Junos OS Release Notes for ACX Series
These release notes accompany Junos OS Release 17.4R3 for the ACX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.
You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.
New and Changed Features
This section describes the new features and enhancements to existing features in the Junos OS main release and the maintenance releases for ACX Series Universal Metro Routers.
Release 17.4R3 New and Changed Features
There are no new features or enhancements to existing features for ACX Series in Junos OS Release 17.4R3.
Release 17.4R2 New and Changed Features
There are no new features or enhancements to existing features for ACX Series in Junos OS Release 17.4R2.
Release 17.4R1 New and Changed Features
Management
Support for multiple, smaller configuration YANG modules (ACX Series)—Starting in Junos OS Release 17.4R1, the YANG module for the Junos OS configuration schema is split into a root configuration module that is augmented by multiple, smaller modules. The root configuration module comprises the top-level configuration node and any nodes that are not emitted as separate modules. Separate, smaller modules augment the root configuration module for the different configuration statement hierarchies. Smaller configuration modules enable YANG tools and utilities to more quickly and efficiently compile and work with the modules, because they only need to import the modules required for the current operation.
[See Understanding the YANG Modules That Define the Junos OS Configuration.]
Routing Protocols
Enhancements to BGP to support attribute transparency (ACX Series)—Starting with Junos OS Release 17.4R1, BGP feature is enhanced to support attribute transparency for NEXT_HOP, AS_PATH, MULTI_EXIT_DISC, AIGP, and Communities attributes. This feature also provides BGP API enhancements (Add, Get, Modify, Update, Remove, Monitor APIs) to support EBGP and make the route server programmable.
[See BGP Route Server Overview.]
Timing and Synchronization
Enterprise profile for Precision Time Protocol (PTP) (ACX1100 Router)—Starting with Junos OS Release 17.4R1, the enterprise profile, which is based on PTPv2, provides the ability for enterprise and financial markets to timestamp on different systems and to handle a range of latency and delays. The enterprise profile supports the following options:
IPv4 multicast transport
Boundary clocks
512 downstream slave clocks
You can enable the enterprise profile at the [edit protocols ptp profile-type] hierarchy.
Note On ACX Series, the enterprise profile for PTP is supported only on ACX1100 AC router.
Changes in Behavior and Syntax
This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands from Junos OS Release 17.4R3 for the ACX Series Universal Metro Routers.
Management
Changes to Junos OS YANG module naming conventions (ACX Series)—Starting in Junos OS Release 17.4R1, the native Junos OS YANG modules use a new naming convention for the module's name, filename, and namespace. The module name and filename include the device family and the area of the configuration or command hierarchy to which the schema in the module belongs. In addition, the module filename includes a revision date. The module namespace is simplified to include the device family, the module type, and an identifier that is unique to each module and that differentiates the namespace of the module from that of other modules.
Network Management and Monitoring
SNMP syslog messages changed (ACX Series)—In Junos OS Release 17.4R1, two misleading SNMP syslog messages have been rewritten to accurately describe the event:
OLD —AgentX master agent failed to respond to ping. Attempting to re-register
NEW — AgentX master agent failed to respond to ping, triggering cleanup!OLD — NET-SNMP version %s AgentX subagent connected
NEW — NET-SNMP version %s AgentX subagent Open-Sent!
[See the SNMP MIB Explorer.]
Change in default log level setting (ACX Series)—In Junos OS Release, 17.4R1, the following changes were made in default logging levels:
Before this change:
SNMP_TRAP_LINK_UP was LOG_INFO for both the physical (IFD) and logical (IFL) interfaces.
SNMP_TRAP_LINK_DOWN was LOG_WARNING for both the physical (IFD) and logical (IFL) interfaces.
After this change:
IFD LinkUp -> LOG_NOTICE (since this is an important message but less frequent)
IFL LinkUp -> LOG_INFO (no change)
IFD and IFL LinkDown -> LOG_WARNING (no change)
[See the MIB Explorer.]
New context-oid option for trap-options configuration statement to distinguish the traps which come from a non-default routing instance and non-default logical system (ACX Series)—In Junos OS Release 17.4R2, a new option, context-oid, for the trap-options statement allows you to handle prefixes such as <routing-instance name>@<trap-group> or <logical-system name>/<routing-instance name>@<trap-group> as an additional varbind.
[See trap-options.]
The NETCONF server omits warnings in RPC replies when the rfc-compliant statement is configured and the operation returns
<ok/>
(ACX Series)—Starting in Junos OS Release 17.4R3, when you configure the rfc-compliant statement at the [edit system services netconf] hierarchy level to enforce certain behaviors by the NETCONF server, if the server reply after a successful operation includes both an<ok/>
element and one or more<rpc-error>
elements with a severity level of warning, the warnings are omitted. In earlier releases, or when therfc-compliant
statement is not configured, the NETCONF server might issue an RPC reply that includes both an<rpc-error>
element with a severity level of warning and an<ok/>
element.
Platform and Infrastructure
DMA recovery mechanism (ACX Series)—Starting in Junos OS Release 17.4R3, a recovery mechanism has been introduced that is triggered in case the router enters an Idle state on any DMA channels. The recovery mechanism resets the PFE reboot to recover from Idle state.
The following recovery message is logged in the RE syslog message:
CHASSISD_FPC_ASIC_ERROR: <FPC 0> ASIC Error detected errorno 0x0000ffff FPC restart initiated
CHASSISD_IFDEV_DETACH_FPC: ifdev_detach_fpc(0)The following recovery message is logged in the PFE syslog message:
BCM DMA channel error detected
Resetting the PFE
Security
Support to log the SSH key changes—Starting with Junos OS 17.4R1, the configuration statement log-key-changes is introduced at the [edit system services ssh ] hierarchy level. When the log-key-changes configuration statement is enabled and committed (with the commit command in configuration mode), Junos OS logs the changes to the set of authorized SSH keys for each user (including the keys that were added or removed). Junos OS logs the differences since the last time the log-key-changes configuration statement was enabled. If the log-key-changes configuration statement was never enabled, then Junos OS logs all the authorized SSH keys.
Software Licensing
Key generator adds one day to make the duration of license show as 365 days (ACX Series)—Starting in Junos OS Release 17.4R1, the duration of subscription licenses as generated by the show system license command and shown in the output are correct to the numbers of days. Before this fix, for example, for a 1-year subscription license, the duration was generated as 364 days. After the fix, the duration of the 1-year subscription now shows as 365 days.
See show system license.
Subscriber Management and Services
DHCPv6 lease renewal for separate IA renew requests (ACX Series)—Starting in Junos OS Release 17.4R2, the jdhcpd process handles the second renew request differently in the situation where the DHCPv6 client CPE device does both of the following:
Initiates negotiation for both the IA_NA and IA_PD address types in a single solicit message.
Sends separate lease renew requests for the IA_NA and the IA_PD and the renew requests are received back-to-back.
The new behavior is as follows:
When the reply is received for the first renew request, if a renew request is pending for the second address type, the client stays in the renewing state, the lease is extended for the first IA, and the client entry is updated.
When the reply is received for the second renew request, the lease is extended for the second IA and the client entry is updated again.
In earlier releases:
The client transitions to the bound state instead of staying in the renewing state. The lease is extended for the first IA and the client entry is updated.
When the reply is received for the second renew request, the lease is not renewed for the second address type and the reply is forwarded to the client. Consequently, when that lease ages out, the binding for that address type is cleared, the access route is removed, and subsequent traffic is dropped for that address or address prefix.
[See Using DHCPv6 IA_NA with DHCPv6 Prefix Delegation Overview.]
Known Behavior
This section lists known behavior, system maximums, and limitations in hardware and software in Junos OS Release 17.4R3 for the ACX Series.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
General Routing
Shared-buffer maximum default for IFL Queues is 66%, independent of the shared-buffer maximum knob under IFL scheduler configuration. PR1275796
With enterprise profile, with multiple masters configured, PTP servo gets stuck in FREERUN state after the master is failed by disabling the IFL. PR1281798
Error messages seen on loading basic iflset configuration on ACX5000 Junos routers. IFLSet in hierarchical-scheduler is not supported for HCOS in ACX5000. ACX5000 fpc0 ACX_COS_HALP(acx_hqos_update_iflset_stats:xxxx): Invalid Queue index for iflset x ACX5k fpc0 ACX_COS_HALP(acx_hqos_update_iflset_stats:xxxx): Invalid Queue index for iflset y. These log messages are harmless and there is no traffic impact. PR1290166
Known Issues
This section lists the known issues in hardware and software in Junos OS Release 17.4R3 for the ACX Series Universal Metro Routers.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
General Routing
Aggregate interface on ACX Series routers is permanently down after reboot, when link-speed is configured on 12.3X54-D10.6. PR1022248
Forwarding when using non-existing SSM map source address in IGMPv3 instead of pruning. This is a day 1 design issue which needs to be redesigned. The impact is more, but definitely this needs some soaking time in DCB before it gets ported in previous versions. PR1126699
When ACX 2100/2200 are used as ingress PE routers for Layer 2 circuit connections, and the PE-CE interface (UNI) is an aggregated Ethernet interface, then upon MPLS path switchover, the traffic can get blackholed. PR1194551
ACX1000/ACX2000/ACX4000 does not support EVPN, therefore this PR removes EVPN CLI on these platforms. PR1208248
Under certain scenarios, if VPLS instances and Layer 3 NNI interfaces are deleted together in the same commit, then a traffic duplication is observed for the VPLS traffic. To avoid such instances, it is recommended to delete or deactivate the Layer 3 NNI interfaces and VPLS instances in separate commits. PR1260156
Junos CLI show class-of-service interfaces queue <ifl> does not display Queue buffer usage per logical interface. However the same can be viewed using PFE shell command. PR1272822
In normal/software MAC learning mode, when incremental MAC traffic of higher range then the profile is received then after feb restart the MAC entries will not been seen in the software CLI alone though present in the hardware table. PR1277436
OCM 100FX SFPs o with this part No. are not supported in this release. PR1279202
On ACX5000, the buffer is corrupted on port 0 (*/*/0) and error message MACDRAINTIMEOUT and dcbcm_check_stuck_buffers are observed, which could eventually lead to port 0 (*/*/0) flapping. PR1284590
There is a conflict when LACP packet comes in untagged/prio-tagged VPLS IFL. In the earlier stage of pipeline, filter entry to snoop LACP packet takes higher precedence over filter entry to assign SVP/SrcGport for untagged/prio-tagged VPLS IFL. Since the "interface-speicific/input-list" firewall matches SVP/SrcGport in later stage of pipeline, the LACP packets are not hitting the firewall. PR1346380
IFL classifier info should not be shown in output of show class-of-service interface <ifd> on ACX5000. PR1353828
As part of the pic_periodic, before setting the port to master/slave mode, AN bit is checked if AN is complete and this would return if AN is still in progress. Since An was disabled, this port wasn't set to either mode and this was going on in a loop causing the CPU to go high. PR1360844
The remote fault signalling is not supported for 1G fiber SFP during Auto-negotiation. Therefore in releases without the fix of this PR, we get cosmetic log error under show interfaces extensive Link partner: Link mode: Full-duplex, Flow control: None, Remote fault: Down, Reason: Link partner offline. RFI ignored since AN is in default mode. PR1362490
Because of a race condition, in which the class-of-service configuration request for an interface is received before the e1-interface is created, a circuit with specified class-of-service parameters is created. Because of this, the interface creation fails resulting in traffic not flowing on the e1-interface and then (if e1-interfaces are further disabled or enabled) a core file is generated. PR1378747
On Junos OS Release 17.3 and later releases, ACX5000, Packet Forwarding Engine syslog frequently shows the following errors messages: acx_cos_tcp_bind_queues:736 parent acx_cos_tcp_ifd for ifd:ae0 doesn't exist for ifl:549 In 17.3R3-S1. The error logs appear only from time to time, and this can be related with an interface flap. In Junos OS Release 18.1R3, the logs appear constantly, without any interface flap. This message is related to HCOS checking (even without HCOS configured). In software fix, we should check if the aggregate interface has HCOS configured or not. If not, we should return gracefully from this function without throwing this error. This is a harmless message. PR1392088
On ACX1000/2000/4000/5048/5096 platforms, after a new child IFL with VLAN and filter is added on an aggregated Ethernet IFD or changing the VLAN ID of a child IFL with filter, traffic over the AE IFD might get filtered with that filter on the child IFL. For example: ae-0/0/0 is an IFD and ae-0/0/0.100 is an IFL. PR1407855
The optic comes with Tx enabled by default. As the port is administratively disabled, the port is stopped but as the port has not been started, it does not disable Tx. PR1411015
Interface with SFP-1FE-FX transceiver optic (740-021487) does not come UP on ACX series routers. PR1439384
Interfaces and Chassis
When an unnumbered interface is binding to an interface which has more than one IP address and one of the IPs is deleted, the family inet of the unnumbered interface might get deleted. The issue results in traffic loss for all the services that rely on the family inet of the unnumbered interface. Configure preferred-source-address on the unnumbered interface will prevent deletion of the IP hence avoiding the deletion of the family inet of the unnumbered interface. PR1412534
Layer 2 Features
In DHCP relay scenario, if the device (DHCP relay) receives a request packet with option 50 where the requested IP address matches the IP address of an existing subscriber session, such request packet would be dropped. In such a case the subscriber may need more time to get IP address assigned. The subscriber may remain in this state until it's lease expires if it has previously bound with the address in the option 50. PR1435039
MPLS
Dynamically configured RSVP LSPs for LDP link protection might not come up after disabling/enabling protocol MPLS. PR1432138
Routing Protocols
With IS-IS configured and in a very rare case, memory corruption might occur, this might cause rpd crash continuously. PR1455432
Virtual Chassis
ACX5000 reports false parity error messages such as soc_mem_array_sbusdma_read. The ACX5000 SDK might raise false alarms for parity error messages such as soc_mem_array_sbusdma_read. This is a false positive error message. PR1276970
Resolved Issues
This section lists the issues fixed in the Junos OS main release and the maintenance releases.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
Resolved Issues: 17.4R3
Class of Service (CoS)
CoS is incorrectly applied on Packet Forwarding Engine, leading to an egress traffic drop. PR1329141
Firewall process crash might be seen with Multifield Classifier configuration. PR1436894
General Routing
SNMP MIB walk/get/set on jnxDomCurrentTable and jnxDomNotifications might fail on ACX platforms. PR1076943
On ACX5000 platform, if scaled logical interfaces exist, the logical interfaces might not all come up. PR1229492
The 1G copper module interface shows Link-mode: Half-duplex on QFX10000 line platforms. PR1286709
Incorrect packet statistics are reported in the ifHCInUcastPkts OID. PR1306656
ACX Series routers support from dual-tagged through untagged packets Layer 3 traffic. PR1307666
Port XE-0/3/0 did not turn up. PR1328207
bcmDPC task is high eventhough Interuppt START_BY_START flag set to 0. PR1329656
The fxpc process might use high CPU on ACX5000 after upgrade. PR1360452
On a ACX ring topology, after link between ACX and MX flap, VPLS RI on PE (MX) have no MAC of CE over layer 2 circuit. PR1360967
ARP reply drops when you add temporal buffer-size on the NNI interface. PR1363153
Commit error is seen when configuring mac-table-size under bridge domain after the upgrade to Junos OS Release 15.1R7. PR1364811
ACX5000: fpc0 (acx_rt_ip_uc_lpm_install:LPM route add failed) Reason : Invalid parameter after configuring lpm-profile. PR1365034
VPLS with "vlan-id-list" is not working properly in some releases when the link between a PE device and a CE device is an aggregated Ethernet interface with a single member link and child physical interface flap. PR1365894
The fxpc might crash after an interface is changed on ACX5000 routers. PR1378155
The Layer 2circuit might stop forwarding traffic when one core interface flapping happens. PR1381487
The DMA failure errors might be seen when the cache flush or the cache is full. PR1383608
On ACX led on GE interface goes down when speed 10M is added. PR1385855
On ACX Series platforms the forwarding-option dhcp-relay forward-only knob stops working and the DHCP packets are dropped. PR1392261
Certain builds of Junos OS do not allow you to upgrade or commit configuration changes when the SI service interface is used. PR1393729
[ACX] MTU is not properly applied - and output of - ping mpls l2circuit sweep is giving lower values than expected. PR1393947
ACX5048 rpm rfc2544-benchmarking test failing to start. PR1395730
FPC might crash after offline or online MIC-3D-16CHE1-T1-CE-H. PR1402563
ACX drops DNS responses which contain an underscore. PR1410062
VPLS traffic might stop across ACX5000 with the aggregated Ethernet interface. PR1412042
Junos PCC might reject PCUpdate/PCCreate message if there is metric type other than type 2. PR1412659
Number of inet-arp policers implemented on ACX 5000 has been increased from 16 to 64. PR1413807
The swap memory is not initialized on boot on ACX5048/5096. PR1415898
CoS table error can sometimes cause traffic outages and SNMP timeouts if the optic is plugged out and inserted back in. PR1418696
High CPU usage on fxpc process might be seen on ACX5000 platform. PR1419761
The FPC/fxpc crash might be observed on ACX platforms. PR1427362
The l2cpd process might crash and generate a core dump when interfaces are flapping. PR1431355
In ACX platforms, no-vrf-propagate-ttl might not work after activate or deactivate of CoS configuration. PR1435791
In ACX Series, auto exported route between VRFs might not reply for ICMP echo requests. PR1446043
2circuit with a "backup-neighbor" (hot-standby) configured might stop forwarding traffic after failovers. PR1449681
Layer 2 Features
The traffic with triple or more 802.1Q tags might fail to forward. PR1415769
Routing Protocols
ACX5000: console management port device authentication credentials are logged in clear text (CVE-2019-0069). PR1408195
Loopback address exported into other VRF instance might not work on ACX Series platforms. PR1449410
MPLS LDP may still use stale MAC of the neighbor even if the LDP neighbor's MAC changes. PR1451217
Services Applications
The spd might crash when any-ip is configured in the 'from' clause of the NAT rule with the static translation type. PR1391928
Resolved Issues: 17.4R2
Layer 2 Ethernet Services
DHCPv6 relay ignores replies from server when renewing. PR1354212
Platform and Infrastructure
On Junos OS, the next-hop index allocation fails and private index space get exhausted through incoming ARP requests to management interface (CVE-2018-0063). PR1360039
DFW filter related errors seen while running tdm script. PR1175190
MPLS LSP are being affected due to NH failed to be programmed. PR1195419
Several error logs are seen on ACX Series router when link in primary path of LSP is flapped. PR1204714
Transit ARP packets are being punted to the Routing Engine. PR1263012
Common software fix for PR1204589 and PR1256073 that addresses Traceroute behavior while selecting the source address and adding CLI command for the same to configure the same. PR1279191
ACX/AMX:fxpc core file is observed during unified ISSU. PR1318771
On ACX platforms, network events might cause Layer2circuit traffic forwarding to fail with the "Table Full" message. PR1319591
With auto-installation usb configured, interface related commits might not take effect due to a dcd error. PR1327384
The major alarm about Fan & PSU Airflow direction mismatch might be seen by removing management cable. PR1327561
The IPv6 service outage might occur after executing clear ipv6 neighbor. PR1330791
ACX: Stale filter entries are present in TCAM. PR1334784
The DHCP negotiations might fail and eventually cause outage if scaling number of DHCP clients reboot at the same time. PR1335957
Unable to commit multiple ethernet-ring instances on ACX Series routers.PR1337497
The Arp-reply packet might be dropped in a l2-circuit secondary path when using ieee-802.1 classifier. PR1341126
[ACX5000] IPv6 /64 route is not installed in Packet Forwarding Engine for VRF routing-instance when lpm prefix-65-127 = disable. PR1341714
PR to reduce egress-vlan-xlate entries in BD with vlan-id-list. PR1343028
ACX5000: Traffic destined for specific ip within a subnet gets blackholed. PR1345098
Filter is not working properly when applied using input-list. PR1346380
NAT might not work and the spd might crash. PR1346546
fxpc will crash on PFE command show pfe context_vlan. PR1349721
ifl classifier info should not be shown in output of show class-of-service interface <ifd> on ACX5000. PR1353828
On ACX Series routers, ARP policer for IFL is not working. PR1356170
Memory leak is observed when ACX is under high traffic load. PR1358127
ACX is incorrectly allowing to configure higher values in burst-size-limit that what the HW support. PR1361482
[ACX5000] IPsec SA as OSPFv3 authentication is not working in Junos OS Release 16.2R2 and Release 17.3R2. PR1363487
PCEP delegation-priority might not be honored. PR1365560
The 'commit' or 'commit check' might fail due to the error cannot have lsp-cleanup-timer without lsp-provisioning. PR1368992
Resolved Issues: 17.4R1
Layer 2 Ethernet Services
JDHCPD memory leak during dhcp/pppoe login or logout loop. PR1289780
Platform and Infrastructure
FAN on ACX Series routers intermittently gives FAN Failure alarms. PR1127846
ACX1100 with midplane part no 650-062965 might fail to initialize FPGA. PR1134335
Error messages chassisd[1825]: pvidb_get_root_node: Error(2) retrieving rootnode value might be seen. PR1198817
High CPU utilization is seen due to clksyncd process. PR1238067
ACX does not forward DHCP-RELAY requests with IRB interface after upgrade. PR1243687
Tagged/untagged LLDP, LACP packets dropped on VPLS CE facing aggregate Ethernet interface. PR1245242
The 1G copper module interface shows Link-mode: Half-duplex on QFX10000 line platforms. PR1286709
ACX2x00-AC is reporting false PEM0 alarms periodically. PR1310488
Error syslog on output/egress firewall filter on ACX Series routers. PR1316588
ACX/AMX:fxpc core file is observed during unified ISSU. PR1318771
Documentation Updates
There are no errata or changes in Junos OS Release 17.4R3 for the ACX Series documentation.
Migration, Upgrade, and Downgrade Instructions
This section contains the upgrade and downgrade support policy for Junos OS for the ACX Series Universal Metro Routers. Upgrading or downgrading Junos OS might take several minutes, depending on the size and configuration of the network.
For information about software installation and upgrade, see the Installation and Upgrade Guide.
Upgrade and Downgrade Support Policy for Junos OS Releases
Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.
You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2 and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3. However, you cannot upgrade directly from a non-EEOL release that is more than three releases ahead or behind.
To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.
For more information about EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.
For information about software installation and upgrade, see the Installation and Upgrade Guide.