Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

ON THIS PAGE

Junos OS Release Notes for MX Series 5G Universal Routing Platform

 

These release notes accompany Junos OS Release 18.4R1 for the MX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

New and Changed Features

This section describes the new features and enhancements to existing features in Junos OS Release 18.4R1 for the MX Series routers.

Hardware

  • Smart SFP and smart SFP+ support (MX Series)—Starting in Junos OS Release 18.4R1, the smart SFP transceivers and smart SFP+ transceiver in Table 1 and Table 2 are supported on the listed MX Series routers.

    Table 1: SFP Transceiver Support on the MX Series

    SFP Model

    Supported MPCs, MICs, and Platforms

    SFP-GE-TDM-T1

    SFP-GE-TDM-T1

    SFP-GE-TDM-T1

    SFP-GE-TDM-T1

    SFP-GE-TDM-STM4

    Supported MPCs:

    • MX-MPC1E-3D (with MIC)

    • MX-MPC1E-3D-Q (with MIC)

    • MX-MPC2E-3D (with MIC)

    • MX-MPC2E-3D-Q (with MIC)

    • MX-MPC2E-3D-NG (with MIC)

    • MX-MPC3E-3D-NG (with MIC)

    Supported MICs:

    • MIC-3D-20GE-SFP

    • MIC-3D-20GE-SFP-E

    • MIC-MACSEC-20GE

    Supported platforms:

    • MX80 (with MIC)

    • MX104 (fixed interfaces as well as MIC)

    • MX240, MX480, and MX960 (with MPC+ MIC)

    Table 2: SFP+ Transceiver Support on the MX Series

    SFP+ Model

    Supported MPCs, MICs, and Platforms

    SFPP-XGE-TDM-STM16

    Supported MPCs:

    • MX-MPC1E-3D (with MIC)

    • MX-MPC1E-3D-Q (with MIC)

    • MX-MPC2E-3D (with MIC)

    • MX-MPC2E-3D-Q (with MIC)

    • MX-MPC2E-3D-NG (with MIC)

    • MX-MPC3E-3D-NG (with MIC)

    Supported MICs:

    • MIC-MACSEC-20GE

    Supported platforms:

    • MX80 (with MIC)

    • MX104 (fixed interfaces as well as MIC)

    • MX240, MX480, and MX960 (with MPC+ MIC)

    See the [Hardware Compatibility Tool].

Authentication, Authorization and Accounting (AAA) (RADIUS)

  • Support for password change policy enhancement (MX Series)—Starting in Junos OS Release 18.4R1, the Junos OS password change policy for local user accounts is enhanced to comply with additional password policies. As part of the policy improvement, you can configure the following:

    • maximum-lifetime-value—The maximum duration of a password. The password expires after the maximum is reached.

    • minimum-lifetime-value—The minimum duration of a password. You cannot change the password until the minimum duration is reached.

    [See password.]

Class of Service (CoS)

  • Support for five-level hierarchical CoS with dynamic interface set over dynamic interface sets (MX Series) — Starting in Junos OS Release 18.4R1, five-level hierarchical CoS with the ability to configure dynamic interface sets over dynamic interface sets is supported on NG-MPC2E, NG-MPC3E, MPC5, and MPC7 line cards.

    [See stacked-interface-set (Dynamic Profiles).]

  • Support for dynamic and static logical interfaces in the same dynamic interface set (MX Series) — Starting in Junos OS Release 18.4R1, you can apply dynamic and static logical interfaces in the same dynamic interface set on all MPCs that support four-level and five-level hierarchical CoS.

    [See Understanding Hierarchical CoS for Subscriber Interfaces.]

EVPN

  • Support for VMTO for ingress traffic (MX Series)—Starting in Junos OS Release 18.4R1, you can configure a leaf or spine device that is configured as a Layer 3 gateway to support virtual machine traffic optimization (VMTO) for ingress traffic. VMTO eliminates the unnecessary ingress routing to default gateways when a virtual machine is moved from one data center to another.

    To enable VMTO, configure remote-ip-host routes at the [edit routing-instances routing-instance-name protocols evpn] hierarchy level. You can also filter out the unwanted routes by configuring an import policy under the remote-ip-host routes option.

    [See Ingress Virtual Machine Traffic Optimization.]

  • Support for multihomed proxy advertisement (MX Series)—Starting in Junos OS Release 18.4R1, Junos OS now provides enhanced support to proxy advertise the MAC address and IP route entry from all leaf devices that are multihomed to a CE device. This can prevent traffic loss when one of the connections to the leaf device fail. To support the multihomed proxy advertisement, all multihomed PE devices should have the same multihomed proxy advertisement bit value. The multihomed proxy advertisement feature is enabled by default, and Junos OS uses the default multihomed proxy advertisement bit value of 0x20.

    [See EVPN Multihoming Overview.]

  • Automatically generated and assigned Ethernet segment identifiers in EVPN-VXLAN and EVPN-MPLS Networks (MX240, MX480, QFX5100, and QFX5110)—Starting in Junos OS Release 18.4R1, you can configure aggregated Ethernet interfaces and aggregated Ethernet logical interfaces on which LACP is enabled to automatically generate and assign Ethernet segment identifiers (ESIs) to themselves. We support this feature in the following environments:

    • On MX240 or MX480 routers that are multihomed in active-standby or active-active mode in an EVPN-MPLS network.

    • On QFX5100 or QFX5110 switches that are multihomed in active-active mode in an EVPN-VLAN network.

  • MLD snooping support for EVPN-MPLS (MX Series and vMX)—Starting with Junos OS Release 18.4R1, you can configure Multicast Listener Discovery (MLD) protocol snooping on MX Series routers with MPCs and vMX routers in an EVPN over an MPLS network. Enabling MLD snooping helps to constrain IPv6 multicast traffic to interested receivers in a broadcast domain. Multicast sources and receivers in the EVPN instance (EVI) can each be single-homed to one provider edge (PE) device or multihomed in all-active mode to multiple PE devices.

    MLD snooping support in this environment includes:

    • Either MLDv1 and MLDv2 with any-source multicast (*,G) or MLDv2 with source-specific multicast (S,G) (configurable)

    • MLD state synchronization among multihoming PE devices using BGP EVPN Type 7 (Join Sync Route) and Type 8 (Leave Sync Route) network layer reachability information (NLRI)

    • Inclusive multicast forwarding from the ingress PE device into the EVPN core to reach all other PE devices

    • Forwarding across bridge domains (VLANs) using IRB interfaces and PIM operating in passive and distributed designated router (PIM-DDR) modes

    [See Overview of Multicast Forwarding with IGMP or MLD Snooping in an EVPN-MPLS Environment.]

  • Assisted Replication in data centers with EVPN-VXLAN overlay networks (MX Series and QFX Series)—Starting in Junos OS Release 18.4R1, MX Series routers and QFX Series switches support assisted replication (AR) in data centers with EVPN-VXLAN networks to optimize replication of BUM traffic being forwarded into the EVPN core. Instead of flooding BUM traffic using ingress replication, devices configured as AR leaf devices forward the traffic to an AR replicator device that can better handle the replication load, and only the AR replicator device replicates and forwards the traffic to the overlay tunnels. Only QFX Series switches are supported as AR replicator devices.

    AR devices advertise EVPN Type 3 (Inclusive Multicast Ethernet Tag [IMET]) routes that include special AR Type and Flags fields indicating AR device roles. The network can also include devices that do not support AR, which ignore AR routes and use ingress replication to forward BUM traffic toward the EVPN core.

    AR can also be configured with IGMP snooping to further optimize BUM traffic replication and forwarding.

  • Support for graceful restart on EVPN-VXLAN (MX Series)—Starting in Junos OS Release 18.4R1, Junos OS supports graceful restart on EVPN-VXLAN on EX9200 and QFX Series switches and MX Series Routers. Graceful restart allows the device to recover from a routing process restart or Routing Engine switchover without nonstop active routing (NSR) enabled.

    [See NSR and Unified ISSU Support for EVPN Overview.]

Forwarding and Sampling

  • Support for activating or deactivating static routes on the basis of RPM test results (MX Series)—Starting in Junos OS 18.4R1, you can use RPM probes to detect link status, and change the preferred-route state on the basis of the probe results. Tracked routes can be IPv4 or IPv6, and support a single IPv4 or IPv6 next hop. For example, RPM probes can be sent to an IP address to determine if the link is up, and if so, take the action of installing a static route in the route table . RPM-tracked routes are installed with preference 1 and thus are preferred over any existing static routes for the same prefix.

    [See Configuring RPM Probes , rpm-tracking, and show route rpm-tracking.]

General Routing

  • Avoid jlock hogs by configuring jlock hold time (MX Series)—Starting with Junos OS Release 18.4R1, users can configure a jlock hold time threshold value via sysctl. This helps avoid jlock hogs (tight loops) in ifd_walk by dropping the jlock after the threshold time is reached. The default hold time is 50ms.

    [See sysctl() Function]

High Availability (HA) and Resiliency

  • BFD Client for segment routing (MX Series)—This feature is not supported on Junos OS Release 18.4R1. You can configure Junos OS to run Seamless Bidirectional Forwarding Detection (S-BFD) over non colored segment routing tunnels and use S-BFD as a fast mechanism to detect path failures. You can configure bfd-liveness-detection at the [edit protocols source-packet-routing segment-list] hierarchy level for enabling path-level S-BFD for a segment list.

  • Resiliency support for Switch Interface Boards (MX10016)—Starting in Junos OS Release 18.4R1, resiliency support is enabled for Switch Interface Boards (SIBs) on MX10016 routers. Resiliency support enables the device to monitor hardware anomalies that can appear at boot time or at runtime. IDEEPROM read failure is an example of boot-time error. Voltage and temperature sensor readings that do not match permissible limits are examples of runtime errors.

Interfaces and Chassis

Junos Telemetry Interface

  • Export of subscriber accounting and dynamic interface and interface-set queue statistics through Junos Telemetry Interface (JTI) (MX Series Routers) —Starting in Junos OS Release 18.4R1, you can export statistics associated with dynamic subscriber interface stacking through remote procedure calls (gRPC). Accurate statistics (actual transit statistics) sensor for the subscriber interface includes IP (total) and IPv6 ingress and egress packets and bytes. Queue statistics for dynamic interface and interface sets include include counts of transmitted and dropped packets and bytes. The queue statistics sensors are maintained per contributing slot (as in the case with AE). Separate metadata sensors convey more contextual information about the dynamic interface and interface sets are available. The metadata sensors are also eligible for ON_CHANGE streaming.

    To enable subscriber and queue statistics for telemetry, include the subscriber-statistics and queue-statistics statements at the [edit dynamic-profiles profile-name telemetry] hierarchy level.

    [See dynamic-profiles and Guidelines for gRPC Sensors (Junos Telemetry Interface).]

  • Expanded ON_CHANGE support for Junos Telemetry Interface (JTI) (MX960, MX2010, MX2020, PTX5000, PTX1000, and PTX10000)—Starting in Junos OS Release 18.4R1, OpenConfig support through remote procedure call (gRPC) and JTI is extended to support additional ON_CHANGE sensors.

    Periodical streaming of OpenConfig operational states and counters collects information at regular intervals. ON_CHANGE support streams operational states as events (only when there is a change), and is preferred over periodic streaming for time-sensitive missions.

    These paths, previously supporting periodical streaming only, now also support ON_CHANGE streaming:

    • /components/component

    • /components/component/name/

    • /components/component/state/type

    • /components/component/state/id

    • /components/component/state/description

    • /components/component/state/serial-no

    • /components/component/state/part-no

    ON_CHANGE notification will be supported on all the hardware components displayed in the Junos OS CLI operational mode command show chassis hardware.

    To provision a sensor to export data through gRPC, use the telemetrySubscribe RPC to specify telemetry parameters. To enable ON_CHANGE support, configure the sample frequency in the subscription as zero.

    [See Guidelines for gRPC Sensors (Junos Telemetry Interface) and show chassis hardware.]

  • Support for NTF agent (MX240, MX480, MX960, MX2010, MX2020, PTX1000, PTX5000, PTX10000, and VMX)—Junos OS exposes telemetry data over gRPC and UDP as part of the Junos Telemetry Interface (JTI). One way to stream JTI data into your existing telemetry and analytics infrastructure requires managing an external entity to convert the data into a compatible format. Starting in Junos OS Release 18.4R1, the NTF agent feature provides an on-box solution that allows you to configure and customize to which endpoint (such as IPFIX and Kafka) the JTI data is delivered and in which format (such as AVRO, JSON, and MessagePack) the data is encoded.

    [See NTF Agent Overview.]

  • Abstracted fabric interface support on Junos Telemetry Interface (JTI) (MX480, MX960, MX2008, MX2010, MX2020, and MX-ELM)—Starting in Junos OS Release 18.4R1, JTI sensor support is available for abstracted fabric interfaces. An abstracted fabric interface is a pseudointerface that represents a first class Ethernet interface behavior. This sensor is only supported for node virtualization configurations on MX routers with an abstract fabric Interface as the connecting link between guest network functions (GNFs). JTI sensors will report interface-specific load-balancing and fabric queue statistics. They also will report aggregated statistics across all abstracted fabric interfaces hosted on a source Packet Forwarding Engine of local guest network functions (GNFs) along with the fabric statistics for all traffic ingressing from and egressing to the fabric from that Packet Forwarding Engine.

    JTI sensor support is for both gRPC sensors and native (UDP) sensors. Use the following resource path to configure JTI sensors:

    • /junos/system/linecard/node-slicing/af-fab-stats/

    To provision the sensor to export data through gRPC, use the telemetrySubcribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the Junos Telemetry Interface (JTI).

    For exporting statistics using UDP native sensors, configure parameters at the [edit services analytics] hierarchy level.

    [See sensor (Junos Telemetry Interface), Configuring a Junos Telemetry Interface Sensor (CLI Procedure), and Guidelines for gRPC Sensors (Junos Telemetry Interface).]

  • Enhanced IS-IS sensor support for Junos Telemetry Interface (JTI) (MX960, MX2020, PTX5000, PTX1000, and PTX10000)—Starting in Junos OS Release 18.4R1, JTI supports OpenConfig Version v0.3.3 (from v0.2.1) for resource paths related to IS-IS link-state database (LSDB) streaming. The difference between the two versions results in changes, additions, deletions, or non-support for leaf devices related to the following IS-IS type length value (TLV) parameters and IS-IS areas:

    • TLV 135: extended-ipv4-reachability

    • TLV 236: ipv6-reachability

    • TLV 22: extended-is-reachability

    • TLV 242: router-capabilities

    • IS-IS interface attributes

    • IS-IS adjacency attributes

    To provision the sensor to export data through gRPC streaming, use the telemetry Subscribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires the OpenConfig and Network Agent packages, both of which are bundled into the Junos image in a default package named junos-openconfig.

    [See Configuring a Junos Telemetry Interface Sensor (CLI Procedure) and Guidelines for gRPC Sensors (Junos Telemetry Interface).]

Layer 2 VPN

  • Group VPN on AMS interface (MX Series)—Starting in Junos OS Release 18.4R1, Junos OS supports load-balancing Group VPN services on AMS interfaces. AMS interfaces are a bundle of interfaces that function as a single interface and can be configured to load-balance traffic among the group members. To configure load balancing of Group VPN services on AMS interfaces, include the ipsec-group-vpn in the [edit services service-set service-set-name] hierarchy level to configure the service set and the load-balancing-option statements in the service-interface hierarchy of the AMS interface to enable load balancing.

    For more information on configuring AMS interfaces, see Configuring Aggregated Multiservices Interfaces.

    [See Group VPN on AMS Interfaces.]

MPLS

  • Track IGP metric for install prefixes (MX Series)—Starting in Junos OS Release 18.4R1, you can let the install prefixes follow the metric of their corresponding IGP prefix so that the various RSVP protocol routes installed for the LSP can now each have their indivdual metric value. The install-prefix IGP metric tracking feature can be configured for all LSPs at the [edit protocols mpls] level or on a per-LSP basis at the [edit protocols mpls label-switched-path] hierarchy level.

  • Note

    This feature is documented but not supported in Junos OS Release 18.4R1.

    Support for IP-based filtering and port mirroring of MPLS traffic (MX Series with MPC and MIC)—Starting in Junos OS Release 18.4R1, you can apply inbound and outbound filters for MPLS family based on MPLS-tagged IPv4 and IPv6 parameters using inner payload match conditions, and enable selective port mirroring of MPLS traffic unto a monitoring device.

    To enable IP-based filtering, additional match conditions, such as IPv4 and IPv6 source and destination addresses, protocol, source and destination ports, and IPv4 and IPv6 source and destination prefix list, are added under the MPLS filter term from parameter.

    To enable port mirroring, additional actions, such as port-mirror and port-mirror-instance, are added for all the match conditions under the filter term then parameter.

    [See Understanding IP-Based Filtering and Selective Port Mirroring of MPLS Traffic.]

  • Static egress LSP with IPv6 next-hop—Starting in Junos OS Release 18.4R1, you can configure static LSP on the egress router with the IPv6 as a next­hop address to forward IPv6 traffic. Static LSP supports next­hop indirection and link protection.

Network Management and Monitoring

  • New major alarms on MX Series routers with MPC1 and MPC2—Starting in Junos OS Release 18.4R1, on MX Series routers with MPC1 and MPC2 line cards, a major chassis alarm is raised when the following transient hardware errors occur:

    • CPQ SRAM parity error

    • CPQ RLDRAM double bit ECC error

    In the Description column of show chassis alarm outputs, these errors are described as “FPC <slot number> Major Errors”; for example:

    user@host> show chassis alarms

    By default, these errors result in the Packet Forwarding Engine interfaces on the FPC being disabled. You can use the show chassis fpc errors command to view the default or user-configured action that resulted from the error.

    You can check the syslog messages to learn more about the errors. See the following examples:

    To resolve the error, restart the line card. If the error is still not resolved, open a support case using the Case Manager link at https://www.juniper.net/cm/ or call 1-888-314-JTAC (within the United States) or 1-408-745-9500 (from outside the United States).

  • Support for Junos Space Service Now (MX10016)—Starting in Junos OS Release 18.4R1, MX10016 routers s support Junos Space Service Now. The Junos Space Service Now is an application that runs on the Junos Space Network Management Platform to automate fault management and accelerate issue resolution.

    [See Junos Space Service Now.]

Operation, Administration, and Maintenance (OAM)

  • Support for inline link fault management (MX Series)—Starting in Junos OS Release 18.4R1, Junos OS supports inline mode for OAM link fault management (LFM) on MX Series routers. Inline LFM delegates the transmission and receipt of LFM keepalive packets from the periodic packet management (ppm) process on the line card to the forwarding ASIC (that is, to the hardware). Inline LFM reduces the load on the ppm process and can support LFM in-service software upgrade (ISSU) for non-Juniper peers (for a keepalive interval of 1 second). You can enable inline LFM by including the hardware-assisted-keepalives configuration statement at the [edit protocols oam ethernet link-fault-management] hierarchy level. To disable inline LFM, delete the hardware-assisted-keepalives statement. The show oam ethernet link-fault-management detail command displays the keepalive packet statistics. Starting from Release 18.4R1, when inline LFM is enabled, the keepalive packet statistics are not updated. In earlier releases, the show oam ethernet link-fault-management detail command displayed the keepalive packet statistics.

    [See Enabling Inline Transmission of LInk Fault Management Keepalives for Maximum Scaling.]

Routing Policy and Firewall Filters

  • Support for next-filter as a firewall filter action (MX Series)—Starting in Junos OS Release 18.4R1, firewall filters can be configured to execute a sequence of firewall filter actions. The new next-filter option allows you to deploy a filter list and run a series of filters, similar to what is already available with next-term actions, and provides filter scale optimization. Up to eight filters can be chained in this way. The feature is not supported on logical systems, or on loopback and pseudo-interfaces.

    You can use a filter list to implement a mix of multifield-classification and firewall filter rules. For example, the first filter in the list can be used to perform a generic filter classification, and the subsequent filters can then do the actual filtering.

    [See input-chain and output-chain.]

  • Filter-based GRE encapsulation (MX Series)—Starting in Junos OS Release 18.4R1, you can use tunnel-end-point commands to enable line-rate, filter-based, GRE tunneling of IPv4 and IPv6 payloads across IPv4 networks.

    This GRE encapsulation is not supported for logical systems or for MPLS traffic, and the route lookup for GRE encapsulated traffic is supported on the default routing instance only.

    The following commands are introduced for this feature:

    set firewall tunnel-end-point tunnel-name gre

    set firewall tunnel-end-point tunnel-name ipv4

    set firewall tunnel-end-point tunnel-name ipv6

    [See tunnel-end-point and Filter-Based Tunneling Across IPv4 Networks.]

Routing Protocols

  • Support for BGP flowspec redirect to IP (MX Series)—Starting in Junos OS Release 18.4R1, BGP flow specification as described in BGP Flow-Spec Internet draft draft-ietf-idr-flowspec-redirect-ip-02.txt, Redirect to IP Action is supported. Redirect to IP action uses extended BGP community to provide traffic filtering options for DDoS mitigation in service provider networks. Legacy flow specification, as specified in the Internet draft draft-ietf-idr-flowspec-redirect-ip-00.txt, BGP Flow-Spec Extended Community for Traffic Redirect to IP Next Hop, redirect to IP uses the BGP nexthop attribute to support interoperability of devices. Junos OS advertises redirect to IP flow specification action using the extended community by default. Redirect to IP action allows you to divert matching flow specification traffic to a globally reachable address. This feature is required to support service chaining in virtual service control gateway (vSCG).

    To configure a static IPv4 flow specification route, include the redirect ipv4-address statement at the [edit routing-options flow route then] hierarchy level in the configuration.

    To configure a static IPv6 specification route, include the redirect ipv6-address statement at the [edit routing-options flow route then] hierarchy level in the configuration.

    To configure legacy flow specification include legacy-redirect-ip-action at the [edit group bgp-group neighbor bgp neighbor family inet flow] hierarchy level.

    To configure BGP to use VRF.inet.0 table to resolve VRF flow specification routes, include secondary-independent-resolution statement at the [edit protocols bgp neighbor family flow] hierarchy level.

  • Support for 64 BGP add-path routes (MX Series)—Starting in Junos OS Release 18.4R1, support is extended to 64 BGP add-path routes. Currently Junos OS supports six add-path routes and BGP can advertise up to 20 add-path routes through policy configuration. If you enable advertisement of multiple paths to a destination or if you increase the add-path prefix policy send count, BGP can now advertise up to 64 add-path routes.

    To advertise all add-paths, up to 64 add-paths or only equal-cost paths, include the path-selection-mode statement at the [edit protocols bgp group group-name family name addpath send] hierarchy level. You cannot enable both multipath and path-selection-mode at the same time.

    To advertise a second best path as a backup path in addition to the multiple ECMP paths include the include-backup-path backup_path_name statement at the [edit protocols bgp group group-name family name addpath send]] hierarchy level.

    [See path-selection-mode.]

    [See include-backup-path.]

  • Support for BGP egress peer engineering (MX Series)—Starting in Junos OS Release 18.4R1, BGP LS extensions are enhanced to export segment routing topology information to the controller. A centralized controller in a software-defined network (SDN) can program any egress peer policy at ingress border routers or at hosts within the domain in a segment routing network. The egress router advertises the peer node SID label for all its peers, and the controller advertises these SID labels to the ingress router. Thus the ingress router can select these SID labels to transfer data packets to the egress peers. The path that the controller derives can override the network derived best path. This feature can also be used in an inter domain scenario.

    To configure a peer node SID, include egress-te-node-segment-label at the [edit protocols bgp group group-name neighbor neighbor-name] hierarchy level.

    To configure a peer adjacency SID, include egress-te-adj-segment adj-segment-name at the [edit protocols bgp group group-name neighbor neighbor-name] hierarchy level.

    To create a peer set SID, include egress-te-set-segment set-segment-name label label-name at the [edit protocols bgp] hierarchy level.

  • Support for IPv4 VPN unicast and IPv6 VPN unicast address families in BGP (MX Series)—Starting in Junos OS Release 18.4R1, the following address families are supported to enable advertisement or reception, or both, of multiple paths to a destination to and from the same BGP peer, instead of advertising and receiving only the active path to and from the same BGP peer, under the [edit protocols bgp group group-name] hierarchy.

    • IPv4 VPN unicast (family inet-vpn)

    • IPv6 VPN unicast (family inet6-vpn)

    [See Understanding the Advertisement of Multiple Paths to a Single Destination in BGP.]

  • BGP add path support for eBGP (MX Series)—Starting in Junos OS Release 18.4R1, add path receive is now supported for eBGP under the [edit logical-systems logical-system-name protocols bgp group group-name family family].

Services Applications

  • Support for MPLS-IPv6 inline active flow monitoring (MX Series)—Starting in Junos OS Release 18.4R1 on MX Series routers, you can perform inline flow monitoring for MPLS-IPv6 traffic. Both IPFIX and version 9 templates are supported. If you are running inline flow monitoring on a Lookup (LU) card, you must enable sideband mode to create MPLS-IPv6 flow records.

    [See Configuring Inline Active Flow Monitoring Using Routers, Switches or NFX250.]

  • MX Series Virtual Chassis NAT support on BNG (MX240, MX480, and MX960 routers with MS-MPCs and MS-MICs)—Starting in Junos OS Release 18.4R1, you can configure a two-member MX Series Virtual Chassis to use the Juniper broadband network gateway (BNG) with IPv4-to-IPv4 basic NAT, dynamic NAT, static destination NAT, dynamic NAT with port mapping, and stateful NAT64. A two-member MX Series Virtual Chassis configuration supports a maximum of four MS-MPCs and four MS-MICs per Virtual Chassis.

    [See Protocols and Applications Supported by the MS-MIC and MS-MPC.]

  • MX Series Virtual Chassis DS-Lite support (MX240, MX480, and MX960 routers with MS-MPCs and MS-MICs)—Starting in Junos OS Release 18.4R1, you can configure DS-Lite on a two-member MX Series Virtual Chassis. A two-member MX Series Virtual Chassis configuration supports a maximum of four MS-MPCs and four MS-MICs per Virtual Chassis.

    [See Protocols and Applications Supported by the MS-MIC and MS-MPC.]

Software Defined Networking (SDN)

Subscriber Management and Services

  • Limit subscriber sessions per user and access profile (MX Series)—Starting in Junos OS Release 18.4R1, you can configure a limit on the number of sessions that can be active for a given username in an access profile.

    The show network-access aaa statistics session-limit-per-username command displays the number of active sessions and of blocked requests for usernames in each access profile. The clear network-access aaa statistics session-limit-per-username command enables you to clear blocked requests for debugging subscriber session limits.

    [See Understanding Session Options for Subscriber Access.]

  • New BBE statistics collection and management process (MX Series)—Starting in Junos OS Release 18.4R1, the BBE statistics collection and management process, bbe-statsd, is introduced to take advantage of high-performance Routing Engines to increase the frequency of statistics collection and improve statistics processing in highly scaled environments. The bbe-stats-service option has been added to the restart command for restarting this statistics process.

    To collect subscriber and service statistics, you now must enable the actual-transit-statistics statement. If you do not configure this statement, subscriber statistics are not collected; the show subscribers accounting-statistics command displays a value of zero for subscriber statistics; and the subscriber statistics are reported to RADIUS with values of zero.

    [See Enabling the Reporting of Accurate Subscriber Accounting Statistics to the CLI.]

  • Subscriber secure policy information not revealed in core file dumps (MX Series)—Starting in Junos OS Release 18.4R1, subscriber secure policy (SSP) information that might identify subscribers or mediation devices is automatically encrypted when the authd, bbe-smgd, or dfcd process generates core error files. Unauthorized persons examining the error files are unable to view the SSP information. The SSP information that might be present in the core error file includes the source and destination IP address for the mediation device, device ports, and intercept ID. No configuration is required or possible.

    [See Subscriber Secure Policy Overview.]

  • Increased number of IP addresses in DHCPv4 server groups (MX Series)—Starting in Junos OS Release 18.4R1, DHCPv4 server groups support up to 32 active server IP addresses. In earlier releases, only 5 servers are supported.

    [See Configuring Active Server Groups to Apply a Common DHCP Relay Agent Configuration to Named Server Groups.]

  • Address allocation method determines behavior when address pool is deleted or drained (MX Series)—Starting in Junos OS Release 18.4R1, additional checking is performed to determine the subsequent behavior when authd notifies the DHCP process that an address pool is deleted or being drained:

    • When addresses are allocated on demand, the family with the address in that pool is logged out immediately when the pool is deleted, or logged out gracefully by the draining process when a DHCP renew or rebind message is received.

    • When the addresses are preallocated, the addresses for both families are deleted immediately when the pool is deleted, or deleted gracefully by the draining process when a DHCP renew or rebind message is received.

    [See Single-Session DHCP Dual-Stack Overview and Configuring DHCP Local Address Pool Rapid Drain.]

  • Enhanced support for forwarding ACKs from trusted servers (MX Series)—Starting in Junos OS Release 18.4R1, the allow-server-change option of the active-server-group statement enables the DHCPv4 relay agent to forward ACKs to DHCP information request (DHCPINFORM) messages from any server in the active server group to the client. In earlier releases, only ACKs to DHCP request (renew or rebind) messages can be forwarded from trusted servers.

    [See Configuring Active Server Groups to Apply a Common DHCP Relay Agent Configuration to Named Server Groups.]

  • Support for DHCPv6 NotOnLink status code (MX Series)—Starting in Junos OS Release 18.4R1, the DHCPv6 server can return to the client a status code of NotOnLink in the Reply PDU IA field during reauthentication when the subscriber IP or IPv6 address changes. This code means that at least one address in the client’s request IA is not appropriate for the client’s connection link. In earlier releases, only a NoAddrsAvail or NoPrefixAvail status code can be returned when there is an issue with requested addresses.

    [See RADIUS Reauthentication As an Alternative to RADIUS CoA for DHCP Subscribers.]

  • Reassign IPv4 address to a new subscriber (MX Series)—Starting in Junos OS Release 18.4R1, you can enable a new subscriber to be reassigned an IPv4 address that is currently assigned to an existing subscriber by including the reassign-on-match option with the address-protection statement. The new subscriber request is rejected, but the existing subscriber is disconnected. The address is assigned to the new subscriber when it renegotiates the session

    [See Configuring Duplicate IPv4 Address Protection for AAA.]

  • New predefined variables and RADIUS VSAs for interface and set targeted distribution (MX Series)—Starting in Junos OS Release 18.4R1, when you target an interface or an interface set for distribution on aggregated Ethernet member links, you can use a Juniper Networks predefined variable to source the weight value from the RADIUS Access-Accept message on a per-subscriber basis, or from Diameter AVPs during NASREQ processing:

    • $junos-interface-target-weight corresponds to Juniper Networks VSA 26-214, Interface-Targeting-Weight.

    • $junos-interface-set-target-weight corresponds to Juniper Networks VSA 26-213, Interface-Set-Targeting-Weight.

    [See Junos OS Predefined Variables That Correspond to RADIUS Attributes and VSAs.]

  • Support for exporting BNG sensor data to an IPFIX collector (MX Series)—Starting in Junos OS Release 18.4R1, the input-jti-ipfix plug-in collects a limited set of sensor data from the local BNG Junos Telemetry Interface and translates it to the appropriate IPFIX records for export to an IPFIX collector.

    [See Telemetry Data Collection on the IPFIX Mediator for Export to an IPFIX Collector.]

  • Detection and autogeneration of logical interface sets representing logical access nodes (MX Series)—Starting in Junos OS Release 18.4R1, you can configure the router to parse the ANCP Access-Aggregation-Circuit-ID-ASCII attribute (TLV 0x0003). When the TLV string begins with a # character, the entire string is a backhaul line identifier. The portion of the string after the # delimiter represents a logical intermediate node (DPU-C or PON tree) in the access network to which the subscriber is attached. This portion is used to set the value of the $junos-aggregation-interface-set-name variable, and is used as the name of a CoS Level 2 interface set that groups subscribers. Enable parsing with the hierarchical-access-network-detection option of the access-line statement.

    [See Detection of Backhaul Line Identifiers and Autogeneration of Intermediate Node Interface Sets.]

  • BGP support over dynamic PPPoE interfaces (MX Series)—Starting in Junos OS Release 18.4R1, BGP is supported over dynamic PPPoE interfaces. PPPoE subscriber clients correspond to BGP neighbors, so you configure the PPPoE subscriber client IP addresses as the BGP neighbor addresses with the [edit protocols bgp group name neighbor] stanza.

    You must enable routing services in both the PPPoE subscriber dynamic profile and the dynamic profile for the underlying VLAN interface with the new routing-service statement. This statement replaces the deprecated routing-services statement.

    You can also selectively enable or disable routing services per subscriber through RADIUS by using the new $junos-routing-services predefined variable. The action is determined by the value of the new Routing-Services VSA (26-212) returned in the RADIUS Access-Accept message.

    [See Junos OS Enhanced Subscriber Management.]

  • Support for Layer 2 services provisioning on the services side of pseudowire service logical interface anchored on redundant logical tunnel interface (MX Series with MPC and MIC)—Starting in Junos OS Release 18.4R1, Layer 2 services provisioning such as bridge and VPLS, is supported on the services side of the pseudowire service logical interface anchored to redundant logical tunnel interface. With this support, the chassis-wide scaling numbers available for the physical interfaces over redundant logical tunnels is extended to pseudowire service interfaces anchored over redundant logical tunnel interfaces.

    [See Layer 2 Services on Pseudowire Service Interface Overview.]

  • Support of single-hop BFD sessions for pseudowire redundant logical interfaces (MX Series)——Junos OS supports inline distribution of single-hop Bidirectional Forwarding Detection [protocol] (BFD) sessions for pseudowire subscriber logical tunnel interfaces by default, as these interfaces are anchored on a single Flexible PIC Concentrator (FPC). With pseudowire redundant logical interfaces, the member logical tunnel interfaces can be hosted on different linecards. As a result, single-hop BFD sessions are operated in a centralized mode because the distribution address is not available for these logical interfaces.

    Starting in Junos OS Release 18.4R1, the support for inline distribution of single-hop BFD sessions is extended to pseudowire subscriber over redundant logical tunnel interfaces, thereby improving the scaling (number of sessions) and performance (detection time) of single-hop BFD sessions.

    [See Anchor Redundancy Pseudowire Subscriber Logical Interfaces Overview.]

  • ARP enhancements for subscriber management (MX Series)—Starting in Junos OS Release 18.4R1, the following ARP enhancements are supported only for framed routes on dynamic VLANs:

    • Dynamic layer 2 MAC address resolution works for network (non-host) IPv4 framed routes. The non-host framed route is coupled with the dynamic Layer 2 address associated with a host route.

    • You can enable the router to compare the source MAC address received in a gratuitous ARP request or reply packet with the value in the ARP cache. The router updates the cache with the received MAC address if it determines this address is different from the cache entry.

    • You can enable dynamic ARP to resolve the MAC address for IPv4 framed host (32-bit) routes. By default, the framed route is permanently associated with the source MAC address received in the packet that triggered creation of the dynamic VLAN.

      [See Junos OS Enhanced Subscriber Management Overview.]

System Management

  • Secure copy (scp) support on Junos OS CLI with the ”source address” and ”routing instance” options (MX240, MX480, MX960, MX2010, MX2020, and vMX)— Starting in Junos OS Release 18.4R1, MX Series routers support the scp command from the CLI, along with two additional options: source address and routing instance. The source address option specifies the local address to use in originating the connection and routing instance option specifies the name of routing instance for the scp session. These two options are also added in the following CLI commands where the scp URL is supported: file copy, file archive, save, show|save, show|compare, load merge, load override, load patch, load replace, load set, and load update. The functionality of these commands remains the same with the source address and routing instance options added.

    Note

    The scp command is available under operational mode and configuration mode.

    [See scp , file copy, file archive, load, and save.]

Timing and Synchronization

  • Synchronous Ethernet support for enhanced Switch Control Board (MX240, MX480, and MX960)—Starting in Junos OS Release 18.4R1, MX Series routers with the enhanced Switch Control Board (SCBE3-MX) support synchronous Ethernet. Synchronous Ethernet is a physical layer technology that functions regardless of the network load and supports hop-by-hop frequency transfer. This enables you to deliver synchronization services that meet the requirements of modern-day mobile network, and future Long Term Evolution (LTE)–based infrastructures.

    [See Synchronous Ethernet Overview.]

VPN

  • Support to control traceroute over Layer 3 VPN (MX Series)—Starting in Junos OS Release 18.4R1, in a Layer 3 VPN topology with vrf-table-label configured and multiple customer edge (CE) routers configured in the same VPN routing and forwarding (VRF) routing instance, when traceroute is performed to a remote provider edge (PE) router for a CE-facing network, the ICMP time exceeded packet determines the correct IP address as the source address.

    To control the traceroute over Layer 3 VPN topology with vrf-table-label configured and multiple CE routers configured in the same VRF, you can configure allow-l3vpn-traceroute-src-select at the[edit system] hierarchy level that determines the correct IP source address by reviewing the destination routing instance and destination IP address.

    [See allow-l3vpn-traceroute-src-select.]

Changes in Behavior and Syntax

This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands from Junos OS Release 18.4R1 for MX Series routers.

General Routing

  • Zero MAC address (00:00:00:00:00:00) treated as "my mac" (MX-Series)—When an Ethernet packet arrives in ingress, pre-classifier engine will perform a lookup of MAC address. If the MAC address matches an entry in the pre-classifier Ternary Content Addressable Memory (TCAM) and the entry has “my mac” attribute, pre-classifier engine will set the “my mac” bit in the cookie prepended to the incoming packet. In current implementation, MAC address “00:00:00:00:00:00” (zero MAC) is programmed as default value for “my mac” TCAM entries when the pre-allocated entries are not used or configured. Hence the packets with zero MAC are marked as “my mac” in the packet cookie. Forwarding engine will check “my mac” bit in the packet cookie. If “my mac” bit is 0, the packet will be dropped. If “my mac” bit is 1, further L2, L3, MPLS lookup will be performed. The “my mac” behavior is applicable since the day one release.

Interfaces and Chassis

  • New option to configure IP address to be used when the Routing Engine is the current master—Starting in Junos OS Release 18.4R1, a new option, master-only, is supported on routers with RE-MX-X6, RE-MX-X8, and RE-PTX-X8 Routing Engines at the following hierarchies:

    • [edit vmhost interfaces management-if interface (0|1) family inet address IPv4 address]

    • [edit vmhost interfaces management-if interface (0|1) family inet6 address IPv6 address]

    In routing platforms with dual Routing Engines and VM host support, the master-only option allows you to configure the IP address to be used for the VM host when the Routing Engine is the current master. The master Routing Engine and the backup Routing Engine can have independent host IP addresses configured. In earlier releases, same IP address would be applied on master and backup Routing Engines resulting in configuration issues.

  • TLV status for Layer 2 protocols (MX460)—Starting in Junos OS Release 18.4R1, the output fields Next-hop and vpls-status are displayed in the show interfaces interface name detail command, only for Layer 2 protocols on MX480 routers.

MPLS

  • When you configure zero (0) as the bandwidth of an RSVP interface, the bandwidth value is overwritten with the default interface bandwidth, which is the hardware raw bandwidth. This can lead to unexpected behavior in the LSP setup.

    [See bandwidth (Protocols RSVP).]

Network Management and Monitoring

  • SSHD process authentication logs timestamp (MX Series)—Starting in Junos OS Release 18.4R1, the SSHD process authentication logs use only the time zone defined in the system time zone. In the earlier releases, the SSHD process authentication logs sometimes used the system time zone and the UTC time zone.

    [See Overview of Junos OS System Log Messages.]

  • The NETCONF server omits warnings in RPC replies when the rfc-compliant statement is configured and the operation returns <ok/> (MX Series)—Starting in Junos OS Release 18.4R1, when you configure the rfc-compliant statement at the [edit system services netconf] hierarchy level to enforce certain behaviors by the NETCONF server, the server must not return an RPC reply that encloses both an <rpc-error> element and an <ok/> element. If the operation is successful, but the server reply would enclose one or more <rpc-error> elements of severity warning in addition to the <ok/> element, then the warnings are omitted. In earlier releases, or when the rfc-compliant statement is not configured, the NETCONF server might issue an RPC reply that encloses both an <rpc-error> element of severity warning and an <ok/> element.

  • Change in severity level of XQSS errors (MX Series)—Starting in Junos OS Release 18.4R1, on MX series routers with the MPC7E-10G, MPC7E-MRATE, MPC8E, and MPC9E line cards, the severity level of the following errors have been changed from Fatal to Major.

    • XQSS_CMERROR_CPQW_ERR_INT_FSET_SLOW_DEQ_DRY_ERR

    • XQSS_CMERROR_CPQW_ERR_INT_FSET_FAST_DEQ_DRY_ERR

    With this change, the above errors no longer cause the entire FPC to go offline by default. Instead, these errors cause the affected Packet Forwarding Engine (PFE) to be disabled, because disable-pfe is the default action associated with Major errors on MX Series routers.

    Additionally, the severity level of the correctable error XQSS_CMERROR_CORRECTABLE_MEM_ERR has been changed from Fatal to Minor.

    You can use the commands show chassis errors active detail fpc-slot slot and show chassis fpc errors slot to view more details of, and the default actions associated with, these errors.

    [See show chassis fpc errors.]

Security

  • Syslog updated when configuring XPN cipher suite on a non-xpn supported interface (MX Series)—In Junos OS Release 18.4R1, on MX Series Routers, if you attempt to configure XPN cipher suite (gcm-aes-xpn-128 or gcm-aes-xpn-256) for a connectivity association and attach the connectivity association to an interface on the PIC that does not support XPN cipher suite, then during runtime, a syslog is logged as below (and default non-xpn cipher suite is used):

    macsec_ciphersuite_is_supported MACSec: ifd ifd_id (ifd_name), Cipher suite cipher id (cipher name) NOT SUPPORTED.

Software Defined Networking (SDN)

  • Installation or upgrade using remotely located installation package (MX480, MX960, MX2010, MX2020, MX2008)—While performing Junos installation or upgrade on the base system (BSYS) or guest network function, if you provide a URL to the remotely located installation package (for example, an ftp file) in the command request system software add package-file-path, the router locally copies the package, performs checks such as multi-version compatibility checks on the package, and then installs the package. The installation process is aborted if any errors are found during the checks. Previously, if you tried to perform installation or upgrade using a remotely located file, the router would skip multi-version checks and display an error message, but would not abort the installation process.

    [See Junos Node Slicing Upgrade]

Software Installation and Upgrade

  • ZTP is supported on MX PPC platforms (MX Series)—As of Junos OS Release 17.2R3, zero touch provisioning (ZTP) is supported on MX PPC platforms (which are MX5, MX10, MX40, MX80, and MX104 routers). Before the fix, the ZTP process did not start to load image and configuration for MX PPC routers.

    [See Junos OS Installation Package Names.]

Subscriber Management and Services

  • Flat-file service accounting support ends (MX Series)—Starting in Junos OS Release 18.4R1, flat-file service accounting to a local file is no longer supported. If included in a configuration, it is ignored.

    [See Flat-File Accounting Overview.]

Known Behavior

This section contains the known behavior, system maximums, and limitations in hardware and software in Junos OS Release 18.4R1 for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Forwarding and Sampling

  • LTS subscriber statistics are reported to RADIUS. PR1383354

General Routing

  • The problem is, when some route or next hop has been created by the application, it is assumed that it can propagate to the rest of the system. KRT asynchronously picks up this state for propagation. There is no reverse indication to the application, if there was an error in propagating the state. The system is supposed to eventually reconcile. So, if SPRING-TE produces a <route, NH> pair that looks legal from the application’s standpoint, but KRT is not able to download it to the kernel, (because the kernel rejected the next hop), the <route, NH> gets stuck in rpd. In the meantime, the previous version of the route (L-ISIS in this case) that was downloaded still lingers in the kernel and Packet Forwarding Engine. PR1253778

  • Support for enterprise profile is only provided for 10-Gigabit Ethernet interfaces. Use of 40-Gigabit Ethernet and 100-Gigabit Ethernet interfaces might result in a phase alignment issue. PR1310048

  • For inline J-Flow VMX, the InputInt field of the MPLS-V4 data records reports the SNMP index value of the LSI interface instead of the value for the ingress physical interface. PR1312047

  • When cmerror disables Packet Forwarding Engine, it does not power off the ea and hmc chips. Temperature monitoring continues on hmc and other devices, and the system can take proper actions, such as increase the fan speed or shut down the systems. The periodic calls hmc_eri_config_access() to get temperature. It is expected to get ERI timeout continuously in this case. PR1324070

  • Hardware watchdog does not work on QFX10008 and QFX10002-60C/PTX10002-60C. PR1343131

Interfaces and Chassis

  • At JDM install time, each JDM instance generates pseudo-random MAC addresses to be used for JDM's own management interface and for the associated GNFs' management interfaces. At GNF creation time, each GNF instance generates pseudo-random MAC addresses to be used as the chassis MAC address pool for the forwarding interfaces of that GNF. Once generated, JDM and GNF MAC addresses are persistent, and will only be deleted when the JDM or GNF instance itself is deleted.

    At a GNF, the Junos OS CLI command show chassis mac-addresses can be used to examine its chassis MAC address pool, and the Junos OS CLI command show interfaces fxp0 can be used to examine the MAC address of its management interface.

    At JDM, the CLI command show interfaces jmgmt0 can be used to examine the MAC address of its management interface.

    In case of MAC address duplication across JDM or GNF instances, you must delete and then reinstall the respective JDM or GNF instance and check again for duplication.

  • The two SFP+ ports on the the Routing Control Board (RCB) of an MX2008 router have two port LEDs each— one Link Status LED and one Link Activity LED per port. On an MX2008 router, which is connected to an external x86 server in a Junos Node Slicing setup, behavior of these LEDs with regard to Junos Node Slicing configuration is as follows:

    • The Link Status LEDs and Link Activity LEDs on both the ports are off when Junos Node Slicing is disabled or not configured.

    • When you have configured network-slices on the router (also called base system or BSYS) but have not configured guest network functions (GNFs) on the server, the Link Status LED on each port turns green (steady glow). In this case, the Link Activity LED on each port is off.

    • When you have configured Junos Node Slicing (including GNFs), the Link Activity LED on each port is amber (blinking), while the Link Status LED on each port remains green (steady glow).

  • Error thrown when router configuration updated on live system—In Junos OS Release 18.4R1, on MX Series routers with the RE-S-X6-64G and RE-MX2K-X8-64G Routing Engines, when the user changes the router configuration on a live system, or when the user deletes an interface that has active traffic, the message select: protocol failure in circuit setup is randomly displayed. However, there is no known functional impact.

Platform and Infrastructure

  • On all Junos OS platforms, execution of Python scripts through enhanced automation does not work on veriexec images. PR1334425

  • It is expected to see few transient FI Cell underflow errors during ISSU as long as they do not persist. PR1353904

Known Issues

This section lists the known issues in hardware and software in Junos OS Release 18.4R1 for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

EVPN

  • The issue is applicable to mac-in-mac PNN-EVPN and does not affect any other scenario. When PBB EVPN configuration is reloaded on MX Series routers, error logs are seen while deleting interfaces related to backbone bridge component. These errors does not result in any functional issues. PR1323275

  • When stitching EVPN-VXLAN to EVPN-MPLS or EVPN-MPLS to EVPN-MPLS instances using the lt-interface or physical loopback, if an IRB interface is used, then IRB ifl mac has to be configured. PR1363935

  • In EVPN scenarios, rpd might crash and generate a core file due to a memory allocation problem. PR1369705

  • When EVPN is configured with class-of-service-based forwarding (CBF), traffic might be lost for the CBF services. PR1374211

Forwarding and Sampling

  • Heap memory leaks occur on DPC when the flow specification route is changed. PR1305977

  • On Junos Fusion, ingress policing on SD is broken set interfaces layer2-policer input-policer <policer-name> is not supported. PR1395217

General Routing

  • When performing a Routing Engine switchover without the support of nonstop active routing, the L2CPD process (L2 Control Protocol Daemon) might occasionally report a slip in its scheduled run of a few seconds (1 to 10) and a log message will be printed similar to the following: Aug 1 10:41:21 mx9601 l2cpd[32770]: JTASK_SCHED_SLIP: 8 sec scheduler slip, user: 0 sec 2180 usec, system: 0 sec, 2188 usec. This delayed run has neither functional nor operational effect on any Layer 2 protocols controlled by L2CPD, because STP task delegates, transmits, or receives BPDUs to a separate dedicated PPMD daemon. Also, LLDP task's transmit or receive PDUs are dealt from the daemon itself but the advertisement-interval is 30 seconds. Because the hold-timer for neighbors LLDPPDU is 120 seconds, so there is plenty of time to recover. PR1203977

  • Various common situations lead to different views of forwarding information between kernel and Packet Forwarding Engines. For example: fpc7 KERNEL/PFE APP=NH OUT OF SYNC: error code 3 REASON: Next hop add received for an logical interface that does not exist ERROR-SPECIFIC INFO: nh_id=562 , type = Hold, logical interface index 334 does not exist TYPE-SPECIFIC INFO: none. As such, so far we have not seen any service impact in MPC2 and MPC3 type cards. PR1205593

  • This is a rare race condition of multiple interrupts not being handled properly on MX Series platforms, with MPC7E, MPC8E, MPC9E and PTX Series platforms with FPC3-PTX-U2 and FPC3-PTX-U3, which could lead to generating a core file. It is difficult to reproduce. The interrupt code is optimized to avoid the unnecessary call to prevent the issue. PR1208536

  • Packet forwarding traffic might be permanently impacted due to transient memory parity error at the Egress Port Manager (EPM) port group. Operational impact will be verified and an alarm will be raised with the syslog message READ/WRITE pointers in free pool FIFO stalled. PR1220019

  • In a BGP or MPLS scenario, if the next hop type of label route is indirect, then the following changing events about the next hop interface MPLS family might cause the route to be in DEAD state, and the route will remain dead even when the family MPLS is again activated. The following events occur: Deactivating and activating the interface family mpls. Deleting and adding back the interface family mpls. Changing maximum labels for the interface Note: When a labelled route is resolved over an interface, that interface must have family mpls configured for the route to be successfully resolved. Otherwise, the route does not get resolved. PR1242589

    PDT team noticing this issue while testing the 17.4R1-S3.3 image while testing the CUC-1422. Error message: Jun 16 08:17:17 banaswadi rpd[51849]: Error creating dynamic logical interface from sub-unit 1051592: Device busy Jun 16 08:17:17 banaswadi rpd[51849]: Error creating dynamic logical interface from sub-unit 1051593: Device busy error message: rpd[51849]: Error creating dynamic logical interface from sub-unit 1051680: Device busy. PR1286042

  • It is not possible to collect shmlog entries and statistics on MX5, MX10, and MX40 platforms. The code changes also include improvements that should prevent shmlogctl process core files from being generated due to a timing issue. PR1297818

  • The show dynamic-tunnels database summary command would not show an accurate tunnels summary during the time the anchor Packet Forwarding Engine line card was not in up state. As a workaround, use the following commands: show dynamic-tunnels database and show dynamic-tunnels database terse. PR1314763

  • This issue occurs in an Oracle use case. Oracle does not use chain-composite. This statement does not bring in a lot of gain, because TCNH is based on ingress rewrite premise. Without this statement, things work fine. PR1318984

  • In JDM, (running on secondary server) jdmd process might create core files if GNF add-image is aborted by pressing Ctrl+c. PR1321803

  • With regard to FPC restarts/Virtual Chassis splits, the design of MX Series Virtual Chassis infra relies on the integrity of the TCP connections. Hence, reactions to failure situations might not be handled in a graceful way; for example: TCP connection timeout because of jlock hog crossing boundary value (5 seconds), causing bad consequences in MX Series Virtual Chassis. Since we're not planning to implement the only possible solution, it seems that we should delete the entire discussion. However, if I am not understanding correctly, please reinstate and revise text as needed. PR1332765

  • The output of the CLI command show class-of-service fabric statistics now includes traffic that was dropped because of internal errors in the drop counts. PR1338647

  • First packet pertaining to J-Flow Packet Forwarding Engine sensor in UDP mode is missing after line card reboot on PORTER-R platform. PR1344755

  • In some cases, OIR (removal followed by reinsertion) of a MIC on a FPC can lead to traffic destined to the FPC being silently dropped or discarded. The only way to recover from this is to restart the FPC. The issue will not be seen if you use the corresponding CLI commands to turn the MIC offline and then back online. PR1350103

  • During stress conditions, error log messages regarding route add, change, and delete might be incorrect. PR1350713

  • VRRP MAC filter will not be seen in Packet Forwarding Engine if interfaces flap followed by GRES occurs, before VRRP state settles down after flap. During this time, VRRP states are backup in the master Routing Engine and idle in the backup Routing Engine. PR1353583

  • Junos OS branch Releases 17.4, 18.1, and 18.2 are incompatible with branch Releases 18.3 and 18.4. Appropriate warnings are not thrown during image installation. PR1353773

  • If an aggregated Ethernet interface is configured as link-protection backup-state down, aggregated Ethernet operational state is still up even though the member interfaces configured under the aggregated Ethernet are down. This issue is specific to aggregated Ethernet link-protection backup-state down configuration. PR1354686

  • In configurations of bridging routing instances with aggregated Ethernet logical interfaces (6400) and IRB instances, all from a single FPC, the CPU utilization of the FPC stays at 100 percent for 4 minutes. The behavior from PFEMAN of FPC has the processing time spiked on IF IPCs, and this seems to be the case of MPC7E starting in Junos OS Release 16.1R1 (or earlier). After 4 minutes, the CPU utilization comes down and the FPC is normal. Therefore, this scale configuration on MPC7E takes a settling time of 4+ minutes. PR1359286

  • When a peer is being established and needs to catch up with other peers that have received many more updates, the merge code will verify that the routes are to be announced. If none of the prefixes are to be announced before the peer has processed its fair share of entries, you will start from the beginning again. This issue is more likely in situations in which there is zero route churn. PR1361550

  • Syslog is updated when the user tries to configure xpn cipher over a non-xpn-supported platform such as MIC-MACsec-20G even though the commit goes through. PR1367722

  • It is possible for a GNF with rosen6 multicast to display stuck krt queue entries after recovery from a dual Routing Engine reboot at the BSYS. PR1367849

  • After FPC reboot with a baseline configuration of 10G speed, if PIC mode for a new speed is changed just after PICs come online when all physical interfaces are not yet created, then a port-down issue can be seen randomly. While old-speed physical interfaces detach and new-speed interfaces attach, one of the PCS lanes for the physical interfaces stays in reset mode, causing the port to stay down. As a workaround, after FPC reboot with baseline configuration, we recommended that you to wait for 2 to 5 minutes after all PICs are online for port states to be stable before doing any port speed changes. There is no impact if FPC reboots with new speed configurations already applied. PR1368687

  • When FPC is booting up (either during unified ISSU or router reboot or FPC restart), i2c timeout errors can be noticed. These errors occur the i2c action could not be completed, because the device was busy. Once the card is up, all the i2c transactions to the device are ok, so no periodic failure is observed. There is no functional impact and these errors can be ignored. PR1369382

  • No reference to the power zone information for the PEM is exported in Junos Telemetry Interface streaming. PR1372374

  • When the MIC-MACSsec-20G is in offline state after FAKE-KATS initiation, the MIC has to be brought up by issuing chassisd restart. Attempting to online the MIC through CLI could cause the MIC to go to a hardware error state. PR1374532

  • I/O session used for communicating between threads is freed due to FSM state transition. After freeing the memory, the fields of the I/O session are used for tracing, causing rpd to generate a core file. PR1374759

  • If any log message continue, to pop in the MPC console, this indicates the presence of a faulty SFP or SFP+ transceiver which is causing an I2C transaction from the main board CPU. There is no software recovery available to recover from this situation. These logs also indicate potential I2C transaction failure with any of the 10 ports available with GMIC2 in PIC 0, resulting in unexpected behaviors such as links not coming up or the MIC itself not booting up on restart. I2C Failed device: group 0xa0 address 0x70 Failed to enable PCA9548(0x70):grp(0xa0)->channel(0) mic_sfp_select_link:MIC(0/0) - Failed to enable PCA9548 channel, PCA9548 unit:0, channel ID: 0, SFP link: 0 mic_sfp_id_read: Failed to select link 0. The only way to recover from this type of failure is to detect and replace faulty SFP or SFP+ transceivers plugged into the GMIC2 ports. PR1375674

  • When an MX Series router functioning as a BNG acts as DHCP relay and the destination DHCP server is reachable through Abstract Fabric interfaces, the packets received by the DHCP server on AF interfaces were dropped because the Junos OS DHCP daemon (jdhcpd) was not AFI aware. AF interface awareness should be added to jdhcpd so that received DHCP packets are handled correctly. PR1377358

  • Proper values for one leaf should be provided. For example, instead of displaying values of 1 or 0, the following strings should be displayed: PRIVATE_AS_REPLACE_ALL { if 1 } PRIVATE_AS_REMOVE_ALL { if 0 } PR1378159

  • On MX Series platforms, constant memory leak might occur on a Flexible PIC Concentrator (FPC). This condition might lead to memory exhaustion and the FPC would create core files. PR1381527

  • In rare situations at heavy traffic loads, input frame check sequence counter might get incremented. PR1383009

  • J-Insight process requires all the sensors under /components/component/, which are provided by the chassis-control process. In Junos OS Release 18.4R1, J-Insight subscription to /components/component/ Junos Telemetry Interface sensors is enabled by default. This sensor subscription requires the chassis-control process to stream all the chassis component sensors periodically at 5-second intervals. This periodic streaming of sensors causes additional CPU utilization for the chassis-control process at idle state. This increased CPU utilization will not impact system performance. The impact is equal to when an external subscriber subscribes to components/component/ sensors. PR1383335

  • Commit should not be allowed if you are trying to delete the physical-cores command. However, there is no functional impact of this. PR1384014

  • Rpd could generate core files in a rare race condition when NSR + GRES is configured and switchover is performed along with configuration changes being committed. PR1385005

  • On vMX system with large number of interfaces configured, the vFPC CPU utilization might go very high periodically due to interface statistics collection running repeatedly. PR1385853

  • This issue is seen only after backup CB removal/insertion operation. Backup CB normal reboot does not show the same issue. After insertion of backup CB, the temperature sensor status bit for the CB is not getting updated. Hence, the status always shows up as 'Testing'. {master} user@router> show chassis environment |find CB CB 0 IntakeA-Zone0 OK 27 degrees C / 80 degrees F CB 0 IntakeB-Zone1 OK 31 degrees C / 87 degrees F CB 0 IntakeC-Zone0 OK 32 degrees C / 89 degrees F CB 0 ExhaustA-Zone0 OK 29 degrees C / 84 degrees F CB 0 ExhaustB-Zone1 OK 30 degrees C / 86 degrees F CB 0 TCBC-Zone0 OK 38 degrees C / 100 degrees F CB 1 Testing <<<<<<<<< SPMB 0 Intake OK 31 degrees C / 87 degrees F SPMB 1 Intake OK 32 degrees C / 89 degrees F Routing Engine 0 OK 35 degrees C / 95 degrees F Routing Engine 0 CPU OK 33 degrees C / 91 degrees F Routing Engine 1 OK 35 degrees C / 95 degrees F Routing Engine 1 CPU OK 33 degrees C / 91 degrees F . PR1387130

  • During Zero Touch Provisioning (ZTP) process, the default route is being cleaned up by code. As a result, if a static default route is configured in the initial configuration (configuration file downloaded from the file server for ZTP), the route will fail to work. This might lead to ZTP failure or a device access issue after ZTP. PR1387724

  • In cases of PS over rlt at high scale, removing and adding back a CoS configuration can cause the FPC to enter a hard error state. PR1388487

  • On MX2020, MX2010, and MX2008 platforms with SFB2 cards installed, if a newer generation of MPC (for example: MPC type 3, 4, 5, 6, 7, 8, or 9) is installed into a slot that had MPC 3D 16x10GE, (MPC type 1 or MPC type 2) previously installed, the available fabric bandwidth to the new MPC card would be rate-limited due to residual programming on the fabric planes. Traffic impact is observed during peak utilization. PR1388780

  • vMX virtIO throughout stays the same between multi-queue and single-queue (vRouter-DPDK). Single queue performance is much higher compared to the previous version of single-queue DPDK support on MX86. PR1389338

  • With inline BFD configured on MX Series or QFX10000 line platforms, BFD sessions might reset continuously. PR1389569

  • On MX Series platforms, after GRES switchover, if a chassis has bent-pin or failed Field Programmable Gate Array (FPGA) on the new CB has a specific hardware failure and fails to detect FPC presence properly, the chassisd might keep crashing. PR1393884

  • MPC7, MPC8, MPC9 cards have a local disk which they keep a copy of the software image. The cards boot from the disk when an image is there, and boot from the chassis network (through BOOTP) when an image is not there. Presumably, new MPC7, MPC8, MPC9 cards do not have an image on the disk and would require a network boot. On single chassis, there is no problem. But on MX-VC, the network boot does not work. PR1396268

  • If GRES/NSR is enabled on a MX Series (single Routing Engine), DHCP subscribers are failing to bind. PR1396470

  • Interface link is staying down when we deactivate or activate the channelized XE interface configured with speed 1G (when using QSA adaptor) on MX10008/MX10016 (JNP10000-LC2101 MPC) with Line rate traffic flowing. As a workaround, we need to offline or online the PIC to recover the link, this is the known issue. We are working with hardware engineering team to address the issue in 18.4R2. PR1397202

  • Interface link is staying down when we deactivate/activate the channelized XE interface configured with speed 1G (when using QSA adaptor) on MX10008/MX10016 (JNP10000-LC2101 MPC) with Line rate traffic flowing. Workaround : we need to offline or online the PIC to recover the link, this is the known issue. we are working with hardware engineering team to address the issue in 18.4R2. PR1397202

  • The $junos-framed-route-ipv6-address-prefix variable for programming IPv6 routes is only permitted under the routing-options->rib->access stanza. PR 1384523 changed the code to avoid the incorrect mixing of V4 and V6 framed routes in the same stanza and force the V6 framed routes to only be parsed if they were in their correct routing-options->rib->access stanza. Additionally, runtime warnings for invalid configuration V6 framed routes configuration were added in PR 1388737. PR1401144

  • There is a chance that some subscribers may not have IPTV post GRES. This condition will be seen if subscribers are logged in before the system has initialized fully or if dynamic profiles are changed with subscriber activity. PR1402342

  • With the initiation of image installation on Base System of a setup with node slicing enabled, session gets terminated unexpectedly. PR1402643

  • Issuing the CLI show command show services soft-gre tunnel and then changing configuration of the router can make smg-service unresponsive, for example: user@router> show system subscriber-management statistics error: timeout communicating with smg-service daemon. PR1403480

  • 1G configuration mode is not an ISSU supported configuration on MX 3RU router. If that configuration is present on the MX 3RU box, then the customer has to remove the same before attempting ISSU. Otherwise the 1G configurations will not behave as expected post ISSU and traffic loss can be expected. Currently there is no warning or error message alerting the customer on the same. This is applicable to MX 3RU platform only. PR1405527

  • In case of multihome (ESI) scenario, if IPV6 NS packet is flooded by peer leaf device over VTEP, when it comes to QFX5000 device, it will be flooded back to access ESI host also which is not expected. Because of this if there is Layer 2 switch before host, there might be loop happening. Work around is to disable arp-suppression. PR1405814

Infrastructure

  • Junos OS can hang trying to acquire the SMP IPI lock while rebooting when it is running as a VM on Linux and QEMU hypervisor. PR1359339

Interfaces and Chassis

  • Upgrading Junos OS Release 14.2R5 and later maintenance releases and Junos OS Release 16.1 and later mainline releases with CFM configuration might cause cfmd crash after upgrade. This is because of the old version of /var/db/cfm.db. PR1281073

  • The error message ppman_cfm_start_inline_adj: Failed to add Inline adj for CFM, pkt-len=0 will be observed in some cases. But there is no functional impact. Sessions or adjacency would get programmed inline subsequently. PR1358236

  • Lfm sessions toward scaled peers might flap during ISSU switchover phase. PR1377761

Layer 2 Ethernet Services

  • On an MX Series platform with MPCs and DPC/DPCE line cards in the same system, if the system is configured with bridging features, the DPC/DPCE line cards might restart unexpectedly even though they are not configured for bridging features. PR1372506

  • On MX Series platforms, if static demux interface over underlying is configured, after subscriber logout, the accounting statistics are not cleared. PR1383265

Layer 2 Features

  • Traffic from IRB interface toward LSI interface gets dropped with adaptive or per-packet load balancing on aggregated Ethernet interface. PR1381580

  • If a LDP-VPLS routing instance is configured with active and backup neighbors, and flow label capability is enabled on the active neighbor but not on the backup neighbor, upon switching to the PW to backup neighbor, Junos OS on the VPLS PE device will continue to send traffic with the flow label based on the capability learned from the previously active neighbor. PR1393447

MPLS

  • With nonstop active routing (NSR), when the rpd restarts on the master Routing Engine, the rpd on the backup Routing Engine might restart. PR1282369

  • In case of CSPF-disabled LSPs, if the primary path ERO is changed to an unreachable strict hop, sometimes the primary path stays up with the old ERO. The LSP does not switch to standby secondary. PR1284138

  • Traceroute MPLS from Juniper to Huawei routers does not work as expected due to unsupported TLV. PR1363641

Network Management and Monitoring

  • Need to update the address of the Juniper Networks Inc. in the SNMP MIB CONTACT-INFO entry - "{ snmpModules 1 }". PR1336291

  • The snmpd daemon leaks memory in snmpv3 query path and crashes. The issue is caused by a memory leak when the request PDU is dropped by SNMP when configuration snmp filter-duplicates is enabled. Each request PDU has a structure pointer for the SNMPv3 security details. This is allocated when the PDU is created or cloned. But while dropping the duplicate requests the structure is not freed; this causes the memory leak. PR1392616

Platform and Infrastructure

  • An accuracy issue occurs with three-color policers of both type single rate and two rate in which the policer rate and burst-size combination of the policer accuracy vary. This issue is present starting in Junos OS Release 11.4 on all platforms that use MX Series ASIC. PR1307882

  • This is a minor enhancement to add a UI to copy files from Junos VM to Host Linux. PR1341550

  • There is no support of interface range for channelized interfaces on EX9253. The user has to configure interfaces individually. PR1350635

  • MGD memory usage is shown as increased by about 450 MB when the DT CST test runs over the weekend (greater than 72 hours). PR1352504

  • When allow-configuration-regexps/deny-configuration-regexps is configured, syslog messages with level information are displayed to indicate whether set system regex-additive-logic is configured or not. Behavior for allow-configuration-regexps/deny-configuration-regexps will be different when regex-additive-logic is configured and when it is not configured. These messages are only informational messages and there is no functional issue due to this. Because these messages are for debugging purposes only and not useful for the end user, these messages will no longer be displayed in syslog for level information. PR1369546

  • On MX Series platforms with DPC and MPC installed, due to incorrect MLP message (which is used to notify MAC address among different FPCs) sent from MPC to DPC, MAC learning procedure might get stuck in a certain scenario, resulting in MAC remaining unresolved on the Packet Forwarding Engine and MAC missing from the MAC table. PR1383233

  • AAA with RADIUS authentication is not working for the IPv6 family when using management instance [mgmt_junos] set system radius-server <IPv6 Server> routing-instance mgmt_junos system management-instance. PR1391160

  • In some cases PS interfaces over RLT might be shown as up but be passing traffic. Log messages reporting an ASIC error and a chassis alarm reporting hard FPC errors might also be seen. PR1400269

Routing Protocols

  • In rare cases, rpd might generate a core file with error rt_notbest_sanity: Path selection failure on ... The core is soft, which means there should be no impact to traffic or routing protocols. PR946415

  • JTASK_SCHED_SLIP for rpd might be seen on doing restart routing or OSPF protocol disable with scaled BGP routes in the MX104 router. PR1203979

  • LDP and OSPF are 'in sync' state and the reason observed for this is "IGP interface down" with ldp-synchronization enabled for OSPF; user@host> show ospf interface ae100.0 extensive Interface State Area DR ID BDR ID Nbrs ae100.0 PtToPt 0.0.0.0 0.0.0.0 0.0.0.0 1 Type: P2P, Address: 10.0.60.93, Mask: 255.255.255.252, MTU: 9100, Cost: 1050 Adj count: 1 Hello: 10, Dead: 40, ReXmit: 2, Not Stub Auth type: MD5, Active key ID: 1, Start time: 1970 Jan 1 00:00:00 UTC Protection type: None Topology default (ID 0) -> Cost: 1050 LDP sync state: in sync, for: 00:04:03, reason: IGP interface down config holdtime: infinity. According to the current analysis, "IGP interface down" is observed as the reason because although LDP notified OSPF that LDP synchronization was achieved, OSPF was not able to take note of the LDP synchronization notification, because the OSPF neighbor was not up yet. The issue is under investigation. PR1256434

  • In IS-IS and IPv6 scenario, rpd might crash when the neighbor router restarted and caused routes churn. PR1312325

  • The rpd might crash and generate a core file if the distributed Internet Group Management Protocol (IGMP) is configured. PR1314679

  • On a dual Routing Engine system with Graceful Routing Engine Switchover (GRES) and graceful-restart enabled, if Bidirectional Forwarding Detection (BFD) with the hold-down-interval option is enabled on an external BGP peer, this BGP peer might stay at idle state after a Routing Engine switchover. PR1324475

  • When 32,000 SRTE policies are configured at once, during configuration time there might be scheduler slips. PR1339829

  • There are scenarios in which the application allocates and caches next-hop templates. This causes the next-hop template cache to grow continuously. But when the application clears the local cache, then memory is freed to the next-hop template cache. However, the next-hop template cache does not have code to shrink the cache and free the memory back. So the next-hop template memory is trapped in the cache and cannot be used for other purposes. But if the same BGP routes and next hops come up again, they will reuse the templates from the cache and not consume additional memory. PR1346984

  • Starting in Junos OS Release 16.1, show bgp neighbor does not show the correct "Last traffic (seconds)" correctly anymore. PR1361899

  • On devices running Junos OS platform, when OpenConfig is running with sensor for "/network-instances/network-instance/protocols/protocol/BGP", changing the BGP import or export policy might cause rpd to crash. PR1366696

  • In configurations with MPLS inter-AS link-node protection with labeled-bgp, it is possible to encounter a situation where next hop references are not properly decremented, thus causing the system to hold onto next hops when they should be freed. This leads to a memory hog situation which eventually results in a core file. PR1366823

  • In as LDP network with gradual deployment of segment routing (LDP mapping server feature), the rpd process might crash after executing commit the configuration related to mapping-server-entry prefix-segments/prefix-segment-ranges with the maximum number of entries exceeded (16 for Junos OS Release 17.4 and 64 for Junos OS Release 17.4R2 and later). PR1379558

  • In 18.4R1, RIB learning rate has degraded from anywhere between 10-18 percent on different platforms. For PTX10000, it seems to be 18 percent, whereas for MX it is less than 10 percent. The RC analysis is not completed and it is risky to include it in 18.4R1. Suggest full analysis and fix in 18.4R2. We will also improve measurements to isolate any peer bring up effects so that those are not considered to improve accuracy of comparisons. PR1383371

  • At scale, a gnf with ps over rlt and multiple MPCs might show bfd flap at recovery. PR1386574

  • Rpd might crash when an IPv6 prefix with and IPv4 next hop exists. PR1390428

  • With GRES and NSR enabled, if executing switchover, all the BGP sessions might flap. PR1391084

  • During some BGP flap scenarios or when deactivating or activating BFP, the rpd generates a core file at rt_nh_resolve_delete after neighbors flap or activate BGP. The issue happens during a inet6.0 route withdrawal being received in an update and the subsequent delete of the route with an invalid next hop, causing the assert. PR1391568

  • An rpd process might restart with core files when processing a non-BGP route with AS PATH information with the following signature in its core file: rt_notbest_sanity: Path selection failure on <prefix>, 0x98aed50 recovering.... PR1391767

  • In a rare case, ppmd on the backup Routing Engine might stay with CPU usage after a Routing Engine master switch event. There is no impact on service. PR1392704

  • It is possible that in certain scenarios when using legacy-redirect-ip-action the existing BGP routes advertised might not be refreshed. Because of this, the routes might still contain communities not aligned with the configured legacy-redirect-ip-action option. As a workaround to clear routes, execute the following command in the router that is originating the flow-spec router: clear bgp neighbor all soft. PR1396787

  • Customers that replace simple VLAN interfaces with PS over rlt might notice an increase in fpc cpu usage. This is in keeping with the increased processing and resources needed to support these types of interfaces which are similar in this regard to that of an aggregated Ethernet interface. PR1396925

  • Rpd provides a mechanism to validate that route selection has successfully been done. When errors in route selection are detected, a soft core is dropped. Rpd remains running, and a single core file is dropped. It is rate-limited to not do this frequently. When running L2VPN, BGP MED selection might be inappropriately run on the routes. As a result, the route selection sanity code will notice an unexpected result and leave a soft core. PR1398685

  • On all Junos platforms which support BGP, if BGP add-path send is configured and Nonstop-active-routing (NSR) is enabled, the rpd might potentially crash. PR1401948

Software Installation and Upgrade

  • If the device is booted into single-user mode (recovery mode), and any change in configuration is made, (such as setting the root password) then the commit will fail. PR1368986

Subscriber Access Management

  • Address pool does not correctly cycle to the beginning of pool when linked-pool-aggregation parameter is defined. Address pool reports "Out of Addresses" even though not all addresses are in use. > show network-access aaa statistics address-assignment pool <name>. PR1374295

  • Adding a firewall filter through the test aaa command causes a crash in dfwd. PR1402051

  • JSRC provisioned service used Radius Service accounting protocol instead of JSRC for SRC installed service. PR1403835

User Interface and Configuration

  • The max-db-size configuration does not work on MX5, MX10, MX40, MX80, and MX104. PR1363048

  • Test configuration /config/rescue.conf.gz fails the commit check for the dynamic profile when the subscriber is active. PR1376689

VPN

  • The multicast VPN MIB was not being properly compiled into the Juniper MIB package bundle. Mib-jnx-mvpn.txt needs to be included as part of the Juniper Enterprise MIB set. PR1394946

Resolved Issues

This section lists the issues fixed in the Junos OS 18.4R1 Release for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Application Layer Gateways (ALGs)

  • DNS requests with EDNS options might be dropped by DNS ALG. PR1379433

Authentication and Access Control

  • MAC move might occur in DHCP security scenario. PR1369785

  • IPv4 or IPv6 DHCP-security client entries will be recorded on trusted ports as well. PR1390676

Class of Service (CoS)

  • The 802.1P rewrite might not work on inner VLAN. PR1375189

  • FPC card might reboot when changing CoS mode from hierarchical-scheduler to per-unit-scheduler. PR1387987

EVPN

  • EVPN/VXLAN: MAC entry is incorrectly programmed in the Packet Forwarding Engine, leading to some traffic being silently dropped or discarded. PR1231402

  • MPLS label leak leads to label exhaustion and rpd process crash. PR1333944

  • The l2ald memory might cross the threshold in an EVPN scenario. PR1368492

  • Proxy ARP might not work as expected in an EVPN environment. PR1368911

  • EVPN active or active multi homed PE device occasionally prefers to route to a directly connected prefix using LSPs toward the multi homed peer instead of going directly out the IRB interface (which is up). PR1376784

  • The RA packets might be sent out without using the configured virtual gateway address. PR1384574

Forwarding and Sampling

  • Junos OS allows firewall filters with the same name under [edit firewall] and [edit firewall family inet] hierarchy levels. PR1344506

  • L2ald crashes when trying to adjust mac-table-size configuration. PR1383665

  • The filter counter is not written to the accounting file when accounting is enabled on the bridge firewall filter. PR1392550

General Routing

  • TACACS access does not work after upgrade. PR1220671

  • Routing Engine and Packet Forwarding Engine out-of-sync errors are seen in syslog. PR1232178

  • The mspmand process might generate a core file in rare conditions due to a high rate of TCP traffic. PR1253862

  • The wrong TBB Packet Forwarding Engine component's temperature might be reported on MX80. PR1259379

  • On MX Series routers, the show chassis led command should not be displayed in possible completions of the show chassis command. PR1268848

  • Flexible PIC concentrator (FPC) crash/reboot is observed when bringing up about 12,000 Layer 2 Bit Stream Access (L2BSA) subscribers simultaneously. PR1273353

  • Error messages might be seen if flapping the aggregated Ethernet interface hosted on MPC-3D-16XGE card. PR1279607

  • Migrate from syslog API to Errmsg API;/src/junos/usr.sbin/mobiled. PR1284625

  • Migrate from syslog API to Errmsg API;/src/junos/usr.sbin/mspmand. PR1284643

  • Migrate from syslog API to Errmsg API;/src/junos/usr.sbin/mspsmd. PR1284654

  • PPPoE canot dial in due to all PADI dropped as "unknown iif" when the aggregated Ethernet configuration is deactivated or activated. PR1291515

  • Wrong packet statistics are reported in ifHCInUcastPkts OID. PR1306656

  • In a few cases it was seen that RS are all up but virtual service is down. This was seen mainly in configuration load overriride conditions. PR1313009

  • Migrate from syslog API to Errmsg API - /src/junos/usr.sbin/subinfo. PR1327262

  • Migrate from syslog API to Errmsg API - /src/junos/usr.sbin/aaad. PR1327266

  • Migrate from syslog API to Errmsg API - /src/junos/usr.sbin/smihelperd. PR1327271

  • Tc_count counters in filter with the scale-optimized command are not incrementing. PR1334580

  • With certificate hierarchy, where intermediate CA profiles are not present on the device, in some corner cases, the PKI daemon can become busy and stop responding. PR1336733

  • AI-script does not get automatically upgraded unless it is manually done after a Junos OS upgrade. PR1337028

  • Routing Engine does not have MAC map for MAC type 7. PR1345637

  • Additional show commands are called when the request support information command is issued. PR1346129

  • The rpd might crash when the dynamic-tunnels next-hop resolving migrates to a more specific IGP route. PR1348027

  • Routing Engine mastership keepalive timer is not updated after the GRES configuration is removed. PR1349049

  • The MPC might crash when the MIC is removed. PR1350098

  • Migrate from syslog API to Errmsg API - /bbe-svcs/smd/plugins/cos/. PR1353179

  • Some of the inline service interfaces cannot send out packets with the default bandwidth value (100 Gbps). PR1355168

  • Chassis alarm is not reflecting the correct state when INP0 and INP1 have AC voltage out-of-range. PR1355803

  • The mpls-ipv4 template does not have correct src AS and dst AS as 4294967295 src Mask and DstMask as 0 after adding the mpls-flow table size on the fly. PR1356118

  • Link stays up unexpectedly on MX204 with copper cable removed. PR1356507

  • MPC/FPC might be unable to reply request messages to the Routing Engine in a high subscriber scale scenario. PR1358405

  • show chassis ethernet-switch on PTX10000. PR1358853

  • The show chassis fpc command output might show "Bad Voltage" for FPC powered off by configuration or CLI command after the command show chassis environment fpc is executed. PR1358874

  • Bbe-smgd restarts unexpectedly while performing graceful Routing Engine switchover (GRES). PR1359290

  • PluginExit() function is never called. PR1359610

  • FPC core file might be observed after GRES switchover. PR1361015

  • IP over VPLS traffic is affected by EXP rewrite rule on the core-facing MPLS interface. PR1361429

  • The MX Series router functioning as a BNG does not generate ESMC/SSM Quality Level failed snmp trap. PR1361430

  • Migrate from syslog API to Errmsg API;usp/usr.sbin/nsd/common/nsd_tpm.c. PR1361986

  • Spontaneous bbe-smgd core file might be seen on the backup Routing Engine. PR1362188

  • The MS-MPC might reset continuously on MX Series platforms. PR1362271

  • M/Mx: Traffic loss of 1 percent is seen during GRES phase of unified ISSU from 17.3-20180527.0 to17.3-20180527.0. PR1362324

  • Executing show route prefix proto ip detail during route churm in a route scale scenario might lead to FPC crash. PR1362578

  • The inline-J-Flow sampling configuration might cause FPC crash on MX Series platforms. PR1362887

  • MX-VC: Request to record VCCP heartbeat state change in syslog by default. PR1363565

  • xmlproxyd for internal interfaces is reporting uint32 instead of uint64. PR1363766

  • The multicast route update might get stuck in KRT queue and the rpd might crash if rpd and kernel go out of sync. PR1363803

  • FPM board is missing in SNMP MIB walk. PR1364246

  • A traffic loop might occur even though that port is blocked by RSTP in a ring topology. PR1364406

  • The kernel might crash after repeatedly deactivating/activating interfaces/filter/class-of-services configurations due to accessing stale memory entry. PR1364477

  • Configuration commit might be delayed by 30 seconds. PR1364621

  • AF's operational state moves to down state in a node virtualized environment where GNFs are connected through AF interface. PR1364921

  • The traffic is still forwarded through the member link of an aggregated Ethernet bundle interface even with "Link-Layer-Down" flag set. PR1365263

  • Default adapter type changed from E1000 to VMXNET3. PR1365337

  • Traffic drops seen if training failure is seen on a line card for three of more planes. PR1365668

  • MPC7E: ukern crash and FPC reboot with vty command show agent sensors verbose. PR1366249

  • MS-MPC/MS-PIC might crash in NAT scenario. PR1366259

  • MX150: Upgrade to Junos OS Release 18.1R1.9 fails. Installing package nfx-2-routing-data-plane-1.0-0.x86_64 needs 76 MB on the file system. PR1366324

  • Migrate from syslog API to Errmsg API - junos/lib/liboiu-ffp/. PR1366546

  • The next hop of MPLS path might be stuck in hold state, which could cause traffic loss. PR1366562

  • Snmp MIB walk for UDP flood gives different output statistics than CLI. PR1366768

  • Syslog errors seen LOG : Err] Failed to allocate 2 jnh-dwords for encap-ptr(ether-da)!,LOG: Err] gen_encap_common: jnh-alloc failed! 8. PR1366811

  • Offline of the fabric links of Packet Forwarding Engine 4 and Packet Forwarding Engine 5 is not supported. PR1367412

  • The bbe-smgd process might crash during the authentication phase for L2BSA subscriber. PR1367472

  • The show system resource-monitor fpc output might show a non existing Packet Forwarding Engine. PR1367534

  • RTG interface status might be shown as incorrect status with show interface. PR1368006

  • Multiple provisioning and deprovisioning cycles cause rdmd memory leak. PR1368275

  • JSA10893: 2018-10 Security Bulletin: MX Series: In BBE configurations, receipt of a crafted IPv6 exception packet causes a denial of service (CVE-2018-0058). PR1368599

  • RPD API rt_nexthops_extract_gateway_convert_unnumbered_gf_dli() rectification. PR1368855

  • The commit or commit check might fail due to the error of not having lsp-cleanup-timer without lsp-provisioning. PR1368992

  • SNMP MIB walk causes KMD errors. PR1369938

  • L2TP subscriber firewall filter might not be removed from the Packet Forwarding Engine when routing services are enabled in the dynamic profile. PR1369968

  • Kernel crash might be seen after committing demux-related configuration. PR1370015

  • The rpd might crash after Routing Engine switchover is performed or the rpd is restarted if interface-based dynamic GRE tunnel is configured. PR1370174

  • Packet that exceed 8000 bytes might be dropped by MS-MPC in ALG scenario. PR1370582

  • GMIC2 : SFP-1FE-FX optics does not come up on GMIC. PR1370962

  • All the MX150 devices running VRRP on a LAN are stuck in master state. PR1371838

  • BBE SMGD generates a core file on FPC restart. PR1371926

  • FPC high CPU utilization or crashes occur during hot-banking condition. PR1372193

  • SMGD generates a core file after essmd restart with reference to mmf_ensure_mapped (mmf=0xe8f0200, offset=4294967295, len=108) at ../src/junos/lib/libmmf/mmf.c:1972. PR1372223

  • Need a way to verify the session IDs above the 32-bit limit to check if this is working. PR1385237

  • With very high scale l3vpn, traffic is dropped when egressing on an AF interface. PR1372310

  • Image installation on SD fails with error Unable to read reply from software add command to re1; error 1. PR1372877

  • The Routing Engine might crash after non-GRES switchover. PR1373079

  • Core in ifinfo at pif_af_fe_info pif_af_ifd when displaying af interface information. PR1373436

  • AOC Type Optics fail to initialize on MACsec TIC startup. PR1373572

  • EDVT-GI-MIC2 : Interfaces do not come up for bidirection module SFP-100BASE-BX10-U and SFP-100BASE-BX10-D. PR1373795

  • BOOTP packets might be dropped if BOOTP-support is not enabled at the global level. PR1373807

  • LDP convergence delay might be seen after IGP metric change with bgp-igp-both-ribs command configured. PR1373855

  • There is a vMX QoS performance issue in the Junos OS Release 18.3. PR1373999

  • Cosmetic log warning: [---] is protected, 'protocols ---' cannot be deleted is seen after commit using configure private in a configuration with "protect" flag present. PR1374244

  • FPC might be unable to work properly if one child interface is removed from an aggregated Ethernet bundle in a dynamic VLAN subscriber scenario. PR1374478

  • Bbe-smgd generates a core file continously while deleting multicast group node from the tree. PR1374530

  • PCE-initiated LSPs remain Control status became local after removing PCE configuration. PR1374596

  • A few L2BSA subscriber logical interfaces are left behind in SMD infrastructure and kernel after logout. PR1375070

  • SFB and PDM/PSU related information is missing in jnxBoxAnatomy MIB on high-end MX Series routers (MX2010/2020). PR1375242

  • The bbe-smgd core file might be seen after doing GRES. PR1376045

  • Interface optic output power is not zero when the port has been disabled. PR1376574

  • CI: Not generating Power Supply failed trap. PR1376612

  • Disabling OAM might cause the Broadband Edge daemon to crash. PR1377090

  • Packets might be dropped on data plane in the inline J-Flow scenario. PR1377500

  • After NAT64 router (with MS-MPC) translates an IPv6 fragment to IPv4 fragment, router is not inserting the right value in identification field of IPv4 header. PR1378818

  • The ICMPv6 packets larger than 1024 might be dropped if icmp-large-packet-check is configured on IDS service. PR1378852

  • Traffic might get silently dropped or discarded when CoS configuration is changed on a PS interface. PR1379530

  • Remove the chassisd alarms for FPCs exceeding 90 percent of power budget and exceeding 100 percent of power budget. PR1380056

  • The software detects SDB STS lock deadlock and breaks the deadlock itself, and system resumes normally processing on its own. PR1380231

  • CE_Customer: DT_BNG: ESSM model: rpd generates a core file during the fifth GRES, with reference to task_kevent_udata_task (ev= <optimized out>) at ../../../../../../src/junos/lib/libjtask/base/platform/bsd/task_io_bsd.c:127. PR1380298

  • Encryption and decryption do not occur, because the Packet Forwarding Engine discards while testing that the group VPN member was established by using the authentication-method preshared key ASCII text. PR1381316

  • Memory leak observed in MS-MPC card. PR1381469

  • Subscribers not able to log in after double GRES, after reboot, or after configuration. PR1382050

  • On Summit MX3ru for Junos OS Release 18.3R1 release ISSU fails if QSA is plugged in. PR1382126

  • The MPC6E might crash while fetching PMC device states. PR1382182

  • Flows are getting exported before the active timeout. PR1382531

  • PFT MX10008 expected inline-ipv4-export-packet-failures is not listed in show services accounting error. PR1382873

  • MAC addresses might disappear, if the interface MTU of EVPN PE device is changed. PR1382966

  • The kmd crashes with a core file after bringing up IPsec connection. PR1384205

  • CoS attachment might be mistakenly removed for DHCPv4 stack when DHCPv6 stack fails to be brought up for single-session dual-stack subscriber. PR1384289

  • MBFD flaps because clksync congest the scheduler for 100ms. PR1384473

  • CE_Customer: DT_BNG: Bbe-smgd generates multiple core files with reference to bbe_mcast_vbf_dist_policy_service_encoder (params= <opyimized out>) at ../src/junos/usr.sbin/bbe-svcs/smd/plugins/mcast/bbe_mcast_policy_config.c:159. PR1384491

  • RPT_REG_SERVICES: The MPLS packets with more than eight labels will not be processed by J-Flow. PR1385790

  • IPsec VPN traffic might fail when passing through MS-MPC of MX Series routers with CGNAT enabled. PR1386011

  • Representation of memory units is changed from gigabytes (GB) to gibibytes (GiB) in the help string under the resource template hierarchy. PR1386516

  • RBU_REGRESSIONS_SERVICES ::IPv4 and IPv6 VIP Routes are not withdrawn after aggregated Ethernet and VLAN with IRB flap. PR1386713

  • RBU_Services_Regressions: SFLOW : Agent ID in show sflow command is displaying lo interface IP instead of fxp0 IP. PR1386890

  • In case a LSP is locally configured without an explicit path ERO, the object remains empty in the PCRpt generated by PCC. PR1386935

  • Uninitialized EDMEM[0x400094] Read (0x6db6db6d6db6db6d) logs are seen with sampling applied to a subscriber with routing-service applied. PR1386948

  • When tracing is enabled, having a lot of trace-flags set could result in an rpd core file due to buffer overflow. PR1387050

  • The pccd might crash when changing delegation-priority. PR1387419

  • The bbe-smgd daemon crashes and generates a core file when two DHCP subscribers with the same framed-route prefix and preference values try to log in. PR1387690

  • Output of the show class-of-service interface command incorrectly shows adjusting application as PPPoE IA tags for DHCP subscribers. PR1387712

  • FPC core file might be seen at sensor_export_time_exceed_limit agent_health_monitor_data_reap when Jinsight is configured. PR1388112

  • Bbe-smgd does not respond to NS from SLAAC client on dynamic VLAN. PR1388595

  • Incorrect values for flow packets/octets fields might be seen in inline J-Flow scenario. PR1389145

  • The bbe-smgd process generates repeated core files and stops running as a result of long-term session database shared memory corruption. PR1388867

  • IGMP group threshold exceed log message prints a wrong demux logical interface. PR1389457

  • MX204 - Excluding speed CLI option under the interface level. PR1389918

  • Class of service adjustment-control-profile configuration for application DHCP tags does not get applied. PR1390101

  • Delay in CLI output with second or more show subscriber <> extensive queries occur when the first session is sitting at -(more)- prompt displaying show subscribers extensive. PR1390762

  • Trailing characters appear in the GNMI get API reply. PR1390967

  • DT_BNG: DFW plug in NACKs DHCPv6/PPPoE requires ESSM subscriber re-login after ISSU. PR1391409

  • The routing-engine-power-off-button-disable command does not work on MX204. PR1391548

  • The bbe-smgd process might crash after committing configuration changes. PR1391562

  • On MX Series routers serving as a DHCP server for dual-stack subscribers, BBE-SMGD process generates a core file. PR1391845

  • On MX2000, fans start spinning at high speed upon inserting previously offlined FPC. PR1393256

  • PFT MX10008: Inline-services enabling the Flex-Flow-Sizing takes more than 12 minutes to move to steady state. PR1397767

  • The show system errors active is not showing the error for MPC3E NG HQoS. PR1398084

  • Kernel core file occurs on vMX due to jlock assert. PR1398320

  • High jsd or na-grpcd CPU usage might be seen even JET or JTI is not used. PR1398398

  • The bbe-smgd process might generate a core file when executing show pppoe lockout. PR1398873

  • FPC might crash after offline/online MIC-3D-16CHE1-T1-CE-H. PR1402563

High Availability (HA) and Resiliency

  • Backup Routing Engine might go to db prompt after performing configuration remove and restore. PR1269383

  • Observed error: not enough space in /var on re1. while doing unified ISSU upgrade from Junos OS Release 17.4-20180328.0 to Release 18.2-20180416.0. PR1354069

  • VC-Bm cannot sync with VC-Mm when the Virtual Chassis splits the reforms. PR1361617

Interfaces and Chassis

  • Aggregated Ethernet speed calculation changes according to 10 Gigabit Ethernet after post GRES. PR1326316

  • Momentary dip in traffic occurs when a GRES is performed. PR1336455

  • Native-vlan-id support on ps-interface. PR1352933

  • The sonet interface will go down after enabling "keep-address-and-control" in L2VPN scenario. PR1354713

  • The aggregated Ethernet interface might flap when the link speed of the aggregated Ethernet bundle is configured to oc192. PR1355270

  • Approximately 50 percent of PPPoE subscribers (PTA and L2TP) and all ESSM subscribers are lost after ISSU during DT CST stress test. PR1360870

  • Error messages like ifname [ds-5/0/2:4:1] is chan ci candidate are seen during a commit operation. PR1363536

  • In case of MPLS , DMR packets are sent with different mpls exp bits if MX Series router receives CFM DMM packets with varying exp values on MPLS header. PR1365709

  • In rare case, there might be L2TP subscribers stuck in terminated state. PR1368650

  • The EOAM LTM messages might not get forwarded after system reboot in CFM scenario configured with CCC interface. PR1369085

  • ISSU could be aborted at Timed out Waiting for protocol backup chassis master switch to complete with MX Series Virtual Chassis configuration. PR1371297

  • The error parse_remove_ifl_from_routing_inst() ERROR : No route inst on et-0/0/16.16386 is seen after restarting l2cpd daemon. PR1373927

  • The dcd process might go down when vlan-id none is configured for the interface. PR1374933

  • FTI logical interface VNI limits changed from (0..16777215) to (0..16777214). PR1376011

  • Duplicate IP cannot be configured on both SONET (so-) interface and other interfaces. PR1377690

  • Some error logs (Tx unknown LCP packet) might be reported by the bbe-smgd daemon on MX Series platforms. PR1378912

  • Higher level OAM CFM between CE might not work in VPLS scenario. PR1380799

  • The dcd restarted unexpectedly after committing a configuration with static demux interface stacking over ps interface. PR1382857

  • The jpppd process might crash if the EPD value contains a format specifier. PR1384137

  • DCD core can be seen after FPC restart if channelized interfaces are configured. PR1387962

  • Interface-control thrashes and dcd does not restart after adding invalid demux interface to the configuration. PR1389461

  • Decoupling of Layer 2 logical interface configuration from bridge-domain or EVPN configuration PR1390823

Layer 2 Ethernet Services

  • STP status gets wrong after changing outer VLAN-tags. PR1121564

  • The MAC address might not be learned due to spanning-tree state "discarding" in kernel table after Routing Engine switchover. PR1205373

  • Migrate from syslog API to Errmsg API;/src/junos/usr.sbin/lacpd. PR1284592

  • ZTP infra scripts are not included for MX Series PPC routers. PR1349249

  • Migrate from syslog API to Errmsg API:PPMD client LACP. PR1358599

  • The DHCP leasequery message is replied to with an incorrect source address. PR1367485

  • JSA10889 2018-10 Security Bulletin: Junos OS: The jdhcpd process crashes during processing of specially crafted DHCPv6 message (CVE-2018-0055). PR1368377

  • The subscriber's authentication might fail when the link-layer address encoded in the DHCPv6 DUID is different from the actual link-layer hardware address. PR1390422

Layer 2 Features

  • The traffic might not be transmitted correctly in a large-scale VPLS scenario. PR1371994

MPLS

  • When minimum-bandwidth and bandwidth commands are present in the configuration, the bandwidth selection of the LSP is inconsistent. PR1142443

  • JDI-RCT: Rpd core file is seen on master Routing Engine after performing restart chassisd. PR1352227

  • Layer 2 Circuit might flap after an interface goes down even if the LDP session stays up when l2-smart-policy is configured. PR1360255

  • The rpd might crash in BGP LU and LDP scenario. PR1366920

  • RSVP authentication might fail between some Junos OS releases and causes traffic loss during local repair. PR1370182

  • The next hop of static LSP for MPLS might get stuck in dead state after changing the network mask of the outgoing interface. PR1372630

  • The traceroute MPLS might fail when traceroute is executed from a Juniper Networks device to another device not supporting RFC 6424. PR1372924

  • Rpd process eventually might crash after Routing Engine switchover with GRES/NSR enabled. PR1373313

  • The traffic might not be load-balanced equally across LSPs with ldp-tunneling configured. PR1373575

  • The rpd process might crash continuously if nsr-synchronization or all flag is used in RSVP traceoptions. PR1376354

  • JSA10883: Junos OS: Receipt of a specifically crafted malicious MPLS packet leads to a Junos kernel crash (CVE-2018-0049). PR1380862

  • Ingress LSPs go down due to CSPF failure. PR1385204

  • Configured bandwidth 0 does not get applied on RSVP interface. PR1387277

  • Bypass LSP is taking same SRLG colored path. PR1387497

Platform and Infrastructure

  • MAC addresses are not learned on bridge-domains after XE/GE interface flap tests. PR1275544

  • MQCHIP CPQ block should report major alarm. PR1276132

  • Distributed multicast might not be forwarded to a subscriber interface. PR1277744

  • show igmp statistics not including any statistics under interface aggregate for distributed multicast interfaces. PR1289415

  • When chassis control restart is done with aggregated Ethernet and COS rewrite configuration, Platform failed to bind rewrite messages could be seen in syslog. PR1315437

  • RLT subinterfaces are not reporting statistics. PR1346403

  • lt- interface gets deleted with tunnel-services configuration still present. PR1350733

  • Some linecards might crash in subscriber scenario enabled with distributed IGMP. PR1355334

  • When forwarding-class-accounting command is enabled on an interface, inside of a routing-instance of instance-type vrf, aggregate input forwarding-class statistics do not increment (egress statistics work fine). PR1357965

  • JSA10899 2018-10 Security Bulletin: Junos OS: Nexthop index allocation failed: private index space was exhausted through incoming ARP requests to management interface (CVE-2018-0063). PR1360039

  • Select CLI functions are not triggering properly (set security ssh-known-hosts load-key-file, set system master-password). PR1363475

  • Qmon sensors are not working with hypermode enabled. PR1365990

  • Subscribers over aggregated Ethernet interface might have tail drops, which will affect the fragmented packets due to QXCHIP buffer getting filled up. PR1368414

  • Forwarding is broken after adding protocol evpn extended-vlan-id. PR1368802

  • The host outbound traffic might get dropped when the class-of-service host-outbound-traffic ieee-802.1 rewrite-rules command is configured. PR1371304

  • Traffic might drop on new added interfaces on MX Series routers after unified ISSU. PR1371373

  • The logical tunnel interface might be unable to send out control packets generated by Routing Engine. PR1372738

  • JNH memory leaks in multicast scenario with MoFRR enabled. PR1373631

  • Traffic traversing an IRB is not tagged with a VLAN if the packets go through an additional routing-instance. PR1377526

  • FPC crash might be seen after FPC restarts. PR1380527

  • lsi binding is missing upon nd6 entry refresh after l2ifl flap. PR1380590

  • Packet drops on interface if the command gigether-options loopback is configured. PR1380746

  • In certain Junos scenarios, DFWD memory corruption is seen due to large logical interface fstate messages. This can lead to log messages on dfwd traceoptions and occasionally DFWD core file. PR1380798

  • Packet drops might be seen if the packet header is over 252 bytes. PR1385585

  • The configuration through NETCONF session might fail. PR1383567

  • L3VPN/ROSEN over PS over RLT: In Junos OS Release 18.4DCB after ifconfig goes down for PS logical interface, and its Link and Admin status are not going down as expected. PR1396335

Routing Policy and Firewall Filters

  • Set metric multiplier offset might overflow/underflow. PR1349462

  • The rpd process might crash if then next-hop is configured for LDP export policy. PR1388156

Routing Protocols

  • Migrate from syslog API to Errmsg API;/src/junos/usr.sbin/ppmd. PR1284621

  • Multihop eBGP peering session exchanging EVPN routes can result in rpd core file when BGP updates are sent. PR1304639

  • The BGP session might be stuck with high BGP OutQ value after GRES on both sides. PR1323306

  • The rpd might crash when BGP neighbor is flapping. PR1337304

  • The bfd process memory leak might be observed if enabling multi-hop BFD session for a static route with multiple qualified-next-hop. PR1345041

  • Rpd crash might be seen after executing Routing Engine switchover. PR1349167

  • FPC might continuously crash on vMX platforms. PR1364624

  • sBFD session flaps incrementally with 300 StaticSR clients configured with 100 ms as minimum-interval. PR1366124

  • Static route gets unexpectedly refreshed on commit when configured with resolve configuration statement. PR1366940

  • About 10 minutes of traffic loss is caused by BGP flap during MX Series unified ISSU. PR1368805

  • TCP sessions might be taken down during Routing Engine switchover. PR1371045

  • Route entry might be missing when IS-IS shortcut is enabled and MPLS link flaps. PR1372937

  • SSH is not working if [edit system services ssh hostkey-algorithms] is set or in FIPS mode. PR1382485

  • The rpd might crash after issuing operational command show route detail for RIP route. PR1386873

  • Penultimate-hop router does not install BGP LU label, causing traffic to be silently dropped or discarded. PR1387746

  • Next hop is not deleted by ukernel. However, the delete command is seen in rtsockmon. PR1389379

  • The rpd process might crash when rp-register-policy is configured with more than 511 terms. PR1394259

Services Applications

  • Selectively start ZLB Delay timer at the Packet Forwarding Engine for LAC tunnels. PR1338450

  • L2TP Access Concentrator (LAC) tunnel connection request packets might be discarded on LNS device. PR1362542

  • The L2TP subscribers might not be able to log in successfully due to the jl2tpd memory leak. PR1364774

  • Accounting stop message is not sent to RADIUS server after bringing down the L2TP subscriber. PR1368840

  • IPsec-VPN IKE security-associations might get stuck in "Not Matured" state. PR1369340

  • Actual-Data-Rate-Downstream might not be included in the L2TP ICRQ message. PR1370699

  • NAT64 does not translate ICMPv6 Type 2 packet (packet is too big) correctly when MS-DPC is used for NAT64. PR1374255

  • FTP ALG is not supported with twice-nat. PR1383964

  • L2TP subscribers might be stuck in init state in a corner case. PR1391847

Subscriber Access Management

  • The authd process might not be started after executing Routing Engine switchover on the backup Routing Engine without GRES enabled. PR1368067

  • RADIUS VSAs, Actual-Data-Rate-Downstream, and Actual-Data-Rate-Upstream values are not compliant with RFC 4679. PR1379129

  • CoA updates subscriber with original dynamic-profile if RADIUS has returned a different dynamic-profile name. PR1381230

  • Some subscribers fail to get SRL service as provided in the RADIUS accept message even though the RADIUS messages can be sent and received. PR1381383

  • The value of predefined-variable-defaults routing-instances overrides the RADIUS-supplied VSA (26-1 Virtual-Router). PR1382074

  • Log Message: authd: gx-plus: logout: wrong state for request session-id <xyz>. PR1384599

  • Multiple IPv6 IANA addresses are assigned for one session in IPv6 PD binding failure scenarios. PR1384889

  • Usage-Monitoring-Information AVP as part of PCRF gx-plus provisioning is causing service accounting activation. PR1391411

VPNs

  • The rpd process might crash after configuration change in an L2VPN scenario. PR1351386

  • In dual-homed next-generation MVPN, the receipt of type 5 withdrawal removes downstream join states for some routes. PR1368788

  • In MVPN source site, a redundant environment primary site can generate type 5 routes for the sources from different sites without having real traffic, potentially causing an outage if the receiver PE devices accept those routes as preferable. PR1375716

Documentation Updates

This section lists the errata and changes in Junos OS Release 18.4R1 documentation for MX Series.

Subscriber Management Provisioning Guide

  • The new topic, Subscriber Management RADIUS Dictionary Files, provides a link to the Juniper Networks RADIUS dictionary that is used by default with subscriber management for each supported release. The dictionary is updated only when software features that affect the file are added or changed. The dictionary is not updated for every Junos OS release.

Subscriber Management VLANs Interfaces Guide

  • The Broadband Subscriber VLANs and Interfaces Feature Guide did not clearly indicate that only demux0 is supported for demux interfaces. If you configure a different demux interface, such as demux1, the configuration commit fails.

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS for the MX Series. Upgrading or downgrading Junos OS might take several minutes, depending on the size and configuration of the network.

Starting in Junos OS 18.3R1 release, FreeBSD 11.x is the underlying OS for all Junos OS platforms which were previously running on FreeBSD 10.x based Junos OS. FreeBSD 11.x does not introduce any new Junos OS related modifications or features but is the latest version of FreeBSD.

The following table shows detailed information about which Junos OS can be used on which products:

Platform

FreeBSD 6.x-based Junos OS

FreeBSD 11.x-based Junos OS

MX5,MX10, MX40,MX80, MX104

YES

NO

MX240, MX480, MX960,

MX2010, MX2020

NO

YES

Basic Procedure for Upgrading to Release 18.4

Note

Before upgrading, back up the file system and the currently active Junos OS configuration so that you can recover to a known, stable environment in case the upgrade is unsuccessful. Issue the following command:

The installation process rebuilds the file system and completely reinstalls Junos OS. Configuration information from the previous software installation is retained, but the contents of log files might be erased. Stored files on the routing platform, such as configuration templates and shell scripts (the only exceptions are the juniper.conf and ssh files) might be removed. To preserve the stored files, copy them to another system before upgrading or downgrading the routing platform. For more information, see the Junos OS Administration Library.

For more information about the installation process, see Installation and Upgrade Guide and Upgrading Junos OS with Upgraded FreeBSD.

Procedure to Upgrade to FreeBSD 11.x based Junos OS

Products impacted: MX240, MX480, MX960, MX2010, and MX2020.

To download and install FreeBSD 11.x based Junos OS:

  1. Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:

    https://www.juniper.net/support/downloads/

  2. Select the name of the Junos OS platform for the software that you want to download.
  3. Select the release number (the number of the software version that you want to download) from the Release drop-down list to the right of the Download Software page.
  4. Select the Software tab.
  5. In the Install Package section of the Software tab, select the software package for the release.
  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the routing platform or to your internal software distribution site.
  10. Install the new jinstall package on the routing platform.Note

    We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

    All customers except the customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:

    • For 32-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-32-18.4R1.9-signed.tgz

    • For 64-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-64-18.4R1.9-signed.tgz

    Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption Junos package):

    • For 32-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-32-18.4R1.x-limited.tgz

    • For 64-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-64-18.4R1.9-limited.tgz

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the router.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname

    Do not use the validate option while upgrading from Junos OS (FreeBSD 6.x) to Junos OS (FreeBSD 11.x). This is because programs in the junos-upgrade-x package are built based on FreeBSD 11.x, and Junos OS (FreeBSD 6.x) would not be able to run these programs. You must run the no-validate option. The no-validate statement disables the validation procedure and allows you to use an import policy instead.

    Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note

You need to install the Junos OS software package and host software package on the routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. For upgrading the host OS on these routers with VM Host support, use the junos-vmhost-install-x.tgz image and specify the name of the regular package in the request vmhost software add command. For more information, see the VM Host Installation topic in the Installation and Upgrade Guide.

Note

After you install a Junos OS Release 18.4 jinstall package, you cannot return to the previously installed Junos OS (FreeBSD 6.x) software by issuing the request system software rollback command. Instead, you must issue the request system software add no-validate command and specify the jinstall package that corresponds to the previously installed software.

Note

Most of the existing request system commands are not supported on routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. See the VM Host Software Administrative Commands in the Installation and Upgrade Guide.

Procedure to Upgrade to FreeBSD 6.x based Junos OS

Products impacted: MX5, MX10, MX40, MX80, MX104.

To download and install FreeBSD 6.x based Junos OS:

  1. Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:

    https://www.juniper.net/support/downloads/

  2. Select the name of the Junos OS platform for the software that you want to download.
  3. Select the release number (the number of the software version that you want to download) from the Release drop-down list to the right of the Download Software page.
  4. Select the Software tab.
  5. In the Install Package section of the Software tab, select the software package for the release.
  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the routing platform or to your internal software distribution site.
  10. Install the new jinstall package on the routing platform.Note

    We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

    • All customers except the customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:

      user@host> request system software add validate reboot source/jinstall-ppc-18.4R1.9-signed.tgz

    • Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption Junos OS package):

      user@host> request system software add validate reboot source/jinstall-ppc-18.4R1.9-limited-signed.tgz

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the router.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname

    The validate option validates the software package against the current configuration as a prerequisite to adding the software package to ensure that the router reboots successfully. This is the default behavior when the software package being added is a different release.

    Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note

After you install a Junos OS Release 18.4 jinstall package, you cannot return to the previously installed software by issuing the request system software rollback command. Instead, you must issue the request system software add validate command and specify the jinstall package that corresponds to the previously installed software.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2, and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.

You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.

Upgrading a Router with Redundant Routing Engines

If the router has two Routing Engines, perform the following Junos OS installation on each Routing Engine separately to avoid disrupting network operation:

  1. Disable graceful Routing Engine switchover (GRES) on the master Routing Engine, and save the configuration change to both Routing Engines.

  2. Install the new Junos OS release on the backup Routing Engine while keeping the currently running software version on the master Routing Engine.

  3. After making sure that the new software version is running correctly on the backup Routing Engine, switch over to the backup Routing Engine to activate the new software.

  4. Install the new software on the original master Routing Engine that is now active as the backup Routing Engine.

For the detailed procedure, see the Installation and Upgrade Guide.

Downgrading from Release 18.4

To downgrade from Release 18.4 to another supported release, follow the procedure for upgrading, but replace the 18.4 jinstall package with one that corresponds to the appropriate release.

Note

You cannot downgrade more than three releases.

For more information, see the Installation and Upgrade Guide.

Product Compatibility

Hardware Compatibility

To obtain information about the components that are supported on the devices, and special compatibility guidelines with the release, see the Hardware Guide and the Interface Module Reference for the product.

To determine the features supported on MX Series devices in this release, use the Juniper Networks Feature Explorer, a Web-based application that helps you to explore and compare Junos OS feature information to find the right software release and hardware platform for your network. Find Feature Explorer at: https://apps.juniper.net/feature-explorer/.

Hardware Compatibility Tool

For a hardware compatibility matrix for optical interfaces and transceivers supported across all platforms, see the Hardware Compatibility tool.

Release History Table
Release
Description
18.3R1
Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the Junos Telemetry Interface (JTI).