Junos OS Release Notes for ACX Series

New and Changed Features

• Release 17.4R3 New and Changed Features

• Release 17.4R2 New and Changed Features

• Release 17.4R1 New and Changed Features

Release 17.4R3 New and Changed Features

There are no new features or enhancements to existing features for ACX Series in Junos OS Release 17.4R3.

Release 17.4R2 New and Changed Features

Release 17.4R1 New and Changed Features

Management

• Support for multiple, smaller configuration YANG modules (ACX Series)—Starting in Junos OS Release 17.4R1, the YANG module for the Junos OS configuration schema is split into a root configuration module that is augmented by multiple, smaller modules. The root configuration module comprises the top-level configuration node and any nodes that are not emitted as separate modules. Separate, smaller modules augment the root configuration module for the different configuration statement hierarchies. Smaller configuration modules enable YANG tools and utilities to more quickly and efficiently compile and work with the modules, because they only need to import the modules required for the current operation.

  [See Understanding the YANG Modules That Define the Junos OS Configuration.]

Routing Protocols

• Enhancements to BGP to support attribute transparency (ACX Series)—Starting with Junos OS Release 17.4R1, BGP feature is enhanced to support attribute transparency for NEXT_HOP, AS_PATH, MULTI_EXIT_DISC, AIGP, and Communities attributes. This feature also provides BGP API enhancements (Add, Get, Modify, Update, Remove, Monitor APIs) to support EBGP and make the route server programmable.

  [See BGP Route Server Overview.]

Timing and Synchronization

• Enterprise profile for Precision Time Protocol (PTP) (ACX1100 Router)—Starting with Junos OS Release 17.4R1, the enterprise profile, which is based on PTPv2, provides the ability for enterprise and financial markets to timestamp on different systems and to handle a range of latency and delays. The enterprise profile supports the following options:

  • IPv4 multicast transport

  • Boundary clocks

  • 512 downstream slave clocks

  You can enable the enterprise profile at the [edit protocols ptp profile-type] hierarchy.

  Note

  On ACX Series, the enterprise profile for PTP is supported only on ACX1100 AC router.

Changes in Behavior and Syntax

• Management

• Network Management and Monitoring

• Platform and Infrastructure

• Security

• Software Licensing

• Subscriber Management and Services

Management

• Changes to Junos OS YANG module naming conventions (ACX Series)—Starting in Junos OS Release 17.4R1, the native Junos OS YANG modules use a new naming convention for the module's name, filename, and namespace. The module name and filename include the device family and the area of the configuration or command hierarchy to which the schema in the module belongs. In addition, the module filename includes a revision date. The module namespace is simplified to include the device family, the module type, and an identifier that is unique to each module and that differentiates the namespace of the module from that of other modules.

  [See Understanding Junos OS YANG Modules.]

Network Management and Monitoring

• SNMP syslog messages changed (ACX Series)—In Junos OS Release 17.4R1, two misleading SNMP syslog messages have been rewritten to accurately describe the event:

  • OLD —AgentX master agent failed to respond to ping. Attempting to re-register
    
    NEW — AgentX master agent failed to respond to ping, triggering cleanup!

  • OLD — NET-SNMP version %s AgentX subagent connected
    
    NEW — NET-SNMP version %s AgentX subagent Open-Sent!

  [See the SNMP MIB Explorer.]

• Change in default log level setting (ACX Series)—In Junos OS Release, 17.4R1, the following changes were made in default logging levels:

  Before this change:

  • SNMP_TRAP_LINK_UP was LOG_INFO for both the physical (IFD) and logical (IFL) interfaces.

  • SNMP_TRAP_LINK_DOWN was LOG_WARNING for both the physical (IFD) and logical (IFL) interfaces.

  After this change:

  • IFD LinkUp -> LOG_NOTICE (since this is an important message but less frequent)

  • IFL LinkUp -> LOG_INFO (no change)

  • IFD and IFL LinkDown -> LOG_WARNING (no change)

  [See the MIB Explorer.]

• New context-oid option for trap-options configuration statement to distinguish the traps which come from a non-default routing instance and non-default logical system (ACX Series)—In Junos OS Release 17.4R2, a new option, context-oid, for the trap-options statement allows you to handle prefixes such as <routing-instance name>@<trap-group> or <logical-system name>/<routing-instance name>@<trap-group> as an additional varbind.

  [See trap-options.]

• The NETCONF server omits warnings in RPC replies when the rfc-compliant statement is configured and the operation returns <ok/> (ACX Series)—Starting in Junos OS Release 17.4R3, when you configure the rfc-compliant statement at the [edit system services netconf] hierarchy level to enforce certain behaviors by the NETCONF server, if the server reply after a successful operation includes both an <ok/> element and one or more <rpc-error> elements with a severity level of warning, the warnings are omitted. In earlier releases, or when the rfc-compliant statement is not configured, the NETCONF server might issue an RPC reply that includes both an <rpc-error> element with a severity level of warning and an <ok/> element.

Platform and Infrastructure

• DMA recovery mechanism (ACX Series)—Starting in Junos OS Release 17.4R3, a recovery mechanism has been introduced that is triggered in case the router enters an Idle state on any DMA channels. The recovery mechanism resets the PFE reboot to recover from Idle state.

  The following recovery message is logged in the RE syslog message:

  The following recovery message is logged in the PFE syslog message:

Security

• Support to log the SSH key changes—Starting with Junos OS 17.4R1, the configuration statement log-key-changes is introduced at the [edit system services ssh ] hierarchy level. When the log-key-changes configuration statement is enabled and committed (with the commit command in configuration mode), Junos OS logs the changes to the set of authorized SSH keys for each user (including the keys that were added or removed). Junos OS logs the differences since the last time the log-key-changes configuration statement was enabled. If the log-key-changes configuration statement was never enabled, then Junos OS logs all the authorized SSH keys.

Software Licensing

• Key generator adds one day to make the duration of license show as 365 days (ACX Series)—Starting in Junos OS Release 17.4R1, the duration of subscription licenses as generated by the show system license command and shown in the output are correct to the numbers of days. Before this fix, for example, for a 1-year subscription license, the duration was generated as 364 days. After the fix, the duration of the 1-year subscription now shows as 365 days.

  See show system license.

Subscriber Management and Services

• DHCPv6 lease renewal for separate IA renew requests (ACX Series)—Starting in Junos OS Release 17.4R2, the jdhcpd process handles the second renew request differently in the situation where the DHCPv6 client CPE device does both of the following:

  • Initiates negotiation for both the IA_NA and IA_PD address types in a single solicit message.

  • Sends separate lease renew requests for the IA_NA and the IA_PD and the renew requests are received back-to-back.

  The new behavior is as follows:

  1. When the reply is received for the first renew request, if a renew request is pending for the second address type, the client stays in the renewing state, the lease is extended for the first IA, and the client entry is updated.

  2. When the reply is received for the second renew request, the lease is extended for the second IA and the client entry is updated again.

  In earlier releases:

  1. The client transitions to the bound state instead of staying in the renewing state. The lease is extended for the first IA and the client entry is updated.

  2. When the reply is received for the second renew request, the lease is not renewed for the second address type and the reply is forwarded to the client. Consequently, when that lease ages out, the binding for that address type is cleared, the access route is removed, and subsequent traffic is dropped for that address or address prefix.

  [See Using DHCPv6 IA_NA with DHCPv6 Prefix Delegation Overview.]

Known Behavior

• General Routing

General Routing

• Shared-buffer maximum default for IFL Queues is 66%, independent of the shared-buffer maximum knob under IFL scheduler configuration. PR1275796

• With enterprise profile, with multiple masters configured, PTP servo gets stuck in FREERUN state after the master is failed by disabling the IFL. PR1281798

• Error messages seen on loading basic iflset configuration on ACX5000 Junos routers. IFLSet in hierarchical-scheduler is not supported for HCOS in ACX5000. ACX5000 fpc0 ACX_COS_HALP(acx_hqos_update_iflset_stats:xxxx): Invalid Queue index for iflset x ACX5k fpc0 ACX_COS_HALP(acx_hqos_update_iflset_stats:xxxx): Invalid Queue index for iflset y. These log messages are harmless and there is no traffic impact. PR1290166

Known Issues

• General Routing

• Interfaces and Chassis

• Layer 2 Features

• MPLS

• Routing Protocols

• Virtual Chassis

General Routing

• Aggregate interface on ACX Series routers is permanently down after reboot, when link-speed is configured on 12.3X54-D10.6. PR1022248

• Forwarding when using non-existing SSM map source address in IGMPv3 instead of pruning. This is a day 1 design issue which needs to be redesigned. The impact is more, but definitely this needs some soaking time in DCB before it gets ported in previous versions. PR1126699

• When ACX 2100/2200 are used as ingress PE routers for Layer 2 circuit connections, and the PE-CE interface (UNI) is an aggregated Ethernet interface, then upon MPLS path switchover, the traffic can get blackholed. PR1194551

• ACX1000/ACX2000/ACX4000 does not support EVPN, therefore this PR removes EVPN CLI on these platforms. PR1208248

• Under certain scenarios, if VPLS instances and Layer 3 NNI interfaces are deleted together in the same commit, then a traffic duplication is observed for the VPLS traffic. To avoid such instances, it is recommended to delete or deactivate the Layer 3 NNI interfaces and VPLS instances in separate commits. PR1260156

• Junos CLI show class-of-service interfaces queue <ifl> does not display Queue buffer usage per logical interface. However the same can be viewed using PFE shell command. PR1272822

• In normal/software MAC learning mode, when incremental MAC traffic of higher range then the profile is received then after feb restart the MAC entries will not been seen in the software CLI alone though present in the hardware table. PR1277436

• OCM 100FX SFPs o with this part No. are not supported in this release. PR1279202

• On ACX5000, the buffer is corrupted on port 0 (*/*/0) and error message MACDRAINTIMEOUT and dcbcm_check_stuck_buffers are observed, which could eventually lead to port 0 (*/*/0) flapping. PR1284590

• There is a conflict when LACP packet comes in untagged/prio-tagged VPLS IFL. In the earlier stage of pipeline, filter entry to snoop LACP packet takes higher precedence over filter entry to assign SVP/SrcGport for untagged/prio-tagged VPLS IFL. Since the "interface-speicific/input-list" firewall matches SVP/SrcGport in later stage of pipeline, the LACP packets are not hitting the firewall. PR1346380

• IFL classifier info should not be shown in output of show class-of-service interface <ifd> on ACX5000. PR1353828

• As part of the pic_periodic, before setting the port to master/slave mode, AN bit is checked if AN is complete and this would return if AN is still in progress. Since An was disabled, this port wasn't set to either mode and this was going on in a loop causing the CPU to go high. PR1360844

• The remote fault signalling is not supported for 1G fiber SFP during Auto-negotiation. Therefore in releases without the fix of this PR, we get cosmetic log error under show interfaces extensive Link partner: Link mode: Full-duplex, Flow control: None, Remote fault: Down, Reason: Link partner offline. RFI ignored since AN is in default mode. PR1362490

• Because of a race condition, in which the class-of-service configuration request for an interface is received before the e1-interface is created, a circuit with specified class-of-service parameters is created. Because of this, the interface creation fails resulting in traffic not flowing on the e1-interface and then (if e1-interfaces are further disabled or enabled) a core file is generated. PR1378747

• On Junos OS Release 17.3 and later releases, ACX5000, Packet Forwarding Engine syslog frequently shows the following errors messages: acx_cos_tcp_bind_queues:736 parent acx_cos_tcp_ifd for ifd:ae0 doesn't exist for ifl:549 In 17.3R3-S1. The error logs appear only from time to time, and this can be related with an interface flap. In Junos OS Release 18.1R3, the logs appear constantly, without any interface flap. This message is related to HCOS checking (even without HCOS configured). In software fix, we should check if the aggregate interface has HCOS configured or not. If not, we should return gracefully from this function without throwing this error. This is a harmless message. PR1392088

• On ACX1000/2000/4000/5048/5096 platforms, after a new child IFL with VLAN and filter is added on an aggregated Ethernet IFD or changing the VLAN ID of a child IFL with filter, traffic over the AE IFD might get filtered with that filter on the child IFL. For example: ae-0/0/0 is an IFD and ae-0/0/0.100 is an IFL. PR1407855

• The optic comes with Tx enabled by default. As the port is administratively disabled, the port is stopped but as the port has not been started, it does not disable Tx. PR1411015

• Interface with SFP-1FE-FX transceiver optic (740-021487) does not come UP on ACX series routers. PR1439384

Interfaces and Chassis

• When an unnumbered interface is binding to an interface which has more than one IP address and one of the IPs is deleted, the family inet of the unnumbered interface might get deleted. The issue results in traffic loss for all the services that rely on the family inet of the unnumbered interface. Configure preferred-source-address on the unnumbered interface will prevent deletion of the IP hence avoiding the deletion of the family inet of the unnumbered interface. PR1412534

Layer 2 Features

• In DHCP relay scenario, if the device (DHCP relay) receives a request packet with option 50 where the requested IP address matches the IP address of an existing subscriber session, such request packet would be dropped. In such a case the subscriber may need more time to get IP address assigned. The subscriber may remain in this state until it's lease expires if it has previously bound with the address in the option 50. PR1435039

MPLS

• Dynamically configured RSVP LSPs for LDP link protection might not come up after disabling/enabling protocol MPLS. PR1432138

Routing Protocols

• With IS-IS configured and in a very rare case, memory corruption might occur, this might cause rpd crash continuously. PR1455432

Virtual Chassis

• ACX5000 reports false parity error messages such as soc_mem_array_sbusdma_read. The ACX5000 SDK might raise false alarms for parity error messages such as soc_mem_array_sbusdma_read. This is a false positive error message. PR1276970

Resolved Issues

• Resolved Issues: 17.4R3

• Resolved Issues: 17.4R2

• Resolved Issues: 17.4R1

Resolved Issues: 17.4R3

Class of Service (CoS)

• CoS is incorrectly applied on Packet Forwarding Engine, leading to an egress traffic drop. PR1329141

• Firewall process crash might be seen with Multifield Classifier configuration. PR1436894

General Routing

• SNMP MIB walk/get/set on jnxDomCurrentTable and jnxDomNotifications might fail on ACX platforms. PR1076943

• On ACX5000 platform, if scaled logical interfaces exist, the logical interfaces might not all come up. PR1229492

• The 1G copper module interface shows Link-mode: Half-duplex on QFX10000 line platforms. PR1286709

• Incorrect packet statistics are reported in the ifHCInUcastPkts OID. PR1306656

• ACX Series routers support from dual-tagged through untagged packets Layer 3 traffic. PR1307666

• Port XE-0/3/0 did not turn up. PR1328207

• bcmDPC task is high eventhough Interuppt START_BY_START flag set to 0. PR1329656

• The fxpc process might use high CPU on ACX5000 after upgrade. PR1360452

• On a ACX ring topology, after link between ACX and MX flap, VPLS RI on PE (MX) have no MAC of CE over layer 2 circuit. PR1360967

• ARP reply drops when you add temporal buffer-size on the NNI interface. PR1363153

• Commit error is seen when configuring mac-table-size under bridge domain after the upgrade to Junos OS Release 15.1R7. PR1364811

• ACX5000: fpc0 (acx_rt_ip_uc_lpm_install:LPM route add failed) Reason : Invalid parameter after configuring lpm-profile. PR1365034

• VPLS with "vlan-id-list" is not working properly in some releases when the link between a PE device and a CE device is an aggregated Ethernet interface with a single member link and child physical interface flap. PR1365894

• The fxpc might crash after an interface is changed on ACX5000 routers. PR1378155

• The Layer 2circuit might stop forwarding traffic when one core interface flapping happens. PR1381487

• The DMA failure errors might be seen when the cache flush or the cache is full. PR1383608

• On ACX led on GE interface goes down when speed 10M is added. PR1385855

• On ACX Series platforms the forwarding-option dhcp-relay forward-only knob stops working and the DHCP packets are dropped. PR1392261

• Certain builds of Junos OS do not allow you to upgrade or commit configuration changes when the SI service interface is used. PR1393729

• [ACX] MTU is not properly applied - and output of - ping mpls l2circuit sweep is giving lower values than expected. PR1393947

• ACX5048 rpm rfc2544-benchmarking test failing to start. PR1395730

• FPC might crash after offline or online MIC-3D-16CHE1-T1-CE-H. PR1402563

• ACX drops DNS responses which contain an underscore. PR1410062

• VPLS traffic might stop across ACX5000 with the aggregated Ethernet interface. PR1412042

• Junos PCC might reject PCUpdate/PCCreate message if there is metric type other than type 2. PR1412659

• Number of inet-arp policers implemented on ACX 5000 has been increased from 16 to 64. PR1413807

• The swap memory is not initialized on boot on ACX5048/5096. PR1415898

• CoS table error can sometimes cause traffic outages and SNMP timeouts if the optic is plugged out and inserted back in. PR1418696

• High CPU usage on fxpc process might be seen on ACX5000 platform. PR1419761

• The FPC/fxpc crash might be observed on ACX platforms. PR1427362

• The l2cpd process might crash and generate a core dump when interfaces are flapping. PR1431355

• In ACX platforms, no-vrf-propagate-ttl might not work after activate or deactivate of CoS configuration. PR1435791

• In ACX Series, auto exported route between VRFs might not reply for ICMP echo requests. PR1446043

• 2circuit with a "backup-neighbor" (hot-standby) configured might stop forwarding traffic after failovers. PR1449681

Layer 2 Features

• The traffic with triple or more 802.1Q tags might fail to forward. PR1415769

Routing Protocols

• ACX5000: console management port device authentication credentials are logged in clear text (CVE-2019-0069). PR1408195

• Loopback address exported into other VRF instance might not work on ACX Series platforms. PR1449410

• MPLS LDP may still use stale MAC of the neighbor even if the LDP neighbor's MAC changes. PR1451217

Services Applications

• The spd might crash when any-ip is configured in the 'from' clause of the NAT rule with the static translation type. PR1391928

Resolved Issues: 17.4R2

Layer 2 Ethernet Services

• DHCPv6 relay ignores replies from server when renewing. PR1354212

Platform and Infrastructure

• On Junos OS, the next-hop index allocation fails and private index space get exhausted through incoming ARP requests to management interface (CVE-2018-0063). PR1360039

• DFW filter related errors seen while running tdm script. PR1175190

• MPLS LSP are being affected due to NH failed to be programmed. PR1195419

• Several error logs are seen on ACX Series router when link in primary path of LSP is flapped. PR1204714

• Transit ARP packets are being punted to the Routing Engine. PR1263012

• Common software fix for PR1204589 and PR1256073 that addresses Traceroute behavior while selecting the source address and adding CLI command for the same to configure the same. PR1279191

• ACX/AMX:fxpc core file is observed during unified ISSU. PR1318771

• On ACX platforms, network events might cause Layer2circuit traffic forwarding to fail with the "Table Full" message. PR1319591

• With auto-installation usb configured, interface related commits might not take effect due to a dcd error. PR1327384

• The major alarm about Fan & PSU Airflow direction mismatch might be seen by removing management cable. PR1327561

• The IPv6 service outage might occur after executing clear ipv6 neighbor. PR1330791

• ACX: Stale filter entries are present in TCAM. PR1334784

• The DHCP negotiations might fail and eventually cause outage if scaling number of DHCP clients reboot at the same time. PR1335957

• Unable to commit multiple ethernet-ring instances on ACX Series routers.PR1337497

• The Arp-reply packet might be dropped in a l2-circuit secondary path when using ieee-802.1 classifier. PR1341126

• [ACX5000] IPv6 /64 route is not installed in Packet Forwarding Engine for VRF routing-instance when lpm prefix-65-127 = disable. PR1341714

• PR to reduce egress-vlan-xlate entries in BD with vlan-id-list. PR1343028

• ACX5000: Traffic destined for specific ip within a subnet gets blackholed. PR1345098

• Filter is not working properly when applied using input-list. PR1346380

• NAT might not work and the spd might crash. PR1346546

• fxpc will crash on PFE command show pfe context_vlan. PR1349721

• ifl classifier info should not be shown in output of show class-of-service interface <ifd> on ACX5000. PR1353828

• On ACX Series routers, ARP policer for IFL is not working. PR1356170

• Memory leak is observed when ACX is under high traffic load. PR1358127

• ACX is incorrectly allowing to configure higher values in burst-size-limit that what the HW support. PR1361482

• [ACX5000] IPsec SA as OSPFv3 authentication is not working in Junos OS Release 16.2R2 and Release 17.3R2. PR1363487

• PCEP delegation-priority might not be honored. PR1365560

• The 'commit' or 'commit check' might fail due to the error cannot have lsp-cleanup-timer without lsp-provisioning. PR1368992

Resolved Issues: 17.4R1

Layer 2 Ethernet Services

• JDHCPD memory leak during dhcp/pppoe login or logout loop. PR1289780

Platform and Infrastructure

• FAN on ACX Series routers intermittently gives FAN Failure alarms. PR1127846

• ACX1100 with midplane part no 650-062965 might fail to initialize FPGA. PR1134335

• Error messages chassisd[1825]: pvidb_get_root_node: Error(2) retrieving rootnode value might be seen. PR1198817

• High CPU utilization is seen due to clksyncd process. PR1238067

• ACX does not forward DHCP-RELAY requests with IRB interface after upgrade. PR1243687

• Tagged/untagged LLDP, LACP packets dropped on VPLS CE facing aggregate Ethernet interface. PR1245242

• The 1G copper module interface shows Link-mode: Half-duplex on QFX10000 line platforms. PR1286709

• ACX2x00-AC is reporting false PEM0 alarms periodically. PR1310488

• Error syslog on output/egress firewall filter on ACX Series routers. PR1316588

• ACX/AMX:fxpc core file is observed during unified ISSU. PR1318771

Documentation Updates

Migration, Upgrade, and Downgrade Instructions

• Upgrade and Downgrade Support Policy for Junos OS Releases

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2 and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3. However, you cannot upgrade directly from a non-EEOL release that is more than three releases ahead or behind.

To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.

For information about software installation and upgrade, see the Installation and Upgrade Guide.