because of a malformed BGP UPDATE packet (CVE-2018-0020). Refer to https://kb.juniper.net/JSA10848 for more information. PR1299199

  • When PIM is enabled for multicast traffic, the designated router switchover might lead to multicast traffic getting pruned for random groups. PR1303050

  • An MX104 is connected to SRX1500. IS-IS is running between these devices and BFD has been configured between the IS-IS peers. Unfortunately, BFD does not come up between these devices successfully. PR1312298

  • In a resource public key infrastructure (RPKI) scenario, the validation replication database might have many more entries than the validation database after the RPKI cache server is restarted and the validation session is reestablished. PR1325037

  • When route target filtering (RTF) is configured for VPN routes and multiple BGP sessions flap, there is a slight chance that some of the peers might not receive the VPN routes after the flapped sessions come up. PR1325481

  • With BGP, LDP, and IS-IS configurations, deleted IS-IS routes might still be present in the RIB. The presence of such routes does not impact on-route on route selection or other functionality of routing protocol process (rpd). Just that deleted IS-IS routes do not get removed with specific configurations. PR1329013

  • In a large-scale OSPF network (for example, there are more than 500 devices in an area), OSPF remote loop-free alternate (rLFA) default PQ node selection algorithm does not provide proper protection paths. PR1335570

  • In rare cases, rpd might crash during the times of excessive neighbor session instability (flapping). PR1337304

  • When configuring anycast and prefix segments in SPRING for IS-IS, prefix-segment index 0, even though the user is allowed to configure 0 as an index. PR1340091

  • From Junos OS Release 16.1, show bgp neighbor does not display the correct value for the Last traffic (seconds) field anymore. PR1361899

  • On devices running Junos OS platform, when OpenConfig is running with sensor for /network-instances/network-instance/protocols/protocol/BGP, changing the BGP import or export policy might cause rpd to crash. PR1366696

  • Ukern memory leak and core crash might be happened when device configured link-node protection with labeled-bgp. PR1366823

  • In BGP scenario with multipath enabled, when import or export policy of IPv6 routes is applied with an IPv4 next hop to a BGP neighbor, the rpd might crash continuously. PR1390428

Services Applications

  • In an L2TP scenario, when the L2TP network server (LNS) is flooded by high-rate L2TP messages from the LAC, the CPU on the Routing Engine might become too busy to bring up new sessions. PR990081

  • Session counters for cleartext traffic are not updated after decryption. The decrypted packet count can, however, be obtained by running the show security group-vpn member ipsec statistics command. PR1068094

  • We recommend that you do not configure an ms- interface when an AMS bundle in one-to-one mode has the same member interface. PR1209660

  • The NAT auto-injected routes might fail to install or when back-to-back commits with changes made to service sets or NAT rules are performed. This issue occurs with a unique configuration where thousands of routes are added by the service PIC process (spd), which manages installation of NAT return routes and destination routes. PR1223729

  • If an L2TP subscriber has static pp0 interface on the LAC side, LCP renegotiation is configured on the LNS side and CPE device has been changed, an issue with successful negotiation of the PPP session between LNS and the CPE device might occur. PR1235554

Subscriber Access Management

  • In PPPoE subscribers scenario with a large scale of subscribers (for example, 3000), during login and logout, some subscribers might get stuck in the error state of "Terminated". This issue impacts the traffic for these subscribers. PR1262219

  • RAA message has extra AVP with destination-host even though it has been not configured under the configuration. PR1384011

User Interface and Configuration

  • The max-db-size configuration does not work on MX5, MX10, MX40, MX80, and MX104. PR1363048

VPNs

  • For next-generation MVPN, the traffic threshold is ignored if it is configured in a configuration group. As a workaround, apply the group to the MVPN instance. PR1191002

  • In an MVPN scenario with I-PMSI tunnels and a multihomed source, if the link between the source and the PIM-DR PE1 device goes down, the second PE device (PE2) takes the PIM-DR role and starts to advertise Type-5 prefixes. Then, as the link between the source and PE1 comes back up and PE1 reassumes the PIM-DR role, PE1 might not generate Type-5 BGP prefixes for active sources in some multicast groups. Without Type-5 prefixes from the ingress PE device, the receivers' PE devices do not generate Type-6/7 prefixes and the ingress PE device does not send multicast traffic. As a workaround, clear PIM joins in the affected instance. PR1242493

  • The configuration statement unicast-umh-election for NG-MVPN might not work as expected in special cases. This statement is to use the unicast route preference for upstream multicast hop (UMH) selection. However, the nonoptimal route might be selected if the routes have the same IP address value in the route-import community. PR1315011

  • When a C-multicast route (Type 7 or Type 6) for inter-AS non-segmented option C topology is sent with the originator's IP address, Junos OS source PE device does not accept this and thus the PIM join fails. PR1327439

  • A core file is seen on the backup Routing Engine during label allocation and when restarting routing on the master Routing Engine when NSR is enabled. PR1351425

Resolved Issues

This section lists the issues fixed in the Junos OS main release and the maintenance releases.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 17.2R3

Application Layer Gateways (ALGs)

  • IPsec IKEv2 negotiation fails with IKE ALG enabled. PR1300448

  • IKEv2 negotiation might fail with IKE ESP ALG enabled in IKEv2 redirection scenario. PR1329611

Authentication and Access Control

  • Platform-specific callbacks are not getting initialized. PR1354855

Class of Service (CoS)

  • CoS wildcard configuration is applied incorrectly after the router restarts. PR1325708

  • The Routing Engine might get into amnesiac mode after restarting if excess-bandwidth-share is configured. PR1348698

  • When a logical interface is configured with 802.1P rewrite-rules (for both outer and inner VLAN) and fixed classification, after deactivating class of service (CoS) on any other logical interface, the packets sent from this logical interface might still have the original 802.1P bit set in the inner VLAN without being rewritten. PR1375189

  • The Class of Service (CoS) mode per-unit-scheduler is not supported on interface that is an interface-set member, if CoS mode is changed from hierarchical-scheduler to per-unit-scheduler for the interface, the Flexible PIC Concentrator (FPC) card of the interface might crash. PR1387987

EVPN

  • Ethernet A-D per Ethernet Segment Route (Type-1 PER ES) is not generated with new route target after changing vrf-target. PR1279529

  • EVPN traffic mapping to specific LSPs is not working. PR1281415

  • Local preference for EVPN type-5 route might cause unexpected results, if BGP multipaths are configured. PR1292234

  • BGP route refresh request might not be sent after modifying route target. PR1300332

  • The traffic might be dropped after receiving an updated ARP route packet from peer Layer 3 gateway in EVPN-VxLAN scenario. PR1306024

  • The rpd might crash on Junos OS platform with EVPN and NSR enabled after restarting the rpd process in EVPN environment. PR1320408

  • Discard EVPN route is installed on local PE after the connection flap on a remote PE in a multihome EVPN topology. PR1321125

  • When a catastrophic event occurs that leads to the re-creation of the EVPN-VXLAN instance (such as a change in INSTANCE RD, control word, or router-id) or forced cleanup of the EVPN-VXLAN instance (such as simply deleting the EVPN-VXLAN instance configuration), and if there are multiple entries whose vlan-id are zero, the rpd might crash. PR1321839

  • In an EVPN scenario with nonstop-routing (NSR) enabled, the routing protocol process (rpd) crashes and generates a core file on backup Routing Engine while any configuration changes are made on master Routing Engine. PR1336881

  • The rpd might crash if the IRB interface and routing instance are deleted together in the same commit. PR1345519

  • In an EVPN instance with EVPN E-Tree service configured, the rpd might crash if the EVPN instance refers to a vrf-export policy that does not have then community. No then community in the vrf-export policy is an incorrect configuration. PR1360437

  • Gratuitous ARP request does not update the ARP table when ARP proxy is enabled. PR1371352

Forwarding and Sampling

  • The mib2d process might crash when SNMP walking during commit or rollback. PR1286448

  • The pfed generates a core file in pfed_process_session_state_notification_msg is observed, pfed_timer_manager_c::remove_serv_id,pfed_delete_timer_id_by_serv_sid (serv_sid=0, serv_info=0x0) at ../../../../../../src/junos/usr.sbin/pfed/pfed_timer.cc:16. PR1296969

  • A few accounting files might be missed in case, the remote archive sites are unreachable. PR1300764

  • There is a memory leak on mib2d when polling firewall MIBs. PR1302553

  • Remote CE1 MAC address might take long time to clear post clear MAC. PR1304866

  • Dfwd might crash during execution of show firewall templates-in-use command. PR1305284

  • ACCT_FORK_LIMIT_EXCEEDED log level is an error even when backup-on-failure feature is enabled for accounting files. PR1306846

  • The second archive site in the accounting-file configuration is not used when the first one uses SFTP and is not reachable. PR1311749

  • Accounting files with no records might be unexpectedly uploaded to the archive-site. PR1313895

  • The commit might fails when the nexthop-learning configuration statement is enabled for J-Flow v9. PR1316349

  • The FPC CPU might reach 100 percent constantly, if shared bandwidth policer is configured. PR1320349

  • DHCP service crashes after the router is set to factory default value 0. PR1329682

  • Some firewall filter counters might not be created in SNMP. PR1335828

  • The error logical interface under VPLS might be blocked after MAC moving if the logical interfaces are on the same physical interface. PR1335880

  • On MX Series routers, the l2ald daemon might crash if a duplicate MAC is learned by two different interfaces (CVE-2018-0056). Refer to https://kb.juniper.net/JSA10890 for more information. PR1338688

  • When the clear ethernet-switching table command is issued on all PE devices associated with an EVPN-VXLAN routing instance to clear all learned MACs, it might not work correctly. Some designated router MACs (MACs learned from remote PE devices) are left hanging on some PE devices, as shown by show ethernet-switching table. PR1341328

  • Commit failed when attempting to delete any demux0 unit numbers which are greater or equal to 1000,000,000. PR1348587

  • Packet Forwarding Engine process (pfed) creates dummy interface accounting records on the backup Routing Engine. PR1361403

General Routing

  • The enhanced IP or the enhanced-Ethernet network-services mode and MS-DPC card are not compatible and should not be configured or inserted in the chassis, at the same time. PR1035484

  • On MX Series routers, when packets go through different interfaces with different family types configured, because of the incorrect cookies that are sent from the Packet Forwarding Engine, the packets might get dropped if channelized E1/T1 circuit emulation MIC is equipped as the outgoing interface (for example, receiving IPv4 packets on the incoming interface, and sending out packets with MPLS label on the outgoing or core-facing interface that is e1/t1 interface in a Layer 3 VPN scenario). PR1064515

  • When hybrid timing mode is configured, MX Series MPC2 cards does not interoperate with ACX in VLAN(native-vlan-id). PR1076666

  • The routing protocol process (rpd) memory leak is caused by repeated RSVP reservation state block (RSB) deletes. PR1115686

  • No warning is raised when the bridge family is configured with interface-mode trunk but without vlan-tagging or flexible-vlan-tagging. PR1154024

  • Ksyncd might crash due to transient replication errors between Routing Engines. PR1161487

  • Unexpected MobileNext gateway activation license alarm is observed when TDF gateway is configured. PR1162518

  • SNMP trap sent for "PEM Input failure" alarm is not generated when single input feed fails on MX960. PR1189641

  • The agentd process crashes and generates a core file when the command show agent sensors is executed. PR1197608

  • Checks are missing for confirming the validity of a data structure for platforms that do not use the data structure. Hence, the error message chassisd[1825]: pvidb_get_root_node: Error(2) retrieving rootnode value might be seen. PR1198817

  • Stale VBF states occur without sdb sessions. PR1204369

  • The /etc/passwd file is created in the process of the first commit when a pristine jinstall image is used to boot for the first time. If event-options is configured, the system tries to read the configuration from the available event scripts, which requires privileges obtained from the /etc/passwd file. That causes a circular dependency because the commit will not pass if the configuration includes event-options the first time a pristine image boots up, which is the case of an upgrade performed with virsh create. PR1220671

  • Unable to deregister sub error (131072) for error(0x1b0001) for MIC module. Error messages are seen on MPC5E card. PR1221337

  • The error logs cc_mic_irq_status: CC_MIC(5/2) irq_status(0x1d) does not match irq_mask(0x20), enable(0x20), latch(0x1d) are seen continuously for MIC-3D-4OC3OC12-1OC48. PR1231084

  • On MX5, MX10, MX40, and MX80 routers, Power Equipment Module (PEM) failure alarm/SNMP trap sets with status register 0xff, but it is always cleared in the next polling (in 5 seconds). Returning a status of 0xff from PEM firmware is recognized as invalid. You can safely ignore it as a false PEM failure. PR1231893

  • Timestamp conversion within Zarlink stack is causing FPC CPU hog and crash. PR1232740

  • The MS-MPC card might crash when OSPFv3 IPv6 traffic goes through it. PR1233459

  • The multicast-replication setting cannot be reflected in the redundancy environment after rebooting both the Routing Engines. PR1240524

  • In a BGP or MPLS scenario, if the next hop type of label route is indirect, disabling and enabling the "family mpls" of the next hop interface that might cause the route to go into a dead state. PR1242589

  • chassisd[9132]: LIBJSNMP_NS_LOG_NOTICE: NOTICE: netsnmp_ipc_client_connection: unix connection error: socket(-1) main_session(0x9812f80) error messages are seen after chassis-control restart. PR1243364

  • The "validation-state:unverified" routing entry might not be shown with proper location in show route. PR1254675

  • Prolonged flow-control core is observed for the TFTP ALG traffic (10,000 simulated users). PR1255973

  • The rpd might crash during the next hop change, if unicast reverse-path-forwarding (uRPF) is used. PR1258472

  • Temperature reading for TFEB components jumps up and down frequently on MX80. There is no particular trigger needed. By default, the FPC reports temperatures of some components to the Routing Engine or chassisd (every 10 seconds). As part of this periodic polling, you can see the issue of the temperature reading for the TBB Packet Forwarding Engine component showing occasional jumps. PR1259379

  • Traffic drops when an MPC have high rate of cell underflow drops after link sanity check. PR1262868

  • vMX FPC generates a core file and panic (format_string=format_string@entry=0x9e509c4 "Thread %s attempted to %s with IRQ priority at %d\n"). PR1263117

  • PTP is lost with master when the master-line card is restarted. PR1264530

  • All traffic received from specific fabric stream is dropped with only XMCHIP FI: cell underflow error syslog event. PR1264656

  • PCC controlled LSP metric is not getting updated on the controller, PCE delegated LSPs do not come up. PR1265864

  • On MX Series platforms, the show chassis led command should not be displayed in possible completions of the show chassis command. PR1268848

  • A low memory condition putting the Service PIC into the red zone on the MS-MIC or MS-MPC card might cause the SIP ALG to generate a core file. PR1268891

  • Messages related to Logical Addr xxxxxxx is invalid seems when FPC restart also passing traffic. PR1271810

  • The IPv6 ping might fail after route leaking policy deployment is done between two L3VPN routing instances. PR1274339

  • When the static link protection mode is configured with backup state as down, the primary port is going to down state instead of the secondary port, while the secondary port remains in up state . PR1276156

  • The routing protocol process (rpd) KRT asynchronous queue might stall, impacting synchronization between RIB and FIB. PR1277079

  • On running certain commands that involve command forwarding, an mgd process is created to retrieve the data. In rare cases, if this command times out or if it is manually terminated (for example, using Ctrl+c), then it might cause the mgd process to utilize high Routing Engine CPU. PR1297728

  • The bbe-smgd might generate a core file in certain cases while using iflsets in universal call admission control policy mode. PR1278543

  • Syslog messages jnh_vbf_flow_get_oif_index: Rollback cmd not found for flow are generated by MPC during subscriber login. PR1278580

  • On MX104 platform with GRES enabled, the chassis network services might not get set as "Enhanced-IP". PR1279339

  • CoS attachment might be attached to incorrect link if issuing some changes to aggregated Ethernet bundle. PR1279788

  • Syslog messages CM_FPC: Error requesting SET BOOLEAN, illegal setting 132,111 are seen after unified ISSU from Junos OS Release 16.2R2 to Junos OS Release 17.1R2.2. PR1280878

  • The kernel might crash when NSR enabled device has BGP peer flapping. PR1282573

  • The rpd process might crash if dynamic interfaces are used by multiple applications. PR1282854

  • The enhancement of reporting total SBE errors when the corrected singlebit errors threshold of 32 is exceeded for MPC7E, MPC8E, and MPC9E. PR1285315

  • LC, PFH, and Packet Forwarding Engine interface is not coming up on RE1. PR1285606

  • With CoS-based forwarding, when the primary path of one of the next hop LSPs flap, traffic carried by the other next hop LSP could get load-balanced across the primary and secondary path. PR1285979

  • Internal latency increases overtime for Packet Forwarding Engine sensors with streaming telemetry. PR1286286

  • The missing statement Shared bandwidth policer not supported for interface ge-x/x/x is seen, during a failed commit in Junos OS Release 16.1R3. PR1286330

  • Framed routes might get struck in KRT queue. PR1286849

  • The oneset or leaf-list configuration might not get deleted with delete operation through JSON. PR1287342

  • During unified ISSU, (FRU upgarde) micro BFD flap is observed. PR1288433

  • Performance issues can be seen when nontranslated traffic is introduced to a service-set using a large number of NAT terms. PR1288510

  • After GRES, the smid is declared thrashing and could not restart after some fatal SDB errors. PR1288871

  • The interfaces might go to a down state after performing GRES. PR1289493

  • The request system zeroize command deletes the /var/db/scripts directory, which does not get re-created automatically. PR1289692

  • NAT-T and DPD functionality do not work for aggressive mode. PR1290689

  • Incorrect temperature is displayed for MPCP5, MPC7 in show chassis fpc output. PR1290771

  • LSP traffic might silently drop and get discarded after a link goes down in the bypass path. PR1291036

  • The routing protocol process (rpd) might generate a core file while restarting the process. PR1291110

  • The switch might incorrectly learn its own IRB MAC address. PR1291184

  • Device going to the DB prompt "db@jsr_jsm_send_ka_after_merge,send_proto_keepalive" was observed on master Routing Engine. PR1291247

  • The L2TP ICCN fast retransmission occurs after tunnels go down. PR1291557

  • Kernel does not install the route and throws an error. PR1291917

  • Error message might be seen while bringing up the subscriber in a subscriber management environment. PR1293057

  • The flow export rate remains lower than the configured export rate in inline sampling scenario. PR1294296

  • Loss of DHCP or PPPoE subscribers is observed during unified ISSU from Junos OS Release 16.1-20170718_161_r4_s5.0 to 16.1-20170718_161_r4_s5.0. PR1294709

  • During PPPoE subscriber login errors like [ vbf_flow_src_lookup_enabled ] and [ failed to find iff structure, ifl ] were seen on FPC. PR1294710

  • The rpd might crash after the interface or BGP flap. PR1294957

  • The KRT queue might get stuck with the error of RPD_KRT_Q_RETRIES: chain nexthop add: Unknown error: 0. PR1295756

  • xmlproxyd generates a core file during telemetry streaming. PR1295831

  • The service profile's CoS might be overridden by the client profile's CoS when second family DHCP sessions are added in a dual-stack subscriber scenario. PR1296002

  • The MSPMAND process might crash if you use SCG services on MS-MPC or MS-MIC. PR1296422

  • The jdhcpd might crash when using 'dhcp-security' related command in enhanced subscriber management mode. PR1296461

  • LLDP sensor on telemetry using a lot of bandwidth. PR1296869

  • In ECMP fast reroute scenario, traffic might get silently dropped or discarded because of a next hop in "hold" state. PR1297251

  • Multiple bbe-smgd core files are seen during a subscriber binding configuration with DT CST with as little as 200-300 subscribers and continual core files while scaling. Maximum scale cannot be achieved with multicast-enabled subscribers (related to IPTV profile). PR1297612

  • It is not possible to collect shmlog entries and statistics on MX5, MX10, and MX40 platforms. The code change also includes improvements that should prevent the shmlogctl process from generating a core file because of a timing issue. PR1297818

  • Some random number of ports on MPC7E-10G card might not come up after the remote system or line card restarts or interface flap. PR1298115

  • The log message about shutdown time is incorrect when system exceeds chassis over temperature limit. PR1298414

  • The rpd core files are generated with PPPoE and L2BSA flapping. PR1298587

  • The bbe-smgd process constantly generates core files while ESSM+PPPoE stress test with concurrent GRES is running. PR1298742

  • MX Series BNG does not respond to PADI after GRES on some ports/VLANs. PR1298890

  • The error messages about PEM might be seen in MX Series platform with AC PEM. PR1299284

  • The asynchronous-notification feature cannot be implemented properly in a circuit that has MIC-3D-20GE-SFP-E or Tri Rate Copper SFP(740-013111). PR1299574

  • Flat accounting files are not generated according to the configured timers. PR1299597

  • The bbe-smgd might generate core files after the Routing Engine mastership switch. PR1299812

  • Subscriber database is stuck in "not-ready" state after GRES. PR1299940

  • Chassisd core file generated is seen after insertion of REMX2K-X8-64 in MX2000 platform along with older RE-S-1800x4. PR1300083

  • After IS-IS-TE routes and BGP routes attribute change, traffic loss might be seen because BGP routes point to some stale labels. PR1300425

  • The error error: the SDN-Telemetry subsystem is not responding to management requests is seen on issuing the CLI command show agent sensors, if traceoptions is enabled for services analytics. PR1300829

  • ICMP, ICMPv6 error messages might be discarded while forwarding through an AMS interface. PR1301188

  • Configured logical interface might not be created correctly after commit. PR1301823

  • In Junos Telemetry Interface setup, the payload maximum transmission unit (MTU) might be much less than 16KB when subscribing to component sensor. PR1301835

  • The rpd might crash by executing the command show route extensive when IS-IS configuration is deleted. PR1301849

  • The rpd might crash when NSR is enabled and routing-instance specific configurations are committed. PR1301986

  • Continuous interface flapping might lead to unwanted MIC reset. PR1302246

  • Service cookie data that is sent from Packet Forwarding Engine to service PIC can be corrupted and might lead to unexpected behavior. PR1302493

  • The rpd might crash when toggling the vrf-propagate-ttl and no-vrf-propagate-ttl configuration statement. PR1302504

  • The log message jam_cache_get.636 ERR:entity 0x997 not found, get cache failed is continuously seen in jam_chassisd log-file. PR1302975

  • The chassisd crashes during unified ISSU aborted in FRU upgrade phase. PR1303086

  • The multicast resolve-rate value might go back to default after system upgrade or reboot. PR1303134

  • Incorrect MTU might be seen on PPP interfaces when PPP MTU is not defined in the dynamic profile. PR1303175

  • The list of available routing instances is no longer provided for output of show subscribers routing-instance command. PR1303199

  • The inline-ka PPP echo requests are not generated for aggregated Ethernet interfaces. PR1303249

  • The command request auto-configuration reconnect-pending is no longer available. PR1303336

  • Blocking PPPoE or DHCP to initiate VLAN auto-sensing if VLAN out-of-band connected is in pending state. PR1303338

  • On routers with XM-chip based line cards, log messages might report fan speed changes between full and normal speed continuously, because XM-chip reaches a temperature threshold. PR1303459

  • The kernel log GENCFG messages with Severity 1 (Alert) might be seen. PR1303637

  • If MPLS LSP self-ping is enabled (self-ping is enabled by default), the kernel might panic with an error message Fatal trap 12: page fault while in kernel mode. PR1303798

  • MX Series MIB polling returns a value that has "sdg". Polling result should include "svc" generic value. PR1303848

  • Truncated output appears for the show pppoe lockout CLI command. PR1304016

  • The fabric planes might go into "check" state after restarting the line cards with SFB2 used on MX2010 or MX2020 platform. PR1304095

  • Effective rate of E3 in framed mode is limited to 30 Mbps on certain channelized MICs. PR1304344

  • After modifying the DSCP value in the classifier, the value is not getting reflected in the LLDP PDU TCP core file. However, the logical interface binding is happening with the modified DSCP value. PR1304627

  • RPF check strict mode causes traffic drop in next generation subscriber management release. PR1304696

  • On MX2000 platform with MPC9E and SFB2 installed, certain high amount traffic volume might cause traffic drops with cell underflow messages. PR1304801

  • Commit fails with error: ffp_intf_ifd_hier_tagging_config_verify: Modified IFD "si-1/1/0" is in use by BBE subscriber, active L2TP LNS client. PR1304951

  • In inline J-Flow vMX platform, OIF field of VPLS data records sometimes report SNMP index value of LSI interface instead of egress physical interface. PR1305411

  • MX Series router is sending immediate-interim for the services pushed by SRC. PR1305425

  • Customers running 32-bit Junos OS might generate rpd core file when traceoptions are enabled. PR1305440

  • Improved handling of exit status for JET applications. PR1305615

  • L2BSA subscriber connection attempts failed with VLAN profile-request-error. PR1305962

  • The CLI start shell pfe network fpc command is not working on MX960. PR1306236

  • Bbe-smgd might fail to properly add access-internal routes when the router is extremely busy. PR1306650

  • L2BSA subscribers came up, but no new ANCP session got established during the RADIUS disaster backup procedure. PR1306872

  • Smihelperd generates core files when SNMP is polling for JUNIPER-SUBSCRIBER-MIB::jnxSubscriberGeneral.7.0. PR1306966

  • The kmd process error UI_DBASE_OPEN_FAILED is seen because of too many open files. PR1308380

  • License is lost during Routing Engine switchover in scale-subscriber scenario. PR1308620

  • CoS applied to a subscriber demux logical interface is not working. PR1308671

  • FPC syslog errors with pfeman_inline_ka_steering_gencfg_handler: nh not found could mean that steering rules are not installed correctly. PR1308884

  • All the MICs on one FPC, with PWHT subscribers configured, might go offline during the restart of FPC in another slot. PR1308995

  • Error messages might be often seen after MPC restarts. PR1309013

  • Incorrect values are found in the event-timestamp of RADIUS accounting-stop packets for L2BSA subscribers. PR1309212

  • In MX2020 or MX2010, after smooth upgrade from SFB to SFB2, if one plane or SFB is restarted, link training fails between those planes and MPC6 cards. PR1309309

  • The bbe-mibd might generate a core file after Routing Engine mastership switch. PR1309341

  • First access-request is failing for L2BSA subscribers when changing the MTU of LACP aggregate Ethernet A10NSP interface. PR1309599

  • 90 percent subscribers might go down after unified ISSU from Junos OS Release 16.1 to Junos OS Release 17.3. PR1309983

  • In next generation subscriber management release, bbe-smgd process memory leak is seen after deleting or adding the address pool. PR1310038

  • The MS-MIC or MS-MPC memory utilization might stay at high level in the subscriber management scenario. PR1310064

  • SPD_CONN_OPEN_FAILURE and SPC_CONN_FAILURE log messages are seen in the log for SI interfaces when running SNMP walk on Service PIC NAT OIDs. PR1310081

  • Some harmless syslog messages might be seen. PR1310678

  • Local IPv6 interface address from NDRA prefix is not removed from service interface when subscriber dual-stack session is removed. PR1310752

  • Utilization of commit check just after setting master-password can trigger improper decoding of configuration secrets. PR1310764

  • After BSYS reboot rpd is unresponsive on one GNFs sometimes. PR1310765

  • The incorrect error number might be reported for syslog messages with prefix of %DAEMON-3-RPD_KRT_Q_RETRIES. PR1310812

  • Fragmented UDP packet might be incorrectly parsed as uBFD packet and dropped. PR1311134

  • The FPC memory might be exhausted with SHEAF leak messages seen in the syslog. PR1311949

  • The routing protocol process generates a core file after multiple session flap on scale setup. PR1312169

  • PEM alarms and I2C failures are observed on MX240, MX480, and MX960 Series. PR1312336

  • MIC MRATE might restart after port speed change. PR1312504

  • Counter at PPPoE session logical interface incremented incorrectly cause accounting packet contains incorrect Acct-input-packets value and incorrect Acct-input-octets value. PR1312998

  • False over temperature SNMP trap could be seen when using MPC5, MPC6, MPC7, MPC8, and MPC9 on MX2020. PR1313391

  • On MX Series Virtual Chassis, BNG IPv6 router-solicit (RS) packets are dropped in non-default RI. PR1313722

  • The CLI command show version detail gives severity error log message traffic-dird[20126]: main: swversion pkg: 'traffic-dird' name: 'traffic-dird' ret: 0. PR1313866

  • The MSPMAND process generates a core file because flow-control is seen while clearing CGNAT+SFW sessions. PR1314070

  • The show version detail | no-more CLI hangs for more than 120 seconds in master Routing Engine and more than 60 seconds in backup Routing Engine. PR1314242

  • The smgd process generates a core file with reference to bbe_cos_ifl_publish() bbe_cos_if.c:6543. PR1314651

  • The rpd might crash in MoFRR scenario. PR1314711

  • MPC7E- IR-mode configuration statement commit failure. PR1314755

  • RPC error is seen while committing system services subscriber-management enable through NETCONF. PR1314968

  • The L2TP LAC might drop packets that have incorrect payload length while sending packets to the LNS. PR1315009

  • Continuous logs from vhclient for all the commands executed. PR1315128

  • The RIB and FIB might get out of synchronization because the KRT asynchronous queue might get stuck. PR1315212

  • FPC crashes when a route has unilist next hops in an RSVP scenario. PR1315228

  • show version detail gives severity error log mobiled: main Neither BNG LIC nor JMOBILE package is present,exit mobiled. PR1315430

  • The command of show version detail might generate severity error log main: name: SRD ret: 0. PR1315436

  • The FAN speed might frequently keep changing between normal and full for MX Series platform. PR1316192

  • The show auto-configuration out-of-band CLI command with different configuration statements show the same output. PR1316661

  • Demux interface sends neighbor solicitation with source link-address of all zeros 00:00:00:00:00:00 MAC. PR1316767

  • The output from show configuration <> | display json might not be properly enclosed in double quotes. PR1317223

  • Linux-based micro-kernel might panic because of the concurrent update on mutable objects. PR1317961

  • CoA shaping rate is not applied successfully after unified ISSU, while doing unified ISSU from Junos OS Release 15.1R6.7 to Junos OS Release 16.1R6.2. PR1318319

  • The rpd might crash when the link flap on an adjacent router. PR1318476

  • The daemon bbe-smgd might crash after performing GRES. PR1318528

  • FPC crashes on configuration change for Packet Forwarding Engine sensors. PR1318677

  • MS-MPC and MS-MIC might crash after a new IPsec tunnel is added. PR1318932

  • The MPC with specific failure hardware might impact other MPCs in the same chassis. PR1319560

  • The task replication might not be complete to certain network protocols after multiple GRES. PR1319784

  • The error log message MIB2D_COUNTER_DECREASING: pfes_stats_delta: counter might be seen on vMX. PR1319996

  • Chassis MIB SNMP OIDs for VC-B member chassis are not available after MX Series Virtual Chassis unified ISSU. PR1320370

  • The show subscriber summary command displays incorrect terminated subscriber count. PR1320717

  • PPP inline keepalive does not work fine as expected when CPE aborts the subscriber session. PR1320880

  • MX Series routers send the IPv6 router advertisements and the DHCPv6 advertisements before sending IPCPv6 ACK from CPE. PR1321064

  • Logical interface bind changes is taking more time, many log messages IFL TCP (38) Bind change notify ran for are generated by FPC. PR1321086

  • CoS is not applied to Packet Forwarding Engine when VCP link is added. PR1321184

  • The bbe-smgd process generates a core file after massive clients logout and login in PPPoE dual stack subscriber scenario. PR1321468

  • There is CoA-NAK with Error-Cause = Invalid-Request sent back to RADIUS server when drop policy under radius-flow-tap is applied in L2TP subscriber scenario. PR1321492

  • The rpd might crash when two next hops are installed with the same next hop index. PR1322535

  • The rpd might crash when OpenConfig package is upgraded with JTI streaming data in the background. PR1322553

  • MS-MIC interface logical interfaces remain down after many iterations of offline or online. PR1322854

  • An incorrect output is observed while verifying the command show subscribers client-type vlan subscriber-state active logical-system default routing-instance default. PR1322907

  • The line card might crash upon receipt of a specific MPLS packet. The affected line cards include MPC7E, MPC8E, and MPC9E on MX Series routers, the third-generation FPC on PTX3000 (FPC3-SFF-PTX), the third-generation FPC on PTX5000 (FPC3-PTX-U2 [FPC-P1] and FPC3-PTX-U3 [FPC-P2]) and the built-in FPC on PTX1000. See https://kb.juniper.net/JSA10864 for details. PR1323069

  • NCP Conf-Ack or Conf-Req packets might be dropped constantly from Cisco MLPPP client on LI interfaces. PR1323265

  • CLI commands in show system subscriber-management route routing-instance <xxx> hierarchy show unexpected outputs. PR1323279

  • Memory leaks in MGD-API daemon are observed during get API requests and error handling during set API request. PR1324321

  • Subscribers might fail to log in after the interface is deactivated or activated. PR1324446

  • The memory leakage is seen in mosquitto-nossl daemon. PR1324531

  • The SNMP interface filter does not work when "interface-mib" is part of dynamic-profile. PR1324573

  • The VLAN re-write function might put incorrect vlan-id when Ethernet OAM is configured on DPCE cards. PR1325070

  • SNMP values might not be increased monolithically. PR1325128

  • MPC cards might drop traffic under high temperature. PR1325271

  • IS-IS adjacency fails to establish because of packets drop on Packet Forwarding Engine. PR1325311

  • On Junos OS a denial of service vulnerability in MS-PIC, MS-MIC, MS-MPC, MS-DPC, and SRX Series flow daemon (flowd) is related to the SIP ALG (CVE-2018-0051). Refer https://kb.juniper.net/JSA10885 for more information. PR1326394

  • The VLAN demux interface does not respond to the the ARP request in a subscriber scenario with MX Series routers running Junos OS Release 15.1 or later with subscriber management enabled. PR1326450

  • In MX Series, BNG CoS service object is not deleted properly for TCP and schedular. PR1326853

  • A few show commands were issued twice when request support information is executed. PR1327165

  • With auto-installation usb configured, interface related commits might not take effect because of dcd error. PR1327384

  • Constant logs such as fm_feacap_sys_feature_get:Attribute DB init is not done, reading from pvid (id: 18) is repeated every 5 seconds in chassisd log. PR1328868

  • If PIC-based sampling is used and the sampling output interface is on the MS-MIC or MS-MPC, a special MPLS packet that is subjected to MPLS sampling might cause unexpectedly prolonged flow control to be triggered on the MS-MIC or MS-MPC and then the MS-MIC or MS-MPC is restarted. PR1329189

  • When an AMS bundle has a single MAMs added to it, the subinterfaces do not recover after the subinterface has been disabled. PR1329498

  • Host-Outbound traffic is not rewriting ieee-801.pbits for dynamic subscriber logical interface over PS interface. PR1329555

  • SNMP walks of interfaces related MIB objects are slower than expected in a scaled configuration. PR1329931

  • show services nat mappings address-pooling-paired times out and fails. PR1330207

  • 'Too many supplies missing in Lower/Upper zone' alarm flaps (set/clear) every 20 seconds if a zone does not have minute required PSMs. PR1330720

  • All packets might be dropped if one route is adverted by BGP whose session is established through the subscriber interface. PR1330737

  • The rpd core file is generated on new backup Routing Engine at task_quit,task_terminate_timer_callback,task_timer_dispatch,task_scheduler after disabling NSR+GRES. PR1330750

  • The FPC might be wedged when LSQ interface receives fragmented packets. PR1330998

  • Non-NEBS compliant optics might be disabled when chassis temperature exceeds non-nebs-optics-overheat-trigger. PR1331186

  • When interfaces involved with traffic path are IRB and there is assymetic routing for IPv6 traffic, if the IPv6 packet is egressing an IRB interface that contains an MTU exceeded error or possibly an ICMP6 redirect, the NH OUT OF SYNC messages might be seen and traffic might drop. PR1331911

  • On all platforms running Junos OS, the local dhcp6 server might incorrectly respond to confirm messages from clients with existing address bindings with a NotOnLink response. This might cause the client to request a new binding. PR1331995

  • The bbe-smgd process might crash after executing the command of clear ancp access-loop circuit-id <circuid-id>. PR1332096

  • The rpd core file might be generated in a rare condition in Layer 2 circuit or in a l2vpn environment. PR1332260

  • Inaccurate J-Flow records might be seen for output interface and next hop. PR1332666

  • On all products that support 802.1X, if ports in multisupplicant mode flap or if the configuration is removed, the memory associated with the dot1xd might leak. As the memory consumption increases, the dot1xd (802.1X process) might crash and restart. PR1332957

  • The subinfo process might crash and it might cause the PPPOE subscribers to get disconnected. PR1333265

  • MX80, MX104, MX240, MX480, and MX960 routers with a DHCPv6 subscriber management environment, might not be able to learn the global IPv6 neighbor address of the DHCPv6 subscriber client if both the neighbor advertisement (NA) source and the destination address are link-local addresses. PR1333392

  • In an AA multihoming EVPN VXLAN, routing protocol daemon shows very high CPU usage. PR1334235

  • Two subscribers cannot reach the online state at the same time if they have an identical Frame-Route attribute value. PR1334311

  • 260G MPC with HQoS went for "restart" after unified ISSU to Junos OS Release 18.2DCB in MX2010 box PR1334612

  • When the MX Series router is used in a subscriber environment, the non-ISSU upgrade might trigger ffp crash. PR1334745

  • The UID limit is reached in large-scale subscriber scenario. PR1334886

  • When using show subscribers while FPC has two digits, the interface and IPv6 address get connected together for DHCPv6 PD. PR1334904

  • On MX9200 and MX2000 platforms with MPC7E, MPC8E, MPC9E, when LAG members from different FPCs are unplugged and one member gets plugged back in, MQSS error logs and alarms might be seen. Multiple interfaces might go down and might not come back up until the line card is restarted. PR1334928

  • The IPsec rule might not work if both IPv4 ANY-ANY term and IPv6 ANY-ANY term are configured for it. PR1334966

  • Traffic drops on the MX LNS because of software error/unknown family exception when traffic goes to/coming from MLPPP subscriber if routing-services configuration statement is presented in the dynamic-profile used by this subscriber. PR1335276

  • The RIP route updates might be partially dropped when NSR is enabled. PR1335646

  • The MAC_STUCK might be seen on MS-MPC or MS-MIC. PR1335956

  • Mirrored traffic is not going out through LT interface. PR1360489

  • JET application might not respawn after a normal exit. PR1336107

  • Subscriber might experience SDB DOWN event and drop the clients' connections when issuing show subscribers commands. PR1336388

  • On MX2000 with SFB card installed, high amount of traffic volume on MPC7E, MPC8E or MPC9E might cause traffic drops with cell underflow messages. PR1336446

  • In some corner cases with certificate hierarchy where intermediate CA profiles are not present on the device, the PKI daemon can become busy and stop responding. PR1336733

  • The MACsec AES-GCM-256 hashing algorithm is not compatible with other vendors. The hash value generated for 256-bit key length of AES-GCM-256 algorithm is incorrect. PR1336834

  • Bbe-smgd might crash when performing some interface set-related CoS. PR1336852

  • The command set protocols lldp neighbour-port-info-display port-id might not take effect. PR1336946

  • Error log message sdb_db_interface_remove: del ifl:si-<index> with licnese cnt non zero on might be seen on LTS during subscriber logout. PR1337000

  • On MX204, MX10003, or MPC7E, MPC8E, MPC9E, or EX9200-40XS or EX9200-12QS, a 100-Gigabit, 40-Gigabit, or 10-Gigabit interface might keep flapping or stay down because of an interoperation issue between the Juniper Networks device and the remote transport device connected. PR1337327

  • On MX2000 platforms with MPC8 and MPC9, if SFB2 goes offline and online, MPC throughput degradation might be seen. PR1338216

  • DDoS counters for OSPF might not increase. PR1339364

  • Very few of subscribers show incorrect accounting values in a large-scale subscribers scenario. PR1340512

  • There might be traffic loss on some subscriber sessions when more than 32k L2TP subscriber sessions are anchored in ASI interface. PR1341659

  • With discard interfaces (configured with IGMPv3), KRT queue get stuck while deleting multicast next hop (MCNH) with an error EPERM -- Jtree walk in progress. PR1342032

  • SNMP walk might fail for LLDP related OIDs. PR1342741

  • In a subscriber management environment, if the commit option fast-synchronize is configured, the bbe-smgd process might crash in a rare condition when commiting the configuration changes related to dynamic profiles. PR1342945

  • In an MPLS or RSVP environment, LSP might get stuck in Dn state with Record route: <self> ...incomplete. PR1343289

  • In Junos OS, memory exhaustion denial-of-service vulnerability is seen in the routing protocol process (rpd) with Juniper Extension Toolkit (JET) support (CVE-2018-0048). Refer to https://kb.juniper.net/JSA10882 for more information. PR1344177

  • MX Series routers might send IPv6 RA or DHCPv6 advertisement before completing the PPP IPv6CP negotiation. PR1344472

  • The ancpd process generates a core file at src/junos/usr.sbin/ancpd/ancpd_smgd.c:2299 in clearing ANCP subscribers in a scaled scenario. PR1344805

  • The framed-route "0.0.0.0/0" might not be installed in MX Series platform with Junos OS enhanced subscriber management releases. PR1344988

  • In an EVPN-VXLAN, ARP packet uses VRRP/virtual-gateway MAC in Ethernet header instead of IRB MAC address. PR1344990

  • The cpcd generates a core file because of the converged services support for Routing Engine-based captive portal used. PR1345096

  • On any product supporting dot1x, as part of authentication of a VoIP phone, its MAC address gets added in both voice and data VLANs. If traffic is received only on the voice VLAN, the MAC address gets aged-out from the data VLAN and because of this the session gets cleared. PR1345365

  • On all platforms, if the no-propagate-ttl statement is set in a routing instance that has a route (the route is leaked from one route table to another route table), an rpd crash might be seen. PR1345477

  • New PPPoE users might fail to login. PR1346226

  • AC system error counter in show pppoe statistics does not work. PR1346231

  • VCCP-ADJDOWN detection is delayed on VC-Bm when deleting one vcp link on VC-Mm. PR1346328

  • On MX Series using MS-MPC, MS-MIC, in an inline NAT scenario, the adaptive services PIC daemon (spd) and eventd might use up the CPU cycles. The spd might crash, resulting in traffic loss of NAT. PR1346546

  • On any platform that does not clear out /mfs when installing a new software release (such as EX Series or QFX Series), when upgrading from certain releases to Junos OS Release 18.1R1, the statistics process pfed might generate a core file. This issue does not impact service. PR1346925

  • The twice-napt-44 sessions are not syncing to backup SDG with stateful sync configured. PR1347086

  • IPv6 MAC resolve fails if the DHCPv6 client uses a non-EUI64 link-local address. PR1347173

  • Issue is seen with handling the community_action ("add") in RPC call. PR1348082

  • The FPC might crash due to MIC error interrupt hogging. PR1348107

  • Per-service accounting statistic value is not accurate. PR1348796

  • The chassisd might crash after replacing MPC6E or MPC7E with MPC9E. PR1348834

  • The DHCPv6 solicit packet might be dropped on MX Series Virtual Chassis with L2TP LNS when the packet is received over a VCP port and the anchor si- interfaces exist on the same Packet Forwarding Engine as the VCP port. PR1348846

  • On a single Routing Engine system, after the GRES, the configuration is removed. The Routing Engine mastership keepalive timer is not resumed to the default value. With the unexpected loss of Routing Engine mastership, issues such as chassisd stuck might be seen. PR1349049

  • On all platforms, if any other smid-related daemon crashes, in a rare case, the dcd process might crash. PR1349154

  • A major alarm Major PEM 0 Input Failure might be observed for DC PEM. PR1349179

  • The RLT interface setup is broken. By design, the RLT interface is supposed to have a different L1 node and a different stream other than the tunnel stream. This is mentioned in the design specification of RLT and the source code as well. However, on MPC5E or MPC6E line cards and associated MICs, the RLT interface continues to be mapped to same tunnel stream and then on EA. It did not even get set up. PR1350115

  • On platforms running Junos OS, pccd crash is observed in a PCEP scenario. PR1350240

  • The multicast traffic might get dropped due to the "Invalid policy ID" exception. PR1350380

  • The MTU value for subscriber's interface might be programmed incorrectly if the statement routing-services or protocol pim is configured in dynamic-profile. PR1350535

  • The VCP port might not come back up after removing and adding it again. PR1350845

  • The subinfo process might crash when executing show subscribers address <> extensive for a DHCPv6 address. PR1350883

  • PPE Errors and async xtxn errors are seen when FPC restarts. PR1350909

  • If the subscriber or interface statistics are used at large scale (thousands or more), the pfed process might consume high CPU because of the low performance code processing. This applies on all platforms and is primarily observed on PPC-based routers (such as MX104) when large-scale subscribers (such as 8000) log in to a subscriber management environment and accounting is turned on. PR1351203

  • The high CPU usage of bbe-smgd process might be seen when L2BSA subscribers get stuck. PR1351696

  • After GRES, the BGP neighbors at master Routing Engine might reset and the BGP neighbors at backup Routing Engine take long time to establish. PR1351705

  • The bbe-smgd daemon might restart in a subscriber environment. PR1352546

  • In the DHCPv6 relay scenario, there is a conflict with IPv6 relay-reply packet processing when forward-only and the relay-source overrides are configured for the same interface group. This causes the packets to be dropped by the route lookup logic when the packet is sent back toward the client. PR1352613

  • Offline MIC6-100G-CFP2 MIC through the CLI command might trigger FPC card to crash. PR1352921

  • The routing protocol process (rpd) permanently overuses CPU due to logical system configuration commit. PR1353548

  • On platforms running Junos OS, if GRES is not configured, multiple Routing Engine switchover might cause traffic interruption because the old forwarding information base (FIB) state is not getting cleaned up. PR1354002

  • Syslog error: dfw_bbe_filter_bind:1125 BBE Filter bind type 0x84 index 167806251 returned 1. PR1354435

  • The rpd process generates a core file when adding an inter-region template in routing instances. PR1354629

  • Starting with the next-generation subscriber management on Junos OS, the static subscribers might not properly update the firewall information on the Packet Forwarding Engine when dynamic configuration changes are made to active subscribers. As a result, complete traffic loss for the client might be seen. PR1354774

  • Memory leak is found in agentd while running valgrind. PR1354922

  • Packets destined to Routing Engine might be dropped in the kernel when LACP is configured. PR1355299

  • The fabric chip failure alarms are observed in GRES scenario. PR1355463

  • The rpd process crashes when issuing the command show dynamic-tunnels database terse for RSVP automatic mesh tunnels. PR1356254

  • The I2c messages from PEM/PSM are reported if SNMP is enabled. PR1356259

  • The CLI command show pppoe underlying-interfaces in a scaled environment might cause bbe-smgd memory leak. PR1356428

  • The bbe-smgd generates a core file in recursive loop between functions bbe_autoconf_if_l2_input and bbe_if_l3_input. PR1356474

  • DHCP subscribers fail after reconfiguration of port from tagged to un-tagged mode. PR1356980

  • On all platforms running Junos OS that have dual Routing Engines, if GRES is enabled to provide High Availability (HA) protection, the backup Routing Engine (RE1) might be out of synchronization with the master Routing Engine (RE0), and the kernel state in the backup Routing Engine (RE1) is not cleaned because of a software defect. After staying in such status for a long time, once the keepalive timeout is detected between the master and backup Routing Engine, the backup Routing Engine (RE1) might take over the mastership. All the line cards will be restarted when they are connected to the new master Routing Engine (RE1) after switchover because of the missing master-backup synchronization. Then the new master Routing Engine (RE1) might crash because some data structure field overflows in the kernel because the kernel state has not been cleaned for a long time. After that, the original master Routing Engine might take the mastership back again. This issue causes complete traffic loss. PR1357427

  • On all platforms running Junos OS, when the system runs with a large scale of subscribers (for example, more than 30,000), if the subscriber interfaces are configured with tail/wred drop rules and different buffer-size values, the PIC concentrator (MPC/FPC) might take too much process time for adding or deleting tail/wred drop rules during binding or releasing subscribers, so that it cannot reply any request messages to the Routing Engine for a long time. Because of this issue, a lot of kernel timeout error logs might also be seen. PR1358405

  • On MX Series routers, if many subscribers are logging in simultaneously, bbe-smgd crash might be seen. PR1358868

  • When an FPC (or an incompatible one) is powered off by configuration or CLI command and the command show chassis environment fpc is issued, the status of the FPC might change to ---Bad Voltage--- under show chassis fpc. PR1358874

  • The IPv6 subscriber might fail to access network. PR1359520

  • On MX Series routers, if system services subscriber-management enabled is configured, bbe-smgd might fail to add members to some of the aggregated Ethernet interfaces randomly when there are many aggregated Ethernet interfaces in the access configuration. PR1359986

  • When the rpd reads next hops from kernel on restart, for the INH -> FWD NH{List NH} -> {Chain NH} scenario, the rpd should not create an old-style list next hop for the forwarding next hop. PR1360354

  • If groups are applied on the top level, when these groups are deleted, modified, and added, all the top level hierarchies that are referred by these groups will be set with a "mark-changed" bit. Everything under these hierarchies is considered as changed. If these groups refer to policy-options and there are policies referring to prefix-list, each prefix in prefix-list is marked as changed even though the prefix-list is actually not changed at all. This causes the duplicate prefix to be added to prefix-list. When the group adding, modifying, and deleting operation is frequently executed, the issue might cause more CPU usage by policy processing, which in turn might cause rpd scheduler slip. PR1361304

  • The DSCP value in customer IP traffic gets rewritten unexpectedly when the routing-options forwarding-table chained-composite-next-hop ingress labeled-bgp inet6 statement is configured on the core-facing MPLS interface and a certain EXP rewrite rule is applied. PR1361429

  • MX Series routers do not generate a quality level failed alarm (Trap-Id:.1.3.6.1.4.1.2636.3.75.1.1.7) when the transmit SSM-QL is reduced from a valid SSM-QL to a value below the minimum SSM-QAL (SSUB/EEC). PR1361430

  • When a peer is being established when it needs to catch up with other peers that have received many more updates, the merge code might verify the routes that are to be announced. If none of the prefixes are announced before the peer has processed its fair share of entries, the process starts from the beginning again. This situation is most likely to occur when there is zero route churn. PR1361550

  • In a subscriber management environment, because of a timing issue, the bbe-smgd process on the backup Routing Engine might crash either during login of a subscriber with a multicast service or during activation of multicast service for an existing subscriber. PR1362188

  • If the route installation failure case is not handled properly in a BGP multipath scenario, traffic loss might be seen. PR1362560

  • Executing show route prefix proto ip detail during route churn in a route scale scenario might lead to FPC crash. PR1362578

  • Unexpected DCD_PARSE_ERROR_SCHEDULER messages are logged when MS-MPC/MS-MIC is brought offline/online. PR1362734

  • On MX Series routers with non-default routing instance subscribers configured, NTP packet might not use the correct non-default routing instance. PR1363034

  • On MX2010 and MX2020 routers equipped with Switch Fabric Board 2 (SFB2), some error messages could be occasionally seen in the logs. There is no operational impact, nor an indication of a real issue caused by these messages. PR1363587

  • The xmlproxyd for internal interfaces is reporting uint32 instead of uint64. PR1363766

  • In Junos OS, during any route change, the kernel and rpd communicate multiple times to update the route and forwarding entries. In large-scale scenarios, where the system contains multicast composite next hops, during any network events that might cause route/next-hop churn at a huge scale, rpd might skip a route operation (DELETE). As a result, krt queue entries for multicast next-hop (MCNH) deletes might get stuck in the krt queue. Therefore the kernel and rpd could go out of synchronization and potentially cause rpd to crash if it encounters a request from the kernel for a route update that is not in line with its own dataset. The MCNH deletes are not sent to the kernel, which indicates improper error handling in the rpd for route DELETES. PR1363803

  • On EX4600 and QFX5100 platforms, if Rapid Spanning Tree Protocol (RSTP) is configured along with aggregated Ethernet, a traffic loop might be seen in a ring topology even though that port is blocked by RSTP. PR1364406

  • The shmlog files are not rotated correctly. As a result, there is an increase in file size that consumes most of the disk space. PR1364775

  • The smgd process might restart unexpectedly when stress tests are performed on subscriber management features. PR1372223

  • On MX2010 platforms, if an aggregated Ethernet bundle is configured with Ethernet OAM link fault management (LFM), and at the same time, no Link Aggregation Control Protocol (LACP) is configured for the aggregated Ethernet bundle, the aggregated Ethernet member link flap might cause one member link to be set as "Link-Layer-Down" by LFM even after its physical link is already up. Because of this issue, there are still traffic flows forwarded through the member link in faulty status. Thus, all the traffic affected might be lost, which might lead to service impact. PR1365263

  • Default NIC driver coming as E1000 when vFPC is deployed on VMware uses an OVA image. As a workaround, vmxnet3 is used as the default NIC driver. PR1365337

  • MS-MPC and MS-PIC might crash if two or more service set are configured with the same prefix lists and the SIP ALG is configured in a NAT scenario. PR1366259

  • If an MPLS path uses an IPv6 next hop, the next hop might be stuck in hold state. Initially, the router triggers the IPv6 Neighbor Discovery (ND), but the neighbor advertisement from the peer is not received. Eventually, the neighbor state moves to unreachable state and the next hop of the MPLS path using this neighbor is rejected. After this, if the router receives a neighbor solicitation message from the peer, the neighbor state might move to reachable state in the IPv6 neighbor table. The IPv6 module should notify the change to MPLS module, but somehow the notification is missed. This causes the next hop of the MPLS path to get stuck in hold state. PR1366562

  • In a Layer 2 bit stream access (L2BSA) subscriber scenario, if there is a misconfiguration on the RADIUS profile for the L2BSA subscriber (for example, the routing instance returned from RADIUS is not configured as VPLS) or an authentication part is missing in the physical interface configuration, the bbe-smgd process might crash during the L2BSA subscribers login. PR1367472

  • After replacing a FPC having more Packet Forwarding Engines with a FPC having less Packet Forwarding Engines (for example, replace DPC having two Packet Forwarding Engines with MPC3E having only one Packet Forwarding Engine), the nonexisting Packet Forwarding Engine might be shown with the command of show system resource-monitor fpc. This can be cleared by using restart subscriber-management >restart subscriber-management gracefully. This restart will not affect your services. However, if there are systems actively collecting the interface statistics, services might pause a little bit while the process restarts. PR1367534

  • RTG interface status is shown as incorrect status with show interface {master:1}[edit] root@host# show switch-options | display set set switch-options redundant-trunk-group group rtg2 interface xe-1/0/5.0 set switch-options redundant-trunk-group group rtg2 interface xe-1/0/6.0 set switch-options redundant-trunk-group group rtg3 interface xe-0/0/2.0 set switch-options redundant-trunk-group group rtg3 interface ae3.0 root@host# run show interfaces terse | match "xe-1/0/6|xe-1/0/5" xe-1/0/5 down down xe-1/0/5.0 up down eth-switch xe-1/0/6 down down xe-1/0/6.0 up down eth-switch {master:1}[edit] root@jtac-qfx5100-48t-6q-r2284# run show interfaces terse | match rtg rtg2 up up <<<< incorrect status rtg2.16383 up up eth-switch <<<< incorrect status rtg3 up up rtg3.16383 up up eth-switch. PR1368006

  • On MX Series routers in BBE configurations, receipt of a crafted IPv6 exception packet causes a denial-of-service (CVE-2018-0058). Refer to https://kb.juniper.net/JSA10893 for more information. PR1368599

  • While performing an SNMP MIB walk for OID jnxIpSecTunnelEntry, the following errors are seen: May 25 00:30:04 labbox_re0 kmd[17150]: KMD_SNMP_PIC_NO_RESPONSE: PIC rsp1 did not respond to SNMP query: No error: 0 May 25 00:30:04 labbox_re0 kmd[17150]: KMD_SNMP_FATAL_ERROR: Fatal SNMP error occurred: libservicesui: ipc_pipe_read() failed - No error: 0.PR1369938

  • On MX Series routers that support next-generation subscriber management (Apache Tomcat), when the Layer 2 Tunneling Protocol (L2TP) Network Server (LNS) is enabled, if the dynamic profiles are configured with the statement routing-services and the firewall filter, the firewall filter might not be removed from the Packet Forwarding Engine after subscriber logout. Due to this issue, the firewall filter index might be used and then no more subscribers can log in. PR1369968

  • In a subscriber management scenario, if an aggregated Ethernet interface is associated as the underlying-interface of a demux0 unit and both the demux0 unit and aggregated Ethernet unit (corresponding to the above aggregated Ethernet interface) are configured with a duplicated vlan-id, the kernel might crash after committing the configuration. PR1370015

  • With an interface-based dynamic GRE tunnel configured, there might be two next hops for a single dynamic GRE tunnel. When a new route is resolved over the dynamic tunnel after Routing Engine switchover is performed or the rpd is restarted, subsequent withdrawal of the routes over that tunnel or master Routing Engine restarting might cause the rpd to crash. PR1370174

  • ALG cannot process IP datagrams exceeding 8000 bytes in size. The packets are dropped by junos-alg plugin. Plugin-related packet drop counter captures these drops. If an IP datagram is not related to ALG sessions, then the junos-alg plugin has nothing to do with them and they are ignored (ALG plugin will not drop). PR1370582

  • An FPC crashes and generates a core file under heavy load, causing the bbe-smgd process to generate a core file. This core file is generated because of the cleanup issues with the VLAN creations in flight. PR1371926

  • MX Series with MPC or MIC-based line card might reach high CPU utilization or might crash because of a defect in handling a memory hot-banking condition. PR1372193

  • When LAG-enhanced is disabled, one child next hop is created for each member link of a LAG interface. During the non-GRES switchover, the kernel memory might be exhausted, which leads to the creation failure of the child next hop. Hence, the Routing Engine might crash. As a workaround, you can avoid this issue by enabling LAG-enhanced. PR1373079

  • The URL filtering feature might not work in Junos OS Release 17.4R2 when the data interfaces participating in the URL filtering functionality move from one routing instance to another routing instance. PR1373582

  • If BOOTP-support is not enabled at the global level, bootstrap protocol (BOOTP) packets might be dropped while they are received on an interface because the device only checks BOOTP-support at the global level. PR1373807

  • Cosmetic log warning: [---] is protected, 'protocols ---' cannot be deleted is seen after the commit using configure private in a configuration with "protect" flag present. PR1374244

  • On MX Series routers that support the next-generation subscriber management, if the aggregated Ethernet bundle has multiple child interfaces that are located in the same Packet Forwarding Engine complex,(for example, ge-1/0/0 and ge-1/0/1), when the dynamic VLAN subscriber gets online from the aggregated Ethernet bundle, then one physical child interface is removed out of the aggregated Ethernet bundle, (for example, ge-1/0/0). The Flexible PIC Concentrator (FPC) might keep reporting error logs, and the statistics on the dynamic VLAN flow also would not get incremented. Therefore, the Packet Forwarding Engine might be unable to work properly. PR1374478

  • In case of centralized IGMP configuration, the bbe-smgd daemon might restart last subscriber of a multicast group is leaving the group. It is not able to delete this multicast group node from the tree. In this case on daemon restart, in INIT phase, bbe-smgd might again try to delete the multicast group node and its associated multicast group service and restart again. Because of this, the bbe-smgd process might never complete the INIT phase and restart continuously in INIT phase only. PR1374530

  • On MX Series routers with MS-MPC/MS-MIC installed, ICMPv6 packets larger than 1024 might be dropped if icmp-large-packet-check is configured on the IDS service. PR1378852

  • The software detects SDB STS lock deadlock and breaks the deadlock itself and system resumes normally processing on its own. PR1380231

  • On MX Series routers with MS-MPC installed, memory leak might be observed when vty mspdbg-cli command is executed. PR1381469

  • Rarely, over GRES or Routing Engine reboot, subscribers of all access types were not able to login. As a workaround, restarting the bbe-smgd daemon might solve the issue. PR1382050

  • The export of the J-Flow records is seen at the collector before the configured active timeout value. This export result might not be the expected. PR1382531

  • On M Series, MX Series and T Series platforms, after bringing up IPsec tunnels, when issuing the show command, a kmd crash might be seen. PR1384205

  • When dynamic IPsec VPN is rekeyed due to lifetime expiration, IPsec internet key exchange (IKE) phase 1 user datagram protocol (UDP) port 500 and phase 2 UDP port 4500 sessions might be translated into two different public internal protocol (IP) addresses while passing through carrier-grade network address translation (CGNAT), which causes IPsec VPN traffic to fail. This behavior does not cause an issue for Juniper MX Series routers devices with MS-MIC or for SRX Series devices, because for these devices an identity key is used to authenticate the sessions and it is allowed for private IP address to be translated into two different public IP addresses. PR1386011

  • MX Series BNG does not allow two subscribers with the same framed-route prefix and preference values. It allows the first subscriber to log in, while the second subscriber is denied access. When the second subscriber tries to log in, the bbe-smgd daemon crashes and generates a core file. PR1387690

  • In a subscriber management environment, if CoS adjustment is performed for DHCP subscribers-based on DHCP tags, output of the show class-of-service interface command for a DHCP subscriber interface might incorrectly show the adjusting application as PPPoE IA tags instead of DHCP tags. PR1387712

  • The bbe-smgd does not respond to NS from the SLAAC client on dynamic VLAN. PR1388595

  • In a subscriber-management environment, it is not possible to control CoS adjustment based on DHCP tags, because the configuration command class-of-service adjustment-control-profile <profile-name> application dhcp-tags is ignored. Both CoS adjustments based on PPPoE IA tags and based on DHCP tags were controlled by the command class-of-service adjustment-control-profile <profile-name> application pppoe-tags. PR1390101

High Availability (HA) and Resiliency

  • With GRES enabled and set system syslog file messages daemon any configured, a log message regarding ksyncd might be generated on the backup Routing Engine. PR1203163

  • The ksyncd might crash. PR1275022

  • A node-slicing setup downing the CB ports on both servers might result in one or more GNFs displaying “not ready” under the show system switchover command. Performing a NSR in this state might result in protocol flaps and traffic disruption. As a workaround, run the restart kernel-replication command on the backup Routing Engine. This will restart ksyncd and make the system GRES ready. PR1306395

  • On MX Series routers with MS-DPC, if sampling or flow-monitoring is configured, the ksyncd on the new backup Routing Engine might crash continuously after performing a GRES. This might cause GRES to not be ready. The ksyncd becomes unrecoverable until you reboot the backup Routing Engine. PR1329276

  • When GRES is configured with large-scale configurations (for example, 20,000 subscribers), if the ksyncd repeatedly runs into replication error, the kernel synchronization process (ksyncd) triggers a "gather-crashinfo" script, which is run by ksyncd internally, to generate debug information into files on both the master and backup Routing Engines. If the files generated run into GB, then it might lead to insufficient available space on the hard disk. And the debug information as well as all the core will be saved in one single .tgz file on the backup Routing Engine. PR1332791

  • The following error is seen during early unified ISSU validation phase: error: not enough space in /var on re1. As a workaround, make sure that the space available in /var is twice the size of the target image. This is the basic requirement for unified ISSU to proceed. PR1354069

  • In an MX Series Virtual Chassis scenario, if any events cause the Virtual Chassis to split, then reforms such as VCP port flaps or backup restarts, or the master Routing Engine in the Virtual Chassis backup router (VC-Bm) might not synchronize with the master Routing Engine in the Virtual Chassis master router (VC-Mm). PR1361617

Infrastructure

  • The rpcbind service opens a nonsecure secure port (111) to the outside world. As workaround, restrict the service only to internal ports. PR1296262

  • The syscalltrace.sh script gets installed as part of the Junos OS starting in Junos OS Release 16.1R1 and later releases. The script is triggered whenever there is a replication error on the backup Routing Engine. It logs the system function call to the output file, which provides additional debug information. But it might create large files because of a bug in this script. As a workaround, it is recommended to uninstall this script after Junos OS is upgraded in the production network. The uninstallation of this script will not have any functionality impact on the router. PR1306986

  • Kernel crash (vmcore) occurs during broadcast storm after enabling monitor traffic interface fxp0. Refer to https://kb.juniper.net/JSA10863 for more details. PR1322294

  • The freeBSD kernel creates threads to perform various tasks, but when these threads exit portions of their memories are not released properly. PR1328273

  • On all platforms running Junos OS, on a port configured with both dot1x static MAC by pass and normal authentication, the hosts configured for static MAC by pass might not be able to send traffic. PR1335125

  • A kernel crash is seen and the system will restart after the device issues a race condition in an SNMP query reply scenario. PR1351568

Interfaces and Chassis

  • On MX240, MX480, and MX960 platforms IPv6 neighborship is not created on the IRB interface. PR1198482

  • If there are optical transport network (OTN) interfaces on the router, the output value is incorrect when you use the CLI and SNMP walk to query the optical power of these interfaces. This is a cosmetic issue with no traffic impact. The displayed value does not represent the actual optical power of the interfaces. PR1216153

  • On MX Series MPC7E, MPC8E, and MPC9E line cards, the Packet Forwarding Engine crashes while fetching interface-statistics with extended-statistics enabled (CVE-2017-10611). Refer to https://kb.juniper.net/JSA10814 for more information. PR1247026

  • Rate-limit dropped packets are not displayed by the [show interfaces <ifl> detail] and [show interfaces <ifl> extensive] commands. The drop can be seen with the show interfaces queue command. This is cosmetic issue and traffic is passing correctly. PR1249164

  • The jpppd process might report error messages about RLIMIT_STACK and RLIMIT_SBSIZE after issuing the command show version detail. PR1262629

  • Continuous error messages might be seen when the physical interface quickly flaps on MPC7, MPC8, and MPC9E cards. This might cause egress stream flush failure. PR1271089

  • The BERT test shows the elapsed time "in progress" but gets stuck and never gets completed. PR1274896

  • Starting with Junos OS Release 16.1 and later releases, the monitor interface on the aggregated Ethernet logical interface shows incorrect BPS value compared to show interface output. The issue is not visible if taking value of the monitor interfaces on aggregated Ethernet physical interfaces. PR1283831

  • When executing Routing Engine switchover, the dcd process will do a check on the aggregated Ethernet interface. The check will fail if the aggregated Ethernet interface has a member interface with “framing” settings. The failed check will trigger both the aggregated Ethernet interface and its member interface to flap. PR1287547

  • The family inet shows as Not configured after adding or deleting the loopback address. PR1294267

  • In a Layer 2 Tunneling Protocol (L2TP) scenario with enhanced subscriber-management mode and an MX Series routers working as L2TP network server (LNS), some L2TP subscribers with fixed-IP returned by RADIUS might not be cleared if the access-internal routes of such subscribers fail to install. PR1298160

  • With this change, you can configure delay-buffer-rate on inline LSQ interfaces. PR1300281

  • IRB interface is showing incorrect bandwidth value. PR1302202

  • If one logical interface changes virtual router (VR) state from master to backup, the traffic might get silently dropped and discarded for other logical interfaces that shares the same group ID on a physical interface. PR1305327

  • On MX104 platforms with the set system process ethernet link-fault-management disable command configured, AFEB might not come up after restarting the router/AFEB. PR1306707

  • After executing the command request system reboot both-routing-engines in a GRES scenario, the jpppd process might become unresponsive and stop handling Point-to-Point Protocol (PPP) control traffic. No subscribers can log in. PR1310909

  • In a PPPoE subscriber management scenario, if subscriber authentication fails, the subscriber logical interface will be in disable state. This will cause the jpppd process to drop the next Link Control Protocol (LCP) termination request packet from the subscriber, instead of answering it with LCP Ack and closing the PPPoE session with a PPPoE Active Discovery Termination (PADT) packet. This might impact the session setup for this subscriber. PR1311113

  • There are two issues regarding this problem report. The first one is that if ufec with OTN is configured, and the physical link goes down, CPU will go to 100 percent. The second issue is that when ufec with OTN is configured on unconnected interfaces, CPU will go to 100 percent. PR1311154

  • The ifinfo process might crash and generate a core file when executing CLI command show interfaces <name> with the name greater than 128 characters. PR1313827

  • There is no route to the IP address from the directly connected route on the static VLAN demux interface if the configuration of the static VLAN demux interface is changed from an unnumbered approach to a configuration with an explicit IP address (for example, /30 ). PR1318282

  • On MX Series routers, when PPPoE is tunneled at the MX Series router (LNS - L2TP network server) or the PPPoE session terminates at the MX Series router, the PPP NCP cannot be enabled in the active mode for the multilink PPP session. PR1319580

  • The result of the output is incorrect when executing the command show interfaces interface-set. It is a display issue related to logical interface on MX80, MX10, and MX104. PR1319682

  • When running an MX Series router for BNG and subscriber management functionalities, the dual-stacked subscriber “IPv6 framed interface id field” (from show subscribers extensive output) is not matching the negotiated one. PR1321392

  • Internet Protocol Control Protocol (IPCP) negotiation might fail for dual-stack PPPoE subscribers. PR1321513

  • In subscriber management scenario with DEMUX configured, in the case where subscribers belonging to one aggregated Ethernet interface are migrated to a new configured aggregated Ethernet interface, subscribers might fail to access the device after deleting the old aggregated Ethernet configuration. PR1322678

  • If a BGP session flaps in a dynamic-tunnels Generic Routing Encapsulation (GRE) scenario, fault log messages might fill log files. The issue does not have an impact on traffic. PR1326983

  • In a PPPoE subscriber environment, continuous fault log messages might be seen on the backup Routing Engine. The issue does not have an impact on service. PR1328251

  • The issue occurs when multiple Virtual Router Redundancy Protocol (VRRP) groups are separately configured on different units of an aggregated Ethernet bundle, the unit 1 of which has both inner and outer VLAN configured. All the other VRRP groups might malfunction with a period of the time configured by "failover-delay" under the VRRP stanza, after deleting aggregated Ethernet bundle unit 1. PR1329294

  • The cfmd process generates a core file and restarts while the cfmd iterator and/or rmep statistics are being retrieved. PR1329779

  • In the case where the interface is configured as a member of interface-set, it might not work properly after an unrelated FPC (not the one where the interface resides at) restarts. The affected FPC is the restarted one. PR1329896

  • In some situations, like multiple commits in a short time with a scaled configuration, dcd memory leak might occur. This could cause the commit to fail. PR1331185

  • In a subscriber management environment, trace logs for jpppd process (configurable in ppp-service stanza) might miss the last digit of the interface name. PR1332483

  • On platforms running Junos OS and with SNMP configured, the SNMP requests optIfOChSinkCurrentExtTable on the valid interface. If the result data is invalid, this might cause transportd to crash. Transportd keeps the interface configuration cache. After it crashes, the function of the interface discontinues and recovers soon. This issue might be seen on all platforms with transportd support for optics. PR1335438

  • On GRES the implicit filters set by DFWD are cleared by DCD. Hence, a momentary dip in traffic is observed. PR1336455

  • On MX Series Junos subscriber management (JSM) environment, when GRES is disabled, restarting chassisd might cause the FPC to restart and some demux interfaces to be deleted. PR1337069

  • When multiple VRRP sessions with the same group-id are configured on the same port (aggregated Ethernet interface or a physical interface), the VRRP virtual IP will be not reachable. PR1338277

  • The MX Series router running in PPPoE subscriber management mode drops the first incoming LCP configure-request message and accepts the subsequent packets. Because of this behavior, the customer might incur a small latency in establishing the subscriber connection. PR1338516

  • The 100G dense wavelength division multiplexing (DWDM) interface might be going down for 15 seconds after a loss of signal event. PR1343535

  • On MX Series routers with PPPoE subscriber scenario, when on-demand-ip-address is enabled, a high frequency of on-demand IP address allocation requests might be seen. As a result, authd runs in high CPU usage and subscriber login fails. PR1348578

  • In L2TP scenario when MX Series router functions as L2TP Tunnel Switch (LTS), there is a memory leak in jpppd process running on the backup Routing Engine, which will eventually lead to generating jpppd core file because of an out-of-memory condition. There is no functional impact, because this action occurs on the backup Routing Engine. PR1350563

  • If the multichassis aggregated Ethernet (MC-AE) is configured with enhanced-convergence and the number of logical interfaces under the aggregated Ethernet physical interface are high, the FPC might be stuck at 100 percent during initial configuration load or FPC restart and this might result in other event processing being delayed. This issue only affects MX Series routers with MX Series-based FPC. PR1353397

  • When the link speed of the aggregated Ethernet bundle is configured to oc192, certain sequence operations might lead to the aggregated Ethernet interface flap, which affects the traffic. As a workaround, configure the member links, then, remove a member link from the bundle, and then add a member link back. PR1355270

  • When on-demand-ip-address is configured, the PPPoE client remains in an endless loop of continuously sending IPCP configuration requests. PR1360846

  • In subscriber management scenarios with PPPoE access models, during unified ISSU, it is possible to lose a small number of active subscribers after the unified ISSU is completed if certain timing conditions occur. These timing conditions might trigger session-database-related discrepancies between the jpppd daemon and the underlying statesync infrastructure, causing subscriber record loss. These subscribers, however, should be able reconnect right away minimizing any service outage. PR1360870

  • The maximum number allowed for subinterfaces of a LAG interface is 2048. However, a software defect introduced in Junos OS Release 17.2R1 does not enforce this. The problem should be fixed to enforce the maximum number of allowable subinterfaces. PR1361689

  • Messages like dcd[5304]: is_ih_chan_ci_candidate: 2124 ifname [ds-5/0/2:4:1] is chan ci candidate are reported by DCD with priority of ERROR during a commit operation. These do not denote any operational impact and can be filtered out safely. PR1363536

  • In a corner case, in which the pfed daemon is still initializing after fresh upgrade, and jpppd is up and processing subscriber login, a subscribers issue might occur. This is because jpppd ends up waiting indefinitely for pfed to respond with a subscriber statistic request. PR1368650

  • On MX Series routers that supports dynamic Multilink Point-to-Point (MLPPP) subscriber, if the dynamic-profile name contains more than 30 characters, MLPPP subscribers might be unable to negotiate sessions with the server, and cannot log in because of this issue. PR1370610

  • Under rare circumstances, MX Series Virtual Chassis unified ISSU might abort with the message Timed out Waiting for protocol backup chassis master switch to complete. PR1371297

  • If vlan-id none is configured for interface (for example, set interfaces <xx> unit <xx> vlan-id none), the dcd process will go down after committing this configuration. A check error should be reported when committing this configuration so as to avoid the dcd crash. PR1374933

  • On MX480 MCLAG, when parse_remove_ifl_from_routing_inst() command is executed, the following error is seen after l2cpd daemon is restarted: ERROR : No route inst on et-0/0/16.16386. PR1373927

  • On MX Series routers, if configuring duplicate IP on the SONET (so-) interface between and another type of interface, the other interface might not get the IP address. PR1377690

  • On MX Series routers, the bbe-subscriber management daemon (bbe-smgd) reports some error logs because of jpppd sent out LCP config-reject message. However, the bbe-smgd misses such type message code in Tx direction. It has no service impact. PR1378912

  • Static demux interface stacking over the PS interface is not supported and might cause the dcd process to restart. The commit process should not allow such a configuration. PR1382857

J-Web

  • On Junos OS a denial-of-service vulnerability in J-Web service might allow a remote unauthenticated user to cause denial-of-service, which might prevent other from authenticating or performing J-Web operations. Refer to https://kb.juniper.net/JSA10897 for more information. PR1264695

Layer 2 Ethernet Services

  • After changing the outer vlan-tags, the logical interface is programmed with incorrect STP state and gets discarded. Hence, the traffic drop is seen. PR1121564

  • When MSTP or VSTP is configured, if GRES is enabled but nonstop bridging (NSB) is not enabled, after Routing Engine switchover, the MAC address might not be learned due to spanning-tree state "discarding" in the kernel table. PR1205373

  • The IA_PD prefix might be deleted when MX Series routers receives a DHCPv6 IA_NA request. PR1286359

  • ARP requests are not generated for IRB configured in VPLS over GRE tunnel. PR1295519

  • PPPoE/DHCP clients cannot log in to PPPoE/DHCP dual-stack subscriber scenario. PR1298976

  • A parameter-handling problem might cause the kernel to panic when a neighbor discovery message arrives on an IRB interface. PR1303415

  • Multiple jdhcpd core files are generated in jdhcpd_update_groups at ../../../../../../src/junos/usr.sbin/jdhcpd/jdhcpd_config.c:2290. PR1311569

  • DHCPv6 traffic might be dropped in subscriber scenario. PR1316274

  • jdhcpd core file might be generated after making DHCP configuration changes. PR1324800

  • The snmpget for OID: dot3adInterfaceName might not work. PR1329725

  • A denial-of-service vulnerability exists in the Juniper Networks Junos OS jdhcpd daemon that allows an attacker to generate jdhcpd daemon core files by sending a crafted IPv6 packet to the system. Refer to https://kb.juniper.net/JSA10868 for more information. PR1334230

  • In a DHCPv6 environment, when a DHCPv6 packet with a big client-id option size (more than 255 bytes) is received, the jdhcpd process might spike to 100 percent, which results in memory corruption and an unusable DHCP service. PR1334432

  • The memory leak might happen in l2cpd if the l2-learning process is disabled. PR1336720

  • On MX Series platforms with DHCPv6 running over the access model where the underly is a PPP session (LNS or PPPoE), when the customer premises equipment (CPE) sends a separate DHCPv6 solicit message for the IA_NA and the IA_PD prefix, the second solicit for the same session might fail. PR1340614

  • ZTP process does not start to load image and configuration for MX Series PPC routers, because there are no ZTP infrastructure scripts. PR1349249

  • When DHCP subscribers are in BOUND (LOCAL_SERVER_STATE_WAIT_GRACE_PERIOD) state, if dhcp-service is restarted then the subscribers in this state are logged out. PR1350710

  • DHCP relay agent discards DHCP request message silently if the requested IP address has been allocated to the other client. PR1353471

  • Restart FPC with homing micro-bfd link causes lacp to generate a core file. PR1353597

  • DHCPv6 relay ignores responses from server when renewed. PR1354212

  • jdhcpd crashes during processing DHCPv6 information request. PR1368377

  • On MX Series routers, if static demux interface over underlying is configured, after subscriber logout, the accounting statistics are not cleared. PR1383265

Layer 2 Features

  • On MX Series routers with MPCs or MICs-based platforms, packets received on the IRB interface in Virtual Private LAN Services (VPLS) will get double tagged. PR1295991

  • The rpd process memory leak is observed upon any changes in VPLS configuration like deleting/re-adding VPLS interfaces. PR1335914

  • VPLS instance stays in NP state after LDP session flap. PR1354784

MPLS

  • Minor difference between mpls.statistics and adjusted BW. PR1259500

  • Potential issues are seen with policy based selection of RSVP LSPs. PR1261739

  • The ingress RSVP LSP fails to come up after clear rsvp lsp is performed on egress router. PR1275563

  • The rpd might crash in LDP L2circuit scenario. PR1275766

  • MPLS l2ckt ping packet is incorrectly parsed by the output loopback filter. PR1288829

  • In Junos OS Release 16.1 and later releases, if LDP egress policy is used for inet.3 BGP labeled-unicast route, the route lable might not be installed in the Label Distribution Protocol (LDP) database. PR1289860

  • Received MTU might not get updated in RSVP MTU signaling. PR1291533

  • The process rpd might crash when performing MPLS traceroute. PR1299026

  • The traffic in P2MP tunnel might be lost when next-generation MVPN uses RSVP-TE. PR1299580

  • The rpd process might crash in rare conditions where traffic-engineering is configured. PR1303239

  • On all platforms running Junos OS with the Junos Telemtry Interface, MPLS statistics sensor and GRES are configured. The kysncd process might crash when the backup Routing Engine is removed or inserted. PR1303491

  • The feature "explicit-null" might block host-bound traffic incoming from LSP. PR1305523

  • The RSVP node-hello packet might not work correctly after the next hop for the remote destination is changed. PR1306930

  • On a router with UHP-based LSP configuration, the rpd process might crash when interfaces are down. PR1309397

  • The rpd process might crash if LDP updates the label for BGP route. PR1312117

  • Delayed show mpls container-lsp output. PR1314960

  • RSVP node-neighbor is found even when node-hello has been disabled. PR1317241

  • The rpd might crash after the primary link failure of link protection. PR1317536

  • With dynamic tunnels configured, the rpd might crash when the rpd is restarted or Routing Engine switchover is executed. PR1319386

  • The IPv4 or IPv6 multicast traffic might get dropped in MX Series Virtual Chassis when the traffic comes in through Layer 2 circuit and goes out through aggregated Ethernet member interface across Virtual Chassis members. PR1320742

  • The rpd might crash because of the memory leak in RSVP scenario. PR1321952

  • Receipt of specially crafted UDP/IP packets over MPLS might be able to bypass a stateless firewall filter. The crafted UDP packets must be encapsulated and meet a very specific packet format to be classified in a way that bypasses IP firewall filter rules. The packets themselves do not cause a service interruption (for example, rpd process crash), but receipt of a high rate of UDP packets might be able to contribute to a denial-of-service attack. PR1326402

  • SNMP OID counters for mplsLspInfoAggrOctets show constant value for some LSPs even though traffic is constantly increasing in show mpls lsp statistics. PR1327350

  • Receipt of a specific MPLS packet might cause the routing protocol process (rpd) to crash and restart or might lead to remote code execution. By continuously sending specific MPLS packets, an attacker can repeatedly crash the rpd process, causing a sustained denial-of-service. Refer to https://kb.juniper.net/JSA10877 for more information. PR1328058

  • Packets loss might be observed when auto-bandwidth is enabled for CCC connections. PR1328129

  • The rpd might crash on backup Routing Engine because of the memory exhaustion. PR1328974

  • The statement install-nexthop lsp/lsp-regex in policy does not work with dynamic LSPS (Rsvp automesh). For example, an egress PE device is reachable through three automesh lsps set routing-options dynamic-tunnels LSP-OTHER-AUTOMESH-1 rsvp-te LSP-OTHER label-switched-path-template LSP-OTHER-TEMPLATE, set routing-options dynamic-tunnels LSP-OTHER-AUTOMESH-2 rsvp-te LSP-OTHER label-switched-path-template LSP-OTHER-TEMPLATE, set routing-options dynamic-tunnels LSP-TEST-AUTOMESH rsvp-te LSP-TEST label-switched-path-template LSP-TEST-TEMPLATE, [edit] user@host# run show route 2.2.2.2 inet.0: 24 destinations, 24 routes (24 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 2.2.2.2/32 *[IS-IS/18] 1d 02:30:39, metric 20 > to 10.1.1.2 via ge-0/0/1.0 to 10.1.1.6 via ge-0/0/2.0 inet.3: 1 destinations, 2 routes (1 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 2.2.2.2/32 *[RSVP/7/3] 00:00:08, metric 20 > to 10.1.1.2 via ge-0/0/1.0, label-switched-path 2.2.2.2:dt-rsvp-LSP-OTHER-AUTOMESH-1 to 10.1.1.2 via ge-0/0/1.0, label-switched-path 2.2.2.2:dt-rsvp-LSP-OTHER-AUTOMESH-2 to 10.1.1.6 via ge-0/0/2.0, label-switched-path 2.2.2.2:dt-rsvp-LSP-TEST-AUTOMESH [Tunnel/300] 1d 02:30:44 Tunnel[edit] user@host# . The policy is configured to use LSP-TEST for routes with community 64723:777, but not for other routes: set policy-options policy-statement USE-TEST-FOR-COMM term 10 from community COMM, set policy-options policy-statement USE-TEST-FOR-COMM term 10 then install-nexthop lsp-regex .*-TEST-.*, set policy-options policy-statement USE-TEST-FOR-COMM term 10 then accept, set policy-options policy-statement USE-TEST-FOR-COMM term 20 then install-nexthop except lsp-regex . On testing set policy-options policy-statement USE-TEST-FOR-COMM term 20 then accept set policy-options community COMM members 64723:777, set routing-options forwarding-table export EXPORT-PPLB, and set routing-options forwarding-table export USE-TEST-FOR-COMM. This policy does not work as it is clear from the following output: user@host# run show route community 64723:777 Vrf1.inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 40.1.1.1/32 *[BGP/170] 00:27:49, localpref 100, from 2.2.2.2 AS path: I, validation-state: unverified > to 10.1.1.2 via ge-0/0/1.0, label-switched-path 2.2.2.2:dt-rsvp-LSP-OTHER-AUTOMESH-1 to 10.1.1.2 via ge-0/0/1.0, label-switched-path 2.2.2.2:dt-rsvp-LSP-OTHER-AUTOMESH-2 to 10.1.1.6 via ge-0/0/2.0, label-switched-path 2.2.2.2:dt-rsvp-LSP-TEST-AUTOMESH [edit] user@host# run show route table Vrf1.inet.0 Vrf1.inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 40.1.1.1/32 *[BGP/170] 00:00:12, localpref 100, from 2.2.2.2 AS path: I, validation-state: unverified > to 10.1.1.2 via ge-0/0/1.0, label-switched-path 2.2.2.2:dt-rsvp-LSP-OTHER-AUTOMESH-1 to 10.1.1.2 via ge-0/0/1.0, label-switched-path 2.2.2.2:dt-rsvp-LSP-OTHER-AUTOMESH-2 to 10.1.1.6 via ge-0/0/2.0, label-switched-path 2.2.2.2:dt-rsvp-LSP-TEST-AUTOMESH 50.1.1.1/32 *[BGP/170] 00:00:12, localpref 100, from 2.2.2.2 AS path: I, validation-state: unverified > to 10.1.1.2 via ge-0/0/1.0, label-switched-path 2.2.2.2:dt-rsvp-LSP-OTHER-AUTOMESH-1 to 10.1.1.2 via ge-0/0/1.0, label-switched-path 2.2.2.2:dt-rsvp-LSP-OTHER-AUTOMESH-2 to 10.1.1.6 via ge-0/0/2.0, label-switched-path 2.2.2.2:dt-rsvp-LSP-TEST-AUTOMESH. PR1313185

  • With dynamic tunnels configured, the rpd might crash when the rpd is restarted or Routing Engine switchover is executed. PR1319386

  • The rpd might crash while tracing LSP events when MPLS traceoption is configured. PR1329459

  • After RSVP MPLS label switched path (LSP) link flaps (link goes down and comes back up), RSVP tries to create a second MPLS LSP instance. If resv/pathErr message drops for the second MPLS LSP instance, then the second MPLS LSP instance is stuck, and no further optimizations are possible. PR1338559

  • Whenever there is a decrease in the statistics value across an LSP, the mplsLspInfoAggrOctets value takes two intervals to get updated. PR1342486

  • LDP label is generated for serial interface subnet route unexpectedly. PR1346541

  • On all Junos OS platforms that support MPLS, the LSP might not come up after changing the MPLS admin-group mapping in all nodes of the LSP path, because the LSP configuration is not able to update its admin-group when the global admin-group (under the MPLS hierarchy) is changed. PR1348208

  • The rpd might crash in an RSVP setup-protection scenario. PR1349036

  • If interface flapping occurs on downstream device, some LSPs might get stuck on the upstream devices even if the LSP state is UP. PR1349157

  • In a rare scenario, rpd might crash when LDP fails to allocate self-id for the P2MP FEC. PR1349224

  • Non-deterministic load balancing of Routing Engine generated traffic is observed. PR1354738

  • Packets destined to the master Routing Engine might be dropped in the kernel when LDP traffic statistics are polled through SNMP. PR1359956

  • With l2-smart-policy configured for Label Distribution Protocol (LDP), the L2 circuits might flap if the LDP targeted adjacency also has a link hello adjacency and the interface with the link hello adjacency goes down. PR1360255

  • In MPLS scenario with RSVP-signaled point-to-multipoint (P2MP) LSPs configured, rpd might crash during P2MP LSPs churn. PR1363408

  • In Resource Reservation Protocol (RSVP) scenario, the label-switched path (LSP) might remain UP even if no path is acceptable because of constrained shortest path first (CSPF) failure. There are two scenarios that might result in CSPF failure. Scenario 1 with MBB: Optimization timer fires during make-before-break (MBB). Scenario 2 without MBB: A link/IGP flap causes CSPF, but it depends on timing. PR1365653

  • In BGP labeled-unicast (LU) scenario, when labeled BGP route leaked into Label Distribution Protocol (LDP) using the LDP egress policy and either set protocols mpls traffic-engineering mpls-forwarding or bgp-igp-both-ribs is configured, after the BGP route gets deleted in one routing table (either inet.3 or inet.0), the LDP might spin to allocate and deallocate labels until it run out of labels. This causes rpd to crash. PR1366920

  • When RSVP link or node protection is deployed and RSVP authentication is used, if the point of local repair (PLR) router and the merge point (MP) router run different versions of Junos OS software during local repair, that is, one earlier release of Junos OS 16.1 release and the other Junos OS 16.1 later release. The RSVP authentication errors might occur for the bypass MPLS LSP and cause traffic loss. PR1370182

  • Enhance MPLS LDP traceroute process to accommodate devices that do not support RFC6424 - LSP ping with TLV 20, DDMT. PR1372924

  • When there is more than one RSVP LSP toward the same downstream neighbor and more than one such downstream neighbor exists, if one of the interfaces toward one downstream neighbor is brought down, the weight might become unequal for ECMP and then the traffic might not be load-balanced equally. PR1373575

  • Applying RSVP traceoptions with nsr-synchronization flag or all flag on an NSR-enabled device might cause the rpd process to crash because of memory corruption. The memory corruption occurs when the size of the received RSVP path message being replicated from the master Routing Engine to the standby Routing Engine is greater than 768 characters. PR1376354

  • On Junos OS, receipt of a specifically crafted malicious MPLS packet leads to a Junos kernel crash (CVE-2018-0049). Refer to https://kb.juniper.net/JSA10883 for more information. PR1380862

Multicast

  • When DHCPv6 relay in a non-default routing instance is configured and there is no server group, packets in UDP might be dropped because the route table index matching check fails. This is a rare configuration. PR1316210

  • Multicast traffic is not forwarded on the newly added P2MP branch/receiver. PR1317542

  • This issue occurs on platforms running Junos OS enabled with Protocol Independent Multicast(PIM) sparse mode and Internet Group Management Protocol(IGMP). In this scenario, the upstream PIM code is connected through two interfaces, A and B. A is the Reverse Path Forwarding (RPF) interface with the multicast traffic flowing through, and B is the non-RPF interface (for example, a Layer 2 integrated routing and bridging interface). If there is some network change that leads to all PIM status cleanup, and causes the multicast traffic starting to flow through B instead of A, some IGMP groups might still have upstream interface A because the discard route is incorrectly installed in the PIM and could not get timed out. PR1337591

Network Management and Monitoring

  • The show arp no-resolve interface X for inexistent interface X is showing all unrelated static ARP entries. PR1299619

  • After SNMP configuration activation the snmpd process starts to consume a lot of CPU time. PR1300016

  • The syslog might generate duplicate entries of hostname and timestamp. PR1304160

  • The mib2d might crash when SNMP polling on interface mibs and meanwhile FPC restarts or interface flaps. PR1318302

  • The jnxDomLaneAlarmSet trap is sent with an empty interface description. PR1318913

  • SNMP stops or becomes very slow after a very long period of time. PR1328455

  • With interafce-mib command, MX Series router is responding with type : NoSuchInstance for OIDs when multiple OIDs are polled in one SNMPGET request. PR1329749

  • jnxDcuStatsEntry and jnxScuStatsEntry OIDs are missing post interface configuration change. PR1354060

Platform and Infrastructure

  • The forwarding-class-accounting enhanced feature is not supported in combination with forwarding-options hyper-mode. Using both features together results in traffic being silently discarded or dropped. PR1198021

  • Configuration changes under logical system with LSYS user does not take effect on single commit with fast synchronize enabled. PR1265139

  • On MX Series routers, if a large number of routes are processed, then the Packet Forwarding Engine of the MS-MPC might crash. PR1277264

  • Even though multicast appears to be active with the show multicast route extensive command, it is not forwarded to the subscriber interface. PR1277744

  • EVPN-VXLAN traffic gets dropped as "Incorrect vxlan fw path executed" due to a sampling configuration on the core interface. PR1280539

  • With MX Series-based MPC, if the IRB index gets an invalid value and the IRB interface is deleted or any configuration change is made for this IRB interface, an MPC crash might be seen. PR1281107

  • In a rare case, error messages might be observed and the IF queue counters will not be incremented on the MPC5E card. PR1283850

  • The dexp process might crash after committing set system commit delta-export. PR1284788

  • Administratively disabling an interface might cause high FPC CPU usage. PR1285673

  • Executing the command of show services inline ip-reassembly statistics might cause ukern sheaf memory leak. PR1285833

  • Generate-event time-interval usage now triggers the event only on the actual expiry of the time internal. PR1286803

  • Incorrect load-balancing on the aggregated Ethernet interface might occur if traffic goes from MS-DPC to MPC in enhanced-IP mode. PR1287086

  • The output values of command show system resource-monitor are not accurate. PR1287592

  • There might be memory leak on MX Series with MPCs and MICs-based card if the next hop address that is defined in the next-hop-group is reachable through multiple interfaces. PR1287870

  • On Junos OS, the unauthenticated remote root access is possible when RSH service is enabled (CVE-2018-0052). Refer to https://kb.juniper.net/JSA10886 for more information. PR1288932

  • The mgd process throws an error: Couldn't open library: /usr/lib/render/libvccpd-render.tlv. PR1289158

  • When a non-root user accesses the device through a CLI session, issuing the load replace terminal CLI command and attempting to replace the interface stanza in the same operation might terminate the current CLI session and and cause the user session to hang. PR1293587

  • The scale-subscriber license might leak on the backup Routing Engine during bulk subscriber logout. PR1294104

  • The mgd process generates a core file after GRES in a subscriber environment. PR1298205

  • RMOPD_HW_TIMESTAMP_INVALID is reported 2 to 4 times a day, which raises an alarm when polled through jnxRpmResSumPercentLost MIB. PR1300049

  • Packet corruption with EVPN MPLS double label push with 3 or more ieee 802.1Q VLAN tags. PR1300211

  • Traffic might be dropped in egress Packet Forwarding Engine because of hashing mismatch. PR1300789

  • Packet Forwarding Engine might crash after MPC reset in firewall filter scenario. PR1300990

  • All traffic can be Tail-/RED-dropped on some interfaces when chassis fpc max-queues is configured. PR1301717

  • Classifier does not get applied on the aggregated Ethernet member links on DPC (I-chip) based platforms with CoS configured. PR1301723

  • Logs such as cassis_alloc_index_pool_create: SVC NH 0x00b00000[0] poolsize 0x000fffc0 is not a multiple of blk_sz 0x00001000 are seen. The logs are cosmetic and have no service impact. PR1301924

  • MX Series FPC wedges when creating more than 4000 logical tunnel interfaces per Packet Forwarding Engine. PR1302075

  • The interface-mac-limit might fail for aggregated Ethernet interface. PR1303293

  • On an affected FPC type, when traffic is passed through the optimized loopback path (for example, using lt- interfaces) with packet sizes more than 512 bytes, the forwarding through the Packet Forwarding Engine might stall or you might notice performance degradation. The following syslog entry will be reported: MQSS(0): LI-1: Received a parcel with more than 512B accompanying data. The MPC that reports this syslog error message needs to be restarted to recover from this condition. The problem is applicable to MX204, MX480, MX960, MX1003, MX2010, and MX2020 using MPC7, MPC8, and MPC9E line cards (MPC1, MPC2, MPC3, MPC4, MPC5, and MPC6 are not affected). Remaining MX Series platforms such as MX5, MX40, MX80, and MX104 are not affected by this issue. PR1303529

  • The TWAMP Request-TW-Session message's Type-P Descriptor format is not RFC-compliant. PR1305752

  • The message system reaching processes ceiling low watermark might be seen. PR1305964

  • On MX Series routers with MPCs or MICs, the resource monitor (RSMON) thread might be stuck in a loop, consuming 100 percent of FPC CPU. PR1305994

  • Service cookie opaque data reset incorrectly leading data sent to service pic getting corrupted. PR1310904

  • The MPC1 or MPC2 might crash because of CPU hogging after the chip fails to initialize. PR1312286

  • ICMP error messages are seen in Packet Forwarding Engine and is forwarded to the correct pic in the AMS bundle. PR1313668

  • The statement rate-limit configured with small temporal buffer size might cause packet loss. PR1317385

  • Multicast traffic might get duplicated when MoFRR is configured. PR1318129

  • Move XQ_CMERROR_XR_CORRECTABLE_ECC_ERR to minor and re-classify remaining XQCHIP CMERROR from FATAL to MAJOR. PR1320585

  • Errors might be observed when "fabric-header-crc-enable" feature is enabled. PR1320874

  • The traffic with more than 2 VLAN tags might be incorrectly rewritten and sent out. PR1321122

  • On MX104 platforms, when sdk-vmmd fails to correctly identify the current platform, the syslog message is_platform_rainier: Platform could not be detected appears in error severity. However, for the MX104 this behavior is expected, so this should not be in error severity. Hence, reducing log severity from error severity to debug severity. PR1321622

  • The 'no-propagate-ttl' might not take effect if chained-composite-next-hop ingress l3vpn extended-space is configured. PR1323160

  • The MAC might not be learned on MX Series MPCs or MICs-based card because of the negative value of the bridge MAC table limit counter. PR1327723

  • The packet might get dropped in LSR if MPLS pseudowire payload does not have control word and its destination MAC starts with '4'. PR1327724

  • Traffic loss might be observed on LT interface. PR1328371

  • Directories and files under /var/db/scripts lose execution permission or directory 'jet' is missing under /var/db/scripts causing error: Invalid directory: No such file or directory error during commit. PR1328570

  • The tcpdump filter might not work in egress direction on ps and lt logical interfaces. PR1329665

  • A denial-of-service vulnerability in the telnetd service on Junos OS allows remote unauthenticated users to cause high CPU usage, which might affect system performance. PR1331234

  • Router hits database prompt at netisr_process_workstream_proto. PR1332153

  • RPM mib pingResultsMinRtt, pingResultsMaxRtt, pingResultsAverageRtt response as "1" while target address is unreachable,should be "0". PR1333320

  • On all Junos OS platforms, execution of Python scripts through enhanced automation does not work on veriexec images. PR1334425

  • Traffic loss might be seen for some flows because of network churn. PR1335302

  • Commit might fail with error reading from commit script handler, error: commit script failure. PR1335349

  • On MX104 routers running with dual Routing Engines with GRES enabled, when family inet6 is configured on the fxp0 interface and you configure set system management-instance , a kernel crash occurs. This issue seen only on the MX104 and not on the modular MX Series routers. PR1335903

  • The MPC might crash after setting max-queues to a very large number. PR1338845

  • Route corruption in Packet Forwarding Engine with CFM enabled on aggregated Ethernet. PR1338854

  • Configuring the same DHCP server in different routing instances is not supported in DHCP relay scenario. PR1342019

  • In a Virtual Router Redundancy Protocol (VRRP) scenario, the backup router resolves the destination to the VRRP virtual media access control address (VMAC), which resides on the master router. When the backup transitions to master it has to own the VMAC now. In this scenario, the kernel is deleting the earlier next-hop entries, which is the VMAC because of the proxy ARP, to program the Packet Forwarding Engine according to the latest VRRP transition. If any user route point to this next hop, it ends up being a route with a dead next hop, which leads to traffic loss to that destination. PR1342707

  • Route corruption in Packet Forwarding Engine with connectivity-fault-management is enabled for Layer 2 circuit. PR1342881

  • Multiple vulnerabilities in NTP have been resolved in Junos OS. Refer https://kb.juniper.net/JSA10898 for more information. PR1343195

  • When the aggregated Ethernet interface and the child Interface are in a configuration group that is applied through “apply-group”, if you execute the command set/delete interface xxx disable from a non-group, the interface might still stay in down physical state. PR1343317

  • On MX Series routers with MPC5, MPC6, MPC2E-NG, and MPC3E-NG, if the third or fourth logical tunnel (LT) interface is configured (for example, lt-x/2/x or lt-x/3/x) the queuing logic of those LT interfaces will not work properly and therefore packet drop might be seen on them. PR1345727

  • Multiple vulnerabilities in cURL and libcurl have been resolved in Junos OS. Refer to https://kb.juniper.net/JSA10874 for more information. PR1347361

  • The IPv4 GPRS traffic over aggregated Ethernet interface might be dropped if gtp-tunnel-endpoint-identifier is configured. PR1347435

  • FPC CPU utilization with LT interfaces is pegged continuously at 100 percent. PR1348840

  • Running RSI through console port might cause system crash and reboot. PR1349332

  • ICMP error messages are not generated if 'don't fragment' packets exceed the MTU of the multiservice interface. PR1349503

  • The FPC might crash because of the memory leak caused by the VTEP traffic. PR1356279

  • Traffic black hole seen along with JPRDS_NH:jprds_nh_alloc(),651: JNH[0] failed to grab new region for next hop messages. PR1357707

  • A vulnerability in the IP next-hop index database in Junos OS Release 17.3R3 might allow a flood of ARP requests, sent to the management interface, to exhaust the private internal routing interfaces (IRIs) next-hop limit. Once the IRI next-hop database is full, no further next hops can be learned and existing entries cannot be cleared, leading to a sustained denial-of-service (DoS) condition. PR1360039

  • Certain CLI functions are not triggering properly, because of the missing libraries on the router. Affected commands include set security ssh-known-hosts load-key-file and set system master-password. PR1363475

  • The error Disconnected after ISSU and before switchover might be seen and FPC is restarted during a unified ISSU. PR1364514

  • If you try to configure the same VLAN ID on multiple logical interfaces of the same GR interface, commit will fail with error two IFLs cannot have same vlan-id. PR1365640

  • On MX Series routers with MPC1, MPC1E, MPC2, and MPC2E, subscribers over aggregated Ethernet interface cannot utilize their bandwidth, because packets larger than 1500 are dropped. PR1368414

  • Forwarding broken after adding EVPN extended-vlan-id protocol. PR1368802

  • If a tunnel interface is anchored on an MX Series-based FPC and the class-of-service host-outbound-traffic ieee-802.1 rewrite-rules statement is configured, the host outbound traffic might get dropped when the traffic goes through this tunnel interface. PR1371304

  • On MX Series platforms, after a unified ISSU from Junos OS Release 14.2 to Junos OS Release 16.1, traffic drops on newly added interfaces because of a unified ISSU hardware synchronize phase issue. PR1371373

  • On MX Series routers with multicast-only fast reroute (MoFRR) enabled, any change that results in creation of a new RPF next hop might also result in JNH memory leak. PR1373631

  • When the scaling IFLset members and aggregated Ethernet members are configured on the same FPC, the FPC might crash when it restarts. PR1380527

  • The rpd might crash after issuing the operational command show route detail for RIP route. PR1386873

Routing Policy and Firewall Filters

  • When the policy condition configurations are used in export policy in BGP add-path scenario, the condition-based policy fails to take action even though condition is matched. PR1300989

  • The rpd might crash if vrf-target auto is configured under routing instance. PR1301721

  • The policy configuration might not be evaluated if policy expression is changed. PR1317132

  • Access-internal route might fail to be leaked between routing instances when "from instance" is configured in the policy. PR1339689

Routing Protocols

  • The show bgp summary shows incorrect results while assisting GR. PR1045151

  • The rpd might crash when running rpd for a long time. PR1092009

  • With multipath and the AS-PATH-IGNORE option enabled under BGP, either on global or routing instance, the multipath feature does not work. PR1163945

  • BGP extended communities with sub-type 4 erroneously displayed at LINK_BANDWIDTH. PR1216696

  • The routing protocol process (rpd) generates a core file in the ASBR when BGP is deactivated in the ASBR before all stale labels have been cleaned up. PR1233893

  • The rpd might crash after deactivating or activating BGP. PR1272202

  • Few bfd sessions flap while coming up after FPC restarts or reboots. PR1274941

  • After bfdd restart issue with next-generation MVPN and L2VPN route exchange causing MVPN and VPLS traffic drop. PR1278153

  • With NSR enabled, rpd might crash on master Routing Engine during kernel-id change. PR1278741

  • Under some extremely rare condition, OSPF neighbors might not come up if PIM is also configured in the same routing instance. PIM might install a multicast forwarding entry that prevents OSPF from receiving hello protocol messages. This happens in a rare situation when router control plane is under extreme load just after enabling OSPF and PIM. PR1279682

  • Routing loops might be seen after configuring BGP prefix independent convergence (BGP PIC). PR1282520

  • BGP updates might not be advertised to peers completely in certain condition. PR1282531

  • Some BGP-related traceoptions flag settings will not be effective immediately after the configuration commit, until the BGP sessions are flapped. PR1285890

  • With BGP traceoption enabled, executing the rollback and load merge commands for the configuration might cause rpd to crash. PR1288558

  • BGP-RR sends full route updates to its RR-Clients when any family mpls interface gets bounced due to any fiber cut or manual events causing high CPU spike. PR1291079

  • the multihop BFD sessions flap continuously. PR1291340

  • BGP monitoring protocol (BMP) might send malformed route monitoring messages. PR1292848

  • Graceful restart helper might lose capabilities during a peer establishment. PR1293174

  • Multicast flow reset might occur on OIF for RPT joined branch when PIM prune comes on another interface. PR1293900

  • The lmpd crashes repeatedly when logical-system is configured on the same device. PR1294166

  • Unified ISSU might take more time to complete and the FPC might go offline during unified ISSU reboot. PR1298259

  • The rpd process might crash because of the AS PATH check error that occurs when RIB groups are added first and later the routing instances are added. PR1298262

  • Inline-BFD on IRB will be broken after GRES or NSR switchover, and the anchor FPC subsequent goes offline. PR1298369

  • MSDP sessions might flap when NSR or GRES is enabled. PR1298609

  • Backup rpd crashed because the SNMP index passed from the master is different from the existing SNMP index. PR1298711

  • In Junos OS, the rpd might crash due to malformed BGP UPDATE packet (CVE-2018-0020). PR1299199

  • BGP might send incorrect AS path when alias is enabled and multiple peers are under the BGP group. PR1300333

  • IBGP route damping does not effect on IBGP inet-vpn address family. PR1301519

  • The rpd process might crash with a core file while deleting a multipath route. PR1302395

  • BGP sessions established without SYNC flag. PR1302426

  • Observed mcsnoopd core file at __raise,abort,__task_quit__,task_quit,task_terminate_timer_callback,task_timer_dispatch,task_scheduler_internal (enable_slip_detector=true, no_exit=true) at ../../../../../../src/junos/lib/libjtask/base/task_scheduler.c:275. PR1305239

  • The BFD session might flap when querying interface statistics through SNMP or executing show command through a CLI in vMX platform. PR1305308

  • BGP traceoption logs are still written when it is deactivated. PR1307690

  • Junos OS Release 16.2 and later might give the following error: Request failed: OID not increasing: ospfIfIpAddress.0.0.0.0.0 . PR1307753

  • Qualified next-hop resolution fails in some scenarios when there is a next-hop interface specified. PR1308800

  • BGP labeled-unicast protection might break multicast Reverse Path Forwarding (RPF). PR1310036

  • The BGP session might flap when the connection between the master Routing Engine and the backup Routing Engine keeps flapping with NSR configured. PR1311224

  • The rpd might crash when the neighbor IS-ISv6 router is restarted, causing route churn. PR1312325

  • Unexpected route age refresh might be observed if BGP PIC is configured. PR1312538

  • The IS-IS SPF might be triggered by LSP updates containing changes only in Reservable Bandwidth in TE extension. PR1313147

  • The rpd might crash if RIP neighbor is configured with the local interface IP address. PR1313712

  • The rpd might crash and generate core files with distributed IGMP. PR1314679

  • BGP prefixes with three levels of recursion for resolution will get stuck with a stale next hop at the first level after a link down event. PR1314882

  • The rpd might constantly consume high CPU in BGP setup. PR1315066

  • On a chassis with BMP configured, the rpd might crash when the rpd process is gracefully terminated. PR1315798

  • With an incorrect IP address that is duplicated with the existing address on the common subnet configured, OSPF has the issue to form adjacency, which is expected. After removing the incorrect configuration, OSPF neighbors can form adjacency (full state) and all the database can be received, but the OSPF routes cannot be installed to the routing table, and the corresponding traffic cannot be forwarded, until the lsa-refresh timer expires. PR1316348

  • The primary path of MPLS LSP might switch to other address. PR1316861

  • lsdb entry cleanup might cause rpd crash, if loop free alternative is configured. PR1317023

  • The inactive route cannot be installed in multipath next hop after disabling and enabling the next hop interface in L3VPN scenario. PR1317623

  • With a specific configuration for BGP and Label Distribution Protocol (LDP), if you make some changes to the active LDP route, the MPLS labels next hop for IPv4 labeled unicast route might be incorrect, and this could cause traffic to be siliently dropped or discarded. PR1317800

  • BGP-LU update oscillates with BGP-PIC. PR1318093

  • Remove syslog message that got added to code unintentionally. PR1318458

  • IS-IS might choose a sub-optimal path after the metric change in ECMP links. PR1319338

  • Traffic might get silently dropped and discarded temporarily when BGP GR is triggered and the direct interface flap. PR1319631

  • The rpd crash is seen when deactivating static route if the next hop interface is type of P2P. PR1323601

  • When a prefix limit is reached, increasing maximum-prefixes does not take effect. PR1323765

  • BGP peer is not established after Routing Engine switchover when a graceful restart and BFD is enabled. PR1324475

  • The mcsnoopd process has continuous 28-bits memory leak after having igmp-snooping enabled. PR1326410

  • Multiple next hops might not be installed for IBGP multipath route after IGP route update. PR1327904

  • The rpd might crash on backup Routing Engine after BGP peer is deleted. PR1329932

  • Manual GRES with MX Series Virtual Chassis results in some packet loss on core facing interfaces. PR1329986

  • On MX Series and vMX Series platforms with BGP add-path configured, the conditional routing cannot withdraw all routes. PR1331615

  • LDP route might disappear from inet.3 but still remains in inet.0 when OSPF rLFA and LFA protections are used. PR1333198

  • When primary interface returns, discard next hop remains until BGP LU neighbor is cleared. This only impacts the cloned route (S=0). PR1333570

  • Junos OS Release 15.1 and later, IGMP joins are not processed with passive allow-receive statement is configured on IGMP interface. PR1334913

  • BGP sessions get stuck in active state after remote end (Cisco) restart the device. PR1335319

  • On all platforms with Shared Risk Link Group (SRLG) configured, if the SRLG information is in the IS-IS protocol, the rpd might crash. PR1337849

  • Under certain rare conditions, if the remote BGP peer closes the TCP session, the rpd process might crash. PR1340379

  • The rpd daemon might crash due to receipt of crafted BGP notification messages. Refer tohttps://kb.juniper.net/JSA10871 for more details. PR1340689

  • The rpd crash might occur when receiving BGP updates. PR1341336

  • Changes to the displayed value of AIGP in show route ... extensive command. PR1342139

  • Traffic black-hole might be seen if local device receiving BFD-down. PR1342328

  • The rpd might crash when eBGP neighbor flap. PR1342481

  • If a rib-group refers to a VRF routing table in a BGP Layer 3 VPN environment, the rpd process might crash when the VRF routing instance is deleted or deactivated, but the rib-group is still kept. PR1343578

  • A bfd process memory leak might be observed when a multihop bidirectional forwarding detection (BFD) session for a static route is enabled with multiple qualified next hops. PR1345041

  • The rpd might crash if a route for RPF uses a qualified-next-hop. PR1348550

  • On all platforms with GRES enabled, if you bring up the scaling number of BGP peers, after executing Routing Engine switchover, rpd crash might be seen. PR1349167

  • In a PIM scenario, during the process of upstream interface shifting from one interface to another, if the device receives the PIM prune packet, it might cause multicast traffic to be dropped for a while. PR1350806

  • The routing protocol process (rpd) might crash when BGP route damping and BGP multipath feature are configured. PR1350941

  • Source AS community is not appended to RP (display issue in show route detail output). PR1353210

  • Static route configuration is always parsed after commit even if the configuration is unchanged. For a recursive route, the metric2 value will be overwritten by the resolver. This metric2 comparison causes the route change although there is no configuration change. PR1366940

  • While performing unified ISSU in an MX Series Virtual Chassis deployment, the MX Series Virtual Chassis system might clear TCP connections causing BGP peerings to flap. PR1368805

  • In a the penultimate-hop router in BGP labeled unicast (LU ) scenario using penultimate-hop popping (PHP), a link flap causes the next hop of a label received from the egress router to change. Once the link comes back, the penultimate-hop router might fail to install the clone route (S=0) entry for that label. As a result, the traffic is dropped and discarded. PR1387746

Services Applications

  • PCP mappings cannot be manually cleared when a NAT pool is shared between PCP and standard NAT. PR1284261

  • TLVs in ICRQ for actual-rate-downstream and actual-data-rate-upstream do not reflect PPPoE-IA value. PR1286583

  • The MSPMAND process generates a core file "@_arena_mALLOc" seen in backup SDG's MS70. PR1291664

  • The jl2tpd process might crash in short time span after GRES switchover. PR1295248

  • L2TP subscribers might get stuck in terminating state during login. PR1298175

  • There is a continuous generation of *jl2tpd_era_lns* log files occurs even though L2TP is not configured. PR1302270

  • LTS clients experience packets drop for large packets due to fragmentation in LTS. PR1312691

  • AVP 145 is not present in IRQ when ANCP DSL-type = 0. PR1313093

  • L2TP Tunnel Tx and Rx bytes count sometimes decrease when subscriber sessions are reduced within the tunnel. PR1318133

  • SNMP MIBs not yielding data related to sp- interfaces. PR1318339

  • The MRU might be changed to 1492 instead of the default 1500 in L2TP scenario. PR1319252

  • PPP NCP active mode cannot be enabled for MLPPP session on MX Series platforms. PR1319580

  • Long route remains in forwarding table after subscriber session goes down. PR1322197

  • L2TP LTS might drop the first "CHAP Success" packet from LNS due to delayed programming of /136 route on Packet Forwarding Engine. PR1325528

  • The jl2tpd might crash if the RADIUS server returns 32 tunnel-server-endpoints. PR1328792

  • Not all CSURQ replied in case the number of sessions addressed in CSURQ is more than about 107. PR1330150

  • The l2tpd might crash when multiple l2tp related commands are executed together. PR1337406

  • The command show services stateful-firewall flows count shows incorrect flow count after services configuration change. PR1338704

  • Output of show interfaces si-x/y/z.xxxxx extensive CLI command shows incorrect inet/inet6 MTU value for MLPPP subscriber on MX Series L2TP LNSs. PR1346049

  • The bbe-smgd process might crash if there are 65535 L2TP sessions in a single L2TP tunnel. PR1346715

  • Session limit per tunnel on LAC does not work as excepted. PR1348589

  • UDP checksum inserted by MS-DPC after NAT64 is not valid when incoming IPv4 packet has UDP checksum set to 0. PR1350375

  • The show services stateful-firewall flows counter shows ridiculously high numbers. PR1351295

  • Jl2tpd process might crash shortly after one of L2TP destinations becomes unavailable. PR1352716

  • If IPsec is configured (even at a low scale of 200 tunnels) with dead peer detection (DPD) enabled, and all the IPsec tunnels are IDLE, when SNMP walk is performed, IPsec tunnels might flap. PR1353240

  • In subscriber management environment where LNS is deployed, if the "local-gateway" of an L2TP tunnel on LNS device is frequently changed using the replace command, the gateway might not be operational and the tunnel connection request packets sent by the corresponding LAC devices (having "remote-gateway" matching the LNS's gateway) might get discarded on the LNS device. PR1362542

  • A few tunneled PPPoE subscriber stuck in terminating state in corner case. PR1363194

  • On MX Series and M12/M320 platforms, when the L2TP LNS subscriber is brought down, the accounting stop message might not be sent to the RADIUS server. PR1368840

  • In an IPsec VPN scenario, some special peers (for example, Huawei enodeB) might start a new IPsec-VPN IKE session without clearing the old session upon detecting session failure, which results in the old IKE session getting stuck in "Not Matured" state. There is no impact to service, but these sessions might consume too many memory resources. PR1369340

  • On MX Series routers with MS-DPC used for NAT64, if an ICMPv6 Type 2 packet is received, NAT64 translates the source address and destination address in the packet incorrectly. PR1374255

  • The FTP ALG is not supported with twice-nat even when there is an unsupported translation type with FTP ALG, and a core file is seen. Should display a syslog message instead of generating a core file. PR1383964

Software Installation and Upgrade

  • Junos Selective Upgrade (JSU) package is not activated after a reboot. PR1298935

  • The new versions of Junos OS does not have the tool for accessing aux port - /usr/libexec/interposer. PR1329843

  • When the device is booted into single-user mode (recovery mode), and any change is made to the configuration(for example, setting the root password), the commit fails. PR1368986

Subscriber Access Management

  • Accounting messages are sent with incorrect timestamp to RADIUS. PR1262892

  • A few IPs might get stuck on a Policy And Charging Rules Function (PCRF) router. PR1302509

  • Service interim for DHCP subscriber is not working in JSRC scenario. PR1303553

  • The show network-access aaa accounting command might display additional entries. PR1304594

  • Incorrect Acct-Delay-Time in RADIUS Accounting-On message is seen after rebooting the MX Series router acting as a BNG. PR1308966

  • Subscriber might get stuck in "Init" state when executing CLI command test aaa xxx. PR1311263

  • Memory leak might happen after clearing subscriber with script or manually. PR1312517

  • Service interim missing for random users in JSRC scenario. PR1315207

  • The delegated prefix from RADIUS is incorrectly parsed when the prefix is fewer than 20 bytes long. PR1315557

  • Allowing unified ISSU during accounting suspend. PR1320038

  • IP addresses are assigned discontinuously from the linked IP pools. PR1323829

  • multiple-radius-servers having different dynamic-request-port is not supported. PR1330802

  • Subscriber might get stuck in terminated state when JSRC synchronize state get stuck in "FULL-SYNC in progress". PR1337729

  • On MX Series platforms with L2TP service-rate-limiter service deployed, the transmission of Tx and Rx connection speeds from LAC to LNS might not be updated in the L2TP incoming-call-connected (ICCN) packet when the LAC receives the Access-Accept message from the RADIUS server that provides the specific configuration. PR1338786

  • On Junos OS, authd allows assignment of IP address requested by a DHCP subscriber logging in with Option 50 (Requested IP Address) (CVE-2018-0057). Refer to https://kb.juniper.net/JSA10892 for more information. PR1351334

  • In dual stack subscribers scenario with NDRA pool configured, the linked pools are not used when the first NDRA pool is exhausted. PR1351765

  • When attempting to scale clients, sdbsts_lock_holder.bbe-smgd.pid10686.core generates core files. These types of core files are the result of a rare timing deadlock between the SDB secondary table and STS hash lock. PR1358339

  • In a dual Routing Engine system with the enhanced subscriber management feature enabled, if GRES is not configured, the authd process might not be started after executing Routing Engine switchover on the backup Routing Engine. PR1368067

  • Address pool does not correctly cycle to the beginning of the pool when linked-pool-aggregation parameter is defined. Address pool reports Out of Addresses even though not all addresses are in use. PR1374295

  • When the RADIUS server sends CoA for the subscriber after the RADIUS server has returned a different dynamic-profile name in access-accept, the subscriber will be updated with the original dynamic-profile. The issue occurs because the new dynamic-profile name sent by the RADIUS is not saved in the subscriber's table. Hence, when the CoA message arrives, the old dynamic-profile name is used. The issue results in CoA updating the subscriber with unexpected values. (The old dynamic-profile instead of the new dynamic-profile is used). PR1381230

  • In a dual-stack PPP/PPPoE-based subscriber scenario, when V4+V6 service is installed with family v4, if some daemon (such as dfwd) fails to add family inet6 IFF during instantiation of the family inet6 portion of some services (such as SRL service), family activation for family inet6 fails. But only the family inet6 portion of service should be removed. The family inet and L2 services such as CoS should remain unchanged, but they are changed. Therefore, some subscribers cannot get some services (such as SRL service) even though the RADIUS messages can be sent and received. It is a timing-specific issue. PR1381383

  • If the default value for the $junos-routing-instance predefined variable is configured (that is, dynamic-profiles <> predefined-variable-defaults routing-instances <>), the subsciber will come up in the configured default routing-instance even if RADIUS has already supplied the VSA of '26-1 Virtual-Router'. PR1382074

  • When a subscriber is manually logged out using CLI clear network-access aaa subscriber username <test> the following log message gets printed (messages file) when the GX-Plus module is clearing/freeing up the subscriber session-id from its table: Aug 28 12:11:50 jtac-test-node: authd [XXXX]: %DAEMON-3: gx-plus: logout: wrong state for request session-id: <XXX>. PR1384599

User Interface and Configuration

  • CLI session might die while issuing the command show configuration | compare rollback 1. PR1331716

VPNs

  • Next generation MVPN IPv6 RP bootstrap type 3 S-PMSI AD route prefix ff02::d persists after BSR data stop. PR1269234

  • In a specific CE device environment in which asynchronous notification is used, after the link between the PE and CE devices goes up, the L2 circuit flap repeatedly. PR1282875

  • L2circuits stitched through LT peer interfaces might get stuck in "LD" (local site signaled down) status. PR1305873

  • Un-hide set protocols pim mvpn family inet6 disable configuration to allow users to disable inet6 on MVPN.PR1317767

  • While doing Routing Engine switchover in NSR , the deletion of LDP label-related entries on the standby Routing Engine might be not handled correctly. This issue can trigger an rpd crash on standby Routing Engine. PR1310934

  • The rpd might crash after a unified ISSU in a large scale scenario with PIM configuration. PR1322530

  • Moving MC-LAG from LDP-based pseudowire to BGP-based pseudowire might cause rpd crash. PR1325867

  • MVPN sender-site configuration is not allowed with S-PMSI. PR1328052

  • The routing protocol process (rpd) generates a core file on backup Routing Engine with next generation MPVPN and NSR configuration. PR1328246

  • The routing protocol process (rpd) crashes because of the receipt of a specific Draft-Rosen MVPN control packet in a Draft-Rosen MVPN configuration, and restart or might lead to remote code execution. Refer to https://kb.juniper.net/JSA10879 for more information. PR1339567

  • The rpd might continuously crash on the backup Routing Engine and some protocols might flap on the master Routing Engine if hot-standby is configured for L2circuit or VPLS backup neighbor. PR1340474

  • The rpd might crash on backup Routing Engine when changing the L2circuit virtual-circuit-id in an NSR scenario. PR1345949

  • In an L2VPN scenario, rpd might crash if an interface (that is already in downstate) is added to any operating site of an L2VPN instance. PR1351386

  • In a dual-homed next-generation MVPN scenario with spt-only mode enabled, the receipt of type 5 withdrawal removes the downstream join states for some routes when multiple type 5 routes exist and one of them is withdrawn in some cases (such as PE device uplink failure). PR1368788

Resolved Issues: 17.2R2

Class of Service (CoS)

  • The Routing Engine level scheduler-hierarchy command misses a forwarding class when the per-unit-scheduler mode is configured. PR1281523

Forwarding and Sampling

  • Aggregated Ethernet interface might move to "down" state after GRES. PR1233188

  • Packet Forwarding Engine mac-learning debug logs are displayed as error logs. PR1267684

  • Unexpected error messages might be seen in logs. PR1270686

  • The sampled process stops collecting data on Routing Engine based sampling supported platforms. PR1270723

  • Firewall filter might not be matched when wildcard (*.*) is specified as matching condition. PR1274507

  • Routing-instances information is not being displayed in the flat accounting file. PR1275225

  • Unicast traffic is forwarded out of the logical interface even after the interface is disabled. PR1277697

  • The sampled route reflector (srrd) process might crash in the large routes churn situation. PR1284918

  • The sampled process might crash if traceoptions are enabled. PR1289530

General Routing

  • ICMP reply traffic might get dropped on MS-MPC line cards. PR1059940

  • With l2tp subscribers, after every subscriber's login attempt, all FPCs except the card that hosts subscribers might report the following log message jnh_if_get_input_feature_list(9723): Could not find ifl state. PR1140527

  • The FPC might reboot and the error message Readback error from I2C slave might be displayed. PR1174001

  • Port block efficiency and unique pool users statistics show incorrect values respectively in the NAT pool, which is being used by the sessions. This issue occurs when adding an address into the NAT pool. Both NAT pools are used in the same service set. PR1177244

  • The CLI command request vmhost zeroize or request vmhost zeroize both might work only on the local Routing Engine. PR1197152

  • The rpd might crash in the backup Routing Engine after a Routing Engine switchover in an MX Series subscriber environment. PR1206804

  • IPsec phase2 soft lifetime calculation is different between Junos OS Release 11.4R12 and Junos OS Release 14.2R6. PR1209883

  • Continuous error messages pdb_open failure for Routing Engine scope MQTT broker are observed. PR1224705

  • CoS service with reflexive cos-rule should modify CoS values for reverse flow. PR1227021

  • MPC2E-NG and MPC3E-NG generate a core file with specific MIC because of tight loop of PIC Express critical exceptions. PR1231167

  • Major errors related to XQ-chip L4NP parity errors might be reported on MPC. PR1232952

  • With vLNS (vBNG), a commit generates the message warning: requires 'l2tp-inline-lns' license even if a valid license is installed. PR1235697

  • Junos Telemetry Interface: Frequent disconnects are seen with the MQTT messaging protocol when the logical interface sensor is provisioned for a longer duration. PR1238803

  • MPC9E might generate an FPC core file when running Junos OS Release 16.1R2.11 if it is configured with "mixed-rate AE bundles" and "adaptive load balancing". PR1238964

  • Half of the Point-to-Point Protocol over Ethernet (PPPoE) subscribers experience keepalive failure on PICs with aggregated Ethernet anchors. PR1240365

  • ANCP neighbors might stream down after commit. PR1243164

  • XM chip-based line card might drop traffic under high temperature. PR1244375

  • A route target per bridge domain for EVPN is not supported. PR1244956

  • Sensors are not reused when the subscriptions have uncommon paths. PR1245902

  • RADIUS accounting statistics of subscribers are doubled after unified ISSU. PR1250919

  • On MX2000 MPC6E, EOAM LFM adjacency flaps when an unrelated MIC accommodated in the same MPC6E slot is online. PR1253102

  • Na-grpcd might crash if openconfig is used for telemetry interface. PR1254794

  • Device control process (dcd) crashes during the ATM-related configuration commit. PR1258744

  • The syslog message HEAP: Free at interrupt level /Free interrupt violation! is displayed when interface drops on TRI-RATE SFP-T on MIC-3D-20GE-SFP-E. PR1259757

  • Incorrect egress classification of L3 multicast traffic from ingress VLAN bridge interface after a configuration change. PR1260413

  • Layer 2 control BUS timeout causes SFP thread hogging and an MPC restart. PR1260517

  • On an MX Series platform with an MPC line card, an MPC line card goes offline during a unified ISSU. PR1260714

  • Point-to-Point Protocol over Ethernet (PPPoE) subscribers might not come up while verifying that IPCP renegotiation happens properly for terminated PPPoE subscribers. PR1260836

  • With QSFP optics, Rx loss cleared and set critical messages are logged continuously. PR1261793

  • Extra link transitions might be seen after restarting MPC. PR1264039

  • BGP hold time might be expired after a GRES or NSR switchover. PR1264436

  • Sometimes SDN-Telemetry subsystem does not respond to management requests while issuing show agent sensors. PR1266058

  • Unified ISSU related limitation is observed under highly scaled scenarios. PR1267680

  • The openflowd process might get stuck because of 100% CPU memory corruption while deleting and querying the filter. PR1268527

  • The command show arp interface xe-x/x/x no-resolve | display xml returns XNM errors. PR1269170

  • MIC error interrupts are more than the threshold (> 2500 per 5 min), so the MIC or FPC is restarted. As a result, MIC error interrupts will hog the CPU when the restart is initiated. PR1270420

  • The multicast blackhole might be seen when the aggregated Ethernet interface flaps with MoFRR enabled. PR1270939

  • When MX Series routers are equipped with a next-generation Routing Engine, the log message sdk-vmmd: %USER-3: is_platform_Next-Gen RE: Platform found as Next-Gen RE is displayed with error severity. PR1271134

  • The Routing Engine might stop all services after GRES or ISSU. PR1271306

  • Packet Forwarding Engine drops BUM traffic coming from remote PE EVPN instance. PR1272384

  • Virtual forwarding plane failed to load files from virtual control plane if the interconnection has an MTU less than 1500. PR1273365

  • The mspm and log messages about memory zone level are generated incorrectly. PR1273901

  • The l2ald process might crash in an EVPN scenario. PR1274113

  • L2-over-GRE tunnel might use underlying physical interface MTU directly without deducting IP/GRE header length. PR1274203

  • CLI commands fail to execute show subscribers detail, show subscribers extensive, show subscribers count client-type <> and other commands as subscriber management database is unavailable. PR1274464

  • FPC/MPC might crash in EVPN/MPLS or EVPN/VXLAN environment. PR1274976

  • FPC generates a core file when route record with an unknown AS index is received. PR1275021

  • Link stays down after a flap on MPC NG cards with QSFP+-40G direct attach copper (DAC). PR1275446

  • Fixed the default behavior of the configuration statement added for static route's dependency on BFD_ADMIN_DOWN, through PR 1070477. PR1275973

  • Routing Engine based captive-portal-content-delivery (CPCD) does not work in vMX or MX86. PR1276016

  • For MPC7E-10G, MPC7E-MRATE, MX2K-MPC8E, and MX2K-MPC9E complete traffic loss is observed when CRC errors are injected on a single plane. PR1276301

  • Junos OS does not use the complete TCP window size and slows the connection when JET application over GRPC is installed on Junos OS. PR1276443

  • On an MX Series platform with MS-MPC or MS-MIC installed, the service PIC daemon (spd) memory leak might be observed after adding or removing a service-set statement. PR1276809

  • Layer 2 control BUS stuck causes SFP+ thread hogging and restarting of MPC. PR1277467

  • MTU configuration option for virtual tunnel interfaces will be removed. PR1277600

  • IS-IS adjacencies over MLPPP links do not connect to the LSQ bundle interface. PR1278377

  • The routing protocol process (rpd) might get stuck 100% when the same BGP prefix routes are learned in different routing instances with multipath and auto-export configured. PR1279260

  • VLAN out-of-band subscriber session fails when it is autoconfigured. This is because the physical interface goes down even if it is physically up. PR1279612

  • When an MS-MPC-PIC is brought offline or online or bounced (because of an AMS configuration change), occasionally, PIC can take approximately 400 seconds to initiate. PR1280336

  • Authenticated subscriber dynamic VLAN interface might get disconnected immediately after successful connection. PR1280990

  • MTU for a Layer 2 over GRE gr- interface should be unlimited. PR1281173

  • The ingress service-accounting-deferred for L2BSA subscribers are not providing the correct IP traffic statistics. PR1281201

  • Establishment of IPsec SAs for link type tunnels might fail under certain conditions. PR1281223

  • DHCP/PPPoE subscribers fail to bind after FPC restart and smgd restart with BBE_RTSOCK_GET_RTSOCK_IFL_FAIL_TERMINATED counter going up. PR1281930

  • Optics levels are not sent in Junos Telemetry interface for down interfaces. PR1281943

  • Buffer overflow in sockets library (CVE-2017-2344). PR1282562

  • Inline J-Flow unrelated configuration changes related to a routing-instance results in invalid or incomplete J-Flow data packets. Commit-full resumes proper functionality. PR1282580

  • Variable based flows (VBF) are not programed appropriately on aggregated Ethernet interfaces. PR1282999

  • OAM fails to come up when GRE tunnel source and family inet address are the same. PR1283646

  • When the service-set has both NAT rule and Stateful-Firewall rule configured but a source IP address could not be matched with any NAT rule, but could be matched with Stateful-Firewall rule, the PPTP session from this source IP address might not be able to be established successfully. PR1285207

  • The J-Flow data template sequence number is zero for MPLS flows. PR1285975

  • Unified ISSU is not supported from Junos OS Release 15.1 or later when source release includes one or more BBE features such as logical interface options, CoS fragmentation map, MLPPP, advisory options, advanced services, and multicast distribution. PR1286507

  • The routing protocol process (rpd) crashes during subscriber login or logout with multicast service enabled and while performing GRES switchover. PR1286653

  • A10NSP interface is not getting attached to the Layer 2 routing instance after renaming the routing instance name. PR1287070

  • The routing protocol process (rpd) might generate a core file after changing the routing-options dynamic-tunnels configuration. PR1287109

  • LTS functionality does not work on Junos OS Release 16.1R4-S2 if rewrite-rule configuration is applied to the dynamic profile. PR1287788

  • SNMP query for IF-MIB::ifOutQLen reports incorrect type should be Gauge32 or Unsigned32 for a dynamic VLAN demux0 interface. PR1287852

  • The services-oids-ev-policy.slax & services-oids.slax files built in the Junos OS image does not have the latest versions. PR1287894

  • The bbe-smgd process might crash generating a core file on standby Routing Engine during a reboot upgrade with active locally terminated PPPoE subscribers. PR1288121

  • The smg-service process might generate a core file in the backup with a distributed IGMP configuration. PR1288465

  • Kernel "rtdata" memory might leak on an MX Series Virtual Chassis with heartbeat enabled. PR1289363

  • The FPC memory leak might happen in a BBE subscriber environment. PR1289365

  • Memory leak is observed in a bbe-smgd process (daemon) when the subscriber logs out of the multicast group. PR1290918

  • BBE-SMGD generates a core file following a stress test in bbe_iff_add_ifa. PR1291969

  • An error in vbf_filter_add_orphan_check might be seen when the subscribers use filter to log out or log in. PR1292582

  • The syslog DDR3 TEMP ALARM messages are logged in chassisd log. PR1293543

  • Login or logout core file is generated using Routing Engine based http-redirect. PR1293553

  • The show extensible-subscriber-services sessions reports an incorrect timestamp increase by one hour after a unified ISSU. PR1293800

  • Unable to edit dynamic profiles after scaling up to 400 dynamic profiles. PR1295446

  • The bbe-smgd process generates a core file at bbe_mcast_ifl_vbf_encoder on service activation or deactivation along with smg-service restarts. PR1295938

  • Routing Engine crashes generating a core file after a loop in rts_gencfg_ifstate_getparent. PR1296884

  • A memory leak is seen when set protocols mld XXX stanza is changed and committed. PR1297454

  • The bbe-smgd process crashes when traceoption is enabled due to an invalid username character. PR1298667

High Availability (HA) and Resiliency

  • The vmcore files were generated on both VCMm and VCBm at the same time. PR1274438

Infrastructure

  • The smartd Offline uncorrectable sectors critical log keep reporting every 30 minutes. PR1233992

  • The show system users CLI command output displays more users who are not using the router. PR1247546

Interfaces and Chassis

  • IPv6 Neighbor Discovery does not work for DHCPv6 sessions when using static demux VLAN with router advertisement. PR1250313

  • At a high logical interface scale, an ifinfo process (daemon) generates a core file on executing command <show-interface>. PR1254189

  • The MRU of aggregated Ethernet interface might reset to default value. PR1261423

  • When adding an additional Data field in a PPP Echo Request packet, keepalive failure might be seen that might disconnect the subscriber. PR1273083

  • The message dot1agCfmMepHighestPrDefect might be reported in the SNMP trap with a value of -1 instead of 0 on recovery after a remote defect indication (RDI). PR1273278

  • The line card hosting an Ethernet OAM LFM session might reboot during a unified ISSU. PR1283280

  • No L2TP sessions come up on some si- interfaces after an MPC restart followed by a Routing Engine switchover. PR1290562

  • A VRRP track interface down did not trigger a mastership election immediately. PR1294417

Layer 2 Ethernet Services

  • The show class-of-service fabric statistics CLI command might fail with a periodic Error = Operation timed out message. PR1228293

  • The IPv4 or IPv6 packets originating from a Routing Engine might be corrupted when the bridge domain has 'vlan-id' set to none, but the outgoing L2 interface for the packet is tagged and CoS is enabled. PR1263590

  • DHCP is not using the configured IRB MAC as the source MAC in DHCP offer unicast replies. PR1272618

  • The messages l2cpd[2486]: task_connect: task MVRP l2ald ipc./var/run/l2ald_control addr /var/run/l2ald_control: No such file or directory are filling up the syslog. PR1278189

Layer 2 Features

  • In a scaling VPLS scenario, convergence time is taking more than 10 minutes. PR1279192

  • A misconfiguration that adds an aggregated Ethernet (AE) bundle and its member link to a VPLS instance might cause 100% routing protocol process (rpd) utilization. PR1280979

MPLS

  • RSVP p2mp sub-LSPs having more than 1 sub-LSP in down state might not get re-optimized after transit path goes down. PR1174679

  • Traffic loss is seen during an auto-BW make-before-break (MBB) on an ingress router as "invalid fabric token". PR1264089

  • When "explicit-null" is configured for LDP, label 0 is assigned as IPv6 explicit null label. PR1264753

  • The routing protocol process (rpd) might crash if egress-policy is configured in LDP. PR1266358

  • Remote targeted LDP session might remain up even though it should not be up. PR1266802

  • Traffic loss will be observed when primary LSP goes down in an LDP-over-RSVP environment. PR1270877

  • JDI-RCT-RPD rpd core@ bgp_labeled_l2vpn_standby_outmetrics , bgp_rt_ribout_rcv_nlri: This core file might be generated for subscribers who have configured BGP family L2VPN in Junos OS Release 17.2R1. PR1271704

  • The CLI command show route extensive might cause routing protocol process (rpd) to crash. PR1272993

  • RPD core: Assertion failed rpd[6255]: file src/junos/usr.sbin/rpd/rsvp/rsvp_enh_lp.c", line 4928: "rsvp_enh_lp_supported_psb_type(psb). PR1276748

  • The routing protocol process (rpd) crashes due to LDP defect during NSR-enabled Routing Engine switchover. PR1290789

  • The routing protocol process (rpd) crashes if MPLS LSP path change occurs. PR1295817

Network Management and Monitoring

  • Command ESC-Q does not work when the syslog is disabled. The syslog message is still seen even if it is disabled by ESC-Q. PR1269274

  • MIB2D related syslog message MIB2D_RTSLIB_READ_FAILURE: rtslib_iflm_snmp_pointchange is seen during removing and restoring configurations. PR1279488

  • On Junos OS devices with SNMP enabled, a network-based attacker with unfiltered access to the Routing Engine can cause the Junos OS snmpd process (daemon) to crash and restart by sending a crafted SNMP packet. Repeated crashes of the snmpd daemon can result in a partial denial-of-service condition. Additionally, it may be possible to craft a malicious SNMP packet in a way that can result in remote code execution. PR1282772

  • The Management Information Base II process (mib2d) is logging an "RLIMIT curr 1048576000 max 1048576000" message every time a commit is performed, which might confuse the operator into believing that the memory limit of 1GB has been reached. PR1286025

  • If a logical interface of a loopback interface (lo0) is deleted, it will not be deleted in the ifStack tree. It might result in a mib2d crash when polling the object identifier (OID) of ifStackStatus.0. PR1286351

Platform and Infrastructure

  • Traffic drop might occur under a large-scale of firewall filter configuration. PR1093275

  • Kernel might crash on issuing show arp or clear arp if there is an IPv4 255.255.255.255 address. PR1120114

  • FPC crashes with MAC accounting feature enabled. PR1173530

  • FPC CPU spikes every 6 minutes on MX Series with an MPC or MIC chipset due to a microcode rebalance. PR1207532

  • With a commit script configured, the mgd process might crash when you configure anything in private configuration mode. PR1244015

  • One of the processes (dcd, rpd, dfwd, pfed, cosd, sampled) might generate a core file in a large-scale 8K ESSM login or logout with an ephemeral database. PR1249979

  • GRE tunnel traffic gets dropped after disabling and reenabling the gr-interface. PR1255706

  • show ephemeral-configuration has configuration though there are no active client connections. PR1260124

  • Error message rnh_iff_delete_nh: no pat-node might be seen when the subscriber logs out. PR1263983

  • FPC might crash with interface-specific firewall filters with policers configured. PR1267908

  • The routing protocol process (rpd) might crash and BGP session flapping might be seen if flapping interfaces or changing configurations. PR1269116

  • Dropping the TCP RST packet incorrectly on Packet Forwarding Engine might cause a traffic drop. PR1269202

  • FPC generates a core file when you are trying to send igmp-membership reports to 16000 subscribers. PR1270928

  • The queued statistics of interface are not correct in CoS scenario on MX Series platform. PR1271055

  • The real-time performance monitoring (RPM) loss percentage values for "overall tests" through SNMP might be incorrect. This is because the RPM probe loss percentage is stored as a 32-bit integer internally but the calculation can exceed a 32-bit boundary, which might lead to a rounding error. PR1272566

  • Ephemeral database configurations are not getting mirrored to the backup Routing Engine. PR1279653

  • request routing-engine login other-routing-engine might require a password. PR1283430

  • Incorrect load-balancing occurs for traffic going from MS-DPC to MPC cards. PR1287086

  • Log messages are getting triggered when any non-superuser or non-root user tries to telnet into the router. // rend_dlinit: not a proper library: /usr/lib/render/libdcd-render.so: Cannot open "/usr/lib/render/libdcd-render.so" // . PR1289974

  • The source MAC learned from cross-Packet Forwarding Engine aggregated Ethernet (AE) might bounce between aggregated Ethernet member Packet Forwarding Engines for a long time and might cause MLP-ADD storm. PR1290516

  • RMOPD might get stuck at sbwait upon receiving a specific response from HTTP agent. PR1292151

  • The Broadband Remote Access Server and carrier grade NAT features running on the same MX Series device might trigger transient flow-control asserted by XLP MAC after upgrading the MX Series routers to Junos OS Release 16.1. PR1293232

Routing Protocols

  • No multicast forwarding in ASM mode after a unified ISSU. PR1146621

  • The routing protocol process (rpd) might crash on platforms with 64-bit X86 Routing Engine if IPv6 is configured. PR1224376

  • Routing protocol process (rpd) on the backup Routing Engine might restart unexpectedly upon the addition of a new L2VPN routing instance. PR1233514

  • Need support for conflict resolution. At times, the same SID might be sent for multiple prefixes, which might cause issues. PR1239093

  • The routing protocol process (rpd) core file might be seen in an MVPN scenario. PR1240565

  • There might be a stale bootstrap rendezvous point (RP) entry in a bootstrap router RP table after deleting static RP configuration from another router. PR1241835

  • When advertise-from-main-vpn-tables configuration statement is used under BGP and the router-reflector functionality is added, a refresh message is not sent resulting in some missing routes. PR1254066

  • BGP-LU label might go into "dead" state in forwarding table after the MPLS address family on the next-hop interface is removed and re-added. PR1262180

  • MPLS over UDP tunnel creation failure in the absence of a VRF table. PR1270955

  • "Nexthop AFI=3" is observed in a BGP open message after configuring family inet unicast extended-nexthop. PR1272807

  • The BFD down for BGP might cause traffic black holing for customer traffic. PR1276497

  • Error messages are seen when receiving BGP update messages with UNREACH NLRI. PR1276758

  • IS-IS LSPs might be dropped in interop with Cisco in a segment routing (SR) scenario. PR1280522

  • The routing protocol process (rpd) might crash due to a certain chain of events in BGP-LU protection scenario. PR1282672

  • The second multicast packet might be discarded on rendezvous point router. PR1282848

  • The routing protocol process (rpd) might crash while deactivating in a routing instance [protocols pim static]. PR1284760

  • The routing protocol process (rpd) might crash if dynamic Routing Protocol goes down in ECMP topology and also if PIM join-load-balance automatic is configured. PR1288316

  • BGP-RR sends full route updates to its RR-Clients when any family MPLS interface gets bounced because of any fiber cut or manual events causing high CPU spike. PR1291079

  • The routing protocol process (rpd) might crash if BGP flap happens. PR1295062

Services Applications

  • L2TP congestion window set to 128 instead of 1 when tunnel is created. PR1265001

  • DTCP non-optimized trigger attributes can delay mirrored traffic forwarding in scaled environments. PR1269770

  • Kernel crash might be seen after performing the CLI command commit. PR1273357

  • Lawful intercept: ingress control packets from the subscriber are mirrored to the mediation device twice. PR1275592

  • Backup Routing Engine goes to the database prompt with a vmcore if the down ASI interface configuration is deleted. PR1281882

  • Layer 2 Tunneling Protocol (L2TP) subscribers are down after a GRES while verifying framed IPv6 route support for L2TP network server (LNS) at a higher scale with a maximum number of Framed-IPv6-Route. PR1293783

  • Each subscriber session gets its own L2TP tunnel without "Tunnel-Client-Endpoint" from RADIUS. PR1293927

Subscriber Access Management

  • Option to exclude tunnel attributes in access-request on L2TP network server (LNS). PR1264024

  • Possible CPS degradation for scaled DHCPv4 or DHCPv6 and PPPoEv4 subscribers. PR1264052

  • Accounting messages are sent with the wrong Event-Timestamp to RADIUS. PR1270162

  • The DHCP subscriber might not get an IP address when the address pool is tight. PR1274870

  • bbe-smgd might spontaneously crash after bbe-smgd deamon restarts from CLI. PR1277099

  • Some RADIUS attributes might not be filtered out of the accounting-on or accounting-off message on an MX Series platform. PR1279533

  • IP assigned by RADIUS is incorrectly counted by local pool after a Virtual Chassis switchover. PR1286609

  • An authd core file is observed while terminating a large number of subscribers. PR1289215

User Interface and Configuration

  • commitd might generate a core file by removing certain configuration followed by a commit operation. PR1267433

VPNs

  • The routing protocol process (rpd) crashes after an L2VPN configuration change followed by "ping mpls l2vpn". PR1272612

  • Memory leak in RPD task_timer, timer 'PIM MVPN Alt KAT Timer'. PR1276041

Resolved Issues: 17.2R1

Class of Service (CoS)

  • The cosd process might crash when you execute the command show class-of-service queue-consumption. PR1066009

Forwarding and Sampling

  • Aggregated Ethernet interface might get into "down" state after GRES. PR1233188

  • For certain subscriber types entry in the statistics database is not cleaned up on logout. PR1251756

  • Accounting interim interval is reset after GRES. PR1261472

  • Service statistics are reported in the wrong order. PR1262876

General Routing

  • The jsscd might crash in a scaled environment. PR1133780

  • When the traffic matches a rule name with junos:rdp, the LRF record has the PCC rule name any-any. PR1174938

  • On MX Series routers, the MS-MIC line card might crash and restore automatically. PR1183828

  • The CPU of processes might get nearly 100% occupied. When SDN-telemetry (the agentd process) is disabled or continuously restarted, certain messages are repeatedly logged in syslog. The agentd process is unable to accept the new subscriptions. As a result, all subscriptions are dropped, triggering agentd to restart several times. PR1192366

  • Error messages are reported during unified ISSU on MX Series routers. PR1200045

  • The command show subscribers summary port extensive outputs might have an incorrect tunneled or terminated sessions count. PR1206208

  • Unified ISSU is not supported on MX2008. PR1213193

  • An MS-MPC or MS-MIC service PIC might crash when passing large fragmented traffic through an ALG. PR1214134

  • Syslog message fpc_pic_process_pic_power_off_config:[xxxx] :No FPC in slot [y] is incorrectly displayed on an empty FPC slot with no PIC power off configured. PR1216126

  • MPC might crash during unified ISSU from Junos OS Release 15.1R1 to a later release when QSFP, CXP, or CFP2 optics are present. PR1216924

  • Continuous login and logout of PPPoE/DHCP subscribers might cause some subscribers to fail to bind. PR1221690

  • The MX2008 BITS clock module's LED behavior is inconsistent with other platforms. PR1222041

  • The early/opDel: bad stored heap messages seen on sending traffic using captive-portal-content-delivery service do not have any affect on functionality. PR1226782

  • MX2008 chassisd process might consume more CPU cycles than the chassisd process running on MX2010 or MX2020. PR1231333

  • Junos Telemetry Interface: Frequent disconnects are seen in MQTT when the logical interface sensor is provisioned for a longer duration. PR1238803

  • BBE CST MX Series Virtual Chassis: Half of PPPoE subscribers KeepAlive failure on MPC5E line card PIC1, if aggregated Ethernet anchors on PIC1. PR1240365

  • ANCP neighbors go down after a commit. PR1243164

  • The ms90 kernel: kern.maxfiles limit exceeded by uid 0, please see tuning(7) message is seen after injecting more than 2M routes. PR1243581

  • Route target per bridge domain for EVPN is not supported. PR1244956

  • Sensors are not reused when the subscriptions have non-common paths. PR1245902

  • GNF console hangs after some idle time. PR1250726

  • The rpd might crash when some interfaces and some peers go down. PR1250978

  • KRT queue gets stuck on the Routing Engine, causing RIB and FIB to go out of synchronization. PR1251556

  • Output of show ancp subscriber detail might omit certain TLVs. PR1252747

  • Junos OS Release 17.2DCB: High 1PPS phase-transient is seen on physical layer SyncE rearrangements. PR1253083

  • An interoperability is seen between MX Series MPC3E-NG and MS Series MPC2E-NG line cards when connected to third party switch. PR1254795

  • Incorrect data in the output of show subscribers extensive . PR1255029

  • Riot (vPFE) process might generate a core file in vMX platform when a lot of subscribers log in or log out when there are a large number of flows (>500K). PR1255866

  • Traffic drop seen on MPC7E cards after rekeying of MACsec. PR1257041

  • The CLI command show vpls mac-table does not display all MAC addresses for L2BSA subscribers. PR1257605

  • Unable to run show subscribers extensive and some other CLI commands after GRES because subscriber-management database is unavailable. PR1258238

  • DCD process crashes during the ATM-related configuration commit. PR1258744

  • Subscriber management (bbe-smgd) process might crash and generate a core file during Routing Engine mastership switchover. PR1258817

  • When using an AMS interface and running the show interfaces extensive command, the subinterfaces will show only 0 for the packet counters. PR1258946

  • Junos Telemetry Interface reporting interval has a skew. PR1259224

  • QSFPP-40GBASE-LR4 might remain down after fiber link flap. PR1259930

  • Incorrect egress classification of L3 multicast traffic from ingress VLAN bridge interface after configuration change. PR1260413

  • I2C BUS timeout causes SFP thread hogging and MPC restart. PR1260517

  • A Packet Forwarding Engine saves only the first multicast IPv4 packet when waiting for a resolve request. PR1260729

  • In MX Series BNG subscriber management environment, there could be a slight deviation in the dynamic profile service accounting statistics when the subscriber session terminates abruptly. PR1260898

  • During multicast activation of dynamic subscribers through a service profile, the bbe-smgd process in the backup Routing Engine could sometimes crash. PR1261285

  • GRPC physical interfaces *-pkts fields zero suppressed by its own counter. PR1261589

  • The show auto-configuration CLI command was mistakenly hidden in Junos OS 15.1 and later releases. PR1262139

  • The dynamic VLAN is removed after 30 seconds if there are no subscribers on it and remove-when-no-subscribers is set regardless of its idle-timeout value for the dynamic VLAN. PR1262157

  • Unified ISSU with subscriber-management is enabled. PR1262877

  • ICMP network unreachable message is not sent back when the subscriber is terminated in a routing instance.PR1263094

  • CoS service profile without line rate adjust needs to use "adjust-always" for proper revert behavior. PR1263337

  • After JSD (JET service process) restart, the process is up but it is not listening on any port. PR1263748

  • The smg-service subsystem is not responding to management requests. PR1264038

  • Authd reports pdb_get_all_profiles_from_db: Populate full profile tree failed, err:261, and subscribers are unable to connect at the higher number of configured dynamic profiles. PR1264629

  • With the Ethernet frames with more than 2000 bytes of payload, the mspmand process might crash. PR1264712

  • MX Series LAC does not send packets in the l2tp tunnel for some static PPP subscribers. PR1265414

  • PRPD/JET API: BgpRouteMonitorRegister() might not send end-of-rib operation. PR1265427

  • LLDP neighbor ID is captured incorrectly in streaming telemetry output. PR1265705

  • Sometimes the SDN-telemetry subsystem is not responding to management requests while issuing show agent sensors. PR1266058

  • BNG accepts IGMPv3/MLDv2 membership reports sent to non-standard multicast addresses. PR1266309

  • Unified ISSU failure might be seen with Junos OS Release 16.1R4-S1. PR1266317

  • ARP requests are hitting AE_RESERVED_IFL_UNIT (AEx.32767) when VSTP is enabled on a double-tagged aggregated Ethernet logical interface. PR1267238

  • The bbe-smgd process generates a core file during subscriber login or logout on the backup Routing Engine under certain boundary conditions. PR1267646

  • The CLI configuration command set chassis effective-shaping-rate is enabled for the MX104. PR1267829

  • ANCP Port Up message triggers RADIUS AccessRequest even when a PPP session is established. PR1267960

  • The message HALP-lbnh_xlate_cntr_db_get_stats:250counter id 1573873: Unable to find lbnh xlate counter is flooding the syslog. PR1268452

  • Router MAC extended community does not use standardized value. PR1269236

  • The Routing Engine might stop all services after GRES or unified ISSU. PR1271306

Infrastructure

  • The smartd Offline uncorrectable sectors critical logs keep reporting every 30 minutes. PR1233992

  • A ksyncd crash might be seen on the backup Routing Engine due to stale next hops on the master Routing Engine. PR1250880

  • Legacy Junos OS kernel might generate a core file on userland_sysctl / sysctl_root / sysctl_kern_proc_env / panic_on_watchdog_timeout. PR1254742

  • Device reboots due to watchdog timeout. PR1259616

  • Zero suppression does not work for internal interfaces. PR1260036

Interfaces and Chassis

  • T3 interface might not come up due to incorrect subrate. PR1238395

  • The cfmd might crash when CFM filter refers to a firewall policy. PR1246822

  • For CFM over aggregated Ethernet, incorrect Anchor FPC is selected. PR1258490

  • SNMP SET fails when the FPC slot or PIC/port has a value greater than 9. PR1259155

  • Jpppd might crash when traceoptions is enabled under PPPoE. PR1264000

  • On MX Series Virtual Chassis this message is seen: CHASSISD_IPC_WRITE_ERR_NULL_ARGS: FRU has no connection arguments fru_send_msg Global FPC 0. PR1264647

  • Malformed PPP echo reply causes keepalive failure. PR1273083

  • The message dot1agCfmMepHighestPrDefect might be reported in the SNMP trap with the value of -1 instead of 0 on recovery after RDI. PR1273278

Layer 2 Ethernet Services

  • The show class-of-service fabric statistics CLI command might fail with periodic Error = Operation timed out message. PR1228293

  • An MX Series router with MPC/FPC line card might go offline during FRU upgrade phase of unified ISSU. PR1256940

  • The DHCP client key identifier mismatch due to DHCPv4 Option 82 Suboption 9 change during the release time. PR1257701

  • Eliminate the impact of DHCPv6 renegotiation lockout timer for DHCP solicit with rapid commit options. PR1263156

Layer 2 Features

  • In a scaling VPLS scenario, convergence time takes more than 10 minutes. PR1279192

MPLS

  • When the configured metric for one of the LSPs used in ECMP is removed, other LSPs with configured metric might not honor the configured metric value. PR1261961

  • Traffic loss is seen during auto-BW MBB on ingress router as "invalid fabric token". PR1264089

  • TE++ container LSP statistics are showing the same 10 LSPs and looping. PR1267774

  • The core file might be generated for customers who have configured BGP family L2VPN in Junos OS Release 17.2R1. JDI-RCT-RPD rpd core@ bgp_labeled_l2vpn_standby_outmetrics , bgp_rt_ribout_rcv_nlri:. PR1271704

Network Management and Monitoring

  • The eventd process stops sending syslog messages to a configured syslog server. PR1246712

  • SNMPv3 trap does not contain routing instance information in contextName field. PR1265288

Platform and Infrastructure

  • NPC generated a core file. This type of NPC core file might be observed with a dynamic configuration change to the policer. The processing time in attempting to update all associated policers was exceeded. PR1071040

  • Change the default CMERROR actions for the Major Error on MX Series platforms. PR1186421

  • The routing protocol process (rpd) might crash when the ephemeral database is enabled. PR1214298

  • MX Series with MPC or FPC line cards report LUCHIP EDMEM errors during unified ISSU. PR1249395

  • One of the processes (dcd, rpd, dfwd, pfed, cosd, sampled) might generate a core file in large-scale 8000 ESSM login or logout with an ephemeral database. PR1249979

  • The auditd might crash when RADIUS accounting is configured but the RADIUS accounting server is not reachable. PR1250525

  • The bbe-smgd process might crash if you are running a PPPoE login or logout with IGMP distributed enabled. PR1253036

  • After switchover, KRT queue might get stuck on the new master Routing Engine with the error ENOENT -- Item not found. PR1254980

  • FPC might crash and generate a core file during unified ISSU because memory is not properly recycled. PR1258795

  • A mismatching in/out pps value is shown with show pfe statistics traffic detail. PR1259427

  • The routed traffic going out through IRB/l2 interface with VXLAN-EVPN is getting dropped after l2 interface switch. PR1259551

  • DHCP/BOOTP reply packet for an unnumbered interface might trigger FUD process failure. PR1260623

  • WRED drops on one VLAN when the other VLAN is congested. PR1260951

  • DDRIF checksum error might lead to traffic blackhole. PR1260983

  • FPC might crash with interface-specific firewall filters with policers configured. PR1267908

  • The routing protocol process (rpd) might crash and BGP session flapping might be seen if the interfaces flap or configurations change quickly. PR1269116

Routing Protocols

  • Multicast Source Discovery Protocol (MSDP) source active (SA) messages are sent at irregular intervals. PR1257668

  • Routing protocol process (rpd) might restart unexpectedly with a reference to ioth_session_delete_internal ( ) routine. PR1261970

  • The rpd might crash if the IS-IS segment routing is configured but a certain interface is not configured with RSVP. PR1262612

  • MPLS label entry for direct route as BGP-LU route is permanently stuck in KRT queue when vrf-table-label is configured in CoC routing instance. PR1263291

  • When applying an import policy to a BGP neighbor, the rpd process might crash continuously. PR1265224

  • Nexthop AFI=3 is observed in BGP open message after configuring family inet unicast extended-nexthop. PR1272807

Services Applications

  • Traffic is dropped when changing the source address under a NAT rule term for basic NAT translation. PR1257801

  • The kmd process might crash after configuring certain IPsec configuration using the apply-groups method. PR1265404

Subscriber Access Management

  • Possible CPS degradation for scaled DHCP IPv4 or IPv6 and PPPoE IPv4 subscribers. PR1264052

  • An incorrect number of messages in the queue for the RADIUS server is shown in the output for show network-access aaa statistics radius detail. PR1267307

  • The CLI command show network-access requests pending count keeps increasing the network access requests pending count even if there are no pending authentication requests. PR1267702

VPNs

  • The Routing protocol process (rpd) memory leak is observed in next-generation MVPN environments. PR1259579

Documentation Updates

This section lists the errata and changes in Junos OS Release 17.2R3 documentation for MX Series.

Protocol Independent Routing Properties

  • Support for deletion of static routes when the BFD session goes down (MX Series)—Starting with Junos OS Release 17.2R2, the default behavior of the static route at the [edit routing-options static static-route bfd-admin-down] hierarchy level is active. So, the static routes are deleted when the BFD receives a session-down message.

Subscriber Management Access Network Guide

  • The “Configuring the L2TP Resynchronization Method” and “disable-failover-protocol (L2TP)” topics have been updated to state that you can configure the LNS to support only silent failover for peer resynchronization. This capability has been supported on both the LAC and the LNS since Junos OS Release 11.2.

  • The guide failed to include a feature that enables you to override the information that the LAC sends to the LNS in L2TP Calling Number AVP 22 when the LAC is configured to use the Calling-Station-ID format. You can configure the access profile to override that value for AVP 22 with any combination of the agent circuit identifier and the agent remote identifier received by the LAC in the PADR packet.

    [See Override the Calling-Station-ID Format for the Calling Number AVP.]

  • The guide incorrectly stated that the linked-pool-aggregation statement is located at the [edit access address-assignment pool pool-name] hierarchy level. In fact, this statement is located at the [edit access] hierarchy level.

    [See Configuring Address-Assignment Pool Linking.]

Subscriber Management Provisioning Guide

  • Support for the packet-triggered subscribers and policy control rule base (PTSP) feature was discontinued starting in Junos OS Release 13.1R1, but this was not reflected in the documentation. Text exclusive to PTSP has been removed from the Broadband Subscriber Sessions User Guide. This includes all CLI topics and the following chapters:

    • “Configuring the PTSP Feature to Support Dynamic Subscribers”

    • “Configuring the PTSP Partition to Connect to the External Policy Manager”

    • “Configuring PTSP Services and Rules”

    • “Monitoring and Managing Packet-Triggered Subscribers”

    Topics for other features that refer to PTSP are updated to report the end of support.

  • The Broadband Subscriber Sessions User Guide did not report that you can suspend AAA accounting, establish a baseline of accounting statistics, and resume accounting. This feature was introduced in Junos OS Release 15.1R4.

    [See Suspending AAA Accounting and Baselining Accounting Statistics Overview.]

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS for the MX Series routers. Upgrading or downgrading Junos OS might take several minutes, depending on the size and configuration of the network.

Starting with Junos OS Release 15.1, in some of the devices, FreeBSD 10.x is the underlying OS for Junos OS instead of FreeBSD 6.x. This feature includes a simplified package naming system that drops the domestic and world-wide naming convention. However, in some of the routers, FreeBSD 6.x remains the underlying OS for Junos OS. For more details about FreeBSD 10.x, see Understanding Junos OS with Upgraded FreeBSD.

The following table shows detailed information about which Junos OS can be used on which products:

Platform

FreeBSD 6.x-based Junos OS

FreeBSD 10.x-based Junos OS

MX5, MX10, MX40, MX80, MX104

YES

NO

MX240, MX480, MX960,

MX2010, MX2020

NO

YES

Basic Procedure for Upgrading to Release 17.2

Note

Before upgrading, back up the file system and the currently active Junos OS configuration so that you can recover to a known, stable environment in case the upgrade is unsuccessful. Issue the following command:

The installation process rebuilds the file system and completely reinstalls Junos OS. Configuration information from the previous software installation is retained, but the contents of log files might be erased. Stored files on the routing platform, such as configuration templates and shell scripts (the only exceptions are the juniper.conf and ssh files) might be removed. To preserve the stored files, copy them to another system before upgrading or downgrading the routing platform. For more information, see the Junos OS Administration Library.

For more information about the installation process, see Installation and Upgrade Guide and Upgrading Junos OS with Upgraded FreeBSD.

Procedure to Upgrade to FreeBSD 10.x based Junos OS

Products impacted: MX240, MX480, MX960, MX2010, and MX2020.

To download and install FreeBSD 10.x based Junos OS:

  1. Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:

    https://www.juniper.net/support/downloads/

  2. Select the name of the Junos OS platform for the software that you want to download.
  3. Select the release number (the number of the software version that you want to download) from the Release drop-down list to the right of the Download Software page.
  4. Select the Software tab.
  5. In the Install Package section of the Software tab, select the software package for the release.
  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the routing platform or to your internal software distribution site.
  10. Install the new jinstall package on the routing platform.Note

    We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

    All customers except the customers in the Eurasian Customs Union (currently comprising Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:

    • For 32-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-32-17.2R3.9-signed.tgz
    • For 64-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-64-17.2R3.9-signed.tgz

    Customers in the Eurasian Customs Union (currently comprised of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption Junos package):

    • For 32-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-32-17.2R3.x-limited.tgz
    • For 64-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-64-17.2R3.9-limited.tgz

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the router.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname

    Do not use the validate option while upgrading from Junos OS (FreeBSD 6.x) to Junos OS (FreeBSD 10.x). This is because programs in the junos-upgrade-x package are built based on FreeBSD 10.x, and Junos OS (FreeBSD 6.x) would not be able to run these programs. You must run the no-validate option. The no-validate statement disables the validation procedure and allows you to use an import policy instead.

    Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note

You need to install the Junos OS software package and host software package on the routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. For upgrading the host OS on these routers with VM Host support, use the junos-vmhost-install-x.tgz image and specify the name of the regular package in the request vmhost software add command. For more information, see VM Host Installation topic in the Installation and Upgrade Guide.

Note

After you install a Junos OS Release 17.2 jinstall package, you cannot return to the previously installed Junos OS (FreeBSD 6.x) software by issuing the request system software rollback command. Instead, you must issue the request system software add no-validate command and specify the jinstall package that corresponds to the previously installed software.

Note

Most of the existing request system commands are not supported on routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. See the VM Host Software Administrative Commands in the Installation and Upgrade Guide.

Procedure to Upgrade to FreeBSD 6.x based Junos OS

Products impacted: MX80, and MX104.

To download and install FreeBSD 6.x based Junos OS:

  1. Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:

    https://www.juniper.net/support/downloads/

  2. Select the name of the Junos OS platform for the software that you want to download.
  3. Select the release number (the number of the software version that you want to download) from the Release drop-down list to the right of the Download Software page.
  4. Select the Software tab.
  5. In the Install Package section of the Software tab, select the software package for the release.
  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the routing platform or to your internal software distribution site.
  10. Install the new jinstall package on the routing platform.Note

    We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

    • All customers except the customers in the Eurasian Customs Union (currently comprising of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:

      user@host> request system software add validate reboot source/jinstall-ppc-17.2R3.9-signed.tgz
    • Customers in the Eurasian Customs Union (currently comprising of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption Junos OS package):

      user@host> request system software add validate reboot source/jinstall-ppc-17.2R3.x-limited-signed.tgz

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the router.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname

    The validate option validates the software package against the current configuration as a prerequisite to adding the software package to ensure that the router reboots successfully. This is the default behavior when the software package being added is a different release.

    Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note

After you install a Junos OS Release 17.2 jinstall package, you cannot return to the previously installed software by issuing the request system software rollback command. Instead, you must issue the request system software add validate command and specify the jinstall package that corresponds to the previously installed software.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 16.1, 16.2 and 17.1 are EEOL releases. You can upgrade from Junos OS Release 16.1 to Release 16.2 or even from Junos OS Release 16.1 to Release 17.1. However, you cannot upgrade directly from a non-EEOL release that is more than three releases ahead or behind.

To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.

Upgrading a Router with Redundant Routing Engines

If the router has two Routing Engines, perform the following Junos OS installation on each Routing Engine separately to avoid disrupting network operation:

  1. Disable graceful Routing Engine switchover (GRES) on the master Routing Engine, and save the configuration change to both Routing Engines.

  2. Install the new Junos OS release on the backup Routing Engine while keeping the currently running software version on the master Routing Engine.

  3. After making sure that the new software version is running correctly on the backup Routing Engine, switch over to the backup Routing Engine to activate the new software.

  4. Install the new software on the original master Routing Engine that is now active as the backup Routing Engine.

For the detailed procedure, see the Installation and Upgrade Guide.

Downgrading from Release 17.2

To downgrade from Release 17.2 to another supported release, follow the procedure for upgrading, but replace the 17.2 package with one that corresponds to the appropriate release.

Note

You cannot downgrade more than three releases.

See Installation and Upgrade Guide.

Product Compatibility

Hardware Compatibility

To obtain information about the components that are supported on the devices, and special compatibility guidelines with the release, see the Hardware Guide and the Interface Module Reference for the product.

To determine the features supported on MX Series devices in this release, use the Juniper Networks Feature Explorer, a Web-based application that helps you to explore and compare Junos OS feature information to find the right software release and hardware platform for your network. Find Feature Explorer at: https://pathfinder.juniper.net/feature-explorer/.

Hardware Compatibility Tool

For a hardware compatibility matrix for optical interfaces and transceivers supported across all platforms, see the Hardware Compatibility tool.