Junos OS Release Notes for PTX Series Packet Transport Routers
These release notes accompany Junos OS Release 17.3R3 for the PTX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.
You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.
New and Changed Features
This section describes the new features and enhancements to existing features in the Junos OS main release and the maintenance releases for PTX Series.
Release 17.3R3 New and Changed Features
There are no new features in Junos OS Release 17.3R3 for PTX Series routers.
Release 17.3R2 New and Changed Features
Software Installation and Upgrade
Device serial number added to DHCP option 60 (PTX1000)—Starting in Junos OS Release 17.3R2, DHCP option 60 (Vendor Class Identifier) includes the serial number of the device when you use Zero Touch Provisioning (ZTP) to automate provisioning of the device configuration and software image. The serial number can uniquely identify the device in a broadcast network. The serial number appears in the format Juniper-model-number. For example, a PTX1000 router numbered DA000 appears as Juniper-ptx1000-DA000.
Release 17.3R1 New and Changed Features
Class of Service
Support for setting the DSCP code point for host-originating IS-IS traffic sent over a GRE tunnel (PTX Series)—Starting in Junos OS Release 17.3R1, you can determine traffic prioritization for IS-IS traffic originating on a host and being sent over a GRE tunnel by assigning a DSCP code point to the IS-IS packets. You can set the DSCP code point by including the isis-over-gre dscp-code-point value statement at the [edit class-of-service host-outbound-traffic protocol] hierarchy level.
Support for shaping of the traffic exiting a physical interface (PTX10008)—Starting with Junos OS Release 17.3R1, you can shape the output traffic of a physical interface on PTX10008 routers so that the interface transmits less traffic than it is physically capable of carrying. Shaping on a PTX10008 router interface has a minimum rate of 1 Gbps and an incremental granularity of 0.1 percent of the physical interface speed after that (for example, 10 Mbps increments on a 10 Gbps interface). You can shape the output traffic of a physical interface by including the shaping-rate statement at the [edit class-of-service interfaces interface-name] or [edit class-of-service traffic-control-profiles profile-name] hierarchy level and applying the traffic control profile to an interface.
Commit process split into two steps (PTX Series)—Starting in Junos OS Release 17.3R1, new configuration statements are introduced for commit to split the commit process into two steps. These configuration statements are prepare and activate.
In the first step, known as preparation stage, commit prepare validates the configurations and then creates the necessary files and database entries so that the validated configurations can be activated at a later stage.
In the second step, referred to as the activation stage, commit activate activates the previously prepared commit. A new configuration statement, prepared, is added to clear system commit, which clears the prepared commit cache
This feature enables you to configure a number of Junos OS devices and simultaneously activate the configurations. This approach is helpful in time-critical scenarios.
Interfaces and Chassis
Management Ethernet interface (fxp0) is confined in a non-default virtual routing and forwarding table (PTX 10008)—Starting in Junos OS Release 17.3R1, you can confine the management interface in a dedicated management instance by setting a new CLI configuration statement,management-instance, at the [edit system] hierarchy level. By doing so, operators will ensure that management traffic no longer has to share a routing table (that is, the default.inet.0 table) with other control or protocol traffic in the system. Instead, there is a mgmt_junos routing instance introduced for management traffic.
Support for confining management Ethernet Interface (fxp0) in a virtual routing and forwarding table (PTX10008)—Starting in Junos OS Release 17.3R1, Junos OS is able to confine the management interface in a dedicated management instance by setting a new CLI configuration statement, management-instance, at the [edit system] hierarchy level. By doing so, operators will ensure that management traffic no longer has to share a routing table (that is, default.inet.0 table) with other control or protocol traffic in the system. Instead, there is a mgmt_junos routing instance introduced for management traffic.
For more information, see Configuring the mgmt_junos Routing Instance
Support to configure YANG files for Junos Telemetry Interface (PTX Series)—Starting with Junos OS Release 17.3R1, you can add user-defined YANG files that provide mappings between the XML path and the OpenConfig path for data streamed through the Junos Telemetry Interface. Previously, only the Junos OpenConfig package was available for providing these mappings to the XML proxy when streaming data through gRPC. To add YANG files, include the request system yang add package package-name proxy-xml module yang-file-path operational command. You can validate the YANG module by using the request system yang validate proxy-xml module yang-file-path command. To delete a YANG file, use the request system yang delete package package-name proxy-xml yang-file-path operational command.
Enhancements to BGP peer sensors for Junos Telemetry Interface (PTX Series)—Starting with Junos OS Release 17.3R1, telemetry data streamed through gRPC for BGP peers is reported separately for each routing instance. To export data for BGP peers, you must now include the following path in front of all supported paths: /network-instances/network-instance/[name_'instance-name']/protocols/protocol/
Additionally, the following paths are also now supported:
Use the telemetrySubscribe RPC to specify telemetry parameters and provision the sensor. If your device is running a version of Junos OS with an upgraded FreeBSD kernel, you must download the Junos Network Agent software package, which provides the interfaces to manage gRPC subscriptions.
Junos Telemetry Interface support for Routing and Control Board RCB-PTX-X6-32G (PTX3000)—Starting with Junos OS Release 17.3R1, the Routing and Control Board (RCB) on PTX3000 routers supports the Junos Telemetry Interface, which enables you to provision sensors to export telemetry data for various network elements. The RCB combines the functionality of a Routing Engine, Control Board, and Centralized Clock Generator (CCG) in a single FRU. To provision sensors to stream data through UDP, all parameters are configured at the [edit services analytics] hierarchy level. To provision sensors to stream data through gRPC, use the telemetrySubscribe RPC to specify telemetry parameters for a specified list of OpenConfig command paths. Streaming telemetry data through gRPC also requires you to download the OpenConfig for Junos OS module and YANG models.
Enhanced support for Junos Telemetry Interface (PTX1000 routers)—Starting with Junos OS Release 17.3R1, you can also provision sensors through the Junos Telemetry Interface for the following network elements:
Logical interfaces, including queue statistics (UDP and gRPC streaming)
BGP Peers (gRPC streaming only)
Memory utilization for routing protocol tasks (gRPC streaming only)
RSVP interface events (gRPC streaming only)
Firewall filters, including traffic-class counter (UDP and gRPC streaming)
Chassis components (gRPC streaming only)
Aggregated Ethernet interfaces configured with the Link Aggregation Control Protocol (gRPC streaming only)
Ethernet interfaces enabled configured with the Link Layer Discovery Protocol (gRPC streaming only)
Routing Engine logical and physical interfaces (UDP and gRPC streaming)
Optical interfaces (UDP and gRPC streaming)
Network Discovery Protocol table state (gRPC streaming only)
Address Resolution Protocol table state (gRPC streaming only)
IPFIX infline flow aggregation (UDP streaming only)
To provision sensors to stream data through UDP, all parameters are configured at the [edit services analytics] hierarchy level. To provision sensors to stream data through gRPC, use the telemetrySubscribe RPC to specify telemetry parameters for a specified list of OpenConfig command paths. Streaming telemetry data through gRPC also requires you to download the OpenConfig for Junos OS module and YANG models.
Support for next generation MVPN and Internet multicast (PTX1000)—Starting in Junos OS Release 17.3R1, the mpls-internet-multicast routing instance type uses ingress replication provider tunnels to carry IP multicast data between routers through an MPLS cloud, using MBGP (or next generation) MVPN.
Next-generation MVPN is supported only when the enhanced-mode statement is configured at the [edit chassis network-services] hierarchy level.
Support for next generation MVPN and Internet multicast (PTX10008)—Starting in Junos OS Release 17.3R1, the mpls-internet-multicast routing instance type uses ingress replication provider tunnels to carry IP multicast data between routers through an MPLS cloud, using MBGP (or next generation) MVPN. Next generation MVPN is available only for PTX Series routers that have third-generation FPCs installed.
Network Management and Monitoring
mLDP MIB extends support to LDP point-to-multipoint (P2MP) LSPs (PTX Series)—Starting in Junos OS Release 17.3R1, the mLDP MIB builds on the objects and tables that are defined in RFC 3815, which only support LDP point-to-point label switched paths (LSPs). This mLDP MIB provides support for managing multicast LDP point-to-multipoint (P2MP) and multipoint-to-multipoint (MP2MP) LSPs. The mLDP MIB tables are directly accessible through SNMP. All objects in the mLDP MIB are read-only and cannot be created or set through SNMP. This implementation of mLDP MIB is specified in draft-ietf-mpls-mldp-mib.
Support for inline jflow version 9 flow templates (PTX1000)—Starting in Junos OS Release 17.3R1, you can use inline-JFlow’s export capabilities with version 9 flow templates to define a flow record template suitable for IPv4 or IPv6 traffic.
Operation, Administration, and Maintenance
Junos OS daemons to natively emit JSON output (PTX Series)—Starting with Junos OS Release 17.3R1, the operational state emitted by the daemons is supported in JSON format as well as XML format. To configure JSON format, specify the following CLI command: set system export-format state-data json compact. To specify JSON format for specific command output, include display json in specific CLI commands.
Junos OS OpenConfig to support adjacent RIB operational state model (PTX Series)—Starting with Junos OS Release 17.3R1, adj-rib-in-pre and adj-rib-out-post tables have been added for the OpenConfig RIB operational state mode. The BGP RIB consists of several tables per address family, consisting of loc-rib and per-neighbor tables.
Routing Policy and Firewall Filters
Optimized performance for DSCP and traffic-class firewall filter match conditions (PTX10008)—Starting in Junos OS Release 17.3R1, the promote dscp and promote traffic-class indicators are supported in firewall filters for IPv4 and IPv6 traffic. When either of these are applied to a filter, the entire filter is compiled in a way that optimizes its performance for the dscp or traffic-class match condition. The indicators are configured at the [edit firewall family (inet | inet6) filter filter-name] hierarchy level.
Enabling the indicators requires that network services is set to enhanced-mode. Use of the indicators may impact the performance of the source-port match condition.
Optimized performance for DSCP and traffic-class firewall filter match conditions (PTX1000)—Starting in Junos OS Release 17.3R1, the promote dscp and promote traffic-class indicators are supported in firewall filters for IPv4 and IPv6 traffic. When either are applied to a filter, the entire filter is compiled in a way that optimizes its performance for the dscp or traffic-class match condition. The indicators are configured at the [edit firewall family (inet | inet6) filter filter-name] hierarchy level.
Enabling the indicators requires that network services be set to enhanced-mode. Use of the indicators might impact the performance of the source-port match condition.
Support for Hop-limit firewall filter match condition (PTX10008)—Starting in Junos OS Release 17.3R1, you can configure a firewall filter using the hop-limit hop-limit and hop-limit except hop-limit match conditions for Internet Protocol version 6 (IPv6) traffic (family inet6).
The hop-limit hop-limit and hop-limit except hop-limit match conditions are supported on PTX series routers when you configure the network-services mode as enhanced-mode on the router.
For more information, see Firewall Filter Match Conditions for IPv6 Traffic.
Hop-limit firewall filter match condition supported (PTX1000)—Starting in Junos OS Release 17.3R1, you can configure a firewall filter using the hop-limit and hop-limit except match conditions for IP version 6 (IPv6) traffic (family inet6).
The hop-limit and hop-limit except match conditions are supported on PTX1000 routers when enhanced-mode is configured on the router.
Routing protocol process (rpd) recursive resolution over multipath (PTX Series)—Starting in Junos OS Release 17.3R1, when a BGP prefix that has a single protocol next hop is resolved over another BGP prefix that has multiple resolved paths (unilist), all the paths are selected for protocol next-hop resolution. In prior Junos OS releases, only one of the paths is picked for protocol next-hop resolution. This new feature benefits densely connected networks where BGP is used to establish infrastructure connectivity such as WAN networks with high equal-cost multipath and seamless MPLS topology.
To configure recursive resolution over multipath, define a policy that includes the multipath-resolve action at the [edit policy-options policy-statement policy-name then] hierarchy level and import the policy at the [edit routing-options resolution rib rib-name] hierarchy level.
Support for IS-IS SPRING and RSVP coexistence (PTX Series)—Starting in Junos OS Release 17.3R1, the routing protocol process (rpd) takes into account the bandwidth used by SPRING traffic to calculate the balance bandwidth available for RSVP-TE. The allocated bandwidth for RSVP is periodically modified based on the traffic on the SPRING interface and its bandwidth utilization. To configure automatic bandwidth calculation, include the auto-bandwidth template statement at the [edit routing-options] hierarchy level. You can apply the auto-bandwidth template configuration either globally at the [edit protocols isis source-packet-routing traffic-statistics] hierarchy level or at the [edit protocols isis interface interface-name] hierarchy level. This feature is useful for networks that are moving to SPRING but also have RSVP deployed, and continue to use both SPRING and RSVP.
Support for BGP Large Communities (PTX Series)—Starting with Junos OS Release 17.3R1, BGP community is enhanced to support BGP large community that uses 12-byte encoding where the most significant 4 bytes encode autonomous system number or global administrator and the remaining two 4 bytes encode operator defined local values. Currently, BGP normal community (4 byte) and BGP extended community (6 byte) provide limited support for BGP community attributes after the introduction of 4-byte autonomous system number. Configure the large BGP community attributes at the [edit policy-options community community-name members] hierarchy level and at the [edit routing-options static route route community] hierarchy level with keyword large followed by three 4-byte unsigned integers separated by colons. The attributes are represented as large:autonomous system number:local value 1:local value2.
Support for BGP to carry flow-specification routes (PTX10008)—Starting in Junos OS Release 17.3R1, BGP can carry flow-specification network layer reachability information (NLRI) messages on a PTX10008 router. Propagating firewall filter information as part of BGP enables you to propagate firewall filters against denial-of-service (DoS) attacks dynamically across autonomous systems.
Support for inline JFlow version 9 flow templates (PTX 10008 routers)—Starting in Junos OS Release 17.3R1, you can use inline-JFlow export capabilities with version 9 flow templates to define a flow record template suitable for IPv4 or IPv6 traffic.
Changes in Behavior and Syntax
This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands in Junos OS Release 17.3R3 for the PTX Series.
Forwarding and Sampling
In Junos OS Release 17.3R1, and later, the SelectorID field (element id: 302) is sent instead of the Bytes field (element id: 1) in the system scope of version-ipfix Option template records for all PTX Series Routers. All other elements of the template remain the same.
Interfaces and Chassis
Restart FPC option supported on PTX1000 router—In Junos OS Release 17.3, you can reboot the FPC gracefully using request chassis fpc restart slot slot-number command on a PTX1000 router. Note that request chassis fpc (online|offline) slot slot-number command is not supported, which means only restart option is supported, but online and offline options are not supported.
[See request chassis fpc.]
Changes to custom YANG RPC syntax (PTX Series)—Starting in Junos OS Release 17.3, custom YANG RPCs have the following changes in syntax:
junos:action-executestatement is a substatement to
junos:command. In earlier releases, the
commandstatements are placed at the same level, and the
commandstatement is optional.
The CLI formatting for a custom RPC is defined within the
junos-odl:formatstatement, which takes an identifier as an argument. In earlier releases, the CLI formatting is defined using a container that includes the
junos-odl:cli-formatstatement with no identifier.
junos-odl:stylestatement defines the formatting for different styles within the statement. In earlier releases, the CLI formatting for different styles is defined using a container that includes the
Enhancement to show agent sensors command (PTX Series) —Starting with Junos OS Release 17.3R1, the show agent sensors command, which displays information about Junos Telemetry Interface sensors, displays the default value of 0 for the DSCP and Forwarding-class values. Previously, the displayed default value for these fields was 255. The default value is displayed when you do not configure a DSCP or forwarding-class value for a sensor at the [edit services analytics export-profile profile-name] hierarchy level.
Network Management and Monitoring
SNMP syslog messages changed (PTX Series)—Starting in Junos OS Release 17.3R1, two misleading SNMP syslog messages have been rewritten to accurately describe the events:
OLD --AgentX master agent failed to respond to ping. Attempting to re-register
NEW –- AgentX master agent failed to respond to ping, triggering cleanup!
OLD –- NET-SNMP version %s AgentX subagent connected
NEW --- NET-SNMP version %s AgentX subagent Open-Sent!
[See the MIB Explorer.]
Enhancement to about-to-expire logic for license expiry syslog messages (PTX Series)—Starting in Junos OS Release 17.3R1, the logic for multiple capacity type licenses and when their expiry raises alarms was changed. Before, the behavior had alarms and syslog messages for expiring licenses raised based on the highest validity, which would mislead users in the case of a license expiring earlier than the highest validity license. The new behavior has the about-to-expire logic based on the first expiring license.
Change in default log level settings (PTX Series)—Starting in Junos OS Release 17.3R2, the following changes were made to the default logging levels:
Before this change:
SNMP_TRAP_LINK_UP was LOG_INFO for both the physical (IFD) and logical (IFL) interfaces.
SNMP_TRAP_LINK_DOWN was LOG_WARNING for both the physical (IFD) and logical (IFL) interfaces.
After this change:
IFD LinkUp - LOG_NOTICE (although this is an important message, it appears less frequent)
IFL LinkUp - LOG_INFO (no change)
IFD and IFL LinkDown - LOG_WARNING (no change)
[See the MIB Explorer.]
Changes to the show services rpm history-results command (PTX Series)—Starting in Junos OS Release 17.3R1, you must include the owner owner and test name options when using the show services rpm history-results command.
In Junos OS Release 17.3R1 and later, for PIC-based J-Flow on MX Series routers and inline J-Flow on PTX Series routers, the Options template and Options data records include the Sampling Interval field as part of the ScopeTemplate field instead of the ScopeSystem field.
LAG interface flaps while adding/removing a VLAN—Starting in Junos OS Release 17.3, the LAG interface flaps while adding or removing a VLAN. The flapping happens when a low-speed SFP is plugged into a relatively high-speed port. To avoid flapping, configure the port speed to match the speed of the SFP.
This section contains the known behavior, system maximums, and limitations in hardware and software in Junos OS Release 17.3R3 for PTX Series.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
Uneven load balancing of traffic might occur if the traffic stream changes only in the 0-15 bits of the Layer 3 destination IPv6 address. This limitation might not be visible if the other parameters affecting the load balance change along with L3_DST, such as L3 source IP address, L4 source/destination ports, and so on. PR1065515
On a PTX Series router with a faulty power supply module (PSM), the PSM might generate excessive interrupt requests. Because hardware interrupt requests are processed by the chassis process (chassisd), excessive interrupt requests might cause chassisd to restart when the condition persists for more than 200 seconds. PR1226992
When next-generation MVPN is configured with RSVP provider tunnels and NSR is used, then the egress router for the tunnel might not correctly replicate some of the tunnel state to the backup Routing Engine, leading to temporary traffic loss during NSR failover for the effected tunnels. PR1293014
This section lists the known issues in hardware and software in Junos OS Release 17.3R3 for the PTX Series.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
In certain transient scenarios, when egress the physical interface is down and ingress is sending still-traffic, eprq_map_disabled error messages will be displayed. There is no functional impact because of these messages. PR1123949
A PTX Series FPC3 might receive noise on the FPC console port and might interpret it as valid signals. This might cause a login failure on the console port and generate core files or even reloads. PR1224820
On rare occasions, upon reboot, the kernel cannot create sysfs entries for the solid-state drives in the system. This might result in the system entering panic mode and hanging. PR1261068
When an FPC goes offline or restarts, FPC 'x' sends traffic to FPC 'y'. The following error messages are seen on the destination FPC. A corresponding alarm is set on the destination FPC. Specific to the PTX10000, the transient alarm gets set when this condition occurs. The alarm clears later because the source FPC goes offline. Apr 09 10:31:24 [TRACE] [asta] Apr 9 10:19:59 asta fpc4 Error (0x210613), module: PE Chip, type: Apr 09 10:31:24 [TRACE] [asta] Apr 9 10:19:59 asta fpc4 Cmerror Op Set: PE Chip: PE1: FO:core intr: 0x00000010: Grant spray drop due to unspray-able condition error Apr 09 10:31:24 [TRACE] [asta] Apr 9 10:19:59 asta fpc4 Error (0x210614), module: PE Chip, type: Apr 09 10:31:24 [TRACE] [asta] Apr 9 10:19:59 asta fpc4 Cmerror Op Set: PE Chip: PE1: FO:core intr: 0x00000008: Request spray drop due to unspray-able condition error PR1268678
Sometimes l2cpd core files are generated when LLDP neighbors are cleared. PR1270180
Interfaces might go down when Packet Forwarding Engine encounters TOE::FATAL ERROR . The target of evaluation (TOE) is a module in the Packet Forwarding Engine. The fatal error can be caused either by a software issue or hardware issues such as memory parity errors or others. As a workaround, reboot the line card to recover the service when hitting the issue. PR1300716
This type of crash indicates simultaneous operation on an ephemeral instance. When a process wants to open ephemeral configuration in merge view, some other activity (such as purging, deletion/recreation) is being carried out on this ephemeral instance. The occurrence of this core is rare. PR1305424
On PTX10000 series platform with FPC "LC1101 - 30C / 30Q / 96X" installed, the 10G interface might flap when the interface is active and it is set to 100 Gbps speed. PR1315079
On PTX platform, error message could be observed when FPC card goes online or offline. PR1322491
On PTX Series platform with broadway cards (for example, FPC1, FPC2) and class-of-service (CoS) used, a high priority queue might not get the entire configured bandwidth. PR1324853
When PTX5000 software is upgraded to a Junos OS version, the software upgrade FPC (fully loaded with PICs and optics) might raise the minor chassis alarm "Consumption > 90percent of allocated Budget". PR1345478
PTX3000 reports CCL (Chip to Chip Link) CRC errors while FPC3-SFF-PTX-1X is offlined through CLI command or press offline button. The syslog error is generated by an FPC just before it goes offline, so there is no detectable traffic loss. PR1348733
On next generation Routing Engine (NG RE), a failure of the Hardware Random Number Generator (HWRNG) will leave the system in a state where not enough entropy is available to operate. PR1349373
If firewall filter is configured, in a rare condition, the host interface might be wedged on PTX Series platform with FPC type 3. PR1354580
Intermittently few packets are found to be matching on default route with reject NH in forwarding chip, though valid route is present in the FIB. PR1358363
Interfaces and Chassis
Junos upgrade involving Junos OS Release 14.2R5 (and above in 14.2 maintenance releases) and Junos OS Release 16.1 above mainline releases with CFM configuration can cause cfmd crash after upgrade. This is due the old version of
With Shared Risk Link Group (SRLG) enabled under corner conditions, after executing the command clear isis database, the rpd might crash because the IS-IS database tree gets corrupted. PR1152940
This section lists the issues fixed in the Junos OS main release and the maintenance releases.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
Resolved Issues: 17.3R3
On PTX 5000 with FPC type 3 in rare condition, FPC might crash during lo0.0 inet6 input filter. PR1268875
Periodic export of IPFIX flow packets with high octet values. PR1286427
The routing protocol process (rpd) might generate a core file while restarting the process. PR1291110
Repeated log message %PFE-3 fpcX expr_nh_index_tree_ifl_get and expr_nh_index_tree_ipaddr_get are observed when sampling packet is discarded with log (or syslog) knob under firewall filter. PR1304022
The interface hold-time down timer does not take effect on PTX5000 with optical interface. PR1307302
Rpd core is observed after multiple session flaps on scale setup. PR1312169
Continuous logs from vhclient for all the commands executed. PR1315128
The RIB and FIB might get out of synchronization because the KRT asynchronous queue might get stuck. PR1315212
After Jack-out/Jack-in FPC's showing up as "No-Power" for some time; FPC however comes up. PR1319156
The rpd might crash when OpenConfig package is upgraded with JTI streaming data in the background. PR1322553
JSA10864 2018-07 Security Bulletin: Junos OS: MPC7/8/9, PTX-FPC3 (FPC-P1, FPC-P2), PTX3K-FPC3 and PTX1K: Line card might crash upon receipt of specific MPLS packet (CVE-2018-0030). PR1323069
On PTX1000, MX204, MX10003 or QFX10002-60C, the local time on FPC might be different from the local time on Junos VM or VM host. PR1325048
PTX MKA sessions are not coming up, after changing CA parameters like - transmit-interval, key-server-priority. PR1325392
MPLS traceroute fails across PTX Series platform. PR1327609
On PTX5k with FPC3 linecards, PTX10k, and PTX1k platforms, output firewall filters that are configured with syslog and discard actions do not perform the "syslog" action. PR1328426
PTX10K line card might reboot continuously after upgrading to Junos OS Release 17.2R1 or above if HMC BIST fails. PR1330618
Link instability is observed after link-down event on PTX Series device. PR1330708
PTX5K FPC might reboot in certain rare scenarios when interface-specific policer is configured. PR1335161
Member of IPv4 unilist next hops might be stuck in "Replaced" state after interface flaps. PR1336201
Disabling a breakout 10G port on et-0/0/5 will unexpectedly disable another breakout 10G port on et-0/0/5. PR1337975
FPC/FPC2/FPC E on PTX does not forward traffic. PR1339524
PTX FPC link goes down after router reboot or flap. PR1340612
MPLS traceroute for P2MP LSPs configured with link-protection causes FPC crash. PR1348314
BFD sessions do not come up on PTX3000. PR1352112
Flabels might get exhausted after multiple Routing Engine switch-over. PR1354002
The interface of 15 100G ports PIC might delay 60 seconds to come up. PR1357410
Routes stuck in krt queue with error 'EINVAL -- Bad parameter in request'. PR1362560
The traffic is still forwarded through the member link of an aggregated Ethernet bundle interface even with "Link-Layer-Down" flag set. PR1365263
On PTX IPLC (OPT3-SFF-PTX FPC), a first J-UKERN crash triggers multiple secondary J-UKERN crashes. PR1365791
PTX Series device might get to abnormal state due to the malfunction of the protection mechanism for F-Label. PR1336207
Traffic drop during NSR switchover for RSVP P2MP provider tunnels used by MVPN. PR1293014
The rpd might crash on backup Routing Engine due to memory exhaustion. PR1328974
MPLS LSP statistics are not shown in CLI command show mpls lsp ingress statistics. PR1344039
Platform and Infrastructure
PTX1000 and QFX10002-60C: Python scripts/shell scripts cannot be executed during ZTP as veriexec is enabled. PR1334425
Traffic black hole is seen along with JPRDS_NH:jprds_nh_alloc(),651: JNH failed to grab new region for NH messages. PR1357707
The rpd might constantly consume high CPU in BGP setup. PR1315066
The primary path of MPLS LSP might switch to other address. PR1316861
The rpd process might crash continuously on both Routing Engines when backup-spf-options remote-backup-calculation is configured in IS-IS protocol. PR1326899
Rpd might crash if SRLG information is in the protocol IS-IS. PR1337849
In a specific CE device environment in which asynchronous-notification is used, after the link between the PE and CE devices goes up, the L2 circuit flaps repeatedly. PR1282875
Resolved Issues: 17.3R2
On PTX1000 routers, the error message ch_get_product_attribute.324: Cannot find chassisd is displayed when loading images. PR1217505
On PTX Series routers, a faulty power supply module (PSM) might generate excessive interrupt requests. These hardware interrupt requests, processed by chassisd, might restart the chassisd process when the condition persists more than 200 seconds. PR1226992
The validation-state:unverified routing entry might not be shown with the proper location when users run show route. PR1254675
The rpd process might crash after BGP sessions and routes flap. PR1269327
100GBase-ER4 (740-045420) is shown as UNKNOWN when the CLI command show chassis hardware is executed in Junos OS Release 15.1R5. PR1280089
FPC cards might go offline because of fabric healing in a PTX3000 with a SIB-SFF-PTX-240-S platform. PR1282983
The MPLS TTL might reset to 255 on third-generation PTX Series FPCs if the protocols mpls no-propagate-ttl statement is configured. PR1287473
LSP traffic might silently drop and get discarded after a link goes down in bypass path. PR1291036
The routing protocol process (rpd) might generate a core file while restarting the process from the CLI. PR1291110
Incorrect SNMP OID values are sent in SNMP traps for removal or insertion of a front panel display on PTX Series routers. PR1294741
LINK LED is RED when the port is disabled on PTX Series routers. PR1294871
The rpd core file is generated after interface or BGP flapping. PR1294957
The chassisd process might run out of memory and restart on a PTX1000 platform. PR1295691
On a PTX5000 or an Ethernet Synchronization Message Channel (ESMC), the clock does not get locked when the source interface is a member link of an aggregated Ethernet bundle. PR1296015
The mgd core file is generated when downgrading from Junos OS Release 17.3-20170721 to Junos OS Release 16.1X65D40.2. The mgd core file is overwritten if downgrading is attempted multiple times. PR1296504
On a PTX1000, upgrade from Junos OS Release 16.1X65D45 to Junos OS Release 17.3-20170721 fails frequently with sampling enabled. PR1296533
Alarms and syslog errors are seen with priority strict-high on an AF4 queue, on the oversubscription cases (1X100G egress to 1X10G egress setup). PR1297343
The disable-pfe action upon Hybrid Memory Cube (HMC) fatal errors might have a system-wide impact on PTX Series platforms. PR1300180
PTX Series router FPC3 drops MPLS packets when the maximum transmission unit is less than the MPLS packet size on the outgoing interface with IPv4 traffic. PR1302256
Heap memory leak might be observed on PTX Series router FPCs during a multicast route installation into the Packet Forwarding Engine. PR1302303
On a PTX3000, powering on an FPC (OPT-3-SFF-PTX/IPLC) card reboots the other FPC cards. PR1302304
The third-generation FPC (FPC3-SFF-PTX) might not boot on a PTX3000 with the Control Board or Routing Engine. PR1303295
The 100G interfaces might not come up on a PTX3000 and a PTX5000. PR1303324
This issue occurs when using MPLS LSPs and RSVP-TE self-ping. When rpd sends out a self-ping packet and an RSVP packet at the same time, these packets might overwrite the kernel's packet buffers causing memory corruption and kernel panic. PR1303798
PTX3000 with RCB-PTX Routing Engine might be unable to come online or recognize integrated photonic line cards (IPLCs). PR1304124
The routing information base (RIB - also known as routing table) and forwarding information base (FIB - also known as forwarding table) might not synchronize in a large-scale network, because of a timing issue. The root cause is that when the rpd sends route update messages to the kernel, the KRT queue that is used to send the messages can get into a state in which no more messages can be sent to the kernel. PR1315212
The physical interfaces might generate framing errors when ports are connected to an odd interface. PR1317827
The show system users CLI command output displays more users than that are actually using the router. PR1247546
Interfaces and Chassis
100G interfaces might not come up when otn-options laser-enable is configured on PTX Series platforms. PR1297164
LFM discovery state might show up as a fault for an aggregated interface after a GRES switchover. PR1299534
In an RSVP environment, a stale LSP might get created after a Routing Engine switchover with nonstop routing (NSR) enabled. PR1292526
The rpd might crash when the MPLS LSP path change occurs. PR1295817
Platform and Infrastructure
Continuous log messages occur. For example: tftpd: Timeout #35593 on DATA block 85.PR1315682
A few BFD sessions flap while coming up after FPC restarts or reboots. PR1274941
Multihop BFD sessions flap continuously when the PTX Series router is in the middle hop. PR1291340
The rpd process crashes and generates core files multiple times when you receive an OPEN message from an existing BGP peer. PR1299054
With BGP labeled unicast MPLS fast reroute in an inter-AS scenario, a very high fast reroute time is visible once the link is up. PR1307258
Resolved Issues: 17.3R1
Layer 2 Features
All the XML duplications and unformatted output are addressed. For Example, histogram was just declared as a element inside pfkey container, with this change a new container is defined for histogram. PR1271648
There are no errata or changes in Junos OS Release 17.3R3 documentation for PTX Series.
Migration, Upgrade, and Downgrade Instructions
This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS for the PTX Series. Upgrading or downgrading Junos OS might take several hours, depending on the size and configuration of the network.
Upgrade and Downgrade Support Policy for Junos OS Releases
Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.
You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 14.1, 14.2, 15.1 and 16.1 are EEOL releases. You can upgrade from Junos OS Release 14.1 to Release 15.1 or from Junos OS Release 14.2 to Release 16.1. However, you cannot upgrade directly from a non-EEOL release that is more than three releases ahead or behind.
To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.
For more information about EEOL releases and to review a list of EEOL releases, see https://support.juniper.net/support/eol/software/junos/.
Upgrading a Router with Redundant Routing Engines
If the router has two Routing Engines, perform a Junos OS installation on each Routing Engine separately to avoid disrupting network operation as follows:
Disable graceful Routing Engine switchover (GRES) on the master Routing Engine and save the configuration change to both Routing Engines.
Install the new Junos OS release on the backup Routing Engine while keeping the currently running software version on the master Routing Engine.
After making sure that the new software version is running correctly on the backup Routing Engine, switch over to the backup Routing Engine to activate the new software.
Install the new software on the original master Routing Engine that is now active as the backup Routing Engine.
For the detailed procedure, see the Installation and Upgrade Guide.
Basic Procedure for Upgrading to Release 17.3
When upgrading or downgrading Junos OS, use the jinstall package. For information about the contents of the jinstall package and details of the installation process, see the Installation and Upgrade Guide. Use other packages, such as the jbundle package, only when so instructed by a Juniper Networks support representative.
Back up the file system and the currently active Junos OS configuration before upgrading Junos OS. This allows you to recover to a known, stable environment if the upgrade is unsuccessful. Issue the following command:
The installation process rebuilds the file system and completely reinstalls Junos OS. Configuration information from the previous software installation is retained, but the contents of log files might be erased. Stored files on the router, such as configuration templates and shell scripts (the only exceptions are the juniper.conf and ssh files), might be removed. To preserve the stored files, copy them to another system before upgrading or downgrading the routing platform. For more information, see the Junos OS Administration Library.
We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.
To download and install Junos OS Release 17.3R3:
- Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:
- Select the name of the Junos OS platform for the software that you want to download.
- Select the release number (the number of the software version that you want to download) from the Release drop-down list to the right of the Download Software page.
- Select the Software tab.
- In the Install Package section of the Software tab, select the software package for the release.
- Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.
- Review and accept the End User License Agreement.
- Download the software to a local host.
- Copy the software to the routing platform or to your internal software distribution site.
- Install the new jinstall package on the router.
After you install a Junos OS Release 17.3R3 jinstall package, you cannot return to the previously installed software by issuing the request system software rollback command. Instead, you must issue the request system software add validate command and specify the jinstall package that corresponds to the previously installed software.
The validate option validates the software package against the current configuration as a prerequisite to adding the software package to ensure that the router reboots successfully. This is the default behavior when the software package being added is for a different release. Adding the reboot command reboots the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes. Rebooting occurs only if the upgrade is successful.
Customers in the United States and Canada, use the following command:
user@host> request system software add validate reboot source/jinstall-17.3 R3.SPIN-domestic-signed.tgz
All other customers, use the following command:
user@host> request system software add validate reboot source/jinstall-17.3 R3.SPIN-export-signed.tgz
Replace the source with one of the following values:
/pathname—For a software package that is installed from a local directory on the router.
For software packages that are downloaded and installed from a remote location:
scp://hostname/pathname(available only for Canada and U.S. version)
The validate option validates the software package against the current configuration as a prerequisite to adding the software package to ensure that the router reboots successfully. This is the default behavior when the software package being added is a different release.
Adding the reboot command reboots the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.
Rebooting occurs only if the upgrade is successful.
You need to install the Junos OS software package and host software package on the routers with the RE-PTX-X8 Routing Engine. For upgrading the host OS on this router with VM Host support, use the junos-vmhost-install-x.tgz image and specify the name of the regular package in the request vmhost software add command. For more information, see the VM Host Installation topic in the Installation and Upgrade Guide.
After you install a Junos OS Release 17.3 jinstall package, you cannot return to the previously installed software by issuing the request system software rollback command. Instead, you must issue the request system software add validate command and specify the jinstall package that corresponds to the previously installed software.
Most of the existing request system commands are not supported on routers with RE-PTX-X8 Routing Engines. See the VM Host Software Administrative Commands in the Installation and Upgrade Guide.
To obtain information about the components that are supported on the devices, and special compatibility guidelines with the release, see the Hardware Guide and the Interface Module Reference for the product.
To determine the features supported on PTX Series devices in this release, use the Juniper Networks Feature Explorer, a Web-based application that helps you to explore and compare Junos OS feature information to find the right software release and hardware platform for your network. Find Feature Explorer at: https://pathfinder.juniper.net/feature-explorer/.
Hardware Compatibility Tool
For a hardware compatibility matrix for optical interfaces and transceivers supported across all platforms, see the Hardware Compatibility tool.