Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for MX Series 5G Universal Routing Platforms

 

These release notes accompany Junos OS Release 17.3R3 for the MX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

Note

Unified in-service software upgrade (ISSU) is not recommended on MX Series platforms to upgrade from previous Junos OS releases to Junos OS 17.3R3. For more information, see Known Issues.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

New and Changed Features

This section describes the new features and enhancements to existing features in the Junos OS main release and the maintenance releases for MX Series.

Release 17.3R3 New and Changed Features

Interfaces and Changes

  • Enhancement to increase the threshold of corrected single-bit errors (MPC7E, MPC8E, MPC9E on MX Series)—In Junos OS Release 17.3R3, the threshold of corrected single-bit error is increased from 32 to 1024, and the alarm severity is changed from Major to Minor for those error messages. There is no operational impact upon corrected single bit errors. Also, a log message is added to display how many single-bit errors have been corrected between the reported events as follows:

    EA[0:0]: HMCIF Rx: Link0: Corrected single bit errordetected in HMC 0 - Total count 25

    EA[0:0]: HMCIF Rx: Link0: Corrected single bit errordetected in HMC 0 - Total count 26

    [See Alarm Overview.]

Restoration Procedures and Failure

  • Device recovery mode introduced in Junos OS with upgraded FreeBSD (MX Series)—In Junos OS Release 17.3R3, for devices running Junos OS with upgraded FreeBSD, provided you have saved a rescue configuration on the device, there is an automatic device recovery mode that goes into action should the system go into amnesiac mode. The new process is for the system to automatically retry to boot with the saved rescue configuration. In this circumstance, the system displays a banner "Device is in recovery mode” in the CLI (in both the operational and configuration modes). Previously, there was no automatic process to recover from amnesiac mode. A user with load and commit permission had to log in using the console and fix the issue in the configuration before the system would reboot.

    [See Saving a Rescue Configuration File.]

Services Applications

  • Support for filtering DNS requests for blacklisted website domains (MX Series with MS-MPCs)—Starting in Junos OS Release 17.3R3, you can configure DNS filtering to identify DNS requests for blacklisted website domains.

    For DNS request types A, AAAA, MX, CNAME, TXT, SRV, and ANY, you also configure the action to take for a DNS request for a blacklisted domain. You can either:

    • Block access to the website by sending the client a DNS response corresponding to the DNS request type with the IP address or fully qualified domain name (FQDN) of a DNS sinkhole server. This ensures that the client sends further traffic for the blacklisted domain to the sinkhole server.

    • Log the request and allow access.

    For other DNS request types for a blacklisted domain, the request is logged and access is allowed.

    To configure DNS filtering:

    1. Create one or more domain filter database files that include an entry for each blacklisted domain. The database file must have a .txt extension. A database file can have a maximum of 10,000 domain entries, and the file name can have a maximum length of 64 characters.

      The file header should have a format such as 20170314_01:domain,sinkhole_ip,v6_sinkhole,sinkhole_fqdn,id,action.

      Each entry in the database file has the following items:

      hashed-domain-name,IPv4 sinkhole address,IPv6 sinkhole address,sinkhole FQDN,ID,action

      where:

      • hashed-domain-name is a hashed value of the blacklisted domain name (64 hexadecimal characters). The hash method and hash key that you use to produce the hashed domain value are needed when you configure DNS filtering with the Junos OS CLI.

      • IPv4 sinkhole address is the address of the DNS sinkhole server for IPv4 DNS requests.

      • IPv6 sinkhole address is the address of the DNS sinkhole server for IPv6 DNS requests.

      • sinkhole FQDN is the fully qualified domain name of the DNS sinkhole server.

      • ID is a 32-bit number that uniquely associates the entry with the hashed domain name.

      • action is the action to apply to a DNS request that matches the blacklisted domain name. If you enter replace, the MX series router sends the client a DNS response with the IP address or FQDN of the DNS sinkhole server. If you enter report, the DNS request is logged and then sent to the DNS server.

      The last line of the file should have the file hash, which you calculate using the same key and hash method that you used to produce the hashed domain names.

    2. Save the database files on the Routing Engine in the /var/db/url-filterd .
    3. Configure a DNS filter profile. A DNS filter profile includes general DNS filtering settings and up to 32 templates. Each template identifies an uplink and downlink logical interface on which to apply specific DNS filtering settings. The dns-filter settings within a template ([edit services web-filter profile profile-name dns-filter-template template-name dns-filter]) override the corresponding settings at the DNS profile level ([edit services web-filter profile profile-name dns-filter]).

      You can configure up to eight profiles.

      The following items describe the statements:

      • profile profile-name—Specify a name for the DNS filter profile.

      • global-dns-stats-log-timer minutes—Specify the interval for logging system-level statistics for DNS filtering. The range is 0 through 60 minutes and the default is 5 minutes.

      • database-file filename—Specify the name of the domain filter database to use. The setting within a template overrides the corresponding setting at the DNS profile level.

      • dns-server [ ip-address ]—(Optional) To limit DNS filtering to DNS requests that are destined for specific DNS servers, specify up to three IP addresses (IPv4 or IPv6). The setting within a template overrides the corresponding setting at the DNS profile level.

      • hash-method hash-method-name—Specify the hash method that was used to create the hashed domain name in the domain filter database file. The setting within a template overrides the corresponding setting at the DNS profile level.

      • hash-key key-string—Specify the hash key that was used to create the hashed domain name in the domain filter database file. The setting within a template overrides the corresponding setting at the DNS profile level.

      • statistics-log-timer minutes—Specify the interval for logging statistics for DNS requests and for sinkhole actions performed for each client and customer IP address. The range is 1 through 60 minutes and the default is 5 minutes. The setting within a template overrides the corresponding setting at the DNS profile level.

      • dns-resp-ttl minutes—Specify the time to live while sending the DNS response after taking the DNS sinkhole action. The range is 0 through 86,400 seconds and the default is 1800. The setting within a template overrides the corresponding setting at the DNS profile level.

      • wildcarding-level level—Specify the level of subdomains that are searched for a match. The range is 0 through 10. A value of 0 indicates that subdomains are not searched. The setting within a template overrides the corresponding setting at the DNS profile level.

      • dns-filter-template template-name—Specify the name of a template.

      • client-interfaces [ client-interface-name ]—Specify the client-facing logical interfaces (uplink) on which the DNS filtering is configured for the template.

      • server-interfaces [ server-interface-name ]—Specify the server-facing logical interfaces (downlink) on which the DNS filtering is configured for the template.

      • client-routing-instance client-routing-instance-name—Specify the routing instance on which the client-facing logical interface DNS filtering is configured for the template.

      • server-routing-instance server-routing-instance-name——Specify the routing instance on which the server-facing logical interface DNS filtering is configured for the template.

        Note

        If you configure the client and server interfaces or the client and server routing instances, implicit filters are installed on the interfaces or routing instances to direct DNS traffic to the MS-MPC for DNS filtering. If you configure neither the client and server interfaces nor the routing instances, you must provide a way to direct DNS traffic to the MS-MPC (for example, via routes).

      • term term-name—Configure a term for the template. You can configure a maximum of 64 terms in a template.

      • src-ip-prefix [source-prefix]—Specify the source IP addresses of DNS requests you want to filter. You can configure a maximum of 64 addresses in a term.

      • dns-sinkhole—Specify that the sinkhole action identified in the domain filter database is performed on blacklisted DNS requests that match the src-ip-prefix.

    4. Associate the DNS filter profile with a next-hop service set and enable logging for DNS filtering. The service interface can be an aggregated multiservices (AMS) interface.

    To display statistics for the DNS filtering performed by a profile, use the show services web-filter statistics fpc-slot fpc-slot pic-slot pic-slot profile profile-name dns-filter-template template-name dns-filter-term term-name command. The profile option is required.

    To clear statistics for the DNS filtering, use the clear services web-filter statistics fpc-slot fpc-slot pic-slot pic-slot profile profile-name dns-filter-template template-name command. The profile option is required.

    To apply any changes you make to a domain filter database file, use the request services web-filter update dns-filter-database filename command.

    To validate a domain filter database file, use the request services web-filter validate dns-filter-file-name filename hash-key key-string hash-method hash-method-name command.

Software Installation and Upgrade

  • ZTP support is added for MX VM host platforms (MX Series)—In Junos OS Release 17.3R3, ZTP, which automates the provisioning of the device configuration and software image with minimal manual intervention, is supported on MX Series VM hosts. When you physically connect a supported device to the network and boot it with a factory configuration, the device attempts to upgrade the Junos OS software image automatically and autoinstall a configuration provided on the DHCP server.

    [See Understanding Zero Touch Provisioning.]

Subscriber Management and Services

  • Controlling search behavior for address allocation from linked pools (MX Series)—Starting in Junos OS Release 17.3R3, you can use the linked-pool-aggregation statement at the [edit access] hierarchy level to change how addresses are allocated from linked IP address pools. When you configure the statement, addresses can be assigned from a later pool in the chain before an earlier pool is depleted. When the statement is not configured, IP addresses are assigned contiguously, so that all addresses are allocated from the matching pool and then the first pool in the chain before addresses are assigned from a linked pool.

    [See Configuring Address-Assignment Pool Linking.]

VPNs

  • Increased number of supported routing instances instances (MX240, MX480, MX960, MX2008, MX2010, and MX2020)---—Starting in Junos OS Release 17.3R3, Junos OS supports up to 16K VPLS routing instances with 128K (FEC 128) hierarchical VPLS pseudowires.

    Note

    Nonstop active routing (NSR) is not supported for all 16K routing instances.

    [See Configuring VPLS Routing Instances.]

Release 17.3R2 New and Changed Features

There are no new features or enhancements to existing features for MX Series routers in Junos OS Release 17.3R2.

Release 17.3R1 New and Changed Features

Class of Service (CoS)

  • Support for efficient use of CoS resources on targeted interfaces (MX Series)—Starting in Junos OS Release 17.3R1, when you configure Junos OS to target the egress traffic for a subscriber on a single member link, Junos OS applies CoS resources only to the active link, optimizing the use of available scheduling nodes. If the assigned primary link goes down, CoS scheduling resources are switched to the backup link.

    [See targeted-distribution (Dynamic Demux Interfaces over Aggregated Ethernet).]

  • Support for setting the DSCP code point for host-originating IS-IS traffic sent over a GRE tunnel (MX Series)—Starting in Junos OS Release 17.3R1, you can determine traffic prioritization for IS-IS traffic originating on a host and being sent over a GRE tunnel by assigning a DSCP code point to the IS-IS packets. You can set the DSCP code point by including the isis-over-gre dscp-code-point value statement at the [edit class-of-service host-outbound-traffic protocol] hierarchy level.

    [See protocol (Host Outbound Traffic).]

Dynamic Host Configuration Protocol (DHCP)

  • Support for single-session DHCP dual-stack subscriber for S-VLAN model server and relay (MX Series)—Starting in Junos OS Release 17.3R1, DHCP dual-stack subscriber for N:1 (IP demux) access models support multiple household share the same S-VLAN.

    A dual-stack DHCP subscriber is represented as a single subscriber with a single session database (SDB) session.

    The benefits of a single-session dual-stack model are as follows:

    • Simplifies router configuration.

    • Reduces RADIUS message load.

    • Reduces the backend correlation of multiple accounting sessions for the same household.

    • Is compatible with existing RADIUS messaging.

    [See Single-Session DHCP Local Server Dual-Stack Overview and Single-Session DHCP Dual-Stack Overview.]

  • Support for single-session DHCP dual-stack subscriber single BNG connect (MX Series)—Starting in Junos OS Release 17.3R1, DHCP single-session dual-stack subscribers connect to a single broadband network gateway (BNG) in a load sharing access model.

    For a DHCP dual-stack subscriber, the DHCPv4 and DHCPv6 protocol handshakes are generally completely independent of each other. So it is theoretically possible that each arm of a given dual-stack subscriber could connect to a different BNG. A configured mode of operation is supported to avoid this scenario

    A given address family is designated as the protocol master for a dual-stack subscriber. Any binding attempt from the secondary address family client for a given dual-stack subscriber is rejected if a binding from the protocol master family of the same dual-stack subscriber is not currently active.

    In case bindings for both arms of a DHCP dual-stack subscriber are currently active when the protocol-master family binding is released (or otherwise deleted for any reason), then the secondary address family binding for that subscriber will be automatically torn down.

    [See Single-Session DHCP Local Server Dual-Stack Overview and Single-Session DHCP Dual-Stack Overview.]

  • Support for DHCP local server dual-stack single-session (MX Series)—Starting in Junos OS Release 17.3R1, DHCP local server dual-stack subscribers are supported on a single VLAN session. This reduces the required number of session database (SDB) entries utilized and simplifies RADIUS authentication and accounting operations.

    The benefits of a single-session dual-stack model are as follows

    • Simplifies router configuration.

    • Reduces RADIUS message load.

    • Reduces the backend correlation of multiple accounting sessions for the same household.

    • Is Compatible with existing RADIUS messaging.

    [See Single-Session DHCP Local Server Dual-Stack Overview.]

  • Support for DHCPv6 prefix exclude option(MX Series)—Starting in Junos OS Release 17.3R1, you can exclude one specific prefix that is bigger than the prefix length from a delegated prefix set while using DHCPv6 based prefix delegation. This specific prefix is used as the link between the delegating router and the requesting router, where the delegating router exchanges DHCPv6 messages with the requesting router. Configure the exclude-prefix-len statement at the [edit access address-assignment pool delegated-address-pool family inet6 dhcp-attributes] hierarchy level to exclude the prefix from the delegated prefix set. You can configure the support-option-pd-exclude statement at either the [edit system services dhcp-local-server dhcpv6 reconfigure] or the [edit system services dhcp-local-server dhcpv6 group group-name reconfigure] hierarchy level to exclude prefix support in the reconfigure message.

    [See Understanding Support for DHCPv6 Prefix Exclude Option]

EVPNs

  • EVPN-VXLAN support for VXLAN gateways using an IPv6 underlay (MX Series with MPC and MIC)—Starting in Junos OS Release 17.3R1, MX Series routers with MPC and MIC interfaces extend support for Virtual Extensible LAN (VXLAN) gateways from IPv4 to IPv6 underlays. With this feature enhancement, each VXLAN gateway supports the following functionalities in addition to the IPv4 functionalities already supported:

    • VLAN-based service

    • VLAN-bundle service

    • Port-based service

    • VLAN-aware service

    Similar to IPv4 underlay support, the IPv6 EVPN-VXLAN underlay supports the Type 2 MAC address with IP address advertisement and the proxy MAC address with IP address advertisement.

    [See Understanding EVPN with VXLAN Data Plane Encapsulation.]

  • Preference-based DF election for EVPN and PBB-EVPN (MX Series with MPC and MIC interfaces)—Starting in Junos OS Release 17.3, the designated forwarder (DF) election in a multihomed Ethernet VPN (EVPN) environment can be controlled using an administrative preference value for an Ethernet segment identifier (ESI). Currently, the DF election (as specified in RFC 7432) is performed randomly by all the multihoming devices using the modulo operation. With the preference-based DF election, the DF is elected manually using interface configuration options, such as the preference value and the router ID or loopback address. This method of DF election is useful when there is a need to choose the DF based on interface attributes like bandwidth associated with the interface.

    To enable preference-based DF election, include the df-election-type preference value value statements at the [edit interfaces interface-name esi] hierarchy level.

    [See EVPN Multihoming Overview.]

  • Support for seamless migration from LDP-VPLS to EVPN (MX Series)—Currently, a virtual private LAN service (VPLS) network can be connected to an Ethernet VPN (EVPN) network using logical tunnel interfaces on the interconnection point of the VPLS and EVPN routing instances. In this case, the provider edge (PE) devices in each network are unaware of the PE devices in the other technology network. Starting in Junos OS Release 17.3R1, a solution is introduced for enabling staged migration from FEC128 LDP-VPLS toward EVPN on a site-by-site basis for every VPN routing instance. In this solution, the PE devices running EVPN and VPLS for the same VPN routing instance and single-homed segments can coexist. During the migration, there is minimal impact to the customer edge (CE) device-to-CE device traffic forwarding for affected customers.

    [See Migrating From FEC128 LDP-VPLS to EVPN Overview].

General Routing

  • Commit process split into two steps (MX Series)—Starting in Junos OS Release 17.3R1, new configuration statements are introduced for commit to split the commit process into two steps. These configuration statements are prepare and activate.

    In the first step, known as the preparation stage, commit prepare validates the configurations and then creates the necessary files and database entries so that the validated configurations can be activated at a later stage.

    In the second step, referred to as the activation stage, commit activate activates the previously prepared commit. A new configuration statement, prepared, is added to clear system commit, which clears the prepared commit cache

    This feature enables you to configure a number of Junos OS devices and simultaneously activate the configurations. This approach is helpful in time-critical scenarios.

    [See Commit Preparation and Activation Overview.]

High Availability (HA) and Resiliency

  • Mandatory action before initiating GRES in the presence of PIC bounce alarms (MX10003 router)—In Junos OS Release 17.3R1, before initiating graceful Routing Engine switchover (GRES) on an MX10003, you must bounce the PIC (by issuing offline/online of the PIC) using request chassis pic command before performing switchover operation. Otherwise, it will provide negative results as the alarms are not preserved on GRES currently. It may also result in unstable behavior of MPC.

    Consider the example of PIC bounce alarm shown below. In this case, you must bounce the PIC before initiating a switchover.

  • VRRP scale improvements per aggregated Ethernet bundle(MX Series)—Starting in Junos OS Release 17.3R1, you can configure up to 4000 active VRRP sessions per aggregated Ethernet bundle on MX Series routers. To configure VRRP support, include the vrrp-group statement at the [edit interfaces interface-name unit logical-unit-number family inet address ip-address] hierarchy level.

    [See Understanding VRRP.]

Interfaces and Chassis

  • Support for new MX150 Universal Routing Platform—Starting in Junos OS Release 17.3R1, Junos OS supports a new MX Series edge router—the MX150 —which is a compact, high-performance edge router that is ideally suited for lower bandwidth service provider applications and distributed service architectures, and for enterprise WAN use-cases. The MX150 is 1 rack unit (RU) tall and supports bandwidth that can be upgraded from 100 Mbps to 20 Gbps.

  • Support for FRU control, power management, and environmental monitoring in MX10003 routers—Starting with Junos OS Release 17.3R1, Junos OS chassis management software for the MX10003 routers provides enhanced environmental monitoring and FRU control. MX10003 has a pair of Routing Engines, which support virtualization. Each Routing Engine board is a single FRU. The MX10003 router has two MPCs, each supporting a bandwidth up to 1.2 Tbps. Each MPC has three Packet Forwarding Engines, each providing a maximum bandwidth of 400 Gbps. Each MPC supports a fixed PIC comprising six QSFP ports and a modular interface card (MIC) comprising 12 QSFP28 ports. All FRUs are upgradable. The MX10003 chassis has two power supply modules (PSM)—a DC PSM and an AC PSM. The MX10003 cooling system contains four fan assemblies, with two fans in each. MX10003 supports temperature thresholds for each temperature sensor, which enables the router to precisely control the cooling, raise alarms, and shut down an FRU. The router also supports preserving power-on sequence for the FPCs, and power management using ambient-temperature.

    [See Understanding How Dynamic Power Management Enables Better Utilization of Power.]

  • Fabric management in MX10003 routers—Starting with Junos OS Release 17.3R1, Junos OS supports management and control of fabric operations on MX10003 routers. On the MX10003 router, the switching fabric is located on the MPC. The router has two MPCs, each supporting a bandwidth up to 1.2 Tbps. The switching fabric has 22 planes and each plane supports a maximum link speed of 24.883 Gbps. MX10003 routers do not have a dedicated fabric card. The router supports features such as fabric hardening and forward error correction.

    [See MX Series Routers Fabric Resiliency.]

  • MPCs, PICs, and MICs supported on MX10003 routers—Starting with Junos OS Release 17.3R1, the MX10003 router supports a new MPC, MX10003 MPC. The MX10003 MPC supports three Packet Forwarding Engines. The forwarding capacity of each Packet Forwarding Engine is 400Gbps which cannot be oversubscribed. Each MPC supports a fixed-port PIC and modular MICs, JNP-MIC1 (MIC without MACsec support) and JNP-MIC1-MACSEC (MIC with MACsec support). The fixed port PIC is mapped to PIC 0 and each PFE is mapped to 2 ports in PIC 0. The MIC is mapped to PIC 1 and each PFE is mapped to 4 ports in PIC 1. The PIC/MIC ports on MX10003 router MPCs support multiple port speeds (10/40/100GE). Hence, these ports are classified as multi-rate ports. However, all the PIC/MIC ports do not support all the port speeds. On MPC all the 12 ports are active and are capable of running in 40-Gigabit Ethernet, 100-Gigabit Ethernet, and 4x10-Gigabit Ethernet mode. [See MX10003 MPC on MX10003 Router Overview for more details.]

  • Support for inline flow monitoring on MPCs on MX10003 routers—Starting with Junos OS Release 17.3R1, MPCs on MX10003 router support inline flow monitoring. Inline flow monitoring results in higher scalability and performance, as the scaling and performance are not dependent on the capacity of the services interface. MX10003 router contains two MPCs, each supporting a bandwidth up to 1.2 Tbps.

  • Broadband edge (BBE) telemetry sensors(MX Series)—Starting in Junos OS Release 17.3R1, support is added for BBE telemetry sensors. These sensors are used to proactively manage a broadband network gateway (BNG) and are configured using both Junos Telemetry Interface (JTI) and gRPC streaming.

    The new sensors are grouped into the following functional areas:

    • Chassis and system extensions

    • AAA

    • DHCP

    • PPP

    • L2TP

    • MX Series routers Virtual Chassis

    • ERA

    • BBE infrastructure

    • Packet Forwarding Engine resource and monitoring

  • Support for inline NAT services on MX10003—Starting with Junos OS Release 17.3R1, MX10003 routers support inline Network Address Translation (NAT) services on Modular Port Concentrators (MPCs). This enables you to achieve line-rate, low-latency address translations (up to 120 Gbps per slot) without having to use a dedicated MS-MPC for NAT.

  • MAC address persistence after a Routing Engine switchover—In Junos OS Release 17.3R1 and later, if you configure multiple aggregated Ethernet interfaces, the MAC addresses of the aggregated Ethernet interfaces are saved on a file that is stored on the master Routing Engine and is synchronized with the backup Routing Engine. The file is updated after each successful commit that required changes to the MAC addresses table.

    In earlier releases, if you configure multiple aggregated Ethernet interfaces, the MAC address of the aggregated Ethernet interfaces displayed in the show interfaces ae number command output might get reordered after a Routing Engine switchover or restart.

  • Management Ethernet interface (fxp0) is confined in a non-default virtual routing and forwarding table (PTX 10008)—Starting in Junos OS Release 17.3R1, you can confine the management interface in a dedicated management instance by setting a new CLI configuration statement,management-instance, at the [edit system] hierarchy level. By doing so, operators will ensure that management traffic no longer has to share a routing table (that is, the default.inet.0 table) with other control or protocol traffic in the system. Instead, there is a mgmt_junos routing instance introduced for management traffic.

    [See Management Interface in a Non-Default Instance and management-instance.]

IPsec

  • Support for configuring IPsec (site-to-site) VPN tunnels (MX150)—Starting in Junos OS Release 17.3R1, the MX150 supports IPsec VPN connections or tunnels. You can configure a route-based VPN or a policy-based VPN. You implement a policy-based VPN if the remote VPN device is a non-Juniper Networks device and only one subnet or network at the remote site across the VPN needs to be accessed.

IPv6

  • IPv6 support (MX150)—Starting in Junos OS Release 17.3R1, Junos OS supports IPv6 features on the MX150. The following is a list of some of the IPv6 features supported:

    • IPv6 forwarding

    • IPv6 path maximum transmission unit (MTU) discovery

    • Neighbor discovery

    • Static routes for IPv6

    • Internet Control Message Protocol (ICMP) version 6

Layer 2 Features

  • Support for Junos Fusion Provider Edge (MX10003 routers)—Starting in Junos OS Release 17.3R1, you can configure MX10003 Universal Routing Platforms as aggregation devices in a Junos Fusion Provider Edge topology. Junos Fusion Provider Edge brings the Junos Fusion technology to the service provider edge. In a Junos Fusion Provider Edge, MX Series routers act as aggregation devices, while EX4300 and QFX5100 switches act as satellite devices.

    [See Understanding Junos Fusion Provider Edge Components.]

  • Support for Layer 2 protocols on MX10003 routers—Starting in Junos OS Release 17.3R1, all Layer 2 bridging features are supported on MX10003 routers.

  • Support for Layer 2 and Layer 3 features (MX150)—Starting in Junos OS Release 17.3R1, the MX150 supports the following Layer 2 and Layer 3 features:

    • Layer 2 protocols and including Layer 2 Ethernet OAM and virtual private LAN service (VPLS)

    • VLAN support—VLANs enable you to divide one physical broadcast domain into multiple virtual domains.

    • Link Layer Discovery Protocol (LLDP)—Enables advertising the identity and capabilities on a LAN, and receive information about other network devices.

    • Layer 3 routing protocols and MPLS

Layer 2 VPN

  • Support of ping utility for testing CE device connectivity (MX Series with MPC and MIC)—Starting in Junos OS Release 17.3R1, reachability to the customer endpoint can be achieved from the service endpoint in a network. This feature is supported in a virtual private LAN service (VPLS), hierarchical VPLS (H-VPLS), and Ethernet VPN (EVPN) network. It is based on the LSP ping infrastructure, where the ping utility is extended to use the CE device IP address as the target host and the PE device loopback address as the source for a specific VPLS or EVPN routing instance.

    To implement this feature, issue the ping ce-ip destination-ip-address instance routing-instance-name source-ip source-ip-address command on a PE device. Based on the configured routing instance type, the command output displays the connectivity information of the CE device.

    [See Pinging Customer Edge Device IP Address.]

  • Support for Group VPN (MX150)—Starting in Junos OS Release 17.3R1, Junos OS supports Group VPN on the MX150. Group VPN extends existing IPsec architecture to support group-shared security associations. The group server manages group keys and policies and distributes them to group members. Group VPN provides the following benefits:

    • Data security and transport authentication.

    • High-scale network meshes, eliminating complex peer-to-peer key management with group encryption keys.

    • Full-time, direct communications between sites, without requiring transport through a central hub.

    [See Group VPN Overview.]

  • Support for connectivity fault management—Starting in Junos OS Release 17.3R1, Junos OS supports multiple up maintenance association end points (MEPs) for a single combination of maintenance association ID and maintenance domain ID for Layer 2 VPN local switching.

    To configure multiple up MEPs, specify mep mep-id statement at the [edit protocols oam ethernet connectivity-fault-management maintenance-domain domain-name maintenance association ma-name] hierarchy level, when the MEP direction is configured as direction up.

    [See Connectivity Fault Management Support for Layer 2 VPN.]

  • Support for chained composite next hops—Starting in Junos OS Release 17.3R1, you can enable composite chained next hops on MPCs on MX Series routers to manage ingress traffic for Layer 2 circuits and Layer 2 VPNs. A chained composite next hop allows the router to direct sets of routes sharing the same destination to a common forwarding next hop, rather than having each route also include the destination. This helps facilitate large volumes of traffic.

    To enable composite chained next hop for ingress traffic, include the l2ckt or l2vpn statement at the [edit routing-options forwarding-table chained-composite-next-hop ingress] hierarchy level.

    [See Chained Composite Next Hops for Layer 2 VPNs and Layer 2 Circuits.]

Layer 3 Features

  • Junos Fusion support (MX2008)—Starting in Junos OS Release 17.3R1, the Junos OS supports a network system named Junos Fusion. Based on the 802.1BR standard, Junos Fusion is a combination of aggregation devices and satellite devices that appear to the rest of the network as a single device. Junos Fusion expands the port density of the aggregation device and allows it to send and receive traffic using the customer-facing ports of the directly connected satellite devices. The composite of the aggregation device and satellite devices–the Junos Fusion–is configured and managed through the aggregation device. You can configure MX2008 Universal Routing Platforms as an aggregation device.

    [See Junos Fusion Provider Edge Overview.]

  • Support for Layer 3 protocols(MX10003)—Starting in Junos OS Release 17.3R1, Layer 3 protocols are supported on MX10003 routers. Layer 3 protocols include the Multiprotocol Label Switching (MPLS), Layer 3 Virtual Private Network (L3VPN), Bidirectional Forwarding Detection (BFD), Layer 2 Virtual Private Network (L2VPN), Point-to-multipoint (P2MP), fast reroute (FRR), Operations, Administration and Maintenance (OAM), Protocol Independent Multicast (PIM), Internet Group Management Protocol (IGMP), Adaptive Load Balancing (ALB), and so on.

Management

  • Support for Junos Telemetry Interface (MX150)—Starting with Junos OS Release 17.3R1, the Junos Telemetry Interface is supported on the MX150 router. Junos Telemetry Interface enables you to provision sensors to stream telemetry data for network elements without involving polling.

    On the MX150 router, only the following sensors are supported:

    • Physical interfaces (UDP and gRPC streaming)

    • Network Discovery Protocol table state (gRPC streaming only)

    • Address Resolution Protocol table state (gRPC streaming only)

    • IPFIX inline flow aggregation (UDP streaming only)

    • Chassis components (gRPC streaming only)

    To provision sensors to stream data through UDP, all parameters are configured at the [edit services analytics] hierarchy level. To provision sensors to stream data through gRPC, use the telemetrySubscribe RPC to specify telemetry parameters for a specified list of OpenConfig commands paths. Streaming telemetry data through gRPC also requires you to download the OpenConfig for Junos OS module and YANG models.

    [See Overview of the Junos Telemetry Interface.]

  • Support to configure YANG files for Junos Telemetry Interface (MX Series)—Starting with Junos OS Release 17.3R1, you can add user-defined YANG files that provide mappings between the XML path and the OpenConfig path for data streamed through the Junos Telemetry Interface. Previously, only the Junos OpenConfig package was available for providing these mappings to the XML proxy for data streamed through gRPC. To add YANG files, include the request system yang add package package-name proxy-xml module yang-file-path operational command. You can validate the YANG module by using the request system yang validate proxy-xml module yang-file-path command. To delete a YANG file, use the request system yang delete package package-name proxy-xml yang-file-path operational command.

    [See Creating YANG Files for XML Proxy for Junos Telemetry Interface.]

  • Enhancements to BGP peer sensors for Junos Telemetry Interface (MX Series)—Starting with Junos OS Release 17.3R1, telemetry data streamed through gRPC for BGP peers is reported separately for each routing instance. To export data for BGP peers, you must now include the following path in front of all supported paths: /network-instances/network-instance/[name_'instance-name']/protocols/protocol/

    Additionally, the following paths are also now supported:

    • /network-instances/network-instance/protocols/protocol/

      bgp/neighbors/neighbor/afi-safis/afi-safi/state/prefixes/accepted

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/snmp-peer-index

    • /network-instances/network-instance/protocols/protocol/

      bgp/neighbors/neighbor/afi-safis/afi-safi/state/queues/output

    • /network-instances/network-instance/protocols/protocol/

      bgp/neighbors/neighbor/afi-safis/afi-safi/state/queues/input

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/ImportEval

    • /network-instances/network-instance/protocols/protocol/

      bgp/neighbors/neighbor/state/ImportEvalPending

    Use the telemetrySubscribe RPC to specify telemetry parameters and provision the sensor. If your device is running a version of Junos OS with an upgraded FreeBSD kernel, you must download the Junos Network Agent software package, which provides the interfaces to manage gRPC subscriptions.

    [See Guidelines for gRPC Sensors.]

  • Support for packet loss priority for Junos Telemetry Interface (MX Series)—Starting with Junos OS Release 17.3R1, you can specify loss priority for telemetry packets streamed through UDP only. Loss priority settings help determine which packets are dropped from the network during periods of congestion. To configure, include the loss-priority (high | low | medium-high | medium-low) statement at the [edit services analytics export-profile profile-name] hierarchy level. To apply an export profile to a sensor, include the export-name profile-name statement at the [edit services analytics sensor sensor-name] hierarchy level. The show agent sensors command includes a new loss-priority field that is displayed for each sensor when this new option is configured.

    [See Configuring a Junos Telemetry Interface Sensor.]

  • Junos Telemetry Interface support (MX10003 and MX204)—Starting with Junos OS Release 17.3R1, MX10003 and MX204 routers support the Junos Telemetry Interface, which enables you to provision sensors to export telemetry data for various network elements. To provision sensors to stream data through UDP, all parameters are configured at the [edit services analytics] hierarchy level. To provision sensors to stream data through gRPC, use the telemetrySubscribe RPC to specify telemetry parameters for a specified list of OpenConfig command paths. Streaming telemetry data through gRPC also requires you to download the OpenConfig for Junos OS module and YANG models.

MPLS

  • Anchor point redundancy support for pseudowire subscriber logical Interfaces (MX Series)—Starting in Junos OS Release 17.3R1, stateful anchor point redundancy support is provided for pseudowire subscriber logical interfaces by the underlying redundant logical tunnel interface in active-backup mode. This redundancy protects the access and the core facing link against anchor Packet Forwarding Engine failure.

    Both transport and services logical interfaces created for the pseudowire subscriber logical interface are stacked on the underlaying redundant logical tunnel control logical interface. This logical interface stacking model is used for both redundant and non-redundant pseudowire subscriber logical interfaces.

    [See Anchor Redundancy Pseudowire Subscriber Logical Interfaces Overview.]

  • Support for features on MPC7E, MPC8E, and MPC9E line cards (MX Series)—In Junos OS Release 17.3R1, MPC7E, MPC8E, and MPC9E support the following features:

    • LDP uses the longest match to learn the routes aggregated or summarized across OSPF areas or IS-IS levels in the interdomain.

    • Support for notifications on the service node when the access pseudowire goes down, and efficient termination capabilities when Layer 2 and Layer 3 segments are interconnected.

      [See Pseudowire Termination: Explicit Notifications for Pseudowire Down.]

    • BGP PIC Edge for RSVP enables you to implement a solution where a protection path is calculated in advance to provide an alternative forwarding path in case of path failure.

      [See show rsvp version.]

    • Circuit cross-connect (CCC) encapsulation is supported on the transport side of an MPLS pseudowire subscriber logical interface. This feature helps in migrating or deploying seamless MPLS architectures in access networks.

      [See Pseudowire Subscriber Logical Interfaces Overview.]

    • inet and inet6 families are supported on the services side of an MPLS pseudowire subscriber as well as non subscriber logical interfaces.

    • Distributed denial-of-service (DDoS) protection is supported on the services side of an MPLS pseudowire subscriber logical interface.

    • Policer and filter are supported on the services side of an MPLS pseudowire subscriber logical interface.

    • Accurate transmit logical interface statistics are supported on the services side of an MPLS pseudowire subscriber logical interface.

    • Inline IPFIX is supported on the services side of an MPLS pseudowire subscriber logical interface.

    • Port mirroring is supported on the services side of an MPLS pseudowire subscriber logical interface.

Multicast

  • PIM resolve type-length-value (TLV) for multicast in seamless MPLS (MX Series)—Starting in Junos OS Release 17.3R1, Junos OS adds support for RFC 5496, Reverse Path Forwarding (RPF) Vector TLV . With this support, Protocol Independent Multicast (PIM) can be used in environments where the core routers do not maintain external routes, for example in a seamlessMPLS network.

    [See rpf-vector.]

  • Support for IPv6 multicast Rosen version 7 (MX Series)—Starting in Junos OS Release 17.3R1, Junos OS multicast support extends to the default multicast distribution tree (MDT) for Rosen 7 multicast virtual private networks (MVPN) and data MDT for both Rosen 6 (PIM-ASM) and Rosen 7 (PIM-SSM). The IPv6 support applies to the customer space only.

    [See Draft-Rosen Multicast VPNs Overview .]

Network Management and Monitoring

  • mLDP MIB extends support to LDP point-to-multipoint (P2MP) LSPs (MX Series)—Starting in Junos OS Release 17.3R1, the mLDP MIB builds on the objects and tables that are defined in RFC 3815, which only support LDP point-to-point label switched paths (LSPs). This mLDP MIB provides support for managing multicast LDP point-to-multipoint (P2MP) and multipoint-to-multipoint (MP2MP) LSPs. The mLDP MIB tables are directly accessible through SNMP. All objects in the mLDP MIB are read-only and cannot be created or set through SNMP. This implementation of mLDP MIB is specified in draft-ietf-mpls-mldp-mib.

  • Support for automatic targeted distribution of logical interface sets of static VLANs over aggregated ethernet logical interfaces (MX Series)—Starting in Junos OS Release 17.3R1, automatic targeted distribution of logical interface sets of static VLANs over aggregated Ethernet logical interfaces is supported. When targeted distribution is set for a logical interface sets then the logical interface set participates in targeting and the link selected for the logical interface set is propagated to the underlying logical interfaces. You can assign weight for all the targeted subscribers like PPPoE, demux, and conventional VLANs based on the business, CoS, or bandwidth requirement. To configure the weight statement at either the [edit interfaces interface-set interface-set-name targeted-options] or the [edit interfaces interface-name unit unit-number targeted-options] hierarchy level to assign the member links for the logical interface set or logical interface based on the weight value.

    [See Understanding Support for Targeted Distribution of Logical Interface Sets of Static VLANs over Aggregated Ethernet Logical Interfaces.]

  • Support for inline jflow version 9 flow templates (PTX1000)—Starting in Junos OS Release 17.3R1, you can use inline-JFlow’s export capabilities with version 9 flow templates to define a flow record template suitable for IPv4 or IPv6 traffic.

    [See Configuring Flow Aggregation to Use Version 9 Flow Templates on PTX Series Routers.]

Operation, Administration, and Maintenance (OAM)

  • Junos OS daemons to natively emit JSON output (MX Series)—Starting with Junos OS Release 17.3R1, the operational state emitted by daemons is supported in JSON format as well as XML format. To configure JSON format, specify the following CLI command: set system export-format state-data json compact. To specify JSON format for specific command output, include display json in specific CLI commands.

  • Support for Ethernet OAM Rx statistics for CCM (MX Series)—Starting in Junos OS Release 17.3R1, the show oam ethernet connectivity-fault-management mep-statistics maintenance-domain md-name maintenance-association ma-id local-mep mep-id remote-mep mep-id command displays Ethernet OAM Rx statistics. The Ethernet OAM Rx statistics displays the number of CCM PDUs received for a particular maintenance association and remote MEP and does not include error packets received.

    Note

    The Ethernet OAM Rx statistics are not displayed for UP MEP on trunk modes if the network-services mode is configured as IP.

    If you perform unified ISSU, the counter is reset to zero. The counter is also reset to zero when the session flaps or if the session is down.

    Note

    If you do not provide the local MEP and remote MEP IDs, the show oam ethernet connectivity-fault-management mep-statistics maintenance-domain md-name maintenance-association ma-id local-mep mep-id remote-mep mep-id command does not display latest statistics. Also, if you do not provide the remote MEP ID, then actual received statistics display zero.

  • Support for connectivity fault management (CFM) monitoring between customer-edge (CE) and provider-edge (PE) devices (MX Series)—Starting in Junos OS Release 17.3R1, you can enable CFM monitoring between PE devices and CE devices when the CE device is not a Juniper Networks device by using the remote defect indication (RDI) bit. When the status of the EVPN provider edge device is standby, the EVPN VPWS service is notified and it sets the interface status to CCC-down. When the interface status is CCC-down, it indicates that the PE service is down. When you enable CFM monitoring, CFM propagates the status of the PE device via the RDI bit in the CC messages. Thus, the CE device is aware that the PE device is down. The RDI bit is cleared when the service is back up.

    To enable CFM monitoring by using the RDI bit, use the interface-status-send-rdi statement at the [edit protocols oam ethernet connectivity-fault-management maintenance-domain md-name maintenance-association ma-name continuity-check] hierarchy level.

    Alternately, you can enable CFM monitoring by using the interface-status-tlv statement at the [edit protocols oam ethernet connectivity-fault-management maintenance-domain md-name maintenance-association ma-name continuity-check] hierarchy level.

  • Nonstop active routing support for link fault management (LFM) (MX Series)—Starting in Junos OS Release 17.3R1, the Ethernet link fault management daemon (lfmd) runs on the backup Routing Engine as well when GRES is configured. When the lfmd daemon runs on the backup Routing Engine as well, the LFM states are kept in sync and so minimal work is required by the lfmd daemon after switching over. To verify if the LFM states are in sync, use the show oam ethernet link-fault-management command on both master and backup Routing Engines. In Junos OS Release 17.2R1 and earlier, the lfmd daemon runs only on the master Routing Engine when GRES is configured.

  • Junos OpenConfig to support adjacent RIB operational state model (MX Series)—Starting with Junos OS Release 17.3R1, adj-rib-in-pre and adj-rib-out-post tables have been added for the OpenConfig RIB operational state mode. The BGP RIB consists of several tables per address family, consisting of loc-rib and per-neighbor tables.

  • Support for inline CCM and BFD on MX10003 routers—MX10003 routers support inline transmission of continuity check messages (CCMs) to achieve maximum scaling of CCMs. By enabling inline transmission of CCMs, you can delegate transmission of CCMs to the forwarding ASIC (that is, to the hardware). Inline transmission enables the system to handle more connectivity fault management (CFM) sessions per line card. MX10003 routers also support the Bidirectional Forwarding Detection (BFD) protocol, which is a mechanism that detects failures in a network.

Port Security

  • Media Access Control Security (MACsec) support on Terabit Inteface card (MX10003)—Starting in Junos OS Release 17.3R1, JunosOS supports MACsec on the 12x QSFP28 Terabit Interface card (TIC) in MX10003 routers. MACsec is an industry-standard security technology that provides secure communication for all traffic on point-to-point Ethernet links. MACsec is capable of identifying and preventing most security threats, and can be used in combination with other security protocols to provide end-to-end network security. MACsec can be enabled only on domestic versions of Junos OS software. MACsec is standardized in IEEE 802.1AE.

Routing Policy and Firewall Filters

  • Support for packet forwarding features (MX150)—Starting in Junos OS Release 17.3R1, the MX150 supports the following key packet forwarding features:

    • Basic Layer 2 features and protocols—You can configure layer 2 features that can vary from the very simple (aggregated Ethernet trunk interfaces, spanning trees), to the more complex (inner and outer VLAN tags, broadcast domains), to the very complicated (integrated bridging and routing, layer 2 filtering).

    • Class of service (CoS)—You can configure CoS features to provide multiple classes of service for different applications. CoS enables you to divide traffic into classes and offer various levels of throughput and packet loss when congestion occurs. It enables you to provide differentiated services when best-effort traffic delivery is insufficient.

    • Firewall filters and policers—You can configure firewall filters that define whether to accept or discard packets. You can use firewall filters on interfaces, VLANs, routed VLAN interfaces (RVIs), link aggregation groups (LAGs), and loopback interfaces. You can use policing to apply limits to traffic flow and specify the action to be taken for packets that exceed those limits.

    • Port mirroring—Port mirroring copies packets entering or exiting a port or entering a VLAN and sends the copies to a local interface for local monitoring. You can use port mirroring to send traffic to applications that analyze traffic for purposes such as monitoring compliance, enforcing policies, detecting intrusions, monitoring and predicting traffic patterns, correlating events, and so on.

  • Bypass loopback with firewall filter tunnel encapsulation (MX Series)—Starting in Junos OS Release 17.3R1, static filter based generic routing encapsulation (GRE) tunnels no longer use a loopback stream for transit traffic. The new default, which allows for increased bandwidth utilization on MPCs using the MX Series chipset, is to skip the loopback. In addition, support for IPv4 as the outer IP is available (the inner payload supports both IPv4 and IPv6). Egress sampling on the outer header is not affected. This change does not apply to GRE in UDP or to dynamic tunnels.

    This change applies to the following filter-based tunneling commands in the CLI:

    set firewall family inet6 filter filter term term then encapsulate tunnel

    set firewall tunnel-end-point tunnel ipv4 source-address ipv4 address

    set firewall tunnel-end-point tunnel ipv4 destination-address ipv4 address

    set firewall tunnel-end-point tunnel gre

    [See Filter-Based Tunneling Across IPv4 Networks.]

  • Hop-limit firewall filter match condition supported (PTX1000)—Starting in Junos OS Release 17.3R1, you can configure a firewall filter using the hop-limit and hop-limit except match conditions for IP version 6 (IPv6) traffic (family inet6).

    Note

    The hop-limit and hop-limit except match conditions are supported on PTX1000 routers when enhanced-mode is configured on the router.

    [See Firewall Filter Match Conditions for IPv6 Traffic.]

  • Support for Hop-limit firewall filter match condition (PTX10008)—Starting in Junos OS Release 17.3R1, you can configure a firewall filter using the hop-limit hop-limit and hop-limit except hop-limit match conditions for Internet Protocol version 6 (IPv6) traffic (family inet6).

    Note

    The hop-limit hop-limit and hop-limit except hop-limit match conditions are supported on PTX series routers when you configure the network-services mode as enhanced-mode on the router.

    For more information, see Firewall Filter Match Conditions for IPv6 Traffic.

Routing Protocols

  • Support for timing and synchronization on Terabit Inteface card (MX10003)—Starting in Junos OS Release 17.3R1, 12x QSFP28 Terabit Inteface card (TIC) in MX10003 routers support the following timing and synchronization features:

    • SyncE support with ESMC—Synchronized Ethernet with Ethernet synchronization Message Channel (ESMC) is supported as per the ITU G.8264 specification. ESMC is a logical communication channel. It transmits synchronization status message information, which is the quality level of the transmitting synchronous Ethernet equipment clock, by using ESMC protocol data units.

    • PTP support—Precision Time Protocol (PTP), also known as IEEE 1588v2, is a packet-based technology that enables the operator to deliver synchronization services on packet-based mobile backhaul networks. IEEE 1588 PTP (Version 2) clock synchronization standard is a highly precise protocol for time synchronization that synchronizes clocks in a distributed system. The time synchronization is achieved through packets that are transmitted and received in a session between a master clock and a slave clock. One step clock mode operation for the master clock is supported.

    • BITS (T1/E1) Interface support—BITS support for input and output on T1/E1 framed and 2.048MHz unframed clock input.

    • GPS external clock interface and TOD support—GPS input and output support for 1 MHz/5 MHz/10 MHz and PPS signal .

    [See Ethernet Synchronization Message Channel Overview].

  • Routing protocol process (rpd) recursive resolution over multipath (MX Series)—Starting in Junos OS Release 17.3R1, when a BGP prefix that has a single protocol next hop is resolved over another BGP prefix that has multiple resolved paths (unilist), all the paths are selected for protocol next-hop resolution. In prior Junos OS releases, only one of the paths is picked for protocol next-hop resolution. This new feature benefits densely connected networks where BGP is used to establish infrastructure connectivity such as WAN networks with high equal-cost multipath and seamless MPLS topology.

    To configure recursive resolution over multipath, define a policy that includes the multipath-resolve action at the [edit policy-options policy-statement policy-name then] hierarchy level and import the policy at the [edit routing-options resolution rib rib-name] hierarchy level.

    Currently, if you apply the policy on bgp.l2vpn.0 only, the RIB, also known as the routing table reflects recursively resolved multiple paths only in the control plane, you need to explicitly apply the policy on mpls.0 to reflect recursively resolved multiple paths on the data plane also.

    [See Configuring Recursive Resolution over BGP Multipath.]

  • Redistribution of IPv4 routes over IPv6 routes into BGP (MX Series)—Starting in Release 17.3R1, Junos OS devices can forward IPv4 traffic over an IPv6-only network, which generally cannot forward IPv4 traffic. As described in RFC 5549, IPv4 traffic is tunneled from CPE devices to IPv4-over-IPv6 gateways. These gateways are announced to CPE devices through anycast addresses. The gateway devices then create dynamic IPv4-over-IPv6 tunnels to remote CPE devices and advertise IPv4 aggregate routes to steer traffic. Route reflectors with programmable interfaces inject the tunnel information into the network. The route reflectors are connected through IBGP to gateway routers, which advertise the IPv4 addresses of host routes with IPv6 addresses as the next hop. Currently the dynamic IPv4-over-IPv6 tunnel feature does not support unified ISSU.

    To configure a dynamic IPv4-over-IPv6 tunnel, include the dynamic-tunnels statement at the [edit routing-options] hierarchy level.

    [See Understanding Redistribution of IPv4 Routes with IPv6 Next Hop into BGP.]

  • Support for IS-IS SPRING and RSVP coexistence (MX Series)—Starting in Junos OS Release 17.3R1, the routing protocol process (rpd) takes into account the bandwidth used by SPRING traffic to calculate the balance bandwidth available for RSVP-TE. The allocated bandwidth for RSVP is periodically modified based on the traffic on the SPRING interface and its bandwidth utilization. To configure automatic bandwidth calculation, include the auto-bandwidth template statement at the [edit routing-options] hierarchy level. You can apply the auto-bandwidth template configuration either globally at the [edit protocols isis source-packet-routing traffic-statistics] hierarchy level or at the [edit protocols isis interface interface-name] hierarchy level. This feature is useful for networks that are moving to SPRING but also have RSVP deployed, and continue to use both SPRING and RSVP.

    [See auto-bandwidth.]

  • Support for BGP large communities (MX Series)—Starting in Junos OS Release 17.3R1, BGP community is enhanced to support a BGP large community, which uses 12-byte encoding. The most significant 4 bytes encode an autonomous system number or global administrator and the remaining two 4 bytes encode operator defined local values. Currently, BGP normal community (4 byte) and BGP extended community (6 byte) provide limited support for BGP community attributes after the introduction of a 4 byte autonomous system number. Configure the large BGP community attributes at the [edit policy-options community community-name members] hierarchy level and at the [edit routing-options static route route community] hierarchy level with keyword large followed by three 4-byte unsigned integers separated by colons. The attributes are represented as large:autonomous system number:local value 1:local value2.

    [See Understanding BGP Communities, Extended Communities, and Large Communities as Routing Policy Match Conditions]

  • Support for inline Two-Way Active Measurement Protocol (TWAMP) server and client on MX10003 routers—Starting in Junos OS Release 17.3R1, supports the inline Two-Way Active Measurement Protocol (TWAMP) control-client and server for transmission of TWAMP IPv4 UDP probes between the session-sender (control-client) and the session-reflector(server). The TWAMP control-client and server can also work with a third-party server and control-client implementation. TWAMP is an open protocol for measuring network performance between any two devices that support TWAMP.

Security

  • Secure boot (MX10003)—Starting in Junos OS Release 17.3R1, a significant system security enhancement, secure boot, has been introduced. The secure boot implementation is based on the UEFI 2.4 standard. The BIOS has been hardened and serves as a core root of trust. The BIOS updates, the bootloader, and the kernel are cryptographically protected. secure boot is enabled by default on supported platforms.

Services Applications

  • ECDSA authentication for IKE SA and AES-GCM encryption for IPsec SA (MX Series routers with MS-MPCs and MS-MICs)—Starting in Junos OS Release 17.3R1, you can configure the Elliptic Curve Digital Signature Algorithm (ECDSA) authentication method for an IKE security association (SA) and the Advanced Encryption Standard in Galois/Counter Mode (AES-GCM) encryption algorithm for an IPsec SA for MS-MPCs and MS-MICs. Junos OS supports the ECDSA 256-bit and 384-bit moduli methods and the AES-GCM 128-bit, 192-bit, and 256-bit encryption algorithms.

    [See Configuring IKE Proposals and Configuring IPsec Proposals.]

  • Support for IPv6 GRE tunnels (MX Series)—Starting in Junos OS Release 17.3R1, you can configure IPv6 generic routing encapsulation (GRE) tunnel interfaces on MX Series routers. This lets you run a GRE tunnel over an IPv6 network. Packet payload families that can be encapsulated within the IPv6 GRE tunnels include IPv4, IPv6, MPLS, and ISO. Fragmentation and reassembly of the IPv6 delivery packets is not supported.

    To configure an IPv6 GRE tunnel interface, specify IPv6 addresses for source and destination at the [interfaces gr-0/0/0 unit 0 tunnel] hierarchy level.

    [See GRE Keepalive Time Overview.]

  • Increased number of IPv4 RPM probes (MX Series with MS-MPCs and MS-MICs)—Starting in Junos OS Release 17.3R1, you can increase the number of IPv4 icmp-ping and icmp-ping-timestamp real-time performance monitoring (RPM) probes that can run simultaneously. Use the delegate-probes statement to configure an MS-MPC or MS-MIC services interface to perform the RPM processing for the probes, enabling more probes to run simlutaneously.

    [See Configuring RPM Probes.]

  • Inline TWAMP requester support (MX2010 and MX2020 routers)—Starting in Junos OS Release 17.3R1, MX2010 and MX2020 routers support the inline Two-Way Active Measurement Protocol (TWAMP) control-client and session-sender for transmission of TWAMP probes using IPv4 between the sender (control-client or session-sender) and the receiver (server or session-reflector). The control-client and session-sender reside on the same router. The TWAMP control-client can also work with a third-party server implementation.

  • Support for enhancing the current Inline JFlow scale limits for XL-based and EA-based linecards for MX routers—Starting in Junos OS Release 17.3R1, the ipv4-flow-table-size, ipv6-flow-table-size, vpls-flow-table-size, and mpls-flow-table-size allow upto 245 flow-table-size to support 64M flows at the [edit chassis fpc slot-number inline-services flow-table-size] hierarchy level. The existing limit on flow-export-rate under inline-jflow for each family in the sampling instance is increased to 3200 from 400.

  • Support for Inline services (MX150)—Starting in Junos OS Release 17.3R1, the MX150 supports inline active flow monitoring services. Inline active flow monitoring provides for higher scalability and performance and is implemented on the Packet Forwarding Engine. Version 9 template and IP Flow Information Export (IPFIX) template are supported to define a flow record template suitable for IPv4 or IPv6 traffic.

    [See Understanding Inline Active Flow Monitoring]

  • RPM support for IPsec and GRE tunnels (MX Series router with MS-MPCs and MS-MICs)—Starting in Junos OS Release 17.3R1, you can apply real-time performance monitoring (RPM) to IPsec tunnels and GRE tunnels for PIC-based and Routing Engine based RPM clients and servers if you are using MS-MPCs or MS-MICs. Packet Forwarding Engine based RPM is not supported for IPsec tunnels. Support of RPM on IPsec tunnels enables service-level agreement (SLA) monitoring for traffic transported in IPsec tunnels.

    [See Real-Time Performance Monitoring Services Overview.]

  • NAT with deterministic IP address and port mapping (MX Series routers with MS-MPCs and MS-MICs)—Starting in Junos OS Release 17.3R1, support for deterministic NAT mapping for NAPT44 is extended to the MS-MPC and MS-MIC. Deterministic NAT mapping ensures that a given internal IP address and port are always mapped to the same external IP address and port range, and the reverse mapping of a given translated external IP address and port are always mapped to the same internal IP address. Deterministic NAT mapping eliminates the need for logging address translations.

    [See Configuring Deterministic NAPT.]

  • Support for TWAMP server and client (MX150)—Starting in Junos OS Release 17.3R1, the MX150 supports the inline Two-Way Active Measurement Protocol (TWAMP) control-client and server for transmission of TWAMP IPv4 UDP probes between the session-sender (control-client) and the session-reflector (server). The TWAMP control-client and server can also work with a third-party server and control-client implementation. TWAMP is an open protocol for measuring network performance between any two devices that support TWAMP.

    [See Two-Way Active Measurement Protocol Overview.]

  • Increase in IKE tunnel setup rate (MX Series routers with MS-MPCs and MS-MICs)—Starting in Junos OS Release 17.3R1, the IKE tunnel setup rate has increased if you are using MS-MPCs or MS-MICs. This increase is the result of moving the public key cryptographic operations to the MS-MPC or MS-MIC.

    [See Understanding Junos VPN Site Secure.]

  • Maximum number of RPM probes increased (MX Series routers)—Starting in Junos OS Release 17.3R1 and 17.2R2, you can configure the maximum allowed number of concurrent real-time performance monitoring (RPM) probes on an MX Series router to be as high as 2000. In Junos OS Release 17.2R1 and earlier, you can configure the maximum number to be as high as 500.

    [See Limiting the Number of Concurrent RPM Probes.]

Software Defined Networking (SDN)

  • Support for Junos Node Slicing on MX480 routers—Starting with Junos OS Release 17.3R1, MX480 routers support Junos Node Slicing. Junos node slicing is the capability to partition an MX Series router to make it appear as multiple, independent routers. Each partition has its own independent Junos OS control plane and dataplane, which run as a virtual machine (VM), and a dedicated set of line cards. Each partition is called a guest network function (GNF). In the node slicing setup, the MX Series router functions as the base system (BSYS). Junos node slicing enables the convergence of multiple services on a single physical infrastructure while avoiding the operational complexity involved.

    [See Junos Node Slicing.]

  • Support for OpenDaylight (ODL) controller on MX Series routers—Starting with Junos OS Release 17.3R1, MX Series router supports OpenDaylight (ODL) controller (Boron-SR1 release), which provides an open source platform for network programmability aimed at enhancing software-defined networking (SDN). The ODL controller provides a southbound Network Configuration Protocol (NETCONF) connector API, which uses NETCONF and YANG models to interact with a network device. You can use the ODL controller to orchestrate and provision MX Series routers, and execute remote procedure calls (RPCs) to the routers to get state information. Also, the ODL controller enables you to carry out configuration changes in the routers. To configure the ODL controller to interoperate with MX Series routers, include the netconf rfc-compliant and netconf yang-compliant statements at the [edit system services] hierarchy level.

    [See Configuring Interoperability Between MX Series Routers and OpenDaylight]

  • Advanced Forwarding Interface (AFI) API is available for vMX routers–Starting in Junos OS Release 17.3R1, the Advanced Forwarding Interface (AFI) version 1.0 is available for vMX routers. AFI APIs are provided as C++ APIs only. The APIs allow developers to interact with the Packet Forwarding Engine by accessing a section of the forwarding path from within a sandbox to affect the traffic that enters that part of the path. The sandbox is provided by Junos OS after CLI-based configuration and has one or more pairs of input and output ports that represent the points along the forwarding path at which the AFI clients enter and exit the path to do their work.

Subscriber Management and Services

  • Support for excluding tunnel attributes from RADIUS Access-Request messages (MX Series)—Starting in Junos OS Release 17.3R1, you can use the exclude statement at the [edit access profile profile-name radius attribute] hierarchy level to exclude the following tunnel attributes from RADIUS Access-Request messages in addition to the previously supported Accounting-Start and Accounting-Stop messages:

    • acct-tunnel-connection—RADIUS attribute 68, Acct-Tunnel-Connection

    • tunnel-assignment-id—RADIUS attribute 82, Tunnel-Assignment-Id

    • tunnel-client-auth-id—RADIUS attribute 90, Tunnel-Client-Auth-Id

    • tunnel-client-endpoint—RADIUS attribute 66, Tunnel-Client-Endpoint

    • tunnel-medium-type—RADIUS attribute 65, Tunnel-Medium-Type

    • tunnel-server-auth-id—RADIUS attribute 91, Tunnel-Server-Auth-Id

    • tunnel-server-endpoint—RADIUS attribute 67, Tunnel-Server-Endpoint

    • tunnel-type—RADIUS attribute 64, Tunnel-Type

    [See Configuring How RADIUS Attributes Are Used for Subscriber Access.]

  • Clearing accounting option statistics from the Packet Forwarding Engine (MX Series)—Starting in Junos OS Release 17.3R1, you can issue the clear interfaces statistics interface-name command to clear counters for accounting statistics received on the logical interface from the Packet Forwarding Engine. The existing statistics are stored as the new current baseline statistics and the counters are reset to zero. This applies to interfaces for which accounting statistics are collected as specified by the interface-profile statement at the [edit accounting-options] hierarchy level.

    Include the allow-clear statement in the interface profile to enable reporting of the cleared (new current baseline) statistics to the accounting flat file. Reporting is disabled by default. When you clear statistics for an interface that does not have this statement in its interface profile, the CLI displays the statistics as cleared, but this is not reported to the flat file.

    [See Configuring the Interface Profile.]

  • Filter actions extended to dynamic filters (MX Series)—Starting in Junos OS Release 17.3R1, you can include the dscp value action for the inet address family and the traffic-class value action for the inet6 address family in dynamic, parameterized filters. This means that you can configure a user-defined dynamic variable or a static value for the action value. In earlier releases, these actions are supported only for static (nonparameterized) filters.

    [See Parameterized Filter Nonterminating and Terminating Actions and Modifiers.]

  • Support for inline IP reassembly on GRE tunnel interfaces (MX Series routers with MPCs)—Starting in Junos OS Release 17.3R1, you can configure fragmentation and inline reassembly of generic routing encapsulation (GRE) packets on GRE tunnel interfaces on MX Series routers with the following Modular Port Concentrators: MPC7E, MPC8E, and MPC9E.

    [See Enabling Fragmentation and Reassembly on Packets After GRE-Encapsulation]

  • Limiting subscribers based on client type for different hardware elements (MX Series)—Starting in Junos OS Release 17.3R1, use the subscribers-limit stanza at the [edit system services resource-monitor] hierarchy level to configure the maximum number of subscribers by client type (DHCP, L2TP, PPPoE, or the sum of all three) that are allowed per chassis, MPC, MIC, and port. Subscriber login is denied when the number of subscribers having that type exceeds the configured limit. This feature ensures that the number of subscribers per hardware element does not exceed the number that your network can serve with stability at the desired bandwidth. When the limit is reached for a hardware element, new subscribers can connect to another hardware element in the same broadcast domain. When you configure the limit on one or more legs of an aggregated Ethernet interface, login is denied if the subscriber count exceeds the value on any of the legs.

    Use the show system resource-monitor subscribers-limit command to display information about subscriber limits.

    [See Limiting Subscribers by Client Type and Hardware Element with Resource Monitor.]

  • Support for sending LAC NAS-port and LAC IP-address attributes to RADIUS for MX Routers—Starting in Junos OS Release 17.3R1, you can override the following at the [edit access profile set radius options override] hierarchy level:

    • nas-port with the LAC side nas-port information.

    • nas-ip-address with the l2tp LAC endpoint IP address information.

  • Support for load-based throttling of subscribers (MX Series)—Starting in Junos OS Release 17.3R1, the no-load-throttling statement disables line card load-based throttling when configured at the [edit system services resource-monitor] hierarchy level. Load-based throttling is also disabled when the no-throttle statement is configured at the [edit system services resource-monitor] hierarchy level.

  • DDoS protection flow detection for enhanced subscriber management (MX Series Routers)—Starting in Junos OS Release 17.3R1, enhanced subscriber management supports flow detection for DDoS protection. Enable flow detection by including the flow-detection statement at the [edit system ddos-protection global] hierarchy level. Flows that violate a DDoS protection policer are tracked as suspicious flows; they become culprit flows when they violate the policer bandwidth for the duration of a configurable detection period. Culprit flows are dropped, kept, or policed to below the allowed bandwidth level. Suspicious flow tracking stops if the violation stops before the detection period expires.

    Most flow detection attributes are configured at the packet level or flow aggregation level of the CLI hierarchy ([edit system ddos-protection protocols protocol-group packet-type]). By default, flow detection automatically generates reports for events associated with the identification and tracking of culprit flows and bandwidth violations. Use commands at the show ddos-protection hierarchy level and culprit-flows or culprit-flows detail to display flow detection information and statistics on the basis of protocol, packet type, or subscriber management.

    [See DDoS Protection Flow Detection Overview ]

  • Excluding channel information from interface descriptions (MX Series)—Starting in Junos OS Release 17.3R1, you can exclude channel information from being reported by default in the description for channelized interfaces that are included in RADIUS attributes such as NAS-Port-ID (87) and Calling-Station-ID (31). In earlier releases, you can exclude only adapter (PIC) and subinterface (logical interface number) information from an interface description.

    [See Interface Text Descriptions for Inclusion in RADIUS Attributes.]

  • BPCEF phase 2 enhancements (MX Series)—Starting in Junos OS Release 17.3R1, support for additional OCS and PCRF features are added using Gy and Gx protocols. The new statements:

    • accept-sdr is added for PCRF partition at the [edit access pcrf partition partition-name] hierarchy level.

    • alternative-diameter-partition is added for OCS partition at the [edit access ocs partition partition-name] hierarchy level.

    [See Understanding Gx Interactions Between the Router and the PCRF and Configuring the Diameter Transport.]

  • System logs and traps added for Diameter peer connect/disconnect state changes (MX Series)—Starting in Junos OS Release 17.3R1, the following event options related to Diameter peer connect and disconnect events are available to raise a trap when the corresponding state change occurs:

    • jdiameterd_dne_state_connected—Diameter network element (DNE) connected over a single peer.

    • jdiameterd_dne_state_fully_connected—DNE connected through at least two peers.

    • jdiameterd_dne_state_disconnected—DNE lost its connection.

    • jdiameterd_peer_premiership_acquired—Peer became primary for DNE.

    • jdiameterd_peer_premiership_released—Peer stopped being primary for DNE.

    • jdiameterd_peer_state_down—Peer is closing.

    • jdiameterd_peer_state_open—Peer reached i-open state.

    • jdiameterd_peer_state_suspected—Peer is downgraded to suspected state.

    You can configure these at the [edit event-options policy policy-name] hierarchy level. Each of the event traps generates a corresponding ERRMSG system log.

    [See System Log Explorer.]

  • Diameter peers and transports support IPv6 addresses (MX Series)—Starting in Junos OS Release 17.3R1, you can use IPv6 addresses for Diameter peers and transport connections. You must configure the same address family type for corresponding peers and transport connections. In earlier releases, only IPv4 addresses are supported, requiring the use of NAT to enable peering between IPv4 and IPv6 Diameter nodes.

    [See Configuring Diameter Peers and Configuring the Diameter Transport.]

  • Support for concurrent subscriber secure policy and FlowTapLite (MX Series)—Starting in Junos OS Release 17.3R1, you can enable both DTCP-based flow-tap services on tunnel interfaces (FlowTapLite) and DTCP-initiated and RADIUS-initiated subscriber secure policies concurrently on the same router. Concurrent support enables using DTCP for monitoring both dynamic subscribers and static logical interfaces for business subscribers, as in a Layer 2-based wholesale topology that uses Extensible Subscriber Services Manager (ESSM). In earlier releases, concurrent use of subscriber secure policies and FlowTapLite is not supported.

    [See Guidelines for Configuring Subscriber Secure Policy Mirroring.]

  • Disabling RADIUS-initiated subscriber secure policy mirroring (MX Series)—Starting in Junos OS Release 17.3R1, you can use the dtcp-only statement to prevent RADIUS-initiated subscriber secure policy mirroring from being enabled, while allowing both DTCP-initiated mirroring and DTCP-based flow-tap services (FlowTapLite) to be enabled. Requests from RADIUS to attach a subscriber secure policy (mirroring service) to a subscriber are rejected. This statement has no effect on existing RADIUS-initiated mirroring services. You must issue the statement before such services are activated for a subscriber. Subscriber login and session establishment are not affected.

    [See Disabling RADIUS-Initiated Subscriber Secure Policy Mirroring.]

  • Appending subscriber information to redirect URLs (MX Series)—Starting in Junos OS Release 17.3R1, you can append information about the subscriber retrieved from the subscriber session database when the redirect URL is returned to the HTTP client. You specify the attributes in the redirect URL format in the Activate-Service VSA (26–65) or Deactivate-Service VSA (26–66) included in the RADIUS Access-Accept message when the subscriber is authenticated or in a Change of Authorization (CoA) message. Only the following attributes are supported: subscriber IP or IPv6 address, NAS IP address, requested URL, NAS port ID, MAC address, subscriber session ID, and username.

    [See Adding Subscriber Information to HTTP Redirect URL.]

  • HTTP status code 307 support (MX Series)—Starting in Junos OS Release 17.3R1, the HTTP status code returned with the redirect URL by the redirect server depends on the HTTP version used by the HTTP client that sent the GET message. When the version is later than 1.0, the 307 (Temporary Redirect) status code is returned. When the version is 1.0, the 302 (Found) status code is returned. In earlier releases, only the 302 status code is returned with the redirect URL. Both codes inform the HTTP client to use the original URL for subsequent GET requests.

    [See HTTP Redirect Service Overview.]

  • Subscriber management support for Junos Node Slicing—Starting with Junos OS Release 17.3R1, the MX Series routers that have Junos Node Slicing configured support all subscriber management features and services. Subscriber management provides capabilities such as subscriber access, authentication, and service creation, activation, and deactivation. The subscriber management services include DHCP, PPP, L2TP, VLAN, and pseudowire. However, in this release, the subscriber management services for Junos Node Slicing do not include advanced services and do not support unified in-service software upgrade (unified ISSU).

  • Support for Broadband Edge on MX10003 routers—Starting in Junos OS Release 17.3R1, MX10003 supports the next-generation broadband edge software architecture for wireline subscriber management. With enhanced subscriber management, you can take advantage of optimized scaling and performance for configuration and management of dynamic interfaces and services for subscriber management.

Virtual Chassis

  • Support for host infrastructure(MX10003)—Starting in Junos OS Release 17.3R1, MX10003 supports host infrastructure that can launch Junos OS virtual machine (VM) based on configuration data, monitor and manage the VM and the host-networking infrastructure, support Junos OS and host software upgrade, collect hardware errors for Junos OS error reporting and act as a proxy to Junos OS for executing host operations. Only one VM is supported per Routing Engine.

Changes in Behavior and Syntax

This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands from Junos OS Release 17.3R3 for MX Series routers.

Class of Service

  • Junos commit notification of unsupported configuration—Junos OS does not support changing the hierarchical-scheduler mode of a logical tunnel interface, or redundant logical tunnel interface, if an active pseudowire subscriber interface is attached to it. A commit error has now been added to provide the notification.

EVPNs

  • commit check command successful with trunk port and EVPN-MPLS/EVPN-VXLAN EVI configured—Starting in Junos OS Release 17.3R1, when adding a trunk port with dual tags to an EVPN and MPLS routing instance, or an EVPN and VXLAN routing instance, the CLI commit check configuration considers the inner-vlan-id-list statement and is successful.

  • Changes in the output of show route table command—Starting in Junos OS Release 17.3R2, the output for show route table no longer displays the loopback address as the route distinguisher for MAC address virtual routing and forwarding (MAC-VRF) routing instances route entries. Instead, the output now displays the route distinguisher for the evpn and virtual switch instance type.

  • Support for LSP on EVPN-MPLS—Starting in Junos OS Release 17.3R3, Junos supports the mapping of EVPN traffic to specific label-switched paths (LSPs). Prior to this release, the traffic policies mapping extended community to specific LSPs did not work properly.

  • Changes in the show route extensive output—Starting in Junos OS Release 17.3R3, the output for show route extensive displays unknown evpn, opaque, and experimental extended communities as follows:

    • EVPN: unknown iana evpn 0xtype:0xsubtype:0xvalue

    • OPAQUE: unknown iana opaque 0xtype:0xsubtype:0xvalue

    • EXP: unknown 0xtype:0xsub-type:0xvalue

    where type, sub-type, and value are defined in RFC 4360 BGP Extended Communities Attribute, RFC7153 IANA Registries for BGP Extended Communities. Internet Assigned Numbers Authority (IANA) maintains a registry with information on the type and subtype field values at https://www.iana.org/assignments/bgp-extended-communities/bgp-extended-communities.xhtml

General Routing

  • MS-MPC and MS-MIC service package (MX240, MX480, MX960, MX2020, MX2010, and MX2008)—PICs of the MS-MPC and MS-MIC do not support any service package other than extension-provider. If you try to configure any other service package for these PICs by using the set chassis fpc slot-number pic pic-number adaptive-services service-package command, an error is logged. Use the show chassis pic fpc-slot slot pic-slot slot command to view the service package details of the PICs.

    [See extension-provider.]

  • Change in boot up behavior(MX10003)—Starting in Junos OS Release 17.3R1, when the MPC is removed and plugged into the slot, the MPC is brought online automatically. In Junos OS 17.3R1 prior releases, the MPC could be brought online only after issuing the request chassis fpc slot number online command.

  • Commit preparation on MX-VC setup—On MX Series virtual chassis setup, you see the following:

    • When you issue commit prepare on one Routing Engine followed by switchover, the Routing Engine where the switchover command is issued reboots. Therefore, the prepared cache gets cleared in that Routing Engine.

    • clear system commit prepared clears the plus files and prepared cache only in the device where the command is issued.

  • Support for deletion of static routes when the BFD session goes down (MX Series)—Starting with Junos OS Release 17.3R1, the default behavior of the static route at the [edit routing-options static static-route bfd-admin-down] hierarchy level is active. So, the static routes are deleted when the BFD receives a session down message.

  • Zero MAC address (00:00:00:00:00:00) treated as "my mac" (MX Series)—When an Ethernet packet arrives in ingress, pre-classifier engine will perform a lookup of MAC address. If the MAC address matches an entry in the pre-classifier Ternary Content Addressable Memory (TCAM) and the entry has “my mac” attribute, pre-classifier engine will set the “my mac” bit in the cookie prepended to the incoming packet. In current implementation, MAC address “00:00:00:00:00:00” (zero MAC) is programmed as default value for “my mac” TCAM entries when the pre-allocated entries are not used or configured. Hence the packets with zero MAC are marked as “my mac” in the packet cookie. Forwarding engine will check “my mac” bit in the packet cookie. If “my mac” bit is 0, the packet will be dropped. If “my mac” bit is 1, further L2, L3, MPLS lookup will be performed. The “my mac” behavior is applicable since the day one release.

High Availability (HA) and Resiliency

  • Command ‘show chassis in-service-upgrade’ not available (MX10003)—In this release, the command show chassis in-service-upgrade is not available for MX10003 routers. If you enter this command, the following output is shown: error: command is not valid on the JNP10003 [MX10003]. Earlier, the output shown for this command was error: Unrecognized command (chassis-control).

Infrastructure

  • Change in support for interface-transmit-statistics statement (MX Series)—You cannot configure aggregated Ethernet interfaces to capture and report the actual transmitted load statistics by using the interface-transmit-statistics statement. Aggregated Ethernet interfaces do not support reporting of the transmitted load statistics. The interface-transmit-statistics statement is not supported in the aggregated Ethernet interfaces hierarchy. In earlier releases, the interface-transmit-statistics statement was available in the aggregated Ethernet interfaces hierarchy but not supported.

Interfaces and Chassis

  • show chassis environment cb command not supported on MX10003 backup Routing Engine—In Junos OS Release 17.3R1, you cannot get the environmental information about the Control Boards (CBs) installed in an MX10003 because the router does not support the show chassis environment cb CLI command on a backup Routing Engine. No output is displayed if you execute this command on an MX10003 backup Routing Engine.

  • Recovery of PICs that are stuck because of prolonged flow controls (MS-MIC, MS-MPC, MS-DPC, MS-PIC 100, MS-PIC 400, and MS-PIC 500)—Starting in Junos OS Release 16.1R7, if interfaces on an MS-PIC, MS-MIC, MS-MPC, or MS-DPC are in stuck state because of prolonged flow control, Junos OS restarts the service PICs to recover them from this state. However, if you want the PICs to remain in stuck state until you manually restart the PICs, configure the new option up-on-flow-control for the flow-control-options statement at the [edit interfaces mo-fpc/pic/port multiservice-options] hierarchy level. In releases before Release 16.1R7, there is no action taken to recover service PICs from this state unless one of the options for the flow-control-options statement is configured, or service PIC is manually restarted.

Infrastructure

  • Change in support for interface-transmit-statistics statement (MX Series)—You cannot configure aggregated Ethernet interfaces to capture and report the actual transmitted load statistics by using the interface-transmit-statistics statement. Aggregated Ethernet interfaces do not support reporting of the transmitted load statistics. The interface-transmit-statistics statement is not supported in the aggregated Ethernet interfaces hierarchy. In earlier releases, the interface-transmit-statistics statement was available in the aggregated Ethernet interfaces hierarchy but not supported.

    [See interface-transmit-statistics.]

Management

  • Changes to custom YANG RPC syntax (MX Series)—Starting in Junos OS Release 17.3, custom YANG RPCs have the following changes in syntax:

    • The junos:action-execute statement is a substatement to junos:command. In earlier releases, the action-execute and command statements are placed at the same level, and the command statement is optional.

    • The CLI formatting for a custom RPC is defined within the junos-odl:format statement, which takes an identifier as an argument. In earlier releases, the CLI formatting is defined using a container that includes the junos-odl:cli-format statement with no identifier.

    • The junos-odl:style statement defines the formatting for different styles within the statement. In earlier releases, the CLI formatting for different styles is defined using a container that includes the junos-odl:cli-format and junos-odl:style statements.

  • Enhancement to show agent sensors command (MX Series) —Starting with Junos OS Release 17.3R1, the show agent sensors command, which displays information about Junos Telemetry Interface sensors, displays the default value of 0 for the DSCP and Forwarding-class values. Previously, the displayed default value for these fields was 255. The default value is displayed when you do not configure a DSCP or forwarding-class value for a sensor at the [edit services analytics export-profile profile-name] hierarchy level.

    [See export-profile and show agent sensors.]

MPLS

  • Starting in Junos OS Release 17.3R1, the previously hidden configuration statement, session, can be configured at the [edit protocols ldp] hierarchy level. This statement enables you to configure the LDP session parameters by specifying the session destination address.

    [See session.]

  • Support for inet.0 and inet.3 labeled unicast BGP route for protocol LDP (MX Series)--- Starting in Junos OS Release 17.3R3, LDP egress policy is supported on both inet.0 and inet.3 routing Information bases (RIBs) also known as routing table for labeled unicast BGP routes. If a routing policy is configured with a specific (inet.0 and inet.3) RIB, the egress policy is applied on the specified RIB. If no RIB is specified and a prefix is present on both inet.0 and inet.3 RIBs for labeled unicast BGP routes, then inet.3 RIB is preferred. However, prior to Junos OS Release 12.3R1 and starting with Junos OS Release 16.1R1, LDP egress policy is always preferred on inet.0 RIB and support for inet.3 RIB egress policy for labeled unicast BGP routes was disabled. In Junos OS Release 12.3R1 and later releases up to Junos Release 16.1R1, LDP egress policy was supported in inet.3 RIBs, in addition to inet.0 RIBs, for labeled-unicast BGP routes.

  • Disable M-LDP from using RSVP-TE LSPs for tunneling—Starting in Junos OS Release 12.3R1, Junos OS provides support for Multipoint LDP (M-LDP) for Targeted LDP (T-LDP) sessions with unicast replication, in addition to link sessions. As a result, the current default behavior of M-LDP over RSVP tunneling is similar to unicast LDP.

    However, because T-LDP is chosen over LDP and link sessions to signal point-to-multipoint LSPs, you can enable LDP natively throughout the network, so the point-to-multipoint LSPs take the LDP paths.

    [See p2mp (Protocols LDP).]

  • Starting in Junos OS Release 17.3R2-S2, the * (asterisk) wildcard character is supported for the interface name of the show ppp interfaces command for debugging purpose. With this support, you can match any string of characters in that position in the interface name. For example, so* matches all SONET/SDH interfaces.

    [See show ppp interface.]

  • Loss of traffic over bypass MPLS LSPs—If RSVP link or node protection is enabled along with global RSVP authentication, there is loss of traffic over bypass MPLS LSPs at the time of local repair, when the point of local repair (PLR) and the merge point devices have different versions of the Junos OS software installed on them. That is, one device is running a release prior to Junos OS Release 16.1, and the other device is running a release starting with Junos OS Release 16.1R4-S12.

Network Management and Monitoring

  • Enhancement to SMNPv3 traps for contextName field (MX Series)—Starting in Junos OS Release 17.3R1, the contextName field in SNMPv3 traps generated from a non-default routing instance, is populated with the same routing-instance information as is given in SNMPv2 traps. SNMPv2 traps provide the routing-instance information as context in the form of context@community. This information gives the network monitoring system (NMS) the origin of the trap, which is information it might need. But in SNMPv3, until now, the contextName field was empty. For traps originating from a default routing instance, this field is still empty, which now indicates that the origin of the trap is the default routing instance.

  • Enhancement to about-to-expire logic for license expiry syslog messages (MX Series)—Starting in Junos OS Release 17.3R1, the logic for multiple capacity type licenses and when their expiry raises alarms was changed. Previously, the behavior had alarms and syslog messages for expiring licenses raised based on the highest validity, which would mislead users in the case of a license expiring earlier than the highest validity license. The new behavior has the about-to-expire logic based on the first expiring license.

  • SNMP syslog messages changed (MX Series)—In Junos OS Release 17.3R1, two misleading SNMP syslog messages have been rewritten to accurately describe the event:

    • OLD --AgentX master agent failed to respond to ping. Attempting to re-register

      NEW –- AgentX master agent failed to respond to ping, triggering cleanup!

    • OLD –- NET-SNMP version %s AgentX subagent connected

      NEW --- NET-SNMP version %s AgentX subagent Open-Sent!

    [See the MIB Explorer.]

  • Change in default log level setting (MX Series)—In Junos OS Release 17.3R2, the following changes were made in default logging levels:

    Before this change:

    • SNMP_TRAP_LINK_UP was LOG_INFO for both the physical (IFD) and logical (IFL) interfaces.

    • SNMP_TRAP_LINK_DOWN was LOG_WARNING for both the physical (IFD) and logical (IFL) interfaces.

    After this change:

    • IFD LinkUp -> LOG_NOTICE (since this is an important message but less frequent)

    • IFL LinkUp -> LOG_INFO (no change)

    • IFD and IFL LinkDown -> LOG_WARNING (no change)

    [See the MIB Explorer.]

  • Customer-visible SNMP trap name changes (MX Series)—In Junos OS Release 17.3R2, on the Enhanced Switch Control Board (SCBE), name changes include the control board slot when jnxTimingFaultLOSSet and jnxTimingFaultLOSClear traps are generated in the case of BITS interfaces (T1 or E1). SNMP traps for the backup Routing Engine clock failure event have been added, and the control board name is included in the SNMP trap interface name (jnxClksyncIntfName), for example, value: "external(cb-0)".

    [See SNMP MIB Explorer.]

  • New context-oid option for trap-options configuration statement to distinguish the traps which come from a non-default routing instance and non-default logical system (MX Series)—In Junos OS Release 17.3R3, a new option, context-oid, for the trap-options statement allows you to handle prefixes such as <routing-instance name>@<trap-group> or <logical-system name>/<routing-instance name>@<trap-group> as an additional varbind.

    [See trap-options.]

  • A decrease in the MPLS label-switched path (LSP) statistics pauses the SNMP MIB mplsLspInfoAggrOctets count for one MPLS statistics gathering interval. In such cases, the mplsLspInfoAggrOctets value is updated only after completing one more interval of the MPLS statistics gathering.

Routing Protocols

  • Change in the default behavior of advertise-from-main-vpn-tables configuration statement—BGP now advertises EVPN routes from the main bgp.evpn .0 table. You can no longer configure BGP to advertise the EVPN routes from the routing instance table. In earlier Junos OS Releases, BGP advertised EVPN routes from the routing instance table by default.

    [See advertise-from-main-vpn-tables.]

  • Change in output of show configuration routing-options flow operational command—Starting in Junos OS Release 17.3R1, the sequence of statements in the output of show configuration routing-options flow operational command has changed to improve readability. The then statements are now displayed after the match conditions in a logical sequence.

  • BGP GR stale routes are not removed when BFD goes down—Starting in Junos OS Release 17.3R1, 17.2R2, 17.1R3, 16.2R3, 16.1R5, and 15.1R7, when a BGP session that has BFD configured without the hold-down-interval fails, the BFD session remains active. The BFD session is not impacted even when graceful restart is enabled. BGP deletes the BFD session when user explicitly disables BFD on a BGP peer. Note that BFD session is created only when a BGP session is Established. In earlier Junos OS releases, BFD sessions are deleted when the BGP session fails and the hold-down-interval option is not configured.

Security

  • Support for SSH protocol version 2—Starting in Junos OS Release 17.3R2, SSH protocol version 1 (SSHv1) is not supported. SSH protocol version 2 (SSHv2) is the default protocol-version option available under the [edit system services ssh] hierarchy level.

    [See protocol-version]

Services Application

  • Changes to the show services rpm history-results command (MX Series)—Starting in Junos OS Release 17.3R1, you must include the owner owner and test name options when using the show services rpm history-results command.

    [See show services rpm history-results.]

  • In Junos OS Release 17.3R1 and later, for PIC-based J-Flow on MX Series routers and inline J-Flow on PTX Series routers, the Options template and Options data records include the Sampling Interval field as part of the ScopeTemplate field instead of the ScopeSystem field.

Software Installation and Upgrade

  • ZTP is supported on MX PPC platforms (MX Series)—Starting in Junos OS Release 17.3R3, zero touch provisioning (ZTP) is supported on MX PPC platforms (which are MX5, MX10, MX40, MX80, and MX104 routers). Before the fix, the ZTP process did not start to load image and configuration for MX PPC routers.

    [See Junos OS Installation Package Names.]

Subscriber Management and Services

  • Source-specific multicast (SSM) CLI changes for dynamic IGMP and dynamic MLD (MX Series)—Starting in Junos OS Release 17.3R1, the ssm-map ssm-map-name statement at the [edit dynamic-profiles profile-name protocols (igmp | mld) interface interface-name] hierarchy level is deprecated and does not appear in the CLI. Instead, you define an SSM map policy with the policy-statement statement at the [edit policy-options] hierarchy level. Apply the policy for dynamic IGMP or dynamic MLD with the ssm-map-policy ssm-map-policy-name statement at the [edit dynamic-profiles profile-name protocols (igmp | mld) interface interface-name] hierarchy level.

    Before you upgrade from an earlier release with a configuration that includes ssm-map, delete the ssm-map statement. If you do not, the upgrade fails. If you perform the upgrade without validation (no-validate), the upgrade passes and the ssm-map configuration is accepted, but it has no effect.

    [See ssm-map-policy (Dynamic IGMP Interface) and ssm-map-policy (Dynamic MLD Interface).]

  • Memory mapping statement removed for Enhanced Subscriber Management (MX Series)—Starting in Junos OS Release 17.3R1, use the following command when configuring database memory for Enhanced Subscriber Management:

    set system configuration-database max-db-size

    CLI support for the set configuration-database virtual-memory-mapping process-set subscriber-management command has been removed to avoid confusion. Using the command for subscriber management now results in the following error message:

    WARNING: system configuration-database virtual-memory-mapping not supported. error: configuration check-out failed.

    [See Interface Configuring Junos OS Enhanced Subscriber Management for an example of how to use the max-db-size command.]

  • Change to ICRQ message inclusion of the ANCP Access Line Type AVP (MX Series)—Starting in Junos OS Release 17.3R2, the ICRQ message includes the ANCP Access Line Type AVP (145) when the received ANCP Port Up message includes a DSL-type of 0 (OTHER). In earlier releases, the AVP is not sent when the value is 0.

  • Support for IPv6 all-routers address in nondefault routing instance (MX Series)—Starting in Junos OS Release 17.3R3, the well-known IPv6 all-routers multicast address, FF02::2, is supported in nondefault routing instances. In earlier releases it is supported only for the default routing instance; consequently IPv6 router solicitation packets are dropped in nondefault routing instances.

  • Correction to CLI for L2TP tunnel keepalives (MX Series)—Starting in Junos OS Release 17.3R3, the CLI correctly limits to 3600 seconds the maximum duration that you can enter for the hello interval of an L2TP tunnel group. In earlier releases, the CLI allows you to enter a value up to 65,535, even though only 3600 is supported.

    See hello-interval (L2TP).

  • Wildcard supported for show subscribers agent-circuit-identifier command (MX Series)—Starting in Junos OS Release 17.3R3, you can specify either the complete ACI string or a substring when you issue the show subscribers agent-circuit-identifier command. To specify a substring, you must enter characters that form the beginning of the string, followed by an asterisk (*) as a wildcard to substitute for the remainder of the string. The wildcard can be used only at the end of the specified substring; for example:

    In earlier releases, starting with Junos OS Release 14.1, the command requires you to specify the complete ACI string to display the correct results. In Junos OS Release 13.3, you can successfully specify a substring of the ACI without a wildcard.

  • Changed behavior for framed routes without a subnet mask (MX Series)—Starting in Junos OS Release 17.3R3, the router connects the session but ignores a framed route when it is received from RADIUS in the Framed-Route attribute (22) without a subnet mask.

    In earlier releases, the router installs the framed route with a Class A, B, or C subnet mask depending on the value of the first octet. When the octet < 128, the mask is /8; when 128 <= octet < 192, the mask is /16; and when the octet >= 192, the mask is 24.

  • Bandwidth options match for inline services and tunnel services (MX Series)—Starting in Junos OS Release 17.3R3, you can configure the same bandwidth options for inline services with the bandwidth statement at the [edit chassis fpc slot-number pic number inline-services hierarchy level as you can configure for tunnel services with the bandwidth statement at the [edit chassis fpc slot-number pic number tunnel-services] hierarchy level.

    [See bandwidth (Inline Services) and bandwidth (Tunnel Services)]

User Interface and Configuration

  • Starting in Junos OS Release 17.3R3, the delegate probes are distributed evenly across the interval of 3 seconds to avoid the packet bursts in the network due to real-time performance monitoring (RPM). RPM syslogs are processed with the increase in the ramp up time of RPM delegates tests to 60 seconds. With RPM syslogs processed, the chances of multiple tests starting and ending at the same time are smaller, thus a potential restriction in event-processing.

  • Junos OS prohibits configuring ephemeral configuration database instances that use the name default (MX Series)—Starting in Junos OS Release 17.3R3, user-defined instances of the ephemeral configuration databases, which are configured using the instance instance-name statement at the [edit system configuration-database ephemeral] hierarchy level, do not support configuring the name default.

VLAN Infrastructure

  • LAG interface flaps while adding/removing a VLAN—From Junos OS Release 17.3 or later, the LAG interface flaps while adding or removing a VLAN. The flapping happens when a low-speed SFP is plugged into a relatively high-speed port. To avoid flapping, configure the port speed to match the speed of the SFP.

Known Behavior

This section contains the known behavior, system maximums, and limitations in hardware and software in Junos OS Release 17.3R3 for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Class of Service (CoS)

  • In Junos OS Release 17.2, egress rate limit at the extended port does not work properly when you have a rate-limit configuration applied at the extended port physical interface (IFD) level by traffic-control-profile-remaining and also at some of the extended port logical interfaces (IFL) by explicit traffic-control-profile in hierarchical-scheduler mode. PR1271719

EVPN

  • Routing instances of type EVPN configured with a VLAN ID will advertise MAC (type 2) routes with the VLAN value in the Ethernet tag field of the MAC route. As a workaround, use vlan-id-none to claim the RFC compliance. PR945247

  • A provider edge (PE) device running EVPN IRB with an IGP configured in a VRF associated with the EVPN instance will be unable to establish an IGP adjacency with a CE device attached to a remote PE device. The IGP instance running in the VRF on the PE device might be able to discover the IGP instance running on the remote CE device through broadcast or multicast traffic, but will be unable to send unicast traffic directly to the remote CE device. PR977945

  • In scaled up EVPN VPWS configurations (approximately 8000 EVPN VPWS), during Routing Engine switchover, rpd scheduler slip messages might be seen. PR1225153

  • Configurable udp-port for VXLAN in EVPN-VXLAN scenario is currently not supported. PR1249310

  • On an MX Series router running Junos OS, while migrating a routing instance from VPLS to EVPN, if an EVPN command (for example, control-word) is handled in a catastrophic manner by daemons (processes), traffic loss can occur while the control plane state is cleaned up and reconstructed. PR1268428

  • In a hub-and-spoke VPLS environment running Junos OS, if local switching is enabled on the hub-and-spoke PE devices migrated to EVPN (for which the hub remains VPLS-only), the following issue could occur: (1) Two copies of BUM traffic could be received at the spoke PE device (one copy through the EVPN next hop from the ingress spoke and the other copy through the VPLS pseudowire from the hub) and (2) MACs behind a spoke PE device would use the VPLS pseudowire to the hub as the next hop on the remote spoke PE devices (instead of the EVPN next hop). This issue occurs because the VPLS-only hub continues to provide an alternative forwarding path between the spoke PE devices (migrated to EVPN). PR1272449

  • An IPv6 underlay with an IPv6 overlay with IRB is not supported in a bridge domain, because having two IPv6 headers exceeds the 128-byte parcel size for the line card. PR1274709

  • In an EVPN network with VXLAN encapsulation configured for direct-nexthop mode ("pure type 5" mode without overlay gateway addresses), at least one type 5 route per VRF from a remote endpoint must be received and installed in the local routing table of a device, to enable the local device to forward inbound type 5 traffic received from the remote endpoint. If the local device has not installed at least one route with a next hop pointing toward a specific remote endpoint, type 5 VXLAN-encapsulated IP traffic sent by the remote endpoint toward the local device will not be forwarded correctly.PR1305068

  • When changing encapsulation from VXLAN to MPLS or vice versa, you need to deactivate and reactivate the instance. PR1326430

  • When the vxlan VNI is removed at remote PE device, the flood groups are cleaned up and the MAC routes are deleted. The router continues to accept traffic for the duration the remote node sends traffic to the VNI that is cleaned up. The show commands will reflect the VNI as valid until the tunnel to the remote PE device is deleted. No operational impact. PR1366983

  • When moving MACs between single or multi-homed locations in rapid succession, it is possible that some MACs might experience a delay before converging to the final expected state. This is due to the absence of the MAC mobility sequence number in Junos OS Release 17.4R1 and earlier releases. Mobility sequence number support in Junos OS Release 17.4R1 and later allows MAC moves to converge rapidly and deterministically. PR1369234

Forwarding and Sampling

  • Loopback filters: All counters associated with RE PROTECT IPv4 & IPv6 Filter are not getting cleared after deactivating its binding from Lo0 interface. PR1230761

General Routing

  • On MX Series routers, parity memory errors occur in the pre-classifier engines within an MPC. Packets silently discarded earlier are reported in syslogs and alarms when parity memory errors occur.

  • On an MX10003 router, when the management interface (fxp0 or em0) is down on the master Routing Engine, in addition to the Ethernet Link Down alarm, an additional Management Ethernet Link Down alarm is also raised.

  • A provider edge (PE) device running EVPN IRB with an IGP configured in a VRF associated with the EVPN instance will be unable to establish an IGP adjacency with a CE device attached to a remote PE device. The IGP instance running in the VRF on the PE device might be able to discover the IGP instance running on the remote CE device through broadcast or multicast traffic, but will be unable to send unicast traffic directly to the remote CE device. PR977945

  • On MX Series routers with MS-MPC or MS-MIC, memory leaks will be seen with jnx_msp_jbuf_small_oc object, upon sending millions of point-to-point tunneling protocol control connections (3-5M) alone at higher cells per second (cps) (greater than 150K cps). This issue is not seen with up to 50,000 control connections at 10,000-30,000 cps. PR1087561

  • NAT64: Source-prefix filtering and protocol filtering of the CGNAT sessions are incorrect. For example, show services sessions extensive protocol udp source-prefix <0:7000::2> displays incorrect filtering of the sessions. PR1179922

  • Chef for Junos OS supports additional resources to enable easier configuration of networking devices. These are available in the form of netdev-resources. The netdev-resource developed for interface configuration has a limitation to configure the XE interface. Netdev-interface resource assumes that speed is a configurable parameter that is supported on a GE interface but not on an XE interface. Hence, netdev-interface resource cannot be used to configure an XE interface due to this limitation. This limitation is applicable to packages chef-11.10.4_1.1.*.tgz chef-11.10.4_2.0_*.tgz in all platforms {i386/x86-32/powerpc}. PR1181475

  • As described in RFC 7130, when LACP is used and considers the member link to be ready to forward traffic, the member link must not be used by the load balancer until all the micro-BFD sessions of the particular member link are in the up state. PR1192161

  • In certain interface scaling scenarios, during configuration commit/rollback, you might see an fpcx error message. You can safely ignore this message because of the FPGA monitor mechanism on DPC cards for logical interface mapping (ifl_map). Between the deletion of a physical interface and the monitoring event, this mechanism checks through the stored logical interfaces. While the mechanism tries to find the family of a recently deleted logical interface that was not cleaned from the the ifl_map, harmless messages might populate the log file. PR1210877

  • The ptp master streams on IP and Ethernet are not supported simultaneously. PR1217427

  • There is no unified ISSU from Junos OS Release 15.1 and earlier releases to Junos OS Release 16.2R1. PR1222540

  • The following MICs in MPC2E-NG/MPC3E-NG are non PHY-Timestamping capable: MIC-3D-4XGE-XFP MIC3-3D-10XGE-SFPP, MIC-3D-2XGE-XFP, MIC-3D-20GE-SFP. The 2Way/T1/T4 time error can be up to +/-450 nsec in these MICs. PR1243646

  • When some route next hop has been created by the application, it is assumed that it can propagate to the rest of the system. KRT asynchronously picks up this state for propagation. There is no reverse indication to the application, if there was an error in propagating the state. The system is supposed to eventually reconcile. So, if SPRING-TE produces a <route> pair that looks legal from the application standpoint, but KRT is not able to download it to the kernel, because kernel rejected the next hop, the <route> sort of get stuck in routing protocol process (rpd). In the meantime, the previous version of the route (L-ISIS in this case) that was downloaded still lingers in the kernel and Packet Forwarding Engine. PR1253778

  • 1PPS TE/cTE performance metric can be as high as +/-550 nsec in MPC2E/3E NG QoS/3D 20x 1GE(LAN)-E,SFP with no PHY-timestamp and non-hybrid mode. PR1263235

  • This issue occurs when an interface comes online and both the OAM protocol and MKA protocol try to establish their respective sessions. Because of contention between these two protocols OAM takes down the interface and MKA fails to establishes a connection (because the interface is down, it cannot send out MKA packets). PR1265352

  • PCC controlled LSP metric not getting updated on the controller, PCE-delegated LSPs do not come up. PR1265864

  • On an MX Series router running Junos OS, while migrating a routing instance from VPLS to EVPN, if an EVPN command (for example, control-word) is handled in a catastrophic manner by daemons (processes), traffic loss can occur while the control plane state is cleaned up and reconstructed. PR1268428

  • In a hub-and-spoke VPLS environment running Junos OS, if local switching is enabled on the hub-and-spoke PE devices migrated to EVPN (for which the hub remains VPLS-only), the following issue could occur: (1) Two copies of BUM traffic could be received at the spoke PE device (one copy through the EVPN next hop from the ingress spoke and the other copy through the VPLS pseudowire from the hub) and (2) MACs behind a spoke PE device would use the VPLS pseudowire to the hub as the next hop on the remote spoke PE devices (instead of the EVPN next hop). This issue occurs because the VPLS-only hub continues to provide an alternative forwarding path between the spoke PE devices (migrated to EVPN). PR1272449

  • The device might not power up when crossover cables are used. We recommend using straight cables. PR1274613

  • An IPv6 underlay with an IPv6 overlay with IRB is not supported in a bridge domain, because having two IPv6 headers exceeds the 128-byte parcel size for the line card. PR1274709

  • On MX104 JTASK_SCHED_SLIP seen on committing randomly. PR1281016

  • On MX150 routers, if you connect an even-numbered port to another even-numbered port using external loopback, they cannot communicate with each other. On MX150 routers, ge-0/0/0,2,4,6,8,10 and xe-0/0/12 are identified as even-numbered ports. Also, if you connect an odd-numbered port to another odd-numbered port using external loopback, they cannot communicate with each other. On MX150 routers, ge-0/0/1,3,5,7,9,11 and xe-0/0/13 are identified as odd-numbered ports.

    For instance, if you connect port (ge-0/0/0) to port (ge-0/0/6) using external loopback, the two ports cannot communicate with each other. Also, if you connect port (ge-0/0/3) to port (ge-0/0/9) using external loopback, the two ports cannot communicate with each other. To configure external loopback, connect an even-numbered port (for instance, xe-0/0/12) to an odd-numbered port (for instance, xe-0/0/13).

  • Asymmetric cipher-suite configuration with aes256 and aes256-xpn on MACSec peer nodes mka session comes up. PR1332156

High Availability (HA) and Resiliency

  • MPC7E MPC8E and MPC9E line card restrictions for MX Series Virtual Chassis unified ISSU (MX Series)—MPC7E, MPC8E, and MPC9E line cards do not support unified ISSU in Junos OS Release 17.3R1 for MX Series Virtual Chassis configurations. These line cards must be removed or configured to power off during the MX-VC ISSU process. ISSU in Junos OS Release 17.3R1 is supported for MX Series standalone chassis configurations.

    [See Preparing for a Unified ISSU in an MX Series Virtual Chassis.]

Infrastructure

  • Executing a restart chassisd in a MX Series Virtual Chassis router with the following elements configured might result in generating a core file.

    • IGP - OSPF/OSPF3 (area 0, LFA) IS-IS (level 2, LFA) LDP synchronization IPv4 and IPv6.

    • IBGP - dual, redundant route reflection IPv4 and IPv6.

    • MPLS - LDP (IGP synchronization, track IGP metric) RSVP (node link protection, adaptive, auto bandwidth, refresh reduction).

    • L3VPN OSPF, OSPF3, BGPv4, BGPv6, RIPv2, static, MBGP, NGEN-MVPN, l3vpn cnh with ext space, any to any, hub and spoke, MPLS access, Ethernet access, multicast extranet, per VPN and per prefix labels, SRX-based network address translation, SRX-based firewall.

    • Direct Internet Access - EBGP.

    • CoS - BA/MF classification, policing or shaping, queuing or scheduling, hierarchical queuing, shaping, or scheduling, 8 traffic classes.

    • BFD, OAM, or CFM - liveness detection.

    • Load Balancing - L2 aggregate Ethernet, IP equal cost multi path, MPLS equal cost multi path.

    • High Availability - GRES/NSR, ISSU, fabric redundancy, tail end protection, BGP prefix independent convergence edge.

    • Security - loopback filter, arp policers, control plane traffic policers, urpf check with all feasible paths, TTL filtering, J-Flow or ipfix export only, SRX based DDOS. PR1352227

Interfaces and Chassis

  • Previously, the same IP address could be configured on different logical interfaces from different physical interfaces in the same routing instance (including master routing instance), but only one logical interface is assigned with the identical address after commit. There is no warning during the commit, only syslog messages indicating incorrect configuration. This issue is fixed and it is now not allowed to configure the same IP address (the length of the mask does not matter) on different logical interfaces. PR1221993

  • Convergence time for VRRP traffic is higher when the router or Routing Engine is rebooted in a single Routing Engine system. We recommend having a dual Routing Engine system with redundancy enabled. In this case, if the master Routing Engine is rebooted, the backup Routing Engine will take over mastership. There will not be any disruption in VRRP traffic. PR1270168

  • When an FPC with both core link and member link of an aggregated Ethernet interface (running VRRP) is restarted or offlined, the convergence time will be higher. PR1270811

  • Higher MTU configuration on an IRB than on the member link of its VLAN might bring down a VRRP session configured on the IRB. As a workaround, always have the MTU configured on the IRB of the VLAN be less than or equal to the MTU configured on its member links of the same VLAN because MX Series devices do not throw error or warning messages during configuration commit. PR1295763

  • In subscriber management scenario with PPPoE access models, during a unified ISSU, it is possible to lose a small number of active subscribers after the unified ISSU is completed if certain timing conditions occur. These timing conditions might trigger session database related discrepancies between the jpppd daemon and the underlying statesync infrastructure causing the subscriber record loss. These subscribers, however, should be able reconnect right away minimizing any service outage. PR1360870

MPLS

  • It takes longer to set-up L3 vpn egress protection starting from JUNOS version 16.1R1. PR1278535

  • When NG-MVPN is configured with RSVP provider tunnels and NSR is used, then the egress router for the tunnel might not correctly replicate some of the tunnel state to the backup routing engine, leading to temporary traffic losss during NSR failover for the affected tunnels. PR1293014

  • In Junos OS Release 17.1R1 or earlier releases, labels from within the following ranges can be used as incoming labels for static VPLS LSI-based services by default: R1. [29696 - 41983]; R2. [1000000 - 1048575]. In Junos OS Release 17.1R1 and later releases on a system operating in enhanced-IP mode, range R1 cannot be used any longer for static VPLS LSI-based services incoming label assignment by default. This limitation is applicable only for range R1 and is not applicable for range R2. The latter works on Junos OS Release 17.1R1 and later releases just as it does on previous Junos OS releases. PR1307402

Platform and Infrastructure

  • Oct 18 10:34:10 jtac-mx480-r2043 jlaunchd: commit-batch is thrashing, not restarted PR1284271

Routing Protocols

  • When a Junos OS aggregation gateway uses a IPv6 address as next hop for IPv4 aggregates announced to downstream, it might attract traffic prematurely before Packet Forwarding Engines are programmed with more specific IPv4 routes. This happens when the IPv6 address is advertised in BGP inet6-labeled-unicast family. PR1220235

  • PIM is not supported on a tunnel interface configured with an inet6 address. Configuring PIM over a tunnel interface with an inet6 address might cause the routing protocol process (rpd) to crash and generate a core file. PR1267570

  • In MX80 (unlike other MX Series), ospf spring is not supported. PR1272991

Services Application

  • Account Session ID, Interface Identifier, and Subscriber User Name trigger attributes are optimized for a scaled subscriber management environment. If you include any of the other, non-optimized, trigger attributes in a scaled subscriber management environment, a significant delay might be observed between the time when the DTCP ADD message is sent and the time when forwarding starts for the mirrored traffic. For example, if there are 10,000 subscriber sessions on the router, forwarding of the mirrored traffic might be delayed for 20 minutes. This delay occurs when you specify any non-optimized attribute, with or without any optimized attribute. The delay occurs regardless of the order of attributes in the DTCP packet. PR1269770

  • Broadband-edge platforms do not support service-set integration with dynamic profiles when the service set is representing a carrier-grade NAT configuration. As a workaround, you can use next-hop service set configurations and routing options to steer traffic to a multiservices (ms) interface where NAT functionality can be exercised. The following configuration snippet shows the basics of statically configuring the multiservices interface next hop and a next-hop service set. Traffic on which the service is applied is forced to the interface inside the network by configuring that interface as the next hop. This configuration does not show other routing-options or NAT configurations relevant to your network.

    [See Configuring Service Sets to be Applied to Services Interfaces.]

Software Installation and Upgrage

  • Unified ISSU with active BBE subscribers using advanced services supported only to 17.3R3 and later 17.3 releases—If you have active broadband edge subscribers that are using advanced services, you cannot perform a successful unified in-service software upgrade (ISSU) to a Junos OS 17.3 release earlier than 17.3R3. If you perform an ISSU to a 17.3 release earlier than 17.3R3, the advanced services PCC rules are not attached to subscribers.

  • Unified ISSU not supported with an active RPM configuration—If you have an active real-time performance monitoring (RPM) configuration, you cannot perform a successful unified in-service software upgrade (ISSU) to a Junos OS 17.3 release. The warning ISSU is not supported for RPM configuration appears.

Subscriber Management and Services

  • The all option is not intended to be used as a means to perform a bulk logout of L2TP subscribers. We recommend that you do not use the all option with the clear services l2tp destination, clear services l2tp session, or clear services l2tp tunnel statements in a production environment. Instead of clearing all subscribers at once, consider clearing subscribers in smaller group, based on interface, tunnel, or destination end point.

  • Before you make any changes to the underlying interface for a demux0 interface, you must ensure that no subscribers are currently present on that underlying interface. If any subscribers are present, you must remove them before you make changes.

Known Issues

This section lists the known issues in hardware and software in Junos OS Release 17.3R3 for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Class of Service (CoS)

  • A CoS scheduler update might fail when all of the following conditions are met:

    • Dynamic subscribers exist on an aggregated Ethernet bundle.

    • CoS traffic-control-profile or scheduler-map (or both) applied to these dynamic subscribers is from a static configuration.

    • The relevant static CoS is modified in the same configuration commit as a modification to the aggregated Ethernet bundle (either a leg add or leg remove) containing the subscribers.

    • The leg add or leg remove in the commit is the first or last leg to be added or removed from a line card.

    In this event, one of the following logs is displayed in the message system log: subscriber cos update not applied to interface <interface-name> status <id> or subscriber cos update not applied to interface-set <interface-set-name> status <id>. These messages indicate that the last update to the subscriber or interface set was not applied. As a workaround, remove the last CoS update, commit the configuration, reapply the CoS update, and commit the configuration. PR1276459

EVPN

  • The Layer 2 address learning process (l2-ald) might generate a core file in a scaled L2 setup, including bridge domain, VPLS, EVPN, and so on. The l2-ald core file usually follows a kernel page fault that recovers on its own. In some cases, a manual restart of the process is needed to recover logs: /kernel: %KERN-3-BAD_PAGE_FAULT: pid 69719 (l2ald), uid 0: pc 0x88beb5ce got a read fault at 0x6ca, x86 fault flags = 0x4 /kernel: %KERN-6: pid 69719 (l2ald), uid 0: exited on signal 11 (core dumped) init: %AUTH-3: l2-learning (PID 69719) terminated by signal number 11. A core file is generated. PR1142719

  • In an EVPN scenario with static MAC configured in the EVPN instance, the remote EVPN instance can see the MAC route information. However, after deactivating and activating the static MAC in the EVPN instance, and then checking the MAC route information in the remote EVPN instance, no such MAC route is found in the EVPN route table. PR1193754

  • On MX Series routers with EVPN, the routing protocol process might crash when MAC moves between multihomed PE routers, resulting in traffic loss. PR1216144

  • An incorrect PE router is attached to an end system identifier (ESI) when the router receives two copies of the same AD/ESI route (for example, one through eBGP and another one received from an iBGP neighbor). This issue causes a partial traffic black hole and stale MAC entries. You can confirm the issue by checking the members of the ESI: user@router> show evpn instance extensive ... Number of ethernet segments: 5 ESI: 00:13:78:00:00:00:00:00:00:01 Status: Resolved Number of remote PEs connected: 3 Remote PE MAC label Aliasing label Mode 87.233.39.102 0 0 all-active 87.233.39.1 200 0 all-active <<<< this PE is not part of the ESI 87.233.39.101 200 0 all-active. PR1231402

  • If a host is multihomed to a set of PE routers for redundancy, when the host's MAC or IP address is learned by one of these PE routers, all the PE routers that belong to this redundant set installs the /32 host route pointing to its local IRB interface in the tenant's IP routing instance table as long as its local multihoming ES interface connecting to this host is up. This is the optimized behavior that can be achieved with the statement routing-option forwarding-table chained-composite-next-hop ingress evpn on a QFX5110 platform unless this statement is a part of Junos OS default configuration. Otherwise, without enabling this configuration statement, if a PE router is attached, the multihomed ES learns this host's MAC or IP address from the control plane through EVPN and the PE router installs the /32 host route pointing to the remote PE router where it learns the host's MAC or IP address. For a PE router attached to the multihomed ES and learned this host's MAC or IP address locally through the data plane, the PE router always installs the /32 host route pointed to its local IRB interface. PR1321187

  • The issue is applicable to mac-in-mac private network-to-network (PNN) EVPN and does not affect any other scenario. When a provider backbone bridging (PBB) EVPN configuration is reloaded on MX Series routers, error logs are seen while deleting interfaces related to a backbone bridge component. These errors do not result in any functional issues. PR1323275

  • PBB EVPN cannot flood traffic towards a core layer. Traffic recovers by performing restart l2-learning. In addition to this, there is a limitation in PBB EVPN active/active (A/A) unicast traffic forwarding. If entropy in the traffic is not sufficient, then uneven load balancing causes a problem on MH peer A/A routers. This causes a drop for return traffic. These issues are applicable to mac-in-mac private network-to-network (PNN)-EVPN and does not affect any other scenario. PR1323503

  • When EVPN PE (RR) is configured as single home without ESI, EVPN BGP routes from the routing table "bgp.evpn.0" might leak into default EVPN routing table (__default_evpn__.evpn.0) causing label leak. Leak might lead to all label exhaustion and result in rpd generating a core file. PR1333944

  • When you filter an EVPN route using the show route evpn-ethernet-tag-id CLI command, it looks for routes in all routing tables including inet.0. The EVPN route will not be present in inet.0 and the non-EVPN route will not have the Ethernet tag, which might result in an rpd process crash. PR1337506

  • Bi-direction L2 traffic floods for around 5 seconds for streams from SH to MH, when clear mac table command is executed on MX Series router because MAC takes time to develop in the system. clear mac table is a disruptive command which deletes all dynamic MACs in the system. PR1360348

  • On a Junos OS platform running EVPN VXLAN and Junos OS Release 17.3 software, BD override RT (specified under protocols evpn vni-options vni <> on QFX and set routing-instances <> protocols evpn vni-options vni <> on MX Series routers) will be used for export alone. To use the same RT for import, configure the same under a vrf-import policy and attach it to the routing instance. PR1369043

  • Junos OS allows for auto derivation of per-VNI route targets for EVPN-VXLAN instances using the configuration set routing-instances <NAME> vrf-target auto. This configuration automatically creates a route target per VNI using a combination of the VNI and the device AS number. When an EBGP overlay is used, devices participating in the same EVPN is configured with different AS numbers, preventing the automatically derived route targets from matching for common VNIs. QFX Series devices allow an additional configuration ... vrf-target auto import-as <ASN> vni-list [<VNI> | <VNI-RANGE> | all] to specify the AS number to use for each VNI when generating the route target to overcome the different AS numbers on each devices. Currently this configuration is not supported on MX Series routers. PR1369575

  • Gratuitous ARP request did not update ARP table when ARP proxy is enabled. PR1371352

Forwarding and Sampling

  • When a policing filter is applied to an active LSP carrying traffic, the LSP resignals and drops traffic for approximately 2 seconds. It can take up to 30 seconds for the LSP to come up under the following conditions: (1) Creation of the policing filter and of the policing filter application to the LSP through the configuration occurs in the same commit sequence. (2) Load override of a configuration file that has a policing filter and a policing filter application to the LSP is followed by a commit. PR1160669

  • When the statement system archival configuration transfer-on-commit is configured and the archival site is not reachable, the configuration files might be kept in the transient directory /var/transfer/config for retrying archival for 30 minutes. However, when the commit is more frequent within 30 minute, the commit rate is more than the file removal rate which leads to piling-up of files in /var/transfer/config directory. PR1257229

  • In some stress test conditions, the sampled process crashes and generates a core file when connecting to Layer 2 Bitstream Access and EVPN subscribers aggressively. PR1293237

  • Firewall filter is not applied as input filter to extended port when used for L2VPN. PR1311013

  • This issue affects unified ISSU only when filter lists are being used. Starting in Junos OS Release 15.1F5, 15.1F6, 16.1R1 or later to Junos OS Release 17.1R2, 17.1R3, 17.2R2, 17.2X75-D50, 17.3R1 or later an error might occur that prevents firewall configuration changes from being properly applied. To avoid this issue, the configuration must explicitly set the filter-list-template or no-filter-list-template flag before the unified ISSU is done. PR1345711

  • IPv6 neighbor points to a virtual tunnel endpoint (VTEP) interface even though the direct local interface to reach an IPv6 neighbor is up when a link part of the end system identifier (ESI) is flapped. PR1350250

General Routing

  • When hybrid timing mode is configured (Point to Point over Ethernet plus Synchronous Ethernet), MX Series routers do not interoperate with ACX Series in native VLAN mode. PR1076666

  • On chassis-based line cards, the FI: Protect: Parity error for CP freepool SRAM SRAM parity error might be seen. It is harmless and can be ignored. PR1079726

  • The Routing Engine CPU uses chassis temperature to decide fan speed instead of Routing Engine CPU temperature. This PR has been fixed to use the real Routing Engine CPU temperature to decide the temperature threshold. PR1230109

  • The following error messages occur during GRES and unified ISSU: syslog errors @ agentd_rts_async_rtbm_msg : FLM : Failed to create private. PR1232636

  • When the virtual switch type is changed from IRB type to regular bridge, interfaces under the OpenFlow protocol are removed. The OpenFlow process (daemon) fails to program any flows. PR1234141

  • After configuring PCEP following log seen pccd: [89798] Could not decode message from rpd. This might impact in growth of memory of pccd process over time, which can be cleared by restarting the process. PR1235692

  • Sometimes, when PPPoE subscribers log-in and log-out from Junos OS Release 16.1 and later, the following messages are generated: user@host> show log messages | match authd authd[5208]: sdb_app_access_line_entry_read_by_uifl: uifl key 'demux0.xxxxxxxx': snapshot failed (-7) authd[5208]: sdb_app_access_line_entry_read: uifl key 'demux0.xxxxxxxx': read failed. These messages indicate that the authd process for subscriber authentication is attempting to read private data for an underlying interface that no longer exists (-7 = SDB_DATA_NOT_FOUND). These messages have no impact and can be safely ignored, where the authd process is asking the software database for a record that no longer exists. PR1236211

  • On MX Series routers with the XM chipset (for example, MPC3E, MPC4E, MPC5E, MPC6E, MPC2E-NG, and MPC3E-NG), the MPC might reboot when the unified ISSU completes. PR1256145

  • The following cosmetic error is observed as the output: mspmand[190]: msvcs_session_send: Plugin id 3 not present in the svc chain for session. PR1258970

  • The guest network function (GNF) might restart MPC9 line cards during a Routing Engine switchover in a node virtualization setup at high scale with nonstop active routing (NSR) configured in rare scenarios. PR1259910

  • The issue occurs when an interface comes online and both the OAM protocol and the MKA protocol try to establish their respective sessions. Because of contention between these two protocols, OAM takes down the interface and MKA fails to establish connection (because the interface is down, it cannot send out MKA packets). PR1265352

  • On an MX Series Virtual Chassis system in a scaled subscriber management scenario, if a unified ISSU is performed while BGP sessions are active and such BGP sessions are clients of the Bidirectional Forwarding Detection (BFD) protocol, then these BGP sessions might go down and come back up again, causing traffic loss. PR1265407

  • The issue occurs when the Packet Forwarding Engine is oversubscribed with an unknown unicast flood with no MAC learning, which is not a common configuration. During unified ISSU, only the Packet Forwarding Engine gets wedged. However, this issue is not seen when the Packet Forwarding Engine is oversubscribed with L3 traffic or with L2 traffic with MAC learning. PR1265898

  • Currently, the broadband edge (BBE) advanced services is not supported on the node virtualization platform. Hence, mobiled is disabled on the node virtualization platform base system (BSYS) and guest network function (GNF) Routing Engines. For legacy purposes, BBE functionality needs to work properly on the node virtualization platform. Reboot is required when the BSYS Routing Engine is changed to standalone Routing Engine mode (normal) and vice versa. PR1266615

  • Dynamic end-point does not support Diffie-Hellman group 19, encryption algorithm aes-256-cbc and hash sha-384 in its list of default proposals. These must be configured explicitly in the configuration. PR1269160

  • Sometimes l2cpd core files are generated when LLDP neighbors are cleared. PR1270180

  • In a Layer 2 Bitstream Access scaling scenario, after bringing up about 12,000 subscribers, one or more FPCs reboot. PR1273353

  • Incorrect counters for output packets on child links ae0 interface when configured with the new feature revertive. PR1273983

  • When template-referesh-rate and option-refresh-rate are configured for inline J-Flow, and both the packets and seconds interval configuration options are set, the packets interval configuration does not work. PR1274206

  • Interfaces might flap on the 20x1GE SFP MIC when performing a unified ISSU from Junos OS Release 17.3R1. PR1276816

  • In a scaled setup, triggering a flap of the aggregated Ethernet interfaces using the commands set interfaces ae<x> disable and set interfaces ae<x> enable might result in error messages mqchip_disable_ostream() MQCHIP(2) timed out waiting for phy_stream 1025 queue empty on the AgentSmith platform. PR1279607

  • A vmhost snapshot is taken on an alternate disk. There is no further vmhost software image upgrade. The expectation is that on the current vmhost image getting corrupted, the system boots with an alternate disk. This allows the user to recover the primary disk to restore the state. However, if the corruption is with the host root file system, the node boots with the previous vmhost software instead of booting from the alternate disk. PR1281554

  • On an MX Series Virtual Chassis, while using a channelized configuration on MPC7, MPC8, and MPC9 MRATE PIC QSFP interfaces for VCP connections between members, a VCP interface needs to be configured on channel 0 of each QSFP to activate the port. PR1283283

  • Due to vendor code limitation, ungraceful removing of summit MACsec TIC from a chassis might cause a crash or an unpredictable result. PR1284040

  • This is in an internal change as syslog usage is deprecated. Applications have migrated to tracing for engineering debug messages or ERRMSG for customer useful or relevant messages. PR1284625

  • The Routing Engine gets stuck and boots from the other solid-state drive (SSD) after a vmhost reboot. PR1295219

  • When an optical carrier (OC) package upgrade is triggered when telemetry is going on, xmlproxyd might crash. It recovers automatically and xmlproxyd-related streaming restarts as the process comes up again. We recommend that you stop the streaming and then do the OC package upgrade. PR1295831

  • In some MX Series deployments running Junos OS, random syslog messages are observed for FPC cards. For example, you might see fpcx ppe_img_ucode_redistribute Failed to evict needed instr to GUMEM - xxx left. These messages are not an issue and might not have a service impact. These messages are addressed as INFO level messages. On a Junos OS Packet Forwarding Engine, there are dedicated UMEM and shared GUMEM memory blocks. This informational message indicates some evicting events between UMEN and GUMEN and can be safely ignored. PR1298161

  • Precision Time Protocol (PTP) slave is taking more than 1 hour to lock to master in a T-BC scenario. PR1298792

  • User configured packet hashing options for inet family under enhanced-hash-key might not take effect for FPCs in MX Series platforms. FPC might keep using default behavior for hash calculation for IPv4 packets. PR1302637

  • This type of crash indicates a simultaneous operation on an ephemeral instance. When a process wants to open an ephemeral configuration in merge view, some other activity (like purging, deletion , or recreation) is being carried out on this ephemeral instance. The occurrence of this core file is rare. PR1305424

  • The message LIBJNX_REPLICATE_RCP_ERROR is repeated multiple times in "SYSLOG" log files in the master Routing Engine, when the backup is not reachable. Though the message is marked as ERROR in the SYSLOG, The user need not take any action on this ERROR and this will not have any impact on the SYSTEM and can ignore it. PR1305660

  • Sensors belonging to the same producer (for example, BGP and MPLS coming from rpd) with the same reporting interval are not streamed in parallel but are streamed sequentially. An easy workaround is to use a different reporting rate for sensors that belong to the same producer. PR1315517

  • An alarm is raised if mixed AC PEMs are present. The criteria to check whether mixed AC is present has changed. If the PEM is AC(HIGH), then the first bit of pem_voltage is set. If the PEM is AC(LOW), then the second bit of pem_voltage is set. If both the first and second bit are set, then MIXED AC is present. PR1315577

  • If you make changes in traffic-load-balance instance services for one instance, it might lead to a refresh of existing instances. PR1318184

  • A configuration change for Packet Forwarding Engine sensors in the middle of a reap cycle might cause the Packet Forwarding Engine to crash because of the invalid data access. This is related to the length of time it takes to reap the sensors. PR1318677

  • Identical logs are generated and the severity of the logs are different between the two releases. The precise severity is observed in a later release. The reason to find a dissimilar severity in the earlier release is not identified. PR1318884

  • The routing protocol process (rpd) might crash if OpenConfig collector for BGP telemetry is running while BGP neighbor is being deleted because of a configuration change. PR1320900

  • The CLI command request vmhost halt routing-engine other does not achieve the intended action. PR1323546

  • The following logs repeat every 5 seconds in a chassisd log. fm_feacap_sys_feature_get:Attribute DB init not yet done, reading from pvid (id: 18) fm_feacap_sys_feature_get: Attribute key fabric.planes_per_board does not exists PR1328868

  • On a secure association key (SAK) rollover the SAK identifier displayed for the new key differs from the old key only in the last few bytes. There is no functional impact and there is no workaround. PR1332031

  • In an asymmetric cipher-suite configuration with aes256 and aes256-xpn on MACsec peer nodes, a MACsec Key Agreement (MKA) session comes up. PR1332156

  • FPC restarts and Virtual Chassis splits. The design of the MX Series Virtual Chassis infrastructure relies on the integrity of TCP connections. The reaction of the MX Series to failure situations might not be handled gracefully. If the tcp connection timeout because of jlock hog crossing boundary value (5 seconds) causing bad consequences in MX Series Virtual Chassis, then currently there are no other easy solutions to reduce this jlock hog besides enabling marker infrastructure in MX Series Virtual Chassis setup. Unfortunately, there is no immediate plan to enable a marker. PR1332765

  • With certificate hierarchy, where intermediate CA profiles are not present on the device, in some corner cases, the pkid might become busy and stop responding. PR1336733

  • On a next generation Routing Engine, after upgrading Junos vmhost, the AI-script gets uninstalled. You need to re-install these scripts. This is not the case on K2-RE. PR1337028

  • Circuits using QSFP28-100GBASE-LR4 might find that a link does not recover after going down. Light levels fluctuate across lanes and PCS errors increase. Additionally, "Rx loss of signal alarm" will be active despite acceptable Rx levels. PR1337327

  • Whenever the offline button in the Control Board is pressed for 4+ seconds, the CLI shows that the Control Board is online. There is no impact to the system other than displaying the Control Board. > show chassis environment cb Feb 09 12:43:43 CB 0 status: State Online Master CB 0 Exhaust Temp Sensor 41 degrees C / 105 degrees F CB 0 Inlet Temp Sensor 35 degrees C / 95 degrees F CB 0 CPU DIE Temp Sensor 46 degrees C / 114 degrees F Power VDD1V5_PCH 1489 mV VDDIO 940 mV VDD3V3_PCH 3332 mV VDD2V5_AB 2489 mV VDD1V8_CLC 1803 mV VDD3V3 3292 mV VDD2V5_CD 2489 mV VDD1V2_CBC_GTX 1195 mV VDD1V8_GLS_GTX 1803 mV VDD1V2_CBC 1195 mV VDD1V8_GLS 1783 mV BIAS3V3_BP 4018 mV VDD1V2_GH 1199 mV VDD3V3_CBC 3300 mV VDD1V2_CD 1200 mV BIAS3V3 3340 mV VDD1V2_AB 1199 mV VDD5V0 5000 mV VDD1V05 1050 mV VDD1V05 1050 mV VCORE 1770 mV 12V 12285 mV 4806 mA 58923 mW CB 1 status: State Online Standby CB 1 Exhaust Temp Sensor 34 degrees C / 93 degrees F CB 1 Inlet Temp Sensor 32 degrees C / 89 degrees F CB 1 CPU DIE Temp Sensor 46 degrees C / 114 degrees F Power Disabled. PR1340431

  • The SNMP walk for the LLDP branch might fail (timeout) if lldpRemManAddrOID contains a problem value. For example: "6.15.43.6.1.4.1.143.91.5.25.41.1.2.1.1.1" > show snmp mib walk lldpRemManAddrEntry > ... > lldpRemManAddrOID.529150.512.5.1.4.10.255.10.3 = 6.15.43.6.1.4.1.143.91.5.25.41.1.2.1.1.1. PR1342741

  • On MX Series routers with a 100M SFP transceiver used on MIC-3D-20GE-SFP-E and MIC-3D-20GE-SFP-EH, the SFP transceiver might not work if it is third party. PR1344208

  • When community_action is specified with community_name in netconf for an insert after operation, a parse error in identifier attributes error might be seen and the insertion fails. PR1348082

  • On a next-generation Routing Engine, a failure of the hardware random number generator will leave the system in a state where not enough entropy is available to operate. PR1349373

  • System might take longer time to boot or kernel might panic, if booted during broadcast storm on the management port. PR1351977

  • IGMP or Multicast Listener Discovery (MLD) cannot be configured from the ephemeral database. PR1352499

  • The routing protocol process (rpd) could possibly end up stuck due to repeated failures to initialize the route record module. PR1353548

  • VRRP MAC filter is not seen in a Packet Forwarding Engine if aggregated Ethernet interfaces flap followed by a GRES is done; that is, before VRRP state settles down after the flap. During this time, VRRP state is backup in the master Routing Engine and VRRP state is idle in the backup Routing Engine. PR1353583

  • Combination of ADF and redirect filters applied to subscribers might cause a leak in the BBE filter index. PR1353672

  • vMX packet loss is seen when the active member link in an aggregated Ethernet bundle is down. PR1354363

  • On MX Series routers with an MVPN environment, the rpd generates a core file when adding a p2mp-related configuration if PIM and no-forwarding VRF instances are configured. PR1354629

  • If aggregated Ethernet is configured in link-protection backup-state down, the aggregated Ethernet operational state is down even when the member interfaces configured under the aggregated Ethernet are down. PR1354686

  • The jsscd static-subscribers do not properly update firewall information on Packet Forwarding Engine when dynamic configuration changes are made to active subscribers. PR1354774

  • The ipv4-flow-table-size is used to configure the size of the IPv4 flow table in units of 256,000 entries. However, in inline J-Flow scenario, if the statement ipv6-extended-attrib is configured, changing flow table configuration or clear the flow entries might lead to the condition that even the ipv4-flow-table-size has been changed to a number larger than 149, the maximum number of IPv4 flows still remains at 37372900. PR1355095

  • Configuring PPTP-ALG on MX Series routers service box might cause the MS-MPC PIC to crash. PR1356133

  • On an MX Series platform, if an SNMP trap is enabled, i2c messages from power entry module (PEM) or power supply module (PSM) might be seen. PR1356259

  • When a demux interface is brought over a static pseudowire underlying interface, then the applicable port is changed from tagged to untagged. A deletion and re-creation of the static pseudowire underlying interface is triggered. It was noticed that subscribers could not log back in after the configuration was changed. PR1356980

  • On enabling hidden configuration statement set chassis power-off-ports-on-no-master-re, MPC7E cards might crash during switchover with two or more iteration which is inconsistent. PR1358451

  • Unified ISSU from Junos OS Releases 17.4R1, 17.3R1 and 17.3R2 to 18.2R1 for MX Series platforms might cause FPCs to go offline during unified ISSU. In order to avoid the same, 2-step unified ISSU is recommended, Junos OS Releases 17.4R1, 17.3R1 or 17.3R2 to 18.1R1 is the first step and second step is from Junos Os Release 18.1R1 to Junos Os Release 18.2R1 PR1359282

  • The configurations of bridging routing instances having aggregate Ethernet IFLS(6400IFLs) and IRB instances, all from a single FPC, the CPU utilisation of the FPC stays at 100 percent for 4 minutes. The behavior from PFEMAN of FPC has the processing time spiked on IF IPCs and this seems to be the case of MPC7E from Junos OS Release 16.1R1 or prior releases. After 4 minutes, the CPU utilisation comes down and the FPC is normal. Therefore, this scale configuration on MPC7E takes settling time of more than 4 minutes. PR1359286

  • FRU-model-name are not displayed for few of the FRU's. PR1359300

  • CPS downgrade is observed on LAC because Routing Engine overdrives the FPCs processing capacity. PR1360786

  • Back up might panic and slip to db-prompt following a fail-over. Impact is contained since the prerequisites to foul router are not easily convened, but nevertheless it can happen. Some of the known scenarios involve are back to back GRES with specific configuration, commit and rollback the configuration. PR1362741

  • FRU model for midplane is not displayed. PR1365303

  • There is a possibility of inter-vlan traffic drop when ESI value is changed. It is not common to change the ESI value in the running network. However, if ESI value is changed, it is known that for a while there will be a traffic disruption. In problem state, it might be a little longer (maximum arp/nd ageout) and might go unnoticed. PR1366094

  • On a unified ISSU to this release, there could be some impact to forwarding of packets of some destinations. PR1366811

  • The issue is seen under the following conditions: after performing a GRES, while restarting chassisd, and while rebooting the Routing Engine. Typically, the following benign error messages are observed on the backup Routing Engine when there are no Packet Forwarding Engine on the Routing Engine or when the Packet Forwarding Engine is rebooting.

    • 1431:Jun 26 10:45:31 alitalia1 kernel: rts_marker_request: ADD of MARKER with seqno 770 failed

    • 1432:Jun 26 10:45:31 alitalia1 kernel: rts_marker_request: ADD of MARKER with seqno 772 failedPR1369283

  • When FPC is booting up (either during a unified ISSU or router reboot or FPC restart), i2c timeout errors can be noticed. These errors are seen as i2c action is not completed as device was busy. Once card is up all the i2c transactions to the device occurred without interruptions. Hence, no periodic failure is observed. There is no functional impact and these errors can be ignored. PR1369382

  • In some configurations, a unified ISSU prepare time on MPC5E takes longer than usual. As a result, the chassisd triggers restart or crash of the MPC. The unified ISSU completes after the crash. PR1369635

  • Creation of symlink occur during boot up of the system. However, chassisd tries to recreate it everytime the chassis restarts. As symlink is already available, corresponding system-call returns the error. The log message is cosmetic and has no functional impact. PR1369853

  • Periodic monitoring of S.M.A.R.T attributes for mSATA SSD's in the PMB fails for MPC7 on MX Series routers. FPCs and NGCB fails on PTX5000. No alarm is generated if S.M.A.R.T attribute of the SSD reaches the threshold. There is no functional impact on the system because of this issue. PR1370157

  • Every L2BSA subscriber creates 2 interfaces, DVLAN and RTSOCK with the same subunit (same interface name). Initially, the CLI output for show interfaces extensive displayed the filter information on both the DVLAN and RTSOCK interfaces. Functionally, the filter information should only be displayed on DVLAN interface. PR1372527

  • The MS and AMS logical interfaces does not come up when you configure packages like url-filtering in chassis FPC hierarchy. Example: fpc 5 { pic 0 { adaptive-services { service-package { extension-provider { package jservices-urlf; } } }. The issue is that mounting the /var/db/* contents to the pic fails. This is because of nfs_mount time out and therefore services logical interfaces for url-filtering will not come up. PR1374976

High Availability (HA) and Resiliency

  • Virtual machine generates a core file on backup Routing Engine. Though it is not critical, it might impact NSR functionality. This can be hit in particular scenarios like back-to-back GRES with specific configuration, commit and rollback the configuration. This might not impact the production Routing Engine as there is a core file generated on backup. PR1269383

  • The error error: not enough space in /var on re1 is observed while doing a unified ISSU upgrade. As a workaround, make sure that space available in /var is twice the size of target image. This is the basic requirement for the unified ISSU to proceed. PR1354069

Infrastructure

  • The configuration statement set system ports console log-out-on-disconnect, logs the user out from the console and closes the console connection. If the configuration statement set system syslog console any warning is used with the earlier configuration and when there is no active telnet connection to the console, the process tries to open the console and hangs as it waits for a "serial connect" that is received only by doing a telnet to the console. As a workaround, remove the later configuration by using set system syslog console any warning, which solves the issue. PR1230657

  • The syslog messages are observed when one of the following CLI commands is executed: system syslog file messages kernel any or system syslogfile messages any any. These syslog messages do not indicate any functionality, breakage, or impact. If you need to enable anyany, then you need to skip these logs with an appropriate match condition. PR1239651

  • The issue is seen when the Openconfig package is installed. When the package is installed, the analytics of configuration goes to default ephemeral db, while all the daemons read the configuration through merge view. PR1296702

  • In rare incident, the MX Series routers might observed a crash after multicast traffic failover upstream AR Deactivate MPLS. PR1351611

  • When validating an older Junos OS Release, the set_flags function might not be available. This is harmless but results in noise, where unified ISSU cannot tolerate. A stub function avoids the issue. PR1366837

Interfaces and Chassis

  • Junos OS now checks logical interfaces information under the aggregated Ethernet interface and prints only if it is part of it. PR1114110

  • During the configuration change and reuse of the VIP address on an interface, stop the configuration do a commit and thenadd the interface address configuration in the next commit. PR1191371

  • In a VPLS multihoming scenario, the CFM packets are forwarded over the standby PE device link, resulting in duplicate packets or a loop between the active and standby link. PR1253542

  • On using LSQ interface when sending a traffic with over subscription, out of sequence packets are seen. PR1258258

  • In Junos OS Release 14.2R5 and later maintenance releases and in Junos OS Release 16.1 and later mainline releases with a connectivity fault management (CFM) configuration a cfmd crash might occur after an upgrade. This issue is because of the old version of /var/db/cfm.db. PR1281073

  • In a subscriber management scenario with demux configured, in the case where subscribers belonging to one aggregated Ethernet interface are migrated to a new configured aggregated Ethernet interface, subscribers might fail to access the device after deleting the old aggregated Ethernet configuration. PR1322678

  • The Error message ppman_cfm_start_inline_adj: Failed to add Inline adj for CFM, pkt-len=0 is observed in some cases. But there is no functional impact. Sessions and adjacency might get programmed inline subsequently. PR1358236

  • CLI allows to configure more than 2048 sub-interfaces on lag interface from Junos OS Release 17.2R1 and this is not expected. PR1361689

  • When a router is rebooted or when a router is loaded with interface, service and OAM MIP configuration in a single shot with MIP on CCC interface, LTM messages are not forwarded by the PE device that generates a core file (peer PE) when originated from CE side. PR1369085

  • On MX Series routers, syslog errors vrrpman_ifcm_send_message: Send to IFCM failed are observed after rebooting MX480 router with Junos OS Release 17.3R3.7 image. PR1373920

Layer 2 Ethernet Services

  • This issue occurs when running LACP between Juniper Networks and Cisco devices with different timers (Juniper Networks fast and Cisco slow) on both sides. The Cisco side it takes almost 90 seconds to bring the interface down from the bundle. When one interface is removed from the LAG on the Juniper Networks side, the lead on the Cisco side needs to time out to bring the interface down from the bundle. This results in unexpected outage behavior on the network. PR1169358

  • After changing the underlying physical interface (IFD) for a static VLAN demux interface, the NAS-Port-ID formed is based on the previous physical interface. PR1255377

  • The internal change as syslog usage is deprecated, there might be a customer impact because of the syslog usage in automation. Applications have migrated to tracing for engineering debug messages or ERRMSG for customer useful/relevant messages. The customer is advised to migrate to new ERRMSG definitions as appropriate. PR1284592

  • Whenever an MC-aggregated Ethernet interface is deactivated or activated on an MC-LAG node, once the MC-aggregated Ethernet interfaces are back up, the system clears neighbor discovery entries on the ICL. This action triggers a neighbor discovery solicit and thereby neighbor discovery entries are learned on the MC-aggregated Ethernet interface. As a workaround, clear neighbor discovery entries on the ICL whenever MC-aggregated Ethernet interfaces have been deactivated or activated on MC-LAG nodes. PR1294958

  • In a scaled subscriber management log in and log out scenario, some dhcpv6 subscribers might fail to bind. It is observed that for these dhcpv6 subscribers, the underlying IPv6 ncp subscriber negotiation has failed. PR1357998

  • When adding an interface to an aggregate bundle, there is a chance forwarding through the bundle might be affected for an extended period of time, sufficient for an LDP or BGP session to go down. PR1373564

Layer 2 Features

  • This issue is for router equipped with following line cards: T4000-FPC5-3D, MX-MPC3E-3D, MPC5E-40G10G, MPC5EQ-40G10G, MPC6E, and MX2K-MPC6E. If the router is working as a VPLS PE device, because of MAC aging every 5 minutes, the VPLS unicast traffic is flooded as unknown unicast every 5 minutes. PR1148971

  • After an LDP signaling flap, an LDP-VPLS pseudowire might remain stuck in NP state instead of coming up because of the control word negotiation. This problem could happen if the local device is configured to prefer control word while the remote device does not support control word. When the pseudowire attempts to reestablish, control word negotiation normally selects the required mode to ensure compatibility between the local and remote devices. In unusual circumstances, the negotiation can deadlock resulting in the pseudowire remaining in NP state until the operator takes corrective action. PR1354784

  • Backup router is not expected to have any MAC. But, once active router is rebooted and it is fully recovered, back router still has some MACs. PR1356726

  • In scaled scenario, 16000 routing instances with 128000 FEC128 LDP hierarchical virtual private LAN service (H-VPLS) during unified ISSU traffic loss might be seen. PR1338290

MPLS

  • MPLS point-to-multipoint(P2MP) LSP is composed of multiple source-to-leaf (S2L) sub-LSPs. Whenever one sub-LSP is in down state, the ingress router tries to re-signal all the sub-LSPs with a new LSP ID. While re-signaling this new P2MP LSP, if any PathErr is received from any newly signaled sub-LSP, then the ingress router tears down the whole P2MP LSP and reverts back to the older LSP. It causes the sub-LSP that remain down forever. PR861577

  • When using mpls traffic-engineering bgp-igp-both-ribs with LDP and RSVP both enabled, CSPF for interdomain RSVP LSPs cannot find the exit area border router (ABR) when there are two or more such ABRs. This causes the interdomain RSVP LSPs to break. RSVP LSPs within the same area are not affected. As a workaround, you can either run only RSVP on OSPF ABR or IS-IS L1/L2 routers and switch RSVP off on other OSPF area 0/IS-IS L2 routers, or avoid LDP completely and use only RSVP. PR1048560

  • The issue occurs when GRES is done between the master and backup Routing Engines with different memory capabilities. For example, one Routing Engine has only enough memory to run routing protocol process (rpd) in 32-bit mode while the other is capable of 64-bit mode. The situation might be caused by using Junos OS Release 13.3 or later with the configuration statement auto-64-bit configured, or by using Junos OS Release 15.1 or later without the configuration statement. Under these conditions, the rpd might crash on the new master Routing Engine. As a workaround, use the CLI command set system processes routing force-32-bit. PR1141728

  • When minimum-bandwidth and bandwidth commands are present in the configuration, the bandwidth selection of the LSP is inconsistent. PR1142443

  • In a CE-CE setup, traffic loss might be observed over a secondary LSP on a primary failover. PR1240892

  • Because of the current way of calculating bandwidth, you see a minimal discrepancy between MPLS statistics and adjusted bandwidth reported. The algorithm is enhanced so that both values match 100 percent. PR1259500

  • With nonstop active routing (NSR), when a routing protocol process (rpd) restarts on the master Routing Engine, rpd might also restart on the backup Routing Engine. PR1282369

  • In case of CSPF disabled LSPs, if the primary path ERO is changed to unreachable strict hop, sometimes the primary path stays up with the old ERO. The LSP does not switch to standby secondary. PR1284138

  • If there are some LSPs for which a router has link protection available and when primary link failure is caused by an FPC restart, a core file might be generated. PR1317536

  • If an inet address is not configured for the gr-interface, the gr-interface borrows address from loopback interface. From Junos OS Release 16.1R1, the RSVP creates a node-neighbor by default. There are duplicate neighbors with the same IP address since the gr-interface borrows address from loopback interface. The RSVP path lookup might fail because it gets confused with the node neighbor presence. So, the RSVP LSP might not come up when it goes through the gr-interface which is the borrowing address from the loopback interface. PR1340950

  • The LSP configuration cannot update its admin-group when the global admin-group (under MPLS ) is changed. Hence, LSP does not come up. PR1348208

  • Packets destined to the master Routing Engine might be dropped in the kernel because of excessive network traffic on the internal Ethernet interface. This excessive traffic results from a routing protocol process (rpd) requesting MPLS traffic statistics from all the online FPCs, when the jnxLdp* SNMP MIBs are queried. PR1359956

Platform and Infrastructure

  • When using the show | compare method to commit, part of configuration might be treated as noise and return a syntax error. PR1042512

  • In configurations with IRB interfaces, during times of interface deletion (for example, FPC reboot), the Packet Forwarding Engine might log errors stating nh_ucast_change:291Referenced l2ifl not found. This condition should be transient, with the system reconverging on the expected state. PR1054798

  • When certain hardware transient failures occur on an MQ chip-based MPC, traffic might be dropped on the MPC, and syslog errors Link sanity checks and Cell underflow are reported. There is no major alarm or self-healing mechanism for this condition. PR1265548

  • This issue occurs when 120 bridge domains (among a total of 1000 bridge domains) have XE or GE links toward the downstream switch and LAG bundles as uplinks toward upstream routers. The XE or GE link is part of the physical loop in the topology. Spanning tree protocols such as VSTP, RSTP, and MSTP are used for loop avoidance. Some MAC addresses are not learned on DUT when LAG bundles that are part of such bridge domains are flapped and other events such as spanning tree root bridge changes occur. PR1275544

  • With unified ISSU, a momentary traffic loss is expected. In EVPN E-Tree, in addition to traffic loss, the known unicast frames might be flooded for around 30 seconds during a unified ISSU before all forwarding states are restored. This issue does not affect BUM traffic. As a workaround, nonstop bridging (NSB) can be configured at [set protocols layer2-control nonstop-bridging]. This reduces traffic flood to around 10 seconds in a moderate setup. PR1275621

  • Due to a transient hardware error condition the CPQ Sram parity error and CPQ RLDRAM double bit ECC error syslog errors on the MQ chip raise a major CM alarm. PR1276132

  • The prefix apply-path is not inherited under a policy after a commit. PR1286987

  • Every load override increases the reference count by 1. After it reaches the maximum value (65,535), the mgd crashes and the session is killed. There is no impact for a new session. PR1313158

  • This system limitation is due to high system load and aggressive IS-IS hello timer. As a workaround, increase the hello timer so the adjacent interface does not flap. PR1314650

  • On an EVPN VXLAN enabled MX Series router, if the underlying interface for the VXLAN tunnel is a LACP enabled aggregated Ethernet interface with multiple members, and one of the member is flapped. There might be momentary IPv4 or IPv6 inter-vni traffic loss. PR1326572

  • Traffic statistics might not match on PS after clearing interface statistics. PR1328252

  • In EVPN E-tree, traffic loss is seen on deactivating a CE-facing interface both with NSR enabled and in a normal scenario. CE interface, which is a leaf interface, is deleted completely and added back to restore the same old state logical interface being part of the same EVPN. The leaf-to-leaf traffic might not get blocked. PR1330134

  • While downgrading a Junos OS platform from a later release to Junos OS Release 17.3R2, the box goes into amnesiac state. This issue is not seen when upgrading from Junos OS Release 17.3R2. PR1341650

  • MPC5-inline-ka PPP echo requests are not transmitted when anchor point is lt-x/2/x or lt-x/3/x in a pseudowire deployment. PR1345727

  • MGD memory usage shown as increased by about 450 MB when run DT CST test over weekend (>72 hours). PR1352504

  • It is expected to see a few transient FI Cell underflow errors during a unified ISSU as long as they do not persist. PR1353904

  • In a Layer 3 VPN topology, traceroute to a remote PE device for a CE-facing network see the ICMP TTL expired reply with a source address of only one of the many CE-facing networks. In Junos OS Release 15.1R5, 16.1R3, 16.2R1 and later, there is a kernel sysctl value, icmp.traceroute_l3vpn. Setting this to 1 will change the behavior to selected an address based on destination specified in the traceroute command. PR1358376

  • On MX Series routers running Junos OS Release 17.3R3, moving from baseline configuration to EVPN scaled (4000 VLANs) configuration with multihoming, the newly elected designated forwarder might take up to 90 seconds to resume forwarding BUM traffic. The time required for convergence is proportional to the scale used, so a lower scale incurs a smaller dark window. Workaround for faster convergence with high scale, distributing the configuration across several FPCs can potentially bring down the BUM traffic drop from 90 seconds to a significantly lower value. PR1362934

  • Qmon Sensors are not working when hyper-mode is enabled. PR1365990

Routing Protocols

  • When you configure damping globally and use the import policy to prevent damping for specific routes, and a peer sends a new route that has the local interface address as the next hop, the route is added to the routing table with default damping parameters, even though the import policy has a non-default setting. As a result, damping settings do not change appropriately when the route attributes change. PR51975

  • Continuous soft core files might be generated due to a bgp-path-selection code. The routing protocol process (rpd) forks a child and the child asserts to produce a core file. The problem is with route ordering and it is auto-corrected after collecting the soft-assert-core file, without any impact to the traffic or service. PR815146

  • On MX Series routers, when an instance type is changed from VPLS to EVPN, and in the same commit an interface is added to the EVPN instance, the newly added EVPN interface might not be able to come up. PR1016797

  • The rpd might crash when running rpd for a long time (such as two years without a restart). PR1092009

  • With Shared Risk Link Group (SRLG) enabled under corner conditions, after executing the command clear isis database, the rpd might crash because the IS-IS database tree gets corrupted. PR1152940

  • The VRF-related routes, which are leaked to the global inet.0 table and advertised by the access routers are not being advertised to global inet.0 table on the core layer. PR1200883

  • JTASK_SCHED_SLIP for rpd might be seen on restarting routing or disabling OSPF protocol with scaled BGP routes in an MX104 router. PR1203979

  • In Junos OS Release 16.1R5 and later, the routing protocol process (rpd) generates core files in the ASBR when BGP is deactivated in the ASBR before all stale labels have been cleaned up. Junos OS Release 16.1R6, 16.1R5_S(X+1 SR if any and later, the issue will be analyzed, fixed, and soaked for these releases. PR1233893

  • Certain BGP traceoption flags (for example, "open", "update", and "keepalive") might result in (trace) logging of debugging messages that do not fall within the specified traceoption category, which results in some unwanted BGP debug messages being logged to the BGP traceoption file. PR1252294

  • LDP and OSPF are in sync state because it is observed that "IGP interface down" with ldp-synchronization is enabled for OSPF. user@host> show ospf interface ae100.0 extensive Interface State Area DR ID BDR ID Nbrs ae100.0 PtToPt 0.0.0.0 0.0.0.0 0.0.0.0 1 Type: P2P, Address: 10.0.60.93, Mask: 255.255.255.252, MTU: 9100, Cost: 1050 Adj count: 1 Hello: 10, Dead: 40, ReXmit: 2, Not Stub Auth type: MD5, Active key ID: 1, Start time: 1970 Jan 1 00:00:00 UTC Protection type: None Topology default (ID 0) -> Cost: 1050 LDP sync state: in sync, for: 00:04:03, reason: IGP interface down config holdtime: infinity. As per the current analysis, "IGP interface down" is the reason because although LDP notified OSPF that LDP synchronization was achieved, OSPF was not able to take note of the LDP synchronization notification. This occurred because the OSPF neighbor was not up yet. The issue is under investigation. PR1256434

  • When switchover and zeroize are done in quick succession, "zeroize" deletes the databases. If dfwd is going to start SIHUP processing after the zeroize, it generates a core file as a database is not present. Zeroize should be done when the system is in stable state; that is, signups processing by daemons is completed. PR1262385

  • Performance degradation occurs during computation of LFA and RLFAs. This issue does not impact functionality. PR1264564

  • When generating SNMP traps or notifications for BGP events from the jnxBgpM2 MIB, Junos OS was not properly emitting OBJECTS of type InetAddress with the expected length field. This causes compliant SNMP tools to be able to parse the contents of those OBJECTS properly. In particular, the length field for the InetAddress OBJECT-TYPE was omitted. Using the set protocols bgp snmp-options emit-inet-address-length-in-oid command causes these OBJECTS to be emitted in a compliant fashion. Given the length of time that this error has been in place, it was decided to leave the existing non-compliant behavior in place to avoid breaking tools that had accommodated the existing behavior as the default. PR1265504

  • BGP monitoring output no longer sends withdrawals when station peer monitoring is disabled. The BMP session would send both peer down events as well as route withdrawals when a peer monitoring was disabled through a configuration event. After that commit, only the peer down events are sent. PR1265783

  • When route-distinguisher-id is configured and a VRF with a route distinguisher is automatically assigned with the auto-rdfeature configured, the MX Series BNG allows commit followed by rpd process crash. PR1278582

  • Two multicast tunnel (mt) interfaces are seen for each of the PIM neighbors after VPN-Tunnel-Source activation or deactivation. However, ideally, the same tunnel source should be used for both IPv4 and IPv6 address families if both are using the same PIM tunnel. PR1281481

  • This is in an internal change as syslog usage is deprecated, however, there might be customer impact because of syslog usage in automation. Applications have migrated to tracing for engineering debug messages or ERRMSG for customer useful or relevant messages. The customer is advised to migrate to new ERRMSG definitions as appropriate. PR1284621

  • When eBGP multihop sessions exchanging EVPN routes are configured, a core file might be generated as a result because of an internal error. PR1304639

  • An MX104 is connected to an SRX1500. IS-IS is running between these devices and BFD has been configured between the IS-IS peers. Unfortunately, BFD is not coming up between these devices successfully. PR1312298

  • In Resource Public Key Infrastructure (RPKI) scenario, the validation replication database might have much more entries than the validation database after restarting RPKI cache server and the validation session is reestablished. PR1325037

  • When route target filtering (RTF) is configured for Virtual Private Network (VPN) routes and multiple BGP sessions flap, there is a slight chance that some of the peers might not receive the VPN routes after the flapped sessions come up. PR1325481

  • When a clear validation database was issued back to back multiple times, it ends up with partial validation database (some validation entries were missing). This eventually is recovered after up to 30 minutes (half of the record lifetime) when we did periodical full updates. PR1326256

  • When configuring anycast and prefix segments in SPRING for IS-IS, prefix-segment index 0 is not supported, even though the user is allowed to configure 0 as an index. PR1340091

  • Different AIGP values are observed on executing the CLI commands show route receive-protocol bgp and show route detail outputs. PR1342139

  • During a unified ISSU at MX Series Virtual Chassis, the MX-VC side might clear the TCP connection causing BGP peerings to flap. PR1368805

Services Applications

  • Session counters for cleartext traffic are not updated after decryption. Decrypted packet count can, however, be obtained by running the following command show security group-vpn member ipsec statistics. PR1068094

  • We do not recommend configuring ms- interface when the AMS bundle in one-to-one mode has the same member interface. PR1209660

Subscriber Access Management

  • In a PPPoE subscriber scenario with a large number of subscribers (for example, 3000), during operation of log in and log out, some subscribers might be stuck in an error state of Terminated. This issue impacts the traffic for these error subscribers. PR1262219

  • Multiple RADIUS servers having different dynamic request port is not supported. However, due to missing configuration constrain checks, customers might end up in a configuration where different dynamic request ports are configured for different RADIUS servers. Currently Junos OS reads dynamic-request-port configuration for the first RADIUS server and ignores the rest. In the event no dynamic-request-port is configured, it defaults to port 3799. PR1330802

User Interface and Configuration

  • CLI session might die while issuing command show configuration | compare rollback 1. This happens when persist-groups-inheritance is enabled in the system. PR1331716

VPNs

  • In a multicast VPN based with BGP (next-generation MVPN) scenario with only an SPT mode configuration, under certain conditions the PIM register-stop packet might be sent before the Source Tree Join (Type-7) packet, which might cause some multicast packets to drop. PR1238916

  • Based on code analysis, in a scale scenario it is possible that a protocol on a master Routing Engine might have allocated as released a label. The backup Routing Engine might have allocated the label but is still in process of the removal of the label. Prior to this, if the master Routing Engine allocates the same label to some other protocol synchronizes to the backup, it might not be able to allocate the label. In such scenario, MVPN does not handle a label allocation failure on the backup, which leads to the current problem. This is not easily reproduced and hence cannot be confirmed. A possible workaround is to give sufficient time for the backup to properly remove all labels after deactivate instance and then reactivate instance. It is possible it can happen on rpd restart on the master, in which case rpd backup should also be restarted. In the event it has happened, the back up would restart and come backup and be synchronized with the master. Forwarding on the master would not be affected. PR1258882

  • The L2 circuit or the CE facing interface might flap repeatedly and cause the packets to drop if the configuration asynchronous-notification is configured on the PE device. PR1282875

  • When switching from Layer 2 circuit to EVPNs VPWS, deactivate and activate the instance. PR1312043

  • With NSR enabled and a Layer 2 circuit configured, an rpd crash might be observed on the backup Routing Engine when you change the Layer 2 circuit virtual-circuit-id and then commit the changes. PR1345949

  • Core file generated is seen on backup Routing Engine on label allocation, restarting routing on master when NSR is enabled. PR1351425

Resolved Issues

This section lists the issues fixed in the Junos OS main release and the maintenance releases.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 17.3R3

Application Layer Gateways (ALGs)

  • IKEv2 negotiation might fail with IKE ESP ALG enabled in IKEv2 redirection scenario. PR1329611

Class of Service (CoS)

  • CoS wildcard configuration is applied incorrectly after router restart. PR1325708

  • Remove CoS IDL from the jet IDL package and update the documentation for the same. PR1347175

  • The Routing Engine might get into amnesiac mode after restarting if excess-bandwidth-share is configured. PR1348698

  • CoS traffic control profiles fail to apply on an aggregated Ethernet interface in a specific condition. PR1355498

EVPN

  • EVPN traffic mapping to specific LSPs does not work. PR1281415

  • Local preference for EVPN type-5 route might cause unexpected results if BGP multipaths are configured. PR1292234

  • BGP route refresh request might not be sent after modifying the route-target. PR1300332

  • The traffic might be dropped after receiving an updated ARP route update packet from peer Layer 3 gateway in EVPN and VxLAN scenario. PR1306024

  • The rpd might crash after restarting the rpd process in EVPN environment. PR1320408

  • Discard EVPN route is installed on local PE device after connection flaps on a remote PE in a multihome EVPN topology. PR1321125

  • If host is multihomed then all PE devices should install the /32 host IP address pointing to its local IRB interface as long as its local multihomed ES interface is up. PR1321187

  • FPC might crash while deleting VPLS configuration. PR1324830

  • Core link flap might result in an inconsistent global MAC count. PR1328956

  • On deactivated ESI for PS at physical interface level, encountered routing protocol process generates a core file for EVPN VPWS PWHT. PR1332652

  • On doing a restart routing, the routing protocol process (rpd) generates a core file in provider edge (PE) router that has EVPN-VXLAN configuration. PR1333331

  • The rpd process might crash on the new master in an EVPN-VXLAN deployment after performing a GRES. PR1333754

  • The routing protocol process (rpd) crash and generates a core file on backup Routing Engine while any configuration changes on master Routing Engine. PR1336881

  • In EVPN and VXLAN environment, BFD flap cause VTEP flap and crashes Packet Forwarding Engine. PR1339084

  • Traffic loss might be observed in EVPN VPWS scenario if the remote PE devices interface comes down. PR1339217

  • The traffic might get dropped as the core is down PR1343515

  • The rpd might crash if the IRB interface and routing instance are deleted together when committed. PR1345519

  • Traffic might be lost on layer2 and layer3 spine node in multi-home EVPN scenario. PR1355165

Forwarding and Sampling

  • The mib2d process might crash during SNMP walk on committing or rollbacking. PR1286448

  • Observing pfed core file in pfed_process_session_state_notification_msg, pfed_timer_manager_c::remove_serv_id, pfed_delete_timer_id_by_serv_sid (serv_sid=0, serv_info=0x0) at ../../../../../../src/junos/usr.sbin/pfed/pfed_timer.cc:16. PR1296969

  • Remote CE1 MAC address might take long time to clear post MAC. PR1304866

  • Dfwd might crash during execution of show firewall templates-in-use command. PR1305284

  • The second archive site in the accounting-file configuration is not used when the first one uses SFTP and is not reachable. PR1311749

  • The FPC CPU might reach 100 percent constantly if shared bandwidth policer is configured. PR1320349

  • The error messages about dfw_gencfg_handler might be seen during unified ISSU. PR1323795

  • EVPN VXLAN IPv6 neighbor points to vtep interface even though the direct local interface to reach IPv6 neighbor is up. PR1350250

  • Some firewall filter counters might not be created in SNMP. PR1335828

  • The error logical interfaces under VPLS might be blocked after MAC moving if the logical interfaces are on the same physical interface. PR1335880

  • The commands clear ethernet table, clear bridge table, clear evpn table in evpn, and vxlan instance has issues. PR1341328

  • Commit failed when attempting to delete any demux0 unit numbers which are greater or equal to 1000000000. PR1348587

  • The remote MAC might not be added in forwarding table which causes traffic drop in EVPN scenario with RSVP and CBF configured. PR1353555

  • Packet Forwarding Engine process (pfed) creates dummy interface accounting records on the backup Routing Engine. PR1361403

General Routing

  • Memory leak on L3vpn configuration commit for L3VPN scaling test. PR1115686

  • No warning is raised when the bridge family is configured with interface-mode trunk but without vlan-tagging or flexible-vlan-tagging. PR1154024

  • Unexpected MobileNext Gateway Activation license alarm when TDF gateway is configured. PR1162518

  • SNMP trap sent for "PEM Input failure" alarm is not generated when single input feed fails on MX960. PR1189641

  • The replacement PIC might bounce when PIC PB-4OC3-4OC12-SON-SFP (4x OC-12-3 SFP) is replaced with PB-4OC3-1OC12-SON2-SFP (4x OC-3 1x OC-12 SFP) and committed. PR1190569

  • The agentd process crashes generating a core file. PR1197608

  • Unable to deregister sub error (131072) for error (0x1b0001) for module MIC. error messages seen on MPC5E card. PR1221337

  • In Junos OS multiple vulnerabilities in stunnel is observed. PR1226804

  • The error log cc_mic_irq_status: CC_MIC(5/2) irq_status(0x1d) does not match irq_mask(0x20), enable(0x20), latch(0x1d) is seen continuously for "MIC-3D-4OC3OC12-1OC48". PR1231084

  • False AC PEM failure(status bits: 0xff) alarm/SNMP trap seen with MX5, MX10, MX40, and MX80 router platforms. PR1231893

  • Tracking PR for enabling mobiled for MX Series Virtual Chassis environment. PR1241857

  • chassisd[9132]: LIBJSNMP_NS_LOG_NOTICE: NOTICE: netsnmp_ipc_client_connection: unix connection error: socket(-1) main_session(0x9812f80) error messages are seen after chassis-control restart. PR1243364

  • vMX FPC core file might be generated - panic (format_string=format_string@entry=0x9e509c4 "Thread %s attempted to %s with irq priority at %d\n"). PR1263117

  • The load-based throttling feature is not enabled by default. PR1271739

  • Error messages are observed on vty session while running script for IGMP snooping over EVPN-VXLAN. PR1276947

  • The rpd KRT asynchronous queue might stall, impacting synchronization between RIB and FIB. PR1277079

  • The syslog messages jnh_vbf_flow_get_oif_index: Rollback cmd not found for flow are generated by MPC during subscriber login. PR1278580

  • BSYS logs GNF owned pics do not support power off configuration at commit when no such configuration is present. PR1281604

  • The kernel might crash in a rare corner case. PR1282573

  • The enhancement of reporting total SBE errors when the corrected singlebit errors threshold of 32 is exceeded for MPC7E, MPC8E, and MPC9E. PR1285315

  • The oneset and leaf-list configuration might not get deleted with delete operation through JSON. PR1287342

  • In an EVPN or VXLAN, inter-vrf traffic blackhole occurs after routing is restarted repeatedly on redundant gateways. PR1289091

  • The routing protocol process (rpd) might generate a core file while restarting the process. PR1291110

  • Restart chassisd results in FPC restarting multiple times with GRES enabled. PR1293314

  • During PPPoE subscriber login errors like [ vbf_flow_src_lookup_enabled ] and [ failed to find iff structure, ifl ] were seen on FPC. PR1294710

  • TACACS remote user is unable to run JET applications because of a bad stored heap. PR1296237

  • Shmlog does not work on MX5, MX10, MX40 except MX80 product model. PR1297818

  • Some random number of ports on MPC7E-10G card might not come up after the remote system and line card restarts or interface flap. PR1298115

  • The log message about shutdown time is incorrect when system exceeds chassis over temperature limit. PR1298414

  • The error messages about PEM might be seen in MX Serie splatform with AC PEM. PR1299284

  • The rpd might crash when NSR is enabled and routing instance specific configurations are committed. PR1301986

  • The log message jam_cache_get.636 ERR:entity 0x997 not found, get cache failed is continuously seen in jam_chassisd log-file. PR1302975

  • The multicast resolve-rate value might go back to default after system upgrade or reboot. PR1303134

  • The kernel log GENCFG messages with severity 1 (alert) might be seen. PR1303637

  • The fabric planes might go into "check" state after restarting the line cards with SFB2 used on MX2010 and MX2020 platform. PR1304095

  • The CLI start shell pfe network fpc command do not work on MX960. PR1306236

  • FPC syslog errors with pfeman_inline_ka_steering_gencfg_handler: nh not found could mean that steering rules are not installed correctly. PR1308884

  • Subscribers might not be able to access the device if dynamic VLAN is used. PR1309770

  • After unified ISSU, 90 percent subscribers might downgrade from Junos OS Release 16.1 to Junos OS Release 17.3. PR1309983

  • Utilization of commit check just after setting a master password might trigger improper decoding of configuration secrets. PR1310764

  • After BSYS reboot, rpd is unresponsive sometimes on one GNFs. PR1310765

  • The incorrect error number might be reported for syslog messages with a prefix of %DAEMON-3-RPD_KRT_Q_RETRIES. PR1310812

  • Fragmented UDP packet might be incorrectly parsed as uBFD packet and dropped. PR1311134

  • The routing protocol process (rpd) core file is generated when multiple session flap on scale setup. PR1312169

  • PEM alarms and I2C failures are observed on MX240, MX480, and MX960 Series. PR1312336

  • False over temperature SNMP trap could be seen when using MPC5, MPC6, MPC7, MPC8, and MPC9 on MX2020. PR1313391

  • IPv6 router-solicit (RS) packets are dropped in non-default RI, for default RI it is working. PR1313722

  • The CLI command show version detail gives severity error log traffic-dird[20126]: main: swversion pkg: 'traffic-dird' name: 'traffic-dird' ret: 0. PR1313866

  • The mspmand process generates a core file because of the flow-control seen while clearing CGNAT+SFW sessions. PR1314070

  • The MPC7E- IR-mode configuration statement commit failure. PR1314755

  • The L2TP LAC might drop packets that have incorrect payload length while sending packets to the LNS. PR1315009

  • Continuous logs from vhclient for all the commands are executed. PR1315128

  • The RIB and FIB might get out of synchronization because the KRT asynchronous queue might get stuck. PR1315212

  • FPC crash is observed when a route has unilist next hops in RSVP scenario. PR1315228

  • The CLI command show version detail gives severity error log mobiled: main Neither BNG LIC nor JMOBILE package is present,exit mobiled. PR1315430

  • The output from show configuration <> | display json might not be properly enclosed in double quotes. PR1317223

  • Linux-based micro-kernel might panic because of the concurrent update on mutable objects. PR1317961

  • CoA shaping rate is not applied successfully after ISSU while doing ISSU from Junos OS Release 15.1R6.7 to 16.1R6.2. PR1318319

  • The daemon bbe-smgd might crash after performing GRES PR1318528

  • FPC crashes on configuration change for Packet Forwarding Engine sensors. PR1318677

  • The MPC with specific failure hardware might impact other MPCs in the same chassis. PR1319560

  • Kernel might generate a core file if a configuration is using more than 256 routing instances. PR1319781

  • The task replication might not be complete to certain network protocols after multiple GRES. PR1319784

  • Loading xmlproxy YANG files cause telemetry session and some daemons to restart. PR1320211

  • Chassis MIB SNMP OIDs for VC-B member chassis are not available after MX Series Virtual Chassis unified ISSU. PR1320370

  • The CLI show subscriber summary command displays incorrect terminated subscriber count. PR1320717

  • PPP inline keepalive does not work fine as expected when CPE aborts the subscriber session. PR1320880

  • MX Series routers sends the IPv6 router advertisements and the DHCPv6 advertisements before sending IPCPv6 ACK from CPE. PR1321064

  • MX Series Virtual Chassis CoS is not applied to Packet Forwarding Engine when VCP link is added. PR1321184

  • The bbe-smgd process generates a core file after massive clients logout and login in PPPoE dual stack subscriber scenario. PR1321468

  • There is CoA-NAK with "Error-Cause = Invalid-Request" sent back to RADIUS server if applying drop policy under RADIUS-flow-tap in L2TP subscriber scenario. PR1321492

  • In commit fast-synchronize mode, the commit operation might get stuck after the commit check is performed. PR1322431

  • The rpd might crash when two next hops are installed with the same next hop index. PR1322535

  • The rpd might crash when OpenConfig package is upgraded with JTI streaming data in the background. PR1322553

  • [SIRT] Junos OS: MPC7E/8E/9E, PTX5K-FPC3 (FPC-P1, FPC-P2), PTX3K-FPC3 and PTX1K: Line card may crash upon receipt of specific MPLS packet (CVE-2018-0030). PR1323069

  • The CLI command request vmhost halt routing-engine other does not halt the backup Routing Engine. PR1323546

  • IS-IS fails to establish because of packets dropping on Packet Forwarding Engine. PR1325311

  • A few show commands were issued twice when request support information is executed. PR1327165

  • MS-MIC interface logical interfaces remain down after many iterations of offline or online. PR1322854

  • NCP Conf-Ack or Conf-Req packets might be dropped constantly from Cisco MLPPP client on Tomcat. PR1323265

  • CLI commands in show system subscriber-management route routing-instance <xxx> hierarchy show unexpected outputs. PR1323279

  • Memory leaks in MGD-API daemon during get API requests and error handling during set API request. PR1324321

  • Subscribers might fail to login after the interface is deactivated or activated. PR1324446

  • The memory leakage is seen in mosquitto-nossl daemon. PR1324531

  • The SNMP interface filter does not work when "interface-mib" is part of dynamic-profile. PR1324573

  • The VLAN re-write function might put incorrect VLAN-id when Ethernet OAM is configured on DPCE cards. PR1325070

  • SNMP values might not be increased monolithically. PR1325128

  • MPC cards might drop traffic under high temperature. PR1325271

  • The VLAN DEMUX interface does not respond the ARP request in subscriber scenario with MX Series after Junos OS Release 15.1 with subscriber management enabled. PR1326450

  • In MX Series BNG CoS service object is not deleted properly for TCP and scheduler. PR1326853

  • An incorrect output is observed while verifying the command show subscribers client-type vlan subscriber-state active logical-system default routing-instance default. PR1322907

  • Minor alarm LCM Peer Connection un-stable is observed on MX150 after the chassisd process startup or restart. PR1328119

  • The following logs repeat every 5 seconds in chassisd log: fm_feacap_sys_feature_get:Attribute DB init not yet done, reading from pvid (id: 18), fm_feacap_sys_feature_get: Attribute key fabric.planes_per_board does not exists. PR1328868

  • When an AMS bundle has a single MAMs added to it, the subinterfaces do not recover after the subinterface has been disabled. PR1329498

  • Host-Outbound traffic is not rewriting ieee-801.pbits for dynamic subscriber logical interface over PS interface. PR1329555

  • SNMP walks of interfaces related MIB objects are slower than expected in a scaled configurations. PR1329931

  • The statement show services nat mappings address-pooling-paired times out and fails. PR1330207

  • An rpd core file is generated on a new backup Routing Engine at task_quit,task_terminate_timer_callback,task_timer_dispatch,task_scheduler after disabling NSR+GRES. PR1330750

  • Too many supplies missing in lower or upper zone alarm flap (set/clear) every 20 seconds if a zone does not have minimum required PSMs. PR1330720

  • All packets might be dropped if one route is adverted by BGP which session is established through the subscriber interface. PR1330737

  • FPC wedge with fragmented packets on LSQ interface - PT1: Head and Tail out of synchronization. PR1330998

  • Chassis FPC temperature with non-nebs optics higher after software upgrade. PR1331186

  • The bbe-smgd process might crash after executing the command of clear ancp access-loop circuit-id <circuit-id>. PR1332096

  • The rpd core file generated might be seen in l2circuit or l2vpn environment. PR1332260

  • Inaccurate J-Flow records might be seen for output interface and next hop. PR1332666

  • On MX150 platform set chassis alarm management-ethernet link-down ignore not an ignoring alarm for FPC Mgt 0 interface. PR1332799

  • The dot1xd might crash if ports in multi-supplicant mode flap. PR1332957

  • The subinfo process might crash and it might cause the PPPOE subscribers to get disconnected. PR1333265

  • The MX Series routers might not be able to learn the global IPv6 neighbor address of its DHCPv6 subscriber client. PR1333392

  • JDID thrashes continuously and continuous log messages are observed in syslog. PR1333632

  • The l2ald process generates a core file on EVPN-VXLAN network. PR1333823

  • AA EVPN VXLAN high CPU on backup routing protocol process(rpd). PR1334235

  • Two subscribers cannot reach the online state at the same time if they have an identical frame-route attribute value. PR1334311

  • windsurf card went for "restart" post ISSU to Junos OS Release 18.2DCB in MX2010 box. PR1334612

  • The ffp crash might be seen when execute software upgrade (non-ISSU). PR1334745

  • The rpd crashes when performing the BGP configuration change. PR1334846

  • The UID limit is reached in large-scale subscriber scenario. PR1334886

  • When using show subscribers and FPC number has two digits, the interface and IPv6 address get connected together for DHCPv6 PD. PR1334904

  • MQSS errors and alarms might happen with interface going down. PR1334928

  • IPsec SA cfg name mismatch and cfg could not be pushed to PIC. PR1334966

  • Traffic drops on the MX Series LNS because of the software error or unknown family exception when traffic destined to or coming from MLPPP subscriber if routing-services configuration statement is present in the dynamic-profile used by this subscriber. PR1335276

  • On MX Series platforms, 3RU master LED glows on master and backup RCB, while performing the image upgrade on master with GRES/NSR enabled. PR1335514

  • The RIP route updates might be partially dropped when NSR is enabled. PR1335646

  • The MAC_STUCK might be seen on MS-MPC or MS-MIC. PR1335956

  • JET application might not respawn after a normal exiting. PR1336107

  • Subscriber might experience SDB DOWN event and drop the clients' connections when issuing show subscribers command. PR1336388

  • On MX2000 with SFB card installed, high amount of traffic volume on MPC7E, MPC8E or MPC9E might cause traffic drops with cell underflow messages. PR1336446

  • The hash value generated for 256-bit key length of AES-GCM-256 algorithm is incorrect. PR1336834

  • BBE-SMGD might core when doing CoS configure of ifl-set. PR1336852

  • Configuring lldp neighbour-port-info-display port-id does not take any effect. PR1336946

  • Error log message sdb_db_interface_remove: del ifl:si-<index> with licnese cnt non-zero on can be seen on LTS during subscriber logout. PR1337000

  • AI-script does not get auto re-install upon a Junos OS upgrade on next-generation Routing Engine. PR1337028

  • DDoS counters for OSPF might not increase. PR1339364

  • The MX10003 MPC off-line button is not effective. PR1340264

  • Very few of subscribers show incorrect accounting values in large-scale subscribers scenario. PR1340512

  • VRRP stuck in master on upgrade or cold boot. PR1341044

  • There might be a traffic loss on some subscriber sessions when more than 32K L2TP subscriber sessions are anchored in ASI interface. PR1341659

  • The reboot of Routing Engine might occur if PPPoE interface is configured over an aggregate Ethernet or RETH interface. PR1341968

  • With discard interfaces configured with IGMPv3, KRT queue get stuck while deleting multicast next hop (MCNH) with an error EPERM -- Jtree walk in progress. PR1342032

  • jnxContentsType does not display details related to fixed ports and normal TIC. PR1342285

  • SNMP walk might failed for LLDP related OIDs. PR1342741

  • The vFPC might get absent resulting in the total loss of traffic. PR1343170

  • Support required for show system resource-monitor subscribers-limit chassis extensive command in summit. PR1343853

  • The 100M SFP is not from Fiberxon or Avago and might not work on MIC-3D-20GE-SFP-E and MIC-3D-20GE-SFP-EH. PR1344208

  • MX Series router is sending IPv6 RA and the DHCPv6 advertisements before IPCPv6 Ack from CPE. PR1344472

  • Unable to route over RLT interface post upgrading from Junos OS Release 15.1 to Junos OS Release 17.3. PR1344503

  • On Junos OS Release 18.2, the ancpd process generates a core file at src/junos/usr.sbin/ancpd/ancpd_smgd.c:2299 in clearing ancp subscribers in a scaled scenario. PR1344805

  • The framed-route "0.0.0.0/0" will not be installed in MX Series platform with Junos OS enhanced subscriber management releases. PR1344988

  • In EVPN-VXLAN, ARP packet uses VRRP/virtual-gateway MAC in Ethernet header instead of IRB MAC address. PR1344990

  • CPCD process generates a core file because the converged services support for Routing Engine-based captive portal is used. PR1345096

  • On any product supporting dot1x, as part of authentication of a VOIP phone, its MAC address gets added in both voice and data VLANs. If traffic is received only on the voice VLAN, the MAC address gets aged-out from the data VLAN and due to this the session gets cleared. PR1345365

  • The routing protocol process (rpd) might if no-propagate-ttl configuration statement is set in a routing instance which has a specific route. PR1345477

  • MAC address of multiple interfaces are found to be duplicate. PR1345882

  • Routing Engine model changed from JNP10003-RE1 to RE-S-1600x8. PR1346054

  • New PPPoE users might fail to login. PR1346226

  • AC system error counter in show pppoe statistics is not working. PR1346231

  • VCCP-ADJDOWN detection is delayed on VC-Bm when deleting one vcp link on VC-Mm. PR1346328

  • Statistics daemon pfed might generate a core file on an upgrade between certain releases. PR1346925

  • twice-napt-44 sessions not synchronizing to backup SDG with stateful sync configured. PR1347086

  • IPv6 MAC resolve fails if the DHCPv6 client uses a non-EUI64 link-local address. PR1347173

  • Issue with handling the community_action ("add") in RPC call. PR1348082

  • The FPC might crash due to MIC error interrupt hogging. PR1348107

  • Packet loop is detected when vrf multipath is enabled with equal-external-internal configuration statement under L3VPN instance and install-nexthop is enabled in forwarding table export policy regarding that L3VPN route. PR1348175

  • Chassisd memory leak issue on MX10003 and MX204 platform and it would cause eventual Routing Engine switchover and crash. PR1348753

  • DHCPv6 Solicit dropped on L2TP LNS in MX Series Virtual Chassis when incoming interface is on VC-master and both anchor si-interface and VCP port on VC-backup on MPC2 NG or MPC2 NG. PR1348846

  • The dcd process might crash after any other smid related daemon crashes. PR1349154

  • A major alarm: "Major PEM 0 Input Failure" might be observed for DC PEM. PR1349179

  • The mspmand process might crash when executing show services nat deterministic-nat nat-port-block command. PR1349228

  • The pccd might crash after a delegated LSP is removed in PCEP scenario. PR1350240

  • Multicast traffic gets dropped as invalid policy ID exception. PR1350380

  • The MTU value for subscriber's interface might be programmed incorrectly if the configuration statement routing-services or protocol pim is configured in dynamic profile. PR1350535

  • The VCP port might not come back up after removing and adding it again. PR1350845

  • The subinfo process might crash when executing show subscribers address <> extensive for a DHCPv6 address. PR1350883

  • The pfed process consuming 80-90% CPU running subscriber management on PPC based routers. PR1351203

  • The high CPU usage of bbe-smgd process might be seen when L2BSA subscribers get stuck. PR1351696

  • After GRES, the BGP neighbors at master Routing Engine might reset and the BGP neighbors at backup Routing Engine take long time to establish. PR1351705

  • Bbe-smgd process (daemon) might restart in subscriber environment. PR1352546

  • The DHCP relay-reply packets are dropped in the DHCPv6 relay scenario. PR1352613

  • The offline MIC6-100G-CFP2 MIC through the CLI command might trigger FPC card to crash. PR1352921

  • The routing protocol process (rpd) permanently hogs CPU because of the logical system configuration commit. PR1353548

  • Flabels might get exhausted after multiple Routing Engine switchover. PR1354002

  • A syslog error dfw_bbe_filter_bind:1125 BBE Filter bind type 0x84 index 167806251 returned 1 might occurPR1354435

  • The rpd generates core files that is seen when adding an inter-region template in routing instances. PR1354629

  • Aggregated Ethernet operational state goes up even though some of the member interfaces configured under the aggregate Ethernet are down. PR1354686

  • The ifinfo process could crash in MX Series router BNG running L2BSA service. PR1354712

  • A memory leak found in agentd when running valgrind. PR1354922

  • The fabric chip failure alarms are observed in GRES scenario. PR1355463

  • The following syslog messages are seen: ui_client_connect_to_kmd_instance: KMD-SHOW connect to kmd-instance failed kmd-instance RE, fpc slot 0, pic slot 0. PR1355547

  • The rpd crashes when CLI show dynamic-tunnels database terse is executed when system have RSVP tunnels configured. PR1356254

  • I2c messages from PEM or PSM are reported if SNMP is enabled. PR1356259

  • DHCP subscribers fail after reconfiguration of port from tagged to un-tagged mode. PR1356980

  • Routing Engine switchover during backup Routing Engine being not GRES ready might restart the linecard. Routing Engine kernel and multiple chassisd might crash. PR1357427

  • MX Series Virtual Chassis locality bias with random ECMP, multipath vpn-unequal-cost and unique aggregated Ethernet bundles on each member. The traffic incorrectly hashes on both the aggregated Ethernet interfaces. PR1358635

  • MPCs might restart during a unified ISSU. PR1359282

  • Routes stuck in KRT queue with an error EINVAL -- Bad parameter in request. ' PR1362560

  • A memory leak in bbe-smgd might be observed if dynamic profile variable name and the associated value is configured to be same. PR1362810

  • Traffic destined to the MAC/IP address of VRRP VIP get dropped on the platforms which have common TFEB terminals such as MX5, MX10, MX40, MX80, and MX104. PR1363492

  • A traffic loop might occur even though the port is blocked by RSTP in a ring topology. PR1364406

  • The traffic is still forwarded through the member link of an aggregated Ethernet bundle interface even with "Link-Layer-Down" flag set. PR1365263

  • The next hop of MPLS path might be stuck in hold state which could cause traffic loss. PR1366562

High Availability (HA) and Resiliency

  • After flapping server CB ports GNFs shows Switchover Status: Not Ready. PR1306395

  • The ksyncd process might crash continuously on the new backup Routing Engine after performing GRES. PR1329276

  • Insufficient available space on hard disk lead by the crash information files is generated by ksyncd when GRES is configured in large scale configuration scenario. PR1332791

Infrastructure

  • A use-after-free vulnerability exists in rpcbind of Juniper Networks Junos OS allows an attacker to cause a denial of service against rpcbind. PR1188676

  • On Junos OS, kernel crash (vmcore) during broadcast storm after enabling 'monitor traffic interface fxp0' (CVE-2018-0029). PR1322294

  • Cleanup at thread exit cause memory leaks. PR1328273

  • On all Junos OS platforms, on a port configured with both dot1x static MAC by-pass and normal authentication, the hosts configured for static MAC by-pass might not be able to send traffic. PR1335125

  • The kernel might crash and the system might reboot in SNMP query reply scenario. PR1351568

  • Junos OS no longer going to db prompt at ~ + ctl-b. PR1352217

Interfaces and Chassis

  • On MX240, MX480, and MX960 IPv6 neighborship is not created on IRB interface. PR1198482

  • Identical IP address can be configured on different logical interfaces from different physical interfaces in the same routing instance (including master routing instance). PR1221993

  • RL-dropped packets are not displayed by [show interfaces <ifl-or> detail/extensive] commands. PR1249164

  • L2TP subscribers might not be cleared if the access-internal routes fail to install. PR1298160

  • No route to IP address from directly connected route. PR1318282

  • If ultra forward error correction (UFEC) with optical transport network (OTN) is configured, and the physical link goes down, CPU will go to 100 percent. If UFEC with OTN is configured on unconnected interfaces, CPU will go to 100 percent. PR1311154

  • The command show interfaces interface-set displays incorrect logical interface. PR1319682

  • IPCP negotiation might fail for dual stack PPPoE subscribers. PR1321513

  • Unexpected log messages might be seen if a BGP session flaps in a dynamic-tunnels GRE scenario. PR1326983

  • Unexpected log messages might be seen on a router for subscriber management. PR1328251

  • Traffic loss might be seen after deleting aggregated Ethernet bundle unit 1. PR1329294

  • The cfmd process generates a core file. PR1329779

  • The interface might not work properly after FPC restarts. PR1329896

  • The dcd process might crash because of the memory leak causing commit failure. PR1331185

  • The last logical interface digit sometimes truncate in jpppd trace logs. PR1332483

  • The transportd might crash when an SNMP query on jnxoptIfOChSinkCurrentExtTable with unsupported interface index. PR1335438

  • MX Series routers might occasionally drop the first LCP configure request packet when operating in PPPoE subscriber management configuration. PR1338516

  • Suppressing cfmd logs : jnxSoamLmDmCfgTable_next_lookup: md 0 ma 0 md_cfg 0x0 PR1347650

  • The jpppd process generates a core file on backup Routing Engine in longevity test at ../../../../../../src/junos/usr.sbin/jpppd/pppMain.cc:400. PR1350563

  • The FPC might be stuck at 100 percent for long time when MC-AE with enhanced-convergence is configured with large-scale logical interfaces. PR1353397

  • Clients might not get IPv4 address in PPPoE dual-stack scenario. PR1360846

Layer 2 Ethernet Services

  • DHCPv6 traffic might be dropped in subscriber scenario. PR1316274

  • The jdhcpd process generates a core fiel after making DHCP configuration changes. PR1324800

  • The on-demand-address-allocation under dual-stack-group does not work for IPv6. PR1327681

  • The snmpget for OID: dot3adInterfaceName might not work. PR1329725

  • The memory leak might occur in l2cpd if the l2-learning process is disabled. PR1336720

  • On Junos OS, a malicious crafted IPv6 DHCP packet might cause the jdhcpd process to generate a core file(CVE-2018-0034). PR1334230

  • The jdhcpd process might spike to 100% from less than 10% when DHCPv6 is used. PR1334432

  • The DHCPv6 second solicit message might not be processed when IA_NA and IA_PD are sent in a separate solicit message. PR1340614

  • DHCP client is not able to connect if VLAN was modified on the aggregated Ethernet interface associated with the IRB. PR1347115

  • ZTP infra scripts are not included for MX Series PPC routers. PR1349249

  • When DHCP subscribers are in bound (LOCAL_SERVER_STATE_WAIT_GRACE_PERIOD) state if dhcp-service is restarted then the subscribers in this state are logged out. PR1350710

  • DHCP relay agent will discard DHCP request message silently if the requested IP address has been allocated to the other client. PR1353471

  • Restart FPC which homing micro-bfd link causing lacp to generate a core file. PR1353597

  • The DHCP lease query message is replied with incorrect source address. PR1367485

Layer 2 Features

  • The rpd process memory leak is observed upon any changes in VPLS configuration like deleting or re-adding VPLS interfaces. PR1335914

  • VPLS instance stays in NP state after LDP session flaps PR1354784

MPLS

  • The ingress RSVP LSP fails to come UP after clear rsvp lsp all on egress router. PR1275563

  • The rpd might crash in LDP Layer 2 circuit scenario. PR1275766

  • When an LDP egress policy is used for inet.3 BGP labeled-unicast route, the route lable might not be installed in the Label Distribution Protocol (LDP) database. PR1289860

  • The traffic drop during NSR switchover for RSVP P2MP provider tunnels used by MVPN. PR1293014

  • The process rpd might crash when performing MPLS traceroute. PR1299026

  • The traffic in P2MP tunnel might be lost when next-generation MVPN uses RSVP-TE. PR1299580

  • The kysncd process might crash after removing and inserting backup Routing Engine in analytics and "mpls sensor" scenario. PR1303491

  • The RSVP node-hello packet might not work correctly after the next hop for remote destination is changed. PR1306930

  • When show mpls container-lsp is executed, the output is delayed. PR1314960

  • With dynamic-tunnels configured, the rpd might crash when the rpd is restarted or Routing Engine switchover is executed. PR1319386

  • The IPv4 and IPv6 multicast traffic might get dropped in MX Series Virtual Chassis when the traffic comes in through the layer 2 circuit and goes out through aggregated Ethernet member interface across Virtual Chassis members. PR1320742

  • The rpd might crash when ldp p2mp recursive is configured. PR1321626

  • The rpd might crash due to memory leak in RSVP scenario. PR1321952

  • On Junos OS, receipt of specially crafted UDP packets over MPLS might bypass stateless IP firewall rules (CVE-2018-0031). PR1326402

  • SNMP OID counters for mplsLspInfoAggrOctets show constant value for some LSPs even though traffic is constantly increasing in show mpls lsp statistics. PR1327350

  • Packet loss might be observed when auto-bandwidth is enabled for CCC connections. PR1328129

  • The rpd might crash on backup Routing Engine because of memory exhaustion. PR1328974

  • After a MPLS LSP link flap and local repair, a new LSP instance is tried to be signaled but it might get stuck. PR1338559

  • Whenever there is a decrease in the statistics value across an LSP, the mplsLspInfoAggrOctets value take two intervals to get updated. PR1342486

  • LDP label is generated for serial interface subnet route unexpectedly. PR1346541

  • The rpd crash might happen in RSVP setup-protection scenario. PR1349036

  • In a rare scenario, rpd might crash when LDP fails to allocate self-id for the P2MP FEC. PR1349224

  • Packets destined to the master Routing Engine might be dropped in the kernel when LDP traffic statistics are polled through SNMP. PR1359956

Multicast

  • DHCP6 relay is not working unless DHCP is restarted. PR1316210

  • Incorrect upstream interface might be displayed on PIM non-DR router for some statically joined IGMP groups. PR1337591

Network Management and Monitoring

  • On MX Series virtual devices, one Routing Engine does not reply to SNMP request. PR1240178

  • The alarm-mgmtd might crash after upgrade to Junos OS Releases 16.1R4, 16.1R5, 17.1R3, 17.2R1, 17.3R1, or later releases. PR1296597

  • The mib2d might crash when SNMP polling on interface mibs and meanwhile FPC restarts or interface flaps. PR1318302

  • SNMP stops or becomes very slow after a very long period of time. PR1328455

  • With interafce-mib, MX Series routers responds with type : NoSuchInstance for OIDs when multiple OIDs are polled in one SNMPGET request. PR1329749

  • The eventd process fails to startup with syslog configuration. PR1353364

  • jnxDcuStatsEntry and jnxScuStatsEntry OIDs are missing post interface configuration change. PR1354060

  • SNMP process crashes during CFM statistics polling. PR1364001

Platform and Infrastructure

  • On MX Series platforms, if a large number of routes are processed, then the Packet Forwarding Engine of the MS-MPC might crash. PR1277264

  • Error messages might be observed with MPC5E card. PR1283850

  • Executing the command of show services inline ip-reassembly statistics might cause ukern sheaf memory leak. PR1285833

  • The output values of command show system resource-monitor are not accurate. PR1287592

  • Doing load replace terminal and attempting to replace the interface stanza might terminate the current CLI session and leave the user session hanging. PR1293587

  • Service cookie opaque data reset incorrectly leading data sent to service pic getting corrupted. PR1310904

  • VPLS instance fails to learn MAC addresses upon pseudowire switchover. PR1316459

  • Rate-limit configured with small temporal buffer size might cause packet loss. PR1317385

  • Multicast traffic might get duplicated when MoFRR is configured. PR1318129

  • Move XQ_CMERROR_XR_CORRECTABLE_ECC_ERR to minor and re-classify remaining XQCHIP CMERROR from FATAL to MAJOR. PR1320585

  • The traffic with more than 2 VLAN tags might be incorrectly rewritten and sent out. PR1321122

  • MX104 shows sdk-vmmd: %USER-3: is_platform_rainier: Platform could not be detected in severity error. PR1321622

  • The 'no-propagate-ttl' might not take effect if chained-composite-next-hop ingress l3vpn extended-space is configured. PR1323160

  • The MAC might not be learnt on MX Series with MPCs or MICs line card because of the negative value of the bridge MAC table limit counter. PR1327723

  • The packet might get dropped in LSR if MPLS pseudowire payload does not have control word and its destination MAC starts with '4' or '6'. PR1327724

  • Traffic loss might be observed on LT interface. PR1328371

  • Directories and files under /var/db/scripts lost execution permission or directory 'jet' is missing under /var/db/scripts causing error: Invalid directory: No such file or directory error during commit. PR1328570

  • The tcpdump filter might not work in egress direction on PS and its logical interfaces. PR1329665

  • The router hits db prompt at netisr_process_workstream_proto. PR1332153

  • RPM mib pingResultsMinRtt, pingResultsMaxRtt, pingResultsAverageRtt response as "1" while target address is unreachable, should be "0". PR1333320

  • On all Junos OS platforms, python scripts and shell scripts cannot be executed during ZTP as veriexec is enabled. PR1334425

  • Traffic loss might be seen for some flows due to network churn. PR1335302

  • Commit might fail with error reading from commit script handler. error: commit script failure PR1335349

  • On MX104, a backup Routing Engine kernel crashes on committing set system management-instance. PR1335903

  • The MPC might crash after setting max-queues to a very large number. PR1338845

  • On MX Series platform with network services in IP mode and Connectivity Fault Management (CFM) configured on aggregated Ethernet interface, route programming in Packet Forwarding Engine might get corrupted after the member link of aggregated Ethernet flap, leading to packet drop. PR1338854

  • Configuring the same DHCP server in different routing instances is not supported in DHCP relay scenario. PR1342019

  • With proxy-arp configuration statement present on a VRRP interface transition of VRRP backup to master might result in dead next hops. PR1342707

  • Packet Forwarding Engine route might get corrupted post few attempts of deactivation or activation of CFM feature list either through interface flap or restart of FPC hosting the member links aggregated Ethernet with CFM configured leading to packet black-holes. PR1342881

  • ZTP is not supported for vmhost images on next generation Routing Engines on the MX Series platforms. PR1343338

  • On Junos OS, multiple vulnerabilities in multiple cURL versions are seen. PR1347361

  • The IPv4 GRPS traffic over aggregated Ethernet interface might be dropped if gtp-tunnel-endpoint-identifier is configured. PR1347435

  • On an EVPN-VXLAN, MX Series output policing action does not work on IRB interfaces for VNIs. PR1348089

  • FPC CPU utilization with LT interfaces is pegged continuously at 100 percent. PR1348840

  • Running RSI through console port might cause system to crash and reboot. PR1349332

  • ICMP error messages are not generated if 'donot fragment' packets exceed the MTU of the multiservice interface. PR1349503

  • Kernel crashes because of the initialization of logical interface MAC filter function missing for Packet Forwarding Engine extended port devices. PR1353498

  • JNH memory leak is seen with VTEP traffic. PR1356279

  • Traffic black hole seen along with JPRDS_NH:jprds_nh_alloc(),651: JNH[0] failed to grab new region for next hop messages. PR1357707

Routing Policy and Firewall Filters

  • Condition based policy fails to take action even though condition is matched. PR1300989

  • The policy configuration might not be evaluated if policy expression is changed. PR1317132

  • Access internal route might fail to be leaked between routing instances when from instance is configured in the policy. PR1339689

  • TPI-50840 vrf-target auto derived internal policy not cleaned up even after configuration is deleted and triggers rpd to generate a core file. PR1357724

Routing Protocols

  • The CLI command show bgp summary provides incorrect results while assisting GR. PR1045151

  • The rpd might crash when running rpd for a long time. PR1092009

  • RLFA computation might still consider a PQ-node not reachable through LDP, when LDP is deactivated. PR1202392

  • BGP extended communities with sub-type 4 erroneously displayed at LINK_BANDWIDTH. PR1216696

  • The rpd generates a core file in the ASBR when BGP is deactivated in the ASBR before all stale labels have been cleaned up. PR1233893

  • After bfdd restart is seen, issue with next-generation mVPN and l2vpn route exchange causes mVPN and vpls traffic drop. PR1278153

  • Routing loops might be seen after configuring BGP prefix independent convergence (BGP PIC). PR1282520

  • Multicast flow reset might occur on OIF for RPT joined branch when PIM prune comes on another interface. PR1293900

  • The link management protocol process (lmpd) repeatedly crashes when a logical system is configured on the same router. PR1294166

  • The rpd process might crash because of the AS PATH check error that occurs when RIB groups are added first and later the routing instances are added. PR1298262

  • MSDP sessions might flap because the data replication get stuck between backup and master Routing Engine with a huge SA burst between peers. PR1298609

  • The rpd might crash because of the malformed BGP UPDATE packet (CVE-2018-0020). PR1299199

  • IBGP route damping does not take effect on IBGP inet-vpn address family. PR1301519

  • Multicast traffic might be pruned for random groups following DR failover. PR1303050

  • The mcsnoopd process generates a core file at __raise,abort,__task_quit__,task_quit,task_terminate_timer_callback,task_timer_dispatch,task_scheduler_internal (enable_slip_detector=true, no_exit=true) at ../../../../../../src/junos/lib/libjtask/base/task_scheduler.c:275 . PR1305239

  • BGP traceoption logs are still written when it is deactivated. PR1307690

  • The rpd generates a core file in bgp_rt_send_message at ../../../../../../../../../src/junos/usr.sbin/rpd/bgp/bgp_io.c:1460. PR1310751

  • BGP route age is getting refreshed when secondary path goes down with BGP PIC enabled. PR1312538

  • The routing protocol process (rpd) might crash and generate core files. PR1314679

  • The rpd might constantly consume high CPU in BGP setup. PR1315066

  • OSPF routes cannot be installed to the routing table until the lsa-refresh timer expire. PR1316348

  • The primary path of MPLS LSP might switch to other address. PR1316861

  • The inactive route cannot be installed in multipath next hop after disabling and enabling the next hop interface in L3VPN scenario. PR1317623

  • The MPLS labels next hop for IPv4 labeled unicast route are incorrect while doing some changes to the active LDP route. PR1317800

  • IS-IS might choose a sub-optimal path after the metric change in ECMP links. PR1319338

  • Traffic might get silently dropped and discarded temporarily when BGP GR is triggered and the direct interface flap. PR1319631

  • Issue with tracing of the BGP L2VPN DF election community. PR1323596

  • The rpd crash is seen when deactivating static route if the next hop interface is type of P2P. PR1323601

  • When a prefix limit is reached, increasing maximum prefixes does not take effect. PR1323765

  • BGP peer is not established after Routing Engine switchover when graceful restart and BFD is enabled. PR1324475

  • The rpd process might crash continuously on both Routing Engines when backup-spf-options remote-backup-calculation is configured in IS-IS protocol. PR1326899

  • Multiple next hops might not be installed for IBGP multipath route after IGP route update. PR1327904

  • The OpenSSL project has published a security advisory for vulnerabilities resolved in the OpenSSL library on December 7, 2017. This issue might be seen if SSL service is used, like J-Web (HTTPs), SSH, etc. PR1328891

  • With BGP, LDP, and IS-IS configurations, deleted IS-IS routes might still be visible in RIB. PR1329013

  • The rpd might crash on backup Routing Engine after BGP peer is deleted. PR1329932

  • Manual GRES with MX Series Virtual Chassis results in some packet loss on core facing interfaces. PR1329986

  • The conditional route policy cannot withdraw all routes in BGP add-path scenario on vMX platform. PR1331615

  • LDP route in inet.3 is missing when both OSPF rLFA and LFA protections are available and rejected by backup selection policy. PR1333198

  • With introduction of PR1282672, discard nh being installed when primary LSP interface drops. When primary interface returns, discard nh remains until BGP LU neighbor is cleared. This only impacts the cloned route (S=0). PR1333570

  • In LI, IGMP joins are not processed with passive allow-receive statement configured on IGMP interface. PR1334913

  • BGP sessions get stuck in active state after remote end (Cisco) restart the device. PR1335319

  • The rpd might crash if SRLG information is in the protocol IS-IS. PR1337849

  • The rpd crash might occur when receiving BGP updates. PR1341336

  • The mcsnoopd process might lead to a memory leak. PR1326410

  • The igmp-snooping might be enabled unexpectedly. PR1327048

  • On Junos OS, the rpd crashes while receiving a crafted BGP UPDATE. PR1327708

  • The routing protocol process (rpd) might crash due to receipt of crafted BGP notification messages. PR1340689

  • Changes to the displayed value of AIGP in show route ... extensive command. PR1342139

  • Traffic black-hole might be seen if local DUT receiving BFD is down. PR1342328

  • The rpd might crash when deleting or deactivating the VRF routing instance in BGP Layer 3 VPN environment. PR1343578

  • The rpd might crash if a route for RPF uses a qualified-next-hop. PR1348550

  • Traffic loss might be seen after the upstream interface shifts from one to another during receiving the PIM prune packet. PR1350806

  • The rpd might crash when BGP route damping and BGP multipath features are configured. PR1350941

  • The soure-as community is not appended to RP (display issue in show route detail output). PR1353210

Services Applications

  • PCP mappings cannot be manually cleared when a NAT pool is shared between PCP and standard NAT. PR1284261

  • AVP 145 is not present in IRQ when ANCP DSL-type = 0. PR1313093

  • L2TP Tunnel Tx and Rx bytes count sometimes decrease when subscriber sessions are reduced within the tunnel. PR1318133

  • SNMP MIBs do not yield data related to sp interfaces. PR1318339

  • The MRU might be changed to 1492 instead of the default 1500 in L2TP scenario. PR1319252

  • Long route remains in forwarding table after subscriber session goes down. PR1322197

  • L2TP LTS might drop the first "CHAP Success" packet from LNS because of delayed programming of /136 route on Packet Forwarding Engine. PR1325528

  • The jl2tpd might crash if the RADIUS server returns 32 tunnel-server-endpoints. PR1328792

  • In case the number of sessions addressed in CSURQ is more than about 107, not all CSURQ messages receive a response. PR1330150

  • Aborting (using Ctrl+C) two commands by using the same management socket pointer, one after the other, might result in generating a core file. PR1337406

  • The CLI command show services stateful-firewall flows count shows incorrect flow count after services configuration change. PR1338704

  • Output of show interfaces si-x/y/z.xxxxx extensive CLI command shows incorrect inet/inet6 MTU value for MLPPP subscriber on MX Series L2TP LNS. PR1346049

  • The bbe-smgd process might crash if there are 65535 L2TP sessions in a single L2TP tunnel. PR1346715

  • Session limit per tunnel on LAC does not work as excepted. PR1348589

  • On performing an SNMP walk on the IKE SA that is deleted, IPsec tunnels might go down and an infinite loop scenario might be seen. PR1348797

  • UDP checksum inserted by MS-DPC after NAT64 is not valid when incoming IPv4 packet has UDP checksum set to 0. PR1350375

  • The show services stateful-firewall flows counter shows ridiculously high numbers. PR1351295

  • Jl2tpd process might crash shortly after one of L2TP destinations becomes unavailable. PR1352716

Software Installation and Upgrade

  • The new versions of Junos OS does not have the tool for accessing aux port - /usr/libexec/interposer. PR1329843

Subscriber Access Management

  • The IP addresses of subscribers assigned by RADIUS might be counted within local pool incorrectly after Virtual Chassis switchover. PR1286609

  • Service interim missing for random users in JSRC scenario. PR1315207

  • The PPPOE subscribers might encounter connection failure during login. PR1317019

  • IP addresses are assigned discontinuously from the linked IP pools. PR1323829

  • Authd considers RADIUS attribute Framed-IPv6-Prefix = ::/64 or Delegated-IPv6-Prefix = ::/56 as valid parameters. PR1325576

  • multiple-radius-servers having different dynamic-request-port is not supported. PR1330802

  • Subscriber might get stuck in terminated state when JSRC synchronize state get stuck in "FULL-SYNC in progress". PR1337729

  • The rate limit of upstream or downstream values are not updated in L2TP ICCN packet after the L2TP session is established. PR1338786

  • In dual stack subscribers scenario when NDRA pool is configured, the linked pools are not used when the first NDRA pool is exhausted. PR1351765

  • When attempting to scale, sdbsts_lock_holder.bbe-smgd.pid10686.core generates a core file. PR1358339

User Interface and Configuration

  • CLI session might die while issuing the command show configuration | compare rollback 1. PR1331716

VPNs

  • In a specific CE device environment in which asynchronous-notification is used, after the link between the PE and CE devices goes up, the L2 circuit flap repeatedly. PR1282875

  • Un-hide set protocols pim mvpn family inet6 disable configuration to allow users to disable inet6 on mvpn. PR1317767

  • The rpd might crash after unified ISSU in a large scale scenario with PIM configuration. PR1322530

  • Moving MC-LAG from LDP-based pseudowire to BGP-based pseudowire might cause rpd to crash. PR1325867

  • The multicast might be rejected when Junos OS PE devices received C-Mcast route from other vendors' PE devices. PR1327439

  • mvpn sender-site configuration is not allowed with S-PMSI. PR1328052

  • In a next generation MVPN and NSR configuration, the rpd process might crash and generate a core file on the backup Routing Engine. PR1328246

  • The rpd might continuously crash on the backup Routing Engine and some protocols might flap on the master Routing Engine if hot-standby is configured for l2circuit or VPLS backup-neighbor. PR1340474

  • The rpd might crash on backup Routing Engine when changing the l2circuit virtual-circuit-id in an NSR scenario. PR1345949

Resolved Issues: 17.3R2

Application Layer Gateways (ALGs)

  • IPsec IKEv2 negotiation fails with IKE ALG enabled. PR1300448

EVPN

  • The traffic might drop after receiving an updated ARP route packet from the peer Layer 3 gateway in an EVPN and VXLAN scenario. PR1306024

  • Split horizon label is not allocated when the ESI configuration switches from single-active to all-active. PR1307056

  • Core link flap might result in an inconsistent global MAC count. PR1328956

Forwarding and Sampling

  • Some account files might be missed in case the remote archive sites are unreachable. PR1300764

  • There is a memory leak on mib2d when polling firewall MIBs. PR1302553

  • ACCT_FORK_LIMIT_EXCEEDED log level is ERROR even when the backup-on-failure feature is enabled for accounting files. PR1306846

  • The second archive site in the accounting-file configuration is not used when the first one uses SFTP and is not reachable. PR1311749

  • Accounting files with no records might be unexpectedly uploaded to the archive site. PR1313895

  • The commit might fail when the nexthop-learning configuration statement is enabled for J-Flow v9. PR1316349

  • Some firewall filter counters might not be created in SNMP. PR1335828

General Routing

  • On MX Series platforms, the configuration of enhanced-IP and enhanced-Ethernet network mode is not compatible with MS-DPC card. Hence, the MS-DPC might not work correctly. PR1035484

  • Ksyncd might crash because of the transient replication errors between Routing Engines. PR1161487

  • Stale VBF states occur without sdb sessions. PR1204369

  • The MS-MPC card might crash when OSPFv3 IPv6 traffic goes through it. PR1233459

  • The multicast-replication setting cannot be reflected in the redundancy environment after rebooting both Routing Engines. PR1240524

  • Disabling and enabling the "family mpls" of the next-hop interface might cause the route to be in a dead state in a BGP and MPLS scenario with a route of indirect next hop type. PR1242589

  • The validation-state:unverified routing entry might not be shown with proper location when users run show route. PR1254675

  • The rpd might crash during the next-hop change if unicast reverse-path- forwarding (uRPF) is used. PR1258472

  • Status LED for the ge-0/0/0 interface does not glow. PR1259112

  • PCC controlled LSP metric is not getting updated on the controller, PCE delegated LSPs do not come up. PR1265864

  • MPC might report a parity error with the fast-lookup-filter configuration statement. PR1266879

  • On MX Series routers, show chassis led command should not be displayed in possible completions of the show chassis command. PR1268848

  • A low memory condition putting the service PIC into the red zone on the MS-MIC or MS-MPC card might cause the SIP ALG to generate a core file. PR1268891

  • On MX Series platforms, if a large number of routes are processed, then the Packet Forwarding Engine of the MS-MPC might crash. PR1277264

  • I2C BUS stuck causes SFP+ thread hogging and restarting of MPC. PR1277467

  • The bbe-smgd process might generate a core file in certain cases when using iflsets in universal call admission control policy mode. PR1278543

  • The chassis network services does not get set as "Enhanced-IP". PR1279339

  • After an MS-MPC PIC goes offline or online or gets bounced (because of an AMS configuration change), sometimes the PIC can take approximately 400 seconds to come up. PR1280336

  • Syslog messages CM_FPC: Error requesting SET BOOLEAN, illegal setting 132,111 are seen after a unified ISSU from Junos OS Release 16.2R2 to Junos OS Release 17.1R2. PR1280878

  • BIOS firmware upgrade or downgrade support is not available with Junos OS Release 17.3R1. PR1281050

  • The ingress service-accounting-deferred command is not providing the correct IP traffic statistics for L2BSA subscribers. PR1281201

  • Subscribers might not be able to connect to MX Series BNG in certain scenarios. PR1281896

  • The kernel might crash in a rare corner case. PR1282573

  • Layer 2 circuit will flap repeatedly, after the link up between PE and CE devices in "asynchronous-notification" and a specific CE device environment. PR1282875

  • Error messages such as IFRT: 'IFL, IFRT: 'Aggregate interface and IFRT: 'IFD are seen when there is a change in configuration. PR1282938

  • On MX Series routers, the CLI command show interfaces does not display the reason for bringing down the interfaces when the Packet Forwarding Engine is disabled. PR1283323

  • The log message VTAG not found in uflow might be seen when a PPPoE subscriber logs on to a static VLAN logical interface. PR1284966

  • LC, PFH, and Packet Forwarding Engine interface is not coming up on RE1. PR1285606

  • With CoS-based forwarding, when the primary path of one of the next-hop LSPs flaps, traffic carried by the other next-hop LSP could get load-balanced across the primary and secondary paths. PR1285979

  • Internal latency increases overtime for Packet Forwarding Engine sensors with streaming telemetry. PR1286286

  • The missing statement “Shared bandwidth policer not supported for interface ge-x/x/x” is seen, during a failed commit in Junos OS Release 16.1R3. PR1286330

  • Unified ISSU is not supported in Junos OS Release 15.1 or later releases, because the source release includes one or more BBE features such as logical interface (IFL) options, CoS fragmentation map, MLPPP, advisory options, advanced services, and multicast distribution. PR1286507

  • DDoS culprit flows are not reported by CLI or logs in a single Packet Forwarding Engine MX Series router. PR1286521

  • Framed routes might get struck in the KRT queue. PR1286849

  • The A10NSP interface does not get attached to the Layer 2 routing instance after renaming the routing instance. PR1287070

  • SNMP query for ’IF-MIB::ifOutQLen’ reports the wrong type. It should be Gauge32 or Unsigned32 for a dynamic VLAN DEMUX0 interface. PR1287852

  • During unified ISSU (FRU upgrade) micro BFD flap is observed. PR1288433

  • Performance issues can be seen when nontranslated traffic is introduced to a service set using a large number of NAT terms. PR1288510

  • After GRES, smid was declared thrashing and was not restarted after a fatal SDB error. PR1288871

  • Kernel "rtdata" memory leak is found on an MX Series Virtual Chassis with the configuration statement heartbeat enabled. PR1289363

  • The FPC memory leak might happen in a BBE subscriber environment. PR1289365

  • The interfaces might go down state after performing GRES. PR1289493

  • The request system zeroize command deletes the /var/db/scripts directory which does not get re-created until the next USB or Netboot recovery. PR1289692

  • The output jnxContainersType is not displayed for PIC and MIC as correctly as it is displayed on other Juniper Networks platforms. PR1289778

  • If any of the vmhost applications are not running, then the alarm string will have "Application" name embedded in it. PR1290150

  • The NAT-T and DPD functionality do not work for aggressive mode. PR1290689

  • Incorrect temperature is displayed for MPCP5 and MPC7 in show chassis fpc output. PR1290771

  • Memory leak occurs in the bbe-smgd daemon on subscriber logout for subscribers who have joined any multicast group. PR1290918

  • LSP traffic might silently drop and get discarded after a link goes down in the bypass path. PR1291036

  • The routing protocol process might generate a core file when restarting the process using a CLI command. PR1291110

  • The switch might incorrectly learn its own IRB MAC address. PR1291184

  • Device might lead to the DB prompt db@jsr_jsm_send_ka_after_merge,send_proto_keepalive. This is observed on master Routing Engine. PR1291247

  • The Rescue configuration is not set minor alarm getting set for MX10003. PR1291525

  • l2tp incoming-call-connected messages retransmit fast and declare that the tunnel is down. PR1291557

  • An error in vbf_filter_add_orphan_check might be seen when the subscribers use filter log out or log in. PR1292582

  • An error message might be seen while bringing up the subscriber in a subscriber management environment. PR1293057

  • DDR3 TEMP ALARM messages are logged in the chassisd log. PR1293543

  • The show extensible-subscriber-services sessions command displays an incorrect timestamp after a unified ISSU. PR1293800

  • On MPC6E linecard inline sampling, the flow export rate remains lower than the configured export rate. PR1294296

  • Loss of DHCP and PPPoE subscribers is observed during unified ISSU from Junos OS Release 16.1-20170718_161_r4_s5.0 to Junos OS Release 16.1-20170718_161_r4_s5.0. PR1294709

  • An rpd core file is generated after interface or BGP flapping. PR1294957

  • The KRT queue might get stuck with the error of RPD_KRT_Q_RETRIES: chain nexthop add: Unknown error: 0. PR1295756

  • The bbe-smgd process might generate a core file at bbe_mcast_ifl_vbf_encoder on service activation or deactivation along with smg-service daemon restart. PR1295938

  • The service profile's CoS might be overridden by the client profile's CoS when second family DHCP sessions are added in a dual-stack subscriber scenario. PR1296002

  • TACACS remote user is unable to run JET applications because of a bad stored heap. PR1296237

  • The mspmand process might crash when using TDF gateway services on MS-MPC and MS-MIC. PR1296422

  • The jdhcpd might crash when using 'dhcp-security' related command in enhanced subscriber management. PR1296461

  • LLDP sensor on telemetry uses a lot of bandwidth. PR1296869

  • The kernel might crash continuously when a lot of terms are configured for firewall filters. PR1296884

  • In ECMP fast reroute scenario, traffic might get silently dropped and discarded because next hop is in "hold"" state. PR1297251

  • The bbe-smgd memory leak occur in multicast through dax/ddl. PR1297454

  • When a service multicast profile uses variables for group policy or optical internetworking forum (OIF) or SSM-MAP-POLICY and if nonexistent policy names are sent down from the external system during service activation, core files are generated. PR1297612

  • The routing protocol process crashes and generates a core file. PR1298587

  • The commit error [First_Net] is thrown when trying to commit a configuration with applied groups. PR1298649

  • The bbe-smgd process might crash when traceoption is enabled because of an invalid username character. PR1298667

  • The bbe-smgd core files are constantly generated while running ESSM and PPPoE stress test with concurrent GRES. PR1298742

  • MX Series BNG does not respond to PADI after GRES on some ports and VLANs. PR1298890

  • When the subscriber limit feature is configured, any new login request after the maximum number of subscribers is denied. PR1298924

  • The "asynchronous notification" feature cannot be implemented properly in a circuit that has MIC-3D-20GE-SFP-E and Tri Rate Copper SFP(740-013111). PR1299574

  • Flat accounting files are not generated according to the configured timers. PR1299597

  • Subscriber database is stuck in "not ready" state after GRES. PR1299940

  • After IS-IS TE routes and BGP routes attribute change, traffic loss might be seen because BGP routes point to some stale labels. PR1300425

  • The error error: the SDN-Telemetry subsystem is not responding to management requests is seen on issuing the CLI command show agent sensors if traceoptions are enabled for service analytics. PR1300829

  • ICMP and ICMPv6 error messages might be discarded while forwarding through an AMS interface. PR1301188

  • Configured sub-interface might not be created correctly after commit. PR1301823

  • Continuous interface flapping might lead to unwanted MIC reset. PR1302246

  • The rpd might crash when toggling vrf-propagate-ttl and no-vrf-propagate-ttl configuration statements. PR1302504

  • Chassisd.core-tarball.0.tgz is found during unified ISSU aborted in FRU upgrade phase. PR1303086

  • Incorrect MTU might be seen on PPP interfaces, when PPP MTU is not defined in the dynamic profile. PR1303175

  • The list of available routing instances is no longer provided for output of the show subscribers routing-instance command. PR1303199

  • The inline-ka PPP echo requests are not generated for aggregated Ethernet interfaces. PR1303249

  • Blocking PPPoE or DHCP to initiate VLAN auto-sensing, if VLAN-OOB connected is in pending state. PR1303338

  • Fan speed changes frequently on MX Series Virtual Chassis. PR1303459

  • MX Series router with MIB polling returns a value that has "sdg". Polling result should include svc generic value. PR1303848

  • Truncated output is shown for the show pppoe lockout CLI command. PR1304016

  • Effective rate of E3 in framed mode is limited to 30 Mbps on certain channelized MICs. PR1304344

  • RPF-check strict causes traffic drop in next-generation subscriber management release. PR1304696

  • Commit fails with error ffp_intf_ifd_hier_tagging_config_verify: Modified IFD "si-1/1/0" is in use by BBE subscriber, active L2TP LNS client. PR1304951

  • Inline J-Flow vMX: OIF field of VPLS data records sometimes report SNMP index value of LSI interface instead of egress physical interface. PR1305411

  • MX Series router sends immediate-interim for the services pushed by SRC. PR1305425

  • The routing protocol process (rpd) crashes on loading EVPN configurations. PR1305440

  • JET daemonize application restarts even on normal exit. PR1305615

  • L2BSA subscriber connection attempts failed with VLAN profile-request-error. PR1305962

  • L2BSA subscribers came up, while no new ANCP session got established during the RADIUS disaster backup procedure. PR1306872

  • Smihelperd generates core files when SNMP is polling for JUNIPER-SUBSCRIBER-MIB::jnxSubscriberGeneral.7.0. PR1306966

  • IPsec key management process (kmd) stops key exchange process after sending out UI_DBASE_OPEN_FAILED Too many open files error message. PR1308380

  • License is lost during Routing Engine switchover in scale-subscriber scenario. PR1308620

  • CoS applied to a subscriber demux logical interface (IFL) is not working. PR1308671

  • All the MICs on FPC, with PS interfaces configured, went offline during the restart of the FPC in another slot. PR1308995

  • Error messages %PFE-3: fpc0 vbf_var_iflset_add:633: vbf container 11 not found in the msg for ifl .demux.6514 are often seen after MPC restart. PR1309013

  • Incorrect values are found in the event-timestamp of RADIUS accounting-stop packets for L2BSA subscribers. PR1309212

  • On MX2020 and MX2010, after smooth SFB to SFB2 upgrade, if one plane is restarted, link training fails between that plane and the MPC6 cards. PR1309309

  • First access-request fails for L2BSA subscribers when changing the MTU of LACP aggregated Ethernet A10NSP interface. PR1309599

  • DHCP client gets stuck in selecting state while verifying untagged DHCP subscribers after modifying router configuration. PR1309730

  • DT_BNG : 9000 out of 10000 terminated subscribers go down during the unified ISSU from Junos OS Release 16.1 through Junos OS Release 17.3. PR1309983

  • The bbe-smgd process memory leak might be seen after deleting or adding the address pool in next-generation subscriber management release. PR1310038

  • The MS-MIC and MS-MPC memory utilization might stay at high level in the subscriber management scenario. PR1310064

  • SPD_CONN_OPEN_FAILURE and SPC_CONN_FAILURE log messages are seen in the logs for SI interfaces when running SNMP walk on service PIC NAT OIDs. PR1310081

  • krt_junos_sanity_check_ctrl_resp: rtsock request finally succeeded after error 16 syslog message in Junos OS Release 17.1R1.8. PR1310678

  • Local IPv6 interface from NDRA prefix is not removed from service interface, while subscriber dual-stack session is removed. PR1310752

  • After bsys reboot sometimes rpd is unresponsive on one or more GNFs. PR1310765

  • Bad stored heap: heap-ptr=0x0 data-ptr=0x1481cbf8. PR1311482

  • The FPC memory might be exhausted with SHEAF leak messages seen in the syslog. PR1311949

  • Counter at PPPoE session logical interface increments incorrectly, causing the accounting packet to contain incorrect acct-input-packets value and incorrect acct-input-octets value. PR1312998

  • The CLI command show version detail | no-more hangs for more than 120 seconds in the master Routing Engine and more than 60 seconds in the backup Routing Engine. PR1314242

  • The smgd process generates a core file with reference to bbe_cos_ifl_publish() bbe_cos_if.c:6543. PR1314651

  • The rpd might crash in MoFRR scenario. PR1314711

  • The RIB and FIB might get out of synchronization because the KRT asynchronous queue might get stuck. PR1315212

  • The CLI command show version detail gives severity error log main: name: SRD ret: 0. PR1315436

  • Transit traffic over GRE tunnel might hit the CPU and trigger a DDoS violation on the L3 next hop. PR1315773

  • The show auto-configuration out-of-band CLI command used with a different configuration statement shows the same output. PR1316661

  • Demux interface sends neighbor solicitation with source link-address of all zeros 00:00:00:00:00:00 MAC. PR1316767

  • The rpd might crash when the link flaps on an adjacent router. PR1318476

  • MS-MPC and MS-MIC might crash after a new IPsec tunnel is added. PR1318932

  • MX Series routers sends the IPv6 router advertisements and the DHCPv6 advertisements before sending IPCPv6 ACK from CPE. PR1321064

  • In commit fast-synchronize mode, the commit operation might get stuck after the commit check is performed. PR1322431

  • An incorrect output is observed while verifying the command show subscribers client-type vlan subscriber-state active logical-system default routing-instance default. PR1322907

  • Subscribers might fail to login after the interface is deactivated or activated. PR1324446

  • Approximately three percent of Packet Forwarding Engine forwarding capacity might be seen on XM-chip when its temperature is higher than 67 degrees Celsius. PR1325271

  • Minor alarm LCM Peer Connection un-stable on the MX150. PR1328119

  • When using show subscribers and FPC number has two digits, the interface and IPv6 address get connected together for DHCPv6 PD. PR1334904

High Availability and Resiliency

  • Insufficient available space on hard disk lead by the crashinfo files is generated by ksyncd when GRES is configured in large-scale configuration scenario. PR1332791

Infrastructure

  • The "Last flapped" time stamp is not getting updated for fxp0 interface as per the expectation. PR1244502

  • The show system users CLI command output displays more users than are actually using the router. PR1247546

  • The MX Series router might fail to upgrade Junos OS Release 14.2R6 to Junos OS Release 16.1R4. PR1298749

  • The syscalltrace.sh might create a huge output file, which could cause the router to run out of storage space. PR1306986

Interfaces and Chassis

  • The output value is incorrect when querying the optical power of OTN interfaces on the router. PR1216153

  • [SIRT] MX Series Packet Forwarding Engine and MX Series MPC7E, MPC8E, and MPC9E Packet Forwarding Engine crash when fetching interface statistics with extended-statistics enabled (CVE-2017-10611). PR1247026

  • At a high logical interface scale, an ifinfo process (daemon) generates a core file on executing the command show interfaces. PR1254189

  • Monitor interface on aggregated Ethernet logical interfaces displays incorrect bps value compared to show interface output. PR1283831

  • The family inet shows as not configured after adding or deleting the loopback address. PR1294267

  • A VRRP track interface-down does not trigger a mastership election immediately. PR1294417

  • IRB interface is showing incorrect bandwidth value. PR1302202

  • AFEB might not come up when LFM is deactivated. PR1306707

  • After executing request system reboot both CLI command, the Juniper PPP daemon might become unresponsive. PR1310909

  • The PPPoE subscriber might not log in correctly after authentication failure. PR1311113

  • MX Series Virtual Chassis unified ISSU emits benign error message if unsupported FRUs are present. PR1316374

  • IPv6 Framed Interface Id field is not showing correctly in show subscribers extensive output. PR1321392

  • The interface might not work properly after FPC restarts. PR1329896

Layer 2 Features

  • A misconfiguration adds an aggregated Ethernet interface bundle, and its member links to a VPLS instance might cause 100 percent routing protocol process (rpd) utilization. PR1280979

  • On MX Series routers with MPCs or MICs based platforms, packets received on the IRB interface in virtual private LAN services (VPLS) get double tagged. PR1295991

Layer 2 Ethernet Services

  • DHCPV6 client bound to IA_PD prefix on reception of DHCV6 request for IA_NA, MX Series deletes the existing binding. PR1286359

  • ARP requests are not generated for IRB configured in VPLS over GRE tunnel. PR1295519

  • In a PPPoE and DHCP dual-stack subscriber scenario with an incorrect DHCP configuration, MX Series router might eventually stop logging in PPPoE and DHCP clients. PR1298976

  • Multiple jdhcpd core files are observed in jdhcpd_update_groups at ../../../../../../src/junos/usr.sbin/jdhcpd/jdhcpd_config.c:2290. PR1311569

MPLS

  • RSVP p2mp sub-LSPs having more than one sub-LSP in down state might not get re-optimized after transit path goes down. PR1174679

  • The rpd might crash when moving static LSP from one routing instance to another. PR1238698

  • The created time value in show mpls lsp extensive might drift by a second when the show command is issued multiple times. PR1274612

  • MPLS layer 2 circuit ping packet is incorrectly parsed by the output loopback filter. PR1288829

  • Received MTU might not get updated in RSVP MTU signaling. PR1291533

  • Stale RSVP LSP entry occurs after NSR switchover and session is not refreshed. PR1292526

  • The rpd might crash if MPLS LSP path change occurs. PR1295817

  • When using IS-IS traffic engineering (TED), if an LSP's state changed, routing protocol process might lose track of memory. PR1303239

  • BGP multipath might not work when interface flaps. PR1305228

  • Feature "explicit-null" might block host-bound traffic incoming from LSP. PR1305523

  • The rdp process might crash during interface-down events when UHP-based LSPs are configured. PR1309397

Network Management and Monitoring

  • Mib2d-related syslog messages MIB2D_RTSLIB_READ_FAILURE: rtslib_iflm_snmp_pointchange are seen during remove and restore configurations. PR1279488

  • The mib2d process might crash when polling the OID ifStackStatus.0 after a logical interface of lo0 is deleted. PR1286351

  • The show arp no-resolve interface X command output for nonexistent interface X is showing all unrelated static ARP entries. PR1299619

  • After SNMP configuration activation, the snmpd process started to consume more CPU time. PR1300016

  • The syslog duplicate entries of hostname and timestamp are breaking the standard logging format. PR1304160

Platform and Infrastructure

  • Traffic drop might occur under a large-scale firewall filter configuration. PR1093275

  • The "forwarding-class-accounting enhanced" feature is not supported in combination with "forwarding-options hyper-mode". Using both features together results in traffic getting silently dropped and discarded. PR1198021

  • The dexp process might crash after committing set system commit delta-export. PR1284788

  • Generate-event time-interval usage now triggers the event only on the actual expiry of time internal. PR1286803

  • Incorrect load-balance on ae interface might occur if traffic transits from MS-DPC to MPC card in enhanced-IP mode. PR1287086

  • Packet Forwarding Engine heap memory leak was found in three routers with PPPoE subscribers. PR1287870

  • While adding a new package to the router, you might see the following message: mgd: error: Could not open library: /usr/lib/render/libvccpd-render.tlv. PR1289158

  • The syslog error not a proper library: /usr/lib/render/libdcd-render.so: Cannot open "/usr/lib/render/libdcd-render.so appears when any non-superuser/non-root user tries to log in to the router.. PR1289974

  • Dynamic MAC learning might fail on GRE tunnel interface. PR1291015

  • The scale-subscriber license might leak on the backup Routing Engine during bulk subscriber logout. PR1294104

  • The management daemon might crash and generate a core file after GRES in a subscriber environment. PR1298205

  • RMOPD_HW_TIMESTAMP_INVALID is reported two to four times a day, which raises an alarm when polled through jnxRpmResSumPercentLost MIB. PR1300049

  • On MX Series platforms with firewall filter configuration, the MPC might reset while loading the configuration. PR1300990

  • All traffic can be tail-/RED-dropped on some interfaces when chassis fpc max-queues is configured. PR1301717

  • Classifier does not get applied on the ae member links on DPC (I-chip) based platforms with CoS configured. PR1301723

  • MX Series FPC wedges when creating more than 4000 logical-tunnel interfaces per Packet Forwarding Engine. PR1302075

  • The CLI command mk destroy-all is displaying the error Could not find jnx.wrlsb.mk. PR1302974

  • The interface-mac-limit might fail for ae interface. PR1303293

  • The TWAMP Request-TW-Session message Type-P descriptor format is not RFC-compliant. PR1305752

  • jlaunchd: System reaching processes ceiling <low or high or critical> watermark because of auditd. PR1305964

  • On MX Series routers with MPCs or MICs, the resource monitor (RSMON) thread might get stuck in a loop, consuming 100 percent of FPC CPU. PR1305994

  • The show system resource-monitor fpc slot <> command reported memory free percentages that were not accurate. PR1287592

  • The source MACs might leak (or not learn) between different VPLS instances at the receiving end VPLS PE devices. PR1306293

  • This PR addresses the ICMP error messages in Packet Forwarding Engine and is forwarded to the correct pic in the AMS bundle. PR1313668

  • Multicast traffic is not forwarded on the newly added p2mp branch and receiver. PR1317542

  • Multicast traffic might get duplicated when MoFRR is configured. PR1318129

  • Errors might be observed when the fabric-header-crc-enable statement is enabled. PR1320874

  • RPM probes delegated to MS-MIC get stuck when any change is made to the BGP group stanza. PR1322097

Routing Policy and Firewall Filters

  • The rpd might crash when vrf-target auto is configured under routing-instance. PR1301721

Routing Protocols

  • No multicast forwarding in ASM mode occurs after unified ISSU. PR1146621

  • MPLS over UDP tunnel creation fails in absence of a routing instance table. PR1270955

  • The rpd might crash after deactivating or activating BGP. PR1272202

  • A few bfd sessions flap while coming up after FPC reboots. PR1274941

  • BGP updates might not be advertised to peers completely under certain conditions. PR1282531

  • Some BGP-related traceoptions flag settings might not take effect until the BGP sessions are flapped. PR1285890

  • With BGP traceoption enabled, executing the rollback and load merge commands for the configuration might cause rpd to crash. PR1288558

  • BGP-RR sends full route updates to its RR-Clients when any family MPLS interface bounces because of any fiber cut or manual events causing high CPU spike. PR1291079

  • BGP Monitoring Protocol (BMP) might send malformed route monitoring messages. PR1292848

  • The rpd might crash if BGP flap occurs. PR1295062

  • The backup Routing Engine scheduler slips when the import policy is configured improperly. PR1295712

  • Unified ISSU might take more time to complete and the MPC card might go offline during unified ISSU reboot. PR1298259

  • The rpd process might crash because of the AS PATH check error that occurs when RIB groups are added first and later the routing instances are added. PR1298262

  • Inline-BFD on IRB will be broken after GRES or NSR switchover and the subsequent anchor FPC goes offline. PR1298369

  • BGP might send an incorrect AS path when an alias is enabled and multiple peers are under the BGP group. PR1300333

  • The rpd process might crash and generate a core file while deleting a multipath route. PR1302395

  • The mcsnoopd process generates a core file during task cleanup. PR1305239

  • Junos OS Release 16.2 and later releases might give the following error: Request failed: OID not increasing: ospfIfIpAddress.0.0.0.0.0 . PR1307753

  • The route's next-hop resolution might fail if the static route is configured with qualified-next-hop and resolve options over a numbered interface. PR1308800

  • BGP labeled-unicast protection might break multicast RPF. PR1310036

  • The rpd process generates a core file in bgp_rt_send_message at ../../../../../../../../../src/junos/usr.sbin/rpd/bgp/bgp_io.c:1460. PR1310751

  • The BGP session might flap when the connection between the master Routing Engine and the backup Routing Engine keeps flapping with NSR configured. PR1311224

  • The rpd might crash when the neighbor IS-ISv6 router is restarted, causing route churn. PR1312325

  • IS-IS SPF gets triggered by LSP updates containing changes in the reservable bandwith in traffic engineering extensions. PR1313147

  • BGP prefixes with three levels of recursion for resolution will get stuck with a stale next hop at the first level after a link-down event. PR1314882

  • On a chassis with BMP configured, the rpd might crash when the rpd process is gracefully terminated. PR1315798

  • BGP-LU update oscillation occurs with BGP-PIC. PR1318093

  • Need to remove the syslog message that got added to code unintentionally. PR1318458

Services Applications

  • TLVs in ICRQ for actual-rate-downstream and actual-data-rate-upstream do not reflect PPPoE-IA value. PR1286583

  • Mspmand core file "@_arena_mALLOc" is seen in backup SDG's MS70. PR1291664

  • L2TP subscribers are down after a GRES while verifying the framed IPv6 route support for L2TP network server (LNS) at a higher scale with a maximum number of Framed-IPv6-Route. PR1293783

  • The jl2tpd process might crash shortly after a GRES switchover. PR1295248

  • L2TP subscribers might get stuck in terminating state during login. PR1298175

  • The “jl2tpd_era_lns” log files are continuously generated even when L2TP is not configured. PR1302270

  • LTS clients experience packet drop in large packets because of fragmentation in LTS. PR1312691

  • AVP 145 is not present in IRQ when ANCP DSL-type = 0. PR1313093

  • IPCP active mode is not enabled for MLPPP on LNS. PR1319580

Software Installation and Upgrade

  • Junos Selective Update (JSU) package is not activated after a reboot. PR1298935

Subscriber Access Management

  • Service interim for DHCP subscriber is not working in JSRC scenario. PR1303553

  • The ouput of the show network-access aaa accounting command might display additional entries. PR1304594

  • Incorrect Acct-Delay-Time in RADIUS Accounting-On message after rebooting the MX Series BNG. PR1308966

  • When the subscriber is removed manually or through a script, memory leak might be seen. PR1312517

  • The delegated prefix from RADIUS is parsed incorrectly when the length is less than 20 bytes. PR1315557

  • Unified ISSU is not allowed when the account is suspended. PR1320038

  • Authd considers RADIUS attribute Framed-IPv6-Prefix = ::/64 or Delegated-IPv6-Prefix = ::/56 as valid parameters. PR1325576

VPNs

  • Next-generation MVPN SG entry and MVPN route persist after data stop. PR1236733

  • Next-generation MVPN IPv6 RP bootstrap type 3 S-PMSI AD route prefix ff02::d persists after BSR data stop. PR1269234

  • Layer 2 circuits stitched through lt peer interfaces might get stuck in local site signal down (LD) status. PR1305873

Resolved Issues: 17.3R1

Class of Service (CoS)

  • The Routing Engine level scheduler-hierarchy command misses a forwarding class when the "per-unit-scheduler" mode is configured. PR1281523

Forwarding and Sampling

  • Unexpected messages might be seen in logs. PR1270686

  • The sampled process stops collecting data on Routing Engine based sampling supported platforms. PR1270723

  • The sampled process might crash if traceoptions are enabled. PR1289530

General Routing

  • On MX240/480/960 platforms, due to I2C bus hardware issue, FPC might reboot and error message might appear. PR1174001

  • In MX Series subscriber management environment, the rpd might crash in the backup Routing Engine after executing Routing Engine switch over. PR1206804

  • On MX Series routers with MPC2E-3D-NG/MPC2E-3D-NG-Q/MPC3E-3D-NG/MPC3E-3D-NG-Q line card, if the FPC-MIC link failure happens, the bridge might keep sending register messages in an infinite loop, which would cause continuous PCI exceptions, the MPC might crash and traffic forwarding might be affected. This is a rare issue, it is hard to reproduce. PR1231167

  • XM chip based line card (MPC3E/4E/5E/6E/2E-NG/3E-NG) might drop traffic under high temperature (67C or higher). PR1244375

  • On MX2000 with MPC6E, EOAM LFM adjacency flaps when an unrelated MIC accommodated in the same MPC6E slot is brought online by configuring OAM pdu-interval 100 ms and pdu-threshold 3. PR1253102

  • When unified ISSU is performed under scaled scenarios where the Packet Forwarding Engine next-hop memory uses more than 4 Million Dwords, PPE traps and traffic loss may be observed during the software-sync phase until the end of the hardware sync. PR1267680

  • The mspmand log messages about memory zone level which should not be generated are generated. It will occur every 49.7 days and will recover by itself. This is a display issue and will not affect the traffic. PR1273901

  • The CLI commands fails for the following commands: show subscribers detail ,show subscribers extensive, show subscribers count client-type <>, and other commands. The failure occurs because the subscriber-management database is unavailable. PR1274464

  • Link stays down after a flap on MPC next generation cards with QSFP+-40G direct attach copper (DAC). PR1275446

  • VT interface flaps during unrelated commit operations if MTU is configured on it. PR1277600

  • vlan-oob subscriber session fails in autoconfd due to physical interface down even if the interface is up. PR1279612

  • MIC Error code: 0x1b0001 alarm was not clear even after the voltage was returned to normal. PR1280558

  • In a subscriber management environment, if authenticated subscriber dynamic VLAN receives idle timeout from the Radius server, due to a rare timing issue such dynamic VLAN interface can be removed immediately after it was successfully created. PR1280990

  • Establishment of IPsec SAs for link type tunnels might fail under certain conditions in case of scaled IPsec link type service set configuration. In such cases the inside IFL corresponding to service set would remain down. This can be resolved by restarting ipsec-key-management daemon by issuing the following command -----------8< ---------------8< ------------------- restart ipsec-key-management -----------8< ---------------8< ------------------- Additionally sometimes the traffic may be affected after restarting IPsec management daemon. Clearing IPsec SAs corresponding to such service set would resolve this issue. This can be achieved by running the following commands --------------------8< ---------------8< ----------------------- clear services ipsec-vpn ipsec security association <service-set> --------------------8< ---------------8< ----------------------- PR1281223 PR1281223

  • DHCP/PPPoE subscribers fail to bind after FPC restart and smgd restart with BBE_RTSOCK_GET_RTSOCK_IFL_FAIL_TERMINATED counter going up. PR1281930

  • Inline-JFlow unrelated configuration changes related to a routing-instance results in invalid/incomplete JFlow data packets. Commit-full resumes proper functionality. PR1282580

  • Error messages related to "IFRT: 'IFL", "IFRT: 'Aggregate interface" and "IFRT: 'IFD" seen on config change PR1282938

  • VBF flows are not programed correctly on ae interfaces resulting in 50% traffic loss. PR1282999

  • OAM fails to come up when GRE tunnel source and family inet address are the same. PR1283646

  • PPTP session could not be established on MSMPC when it is bothstateful-firewall and NAT enabled, and the address could not be translated. PR1285207

  • Possible High CPU on MPC4E when interfaces have been disabled by administrator. PR1285673

  • The J-Flow data template sequence number is zero for MPLS flows. PR1285975

  • Process routing protocol daemon might crash while logging in or logging out with multicast service enabled and performing a GRES switchover. PR1286653

  • L2TP tunnel switch functionality is not working on Junos OS Release 16.1R4 if rewrite-rule configuration is applied to the dynamic profile. PR1287788

  • services-oids-ev-policy.slax & services-oids.slax files built in Junos OS images are not using latest versions. PR1287894

  • After offlining and onlining fabric planes, a few planes are stuck in the offline state in the MX480 router. PR1287973

  • Backup bbe-smgd.core with distributed IGMP configuration. PR1288465

  • If any of the vmhost application is not running then the alarm string will have "Application" name embedded in it. PR1290150

  • BBE-SMGD generates a core file following a stress test in bbe_iff_add_ifa. PR1291969

  • CPCDD might generate core files while using Routing Engine-based http-redirect. PR1293553

  • Not able to edit dynamic profiles after scaling up to 400 dynamic profiles. PR1295446

  • bbe-smgd core at bbe_mcast_ifl_vbf_encoder on service activation or deactivation along with smg-service restarts. PR1295938

Interfaces and Chassis

  • L2TP sessions are not coming up on some of si interfaces after an MPC restart followed by a Routing Engine switchover. PR1290562

Layer 2 Features

  • All the XML duplications and unformatted output are addressed. For Example, histogram was just declared as a element inside pfkey container, with this change a new container is defined for histogram. PR1271648

Layer 2 Ethernet Services

  • DHCP is not using the configured IRB MAC as the source MAC because DHCP is offering only unicast replies. PR1272618

MPLS

  • NG-MVPN MLDP at the receivers' PE does not join P2MP LSP on changing the root PE route from IGP/LDP to LBGP. PR1277911

Network Management and Monitoring

  • The command Esc-q does not work to toggle the console log/terminal log. PR1269274

  • The MIB II process (mib2d) logs an "RLIMIT curr 1048576000 max 1048576000" message every time a commit is performed.PR1286025

  • The mib2d process might crash when polling the OID ifStackStatus.0 after an IFL of lo0 is deleted. PR1286351

Platform and Infrastructure

  • Traffic drop might occur under a large scale of firewall filter configuration. PR1093275

  • FPC crashes with MAC accounting feature enabled. PR1173530

  • FPC CPU spikes every 6 minutes on MX Series routers with MICs and MPCs chipsets due to micro code rebalance. PR1207532

  • RPM loss percent values for "overall tests" through SNMP is incorrect. PR1272566

  • The CLI command request routing-engine login other-routing-engine might require a password. PR1283430

  • Transit traffic with DMAC starting with "02" will be punted to Routing Engine when mac-learn-enable is configured. PR1285874

  • The source MAC learned over cross-PFE ae might bounce between ae member Packet Forwarding Engines for a long time and which might cause MLP-ADD storm. PR1290516

  • RMOPD might get stuck in the sbwait state upon receiving a specific response from the HTTP agent. PR1292151

Routing Protocols

  • Routing protocol daemon on the backup Routing Engine might restart unexpectedly upon the addition of a new L2VPN routing instance. PR1233514

  • When the advertise-from-main-vpn-tables configuration statement is used under BGP and if RR functionality is added, a refresh message is not sent, and as a result, some routes are missed. PR1254066

  • MPLSoUDP tunnel creation failure in the absence of a routing instance table. PR1270955

  • After Routing Engine switchover (GRES+GR) default mdt failed to come up also seen with core facing interface flap. PR1279459

  • Routing protocol daemon might crash due to a certain chain of events in the BGP-LU protection scenario. PR1282672

  • The second multicast packet might be discarded on RP router. PR1282848

  • Routing protocol daemon crashes while deactivating in a routing instance protocols pim static. PR1284760

  • Routing protocol daemon might crash if dynamic RP goes down in ECMP topology when PIM join load balancing automatic is configured. PR1288316

Services Applications

  • Business service fails to get deactivated post Routing Engine switchover. PR1280074

  • Backup Routing Engine is going to the database prompt with a vmcore if the down ASI interface configuration is deleted. PR1281882

  • Loss of all L2TP subscribers on an LAC router after smg-service restarts on the L2TP tunnel switch.. PR1284260

  • The l2tpd process generates a core file with reference to 0x084166f5 in L2tpTunnel::createSucceeded (this=0xa04ae84, createFlags=...) at ../src/junos/usr.sbin/jl2tpd/l2tpTunnel.cc:1845. PR1288029

  • Each subscriber session is getting its own L2TP tunnel without "Tunnel-Client-Endpoint" from radius. PR1293927

Subscriber Management and Services

  • MX Series router could not filter some RADIUS attributes with the accounting-Off and accounting-On messages. PR1279533

  • Authenticated subscriber dynamic VLAN interface might get disconnected immediately after a successful connection. PR1280990

  • Authd core file is observed while terminating large number of subscribers. PR1289215

User Interface and Configuration

  • The commitd process might generate a core file by certain configuration removal followed by a commit operation. PR1267433

VPNs

  • Routing protocol daemon memory leak is observed in next-generation-MVPN enviroment. PR1259579

Documentation Updates

This section lists the errata and changes in Junos OS Release 17.3R3 documentation for MX Series.

Subscriber Management Access Network

  • The guide failed to include a feature that enables you to override the information that the LAC sends to the LNS in L2TP Calling Number AVP 22 when the LAC is configured to use the Calling-Station-ID format. You can configure the access profile to override that value for AVP 22 with any combination of the agent circuit identifier and the agent remote identifier received by the LAC in the PADR packet.

    [See Override the Calling-Station-ID Format for the Calling Number AVP].

  • The guide incorrectly stated that the linked-pool-aggregation statement is located at the [edit access address-assignment pool pool-name] hierarchy level. In fact, this statement is located at the [edit access] hierarchy level.

    See Configuring Address-Assignment Pool Linking.

Subscriber Management Provisioning Guide

  • The Broadband Subscriber Sessions User Guide did not report that you can suspend AAA accounting, establish a baseline of accounting statistics, and resume accounting. This feature was introduced in Junos OS Release 15.1R4.

    [See Suspending AAA Accounting and Baselining Accounting Statistics Overview.]

  • Starting in Junos OS Release 15.1, the Broadband Subscriber Sessions User Guide and the CLI Explorer incorrectly included information about the show extensible-subscriber-services accounting command. This command is not present in the CLI. Instead, you can use accounting profiles to collect statistics from the Packet Forwarding Engine for Extensible Subscriber Services Manager (ESSM) subscribers. [See Flat-File Accounting Overview for information about accounting for ESSM subscribers.]

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS for the MX Series. Upgrading or downgrading Junos OS might take several minutes, depending on the size and configuration of the network.

Starting with Junos OS Release 15.1, in some of the devices, FreeBSD 10.x is the underlying OS for Junos OS instead of FreeBSD 6.x. This feature includes a simplified package naming system that drops the domestic and world-wide naming convention. However, in some of the routers, FreeBSD 6.x remains the underlying OS for Junos OS. For more details about FreeBSD 10.x, see Understanding Junos OS with Upgraded FreeBSD.

Note

In Junos OS Release 15.1, Junos OS (FreeBSD 10.x) is not available to customers in Belarus, Kazakhstan, and Russia. Customers in these countries need to use the existing Junos OS (FreeBSD 6.1).

The following table shows detailed information about which Junos OS can be used on which products:

Platform

FreeBSD 6.x-based Junos OS

FreeBSD 10.x-based Junos OS

MX80, MX104

YES

NO

MX240, MX480, MX960,

MX2010, MX2020

NO

YES

Basic Procedure for Upgrading to Release 17.3

Note

Before upgrading, back up the file system and the currently active Junos OS configuration so that you can recover to a known, stable environment in case the upgrade is unsuccessful. Issue the following command:

The installation process rebuilds the file system and completely reinstalls Junos OS. Configuration information from the previous software installation is retained, but the contents of log files might be erased. Stored files on the routing platform, such as configuration templates and shell scripts (the only exceptions are the juniper.conf and ssh files) might be removed. To preserve the stored files, copy them to another system before upgrading or downgrading the routing platform. For more information, see the Junos OS Administration Library.

For more information about the installation process, see Installation and Upgrade Guide and Upgrading Junos OS with Upgraded FreeBSD.

Procedure to Upgrade to FreeBSD 10.x based Junos OS

Products impacted: MX240, MX480, MX960, MX2010, and MX2020.

To download and install FreeBSD 10.x based Junos OS:

  1. Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:

    https://support.juniper.net/support/downloads/

  2. Select the name of the Junos OS platform for the software that you want to download.
  3. Select the release number (the number of the software version that you want to download) from the Release drop-down list to the right of the Download Software page.
  4. Select the Software tab.
  5. In the Install Package section of the Software tab, select the software package for the release.
  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the routing platform or to your internal software distribution site.
  10. Install the new jinstall package on the routing platform.Note

    We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

    • For 32-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-32-17.3R3.9-signed.tgz
    • For 64-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-64-17.3R3.9-signed.tgz

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the router.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname

    Do not use the validate option while upgrading from Junos OS (FreeBSD 6.x) to Junos OS (FreeBSD 10.x). This is because programs in the junos-upgrade-x package are built based on FreeBSD 10.x, and Junos OS (FreeBSD 6.x) would not be able to run these programs. You must run the no-validate option. The no-validate statement disables the validation procedure and allows you to use an import policy instead.

    Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note

You need to install the Junos OS software package and host software package on the routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. For upgrading the host OS on these routers with VM Host support, use the junos-vmhost-install-x.tgz image and specify the name of the regular package in the request vmhost software add command. For more information, see VM Host Installation topic in the Installation and Upgrade Guide.

Note

After you install a Junos OS Release 17.3jinstall package, you cannot return to the previously installed Junos OS (FreeBSD 6.1) software by issuing the request system software rollback command. Instead, you must issue the request system software add no-validate command and specify the jinstall package that corresponds to the previously installed software.

Note

Most of the existing request system commands are not supported on routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. See the VM Host Software Administrative Commands in the Installation and Upgrade Guide.

Procedure to Upgrade to FreeBSD 6.x based Junos OS

Products impacted: MX80, and MX104.

To download and install FreeBSD 6.x based Junos OS:

  1. Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:

    https://support.juniper.net/support/downloads/

  2. Select the name of the Junos OS platform for the software that you want to download.
  3. Select the release number (the number of the software version that you want to download) from the Release drop-down list to the right of the Download Software page.
  4. Select the Software tab.
  5. In the Install Package section of the Software tab, select the software package for the release.
  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the routing platform or to your internal software distribution site.
  10. Install the new jinstall package on the routing platform.Note

    We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

    • Customers in the United States and Canada, use the following command:

      user@host> request system software add validate reboot source/jinstall-17.3R3.9-domestic-signed.tgz
    • All other customers, use the following command:

      user@host> request system software add validate reboot source/jinstall-17.3R3.9-export-signed.tgz

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the router.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname

    The validate option validates the software package against the current configuration as a prerequisite to adding the software package to ensure that the router reboots successfully. This is the default behavior when the software package being added is a different release.

    Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note

After you install a Junos OS Release 17.3 jinstall package, you cannot return to the previously installed software by issuing the request system software rollback command. Instead, you must issue the request system software add validate command and specify the jinstall package that corresponds to the previously installed software.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 16.2, 17.1 and 17.2 are EEOL releases. You can upgrade from Junos OS Release 16.2 to Release 17.1 or even from Junos OS Release 16.2 to Release 17.2. However, you cannot upgrade directly from a non-EEOL release that is more than three releases ahead or behind.

To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see https://support.juniper.net/support/eol/software/junos/.

Upgrading a Router with Redundant Routing Engines

If the router has two Routing Engines, perform the following Junos OS installation on each Routing Engine separately to avoid disrupting network operation:

  1. Disable graceful Routing Engine switchover (GRES) on the master Routing Engine, and save the configuration change to both Routing Engines.

  2. Install the new Junos OS release on the backup Routing Engine while keeping the currently running software version on the master Routing Engine.

  3. After making sure that the new software version is running correctly on the backup Routing Engine, switch over to the backup Routing Engine to activate the new software.

  4. Install the new software on the original master Routing Engine that is now active as the backup Routing Engine.

For the detailed procedure, see the Installation and Upgrade Guide.

Downgrading from Release 17.3

To downgrade from Release 17.3 to another supported release, follow the procedure for upgrading, but replace the 17.3 package with one that corresponds to the appropriate release.

Note

You cannot downgrade more than three releases.

For more information, see the Installation and Upgrade Guide.

Product Compatibility

Hardware Compatibility

To obtain information about the components that are supported on the devices, and special compatibility guidelines with the release, see the Hardware Guide and the Interface Module Reference for the product.

To determine the features supported on MX Series devices in this release, use the Juniper Networks Feature Explorer, a Web-based application that helps you to explore and compare Junos OS feature information to find the right software release and hardware platform for your network. Find Feature Explorer at: https://pathfinder.juniper.net/feature-explorer/.

Hardware Compatibility Tool

For a hardware compatibility matrix for optical interfaces and transceivers supported across all platforms, see the Hardware Compatibility tool.