Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for MX Series 5G Universal Routing Platform

 

These release notes accompany Junos OS Release 18.4R1 for the MX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

New and Changed Features

This section describes the new features and enhancements to existing features in Junos OS Release 18.4R1 for the MX Series routers.

Hardware

  • Smart SFP and smart SFP+ support (MX Series)—Starting in Junos OS Release 18.4R1, the smart SFP transceivers and smart SFP+ transceiver in Table 1 and Table 2 are supported on the listed MX Series routers.

    Table 1: SFP Transceiver Support on the MX Series

    SFP Model

    Supported MPCs, MICs, and Platforms

    SFP-GE-TDM-T1

    SFP-GE-TDM-T1

    SFP-GE-TDM-T1

    SFP-GE-TDM-T1

    SFP-GE-TDM-STM4

    Supported MPCs:

    • MX-MPC1E-3D (with MIC)

    • MX-MPC1E-3D-Q (with MIC)

    • MX-MPC2E-3D (with MIC)

    • MX-MPC2E-3D-Q (with MIC)

    • MX-MPC2E-3D-NG (with MIC)

    • MX-MPC3E-3D-NG (with MIC)

    Supported MICs:

    • MIC-3D-20GE-SFP

    • MIC-3D-20GE-SFP-E

    • MIC-MACSEC-20GE

    Supported platforms:

    • MX80 (with MIC)

    • MX104 (fixed interfaces as well as MIC)

    • MX240, MX480, and MX960 (with MPC+ MIC)

    Table 2: SFP+ Transceiver Support on the MX Series

    SFP+ Model

    Supported MPCs, MICs, and Platforms

    SFPP-XGE-TDM-STM16

    Supported MPCs:

    • MX-MPC1E-3D (with MIC)

    • MX-MPC1E-3D-Q (with MIC)

    • MX-MPC2E-3D (with MIC)

    • MX-MPC2E-3D-Q (with MIC)

    • MX-MPC2E-3D-NG (with MIC)

    • MX-MPC3E-3D-NG (with MIC)

    Supported MICs:

    • MIC-MACSEC-20GE

    Supported platforms:

    • MX80 (with MIC)

    • MX104 (fixed interfaces as well as MIC)

    • MX240, MX480, and MX960 (with MPC+ MIC)

Authentication, Authorization and Accounting (AAA) (RADIUS)

  • Support for password change policy enhancement (MX Series)—Starting in Junos OS Release 18.4R1, the Junos OS password change policy for local user accounts is enhanced to comply with additional password policies. As part of the policy improvement, you can configure the following:

    • maximum-lifetime-value—The maximum duration of a password. The password expires after the maximum is reached.

    • minimum-lifetime-value—The minimum duration of a password. You cannot change the password until the minimum duration is reached.

    [See password.]

Class of Service (CoS)

  • Support for 5-level hierarchical CoS with dynamic interface-set over dynamic interface-set (MX Series) — Starting with Junos OS 18.4R1, 5-level hierarchical CoS with the ability to configure dynamic interface sets over dynamic interface sets is supported on NG-MPC2E, NG-MPC3E, MPC5, and MPC7 line cards.

    [See stacked-interface-set (Dynamic Profiles).]

  • Support for dynamic and static logical interfaces in the same dynamic interface-set (MX Series) — Starting with Junos OS 18.4R1, you can apply dynamic and static logical interfaces in the same dynamic interface set on all MPCs that support 4 and 5-level hierarchical CoS.

    [See Understanding Hierarchical CoS for Subscriber Interfaces.]

EVPN

  • Support for VMTO for ingress traffic (MX Series)—Starting in Junos OS Release 18.4R1, you can configure a leaf or spine device that is configured as a Layer 3 gateway to support virtual machine traffic optimization (VMTO) for ingress traffic. VMTO eliminates the unnecessary ingress routing to default gateways when a virtual machine is moved from one data center to another.

    To enable VMTO, configure remote-ip-host routes at the [edit routing-instances routing-instance-name protocols evpn] hierarchy level. You can also filter out the unwanted routes by configuring an import policy under the remote-ip-host routes option.

    [See Configuring EVPN Routing Instances.]

  • Support for multihomed proxy advertisement (MX Series)—Starting in Junos OS Release 18.4R1, Junos now provides enhanced support to proxy advertise the MAC address and IP route entry from all leaf devices that are multihomed to a CE device. This can prevent traffic loss when one of the connections to the leaf device fails. To support the multihomed proxy advertisement, all multihomed PE devices should have the same multihomed proxy advertisement bit value. The multihomed proxy advertisement feature is enabled by default, and Junos OS uses the default multihomed proxy advertisement bit value of 0x20.

    [See EVPN Multihoming Overview.]

  • Automatically Generated and Assigned Ethernet Segment Identifiers in EVPN-VXLAN and EVPN-MPLS Networks (MX240, MX480, QFX5100, QFX5110)—Starting with Junos OS Release 18.4R1, you can configure aggregated Ethernet interfaces and aggregated Ethernet logical interfaces on which Link Aggregation Control Protocol (LACP) is enabled to automatically generate and assign Ethernet segment identifiers (ESIs) to themselves. We support this feature in the following environments:

    • On MX240 or MX480 routers that are multihomed in active-standby or active-active mode in an EVPN-MPLS network.

    • On QFX5100 or QFX5110 switches that are multihomed in active-active mode in an EVPN-VLAN network.

  • MLD snooping support for EVPN-MPLS (MX Series and vMX)—Starting with Junos OS Release 18.4R1, you can configure Multicast Listener Discovery (MLD) protocol snooping on MX Series routers with MPCs and vMX routers in an EVPN over an MPLS network. Enabling MLD snooping helps to constrain IPv6 multicast traffic to interested receivers in a broadcast domain. Multicast sources and receivers in the EVPN instance (EVI) can each be single-homed to one provider edge (PE) device or multihomed in active/active mode to multiple PE devices.

    MLD snooping support in this environment includes:

    • MLDv1 with any-source multicast (*,G)

    • MLDv2 with either any-source multicast (*,G) or source-specific multicast (S,G)

    • MLD state synchronization among multihoming PE devices using BGP EVPN Type 7 (Join Sync Route) and Type 8 (Leave Sync Route) network layer reachability information (NLRI)

    • Inclusive multicast forwarding from the ingress PE device into the EVPN core to reach all other PE devices

    • Forwarding across bridge domains (VLANs) using IRB interfaces and PIM operating in passive and distributed designated router (PIM-DDR) modes

    • Forwarding from sources or to receivers external to the data center using PIM-to-MLD proxy mode translation and BGP EVPN Type 6 (Selective Multicast Ethernet Tag (SMET)) routes

  • Assisted Replication in data centers with EVPN-VXLAN overlay networks (MX Series and QFX Series)—Starting in Junos OS Release 18.4R1, MX Series routers and QFX Series switches support assisted replication (AR) in data centers with EVPN-VXLAN networks to optimize replication of BUM traffic being forwarded into the EVPN core. Instead of flooding BUM traffic using ingress replication, devices configured as AR leaf devices forward the traffic to an AR replicator device that can better handle the replication load, and only the AR replicator device replicates and forwards the traffic to the overlay tunnels. Only QFX Series switches are supported as AR replicator devices.

    AR devices advertise EVPN Type 3 (Inclusive Multicast Ethernet Tag [IMET]) routes that include special AR Type and Flags fields indicating AR device roles. The network can also include devices that do not support AR, which ignore AR routes and use ingress replication to forward BUM traffic toward the EVPN core.

    AR can also be configured with IGMP snooping to further optimize BUM traffic replication and forwarding.

  • Support for graceful restart on EVPN-VXLAN (EX9200, QFX Series, and MX Series)—Starting in Junos OS Release 18.4R1, Junos OS supports graceful restart on EVPN-VXLAN on EX9200 and QFX Series switches and MX Series Routers. Graceful restart allows the device to recover from a routing process restart or Routing Engine switchover without nonstop active routing (NSR) enabled.

    [See NSR and Unified ISSU Support for EVPN Overview.]

Forwarding and Sampling

  • Support for activating or deactivating static routes on the basis of RPM test results (MX Series) —Starting with Junos OS 18.4R1, you can use RPM probes to detect link status, and change the preferred-route state on the basis of the probe results. Tracked routes can be IPv4 or IPv6, and support a single IPv4 or IPv6 next-hop. For example, RPM probes can be sent to an IP address to determine if the link is up, and if so, take the action of installing a static route in the route table . RPM-tracked routes are installed with preference 1 and thus are preferred over any existing static routes for the same prefix.

    [See Configuring RPM Probes, rpm-tracking , and show route rpm-tracking.]

General Routing

  • Avoid jlock hogs by configuring jlock hold time (MX Series)—Starting with Junos OS Release 18.4R1, users can configure a jlock hold time threshold value via sysctl. This helps avoid jlock hogs (tight loops) in ifd_walk by dropping the jlock after the threshold time is reached. The default hold time is 50ms.

    [See sysctl() Function]

High Availability (HA) and Resiliency

  • BFD Client for SR (RE based seamless BFD)—Starting in Junos OS Release 18.4R1, you can configure JUNOS to run Seamless Bidirectional Forwarding Detection (S-BFD) over non-colored segment routing (SR) tunnels and use S-BFD as a fast mechanism to detect path failures. You can configure bfd-liveness-detection at the [edit protocols source-packet-routing segment-list] hierarchy for enabling path-level S-BFD for a segment-list.

  • Resiliency Support for Switch Interface Boards (MX10016)—Starting in Junos OS Release 18.4R1, resiliency support is enabled for Switch Interface Boards (SIBs) on MX10016 routers. Resiliency support enables the device to monitor hardware anomalies which can appear at boot time or at run time. IDEEPROM read failure is an example of boot-time error. Voltage and temperature sensor readings that do not match permissible limits are examples of run-time errors.

Interfaces and Chassis

Junos Telemetry Interface

  • Export of subscriber accounting and dynamic interface and interface-set queue statistics through Junos Telemetry Interface (JTI) (MX Series Routers) —Starting with Junos OS Release 18.4R1, you can export statistics associated with dynamic subscriber interface stacking through remote procedure calls (gRPC). Accurate statistics (actual transit statistics) sensor for the subscriber interface includes IP (total) and IPv6 ingress and egress packets and bytes. Queue statistics for dynamic interface and interface-sets include include counts of transmitted and dropped packets and bytes. The queue statistics sensors are maintained per contributing slot (as in the case with AE). Separate meta-data sensors convey more contextual information about the dynamic interface and interface-sets are available. The meta-data sensors are also eligible for ON_CHANGE streaming.

    To enable subscriber and queue statistics for telemetry, include the subscriber-statistics and queue-statistics statements at the [edit dynamic-profiles profile-name telemetry] hierarchy level.

    [See dynamic-profiles and Guidelines for gRPC Sensors (Junos Telemetry Interface).]

  • Expanded ON_CHANGE support for Junos Telemetry Interface (JTI) (MX960, MX2010, MX2020, PTX5000, PTX1000, and PTX10000)—Starting in Junos OS Release 18.4R1, OpenConfig support through remote procedure call (gRPC) and JTI is extended to support additional ON_CHANGE sensors.

    Periodical streaming of OpenConfig operational states and counters collects information at regular intervals. ON_CHANGE support streams operational states as events (only when there is a change), and is preferred over periodic streaming for time-sensitive missions.

    These paths, previously supporting periodical streaming only, now also support ON_CHANGE streaming:

    • /components/component

    • /components/component/name/

    • /components/component/state/type

    • /components/component/state/id

    • /components/component/state/description

    • /components/component/state/serial-no

    • /components/component/state/part-no

    ON_CHANGE notification will be supported on all the hardware components displayed in the Junos OS CLI operational mode command show chassis hardware.

    To provision a sensor to export data through gRPC, use the telemetrySubscribe RPC to specify telemetry parameters. To enable ON_CHANGE support, configure the sample frequency in the subscription as zero. When you create a subscription using a top-level container as the resource path (for example, /component), leaf devices under the resource path /component with ON_CHANGE support are automatically streamed based on events. Other leaf devices will not be streamed.

    [See Guidelines for gRPC Sensors (Junos Telemetry Interface) and show chassis hardware.]

  • Support for NTF agent (MX240, MX480, MX960, MX2010, MX2020, vMX, PTX1000, PTX5000, and PTX10000)—Junos OS exposes telemetry data over gRPC and UDP as part of the Junos Telemetry Interface (JTI). One way to stream JTI data into your existing telemetry and analytics infrastructure requires managing an external entity to convert the data into a compatible format. Starting in Junos OS Release 18.4R1, the NTF agent feature provides an on-box solution that allows you to configure and customize to which endpoint (such as InfluxDB, Kafka, and OpenTSDB) the JTI data is delivered and in which format (such as AVRO, JSON, and IPFIX) the data is encoded.

    [See NTF Agent Overview]

  • Abstracted fabric interface support on Junos Telemetry Interface (JTI) (MX240, MX480, MX960, MX2008, MX2010, MX2020, and MX-ELM)—Starting with Junos OS Release 18.4R1, JTI sensor support is available for abstracted fabric interfaces. An abstracted fabric interface is a pseudointerface that represents a first class Ethernet interface behavior. JTI sensors will report interface-specific load-balancing and fabric queue statistics. They also will report aggregated statistics across all abstracted fabric interfaces hosted on a source Packet Forwarding Engine of local guest network functions (GNFs) along with the fabric statistics for all traffic ingressing from and egressing to the fabric from that Packet Forwarding Engine.

    JTI sensor support is for both gRPC sensors and native (UDP) sensors. Use the following resource path to configure JTI sensors:

    • /junos/system/linecard/af/usage/

    To provision the sensor to export data through gRPC, use the telemetrySubcribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the Junos Telemetry Interface (JTI).

    For exporting statistics using UDP native sensors, configure parameters at the [edit services analytics] hierarchy level.

    [See sensor (Junos Telemetry Interface), Configuring a Junos Telemetry Interface Sensor (CLI Procedure), and Guidelines for gRPC Sensors (Junos Telemetry Interface).]

  • Enhanced IS-IS sensor support for Junos Telemetry Interface (JTI) (MX960, MX2020, PTX5000, PTX1000, and PTX10000)—Starting in Junos OS Release 18.4R1, JTI supports OpenConfig Version v0.3.3 (from v0.2.1) for resource paths related to IS-IS link-state database (LSDB) streaming. The difference between the two versions results in changes, additions, deletions, or non-support for leafs related to the following IS-IS type length value (TLV) parameters and IS-IS areas:

    • TLV 135: extended-ipv4-reachability

    • TLV 236: ipv6-reachability

    • TLV 22: extended-is-reachability

    • TLV 242: router-capabilities

    • IS-IS interface attributes

    • IS-IS adjacency attributes

    To provision the sensor to export data through gRPC streaming, use the telemetry Subscribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires the OpenConfig and Network Agent packages, both of which are bundled into the Junos image in a default package named junos-openconfig.

    [See Configuring a Junos Telemetry Interface Sensor (CLI Procedure) and Guidelines for gRPC Sensors (Junos Telemetry Interface).]

Layer 2 VPN

  • Group VPN on AMS interface (MX Series)—Starting in Junos OS Release 18.4R1, Junos OS supports load-balancing Group VPN services on AMS interfaces. AMS interfaces are a bundle of interfaces that function as a single interface and can be configured to load-balance traffic among the group members. To configure load balancing of Group VPN services on AMS interfaces, include the ipsec-group-vpn in the [edit services service-set service-set-name] hierarchy level to configure the service set and the load-balancing-option statements in the service-interface hierarchy of the AMS interface to enable load balancing.

    For more information on configuring AMS interfaces, see Configuring Aggregated Multiservices Interfaces.

    [See Group VPNv2 Overview.]

MPLS

  • Track IGP metric for install prefixes—Starting in Junos OS Release 18.4R1, you can let the install prefixes follow the metric of their corresponding IGP prefix so that the various RSVP protocol routes installed for the LSP may now each have their indivdual metric value. The install-prefix IGP metric tracking feature can be configured for all LSPs at the [edit protocols mpls] level or on a per-LSP basis at the [edit protocols mpls label-switched-path] level.

  • Support for IP-based filtering and port mirroring of MPLS traffic (MX Series with MPC and MIC)—Starting in Junos OS Release 18.4R1, you can apply inbound and outbound filters for MPLS family based on MPLS-tagged IPv4 and IPv6 parameters using inner payload match conditions, and enable selective port mirroring of MPLS traffic unto a monitoring device.

    To enable IP-based filtering, additional match conditions, such as IPv4 and IPv6 source and destination addresses, protocol, source and destination ports, and IPv4 and IPv6 source and destination prefix list, are added under the MPLS filter term from parameter.

    To enable port mirroring, additional actions, such as port-mirror and port-mirror-instance, are added for all the match conditions under the filter term then parameter.

    [See Understanding IP-Based Filtering and Selective Port Mirroring of MPLS Traffic.]

  • Static egress LSP with IPv6 next-hop (systest-only)—Starting in Junos OS Release 18.4R1, you can configure static LSP on the egress router with the IPv6 as a next­hop address to forward IPv6 traffic. Static LSP supports next­hop indirection and link protection.

Network Management and Monitoring

  • New major alarms on MX Series routers with MPC1 and MPC2—Starting in Junos OS Release 18.4R1, on MX Series routers with MPC1 and MPC2 line cards, a major chassis alarm is raised when the following transient hardware errors occur:

    • CPQ Sram parity error

    • CPQ RLDRAM double bit ECC error

    In the Description column of show chassis alarm outputs, these errors are described as 'FPC <slot number> Major Errors'. See an example below:

    user@host> show chassis alarms

    By default, these errors result in the Packet Forwarding Engine interfaces on the FPC being disabled. You can use the show chassis fpc errors command to view the default or user-configured action that resulted from the error.

    You can check the syslog messages to know more about the errors. See the following examples:

    To resolve the error, restart the line card. If the error is still not resolved, open a support case using the Case Manager link at https://www.juniper.net/support/ or call 1-888-314-JTAC (within the United States) or 1-408-745-9500 (from outside the United States).

  • Support for Junos Space Service Now (MX10016)—Starting in Junos OS Release 18.4R1, MX10016 routers s support Junos Space Service Now. The Junos Space Service Now is an application that runs on the Junos Space Network Management Platform to automate fault management and accelerate issue resolution.

    See [Junos Space Service Now].

Operation, Administration, and Maintenance (OAM)

  • Support for Inline Link Fault Management (MX Series routers)—Starting in Junos OS Release 18.4R1, Junos OS supports inline mode for OAM Link Fault Management (LFM) on MX Series routers. Inline LFM delegates the transmission and receipt of LFM keepalive packets from the periodic packet management (ppm) process on the line-card to the forwarding ASIC (that is, to the hardware). Inline LFM reduces the load on the ppm process and can support LFM in-service software upgrade (ISSU) for non-juniper peers (for a keepalive interval of 1 second). You can enable inline LFM by including the hardware-assisted-keepalives configuration statement at the edit protocols oam ethernet link-fault-management hierarchy level. To disable inline LFM, delete the hardware-assisted-keepalives statement. The show oam ethernet link-fault-management detail command displays the keepalive packet statistics. Starting from 18.4R1, when inline LFM is enabled, the keepalive packet statistics are not updated. In earlier releases, the show oam ethernet link-fault-management detail command displayed the keepalive packet statistics.

    [See Enabling Inline Transmission of LInk Fault Management Keepalives for Maximum Scaling.]

Routing Policy and Firewall Filters

  • Support next-filter as a firewall filter action (MX Series)—Starting in Junos OS Release 18.4R1, firewall filters can be configured to execute a sequence of firewall filter actions. The new next-filter option allows you to deploy a filter list and run a series of filters, similar to what is already available with next-term actions, and provides filter scale optimization. Up to eight filters can be chained in this way. The feature is not supported on logical systems, or on loopback and pseudo interfaces.

    You can use a filter list to implement a mix of multifield-classification and firewall filter rules. For example, the first filter in the list can be used to perform a generic filter classification, and the subsequent filters can then do the actual filtering.

    [See input-chain and output-chain.]

  • Filter-based GRE encapsulation (MX Series)—Starting in Junos OS Release 18.4R1, you can use tunnel-end-point commands to enable line-rate, filter-based, GRE tunneling of IPv4 and IPv6 payloads across IPv4 networks.

    This GRE encapsulation is not supported for logical systems or for MPLS traffic, and the route lookup for GRE encapsulated traffic is supported on the default routing instance only.

    The following commands are introduced for this feature:

    set firewall tunnel-end-point tunnel-name gre

    set firewall tunnel-end-point tunnel-name ipv4

    set firewall tunnel-end-point tunnel-name ipv6

    [See tunnel-end-point and Filter-Based Tunneling Across IPv4 Networks.]

Routing Protocols

  • Support for BGP flowspec redirect to IP (MX Series)—Starting in Junos OS Release 18.4R1, BGP flow specification as described in BGP Flow-Spec Internet draft draft-ietf-idr-flowspec-redirect-ip-02.txt, Redirect to IP Action is supported. Redirect to IP action provides traffic filtering options for DDoS mitigation in service provider networks. This feature is required to support service chaining in virtual service control gateway (vSCG). Redirect to IP action allows to divert matching flow specification traffic to a globally reachable address.

    To configure a static IPv4 flow specification route include the redirect ipv4-address statement at the [edit routing-options flow route then] hierarchy level in the configuration.

    To configure a static IPv6 specification route include the redirect ipv6-address statement at the [edit routing-options flow route then] hierarchy level in the configuration.

    Junos OS advertises redirect to IP flow specification action using the extended community by default.

    To configure legacy flow specification redirect to IP specified in the internet draft draft-ietf-idr-flowspec-redirect-ip-00.txt , BGP Flow-Spec Extended Community for Traffic Redirect to IP Next Hopinclude legacy-redirect-ip-action at the [edit group bgp-group neighbor bgp neighbor family inet flow] hierarchy level.

    To configure BGP to use VRF.inet.0 table to resolve VRF flow specification routes include secondary-independent-resolution statement at the [edit protocols bgp neighbor family flow] hierarchy level.

  • Support for 64 add-path BGP routes (MX Series)—Starting in Junos OS Release 18.4R1, support is extended to 64 add-path BGP routes. Currently Junos OS supports six add-path routes and BGP can advertise upto 20 add-path routes through policy configuration. This feature allows BGP to advertise 64 add-path routes and a second best ECMP path as a backup in addition to the multiple ECMP paths.

    To advertise all add-paths up to 64 add-paths or only equal-cost paths, include the path-selection-mode statement at the [edit protocols bgp group group-name family name addpath send] hierarchy level. You cannot enable both multipath and path-selection-mode at the same time.

    To advertise a second best ECMP path as a backup path in addition to the multiple ECMP paths include the include-backup-path bacup_path_name statement at the [edit protocols bgp group group-name family name addpath send]] hierarchy level.

    [See add-path.]

    [See include-backup-path.]

  • Support for BGP egress peer engineering (MX Series)—Starting in Junos OS Release 18.4R1, BGP LS extensions are enhanced to export segment routing topology information to the controller. A centralized controller in a software defined network (SDN) can program any egress peer policy at ingress border routers or at hosts within the domain in a segment routing network. The egress router advertises the peer node SID label for all its peers and the controller advertises these SID labels to the ingress router. Thus the ingress router can select these SID labels to transfer data packets to the egress peers. This implementation can also be used in an inter-domain scenario.

    To configure a peer node SID, include egress-te-node-segment-label at the [edit protocols bgp group group-name neighbor neighbor-name] hierarchy level.

    To configure a peer adjacency SID, include egress-te-adj-segment adj-segment-name at the [edit protocols bgp group group-name neighbor neighbor-name] hierarchy level.

    To create a peer set SID, include egress-te-set-segment set-segment-name label label-name at the [edit protocols bgp] hierarchy level.

  • Support for IPv4 VPN unicast and IPv6 VPN unicast address families in BGP (MX Series)—Starting with Junos OS Release 18.4R1, the following address families are supported to enable advertisement and/or reception of multiple paths to a destination to/from the same BGP peer, instead of advertising/receiving only the active path to/from the same BGP peer, under [edit protocols bgp group group-name] hierarchy.

    • IPv4 VPN unicast (family inet-vpn)

    • IPv6 VPN unicast (family inet6-vpn)

    [See Understanding the Advertisement of Multiple Paths to a Single Destination in BGP.]

  • BGP add path support for eBGP (MX Series)—Starting in Junos OS Release 18.4R1, add path receive is now supported for eBGP under the [edit logical-systems logical-system-name protocols bgp group group-name family family].

Services Applications

  • Support for MPLS-IPv6 inline active flow monitoring (MX Series)—Starting in Junos OS Release 18.4R1 on MX Series routers, you can perform inline flow monitoring for MPLS-IPv6 traffic. Both IPFIX and version 9 templates are supported. If you are running inline flow monitoring on a Lookup (LU) card, you must enable sideband mode to create MPLS-IPv6 flow records.

    [See Configuring Inline Active Flow Monitoring Using Routers, Switches or NFX250.]

  • MX Series Virtual Chassis NAT support on BNG (MX240, MX480, and MX960 routers with MS-MPCs and MS-MICs)—Starting in Junos OS Release 18.4R1, you can configure a two-member MX Series Virtual Chassis to use the Juniper broadband network gateway (BNG) with IPv4-to-IPv4 basic network address translation (NAT), dynamic NAT, static destination NAT, dynamic NAT with port mapping, and stateful NAT64. A two-member MX Series Virtual Chassis configuration supports a maximum of four MS-MPCs and four MS-MICs per Virtual Chassis.

    [See Protocols and Applications Supported by the MS-MIC and MS-MPC.]

  • MX Series Virtual Chassis DS-Lite support (MX240, MX480, and MX960 routers with MS-MPCs and MS-MICs)—Starting in Junos OS Release 18.4R1, you can configure DS-Lite on a two-member MX Series Virtual Chassis. A two-member MX Series Virtual Chassis configuration supports a maximum of four MS-MPCs and four MS-MICs per Virtual Chassis.

    [See Protocols and Applications Supported by the MS-MIC and MS-MPC.]

Software Defined Networking (SDN)

Subscriber Management and Services

  • Limit subscriber sessions per user and access profile (MX Series)—Starting in Junos OS Release 18.4R1, you can configure a limit on the number of sessions that can be active for a given username in an access profile.

    The show network-access aaa statistics session-limit-per-username command displays the number of active sessions and of blocked requests for usernames in each access profile. The clear network-access aaa statistics session-limit-per-username command enables you to clear blocked requests for debugging subscriber session limits.

    [See Understanding Session Options for Subscriber Access.]

  • New BBE statistics collection and management process (MX Series)—Starting in Junos OS Release 18.4R1, the BBE statistics collection and management process, bbe-statsd, is introduced to take advantage of high-performance Routing Engines to increase the frequency of statistics collection and improve statistics processing in highly scaled environments. The bbe-stats-service option has been added to the restart command for restarting this statistics process.

    To collect subscriber and service statistics, you now must enable the actual-transit-statistics statement. If you do not configure this statement, subscriber statistics are not collected; the show subscribers accounting-statistics command displays a value of zero for subscriber statistics; and the subscriber statistics are reported to RADIUS with values of zero.

    [See Enabling the Reporting of Accurate Subscriber Accounting Statistics to the CLI.]

  • Subscriber secure policy information not revealed in core file dumps (MX Series)—Starting in Junos OS Release 18.4R1, subscriber secure policy (SSP) information that might identify subscribers or mediation devices is automatically encrypted when the authd, bbe-smgd, or dfcd process generates core error files. Unauthorized persons examining the error files are unable to view the SSP information. The SSP information that might be present in the core error file includes the source and destination IP address for the mediation device, device ports, and intercept ID. No configuration is required or possible.

    [See Subscriber Secure Policy Overview.]

  • Increased number of IP addresses in DHCPv4 server groups (MX Series)—Starting in Junos OS Release 18.4R1, DHCPv4 server groups support up to 32 active server IP addresses. In earlier releases, only 5 servers are supported.

    [See Configuring Active Server Groups to Apply a Common DHCP Relay Agent Configuration to Named Server Groups.]

  • Address allocation method determines behavior when address pool is deleted or drained (MX Series)—Starting in Junos OS Release 18.4R1, additional checking is performed to determine the subsequent behavior when authd notifies the DHCP process that an address pool is deleted or being drained:

    • When addresses are allocated on demand, the family with the address in that pool is logged out immediately when the pool is deleted, or logged out gracefully by the draining process when a DHCP renew or rebind message is received.

    • When the addresses are preallocated, the addresses for both families are deleted immediately when the pool is deleted, or deleted gracefully by the draining process when a DHCP renew or rebind message is received.

    [See Single-Session DHCP Dual-Stack Overview and Configuring DHCP Local Address Pool Rapid Drain.]

  • Enhanced support for forwarding ACKs from trusted servers (MX Series)—Starting in Junos OS Release 18.4R1, the allow-server-change option of the active-server-group statement enables the DHCPv4 relay agent to forward ACKs to DHCP information request (DHCPINFORM) messages from any server in the active server group to the client. In earlier releases, only ACKs to DHCP request (renew or rebind) messages can be forwarded from trusted servers.

    [See Configuring Active Server Groups to Apply a Common DHCP Relay Agent Configuration to Named Server Groups.]

  • Support for DHCPv6 NotOnLink status code (MX Series)—Starting in Junos OS Release 18.4R1, the DHCPv6 server can return to the client a status code of NotOnLink in the Reply PDU IA field during reauthentication when the subscriber IP or IPv6 address changes. This code means that at least one address in the client’s request IA is not appropriate for the client’s connection link. In earlier releases, only a NoAddrsAvail or NoPrefixAvail status code can be returned when there is an issue with requested addresses.

    [See RADIUS Reauthentication As an Alternative to RADIUS CoA for DHCP Subscribers.]

  • Reassign an in-use address to a new subscriber (MX Series)—Starting in Junos OS Release 18.4R1, you can override IPv4 duplicate address protection by including the reassign-on-match option with the address-protection statement. This enables a new subscriber to be reassigned an address that is currently assigned to an existing subscriber. The new subscriber request is rejected, but the existing subscriber is disconnected. The address is assigned to the new subscriber when it renegotiates the session.

    [See Configuring Duplicate IPv4 Address Protection for AAA.]

  • New predefined variables and RADIUS VSAs for interface and set targeted distribution (MX Series)—Starting in Junos OS Release 18.4R1, when you target an interface or an interface set for distribution on aggregated Ethernet member links, you can use a Junos Networks predefined variable to source the weight value in the Access-Accept message from RADIUS on a per-subscriber basis as an alternative to explicitly configuring weights in the dynamic profile:

    • $junos-interface-target-weight corresponds to Juniper Networks VSA 26-214, Interface-Targeting-Weight.

    • $junos-interface-set-target-weight corresponds to Juniper Networks VSA 26-213, Interface-Set-Targeting-Weight.

    [See Junos OS Predefined Variables That Correspond to RADIUS Attributes and VSAs.]

  • New input-jti-ipfix service agent plug-in (MX Series)—Starting in Junos OS Release 18.4R1, you can configure the new input-jti-ipfix service agent plug-in on a BNG IPFIX mediator to subscribe to and collect data from the local Junos Telemetry Interface. The data is then translated to appropriate IPFIX records for export to an IPFIX collector. You can configure the frequency at which the telemetry data is reported.

    [See IPFIX Mediation on the BNG.]

  • Detection and autogeneration of logical interface sets representing logical access nodes (MX Series)—Starting in Junos OS Release 18.4R1, you can configure the router to parse the ANCP Access-Aggregation-Circuit-ID-ASCII attribute (TLV 0x0003). When the TLV string with a # sign, the entire string is a backhaul line identifier. The portion of the string after the # delimiter represents a logical intermediate node (DPU-C or PON tree) in the access network to which the subscriber is attached. This portion is used to set the value of the $junos-aggregation-interface-set-name variable, and is used as the name of a CoS Level 2 interface set that groups subscribers. Enable parsing with the hierarchical-access-network-detection option of the access-line statement.

    [See Detection of Backhaul Line Identifiers and Autogeneration of Intermediate Node Interface Sets.]

  • BGP support over dynamic PPPoE interfaces (MX Series)—Starting in Junos OS Release 18.4R1, BGP is supported over dynamic PPPoE interfaces. PPPoE subscriber clients correspond to BGP neighbors, so you configure the PPPoE subscriber client IP addresses as the BGP neighbor addresses with the [edit protocols bgp group name neighbor] stanza.

    You must enable routing services in both the PPPoE subscriber dynamic profile and the dynamic profile for the underlying VLAN interface with the new routing-service statement. This statement replaces the deprecated routing-services statement.

    You can also selectively enable or disable routing services per subscriber through RADIUS by using the new $junos-routing-services predefined variable. The action is determined by the value of the new Routing-Services VSA (26-212) returned in the RADIUS Access-Accept message.

    [See Junos OS Enhanced Subscriber Management.]

  • Support for Layer 2 services provisioning on the services side of pseudowire service logical interface anchored on redundant logical tunnel interface (MX Series with MPC and MIC)—Starting in Junos OS Release 18.4R1, Layer 2 services provisioning such as bridge and VPLS, is supported on the services side of the pseudowire service logical interface anchored to redundant logical tunnel interface. With this support, the chassis-wide scaling numbers available for the physical interfaces over redundant logical tunnels is extended to pseudowire service interfaces anchored over redundant logical tunnel interfaces.

    [See Layer 2 Services on Pseudowire Service Interface Overview.]

  • Support of single-hop BFD sessions for pseudowire redundant logical interfaces (MX Series)——Junos OS supports inline distribution of single-hop Bidirectional Forwarding Detection [protocol] (BFD) sessions for pseudowire subscriber logical tunnel interfaces by default, as these interfaces are anchored on a single Flexible PIC Concentrator (FPC). With pseudowire redundant logical interfaces, the member logical tunnel interfaces can be hosted on different linecards. As a result, single-hop BFD sessions are operated in a centralized mode because the distribution address is not available for these logical interfaces.

    Starting in Junos OS Release 18.4R1, the support for inline distribution of single-hop BFD sessions is extended to pseudowire subscriber over redundant logical tunnel interfaces, thereby improving the scaling (number of sessions) and performance (detection time) of single-hop BFD sessions.

    [See Anchor Redundancy Pseudowire Subscriber Logical Interfaces Overview.]

System Management

  • Secure copy (scp) support on Junos OS CLI with the ”source address” and ”routing instance” options (MX240, MX480, MX960, MX2010, MX2020, and vMX)— Starting in Junos OS Release 18.4R1, MX Series routers support scp command from the CLI, along with two additional options source address and routing instance. The source address option specifies the local address to use in originating the connection and routing instance option specifies the name of routing instance for the scp session. These two options are also added in the following CLI commands where the scp URL is supported: file copy, file archive, save, show|save, show|compare, load merge, load override, load patch, load replace, load set, and load update. The functionality of these commands will remain the same with the “source address” and “routing instance” options added.

    Note

    SCP command is available under operational mode and configuration mode.

    [See scp .]

VPN

  • Support to control traceroute over Layer 3 VPN (MX Series)—Starting in Junos OS Release 18.4R1, in a Layer 3 VPN topology with vrf-table-label configured and multiple customer edge (CE) routers configured in the same VPN routing and forwarding (VRF) routing instance, when traceroute is performed to a remote provider edge (PE) router for a CE-facing network, the ICMP time exceeded packet determines the correct IP address as the source address.

    To control the traceroute over Layer 3 VPN topology with vrf-table-label configured and multiple CE routers configured in the same VRF, you can configure allow-l3vpn-traceroute-src-select at the[edit system] hierarchy level that determines the correct IP source address by reviewing the destination routing instance and destination IP address.

    [See allow-l3vpn-traceroute-src-select.]

Changes in Behavior and Syntax

This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands from Junos OS Release 18.4R1 for MX Series routers.

General Routing

  • Zero MAC address (00:00:00:00:00:00) treated as "my mac" (MX-Series)—When an Ethernet packet arrives in ingress, pre-classifier engine will perform a lookup of MAC address. If the MAC address matches an entry in the pre-classifier Ternary Content Addressable Memory (TCAM) and the entry has “my mac” attribute, pre-classifier engine will set the “my mac” bit in the cookie prepended to the incoming packet. In current implementation, MAC address “00:00:00:00:00:00” (zero MAC) is programmed as default value for “my mac” TCAM entries when the pre-allocated entries are not used or configured. Hence the packets with zero MAC are marked as “my mac” in the packet cookie. Forwarding engine will check “my mac” bit in the packet cookie. If “my mac” bit is 0, the packet will be dropped. If “my mac” bit is 1, further L2, L3, MPLS lookup will be performed. The “my mac” behavior is applicable since the day one release.

Interfaces and Chassis

  • On MX Series Routers with the RE-S-X6-64G and RE-MX2K-X8-64G Routing Engines, when the user changes the router configuration on a live system, or when the user deletes an interface that has active traffic, the message select: protocol failure in circuit setup is randomly displayed. However, there is no known functional impact.

  • New option to configure IP address to be used when the Routing Engine is the current master—Starting in Junos OS Release 18.4R1, a new option, master-only, is supported on routers with RE-MX-X6, RE-MX-X8, and RE-PTX-X8 Routing Engines at the following hierarchies:

    • [edit vmhost interfaces management-if interface (0|1) family inet address IPv4 address]

    • [edit vmhost interfaces management-if interface (0|1) family inet6 address IPv6 address]

    In routing platforms with dual Routing Engines and VM host support, the master-only option allows you to configure the IP address to be used for the VM host when the Routing Engine is the current master. The master Routing Engine and the backup Routing Engine can have independent host IP addresses configured. In earlier releases, same IP address would be applied on master and backup Routing Engines resulting in configuration issues.

  • TLV status for Layer 2 protocols (MX460 routers)—Starting in Junos OS Release 18.4R1, Output fields Next-hop and vpls-status is displayed in the show interfaces interface name detail command, only for Layer 2 protocols on MX480 routers.

Junos Flips

  • In Junos OS Release 18.4R1, on MX Series Routers, if you attempt to configure XPN cipher suite (gcm-aes-xpn-128 or gcm-aes-xpn-256) for a connectivity association and attach the connectivity association to an interface on the PIC that does not support XPN cipher suite, then during runtime, a syslog is logged as below (and default non-xpn cipher suite is used):

    macsec_ciphersuite_is_supported MACSec: ifd ifd_id (ifd_name), Cipher suite cipher id (cipher name) NOT SUPPORTED.

MPLS

  • When you configure zero (0) as the bandwidth of an RSVP interface, the bandwidth value is overwritten with the default interface bandwidth, which is the hardware raw bandwidth. This can lead to unexpected behavior in the LSP setup.

    [See bandwidth (Protocols RSVP).]

Network Management and Monitoring

  • SSHD process authentication logs timestamp (MX Series)—Starting in Junos OS Release 18.4R1, the SSHD process authentication logs use only the time zone defined in the system time zone. In the earlier releases, the SSHD process authentication logs sometimes used the system time zone and the UTC time zone.

    [See Overview of Junos OS System Log Messages.]

  • The NETCONF server omits warnings in RPC replies when the rfc-compliant statement is configured and the operation returns <ok/> (MX Series)—Starting in Junos OS Release 18.4R1, when you configure the rfc-compliant statement at the [edit system services netconf] hierarchy level to enforce certain behaviors by the NETCONF server, the server must not return an RPC reply that encloses both an <rpc-error> element and an <ok/> element. If the operation is successful, but the server reply would enclose one or more <rpc-error> elements of severity warning in addition to the <ok/> element, then the warnings are omitted. In earlier releases, or when the rfc-compliant statement is not configured, the NETCONF server might issue an RPC reply that encloses both an <rpc-error> element of severity warning and an <ok/> element.

  • Change in severity level of XQSS errors (MX Series)—Starting in Junos OS Release 18.4R1, on MX series routers with the MPC7E-10G, MPC7E-MRATE, MPC8E, and MPC9E line cards, the severity level of the following errors have been changed from Fatal to Major.

    • XQSS_CMERROR_CPQW_ERR_INT_FSET_SLOW_DEQ_DRY_ERR

    • XQSS_CMERROR_CPQW_ERR_INT_FSET_FAST_DEQ_DRY_ERR

    With this change, the above errors no more cause the entire FPC to go offline by default. Instead, these errors cause the affected Packet Forwarding Engine (PFE) to be disabled, as disable-pfe is the default action associated with Major errors on MX series routers.

    Additionally, the severity level of the correctable error XQSS_CMERROR_CORRECTABLE_MEM_ERR has been changed from Fatal to Minor.

    You can use the commands show chassis errors active detail fpc-slot slot and show chassis fpc errors slot to view more details of, and the default actions associated with, these errors.

    [See show chassis fpc errors.]

Software Defined Networking (SDN)

  • Installation or upgrade using remotely located installation package (MX480, MX960, MX2010, MX2020, MX2008)—While performing Junos installation or upgrade on the base system (BSYS) or guest network function, if you provide a URL to the remotely located installation package (for example, an ftp file) in the command request system software add package-file-path, the router locally copies the package, performs checks such as multi-version compatibility checks on the package, and then installs the package. The installation process is aborted if any errors are found during the checks. Previously, if you tried to perform installation or upgrade using a remotely located file, the router would skip multi-version checks and display an error message, but would not abort the installation process.

    [See Junos Node Slicing Upgrade]

Software Installation and Upgrade

  • ZTP is supported on MX PPC platforms (MX Series)—As of Junos OS Release 17.2R3, zero touch provisioning (ZTP) is supported on MX PPC platforms (which are MX5, MX10, MX40, MX80, and MX104 routers). Before the fix, the ZTP process did not start to load image and configuration for MX PPC routers.

    [See Junos OS Installation Package Names.]

Subscriber Management and Services

  • Flat-file service accounting support ends (MX Series)—Starting in Junos OS Release 18.4R1, flat-file service accounting to a local file is no longer supported. If included in a configuration, it is ignored.

    [See Flat-File Accounting Overview.]

Known Behavior

This section contains the known behavior, system maximums, and limitations in hardware and software in Junos OS Release 18.4R1 for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

General Routing

  • This issue has not been addressed, and it is probably not easy to address either. The problem is, when some route/next hop has been created by the app, it is assumed that it can propagate to the rest of the system. KRT asynchronously picks up this state for propagation. There is no reverse indication to the app, if there was an error in propagating the state. The system is supposed to eventually reconcile. So, if SPRING-TE produces a <route, NH> pair that looks legal from the app standpoint, but KRT is not able to download it to the kernel, because kernel rejected the NH, the <route, NH> sort of gets stuck in rpd. In the meantime, the previous version of the route (L-ISIS in this case) that was downloaded still lingers in the kernel & Packet Forwarding Engine. PR1253778

  • Support for enterprise profile is only provided for 10-Gigabit Ethernet interfaces. Use of 40-Gigabit Ethernet and 100-Gigabit Ethernet interfaces might result in a phase alignment issue. PR1310048

  • Please reach out to the DE for release notes. PR1312047

  • When cmerror disables Packet Forwarding Engine, it does not power off the ea and hmc chips. The periodic continues monitoring the temp on hmc and other devices. If the temp is overheated, the system can take proper actions, such as increase the fan speed or shutdown the systems. The periodic calls hmc_eri_config_access() to get temp readings. It is expected to get ERI timeout continuously in this case. PR1324070

  • Hardware watchdog does not work on QFX10008 and QFX10002-60C/PTX10002-60C. PR1343131

Forwarding and Sampling

  • LTS subscriber statistics are reported to RADIUS. PR1383354

Interfaces and Chassis

  • At JDM install time, each JDM instance generates pseudo random MAC addresses to be used for JDM's own management interface and for the associated GNFs' management interfaces. At GNF creation time, each GNF instance generates pseudo random MAC addresses to be used as the chassis MAC address pool for the forwarding interfaces of that GNF. Once generated, JDM and GNF MAC addresses are persistent, and will only be deleted when the JDM or GNF instance itself is deleted.

    At a GNF, the Junos OS CLI command show chassis mac-addresses can be used to examine its chassis MAC address pool, and the Junos OS CLI command show interfaces fxp0 can be used to examine the MAC address of its management interface.

    At JDM, the CLI command show interfaces jmgmt0 can be used to examine the MAC address of its management interface.

    In case of MAC address duplication across JDM or GNF instances, you must delete and then reinstall the respective JDM or GNF instance and check again for duplication.

  • The two SFP+ ports on the the Routing Control Board (RCB) of an MX2008 router have two port LEDs each - one Link Status LED and one Link Activity LED per port. On an MX2008 router, which is connected to an external x86 server in a Junos Node Slicing setup, behavior of these LEDs with regard to Junos Node Slicing configuration is as follows:

    • The Link Status LEDs and Link Activity LEDs on both the ports are off when Junos Node Slicing is disabled or not configured.

    • When you have configured network-slices on the router (also called base system or BSYS) but have not configured guest network functions (GNFs) on the server, the Link Status LED on each port turns green (steady-glow). In this case, the Link Activity LED on each port is off.

    • When you have configured Junos Node Slicing (including GNFs), the Link Activity LED on each port is amber (blinking), while the Link Status LED on each port remains green (steady-glow).

Platform and Infrastructure

  • On all Junos OS platforms, execution of Python scripts through enhanced automation does not work on veriexec images. PR1334425

  • It is expected to see few transient FI Cell underflow errors during ISSU as long as they do not persist. PR1353904

Known Issues

This section lists the known issues in hardware and software in Junos OS Release 18.4R1 for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Authentication and Access Control

  • On EX4300/EX4600/QFX Series switches except QFX10000, in DHCP security with override no-option82 scenario, if the DHCP packets from DHCP clients are received from the DHCP snooping trust interface (by default, all trunk ports on the switch are trusted), such packets might be sent back on the same interface, resulting in the MAC move of the source MAC on the other Layer 2 devices. PR1369785

EVPN

  • When stitching EVPN-VXLAN to EVPN-MPLS or EVPN-MPLS to EVPN-MPLS instances using the lt-interface or physical loopback, if an IRB interface is used, then IRB ifl mac has to be configured. PR1363935

  • When EVPN is configured with class-of-service-based forwarding (CBF), traffic might be lost for the CBF services. PR1374211

Forwarding and Sampling

  • Match with more than 2 ranges fails on PE/TL for PTX/QFX. PR1221777

  • Heap memory leaks occur on DPC when the flow specification route is changed. PR1305977

  • Whenever bridge firewall filter is configured and accounting is enabled on it, the filter counter is not written to the accounting file. PR1392550

  • On Junos Fusion, ingress policing on SD is broken ( RLI 31142 -- V44: MX+QFX: Ingress policing on AD and SD) set interfaces layer2-policer input-policer <policer-name> is not supported in this release. PR1395217

General Routing

  • When performing a Routing Engine switchover without the support of Non-Stop Routing (NSR), it might occasionally happen that the L2CPD daemon (L2 Control Protocol Daemon) reports a slip in its scheduled run of a few seconds (1 to 10) and a log message will be printed similar to the following: Aug 1 10:41:21 mx9601 l2cpd[32770]: JTASK_SCHED_SLIP: 8 sec scheduler slip, user: 0 sec 2180 usec, system: 0 sec, 2188 usec. This delayed run has neither functionality nor operational effect to any of the Layer 2 protocols controlled by L2CPD because STP task delegates, transmit, or receive bpdus to a separate dedicated PPMD daemon, and LLDP task's transmit or receive PDUs are dealt from the daemon itself but the advertisement-interval is 30 seconds, with hold-timer for neighbors LLDPPDU being 120 seconds, so the time to recover the few seconds of slip is plenty and enough to absorb it. PR1203977

  • Various common situations lead to different views of forwarding information between kernel and Packet Forwarding Engines. For example: fpc7 KERNEL/PFE APP=NH OUT OF SYNC: error code 3 REASON: Next hop add received for an logical interface that does not exist ERROR-SPECIFIC INFO: nh_id=562 , type = Hold, logical interface index 334 does not exist TYPE-SPECIFIC INFO: none. As such so far we have not seen any service impact in MPC2 and MPC3 type cards. PR1205593

    This is a rare race condition of multiple interrupts not being handled properly on MX Series platform with MPC7E, MPC8E, MPC9E and PTX platform with FPC3-PTX-U2 and, FPC3-PTX-U3, which could lead to generating a core file. It is difficult to reproduce. The interrupt code is optimized to avoid the unnecessary call to prevent the issue. PR1208536

  • Packet forwarding traffic might be permanently impacted due to transient memory parity error at the Egress Port Manager (EPM) port-group. Operational impact will be verified and an alarm will be raised with the syslog message READ/WRITE pointers in free pool FIFO stalled. PR1220019

  • It is not possible to collect shmlog entries and statistics on MX5, MX10, and MX40 platforms. The code changes also include improvements which should prevent shmlogctl process core files seen due to a timing issue. PR1297818

  • show dynamic-tunnels database summary would not show accurate tunnels summary during the time anchor Packet Forwarding Engine line card is not in up state. As a workaround, use the following commands: show dynamic-tunnels database and show dynamic-tunnels database terse. PR1314763

  • This RLI 36068 was done to target Oracle use case. Oracle does not use chain-composite. This statement does not bring in a lot of gain since TCNH is based on ingress rewrite premise. Without this statement things work just fine. PR1318984

  • In JDM, (running on secondary server) jdmd process might create core files if GNF add-image is aborted by pressing CTRL-C. PR1321803

  • With regards fpc restarts/Virtual Chassis splits, the design of MX Series Virtual Chassis infra relies on the integrity of the TCP connections and the reactions to failure situation might not handle in graceful way : tcp connection timeout because of jlock hog crossing boundary value (5 seconds) causing bad consequences in MX-Virtual Chassis currently no other easy solutions that would be able to reduce this jlock hog besides enable marker infra in MX-Virtual Chassis setup. Unfortunately, there is no immediate plan on enabling marker as it was causing a lot of issues in MX-Virtual Chassis when we tried to enable it. PR1332765

  • The output of the CLI command show class-of-service fabric statistics now includes traffic that was dropped because of internal errors in the drop counts. PR1338647

  • First packet pertaining to J-Flow Packet Forwarding Engine sensor in UDP mode is missing after line card reboot on PORTER-R platform. PR1344755

  • In some cases, OIR (removal followed by reinsertion) of a MIC on a FPC can lead to black-holing of traffic destined to the FPC. The only way to recover from this is to restart the FPC. The issue will not be seen if you use the corresponding CLI commands to turn the MIC offline and then back online. PR1350103

  • During stress conditions error log messages regarding route add, change, delete might be incorrect. PR1350713

  • VRRP MAC filter will not be seen in Packet Forwarding Engine if interfaces flap followed by GRES, before VRRP state settles down after flap. During this time VRRP state is backup in master-Routing Engine and VRRP state is idle in Backup-Routing Engine. PR1353583

  • 17.4, 18.2 & 18.1 branch software is incompatible with 18.3, 18.4 branch software. Appropriate warnings are not thrown during image installation. PR1353773

  • If an aggregated Ethernet interface is configured as link-protection backup-state down, aggregated Ethernet operational state is still up even though the member interfaces configured under the aggregated Ethernet are down. This issue is specific to aggregated Ethernet link-protection backup-state down configuration. This feature was introduced by RLI 20028 (version 14.1R1). PR1354686

  • The configurations of bridging routing instances with aggregated Ethernet IFLS(6400IFLs) and IRB instances, all from a single FPC, the CPU utilisation of the FPC stays at 100 percent for 4 minutes. The behaviour from PFEMAN of FPC has the processing time spiked on IF IPCs and this seems to be the case of MPC7E from Junos OS Release 16.1R1 (or even earlier). After 4 minutes, the CPU utilisation comes down and the FPC is normal. Therefore, this scale configuration on MPC7E takes settling time of 4+ minutes. PR1359286

  • When a peer is coming is being established and it needs to catch up with other peers that have received many more updates, the merge code will verify that the routes are to be announced. If none of the prefixes are to be announced before it has processed it’s fair share of entries, you will start from the beginning again. This is much more likely to hit a situation where there is zero route churn. PR1361550

  • On PTX Series platforms, if an aggregated Ethernet bundle is configured with Ethernet Operation, Administration, and Maintenance (OAM) Link Fault Management (LFM), and at the same time, no Link Aggregation Control Protocol (LACP) is configured for the aggregated Ethernet bundle, the aggregated Ethernet member link flaps might cause one member link is set as "Link-Layer-Down" by LFM even after its physical link is already up. Due to this issue, there are still traffic flows forwarded through the member link in faulty status, thus all the traffic affected will be lost which leads to service impact. PR1365263

  • On PTX1000 platform, after rebooting the system by issuing the CLI command request vmhost reboot, netproxy service might fail to start. PR1365664

  • Syslog is updated when user tries to configure xpn cipher over a non-xpn supported platform such as MIC-MACsec-20G even though commit goes through. PR1367722

  • Its possible for a GNF with rosen6 multicast to display stuck krt queue entries after recovery from a dual Routing Engine reboot at the BSYS. PR1367849

  • After FPC reboot with base line configuration of 10G speed, if pic-mode for new speed is changed just after PICs come online when all physical interfaces are not yet created, then one of port down issue can be seen randomly. During old speed physical interfaces detach and new speed v attach, one of the PCS lane for the physical interfaces stays in reset causing port to stay down. As a workaround after FPC reboot with base line configuration, it is recommended to wait for 2 to 5 minutes after all PICs are online for port states to be stable before doing any port speed changes. There is no impact if FPC reboots with new speed configurations already applied. PR1368687

  • When FPC is booting up (either during unified ISSU or router reboot or FPC restart), i2c timeout errors can be noticed. These errors are seen as i2c action is not completed as device was busy. Once card is up all the i2c transactions to the device was ok, so no periodic failure is observed. There is no functional impact and these errors can be ignored. PR1369382

  • PEM to zone mapping exported in Junos Telemetry Interface streaming. PR1372374

  • When the MIC-MACSsec-20G is in offline state after Fake-Kats initiation- the MIC has to be brought up by issuing chassisd restart. Attempting to online the MIC through CLI could cause the MIC to go to a hardware error state. PR1374532

  • I/O session used for communicating between threads is freed due to FSM state transition. After freeing the memory, the fields of the I/O session are used for tracing, causing rpd core. PR1374759

  • If any of the log message continues to pop in MPC console, it indicates the presence of faulty SFP, SFP+, which is causing I2C transaction from main board CPU. There is no software recovery available to recover from this situation. These logs also indicates potential I2C transaction failure with any of the 10 ports available with GMIC2 in PIC 0 resulting in unexpected behaviours such as, link not coming up or MIC itself not booting up on restart. I2C Failed device: group 0xa0 address 0x70 Failed to enable PCA9548(0x70):grp(0xa0)->channel(0) mic_sfp_select_link:MIC(0/0) - Failed to enable PCA9548 channel, PCA9548 unit:0, channel ID: 0, SFP link: 0 mic_sfp_id_read: Failed to select link 0. The only way to recover from these failures is to detect and replace faulty SFP, SFP+ plugged into the GMIC2 ports. PR1375674

  • When MX BNG acts as DHCP relay and the destination DHCP server is reachable through Abstract Fabric Interfaces (AFIs), the packets received by the DHCP server on AF interfaces were dropped as Junos DHCP daemon (jdhcpd) was not AFI aware. The fix adds AF interface awareness to jdhcpd so that received DHCP packets are handled correctly. PR1377358

  • Provide proper values for one leaf. We were displaying values of 1 or 0 but should be displaying the following strings: PRIVATE_AS_REPLACE_ALL { if 1 } PRIVATE_AS_REMOVE_ALL { if 0 } PR1378159

  • After NAT64 router (with MS-MPC) translates an ipv6 fragment to ipv4 fragment, router is not inserting the right value in identification field of IPv4 Header. PR1378818

  • On MX Series platforms, constant memory leak might occur on a Flexible PIC Concentrator (FPC), and such condition might finally lead to memory exhaustion and the FPC would create core files. PR1381527

  • In rare situations at heavy traffic loads, input frame check sequence counter might get incremented. PR1383009

  • J-Insight process requires all the sensors under /components/component/ which is provided by chassis-control process. In Junos OS Release 18.4R1, J-Insight subscription to /components/component/ Junos Telemetry Interface sensors is enabled by default. This sensor subscription requires chassis-control process to stream all the chassis component sensors periodically at 5 seconds interval. This periodic streaming of sensors causes additional CPU utilization for chassis-control process at idle state. This increased CPU utilization will not impact on system performance. Impact of this is same as when an external subscriber subscribes to components/component/ sensors. PR1383335

  • Commit should not be allowed if you are trying to delete the physical-cores knob. However, there is no functional impact of this. PR1384014

  • With PTP configured, MBFD flaps might be seen in a BFD scale scenario. The issue is applicable only for MPC5, MPC6, MPC7, MPC8, MPC9, MX204, MX100003 platforms. PR1384473

  • Rpd could core in a rare race condition when NSR + GRES is configured and switchover is performed along with configuration changes being committed. PR1385005

  • This issue is seen only after backup CB removal/insertion operation. Backup CB normal reboot does not show the same issue. After insertion of backup CB, temperature sensor status bit for the CB is not getting updated. Hence, the status always shows up as 'Testing'. {master} user@router> show chassis environment |find CB CB 0 IntakeA-Zone0 OK 27 degrees C / 80 degrees F CB 0 IntakeB-Zone1 OK 31 degrees C / 87 degrees F CB 0 IntakeC-Zone0 OK 32 degrees C / 89 degrees F CB 0 ExhaustA-Zone0 OK 29 degrees C / 84 degrees F CB 0 ExhaustB-Zone1 OK 30 degrees C / 86 degrees F CB 0 TCBC-Zone0 OK 38 degrees C / 100 degrees F CB 1 Testing <<<<<<<<< SPMB 0 Intake OK 31 degrees C / 87 degrees F SPMB 1 Intake OK 32 degrees C / 89 degrees F Routing Engine 0 OK 35 degrees C / 95 degrees F Routing Engine 0 CPU OK 33 degrees C / 91 degrees F Routing Engine 1 OK 35 degrees C / 95 degrees F Routing Engine 1 CPU OK 33 degrees C / 91 degrees F PR1387130

  • During Zero Touch Provisioning (ZTP) process, default route is being cleaned up by code. Due to this if a static default route is configured in the initial configuration (configuration file downloaded from the file server for ZTP), the route will fail to work. This might lead to ZTP failure or device access issue after ZTP. PR1387724

  • In cases of PS over rlt at high scale, removing and adding back CoS configuration can cause the fpc to enter a hard error state. PR1388487

  • On MX2020, MX2010 and MX2008 platforms with SFB2 cards installed, if a newer generation of MPC (for example: MPC type 3, 4, 5, 6, 7, 8 or 9) is installed into a slot that had MPC 3D 16x10GE, MPC type 1 or MPC type 2 previously installed, the available fabric bandwidth to the new MPC card would be rate-limited due to residual programming on the fabric planes. Traffic impact is observed during peak utilization. PR1388780

  • vMX virtIO throughput stays the same btwn multi-queue and single-queue (vRouter-DPDK). Single queue performance is much higher compared to previous version of single queue DPDK support on MX86. PR1389338

  • With inline BFD configured on PTX or QFX10K platform, BFD sessions might reset continuously. PR1389569

  • The CLI should not allow to configured the "speed" under the interface level on MX204 platform. So excluding the speed option in the configurations for this platform. PR1389918

  • Flow table size configuration is taking longer than expected on EA based line cards (MPC7/8/9/JNP10K-LC2102). This config can take additional 2.5 minutes to 7 minutes in 18.4R1 depending on the table size being configured (+7 mins for Max Table size). Since Flex flow size configuration internally allocates maximum flow table size hence it might take the maximum additional reconfigure time of 7 minutes. PR1397767

  • While using ixgbe driver with SRIOV, on interface flap at the peer device, VMX occasionally stops receiving traffic. FPC needs to be restarted to recover functionality on the affected interface. PR1401672

Infrastructure

  • Junos OS can hang trying to acquire the SMP IPI lock while rebooting when it is running as a VM on Linux and QEMU hypervisor. PR1359339

Interfaces and Chassis

  • Upgrading Junos OS Release 14.2R5 and later maintenance releases and Junos OS Release 16.1 and later mainline releases with CFM configuration might cause cfmd crash after upgrade. This is because of the old version of /var/db/cfm.db. PR1281073

  • The Error message ppman_cfm_start_inline_adj: Failed to add Inline adj for CFM, pkt-len=0 will be observed in some cases. But there is no functional impact. Sessions or adjacency would get programmed inline subsequently. PR1358236

  • In VPLS scenario, if the OAM CFM (connectivity-fault-management, i.e., 802.1AG) level between CE and CE is higher than the level 3 between CE and PE, and 'action profile' is configured between CE and PE, the PDU (protocol data unit) of OAM CFM between CE might be dropped in PE, resulting in failure in Ethernet OAM between CE. PR1380799

  • If channelized interface coc1 is configured and FPC restart is performed then a core will generate and DCD restart can be seen. Currently we do not have any workaround for this issue. In case of all other interfaces core will not generate and normal behavior is seen. PR1387962

Layer 2 Features

  • Traffic from IRB interface towards LSI interface gets dropped with adaptive or per-packet load balancing on aggregated Ethernet interface. PR1381580

  • if a LDP-VPLS routing instance is configured with active and backup neighbors, and flow label capability is enabled on active neighbor but not on backup neighbor, upon switching to the PW to backup neighbor, Junos on the VPLS PE will continue to send traffic with flow label based on the capability learnt from previously active neighbor. PR1393447

Layer 2 Ethernet Services

  • On an MX Series platform with MPCs and DPC/DPCE line cards in the same system, if the system is configured with bridging features, the DPC/DPCE line cards might restart unexpectedly even though they are not configured for bridging features. PR1372506

  • On MX Series platform, if static demux interface over underlying is configured, after subscriber logout, the accounting statistics are not cleared. PR1383265

MPLS

  • With nonstop active routing (NSR), when the rpd restarts on the master Routing Engine, the rpd on the backup Routing Engine might restart. PR1282369

  • In case of CSPF-disabled LSPs, if the primary path ERO is changed to an unreachable strict hop, sometimes the primary path stays up with the old ERO. The LSP does not switch to standby secondary. PR1284138

  • With l2-smart-policy configured for Label Distribution Protocol (LDP), the Layer 2 circuits might flap if the LDP targeted adjacency also has a link hello adjacency and the interface with the link hello adjacency goes down. PR1360255

  • Traceroute MPLS from Juniper to Huawei routers does not work as expected due to unsupported TLV. PR1363641

  • Root Cause Analysis =================== Each bypass tunnel created on a Point of Local Repair (PLR) router is associated with a protected resource i.e a protected TE link. The PLR router creates one or more Link-protecting or Node-protecting bypass tunnels for a protected TE link. When ever the PLR router detects that a bypass tunnel originating from it has gone down because of RSVP ResvTear, it will attempt to re-signal the bypass tunnel over the same path. If the bypass tunnel came up within a short period, then the configuration of Link protection re-optimization timer will determine the further course of action on that bypass tunnel. However, if the bypass tunnel does not come up along the same path and if the router has not been configured to avoid running CSPF for the bypass tunnel, the router will compute CSPF for the bypass tunnel. If the protected TE link is down when such a CSPF is scheduled for execution, the srlg information will not be available in TED for the CSPF to determine which srlgs to avoid for the bypass tunnel. Hence that CSPF does not correctly avoid the srlgs of the protected TE link while computing path. This results in the bypass tunnel coming up along a path that will turn out to be incorrect when the protected TE link comes up again. PR1387497

Network Management and Monitoring

  • Updating the address of the Juniper Networks Inc in the SNMP MIB CONTACT-INFO entry - "{ snmpModules 1 }". PR1336291

  • Issue: snmpd daemon leaks memory in snmpv3 query path and crashes. Cause: The issue is caused by a memory leak when the request PDU is dropped by snmp when configuration snmp filter-duplicates is enabled. Each request PDU has a structure pointer for the SNMPv3 security details. This is allocated when the pdu is created/cloned. But while dropping the duplicate requests the corresponding free for this struct is not done, which causes the memory leak. PR1392616

Platform and Infrastructure

  • The operational command show igmp statistics with no filter does not display the aggregated JOIN/LEAVE/ QUERY statistics from subscribers having distributed knob in igmp/ mld stanza of dynamic profile. PR1289415

  • An accuracy issue occurs with three-color policers of both type single rate and two rate in which the policer rate and burst-size combination of the policer accuracy vary. This issue is present starting in Junos OS Release 11.4 on all platforms that use MX Series ASIC. PR1307882

  • This is a minor enhancement to add a UI to copy files from Junos VM to Host Linux. PR1341550

  • There is no support of interface range for Channelized interfaces on EX9253, user has to configure interfaces individually. PR1350635

  • MGD memory usage is shown as increased by about 450 MB when the DT CST test runs over the weekend (greater than 72 hours). PR1352504

  • When allow-configuration-regexps/deny-configuration-regexps are configured, syslog messages with level information are displayed to indicate whether set system regex-additive-logic is configured or not. Behavior for allow-configuration-regexps/deny-configuration-regexps will be different when regex-additive-logic is configured and when it is not configured. These messages are only informational messages and there is no functional issue due to this. Since these messages are for debugging purpose only and not useful for the end user, changed these syslog messages to debugs as part of this PR. After this change, these messages will no longer be displayed in syslog for level information. PR1369546

  • On MX series platform with DPC and MPC installed, due to incorrect MLP message (which is used to notify MAC address among different FPCs) sent from MPC to DPC, MAC learning procedure might get stuck in certain scenario, resulting in MAC remaining unresolved on Packet Forwarding Engine and MAC missing from the MAC table. PR1383233

  • AAA with radius authentication not working for IPv6 family when using management instance [mgmt_junos] set system radius-server <IPv6 Server> routing-instance mgmt_junos system management-instance. PR1391160

  • In some cases PS interfaces over RLT might be shown as up but not pass traffic. Log messages reporting asic error and a chassis alarm reporting hard fpc errors may also be seen. PR1400269

Routing Protocols

  • In rare cases, rpd might generate a core file with error rt_notbest_sanity: Path selection failure on ... The core is 'soft', which means there should be no impact to traffic or routing protocols. PR946415

  • JTASK_SCHED_SLIP for rpd might be seen on doing restart routing or OSPF protocol disable with scaled bgp routes in MX104 router. PR1203979

  • LDP OSPF are 'in sync' state and the reason observed for this is "IGP interface down" with ldp-synchronization enabled for OSPF. user@host> show ospf interface ae100.0 extensive Interface State Area DR ID BDR ID Nbrs ae100.0 PtToPt 0.0.0.0 0.0.0.0 0.0.0.0 1 Type: P2P, Address: 10.0.60.93, Mask: 255.255.255.252, MTU: 9100, Cost: 1050 Adj count: 1 Hello: 10, Dead: 40, ReXmit: 2, Not Stub Auth type: MD5, Active key ID: 1, Start time: 1970 Jan 1 00:00:00 UTC Protection type: None Topology default (ID 0) -> Cost: 1050 LDP sync state: in sync, for: 00:04:03, reason: IGP interface down config holdtime: infinity. As per the current analysis, "IGP interface down" is observed as the reason because although LDP notified OSPF that LDP synchronization was achieved, OSPF was not able to take note of the LDP synchronization notification, because the OSPF neighbor was not up yet. The issue is under investigation. PR1256434

  • In IS-IS and IPv6 scenario, rpd might crash when the neighbor router restarted and caused routes churn. PR1312325

  • The rpd might crash and generate a core file if the distributed Internet Group Management Protocol (IGMP) is configured. PR1314679

  • On a dual Routing Engine system with Graceful Routing Engine Switchover (GRES) and graceful-restart enabled, if Bidirectional Forwarding Detection (BFD) with hold-down-interval option is enabled on an external BGP peer, this BGP peer might stay at idle state after a Routing Engine switchover. PR1324475

  • When 32,000 SRTE policies are configured at once, during configuration time there might be scheduler slips. PR1339829

  • There are scenario where application allocates and caches next hop templates. This causes next hop template cache to grow continuously. But when application clears their local cache, then memory is freed to next hop template cache. But the next hop template cache does not have code to shrink the cache and free memory back. So the next hop template memory is trapped in the cache and cannot be used for other purposes. But if same BGP routes and next hops come up again, they will reuse the templates from cache and not consume additional memory. PR1346984

  • The XML RPC command was previously missing for the show bgp output-scheduler command. PR1359137

  • Starting in Junos OS Release 16.1, show bgp neighbor does not show the correct "Last traffic (seconds)" correctly anymore. PR1361899

  • On devices running Junos OS platform, when OpenConfig is running with sensor for "/network-instances/network-instance/protocols/protocol/BGP", changing the BGP import or export policy might cause rpd to crash. PR1366696

  • In configuration with MPLS inter-AS link-node protection with labeled-bgp, it is possible to encounter a situation where next hops references are not properly decremented, thus causing the system to hold onto next hops when they should be freed. This leads to a memory hog situation which eventually results in a core. PR1366823

  • In a LDP (Label Distribution Protocol) network with gradual deployment of segment routing ( LDP mapping server feature), the rpd process might crash after executing commit the configuration related to mapping-server-entry prefix-segments/prefix-segment-ranges with the maximum number of entries exceeded (16 for 17.4 and 64 for 17.4R2 onwards). PR1379558

  • The rpd might crash and core after issuing operational command show route x.x.x.x/xx detail for RIP route, the routing table will become unstable during the crash. PR1386873

  • Rpd might crash when ipv6 prefix with ipv4 next hop exists. PR1390428

  • With GRES and NSR enabled, if executing swithcover, all the BGP session might flap. PR1391084

  • During some BGP flap scenarios or deactivate/activate protocol bgp, JUNOS RPD corefile @rt_nh_resolve_delete after neighbors flap or deactivate/activate protocol bgp. The issue happens during a inet6.0 route withdrawal being received in an update and the subsequent delete of the route with an invalid next hop, causing the assert. PR1391568

  • In the rare case, ppmd on backup Routing Engine might stay with CPU usage after Routing Engine master switch event. There will be no impact on this probem. PR1392704

  • When rp-register-policy is configured, incoming PIM register messages are evaluated against the policy terms in the order they are configured in the policy. If the number of terms in the policy is more than 511, a related internal buffer gets over-written. This causes rpd to crash. PR1394259

  • It is possible that under certain scenarios when the legacy-redirect-ip-action the existing BGP routes advertised might not be refreshed. Because of this the routes might still contain communities not aligned with the configured legacy-redirect-ip-action option. Clear routes as described in workaround. PR1396787

  • Rpd provides a mechanism to validate that route selection has successfully been done. When errors in route selection are detected, a soft core is dropped: Rpd remains running, a single core file is dropped, it is rate limited to not do this frequently. When running L2VPN, BGP MED selection might be inappropriately run on the routes. As a result, the route selection sanity code will notice an unexpected result and leave a soft core. PR1398685

Software Installation and Upgrade

  • If the device is booted into single-user mode (recovery mode), and any change in configuration is made, such as setting the root password, then commit will fail. PR1368986

Subscriber Access Management

  • Address pool does not correctly cycle to the beginning of pool when linked-pool-aggregation parameter is defined. Address pool reports "Out of Addresses" even though not all addresses are in use. > show network-access aaa statistics address-assignment pool <name>. PR1374295

  • Usage-Monitoring-Information AVP as part of PCRF gx-plus provisioning is causing service accounting activation. PR1391411

User Interface and Configuration

  • The max-db-size configuration do not work on MX5, MX10, MX40, MX80, and MX104. PR1363048

  • DT_BNG: test configuration /config/rescue.conf.gz fails commit check for dynamic profile when subscriber is active. PR1376689

VPNs

  • The Multicast VPN MIB was not being properly compiled into the Juniper MIB package bundle. This PR causes mib-jnx-mvpn.txt to be included as part of the Juniper Enterprise MIB set. PR1394946

Resolved Issues

This section lists the issues fixed in the Junos OS 18.4R1 Release for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Authentication and Access Control

  • IPv4 or IPv6 DHCP-security client entries will be recorded on trusted ports as well. PR1390676

Class of Service (CoS)

  • The 802.1P rewrite might not work on inner VLAN. PR1375189

  • FPC card might reboot when changing CoS mode from hierarchical-scheduler to per-unit-scheduler. PR1387987

EVPN

  • EVPN/VXLAN: MAC entry incorrectly programmed in Packet Forwarding Engine, leading to some traffic blackhole. PR1231402

  • MPLS label leak leads to label exhaustion and rpd process crash. PR1333944

  • The l2ald memory might cross the threshold in EVPN scenario. PR1368492

  • Proxy ARP might not work as expected in an EVPN environment. PR1368911

  • EVPN active or active multi-homed PE occasionally prefers to route to a directly connected prefix using LSPs towards the multi-homed peer instead of going directly out the IRB interface (which is up). PR1376784

  • The RA packets might be sent out without using the configured virtual gateway address. PR1384574

Forwarding and Sampling

  • Junos OS allows firewall filters with the same name under [edit firewall] and [edit firewall family inet] hierarchy levels. PR1344506

  • L2ald crashes when trying to adjust mac-table-size configuration. PR1383665

General Routing

  • TACACS access does not work after upgrade. PR1220671

  • Routing Engine-Packet Forwarding Engine out of sync errors in syslog. PR1232178

  • The mspmand might generate a core file in rare conditions due to a high rate of TCP traffic. PR1253862

  • The wrong TBB Packet Forwarding Engine component's temperature might be reported on MX80. PR1259379

  • On MX Series routers, the show chassis led command should not be displayed in possible completions of the show chassis command. PR1268848

  • Flexible PIC concentrator (FPC) crash/reboot is observed when bringing up about 12,000 Layer 2 Bit Stream Access (L2BSA) subscribers simultaneously. PR1273353

  • Error messages might be seen if flapping the aggregated Ethernet interface hosted on MPC-3D-16XGE card. PR1279607

  • Migrate from syslog API to Errmsg API;/src/junos/usr.sbin/mobiled. PR1284625

  • Migrate from syslog API to Errmsg API;/src/junos/usr.sbin/mspmand. PR1284643

  • Migrate from syslog API to Errmsg API;/src/junos/usr.sbin/mspsmd. PR1284654

  • PPPoE can not dial in due to all padi dropped as "unknown iif" when deactivated/activated aggregated Ethernet configuration. PR1291515

  • Wrong packet statistics reported in ifHCInUcastPkts OID. PR1306656

  • In a few cases it was seen that RS are all up but virtual service is down, this was seen mainly in configuration load overriride conditions. PR1313009

  • Migrate from syslog API to Errmsg API - /src/junos/usr.sbin/subinfo. PR1327262

  • Migrate from syslog API to Errmsg API - /src/junos/usr.sbin/aaad. PR1327266

  • Migrate from syslog API to Errmsg API - /src/junos/usr.sbin/smihelperd. PR1327271

  • Tc_count counters in filter with scale-optimized command, are not incrementing. PR1334580

  • With Certificate Hierarchy, where intermediate CA profiles are not present on the device, in some corner cases, the PKId can become busy and stop responding. PR1336733

  • AI-script does not get auto upgrade unless it is manually done after a Junos upgrade. PR1337028

  • Routing Engine does not have MAC map for MAC type 7. PR1345637

  • Additional show commands called when request support information command is issued. PR1346129

  • The rpd might crash when the dynamic-tunnels next-hop resolving migrates to a more specific IGP route. PR1348027

  • Routing Engine mastership keep alive timer is not updated after the GRES configuration is removed. PR1349049

  • The MPC might crash when the MIC is removed. PR1350098

  • Migrate from syslog API to Errmsg API - /bbe-svcs/smd/plugins/cos/. PR1353179

  • Some of the inline service interfaces can not send out packets with the default bandwidth value (100Gbps). PR1355168

  • Chassis alarm is not reflecting the right state when INP0 and INP1 has AC voltage out-of-range. PR1355803

  • mpls-ipv4 templates does not have correct src AS and dst AS as 4294967295 src Mask and DstMask as 0 after adding mpls-flow table size on the fly. PR1356118

  • Link stays up unexpectedly on MX204 with copper cable removed. PR1356507

  • MPC/FPC might be unable to reply request messages to Routing Engine in a high subscriber scale scenario. PR1358405

  • show chassis ethernet-switch on Vale-MX. PR1358853

  • The show chassis fpc might show "Bad Voltage" for FPC powered off by configuration or CLI command after the command show chassis environment fpc is executed. PR1358874

  • bbe-smgd restarts unexpectedly while performing graceful routing engine switchover (GRES). PR1359290

  • PluginExit() function is never called. PR1359610

  • FPC core might be observed after GRES switchover. PR1361015

  • IP over VPLS traffic is affected by EXP rewrite rule on the core-facing MPLS interface. PR1361429

  • MX BNG does not generate ESMC/SSM Quality Level failed snmp trap. PR1361430

  • Migrate from syslog API to Errmsg API;usp/usr.sbin/nsd/common/nsd_tpm.c. PR1361986

  • Spontaneous bbe-smgd core might be seen on the backup Routing Engine. PR1362188

  • The MS-MPC might reset continuously on MX Series platforms. PR1362271

  • JDI-RCT:M/Mx: Traffic loss of 1% is seen during GRES phase of unified ISSU from 17.3-20180527.0 to17.3-20180527.0. PR1362324

  • Executing show route prefix proto ip detail during route churm in a route scale scenario might lead to FPC crash. PR1362578

  • The inline-J-Flow sampling configuration might cause FPC crash on MX Series platforms. PR1362887

  • MXVC:request to record vccp heartbeat state change in syslog by default. PR1363565

  • xmlproxyd for internal interfaces is reporting uint32 instead of uint64. PR1363766

  • The multicast route update might get stuck in KRT queue and the rpd might crash if rpd and kernel go out of sync. PR1363803

  • FPM board missing in SNMP mib walk. PR1364246

  • A traffic loop might occur even though that port is blocked by RSTP in a ring topology. PR1364406

  • The kernel might crash after repeatedly deactivating/activating interfaces/filter/class-of-services configurations due to accessing stale memory entry. PR1364477

  • AF's operational state moves to down state in a node virtualized environment where GNFs are connected through AF interface. PR1364921

  • Default adapter type changed from E1000 to VMXNET3. PR1365337

  • Traffic drops seen if 3 link training failure is seen in a line card. PR1365668

  • MPC7E: ukern crash and FPC reboot with vty command show agent sensors verbose. PR1366249

  • MS-MPC/MS-PIC might crash in NAT scenario. PR1366259

  • MX150: Upgrade to 18.1R1.9 fails - installing package nfx-2-routing-data-plane-1.0-0.x86_64 needs 76MB on the / filesystem. PR1366324

  • Migrate from syslog API to Errmsg API - junos/lib/liboiu-ffp/. PR1366546

  • The next hop of MPLS path might be stuck in hold state which could cause traffic loss. PR1366562

  • Snmp mib walk for udp flood gives different output statistics than CLI. PR1366768

  • JDI-RCT:M/MX: Syslog errors seen LOG : Err] Failed to allocate 2 jnh-dwords for encap-ptr(ether-da)!,LOG: Err] gen_encap_common: jnh-alloc failed! 8. PR1366811

  • Offline of the fabric links of Packet Forwarding Engine 4 and Packet Forwarding Engine 5 is not supported. PR1367412

  • The bbe-smgd process might crash during the authentication phase for L2BSA subscriber. PR1367472

  • The show system resource-monitor fpc might show non-existing Packet Forwarding Engine. PR1367534

  • RTG interface status might be shown as incorrect status with show interface. PR1368006

  • adtran-bbe-olt : Multiple provisioning deprovisioning cycles causes rdmd memory leak. PR1368275

  • JSA10893: 2018-10 Security Bulletin: MX Series: In BBE configurations, receipt of a crafted IPv6 exception packet causes a Denial of Service (CVE-2018-0058). PR1368599

  • RPD API rt_nexthops_extract_gateway_convert_unnumbered_gf_dli() rectification. PR1368855

  • The commit or commit check might fail due to the error of not having lsp-cleanup-timer without lsp-provisioning. PR1368992

  • SNMP mib walk causes KMD errors. PR1369938

  • L2TP subscriber firewall filter might not be removed from Packet Forwarding Engine when routing-services are enabled in the dynamic profile. PR1369968

  • Kernel crash might be seen after committing demux related configuration. PR1370015

  • The rpd might crash after Routing Engine switchover is performed or the rpd is restarted if interface-based Dynamic GRE Tunnel is configured. PR1370174

  • The packet which exceeds a size of 8,000 bytes might be dropped by MS-MPC in ALG scenario. PR1370582

  • GMIC2 : SFP-1FE-FX optics does not come up on GMIC. PR1370962

  • All the MX150 devices running VRRP on a LAN are stuck in master state. PR1371838

  • BBE SMGD generates a core file on FPC restart. PR1371926

  • FPC high CPU utilization or crashes during hot-banking condition. PR1372193

  • SMGD generates a core file after essmd restart with reference to mmf_ensure_mapped (mmf=0xe8f0200, offset=4294967295, len=108) at ../src/junos/lib/libmmf/mmf.c:1972. PR1372223

  • Need a way to verify the session IDs above 32 Bit limit to check if this is working. PR1385237

  • With very high scale l3vpn, traffic is dropped when egressing on an AF interface. PR1372310

  • Image installation on SD fails with error Unable to read reply from software add command to re1; error 1. PR1372877

  • The Routing Engine might crash after non-GRES switchover. PR1373079

  • AOC Type Optics fail to Initialize on MACSEC TIC Boot-Up. PR1373572

  • EDVT-GI-MIC2 : Interfaces does not come up for bidirection module SFP-100BASE-BX10-U & SFP-100BASE-BX10-D. PR1373795

  • BOOTP packets might be dropped if BOOTP-support is not enabled at the global level. PR1373807

  • vMX QOS performance issue on 18.3. PR1373999

  • Cosmetic log warning: [---] is protected, 'protocols ---' cannot be deleted is seen after commit using configure private in a configuration with "protect" flag present. PR1374244

  • FPC might be unable to work properly if one child interface is removed from an aggregated Ethernet bundle in dynamic VLAN subscriber scenario. PR1374478

  • bbe-smgd generate a core file continiously while deleting multicast group node from the tree. PR1374530

  • PCE initiated LSPs remain Control status became local after removing PCE configuration. PR1374596

  • Few L2BSA subscriber logical interfaces are left behind in SMD infrastructure and kernel after logout. PR1375070

  • SFB and PDM/PSU related information is missing in jnxBoxAnatomy MIB on high end MX routers (MX2010/2020). PR1375242

  • The bbe-smgd core file might be seen after doing GRES. PR1376045

  • Interface optic output power is not zero when the port has been disabled. PR1376574

  • CI: Not generating Power Supply failed trap. PR1376612

  • Disabling OAM might cause the Broadband Edge daemon to crash. PR1377090

  • Packets might be dropped on data plane in the inline J-Flow scenario. PR1377500

  • The ICMPv6 packets larger than 1024 might be dropped if icmp-large-packet-check is configured on ids service. PR1378852

  • Traffic might get into blackhole when CoS configuration is changed on a PS interface. PR1379530

  • Remove the chassisd alarms for FPCs exceeding 90 percent of power budget and exceeding 100 percent of power budget. PR1380056

  • The software detects SDB STS lock deadlock and breaks the deadlock itself and system resumes normally processing on its own. PR1380231

  • CE_Customer: DT_BNG: ESSM model: rpd cored during 5th GRES, with reference to task_kevent_udata_task (ev= <optimized out>) at ../../../../../../src/junos/lib/libjtask/base/platform/bsd/task_io_bsd.c:127. PR1380298

  • Encryption and Decryption does not happen due to Packet Forwarding Engine discards while testing that group-vpn member established using authentication-method pre shared key ASCII-text. PR1381316

  • Memory leak observed in MS-MPC card. PR1381469

  • Subscribers not able to login after double GRES, after reboot, or after configuration. PR1382050

  • On Summit MX3ru for 18.3R1 release ISSU fails if QSA is plugged in. PR1382126

  • The MPC6E might crash while fetching PMC device states. PR1382182

  • Flows are getting exported before the active timeout. PR1382531

  • PFT MX10008 Expected inline-ipv4-export-packet-failures is not listed in show services accounting error. PR1382873

  • MAC addresses might disappear, if the interface MTU of EVPN PE is changed. PR1382966

  • The kmd crashes with core file after bringing up IPsec connection. PR1384205

  • CoS attachment might be mistakenly removed for DHCPv4 stack when DHCPv6 stack fails to be brought up for single session dual stack subscriber. PR1384289

  • CE_Customer: DT_BNG: Multiple bbe-smgd generates a core file with reference to bbe_mcast_vbf_dist_policy_service_encoder (params= <opyimized out>) at ../src/junos/usr.sbin/bbe-svcs/smd/plugins/mcast/bbe_mcast_policy_config.c:159. PR1384491

  • RPT_REG_SERVICES:mpls inlinejflow: The mpls packets with number of labels more than 8 will not be processed by J-Flow. PR1385790

  • IPsec VPN traffic might fail when passing through MS-MPC of MX Series routers with CGNAT enabled. PR1386011

  • Representation of Memory Units is Changed from Gigabytes[GB] to Gibibytes[GiB] in the help string under resource template hierarchy. PR1386516

  • RBU_REGRESSIONS_SERVICES ::IPv4 and IPv6 VIP Routes are not withdrawn after aggregated Ethernet + VLAN with IRB FLAP. PR1386713

  • RBU_Services_Regressions: SFLOW : Agent ID in show sflow command is displaying lo interface IP instead of fxp0 IP. PR1386890

  • In case a LSP is locally configured without an explicit path ERO, object remains empty in the PCRpt generated by PCC. PR1386935

  • Uninitialized EDMEM[0x400094] Read (0x6db6db6d6db6db6d) logs seen with sampling applied to a subscriber with routing-service applied. PR1386948

  • BGP flowspec: rpd cored @ bgp_reuse_scan on flapping neighbors. PR1387050

  • The pccd might crash when changing delegation-priority. PR1387419

  • bbe-smgd daemon crashes and generates a core file when two DHCP subscribers with same framed-route prefix and preference values try to login. PR1387690

  • Output of show class-of-service interface command incorrectly shows adjusting application as PPPoE IA tags for DHCP subscribers. PR1387712

  • FPC core might be seen at sensor_export_time_exceed_limit agent_health_monitor_data_reap when Jinsight is configured. PR1388112

  • bbe-smgd does not respond to NS from SLAAC client on dynamic VLAN. PR1388595

  • Incorrect values for flow packets/octets fields might be seen in inline-J-Flow scenario. PR1389145

  • The bbe-smgd process generates repeated core files and stops running as a result of long term session database shared memory corruption. PR1388867

  • IGMP group threshold exceed log message prints a wrong demux logical interface. PR1389457

  • Class of service adjustment-control-profile configuration for application DHCP tags does not get applied. PR1390101

  • Delay in CLI output with second or more show subscriber <> extensive queries when first session is sitting at -(more)- prompt displaying show subscribers extensive. PR1390762

  • Trailing chars in GNMI get API reply. PR1390967

  • CE_Customer: DT_BNG: DFW plugin NACKs DHCPv6/PPPoE, ESSM subscriber re-login after ISSU. PR1391409

  • The routing-engine-power-off-button-disable does not work on MX204. PR1391548

  • The bbe-smgd process might crash after commiting configuration changes. PR1391562

  • MX Series routers serving as a DHCP server for dual stack subscribers encounter BBE-SMGD process generates a core file. PR1391845

  • On MX2000, fans start spinning at high speed upon inserting previously offlined FPC. PR1393256

  • Kernel core on vMX due to jlock assert. PR1398320

High Availability (HA) and Resiliency

  • Backup Routing Engine might go to db prompt after performing configuration remove and restore. PR1269383

  • RPT BBE Regressions : Observed error: not enough space in /var on re1. while doing unified ISSU upgrade from 17.4-20180328.0 --> 18.2-20180416.0. PR1354069

  • VC-Bm cannot sync with VC-Mm when the Virtual Chassis splits the reforms. PR1361617

Interfaces and Chassis

  • Aggregated Ethernet speed calculation changes according to 10GE post GRES. PR1326316

  • Momentary dip in traffic when a GRES is performed. PR1336455

  • Native-vlan-id support on ps-interface. PR1352933

  • The sonet interface will go down after enabling "keep-address-and-control" in L2VPN scenario. PR1354713

  • The aggregated Ethernet interface might flap when the link speed of the aggregated Ethernet bundle is configured to oc192. PR1355270

  • ~50% of PPPoE subscribers (PTA and L2TP) and all ESSM sub lost after post ISSU during DT CST stress test. PR1360870

  • On all Junos OS products, the CLI allows to configure more sub-interface than the limit of 2048 sub-interfaces on lag interface from Junos OS Release 17.2R1. PR1361689

  • Error messages like ifname [ds-5/0/2:4:1] is chan ci candidate are seen during a commit operation. PR1363536

  • In case of MPLS ,DMR packets are sent with different mpls exp bits if MX receives CFM DMM packets with varying exp values on MPLS header. PR1365709

  • In rare case, there might be L2TP subscribers stuck in terminated state. PR1368650

  • The EOAM LTM messages might not get forwarded after system reboot in CFM scenario configured with CCC interface. PR1369085

  • ISSU could be aborted at Timed out Waiting for protocol backup chassis master switch to complete with MX-Virtual Chassis configuration. PR1371297

  • JDI-RCT: QFX5200 MCLAG: parse_remove_ifl_from_routing_inst() ERROR : No route inst on et-0/0/16.16386 errors seen after restart l2cpd daemon. PR1373927

  • The dcd process might go down when vlan-id none is configured for interface. PR1374933

  • FTI logical interface VNI limits changed from (0..16777215) to (0..16777214). PR1376011

  • Duplicate IP cannot be configured on both SONET (so-) interface and other interfaces. PR1377690

  • Some error logs (Tx unknown LCP packet) might be reported by the bbe-smgd daemon on MX Series platforms. PR1378912

  • The dcd restarted unexpectedly after committing a configuration with static demux interface stacking over ps interface. PR1382857

  • Interface-control thrashes and dcd does not restart after adding invalid demux interface to the configuration. PR1389461

Layer 2 Ethernet Services

  • STP status gets wrong after changing outer VLAN-tags. PR1121564

  • The MAC address might not be learnt due to spanning-tree state "discarding" in kernel table after Routing Engine switchover. PR1205373

  • Migrate from syslog API to Errmsg API;/src/junos/usr.sbin/lacpd. PR1284592

  • ZTP infra scripts are not included for MX PPC routers. PR1349249

  • Migrate from syslog API to Errmsg API:PPMD client LACP. PR1358599

  • The DHCP leasequery message is replied with incorrect source address. PR1367485

  • JSA10889 2018-10 Security Bulletin: Junos OS: The jdhcpd process crashes during processing of specially crafted DHCPv6 message (CVE-2018-0055). PR1368377

  • The subscriber's authentication might fail when the link-layer address encoded in the DHCPv6 DUID is different from the actual link-layer hardware address. PR1390422

Layer 2 Features

  • The traffic might not be transmitted correctly in a large scale of VPLS scenario. PR1371994

MPLS

  • When minimum-bandwidth and bandwidth commands are present in the configuration, the bandwidth selection of the lsp is inconsistent. PR1142443

  • JDI-RCT: rpd core is seen on master Routing Engine after performing restart chassisd. PR1352227

  • The rpd might crash in BGP LU and LDP scenario. PR1366920

  • RSVP authentication might fail between some Junos OS releases and causes traffic loss during local repair. PR1370182

  • The next hop of static LSP for MPLS might get stuck in dead state after changing the network mask of the outgoing interface. PR1372630

  • The traceroute mpls might fail when traceroute is executed from Juniper device to other device not supporting RFC6424. PR1372924

  • Rpd process eventually might crash after Routing Engine switch over with GRES/NSR enabled. PR1373313

  • The traffic might not be load-balanced equally across LSPs with ldp-tunneling configured. PR1373575

  • The rpd process might crash continuously if nsr-synchronization or all flag is used in RSVP traceoptions. PR1376354

  • JSA10883: Junos OS: Receipt of a specifically crafted malicious MPLS packet leads to a Junos kernel crash (CVE-2018-0049). PR1380862

  • Ingress LSPs down due to CSPF failure. PR1385204

  • Configured bandwidth 0 does not get applied on RSVP interface. PR1387277

Platform and Infrastructure

  • MAC addresses are not learnt on bridge-domains after XE/GE interface flap tests. PR1275544

  • MQCHIP CPQ block should report major alarm. PR1276132

  • Distributed multicast might not be forwarded to a subscriber interface. PR1277744

  • When chassis control restart is done with aggregated Ethernet and COS rewrite configuration, Platform failed to bind rewrite messages could be seen in syslog. PR1315437

  • RLT sub-interfaces not reporting statistics. PR1346403

  • lt- interface gets deleted with tunnel-services configuration still present. PR1350733

  • When forwarding-class-accounting command is enabled, on an interface, inside of a routing-instance of instance-type vrf, aggregate input forwarding-class statistics do not increment (egress statistics work fine). PR1357965

  • JSA10899 2018-10 Security Bulletin: Junos OS: Next hop index allocation failed: private index space exhausted through incoming ARP requests to management interface (CVE-2018-0063). PR1360039

  • Select CLI functions are not triggering properly (set security ssh-known-hosts load-key-file, set system master-password). PR1363475

  • Summit 3RU: Qmon Sensors not working with Hyper-mode enable. PR1365990

  • Subscribers over aggregated Ethernet interface might have tail drops which will affect the fragmented packets due to QXCHIP buffer getting filled up. PR1368414

  • Forwarding broken after adding protocol evpn extended-vlan-id. PR1368802

  • The host outbound traffic might get dropped when the class-of-service host-outbound-traffic ieee-802.1 rewrite-rules command is configured. PR1371304

  • Traffic might drop on new added interfaces on MX Series routers after unified ISSU. PR1371373

  • The logical tunnel interface might be unable to send out control packets generated by Routing Engine. PR1372738

  • JNH memory leaks in multicast scenario with MoFRR enabled. PR1373631

  • Traffic traversing an IRB is not tagged with a VLAN if the packets goes through an additional routing-instance. PR1377526

  • FPC crash might be seen after FPC restarts. PR1380527

  • lsi binding missing upon nd6 entry refresh after l2ifl flap. PR1380590

  • Packet drops on interface if the knob gigether-options loopback is configured. PR1380746

  • JUNOS DFWD core @ patricia_get_inline (root=<optimized out>, key_bytes=<optimized out>, v_key=<optimized out>) at ../../../../../../src/ui/lib/libjunos-patricia/h/jnx/patricia.h:715 PR1380798

  • Packet drops might be seen if the packet header is over 252 bytes. PR1385585

  • The configuration through NETCONF session might fail. PR1383567

  • RLI- 38639 - L3VPN/ROSEN over PS over RLT . - In 18.4DCB after ifconfig down for PS interface IFL , its Link and Admin status are not going down as expected. PR1396335

Routing Policy and Firewall Filters

  • Set metric multiplier offset may overflow/underflow. PR1349462

  • The rpd process might crash if then next-hop is configured for LDP export policy. PR1388156

Routing Protocols

  • Migrate from syslog API to Errmsg API;/src/junos/usr.sbin/ppmd. PR1284621

  • Multihop eBGP peering session exchanging EVPN routes can result in rpd core file when BGP updates are sent. PR1304639

  • The BGP session might be stuck with high BGP OutQ value after GRES on both sides. PR1323306

  • The rpd might crash when BGP neighbor is flapping. PR1337304

  • The bfd process memory leak might be observed if enabling multi-hop BFD session for a static route with multiple qualified-next-hop. PR1345041

  • Rpd crash might be seen after executing Routing Engine switchover. PR1349167

  • FPC might continuously crash on vMX platforms. PR1364624

  • 18.4DCB - RLI:37513 - sBFD session flaps incrementally with 300 StaticSR clients configured with 100ms as minimum-interval. PR1366124

  • Static route get unexpectedly refreshed on commit when configured with resolve configuration statement. PR1366940

  • About 10 minutes traffic loss is caused by BGP flap during MX Series unified ISSU. PR1368805

  • TCP sessions might be taken down during Routing Engine switchover. PR1371045

  • Route entry might be missing when IS-IS shortcut is enabled and MPLS link flaps. PR1372937

  • SSH is not working if [edit system services ssh hostkey-algorithms] is set or in FIPS mode. PR1382485

  • Penultimate-hop router does not install BGP LU label causing traffic blackhole. PR1387746

  • Next hop not deleted by ukernel. However delete command seen in rtsockmon. PR1389379

  • Rpd cores seen in rt_notbest_sanity(). PR1391767

Services Applications

  • Selectively start ZLB Delay timer at the Packet Forwarding Engine for LAC tunnels. PR1338450

  • L2TP Access Concentrator (LAC) tunnel connection request packets might be discarded on LNS device. PR1362542

  • The L2TP subscribers might not be able to log in successfully due to the jl2tpd memory leak. PR1364774

  • Accounting stop message is not sent to radius server after bringing down the L2TP subscriber. PR1368840

  • IPsec-VPN IKE security-associations might get stuck in "Not Matured" state. PR1369340

  • Actual-Data-Rate-Downstream might not be included in the L2TP ICRQ message. PR1370699

  • NAT64 does not translate ICMPv6 Type 2 packet (packet is too big) correctly when MS-DPC is used for NAT64. PR1374255

  • FTP ALG is not supported with twice-nat. PR1383964

Subscriber Access Management

  • The authd process might not be started after executing Routing Engine switchover on backup Routing Engine without GRES enabled. PR1368067

  • Radius VSA's, Actual-Data-Rate-Downstream and Actual-Data-Rate-Upstream values are not complaint with RFC 4679. PR1379129

  • CoA updates subscriber with original dynamic-profile if radius has returned different dynamic-profile name. PR1381230

  • Some subscribers fail to get SRL service as provided in Radius accept message even though the Radius messages can be sent and received. PR1381383

  • The value of predefined-variable-defaults routing-instances overrides the RADIUS-supplied VSA (26-1 Virtual-Router). PR1382074

  • Log Message: authd: gx-plus: logout: wrong state for request session-id <xyz>. PR1384599

  • Multiple ipv6 IANA addresses for one session when ipv6 PD binding failure scenarios. PR1384889

VPNs

  • The process rpd might crash after configuration change in an L2VPN scenario. PR1351386

  • In dual-homed NG-MVPN the receipt of type 5 withdrawal removes downstream join states for some routes. PR1368788

  • MVPN source redundancy possible flows outage. PR1375716

Documentation Updates

This section lists the errata and changes in Junos OS Release 18.4R1 documentation for MX Series.

Subscriber Management Provisioning Guide

  • The new topic, Subscriber Management RADIUS Dictionary Files, provides a link to the Juniper Networks RADIUS dictionary that is used by default with subscriber management for each supported release. The dictionary is updated only when software features that affect the file are added or changed. The dictionary is not updated for every Junos OS release.

Subscriber Management VLANs Interfaces Guide

  • The Broadband Subscriber VLANs and Interfaces Feature Guide did not clearly indicate that only demux0 is supported for demux interfaces. If you configure a different demux interface, such as demux1, the configuration commit fails.

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS for the MX Series. Upgrading or downgrading Junos OS might take several minutes, depending on the size and configuration of the network.

Starting in Junos OS 18.3R1 release, FreeBSD 11.x is the underlying OS for all Junos OS platforms which were previously running on FreeBSD 10.x based Junos OS. FreeBSD 11.x does not introduce any new Junos OS related modifications or features but is the latest version of FreeBSD.

The following table shows detailed information about which Junos OS can be used on which products:

Platform

FreeBSD 6.x-based Junos OS

FreeBSD 11.x-based Junos OS

MX5,MX10, MX40,MX80, MX104

YES

NO

MX240, MX480, MX960,

MX2010, MX2020

NO

YES

Basic Procedure for Upgrading to Release 18.4

Note

Before upgrading, back up the file system and the currently active Junos OS configuration so that you can recover to a known, stable environment in case the upgrade is unsuccessful. Issue the following command:

The installation process rebuilds the file system and completely reinstalls Junos OS. Configuration information from the previous software installation is retained, but the contents of log files might be erased. Stored files on the routing platform, such as configuration templates and shell scripts (the only exceptions are the juniper.conf and ssh files) might be removed. To preserve the stored files, copy them to another system before upgrading or downgrading the routing platform. For more information, see the Junos OS Administration Library.

For more information about the installation process, see Installation and Upgrade Guide and Upgrading Junos OS with Upgraded FreeBSD.

Procedure to Upgrade to FreeBSD 11.x based Junos OS

Products impacted: MX240, MX480, MX960, MX2010, and MX2020.

To download and install FreeBSD 11.x based Junos OS:

  1. Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:

    https://www.juniper.net/support/downloads/

  2. Select the name of the Junos OS platform for the software that you want to download.
  3. Select the release number (the number of the software version that you want to download) from the Release drop-down list to the right of the Download Software page.
  4. Select the Software tab.
  5. In the Install Package section of the Software tab, select the software package for the release.
  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the routing platform or to your internal software distribution site.
  10. Install the new jinstall package on the routing platform.Note

    We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

    All customers except the customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:

    • For 32-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-32-18.4R1.9-signed.tgz
    • For 64-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-64-18.4R1.9-signed.tgz

    Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption Junos package):

    • For 32-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-32-18.4R1.x-limited.tgz
    • For 64-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-64-18.4R1.9-limited.tgz

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the router.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname

    Do not use the validate option while upgrading from Junos OS (FreeBSD 6.x) to Junos OS (FreeBSD 11.x). This is because programs in the junos-upgrade-x package are built based on FreeBSD 11.x, and Junos OS (FreeBSD 6.x) would not be able to run these programs. You must run the no-validate option. The no-validate statement disables the validation procedure and allows you to use an import policy instead.

    Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note

You need to install the Junos OS software package and host software package on the routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. For upgrading the host OS on these routers with VM Host support, use the junos-vmhost-install-x.tgz image and specify the name of the regular package in the request vmhost software add command. For more information, see the VM Host Installation topic in the Installation and Upgrade Guide.

Note

After you install a Junos OS Release 18.4 jinstall package, you cannot return to the previously installed Junos OS (FreeBSD 6.x) software by issuing the request system software rollback command. Instead, you must issue the request system software add no-validate command and specify the jinstall package that corresponds to the previously installed software.

Note

Most of the existing request system commands are not supported on routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. See the VM Host Software Administrative Commands in the Installation and Upgrade Guide.

Procedure to Upgrade to FreeBSD 6.x based Junos OS

Products impacted: MX5, MX10, MX40, MX80, MX104.

To download and install FreeBSD 6.x based Junos OS:

  1. Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:

    https://www.juniper.net/support/downloads/

  2. Select the name of the Junos OS platform for the software that you want to download.
  3. Select the release number (the number of the software version that you want to download) from the Release drop-down list to the right of the Download Software page.
  4. Select the Software tab.
  5. In the Install Package section of the Software tab, select the software package for the release.
  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the routing platform or to your internal software distribution site.
  10. Install the new jinstall package on the routing platform.Note

    We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

    • All customers except the customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:

      user@host> request system software add validate reboot source/jinstall-ppc-18.4R1.9-signed.tgz
    • Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption Junos OS package):

      user@host> request system software add validate reboot source/jinstall-ppc-18.4R1.9-limited-signed.tgz

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the router.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname

    The validate option validates the software package against the current configuration as a prerequisite to adding the software package to ensure that the router reboots successfully. This is the default behavior when the software package being added is a different release.

    Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note

After you install a Junos OS Release 18.4 jinstall package, you cannot return to the previously installed software by issuing the request system software rollback command. Instead, you must issue the request system software add validate command and specify the jinstall package that corresponds to the previously installed software.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2 and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.

You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.

Upgrading a Router with Redundant Routing Engines

If the router has two Routing Engines, perform the following Junos OS installation on each Routing Engine separately to avoid disrupting network operation:

  1. Disable graceful Routing Engine switchover (GRES) on the master Routing Engine, and save the configuration change to both Routing Engines.

  2. Install the new Junos OS release on the backup Routing Engine while keeping the currently running software version on the master Routing Engine.

  3. After making sure that the new software version is running correctly on the backup Routing Engine, switch over to the backup Routing Engine to activate the new software.

  4. Install the new software on the original master Routing Engine that is now active as the backup Routing Engine.

For the detailed procedure, see the Installation and Upgrade Guide.

Downgrading from Release 18.4

To downgrade from Release 18.4 to another supported release, follow the procedure for upgrading, but replace the 18.4 jinstall package with one that corresponds to the appropriate release.

Note

You cannot downgrade more than three releases.

For more information, see the Installation and Upgrade Guide.

Product Compatibility

Hardware Compatibility

To obtain information about the components that are supported on the devices, and special compatibility guidelines with the release, see the Hardware Guide and the Interface Module Reference for the product.

To determine the features supported on MX Series devices in this release, use the Juniper Networks Feature Explorer, a Web-based application that helps you to explore and compare Junos OS feature information to find the right software release and hardware platform for your network. Find Feature Explorer at: https://apps.juniper.net/feature-explorer/.

Hardware Compatibility Tool

For a hardware compatibility matrix for optical interfaces and transceivers supported across all platforms, see the Hardware Compatibility tool.

Release History Table
Release
Description
Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the Junos Telemetry Interface (JTI).